;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6416D74719F470DA52B92FED40B6D338
; File Name : u:\work\6416d74719f470da52b92fed40b6d338_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 10000000
; Section 1. (virtual address 00001000)
; Virtual size : 00005B6A ( 23402.)
; Section size in file : 00005C00 ( 23552.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 10001000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001000 proc near ; CODE XREF: .text:10002C18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
jmp short loc_10001016
; ---------------------------------------------------------------------------
loc_10001008: ; CODE XREF: sub_10001000:loc_1000103A�j
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_4]
inc eax
mov [ebp+arg_4], eax
loc_10001016: ; CODE XREF: sub_10001000+6�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jnz short loc_1000103C
nop
nop
nop
nop
nop
nop
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_1000103A
xor eax, eax
jmp short loc_10001056
; ---------------------------------------------------------------------------
loc_1000103A: ; CODE XREF: sub_10001000+34�j
jmp short loc_10001008
; ---------------------------------------------------------------------------
loc_1000103C: ; CODE XREF: sub_10001000+24�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
movzx ecx, byte ptr [ecx]
xor edx, edx
cmp eax, ecx
setnl dl
dec edx
and edx, 0FFFFFFFEh
inc edx
mov eax, edx
loc_10001056: ; CODE XREF: sub_10001000+38�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_10001000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000105B proc near ; CODE XREF: sub_10001910+2B�p
; sub_10001A6A+11�p ...
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov al, [ebp+arg_4]
mov [ebp+var_8], al
nop
nop
nop
nop
loc_10001073: ; CODE XREF: sub_1000105B+37�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_8]
dec ecx
mov [ebp+arg_8], ecx
test eax, eax
jz short loc_10001094
mov eax, [ebp+var_4]
mov cl, [ebp+arg_4]
mov [eax], cl
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
nop
nop
jmp short loc_10001073
; ---------------------------------------------------------------------------
loc_10001094: ; CODE XREF: sub_1000105B+24�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
leave
retn
sub_1000105B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000109C proc near ; CODE XREF: sub_1000111B+15�p
; .text:10001ECA�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
jmp short loc_100010C0
; ---------------------------------------------------------------------------
loc_100010B2: ; CODE XREF: sub_1000109C+3C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_100010C0: ; CODE XREF: sub_1000109C+14�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_100010DA
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov cl, [ecx]
mov [eax], cl
nop
nop
nop
nop
jmp short loc_100010B2
; ---------------------------------------------------------------------------
loc_100010DA: ; CODE XREF: sub_1000109C+2C�j
mov eax, [ebp+var_8]
and byte ptr [eax], 0
nop
nop
nop
nop
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
leave
retn
sub_1000109C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100010EC proc near ; CODE XREF: sub_1000111B+9�p
; sub_100011F8+A0�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
and [ebp+var_4], 0
jmp short loc_10001100
; ---------------------------------------------------------------------------
loc_100010F9: ; CODE XREF: sub_100010EC+21�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_10001100: ; CODE XREF: sub_100010EC+B�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_1000110F
jmp short loc_100010F9
; ---------------------------------------------------------------------------
loc_1000110F: ; CODE XREF: sub_100010EC+1F�j
nop
nop
nop
nop
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_100010EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000111B proc near ; CODE XREF: sub_10001910+4F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push [ebp+arg_4]
push [ebp+arg_0]
call sub_100010EC
pop ecx
mov ecx, [ebp+arg_0]
add ecx, eax
push ecx
call sub_1000109C
pop ecx
pop ecx
mov eax, [ebp+arg_0]
pop ebp
retn
sub_1000111B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000113C proc near ; CODE XREF: .text:10001198�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
and [ebp+var_4], 0
push esi
nop
nop
nop
nop
push ebx
mov eax, large fs:30h
nop
nop
nop
nop
nop
nop
mov eax, [eax+0Ch]
nop
nop
nop
nop
nop
nop
mov esi, [eax+1Ch]
nop
nop
lodsd
mov ebx, [eax+8]
mov [ebp+var_4], ebx
pop ebx
pop esi
nop
nop
nop
nop
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_1000113C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
and dword ptr [ebp-4], 0
push eax
push ebx
nop
nop
nop
nop
push ecx
push edx
push ebp
nop
nop
nop
nop
push esi
push edi
nop
nop
call sub_1000113C
xor ebp, ebp
nop
nop
mov ebx, [eax+3Ch]
add ebx, eax
mov edx, [ebx+78h]
add edx, eax
nop
nop
mov ecx, [edx+20h]
add ecx, eax
nop
nop
mov esi, [edx+1Ch]
add esi, eax
loc_100011B9: ; CODE XREF: .text:100011DE�j
mov edi, [ecx]
add edi, eax
nop
nop
cmp dword ptr [edi+4], 41636F72h
jnz short loc_100011D6
add esi, ebp
mov esi, [esi]
nop
nop
add esi, eax
mov eax, esi
jmp short loc_100011E0
; ---------------------------------------------------------------------------
db 2 dup(90h)
; ---------------------------------------------------------------------------
loc_100011D6: ; CODE XREF: .text:100011C6�j
add ecx, 4
add ebp, 4
nop
nop
jmp short loc_100011B9
; ---------------------------------------------------------------------------
loc_100011E0: ; CODE XREF: .text:100011D2�j
pop edi
nop
nop
pop esi
pop ebp
pop edx
pop ecx
pop ebx
nop
nop
mov [ebp-4], eax
pop eax
nop
nop
mov eax, [ebp-4]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100011F8 proc near ; CODE XREF: .text:10001EBC�p
; .text:10001EDD�p ...
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
push 1
mov eax, [ebp+arg_8]
imul eax, 0Ah
push eax
call near ptr dword_10002FCC
pop ecx
pop ecx
mov [ebp+var_118], eax
nop
nop
cmp [ebp+var_118], 0
jnz short loc_1000122C
xor eax, eax
jmp loc_10001432
; ---------------------------------------------------------------------------
loc_1000122C: ; CODE XREF: sub_100011F8+2B�j
and [ebp+var_114], 0
jmp short loc_10001242
; ---------------------------------------------------------------------------
loc_10001235: ; CODE XREF: sub_100011F8+6B�j
mov eax, [ebp+var_114]
inc eax
mov [ebp+var_114], eax
loc_10001242: ; CODE XREF: sub_100011F8+3B�j
cmp [ebp+var_114], 0FFh
jg short loc_10001265
nop
nop
mov eax, [ebp+var_114]
mov cl, byte ptr [ebp+var_114]
mov [ebp+eax+var_100], cl
jmp short loc_10001235
; ---------------------------------------------------------------------------
loc_10001265: ; CODE XREF: sub_100011F8+54�j
and [ebp+var_110], 0
and [ebp+var_108], 0
jmp short loc_10001282
; ---------------------------------------------------------------------------
loc_10001275: ; CODE XREF: sub_100011F8+123�j
mov eax, [ebp+var_108]
inc eax
mov [ebp+var_108], eax
loc_10001282: ; CODE XREF: sub_100011F8+7B�j
cmp [ebp+var_108], 0FFh
jg loc_10001320
nop
nop
nop
push [ebp+arg_0]
call sub_100010EC
pop ecx
mov ecx, eax
mov eax, [ebp+var_108]
cdq
idiv ecx
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+edx]
mov ecx, [ebp+var_108]
movzx ecx, [ebp+ecx+var_100]
mov edx, [ebp+var_110]
add edx, eax
add ecx, edx
mov eax, ecx
cdq
mov ecx, 100h
idiv ecx
mov [ebp+var_110], edx
nop
nop
nop
mov eax, [ebp+var_108]
mov al, [ebp+eax+var_100]
mov [ebp+var_104], al
mov eax, [ebp+var_108]
mov ecx, [ebp+var_110]
mov cl, [ebp+ecx+var_100]
mov [ebp+eax+var_100], cl
mov eax, [ebp+var_110]
mov cl, [ebp+var_104]
mov [ebp+eax+var_100], cl
jmp loc_10001275
; ---------------------------------------------------------------------------
loc_10001320: ; CODE XREF: sub_100011F8+94�j
and [ebp+var_108], 0
and [ebp+var_110], 0
and [ebp+var_108], 0
jmp short loc_10001344
; ---------------------------------------------------------------------------
loc_10001337: ; CODE XREF: sub_100011F8+22F�j
mov eax, [ebp+var_108]
inc eax
mov [ebp+var_108], eax
loc_10001344: ; CODE XREF: sub_100011F8+13D�j
mov eax, [ebp+var_108]
cmp eax, [ebp+arg_8]
jge loc_1000142C
mov eax, [ebp+var_108]
cdq
mov ecx, 100h
idiv ecx
mov [ebp+var_10C], edx
nop
nop
nop
nop
nop
nop
nop
nop
mov eax, [ebp+var_10C]
movzx eax, [ebp+eax+var_100]
add eax, [ebp+var_110]
cdq
mov ecx, 100h
idiv ecx
mov [ebp+var_110], edx
mov eax, [ebp+var_10C]
mov al, [ebp+eax+var_100]
mov [ebp+var_104], al
mov eax, [ebp+var_10C]
mov ecx, [ebp+var_110]
mov cl, [ebp+ecx+var_100]
mov [ebp+eax+var_100], cl
mov eax, [ebp+var_110]
mov cl, [ebp+var_104]
mov [ebp+eax+var_100], cl
nop
nop
nop
nop
nop
nop
nop
nop
mov eax, [ebp+arg_4]
add eax, [ebp+var_108]
movsx ecx, byte ptr [eax]
mov eax, [ebp+var_10C]
movzx eax, [ebp+eax+var_100]
mov edx, [ebp+var_110]
movzx edx, [ebp+edx+var_100]
add eax, edx
cdq
mov esi, 100h
idiv esi
movzx eax, [ebp+edx+var_100]
xor ecx, eax
mov eax, [ebp+var_118]
add eax, [ebp+var_108]
mov [eax], cl
nop
nop
nop
nop
jmp loc_10001337
; ---------------------------------------------------------------------------
loc_1000142C: ; CODE XREF: sub_100011F8+155�j
mov eax, [ebp+var_118]
loc_10001432: ; CODE XREF: sub_100011F8+2F�j
pop edi
pop esi
pop ebx
leave
retn
sub_100011F8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+0Ch]
shl eax, 4
mov [ebp-4], eax
push 1
push dword ptr [ebp-4]
call near ptr dword_10002FCC
pop ecx
pop ecx
mov [ebp-10h], eax
cmp dword ptr [ebp-10h], 0
jnz short loc_1000145F
xor eax, eax
jmp short locret_10001489
; ---------------------------------------------------------------------------
loc_1000145F: ; CODE XREF: .text:10001459�j
lea eax, [ebp-8]
push eax
lea eax, [ebp-0Ch]
push eax
push 2
call dword_1000AD4C
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push dword ptr [ebp-4]
push dword ptr [ebp-10h]
push 2
call dword_1000AD38
mov eax, [ebp-10h]
locret_10001489: ; CODE XREF: .text:1000145D�j
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000148B proc near ; CODE XREF: sub_100014B8+18�p
; sub_100014B8+AF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
nop
nop
nop
nop
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
test edx, edx
jnz short loc_100014A6
mov eax, [ebp+arg_0]
jmp short loc_100014B3
; ---------------------------------------------------------------------------
loc_100014A6: ; CODE XREF: sub_1000148B+14�j
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
inc eax
imul eax, [ebp+arg_4]
loc_100014B3: ; CODE XREF: sub_1000148B+19�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_1000148B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100014B8 proc near ; CODE XREF: sub_1000161D+A9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
nop
nop
nop
nop
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+arg_8]
push dword ptr [eax+54h]
call sub_1000148B
pop ecx
pop ecx
mov [ebp+var_4], eax
and [ebp+var_8], 0
jmp short loc_100014E7
; ---------------------------------------------------------------------------
loc_100014E0: ; CODE XREF: sub_100014B8:loc_10001610�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_100014E7: ; CODE XREF: sub_100014B8+26�j
mov eax, [ebp+arg_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_8], eax
jge loc_10001615
nop
nop
nop
nop
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+eax+14h]
mov edx, [ebp+arg_C]
add eax, [edx+ecx+10h]
cmp eax, [ebp+arg_4]
jbe short loc_10001521
xor eax, eax
jmp loc_10001618
; ---------------------------------------------------------------------------
loc_10001521: ; CODE XREF: sub_100014B8+60�j
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+eax+0Ch], 0
jz short loc_100015A8
nop
nop
nop
nop
nop
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+eax+8], 0
jz short loc_10001577
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+eax+0Ch]
mov edx, [ebp+arg_C]
add eax, [edx+ecx+8]
push eax
call sub_1000148B
pop ecx
pop ecx
mov [ebp+var_4], eax
nop
nop
nop
nop
jmp short loc_100015A6
; ---------------------------------------------------------------------------
loc_10001577: ; CODE XREF: sub_100014B8+8C�j
nop
nop
nop
nop
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov eax, [edx+eax+0Ch]
mov edx, [ebp+arg_C]
add eax, [edx+ecx+10h]
push eax
call sub_1000148B
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_100015A6: ; CODE XREF: sub_100014B8+BD�j
jmp short loc_10001610
; ---------------------------------------------------------------------------
loc_100015A8: ; CODE XREF: sub_100014B8+77�j
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, [ebp+arg_C]
mov esi, [ebp+arg_C]
mov eax, [edx+eax+8]
cmp eax, [esi+ecx+10h]
jnb short loc_100015EB
nop
nop
nop
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
push dword ptr [ecx+eax+8]
call sub_1000148B
pop ecx
pop ecx
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
jmp short loc_10001610
; ---------------------------------------------------------------------------
loc_100015EB: ; CODE XREF: sub_100014B8+10A�j
mov eax, [ebp+arg_8]
push dword ptr [eax+38h]
mov eax, [ebp+var_8]
imul eax, 28h
mov ecx, [ebp+arg_C]
push dword ptr [ecx+eax+8]
call sub_1000148B
pop ecx
pop ecx
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
nop
nop
nop
loc_10001610: ; CODE XREF: sub_100014B8:loc_100015A6�j
; sub_100014B8+131�j
jmp loc_100014E0
; ---------------------------------------------------------------------------
loc_10001615: ; CODE XREF: sub_100014B8+39�j
mov eax, [ebp+var_4]
loc_10001618: ; CODE XREF: sub_100014B8+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_100014B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1000161D proc near ; CODE XREF: .text:10001E5F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
cmp [ebp+arg_4], 40h
jnb short loc_10001639
xor eax, eax
jmp loc_100018FA
; ---------------------------------------------------------------------------
loc_10001639: ; CODE XREF: sub_1000161D+13�j
mov eax, [ebp+var_18]
movzx eax, word ptr [eax]
cmp eax, 5A4Dh
jz short loc_1000164D
xor eax, eax
jmp loc_100018FA
; ---------------------------------------------------------------------------
loc_1000164D: ; CODE XREF: sub_1000161D+27�j
mov eax, [ebp+var_18]
mov eax, [eax+3Ch]
add eax, 0F8h
cmp [ebp+arg_4], eax
jge short loc_10001664
xor eax, eax
jmp loc_100018FA
; ---------------------------------------------------------------------------
loc_10001664: ; CODE XREF: sub_1000161D+3E�j
mov eax, [ebp+var_18]
mov ecx, [ebp+var_18]
add ecx, [eax+3Ch]
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp dword ptr [eax], 4550h
jz short loc_10001682
xor eax, eax
jmp loc_100018FA
; ---------------------------------------------------------------------------
loc_10001682: ; CODE XREF: sub_1000161D+5C�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+16h]
and eax, 2000h
test eax, eax
jnz short loc_100016A6
xor eax, eax
test eax, eax
jnz short loc_100016A6
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+14h]
cmp eax, 0E0h
jz short loc_100016AD
loc_100016A6: ; CODE XREF: sub_1000161D+73�j
; sub_1000161D+79�j
xor eax, eax
jmp loc_100018FA
; ---------------------------------------------------------------------------
loc_100016AD: ; CODE XREF: sub_1000161D+87�j
nop
nop
mov eax, [ebp+var_8]
add eax, 0F8h
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+var_8]
push [ebp+arg_4]
push [ebp+var_18]
call sub_100014B8
add esp, 10h
mov ecx, [ebp+arg_14]
mov [ecx], eax
nop
nop
nop
nop
mov eax, [ebp+arg_14]
cmp dword ptr [eax], 0
jnz short loc_100016E6
xor eax, eax
jmp loc_100018FA
; ---------------------------------------------------------------------------
loc_100016E6: ; CODE XREF: sub_1000161D+C0�j
push 40h
push 1000h
mov eax, [ebp+arg_14]
push dword ptr [eax]
push 0
call dword_1000ADC8
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jz loc_100018F7
mov eax, [ebp+var_8]
mov eax, [eax+54h]
mov [ebp+var_14], eax
nop
nop
nop
nop
nop
nop
nop
and [ebp+var_10], 0
jmp short loc_10001728
; ---------------------------------------------------------------------------
loc_10001721: ; CODE XREF: sub_1000161D:loc_10001766�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_10001728: ; CODE XREF: sub_1000161D+102�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_10], eax
jge short loc_10001768
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+eax+14h], 0
jz short loc_10001766
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+var_4]
mov eax, [ecx+eax+14h]
cmp eax, [ebp+var_14]
jnb short loc_10001766
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+var_4]
mov eax, [ecx+eax+14h]
mov [ebp+var_14], eax
loc_10001766: ; CODE XREF: sub_1000161D+125�j
; sub_1000161D+137�j
jmp short loc_10001721
; ---------------------------------------------------------------------------
loc_10001768: ; CODE XREF: sub_1000161D+115�j
nop
nop
nop
nop
nop
push [ebp+var_14]
push [ebp+var_18]
mov eax, [ebp+arg_10]
push dword ptr [eax]
call sub_10002946
add esp, 0Ch
nop
nop
nop
nop
mov eax, [ebp+arg_10]
mov eax, [eax]
mov ecx, [ebp+arg_10]
mov ecx, [ecx]
add ecx, [eax+3Ch]
mov eax, [ebp+arg_8]
mov [eax], ecx
nop
nop
nop
mov eax, [ebp+arg_8]
mov eax, [eax]
add eax, 0F8h
mov ecx, [ebp+arg_C]
mov [ecx], eax
nop
nop
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+54h]
call sub_1000148B
pop ecx
pop ecx
mov ecx, [ebp+arg_10]
mov ecx, [ecx]
add ecx, eax
mov [ebp+var_C], ecx
nop
nop
nop
nop
and [ebp+var_10], 0
jmp short loc_100017DC
; ---------------------------------------------------------------------------
loc_100017D5: ; CODE XREF: sub_1000161D:loc_100018F2�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_100017DC: ; CODE XREF: sub_1000161D+1B6�j
mov eax, [ebp+arg_8]
mov eax, [eax]
movzx eax, word ptr [eax+6]
cmp [ebp+var_10], eax
jge loc_100018F7
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
cmp dword ptr [ecx+eax+0Ch], 0
jz short loc_10001817
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov edx, [ebp+arg_10]
mov edx, [edx]
add edx, [ecx+eax+0Ch]
mov [ebp+var_C], edx
loc_10001817: ; CODE XREF: sub_1000161D+1E1�j
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
cmp dword ptr [ecx+eax+10h], 0
jz loc_100018CC
nop
nop
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+10h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov edx, [ebp+var_18]
add edx, [ecx+eax+14h]
push edx
push [ebp+var_C]
call sub_10002946
add esp, 0Ch
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov edx, [ebp+var_10]
imul edx, 28h
mov esi, [ebp+arg_C]
mov esi, [esi]
mov eax, [ecx+eax+8]
cmp eax, [esi+edx+10h]
jnb short loc_100018A4
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+10h]
call sub_1000148B
pop ecx
pop ecx
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
jmp short loc_100018CA
; ---------------------------------------------------------------------------
loc_100018A4: ; CODE XREF: sub_1000161D+25D�j
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+8]
call sub_1000148B
pop ecx
pop ecx
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
loc_100018CA: ; CODE XREF: sub_1000161D+285�j
jmp short loc_100018F2
; ---------------------------------------------------------------------------
loc_100018CC: ; CODE XREF: sub_1000161D+20A�j
mov eax, [ebp+arg_8]
mov eax, [eax]
push dword ptr [eax+38h]
mov eax, [ebp+var_10]
imul eax, 28h
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
push dword ptr [ecx+eax+8]
call sub_1000148B
pop ecx
pop ecx
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
loc_100018F2: ; CODE XREF: sub_1000161D:loc_100018CA�j
jmp loc_100017D5
; ---------------------------------------------------------------------------
loc_100018F7: ; CODE XREF: sub_1000161D+E8�j
; sub_1000161D+1CB�j
push 1
pop eax
loc_100018FA: ; CODE XREF: sub_1000161D+17�j
; sub_1000161D+2B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_1000161D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100018FF proc near ; CODE XREF: sub_10001910+18�p
; sub_10001B78:loc_10001C4B�p
push ebp
mov ebp, esp
xor eax, eax
cmp dword_1000ADA8, 0
setnz al
pop ebp
retn
sub_100018FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001910 proc near ; CODE XREF: sub_10001B78+1F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push 1
push 100h
call near ptr dword_10002FCC
pop ecx
pop ecx
mov [ebp+var_4], eax
call sub_100018FF
test eax, eax
jz short loc_1000196B
push 100h
push 0
push [ebp+var_4]
call sub_1000105B
add esp, 0Ch
nop
nop
nop
nop
nop
nop
push 100h
push [ebp+var_4]
push 0
call dword_1000AD78
push [ebp+arg_0]
push [ebp+var_4]
call sub_1000111B
pop ecx
pop ecx
mov eax, [ebp+var_4]
jmp short loc_1000196D
; ---------------------------------------------------------------------------
loc_1000196B: ; CODE XREF: sub_10001910+1F�j
xor eax, eax
loc_1000196D: ; CODE XREF: sub_10001910+59�j
pop edi
pop esi
pop ebx
leave
retn
sub_10001910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001972 proc near ; CODE XREF: sub_10001B78+12B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0A0h], 0
jz short loc_10001997
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0A4h], 0
jz short loc_10001997
mov [ebp+var_4], 1
jmp short loc_1000199B
; ---------------------------------------------------------------------------
loc_10001997: ; CODE XREF: sub_10001972+E�j
; sub_10001972+1A�j
and [ebp+var_4], 0
loc_1000199B: ; CODE XREF: sub_10001972+23�j
mov eax, [ebp+var_4]
leave
retn
sub_10001972 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100019A0 proc near ; CODE XREF: sub_10001B78+16B�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_8]
sub ecx, [eax+34h]
mov [ebp+var_8], ecx
nop
nop
nop
nop
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, [eax+0A0h]
mov [ebp+var_4], ecx
loc_100019C8: ; CODE XREF: sub_100019A0+A2�j
mov eax, [ebp+var_4]
mov eax, [eax]
mov ecx, [ebp+var_4]
add eax, [ecx+4]
test eax, eax
jz short loc_10001A44
mov eax, [ebp+var_4]
add eax, 8
mov [ebp+var_14], eax
mov [ebp+var_10], 1
jmp short loc_100019F0
; ---------------------------------------------------------------------------
loc_100019E9: ; CODE XREF: sub_100019A0+9A�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_100019F0: ; CODE XREF: sub_100019A0+47�j
mov eax, [ebp+var_4]
mov eax, [eax+4]
sub eax, 8
shr eax, 1
cmp [ebp+var_10], eax
ja short loc_10001A3C
xor eax, eax
test eax, eax
jz short loc_10001A32
nop
nop
nop
nop
nop
nop
nop
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
add ecx, [eax]
mov eax, [ebp+var_14]
movzx eax, word ptr [eax]
and eax, 0FFFh
add ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
mov eax, [eax]
add eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov [ecx], eax
loc_10001A32: ; CODE XREF: sub_100019A0+64�j
mov eax, [ebp+var_14]
inc eax
inc eax
mov [ebp+var_14], eax
jmp short loc_100019E9
; ---------------------------------------------------------------------------
loc_10001A3C: ; CODE XREF: sub_100019A0+5E�j
mov eax, [ebp+var_14]
mov [ebp+var_4], eax
jmp short loc_100019C8
; ---------------------------------------------------------------------------
loc_10001A44: ; CODE XREF: sub_100019A0+35�j
pop edi
pop esi
pop ebx
leave
retn
sub_100019A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001A49 proc near ; CODE XREF: sub_10001B78+EF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_1000AD44
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_10001A49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001A6A proc near ; CODE XREF: sub_10001B78+71�p
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_30 = byte ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 7Ch
push ebx
push esi
push edi
push 44h
push 0
lea eax, [ebp+var_74]
push eax
call sub_1000105B
add esp, 0Ch
nop
nop
nop
nop
push 10h
push 0
lea eax, [ebp+var_10]
push eax
call sub_1000105B
add esp, 0Ch
mov [ebp+var_74], 44h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_74]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_1000AD60
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz loc_10001B70
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_10]
mov [eax], ecx
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_C]
mov [eax], ecx
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_8]
mov [eax], ecx
nop
nop
nop
nop
nop
nop
mov eax, [ebp+arg_8]
mov dword ptr [eax], 10007h
push [ebp+arg_8]
mov eax, [ebp+arg_10]
push dword ptr [eax]
call dword_1000AD3C
lea eax, [ebp+var_78]
push eax
push 4
push [ebp+arg_18]
mov eax, [ebp+arg_8]
mov eax, [eax+0A4h]
add eax, 8
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
call dword_1000AD64
mov eax, [ebp+arg_18]
mov eax, [eax]
mov [ebp+var_7C], eax
loc_10001B29: ; CODE XREF: sub_10001A6A+F7�j
push 1Ch
lea eax, [ebp+var_30]
push eax
push [ebp+var_7C]
mov eax, [ebp+arg_C]
push dword ptr [eax]
call dword_1000AD6C
test eax, eax
jz short loc_10001B63
nop
nop
nop
nop
mov [ebp+var_20], 10000h
cmp [ebp+var_20], 0
jz short loc_10001B54
jmp short loc_10001B63
; ---------------------------------------------------------------------------
loc_10001B54: ; CODE XREF: sub_10001A6A+E6�j
nop
nop
nop
nop
mov eax, [ebp+var_7C]
add eax, [ebp+var_24]
mov [ebp+var_7C], eax
jmp short loc_10001B29
; ---------------------------------------------------------------------------
loc_10001B63: ; CODE XREF: sub_10001A6A+D5�j
; sub_10001A6A+E8�j
mov eax, [ebp+arg_18]
mov ecx, [ebp+var_7C]
sub ecx, [eax]
mov eax, [ebp+arg_1C]
mov [eax], ecx
loc_10001B70: ; CODE XREF: sub_10001A6A+5B�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_10001A6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10001B78 proc near ; CODE XREF: .text:10001E82�p
var_2E8 = byte ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_230 = dword ptr -230h
var_224 = dword ptr -224h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 2E8h
push ebx
push esi
push edi
or [ebp+var_2DC], 0FFFFFFFFh
push [ebp+arg_14]
mov eax, [ebp+arg_8]
push dword ptr [eax+34h]
push [ebp+arg_0]
call sub_10001910
add esp, 0Ch
mov [ebp+var_2D8], eax
cmp [ebp+var_2D8], 0
jnz short loc_10001BB9
mov eax, [ebp+var_2DC]
jmp loc_10001E3A
; ---------------------------------------------------------------------------
loc_10001BB9: ; CODE XREF: sub_10001B78+34�j
nop
nop
nop
nop
nop
nop
nop
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_18]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_2D4]
push eax
push [ebp+arg_4]
push [ebp+var_2D8]
call sub_10001A6A
add esp, 20h
test eax, eax
jz loc_10001E28
and [ebp+var_2E4], 0
mov eax, [ebp+arg_8]
mov eax, [eax+34h]
cmp eax, [ebp+var_2E0]
jnz short loc_10001C4B
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_14]
jb short loc_10001C4B
nop
nop
nop
mov eax, [ebp+var_2E0]
mov [ebp+var_2E4], eax
lea eax, [ebp+var_2E8]
push eax
push 40h
push [ebp+var_4]
push [ebp+var_2E4]
push [ebp+var_2DC]
call dword_1000AD74
nop
nop
nop
jmp loc_10001CEE
; ---------------------------------------------------------------------------
loc_10001C4B: ; CODE XREF: sub_10001B78+94�j
; sub_10001B78+9C�j
call sub_100018FF
test eax, eax
jz loc_10001CEE
nop
nop
nop
push [ebp+var_2E0]
push [ebp+var_2DC]
call sub_10001A49
pop ecx
pop ecx
test eax, eax
jz short loc_10001C97
push 40h
push 3000h
push [ebp+arg_14]
mov eax, [ebp+arg_8]
push dword ptr [eax+34h]
push [ebp+var_2DC]
call dword_1000ADA8
mov [ebp+var_2E4], eax
nop
nop
nop
loc_10001C97: ; CODE XREF: sub_10001B78+F8�j
cmp [ebp+var_2E4], 0
jnz short loc_10001CEE
push [ebp+arg_8]
call sub_10001972
pop ecx
test eax, eax
jz short loc_10001CEE
nop
nop
nop
push 40h
push 3000h
push [ebp+arg_14]
push 0
push [ebp+var_2DC]
call dword_1000ADA8
mov [ebp+var_2E4], eax
cmp [ebp+var_2E4], 0
jz short loc_10001CEB
push [ebp+var_2E4]
push [ebp+arg_10]
push [ebp+arg_8]
call sub_100019A0
add esp, 0Ch
loc_10001CEB: ; CODE XREF: sub_10001B78+15D�j
nop
nop
nop
loc_10001CEE: ; CODE XREF: sub_10001B78+CE�j
; sub_10001B78+DA�j ...
cmp [ebp+var_2E4], 0
jz loc_10001DFA
nop
nop
nop
nop
nop
nop
nop
nop
lea eax, [ebp+var_2E8]
push eax
push 4
lea eax, [ebp+var_2E4]
push eax
mov eax, [ebp+var_230]
add eax, 8
push eax
push [ebp+var_2DC]
call dword_1000ADAC
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_2E4]
mov [eax+34h], ecx
nop
nop
nop
nop
lea eax, [ebp+var_2E8]
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+var_2E4]
push [ebp+var_2DC]
call dword_1000ADAC
test eax, eax
jz short loc_10001DCA
mov [ebp+var_2D4], 10007h
nop
nop
nop
nop
mov eax, [ebp+var_2E4]
cmp eax, [ebp+var_2E0]
jnz short loc_10001D8C
mov eax, [ebp+arg_8]
mov eax, [eax+34h]
mov ecx, [ebp+arg_8]
add eax, [ecx+28h]
mov [ebp+var_224], eax
jmp short loc_10001D9E
; ---------------------------------------------------------------------------
loc_10001D8C: ; CODE XREF: sub_10001B78+1FE�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_2E4]
add ecx, [eax+28h]
mov [ebp+var_224], ecx
loc_10001D9E: ; CODE XREF: sub_10001B78+212�j
lea eax, [ebp+var_2D4]
push eax
push [ebp+var_8]
call dword_1000ADA0
nop
nop
nop
nop
nop
nop
nop
nop
push [ebp+var_8]
call dword_1000AD94
push [ebp+var_8]
call dword_1000AD40
jmp short loc_10001DF8
; ---------------------------------------------------------------------------
loc_10001DCA: ; CODE XREF: sub_10001B78+1E2�j
push 0
push [ebp+var_2DC]
call dword_1000ADBC
push [ebp+var_8]
call dword_1000AD40
nop
nop
nop
nop
push [ebp+var_2DC]
call dword_1000AD40
or [ebp+var_2DC], 0FFFFFFFFh
loc_10001DF8: ; CODE XREF: sub_10001B78+250�j
jmp short loc_10001E28
; ---------------------------------------------------------------------------
loc_10001DFA: ; CODE XREF: sub_10001B78+17D�j
push 0
push [ebp+var_2DC]
call dword_1000ADBC
push [ebp+var_8]
call dword_1000AD40
nop
nop
nop
nop
push [ebp+var_2DC]
call dword_1000AD40
or [ebp+var_2DC], 0FFFFFFFFh
loc_10001E28: ; CODE XREF: sub_10001B78+7B�j
; sub_10001B78:loc_10001DF8�j
push [ebp+var_2D8]
call near ptr byte_10003109
pop ecx
mov eax, [ebp+var_2DC]
loc_10001E3A: ; CODE XREF: sub_10001B78+3C�j
pop edi
pop esi
pop ebx
leave
retn
sub_10001B78 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
or dword ptr [ebp-10h], 0FFFFFFFFh
lea eax, [ebp-4]
push eax
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-14h]
push eax
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
call sub_1000161D
add esp, 18h
test eax, eax
jz short loc_10001E9B
push dword ptr [ebp+14h]
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
push dword ptr [ebp-14h]
push dword ptr [ebp+0Ch]
push offset dword_1000AED0
call sub_10001B78
add esp, 1Ch
push 4000h
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
call dword_1000AD70
loc_10001E9B: ; CODE XREF: .text:10001E69�j
mov eax, [ebp-10h]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+8], 0
jz loc_1000246C
push 9
push offset dword_10008048
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008048
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_10008054
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008054
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_10008224
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008224
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
nop
nop
nop
nop
push 0Ch
push offset dword_10008064
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008064
call sub_1000109C
pop ecx
pop ecx
push 0Eh
push offset dword_10008074
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008074
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
push 12h
push offset dword_10008084
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008084
call sub_1000109C
pop ecx
pop ecx
push 14h
push offset dword_10008098
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008098
call sub_1000109C
pop ecx
pop ecx
push 0Bh
push offset dword_100080B0
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100080B0
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
push 0Eh
push offset dword_100080BC
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100080BC
call sub_1000109C
pop ecx
pop ecx
push 10h
push offset dword_100080CC
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100080CC
call sub_1000109C
pop ecx
pop ecx
push 11h
push offset dword_100080E0
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100080E0
call sub_1000109C
pop ecx
pop ecx
push 0Eh
push offset dword_100080F4
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100080F4
call sub_1000109C
pop ecx
pop ecx
push 10h
push offset dword_10008104
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008104
call sub_1000109C
pop ecx
pop ecx
push 12h
push offset dword_10008118
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008118
call sub_1000109C
pop ecx
pop ecx
push 10h
push offset dword_1000812C
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_1000812C
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_10008140
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008140
call sub_1000109C
pop ecx
pop ecx
push 0Bh
push offset dword_10008150
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008150
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push 10h
push offset dword_1000815C
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_1000815C
call sub_1000109C
pop ecx
pop ecx
push 0Bh
push offset dword_10008170
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008170
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_10008184
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008184
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_10008194
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008194
call sub_1000109C
pop ecx
pop ecx
push 5
push offset dword_1000817C
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_1000817C
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push 11h
push offset dword_100081A4
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100081A4
call sub_1000109C
pop ecx
pop ecx
push 13h
push offset dword_100081B8
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100081B8
call sub_1000109C
pop ecx
pop ecx
push 1Eh
push offset dword_100081CC
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100081CC
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push 0Bh
push offset dword_100081EC
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100081EC
call sub_1000109C
pop ecx
pop ecx
push 8
push offset dword_100081F8
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100081F8
call sub_1000109C
pop ecx
pop ecx
push 0Dh
push offset dword_10008204
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008204
call sub_1000109C
pop ecx
pop ecx
push 0Eh
push offset dword_10008214
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008214
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_10008234
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008234
call sub_1000109C
pop ecx
pop ecx
push 0Bh
push offset dword_10008244
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008244
call sub_1000109C
pop ecx
pop ecx
push 10h
push offset dword_10008250
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008250
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push 0Bh
push offset dword_10008264
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008264
call sub_1000109C
pop ecx
pop ecx
push 0Bh
push offset dword_10008270
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008270
call sub_1000109C
pop ecx
pop ecx
push 7
push offset dword_1000827C
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_1000827C
call sub_1000109C
pop ecx
pop ecx
push 6
push offset dword_10008284
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008284
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_100082F8
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100082F8
call sub_1000109C
pop ecx
pop ecx
push 10h
push offset dword_10008308
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_10008308
call sub_1000109C
pop ecx
pop ecx
push 0Ah
push offset dword_100082CC
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100082CC
call sub_1000109C
pop ecx
pop ecx
push 0Bh
push offset dword_100082C0
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100082C0
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push 0Ch
push offset dword_100082D8
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100082D8
call sub_1000109C
pop ecx
pop ecx
push 0Ch
push offset dword_100082E8
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100082E8
call sub_1000109C
pop ecx
pop ecx
nop
nop
nop
nop
jmp short loc_100024AE
; ---------------------------------------------------------------------------
loc_1000246C: ; CODE XREF: .text:10001EAA�j
push 23h
push offset dword_1000828C
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_1000828C
call sub_1000109C
pop ecx
pop ecx
push 0Dh
push offset dword_100082B0
push offset dword_10008030
call sub_100011F8
add esp, 0Ch
push eax
push offset dword_100082B0
call sub_1000109C
pop ecx
pop ecx
loc_100024AE: ; CODE XREF: .text:1000246A�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
push offset dword_100082F8
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD98, eax
push offset dword_10008048
call dword_1000AD98
mov [ebp-8], eax
push offset dword_10008224
call dword_1000AD98
mov [ebp-4], eax
nop
nop
nop
nop
push offset dword_10008064
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADC8, eax
nop
nop
nop
nop
push offset dword_10008074
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADA8, eax
push offset dword_10008084
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD78, eax
push offset dword_10008098
push dword ptr [ebp-8]
call dword_1000AD7C
mov dword_1000AD44, eax
nop
nop
nop
nop
push offset dword_100080B0
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD48, eax
push offset dword_100080BC
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD60, eax
push offset dword_100080CC
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD3C, eax
push offset dword_100080E0
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD64, eax
nop
nop
nop
nop
push offset dword_100080F4
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD6C, eax
push offset dword_10008104
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD74, eax
push offset dword_10008118
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADAC, eax
push offset dword_1000812C
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADA0, eax
push offset dword_10008140
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD94, eax
push offset dword_10008150
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD40, eax
nop
nop
nop
nop
push offset dword_1000815C
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADBC, eax
push offset dword_10008170
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD70, eax
push offset dword_10008194
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADB8, eax
push offset dword_10008184
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD8C, eax
nop
nop
nop
nop
push offset dword_1000817C
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD58, eax
push offset dword_100081A4
push dword ptr [ebp-8]
call dword_1000AD7C
mov dword_1000AD9C, eax
push offset dword_100081B8
push dword ptr [ebp-8]
call dword_1000AD7C
mov dword_1000AD38, eax
push offset dword_100081CC
push dword ptr [ebp-8]
call dword_1000AD7C
mov dword_1000AD4C, eax
nop
nop
nop
nop
nop
nop
nop
nop
push offset dword_100081EC
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD88, eax
push offset dword_100081F8
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD68, eax
push offset dword_10008214
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADC0, eax
push offset dword_10008204
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD90, eax
nop
nop
nop
nop
push offset dword_10008234
push dword ptr [ebp-4]
call dword_1000AD7C
mov dword_1000ADB0, eax
push offset dword_10008244
push dword ptr [ebp-4]
call dword_1000AD7C
mov dword_1000ADA4, eax
push offset dword_10008250
push dword ptr [ebp-4]
call dword_1000AD7C
mov dword_1000AD5C, eax
push offset dword_10008264
push dword ptr [ebp-4]
call dword_1000AD7C
mov dword_1000ADB4, eax
nop
nop
nop
nop
nop
nop
nop
nop
push offset dword_10008308
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD84, eax
push offset dword_100082D8
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000AD50, eax
push offset dword_100082E8
push dword ptr [ebp+8]
call dword_1000AD7C
mov dword_1000ADC4, eax
nop
nop
nop
nop
cmp dword_1000ADC8, 0
jz loc_100028D7
cmp dword_1000ADA8, 0
jz loc_100028D7
cmp dword_1000AD78, 0
jz loc_100028D7
cmp dword_1000AD44, 0
jz loc_100028D7
cmp dword_1000AD48, 0
jz loc_100028D7
cmp dword_1000AD60, 0
jz loc_100028D7
cmp dword_1000AD3C, 0
jz loc_100028D7
cmp dword_1000AD64, 0
jz loc_100028D7
cmp dword_1000AD6C, 0
jz loc_100028D7
cmp dword_1000AD74, 0
jz loc_100028D7
cmp dword_1000ADAC, 0
jz loc_100028D7
cmp dword_1000ADA0, 0
jz loc_100028D7
cmp dword_1000AD94, 0
jz loc_100028D7
cmp dword_1000AD40, 0
jz loc_100028D7
cmp dword_1000ADBC, 0
jz loc_100028D7
cmp dword_1000AD70, 0
jz short loc_100028D7
cmp dword_1000ADB8, 0
jz short loc_100028D7
cmp dword_1000AD8C, 0
jz short loc_100028D7
cmp dword_1000AD58, 0
jz short loc_100028D7
cmp dword_1000AD9C, 0
jz short loc_100028D7
cmp dword_1000AD38, 0
jz short loc_100028D7
cmp dword_1000AD4C, 0
jz short loc_100028D7
cmp dword_1000AD88, 0
jz short loc_100028D7
cmp dword_1000AD68, 0
jz short loc_100028D7
cmp dword_1000ADC0, 0
jz short loc_100028D7
cmp dword_1000AD90, 0
jz short loc_100028D7
cmp dword_1000ADB0, 0
jz short loc_100028D7
cmp dword_1000ADA4, 0
jz short loc_100028D7
cmp dword_1000AD5C, 0
jz short loc_100028D7
cmp dword_1000ADB4, 0
jnz short loc_100028DB
loc_100028D7: ; CODE XREF: .text:10002794�j
; .text:100027A1�j ...
xor al, al
jmp short loc_100028DD
; ---------------------------------------------------------------------------
loc_100028DB: ; CODE XREF: .text:100028D5�j
mov al, 1
loc_100028DD: ; CODE XREF: .text:100028D9�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100028E2 proc near ; CODE XREF: .text:10002C36�p
; .text:10002C54�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_100028F6
mov eax, [ebp+arg_0]
jmp short locret_10002944
; ---------------------------------------------------------------------------
loc_100028F6: ; CODE XREF: sub_100028E2+D�j
; sub_100028E2+5E�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_10002942
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_1000290C: ; CODE XREF: sub_100028E2+55�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_1000291B
mov eax, [ebp+arg_0]
jmp short locret_10002944
; ---------------------------------------------------------------------------
loc_1000291B: ; CODE XREF: sub_100028E2+32�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx]
mov edx, [ebp+var_4]
inc edx
mov [ebp+var_4], edx
mov edx, [ebp+var_8]
inc edx
mov [ebp+var_8], edx
cmp eax, ecx
jz short loc_1000290C
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
jmp short loc_100028F6
; ---------------------------------------------------------------------------
loc_10002942: ; CODE XREF: sub_100028E2+1C�j
xor eax, eax
locret_10002944: ; CODE XREF: sub_100028E2+12�j
; sub_100028E2+37�j
leave
retn
sub_100028E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10002946 proc near ; CODE XREF: sub_1000161D+15B�p
; sub_1000161D+237�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jnb short loc_1000299C
mov eax, [ebp+var_8]
add eax, [ebp+arg_8]
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
add eax, [ebp+arg_8]
mov [ebp+var_4], eax
jmp short loc_1000297A
; ---------------------------------------------------------------------------
loc_10002973: ; CODE XREF: sub_10002946+52�j
mov eax, [ebp+arg_8]
dec eax
mov [ebp+arg_8], eax
loc_1000297A: ; CODE XREF: sub_10002946+2B�j
cmp [ebp+arg_8], 0
jz short loc_1000299A
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov cl, [ecx]
mov [eax], cl
jmp short loc_10002973
; ---------------------------------------------------------------------------
loc_1000299A: ; CODE XREF: sub_10002946+38�j
jmp short loc_100029CD
; ---------------------------------------------------------------------------
loc_1000299C: ; CODE XREF: sub_10002946+17�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jz short loc_100029CD
jmp short loc_100029AD
; ---------------------------------------------------------------------------
loc_100029A6: ; CODE XREF: sub_10002946+85�j
mov eax, [ebp+arg_8]
dec eax
mov [ebp+arg_8], eax
loc_100029AD: ; CODE XREF: sub_10002946+5E�j
cmp [ebp+arg_8], 0
jz short loc_100029CD
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov cl, [ecx]
mov [eax], cl
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
jmp short loc_100029A6
; ---------------------------------------------------------------------------
loc_100029CD: ; CODE XREF: sub_10002946:loc_1000299A�j
; sub_10002946+5C�j ...
mov eax, [ebp+arg_0]
leave
retn
sub_10002946 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
and dword ptr [ebp-18h], 0
and byte ptr [ebp-4], 0
push 0
call dword_1000AD84
mov [ebp-0Ch], eax
mov eax, [ebp-0Ch]
mov [ebp-30h], eax
mov eax, [ebp-30h]
mov eax, [eax+3Ch]
mov ecx, [ebp-0Ch]
lea eax, [ecx+eax+4]
mov [ebp-20h], eax
mov eax, [ebp-20h]
add eax, 14h
mov [ebp-24h], eax
mov eax, [ebp-20h]
movzx eax, word ptr [eax+10h]
mov ecx, [ebp-24h]
add ecx, eax
mov [ebp-1Ch], ecx
mov eax, [ebp-20h]
movzx eax, word ptr [eax+2]
dec eax
imul eax, 28h
mov ecx, [ebp-20h]
movzx ecx, word ptr [ecx+2]
dec ecx
imul ecx, 28h
mov edx, [ebp-1Ch]
mov eax, [edx+eax+10h]
mov edx, [ebp-1Ch]
add eax, [edx+ecx+14h]
mov [ebp-10h], eax
push dword ptr [ebp-0Ch]
call dword_1000AD40
nop
nop
nop
push 0
call dword_1000AD50
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push dword ptr [ebp+8]
call dword_1000AD88
mov [ebp-2Ch], eax
call dword_1000ADC4
test eax, eax
jnz short loc_10002A85
cmp dword ptr [ebp-2Ch], 0FFFFFFFFh
jnz short loc_10002A89
loc_10002A85: ; CODE XREF: .text:10002A7D�j
xor al, al
jmp short loc_10002AFD
; ---------------------------------------------------------------------------
loc_10002A89: ; CODE XREF: .text:10002A83�j
lea eax, [ebp-28h]
push eax
push dword ptr [ebp-2Ch]
call dword_1000AD90
mov eax, [ebp-28h]
cmp eax, [ebp-10h]
jbe short loc_10002AF1
mov eax, [ebp-28h]
sub eax, [ebp-10h]
mov [ebp-18h], eax
push 1
mov eax, [ebp-18h]
inc eax
push eax
call near ptr dword_10002FCC
pop ecx
pop ecx
mov [ebp-14h], eax
push 0
push 0
push dword ptr [ebp-10h]
push dword ptr [ebp-2Ch]
call dword_1000ADC0
push 0
lea eax, [ebp-8]
push eax
push dword ptr [ebp-18h]
push dword ptr [ebp-14h]
push dword ptr [ebp-2Ch]
call dword_1000AD68
mov eax, [ebp+0Ch]
mov ecx, [ebp-14h]
mov [eax], ecx
mov eax, [ebp+10h]
mov ecx, [ebp-18h]
mov [eax], ecx
mov byte ptr [ebp-4], 1
loc_10002AF1: ; CODE XREF: .text:10002A9C�j
push dword ptr [ebp-2Ch]
call dword_1000AD40
mov al, [ebp-4]
loc_10002AFD: ; CODE XREF: .text:10002A87�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10002B02 proc near ; CODE XREF: .text:10002C2F�p
; .text:10002C4D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push [ebp+arg_0]
call sub_100010EC
pop ecx
mov [ebp+var_8], eax
push 1
mov eax, [ebp+var_8]
inc eax
push eax
call near ptr dword_10002FCC
pop ecx
pop ecx
mov [ebp+var_C], eax
and [ebp+var_4], 0
jmp short loc_10002B32
; ---------------------------------------------------------------------------
loc_10002B2B: ; CODE XREF: sub_10002B02:loc_10002B7C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_10002B32: ; CODE XREF: sub_10002B02+27�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jge short loc_10002B7E
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 41h
jl short loc_10002B6C
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 5Ah
jg short loc_10002B6C
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
add eax, 20h
mov ecx, [ebp+var_C]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_10002B7C
; ---------------------------------------------------------------------------
loc_10002B6C: ; CODE XREF: sub_10002B02+44�j
; sub_10002B02+52�j
mov eax, [ebp+var_C]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov cl, [ecx]
mov [eax], cl
loc_10002B7C: ; CODE XREF: sub_10002B02+68�j
jmp short loc_10002B2B
; ---------------------------------------------------------------------------
loc_10002B7E: ; CODE XREF: sub_10002B02+36�j
mov eax, [ebp+var_C]
leave
retn
sub_10002B02 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 108h
push ebx
push esi
push edi
mov dword ptr [ebp-108h], 104h
and byte ptr [ebp-104h], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp-103h]
rep stosd
stosw
stosb
lea eax, [ebp-108h]
push eax
lea eax, [ebp-104h]
push eax
call dword_1000ADB0
nop
nop
push eax
pop eax
nop
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
nop
push eax
pop eax
nop
nop
push offset dword_10008270
lea eax, [ebp-104h]
push eax
call sub_10001000
pop ecx
pop ecx
test eax, eax
jz short loc_10002C5F
push offset dword_1000827C
lea eax, [ebp-104h]
push eax
call sub_10002B02
pop ecx
push eax
call sub_100028E2
pop ecx
pop ecx
test eax, eax
jnz short loc_10002C5F
push offset dword_10008284
lea eax, [ebp-104h]
push eax
call sub_10002B02
pop ecx
push eax
call sub_100028E2
pop ecx
pop ecx
test eax, eax
jz short loc_10002C63
loc_10002C5F: ; CODE XREF: .text:10002C21�j
; .text:10002C3F�j
mov al, 1
jmp short loc_10002C69
; ---------------------------------------------------------------------------
loc_10002C63: ; CODE XREF: .text:10002C5D�j
push eax
pop eax
nop
nop
xor al, al
loc_10002C69: ; CODE XREF: .text:10002C61�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_100070D0
push offset dword_100032EC
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp-18h], esp
and dword ptr [ebp-4], 0
nop
nop
nop
nop
nop
nop
push ebx
nop
nop
nop
nop
mov eax, 564D5868h
nop
nop
mov ebx, 8685D465h
nop
nop
nop
nop
mov ecx, 0Ah
nop
nop
nop
nop
nop
nop
mov dx, 5658h
nop
nop
nop
nop
nop
nop
nop
in eax, dx
nop
nop
nop
nop
mov [ebp-1Ch], ebx
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
pop ebx
nop
nop
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_10002CF9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
and dword ptr [ebp-20h], 0
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-20h]
jmp short loc_10002D0B
; ---------------------------------------------------------------------------
loc_10002CF9: ; CODE XREF: .text:10002CE3�j
nop
nop
nop
nop
nop
nop
xor eax, eax
cmp dword ptr [ebp-1Ch], 564D5868h
setz al
loc_10002D0B: ; CODE XREF: .text:10002CF7�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
and dword ptr [ebp-4], 0
nop
nop
nop
nop
nop
nop
mov eax, large fs:30h
nop
nop
nop
nop
nop
nop
mov eax, [eax+68h]
nop
nop
nop
nop
nop
mov [ebp-4], eax
nop
nop
nop
mov eax, [ebp-4]
and eax, 70h
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_100070E0
push offset dword_100032EC
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp-18h], esp
and dword ptr [ebp-4], 0
nop
nop
nop
nop
mov eax, 1
nop
nop
nop
nop
nop
nop
; ---------------------------------------------------------------------------
db 0Fh, 3Fh, 7
db 0Ah dup(90h)
dw 0C70Bh
db 2 dup(90h)
dw 9045h
db 3 dup(90h)
db 0FCh
dd 0FFFFFFFFh, 0FFFC4D83h, 16A14EBh, 658BC358h, 0E46583E8h
dd 0FC4D8300h, 0E4458BFFh, 16A03EBh, 0F04D8B58h, 0D8964h
dd 5F000000h, 0C3C95B5Eh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0
push offset dword_1000AED0
push offset dword_1000831C
push 0
call ds:dword_100070C8
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
and byte ptr [ebp-10Ch], 0
push 40h
pop ecx
xor edi, edi
; ---------------------------------------------------------------------------
db 3 dup(?)
dd 72h dup(?)
dword_10002FCC dd 4Fh dup(?) ; .text:1000144B�p ...
db ?
byte_10003109 db 3 dup(?) ; CODE XREF: sub_10001B78+2B6�p
dd 78h dup(?)
dword_100032EC dd 36h dup(?) ; .text:10002D5A�o
public start
start dd 0E0Fh dup(?)
_text ends
; Section 2. (virtual address 00007000)
; Virtual size : 00000AEE ( 2798.)
; Section size in file : 00000C00 ( 3072.)
; Offset to raw data for section: 00006000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 10007000h
dd 32h dup(?)
dword_100070C8 dd ? align 10h
dword_100070D0 dd 4 dup(?) dword_100070E0 dd 2C8h dup(?) _rdata ends
; Section 3. (virtual address 00008000)
; Virtual size : 000035A0 ( 13728.)
; Section size in file : 00002E00 ( 11776.)
; Offset to raw data for section: 00006C00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 10008000h
dd 0Ch dup(?)
dword_10008030 dd 6 dup(?) ; .text:10001ED8�o ...
dword_10008048 dd 3 dup(?) ; .text:10001EC5�o ...
dword_10008054 dd 4 dup(?) ; .text:10001EE6�o
dword_10008064 dd 4 dup(?) ; .text:10001F30�o ...
dword_10008074 dd 4 dup(?) ; .text:10001F51�o ...
dword_10008084 dd 5 dup(?) ; .text:10001F76�o ...
dword_10008098 dd 6 dup(?) ; .text:10001F97�o ...
dword_100080B0 dd 3 dup(?) ; .text:10001FB8�o ...
dword_100080BC dd 4 dup(?) ; .text:10001FDD�o ...
dword_100080CC dd 5 dup(?) ; .text:10001FFE�o ...
dword_100080E0 dd 5 dup(?) ; .text:1000201F�o ...
dword_100080F4 dd 4 dup(?) ; .text:10002040�o ...
dword_10008104 dd 5 dup(?) ; .text:10002061�o ...
dword_10008118 dd 5 dup(?) ; .text:10002082�o ...
dword_1000812C dd 5 dup(?) ; .text:100020A3�o ...
dword_10008140 dd 4 dup(?) ; .text:100020C4�o ...
dword_10008150 dd 3 dup(?) ; .text:100020E5�o ...
dword_1000815C dd 5 dup(?) ; .text:10002112�o ...
dword_10008170 dd 3 dup(?) ; .text:10002133�o ...
dword_1000817C dd 2 dup(?) ; .text:10002196�o ...
dword_10008184 dd 4 dup(?) ; .text:10002154�o ...
dword_10008194 dd 4 dup(?) ; .text:10002175�o ...
dword_100081A4 dd 5 dup(?) ; .text:100021C3�o ...
dword_100081B8 dd 5 dup(?) ; .text:100021E4�o ...
dword_100081CC dd 8 dup(?) ; .text:10002205�o ...
dword_100081EC dd 3 dup(?) ; .text:10002232�o ...
dword_100081F8 dd 3 dup(?) ; .text:10002253�o ...
dword_10008204 dd 4 dup(?) ; .text:10002274�o ...
dword_10008214 dd 4 dup(?) ; .text:10002295�o ...
dword_10008224 dd 4 dup(?) ; .text:10001F07�o ...
dword_10008234 dd 4 dup(?) ; .text:100022B6�o ...
dword_10008244 dd 3 dup(?) ; .text:100022D7�o ...
dword_10008250 dd 5 dup(?) ; .text:100022F8�o ...
dword_10008264 dd 3 dup(?) ; .text:10002325�o ...
dword_10008270 dd 3 dup(?) ; .text:10002346�o ...
dword_1000827C dd 2 dup(?) ; .text:10002367�o ...
dword_10008284 dd 2 dup(?) ; .text:10002388�o ...
dword_1000828C dd 9 dup(?) ; .text:10002481�o
dword_100082B0 dd 4 dup(?) ; .text:100024A2�o
dword_100082C0 dd 3 dup(?) ; .text:1000240C�o
dword_100082CC dd 3 dup(?) ; .text:100023EB�o
dword_100082D8 dd 4 dup(?) ; .text:10002439�o ...
dword_100082E8 dd 4 dup(?) ; .text:1000245A�o ...
dword_100082F8 dd 4 dup(?) ; .text:100023A9�o ...
dword_10008308 dd 5 dup(?) ; .text:100023CA�o ...
dword_1000831C dd 0A87h dup(?) dword_1000AD38 dd ? ; .text:1000268C�w ...
dword_1000AD3C dd ? ; .text:10002576�w ...
dword_1000AD40 dd ? ; sub_10001B78+263�r ...
dword_1000AD44 dd ? ; .text:10002539�w ...
dword_1000AD48 dd ? ; .text:100027C1�r
dword_1000AD4C dd ? ; .text:1000269F�w ...
dword_1000AD50 dd ? ; .text:10002A51�r
align 8
dword_1000AD58 dd ? ; .text:1000286B�r
dword_1000AD5C dd ? ; .text:100028C5�r
dword_1000AD60 dd ? ; .text:10002563�w ...
dword_1000AD64 dd ? ; .text:10002589�w ...
dword_1000AD68 dd ? ; .text:10002898�r ...
dword_1000AD6C dd ? ; .text:100025A0�w ...
dword_1000AD70 dd ? ; .text:10002629�w ...
dword_1000AD74 dd ? ; .text:100025B3�w ...
dword_1000AD78 dd ? ; .text:10002526�w ...
dword_1000AD7C dd ? ; .text:100024F6�r ...
dd ?
dword_1000AD84 dd ? ; .text:100029E5�r
dword_1000AD88 dd ? ; .text:1000288F�r ...
dword_1000AD8C dd ? ; .text:10002862�r
dword_1000AD90 dd ? ; .text:100028AA�r ...
dword_1000AD94 dd ? ; .text:100025EC�w ...
dword_1000AD98 dd ? ; .text:100024D3�r ...
dword_1000AD9C dd ? ; .text:10002874�r
dword_1000ADA0 dd ? ; .text:100025D9�w ...
dword_1000ADA4 dd ? ; .text:100028BC�r
dword_1000ADA8 dd ? ; sub_10001B78+110�r ...
dword_1000ADAC dd ? ; sub_10001B78+1DA�r ...
dword_1000ADB0 dd ? ; .text:100028B3�r ...
dword_1000ADB4 dd ? ; .text:100028CE�r
dword_1000ADB8 dd ? ; .text:10002859�r
dword_1000ADBC dd ? ; sub_10001B78+28A�r ...
dword_1000ADC0 dd ? ; .text:100028A1�r ...
dword_1000ADC4 dd ? ; .text:10002A75�r
dword_1000ADC8 dd ? ; .text:100024FC�w ...
dd 41h dup(?)
dword_1000AED0 dd 1CCh dup(?) ; .text:10002DD5�o
_data ends
end start